@clerk/electron 0.0.1

package/dist/esm/index.js

@@ -0,0 +1,157 @@
+import { TOKEN_CACHE_CHANNELS, OAUTH_TRANSPORT_CHANNELS } from './chunk-WJNPPS7B.js';
+import { protocol, ipcMain, app, shell } from 'electron';
+
+function setupTokenCacheIpcHandlers(storage) {
+  ipcMain.handle(TOKEN_CACHE_CHANNELS.getToken, (_event, key) => {
+    return storage.getItem(key);
+  });
+  ipcMain.handle(TOKEN_CACHE_CHANNELS.saveToken, (_event, key, value) => {
+    return storage.setItem(key, value);
+  });
+  ipcMain.handle(TOKEN_CACHE_CHANNELS.clearToken, (_event, key) => {
+    return storage.removeItem(key);
+  });
+  return () => {
+    ipcMain.removeHandler(TOKEN_CACHE_CHANNELS.getToken);
+    ipcMain.removeHandler(TOKEN_CACHE_CHANNELS.saveToken);
+    ipcMain.removeHandler(TOKEN_CACHE_CHANNELS.clearToken);
+  };
+}
+var CALLBACK_TIMEOUT_MS = 3 * 60 * 1e3;
+function buildRedirectUrl(options) {
+  return `${options.renderer.scheme}://${options.renderer.host}/`;
+}
+function isMatchingCallbackUrl(url, redirectUrl) {
+  try {
+    const callback = new URL(url);
+    const expected = new URL(redirectUrl);
+    return callback.protocol === expected.protocol && callback.host === expected.host && callback.pathname === expected.pathname;
+  } catch {
+    return false;
+  }
+}
+function assertExternalOAuthUrl(url) {
+  const parsedUrl = new URL(url);
+  if (parsedUrl.protocol !== "http:" && parsedUrl.protocol !== "https:") {
+    throw new TypeError(`Clerk: refusing to open unsupported OAuth URL protocol: ${parsedUrl.protocol}`);
+  }
+}
+function setupOAuthTransportIpcHandlers(options) {
+  const redirectUrl = buildRedirectUrl(options);
+  let pendingOAuthFlow = null;
+  const disposePendingOAuthFlow = (reason) => {
+    if (!pendingOAuthFlow) {
+      return;
+    }
+    const pending = pendingOAuthFlow;
+    clearTimeout(pendingOAuthFlow.timeout);
+    pendingOAuthFlow = null;
+    if (reason) {
+      pending.reject(reason);
+    }
+  };
+  const handleCallbackUrl = (url) => {
+    if (!pendingOAuthFlow || !isMatchingCallbackUrl(url, redirectUrl)) {
+      return;
+    }
+    const pending = pendingOAuthFlow;
+    disposePendingOAuthFlow();
+    pending.resolve({ callbackUrl: url });
+  };
+  const openUrlListener = (event, url) => {
+    if (!isMatchingCallbackUrl(url, redirectUrl)) {
+      return;
+    }
+    event.preventDefault();
+    handleCallbackUrl(url);
+  };
+  const secondInstanceListener = (_event, argv) => {
+    const callbackUrl = argv.find((url) => isMatchingCallbackUrl(url, redirectUrl));
+    if (callbackUrl) {
+      handleCallbackUrl(callbackUrl);
+    }
+  };
+  app.setAsDefaultProtocolClient(options.renderer.scheme);
+  app.on("open-url", openUrlListener);
+  app.on("second-instance", secondInstanceListener);
+  ipcMain.handle(OAUTH_TRANSPORT_CHANNELS.getRedirectUrl, () => {
+    return redirectUrl;
+  });
+  ipcMain.handle(OAUTH_TRANSPORT_CHANNELS.open, async (_event, url) => {
+    if (pendingOAuthFlow) {
+      throw new Error("Clerk: an OAuth flow is already pending.");
+    }
+    assertExternalOAuthUrl(url);
+    const callbackPromise = new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        disposePendingOAuthFlow();
+        reject(new Error("Clerk: OAuth callback timed out."));
+      }, CALLBACK_TIMEOUT_MS);
+      pendingOAuthFlow = { resolve, reject, timeout };
+    });
+    try {
+      await shell.openExternal(url);
+    } catch (err) {
+      disposePendingOAuthFlow(err instanceof Error ? err : new Error(String(err)));
+    }
+    return callbackPromise;
+  });
+  return () => {
+    disposePendingOAuthFlow(new Error("Clerk: OAuth flow was cancelled."));
+    app.removeListener("open-url", openUrlListener);
+    app.removeListener("second-instance", secondInstanceListener);
+    ipcMain.removeHandler(OAUTH_TRANSPORT_CHANNELS.getRedirectUrl);
+    ipcMain.removeHandler(OAUTH_TRANSPORT_CHANNELS.open);
+  };
+}
+
+// src/main/create-clerk-bridge.ts
+function assertValidRendererOriginConfig(renderer) {
+  if (renderer.scheme.includes(":") || renderer.scheme.includes("/")) {
+    throw new Error(
+      'Clerk: renderer.scheme must be a scheme name like "my-app", not a URL or protocol like "my-app://".'
+    );
+  }
+  if (renderer.host.includes(":") || renderer.host.includes("/")) {
+    throw new Error(
+      'Clerk: renderer.host must be a host name like "renderer", not a URL or origin like "my-app://renderer".'
+    );
+  }
+}
+function createClerkBridge(options) {
+  if (!options.storage) {
+    throw new Error(
+      "Clerk: createClerkBridge requires a storage adapter. Pass createClerkBridge({ storage: storage() }) from @clerk/electron/storage, or provide a custom storage adapter."
+    );
+  }
+  const cleanupTokenPersistence = setupTokenCacheIpcHandlers(options.storage);
+  let cleanupOAuthTransport;
+  if (options.renderer) {
+    assertValidRendererOriginConfig(options.renderer);
+    protocol.registerSchemesAsPrivileged([
+      {
+        scheme: options.renderer.scheme,
+        privileges: {
+          standard: true,
+          secure: true,
+          supportFetchAPI: true,
+          corsEnabled: true,
+          stream: true
+        }
+      }
+    ]);
+    cleanupOAuthTransport = setupOAuthTransportIpcHandlers({
+      renderer: options.renderer
+    });
+  }
+  return {
+    cleanup() {
+      cleanupTokenPersistence();
+      cleanupOAuthTransport == null ? void 0 : cleanupOAuthTransport();
+    }
+  };
+}
+
