@enbox/auth 0.5.0 → 0.6.1

package/dist/esm/connect/local.js

@@ -0,0 +1,105 @@
+/**
+ * Local DID connect flow.
+ *
+ * Creates or reconnects a local identity with vault-protected keys.
+ * This replaces the "Mode D/E" paths in Enbox.connect().
+ * @module
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { applyLocalDwnDiscovery } from '../discovery.js';
+import { DEFAULT_DWN_ENDPOINTS } from '../types.js';
+import { registerWithDwnEndpoints } from '../registration.js';
+import { createDefaultIdentity, ensureVaultReady, finalizeSession, resolveIdentityDids, resolvePassword, startSyncIfEnabled } from './lifecycle.js';
+/**
+ * Execute the local connect flow.
+ *
+ * - On first launch: initializes the vault. Identity creation is opt-in via
+ *   `options.createIdentity: true`.
+ * - On subsequent launches: unlocks the vault and reconnects to the existing identity.
+ *
+ * When no identities exist and `createIdentity` is not `true`, the session
+ * is returned with the **agent DID** as the connected DID. This allows apps to
+ * manage identity creation separately from vault setup.
+ */
+export function localConnect(ctx_1) {
+    return __awaiter(this, arguments, void 0, function* (ctx, options = {}) {
+        var _a, _b, _c, _d, _e;
+        const { userAgent, emitter, storage } = ctx;
+        // Resolve password through the standard chain.
+        const isFirstLaunch = yield userAgent.firstLaunch();
+        const password = yield resolvePassword(ctx, options.password, isFirstLaunch);
+        const sync = (_a = options.sync) !== null && _a !== void 0 ? _a : ctx.defaultSync;
+        const dwnEndpoints = (_c = (_b = options.dwnEndpoints) !== null && _b !== void 0 ? _b : ctx.defaultDwnEndpoints) !== null && _c !== void 0 ? _c : DEFAULT_DWN_ENDPOINTS;
+        const shouldCreateIdentity = options.createIdentity === true;
+        // Initialize vault on first launch and start the agent.
+        const recoveryPhrase = yield ensureVaultReady({
+            userAgent,
+            emitter,
+            password,
+            isFirstLaunch,
+            recoveryPhrase: options.recoveryPhrase,
+            dwnEndpoints,
+        });
+        // Apply local DWN discovery (browser redirect payload or persisted endpoint).
+        // In remote mode, discovery already ran before agent creation — skip.
+        if (!userAgent.dwn.isRemoteMode) {
+            yield applyLocalDwnDiscovery(userAgent, storage, emitter);
+        }
+        // Find or create the user identity.
+        const identities = yield userAgent.identity.list();
+        let identity = identities[0];
+        let isNewIdentity = false;
+        if (!identity && shouldCreateIdentity) {
+            isNewIdentity = true;
+            identity = yield createDefaultIdentity(userAgent, dwnEndpoints, (_e = (_d = options.metadata) === null || _d === void 0 ? void 0 : _d.name) !== null && _e !== void 0 ? _e : 'Default');
+        }
+        // When no identity exists (createIdentity: false on first launch), use the
+        // agent DID as the session's connected DID. The session is still valid but
+        // operates in the agent's context rather than a user identity's context.
+        const connectedDid = identity
+            ? resolveIdentityDids(identity).connectedDid
+            : userAgent.agentDid.uri;
+        const delegateDid = identity
+            ? resolveIdentityDids(identity).delegateDid
+            : undefined;
+        // Register with DWN endpoints (if registration options are provided).
+        if (ctx.registration) {
+            yield registerWithDwnEndpoints({
+                userAgent: userAgent,
+                dwnEndpoints,
+                agentDid: userAgent.agentDid.uri,
+                connectedDid,
+                storage: storage,
+            }, ctx.registration);
+        }
+        // Register sync for new identities.
+        if (isNewIdentity && sync !== 'off') {
+            yield userAgent.sync.registerIdentity({
+                did: connectedDid,
+                options: { delegateDid, protocols: [] },
+            });
+        }
+        // Start sync.
+        startSyncIfEnabled(userAgent, sync);
+        // Persist session info, build AuthSession, and emit lifecycle events.
+        return finalizeSession({
+            userAgent,
+            emitter,
+            storage,
+            connectedDid,
+            delegateDid,
+            recoveryPhrase,
+            identityName: identity === null || identity === void 0 ? void 0 : identity.metadata.name,
+            identityConnectedDid: identity === null || identity === void 0 ? void 0 : identity.metadata.connectedDid,
+        });
+    });
+}
+//# sourceMappingURL=local.js.map

