@byoky/core 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +361 -8
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +150 -2
  4. package/dist/index.d.ts +150 -2
  5. package/dist/index.js +350 -8
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -24,7 +24,12 @@ __export(index_exports, {
24
24
  BYOKY_PROVIDER_KEY: () => BYOKY_PROVIDER_KEY,
25
25
  ByokyError: () => ByokyError,
26
26
  ByokyErrorCode: () => ByokyErrorCode,
27
+ MIN_PASSWORD_LENGTH: () => MIN_PASSWORD_LENGTH,
27
28
  PROVIDERS: () => PROVIDERS,
29
+ WS_READY_STATE: () => WS_READY_STATE,
30
+ buildHeaders: () => buildHeaders,
31
+ checkPasswordStrength: () => checkPasswordStrength,
32
+ computeAllowanceCheck: () => computeAllowanceCheck,
28
33
  createConnectRequest: () => createConnectRequest,
29
34
  createConnectResponse: () => createConnectResponse,
30
35
  createErrorMessage: () => createErrorMessage,
@@ -32,11 +37,17 @@ __export(index_exports, {
32
37
  decrypt: () => decrypt,
33
38
  deriveKey: () => deriveKey,
34
39
  encrypt: () => encrypt,
40
+ extractUsageFromParsed: () => extractUsageFromParsed,
35
41
  getProvider: () => getProvider,
36
42
  getProviderIds: () => getProviderIds,
37
43
  hashPassword: () => hashPassword,
38
44
  isByokyMessage: () => isByokyMessage,
39
45
  maskKey: () => maskKey,
46
+ parseModel: () => parseModel,
47
+ parseRelayMessage: () => parseRelayMessage,
48
+ parseUsage: () => parseUsage,
49
+ sendRelayMessage: () => sendRelayMessage,
50
+ validateProxyUrl: () => validateProxyUrl,
40
51
  verifyPassword: () => verifyPassword
41
52
  });
42
53
  module.exports = __toCommonJS(index_exports);
@@ -52,6 +63,8 @@ var ByokyErrorCode = /* @__PURE__ */ ((ByokyErrorCode2) => {
52
63
  ByokyErrorCode2["INVALID_KEY"] = "INVALID_KEY";
53
64
  ByokyErrorCode2["TOKEN_EXPIRED"] = "TOKEN_EXPIRED";
54
65
  ByokyErrorCode2["PROXY_ERROR"] = "PROXY_ERROR";
66
+ ByokyErrorCode2["RELAY_CONNECTION_FAILED"] = "RELAY_CONNECTION_FAILED";
67
+ ByokyErrorCode2["RELAY_DISCONNECTED"] = "RELAY_DISCONNECTED";
55
68
  ByokyErrorCode2["UNKNOWN"] = "UNKNOWN";
56
69
  return ByokyErrorCode2;
57
70
  })(ByokyErrorCode || {});
@@ -136,7 +149,11 @@ async function verifyPassword(password, storedHash) {
136
149
  const originalHash = combined.slice(SALT_LENGTH);
137
150
  const newHash = await deriveRawHash(password, salt);
138
151
  if (originalHash.length !== newHash.length) return false;
139
- return originalHash.every((byte, i) => byte === newHash[i]);
152
+ let result = 0;
153
+ for (let i = 0; i < originalHash.length; i++) {
154
+ result |= originalHash[i] ^ newHash[i];
155
+ }
156
+ return result === 0;
140
157
  }
141
158
  function maskKey(key) {
142
159
  if (key.length <= 8) return "****";
@@ -204,6 +221,18 @@ var ByokyError = class _ByokyError extends Error {
204
221
  { providerId }
205
222
  );
206
223
  }
224
+ static relayConnectionFailed(reason) {
225
+ return new _ByokyError(
226
+ "RELAY_CONNECTION_FAILED" /* RELAY_CONNECTION_FAILED */,
227
+ `Relay connection failed${reason ? `: ${reason}` : ""}`
228
+ );
229
+ }
230
+ static relayDisconnected() {
231
+ return new _ByokyError(
232
+ "RELAY_DISCONNECTED" /* RELAY_DISCONNECTED */,
233
+ "Relay connection was closed"
234
+ );
235
+ }
207
236
  };
208
237
 
209
238
  // src/protocol.ts
@@ -236,12 +265,7 @@ var PROVIDERS = {
236
265
  id: "anthropic",
237
266
  name: "Anthropic",
238
267
  authMethods: ["api_key", "oauth"],
239
- baseUrl: "https://api.anthropic.com",
240
- oauthConfig: {
241
- authorizationUrl: "https://console.anthropic.com/oauth/authorize",
242
- tokenUrl: "https://console.anthropic.com/oauth/token",
243
- scopes: []
244
- }
268
+ baseUrl: "https://api.anthropic.com"
245
269
  },
246
270
  openai: {
247
271
  id: "openai",
@@ -252,8 +276,93 @@ var PROVIDERS = {
252
276
  gemini: {
253
277
  id: "gemini",
254
278
  name: "Google Gemini",
279
+ authMethods: ["api_key", "oauth"],
280
+ baseUrl: "https://generativelanguage.googleapis.com",
281
+ oauthConfig: {
282
+ clientId: "699663966637-gr4d994198r4g6jvip25ffg85kree6ck.apps.googleusercontent.com",
283
+ authorizationUrl: "https://accounts.google.com/o/oauth2/v2/auth",
284
+ tokenUrl: "https://oauth2.googleapis.com/token",
285
+ scopes: ["https://www.googleapis.com/auth/generative-language"],
286
+ extraAuthParams: { access_type: "offline", prompt: "consent" }
287
+ }
288
+ },
289
+ mistral: {
290
+ id: "mistral",
291
+ name: "Mistral",
292
+ authMethods: ["api_key"],
293
+ baseUrl: "https://api.mistral.ai"
294
+ },
295
+ cohere: {
296
+ id: "cohere",
297
+ name: "Cohere",
255
298
  authMethods: ["api_key"],
256
- baseUrl: "https://generativelanguage.googleapis.com"
299
+ baseUrl: "https://api.cohere.com"
300
+ },
301
+ xai: {
302
+ id: "xai",
303
+ name: "xAI (Grok)",
304
+ authMethods: ["api_key"],
305
+ baseUrl: "https://api.x.ai"
306
+ },
307
+ deepseek: {
308
+ id: "deepseek",
309
+ name: "DeepSeek",
310
+ authMethods: ["api_key"],
311
+ baseUrl: "https://api.deepseek.com"
312
+ },
313
+ perplexity: {
314
+ id: "perplexity",
315
+ name: "Perplexity",
316
+ authMethods: ["api_key"],
317
+ baseUrl: "https://api.perplexity.ai"
318
+ },
319
+ groq: {
320
+ id: "groq",
321
+ name: "Groq",
322
+ authMethods: ["api_key"],
323
+ baseUrl: "https://api.groq.com"
324
+ },
325
+ together: {
326
+ id: "together",
327
+ name: "Together AI",
328
+ authMethods: ["api_key"],
329
+ baseUrl: "https://api.together.xyz"
330
+ },
331
+ fireworks: {
332
+ id: "fireworks",
333
+ name: "Fireworks AI",
334
+ authMethods: ["api_key"],
335
+ baseUrl: "https://api.fireworks.ai"
336
+ },
337
+ replicate: {
338
+ id: "replicate",
339
+ name: "Replicate",
340
+ authMethods: ["api_key"],
341
+ baseUrl: "https://api.replicate.com"
342
+ },
343
+ openrouter: {
344
+ id: "openrouter",
345
+ name: "OpenRouter",
346
+ authMethods: ["api_key"],
347
+ baseUrl: "https://openrouter.ai/api"
348
+ },
349
+ huggingface: {
350
+ id: "huggingface",
351
+ name: "Hugging Face",
352
+ authMethods: ["api_key", "oauth"],
353
+ baseUrl: "https://api-inference.huggingface.co",
354
+ oauthConfig: {
355
+ clientId: "031aeb11-725b-498a-93f9-d3599d84f57c",
356
+ authorizationUrl: "https://huggingface.co/oauth/authorize",
357
+ tokenUrl: "https://huggingface.co/oauth/token",
358
+ scopes: ["inference-api"]
359
+ }
360
+ },
361
+ azure_openai: {
362
+ id: "azure_openai",
363
+ name: "Azure OpenAI",
364
+ authMethods: ["api_key"],
365
+ baseUrl: "https://YOUR_RESOURCE.openai.azure.com"
257
366
  }
258
367
  };
259
368
  function getProvider(id) {
@@ -262,13 +371,251 @@ function getProvider(id) {
262
371
  function getProviderIds() {
263
372
  return Object.keys(PROVIDERS);
264
373
  }
374
+
375
+ // src/relay.ts
376
+ var WS_READY_STATE = {
377
+ CONNECTING: 0,
378
+ OPEN: 1,
379
+ CLOSING: 2,
380
+ CLOSED: 3
381
+ };
382
+ function parseRelayMessage(data) {
383
+ try {
384
+ const raw = typeof data === "string" ? JSON.parse(data) : data;
385
+ if (!raw || typeof raw !== "object" || typeof raw.type !== "string" || !raw.type.startsWith("relay:")) {
386
+ return null;
387
+ }
388
+ switch (raw.type) {
389
+ case "relay:hello":
390
+ if (typeof raw.sessionId !== "string") return null;
391
+ break;
392
+ case "relay:request":
393
+ if (typeof raw.requestId !== "string" || typeof raw.providerId !== "string" || typeof raw.url !== "string" || typeof raw.method !== "string") return null;
394
+ break;
395
+ case "relay:response:meta":
396
+ if (typeof raw.requestId !== "string" || typeof raw.status !== "number") return null;
397
+ break;
398
+ case "relay:response:chunk":
399
+ if (typeof raw.requestId !== "string" || typeof raw.chunk !== "string") return null;
400
+ break;
401
+ case "relay:response:done":
402
+ case "relay:response:error":
403
+ if (typeof raw.requestId !== "string") return null;
404
+ break;
405
+ case "relay:ping":
406
+ case "relay:pong":
407
+ if (typeof raw.ts !== "number") return null;
408
+ break;
409
+ default:
410
+ return null;
411
+ }
412
+ return raw;
413
+ } catch {
414
+ return null;
415
+ }
416
+ }
417
+ function sendRelayMessage(ws, msg) {
418
+ if (ws.readyState === WS_READY_STATE.OPEN) {
419
+ ws.send(JSON.stringify(msg));
420
+ }
421
+ }
422
+
423
+ // src/password-strength.ts
424
+ var COMMON_PASSWORDS = /* @__PURE__ */ new Set([
425
+ "password",
