@arcblock/did-connect-service 4.0.5 → 4.0.6

package/dist/auth-handler.js

@@ -1,408 +0,0 @@
-/**
- * AuthHandler — Unified auth entry point for Cloudflare Workers.
- *
- * Combines Auth (passkey) + TeamHandler into a single, easy-to-integrate handler.
- * Internally creates D1Store — callers never need to touch it.
- *
- * Usage:
- *   const auth = createAuthHandler({ db: env.BLOCKLET_SERVICE_DB, jwtSecret: env.JWT_SECRET, rpName: "My App" });
- *   const r = await auth.route(req);   // handles passkey/team/logout routes
- *   if (r) return r;
- *   const caller = await auth.verifyFull(req);  // auth gate
- *   if (!caller) return auth.unauthorized(req);
- */
-import { fromSecretKey } from "@ocap/wallet";
-import { AccessKeyHandler } from "./access-key-handler.js";
-import { evaluateAccess } from "./access/access-policy.js";
-import { BlockletJsHandler } from "./blocklet-js-handler.js";
-import { BrandingHandler } from "./branding-handler.js";
-import { DIDConnectHandler } from "./did-connect-handler.js";
-import { EmailLoginHandler } from "./email-login-handler.js";
-import { Auth, resolveAccessKeyCaller } from "./handlers/passkey-handler.js";
-import { OAuthHandler } from "./oauth-handler.js";
-import { D1Store } from "./store/d1-store.js";
-import { TeamHandler } from "./team-handler.js";
-import { TicketHandler } from "./ticket-handler.js";
-export function createAuthHandler(options) {
-    const store = new D1Store(options.db);
-    const jwtExpiresIn = options.jwtExpiresIn ?? 7 * 24 * 60 * 60;
-    const cookieName = options.cookieName ?? "login_token";
-    const defaultInstanceDid = options.appSk
-        ? fromSecretKey(options.appSk).address
-        : undefined;
-    const passkey = new Auth({
-        store,
-        jwtSecret: options.jwtSecret,
-        rpName: options.rpName,
-        rpID: options.rpID,
-        jwtExpiresIn,
-        cookieName,
-    });
-    const team = new TeamHandler({ store, passkey, instanceDid: defaultInstanceDid });
-    const accessKeys = new AccessKeyHandler({ store, passkey });
-    // DID Connect: enabled when appSk is provided (uses D1 for token storage)
-    const didConnect = options.appSk
-        ? new DIDConnectHandler({
-            store,
-            db: options.db,
-            appSk: options.appSk,
-            appPsk: options.appPsk,
-            jwtSecret: options.jwtSecret,
-            jwtExpiresIn,
-            cookieName,
-            rpID: options.rpID,
-            appInfo: options.appInfo,
-        })
-        : null;
-    // OAuth: enabled when appSk is provided (configs come from D1 settings)
-    const oauth = options.appSk
-        ? new OAuthHandler({
-            store,
-            appSk: options.appSk,
-            jwtSecret: options.jwtSecret,
-            jwtExpiresIn,
-            cookieName,
-            rpID: options.rpID,
-            kv: options.kv,
-            authMaster: options.authMaster,
-            masterOAuthOrigin: options.masterOAuthOrigin,
-            instanceDid: defaultInstanceDid,
-        })
-        : null;
-    // Email login: enabled when appSk is provided.
-    // resendApiKey/emailFrom can come from env vars OR D1 email:config (resolved at runtime).
-    const emailLogin = options.appSk
-        ? new EmailLoginHandler({
-            store,
-            appSk: options.appSk,
-            jwtSecret: options.jwtSecret,
-            jwtExpiresIn,
-            cookieName,
-            rpID: options.rpID,
-            resendApiKey: options.resendApiKey,
-            emailFrom: options.emailFrom,
-            instanceDid: defaultInstanceDid,
-            authMaster: options.authMaster,
-        })
-        : null;
-    // Ticket handler: always enabled (used for federation ticket exchange)
-    const tickets = new TicketHandler({
-        store,
-        jwtSecret: options.jwtSecret,
-        jwtExpiresIn,
-        cookieName,
-        rpID: options.rpID,
-    });
-    // Branding: Logo serving, theme anti-FOUC, branding/theme/navigation CRUD
-    const branding = new BrandingHandler({
-        store,
-        r2: options.r2,
-        instanceDid: defaultInstanceDid,
-    });
-    // BlockletJs: enabled when appSk is provided
-    const blockletJs = options.appSk
-        ? new BlockletJsHandler({
-            store,
-            appSk: options.appSk,
-            appPsk: options.appPsk,
-            appDid: options.appDid,
-            instanceDid: defaultInstanceDid,
-            serverVersion: options.serverVersion,
-        })
-        : null;
-    // Build the static methods array; email is resolved dynamically at request time
-    const staticLoginMethods = ["passkey"];
-    if (didConnect)
-        staticLoginMethods.push("did-connect");
-    if (oauth)
-        staticLoginMethods.push("oauth");
-    /** Resolve login page overrides, checking email + OAuth configs dynamically from D1. */
-    async function resolveLoginPageOverrides() {
