@enbox/agent 0.3.1 → 0.4.0

package/src/enbox-user-agent.ts

@@ -90,6 +90,16 @@ export type AgentParams<TKeyManager extends AgentKeyManager = LocalKeyManager> =
 
 export type CreateUserAgentParams = Partial<AgentParams> & {
   localDwnStrategy?: LocalDwnStrategy;
+
+  /**
+   * When set, the agent operates in "remote mode": no in-process DWN is
+   * created. All `processRequest()` calls are routed through RPC to
+   * this endpoint instead.
+   *
+   * Typically set by `AuthManager.create()` after standalone discovery
+   * determines that a local DWN server is running.
+   */
+  localDwnEndpoint?: string;
 };
 
 export class EnboxUserAgent<TKeyManager extends AgentKeyManager = LocalKeyManager> implements EnboxPlatformAgent<TKeyManager> {
@@ -146,6 +156,7 @@ export class EnboxUserAgent<TKeyManager extends AgentKeyManager = LocalKeyManage
   public static async create({
     dataPath = 'DATA/AGENT',
     localDwnStrategy,
+    localDwnEndpoint,
     agentDid, agentVault, cryptoApi, didApi, dwnApi, identityApi, keyManager, permissionsApi, rpcClient, syncApi
   }: CreateUserAgentParams = {}
   ): Promise<EnboxUserAgent> {
@@ -163,10 +174,22 @@ export class EnboxUserAgent<TKeyManager extends AgentKeyManager = LocalKeyManage
       store         : new DwnDidStore()
     });
 
-    dwnApi ??= new AgentDwnApi({
-      dwn              : await AgentDwnApi.createDwn({ dataPath, didResolver: didApi }),
-      localDwnStrategy : localDwnStrategy ?? 'prefer',
-    });
+    if (!dwnApi) {
+      if (localDwnEndpoint) {
+        // Remote mode: no in-process DWN. All operations route through
+        // RPC to the local DWN server.
+        dwnApi = new AgentDwnApi({
+          localDwnEndpoint,
+          localDwnStrategy: localDwnStrategy ?? 'prefer',
+        });
+      } else {
+        // Local mode: create an in-process DWN with LevelDB stores.
+        dwnApi = new AgentDwnApi({
+          dwn              : await AgentDwnApi.createDwn({ dataPath, didResolver: didApi }),
+          localDwnStrategy : localDwnStrategy ?? 'prefer',
+        });
+      }
+    }
     if (localDwnStrategy) {
       dwnApi.setLocalDwnStrategy(localDwnStrategy);
     }

package/src/index.ts

@@ -17,7 +17,9 @@ export * from './dwn-discovery-file.js';
 export * from './dwn-discovery-payload.js';
 export * from './dwn-encryption.js';
 export * from './dwn-key-delivery.js';
-export * from './dwn-record-upgrade.js';
+// NOTE: dwn-record-upgrade.js is intentionally NOT exported — the module
+// is disabled (see TODO in dwn-api.ts postWriteKeyDelivery). Keeping the
+// source file for reference until the redesign in a future PR.
 export * from './dwn-type-guards.js';
 export * from './protocol-utils.js';
 export * from './hd-identity-vault.js';
@@ -34,5 +36,5 @@ export * from './sync-engine-level.js';
 export * from './test-harness.js';
 export * from './utils.js';
 export * from './connect.js';
-export * from './oidc.js';
+export * from './enbox-connect-protocol.js';
 export * from './enbox-user-agent.js';

package/src/local-dwn.ts

@@ -7,10 +7,11 @@
  * 2. **Discovery file** (`~/.enbox/dwn.json`) — written by `electrobun-dwn`
  *    on startup. Fast filesystem read, no network. Available for CLI and
  *    native apps; skipped in browsers.
- * 3. **Port probing** (fallback) — sequential HTTP `GET /info` on well-known
- *    localhost ports. Works everywhere but is slower.
+ * 3. **Injected endpoint** — in browsers, the `dwn://connect` redirect
+ *    flow delivers the endpoint, which is injected via
+ *    {@link LocalDwnDiscovery.setCachedEndpoint | setCachedEndpoint()}.
  *
- * @see https://github.com/enboxorg/enbox/issues/585
+ * @see https://github.com/enboxorg/enbox/issues/677
  * @module
  */
 
@@ -18,31 +19,11 @@ import type { EnboxRpc } from '@enbox/dwn-clients';
 
 import type { DwnDiscoveryFile } from './dwn-discovery-file.js';
 
-/**
- * Well-known ports the local DWN desktop app may bind to.
- *
- * Per the DWN Transport Spec, clients probe ports `55500` through `55509`
- * (inclusive). Port `3000` is included as a development convenience.
- *
- * @see https://identity.foundation/dwn-transport/#port-probing
- */
-export const localDwnPortCandidates = [3000, 55500, 55501, 55502, 55503, 55504, 55505, 55506, 55507, 55508, 55509] as const;
-
-/**
- * Hosts probed when discovering a local DWN server.
- *
- * Per the DWN Transport Spec, clients MUST use `127.0.0.1` rather than
- * `localhost` to avoid DNS resolution ambiguity.
- *
- * @see https://identity.foundation/dwn-transport/#port-probing
- */
-export const localDwnHostCandidates = ['127.0.0.1'] as const;
-
 /**
  * Controls how the agent discovers and routes to a local DWN server.
  *
  * - `'off'`    — (default) skip local discovery entirely.
- * - `'prefer'` — probe localhost first; fall back to DID-document endpoints.
+ * - `'prefer'` — try local DWN first; fall back to DID-document endpoints.
  * - `'only'`   — require a local server; throw if none is found.
  */
 export type LocalDwnStrategy = 'prefer' | 'only' | 'off';
@@ -61,7 +42,7 @@ export function normalizeBaseUrl(url: string): string {
  * Results are cached for {@link _cacheTtlMs} milliseconds (default 10 s) to
  * avoid repeated I/O on hot paths such as sync.
  *
- * @example Discovery with file-based channel
+ * @example Discovery with file-based channel (CLI / native)
  * ```ts
  * import { DwnDiscoveryFile } from './dwn-discovery-file.js';
  *
@@ -70,7 +51,7 @@ export function normalizeBaseUrl(url: string): string {
  * const endpoint = await discovery.getEndpoint();
  * ```
  *
- * @example Browser: inject cached endpoint from `dwn://register` redirect
+ * @example Browser: inject cached endpoint from `dwn://connect` redirect
  * ```ts
  * const discovery = new LocalDwnDiscovery(rpcClient);
  * discovery.setCachedEndpoint('http://127.0.0.1:55557');
@@ -95,7 +76,14 @@ export class LocalDwnDiscovery {
    * 2. `~/.enbox/dwn.json` discovery file (if a {@link DwnDiscoveryFile}
    *    was provided). The endpoint from the file is validated via
    *    `GET /info` to ensure the server is still running.
-   * 3. Sequential port probing on well-known localhost ports (fallback).