426
+ "12345678",
427
+ "qwerty12",
428
+ "letmein12",
429
+ "welcome1",
430
+ "monkey12",
431
+ "dragon12",
432
+ "master12",
433
+ "abc12345",
434
+ "password1",
435
+ "password12",
436
+ "iloveyou1",
437
+ "sunshine1",
438
+ "trustno1",
439
+ "princess1",
440
+ "football1",
441
+ "shadow123",
442
+ "michael1",
443
+ "jordan123",
444
+ "superman1"
445
+ ]);
446
+ function checkPasswordStrength(password) {
447
+ const feedback = [];
448
+ let score = 0;
449
+ if (password.length < 12) {
450
+ feedback.push("Use at least 12 characters");
451
+ if (password.length < 8) {
452
+ return { score: 0, label: "Too weak", feedback };
453
+ }
454
+ } else {
455
+ score++;
456
+ if (password.length >= 16) score++;
457
+ }
458
+ if (COMMON_PASSWORDS.has(password.toLowerCase())) {
459
+ feedback.push("This is a commonly used password");
460
+ return { score: 0, label: "Too weak", feedback };
461
+ }
462
+ const hasLower = /[a-z]/.test(password);
463
+ const hasUpper = /[A-Z]/.test(password);
464
+ const hasDigit = /\d/.test(password);
465
+ const hasSymbol = /[^a-zA-Z0-9]/.test(password);
466
+ const charTypes = [hasLower, hasUpper, hasDigit, hasSymbol].filter(Boolean).length;
467
+ if (charTypes < 2) {
468
+ feedback.push("Mix uppercase, lowercase, numbers, and symbols");
469
+ } else if (charTypes >= 3) {
470
+ score++;
471
+ }
472
+ if (charTypes >= 4) {
473
+ score++;
474
+ }
475
+ if (/(.)\1{3,}/.test(password)) {
476
+ feedback.push("Avoid repeated characters");
477
+ score = Math.max(0, score - 1);
478
+ }
479
+ if (/(?:012|123|234|345|456|567|678|789|abc|bcd|cde|def)/i.test(password)) {
480
+ feedback.push("Avoid sequential patterns");
481
+ score = Math.max(0, score - 1);
482
+ }
483
+ const capped = Math.min(4, Math.max(0, score));
484
+ const labels = {
485
+ 0: "Too weak",
486
+ 1: "Weak",
487
+ 2: "Fair",
488
+ 3: "Strong",
489
+ 4: "Very strong"
490
+ };
491
+ if (feedback.length === 0 && capped < 3) {
492
+ feedback.push("Add more character variety or length");
493
+ }
494
+ return { score: capped, label: labels[capped], feedback };
495
+ }
496
+ var MIN_PASSWORD_LENGTH = 12;
497
+
498
+ // src/proxy-utils.ts
499
+ function validateProxyUrl(providerId, url) {
500
+ const provider = PROVIDERS[providerId];
501
+ if (!provider) return false;
502
+ try {
503
+ const target = new URL(url);
504
+ if (target.protocol !== "https:") return false;
505
+ const base = new URL(provider.baseUrl);
506
+ return target.origin === base.origin;
507
+ } catch {
508
+ return false;
509
+ }
510
+ }
511
+ function buildHeaders(providerId, requestHeaders, apiKey, authMethod = "api_key") {
512
+ const headers = {};
513
+ for (const [key, value] of Object.entries(requestHeaders)) {
514
+ headers[key.toLowerCase()] = value;
515
+ }
516
+ delete headers["authorization"];
517
+ delete headers["x-api-key"];
518
+ delete headers["api-key"];
519
+ if (providerId === "anthropic") {
520
+ if (authMethod === "oauth") {
521
+ headers["authorization"] = `Bearer ${apiKey}`;
522
+ headers["user-agent"] = "claude-cli/2.1.75";
523
+ headers["x-app"] = "cli";
524
+ headers["anthropic-beta"] = "claude-code-20250219,oauth-2025-04-20";
525
+ } else {
526
+ headers["x-api-key"] = apiKey;
527
+ }
528
+ headers["anthropic-version"] = headers["anthropic-version"] ?? "2023-06-01";
529
+ } else if (providerId === "azure_openai") {
530
+ headers["api-key"] = apiKey;
531
+ } else {
532
+ headers["authorization"] = `Bearer ${apiKey}`;
533
+ }
534
+ return headers;
535
+ }
536
+ function parseModel(body) {
537
+ if (!body) return void 0;
538
+ try {
539
+ const parsed = JSON.parse(body);
540
+ return parsed.model ?? void 0;
541
+ } catch {
542
+ return void 0;
543
+ }
544
+ }
545
+ function parseUsage(providerId, body) {
546
+ try {
547
+ if (body.includes("data: ")) {
548
+ const lines = body.split("\n").filter((l) => l.startsWith("data: ") && !l.includes("[DONE]"));
549
+ for (let i = lines.length - 1; i >= 0; i--) {
550
+ const json = lines[i].replace("data: ", "");
551
+ try {
552
+ const parsed2 = JSON.parse(json);
553
+ const usage = extractUsageFromParsed(providerId, parsed2);
554
+ if (usage) return usage;
555
+ } catch {
556
+ continue;
557
+ }
558
+ }
559
+ return void 0;
560
+ }
561
+ const parsed = JSON.parse(body);
562
+ return extractUsageFromParsed(providerId, parsed);
563
+ } catch {
564
+ return void 0;
565
+ }
566
+ }
567
+ function extractUsageFromParsed(providerId, parsed) {
568
+ if (providerId === "anthropic") {
569
+ const usage2 = parsed.usage;
570
+ if (usage2?.input_tokens != null && usage2?.output_tokens != null) {
571
+ return { inputTokens: usage2.input_tokens, outputTokens: usage2.output_tokens };
572
+ }
573
+ }
574
+ if (providerId === "gemini") {
575
+ const meta = parsed.usageMetadata;
576
+ if (meta?.promptTokenCount != null) {
577
+ return {
578
+ inputTokens: meta.promptTokenCount,
579
+ outputTokens: meta.candidatesTokenCount ?? 0
580
+ };
581
+ }
582
+ }
583
+ const usage = parsed.usage;
584
+ if (usage?.prompt_tokens != null && usage?.completion_tokens != null) {
585
+ return { inputTokens: usage.prompt_tokens, outputTokens: usage.completion_tokens };
586
+ }
587
+ return void 0;
588
+ }
589
+ function computeAllowanceCheck(allowance, entries, providerId) {
590
+ if (!allowance) return { allowed: true };
591
+ let totalUsed = 0;
592
+ const byProvider = {};
593
+ for (const entry of entries) {
594
+ const tokens = (entry.inputTokens ?? 0) + (entry.outputTokens ?? 0);
595
+ totalUsed += tokens;
596
+ byProvider[entry.providerId] = (byProvider[entry.providerId] ?? 0) + tokens;
597
+ }
598
+ if (allowance.totalLimit != null && totalUsed >= allowance.totalLimit) {
599
+ return { allowed: false, reason: `Token allowance exceeded for ${allowance.origin}` };
600
+ }
601
+ const providerLimit = allowance.providerLimits?.[providerId];
602
+ if (providerLimit != null && (byProvider[providerId] ?? 0) >= providerLimit) {
603
+ return { allowed: false, reason: `Token allowance for ${providerId} exceeded` };
604
+ }
605
+ return { allowed: true };
606
+ }
265
607
  // Annotate the CommonJS export names for ESM import in node:
266
608
  0 && (module.exports = {
267
609
  BYOKY_MESSAGE_PREFIX,
268
610
  BYOKY_PROVIDER_KEY,
269
611
  ByokyError,
270
612
  ByokyErrorCode,
613
+ MIN_PASSWORD_LENGTH,
271
614
  PROVIDERS,
615
+ WS_READY_STATE,
616
+ buildHeaders,
617
+ checkPasswordStrength,
618
+ computeAllowanceCheck,
272
619
  createConnectRequest,
273
620
  createConnectResponse,
274
621
  createErrorMessage,
@@ -276,11 +623,17 @@ function getProviderIds() {
276
623
  decrypt,
277
624
  deriveKey,
278
625
  encrypt,
626
+ extractUsageFromParsed,
279
627
  getProvider,
280
628
  getProviderIds,
281
629
  hashPassword,
282
630
  isByokyMessage,
283
631
  maskKey,
632
+ parseModel,
633
+ parseRelayMessage,
634
+ parseUsage,
635
+ sendRelayMessage,
636
+ validateProxyUrl,
284
637
  verifyPassword
285
638
  });
286
639
  //# sourceMappingURL=index.cjs.map
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/types.ts","../src/crypto.ts","../src/errors.ts","../src/protocol.ts","../src/providers.ts"],"sourcesContent":["export * from './types.js';\nexport * from './crypto.js';\nexport * from './errors.js';\nexport * from './protocol.js';\nexport * from './providers.js';\n","export type ProviderId = 'anthropic' | 'openai' | 'gemini' | (string & {});\n\nexport type AuthMethod = 'api_key' | 'oauth';\n\nexport interface ProviderConfig {\n id: ProviderId;\n name: string;\n authMethods: AuthMethod[];\n baseUrl: string;\n oauthConfig?: OAuthConfig;\n}\n\nexport interface OAuthConfig {\n authorizationUrl: string;\n tokenUrl: string;\n scopes: string[];\n}\n\n// --- Credentials ---\n\nexport interface CredentialBase {\n id: string;\n providerId: ProviderId;\n label: string;\n authMethod: AuthMethod;\n createdAt: number;\n lastUsedAt?: number;\n}\n\nexport interface ApiKeyCredential extends CredentialBase {\n authMethod: 'api_key';\n encryptedKey: string;\n}\n\nexport interface OAuthCredential extends CredentialBase {\n authMethod: 'oauth';\n encryptedAccessToken: string;\n encryptedRefreshToken?: string;\n expiresAt?: number;\n}\n\nexport type Credential = ApiKeyCredential | OAuthCredential;\n\nexport interface CredentialMeta {\n id: string;\n providerId: ProviderId;\n label: string;\n authMethod: AuthMethod;\n createdAt: number;\n lastUsedAt?: number;\n maskedKey?: string;\n}\n\n// --- Sessions ---\n\nexport interface Session {\n id: string;\n sessionKey: string;\n appOrigin: string;\n appName?: string;\n providers: SessionProvider[];\n createdAt: number;\n expiresAt: number;\n}\n\nexport interface SessionProvider {\n providerId: ProviderId;\n credentialId: string;\n available: boolean;\n authMethod: AuthMethod;\n}\n\n// --- Connect ---\n\nexport interface ConnectRequest {\n providers?: ProviderRequirement[];\n capabilities?: string[];\n}\n\nexport interface ProviderRequirement {\n id: ProviderId;\n required: boolean;\n}\n\nexport interface ConnectResponse {\n sessionKey: string;\n proxyUrl: string;\n providers: Record<\n string,\n {\n available: boolean;\n authMethod: AuthMethod;\n }\n >;\n}\n\n// --- Proxy ---\n\nexport interface ProxyRequest {\n requestId: string;\n sessionKey: string;\n providerId: string;\n url: string;\n method: string;\n headers: Record<string, string>;\n body?: string;\n}\n\nexport interface ProxyResponseMeta {\n requestId: string;\n status: number;\n statusText: string;\n headers: Record<string, string>;\n}\n\nexport interface ProxyResponseChunk {\n requestId: string;\n chunk: string;\n}\n\nexport interface ProxyResponseError {\n requestId: string;\n status: number;\n error: { code: string; message: string };\n}\n\n// --- Protocol messages ---\n\nexport type MessageType =\n | 'BYOKY_CONNECT_REQUEST'\n | 'BYOKY_CONNECT_RESPONSE'\n | 'BYOKY_DISCONNECT'\n | 'BYOKY_PROXY_REQUEST'\n | 'BYOKY_PROXY_RESPONSE_META'\n | 'BYOKY_PROXY_RESPONSE_CHUNK'\n | 'BYOKY_PROXY_RESPONSE_DONE'\n | 'BYOKY_PROXY_RESPONSE_ERROR'\n | 'BYOKY_ERROR';\n\nexport interface ByokyMessage {\n type: MessageType;\n id: string;\n requestId?: string;\n payload: unknown;\n}\n\n// --- Errors ---\n\nexport enum ByokyErrorCode {\n WALLET_NOT_INSTALLED = 'WALLET_NOT_INSTALLED',\n USER_REJECTED = 'USER_REJECTED',\n PROVIDER_UNAVAILABLE = 'PROVIDER_UNAVAILABLE',\n SESSION_EXPIRED = 'SESSION_EXPIRED',\n RATE_LIMITED = 'RATE_LIMITED',\n QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n INVALID_KEY = 'INVALID_KEY',\n TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n PROXY_ERROR = 'PROXY_ERROR',\n UNKNOWN = 'UNKNOWN',\n}\n\n// --- Request log ---\n\nexport interface RequestLogEntry {\n id: string;\n sessionId: string;\n appOrigin: string;\n providerId: ProviderId;\n url: string;\n method: string;\n status: number;\n timestamp: number;\n error?: string;\n}\n\n// --- Pending approval ---\n\nexport interface PendingApproval {\n id: string;\n appOrigin: string;\n appName?: string;\n providers: ProviderRequirement[];\n timestamp: number;\n}\n","const SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst KEY_LENGTH = 256;\nconst ITERATIONS = 600_000;\n\nexport async function deriveKey(\n password: string,\n salt: Uint8Array,\n): Promise<CryptoKey> {\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n new TextEncoder().encode(password),\n 'PBKDF2',\n false,\n ['deriveKey'],\n );\n\n return crypto.subtle.deriveKey(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n keyMaterial,\n { name: 'AES-GCM', length: KEY_LENGTH },\n false,\n ['encrypt', 'decrypt'],\n );\n}\n\nexport async function encrypt(\n plaintext: string,\n password: string,\n): Promise<string> {\n const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));\n const key = await deriveKey(password, salt);\n\n const ciphertext = await crypto.subtle.encrypt(\n { name: 'AES-GCM', iv },\n key,\n new TextEncoder().encode(plaintext),\n );\n\n const combined = new Uint8Array(\n salt.length + iv.length + new Uint8Array(ciphertext).length,\n );\n combined.set(salt, 0);\n combined.set(iv, salt.length);\n combined.set(new Uint8Array(ciphertext), salt.length + iv.length);\n\n return btoa(String.fromCharCode(...combined));\n}\n\nexport async function decrypt(\n encrypted: string,\n password: string,\n): Promise<string> {\n const combined = Uint8Array.from(atob(encrypted), (c) => c.charCodeAt(0));\n\n const salt = combined.slice(0, SALT_LENGTH);\n const iv = combined.slice(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const ciphertext = combined.slice(SALT_LENGTH + IV_LENGTH);\n\n const key = await deriveKey(password, salt);\n\n const plaintext = await crypto.subtle.decrypt(\n { name: 'AES-GCM', iv },\n key,\n ciphertext,\n );\n\n return new TextDecoder().decode(plaintext);\n}\n\nasync function deriveRawHash(\n password: string,\n salt: Uint8Array,\n): Promise<Uint8Array> {\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n new TextEncoder().encode(password),\n 'PBKDF2',\n false,\n ['deriveBits'],\n );\n\n const bits = await crypto.subtle.deriveBits(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n keyMaterial,\n KEY_LENGTH,\n );\n\n return new Uint8Array(bits);\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n const hash = await deriveRawHash(password, salt);\n\n const combined = new Uint8Array(salt.length + hash.length);\n combined.set(salt, 0);\n combined.set(hash, salt.length);\n\n return btoa(String.fromCharCode(...combined));\n}\n\nexport async function verifyPassword(\n password: string,\n storedHash: string,\n): Promise<boolean> {\n const combined = Uint8Array.from(atob(storedHash), (c) => c.charCodeAt(0));\n const salt = combined.slice(0, SALT_LENGTH);\n const originalHash = combined.slice(SALT_LENGTH);\n\n const newHash = await deriveRawHash(password, salt);\n\n if (originalHash.length !== newHash.length) return false;\n return originalHash.every((byte, i) => byte === newHash[i]);\n}\n\nexport function maskKey(key: string): string {\n if (key.length <= 8) return '****';\n return `${key.slice(0, 4)}...${key.slice(-4)}`;\n}\n","import { ByokyErrorCode } from './types.js';\n\nexport class ByokyError extends Error {\n constructor(\n public readonly code: ByokyErrorCode,\n message: string,\n public readonly details?: Record<string, unknown>,\n ) {\n super(message);\n this.name = 'ByokyError';\n }\n\n static walletNotInstalled() {\n return new ByokyError(\n ByokyErrorCode.WALLET_NOT_INSTALLED,\n 'byoky wallet extension is not installed',\n );\n }\n\n static userRejected() {\n return new ByokyError(\n ByokyErrorCode.USER_REJECTED,\n 'User rejected the connection request',\n );\n }\n\n static providerUnavailable(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.PROVIDER_UNAVAILABLE,\n `Provider \"${providerId}\" is not available`,\n { providerId },\n );\n }\n\n static sessionExpired() {\n return new ByokyError(\n ByokyErrorCode.SESSION_EXPIRED,\n 'Session has expired — please reconnect',\n );\n }\n\n static rateLimited(retryAfter?: number) {\n return new ByokyError(\n ByokyErrorCode.RATE_LIMITED,\n `Rate limit exceeded${retryAfter ? ` — retry after ${retryAfter}s` : ''}`,\n { retryAfter },\n );\n }\n\n static quotaExceeded(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.QUOTA_EXCEEDED,\n `Quota exceeded for ${providerId} — check your billing`,\n { providerId },\n );\n }\n\n static invalidKey(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.INVALID_KEY,\n `Invalid API key for ${providerId}`,\n { providerId },\n );\n }\n\n static tokenExpired(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.TOKEN_EXPIRED,\n `OAuth token expired for ${providerId} — re-authentication required`,\n { providerId },\n );\n }\n}\n","import type {\n ByokyMessage,\n ConnectRequest,\n ConnectResponse,\n MessageType,\n} from './types.js';\n\nexport const BYOKY_PROVIDER_KEY = '__byoky__';\nexport const BYOKY_MESSAGE_PREFIX = 'BYOKY_';\n\nexport function createMessage(\n type: MessageType,\n payload: unknown,\n requestId?: string,\n): ByokyMessage {\n return {\n type,\n id: crypto.randomUUID(),\n requestId,\n payload,\n };\n}\n\nexport function isByokyMessage(data: unknown): data is ByokyMessage {\n return (\n typeof data === 'object' &&\n data !