npm - @enbox/agent - Versions diffs - 0.0.1 - Mend

@enbox/agent 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/dist/browser.js +2215 -0
package/dist/browser.js.map +7 -0
package/dist/browser.mjs +2215 -0
package/dist/browser.mjs.map +7 -0
package/dist/cjs/index.js +8530 -0
package/dist/cjs/index.js.map +7 -0
package/dist/cjs/package.json +1 -0
package/dist/esm/agent-did-resolver-cache.js +87 -0
package/dist/esm/agent-did-resolver-cache.js.map +1 -0
package/dist/esm/bearer-identity.js +41 -0
package/dist/esm/bearer-identity.js.map +1 -0
package/dist/esm/connect.js +191 -0
package/dist/esm/connect.js.map +1 -0
package/dist/esm/crypto-api.js +346 -0
package/dist/esm/crypto-api.js.map +1 -0
package/dist/esm/did-api.js +278 -0
package/dist/esm/did-api.js.map +1 -0
package/dist/esm/dwn-api.js +336 -0
package/dist/esm/dwn-api.js.map +1 -0
package/dist/esm/dwn-registrar.js +120 -0
package/dist/esm/dwn-registrar.js.map +1 -0
package/dist/esm/hd-identity-vault.js +729 -0
package/dist/esm/hd-identity-vault.js.map +1 -0
package/dist/esm/identity-api.js +262 -0
package/dist/esm/identity-api.js.map +1 -0
package/dist/esm/index.js +23 -0
package/dist/esm/index.js.map +1 -0
package/dist/esm/local-key-manager.js +498 -0
package/dist/esm/local-key-manager.js.map +1 -0
package/dist/esm/oidc.js +507 -0
package/dist/esm/oidc.js.map +1 -0
package/dist/esm/permissions-api.js +322 -0
package/dist/esm/permissions-api.js.map +1 -0
package/dist/esm/prototyping/clients/dwn-rpc-types.js +2 -0
package/dist/esm/prototyping/clients/dwn-rpc-types.js.map +1 -0
package/dist/esm/prototyping/clients/dwn-server-info-cache-memory.js +74 -0
package/dist/esm/prototyping/clients/dwn-server-info-cache-memory.js.map +1 -0
package/dist/esm/prototyping/clients/http-dwn-rpc-client.js +105 -0
package/dist/esm/prototyping/clients/http-dwn-rpc-client.js.map +1 -0
package/dist/esm/prototyping/clients/json-rpc-socket.js +150 -0
package/dist/esm/prototyping/clients/json-rpc-socket.js.map +1 -0
package/dist/esm/prototyping/clients/json-rpc.js +58 -0
package/dist/esm/prototyping/clients/json-rpc.js.map +1 -0
package/dist/esm/prototyping/clients/server-info-types.js +2 -0
package/dist/esm/prototyping/clients/server-info-types.js.map +1 -0
package/dist/esm/prototyping/clients/web-socket-clients.js +90 -0
package/dist/esm/prototyping/clients/web-socket-clients.js.map +1 -0
package/dist/esm/prototyping/common/object.js +14 -0
package/dist/esm/prototyping/common/object.js.map +1 -0
package/dist/esm/prototyping/common/type-utils.js +2 -0
package/dist/esm/prototyping/common/type-utils.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/aes-gcm.js +147 -0
package/dist/esm/prototyping/crypto/algorithms/aes-gcm.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/aes-kw.js +137 -0
package/dist/esm/prototyping/crypto/algorithms/aes-kw.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/ecdsa.js +307 -0
package/dist/esm/prototyping/crypto/algorithms/ecdsa.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/eddsa.js +264 -0
package/dist/esm/prototyping/crypto/algorithms/eddsa.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/hkdf.js +39 -0
package/dist/esm/prototyping/crypto/algorithms/hkdf.js.map +1 -0
package/dist/esm/prototyping/crypto/algorithms/pbkdf2.js +41 -0
package/dist/esm/prototyping/crypto/algorithms/pbkdf2.js.map +1 -0
package/dist/esm/prototyping/crypto/crypto-error.js +41 -0
package/dist/esm/prototyping/crypto/crypto-error.js.map +1 -0
package/dist/esm/prototyping/crypto/dsa.js +236 -0
package/dist/esm/prototyping/crypto/dsa.js.map +1 -0
package/dist/esm/prototyping/crypto/jose/jwe-compact.js +130 -0
package/dist/esm/prototyping/crypto/jose/jwe-compact.js.map +1 -0
package/dist/esm/prototyping/crypto/jose/jwe-flattened.js +294 -0
package/dist/esm/prototyping/crypto/jose/jwe-flattened.js.map +1 -0
package/dist/esm/prototyping/crypto/jose/jwe.js +308 -0
package/dist/esm/prototyping/crypto/jose/jwe.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/aes-gcm.js +352 -0
package/dist/esm/prototyping/crypto/primitives/aes-gcm.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/aes-kw.js +247 -0
package/dist/esm/prototyping/crypto/primitives/aes-kw.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/hkdf.js +80 -0
package/dist/esm/prototyping/crypto/primitives/hkdf.js.map +1 -0
package/dist/esm/prototyping/crypto/primitives/pbkdf2.js +85 -0
package/dist/esm/prototyping/crypto/primitives/pbkdf2.js.map +1 -0
package/dist/esm/prototyping/crypto/types/cipher.js +2 -0
package/dist/esm/prototyping/crypto/types/cipher.js.map +1 -0
package/dist/esm/prototyping/crypto/types/crypto-api.js +2 -0
package/dist/esm/prototyping/crypto/types/crypto-api.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-converter.js +2 -0
package/dist/esm/prototyping/crypto/types/key-converter.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-deriver.js +2 -0
package/dist/esm/prototyping/crypto/types/key-deriver.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-io.js +2 -0
package/dist/esm/prototyping/crypto/types/key-io.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-manager.js +2 -0
package/dist/esm/prototyping/crypto/types/key-manager.js.map +1 -0
package/dist/esm/prototyping/crypto/types/key-wrapper.js +2 -0
package/dist/esm/prototyping/crypto/types/key-wrapper.js.map +1 -0
package/dist/esm/prototyping/crypto/types/params-direct.js +2 -0
package/dist/esm/prototyping/crypto/types/params-direct.js.map +1 -0
package/dist/esm/prototyping/crypto/types/params-kms.js +2 -0
package/dist/esm/prototyping/crypto/types/params-kms.js.map +1 -0
package/dist/esm/prototyping/crypto/utils.js +19 -0
package/dist/esm/prototyping/crypto/utils.js.map +1 -0
package/dist/esm/prototyping/dids/resolver-cache-memory.js +77 -0
package/dist/esm/prototyping/dids/resolver-cache-memory.js.map +1 -0
package/dist/esm/prototyping/dids/utils.js +9 -0
package/dist/esm/prototyping/dids/utils.js.map +1 -0
package/dist/esm/rpc-client.js +123 -0
package/dist/esm/rpc-client.js.map +1 -0
package/dist/esm/store-data-protocols.js +38 -0
package/dist/esm/store-data-protocols.js.map +1 -0
package/dist/esm/store-data.js +320 -0
package/dist/esm/store-data.js.map +1 -0
package/dist/esm/store-did.js +136 -0
package/dist/esm/store-did.js.map +1 -0
package/dist/esm/store-identity.js +140 -0
package/dist/esm/store-identity.js.map +1 -0
package/dist/esm/store-key.js +136 -0
package/dist/esm/store-key.js.map +1 -0
package/dist/esm/sync-api.js +61 -0
package/dist/esm/sync-api.js.map +1 -0
package/dist/esm/sync-engine-level.js +618 -0
package/dist/esm/sync-engine-level.js.map +1 -0
package/dist/esm/test-harness.js +239 -0
package/dist/esm/test-harness.js.map +1 -0
package/dist/esm/types/agent.js +2 -0
package/dist/esm/types/agent.js.map +1 -0
package/dist/esm/types/dwn.js +31 -0
package/dist/esm/types/dwn.js.map +1 -0
package/dist/esm/types/identity-vault.js +2 -0
package/dist/esm/types/identity-vault.js.map +1 -0
package/dist/esm/types/identity.js +2 -0
package/dist/esm/types/identity.js.map +1 -0
package/dist/esm/types/key-manager.js +2 -0
package/dist/esm/types/key-manager.js.map +1 -0
package/dist/esm/types/permissions.js +2 -0