package/dist/esm/connect/local.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local.js","sourceRoot":"","sources":["../../../src/connect/local.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;;;;;;;;;AAMH,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,eAAe,EAAE,mBAAmB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAEpJ;;;;;;;;;;GAUG;AACH,MAAM,UAAgB,YAAY;yDAChC,GAAgB,EAChB,UAA+B,EAAE;;QAEjC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAE5C,+CAA+C;QAC/C,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;QAE7E,MAAM,IAAI,GAAG,MAAA,OAAO,CAAC,IAAI,mCAAI,GAAG,CAAC,WAAW,CAAC;QAC7C,MAAM,YAAY,GAAG,MAAA,MAAA,OAAO,CAAC,YAAY,mCAAI,GAAG,CAAC,mBAAmB,mCAAI,qBAAqB,CAAC;QAC9F,MAAM,oBAAoB,GAAG,OAAO,CAAC,cAAc,KAAK,IAAI,CAAC;QAE7D,wDAAwD;QACxD,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAAC;YAC5C,SAAS;YACT,OAAO;YACP,QAAQ;YACR,aAAa;YACb,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,YAAY;SACb,CAAC,CAAC;QAEH,8EAA8E;QAC9E,sEAAsE;QACtE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YAChC,MAAM,sBAAsB,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAED,oCAAoC;QACpC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnD,IAAI,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAC7B,IAAI,aAAa,GAAG,KAAK,CAAC;QAE1B,IAAI,CAAC,QAAQ,IAAI,oBAAoB,EAAE,CAAC;YACtC,aAAa,GAAG,IAAI,CAAC;YACrB,QAAQ,GAAG,MAAM,qBAAqB,CAAC,SAAS,EAAE,YAAY,EAAE,MAAA,MAAA,OAAO,CAAC,QAAQ,0CAAE,IAAI,mCAAI,SAAS,CAAC,CAAC;QACvG,CAAC;QAED,2EAA2E;QAC3E,2EAA2E;QAC3E,yEAAyE;QACzE,MAAM,YAAY,GAAG,QAAQ;YAC3B,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,YAAY;YAC5C,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;QAE3B,MAAM,WAAW,GAAG,QAAQ;YAC1B,CAAC,CAAC,mBAAmB,CAAC,QAAQ,CAAC,CAAC,WAAW;YAC3C,CAAC,CAAC,SAAS,CAAC;QAEd,sEAAsE;QACtE,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACrB,MAAM,wBAAwB,CAC5B;gBACE,SAAS,EAAG,SAAS;gBACrB,YAAY;gBACZ,QAAQ,EAAI,SAAS,CAAC,QAAQ,CAAC,GAAG;gBAClC,YAAY;gBACZ,OAAO,EAAK,OAAO;aACpB,EACD,GAAG,CAAC,YAAY,CACjB,CAAC;QACJ,CAAC;QAED,oCAAoC;QACpC,IAAI,aAAa,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACpC,MAAM,SAAS,CAAC,IAAI,CAAC,gBAAgB,CAAC;gBACpC,GAAG,EAAO,YAAY;gBACtB,OAAO,EAAG,EAAE,WAAW,EAAE,SAAS,EAAE,EAAE,EAAE;aACzC,CAAC,CAAC;QACL,CAAC;QAED,cAAc;QACd,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QAEpC,sEAAsE;QACtE,OAAO,eAAe,CAAC;YACrB,SAAS;YACT,OAAO;YACP,OAAO;YACP,YAAY;YACZ,WAAW;YACX,cAAc;YACd,YAAY,EAAW,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,QAAQ,CAAC,IAAI;YAC9C,oBAAoB,EAAG,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,QAAQ,CAAC,YAAY;SACvD,CAAC,CAAC;IACL,CAAC;CAAA"}