== null &&\n 'type' in data &&\n typeof (data as ByokyMessage).type === 'string' &&\n (data as ByokyMessage).type.startsWith(BYOKY_MESSAGE_PREFIX)\n );\n}\n\nexport function createConnectRequest(request: ConnectRequest): ByokyMessage {\n return createMessage('BYOKY_CONNECT_REQUEST', request);\n}\n\nexport function createConnectResponse(\n response: ConnectResponse,\n requestId: string,\n): ByokyMessage {\n return createMessage('BYOKY_CONNECT_RESPONSE', response, requestId);\n}\n\nexport function createErrorMessage(\n code: string,\n message: string,\n requestId?: string,\n): ByokyMessage {\n return createMessage('BYOKY_ERROR', { code, message }, requestId);\n}\n","import type { ProviderConfig } from './types.js';\n\nexport const PROVIDERS: Record<string, ProviderConfig> = {\n anthropic: {\n id: 'anthropic',\n name: 'Anthropic',\n authMethods: ['api_key', 'oauth'],\n baseUrl: 'https://api.anthropic.com',\n oauthConfig: {\n authorizationUrl: 'https://console.anthropic.com/oauth/authorize',\n tokenUrl: 'https://console.anthropic.com/oauth/token',\n scopes: [],\n },\n },\n openai: {\n id: 'openai',\n name: 'OpenAI',\n authMethods: ['api_key'],\n baseUrl: 'https://api.openai.com',\n },\n gemini: {\n id: 'gemini',\n name: 'Google Gemini',\n authMethods: ['api_key'],\n baseUrl: 'https://generativelanguage.googleapis.com',\n },\n};\n\nexport function getProvider(id: string): ProviderConfig | undefined {\n return PROVIDERS[id];\n}\n\nexport function getProviderIds(): string[] {\n return Object.keys(PROVIDERS);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACoJO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,qBAAkB;AAClB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,aAAU;AAVA,SAAAA;AAAA,GAAA;;;ACpJZ,IAAM,cAAc;AACpB,IAAM,YAAY;AAClB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEnB,eAAsB,UACpB,UACA,MACoB;AACpB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,WAAW;AAAA,EACd;AAEA,SAAO,OAAO,OAAO;AAAA,IACnB,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA,EAAE,MAAM,WAAW,QAAQ,WAAW;AAAA,IACtC;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACvB;AACF;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,SAAS,CAAC;AAC3D,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,aAAa,MAAM,OAAO,OAAO;AAAA,IACrC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EACpC;AAEA,QAAM,WAAW,IAAI;AAAA,IACnB,KAAK,SAAS,GAAG,SAAS,IAAI,WAAW,UAAU,EAAE;AAAA,EACvD;AACA,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,IAAI,KAAK,MAAM;AAC5B,WAAS,IAAI,IAAI,WAAW,UAAU,GAAG,KAAK,SAAS,GAAG,MAAM;AAEhE,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,WAAW,WAAW,KAAK,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAExE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,KAAK,SAAS,MAAM,aAAa,cAAc,SAAS;AAC9D,QAAM,aAAa,SAAS,MAAM,cAAc,SAAS;AAEzD,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACpC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;AAEA,eAAe,cACb,UACA,MACqB;AACrB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,YAAY;AAAA,EACf;AAEA,QAAM,OAAO,MAAM,OAAO,OAAO;AAAA,IAC/B,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,eAAsB,aAAa,UAAmC;AACpE,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,OAAO,MAAM,cAAc,UAAU,IAAI;AAE/C,QAAM,WAAW,IAAI,WAAW,KAAK,SAAS,KAAK,MAAM;AACzD,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,MAAM,KAAK,MAAM;AAE9B,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,eACpB,UACA,YACkB;AAClB,QAAM,WAAW,WAAW,KAAK,KAAK,UAAU,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACzE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,eAAe,SAAS,MAAM,WAAW;AAE/C,QAAM,UAAU,MAAM,cAAc,UAAU,IAAI;AAElD,MAAI,aAAa,WAAW,QAAQ,OAAQ,QAAO;AACnD,SAAO,aAAa,MAAM,CAAC,MAAM,MAAM,SAAS,QAAQ,CAAC,CAAC;AAC5D;AAEO,SAAS,QAAQ,KAAqB;AAC3C,MAAI,IAAI,UAAU,EAAG,QAAO;AAC5B,SAAO,GAAG,IAAI,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC;AAC9C;;;ACtHO,IAAM,aAAN,MAAM,oBAAmB,MAAM;AAAA,EACpC,YACkB,MAChB,SACgB,SAChB;AACA,UAAM,OAAO;AAJG;AAEA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,qBAAqB;AAC1B,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eAAe;AACpB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,oBAAoB,YAAoB;AAC7C,WAAO,IAAI;AAAA;AAAA,MAET,aAAa,UAAU;AAAA,MACvB,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB;AACtB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,YAAY,YAAqB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,aAAa,uBAAkB,UAAU,MAAM,EAAE;AAAA,MACvE,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,cAAc,YAAoB;AACvC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,UAAU;AAAA,MAChC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,WAAW,YAAoB;AACpC,WAAO,IAAI;AAAA;AAAA,MAET,uBAAuB,UAAU;AAAA,MACjC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,YAAoB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,2BAA2B,UAAU;AAAA,MACrC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AACF;;;ACjEO,IAAM,qBAAqB;AAC3B,IAAM,uBAAuB;AAE7B,SAAS,cACd,MACA,SACA,WACc;AACd,SAAO;AAAA,IACL;AAAA,IACA,IAAI,OAAO,WAAW;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAqC;AAClE,SACE,OAAO,SAAS,YAChB,SAAS,QACT,UAAU,QACV,OAAQ,KAAsB,SAAS,YACtC,KAAsB,KAAK,WAAW,oBAAoB;AAE/D;AAEO,SAAS,qBAAqB,SAAuC;AAC1E,SAAO,cAAc,yBAAyB,OAAO;AACvD;AAEO,SAAS,sBACd,UACA,WACc;AACd,SAAO,cAAc,0BAA0B,UAAU,SAAS;AACpE;AAEO,SAAS,mBACd,MACA,SACA,WACc;AACd,SAAO,cAAc,eAAe,EAAE,MAAM,QAAQ,GAAG,SAAS;AAClE;;;AChDO,IAAM,YAA4C;AAAA,EACvD,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,IACT,aAAa;AAAA,MACX,kBAAkB;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ,CAAC;AAAA,IACX;AAAA,EACF;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AACF;AAEO,SAAS,YAAY,IAAwC;AAClE,SAAO,UAAU,EAAE;AACrB;AAEO,SAAS,iBAA2B;AACzC,SAAO,OAAO,KAAK,SAAS;AAC9B;","names":["ByokyErrorCode"]}
1
+ {"version":3,"sources":["../src/index.ts","../src/types.ts","../src/crypto.ts","../src/errors.ts","../src/protocol.ts","../src/providers.ts","../src/relay.ts","../src/password-strength.ts","../src/proxy-utils.ts"],"sourcesContent":["export * from './types.js';\nexport * from './crypto.js';\nexport * from './errors.js';\nexport * from './protocol.js';\nexport * from './providers.js';\nexport * from './relay.js';\nexport * from './password-strength.js';\nexport * from './proxy-utils.js';\n","export type ProviderId = 'anthropic' | 'openai' | 'gemini' | (string & {});\n\nexport type AuthMethod = 'api_key' | 'oauth';\n\nexport interface ProviderConfig {\n id: ProviderId;\n name: string;\n authMethods: AuthMethod[];\n baseUrl: string;\n oauthConfig?: OAuthConfig;\n}\n\nexport interface OAuthConfig {\n clientId: string;\n authorizationUrl: string;\n tokenUrl: string;\n scopes: string[];\n extraAuthParams?: Record<string, string>;\n}\n\n// --- Credentials ---\n\nexport interface CredentialBase {\n id: string;\n providerId: ProviderId;\n label: string;\n authMethod: AuthMethod;\n createdAt: number;\n lastUsedAt?: number;\n}\n\nexport interface ApiKeyCredential extends CredentialBase {\n authMethod: 'api_key';\n encryptedKey: string;\n}\n\nexport interface OAuthCredential extends CredentialBase {\n authMethod: 'oauth';\n encryptedAccessToken: string;\n encryptedRefreshToken?: string;\n expiresAt?: number;\n}\n\nexport type Credential = ApiKeyCredential | OAuthCredential;\n\nexport interface CredentialMeta {\n id: string;\n providerId: ProviderId;\n label: string;\n authMethod: AuthMethod;\n createdAt: number;\n lastUsedAt?: number;\n maskedKey?: string;\n}\n\n// --- Sessions ---\n\nexport interface Session {\n id: string;\n sessionKey: string;\n appOrigin: string;\n appName?: string;\n providers: SessionProvider[];\n createdAt: number;\n expiresAt: number;\n}\n\nexport interface SessionProvider {\n providerId: ProviderId;\n credentialId: string;\n available: boolean;\n authMethod: AuthMethod;\n}\n\n// --- Connect ---\n\nexport interface ConnectRequest {\n providers?: ProviderRequirement[];\n capabilities?: string[];\n}\n\nexport interface ProviderRequirement {\n id: ProviderId;\n required: boolean;\n}\n\nexport interface ConnectResponse {\n sessionKey: string;\n proxyUrl: string;\n providers: Record<\n string,\n {\n available: boolean;\n authMethod: AuthMethod;\n }\n >;\n}\n\n// --- Proxy ---\n\nexport interface ProxyRequest {\n requestId: string;\n sessionKey: string;\n providerId: string;\n url: string;\n method: string;\n headers: Record<string, string>;\n body?: string;\n}\n\nexport interface ProxyResponseMeta {\n requestId: string;\n status: number;\n statusText: string;\n headers: Record<string, string>;\n}\n\nexport interface ProxyResponseChunk {\n requestId: string;\n chunk: string;\n}\n\nexport interface ProxyResponseError {\n requestId: string;\n status: number;\n error: { code: string; message: string };\n}\n\n// --- Protocol messages ---\n\nexport