package/dist/esm/types/permissions.js.map +1 -0
package/dist/esm/types/sync.js +2 -0
package/dist/esm/types/sync.js.map +1 -0
package/dist/esm/types/vc.js +5 -0
package/dist/esm/types/vc.js.map +1 -0
package/dist/esm/utils-internal.js +147 -0
package/dist/esm/utils-internal.js.map +1 -0
package/dist/esm/utils.js +161 -0
package/dist/esm/utils.js.map +1 -0
package/dist/types/agent-did-resolver-cache.d.ts +30 -0
package/dist/types/agent-did-resolver-cache.d.ts.map +1 -0
package/dist/types/bearer-identity.d.ts +31 -0
package/dist/types/bearer-identity.d.ts.map +1 -0
package/dist/types/connect.d.ts +88 -0
package/dist/types/connect.d.ts.map +1 -0
package/dist/types/crypto-api.d.ts +286 -0
package/dist/types/crypto-api.d.ts.map +1 -0
package/dist/types/did-api.d.ts +119 -0
package/dist/types/did-api.d.ts.map +1 -0
package/dist/types/dwn-api.d.ts +66 -0
package/dist/types/dwn-api.d.ts.map +1 -0
package/dist/types/dwn-registrar.d.ts +29 -0
package/dist/types/dwn-registrar.d.ts.map +1 -0
package/dist/types/hd-identity-vault.d.ts +306 -0
package/dist/types/hd-identity-vault.d.ts.map +1 -0
package/dist/types/identity-api.d.ts +107 -0
package/dist/types/identity-api.d.ts.map +1 -0
package/dist/types/index.d.ts +30 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/local-key-manager.d.ts +311 -0
package/dist/types/local-key-manager.d.ts.map +1 -0
package/dist/types/oidc.d.ts +247 -0
package/dist/types/oidc.d.ts.map +1 -0
package/dist/types/permissions-api.d.ts +35 -0
package/dist/types/permissions-api.d.ts.map +1 -0
package/dist/types/prototyping/clients/dwn-rpc-types.d.ts +45 -0
package/dist/types/prototyping/clients/dwn-rpc-types.d.ts.map +1 -0
package/dist/types/prototyping/clients/dwn-server-info-cache-memory.d.ts +57 -0
package/dist/types/prototyping/clients/dwn-server-info-cache-memory.d.ts.map +1 -0
package/dist/types/prototyping/clients/http-dwn-rpc-client.d.ts +13 -0
package/dist/types/prototyping/clients/http-dwn-rpc-client.d.ts.map +1 -0
package/dist/types/prototyping/clients/json-rpc-socket.d.ts +43 -0
package/dist/types/prototyping/clients/json-rpc-socket.d.ts.map +1 -0
package/dist/types/prototyping/clients/json-rpc.d.ts +49 -0
package/dist/types/prototyping/clients/json-rpc.d.ts.map +1 -0
package/dist/types/prototyping/clients/server-info-types.d.ts +20 -0
package/dist/types/prototyping/clients/server-info-types.d.ts.map +1 -0
package/dist/types/prototyping/clients/web-socket-clients.d.ts +10 -0
package/dist/types/prototyping/clients/web-socket-clients.d.ts.map +1 -0
package/dist/types/prototyping/common/object.d.ts +2 -0
package/dist/types/prototyping/common/object.d.ts.map +1 -0
package/dist/types/prototyping/common/type-utils.d.ts +7 -0
package/dist/types/prototyping/common/type-utils.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/aes-gcm.d.ts +151 -0
package/dist/types/prototyping/crypto/algorithms/aes-gcm.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/aes-kw.d.ts +109 -0
package/dist/types/prototyping/crypto/algorithms/aes-kw.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/ecdsa.d.ts +160 -0
package/dist/types/prototyping/crypto/algorithms/ecdsa.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/eddsa.d.ts +157 -0
package/dist/types/prototyping/crypto/algorithms/eddsa.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/hkdf.d.ts +21 -0
package/dist/types/prototyping/crypto/algorithms/hkdf.d.ts.map +1 -0
package/dist/types/prototyping/crypto/algorithms/pbkdf2.d.ts +21 -0
package/dist/types/prototyping/crypto/algorithms/pbkdf2.d.ts.map +1 -0
package/dist/types/prototyping/crypto/crypto-error.d.ts +29 -0
package/dist/types/prototyping/crypto/crypto-error.d.ts.map +1 -0
package/dist/types/prototyping/crypto/dsa.d.ts +169 -0
package/dist/types/prototyping/crypto/dsa.d.ts.map +1 -0
package/dist/types/prototyping/crypto/jose/jwe-compact.d.ts +135 -0
package/dist/types/prototyping/crypto/jose/jwe-compact.d.ts.map +1 -0
package/dist/types/prototyping/crypto/jose/jwe-flattened.d.ts +134 -0
package/dist/types/prototyping/crypto/jose/jwe-flattened.d.ts.map +1 -0
package/dist/types/prototyping/crypto/jose/jwe.d.ts +378 -0
package/dist/types/prototyping/crypto/jose/jwe.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/aes-gcm.d.ts +245 -0
package/dist/types/prototyping/crypto/primitives/aes-gcm.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/aes-kw.d.ts +103 -0
package/dist/types/prototyping/crypto/primitives/aes-kw.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/hkdf.d.ts +90 -0
package/dist/types/prototyping/crypto/primitives/hkdf.d.ts.map +1 -0
package/dist/types/prototyping/crypto/primitives/pbkdf2.d.ts +84 -0
package/dist/types/prototyping/crypto/primitives/pbkdf2.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/cipher.d.ts +14 -0
package/dist/types/prototyping/crypto/types/cipher.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/crypto-api.d.ts +35 -0
package/dist/types/prototyping/crypto/types/crypto-api.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-converter.d.ts +49 -0
package/dist/types/prototyping/crypto/types/key-converter.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-deriver.d.ts +50 -0
package/dist/types/prototyping/crypto/types/key-deriver.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-io.d.ts +49 -0
package/dist/types/prototyping/crypto/types/key-io.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-manager.d.ts +69 -0
package/dist/types/prototyping/crypto/types/key-manager.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/key-wrapper.d.ts +14 -0
package/dist/types/prototyping/crypto/types/key-wrapper.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/params-direct.d.ts +75 -0
package/dist/types/prototyping/crypto/types/params-direct.d.ts.map +1 -0
package/dist/types/prototyping/crypto/types/params-kms.d.ts +63 -0
package/dist/types/prototyping/crypto/types/params-kms.d.ts.map +1 -0
package/dist/types/prototyping/crypto/utils.d.ts +7 -0
package/dist/types/prototyping/crypto/utils.d.ts.map +1 -0
package/dist/types/prototyping/dids/resolver-cache-memory.d.ts +57 -0
package/dist/types/prototyping/dids/resolver-cache-memory.d.ts.map +1 -0
package/dist/types/prototyping/dids/utils.d.ts +3 -0
package/dist/types/prototyping/dids/utils.d.ts.map +1 -0
package/dist/types/rpc-client.d.ts +51 -0
package/dist/types/rpc-client.d.ts.map +1 -0
package/dist/types/store-data-protocols.d.ts +4 -0
package/dist/types/store-data-protocols.d.ts.map +1 -0
package/dist/types/store-data.d.ts +95 -0
package/dist/types/store-data.d.ts.map +1 -0
package/dist/types/store-did.d.ts +33 -0
package/dist/types/store-did.d.ts.map +1 -0
package/dist/types/store-identity.d.ts +34 -0
package/dist/types/store-identity.d.ts.map +1 -0
package/dist/types/store-key.d.ts +32 -0
package/dist/types/store-key.d.ts.map +1 -0
package/dist/types/sync-api.d.ts +41 -0
package/dist/types/sync-api.d.ts.map +1 -0
package/dist/types/sync-engine-level.d.ts +85 -0
package/dist/types/sync-engine-level.d.ts.map +1 -0
package/dist/types/test-harness.d.ts +69 -0
package/dist/types/test-harness.d.ts.map +1 -0
package/dist/types/types/agent.d.ts +172 -0
package/dist/types/types/agent.d.ts.map +1 -0