+export { createClerkBridge };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/main/ipc-handlers.ts","../../src/main/oauth-transport.ts","../../src/main/create-clerk-bridge.ts"],"names":["ipcMain"],"mappings":";;;AAKO,SAAS,2BAA2B,OAAA,EAAmC;AAC5E,EAAA,OAAA,CAAQ,MAAA,CAAO,oBAAA,CAAqB,QAAA,EAAU,CAAC,QAAQ,GAAA,KAAgB;AACrE,IAAA,OAAO,OAAA,CAAQ,QAAQ,GAAG,CAAA;AAAA,EAC5B,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,OAAO,oBAAA,CAAqB,SAAA,EAAW,CAAC,MAAA,EAAQ,KAAa,KAAA,KAAkB;AACrF,IAAA,OAAO,OAAA,CAAQ,OAAA,CAAQ,GAAA,EAAK,KAAK,CAAA;AAAA,EACnC,CAAC,CAAA;AAED,EAAA,OAAA,CAAQ,MAAA,CAAO,oBAAA,CAAqB,UAAA,EAAY,CAAC,QAAQ,GAAA,KAAgB;AACvE,IAAA,OAAO,OAAA,CAAQ,WAAW,GAAG,CAAA;AAAA,EAC/B,CAAC,CAAA;AAED,EAAA,OAAO,MAAM;AACX,IAAA,OAAA,CAAQ,aAAA,CAAc,qBAAqB,QAAQ,CAAA;AACnD,IAAA,OAAA,CAAQ,aAAA,CAAc,qBAAqB,SAAS,CAAA;AACpD,IAAA,OAAA,CAAQ,aAAA,CAAc,qBAAqB,UAAU,CAAA;AAAA,EACvD,CAAA;AACF;AClBA,IAAM,mBAAA,GAAsB,IAAI,EAAA,GAAK,GAAA;AAYrC,SAAS,iBAAiB,OAAA,EAAwC;AAChE,EAAA,OAAO,GAAG,OAAA,CAAQ,QAAA,CAAS,MAAM,CAAA,GAAA,EAAM,OAAA,CAAQ,SAAS,IAAI,CAAA,CAAA,CAAA;AAC9D;AAEA,SAAS,qBAAA,CAAsB,KAAa,WAAA,EAA8B;AACxE,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,GAAG,CAAA;AAC5B,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,WAAW,CAAA;AAEpC,IAAA,OACE,QAAA,CAAS,QAAA,KAAa,QAAA,CAAS,QAAA,IAC/B,QAAA,CAAS,SAAS,QAAA,CAAS,IAAA,IAC3B,QAAA,CAAS,QAAA,KAAa,QAAA,CAAS,QAAA;AAAA,EAEnC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAEA,SAAS,uBAAuB,GAAA,EAAmB;AACjD,EAAA,MAAM,SAAA,GAAY,IAAI,GAAA,CAAI,GAAG,CAAA;AAE7B,EAAA,IAAI,SAAA,CAAU,QAAA,KAAa,OAAA,IAAW,SAAA,CAAU,aAAa,QAAA,EAAU;AACrE,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA,wDAAA,EAA2D,SAAA,CAAU,QAAQ,CAAA,CAAE,CAAA;AAAA,EACrG;AACF;AAEO,SAAS,+BAA+B,OAAA,EAA4C;AACzF,EAAA,MAAM,WAAA,GAAc,iBAAiB,OAAO,CAAA;AAC5C,EAAA,IAAI,gBAAA,GAA4C,IAAA;AAEhD,EAAA,MAAM,uBAAA,GAA0B,CAAC,MAAA,KAAyB;AACxD,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,gBAAA;AAChB,IAAA,YAAA,CAAa,iBAAiB,OAAO,CAAA;AACrC,IAAA,gBAAA,GAAmB,IAAA;AAEnB,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA,OAAA,CAAQ,OAAO,MAAM,CAAA;AAAA,IACvB;AAAA,EACF,CAAA;AAEA,EAAA,MAAM,iBAAA,GAAoB,CAAC,GAAA,KAAsB;AAC/C,IAAA,IAAI,CAAC,gBAAA,IAAoB,CAAC,qBAAA,CAAsB,GAAA,EAAK,WAAW,CAAA,EAAG;AACjE,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,gBAAA;AAChB,IAAA,uBAAA,EAAwB;AACxB,IAAA,OAAA,CAAQ,OAAA,CAAQ,EAAE,WAAA,EAAa,GAAA,EAAK,CAAA;AAAA,EACtC,CAAA;AAEA,EAAA,MAAM,eAAA,GAAkB,CAAC,KAAA,EAAuB,GAAA,KAAsB;AACpE,IAAA,IAAI,CAAC,qBAAA,CAAsB,GAAA,EAAK,WAAW,CAAA,EAAG;AAC5C,MAAA;AAAA,IACF;AAEA,IAAA,KAAA,CAAM,cAAA,EAAe;AACrB,IAAA,iBAAA,CAAkB,GAAG,CAAA;AAAA,EACvB,CAAA;AAEA,EAAA,MAAM,sBAAA,GAAyB,CAAC,MAAA,EAAwB,IAAA,KAAyB;AAC/E,IAAA,MAAM,cAAc,IAAA,CAAK,IAAA,CAAK,SAAO,qBAAA,CAAsB,GAAA,EAAK,WAAW,CAAC,CAAA;AAE5E,IAAA,IAAI,WAAA,EAAa;AACf,MAAA,iBAAA,CAAkB,WAAW,CAAA;AAAA,IAC/B;AAAA,EACF,CAAA;AAEA,EAAA,GAAA,CAAI,0BAAA,CAA2B,OAAA,CAAQ,QAAA,CAAS,MAAM,CAAA;AACtD,EAAA,GAAA,CAAI,EAAA,CAAG,YAAY,eAAe,CAAA;AAClC,EAAA,GAAA,CAAI,EAAA,CAAG,mBAAmB,sBAAsB,CAAA;AAEhD,EAAAA,OAAAA,CAAQ,MAAA,CAAO,wBAAA,CAAyB,cAAA,EAAgB,MAAM;AAC5D,IAAA,OAAO,WAAA;AAAA,EACT,CAAC,CAAA;AAED,EAAAA,QAAQ,MAAA,CAAO,wBAAA,CAAyB,IAAA,EAAM,OAAO,QAAQ,GAAA,KAAgB;AAC3E,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,MAAM,IAAI,MAAM,0CAA0C,CAAA;AAAA,IAC5D;AAEA,IAAA,sBAAA,CAAuB,GAAG,CAAA;AAE1B,IAAA,MAAM,eAAA,GAAkB,IAAI,OAAA,CAAiC,CAAC,SAAS,MAAA,KAAW;AAChF,MAAA,MAAM,OAAA,GAAU,WAAW,MAAM;AAC/B,QAAA,uBAAA,EAAwB;AACxB,QAAA,MAAA,CAAO,IAAI,KAAA,CAAM,kCAAkC,CAAC,CAAA;AAAA,MACtD,GAAG,mBAAmB,CAAA;AAEtB,MAAA,gBAAA,GAAmB,EAAE,OAAA,EAAS,MAAA,EAAQ,OAAA,EAAQ;AAAA,IAChD,CAAC,CAAA;AAED,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,CAAM,aAAa,GAAG,CAAA;AAAA,IAC9B,SAAS,GAAA,EAAK;AACZ,MAAA,uBAAA,CAAwB,GAAA,YAAe,QAAQ,GAAA,GAAM,IAAI,MAAM,MAAA,CAAO,GAAG,CAAC,CAAC,CAAA;AAAA,IAC7E;AAEA,IAAA,OAAO,eAAA;AAAA,EACT,CAAC,CAAA;AAED,EAAA,OAAO,MAAM;AACX,IAAA,uBAAA,CAAwB,IAAI,KAAA,CAAM,kCAAkC,CAAC,CAAA;AACrE,IAAA,GAAA,CAAI,cAAA,CAAe,YAAY,eAAe,CAAA;AAC9C,IAAA,GAAA,CAAI,cAAA,CAAe,mBAAmB,sBAAsB,CAAA;AAC5D,IAAAA,OAAAA,CAAQ,aAAA,CAAc,wBAAA,CAAyB,cAAc,CAAA;AAC7D,IAAAA,OAAAA,CAAQ,aAAA,CAAc,wBAAA,CAAyB,IAAI,CAAA;AAAA,EACrD,CAAA;AACF;;;AC3HA,SAAS,gCAAgC,QAAA,EAAmE;AAC1G,EAAA,IAAI,QAAA,CAAS,OAAO,QAAA,CAAS,GAAG,KAAK,QAAA,CAAS,MAAA,CAAO,QAAA,CAAS,GAAG,CAAA,EAAG;AAClE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,IAAI,QAAA,CAAS,KAAK,QAAA,CAAS,GAAG,KAAK,QAAA,CAAS,IAAA,CAAK,QAAA,CAAS,GAAG,CAAA,EAAG;AAC9D,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AACF;AASO,SAAS,kBAAkB,OAAA,EAAgD;AAChF,EAAA,IAAI,CAAC,QAAQ,OAAA,EAAS;AACpB,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KACF;AAAA,EACF;AAEA,EAAA,MAAM,uBAAA,GAA0B,0BAAA,CAA2B,OAAA,CAAQ,OAAO,CAAA;AAC1E,EAAA,IAAI,qBAAA;AAEJ,EAAA,IAAI,QAAQ,QAAA,EAAU;AACpB,IAAA,+BAAA,CAAgC,QAAQ,QAAQ,CAAA;AAEhD,IAAA,QAAA,CAAS,2BAAA,CAA4B;AAAA,MACnC;AAAA,QACE,MAAA,EAAQ,QAAQ,QAAA,CAAS,MAAA;AAAA,QACzB,UAAA,EAAY;AAAA,UACV,QAAA,EAAU,IAAA;AAAA,UACV,MAAA,EAAQ,IAAA;AAAA,UACR,eAAA,EAAiB,IAAA;AAAA,UACjB,WAAA,EAAa,IAAA;AAAA,UACb,MAAA,EAAQ;AAAA;AACV;AACF,KACD,CAAA;AAED,IAAA,qBAAA,GAAwB,8BAAA,CAA+B;AAAA,MACrD,UAAU,OAAA,CAAQ;AAAA,KACnB,CAAA;AAAA,EACH;AAEA,EAAA,OAAO;AAAA,IACL,OAAA,GAAU;AACR,MAAA,uBAAA,EAAwB;AACxB,MAAA,qBAAA,IAAA,IAAA,GAAA,MAAA,GAAA,qBAAA,EAAA;AAAA,IACF;AAAA,GACF;AACF","file":"index.js","sourcesContent":["import { ipcMain } from 'electron';\n\nimport { TOKEN_CACHE_CHANNELS } from '../shared/ipc';\nimport type { TokenStorage } from '../shared/types';\n\nexport function setupTokenCacheIpcHandlers(storage: TokenStorage): () => void {\n  ipcMain.handle(TOKEN_CACHE_CHANNELS.getToken, (_event, key: string) => {\n    return storage.getItem(key);\n  });\n\n  ipcMain.handle(TOKEN_CACHE_CHANNELS.saveToken, (_event, key: string, value: string) => {\n    return storage.setItem(key, value);\n  });\n\n  ipcMain.handle(TOKEN_CACHE_CHANNELS.clearToken, (_event, key: string) => {\n    return storage.removeItem(key);\n  });\n\n  return () => {\n    ipcMain.removeHandler(TOKEN_CACHE_CHANNELS.getToken);\n    ipcMain.removeHandler(TOKEN_CACHE_CHANNELS.saveToken);\n    ipcMain.removeHandler(TOKEN_CACHE_CHANNELS.clearToken);\n  };\n}\n","import { app, ipcMain, shell } from 'electron';\n\nimport { OAUTH_TRANSPORT_CHANNELS } from '../shared/ipc';\nimport type { RendererSchemeOptions } from '../shared/types';\n\nconst CALLBACK_TIMEOUT_MS = 3 * 60 * 1000;\n\ntype PendingOAuthFlow = {\n  resolve: (value: { callbackUrl: string }) => void;\n  reject: (reason: Error) => void;\n  timeout: NodeJS.Timeout;\n};\n\ntype OAuthTransportOptions = {\n  renderer: RendererSchemeOptions;\n};\n\nfunction buildRedirectUrl(options: OAuthTransportOptions): string {\n  return `${options.renderer.scheme}://${options.renderer.host}/`;\n}\n\nfunction isMatchingCallbackUrl(url: string, redirectUrl: string): boolean {\n  try {\n    const callback = new URL(url);\n    const expected = new URL(redirectUrl);\n\n    return (\n      callback.protocol === expected.protocol &&\n      callback.host === expected.host &&\n      callback.pathname === expected.pathname\n    );\n  } catch {\n    return false;\n  }\n}\n\nfunction assertExternalOAuthUrl(url: string): void {\n  const parsedUrl = new URL(url);\n\n  if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') {\n    throw new TypeError(`Clerk: refusing to open unsupported OAuth URL protocol: ${parsedUrl.protocol}`);\n  }\n}\n\nexport function setupOAuthTransportIpcHandlers(options: OAuthTransportOptions): () => void {\n  const redirectUrl = buildRedirectUrl(options);\n  let pendingOAuthFlow: PendingOAuthFlow | null = null;\n\n  const disposePendingOAuthFlow = (reason?: Error): void => {\n    if (!pendingOAuthFlow) {\n      return;\n    }\n\n    const pending = pendingOAuthFlow;\n    clearTimeout(pendingOAuthFlow.timeout);\n    pendingOAuthFlow = null;\n\n    if (reason) {\n      pending.reject(reason);\n    }\n  };\n\n  const handleCallbackUrl = (url: string): void => {\n    if (!pendingOAuthFlow || !isMatchingCallbackUrl(url, redirectUrl)) {\n      return;\n    }\n\n    const pending = pendingOAuthFlow;\n    disposePendingOAuthFlow();\n    pending.resolve({ callbackUrl: url });\n  };\n\n  const openUrlListener = (event: Electron.Event, url: string): void => {\n    if (!isMatchingCallbackUrl(url, redirectUrl)) {\n      return;\n    }\n\n    event.preventDefault();\n    handleCallbackUrl(url);\n  };\n\n  const secondInstanceListener = (_event: Electron.Event, argv: string[]): void => {\n    const callbackUrl = argv.find(url => isMatchingCallbackUrl(url, redirectUrl));\n\n    if (callbackUrl) {\n      handleCallbackUrl(callbackUrl);\n    }\n  };\n\n  app.setAsDefaultProtocolClient(options.renderer.scheme);\n  app.on('open-url', openUrlListener);\n  app.on('second-instance', secondInstanceListener);\n\n  ipcMain.handle(OAUTH_TRANSPORT_CHANNELS.getRedirectUrl, () => {\n    return redirectUrl;\n  });\n\n  ipcMain.handle(OAUTH_TRANSPORT_CHANNELS.open, async (_event, url: string) => {\n    if (pendingOAuthFlow) {\n      throw new Error('Clerk: an OAuth flow is already pending.');\n    }\n\n    assertExternalOAuthUrl(url);\n\n    const callbackPromise = new Promise<{ callbackUrl: string }>((resolve, reject) => {\n      const timeout = setTimeout(() => {\n        disposePendingOAuthFlow();\n        reject(new Error('Clerk: OAuth callback timed out.'));\n      }, CALLBACK_TIMEOUT_MS);\n\n      pendingOAuthFlow = { resolve, reject, timeout };\n    });\n\n    try {\n      await shell.openExternal(url);\n    } catch (err) {\n      disposePendingOAuthFlow(err instanceof Error ? err : new Error(String(err)));\n    }\n\n    return callbackPromise;\n  });\n\n  return () => {\n    disposePendingOAuthFlow(new Error('Clerk: OAuth flow was cancelled.'));\n    app.removeListener('open-url', openUrlListener);\n    app.removeListener('second-instance', secondInstanceListener);\n    ipcMain.removeHandler(OAUTH_TRANSPORT_CHANNELS.getRedirectUrl);\n    ipcMain.removeHandler(OAUTH_TRANSPORT_CHANNELS.open);\n  };\n}\n","import { protocol } from 'electron';\n\nimport type { ClerkBridge, CreateClerkBridgeOptions } from '../shared/types';\nimport { setupTokenCacheIpcHandlers } from './ipc-handlers';\nimport { setupOAuthTransportIpcHandlers } from './oauth-transport';\n\nfunction assertValidRendererOriginConfig(renderer: NonNullable<CreateClerkBridgeOptions['renderer']>): void {\n  if (renderer.scheme.includes(':') || renderer.scheme.includes('/')) {\n    throw new Error(\n      'Clerk: renderer.scheme must be a scheme name like \"my-app\", not a URL or protocol like \"my-app://\".',\n    );\n  }\n\n  if (renderer.host.includes(':') || renderer.host.includes('/')) {\n    throw new Error(\n      'Clerk: renderer.host must be a host name like \"renderer\", not a URL or origin like \"my-app://renderer\".',\n    );\n  }\n}\n\n/**\n * Creates the Clerk bridge for Electron's main process.\n *\n * The bridge owns Clerk's main-process IPC handlers, token persistence, and OAuth deep-link\n * transport. Call this before creating renderer windows, and call the returned `cleanup` method\n * when tearing down the app or test environment.\n */\nexport function createClerkBridge(options: CreateClerkBridgeOptions): ClerkBridge {\n  if (!options.storage) {\n    throw new Error(\n      'Clerk: createClerkBridge requires a storage adapter. Pass createClerkBridge({ storage: storage() }) from @clerk/electron/storage, or provide a custom storage adapter.',\n    );\n  }\n\n  const cleanupTokenPersistence = setupTokenCacheIpcHandlers(options.storage);\n  let cleanupOAuthTransport: (() => void) | undefined;\n\n  if (options.renderer) {\n    assertValidRendererOriginConfig(options.renderer);\n\n    protocol.registerSchemesAsPrivileged([\n      {\n        scheme: options.renderer.scheme,\n        privileges: {\n          standard: true,\n          secure: true,\n          supportFetchAPI: true,\n          corsEnabled: true,\n          stream: true,\n        },\n      },\n    ]);\n\n    cleanupOAuthTransport = setupOAuthTransportIpcHandlers({\n      renderer: options.renderer,\n    });\n  }\n\n  return {\n    cleanup() {\n      cleanupTokenPersistence();\n      cleanupOAuthTransport?.();\n    },\n  };\n}\n"]}