type MessageType =\n | 'BYOKY_CONNECT_REQUEST'\n | 'BYOKY_CONNECT_RESPONSE'\n | 'BYOKY_DISCONNECT'\n | 'BYOKY_PROXY_REQUEST'\n | 'BYOKY_PROXY_RESPONSE_META'\n | 'BYOKY_PROXY_RESPONSE_CHUNK'\n | 'BYOKY_PROXY_RESPONSE_DONE'\n | 'BYOKY_PROXY_RESPONSE_ERROR'\n | 'BYOKY_SESSION_STATUS'\n | 'BYOKY_SESSION_STATUS_RESPONSE'\n | 'BYOKY_SESSION_USAGE'\n | 'BYOKY_SESSION_USAGE_RESPONSE'\n | 'BYOKY_SESSION_REVOKED'\n | 'BYOKY_ERROR';\n\nexport interface ByokyMessage {\n type: MessageType;\n id: string;\n requestId?: string;\n payload: unknown;\n}\n\n// --- Session queries ---\n\nexport interface SessionUsage {\n requests: number;\n inputTokens: number;\n outputTokens: number;\n byProvider: Record<string, {\n requests: number;\n inputTokens: number;\n outputTokens: number;\n }>;\n}\n\n// --- Errors ---\n\nexport enum ByokyErrorCode {\n WALLET_NOT_INSTALLED = 'WALLET_NOT_INSTALLED',\n USER_REJECTED = 'USER_REJECTED',\n PROVIDER_UNAVAILABLE = 'PROVIDER_UNAVAILABLE',\n SESSION_EXPIRED = 'SESSION_EXPIRED',\n RATE_LIMITED = 'RATE_LIMITED',\n QUOTA_EXCEEDED = 'QUOTA_EXCEEDED',\n INVALID_KEY = 'INVALID_KEY',\n TOKEN_EXPIRED = 'TOKEN_EXPIRED',\n PROXY_ERROR = 'PROXY_ERROR',\n RELAY_CONNECTION_FAILED = 'RELAY_CONNECTION_FAILED',\n RELAY_DISCONNECTED = 'RELAY_DISCONNECTED',\n UNKNOWN = 'UNKNOWN',\n}\n\n// --- Request log ---\n\nexport interface RequestLogEntry {\n id: string;\n sessionId: string;\n appOrigin: string;\n providerId: ProviderId;\n url: string;\n method: string;\n status: number;\n timestamp: number;\n error?: string;\n inputTokens?: number;\n outputTokens?: number;\n model?: string;\n}\n\n// --- Pending approval ---\n\nexport interface PendingApproval {\n id: string;\n appOrigin: string;\n appName?: string;\n providers: ProviderRequirement[];\n timestamp: number;\n}\n\n// --- Trusted sites ---\n\nexport interface TrustedSite {\n origin: string;\n trustedAt: number;\n}\n\n// --- Token allowances ---\n\nexport interface TokenAllowance {\n origin: string;\n totalLimit?: number;\n providerLimits?: Record<string, number>;\n}\n","const SALT_LENGTH = 16;\nconst IV_LENGTH = 12;\nconst KEY_LENGTH = 256;\nconst ITERATIONS = 600_000;\n\nexport async function deriveKey(\n password: string,\n salt: Uint8Array,\n): Promise<CryptoKey> {\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n new TextEncoder().encode(password),\n 'PBKDF2',\n false,\n ['deriveKey'],\n );\n\n return crypto.subtle.deriveKey(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n keyMaterial,\n { name: 'AES-GCM', length: KEY_LENGTH },\n false,\n ['encrypt', 'decrypt'],\n );\n}\n\nexport async function encrypt(\n plaintext: string,\n password: string,\n): Promise<string> {\n const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));\n const key = await deriveKey(password, salt);\n\n const ciphertext = await crypto.subtle.encrypt(\n { name: 'AES-GCM', iv },\n key,\n new TextEncoder().encode(plaintext),\n );\n\n const combined = new Uint8Array(\n salt.length + iv.length + new Uint8Array(ciphertext).length,\n );\n combined.set(salt, 0);\n combined.set(iv, salt.length);\n combined.set(new Uint8Array(ciphertext), salt.length + iv.length);\n\n return btoa(String.fromCharCode(...combined));\n}\n\nexport async function decrypt(\n encrypted: string,\n password: string,\n): Promise<string> {\n const combined = Uint8Array.from(atob(encrypted), (c) => c.charCodeAt(0));\n\n const salt = combined.slice(0, SALT_LENGTH);\n const iv = combined.slice(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);\n const ciphertext = combined.slice(SALT_LENGTH + IV_LENGTH);\n\n const key = await deriveKey(password, salt);\n\n const plaintext = await crypto.subtle.decrypt(\n { name: 'AES-GCM', iv },\n key,\n ciphertext,\n );\n\n return new TextDecoder().decode(plaintext);\n}\n\nasync function deriveRawHash(\n password: string,\n salt: Uint8Array,\n): Promise<Uint8Array> {\n const keyMaterial = await crypto.subtle.importKey(\n 'raw',\n new TextEncoder().encode(password),\n 'PBKDF2',\n false,\n ['deriveBits'],\n );\n\n const bits = await crypto.subtle.deriveBits(\n { name: 'PBKDF2', salt: salt as BufferSource, iterations: ITERATIONS, hash: 'SHA-256' },\n keyMaterial,\n KEY_LENGTH,\n );\n\n return new Uint8Array(bits);\n}\n\nexport async function hashPassword(password: string): Promise<string> {\n const salt = crypto.getRandomValues(new Uint8Array(SALT_LENGTH));\n const hash = await deriveRawHash(password, salt);\n\n const combined = new Uint8Array(salt.length + hash.length);\n combined.set(salt, 0);\n combined.set(hash, salt.length);\n\n return btoa(String.fromCharCode(...combined));\n}\n\nexport async function verifyPassword(\n password: string,\n storedHash: string,\n): Promise<boolean> {\n const combined = Uint8Array.from(atob(storedHash), (c) => c.charCodeAt(0));\n const salt = combined.slice(0, SALT_LENGTH);\n const originalHash = combined.slice(SALT_LENGTH);\n\n const newHash = await deriveRawHash(password, salt);\n\n if (originalHash.length !== newHash.length) return false;\n let result = 0;\n for (let i = 0; i < originalHash.length; i++) {\n result |= originalHash[i] ^ newHash[i];\n }\n return result === 0;\n}\n\nexport function maskKey(key: string): string {\n if (key.length <= 8) return '****';\n return `${key.slice(0, 4)}...${key.slice(-4)}`;\n}\n","import { ByokyErrorCode } from './types.js';\n\nexport class ByokyError extends Error {\n constructor(\n public readonly code: ByokyErrorCode,\n message: string,\n public readonly details?: Record<string, unknown>,\n ) {\n super(message);\n this.name = 'ByokyError';\n }\n\n static walletNotInstalled() {\n return new ByokyError(\n ByokyErrorCode.WALLET_NOT_INSTALLED,\n 'byoky wallet extension is not installed',\n );\n }\n\n static userRejected() {\n return new ByokyError(\n ByokyErrorCode.USER_REJECTED,\n 'User rejected the connection request',\n );\n }\n\n static providerUnavailable(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.PROVIDER_UNAVAILABLE,\n `Provider \"${providerId}\" is not available`,\n { providerId },\n );\n }\n\n static sessionExpired() {\n return new ByokyError(\n ByokyErrorCode.SESSION_EXPIRED,\n 'Session has expired — please reconnect',\n );\n }\n\n static rateLimited(retryAfter?: number) {\n return new ByokyError(\n ByokyErrorCode.RATE_LIMITED,\n `Rate limit exceeded${retryAfter ? ` — retry after ${retryAfter}s` : ''}`,\n { retryAfter },\n );\n }\n\n static quotaExceeded(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.QUOTA_EXCEEDED,\n `Quota exceeded for ${providerId} — check your billing`,\n { providerId },\n );\n }\n\n static invalidKey(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.INVALID_KEY,\n `Invalid API key for ${providerId}`,\n { providerId },\n );\n }\n\n static tokenExpired(providerId: string) {\n return new ByokyError(\n ByokyErrorCode.TOKEN_EXPIRED,\n `OAuth token expired for ${providerId} — re-authentication required`,\n { providerId },\n );\n }\n\n static relayConnectionFailed(reason?: string) {\n return new ByokyError(\n ByokyErrorCode.RELAY_CONNECTION_FAILED,\n `Relay connection failed${reason ? `: ${reason}` : ''}`,\n );\n }\n\n static relayDisconnected() {\n return new ByokyError(\n ByokyErrorCode.RELAY_DISCONNECTED,\n 'Relay connection was closed',\n );\n }\n}\n","import type {\n ByokyMessage,\n ConnectRequest,\n ConnectResponse,\n MessageType,\n} from './types.js';\n\nexport const BYOKY_PROVIDER_KEY = '__byoky__';\nexport const BYOKY_MESSAGE_PREFIX = 'BYOKY_';\n\nexport function createMessage(\n type: MessageType,\n payload: unknown,\n requestId?: string,\n): ByokyMessage {\n return {\n type,\n id: crypto.randomUUID(),\n requestId,\n payload,\n };\n}\n\nexport function isByokyMessage(data: unknown): data is ByokyMessage {\n return (\n typeof data === 'object' &&\n data !