-        const methods = [...staticLoginMethods];
-        if (emailLogin && (await emailLogin.isEnabled())) {
-            methods.push("email");
-        }
-        // Load OAuth provider configs from D1 settings
-        let oauthProviders;
-        if (oauth && defaultInstanceDid) {
-            try {
-                const settings = await store.listSettings(defaultInstanceDid);
-                const providers = [];
-                for (const s of settings) {
-                    if (s.key.startsWith("oauth:") && s.value) {
-                        const name = s.key.slice(6);
-                        try {
-                            const cfg = JSON.parse(s.value);
-                            if (cfg.enabled !== false) {
-                                providers.push({
-                                    id: name,
-                                    name: cfg.displayName || name.charAt(0).toUpperCase() + name.slice(1),
-                                    enabled: true,
-                                    order: typeof cfg.order === "number" ? cfg.order : 999,
-                                });
-                            }
-                        }
-                        catch {
-                            // skip invalid config
-                        }
-                    }
-                }
-                if (providers.length > 0) {
-                    providers.sort((a, b) => (a.order ?? 999) - (b.order ?? 999));
-                    oauthProviders = providers;
-                }
-            }
-            catch {
-                // On error, skip OAuth providers (safe degradation)
-            }
-        }
-        return { methods, oauthProviders };
-    }
-    return {
-        async route(request, context) {
-            const url = new URL(request.url);
-            const instanceDid = context?.instanceDid;
-            // __blocklet__.js — must be checked early (every page load hits this)
-            if (blockletJs) {
-                const r = await blockletJs.fetch(request);
-                if (r)
-                    return r;
-            }
-            // Branding public routes: Logo access + Theme anti-FOUC (before auth)
-            {
-                const r = await branding.fetchPublic(request);
-                if (r)
-                    return r;
-            }
-            // Login page — if already authenticated, redirect away; otherwise show login HTML
-            if (url.pathname === "/.well-known/service/login" && request.method === "GET") {
-                const caller = await passkey.verifyFull(request);
-                if (caller) {
-                    return new Response(null, { status: 302, headers: { Location: "/" } });
-                }
-                return await passkey.getLoginPage(defaultInstanceDid, await resolveLoginPageOverrides());
-            }
-            // Session endpoint — auth-method-agnostic
-            // Returns { user: { did, role, ... } } for SessionManager compatibility
-            if (url.pathname === "/.well-known/service/api/did/session" && request.method === "GET") {
-                const caller = await passkey.verifyFull(request);
-                if (!caller) {
-                    return jsonResponse({ authenticated: false, user: null });
-                }
-                const userRecord = await store.getUserByDid(caller.did);
-                const connectedAccountRows = await store.getConnectedAccountsByUserDid(caller.did);
-                const connectedAccounts = connectedAccountRows.map((a) => ({
-                    did: a.did,
-                    provider: a.provider,
-                    id: a.id,
-                }));
-                return jsonResponse({
-                    authenticated: true,
-                    did: caller.did,
-                    role: caller.role,
-                    sourceProvider: userRecord?.sourceProvider ?? null,
-                    connectedAccounts,
-                    user: { did: caller.did, role: caller.role, displayName: caller.displayName },
-                });
-            }
-            if (url.pathname === "/.well-known/service/api/did/logout") {
-                return passkey.logout(request);
-            }
-            // DID Connect routes (wallet auth via WalletHandlers + complete endpoint)
-            if (didConnect) {
-                const r = await didConnect.fetch(request);
-                if (r)
-                    return r;
-            }
-            // OAuth routes (login, callback, bind, unbind, configs)
-            if (oauth) {
-                const r = await oauth.fetch(request);
-                if (r)
-                    return r;
-            }
-            // Email login routes (sendCode, status, login)
-            if (emailLogin) {
-                const r = await emailLogin.fetch(request);
-                if (r)
-                    return r;
-            }
-            // Login ticket exchange (federation)
