@enbox/auth 0.3.1

package/dist/esm/flows/dwn-discovery.js

@@ -0,0 +1,281 @@
+/**
+ * Local DWN discovery integration for browser and CLI environments.
+ *
+ * This module bridges the local DWN discovery mechanisms (implemented in
+ * `@enbox/agent`) with the `@enbox/auth` storage, session lifecycle, and
+ * event system.
+ *
+ * ## Discovery channels (browser, highest to lowest priority)
+ *
+ * 1. **URL fragment payload** — A `dwn://register` redirect just landed
+ *    on the page with the endpoint in `#`. Highest priority because it's
+ *    fresh and explicit.
+ * 2. **Persisted endpoint** (localStorage) — A previously discovered
+ *    endpoint restored and re-validated via `GET /info`.
+ * 3. **Agent-level discovery** (transparent, runs on every `sendRequest`)
+ *    — `~/.enbox/dwn.json` discovery file (Node/Bun only; skipped in
+ *    browsers) and sequential port probing on `127.0.0.1:{3000,55500–55509}`.
+ *    This channel works even if the browser-specific functions here
+ *    return `false`.
+ *
+ * ## Discovery channels (CLI / native, all transparent)
+ *
+ * In Node/Bun environments, all discovery happens automatically inside
+ * `AgentDwnApi.getLocalDwnEndpoint()`. The browser-specific functions
+ * in this module (`checkUrlForDwnDiscoveryPayload`, `requestLocalDwnDiscovery`)
+ * are not needed — the agent reads `~/.enbox/dwn.json` and probes ports
+ * on its own.
+ *
+ * @see https://github.com/enboxorg/enbox/issues/589
+ * @module
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { buildDwnRegisterUrl, readDwnDiscoveryPayloadFromUrl } from '@enbox/agent';
+import { STORAGE_KEYS } from '../types.js';
+/**
+ * Check the current page URL for a `DwnDiscoveryPayload` in the fragment.
+ *
+ * This is called once at the start of a connection flow to detect whether
+ * the user was just redirected back from a `dwn://register` handler. If a
+ * valid payload is found, the endpoint is persisted and the fragment is
+ * cleared to prevent double-reads.
+ *
+ * @returns The discovered endpoint string, or `undefined` if no payload
+ *   was found in the URL.
+ */
+export function checkUrlForDwnDiscoveryPayload() {
+    if (typeof globalThis.location === 'undefined') {
+        return undefined;
+    }
+    const payload = readDwnDiscoveryPayloadFromUrl(globalThis.location.href);
+    if (!payload) {
+        return undefined;
+    }
+    // Clear the fragment to prevent re-reading on subsequent calls or
+    // if the user refreshes the page after the redirect.
+    if (typeof globalThis.history !== 'undefined' && globalThis.history.replaceState) {
+        const cleanUrl = globalThis.location.href.split('#')[0];
+        globalThis.history.replaceState(null, '', cleanUrl);
+    }
+    return payload.endpoint;
+}
+/**
+ * Persist a discovered local DWN endpoint in auth storage.
+ *
+ * @param storage - The auth storage adapter.
+ * @param endpoint - The local DWN server base URL.
+ */
+export function persistLocalDwnEndpoint(storage, endpoint) {
+    return __awaiter(this, void 0, void 0, function* () {
+        yield storage.set(STORAGE_KEYS.LOCAL_DWN_ENDPOINT, endpoint);
+    });
+}
+/**
+ * Clear the persisted local DWN endpoint from auth storage.
+ *
+ * Call this when the cached endpoint is found to be stale (server no
+ * longer running).
+ *
+ * @param storage - The auth storage adapter.
+ */
+export function clearLocalDwnEndpoint(storage) {
+    return __awaiter(this, void 0, void 0, function* () {
+        yield storage.remove(STORAGE_KEYS.LOCAL_DWN_ENDPOINT);
+    });
+}
+/**
+ * Restore a previously persisted local DWN endpoint and inject it into the
+ * agent's discovery cache.
+ *
+ * The endpoint is validated by the agent (via `GET /info`) before being
+ * accepted. If validation fails, the stale entry is removed from storage.
+ *
+ * @param agent - The running EnboxUserAgent.
+ * @param storage - The auth storage adapter.
+ * @returns `true` if an endpoint was restored and validated, `false` otherwise.
+ */
+export function restoreLocalDwnEndpoint(agent, storage) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const endpoint = yield storage.get(STORAGE_KEYS.LOCAL_DWN_ENDPOINT);
+        if (!endpoint) {
+            return false;
+        }
+        const accepted = yield agent.dwn.setCachedLocalDwnEndpoint(endpoint);
+        if (!accepted) {
+            // The server is no longer running — remove the stale entry.