+   *
+   * If neither channel finds an endpoint, the result (`undefined`) is
+   * cached to avoid repeated discovery file reads on hot paths.
+   *
+   * In browser environments (where no discovery file is available), the
+   * endpoint must be injected externally via
+   * {@link setCachedEndpoint | setCachedEndpoint()} — typically after a
+   * `dwn://connect` redirect delivers the endpoint in the URL fragment.
    */
   public async getEndpoint(): Promise<string | undefined> {
     const now = Date.now();
@@ -103,22 +91,21 @@ export class LocalDwnDiscovery {
       return this._cachedEndpoint;
     }
 
-    // Channel 1: file-based discovery.
+    // File-based discovery (CLI / native — skipped when no file is configured).
     const fileEndpoint = await this._tryDiscoveryFile();
     if (fileEndpoint !== undefined) {
       this._setCacheEntry(fileEndpoint, now);
       return fileEndpoint;
     }
 
-    // Channel 2: sequential port probing (fallback).
-    const probeEndpoint = await this._probePortCandidates();
-    // Cache both positive and negative results.
-    this._setCacheEntry(probeEndpoint, now);
-    return probeEndpoint;
+    // No endpoint found. Cache the negative result to avoid repeated
+    // discovery file reads within the TTL window.
+    this._setCacheEntry(undefined, now);
+    return undefined;
   }
 
   /**
-   * Inject a cached endpoint (e.g. from a `dwn://register` browser redirect
+   * Inject a cached endpoint (e.g. from a `dwn://connect` browser redirect
    * or from `localStorage`). The endpoint is validated via `GET /info` before
    * caching.
    *
@@ -142,7 +129,7 @@ export class LocalDwnDiscovery {
     this._cacheExpiry = 0;
   }
 
-  // ─── Private discovery channels ────────────────────────────────
+  // ─── Private ──────────────────────────────────────────────────
 
   /**
    * Try the `~/.enbox/dwn.json` discovery file. Returns the endpoint if
@@ -168,24 +155,6 @@ export class LocalDwnDiscovery {
     }
   }
 
-  /**
-   * Sequential HTTP probe on well-known localhost port candidates.
-   * Returns the first endpoint whose `GET /info` response identifies
-   * as `@enbox/dwn-server`, or `undefined` if none is found.
-   */
-  private async _probePortCandidates(): Promise<string | undefined> {
-    for (const port of localDwnPortCandidates) {
-      for (const host of localDwnHostCandidates) {
-        const endpoint = `http://${host}:${port}`;
-        const valid = await this._validateEndpoint(endpoint);
-        if (valid) {
-          return normalizeBaseUrl(endpoint);
-        }
-      }
-    }
-    return undefined;
-  }
-
   /**
    * Call `GET /info` on the endpoint and check that
    * `serverInfo.server === '@enbox/dwn-server'`.

package/src/permissions-api.ts

@@ -263,7 +263,7 @@ export class AgentPermissionsApi implements PermissionsApi {
       target      : author,
       messageType : DwnInterface.RecordsWrite,
       messageParams,
-      dataStream  : new Blob([ permissionsGrantBytes ])
+      dataStream  : new Blob([ permissionsGrantBytes as BlobPart ])
     });
 
     if (reply.status.code !== 202) {
@@ -309,7 +309,7 @@ export class AgentPermissionsApi implements PermissionsApi {
       target      : author,
       messageType : DwnInterface.RecordsWrite,
       messageParams,
-      dataStream  : new Blob([ permissionRequestBytes ])
+      dataStream  : new Blob([ permissionRequestBytes as BlobPart ])
     });
 
     if (reply.status.code !== 202) {
@@ -352,7 +352,7 @@ export class AgentPermissionsApi implements PermissionsApi {
       target      : author,
       messageType : DwnInterface.RecordsWrite,
       messageParams,
-      dataStream  : new Blob([ permissionRevocationBytes ])
+      dataStream  : new Blob([ permissionRevocationBytes as BlobPart ])
     });
 
     if (reply.status.code !== 202) {

package/src/store-data.ts

@@ -194,7 +194,7 @@ export class DwnDataStore<TStoreObject extends Record<string, any> = Jwk> implem
       target        : tenantDid,
       messageType   : DwnInterface.RecordsWrite,
       messageParams : { ...this._recordProperties, ...messageParams },
-      dataStream    : new Blob([dataBytes], { type: 'application/json' }),
+      dataStream    : new Blob([dataBytes as BlobPart], { type: 'application/json' }),
       ...(encryptionActive ? { encryption: true } : {}),
     });
 

package/src/sync-engine-level.ts

@@ -521,7 +521,7 @@ export class SyncEngineLevel implements SyncEngine {
         try {
           // Process the message locally.
           const dataStream = this.extractDataStream(event);
-          await this.agent.dwn.node.processMessage(did, event.message, { dataStream });
+          await this.agent.dwn.processRawMessage(did, event.message, { dataStream });
         } catch (error: any) {
           console.error(`SyncEngineLevel: Error processing live-pull event for ${did}`, error);
         }

package/src/sync-messages.ts

@@ -75,7 +75,7 @@ export async function pullMessages({ did, dwnUrl, delegateDid, protocol, message
     const failedCids: string[] = [];
 
     for (const entry of pending) {
-      const pullReply = await agent.dwn.node.processMessage(did, entry.message, { dataStream: entry.dataStream });
+      const pullReply = await agent.dwn.processRawMessage(did, entry.message, { dataStream: entry.dataStream });
       if (!syncMessageReplyIsSuccessful(pullReply)) {
         const cid = await getMessageCid(entry.message);
         failedCids.push(cid);