-            {
-                const r = await tickets.fetch(request);
-                if (r)
-                    return r;
-            }
-            // Passkey auth routes (register + auth)
-            if (url.pathname.startsWith("/.well-known/service/api/passkey")) {
-                return passkey.fetch(request);
-            }
-            // Team routes (API + pages) — pass instanceDid
-            const teamResponse = await team.fetch(request, instanceDid);
-            if (teamResponse)
-                return teamResponse;
-            // Access key management routes — pass instanceDid
-            const accessKeyResponse = await accessKeys.fetch(request, instanceDid);
-            if (accessKeyResponse)
-                return accessKeyResponse;
-            // Branding admin routes: Branding/Theme/Navigation CRUD (after auth enforcement)
-            {
-                const r = await branding.fetchAdmin(request);
-                if (r)
-                    return r;
-            }
-            return null;
-        },
-        async verify(request) {
-            return passkey.verify(request);
-        },
-        async verifyFull(request) {
-            return passkey.verifyFull(request);
-        },
-        async loginPage() {
-            return passkey.getLoginPage(defaultInstanceDid, await resolveLoginPageOverrides());
-        },
-        async unauthorized(request) {
-            const isWsUpgrade = request.headers.get("Upgrade") === "websocket";
-            if (isWsUpgrade) {
-                return new Response("Unauthorized", { status: 401 });
-            }
-            return passkey.getLoginPage(defaultInstanceDid, await resolveLoginPageOverrides());
-        },
-        async resolveIdentity(request, context) {
-            // 1. Try access key auth first
-            const akCaller = await resolveAccessKeyCaller(request, store, context?.instanceDid);
-            if (akCaller) {
-                return {
-                    did: akCaller.did,
-                    pk: akCaller.pk,
-                    displayName: akCaller.displayName,
-                    role: akCaller.role,
-                    authMethod: "access-key",
-                    accessKeyId: akCaller.accessKeyId,
-                    approved: !akCaller.blocked,
-                };
-            }
-            // 2. Fall back to JWT auth
-            const jwtCaller = await passkey.verify(request);
-            if (jwtCaller) {
-                const user = await store.getUserByDid(jwtCaller.did);
-                if (user) {
-                    const role = user.role ?? "guest";
-                    return { ...jwtCaller, role, authMethod: "passkey", approved: !!user.approved };
-                }
-                return { ...jwtCaller, authMethod: "passkey" };
-            }
-            return null;
-        },
-        async enforceAccess(request, opts) {
-            const url = new URL(request.url);
-            const isWsUpgrade = request.headers.get("Upgrade") === "websocket";
-            const accept = request.headers.get("Accept") ?? "";
-            const wantsJson = accept.includes("application/json") || url.pathname.startsWith("/api");
-            // Use pre-resolved caller if provided, otherwise resolve from request
-            let callerIdentity = null;
-            let role = null;
-            let blocked = false;
-            if (opts?.caller !== undefined) {
-                // Caller was pre-resolved by authenticateMiddleware
-                callerIdentity = opts.caller;
-                if (callerIdentity) {
-                    role = callerIdentity.role ?? null;
-                    if (callerIdentity.approved !== undefined) {
-                        // Pre-resolved by resolveIdentity — skip redundant D1 query
-                        blocked = !callerIdentity.approved;
-                    }
-                    else {
-                        // Fallback: caller came from outside resolveIdentity (e.g. tests)
-                        const user = await store.getUserByDid(callerIdentity.did);
-                        if (user) {
-                            blocked = !user.approved;
-                        }
-                    }
-                }
-            }
-            else {
-                // Legacy path: resolve from request
-                const akCaller = await resolveAccessKeyCaller(request, store);
-                if (akCaller) {
-                    callerIdentity = {
-                        did: akCaller.did,
-                        pk: akCaller.pk,
-                        displayName: akCaller.displayName,
-                        role: akCaller.role,
-                    };
-                    role = akCaller.role;
-                    blocked = akCaller.blocked;
-                }
-                else {
-                    const jwtCaller = await passkey.verify(request);