+            yield clearLocalDwnEndpoint(storage);
+            return false;
+        }
+        return true;
+    });
+}
+/**
+ * Run the full local DWN discovery sequence for a browser connection flow.
+ *
+ * This function handles the **receiving** side of local DWN discovery in
+ * the browser. It does NOT trigger the `dwn://register` redirect — use
+ * {@link requestLocalDwnDiscovery} for that.
+ *
+ * The discovery channels, from highest to lowest priority:
+ *
+ * 1. **URL fragment payload** — A `dwn://register` redirect just landed on
+ *    this page with the DWN endpoint in `#`. This is the highest-priority
+ *    signal because it's fresh and explicit.
+ *
+ * 2. **Persisted endpoint** (localStorage) — A previously discovered
+ *    endpoint is restored and re-validated via `GET /info`.
+ *
+ * 3. **Agent-level discovery** (transparent) — Even if this function
+ *    returns `false`, the agent's `LocalDwnDiscovery` will independently
+ *    try the discovery file (`~/.enbox/dwn.json`) and port probing on
+ *    every `sendRequest()` call. Those channels are not available in
+ *    browsers (no filesystem access, CORS may block probes), but they
+ *    work transparently in Node/Bun CLI environments.
+ *
+ * When an `emitter` is provided, this function emits:
+ * - `'local-dwn-available'` with the endpoint when discovery succeeds.
+ * - `'local-dwn-unavailable'` when no local DWN could be reached.
+ *
+ * @param agent - The running EnboxUserAgent.
+ * @param storage - The auth storage adapter.
+ * @param emitter - Optional event emitter for local DWN status notifications.
+ * @returns `true` if a local DWN endpoint was discovered and injected.
+ */
+export function applyLocalDwnDiscovery(agent, storage, emitter) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // Step 1: Check for a fresh payload in the URL fragment (redirect just happened).
+        const freshEndpoint = checkUrlForDwnDiscoveryPayload();
+        if (freshEndpoint) {
+            const accepted = yield agent.dwn.setCachedLocalDwnEndpoint(freshEndpoint);
+            if (accepted) {
+                yield persistLocalDwnEndpoint(storage, freshEndpoint);
+                emitter === null || emitter === void 0 ? void 0 : emitter.emit('local-dwn-available', { endpoint: freshEndpoint });
+                return true;
+            }
+            // Payload was in the URL but the server is not reachable — fall through.
+        }
+        // Step 2: Try restoring from storage.
+        const restored = yield restoreLocalDwnEndpoint(agent, storage);
+        if (restored) {
+            const endpoint = yield storage.get(STORAGE_KEYS.LOCAL_DWN_ENDPOINT);
+            if (endpoint) {
+                emitter === null || emitter === void 0 ? void 0 : emitter.emit('local-dwn-available', { endpoint });
+            }
+        }
+        else {
+            emitter === null || emitter === void 0 ? void 0 : emitter.emit('local-dwn-unavailable', {});
+        }
+        return restored;
+    });
+}
+// ─── dwn://register trigger ─────────────────────────────────────
+/**
+ * Initiate the `dwn://register` flow by opening the register URL.
+ *
+ * This asks the operating system to route `dwn://register?callback=<url>`
+ * to the registered handler (electrobun-dwn), which will redirect the
+ * user's browser back to `callbackUrl` with the local DWN endpoint
+ * encoded in the URL fragment.
+ *
+ * **Important:** There is no reliable cross-browser API to detect whether
+ * a `dwn://` handler is installed. If no handler is registered, this call
+ * will silently fail or show an OS-level error dialog. Use
+ * {@link probeLocalDwn} first to check if a local DWN is already
+ * reachable via port probing — if it is, you can skip the register flow
+ * entirely and call {@link applyLocalDwnDiscovery} instead.
+ *
+ * @param callbackUrl - The URL to redirect back to. Defaults to the
+ *   current page URL (without its fragment) if running in a browser.
+ * @returns `true` if the register URL was opened, `false` if no
+ *   callback URL could be determined (e.g. no `globalThis.location`).
+ *
+ * @example
+ * ```ts
+ * // Check if local DWN is already available via direct probe.
+ * const alreadyAvailable = await probeLocalDwn();
+ * if (!alreadyAvailable) {
+ *   // No local DWN found — trigger the dwn://register flow.
+ *   requestLocalDwnDiscovery();
+ *   // The page will reload with the endpoint in the URL fragment.
+ * }
+ * ```
+ */
+export function requestLocalDwnDiscovery(callbackUrl) {
+    const resolvedCallback = callbackUrl !== null && callbackUrl !== void 0 ? callbackUrl : currentPageUrl();
+    if (!resolvedCallback) {
+        return false;
+    }
+    const registerUrl = buildDwnRegisterUrl(resolvedCallback);
+    // Open the dwn:// URL. Use window.open() rather than location.href
+    // assignment to avoid navigating away from the current page if the
+    // OS handler isn't installed.