package/dist/esm/preload/index.js

@@ -0,0 +1,24 @@
+import { TOKEN_CACHE_CHANNELS, OAUTH_TRANSPORT_CHANNELS } from '../chunk-WJNPPS7B.js';
+import { contextBridge, ipcRenderer } from 'electron';
+
+function exposeClerkBridge() {
+  const tokenCache = {
+    getToken: (key) => ipcRenderer.invoke(TOKEN_CACHE_CHANNELS.getToken, key),
+    saveToken: (key, value) => ipcRenderer.invoke(TOKEN_CACHE_CHANNELS.saveToken, key, value),
+    clearToken: (key) => ipcRenderer.invoke(TOKEN_CACHE_CHANNELS.clearToken, key)
+  };
+  const oauthTransport = {
+    getRedirectUrl: () => ipcRenderer.invoke(OAUTH_TRANSPORT_CHANNELS.getRedirectUrl),
+    open: (url) => ipcRenderer.invoke(OAUTH_TRANSPORT_CHANNELS.open, url)
+  };
+  const bridge = { tokenCache, oauthTransport };
+  if (process.contextIsolated) {
+    contextBridge.exposeInMainWorld("__clerk_internal_electron", bridge);
+  } else {
+    window.__clerk_internal_electron = bridge;
+  }
+}
+
+export { exposeClerkBridge };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/esm/preload/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/preload/index.ts"],"names":[],"mappings":";;;AAWO,SAAS,iBAAA,GAA0B;AACxC,EAAA,MAAM,UAAA,GAAyB;AAAA,IAC7B,UAAU,CAAA,GAAA,KAAO,WAAA,CAAY,MAAA,CAAO,oBAAA,CAAqB,UAAU,GAAG,CAAA;AAAA,IACtE,SAAA,EAAW,CAAC,GAAA,EAAK,KAAA,KAAU,YAAY,MAAA,CAAO,oBAAA,CAAqB,SAAA,EAAW,GAAA,EAAK,KAAK,CAAA;AAAA,IACxF,YAAY,CAAA,GAAA,KAAO,WAAA,CAAY,MAAA,CAAO,oBAAA,CAAqB,YAAY,GAAG;AAAA,GAC5E;AACA,EAAA,MAAM,cAAA,GAAiC;AAAA,IACrC,cAAA,EAAgB,MAAM,WAAA,CAAY,MAAA,CAAO,yBAAyB,cAAc,CAAA;AAAA,IAChF,MAAM,CAAA,GAAA,KAAO,WAAA,CAAY,MAAA,CAAO,wBAAA,CAAyB,MAAM,GAAG;AAAA,GACpE;AACA,EAAA,MAAM,MAAA,GAAS,EAAE,UAAA,EAAY,cAAA,EAAe;AAE5C,EAAA,IAAI,QAAQ,eAAA,EAAiB;AAC3B,IAAA,aAAA,CAAc,iBAAA,CAAkB,6BAA6B,MAAM,CAAA;AAAA,EACrE,CAAA,MAAO;AACL,IAAA,MAAA,CAAO,yBAAA,GAA4B,MAAA;AAAA,EACrC;AACF","file":"index.js","sourcesContent":["import { contextBridge, ipcRenderer } from 'electron';\n\nimport { OAUTH_TRANSPORT_CHANNELS, TOKEN_CACHE_CHANNELS } from '../shared/ipc';\nimport type { OAuthTransport, TokenCache } from '../shared/types';\n\n/**\n * Exposes Clerk's Electron bridge from the preload script to the renderer.\n *\n * Call this from an Electron preload script. It publishes a narrow internal bridge used by\n * `@clerk/electron/react` for token storage and OAuth transport.\n */\nexport function exposeClerkBridge(): void {\n  const tokenCache: TokenCache = {\n    getToken: key => ipcRenderer.invoke(TOKEN_CACHE_CHANNELS.getToken, key),\n    saveToken: (key, value) => ipcRenderer.invoke(TOKEN_CACHE_CHANNELS.saveToken, key, value),\n    clearToken: key => ipcRenderer.invoke(TOKEN_CACHE_CHANNELS.clearToken, key),\n  };\n  const oauthTransport: OAuthTransport = {\n    getRedirectUrl: () => ipcRenderer.invoke(OAUTH_TRANSPORT_CHANNELS.getRedirectUrl),\n    open: url => ipcRenderer.invoke(OAUTH_TRANSPORT_CHANNELS.open, url),\n  };\n  const bridge = { tokenCache, oauthTransport };\n\n  if (process.contextIsolated) {\n    contextBridge.exposeInMainWorld('__clerk_internal_electron', bridge);\n  } else {\n    window.__clerk_internal_electron = bridge;\n  }\n}\n"]}