package/dist/types/types/dwn.d.ts +178 -0
package/dist/types/types/dwn.d.ts.map +1 -0
package/dist/types/types/identity-vault.d.ts +129 -0
package/dist/types/types/identity-vault.d.ts.map +1 -0
package/dist/types/types/identity.d.ts +16 -0
package/dist/types/types/identity.d.ts.map +1 -0
package/dist/types/types/key-manager.d.ts +9 -0
package/dist/types/types/key-manager.d.ts.map +1 -0
package/dist/types/types/permissions.d.ts +98 -0
package/dist/types/types/permissions.d.ts.map +1 -0
package/dist/types/types/sync.d.ts +66 -0
package/dist/types/types/sync.d.ts.map +1 -0
package/dist/types/types/vc.d.ts +7 -0
package/dist/types/types/vc.d.ts.map +1 -0
package/dist/types/utils-internal.d.ts +50 -0
package/dist/types/utils-internal.d.ts.map +1 -0
package/dist/types/utils.d.ts +37 -0
package/dist/types/utils.d.ts.map +1 -0
package/package.json +112 -0
package/src/agent-did-resolver-cache.ts +95 -0
package/src/bearer-identity.ts +42 -0
package/src/connect.ts +296 -0
package/src/crypto-api.ts +593 -0
package/src/did-api.ts +429 -0
package/src/dwn-api.ts +462 -0
package/src/dwn-registrar.ts +127 -0
package/src/hd-identity-vault.ts +853 -0
package/src/identity-api.ts +324 -0
package/src/index.ts +30 -0
package/src/local-key-manager.ts +672 -0
package/src/oidc.ts +857 -0
package/src/permissions-api.ts +408 -0
package/src/prototyping/clients/dwn-rpc-types.ts +55 -0
package/src/prototyping/clients/dwn-server-info-cache-memory.ts +79 -0
package/src/prototyping/clients/http-dwn-rpc-client.ts +110 -0
package/src/prototyping/clients/json-rpc-socket.ts +169 -0
package/src/prototyping/clients/json-rpc.ts +113 -0
package/src/prototyping/clients/server-info-types.ts +21 -0
package/src/prototyping/clients/web-socket-clients.ts +100 -0
package/src/prototyping/common/object.ts +15 -0
package/src/prototyping/common/type-utils.ts +6 -0
package/src/prototyping/crypto/algorithms/aes-gcm.ts +211 -0
package/src/prototyping/crypto/algorithms/aes-kw.ts +164 -0
package/src/prototyping/crypto/algorithms/ecdsa.ts +365 -0
package/src/prototyping/crypto/algorithms/eddsa.ts +310 -0
package/src/prototyping/crypto/algorithms/hkdf.ts +40 -0
package/src/prototyping/crypto/algorithms/pbkdf2.ts +44 -0
package/src/prototyping/crypto/crypto-error.ts +45 -0
package/src/prototyping/crypto/dsa.ts +367 -0
package/src/prototyping/crypto/jose/jwe-compact.ts +225 -0
package/src/prototyping/crypto/jose/jwe-flattened.ts +459 -0
package/src/prototyping/crypto/jose/jwe.ts +653 -0
package/src/prototyping/crypto/primitives/aes-gcm.ts +374 -0
package/src/prototyping/crypto/primitives/aes-kw.ts +271 -0
package/src/prototyping/crypto/primitives/hkdf.ts +121 -0
package/src/prototyping/crypto/primitives/pbkdf2.ts +116 -0
package/src/prototyping/crypto/types/cipher.ts +17 -0
package/src/prototyping/crypto/types/crypto-api.ts +78 -0
package/src/prototyping/crypto/types/key-converter.ts +53 -0
package/src/prototyping/crypto/types/key-deriver.ts +56 -0
package/src/prototyping/crypto/types/key-io.ts +51 -0
package/src/prototyping/crypto/types/key-manager.ts +83 -0
package/src/prototyping/crypto/types/key-wrapper.ts +17 -0
package/src/prototyping/crypto/types/params-direct.ts +95 -0
package/src/prototyping/crypto/types/params-kms.ts +76 -0
package/src/prototyping/crypto/utils.ts +41 -0
package/src/prototyping/dids/resolver-cache-memory.ts +83 -0
package/src/prototyping/dids/utils.ts +10 -0
package/src/rpc-client.ts +162 -0
package/src/store-data-protocols.ts +40 -0
package/src/store-data.ts +400 -0
package/src/store-did.ts +105 -0
package/src/store-identity.ts +109 -0
package/src/store-key.ts +104 -0
package/src/sync-api.ts +71 -0
package/src/sync-engine-level.ts +714 -0
package/src/test-harness.ts +330 -0
package/src/types/agent.ts +195 -0
package/src/types/dwn.ts +278 -0
package/src/types/identity-vault.ts +137 -0
package/src/types/identity.ts +18 -0
package/src/types/key-manager.ts +15 -0
package/src/types/permissions.ts +115 -0
package/src/types/sync.ts +58 -0
package/src/types/vc.ts +7 -0
package/src/utils-internal.ts +157 -0
package/src/utils.ts +181 -0

package/dist/types/index.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+export type * from './types/agent.js';
+export * from './types/dwn.js';
+export type * from './types/identity.js';
+export type * from './types/identity-vault.js';
+export type * from './types/key-manager.js';
+export type * from './types/permissions.js';
+export type * from './types/sync.js';
+export type * from './types/vc.js';
+export * from './agent-did-resolver-cache.js';
+export * from './bearer-identity.js';
+export * from './crypto-api.js';
+export * from './did-api.js';
+export * from './dwn-api.js';
+export * from './dwn-registrar.js';
+export * from './hd-identity-vault.js';
+export * from './identity-api.js';
+export * from './local-key-manager.js';
+export * from './permissions-api.js';
+export * from './rpc-client.js';
+export * from './store-data.js';
+export * from './store-did.js';
+export * from './store-identity.js';
+export * from './store-key.js';
+export * from './sync-api.js';
+export * from './sync-engine-level.js';
+export * from './test-harness.js';
+export * from './utils.js';
+export * from './connect.js';
+export * from './oidc.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/types/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,mBAAmB,kBAAkB,CAAC;AACtC,cAAc,gBAAgB,CAAC;AAC/B,mBAAmB,qBAAqB,CAAC;AACzC,mBAAmB,2BAA2B,CAAC;AAC/C,mBAAmB,wBAAwB,CAAC;AAC5C,mBAAmB,wBAAwB,CAAC;AAC5C,mBAAmB,iBAAiB,CAAC;AACrC,mBAAmB,eAAe,CAAC;AAEnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,cAAc,CAAC;AAC7B,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,wBAAwB,CAAC;AACvC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,sBAAsB,CAAC;AACrC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,eAAe,CAAC;AAC9B,cAAc,wBAAwB,CAAC;AACvC,cAAe,mBAAmB,CAAC;AACnC,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,WAAW,CAAC"}

package/dist/types/local-key-manager.d.ts ADDED Viewed

@@ -0,0 +1,311 @@
+import type { Jwk, AesGcmParams, KeyIdentifier, KmsSignParams, KmsDigestParams, KmsVerifyParams, KmsExportKeyParams, KmsGetKeyUriParams, KmsImportKeyParams, KmsGenerateKeyParams, KmsGetPublicKeyParams } from '@enbox/crypto';
+import type { AgentDataStore } from './store-data.js';
+import type { Web5PlatformAgent } from './types/agent.js';
+import type { AgentKeyManager } from './types/key-manager.js';
+import type { InferType } from './prototyping/common/type-utils.js';
+import type { KmsCipherParams, KmsUnwrapKeyParams, KmsWrapKeyParams } from './prototyping/crypto/types/params-kms.js';
+type SupportedKeyGeneratorAlgorithm = 'Ed25519' | 'secp256k1' | 'ES256K' | 'secp256r1' | 'ES256' | 'A128GCM' | 'A192GCM' | 'A256GCM' | 'A128KW' | 'A192KW' | 'A256KW';
+/**
+ * The `LocalKmsParams` interface specifies the parameters for initializing an instance of
+ * {@link LocalKeyManager}. It allows the optional inclusion of a {@link AgentDataStore} instance
+ * for key management. If not provided, a default {@link InMemoryKeyStore} instance will be used for
+ * storing keys. Note that the {@link InMemoryKeyStore} is not persistent and will be cleared when
+ * the application exits.