package/dist/esm/oidc.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oidc.js","sourceRoot":"","sources":["../../src/oidc.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;AASA,OAAO,EAAkB,MAAM,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAChD,OAAO,EACL,WAAW,EACX,OAAO,EACP,cAAc,EACd,IAAI,EACJ,MAAM,EACN,MAAM,EACN,iBAAiB,GAClB,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAEpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAAE,uBAAuB,EAAE,MAAM,cAAc,CAAC;AAkKvD;;;;;;;;;GASG;AACH,SAAS,YAAY,CAAC,EACpB,OAAO,EACP,QAAQ,EACR,SAAS,EACT,UAAU,GAMX;IACC,QAAQ,QAAQ,EAAE,CAAC;QACjB,6FAA6F;QAC7F,KAAK,4BAA4B;YAC/B,OAAO,cAAc,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACxC,uDAAuD;QACvD,KAAK,WAAW;YACd,IAAI,CAAC,SAAS,EACd,CAAC;gBAAA,MAAM,IAAI,KAAK,CACd,uDAAuD,CACxD,CAAC;YAAA,CAAC;YACH,OAAO,cAAc,CAAC,OAAO,EAAE,aAAa,SAAS,MAAM,CAAC,CAAC;QAC/D,yDAAyD;QACzD,KAAK,UAAU;YACb,OAAO,cAAc,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAC7C,sDAAsD;QACtD,KAAK,OAAO;YACV,IAAI,CAAC,UAAU,EACf,CAAC;gBAAA,MAAM,IAAI,KAAK,CACd,wDAAwD,CACzD,CAAC;YAAA,CAAC;YACH,OAAO,cAAc,CAAC,OAAO,EAAE,SAAS,UAAU,MAAM,CAAC,CAAC;QAC5D,4BAA4B;QAC5B;YACE,MAAM,IAAI,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;IACtE,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAe,qBAAqB;;QAClC,MAAM,iBAAiB,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QACtD,MAAM,kBAAkB,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC5E,MAAM,sBAAsB,GAC1B,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC,WAAW,EAAE,CAAC;QAEvD,OAAO,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,CAAC;IACxD,CAAC;CAAA;AAED,yDAAyD;AACzD,SAAe,iBAAiB,CAC9B,OAGC;;QAED,0FAA0F;QAC1F,MAAM,UAAU,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAE/C,0FAA0F;QAC1F,MAAM,UAAU,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAE/C,MAAM,aAAa,mCACd,OAAO,KACV,KAAK,EAAa,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,EAC9D,aAAa,EAAK,UAAU,EAC5B,aAAa,EAAK,aAAa,EAC/B,KAAK,EAAa,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE,EAC9D,eAAe,EAAG;gBAChB,8BAA8B,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;aACvD,GACF,CAAC;QAEF,OAAO,aAAa,CAAC;IACvB,CAAC;CAAA;AAED,kFAAkF;AAClF,SAAe,kBAAkB;yDAAC,EAChC,GAAG,EACH,aAAa,GAId;QACC,MAAM,eAAe,GAAG;YACtB,GAAG,EAAG,KAAK;YACX,GAAG,EAAG,KAAK;YACX,GAAG,EAAG,OAAO;YACb,GAAG,EAAG,KAAK;SACZ,CAAC;QACF,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE,CAAC;QACpD,MAAM,gBAAgB,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEhI;kEAC0D;QAC1D,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACrD,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;QAEzD,MAAM,UAAU,GAAG;YACjB,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE;YAC7C,EAAE,EAAE,8CAA8C;YAClD,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE;YACvC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;YAC5C,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE;SACpD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,OAAO,UAAU,CAAC;IACpB,CAAC;CAAA;AAED,4EAA4E;AAC5E,SAAe,oBAAoB,CACjC,OAGC;;QAED,MAAM,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE3D,MAAM,cAAc,mCACf,OAAO,KACV,GAAG,EAAG,oBAAoB,EAC1B,GAAG,EAAG,oBAAoB,GAAG,GAAG,GACjC,CAAC;QAEF,OAAO,cAAc,CAAC;IACxB,CAAC;CAAA;AAED,6DAA6D;AAC7D,SAAe,OAAO;yDAAC,EACrB,GAAG,EACH,IAAI,GAIL;QACC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;YAC5B,GAAG,EAAG,OAAO;YACb,GAAG,EAAG,GAAG,CAAC,QAAQ,CAAC,kBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE;YAC5C,GAAG,EAAG,KAAK;SACZ,CAAC,CAAC,WAAW,EAAE,CAAC;QAEjB,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAEnD,4BAA4B;QAC5B,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,SAAS,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC;YAClC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,OAAO,EAAE,CAAC,CAAC,YAAY,EAAE;SAC5D,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAEvE,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,OAAO,IAAI,kBAAkB,EAAE,CAAC;QAEzD,OAAO,GAAG,CAAC;IACb,CAAC;CAAA;AAED,+FAA+F;AAC/F,SAAe,SAAS;yDAAC,EAAE,GAAG,EAAmB;;QAC/C,MAAM,CAAC,UAAU,EAAE,WAAW,EAAE,aAAa,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEhE,8FAA8F;QAC9F,MAAM,MAAM,GAAqB,OAAO,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,QAAQ,EAAE,CAAC;QAE1E,IAAI,CAAC,MAAM,CAAC,GAAG,EACf,CAAC;YAAA,MAAM,IAAI,KAAK,CACd,uEAAuE,CACxE,CAAC;QAAA,CAAC;QAEH,mCAAmC;QACnC,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEvE,IAAI,CAAC,WAAW,EAChB,CAAC;YAAA,MAAM,IAAI,KAAK,CACd,wEAAwE,CACzE,CAAC;QAAA,CAAC;QAEH,oEAAoE;QACpE,MAAM,EAAE,YAAY,EAAE,GACpB,MAAA,MAAA,WAAW,CAAC,kBAAkB,0CAAE,IAAI,CAAC,CAAC,MAAW,EAAE,EAAE;YACnD,OAAO,MAAM,CAAC,EAAE,KAAK,MAAM,CAAC,GAAG,CAAC;QAClC,CAAC,CAAC,mCAAI,EAAE,CAAC;QAEX,IAAI,CAAC,YAAY,EACjB,CAAC;YAAA,MAAM,IAAI,KAAK,CACd,+EAA+E,CAChF,CAAC;QAAA,CAAC;QAEH,MAAM,KAAK,GAAG,IAAI,cAAc,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC;YACjC,GAAG,EAAS,YAAY;YACxB,SAAS,EAAG,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,YAAY,EAAE;YAC3D,IAAI,EAAQ,OAAO,CAAC,MAAM,CAAC,GAAG,UAAU,IAAI,WAAW,EAAE,CAAC,CAAC,YAAY,EAAE;SAC1E,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,EACZ,CAAC;YAAA,MAAM,IAAI,KAAK,CACd,4DAA4D,CAC7D,CAAC;QAAA,CAAC;QAEH,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,QAAQ,EAA6B,CAAC;QAEpF,OAAO,MAAM,CAAC;IAChB,CAAC;CAAA;AAED;;;GAGG;AACH,MAAM,cAAc,GAAG,CAAO,WAAmB,EAAE,cAAsB,EAAoC,EAAE;IAC7G,MAAM,WAAW,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAM,CAAC,EAAE,CAAC,CAAC;IACtF,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC;QACnC,GAAG;QACH,cAAc;KACf,CAAC,CAAC;IACH,MAAM,sBAAsB,GAAG,CAAC,MAAM,SAAS,CAAC;QAC9C,GAAG;KACJ,CAAC,CAA4B,CAAC;IAE/B,OAAO,sBAAsB,CAAC;AAChC,CAAC,CAAA,CAAC;AAEF,sHAAsH;AACtH,SAAe,kBAAkB;yDAAC,EAChC,GAAG,EACH,cAAc,GAIf;QACC,MAAM,CACJ,mBAAmB,EACnB,AADoB,EAEpB,SAAS,EACT,cAAc,EACd,qBAAqB,EACtB,