package/dist/esm/react/index.js

@@ -0,0 +1,68 @@
+import { InternalClerkProvider } from '@clerk/react/internal';
+import { ui } from '@clerk/ui';
+import { Clerk } from '@clerk/clerk-js';
+export * from '@clerk/react';
+import { jsx } from 'react/jsx-runtime';
+
+// src/react/index.tsx
+var CLERK_CLIENT_JWT_KEY = "__clerk_client_jwt";
+var cached = null;
+function createClerkInstance(publishableKey) {
+  if ((cached == null ? void 0 : cached.publishableKey) === publishableKey) {
+    return cached.instance;
+  }
+  const clerk = new Clerk(publishableKey);
+  clerk.__internal_onBeforeRequest(async (request) => {
+    var _a, _b;
+    request.credentials = "omit";
+    (_a = request.url) == null ? void 0 : _a.searchParams.append("_is_native", "1");
+    const token = await ((_b = window.__clerk_internal_electron) == null ? void 0 : _b.tokenCache.getToken(CLERK_CLIENT_JWT_KEY));
+    if (token) {
+      const headers = new Headers(request.headers);
+      headers.set("Authorization", `Bearer ${token}`);
+      request.headers = headers;
+    }
+  });
+  clerk.__internal_onAfterResponse(async (_request, response) => {
+    var _a;
+    const authorization = response.headers.get("Authorization");
+    if (!authorization) {
+      return;
+    }
+    const token = authorization.startsWith("Bearer ") ? authorization.slice("Bearer ".length) : authorization;
+    await ((_a = window.__clerk_internal_electron) == null ? void 0 : _a.tokenCache.saveToken(CLERK_CLIENT_JWT_KEY, token));
+  });
+  cached = { instance: clerk, publishableKey };
+  return clerk;
+}
+function createOAuthTransport() {
+  var _a;
+  const bridge = (_a = window.__clerk_internal_electron) == null ? void 0 : _a.oauthTransport;
+  if (!bridge) {
+    return void 0;
+  }
+  return {
+    getRedirectUrl: () => bridge.getRedirectUrl(),
+    open: (url) => bridge.open(url.href)
+  };
+}
+function ClerkProvider({ children, publishableKey, ...props }) {
+  const clerk = createClerkInstance(publishableKey);
+  const oauthTransport = createOAuthTransport();
+  return /* @__PURE__ */ jsx(
+    InternalClerkProvider,
+    {
+      ...props,
+      Clerk: clerk,
+      __internal_oauthTransport: oauthTransport,
+      publishableKey,
+      standardBrowser: false,
+      ui,
+      children
+    }
+  );
+}
+
+export { ClerkProvider };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/esm/react/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/react/create-clerk-instance.ts","../../../src/react/index.tsx"],"names":["ReactClerkProvider"],"mappings":";;;;;;;AAEA,IAAM,oBAAA,GAAuB,oBAAA;AAI7B,IAAI,MAAA,GAAqE,IAAA;AAElE,SAAS,oBAAoB,cAAA,EAAuC;AACzE,EAAA,IAAA,CAAI,MAAA,IAAA,IAAA,GAAA,MAAA,GAAA,MAAA,CAAQ,oBAAmB,cAAA,EAAgB;AAC7C,IAAA,OAAO,MAAA,CAAO,QAAA;AAAA,EAChB;AAEA,EAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAAM,cAAc,CAAA;AAEtC,EAAA,KAAA,CAAM,0BAAA,CAA2B,OAAM,OAAA,KAAW;AAfpD,IAAA,IAAA,EAAA,EAAA,EAAA;AAgBI,IAAA,OAAA,CAAQ,WAAA,GAAc,MAAA;AACtB,IAAA,CAAA,EAAA,GAAA,OAAA,CAAQ,GAAA,KAAR,IAAA,GAAA,MAAA,GAAA,EAAA,CAAa,YAAA,CAAa,MAAA,CAAO,YAAA,EAAc,GAAA,CAAA;AAE/C,IAAA,MAAM,QAAQ,OAAA,CAAM,EAAA,GAAA,MAAA,CAAO,yBAAA,KAAP,IAAA,GAAA,MAAA,GAAA,EAAA,CAAkC,WAAW,QAAA,CAAS,oBAAA,CAAA,CAAA;AAC1E,IAAA,IAAI,KAAA,EAAO;AACT,MAAA,MAAM,OAAA,GAAU,IAAI,OAAA,CAAQ,OAAA,CAAQ,OAAO,CAAA;AAC3C,MAAA,OAAA,CAAQ,GAAA,CAAI,eAAA,EAAiB,CAAA,OAAA,EAAU,KAAK,CAAA,CAAE,CAAA;AAC9C,MAAA,OAAA,CAAQ,OAAA,GAAU,OAAA;AAAA,IACpB;AAAA,EACF,CAAC,CAAA;AAED,EAAA,KAAA,CAAM,0BAAA,CAA2B,OAAO,QAAA,EAAU,QAAA,KAAa;AA3BjE,IAAA,IAAA,EAAA;AA4BI,IAAA,MAAM,aAAA,GAAiB,QAAA,CAAsB,OAAA,CAAQ,GAAA,CAAI,eAAe,CAAA;AACxE,IAAA,IAAI,CAAC,aAAA,EAAe;AAClB,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,KAAA,GAAQ,cAAc,UAAA,CAAW,SAAS,IAAI,aAAA,CAAc,KAAA,CAAM,SAAA,CAAU,MAAM,CAAA,GAAI,aAAA;AAC5F,IAAA,OAAA,CAAM,EAAA,GAAA,MAAA,CAAO,yBAAA,KAAP,IAAA,GAAA,MAAA,GAAA,EAAA,CAAkC,UAAA,CAAW,UAAU,oBAAA,EAAsB,KAAA,CAAA,CAAA;AAAA,EACrF,CAAC,CAAA;AAED,EAAA,MAAA,GAAS,EAAE,QAAA,EAAU,KAAA,EAAO,cAAA,EAAe;AAC3C,EAAA,OAAO,KAAA;AACT;ACnBA,SAAS,oBAAA,GAAwD;AApBjE,EAAA,IAAA,EAAA;AAqBE,EAAA,MAAM,MAAA,GAAA,CAAS,EAAA,GAAA,MAAA,CAAO,yBAAA,KAAP,IAAA,GAAA,MAAA,GAAA,EAAA,CAAkC,cAAA;AAEjD,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,OAAO,MAAA;AAAA,EACT;AAEA,EAAA,OAAO;AAAA,IACL,cAAA,EAAgB,MAAM,MAAA,CAAO,cAAA,EAAe;AAAA,IAC5C,IAAA,EAAM,CAAA,GAAA,KAAO,MAAA,CAAO,IAAA,CAAK,IAAI,IAAI;AAAA,GACnC;AACF;AAEO,SAAS,cAAc,EAAE,QAAA,EAAU,cAAA,EAAgB,GAAG,OAAM,EAAoC;AACrG,EAAA,MAAM,KAAA,GAAQ,oBAAoB,cAAc,CAAA;AAChD,EAAA,MAAM,iBAAiB,oBAAA,EAAqB;AAE5C,EAAA,uBACE,GAAA;AAAA,IAACA,qBAAA;AAAA,IAAA;AAAA,MACE,GAAG,KAAA;AAAA,MACJ,KAAA,EAAO,KAAA;AAAA,MACP,yBAAA,EAA2B,cAAA;AAAA,MAC3B,cAAA;AAAA,MACA,eAAA,EAAiB,KAAA;AAAA,MACjB,EAAA;AAAA,MAEC;AAAA;AAAA,GACH;AAEJ","file":"index.js","sourcesContent":["import { Clerk } from '@clerk/clerk-js';\n\nconst CLERK_CLIENT_JWT_KEY = '__clerk_client_jwt';\n\ntype ClerkInstance = InstanceType<typeof Clerk>;\n\nlet cached: { instance: ClerkInstance; publishableKey: string } | null = null;\n\nexport function createClerkInstance(publishableKey: string): ClerkInstance {\n  if (cached?.publishableKey === publishableKey) {\n    return cached.instance;\n  }\n\n  const clerk = new Clerk(publishableKey);\n\n  clerk.__internal_onBeforeRequest(async request => {\n    request.credentials = 'omit';\n    request.url?.searchParams.append('_is_native', '1');\n\n    const token = await window.__clerk_internal_electron?.tokenCache.getToken(CLERK_CLIENT_JWT_KEY);\n    if (token) {\n      const headers = new Headers(request.headers);\n      headers.set('Authorization', `Bearer ${token}`);\n      request.headers = headers;\n    }\n  });\n\n  clerk.__internal_onAfterResponse(async (_request, response) => {\n    const authorization = (response as Response).headers.get('Authorization');\n    if (!authorization) {\n      return;\n    }\n\n    const token = authorization.startsWith('Bearer ') ? authorization.slice('Bearer '.length) : authorization;\n    await window.__clerk_internal_electron?.tokenCache.saveToken(CLERK_CLIENT_JWT_KEY, token);\n  });\n\n  cached = { instance: clerk, publishableKey };\n  return clerk;\n}\n","import type { ClerkProviderProps as ReactClerkProviderProps } from '@clerk/react';\nimport { InternalClerkProvider as ReactClerkProvider } from '@clerk/react/internal';\nimport { ui } from '@clerk/ui';\nimport type { ReactNode } from 'react';\n\nimport { createClerkInstance } from './create-clerk-instance';\n\ntype ClerkOAuthTransport = NonNullable<ReactClerkProviderProps['__internal_oauthTransport']>;\n\nexport type ClerkProviderProps = Omit<\n  ReactClerkProviderProps,\n  'Clerk' | 'children' | 'publishableKey' | 'standardBrowser' | 'ui' | '__internal_oauthTransport'\n> & {\n  children: ReactNode;\n  /**\n   * Your Clerk publishable key, available in the Clerk Dashboard.\n   */\n  publishableKey: string;\n};\n\nfunction createOAuthTransport(): ClerkOAuthTransport | undefined {\n  const bridge = window.__clerk_internal_electron?.oauthTransport;\n\n  if (!bridge) {\n    return undefined;\n  }\n\n  return {\n    getRedirectUrl: () => bridge.getRedirectUrl(),\n    open: url => bridge.open(url.href),\n  };\n}\n\nexport function ClerkProvider({ children, publishableKey, ...props }: ClerkProviderProps): JSX.Element {\n  const clerk = createClerkInstance(publishableKey);\n  const oauthTransport = createOAuthTransport();\n\n  return (\n    <ReactClerkProvider\n      {...props}\n      Clerk={clerk}\n      __internal_oauthTransport={oauthTransport}\n      publishableKey={publishableKey}\n      standardBrowser={false}\n      ui={ui}\n    >\n      {children}\n    </ReactClerkProvider>\n  );\n}\n\nexport * from '@clerk/react';\n"]}