+ */
+export type LocalKmsParams = {
+    agent?: Web5PlatformAgent;
+    /**
+     * An optional property to specify a custom {@link AgentDataStore} instance for key management. If
+     * not provided, {@link LocalKeyManager} uses a default {@link InMemoryKeyStore} instance. This
+     * store is responsible for managing cryptographic keys, allowing them to be retrieved, stored,
+     * and managed during cryptographic operations.
+     */
+    keyStore?: AgentDataStore<Jwk>;
+};
+/**
+ * The `LocalKmsGenerateKeyParams` interface defines the algorithm-specific parameters that
+ * should be passed into the {@link LocalKeyManager.generateKey | `LocalKeyManager.generateKey()`}
+ * method when generating a key in the local KMS.
+ */
+export interface LocalKmsGenerateKeyParams extends KmsGenerateKeyParams {
+    /**
+     * A string defining the type of key to generate.
+     */
+    algorithm: InferType<SupportedKeyGeneratorAlgorithm>;
+}
+/**
+ * The `LocalKmsUnwrapKeyParams` interface defines the algorithm-specific parameters that
+ * should be passed into the {@link LocalKeyManager.wrapKey} method when wrapping a key using a
+ * key stored in the local KMS to encrypt the key material.
+ */
+export interface LocalKmsUnwrapKeyParams extends KmsUnwrapKeyParams {
+    /**
+     * A string defining the type of wrapped key. The value must be one of the following:
+     * - `"A128GCM"`: AES GCM using a 128-bit key.
+     * - `"A192GCM"`: AES GCM using a 192-bit key.
+     * - `"A256GCM"`: AES GCM using a 256-bit key.
+     * - `"A128KW"`: AES Key Wrap using a 128-bit key.
+     * - `"A192KW"`: AES Key Wrap using a 192-bit key.
+     * - `"A256KW"`: AES Key Wrap using a 256-bit key.
+     */
+    wrappedKeyAlgorithm: 'A128GCM' | 'A192GCM' | 'A256GCM' | 'A128KW' | 'A192KW' | 'A256KW';
+}
+export declare class LocalKeyManager implements AgentKeyManager {
+    /**
+     * Holds the instance of a `Web5PlatformAgent` that represents the current execution context for
+     * the `LocalKeyManager`. This agent is used to interact with other Web5 agent components. It's
+     * vital to ensure this instance is set to correctly contextualize operations within the broader
+     * Web5 Agent framework.
+     */
+    private _agent?;
+    /**
+     * A private map that stores instances of cryptographic algorithm implementations. Each key in
+     * this map is an `AlgorithmConstructor`, and its corresponding value is an instance of a class
+     * that implements a specific cryptographic algorithm. This map is used to cache and reuse
+     * instances for performance optimization, ensuring that each algorithm is instantiated only once.
+     */
+    private _algorithmInstances;
+    /**
+     * The `_keyStore` private variable in `LocalKeyManager` is a {@link AgentDataStore} instance used
+     * for storing and managing cryptographic keys. It allows the `LocalKeyManager` class to save,
+     * retrieve, and handle keys efficiently within the local Key Management System (KMS) context.
+     * This variable can be configured to use different storage backends, like in-memory storage or
+     * persistent storage, providing flexibility in key management according to the application's
+     * requirements.
+     */
+    private _keyStore;
+    constructor({ agent, keyStore }?: LocalKmsParams);
+    /**
+     * Retrieves the `Web5PlatformAgent` execution context.
+     *
+     * @returns The `Web5PlatformAgent` instance that represents the current execution context.
+     * @throws Will throw an error if the `agent` instance property is undefined.
+     */
+    get agent(): Web5PlatformAgent;
+    set agent(agent: Web5PlatformAgent);
+    decrypt({ keyUri, ...params }: KmsCipherParams & AesGcmParams): Promise<Uint8Array>;
+    digest(_params: KmsDigestParams): Promise<Uint8Array>;
+    encrypt({ keyUri, ...params }: KmsCipherParams & AesGcmParams): Promise<Uint8Array>;
+    /**
+     * Exports a private key identified by the provided key URI from the local KMS.
+     *
+     * @remarks
+     * This method retrieves the key from the key store and returns it. It is primarily used
+     * for extracting keys for backup or transfer purposes.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const privateKey = await keyManager.exportKey({ keyUri });
+     * ```
+     *
+     * @param params - Parameters for exporting the key.
+     * @param params.keyUri - The key URI identifying the key to export.
+     *
+     * @returns A Promise resolving to the JWK representation of the exported key.
+     */
+    exportKey({ keyUri }: KmsExportKeyParams): Promise<Jwk>;
+    /**
+     * Generates a new cryptographic key in the local KMS with the specified algorithm and returns a
+     * unique key URI which can be used to reference the key in subsequent operations.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * console.log(keyUri); // Outputs the key URI
+     * ```
+     *
+     * @param params - The parameters for key generation.
+     * @param params.algorithm - The algorithm to use for key generation, defined in `SupportedAlgorithm`.
+     *
+     * @returns A Promise that resolves to the key URI, a unique identifier for the generated key.
+     */
+    generateKey({ algorithm: algorithmIdentifier }: LocalKmsGenerateKeyParams): Promise<KeyIdentifier>;
+    /**
+     * Computes the Key URI for a given public JWK (JSON Web Key).
+     *
+     * @remarks
+     * This method generates a {@link https://datatracker.ietf.org/doc/html/rfc3986 | URI}
+     * (Uniform Resource Identifier) for the given JWK, which uniquely identifies the key across all
+     * `CryptoApi` implementations. The key URI is constructed by appending the
+     * {@link https://datatracker.ietf.org/doc/html/rfc7638 | JWK thumbprint} to the prefix
+     * `urn:jwk:`. The JWK thumbprint is deterministically computed from the JWK and is consistent
+     * regardless of property order or optional property inclusion in the JWK. This ensures that the
+     * same key material represented as a JWK will always yield the same thumbprint, and therefore,
+     * the same key URI.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const publicKey = await keyManager.getPublicKey({ keyUri });
+     * const keyUriFromPublicKey = await keyManager.getKeyUri({ key: publicKey });
+     * console.log(keyUri === keyUriFromPublicKey); // Outputs `true`
+     * ```
+     *
+     * @param params - The parameters for getting the key URI.
+     * @param params.key - The JWK for which to compute the key URI.
+     *
+     * @returns A Promise that resolves to the key URI as a string.
+     */
+    getKeyUri({ key }: KmsGetKeyUriParams): Promise<KeyIdentifier>;
+    /**
+     * Retrieves the public key associated with a previously generated private key, identified by
+     * the provided key URI.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const publicKey = await keyManager.getPublicKey({ keyUri });
+     * ```
+     *
+     * @param params - The parameters for retrieving the public key.
+     * @param params.keyUri - The key URI of the private key to retrieve the public key for.
+     *
+     * @returns A Promise that resolves to the public key in JWK format.
+     */
+    getPublicKey({ keyUri }: KmsGetPublicKeyParams): Promise<Jwk>;
+    /**
+     * Imports a private key into the local KMS.
+     *
+     * @remarks
+     * This method stores the provided JWK in the key store, making it available for subsequent
+     * cryptographic operations. It is particularly useful for initializing the KMS with pre-existing
+     * keys or for restoring keys from backups.