+    if (typeof globalThis.open === 'function') {
+        globalThis.open(registerUrl);
+        return true;
+    }
+    // Fallback for environments with location but no window.open.
+    if (typeof globalThis.location !== 'undefined') {
+        globalThis.location.href = registerUrl;
+        return true;
+    }
+    return false;
+}
+/**
+ * Probe whether a local DWN server is reachable via direct HTTP fetch.
+ *
+ * Attempts `GET http://127.0.0.1:{port}/info` on the well-known port
+ * candidates and returns the endpoint URL of the first server that
+ * responds with a valid `@enbox/dwn-server` identity.
+ *
+ * This is useful in browsers to check if a local DWN is available
+ * *before* triggering the `dwn://register` redirect flow — if the
+ * server is already reachable (CORS permitting), the redirect is
+ * unnecessary.
+ *
+ * @returns The local DWN endpoint URL, or `undefined` if no server
+ *   was found. Returns `undefined` (rather than throwing) on CORS
+ *   errors or network failures.
+ */
+export function probeLocalDwn() {
+    return __awaiter(this, void 0, void 0, function* () {
+        // Import port candidates from @enbox/agent. Using a dynamic import
+        // here keeps the function self-contained and avoids circular deps.
+        const { localDwnPortCandidates, localDwnHostCandidates } = yield import('@enbox/agent');
+        for (const port of localDwnPortCandidates) {
+            for (const host of localDwnHostCandidates) {
+                const endpoint = `http://${host}:${port}`;
+                try {
+                    const response = yield fetch(`${endpoint}/info`, { signal: AbortSignal.timeout(2000) });
+                    if (!response.ok) {
+                        continue;
+                    }
+                    const serverInfo = yield response.json();
+                    if ((serverInfo === null || serverInfo === void 0 ? void 0 : serverInfo.server) === '@enbox/dwn-server') {
+                        return endpoint;
+                    }
+                }
+                catch (_a) {
+                    // Network error, CORS block, or timeout — try next candidate.
+                }
+            }
+        }
+        return undefined;
+    });
+}
+// ─── Internal helpers ───────────────────────────────────────────
+/** Return the current page URL without the fragment, or `undefined`. */
+function currentPageUrl() {
+    if (typeof globalThis.location === 'undefined') {
+        return undefined;
+    }
+    return globalThis.location.href.split('#')[0];
+}
+//# sourceMappingURL=dwn-discovery.js.map

package/dist/esm/flows/dwn-discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dwn-discovery.js","sourceRoot":"","sources":["../../../src/flows/dwn-discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;;;;;;;;;;AAIH,OAAO,EAAE,mBAAmB,EAAE,8BAA8B,EAAE,MAAM,cAAc,CAAC;AAGnF,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,8BAA8B;IAC5C,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,8BAA8B,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACzE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,kEAAkE;IAClE,qDAAqD;IACrD,IAAI,OAAO,UAAU,CAAC,OAAO,KAAK,WAAW,IAAI,UAAU,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QACjF,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,OAAO,CAAC,QAAQ,CAAC;AAC1B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAgB,uBAAuB,CAC3C,OAAuB,EACvB,QAAgB;;QAEhB,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;CAAA;AAED;;;;;;;GAOG;AACH,MAAM,UAAgB,qBAAqB,CACzC,OAAuB;;QAEvB,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;IACxD,CAAC;CAAA;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAgB,uBAAuB,CAC3C,KAAqB,EACrB,OAAuB;;QAEvB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,4DAA4D;YAC5D,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,UAAgB,sBAAsB,CAC1C,KAAqB,EACrB,OAAuB,EACvB,OAA0B;;QAE1B,kFAAkF;QAClF,MAAM,aAAa,GAAG,8BAA8B,EAAE,CAAC;QAEvD,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,aAAa,CAAC,CAAC;YAC1E,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,uBAAuB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;gBACtD,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC;gBAClE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,yEAAyE;QAC3E,CAAC;QAED,sCAAsC;QACtC,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE/D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;YACpE,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,UAAU,wBAAwB,CAAC,WAAoB;IAC3D,MAAM,gBAAgB,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,cAAc,EAAE,CAAC;IACzD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,WAAW,GAAG,mBAAmB,CAAC,gBAAgB,CAAC,CAAC;IAE1D,mEAAmE;IACnE,mEAAmE;IACnE,8BAA8B;IAC9B,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC1C,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8DAA8D;IAC9D,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC/C,UAAU,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAgB,aAAa;;QACjC,mEAAmE;QACnE,mEAAmE;QACnE,MAAM,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,CAAC;QAExF,KAAK,MAAM,IAAI,IAAI,sBAAsB,EAAE,CAAC;YAC1C,KAAK,MAAM,IAAI,IAAI,sBAAsB,EAAE,CAAC;gBAC1C,MAAM,QAAQ,GAAG,UAAU,IAAI,IAAI,IAAI,EAAE,CAAC;gBAC1C,IAAI,CAAC;oBACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,QAAQ,OAAO,EAAE,EAAE,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,IAAK,CAAC,EAAE,CAAC,CAAC;oBACzF,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;wBAAC,SAAS;oBAAC,CAAC;oBAE/B,MAAM,UAAU,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAyB,CAAC;oBAChE,IAAI,CAAA,UAAU,aAAV,UAAU,uBAAV,UAAU,CAAE,MAAM,MAAK,mBAAmB,EAAE,CAAC;wBAC/C,OAAO,QAAQ,CAAC;oBAClB,CAAC;gBACH,CAAC;gBAAC,WAAM,CAAC;oBACP,8DAA8D;gBAChE,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CAAA;AAED,mEAAmE;AAEnE,wEAAwE;AACxE,SAAS,cAAc;IACrB,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC"}

package/dist/esm/flows/dwn-registration.js

@@ -0,0 +1,122 @@
+/**
+ * DWN registration flow.