-                    if (jwtCaller) {
-                        callerIdentity = jwtCaller;
-                        const user = await store.getUserByDid(jwtCaller.did);
-                        if (user) {
-                            role = user.role ?? "guest";
-                            blocked = !user.approved;
-                            callerIdentity = { ...jwtCaller, role };
-                        }
-                    }
-                }
-            }
-            // 3. Load active rules and evaluate
-            const rules = await store.getActiveRulesWithPolicies();
-            const result = evaluateAccess(rules, url.pathname, role ? { role } : null);
-            // 4. Public routes: allow everyone, even blocked users
-            if (result.allowed) {
-                if (blocked) {
-                    // Blocked user on a non-public route → check if the route is truly public
-                    // Re-evaluate without caller to see if route is public
-                    const publicCheck = evaluateAccess(rules, url.pathname, null);
-                    if (!publicCheck.allowed) {
-                        // Route requires auth and user is blocked
-                        return {
-                            response: await denyResponse("BLOCKED", "Account is blocked", 403, isWsUpgrade, wantsJson, passkey, await resolveLoginPageOverrides(), defaultInstanceDid),
-                        };
-                    }
-                }
-                // Access allowed
-                const caller = callerIdentity && !blocked ? { ...callerIdentity, role: role ?? undefined } : null;
-                return { caller };
-            }
-            // 5. Access denied
-            if (result.reason === "unauthenticated") {
-                return {
-                    response: await denyResponse("UNAUTHENTICATED", "Authentication required", 401, isWsUpgrade, wantsJson, passkey, await resolveLoginPageOverrides(), defaultInstanceDid),
-                };
-            }
-            // unauthorized (wrong role)
-            return {
-                response: await denyResponse("FORBIDDEN", "Insufficient permissions", 403, isWsUpgrade, wantsJson, passkey, await resolveLoginPageOverrides(), defaultInstanceDid),
-            };
-        },
-        async getMembership(userDid, instanceDid) {
-            return store.getMembership(userDid, instanceDid);
-        },
-        async getActiveRulesForInstance(instanceDid) {
-            return store.getActiveRulesForInstance(instanceDid);
-        },
-        async seedInstanceDefaults(instanceDid) {
-            return store.seedInstanceDefaults(instanceDid);
-        },
-    };
-}
-function jsonResponse(data, status = 200) {
-    return new Response(JSON.stringify(data), {
-        status,
-        headers: { "Content-Type": "application/json", "Cache-Control": "private, no-store" },
-    });
-}
-async function denyResponse(code, message, status, isWsUpgrade, wantsJson, passkey, pageOverrides, instanceDid) {
-    if (isWsUpgrade) {
-        return new Response(status === 401 ? "Unauthorized" : "Forbidden", { status });
-    }
-    // Show login page for unauthenticated HTML requests
-    if (!wantsJson && status === 401) {
-        return passkey.getLoginPage(instanceDid, pageOverrides);
-    }
-    return jsonResponse({ ok: false, error: message, code }, status);
-}
-//# sourceMappingURL=auth-handler.js.map

package/dist/auth-handler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-handler.js","sourceRoot":"","sources":["../src/auth-handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAE7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AAC7E,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AA2IpD,MAAM,UAAU,iBAAiB,CAAC,OAA2B;IAC3D,MAAM,KAAK,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IAC9D,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,aAAa,CAAC;IACvD,MAAM,kBAAkB,GAAG,OAAO,CAAC,KAAK;QACtC,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,OAAO;QACtC,CAAC,CAAC,SAAS,CAAC;IACd,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC;QACvB,KAAK;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,YAAY;QACZ,UAAU;KACX,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,IAAI,WAAW,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAClF,MAAM,UAAU,GAAG,IAAI,gBAAgB,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IAE5D,0EAA0E;IAC1E,MAAM,UAAU,GACd,OAAO,CAAC,KAAK;QACX,CAAC,CAAC,IAAI,iBAAiB,CAAC;YACpB,KAAK;YACL,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY;YACZ,UAAU;YACV,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC;QACJ,CAAC,CAAC,IAAI,CAAC;IAEX,wEAAwE;IACxE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK;QACzB,CAAC,CAAC,IAAI,YAAY,CAAC;YACf,KAAK;YACL,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY;YACZ,UAAU;YACV,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,EAAE,EAAE,OAAO,CAAC,EAAE;YACd,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