+     *
+     * Note that, if defined, the `kid` (key ID) property of the JWK is used as the key URI for the
+     * imported key. If the `kid` property is not provided, the key URI is computed from the JWK
+     * thumbprint of the key.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const privateKey = { ... } // A private key in JWK format
+     * const keyUri = await keyManager.importKey({ key: privateKey });
+     * ```
+     *
+     * @param params - Parameters for importing the key.
+     * @param params.key - The private key to import to in JWK format.
+     *
+     * @returns A Promise resolving to the key URI, uniquely identifying the imported key.
+     */
+    importKey({ key }: KmsImportKeyParams): Promise<KeyIdentifier>;
+    /**
+     * Signs the provided data using the private key identified by the provided key URI.
+     *
+     * @remarks
+     * This method uses the signature algorithm determined by the `alg` and/or `crv` properties of the
+     * private key identified by the provided key URI to sign the provided data. The signature can
+     * later be verified by parties with access to the corresponding public key, ensuring that the
+     * data has not been tampered with and was indeed signed by the holder of the private key.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const data = new TextEncoder().encode('Message to sign');
+     * const signature = await keyManager.sign({ keyUri, data });
+     * ```
+     *
+     * @param params - The parameters for the signing operation.
+     * @param params.keyUri - The key URI of the private key to use for signing.
+     * @param params.data - The data to sign.
+     *
+     * @returns A Promise resolving to the digital signature as a `Uint8Array`.
+     */
+    sign({ keyUri, data }: KmsSignParams): Promise<Uint8Array>;
+    unwrapKey({ wrappedKeyBytes, wrappedKeyAlgorithm, decryptionKeyUri }: LocalKmsUnwrapKeyParams): Promise<Jwk>;
+    /**
+     * Verifies a digital signature associated the provided data using the provided key.
+     *
+     * @remarks
+     * This method uses the signature algorithm determined by the `alg` and/or `crv` properties of the
+     * provided key to check the validity of a digital signature against the original data. It
+     * confirms whether the signature was created by the holder of the corresponding private key and
+     * that the data has not been tampered with.
+     *
+     * @example
+     * ```ts
+     * const keyManager = new LocalKeyManager();
+     * const keyUri = await keyManager.generateKey({ algorithm: 'Ed25519' });
+     * const data = new TextEncoder().encode('Message to sign');
+     * const signature = await keyManager.sign({ keyUri, data });
+     * const isSignatureValid = await keyManager.verify({ keyUri, data, signature });
+     * ```
+     *
+     * @param params - The parameters for the verification operation.
+     * @param params.key - The key to use for verification.
+     * @param params.signature - The signature to verify.
+     * @param params.data - The data to verify.
+     *
+     * @returns A Promise resolving to a boolean indicating whether the signature is valid.
+     */
+    verify({ key, signature, data }: KmsVerifyParams): Promise<boolean>;
+    wrapKey({ unwrappedKey, encryptionKeyUri }: KmsWrapKeyParams): Promise<Uint8Array>;
+    deleteKey({ keyUri }: {
+        keyUri: KeyIdentifier;
+    }): Promise<void>;
+    /**
+     * Retrieves an algorithm implementation instance based on the provided algorithm name.
+     *
+     * @remarks
+     * This method checks if the requested algorithm is supported and returns a cached instance
+     * if available. If an instance does not exist, it creates and caches a new one. This approach
+     * optimizes performance by reusing algorithm instances across cryptographic operations.
+     *
+     * @example
+     * ```ts
+     * const signer = this.getAlgorithm({ algorithm: 'Ed25519' });
+     * ```
+     *
+     * @param params - The parameters for retrieving the algorithm implementation.
+     * @param params.algorithm - The name of the algorithm to retrieve.
+     *
+     * @returns An instance of the requested algorithm implementation.
+     *
+     * @throws Error if the requested algorithm is not supported.
+     */
+    private getAlgorithm;
+    /**
+     * Determines the algorithm name based on the key's properties.
+     *
+     * @remarks
+     * This method facilitates the identification of the correct algorithm for cryptographic
+     * operations based on the `alg` or `crv` properties of a {@link Jwk | JWK}.
+     *
+     * @example
+     * ```ts
+     * const publicKey = { ... }; // Public key in JWK format
+     * const algorithm = this.getAlgorithmName({ key: publicKey });
+     * ```
+     *
+     * @param params - The parameters for determining the algorithm name.
+     * @param params.key - A JWK containing the `alg` or `crv` properties.
+     *
+     * @returns The algorithm name associated with the key.
+     *
+     * @throws Error if the algorithm name cannot be determined from the provided input.
+     */
+    private getAlgorithmName;
+    /**
+     * Retrieves a private key from the key store based on the provided key URI.
+     *
+     * @example
+     * ```ts
+     * const privateKey = this.getPrivateKey({ keyUri: 'urn:jwk:...' });
+     * ```
+     *
+     * @param params - Parameters for retrieving the private key.
+     * @param params.keyUri - The key URI identifying the private key to retrieve.
+     *
+     * @returns A Promise resolving to the JWK representation of the private key.
+     *
+     * @throws Error if the key is not found in the key store.
+     */
+    private getPrivateKey;
+}
+export {};
+//# sourceMappingURL=local-key-manager.d.ts.map

package/dist/types/local-key-manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"local-key-manager.d.ts","sourceRoot":"","sources":["../../src/local-key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,GAAG,EAKH,YAAY,EAGZ,aAAa,EACb,aAAa,EACb,eAAe,EACf,eAAe,EAEf,kBAAkB,EAClB,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,qBAAqB,EAEtB,MAAM,eAAe,CAAC;AAavB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oCAAoC,CAAC;AAEpE,OAAO,KAAK,EAAE,eAAe,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,0CAA0C,CAAC;AAwDtH,KAAK,8BAA8B,GAC/B,SAAS,GACT,WAAW,GAAG,QAAQ,GAAG,WAAW,GAAG,OAAO,GAC9C,SAAS,GAAG,SAAS,GAAG,SAAS,GACjC,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEnC;;;;;;GAMG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,CAAC,EAAE,iBAAiB,CAAC;IAE1B;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;CAChC,CAAC;AAEF;;;;GAIG;AACH,MAAM,WAAW,yBAA0B,SAAQ,oBAAoB;IACrE;;OAEG;IACH,SAAS,EAAE,SAAS,CAAC,8BAA8B,CAAC,CAAA;CACrD;AAED;;;;GAIG;AACH,MAAM,WAAW,uBAAwB,SAAQ,kBAAkB;IACjE;;;;;;;;OAQG;IACH,mBAAmB,EAAE,SAAS,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,CAAC;CACzF;AAED,qBAAa,eAAgB,YAAW,eAAe;IACrD;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,CAAoB;IAEnC;;;;;OAKG;IACH,OAAO,CAAC,mBAAmB,CAA8E;IAEzG;;;;;;;OAOG;IACH,OAAO,CAAC,SAAS,CAAsB;gBAE3B,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAE,cAAmB;IAMpD;;;;;OAKG;IACH,IAAI,KAAK,IAAI,iBAAiB,CAM7B;IAED,IAAI,KAAK,CAAC,KAAK,EAAE,iBAAiB,EAEjC;IAEY,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,EACxC,eAAe,GAAG,YAAY,GAC7B,OAAO,CAAC,UAAU,CAAC;IAgBtB,MAAM,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC;IAIxC,OAAO,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,EACxC,eAAe,GAAG,YAAY,GAC7B,OAAO,CAAC,UAAU,CAAC;IAgBtB;;;;;;;;;;;;;;;;;;OAkBG;IACU,SAAS,CAAC,EAAE,MAAM,EAAE,EAC/B,kBAAkB,GACjB,OAAO,CAAC,GAAG,CAAC;IAOf;;;;;;;;;;;;;;;OAeG;IACU,WAAW,CAAC,EAAE,SAAS,EAAE,mBAAmB,EAAE,EACzD,yBAAyB,GACxB,OAAO,CAAC,aAAa,CAAC;IA4BzB;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACU,SAAS,CAAC,EAAE,GAAG,EAAE,EAC5B,kBAAkB,GACjB,OAAO,CAAC,aAAa,CAAC;IAUzB;;;;;;;;;;;;;;;OAeG;IACU,YAAY,CAAC,EAAE,MAAM,EAAE,EAClC,qBAAqB,GACpB,OAAO,CAAC,GAAG,CAAC;IAgBf;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACU,SAAS,CAAC,EAAE,GAAG,EAAE,EAC5B,kBAAkB,GACjB,OAAO,CAAC,aAAa,CAAC;IAwBzB;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACU,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAChC,aAAa,GACZ,OAAO,CAAC,UAAU,CAAC;IAgBT,SAAS,CAAC,EAAE,eAAe,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,EAC/E,uBAAuB,GACtB,OAAO,CAAC,GAAG,CAAC;IAgBf;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACU,MAAM,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,EAC1C,eAAe,GACd,OAAO,CAAC,OAAO,CAAC;IAaN,OAAO,CAAC,EAAE,YAAY,EAAE,gBAAgB,EAAE,EACrD,gBAAgB,GACf,OAAO,CAAC,UAAU,CAAC;IAgBT,SAAS,CAAC,EAAE,MAAM,EAAE,EAAC;QAAE,MAAM,EAAE,aAAa,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAU3E;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,YAAY;IAmBpB;;;;;;;;;;;;;;;;;;;OAmBG;IACH,OAAO,CAAC,gBAAgB;IAqBxB;;;;;;;;;;;;;;OAcG;YACW,aAAa;CAY5B"}

package/dist/types/oidc.d.ts ADDED Viewed

@@ -0,0 +1,247 @@
+import { RequireOnly } from '@enbox/common';
+import type { ConnectPermissionRequest } from './connect.js';
+import { DidDocument, PortableDid, type BearerDid } from '@enbox/dids';
+import { DwnDataEncodedRecordsWriteMessage, DwnPermissionScope } from './types/dwn.js';
+import type { Web5Agent } from './types/agent.js';
+/**
+ * Sent to an OIDC server to authorize a client. Allows clients
+ * to securely send authorization request parameters directly to
+ * the server via POST. This avoids exposing sensitive data in URLs
+ * and ensures the server validates the request before user interaction.