== null &&\n 'type' in data &&\n typeof (data as ByokyMessage).type === 'string' &&\n (data as ByokyMessage).type.startsWith(BYOKY_MESSAGE_PREFIX)\n );\n}\n\nexport function createConnectRequest(request: ConnectRequest): ByokyMessage {\n return createMessage('BYOKY_CONNECT_REQUEST', request);\n}\n\nexport function createConnectResponse(\n response: ConnectResponse,\n requestId: string,\n): ByokyMessage {\n return createMessage('BYOKY_CONNECT_RESPONSE', response, requestId);\n}\n\nexport function createErrorMessage(\n code: string,\n message: string,\n requestId?: string,\n): ByokyMessage {\n return createMessage('BYOKY_ERROR', { code, message }, requestId);\n}\n","import type { ProviderConfig } from './types.js';\n\nexport const PROVIDERS: Record<string, ProviderConfig> = {\n anthropic: {\n id: 'anthropic',\n name: 'Anthropic',\n authMethods: ['api_key', 'oauth'],\n baseUrl: 'https://api.anthropic.com',\n },\n openai: {\n id: 'openai',\n name: 'OpenAI',\n authMethods: ['api_key'],\n baseUrl: 'https://api.openai.com',\n },\n gemini: {\n id: 'gemini',\n name: 'Google Gemini',\n authMethods: ['api_key', 'oauth'],\n baseUrl: 'https://generativelanguage.googleapis.com',\n oauthConfig: {\n clientId: '699663966637-gr4d994198r4g6jvip25ffg85kree6ck.apps.googleusercontent.com',\n authorizationUrl: 'https://accounts.google.com/o/oauth2/v2/auth',\n tokenUrl: 'https://oauth2.googleapis.com/token',\n scopes: ['https://www.googleapis.com/auth/generative-language'],\n extraAuthParams: { access_type: 'offline', prompt: 'consent' },\n },\n },\n mistral: {\n id: 'mistral',\n name: 'Mistral',\n authMethods: ['api_key'],\n baseUrl: 'https://api.mistral.ai',\n },\n cohere: {\n id: 'cohere',\n name: 'Cohere',\n authMethods: ['api_key'],\n baseUrl: 'https://api.cohere.com',\n },\n xai: {\n id: 'xai',\n name: 'xAI (Grok)',\n authMethods: ['api_key'],\n baseUrl: 'https://api.x.ai',\n },\n deepseek: {\n id: 'deepseek',\n name: 'DeepSeek',\n authMethods: ['api_key'],\n baseUrl: 'https://api.deepseek.com',\n },\n perplexity: {\n id: 'perplexity',\n name: 'Perplexity',\n authMethods: ['api_key'],\n baseUrl: 'https://api.perplexity.ai',\n },\n groq: {\n id: 'groq',\n name: 'Groq',\n authMethods: ['api_key'],\n baseUrl: 'https://api.groq.com',\n },\n together: {\n id: 'together',\n name: 'Together AI',\n authMethods: ['api_key'],\n baseUrl: 'https://api.together.xyz',\n },\n fireworks: {\n id: 'fireworks',\n name: 'Fireworks AI',\n authMethods: ['api_key'],\n baseUrl: 'https://api.fireworks.ai',\n },\n replicate: {\n id: 'replicate',\n name: 'Replicate',\n authMethods: ['api_key'],\n baseUrl: 'https://api.replicate.com',\n },\n openrouter: {\n id: 'openrouter',\n name: 'OpenRouter',\n authMethods: ['api_key'],\n baseUrl: 'https://openrouter.ai/api',\n },\n huggingface: {\n id: 'huggingface',\n name: 'Hugging Face',\n authMethods: ['api_key', 'oauth'],\n baseUrl: 'https://api-inference.huggingface.co',\n oauthConfig: {\n clientId: '031aeb11-725b-498a-93f9-d3599d84f57c',\n authorizationUrl: 'https://huggingface.co/oauth/authorize',\n tokenUrl: 'https://huggingface.co/oauth/token',\n scopes: ['inference-api'],\n },\n },\n azure_openai: {\n id: 'azure_openai',\n name: 'Azure OpenAI',\n authMethods: ['api_key'],\n baseUrl: 'https://YOUR_RESOURCE.openai.azure.com',\n },\n};\n\nexport function getProvider(id: string): ProviderConfig | undefined {\n return PROVIDERS[id];\n}\n\nexport function getProviderIds(): string[] {\n return Object.keys(PROVIDERS);\n}\n","import type { AuthMethod } from './types.js';\n\n/** Minimal WebSocket interface — compatible with browser WebSocket and `ws` library. */\nexport interface WebSocketLike {\n readonly readyState: number;\n send(data: string): void;\n close(code?: number, reason?: string): void;\n onopen: ((event: unknown) => void) | null;\n onmessage: ((event: { data: unknown }) => void) | null;\n onclose: ((event: { code: number; reason: string }) => void) | null;\n onerror: ((event: unknown) => void) | null;\n}\n\nexport const WS_READY_STATE = {\n CONNECTING: 0,\n OPEN: 1,\n CLOSING: 2,\n CLOSED: 3,\n} as const;\n\n// --- Relay message types ---\n\nexport interface RelayHello {\n type: 'relay:hello';\n sessionId: string;\n providers: Record<string, { available: boolean; authMethod: AuthMethod }>;\n}\n\nexport interface RelayRequest {\n type: 'relay:request';\n requestId: string;\n providerId: string;\n url: string;\n method: string;\n headers: Record<string, string>;\n body?: string;\n}\n\nexport interface RelayResponseMeta {\n type: 'relay:response:meta';\n requestId: string;\n status: number;\n statusText: string;\n headers: Record<string, string>;\n}\n\nexport interface RelayResponseChunk {\n type: 'relay:response:chunk';\n requestId: string;\n chunk: string;\n}\n\nexport interface RelayResponseDone {\n type: 'relay:response:done';\n requestId: string;\n}\n\nexport interface RelayResponseError {\n type: 'relay:response:error';\n requestId: string;\n error: { code: string; message: string };\n}\n\nexport interface RelayPing {\n type: 'relay:ping';\n ts: number;\n}\n\nexport interface RelayPong {\n type: 'relay:pong';\n ts: number;\n}\n\nexport type RelayMessage =\n | RelayHello\n | RelayRequest\n | RelayResponseMeta\n | RelayResponseChunk\n | RelayResponseDone\n | RelayResponseError\n | RelayPing\n | RelayPong;\n\nexport function parseRelayMessage(data: unknown): RelayMessage | null {\n try {\n const raw = typeof data === 'string' ? JSON.parse(data) : data;\n if (!raw || typeof raw !== 'object' || typeof raw.type !== 'string' || !raw.type.startsWith('relay:')) {\n return null;\n }\n\n // Validate required fields per message type\n switch (raw.type) {\n case 'relay:hello':\n if (typeof raw.sessionId !== 'string') return null;\n break;\n case 'relay:request':\n if (typeof raw.requestId !== 'string' || typeof raw.providerId !== 'string' ||\n typeof raw.url !== 'string' || typeof raw.method !== 'string') return null;\n break;\n case 'relay:response:meta':\n if (typeof raw.requestId !== 'string' || typeof raw.status !== 'number') return null;\n break;\n case 'relay:response:chunk':\n if (typeof raw.requestId !== 'string' || typeof raw.chunk !== 'string') return null;\n break;\n case 'relay:response:done':\n case 'relay:response:error':\n if (typeof raw.requestId !== 'string') return null;\n break;\n case 'relay:ping':\n case 'relay:pong':\n if (typeof raw.ts !== 'number') return null;\n break;\n default:\n return null;\n }\n\n return raw as RelayMessage;\n } catch {\n return null;\n }\n}\n\nexport function sendRelayMessage(ws: WebSocketLike, msg: RelayMessage): void {\n if (ws.readyState === WS_READY_STATE.OPEN) {\n ws.send(JSON.stringify(msg));\n }\n}\n","export interface PasswordStrength {\n score: 0 | 1 | 2 | 3 | 4;\n label: 'Too weak' | 'Weak' | 'Fair' | 'Strong' | 'Very strong';\n feedback: string[];\n}\n\nconst COMMON_PASSWORDS = new Set([\n 'password', '12345678', 'qwerty12', 'letmein12', 'welcome1',\n 'monkey12', 'dragon12', 'master12', 'abc12345', 'password1',\n 'password12', 'iloveyou1', 'sunshine1', 'trustno1', 'princess1',\n 'football1', 'shadow123', 'michael1', 'jordan123', 'superman1',\n]);\n\nexport function checkPasswordStrength(password: string): PasswordStrength {\n const feedback: string[] = [];\n let score = 0;\n\n if (password.length < 12) {\n feedback.push('Use at least 12 characters');\n if (password.length < 8) {\n return { score: 0, label: 'Too weak', feedback };\n }\n } else {\n score++;\n if (password.length >= 16) score++;\n }\n\n if (COMMON_PASSWORDS.has(password.toLowerCase())) {\n feedback.push('This is a commonly used password');\n return { score: 0, label: 'Too weak', feedback };\n }\n\n // Check character diversity\n const hasLower = /[a-z]/.test(password);\n const hasUpper = /[A-Z]/.test(password);\n const hasDigit = /\\d/.test(password);\n const hasSymbol = /[^a-zA-Z0-9]/.test(password);\n const charTypes = [hasLower, hasUpper, hasDigit, hasSymbol].filter(Boolean).length;\n\n if (charTypes < 2) {\n feedback.push('Mix uppercase, lowercase, numbers, and symbols');\n } else if (charTypes >= 3) {\n score++;\n }\n if (charTypes >= 4) {\n score++;\n }\n\n // Check for repeated characters (e.g. aaaaaa)\n if (/(.)\\1{3,}/.test(password)) {\n feedback.push('Avoid repeated characters');\n score = Math.max(0, score - 1);\n }\n\n // Check for sequential patterns (e.g. 123456, abcdef)\n if (/(?:012|123|234|345|456|567|678|789|abc|bcd|cde|def)/i.test(password)) {\n feedback.push('Avoid sequential patterns');\n score = Math.max(0, score - 1);\n }\n\n const capped = Math.min(4, Math.max(0, score)) as 0 | 1 | 2 | 3 | 4;\n const labels: Record<number, PasswordStrength['label']> = {\n 0: 'Too weak',\n 1: 'Weak',\n 2: 'Fair',\n 3: 'Strong',\n 4: 'Very strong',\n };\n\n if (feedback.length === 0 && capped < 3) {\n feedback.push('Add more character variety or length');\n }\n\n return { score: capped, label: labels[capped], feedback };\n}\n\nexport const MIN_PASSWORD_LENGTH = 12;\n","import type { RequestLogEntry, TokenAllowance } from './types.js';\nimport { PROVIDERS } from './providers.js';\n\n/**\n * Validate that a proxy request URL targets the registered provider's base URL.