package/dist/esm/storage/index.js

@@ -0,0 +1,127 @@
+import { safeStorage } from 'electron';
+import Store from 'electron-store';
+
+// src/storage/index.ts
+var ENCRYPTED_PREFIX = "enc:";
+var RAW_PREFIX = "raw:";
+var syncCipher = {
+  encrypt: (value) => Promise.resolve(safeStorage.encryptString(value).toString("base64")),
+  decrypt: (payload) => Promise.resolve({ value: safeStorage.decryptString(Buffer.from(payload, "base64")), shouldReEncrypt: false })
+};
+function hasAsyncSafeStorage(storage2) {
+  const candidate = storage2;
+  return typeof candidate.encryptStringAsync === "function" && typeof candidate.decryptStringAsync === "function" && typeof candidate.isAsyncEncryptionAvailable === "function";
+}
+function createAsyncCipher(storage2) {
+  return {
+    encrypt: async (value) => (await storage2.encryptStringAsync(value)).toString("base64"),
+    decrypt: async (payload) => {
+      const { result, shouldReEncrypt } = await storage2.decryptStringAsync(Buffer.from(payload, "base64"));
+      return { value: result, shouldReEncrypt };
+    }
+  };
+}
+async function resolveCipher() {
+  if (hasAsyncSafeStorage(safeStorage)) {
+    try {
+      if (await safeStorage.isAsyncEncryptionAvailable()) {
+        return createAsyncCipher(safeStorage);
+      }
+    } catch {
+    }
+  }
+  if (typeof safeStorage.isEncryptionAvailable === "function" && safeStorage.isEncryptionAvailable()) {
+    return syncCipher;
+  }
+  return null;
+}
+function storage(options = {}) {
+  var _a;
+  const store = new Store({
+    name: (_a = options.name) != null ? _a : "clerk-tokens",
+    ...options.path ? { cwd: options.path } : {}
+  });
+  let cachedCipher = null;
+  let resolving = null;
+  const getCipher = () => {
+    if (cachedCipher) {
+      return Promise.resolve(cachedCipher);
+    }
+    resolving != null ? resolving : resolving = resolveCipher().then((resolved) => {
+      resolving = null;
+      if (resolved) {
+        cachedCipher = resolved;
+      }
+      return resolved;
+    });
+    return resolving;
+  };
+  let warned = false;
+  const warnOnce = (message) => {
+    if (warned) {
+      return;
+    }
+    warned = true;
+    console.warn(message);
+  };
+  return {
+    async getItem(key) {
+      const stored = store.get(key);
+      if (!stored) {
+        return null;
+      }
+      if (stored.startsWith(RAW_PREFIX)) {
+        return stored.slice(RAW_PREFIX.length);
+      }
+      if (stored.startsWith(ENCRYPTED_PREFIX)) {
+        const cipher = await getCipher();
+        if (!cipher) {
+          return null;
+        }
+        const payload = stored.slice(ENCRYPTED_PREFIX.length);
+        try {
+          const { value, shouldReEncrypt } = await cipher.decrypt(payload);
+          if (shouldReEncrypt) {
+            try {
+              store.set(key, ENCRYPTED_PREFIX + await cipher.encrypt(value));
+            } catch {
+            }
+          }
+          return value;
+        } catch {
+          return null;
+        }
+      }
+      store.delete(key);
+      return null;
+    },
+    async setItem(key, value) {
+      const cipher = await getCipher();
+      if (!cipher) {
+        if (options.unencryptedFallback) {
+          warnOnce(
+            "Clerk: OS encryption is unavailable; falling back to unencrypted storage. Session tokens are being stored unencrypted on local disk."
+          );
+          store.set(key, RAW_PREFIX + value);
+        } else {
+          warnOnce(
+            "Clerk: OS encryption is unavailable and unencryptedFallback is not enabled, so tokens are not being persisted. The user will be signed out on the next launch. Pass `storage({ unencryptedFallback: true })` to persist unencrypted (less secure)."
+          );
+        }
+        return;
+      }
+      try {
+        store.set(key, ENCRYPTED_PREFIX + await cipher.encrypt(value));
+      } catch {
+        warnOnce("Clerk: failed to encrypt the session token; it was not persisted.");
+      }
+    },
+    removeItem(key) {
+      store.delete(key);
+    }
+  };
+}
+
+export { storage };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/esm/storage/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../src/storage/index.ts"],"names":["storage"],"mappings":";;;;AAgCA,IAAM,gBAAA,GAAmB,MAAA;AAKzB,IAAM,UAAA,GAAa,MAAA;AAiBnB,IAAM,UAAA,GAAqB;AAAA,EACzB,OAAA,EAAS,CAAA,KAAA,KAAS,OAAA,CAAQ,OAAA,CAAQ,WAAA,CAAY,cAAc,KAAK,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAC,CAAA;AAAA,EACrF,SAAS,CAAA,OAAA,KACP,OAAA,CAAQ,OAAA,CAAQ,EAAE,OAAO,WAAA,CAAY,aAAA,CAAc,MAAA,CAAO,IAAA,CAAK,SAAS,QAAQ,CAAC,CAAA,EAAG,eAAA,EAAiB,OAAO;AAChH,CAAA;AAEA,SAAS,oBAAoBA,QAAAA,EAA+E;AAC1G,EAAA,MAAM,SAAA,GAAYA,QAAAA;AAElB,EAAA,OACE,OAAO,SAAA,CAAU,kBAAA,KAAuB,UAAA,IACxC,OAAO,UAAU,kBAAA,KAAuB,UAAA,IACxC,OAAO,SAAA,CAAU,0BAAA,KAA+B,UAAA;AAEpD;AAEA,SAAS,kBAAkBA,QAAAA,EAAmC;AAC5D,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,OAAM,KAAA,KAAA,CAAU,MAAMA,SAAQ,kBAAA,CAAmB,KAAK,CAAA,EAAG,QAAA,CAAS,QAAQ,CAAA;AAAA,IACnF,OAAA,EAAS,OAAM,OAAA,KAAW;AACxB,MAAA,MAAM,EAAE,MAAA,EAAQ,eAAA,EAAgB,GAAI,MAAMA,QAAAA,CAAQ,kBAAA,CAAmB,MAAA,CAAO,IAAA,CAAK,OAAA,EAAS,QAAQ,CAAC,CAAA;AACnG,MAAA,OAAO,EAAE,KAAA,EAAO,MAAA,EAAQ,eAAA,EAAgB;AAAA,IAC1C;AAAA,GACF;AACF;AAKA,eAAe,aAAA,GAAwC;AAErD,EAAA,IAAI,mBAAA,CAAoB,WAAW,CAAA,EAAG;AACpC,IAAA,IAAI;AACF,MAAA,IAAI,MAAM,WAAA,CAAY,0BAAA,EAA2B,EAAG;AAClD,QAAA,OAAO,kBAAkB,WAAW,CAAA;AAAA,MACtC;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAGA,EAAA,IAAI,OAAO,WAAA,CAAY,qBAAA,KAA0B,UAAA,IAAc,WAAA,CAAY,uBAAsB,EAAG;AAClG,IAAA,OAAO,UAAA;AAAA,EACT;AAEA,EAAA,OAAO,IAAA;AACT;AAuBO,SAAS,OAAA,CAAQ,OAAA,GAA0B,EAAC,EAAiB;AA5HpE,EAAA,IAAA,EAAA;AA6HE,EAAA,MAAM,KAAA,GAAQ,IAAI,KAAA,CAA8B;AAAA,IAC9C,IAAA,EAAA,CAAM,EAAA,GAAA,OAAA,CAAQ,IAAA,KAAR,IAAA,GAAA,EAAA,GAAgB,cAAA;AAAA,IACtB,GAAI,QAAQ,IAAA,GAAO,EAAE,KAAK,OAAA,CAAQ,IAAA,KAAS;AAAC,GAC7C,CAAA;AAED,EAAA,IAAI,YAAA,GAA8B,IAAA;AAClC,EAAA,IAAI,SAAA,GAA2C,IAAA;AAC/C,EAAA,MAAM,YAAY,MAA8B;AAC9C,IAAA,IAAI,YAAA,EAAc;AAChB,MAAA,OAAO,OAAA,CAAQ,QAAQ,YAAY,CAAA;AAAA,IACrC;AACA,IAAA,SAAA,IAAA,IAAA,GAAA,SAAA,GAAA,SAAA,GAAc,aAAA,EAAc,CAAE,IAAA,CAAK,CAAA,QAAA,KAAY;AAC7C,MAAA,SAAA,GAAY,IAAA;AACZ,MAAA,IAAI,QAAA,EAAU;AACZ,QAAA,YAAA,GAAe,QAAA;AAAA,MACjB;AACA,MAAA,OAAO,QAAA;AAAA,IACT,CAAC,CAAA;AACD,IAAA,OAAO,SAAA;AAAA,EACT,CAAA;AAEA,EAAA,IAAI,MAAA,GAAS,KAAA;AACb,EAAA,MAAM,QAAA,GAAW,CAAC,OAAA,KAAoB;AACpC,IAAA,IAAI,MAAA,EAAQ;AACV,MAAA;AAAA,IACF;AACA,IAAA,MAAA,GAAS,IAAA;AACT,IAAA,OAAA,CAAQ,KAAK,OAAO,CAAA;AAAA,EACtB,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,MAAM,QAAQ,GAAA,EAAK;AACjB,MAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,GAAG,CAAA;AAE5B,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,OAAO,IAAA;AAAA,MACT;AAEA,MAAA,IAAI,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA,EAAG;AACjC,QAAA,OAAO,MAAA,CAAO,KAAA,CAAM,UAAA,CAAW,MAAM,CAAA;AAAA,MACvC;AAEA,MAAA,IAAI,MAAA,CAAO,UAAA,CAAW,gBAAgB,CAAA,EAAG;AACvC,QAAA,MAAM,MAAA,GAAS,MAAM,SAAA,EAAU;AAG/B,QAAA,IAAI,CAAC,MAAA,EAAQ;AACX,UAAA,OAAO,IAAA;AAAA,QACT;AAEA,QAAA,MAAM,OAAA,GAAU,MAAA,CAAO,KAAA,CAAM,gBAAA,CAAiB,MAAM,CAAA;AAEpD,QAAA,IAAI;AACF,UAAA,MAAM,EAAE,KAAA,EAAO,eAAA,KAAoB,MAAM,MAAA,CAAO,QAAQ,OAAO,CAAA;AAE/D,UAAA,IAAI,eAAA,EAAiB;AAEnB,YAAA,IAAI;AACF,cAAA,KAAA,CAAM,IAAI,GAAA,EAAK,gBAAA,GAAoB,MAAM,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAE,CAAA;AAAA,YACjE,CAAA,CAAA,MAAQ;AAAA,YAER;AAAA,UACF;AAEA,UAAA,OAAO,KAAA;AAAA,QACT,CAAA,CAAA,MAAQ;AAEN,UAAA,OAAO,IAAA;AAAA,QACT;AAAA,MACF;AAGA,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAChB,MAAA,OAAO,IAAA;AAAA,IACT,CAAA;AAAA,IACA,MAAM,OAAA,CAAQ,GAAA,EAAK,KAAA,EAAO;AACxB,MAAA,MAAM,MAAA,GAAS,MAAM,SAAA,EAAU;AAE/B,MAAA,IAAI,CAAC,MAAA,EAAQ;AACX,QAAA,IAAI,QAAQ,mBAAA,EAAqB;AAC/B,UAAA,QAAA;AAAA,YACE;AAAA,WACF;AACA,UAAA,KAAA,CAAM,GAAA,CAAI,GAAA,EAAK,UAAA,GAAa,KAAK,CAAA;AAAA,QACnC,CAAA,MAAO;AACL,UAAA,QAAA;AAAA,YACE;AAAA,WACF;AAAA,QACF;AACA,QAAA;AAAA,MACF;AAEA,MAAA,IAAI;AACF,QAAA,KAAA,CAAM,IAAI,GAAA,EAAK,gBAAA,GAAoB,MAAM,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAE,CAAA;AAAA,MACjE,CAAA,CAAA,MAAQ;AAEN,QAAA,QAAA,CAAS,mEAAmE,CAAA;AAAA,MAC9E;AAAA,IACF,CAAA;AAAA,IACA,WAAW,GAAA,EAAK;AACd,MAAA,KAAA,CAAM,OAAO,GAAG,CAAA;AAAA,IAClB;AAAA,GACF;AACF","file":"index.js","sourcesContent":["import { safeStorage } from 'electron';\nimport Store from 'electron-store';\n\nimport type { TokenStorage } from '../shared/types';\n\ntype StorageOptions = {\n  /**\n   * The name of the file (without extension) used to persist tokens.