+ *
+ * @see {@link https://www.rfc-editor.org/rfc/rfc9126.html | OAuth 2.0 Pushed Authorization Requests}
+ */
+export type PushedAuthRequest = {
+    /** The JWT which contains the {@link Web5ConnectAuthRequest} */
+    request: string;
+};
+/**
+ * Sent back by OIDC server in response to {@link PushedAuthRequest}
+ * The server generates a TTL and a unique request_uri. The request_uri can be shared
+ * with the Provider using a link or a QR code along with additional params
+ * to access the url and decrypt the payload.
+ */
+export type PushedAuthResponse = {
+    request_uri: string;
+    expires_in: number;
+};
+/**
+ * Used in decentralized apps. The SIOPv2 Auth Request is created by a client relying party (RP)
+ * often a web service or an app who wants to obtain information from a provider
+ * The contents of this are inserted into a JWT inside of the {@link PushedAuthRequest}.
+ * @see {@link https://github.com/TBD54566975/known-customer-credential | TBD OIDC Documentation for SIOPv2 }
+ */
+export type SIOPv2AuthRequest = {
+    /** The DID of the client (RP) */
+    client_id: string;
+    /** The scope of the access request (e.g., `openid profile`). */
+    scope: string;
+    /** The type of response desired (e.g. `id_token`) */
+    response_type: string;
+    /** the URL to which the Identity Provider will post the Authorization Response */
+    redirect_uri: string;
+    /** The URI to which the SIOPv2 Authorization Response will be sent (Tim's note: not used with encrypted request JWT)*/
+    response_uri?: string;
+    /**
+     * An opaque value used to maintain state between the request and the callback.
+     * Recommended for security to prevent CSRF attacks.
+     */
+    state: string;
+    /**
+     * A string value used to associate a client session with an ID token to mitigate replay attacks.
+     * Recommended when requesting ID tokens.
+     */
+    nonce: string;
+    /**
+     * The PKCE code challenge.
+     * Required if `code_challenge_method` is used. Enhances security for public clients (e.g., single-page apps,
+     * mobile apps) by requiring an additional verification step during token exchange.
+     */
+    code_challenge?: string;
+    /** The method used for the PKCE challenge (typically `S256`). Must be present if `code_challenge` is included. */
+    code_challenge_method?: 'S256';
+    /**
+     * An ID token previously issued to the client, passed as a hint about the end-user’s current or past authenticated
+     * session with the client. Can streamline user experience if already logged in.
+     */
+    id_token_hint?: string;
+    /** A hint to the authorization server about the login identifier the user might use. Useful for pre-filling login information. */
+    login_hint?: string;
+    /** Requested Authentication Context Class Reference values. Specifies the authentication context requirements. */
+    acr_values?: string;
+    /** When using a PAR for secure cross device flows we use a "form_post" rather than a "direct_post" */
+    response_mode: 'direct_post';
+    /** Used by PFI to request VCs as input to IDV process. If present, `response_type: "vp_token""` MUST also be present */
+    presentation_definition?: any;
+    /** A JSON object containing the Verifier metadata values (Tim's note: from TBD KCC Repo) */
+    client_metadata?: {
+        /** Array of strings, each a DID method supported for the subject of ID Token	*/
+        subject_syntax_types_supported: string[];
+        /** Human-readable string name of the client to be presented to the end-user during authorization */
+        client_name?: string;
+        /** URI of a web page providing information about the client */
+        client_uri?: string;
+        /** URI of an image logo for the client */
+        logo_uri?: string;
+        /** Array of strings representing ways to contact people responsible for this client, typically email addresses */
+        contacts?: string[];
+        /** URI that points to a terms of service document for the client */
+        tos_uri?: string;
+        /** URI that points to a privacy policy document */
+        policy_uri?: string;
+    };
+};
+/**
+ * An auth request that is compatible with both Web5 Connect and (hopefully, WIP) OIDC SIOPv2
+ * The contents of this are inserted into a JWT inside of the {@link PushedAuthRequest}.
+ */
+export type Web5ConnectAuthRequest = {
+    /** The user friendly name of the client/app to be displayed when prompting end-user with permission requests. */
+    displayName: string;
+    /** PermissionGrants that are to be sent to the provider */
+    permissionRequests: ConnectPermissionRequest[];
+} & SIOPv2AuthRequest;
+/** The fields for an OIDC SIOPv2 Auth Repsonse */
+export type SIOPv2AuthResponse = {
+    /** Issuer MUST match the value of sub (Applicant's DID) */
+    iss: string;
+    /** Subject Identifier. A locally unique and never reassigned identifier
+     * within the Issuer for the End-User, which is intended to be consumed
+     * by the Client. */
+    sub: string;
+    /** Audience(s) that this ID Token is intended for. It MUST contain the
+     * OAuth 2.0 client_id of the Relying Party as an audience value. */
+    aud: string;
+    /** Time at which the JWT was issued. */
+    iat: number;
+    /** Expiration time on or after which the ID Token MUST NOT be accepted
+     * for processing. */
+    exp: number;
+    /** Time when the End-User authentication occurred. */
+    auth_time?: number;
+    /** b64url encoded nonce used to associate a Client session with an ID Token, and to
+     * mitigate replay attacks. */
+    nonce?: string;
+    /** Custom claims. */
+    [key: string]: any;
+};
+/** An auth response that is compatible with both Web5 Connect and (hopefully, WIP) OIDC SIOPv2 */
+export type Web5ConnectAuthResponse = {
+    delegateGrants: DwnDataEncodedRecordsWriteMessage[];
+    delegatePortableDid: PortableDid;
+} & SIOPv2AuthResponse;
+/** Represents the different OIDC endpoint types.
+ * 1. `pushedAuthorizationRequest`: client sends {@link PushedAuthRequest} receives {@link PushedAuthResponse}
+ * 2. `authorize`: provider gets the {@link Web5ConnectAuthRequest} JWT that was stored by the PAR
+ * 3. `callback`: provider sends {@link Web5ConnectAuthResponse} to this endpoint
+ * 4. `token`: client gets {@link Web5ConnectAuthResponse} from this endpoint
+ */
+type OidcEndpoint = 'pushedAuthorizationRequest' | 'authorize' | 'callback' | 'token';
+/**
+ * Gets the correct OIDC endpoint out of the {@link OidcEndpoint} options provided.