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEnB,MAAM,kBAAkB,GAAG,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,YAAY,EAAE,CAAC;QAC5E,MAAM,eAAe,GAAG,OAAO,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,YAAY,EAAE,CAAC;QAC9E,MAAM,cAAc,GAAG,eAAe,CAAC;QACvC,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,YAAY,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,YAAY,EAAE,CAAC;QACpE,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,CACzC,qBAAqB,CACtB,CAAC,YAAY,EAAE,CAAC;QAEjB,oEAAoE;QACpE,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC;YACtC,GAAG,UAAU;YACb,GAAG,iBAAiB;SACrB,CAAC,CAAC;QACH,MAAM,iBAAiB,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,kBAAkB,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAC9I,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE,CAAC;QAE7D,OAAO,GAAG,CAAC;IACb,CAAC;CAAA;AAED;;;;;;;;GAQG;AACH,SAAe,mBAAmB,CAChC,SAAoB,EACpB,GAAW,EACX,GAAW;;QAEX,MAAM,CACJ,mBAAmB,EACnB,AADoB,EAEpB,SAAS,EACT,cAAc,EACd,qBAAqB,EACtB,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAEnB,iDAAiD;QACjD,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,mBAAmB,CAAC,CAAC,QAAQ,EAAS,CAAC;QACxE,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,mBAAmB,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAE3E,uFAAuF;QACvF,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAC1C,SAAS,EACT,mBAAmB,CAAC,WAAY,CACjC,CAAC;QAEF,yBAAyB;QACzB,MAAM,cAAc,mCAAQ,MAAM,KAAE,GAAG,EAAE,GAAG,GAAE,CAAC;QAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,YAAY,EAAE,CAAC;QAE1D,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,YAAY,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC,YAAY,EAAE,CAAC;QACpE,MAAM,iBAAiB,GAAG,OAAO,CAAC,SAAS,CACzC,qBAAqB,CACtB,CAAC,YAAY,EAAE,CAAC;QAEjB,oEAAoE;QACpE,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC;YACtC,GAAG,UAAU;YACb,GAAG,iBAAiB;SACrB,CAAC,CAAC;QAEH,8BAA8B;QAC9B,MAAM,iBAAiB,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,gBAAgB,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC;QAC1I,MAAM,GAAG,GAAG,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,QAAQ,EAAE,CAAC;QAE7D,OAAO,GAAG,CAAC;IACb,CAAC;CAAA;AAED,iGAAiG;AACjG,SAAe,eAAe,CAC5B,aAAwB,EACxB,YAAyB;;;QAEzB,MAAM,kBAAkB,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,CAAC;QAExD,MAAM,SAAS,GAAG,MAAA,YAAY,CAAC,kBAAkB,0CAAG,CAAC,EAAE,YAAa,CAAC;QACrE,MAAM,UAAU,GAAG,MAAA,kBAAkB,CAAC,WAAW,0CAAG,CAAC,CAAE,CAAC;QACxD,SAAS,CAAC,GAAG,GAAG,OAAO,CAAC;QAExB,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,wBAAwB,CAAC;YAC1D,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,yBAAyB,CAAC;YAC5D,UAAU,EAAE,UAAU;SACvB,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC;YAC1C,WAAW,EAAG,aAAa;YAC3B,UAAU,EAAI,YAAY;SAC3B,CAAC,CAAC;QAEH,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC;YACpD,YAAY,EAAG,IAAI,UAAU,CAAC,SAAS,CAAC;YACxC,IAAI,EAAW,SAAS;YACxB,IAAI,EAAW,IAAI,UAAU,EAAE;YAC/B,IAAI,EAAW,IAAI,UAAU,EAAE;YAC/B,MAAM,EAAS,GAAG;SACnB,CAAC,CAAC;QAEH,OAAO,mBAAmB,CAAC;IAC7B,CAAC;CAAA;AAED;;;;;GAKG;AACH,SAAe,mBAAmB;yDAAC,EACjC,GAAG,EACH,aAAa,EACb,gBAAgB,EAChB,SAAS,GAMV;QACC,MAAM,eAAe,GAAG;YACtB,GAAG,EAAG,KAAK;YACX,GAAG,EAAG,KAAK;YACX,GAAG,EAAG,OAAO;YACb,GAAG,EAAG,KAAK;YACX,GAAG,EAAG,gBAAgB;SACvB,CAAC;QACF,MAAM,KAAK,GAAG,WAAW,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,iCAChC,eAAe,KAClB,GAAG,EAAE,SAAS,IACd,CAAC,YAAY,EAAE,CAAC;QAElB,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,YAAY,EAAE,CAAC;QACpD,MAAM,gBAAgB,GAAG,MAAM,iBAAiB,CAAC,UAAU,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEhI;kEAC0D;QAC1D,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACrD,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;QAEzD,MAAM,UAAU,GAAG;YACjB,OAAO,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE;YAC7C,EAAE,EAAE,8CAA8C;YAClD,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE;YACvC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,WAAW,EAAE;YAC5C,OAAO,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,WAAW,EAAE;SACpD,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAEZ,OAAO,UAAU,CAAC;IACpB,CAAC;CAAA;AAED,SAAS,2BAA2B,CAAC,KAAyB;IAC5D,wEAAwE;IACxE,yGAAyG;IACzG,IAAI,uBAAuB,CAAC,KAAK,CAAC,EAAE,CAAC;QACnC,OAAO,IAAI,CAAC;IACd,CAAC;SAAM,IAAI,KAAK,CAAC,SAAS,KAAK,gBAAgB,CAAC,SAAS,IAAI,KAAK,CAAC,MAAM,KAAK,aAAa,CAAC,SAAS,EAAE,CAAC;QACtG,sEAAsE;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,qDAAqD;IACrD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,SAAe,sBAAsB,CACnC,WAAmB,EACnB,iBAA4B,EAC5B,KAAiB,EACjB,MAA4B;;QAE5B,MAAM,cAAc,GAAG,IAAI,mBAAmB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAE1D,oHAAoH;QACpH,MAAM,CAAC,GAAG,CAAC,kCAAkC,MAAM,CAAC,MAAM,kBAAkB,CAAC,CAAC;QAC9E,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,GAAG,CACxC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;YACnB,+HAA+H;YAC/H,MAAM,SAAS,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAC;YACrD,OAAO,cAAc,CAAC,WAAW,CAAC;gBAChC,SAAS;gBACT,KAAK,EAAS,IAAI;gBAClB,SAAS,EAAK,iBAAiB,CAAC,GAAG;gBACnC,KAAK;gBACL,WAAW,EAAG,6BAA6B,EAAE,kCAAkC;gBAC/E,MAAM,EAAQ,WAAW;aAC1B,CAAC,CAAC;QACL,CAAC,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,GAAG,CAAC,WAAW,gBAAgB,CAAC,MAAM,qCAAqC,CAAC,CAAC;QACpF,MAAM,eAAe,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAO,KAAK,EAAE,EAAE;YAC3D,uGAAuG;YACvG,MAAM,KAAiC,KAAK,CAAC,OAAO,EAA9C,EAAE,WAAW,OAAiC,EAA5B,UAAU,cAA5B,eAA8B,CAAgB,CAAC;YAErD,MAAM,IAAI,GAAG,OAAO,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,YAAY,EAAE,CAAC;YAC3D,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC;gBAC3C,MAAM,EAAQ,WAAW;gBACzB,MAAM,EAAQ,WAAW;gBACzB,WAAW,EAAG,YAAY,CAAC,YAAY;gBACvC,UAAU,EAAI,IAAI,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC9B,UAAU;aACX,CAAC,CAAC;YAEH,2HAA2H;YAC3H,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;gBAC3D,MAAM,CAAC,KAAK,CAAC,+BAA+B,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;gBACnE,MAAM,CAAC,KAAK,CAAC,yBAAyB,UAAU,EAAE,CAAC,CAAC;gBACpD,MAAM,IAAI,KAAK,CACb,8CAA8C,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CACpE,CAAC;YACJ,CAAC;YAED,OAAO,KAAK,CAAC,OAAO,CAAC;QACvB,CAAC,CAAA,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YACpD,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,iDAAiD,KAAK,EAAE,CAAC,CAAC;YACvE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CAAA;AAED;;GAEG;AACH,SAAe,eAAe,CAC5B,WAAmB,EACnB,KAAiB,EACjB,kBAAyC;;QAGzC,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,iBAAiB,CAAC;YACjD,MAAM,EAAU,WAAW;YAC3B,WAAW,EAAK,YAAY,CAAC,cAAc;YAC3C,MAAM,EAAU,WAAW;YAC3B,aAAa,EAAG,EAAE,MAAM,EAAE,EAAE,QAAQ,EAAE,kBAAkB,CAAC,QAAQ,EAAE,EAAE;SACtE,CAAC,CAAC;QAEH,IAAK,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;YAC5C,sCAAsC;YACtC,MAAM,IAAI,KAAK,CACb,6BAA6B,YAAY,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,CAChE,CAAC;QACJ,CAAC;aAAM,IAAI,YAAY,CAAC,KAAK,CAAC,OAAO,KAAK,SAAS,IAAI,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC/F,MAAM,CAAC,GAAG,CAAC,sCAAsC,kBAAkB,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEhF,+FAA+F;YAC/F,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC;gBACjF,MAAM,EAAU,WAAW;gBAC3B,MAAM,EAAU,WAAW;gBAC3B,WAAW,EAAK,YAAY,CAAC,kBAAkB;gBAC/C,aAAa,EAAG,EAAE,UAAU,EAAE,kBAAkB,EAAE;aACnD,CAAC,CAAC;YAEH,2HAA2H;YAC3H,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;gBACnE,MAAM,IAAI,KAAK,CAAC,4BAA4B,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,yHAAyH;YACzH,MAAM,KAAK,CAAC,iBAAiB,CAAC;gBAC5B,MAAM,EAAQ,WAAW;gBACzB,MAAM,EAAQ,WAAW;gBACzB,WAAW,EAAG,YAAY,CAAC,kBAAkB;gBAC7C,UAAU,EAAI,gBAAgB;aAC/B,CAAC,CAAC;QAEL,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,GAAG,CAAC,4BAA4B,kBAAkB,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEtE,8GAA8G;YAC9G,MAAM,gBAAgB,GAAG,YAAY,CAAC,KAAK,CAAC,OAAQ,CAAC,CAAC,CAAC,CAAC;YACxD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC;gBACtD,MAAM,EAAQ,WAAW;gBACzB,MAAM,EAAQ,WAAW;gBACzB,WAAW,EAAG,YAAY,CAAC,kBAAkB;gBAC7C,UAAU,EAAI,gBAAgB;aAC/B,CAAC,CAAC;YAEH,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC;gBACnE,MAAM,IAAI,KAAK,CAAC,4BAA4B,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;IACH,CAAC;CAAA;AAED;;;;;;;;GAQG;AACH,SAAe,kBAAkB,CAC/B,WAAmB,EACnB,WAAoC,EACpC,SAAiB,EACjB,KAAiB;;QAEjB,MAAM,iBAAiB,GAAG,MAAM,MAAM,CAAC,MAAM,EAAE,CAAC;QAChD,MAAM,mBAAmB,GAAG,MAAM,iBAAiB,CAAC,MAAM,EAAE,CAAC;QAE7D,8HAA8H;QAC9H,MAAM,qBAAqB,GAAG,WAAW,CAAC,kBAAkB,CAAC,GAAG,CAC9D,CAAO,iBAAiB,EAAE,EAAE;YAC1B,MAAM,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,CAAC;YAEnE,mHAAmH;YACnH,MAAM,sBAAsB,GAAG,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,IAAI,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,kBAAkB,CAAC,QAAQ,CAAC,CAAC;YACtI,IAAI,CAAC,sBAAsB,EAAE,CAAC;gBAC5B,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;YAC/F,CAAC;YAED,MAAM,eAAe,CAAC,WAAW,EAAE,KAAK,EAAE,kBAAkB,CAAC,CAAC;YAE9D,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,WAAW,EACX,iBAAiB,EACjB,KAAK,EACL,gBAAgB,CACjB,CAAC;YAEF,OAAO,gBAAgB,CAAC;QAC1B,CAAC,CAAA,CACF,CAAC;QAEF,MAAM,cAAc,GAAG,CAAC,MAAM,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAEzE,MAAM,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;QACjD,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC;YACrD,mDAAmD;YACnD,GAAG,EAAK,WAAW;YACnB,6BAA6B;YAC7B,GAAG,EAAK,iBAAiB,CAAC,GAAG;YAC7B,yDAAyD;YACzD,GAAG,EAAK,WAAW,CAAC,SAAS;YAC7B,0CAA0C;YAC1C,KAAK,EAAG,WAAW,CAAC,KAAK;YACzB,cAAc;YACd,mBAAmB;SACpB,CAAC,CAAC;QAEH,kEAAkE;QAClE,MAAM,CAAC,GAAG,CAAC,iCAAiC,CAAC,CAAC;QAC9C,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAI,iBAAiB;YACxB,IAAI,EAAG,cAAc;SACtB,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAE9D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAC1C,iBAAiB,EACjB,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,WAAY,CACxB,CAAC;QAEF,MAAM,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;QACjD,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC;YACvD,GAAG,EAAgB,iBAAkB;YACrC,aAAa,EAAM,SAAS;YAC5B,gBAAgB,EAAG,iBAAiB,CAAC,QAAQ,CAAC,kBAAmB,CAAC,CAAC,CAAC,CAAC,EAAE;YACvE,SAAS;SACV,CAAC,CAAC;QAEH,MAAM,kBAAkB,GAAG,IAAI,eAAe,CAAC;YAC7C,QAAQ,EAAG,iBAAiB;YAC5B,KAAK,EAAM,WAAW,CAAC,KAAK;SAC7B,CAAC,CAAC,QAAQ,EAAE,CAAC;QAEd,MAAM,CAAC,GAAG,CAAC,wDAAwD,WAAW,CAAC,YAAY,EAAE,CAAC,CAAC;QAC/F,MAAM,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE;YACpC,IAAI,EAAM,kBAAkB;YAC5B,MAAM,EAAI,MAAM;YAChB,OAAO,EAAG;gBACR,cAAc,EAAE,mCAAmC;aACpD;YACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAM,CAAC;SACpC,CAAC,CAAC;IACL,CAAC;CAAA;AAED,MAAM,CAAC,MAAM,IAAI,GAAG;IAClB,iBAAiB;IACjB,kBAAkB;IAClB,cAAc;IACd,kBAAkB;IAClB,sBAAsB;IACtB,oBAAoB;IACpB,mBAAmB;IACnB,mBAAmB;IACnB,eAAe;IACf,OAAO;IACP,SAAS;IACT,YAAY;IACZ,qBAAqB;IACrB,kBAAkB;CACnB,CAAC"}

package/dist/types/oidc.d.ts

@@ -1,250 +0,0 @@
-import type { ConnectPermissionRequest } from './connect.js';
-import type { EnboxAgent } from './types/agent.js';
-import type { RequireOnly } from '@enbox/common';
-import type { DidDocument, PortableDid } from '@enbox/dids';
-import type { DwnDataEncodedRecordsWriteMessage, DwnPermissionScope } from './types/dwn.js';
-import { type BearerDid } from '@enbox/dids';
-/**
- * Sent to an OIDC server to authorize a client. Allows clients
- * to securely send authorization request parameters directly to
- * the server via POST. This avoids exposing sensitive data in URLs
- * and ensures the server validates the request before user interaction.