,iBAAiB,EAAE,OAAO,CAAC,iBAAiB;YAC5C,WAAW,EAAE,kBAAkB;SAChC,CAAC;QACJ,CAAC,CAAC,IAAI,CAAC;IAET,+CAA+C;IAC/C,0FAA0F;IAC1F,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK;QAC9B,CAAC,CAAC,IAAI,iBAAiB,CAAC;YACpB,KAAK;YACL,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,YAAY;YACZ,UAAU;YACV,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,WAAW,EAAE,kBAAkB;YAC/B,UAAU,EAAE,OAAO,CAAC,UAAU;SAC/B,CAAC;QACJ,CAAC,CAAC,IAAI,CAAC;IAET,uEAAuE;IACvE,MAAM,OAAO,GAAG,IAAI,aAAa,CAAC;QAChC,KAAK;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,YAAY;QACZ,UAAU;QACV,IAAI,EAAE,OAAO,CAAC,IAAI;KACnB,CAAC,CAAC;IAEH,0EAA0E;IAC1E,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC;QACnC,KAAK;QACL,EAAE,EAAE,OAAO,CAAC,EAAE;QACd,WAAW,EAAE,kBAAkB;KAChC,CAAC,CAAC;IAEH,6CAA6C;IAC7C,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK;QAC9B,CAAC,CAAC,IAAI,iBAAiB,CAAC;YACpB,KAAK;YACL,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,MAAM,EAAE,OAAO,CAAC,MAAM;YACtB,WAAW,EAAE,kBAAkB;YAC/B,aAAa,EAAE,OAAO,CAAC,aAAa;SACrC,CAAC;QACJ,CAAC,CAAC,IAAI,CAAC;IAET,gFAAgF;IAChF,MAAM,kBAAkB,GAAa,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,UAAU;QAAE,kBAAkB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACvD,IAAI,KAAK;QAAE,kBAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAE5C,wFAAwF;IACxF,KAAK,UAAU,yBAAyB;QAItC,MAAM,OAAO,GAAG,CAAC,GAAG,kBAAkB,CAAC,CAAC;QACxC,IAAI,UAAU,IAAI,CAAC,MAAM,UAAU,CAAC,SAAS,EAAE,CAAC,EAAE,CAAC;YACjD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,+CAA+C;QAC/C,IAAI,cAAiG,CAAC;QACtG,IAAI,KAAK,IAAI,kBAAkB,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;gBAC9D,MAAM,SAAS,GAA0E,EAAE,CAAC;gBAC5F,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;oBACzB,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;wBAC1C,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;wBAC5B,IAAI,CAAC;4BACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAA4B,CAAC;4BAC3D,IAAI,GAAG,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;gCAC1B,SAAS,CAAC,IAAI,CAAC;oCACb,EAAE,EAAE,IAAI;oCACR,IAAI,EAAG,GAAG,CAAC,WAAsB,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;oCACjF,OAAO,EAAE,IAAI;oCACb,KAAK,EAAE,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG;iCACvD,CAAC,CAAC;4BACL,CAAC;wBACH,CAAC;wBAAC,MAAM,CAAC;4BACP,sBAAsB;wBACxB,CAAC;oBACH,CAAC;gBACH,CAAC;gBACD,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;oBACzB,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC;oBAC9D,cAAc,GAAG,SAAS,CAAC;gBAC7B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,oDAAoD;YACtD,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;IACrC,CAAC;IAED,OAAO;QACL,KAAK,CAAC,KAAK,CAAC,OAAgB,EAAE,OAAkC;YAC9D,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,CAAC;YAEzC,sEAAsE;YACtE,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1C,IAAI,CAAC;oBAAE,OAAO,CAAC,CAAC;YAClB,CAAC;YAED,sEAAsE;YACtE,CAAC;gBACC,MAAM,CAAC,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;gBAC9C,IAAI,CAAC;oBAAE,OAAO,CAAC,CAAC;YAClB,CAAC;YAED,kFAAkF;YAClF,IAAI,GAAG,CAAC,QAAQ,KAAK,4BAA4B,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBAC9E,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACjD,IAAI,MAAM,EAAE,CAAC;oBACX,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;gBACzE,CAAC;gBACD,OAAO,MAAM,OAAO,CAAC,YAAY,CAAC,kBAAkB,EAAE,MAAM,yBAAyB,EAAE,CAAC,CAAC;YAC3F,CAAC;YAED,0CAA0C;YAC1C,wEAAwE;YACxE,IAAI,GAAG,CAAC,QAAQ,KAAK,sCAAsC,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;gBACxF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACjD,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,OAAO,YAAY,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;gBAC5D,CAAC;gBAED,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACxD,MAAM,oBAAoB,GAAG,MAAM,KAAK,CAAC,6BAA6B,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBACnF,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBACzD,GAAG,EAAE,CAAC,CAAC,GAAG;oBACV,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,EAAE,EAAE,CAAC,CAAC,EAAE;iBACT,CAAC,CAAC,CAAC;gBAEJ,OAAO,YAAY,CAAC;oBAClB,aAAa,EAAE,IAAI;oBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,cAAc,EAAE,UAAU,EAAE,cAAc,IAAI,IAAI;oBAClD,iBAAiB;oBACjB,IAAI,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE;iBAC9E,CAAC,CAAC;YACL,CAAC;YACD,IAAI,GAAG,CAAC,QAAQ,KAAK,qCAAqC,EAAE,CAAC;gBAC3D,OAAO,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACjC,CAAC;YAED,0EAA0E;YAC1E,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1C,IAAI,CAAC;oBAAE,OAAO,CAAC,CAAC;YAClB,CAAC;YAED,wDAAwD;YACxD,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,CAAC,GAAG,MAAM,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACrC,IAAI,CAAC;oBAAE,OAAO,CAAC,CAAC;YAClB,CAAC;YAED,+CAA+C;YAC/C,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,CAAC,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBAC1C,IAAI,CAAC;oBAAE,OAAO,CAAC,CAAC;YAClB,CAAC;YAED,qCAAqC;YACrC,CAAC;gBACC,MAAM,CAAC,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACvC,IAAI,CAAC;oBAAE,OAAO,CAAC,CAAC;YAClB,CAAC;YAED,wCAAwC;YACxC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,kCAAkC,CAAC,EAAE,CAAC;gBAChE,OAAO,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAChC,CAAC;YAED,+CAA+C;YAC/C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC5D,IAAI,YAAY;gBAAE,OAAO,YAAY,CAAC;YAEtC,kDAAkD;YAClD,MAAM,iBAAiB,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YACvE,IAAI,iBAAiB;gBAAE,OAAO,iBAAiB,CAAC;YAEhD,iFAAiF;YACjF,CAAC;gBACC,MAAM,CAAC,GAAG,MAAM,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAC7C,IAAI,CAAC;oBAAE,OAAO,CAAC,CAAC;YAClB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,OAAgB;YAC3B,OAAO,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACjC,CAAC;QAED,KAAK,CAAC,UAAU,CAAC,OAAgB;YAC/B,OAAO,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAED,KAAK,CAAC,SAAS;YACb,OAAO,OAAO,CAAC,YAAY,CAAC,kBAAkB,EAAE,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACrF,CAAC;QAED,KAAK,CAAC,YAAY,CAAC,OAAgB;YACjC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,WAAW,CAAC;YACnE,IAAI,WAAW,EAAE,CAAC;gBAChB,OAAO,IAAI,QAAQ,CAAC,cAAc,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvD,CAAC;YACD,OAAO,OAAO,CAAC,YAAY,CAAC,kBAAkB,EAAE,MAAM,yBAAyB,EAAE,CAAC,CAAC;QACrF,CAAC;QAED,KAAK,CAAC,eAAe,CACnB,OAAgB,EAChB,OAAkC;YAElC,+BAA+B;YAC/B,MAAM,QAAQ,GAAG,MAAM,sBAAsB,CAAC,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;YACpF,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO;oBACL,GAAG,EAAE,QAAQ,CAAC,GAAG;oBACjB,EAAE,EAAE,QAAQ,CAAC,EAAE;oBACf,WAAW,EAAE,QAAQ,CAAC,WAAW;oBACjC,IAAI,EAAE,QAAQ,CAAC,IAAI;oBACnB,UAAU,EAAE,YAAY;oBACxB,WAAW,EAAE,QAAQ,CAAC,WAAW;oBACjC,QAAQ,EAAE,CAAC,QAAQ,CAAC,OAAO;iBAC5B,CAAC;YACJ,CAAC;YACD,2BAA2B;YAC3B,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAChD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACrD,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,IAAI,GAAI,IAAI,CAAC,IAAa,IAAI,OAAO,CAAC;oBAC5C,OAAO,EAAE,GAAG,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,SAAkB,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC3F,CAAC;gBACD,OAAO,EAAE,GAAG,SAAS,EAAE,UAAU,EAAE,SAAkB,EAAE,CAAC;YAC1D,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,KAAK,CAAC,aAAa,CACjB,OAAgB,EAChB,IAAyC;YAEzC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,MAAM,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,WAAW,CAAC;YACnE,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnD,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;YAEzF,sEAAsE;YACtE,IAAI,cAAc,GAA0B,IAAI,CAAC;YACjD,IAAI,IAAI,GAAgB,IAAI,CAAC;YAC7B,IAAI,OAAO,GAAG,KAAK,CAAC;YAEpB,IAAI,IAAI,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC/B,oDAAoD;gBACpD,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC;gBAC7B,IAAI,cAAc,EAAE,CAAC;oBACnB,IAAI,GAAG,cAAc,CAAC,IAAI,IAAI,IAAI,CAAC;oBACnC,IAAI,cAAc,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;wBAC1C,4DAA4D;wBAC5D,OAAO,GAAG,CAAC,cAAc,CAAC,QAAQ,CAAC;oBACrC,CAAC;yBAAM,CAAC;wBACN,kEAAkE;wBAClE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;wBAC1D,IAAI,IAAI,EAAE,CAAC;4BACT,OAAO,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC;wBAC3B,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,oCAAoC;gBACpC,MAAM,QAAQ,GAAG,MAAM,sBAAsB,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBAC9D,IAAI,QAAQ,EAAE,CAAC;oBACb,cAAc,GAAG;wBACf,GAAG,EAAE,QAAQ,CAAC,GAAG;wBACjB,EAAE,EAAE,QAAQ,CAAC,EAAE;wBACf,WAAW,EAAE,QAAQ,CAAC,WAAW;wBACjC,IAAI,EAAE,QAAQ,CAAC,IAAI;qBACpB,CAAC;oBACF,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC;oBACrB,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;gBAC7B,CAAC;qBAAM,CAAC;oBACN,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;oBAChD,IAAI,SAAS,EAAE,CAAC;wBACd,cAAc,GAAG,SAAS,CAAC;wBAC3B,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;wBACrD,IAAI,IAAI,EAAE,CAAC;4BACT,IAAI,GAAI,IAAI,CAAC,IAAa,IAAI,OAAO,CAAC;4BACtC,OAAO,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC;4BACzB,cAAc,GAAG,EAAE,GAAG,SAAS,EAAE,IAAI,EAAE,CAAC;wBAC1C,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;YAED,oCAAoC;YACpC,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,0BAA0B,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAE3E,uDAAuD;YACvD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACnB,IAAI,OAAO,EAAE,CAAC;oBACZ,0EAA0E;oBAC1E,uDAAuD;oBACvD,MAAM,WAAW,GAAG,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;oBAC9D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;wBACzB,0CAA0C;wBAC1C,OAAO;4BACL,QAAQ,EAAE,MAAM,YAAY,CAC1B,SAAS,EACT,oBAAoB,EACpB,GAAG,EACH,WAAW,EACX,SAAS,EACT,OAAO,EACP,MAAM,yBAAyB,EAAE,EACjC,kBAAkB,CACnB;yBACF,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,iBAAiB;gBACjB,MAAM,MAAM,GACV,cAAc,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,cAAc,EAAE,IAAI,EAAE,IAAI,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBACrF,OAAO,EAAE,MAAM,EAAE,CAAC;YACpB,CAAC;YAED,mBAAmB;YACnB,IAAI,MAAM,CAAC,MAAM,KAAK,iBAAiB,EAAE,CAAC;gBACxC,OAAO;oBACL,QAAQ,EAAE,MAAM,YAAY,CAC1B,iBAAiB,EACjB,yBAAyB,EACzB,GAAG,EACH,WAAW,EACX,SAAS,EACT,OAAO,EACP,MAAM,yBAAyB,EAAE,EACjC,kBAAkB,CACnB;iBACF,CAAC;YACJ,CAAC;YAED,4BAA4B;YAC5B,OAAO;gBACL,QAAQ,EAAE,MAAM,YAAY,CAC1B,WAAW,EACX,0BAA0B,EAC1B,GAAG,EACH,WAAW,EACX,SAAS,EACT,OAAO,EACP,MAAM,yBAAyB,EAAE,EACjC,kBAAkB,CACnB;aACF,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,aAAa,CAAC,OAAe,EAAE,WAAmB;YACtD,OAAO,KAAK,CAAC,aAAa,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QACnD,CAAC;QAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;YACjD,OAAO,KAAK,CAAC,yBAAyB,CAAC,WAAW,CAAC,CAAC;QACtD,CAAC;QAED,KAAK,CAAC,oBAAoB,CAAC,WAAmB;YAC5C,OAAO,KAAK,CAAC,oBAAoB,CAAC,WAAW,CAAC,CAAC;QACjD,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,IAAa,EAAE,MAAM,GAAG,GAAG;IAC/C,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;QACxC,MAAM;QACN,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,eAAe,EAAE,mBAAmB,EAAE;KACtF,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,IAAY,EACZ,OAAe,EACf,MAAc,EACd,WAAoB,EACpB,SAAkB,EAClB,OAAa,EACb,aAA+F,EAC/F,WAAoB;IAEpB,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IACjF,CAAC;IACD,oDAAoD;IACpD,IAAI,CAAC,SAAS,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACjC,OAAO,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;IAC1D,CAAC;IACD,OAAO,YAAY,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,MAAM,CAAC,CAAC;AACnE,CAAC"}

package/dist/auth-rpc-types.d.ts

@@ -1,139 +0,0 @@
-/**
- * RPC type definitions for Auth Worker Service Binding.
- *
- * This file is the ONLY import a Consumer needs:
- *   import type { AuthRPCInterface } from '@arcblock/did-connect-cloudflare/rpc-types';
- *
- * All types use JSON-serializable primitives (string/number/boolean).
- * Dates are ISO strings. No Request/Response objects cross the RPC boundary.
- */
-export interface CallerIdentityDTO {
-    did: string;
-    pk: string;
-    displayName?: string;
-    avatar?: string;
-    role?: "owner" | "admin" | "member" | "guest";
-    authMethod?: "passkey" | "did-connect" | "access-key" | "oauth" | "email";
-    accessKeyId?: string;
-    approved?: boolean;
-}
-export interface StoredMembershipDTO {
-    user_did: string;
-    instance_did: string;
-    role: string;
-    invited_by: string | null;
-    joined_at: string;
-}
-export interface MemberWithUserInfoDTO extends StoredMembershipDTO {
-    fullName?: string;
-    email?: string;
-    avatar?: string;
-    approved: number;
-}
-export interface StoredUserDTO {
-    did: string;
-    pk: string;
-    fullName?: string;
-    email?: string;
-    avatar?: string;
-    role?: string;
-    approved?: number;
-}
-export interface AuditLogDTO {
-    id: number;
-    action: string;
-    operatorDid: string;
-    targetDid: string | null;
-    metadata: string;
-    ip: string | null;
-    createdAt: string;
-    operatorName?: string | null;
-    targetName?: string | null;
-}
-export interface RuleWithPolicyDTO {
-    id: string;
-    pathPattern: string;
-    priority: number;
-    roles: string | null;
-    reverse: number;
-    enabled: number;
-}
-export interface RegisterAppConfig {
-    instanceDid: string;
-    appSk: string;
-    appPsk?: string;
-    appName?: string;
-}
-export interface CreateAuditLogInput {
-    action: string;
-    operatorDid: string;
-    targetDid?: string;
-    metadata?: Record<string, unknown>;
-    ip?: string;
-    instanceDid?: string;
-}
-export interface AuthRPCInterface {
-    /** Lightweight verify: JWT signature check only. */
-    verify(jwt: string): Promise<CallerIdentityDTO | null>;
-    /** Full verify: JWT + DB user existence + approval status. */
-    verifyFull(jwt: string): Promise<CallerIdentityDTO | null>;
-    /** Resolve identity: Access Key or JWT. */
-    resolveIdentity(jwt: string | null, authorizationHeader: string | null, instanceDid?: string): Promise<CallerIdentityDTO | null>;
-    /** Access policy evaluation (path-based access control). */
-    enforceAccess(jwt: string | null, authorizationHeader: string | null, pathname: string, instanceDid?: string): Promise<{
-        allowed: true;
-        caller: CallerIdentityDTO | null;
-    } | {
-        allowed: false;
-        status: 401 | 403;
-    }>;
-    getMembership(userDid: string, instanceDid: string): Promise<StoredMembershipDTO | null>;
-    listMemberships(instanceDid: string): Promise<StoredMembershipDTO[]>;
-    listMembershipsWithUserInfo(instanceDid: string): Promise<MemberWithUserInfoDTO[]>;
-    createMembership(userDid: string, instanceDid: string, role: string, invitedBy?: string): Promise<void>;
-    updateMembershipRole(userDid: string, instanceDid: string, role: string): Promise<void>;
-    deleteMembership(userDid: string, instanceDid: string): Promise<void>;
-    deleteMembershipsByInstance(instanceDid: string): Promise<void>;
-    getSetting(instanceDid: string, key: string): Promise<string | null>;
-    setSetting(instanceDid: string, key: string, value: string): Promise<void>;
-    listSettings(instanceDid: string): Promise<{