+ * Handles a trailing slash on baseURL
+ *
+ * @param {Object} options the options object
+ * @param {string} options.baseURL for example `http://foo.com/connect/
+ * @param {OidcEndpoint} options.endpoint the OIDC endpoint desired
+ * @param {string} options.authParam this is the unique id which must be provided when getting the `authorize` endpoint
+ * @param {string} options.tokenParam this is the random state as b64url which must be provided with the `token` endpoint
+ */
+declare function buildOidcUrl({ baseURL, endpoint, authParam, tokenParam, }: {
+    baseURL: string;
+    endpoint: OidcEndpoint;
+    authParam?: string;
+    tokenParam?: string;
+}): string;
+/**
+ * Generates a cryptographically random "code challenge" in
+ * accordance with the RFC 7636 PKCE specification.
+ *
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 | RFC 7636 }
+ */
+declare function generateCodeChallenge(): Promise<{
+    codeChallengeBytes: Uint8Array;
+    codeChallengeBase64Url: string;
+}>;
+/** Client creates the {@link Web5ConnectAuthRequest} */
+declare function createAuthRequest(options: RequireOnly<Web5ConnectAuthRequest, 'client_id' | 'scope' | 'redirect_uri' | 'permissionRequests' | 'displayName'>): Promise<Web5ConnectAuthRequest>;
+/** Encrypts the auth request with the key which will be passed through QR code */
+declare function encryptAuthRequest({ jwt, encryptionKey, }: {
+    jwt: string;
+    encryptionKey: Uint8Array;
+}): Promise<string>;
+/** Create a response object compatible with Web5 Connect and OIDC SIOPv2 */
+declare function createResponseObject(options: RequireOnly<Web5ConnectAuthResponse, 'iss' | 'sub' | 'aud' | 'delegateGrants' | 'delegatePortableDid'>): Promise<Web5ConnectAuthResponse>;
+/** sign an object and transform it into a jwt using a did */
+declare function signJwt({ did, data, }: {
+    did: BearerDid;
+    data: Record<string, unknown>;
+}): Promise<string>;
+/** Take the decrypted JWT and verify it was signed by its public DID. Return parsed object. */
+declare function verifyJwt({ jwt }: {
+    jwt: string;
+}): Promise<object>;
+/** Take the encrypted JWE, decrypt using the code challenge and return a JWT string which will need to be verified */
+declare function decryptAuthRequest({ jwe, encryption_key, }: {
+    jwe: string;
+    encryption_key: string;
+}): string;
+/**
+ * The client uses to decrypt the jwe obtained from the auth server which contains
+ * the {@link Web5ConnectAuthResponse} that was sent by the provider to the auth server.
+ *
+ * @async
+ * @param {BearerDid} clientDid - The did that was initially used by the client for ECDH at connect init.
+ * @param {string} jwe - The encrypted data as a jwe.
+ * @param {string} pin - The pin that was obtained from the user.
+ */
+declare function decryptAuthResponse(clientDid: BearerDid, jwe: string, pin: string): Promise<string>;
+/** Derives a shared ECDH private key in order to encrypt the {@link Web5ConnectAuthResponse} */
+declare function deriveSharedKey(privateKeyDid: BearerDid, publicKeyDid: DidDocument): Promise<Uint8Array>;
+/**
+ * Encrypts the auth response jwt. Requires a randomPin is added to the AAD of the
+ * encryption algorithm in order to prevent man in the middle and eavesdropping attacks.
+ * The keyid of the delegate did is used to pass the public key to the client in order
+ * for the client to derive the shared ECDH private key.
+ */
+declare function encryptAuthResponse({ jwt, encryptionKey, delegateDidKeyId, randomPin, }: {
+    jwt: string;
+    encryptionKey: Uint8Array;
+    delegateDidKeyId: string;
+    randomPin: string;
+}): string;
+/**
+ * Creates the permission grants that assign to the selectedDid the level of
+ * permissions that the web app requested in the {@link Web5ConnectAuthRequest}
+ */
+declare function createPermissionGrants(selectedDid: string, delegateBearerDid: BearerDid, agent: Web5Agent, scopes: DwnPermissionScope[]): Promise<(import("@enbox/dwn-sdk-js").RecordsWriteMessage & {
+    encodedData: string;
+})[]>;
+/**
+ * Creates a delegate did which the web app will use as its future indentity.
+ * Assigns to that DID the level of permissions that the web app requested in
+ * the {@link Web5ConnectAuthRequest}. Encrypts via ECDH key that the web app
+ * will have access to because the web app has the public key which it provided
+ * in the {@link Web5ConnectAuthRequest}. Then sends the ciphertext of this
+ * {@link Web5ConnectAuthResponse} to the callback endpoint. Which the
+ * web app will need to retrieve from the token endpoint and decrypt with the pin to access.
+ */
+declare function submitAuthResponse(selectedDid: string, authRequest: Web5ConnectAuthRequest, randomPin: string, agent: Web5Agent): Promise<void>;
+export declare const Oidc: {
+    createAuthRequest: typeof createAuthRequest;
+    encryptAuthRequest: typeof encryptAuthRequest;
+    getAuthRequest: (request_uri: string, encryption_key: string) => Promise<Web5ConnectAuthRequest>;
+    decryptAuthRequest: typeof decryptAuthRequest;
+    createPermissionGrants: typeof createPermissionGrants;
+    createResponseObject: typeof createResponseObject;
+    encryptAuthResponse: typeof encryptAuthResponse;
+    decryptAuthResponse: typeof decryptAuthResponse;
+    deriveSharedKey: typeof deriveSharedKey;
+    signJwt: typeof signJwt;
+    verifyJwt: typeof verifyJwt;
+    buildOidcUrl: typeof buildOidcUrl;
+    generateCodeChallenge: typeof generateCodeChallenge;
+    submitAuthResponse: typeof submitAuthResponse;
+};
+export {};
+//# sourceMappingURL=oidc.d.ts.map

package/dist/types/oidc.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,WAAW,EAAE,MAAM,eAAe,CAAC;AAY7D,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAU,WAAW,EAAE,KAAK,SAAS,EAAE,MAAM,aAAa,CAAC;AAC/E,OAAO,EAAE,iCAAiC,EAAgB,kBAAkB,EAAyB,MAAM,gBAAgB,CAAC;AAE5H,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAIlD;;;;;;;GAOG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gEAAgE;IAChE,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAElB,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IAEd,qDAAqD;IACrD,aAAa,EAAE,MAAM,CAAC;IAEtB,kFAAkF;IAClF,YAAY,EAAE,MAAM,CAAC;IAErB,uHAAuH;IACvH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,kHAAkH;IAClH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kIAAkI;IAClI,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,kHAAkH;IAClH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,sGAAsG;IACtG,aAAa,EAAE,aAAa,CAAC;IAE7B,wHAAwH;IACxH,uBAAuB,CAAC,EAAE,GAAG,CAAC;IAE9B,4FAA4F;IAC5F,eAAe,CAAC,EAAE;QAChB,gFAAgF;QAChF,8BAA8B,EAAE,MAAM,EAAE,CAAC;QACzC,oGAAoG;QACpG,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,+DAA+D;QAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,0CAA0C;QAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,kHAAkH;QAClH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oEAAoE;QACpE,