+ *
+ * Registers the agent DID and connected DID with DWN endpoints.
+ * Supports two registration paths:
+ * 1. Provider auth (`provider-auth-v0`) — OAuth-style with tokens
+ * 2. Proof of Work (default) — PoW challenge-response
+ *
+ * This matches the registration logic from `Enbox.connect()` but as a
+ * standalone, reusable function.
+ * @module
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { DwnRegistrar } from '@enbox/dwn-clients';
+/**
+ * Register the agent and connected DIDs with the configured DWN endpoints.
+ *
+ * For each endpoint:
+ * 1. Fetches server info to check registration requirements.
+ * 2. If the server requires `provider-auth-v0` and the app provides
+ *    `onProviderAuthRequired`, runs the OAuth flow (with token refresh).
+ * 3. Otherwise falls back to PoW registration.
+ * 4. Calls `onSuccess` when all endpoints succeed, `onFailure` on error.
+ *
+ * @internal
+ */
+export function registerWithDwnEndpoints(ctx, registration) {
+    return __awaiter(this, void 0, void 0, function* () {
+        var _a;
+        const { userAgent, dwnEndpoints, agentDid, connectedDid } = ctx;
+        const updatedTokens = Object.assign({}, ((_a = registration.registrationTokens) !== null && _a !== void 0 ? _a : {}));
+        try {
+            for (const dwnEndpoint of dwnEndpoints) {
+                const serverInfo = yield userAgent.rpc.getServerInfo(dwnEndpoint);
+                if (serverInfo.registrationRequirements.length === 0) {
+                    continue;
+                }
+                // Deduplicate DIDs to register.
+                const didsToRegister = [agentDid, connectedDid]
+                    .filter((did, i, arr) => arr.indexOf(did) === i);
+                const hasProviderAuth = serverInfo.registrationRequirements.includes('provider-auth-v0')
+                    && serverInfo.providerAuth !== undefined;
+                if (hasProviderAuth && registration.onProviderAuthRequired) {
+                    // --- Provider Auth Path ---
+                    let tokenData = updatedTokens[dwnEndpoint];
+                    // Refresh expired tokens.
+                    if ((tokenData === null || tokenData === void 0 ? void 0 : tokenData.expiresAt) !== undefined && tokenData.expiresAt < Date.now()) {
+                        if (tokenData.refreshUrl && tokenData.refreshToken) {
+                            const refreshed = yield DwnRegistrar.refreshRegistrationToken(tokenData.refreshUrl, tokenData.refreshToken);
+                            tokenData = {
+                                registrationToken: refreshed.registrationToken,
+                                refreshToken: refreshed.refreshToken,
+                                expiresAt: refreshed.expiresIn !== undefined
+                                    ? Date.now() + (refreshed.expiresIn * 1000) : undefined,
+                                tokenUrl: tokenData.tokenUrl,
+                                refreshUrl: tokenData.refreshUrl,
+                            };
+                            updatedTokens[dwnEndpoint] = tokenData;
+                        }
+                        else {
+                            tokenData = undefined;
+                        }
+                    }
+                    // Run the auth flow if no valid token exists.