- *
- * @see {@link https://www.rfc-editor.org/rfc/rfc9126.html | OAuth 2.0 Pushed Authorization Requests}
- */
-export type PushedAuthRequest = {
-    /** The JWT which contains the {@link EnboxConnectAuthRequest} */
-    request: string;
-};
-/**
- * Sent back by OIDC server in response to {@link PushedAuthRequest}
- * The server generates a TTL and a unique request_uri. The request_uri can be shared
- * with the Provider using a link or a QR code along with additional params
- * to access the url and decrypt the payload.
- */
-export type PushedAuthResponse = {
-    request_uri: string;
-    expires_in: number;
-};
-/**
- * Used in decentralized apps. The SIOPv2 Auth Request is created by a client relying party (RP)
- * often a web service or an app who wants to obtain information from a provider
- * The contents of this are inserted into a JWT inside of the {@link PushedAuthRequest}.
- * @see {@link https://github.com/enboxorg/enbox | Enbox OIDC Documentation for SIOPv2 }
- */
-export type SIOPv2AuthRequest = {
-    /** The DID of the client (RP) */
-    client_id: string;
-    /** The scope of the access request (e.g., `openid profile`). */
-    scope: string;
-    /** The type of response desired (e.g. `id_token`) */
-    response_type: string;
-    /** the URL to which the Identity Provider will post the Authorization Response */
-    redirect_uri: string;
-    /** The URI to which the SIOPv2 Authorization Response will be sent (Tim's note: not used with encrypted request JWT)*/
-    response_uri?: string;
-    /**
-     * An opaque value used to maintain state between the request and the callback.
-     * Recommended for security to prevent CSRF attacks.
-     */
-    state: string;
-    /**
-     * A string value used to associate a client session with an ID token to mitigate replay attacks.
-     * Recommended when requesting ID tokens.
-     */
-    nonce: string;
-    /**
-     * The PKCE code challenge.
-     * Required if `code_challenge_method` is used. Enhances security for public clients (e.g., single-page apps,
-     * mobile apps) by requiring an additional verification step during token exchange.
-     */
-    code_challenge?: string;
-    /** The method used for the PKCE challenge (typically `S256`). Must be present if `code_challenge` is included. */
-    code_challenge_method?: 'S256';
-    /**
-     * An ID token previously issued to the client, passed as a hint about the end-user’s current or past authenticated
-     * session with the client. Can streamline user experience if already logged in.
-     */
-    id_token_hint?: string;
-    /** A hint to the authorization server about the login identifier the user might use. Useful for pre-filling login information. */
-    login_hint?: string;
-    /** Requested Authentication Context Class Reference values. Specifies the authentication context requirements. */
-    acr_values?: string;
-    /** When using a PAR for secure cross device flows we use a "form_post" rather than a "direct_post" */
-    response_mode: 'direct_post';
-    /** Used by PFI to request VCs as input to IDV process. If present, `response_type: "vp_token""` MUST also be present */
-    presentation_definition?: any;
-    /** A JSON object containing the Verifier metadata values (Tim's note: from TBD KCC Repo) */
-    client_metadata?: {
-        /** Array of strings, each a DID method supported for the subject of ID Token	*/
-        subject_syntax_types_supported: string[];
-        /** Human-readable string name of the client to be presented to the end-user during authorization */
-        client_name?: string;
-        /** URI of a web page providing information about the client */
-        client_uri?: string;
-        /** URI of an image logo for the client */
-        logo_uri?: string;
-        /** Array of strings representing ways to contact people responsible for this client, typically email addresses */
-        contacts?: string[];
-        /** URI that points to a terms of service document for the client */
-        tos_uri?: string;
-        /** URI that points to a privacy policy document */
-        policy_uri?: string;
-    };
-};
-/**
- * An auth request that is compatible with both Web5 Connect and (hopefully, WIP) OIDC SIOPv2
- * The contents of this are inserted into a JWT inside of the {@link PushedAuthRequest}.
- */
-export type EnboxConnectAuthRequest = {
-    /** The user friendly name of the client/app to be displayed when prompting end-user with permission requests. */
-    displayName: string;
-    /** PermissionGrants that are to be sent to the provider */
-    permissionRequests: ConnectPermissionRequest[];
-} & SIOPv2AuthRequest;
-/** The fields for an OIDC SIOPv2 Auth Repsonse */
-export type SIOPv2AuthResponse = {
-    /** Issuer MUST match the value of sub (Applicant's DID) */
-    iss: string;
-    /** Subject Identifier. A locally unique and never reassigned identifier
-     * within the Issuer for the End-User, which is intended to be consumed
-     * by the Client. */
-    sub: string;
-    /** Audience(s) that this ID Token is intended for. It MUST contain the
-     * OAuth 2.0 client_id of the Relying Party as an audience value. */
-    aud: string;
-    /** Time at which the JWT was issued. */
-    iat: number;
-    /** Expiration time on or after which the ID Token MUST NOT be accepted
-     * for processing. */
-    exp: number;
-    /** Time when the End-User authentication occurred. */
-    auth_time?: number;
-    /** b64url encoded nonce used to associate a Client session with an ID Token, and to
-     * mitigate replay attacks. */
-    nonce?: string;
-    /** Custom claims. */
-    [key: string]: any;
-};
-/** An auth response that is compatible with both Web5 Connect and (hopefully, WIP) OIDC SIOPv2 */
-export type EnboxConnectAuthResponse = {
-    delegateGrants: DwnDataEncodedRecordsWriteMessage[];
-    delegatePortableDid: PortableDid;
-} & SIOPv2AuthResponse;
-/** Represents the different OIDC endpoint types.