-        key: string;
-        value: string | null;
-        updated_at: string;
-    }[]>;
-    deleteSetting(instanceDid: string, key: string): Promise<void>;
-    getAuditLogsForInstance(instanceDid: string, opts: {
-        page: number;
-        pageSize: number;
-        action?: string;
-    }): Promise<{
-        logs: AuditLogDTO[];
-        total: number;
-    }>;
-    getAuditLogById(id: number, instanceDid: string): Promise<AuditLogDTO | null>;
-    createAuditLog(input: CreateAuditLogInput): Promise<void>;
-    getActiveRulesForInstance(instanceDid: string): Promise<RuleWithPolicyDTO[]>;
-    seedInstanceDefaults(instanceDid: string): Promise<void>;
-    getUserByDid(did: string): Promise<StoredUserDTO | null>;
-    createUser(params: {
-        did: string;
-        pk: string;
-        fullName?: string;
-        email?: string;
-        avatar?: string;
-        sourceProvider: string;
-        ip?: string;
-        domain?: string;
-    }): Promise<void>;
-    updateLastLogin(did: string, ip?: string, domain?: string): Promise<void>;
-    saveChallenge(id: string, challenge: string, invitationId?: string): Promise<void>;
-    getChallenge(id: string): Promise<{
-        challenge: string;
-        invitationId: string | null;
-    } | null>;
-    deleteChallenge(id: string): Promise<void>;
-    registerApp(config: RegisterAppConfig): Promise<{
-        instanceDid: string;
-    }>;
-}
-//# sourceMappingURL=auth-rpc-types.d.ts.map

package/dist/auth-rpc-types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-rpc-types.d.ts","sourceRoot":"","sources":["../src/auth-rpc-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,WAAW,iBAAiB;IAChC,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;IAC9C,UAAU,CAAC,EAAE,SAAS,GAAG,aAAa,GAAG,YAAY,GAAG,OAAO,GAAG,OAAO,CAAC;IAC1E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAsB,SAAQ,mBAAmB;IAChE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,EAAE,CAAC,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAID,MAAM,WAAW,gBAAgB;IAG/B,oDAAoD;IACpD,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IAEvD,8DAA8D;IAC9D,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IAE3D,2CAA2C;IAC3C,eAAe,CACb,GAAG,EAAE,MAAM,GAAG,IAAI,EAClB,mBAAmB,EAAE,MAAM,GAAG,IAAI,EAClC,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAAC;IAErC,4DAA4D;IAC5D,aAAa,CACX,GAAG,EAAE,MAAM,GAAG,IAAI,EAClB,mBAAmB,EAAE,MAAM,GAAG,IAAI,EAClC,QAAQ,EAAE,MAAM,EAChB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CACN;QAAE,OAAO,EAAE,IAAI,CAAC;QAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAA;KAAE,GACnD;QAAE,OAAO,EAAE,KAAK,CAAC;QAAC,MAAM,EAAE,GAAG,GAAG,GAAG,CAAA;KAAE,CACxC,CAAC;IAKF,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,IAAI,CAAC,CAAC;IACzF,eAAe,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC,CAAC;IACrE,2BAA2B,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAAC;IACnF,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxG,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxF,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACtE,2BAA2B,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAGhE,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACrE,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3E,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC,CAAC;IACxG,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAG/D,uBAAuB,CACrB,WAAW,EAAE,MAAM,EACnB,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GACxD,OAAO,CAAC;QAAE,IAAI,EAAE,WAAW,EAAE,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACnD,eAAe,CAAC,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC9E,cAAc,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAG1D,yBAAyB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC;IAC7E,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAKzD,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACzD,UAAU,CAAC,MAAM,EAAE;QACjB,GAAG,EAAE,MAAM,CAAC;QACZ,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,cAAc,EAAE,MAAM,CAAC;QACvB,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAG1E,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnF,YAAY,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IAC7F,eAAe,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAG3C,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC1E"}

package/dist/auth-rpc-types.js

@@ -1,11 +0,0 @@
-/**
- * RPC type definitions for Auth Worker Service Binding.
- *
- * This file is the ONLY import a Consumer needs:
- *   import type { AuthRPCInterface } from '@arcblock/did-connect-cloudflare/rpc-types';
- *
- * All types use JSON-serializable primitives (string/number/boolean).
- * Dates are ISO strings. No Request/Response objects cross the RPC boundary.
- */
-export {};
-//# sourceMappingURL=auth-rpc-types.js.map

package/dist/auth-rpc-types.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-rpc-types.js","sourceRoot":"","sources":["../src/auth-rpc-types.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}