+                    if (tokenData === undefined) {
+                        const state = crypto.randomUUID();
+                        const providerAuth = serverInfo.providerAuth;
+                        const separator = providerAuth.authorizeUrl.includes('?') ? '&' : '?';
+                        const authorizeUrl = `${providerAuth.authorizeUrl}${separator}`
+                            + `redirect_uri=${encodeURIComponent(dwnEndpoint)}`
+                            + `&state=${encodeURIComponent(state)}`;
+                        const authResult = yield registration.onProviderAuthRequired({
+                            authorizeUrl,
+                            dwnEndpoint,
+                            state,
+                        });
+                        if (authResult.state !== state) {
+                            throw new Error('Provider auth state mismatch \u2014 possible CSRF attack.');
+                        }
+                        const tokenResponse = yield DwnRegistrar.exchangeAuthCode(providerAuth.tokenUrl, authResult.code, dwnEndpoint);
+                        tokenData = {
+                            registrationToken: tokenResponse.registrationToken,
+                            refreshToken: tokenResponse.refreshToken,
+                            expiresAt: tokenResponse.expiresIn !== undefined
+                                ? Date.now() + (tokenResponse.expiresIn * 1000) : undefined,
+                            tokenUrl: providerAuth.tokenUrl,
+                            refreshUrl: providerAuth.refreshUrl,
+                        };
+                        updatedTokens[dwnEndpoint] = tokenData;
+                    }
+                    // Register each DID using the provider auth token.
+                    for (const did of didsToRegister) {
+                        yield DwnRegistrar.registerTenantWithToken(dwnEndpoint, did, tokenData.registrationToken);
+                    }
+                }
+                else {
+                    // --- Default Path (PoW / general registration) ---
+                    for (const did of didsToRegister) {
+                        yield DwnRegistrar.registerTenant(dwnEndpoint, did);
+                    }
+                }
+            }
+            // Notify app of updated tokens for persistence.
+            if (registration.onRegistrationTokens) {
+                registration.onRegistrationTokens(updatedTokens);
+            }
+            registration.onSuccess();
+        }
+        catch (error) {
+            registration.onFailure(error);
+        }
+    });
+}
+//# sourceMappingURL=dwn-registration.js.map

package/dist/esm/flows/dwn-registration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dwn-registration.js","sourceRoot":"","sources":["../../../src/flows/dwn-registration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;;;;;;;;;;AAIH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAsBlD;;;;;;;;;;;GAWG;AACH,MAAM,UAAgB,wBAAwB,CAC5C,GAAwB,EACxB,YAAiC;;;QAEjC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,GAAG,GAAG,CAAC;QAEhE,MAAM,aAAa,qBACd,CAAC,MAAA,YAAY,CAAC,kBAAkB,mCAAI,EAAE,CAAC,CAC3C,CAAC;QAEF,IAAI,CAAC;YACH,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;gBAElE,IAAI,UAAU,CAAC,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC;qBAC5C,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAiB,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;gBAElE,MAAM,eAAe,GACnB,UAAU,CAAC,wBAAwB,CAAC,QAAQ,CAAC,kBAAkB,CAAC;uBAC7D,UAAU,CAAC,YAAY,KAAK,SAAS,CAAC;gBAE3C,IAAI,eAAe,IAAI,YAAY,CAAC,sBAAsB,EAAE,CAAC;oBAC3D,6BAA6B;oBAC7B,IAAI,SAAS,GAAG,aAAa,CAAC,WAAW,CAAsC,CAAC;oBAEhF,0BAA0B;oBAC1B,IAAI,CAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,SAAS,MAAK,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;wBAC3E,IAAI,SAAS,CAAC,UAAU,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;4BACnD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,wBAAwB,CAC3D,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,YAAY,CAC7C,CAAC;4BACF,SAAS,GAAG;gCACV,iBAAiB,EAAG,SAAS,CAAC,iBAAiB;gCAC/C,YAAY,EAAQ,SAAS,CAAC,YAAY;gCAC1C,SAAS,EAAW,SAAS,CAAC,SAAS,KAAK,SAAS;oCACnD,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gCACzD,QAAQ,EAAK,SAAS,CAAC,QAAQ;gCAC/B,UAAU,EAAG,SAAS,CAAC,UAAU;6BAClC,CAAC;4BACF,aAAa,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;wBACzC,CAAC;6BAAM,CAAC;4BACN,SAAS,GAAG,SAAS,CAAC;wBACxB,CAAC;oBACH,CAAC;oBAED,8CAA8C;oBAC9C,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;wBAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;wBAClC,MAAM,YAAY,GAAG,UAAU,CAAC,YAAa,CAAC;wBAC9C,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;wBACtE,MAAM,YAAY,GAAG,GAAG,YAAY,CAAC,YAAY,GAAG,SAAS,EAAE;8BAC3D,gBAAgB,kBAAkB,CAAC,WAAW,CAAC,EAAE;8BACjD,UAAU,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