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,mDAAmD;QACnD,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,iHAAiH;IACjH,WAAW,EAAE,MAAM,CAAC;IAEpB,2DAA2D;IAC3D,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;CAChD,GAAG,iBAAiB,CAAC;AAEtB,kDAAkD;AAClD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,2DAA2D;IAC3D,GAAG,EAAE,MAAM,CAAC;IACZ;;wBAEoB;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ;wEACoE;IACpE,GAAG,EAAE,MAAM,CAAC;IACZ,wCAAwC;IACxC,GAAG,EAAE,MAAM,CAAC;IACZ;yBACqB;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;kCAC8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qBAAqB;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB,CAAC;AAEF,kGAAkG;AAClG,MAAM,MAAM,uBAAuB,GAAG;IACpC,cAAc,EAAE,iCAAiC,EAAE,CAAC;IACpD,mBAAmB,EAAE,WAAW,CAAC;CAClC,GAAG,kBAAkB,CAAC;AAEvB;;;;;GAKG;AACH,KAAK,YAAY,GACb,4BAA4B,GAC5B,WAAW,GACX,UAAU,GACV,OAAO,CAAC;AAEZ;;;;;;;;;GASG;AACH,iBAAS,YAAY,CAAC,EACpB,OAAO,EACP,QAAQ,EACR,SAAS,EACT,UAAU,GACX,EAAE;IACD,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,UA0BA;AAED;;;;;GAKG;AACH,iBAAe,qBAAqB;;;GAOnC;AAED,wDAAwD;AACxD,iBAAe,iBAAiB,CAC9B,OAAO,EAAE,WAAW,CAClB,sBAAsB,EACtB,WAAW,GAAG,OAAO,GAAG,cAAc,GAAG,oBAAoB,GAAG,aAAa,CAC9E,mCAoBF;AAED,kFAAkF;AAClF,iBAAe,kBAAkB,CAAC,EAChC,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,UAAU,CAAC;CAC3B,mBA2BA;AAED,4EAA4E;AAC5E,iBAAe,oBAAoB,CACjC,OAAO,EAAE,WAAW,CAClB,uBAAuB,EACvB,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,gBAAgB,GAAG,qBAAqB,CACjE,oCAWF;AAED,6DAA6D;AAC7D,iBAAe,OAAO,CAAC,EACrB,GAAG,EACH,IAAI,GACL,EAAE;IACD,GAAG,EAAE,SAAS,CAAC;IACf,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B,mBAoBA;AAED,+FAA+F;AAC/F,iBAAe,SAAS,CAAC,EAAE,GAAG,EAAE,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,mBA6ChD;AAoBD,sHAAsH;AACtH,iBAAS,kBAAkB,CAAC,EAC1B,GAAG,EACH,cAAc,GACf,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,CAAC;CACxB,UA4BA;AAED;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAChC,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,mBA0CZ;AAED,gGAAgG;AAChG,iBAAe,eAAe,CAC5B,aAAa,EAAE,SAAS,EACxB,YAAY,EAAE,WAAW,uBAuC1B;AAED;;;;;GAKG;AACH,iBAAS,mBAAmB,CAAC,EAC3B,GAAG,EACH,aAAa,EACb,gBAAgB,EAChB,SAAS,GACV,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,UAAU,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB,UAgCA;AAgBD;;;GAGG;AACH,iBAAe,sBAAsB,CACnC,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,SAAS,EAC5B,KAAK,EAAE,SAAS,EAChB,MAAM,EAAE,kBAAkB,EAAE;;MAsD7B;AAiED;;;;;;;;GAQG;AACH,iBAAe,kBAAkB,CAC/B,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,sBAAsB,EACnC,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,SAAS,iBA+EjB;AAED,eAAO,MAAM,IAAI;;;kCApb0B,MAAM,kBAAkB,MAAM;;;;;;;;;;;;CAmcxE,CAAC"}

package/dist/types/permissions-api.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { Web5Agent } from './types/agent.js';
+import { DwnInterface } from './types/dwn.js';
+import { CreateGrantParams, CreateRequestParams, CreateRevocationParams, FetchPermissionRequestParams, FetchPermissionsParams, GetPermissionParams, IsGrantRevokedParams, PermissionGrantEntry, PermissionRequestEntry, PermissionRevocationEntry, PermissionsApi } from './types/permissions.js';
+export declare class AgentPermissionsApi implements PermissionsApi {
+    /** cache for fetching a permission {@link PermissionGrant}, keyed by a specific MessageType and protocol */
+    private _cachedPermissions;
+    private _agent?;
+    get agent(): Web5Agent;
+    set agent(agent: Web5Agent);
+    constructor({ agent }?: {
+        agent?: Web5Agent;
+    });
+    getPermissionForRequest({ connectedDid, delegateDid, delegate, messageType, protocol, cached }: GetPermissionParams): Promise<PermissionGrantEntry>;
+    fetchGrants({ author, target, grantee, grantor, protocol, remote }: FetchPermissionsParams): Promise<PermissionGrantEntry[]>;
+    fetchRequests({ author, target, protocol, remote }: FetchPermissionRequestParams): Promise<PermissionRequestEntry[]>;
+    isGrantRevoked({ author, target, grantRecordId, remote }: IsGrantRevokedParams): Promise<boolean>;
+    createGrant(params: CreateGrantParams): Promise<PermissionGrantEntry>;
+    createRequest(params: CreateRequestParams): Promise<PermissionRequestEntry>;
+    createRevocation(params: CreateRevocationParams): Promise<PermissionRevocationEntry>;
+    clear(): Promise<void>;
+    /**
+     * Matches the appropriate grant from an array of grants based on the provided parameters.
+     *
+     * @param delegated if true, only delegated grants are turned, if false all grants are returned including delegated ones.
+     */
+    static matchGrantFromArray<T extends DwnInterface>(grantor: string, grantee: string, messageParams: {
+        messageType: T;
+        protocol?: string;
+        protocolPath?: string;
+        contextId?: string;
+    }, grants: PermissionGrantEntry[], delegated?: boolean): Promise<PermissionGrantEntry | undefined>;
+    private static matchScopeFromGrant;
+    private static isUnrestrictedProtocolScope;
+}
+//# sourceMappingURL=permissions-api.d.ts.map

package/dist/types/permissions-api.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"permissions-api.d.ts","sourceRoot":"","sources":["../../src/permissions-api.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAqC,YAAY,EAAwL,MAAM,gBAAgB,CAAC;AAEvQ,OAAO,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,4BAA4B,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,sBAAsB,EAAE,yBAAyB,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AAGlS,qBAAa,mBAAoB,YAAW,cAAc;IAExD,4GAA4G;IAC5G,OAAO,CAAC,kBAAkB,CAA4E;IAEtG,OAAO,CAAC,MAAM,CAAC,CAAY;IAE3B,IAAI,KAAK,IAAI,SAAS,CAKrB;IAED,IAAI,KAAK,CAAC,KAAK,EAAC,SAAS,EAExB;gBAEW,EAAE,KAAK,EAAE,GAAE;QAAE,KAAK,CAAC,EAAE,SAAS,CAAA;KAAO;IAI3C,uBAAuB,CAAC,EAC5B,YAAY,EACZ,WAAW,EACX,QAAQ,EACR,WAAW,EACX,QAAQ,EACR,MAAc,EACf,EAAE,mBAAmB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAiChD,WAAW,CAAC,EAChB,MAAM,EACN,MAAM,EACN,OAAO,EACP,OAAO,EACP,QAAQ,EACR,MAAc,EACf,EAAE,sBAAsB,GAAG,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAmCrD,aAAa,CAAC,EAClB,MAAM,EACN,MAAM,EACN,QAAQ,EACR,MAAc,EACf,EAAC,4BAA4B,GAAE,OAAO,CAAC,sBAAsB,EAAE,CAAC;IA+B3D,cAAc,CAAC,EACnB,MAAM,EACN,MAAM,EACN,aAAa,EACb,MAAc,EACf,EAAE,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC;IA0BpC,WAAW,CAAC,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAiDrE,aAAa,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA8C3E,gBAAgB,CAAC,MAAM,EAAE,sBAAsB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAyCpF,KAAK,IAAG,OAAO,CAAC,IAAI,CAAC;IAI3B;;;;OAIG;WACU,mBAAmB,CAAC,CAAC,SAAS,YAAY,EACrD,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,aAAa,EAAE;QACb,WAAW,EAAE,CAAC,CAAC;QACf,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,EACD,MAAM,EAAE,oBAAoB,EAAE,EAC9B,SAAS,GAAE,OAAe,GACzB,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAc5C,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAwDlC,OAAO,CAAC,MAAM,CAAC,2BAA2B;CAG3C"}