\n   *\n   * @default 'clerk-tokens'\n   */\n  name?: string;\n  /**\n   * The directory in which the token file is stored. Maps to `electron-store`'s `cwd` option.\n   * When omitted, the OS default user config directory is used.\n   */\n  path?: string;\n  /**\n   * When OS-level encryption is unavailable (e.g. a Linux machine without a keyring), tokens are\n   * not persisted by default, which signs the user out on the next app launch. Set this to `true`\n   * to instead persist tokens **unencrypted** in that scenario, keeping the user signed in across\n   * restarts at the cost of storing tokens in plaintext on disk.\n   *\n   * @default false\n   */\n  unencryptedFallback?: boolean;\n};\n\n/**\n * Marks a value that was encrypted via {@link safeStorage}; the remainder is base64 ciphertext.\n * values will be stored as: `enc:<encrypted value>`\n */\nconst ENCRYPTED_PREFIX = 'enc:';\n/**\n * Marks a value persisted unencrypted via the `unencryptedFallback` option.\n * values will be stored as: `raw:<value>`\n */\nconst RAW_PREFIX = 'raw:';\n\ntype Cipher = {\n  encrypt: (value: string) => Promise<string>;\n  /**\n   * Decrypts a base64 payload. `shouldReEncrypt` is `true` (async backend only) when the OS key\n   * has rotated and the payload should be re-encrypted with the new key.\n   */\n  decrypt: (payload: string) => Promise<{ value: string; shouldReEncrypt: boolean }>;\n};\n\ntype AsyncSafeStorage = {\n  encryptStringAsync: (plainText: string) => Promise<Buffer>;\n  decryptStringAsync: (encrypted: Buffer) => Promise<{ result: string; shouldReEncrypt: boolean }>;\n  isAsyncEncryptionAvailable: () => Promise<boolean>;\n};\n\nconst syncCipher: Cipher = {\n  encrypt: value => Promise.resolve(safeStorage.encryptString(value).toString('base64')),\n  decrypt: payload =>\n    Promise.resolve({ value: safeStorage.decryptString(Buffer.from(payload, 'base64')), shouldReEncrypt: false }),\n};\n\nfunction hasAsyncSafeStorage(storage: typeof safeStorage): storage is typeof safeStorage & AsyncSafeStorage {\n  const candidate = storage as Partial<AsyncSafeStorage>;\n\n  return (\n    typeof candidate.encryptStringAsync === 'function' &&\n    typeof candidate.decryptStringAsync === 'function' &&\n    typeof candidate.isAsyncEncryptionAvailable === 'function'\n  );\n}\n\nfunction createAsyncCipher(storage: AsyncSafeStorage): Cipher {\n  return {\n    encrypt: async value => (await storage.encryptStringAsync(value)).toString('base64'),\n    decrypt: async payload => {\n      const { result, shouldReEncrypt } = await storage.decryptStringAsync(Buffer.from(payload, 'base64'));\n      return { value: result, shouldReEncrypt };\n    },\n  };\n}\n\n/**\n * Resolves the crypto backend to use, or `null` when no OS encryption is currently available.\n */\nasync function resolveCipher(): Promise<Cipher | null> {\n  // Prefer the async API, but only when the full optional function surface exists.\n  if (hasAsyncSafeStorage(safeStorage)) {\n    try {\n      if (await safeStorage.isAsyncEncryptionAvailable()) {\n        return createAsyncCipher(safeStorage);\n      }\n    } catch {\n      /* fall through to the synchronous API */\n    }\n  }\n\n  // The synchronous API blocks the calling thread on the OS prompt during the first encrypt/decrypt,\n  if (typeof safeStorage.isEncryptionAvailable === 'function' && safeStorage.isEncryptionAvailable()) {\n    return syncCipher;\n  }\n\n  return null;\n}\n\n/**\n * Creates a secure {@link TokenStorage} adapter for the Electron main process.\n *\n * Tokens are persisted with `electron-store` and encrypted at rest using Electron's\n * {@link safeStorage} API, which is backed by the OS keystore (Keychain on macOS, DPAPI on\n * Windows, libsecret/kwallet on Linux). It uses Electron 42's async `safeStorage` API only when it\n * reports itself available (which generally requires a code-signed app) and otherwise falls back to\n * the synchronous API. Pass the result to `createClerkBridge({ storage: storage() })`.\n *\n * Behavior is secure by default: when OS encryption is unavailable the adapter does not persist\n * tokens (the user will be signed out on restart) unless {@link StorageOptions.unencryptedFallback}\n * is enabled. Undecryptable entries return `null`.\n *\n * @example\n * ```ts\n * import { createClerkBridge } from '@clerk/electron';\n * import { storage } from '@clerk/electron/storage';\n *\n * createClerkBridge({ storage: storage({ name: 'my-app-tokens' }) });\n * ```\n */\nexport function storage(options: StorageOptions = {}): TokenStorage {\n  const store = new Store<Record<string, string>>({\n    name: options.name ?? 'clerk-tokens',\n    ...(options.path ? { cwd: options.path } : {}),\n  });\n\n  let cachedCipher: Cipher | null = null;\n  let resolving: Promise<Cipher | null> | null = null;\n  const getCipher = (): Promise<Cipher | null> => {\n    if (cachedCipher) {\n      return Promise.resolve(cachedCipher);\n    }\n    resolving ??= resolveCipher().then(resolved => {\n      resolving = null;\n      if (resolved) {\n        cachedCipher = resolved;\n      }\n      return resolved;\n    });\n    return resolving;\n  };\n\n  let warned = false;\n  const warnOnce = (message: string) => {\n    if (warned) {\n      return;\n    }\n    warned = true;\n    console.warn(message);\n  };\n\n  return {\n    async getItem(key) {\n      const stored = store.get(key);\n\n      if (!stored) {\n        return null;\n      }\n\n      if (stored.startsWith(RAW_PREFIX)) {\n        return stored.slice(RAW_PREFIX.length);\n      }\n\n      if (stored.startsWith(ENCRYPTED_PREFIX)) {\n        const cipher = await getCipher();\n\n        // No usable OS encryption, preserve entry.\n        if (!cipher) {\n          return null;\n        }\n\n        const payload = stored.slice(ENCRYPTED_PREFIX.length);\n\n        try {\n          const { value, shouldReEncrypt } = await cipher.decrypt(payload);\n\n          if (shouldReEncrypt) {\n            // OS key has rotated, persist with new value\n            try {\n              store.set(key, ENCRYPTED_PREFIX + (await cipher.encrypt(value)));\n            } catch {\n              // keep the existing payload; it still decrypts for now\n            }\n          }\n\n          return value;\n        } catch {\n          // Decryption failed, preserve the entry, new write on next sign-in.\n          return null;\n        }\n      }\n\n      // Unknown or unrecognized format, drop the entry so we don't repeatedly fail on it.\n      store.delete(key);\n      return null;\n    },\n    async setItem(key, value) {\n      const cipher = await getCipher();\n\n      if (!cipher) {\n        if (options.unencryptedFallback) {\n          warnOnce(\n            'Clerk: OS encryption is unavailable; falling back to unencrypted storage. Session tokens are being stored unencrypted on local disk.',\n          );\n          store.set(key, RAW_PREFIX + value);\n        } else {\n          warnOnce(\n            'Clerk: OS encryption is unavailable and unencryptedFallback is not enabled, so tokens are not being persisted. The user will be signed out on the next launch. Pass `storage({ unencryptedFallback: true })` to persist unencrypted (less secure).',\n          );\n        }\n        return;\n      }\n\n      try {\n        store.set(key, ENCRYPTED_PREFIX + (await cipher.encrypt(value)));\n      } catch {\n        // Encryption is available but encryption failed\n        warnOnce('Clerk: failed to encrypt the session token; it was not persisted.');\n      }\n    },\n    removeItem(key) {\n      store.delete(key);\n    },\n  };\n}\n"]}