;wBAE1C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;4BAC3D,YAAY;4BACZ,WAAW;4BACX,KAAK;yBACN,CAAC,CAAC;wBAEH,IAAI,UAAU,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;4BAC/B,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;wBAC/E,CAAC;wBAED,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,gBAAgB,CACvD,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,EAAE,WAAW,CACpD,CAAC;wBAEF,SAAS,GAAG;4BACV,iBAAiB,EAAG,aAAa,CAAC,iBAAiB;4BACnD,YAAY,EAAQ,aAAa,CAAC,YAAY;4BAC9C,SAAS,EAAW,aAAa,CAAC,SAAS,KAAK,SAAS;gCACvD,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;4BAC7D,QAAQ,EAAK,YAAY,CAAC,QAAQ;4BAClC,UAAU,EAAG,YAAY,CAAC,UAAU;yBACrC,CAAC;wBACF,aAAa,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;oBACzC,CAAC;oBAED,mDAAmD;oBACnD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;wBACjC,MAAM,YAAY,CAAC,uBAAuB,CACxC,WAAW,EAAE,GAAG,EAAE,SAAS,CAAC,iBAAiB,CAC9C,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,oDAAoD;oBACpD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;wBACjC,MAAM,YAAY,CAAC,cAAc,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;oBACtD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,gDAAgD;YAChD,IAAI,YAAY,CAAC,oBAAoB,EAAE,CAAC;gBACtC,YAAY,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC;YACnD,CAAC;YAED,YAAY,CAAC,SAAS,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;CAAA"}

package/dist/esm/flows/import-identity.js

@@ -0,0 +1,175 @@
+/**
+ * Identity import flows.
+ *
+ * - Import from BIP-39 recovery phrase (re-derive vault + identity).
+ * - Import from PortableIdentity JSON.
+ * @module
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { AuthSession } from '../identity-session.js';
+import { registerWithDwnEndpoints } from './dwn-registration.js';
+import { STORAGE_KEYS } from '../types.js';
+/**
+ * Import (or recover) an identity from a BIP-39 recovery phrase.
+ *
+ * This re-initializes the vault with the given phrase and password,
+ * recovering the agent DID and all derived keys.
+ */
+export function importFromPhrase(ctx, options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        var _a, _b, _c;
+        const { userAgent, emitter, storage } = ctx;
+        const { recoveryPhrase, password } = options;
+        const sync = (_a = options.sync) !== null && _a !== void 0 ? _a : ctx.defaultSync;
+        const dwnEndpoints = (_c = (_b = options.dwnEndpoints) !== null && _b !== void 0 ? _b : ctx.defaultDwnEndpoints) !== null && _c !== void 0 ? _c : ['https://enbox-dwn.fly.dev'];
+        // Initialize the vault with the recovery phrase.
+        // This re-derives the same agent DID and CEK from the mnemonic.
+        if (yield userAgent.firstLaunch()) {
+            yield userAgent.initialize({
+                password,
+                recoveryPhrase,
+                dwnEndpoints,
+            });
+        }
+        yield userAgent.start({ password });
+        emitter.emit('vault-unlocked', {});
+        // The recovery phrase re-derives the same agent DID,
+        // but the user identity might not exist yet — create one if needed.
+        const identities = yield userAgent.identity.list();
+        let identity = identities[0];
+        let isNewIdentity = false;
+        if (!identity) {
+            isNewIdentity = true;
+            identity = yield userAgent.identity.create({
+                didMethod: 'dht',
+                metadata: { name: 'Default' },
+                didOptions: {
+                    services: [
+                        {
+                            id: 'dwn',
+                            type: 'DecentralizedWebNode',
+                            serviceEndpoint: dwnEndpoints,
+                            enc: '#enc',
+                            sig: '#sig',
+                        }
+                    ],
+                    verificationMethods: [
+                        {
+                            algorithm: 'Ed25519',
+                            id: 'sig',
+                            purposes: ['assertionMethod', 'authentication'],
+                        },
+                        {
+                            algorithm: 'X25519',
+                            id: 'enc',
+                            purposes: ['keyAgreement'],
+                        },
+                    ],
+                },
+            });
+        }
+        const connectedDid = identity.did.uri;
+        // Register with DWN endpoints (if registration options are provided).
+        if (ctx.registration) {
+            yield registerWithDwnEndpoints({
+                userAgent: userAgent,
+                dwnEndpoints,
+                agentDid: userAgent.agentDid.uri,
+                connectedDid,
+            }, ctx.registration);
+        }
+        // Register and start sync.