- * 1. `pushedAuthorizationRequest`: client sends {@link PushedAuthRequest} receives {@link PushedAuthResponse}
- * 2. `authorize`: provider gets the {@link EnboxConnectAuthRequest} JWT that was stored by the PAR
- * 3. `callback`: provider sends {@link EnboxConnectAuthResponse} to this endpoint
- * 4. `token`: client gets {@link EnboxConnectAuthResponse} from this endpoint
- */
-type OidcEndpoint = 'pushedAuthorizationRequest' | 'authorize' | 'callback' | 'token';
-/**
- * Gets the correct OIDC endpoint out of the {@link OidcEndpoint} options provided.
- * Handles a trailing slash on baseURL
- *
- * @param {Object} options the options object
- * @param {string} options.baseURL for example `http://foo.com/connect/
- * @param {OidcEndpoint} options.endpoint the OIDC endpoint desired
- * @param {string} options.authParam this is the unique id which must be provided when getting the `authorize` endpoint
- * @param {string} options.tokenParam this is the random state as b64url which must be provided with the `token` endpoint
- */
-declare function buildOidcUrl({ baseURL, endpoint, authParam, tokenParam, }: {
-    baseURL: string;
-    endpoint: OidcEndpoint;
-    authParam?: string;
-    tokenParam?: string;
-}): string;
-/**
- * Generates a cryptographically random "code challenge" in
- * accordance with the RFC 7636 PKCE specification.
- *
- * @see {@link https://datatracker.ietf.org/doc/html/rfc7636#section-4.2 | RFC 7636 }
- */
-declare function generateCodeChallenge(): Promise<{
-    codeChallengeBytes: Uint8Array;
-    codeChallengeBase64Url: string;
-}>;
-/** Client creates the {@link EnboxConnectAuthRequest} */
-declare function createAuthRequest(options: RequireOnly<EnboxConnectAuthRequest, 'client_id' | 'scope' | 'redirect_uri' | 'permissionRequests' | 'displayName'>): Promise<EnboxConnectAuthRequest>;
-/** Encrypts the auth request with the key which will be passed through QR code */
-declare function encryptAuthRequest({ jwt, encryptionKey, }: {
-    jwt: string;
-    encryptionKey: Uint8Array;
-}): Promise<string>;
-/** Create a response object compatible with Web5 Connect and OIDC SIOPv2 */
-declare function createResponseObject(options: RequireOnly<EnboxConnectAuthResponse, 'iss' | 'sub' | 'aud' | 'delegateGrants' | 'delegatePortableDid'>): Promise<EnboxConnectAuthResponse>;
-/** sign an object and transform it into a jwt using a did */
-declare function signJwt({ did, data, }: {
-    did: BearerDid;
-    data: Record<string, unknown>;
-}): Promise<string>;
-/** Take the decrypted JWT and verify it was signed by its public DID. Return parsed object. */
-declare function verifyJwt({ jwt }: {
-    jwt: string;
-}): Promise<Record<string, unknown>>;
-/** Take the encrypted JWE, decrypt using the code challenge and return a JWT string which will need to be verified */
-declare function decryptAuthRequest({ jwe, encryption_key, }: {
-    jwe: string;
-    encryption_key: string;
-}): Promise<string>;
-/**
- * The client uses to decrypt the jwe obtained from the auth server which contains
- * the {@link EnboxConnectAuthResponse} that was sent by the provider to the auth server.
- *
- * @async
- * @param {BearerDid} clientDid - The did that was initially used by the client for ECDH at connect init.
- * @param {string} jwe - The encrypted data as a jwe.
- * @param {string} pin - The pin that was obtained from the user.
- */
-declare function decryptAuthResponse(clientDid: BearerDid, jwe: string, pin: string): Promise<string>;
-/** Derives a shared ECDH private key in order to encrypt the {@link EnboxConnectAuthResponse} */
-declare function deriveSharedKey(privateKeyDid: BearerDid, publicKeyDid: DidDocument): Promise<Uint8Array>;
-/**
- * Encrypts the auth response jwt. Requires a randomPin is added to the AAD of the
- * encryption algorithm in order to prevent man in the middle and eavesdropping attacks.
- * The keyid of the delegate did is used to pass the public key to the client in order
- * for the client to derive the shared ECDH private key.
- */
-declare function encryptAuthResponse({ jwt, encryptionKey, delegateDidKeyId, randomPin, }: {
-    jwt: string;
-    encryptionKey: Uint8Array;
-    delegateDidKeyId: string;
-    randomPin: string;
-}): Promise<string>;
-/**
- * Creates the permission grants that assign to the selectedDid the level of
- * permissions that the web app requested in the {@link EnboxConnectAuthRequest}
- */
-declare function createPermissionGrants(selectedDid: string, delegateBearerDid: BearerDid, agent: EnboxAgent, scopes: DwnPermissionScope[]): Promise<DwnDataEncodedRecordsWriteMessage[]>;
-/**
- * Creates a delegate did which the web app will use as its future indentity.
- * Assigns to that DID the level of permissions that the web app requested in
- * the {@link EnboxConnectAuthRequest}. Encrypts via ECDH key that the web app
- * will have access to because the web app has the public key which it provided
- * in the {@link EnboxConnectAuthRequest}. Then sends the ciphertext of this
- * {@link EnboxConnectAuthResponse} to the callback endpoint. Which the
- * web app will need to retrieve from the token endpoint and decrypt with the pin to access.