\n * Prevents API key exfiltration by rejecting requests to arbitrary domains.\n */\nexport function validateProxyUrl(providerId: string, url: string): boolean {\n const provider = PROVIDERS[providerId];\n if (!provider) return false;\n try {\n const target = new URL(url);\n if (target.protocol !== 'https:') return false;\n const base = new URL(provider.baseUrl);\n return target.origin === base.origin;\n } catch {\n return false;\n }\n}\n\n/**\n * Build the real auth headers for a provider API request.\n * Strips any fake session-key headers and injects the real API key.\n */\nexport function buildHeaders(\n providerId: string,\n requestHeaders: Record<string, string>,\n apiKey: string,\n authMethod: string = 'api_key',\n): Record<string, string> {\n // Normalize header keys to lowercase to prevent case-sensitive bypass\n const headers: Record<string, string> = {};\n for (const [key, value] of Object.entries(requestHeaders)) {\n headers[key.toLowerCase()] = value;\n }\n\n // Remove any auth headers the SDK might have set (they're fake session keys)\n delete headers['authorization'];\n delete headers['x-api-key'];\n delete headers['api-key'];\n\n if (providerId === 'anthropic') {\n if (authMethod === 'oauth') {\n headers['authorization'] = `Bearer ${apiKey}`;\n headers['user-agent'] = 'claude-cli/2.1.75';\n headers['x-app'] = 'cli';\n headers['anthropic-beta'] = 'claude-code-20250219,oauth-2025-04-20';\n } else {\n headers['x-api-key'] = apiKey;\n }\n headers['anthropic-version'] = headers['anthropic-version'] ?? '2023-06-01';\n } else if (providerId === 'azure_openai') {\n headers['api-key'] = apiKey;\n } else {\n headers['authorization'] = `Bearer ${apiKey}`;\n }\n\n return headers;\n}\n\n/**\n * Parse the model name from a request body (JSON).\n */\nexport function parseModel(body?: string): string | undefined {\n if (!body) return undefined;\n try {\n const parsed = JSON.parse(body);\n return parsed.model ?? undefined;\n } catch {\n return undefined;\n }\n}\n\n/**\n * Parse token usage from a provider API response body.\n * Handles both regular JSON responses and SSE streaming responses.\n */\nexport function parseUsage(\n providerId: string,\n body: string,\n): { inputTokens: number; outputTokens: number } | undefined {\n try {\n // For streaming responses (SSE), try to find usage in the last data chunk\n if (body.includes('data: ')) {\n const lines = body.split('\\n').filter((l) => l.startsWith('data: ') && !l.includes('[DONE]'));\n // Anthropic streaming: message_stop event has usage in a preceding message_delta\n // OpenAI streaming: last chunk may include usage\n for (let i = lines.length - 1; i >= 0; i--) {\n const json = lines[i].replace('data: ', '');\n try {\n const parsed = JSON.parse(json);\n const usage = extractUsageFromParsed(providerId, parsed);\n if (usage) return usage;\n } catch {\n continue;\n }\n }\n return undefined;\n }\n\n const parsed = JSON.parse(body);\n return extractUsageFromParsed(providerId, parsed);\n } catch {\n return undefined;\n }\n}\n\n/**\n * Extract token usage from a parsed provider response object.\n */\nexport function extractUsageFromParsed(\n providerId: string,\n parsed: Record<string, unknown>,\n): { inputTokens: number; outputTokens: number } | undefined {\n // Anthropic: { usage: { input_tokens, output_tokens } }\n if (providerId === 'anthropic') {\n const usage = parsed.usage as Record<string, number> | undefined;\n if (usage?.input_tokens != null && usage?.output_tokens != null) {\n return { inputTokens: usage.input_tokens, outputTokens: usage.output_tokens };\n }\n }\n\n // Gemini: { usageMetadata: { promptTokenCount, candidatesTokenCount } }\n if (providerId === 'gemini') {\n const meta = parsed.usageMetadata as Record<string, number> | undefined;\n if (meta?.promptTokenCount != null) {\n return {\n inputTokens: meta.promptTokenCount,\n outputTokens: meta.candidatesTokenCount ?? 0,\n };\n }\n }\n\n // OpenAI-compatible (openai, groq, together, deepseek, xai, perplexity, fireworks, openrouter, mistral, azure_openai):\n // { usage: { prompt_tokens, completion_tokens } }\n const usage = parsed.usage as Record<string, number> | undefined;\n if (usage?.prompt_tokens != null && usage?.completion_tokens != null) {\n return { inputTokens: usage.prompt_tokens, outputTokens: usage.completion_tokens };\n }\n\n return undefined;\n}\n\n/**\n * Check whether a request is allowed given token allowances and usage history.\n * Pure computation — no storage access.\n */\nexport function computeAllowanceCheck(\n allowance: TokenAllowance | undefined,\n entries: Pick<RequestLogEntry, 'providerId' | 'inputTokens' | 'outputTokens'>[],\n providerId: string,\n): { allowed: boolean; reason?: string } {\n if (!allowance) return { allowed: true };\n\n let totalUsed = 0;\n const byProvider: Record<string, number> = {};\n for (const entry of entries) {\n const tokens = (entry.inputTokens ?? 0) + (entry.outputTokens ?? 0);\n totalUsed += tokens;\n byProvider[entry.providerId] = (byProvider[entry.providerId] ?? 0) + tokens;\n }\n\n if (allowance.totalLimit != null && totalUsed >= allowance.totalLimit) {\n return { allowed: false, reason: `Token allowance exceeded for ${allowance.origin}` };\n }\n\n const providerLimit = allowance.providerLimits?.[providerId];\n if (providerLimit != null && (byProvider[providerId] ?? 0) >= providerLimit) {\n return { allowed: false, reason: `Token allowance for ${providerId} exceeded` };\n }\n\n return { allowed: true };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACwKO,IAAK,iBAAL,kBAAKA,oBAAL;AACL,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,0BAAuB;AACvB,EAAAA,gBAAA,qBAAkB;AAClB,EAAAA,gBAAA,kBAAe;AACf,EAAAA,gBAAA,oBAAiB;AACjB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,mBAAgB;AAChB,EAAAA,gBAAA,iBAAc;AACd,EAAAA,gBAAA,6BAA0B;AAC1B,EAAAA,gBAAA,wBAAqB;AACrB,EAAAA,gBAAA,aAAU;AAZA,SAAAA;AAAA,GAAA;;;ACxKZ,IAAM,cAAc;AACpB,IAAM,YAAY;AAClB,IAAM,aAAa;AACnB,IAAM,aAAa;AAEnB,eAAsB,UACpB,UACA,MACoB;AACpB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,WAAW;AAAA,EACd;AAEA,SAAO,OAAO,OAAO;AAAA,IACnB,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA,EAAE,MAAM,WAAW,QAAQ,WAAW;AAAA,IACtC;AAAA,IACA,CAAC,WAAW,SAAS;AAAA,EACvB;AACF;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,SAAS,CAAC;AAC3D,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,aAAa,MAAM,OAAO,OAAO;AAAA,IACrC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,SAAS;AAAA,EACpC;AAEA,QAAM,WAAW,IAAI;AAAA,IACnB,KAAK,SAAS,GAAG,SAAS,IAAI,WAAW,UAAU,EAAE;AAAA,EACvD;AACA,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,IAAI,KAAK,MAAM;AAC5B,WAAS,IAAI,IAAI,WAAW,UAAU,GAAG,KAAK,SAAS,GAAG,MAAM;AAEhE,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,QACpB,WACA,UACiB;AACjB,QAAM,WAAW,WAAW,KAAK,KAAK,SAAS,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAExE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,KAAK,SAAS,MAAM,aAAa,cAAc,SAAS;AAC9D,QAAM,aAAa,SAAS,MAAM,cAAc,SAAS;AAEzD,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,YAAY,MAAM,OAAO,OAAO;AAAA,IACpC,EAAE,MAAM,WAAW,GAAG;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,YAAY,EAAE,OAAO,SAAS;AAC3C;AAEA,eAAe,cACb,UACA,MACqB;AACrB,QAAM,cAAc,MAAM,OAAO,OAAO;AAAA,IACtC;AAAA,IACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,IACjC;AAAA,IACA;AAAA,IACA,CAAC,YAAY;AAAA,EACf;AAEA,QAAM,OAAO,MAAM,OAAO,OAAO;AAAA,IAC/B,EAAE,MAAM,UAAU,MAA4B,YAAY,YAAY,MAAM,UAAU;AAAA,IACtF;AAAA,IACA;AAAA,EACF;AAEA,SAAO,IAAI,WAAW,IAAI;AAC5B;AAEA,eAAsB,aAAa,UAAmC;AACpE,QAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,WAAW,CAAC;AAC/D,QAAM,OAAO,MAAM,cAAc,UAAU,IAAI;AAE/C,QAAM,WAAW,IAAI,WAAW,KAAK,SAAS,KAAK,MAAM;AACzD,WAAS,IAAI,MAAM,CAAC;AACpB,WAAS,IAAI,MAAM,KAAK,MAAM;AAE9B,SAAO,KAAK,OAAO,aAAa,GAAG,QAAQ,CAAC;AAC9C;AAEA,eAAsB,eACpB,UACA,YACkB;AAClB,QAAM,WAAW,WAAW,KAAK,KAAK,UAAU,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACzE,QAAM,OAAO,SAAS,MAAM,GAAG,WAAW;AAC1C,QAAM,eAAe,SAAS,MAAM,WAAW;AAE/C,QAAM,UAAU,MAAM,cAAc,UAAU,IAAI;AAElD,MAAI,aAAa,WAAW,QAAQ,OAAQ,QAAO;AACnD,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,aAAa,QAAQ,KAAK;AAC5C,cAAU,aAAa,CAAC,IAAI,QAAQ,CAAC;AAAA,EACvC;AACA,SAAO,WAAW;AACpB;AAEO,SAAS,QAAQ,KAAqB;AAC3C,MAAI,IAAI,UAAU,EAAG,QAAO;AAC5B,SAAO,GAAG,IAAI,MAAM,GAAG,CAAC,CAAC,MAAM,IAAI,MAAM,EAAE,CAAC;AAC9C;;;AC1HO,IAAM,aAAN,MAAM,oBAAmB,MAAM;AAAA,EACpC,YACkB,MAChB,SACgB,SAChB;AACA,UAAM,OAAO;AAJG;AAEA;AAGhB,SAAK,OAAO;AAAA,EACd;AAAA,EAEA,OAAO,qBAAqB;AAC1B,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,eAAe;AACpB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,oBAAoB,YAAoB;AAC7C,WAAO,IAAI;AAAA;AAAA,MAET,aAAa,UAAU;AAAA,MACvB,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,iBAAiB;AACtB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AAAA,EAEA,OAAO,YAAY,YAAqB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,aAAa,uBAAkB,UAAU,MAAM,EAAE;AAAA,MACvE,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,cAAc,YAAoB;AACvC,WAAO,IAAI;AAAA;AAAA,MAET,sBAAsB,UAAU;AAAA,MAChC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,WAAW,YAAoB;AACpC,WAAO,IAAI;AAAA;AAAA,MAET,uBAAuB,UAAU;AAAA,MACjC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,aAAa,YAAoB;AACtC,WAAO,IAAI;AAAA;AAAA,MAET,2BAA2B,UAAU;AAAA,MACrC,EAAE,WAAW;AAAA,IACf;AAAA,EACF;AAAA,EAEA,OAAO,sBAAsB,QAAiB;AAC5C,WAAO,IAAI;AAAA;AAAA,MAET,0BAA0B,SAAS,KAAK,MAAM,KAAK,EAAE;AAAA,IACvD;AAAA,EACF;AAAA,EAEA,OAAO,oBAAoB;AACzB,WAAO,IAAI;AAAA;AAAA,MAET;AAAA,IACF;AAAA,EACF;AACF;;;AC/EO,IAAM,qBAAqB;AAC3B,IAAM,uBAAuB;AAE7B,SAAS,cACd,MACA,SACA,WACc;AACd,SAAO;AAAA,IACL;AAAA,IACA,IAAI,OAAO,WAAW;AAAA,IACtB;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,eAAe,MAAqC;AAClE,SACE,OAAO,SAAS,YAChB,SAAS,QACT,UAAU,QACV,OAAQ,KAAsB,SAAS,YACtC,KAAsB,KAAK,WAAW,oBAAoB;AAE/D;AAEO,SAAS,qBAAqB,SAAuC;AAC1E,SAAO,cAAc,yBAAyB,OAAO;AACvD;AAEO,SAAS,sBACd,UACA,WACc;AACd,SAAO,cAAc,0BAA0B,UAAU,SAAS;AACpE;AAEO,SAAS,mBACd,MACA,SACA,WACc;AACd,SAAO,cAAc,eAAe,EAAE,MAAM,QAAQ,GAAG,SAAS;AAClE;;;AChDO,IAAM,YAA4C;AAAA,EACvD,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,IACT,aAAa;AAAA,MACX,UAAU;AAAA,MACV,kBAAkB;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ,CAAC,qDAAqD;AAAA,MAC9D,iBAAiB,EAAE,aAAa,WAAW,QAAQ,UAAU;AAAA,IAC/D;AAAA,EACF;AAAA,EACA,SAAS;AAAA,IACP,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,QAAQ;AAAA,IACN,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,KAAK;AAAA,IACH,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,UAAU;AAAA,IACR,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA,IACV,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,MAAM;AAAA,IACJ,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,UAAU;AAAA,IACR,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,WAAW;AAAA,IACT,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,YAAY;AAAA,IACV,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AAAA,EACA,aAAa;AAAA,IACX,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,WAAW,OAAO;AAAA,IAChC,SAAS;AAAA,IACT,aAAa;AAAA,MACX,UAAU;AAAA,MACV,kBAAkB;AAAA,MAClB,UAAU;AAAA,MACV,QAAQ,CAAC,eAAe;AAAA,IAC1B;AAAA,EACF;AAAA,EACA,cAAc;AAAA,IACZ,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa,CAAC,SAAS;AAAA,IACvB,SAAS;AAAA,EACX;AACF;AAEO,SAAS,YAAY,IAAwC;AAClE,SAAO,UAAU,EAAE;AACrB;AAEO,SAAS,iBAA2B;AACzC,SAAO,OAAO,KAAK,SAAS;AAC9B;;;ACrGO,IAAM,iBAAiB;AAAA,EAC5B,YAAY;AAAA,EACZ,MAAM;AAAA,EACN,SAAS;AAAA,EACT,QAAQ;AACV;AAiEO,SAAS,kBAAkB,MAAoC;AACpE,MAAI;AACF,UAAM,MAAM,OAAO,SAAS,WAAW,KAAK,MAAM,IAAI,IAAI;AAC1D,QAAI,CAAC,OAAO,OAAO,QAAQ,YAAY,OAAO,IAAI,SAAS,YAAY,CAAC,IAAI,KAAK,WAAW,QAAQ,GAAG;AACrG,aAAO;AAAA,IACT;AAGA,YAAQ,IAAI,MAAM;AAAA,MAChB,KAAK;AACH,YAAI,OAAO,IAAI,cAAc,SAAU,QAAO;AAC9C;AAAA,MACF,KAAK;AACH,YAAI,OAAO,IAAI,cAAc,YAAY,OAAO,IAAI,eAAe,YAC/D,OAAO,IAAI,QAAQ,YAAY,OAAO,IAAI,WAAW,SAAU,QAAO;AAC1E;AAAA,MACF,KAAK;AACH,YAAI,OAAO,IAAI,cAAc,YAAY,OAAO,IAAI,WAAW,SAAU,QAAO;AAChF;AAAA,MACF,KAAK;AACH,YAAI,OAAO,IAAI,cAAc,YAAY,OAAO,IAAI,UAAU,SAAU,QAAO;AAC/E;AAAA,MACF,KAAK;AAAA,MACL,KAAK;AACH,YAAI,OAAO,IAAI,cAAc,SAAU,QAAO;AAC9C;AAAA,MACF,KAAK;AAAA,MACL,KAAK;AACH,YAAI,OAAO,IAAI,OAAO,SAAU,QAAO;AACvC;AAAA,MACF;AACE,eAAO;AAAA,IACX;AAEA,WAAO;AAAA,EACT,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,iBAAiB,IAAmB,KAAyB;AAC3E,MAAI,GAAG,eAAe,eAAe,MAAM;AACzC,OAAG,KAAK,KAAK,UAAU,GAAG,CAAC;AAAA,EAC7B;AACF;;;ACzHA,IAAM,mBAAmB,oBAAI,IAAI;AAAA,EAC/B;AAAA,EAAY;AAAA,EAAY;AAAA,EAAY;AAAA,EAAa;AAAA,EACjD;AAAA,EAAY;AAAA,EAAY;AAAA,EAAY;AAAA,EAAY;AAAA,EAChD;AAAA,EAAc;AAAA,EAAa;AAAA,EAAa;AAAA,EAAY;AAAA,EACpD;AAAA,EAAa;AAAA,EAAa;AAAA,EAAY;AAAA,EAAa;AACrD,CAAC;AAEM,SAAS,sBAAsB,UAAoC;AACxE,QAAM,WAAqB,CAAC;AAC5B,MAAI,QAAQ;AAEZ,MAAI,SAAS,SAAS,IAAI;AACxB,aAAS,KAAK,4BAA4B;AAC1C,QAAI,SAAS,SAAS,GAAG;AACvB,aAAO,EAAE,OAAO,GAAG,OAAO,YAAY,SAAS;AAAA,IACjD;AAAA,EACF,OAAO;AACL;AACA,QAAI,SAAS,UAAU,GAAI;AAAA,EAC7B;AAEA,MAAI,iBAAiB,IAAI,SAAS,YAAY,CAAC,GAAG;AAChD,aAAS,KAAK,kCAAkC;AAChD,WAAO,EAAE,OAAO,GAAG,OAAO,YAAY,SAAS;AAAA,EACjD;AAGA,QAAM,WAAW,QAAQ,KAAK,QAAQ;AACtC,QAAM,WAAW,QAAQ,KAAK,QAAQ;AACtC,QAAM,WAAW,KAAK,KAAK,QAAQ;AACnC,QAAM,YAAY,eAAe,KAAK,QAAQ;AAC9C,QAAM,YAAY,CAAC,UAAU,UAAU,UAAU,SAAS,EAAE,OAAO,OAAO,EAAE;AAE5E,MAAI,YAAY,GAAG;AACjB,aAAS,KAAK,gDAAgD;AAAA,EAChE,WAAW,aAAa,GAAG;AACzB;AAAA,EACF;AACA,MAAI,aAAa,GAAG;AAClB;AAAA,EACF;AAGA,MAAI,YAAY,KAAK,QAAQ,GAAG;AAC9B,aAAS,KAAK,2BAA2B;AACzC,YAAQ,KAAK,IAAI,GAAG,QAAQ,CAAC;AAAA,EAC/B;AAGA,MAAI,uDAAuD,KAAK,QAAQ,GAAG;AACzE,aAAS,KAAK,2BAA2B;AACzC,YAAQ,KAAK,IAAI,GAAG,QAAQ,CAAC;AAAA,EAC/B;AAEA,QAAM,SAAS,KAAK,IAAI,GAAG,KAAK,IAAI,GAAG,KAAK,CAAC;AAC7C,QAAM,SAAoD;AAAA,IACxD,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AAEA,MAAI,SAAS,WAAW,KAAK,SAAS,GAAG;AACvC,aAAS,KAAK,sCAAsC;AAAA,EACtD;AAEA,SAAO,EAAE,OAAO,QAAQ,OAAO,OAAO,MAAM,GAAG,SAAS;AAC1D;AAEO,IAAM,sBAAsB;;;ACrE5B,SAAS,iBAAiB,YAAoB,KAAsB;AACzE,QAAM,WAAW,UAAU,UAAU;AACrC,MAAI,CAAC,SAAU,QAAO;AACtB,MAAI;AACF,UAAM,SAAS,IAAI,IAAI,GAAG;AAC1B,QAAI,OAAO,aAAa,SAAU,QAAO;AACzC,UAAM,OAAO,IAAI,IAAI,SAAS,OAAO;AACrC,WAAO,OAAO,WAAW,KAAK;AAAA,EAChC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMO,SAAS,aACd,YACA,gBACA,QACA,aAAqB,WACG;AAExB,QAAM,UAAkC,CAAC;AACzC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,cAAc,GAAG;AACzD,YAAQ,IAAI,YAAY,CAAC,IAAI;AAAA,EAC/B;AAGA,SAAO,QAAQ,eAAe;AAC9B,SAAO,QAAQ,WAAW;AAC1B,SAAO,QAAQ,SAAS;AAExB,MAAI,eAAe,aAAa;AAC9B,QAAI,eAAe,SAAS;AAC1B,cAAQ,eAAe,IAAI,UAAU,MAAM;AAC3C,cAAQ,YAAY,IAAI;AACxB,cAAQ,OAAO,IAAI;AACnB,cAAQ,gBAAgB,IAAI;AAAA,IAC9B,OAAO;AACL,cAAQ,WAAW,IAAI;AAAA,IACzB;AACA,YAAQ,mBAAmB,IAAI,QAAQ,mBAAmB,KAAK;AAAA,EACjE,WAAW,eAAe,gBAAgB;AACxC,YAAQ,SAAS,IAAI;AAAA,EACvB,OAAO;AACL,YAAQ,eAAe,IAAI,UAAU,MAAM;AAAA,EAC7C;AAEA,SAAO;AACT;AAKO,SAAS,WAAW,MAAmC;AAC5D,MAAI,CAAC,KAAM,QAAO;AAClB,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,WAAO,OAAO,SAAS;AAAA,EACzB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAMO,SAAS,WACd,YACA,MAC2D;AAC3D,MAAI;AAEF,QAAI,KAAK,SAAS,QAAQ,GAAG;AAC3B,YAAM,QAAQ,KAAK,MAAM,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,WAAW,QAAQ,KAAK,CAAC,EAAE,SAAS,QAAQ,CAAC;AAG5F,eAAS,IAAI,MAAM,SAAS,GAAG,KAAK,GAAG,KAAK;AAC1C,cAAM,OAAO,MAAM,CAAC,EAAE,QAAQ,UAAU,EAAE;AAC1C,YAAI;AACF,gBAAMC,UAAS,KAAK,MAAM,IAAI;AAC9B,gBAAM,QAAQ,uBAAuB,YAAYA,OAAM;AACvD,cAAI,MAAO,QAAO;AAAA,QACpB,QAAQ;AACN;AAAA,QACF;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,WAAO,uBAAuB,YAAY,MAAM;AAAA,EAClD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAKO,SAAS,uBACd,YACA,QAC2D;AAE3D,MAAI,eAAe,aAAa;AAC9B,UAAMC,SAAQ,OAAO;AACrB,QAAIA,QAAO,gBAAgB,QAAQA,QAAO,iBAAiB,MAAM;AAC/D,aAAO,EAAE,aAAaA,OAAM,cAAc,cAAcA,OAAM,cAAc;AAAA,IAC9E;AAAA,EACF;AAGA,MAAI,eAAe,UAAU;AAC3B,UAAM,OAAO,OAAO;AACpB,QAAI,MAAM,oBAAoB,MAAM;AAClC,aAAO;AAAA,QACL,aAAa,KAAK;AAAA,QAClB,cAAc,KAAK,wBAAwB;AAAA,MAC7C;AAAA,IACF;AAAA,EACF;AAIA,QAAM,QAAQ,OAAO;AACrB,MAAI,OAAO,iBAAiB,QAAQ,OAAO,qBAAqB,MAAM;AACpE,WAAO,EAAE,aAAa,MAAM,eAAe,cAAc,MAAM,kBAAkB;AAAA,EACnF;AAEA,SAAO;AACT;AAMO,SAAS,sBACd,WACA,SACA,YACuC;AACvC,MAAI,CAAC,UAAW,QAAO,EAAE,SAAS,KAAK;AAEvC,MAAI,YAAY;AAChB,QAAM,aAAqC,CAAC;AAC5C,aAAW,SAAS,SAAS;AAC3B,UAAM,UAAU,MAAM,eAAe,MAAM,MAAM,gBAAgB;AACjE,iBAAa;AACb,eAAW,MAAM,UAAU,KAAK,WAAW,MAAM,UAAU,KAAK,KAAK;AAAA,EACvE;AAEA,MAAI,UAAU,cAAc,QAAQ,aAAa,UAAU,YAAY;AACrE,WAAO,EAAE,SAAS,OAAO,QAAQ,gCAAgC,UAAU,MAAM,GAAG;AAAA,EACtF;AAEA,QAAM,gBAAgB,UAAU,iBAAiB,UAAU;AAC3D,MAAI,iBAAiB,SAAS,WAAW,UAAU,KAAK,MAAM,eAAe;AAC3E,WAAO,EAAE,SAAS,OAAO,QAAQ,uBAAuB,UAAU,YAAY;AAAA,EAChF;AAEA,SAAO,EAAE,SAAS,KAAK;AACzB;","names":["ByokyErrorCode","parsed","usage"]}