+        if (isNewIdentity && sync !== 'off') {
+            yield userAgent.sync.registerIdentity({ did: connectedDid, options: { protocols: [] } });
+        }
+        if (sync !== 'off') {
+            const syncMode = sync === undefined ? 'live' : 'poll';
+            const syncInterval = sync !== null && sync !== void 0 ? sync : (syncMode === 'live' ? '5m' : '2m');
+            userAgent.sync.startSync({ mode: syncMode, interval: syncInterval })
+                .catch((err) => console.error('[@enbox/auth] Sync failed:', err));
+        }
+        yield storage.set(STORAGE_KEYS.PREVIOUSLY_CONNECTED, 'true');
+        yield storage.set(STORAGE_KEYS.ACTIVE_IDENTITY, connectedDid);
+        const identityInfo = {
+            didUri: connectedDid,
+            name: identity.metadata.name,
+        };
+        const session = new AuthSession({
+            agent: userAgent,
+            did: connectedDid,
+            identity: identityInfo,
+        });
+        emitter.emit('identity-added', { identity: identityInfo });
+        emitter.emit('session-start', {
+            session: { did: connectedDid, identity: identityInfo },
+        });
+        return session;
+    });
+}
+/**
+ * Import an identity from a PortableIdentity JSON object.
+ *
+ * The portable identity contains the DID's private keys and metadata,
+ * allowing it to be used on this device.
+ */
+export function importFromPortable(ctx, options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        var _a, _b, _c;
+        const { userAgent, emitter, storage } = ctx;
+        const sync = (_a = options.sync) !== null && _a !== void 0 ? _a : ctx.defaultSync;
+        const identity = yield userAgent.identity.import({
+            portableIdentity: options.portableIdentity,
+        });
+        const connectedDid = (_b = identity.metadata.connectedDid) !== null && _b !== void 0 ? _b : identity.did.uri;
+        const delegateDid = identity.metadata.connectedDid ? identity.did.uri : undefined;
+        // Register with DWN endpoints (if registration options are provided).
+        // For portable imports, extract endpoints from the DID document's DWN service.
+        if (ctx.registration) {
+            const dwnEndpoints = (_c = ctx.defaultDwnEndpoints) !== null && _c !== void 0 ? _c : ['https://enbox-dwn.fly.dev'];
+            yield registerWithDwnEndpoints({
+                userAgent: userAgent,
+                dwnEndpoints,
+                agentDid: userAgent.agentDid.uri,
+                connectedDid,
+            }, ctx.registration);
+        }
+        // Register and start sync.
+        if (sync !== 'off') {
+            yield userAgent.sync.registerIdentity({
+                did: connectedDid,
+                options: { delegateDid, protocols: [] },
+            });
+            const syncMode = sync === undefined ? 'live' : 'poll';
+            const syncInterval = sync !== null && sync !== void 0 ? sync : (syncMode === 'live' ? '5m' : '2m');
+            userAgent.sync.startSync({ mode: syncMode, interval: syncInterval })
+                .catch((err) => console.error('[@enbox/auth] Sync failed:', err));
+        }
+        yield storage.set(STORAGE_KEYS.PREVIOUSLY_CONNECTED, 'true');
+        yield storage.set(STORAGE_KEYS.ACTIVE_IDENTITY, connectedDid);
+        const identityInfo = {
+            didUri: connectedDid,
+            name: identity.metadata.name,
+            connectedDid: identity.metadata.connectedDid,
+        };
+        const session = new AuthSession({
+            agent: userAgent,
+            did: connectedDid,
+            delegateDid,
+            identity: identityInfo,
+        });
+        emitter.emit('identity-added', { identity: identityInfo });
+        emitter.emit('session-start', {
+            session: { did: connectedDid, delegateDid, identity: identityInfo },
+        });
+        return session;
+    });
+}
+//# sourceMappingURL=import-identity.js.map