- */
-declare function submitAuthResponse(selectedDid: string, authRequest: EnboxConnectAuthRequest, randomPin: string, agent: EnboxAgent): Promise<void>;
-export declare const Oidc: {
-    createAuthRequest: typeof createAuthRequest;
-    encryptAuthRequest: typeof encryptAuthRequest;
-    getAuthRequest: (request_uri: string, encryption_key: string) => Promise<EnboxConnectAuthRequest>;
-    decryptAuthRequest: typeof decryptAuthRequest;
-    createPermissionGrants: typeof createPermissionGrants;
-    createResponseObject: typeof createResponseObject;
-    encryptAuthResponse: typeof encryptAuthResponse;
-    decryptAuthResponse: typeof decryptAuthResponse;
-    deriveSharedKey: typeof deriveSharedKey;
-    signJwt: typeof signJwt;
-    verifyJwt: typeof verifyJwt;
-    buildOidcUrl: typeof buildOidcUrl;
-    generateCodeChallenge: typeof generateCodeChallenge;
-    submitAuthResponse: typeof submitAuthResponse;
-};
-/** @deprecated Use {@link EnboxConnectAuthRequest} instead. */
-export type Web5ConnectAuthRequest = EnboxConnectAuthRequest;
-/** @deprecated Use {@link EnboxConnectAuthResponse} instead. */
-export type Web5ConnectAuthResponse = EnboxConnectAuthResponse;
-export {};
-//# sourceMappingURL=oidc.d.ts.map

package/dist/types/oidc.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,cAAc,CAAC;AAC7D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AACjD,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC5D,OAAO,KAAK,EAAE,iCAAiC,EAAE,kBAAkB,EAAyB,MAAM,gBAAgB,CAAC;AAKnH,OAAO,EAAE,KAAK,SAAS,EAAU,MAAM,aAAa,CAAC;AAkBrD;;;;;;;GAOG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,iEAAiE;IACjE,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,iCAAiC;IACjC,SAAS,EAAE,MAAM,CAAC;IAElB,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IAEd,qDAAqD;IACrD,aAAa,EAAE,MAAM,CAAC;IAEtB,kFAAkF;IAClF,YAAY,EAAE,MAAM,CAAC;IAErB,uHAAuH;IACvH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,kHAAkH;IAClH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB,kIAAkI;IAClI,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,kHAAkH;IAClH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,sGAAsG;IACtG,aAAa,EAAE,aAAa,CAAC;IAE7B,wHAAwH;IACxH,uBAAuB,CAAC,EAAE,GAAG,CAAC;IAE9B,4FAA4F;IAC5F,eAAe,CAAC,EAAE;QAChB,gFAAgF;QAChF,8BAA8B,EAAE,MAAM,EAAE,CAAC;QACzC,oGAAoG;QACpG,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,+DAA+D;QAC/D,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,0CAA0C;QAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,kHAAkH;QAClH,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;QACpB,oEAAoE;QACpE,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,mDAAmD;QACnD,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,CAAC;CACH,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,iHAAiH;IACjH,WAAW,EAAE,MAAM,CAAC;IAEpB,2DAA2D;IAC3D,kBAAkB,EAAE,wBAAwB,EAAE,CAAC;CAChD,GAAG,iBAAiB,CAAC;AAEtB,kDAAkD;AAClD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,2DAA2D;IAC3D,GAAG,EAAE,MAAM,CAAC;IACZ;;wBAEoB;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ;wEACoE;IACpE,GAAG,EAAE,MAAM,CAAC;IACZ,wCAAwC;IACxC,GAAG,EAAE,MAAM,CAAC;IACZ;yBACqB;IACrB,GAAG,EAAE,MAAM,CAAC;IACZ,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;kCAC8B;IAC9B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qBAAqB;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB,CAAC;AAEF,kGAAkG;AAClG,MAAM,MAAM,wBAAwB,GAAG;IACrC,cAAc,EAAE,iCAAiC,EAAE,CAAC;IACpD,mBAAmB,EAAE,WAAW,CAAC;CAClC,GAAG,kBAAkB,CAAC;AAEvB;;;;;GAKG;AACH,KAAK,YAAY,GACb,4BAA4B,GAC5B,WAAW,GACX,UAAU,GACV,OAAO,CAAC;AAEZ;;;;;;;;;GASG;AACH,iBAAS,YAAY,CAAC,EACpB,OAAO,EACP,QAAQ,EACR,SAAS,EACT,UAAU,GACX,EAAE;IACD,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,YAAY,CAAC;IACvB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,MAAM,CA0BT;AAED;;;;;GAKG;AACH,iBAAe,qBAAqB,IAAI,OAAO,CAAC;IAAE,kBAAkB,EAAE,UAAU,CAAC;IAAC,sBAAsB,EAAE,MAAM,CAAA;CAAE,CAAC,CAOlH;AAED,yDAAyD;AACzD,iBAAe,iBAAiB,CAC9B,OAAO,EAAE,WAAW,CAClB,uBAAuB,EACvB,WAAW,GAAG,OAAO,GAAG,cAAc,GAAG,oBAAoB,GAAG,aAAa,CAC9E,GACA,OAAO,CAAC,uBAAuB,CAAC,CAmBlC;AAED,kFAAkF;AAClF,iBAAe,kBAAkB,CAAC,EAChC,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,UAAU,CAAC;CAC3B,GAAG,OAAO,CAAC,MAAM,CAAC,CA0BlB;AAED,4EAA4E;AAC5E,iBAAe,oBAAoB,CACjC,OAAO,EAAE,WAAW,CAClB,wBAAwB,EACxB,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,gBAAgB,GAAG,qBAAqB,CACjE,GACA,OAAO,CAAC,wBAAwB,CAAC,CAUnC;AAED,6DAA6D;AAC7D,iBAAe,OAAO,CAAC,EACrB,GAAG,EACH,IAAI,GACL,EAAE;IACD,GAAG,EAAE,SAAS,CAAC;IACf,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/B,GAAG,OAAO,CAAC,MAAM,CAAC,CAoBlB;AAED,+FAA+F;AAC/F,iBAAe,SAAS,CAAC,EAAE,GAAG,EAAE,EAAE;IAAE,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA6CnF;AAoBD,sHAAsH;AACtH,iBAAe,kBAAkB,CAAC,EAChC,GAAG,EACH,cAAc,GACf,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,cAAc,EAAE,MAAM,CAAC;CACxB,GAAG,OAAO,CAAC,MAAM,CAAC,CA2BlB;AAED;;;;;;;;GAQG;AACH,iBAAe,mBAAmB,CAChC,SAAS,EAAE,SAAS,EACpB,GAAG,EAAE,MAAM,EACX,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,CAAC,CA2CjB;AAED,iGAAiG;AACjG,iBAAe,eAAe,CAC5B,aAAa,EAAE,SAAS,EACxB,YAAY,EAAE,WAAW,GACxB,OAAO,CAAC,UAAU,CAAC,CA4BrB;AAED;;;;;GAKG;AACH,iBAAe,mBAAmB,CAAC,EACjC,GAAG,EACH,aAAa,EACb,gBAAgB,EAChB,SAAS,GACV,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,UAAU,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB,GAAG,OAAO,CAAC,MAAM,CAAC,CA+BlB;AAgBD;;;GAGG;AACH,iBAAe,sBAAsB,CACnC,WAAW,EAAE,MAAM,EACnB,iBAAiB,EAAE,SAAS,EAC5B,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,kBAAkB,EAAE,GAC3B,OAAO,CAAC,iCAAiC,EAAE,CAAC,CAqD9C;AAiED;;;;;;;;GAQG;AACH,iBAAe,kBAAkB,CAC/B,WAAW,EAAE,MAAM,EACnB,WAAW,EAAE,uBAAuB,EACpC,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,UAAU,GAChB,OAAO,CAAC,IAAI,CAAC,CA+Ef;AAED,eAAO,MAAM,IAAI;;;kCA3a0B,MAAM,kBAAkB,MAAM,KAAG,OAAO,CAAC,uBAAuB,CAAC;;;;;;;;;;;;CA0b3G,CAAC;AAMF,+DAA+D;AAC/D,MAAM,MAAM,sBAAsB,GAAG,uBAAuB,CAAC;AAE7D,gEAAgE;AAChE,MAAM,MAAM,uBAAuB,GAAG,wBAAwB,CAAC"}