package/dist/types/index.d.ts

@@ -0,0 +1,3 @@
+export { createClerkBridge } from './main/create-clerk-bridge';
+export type { ClerkBridge, CreateClerkBridgeOptions } from './shared/types';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,YAAY,EAAE,WAAW,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC"}

package/dist/types/main/create-clerk-bridge.d.ts

@@ -0,0 +1,10 @@
+import type { ClerkBridge, CreateClerkBridgeOptions } from '../shared/types';
+/**
+ * Creates the Clerk bridge for Electron's main process.
+ *
+ * The bridge owns Clerk's main-process IPC handlers, token persistence, and OAuth deep-link
+ * transport. Call this before creating renderer windows, and call the returned `cleanup` method
+ * when tearing down the app or test environment.
+ */
+export declare function createClerkBridge(options: CreateClerkBridgeOptions): ClerkBridge;
+//# sourceMappingURL=create-clerk-bridge.d.ts.map

package/dist/types/main/create-clerk-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-clerk-bridge.d.ts","sourceRoot":"","sources":["../../../src/main/create-clerk-bridge.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAkB7E;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,WAAW,CAqChF"}

package/dist/types/main/ipc-handlers.d.ts

@@ -0,0 +1,3 @@
+import type { TokenStorage } from '../shared/types';
+export declare function setupTokenCacheIpcHandlers(storage: TokenStorage): () => void;
+//# sourceMappingURL=ipc-handlers.d.ts.map

package/dist/types/main/ipc-handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ipc-handlers.d.ts","sourceRoot":"","sources":["../../../src/main/ipc-handlers.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAEpD,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,YAAY,GAAG,MAAM,IAAI,CAkB5E"}

package/dist/types/main/oauth-transport.d.ts

@@ -0,0 +1,7 @@
+import type { RendererSchemeOptions } from '../shared/types';
+type OAuthTransportOptions = {
+    renderer: RendererSchemeOptions;
+};
+export declare function setupOAuthTransportIpcHandlers(options: OAuthTransportOptions): () => void;
+export {};
+//# sourceMappingURL=oauth-transport.d.ts.map

package/dist/types/main/oauth-transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-transport.d.ts","sourceRoot":"","sources":["../../../src/main/oauth-transport.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAU7D,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,qBAAqB,CAAC;CACjC,CAAC;AA6BF,wBAAgB,8BAA8B,CAAC,OAAO,EAAE,qBAAqB,GAAG,MAAM,IAAI,CAqFzF"}

package/dist/types/preload/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Exposes Clerk's Electron bridge from the preload script to the renderer.
+ *
+ * Call this from an Electron preload script. It publishes a narrow internal bridge used by
+ * `@clerk/electron/react` for token storage and OAuth transport.
+ */
+export declare function exposeClerkBridge(): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/types/preload/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/preload/index.ts"],"names":[],"mappings":"AAKA;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,IAAI,CAiBxC"}

package/dist/types/react/create-clerk-instance.d.ts

@@ -0,0 +1,5 @@
+import { Clerk } from '@clerk/clerk-js';
+type ClerkInstance = InstanceType<typeof Clerk>;
+export declare function createClerkInstance(publishableKey: string): ClerkInstance;
+export {};
+//# sourceMappingURL=create-clerk-instance.d.ts.map

package/dist/types/react/create-clerk-instance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"create-clerk-instance.d.ts","sourceRoot":"","sources":["../../../src/react/create-clerk-instance.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,iBAAiB,CAAC;AAIxC,KAAK,aAAa,GAAG,YAAY,CAAC,OAAO,KAAK,CAAC,CAAC;AAIhD,wBAAgB,mBAAmB,CAAC,cAAc,EAAE,MAAM,GAAG,aAAa,CA+BzE"}

package/dist/types/react/index.d.ts

@@ -0,0 +1,12 @@
+import type { ClerkProviderProps as ReactClerkProviderProps } from '@clerk/react';
+import type { ReactNode } from 'react';
+export type ClerkProviderProps = Omit<ReactClerkProviderProps, 'Clerk' | 'children' | 'publishableKey' | 'standardBrowser' | 'ui' | '__internal_oauthTransport'> & {
+    children: ReactNode;
+    /**
+     * Your Clerk publishable key, available in the Clerk Dashboard.
+     */
+    publishableKey: string;
+};
+export declare function ClerkProvider({ children, publishableKey, ...props }: ClerkProviderProps): JSX.Element;
+export * from '@clerk/react';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/react/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/react/index.tsx"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,IAAI,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAGlF,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAMvC,MAAM,MAAM,kBAAkB,GAAG,IAAI,CACnC,uBAAuB,EACvB,OAAO,GAAG,UAAU,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,IAAI,GAAG,2BAA2B,CACjG,GAAG;IACF,QAAQ,EAAE,SAAS,CAAC;IACpB;;OAEG;IACH,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAeF,wBAAgB,aAAa,CAAC,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,KAAK,EAAE,EAAE,kBAAkB,GAAG,GAAG,CAAC,OAAO,CAgBrG;AAED,cAAc,cAAc,CAAC"}

package/dist/types/shared/ipc.d.ts

@@ -0,0 +1,10 @@
+export declare const TOKEN_CACHE_CHANNELS: {
+    readonly getToken: "clerk:token-cache:get";
+    readonly saveToken: "clerk:token-cache:save";
+    readonly clearToken: "clerk:token-cache:clear";
+};
+export declare const OAUTH_TRANSPORT_CHANNELS: {
+    readonly getRedirectUrl: "clerk:oauth-transport:get-redirect-url";
+    readonly open: "clerk:oauth-transport:open";
+};
+//# sourceMappingURL=ipc.d.ts.map

package/dist/types/shared/ipc.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ipc.d.ts","sourceRoot":"","sources":["../../../src/shared/ipc.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,oBAAoB;;;;CAIvB,CAAC;AAEX,eAAO,MAAM,wBAAwB;;;CAG3B,CAAC"}

package/dist/types/shared/types.d.ts

@@ -0,0 +1,45 @@
+type Awaitable<T> = T | Promise<T>;
+export type TokenStorage = {
+    getItem: (key: string) => Awaitable<string | null>;
+    setItem: (key: string, value: string) => Awaitable<void>;
+    removeItem: (key: string) => Awaitable<void>;
+};
+export type CreateClerkBridgeOptions = {
+    /**
+     * Storage adapter used by the main process to persist Clerk tokens.
+     */
+    storage: TokenStorage;
+    /**
+     * Registers the custom scheme used to serve the Electron renderer from a stable origin.
+     */
+    renderer?: RendererSchemeOptions;
+};
+export type ClerkBridge = {
+    /**
+     * Removes IPC handlers and listeners registered by `createClerkBridge`.
+     */
+    cleanup: () => void;
+};
+export type RendererSchemeOptions = {
+    /**
+     * Custom scheme used for the renderer origin.
+     */
+    scheme: string;
+    /**
+     * Custom host used for the renderer origin.
+     */
+    host: string;
+};
+export type TokenCache = {
+    getToken: (key: string) => Promise<string | null>;
+    saveToken: (key: string, value: string) => Promise<void>;
+    clearToken: (key: string) => Promise<void>;
+};
+export type OAuthTransport = {
+    getRedirectUrl: () => Promise<string>;
+    open: (url: string) => Promise<{
+        callbackUrl: string;
+    }>;
+};
+export {};
+//# sourceMappingURL=types.d.ts.map

package/dist/types/shared/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/shared/types.ts"],"names":[],"mappings":"AAAA,KAAK,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;AAEnC,MAAM,MAAM,YAAY,GAAG;IACzB,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACnD,OAAO,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,CAAC;IACzD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,SAAS,CAAC,IAAI,CAAC,CAAC;CAC9C,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC;;OAEG;IACH,OAAO,EAAE,YAAY,CAAC;IACtB;;OAEG;IACH,QAAQ,CAAC,EAAE,qBAAqB,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB;;OAEG;IACH,OAAO,EAAE,MAAM,IAAI,CAAC;CACrB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAC;IACf;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAEF,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzD,UAAU,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5C,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,cAAc,EAAE,MAAM,OAAO,CAAC,MAAM,CAAC,CAAC;IACtC,IAAI,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACzD,CAAC"}