package/dist/esm/flows/import-identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"import-identity.js","sourceRoot":"","sources":["../../../src/flows/import-identity.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;;;;;;;;;AAKH,OAAO,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AACrD,OAAO,EAAE,wBAAwB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAmB3C;;;;;GAKG;AACH,MAAM,UAAgB,gBAAgB,CACpC,GAAkB,EAClB,OAAgC;;;QAEhC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAC5C,MAAM,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAA,OAAO,CAAC,IAAI,mCAAI,GAAG,CAAC,WAAW,CAAC;QAC7C,MAAM,YAAY,GAAG,MAAA,MAAA,OAAO,CAAC,YAAY,mCAAI,GAAG,CAAC,mBAAmB,mCAAI,CAAC,2BAA2B,CAAC,CAAC;QAEtG,iDAAiD;QACjD,gEAAgE;QAChE,IAAI,MAAM,SAAS,CAAC,WAAW,EAAE,EAAE,CAAC;YAClC,MAAM,SAAS,CAAC,UAAU,CAAC;gBACzB,QAAQ;gBACR,cAAc;gBACd,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QAED,MAAM,SAAS,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpC,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;QAEnC,qDAAqD;QACrD,oEAAoE;QACpE,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,aAAa,GAAG,KAAK,CAAC;QAE1B,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,aAAa,GAAG,IAAI,CAAC;YACrB,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACzC,SAAS,EAAI,KAAK;gBAClB,QAAQ,EAAK,EAAE,IAAI,EAAE,SAAS,EAAE;gBAChC,UAAU,EAAG;oBACX,QAAQ,EAAE;wBACR;4BACE,EAAE,EAAgB,KAAK;4BACvB,IAAI,EAAc,sBAAsB;4BACxC,eAAe,EAAG,YAAY;4BAC9B,GAAG,EAAe,MAAM;4BACxB,GAAG,EAAe,MAAM;yBACzB;qBACF;oBACD,mBAAmB,EAAE;wBACnB;4BACE,SAAS,EAAG,SAAS;4BACrB,EAAE,EAAU,KAAK;4BACjB,QAAQ,EAAI,CAAC,iBAAiB,EAAE,gBAAgB,CAAC;yBAClD;wBACD;4BACE,SAAS,EAAG,QAAQ;4BACpB,EAAE,EAAU,KAAK;4BACjB,QAAQ,EAAI,CAAC,cAAc,CAAC;yBAC7B;qBACF;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;QAEtC,sEAAsE;QACtE,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACrB,MAAM,wBAAwB,CAC5B;gBACE,SAAS,EAAG,SAAS;gBACrB,YAAY;gBACZ,QAAQ,EAAI,SAAS,CAAC,QAAQ,CAAC,GAAG;gBAClC,YAAY;aACb,EACD,GAAG,CAAC,YAAY,CACjB,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,IAAI,aAAa,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACpC,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,YAAY,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,MAAM,QAAQ,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;YACtD,MAAM,YAAY,GAAG,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACjE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;iBACjE,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAE9D,MAAM,YAAY,GAAG;YACnB,MAAM,EAAG,YAAY;YACrB,IAAI,EAAK,QAAQ,CAAC,QAAQ,CAAC,IAAI;SAChC,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC;YAC9B,KAAK,EAAM,SAAS;YACpB,GAAG,EAAQ,YAAY;YACvB,QAAQ,EAAG,YAAY;SACxB,CAAC,CAAC;QAEH,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE;YAC5B,OAAO,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE;SACvD,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;CAAA;AAED;;;;;GAKG;AACH,MAAM,UAAgB,kBAAkB,CACtC,GAAkB,EAClB,OAAkC;;;QAElC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAA,OAAO,CAAC,IAAI,mCAAI,GAAG,CAAC,WAAW,CAAC;QAE7C,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC;YAC/C,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;SAC3C,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAA,QAAQ,CAAC,QAAQ,CAAC,YAAY,mCAAI,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;QACxE,MAAM,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QAElF,sEAAsE;QACtE,+EAA+E;QAC/E,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACrB,MAAM,YAAY,GAAG,MAAA,GAAG,CAAC,mBAAmB,mCAAI,CAAC,2BAA2B,CAAC,CAAC;YAC9E,MAAM,wBAAwB,CAC5B;gBACE,SAAS,EAAG,SAAS;gBACrB,YAAY;gBACZ,QAAQ,EAAI,SAAS,CAAC,QAAQ,CAAC,GAAG;gBAClC,YAAY;aACb,EACD,GAAG,CAAC,YAAY,CACjB,CAAC;QACJ,CAAC;QAED,2BAA2B;QAC3B,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC;gBACpC,GAAG,EAAO,YAAY;gBACtB,OAAO,EAAG,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aACzC,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC;YACtD,MAAM,YAAY,GAAG,IAAI,aAAJ,IAAI,cAAJ,IAAI,GAAI,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACjE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;iBACjE,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,GAAG,CAAC,CAAC,CAAC;QAC/E,CAAC;QAED,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;QAC7D,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,EAAE,YAAY,CAAC,CAAC;QAE9D,MAAM,YAAY,GAAG;YACnB,MAAM,EAAS,YAAY;YAC3B,IAAI,EAAW,QAAQ,CAAC,QAAQ,CAAC,IAAI;YACrC,YAAY,EAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY;SAC9C,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,WAAW,CAAC;YAC9B,KAAK,EAAM,SAAS;YACpB,GAAG,EAAQ,YAAY;YACvB,WAAW;YACX,QAAQ,EAAG,YAAY;SACxB,CAAC,CAAC;QAEH,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,IAAI,CAAC,eAAe,EAAE;YAC5B,OAAO,EAAE,EAAE,GAAG,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,EAAE;SACpE,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;CAAA"}