package/dist/esm/connect/restore.js

@@ -0,0 +1,117 @@
+/**
+ * Session restore flow.
+ *
+ * Restores a previously established session from persisted storage,
+ * replacing the "previouslyConnected" pattern in apps.
+ * @module
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { applyLocalDwnDiscovery } from '../discovery.js';
+import { STORAGE_KEYS } from '../types.js';
+import { ensureVaultReady, finalizeSession, resolveIdentityDids, resolvePassword, startSyncIfEnabled } from './lifecycle.js';
+/**
+ * Attempt to restore a previous session.
+ *
+ * Returns `undefined` if no previous session exists.
+ * Returns an `AuthSession` if the session was successfully restored.
+ */
+export function restoreSession(ctx_1) {
+    return __awaiter(this, arguments, void 0, function* (ctx, options = {}) {
+        const { userAgent, emitter, storage } = ctx;
+        // Check if there was a previous session.
+        const previouslyConnected = yield storage.get(STORAGE_KEYS.PREVIOUSLY_CONNECTED);
+        if (previouslyConnected !== 'true') {
+            return undefined;
+        }
+        // Resolve password: explicit option → callback → provider → manager default → insecure fallback.
+        // Note: restoreSession has an extra `onPasswordRequired` callback that sits between
+        // the explicit password and the provider. We handle that here, then delegate the
+        // remainder of the chain to `resolvePassword()`.
+        let explicitPassword = options.password;
+        if (!explicitPassword && !ctx.defaultPassword && options.onPasswordRequired) {
+            explicitPassword = yield options.onPasswordRequired();
+        }
+        // Check for stale session marker: if the vault was never initialized,
+        // previouslyConnected is a leftover — clean up and bail.
+        const isFirstLaunch = yield userAgent.firstLaunch();
+        if (isFirstLaunch) {
+            yield storage.remove(STORAGE_KEYS.PREVIOUSLY_CONNECTED);
+            return undefined;
+        }
+        const password = yield resolvePassword(ctx, explicitPassword, false);
+        // Start the agent (vault is known to exist).
+        yield ensureVaultReady({
+            userAgent,
+            emitter,
+            password,
+            isFirstLaunch: false,
+        });
+        // Apply local DWN discovery (browser redirect payload or persisted endpoint).
+        // In remote mode, discovery already ran before agent creation — skip.
+        if (!userAgent.dwn.isRemoteMode) {
+            yield applyLocalDwnDiscovery(userAgent, storage, emitter);
+        }
+        // Determine which identity to reconnect.
+        const activeIdentityDid = yield storage.get(STORAGE_KEYS.ACTIVE_IDENTITY);
+        const storedDelegateDid = yield storage.get(STORAGE_KEYS.DELEGATE_DID);
+        // First try the connected identity (wallet-connected sessions).
+        let identity = yield userAgent.identity.connectedIdentity();
+        if (!identity) {
+            // Try to find the specific active identity.
+            if (activeIdentityDid) {
+                identity = yield userAgent.identity.get({ didUri: activeIdentityDid });
+            }
+            // Fall back to the first available identity.
+            if (!identity) {
+                const identities = yield userAgent.identity.list();
+                identity = identities[0];
+            }
+        }
+        // Start sync.
+        startSyncIfEnabled(userAgent, ctx.defaultSync);
+        if (!identity) {
+            // No identity found — this is valid for agent-only sessions created
+            // with `createIdentity: false`. Restore a session using the agent DID.
+            // If the active identity stored was the agent DID, this is an
+            // intentional agent-only session rather than stale data.
+            const isAgentOnlySession = activeIdentityDid === userAgent.agentDid.uri;
+            if (!isAgentOnlySession) {
+                // Truly stale session data — clean up and bail.
+                yield storage.remove(STORAGE_KEYS.PREVIOUSLY_CONNECTED);
+                yield storage.remove(STORAGE_KEYS.ACTIVE_IDENTITY);
+                yield storage.remove(STORAGE_KEYS.DELEGATE_DID);
+                yield storage.remove(STORAGE_KEYS.CONNECTED_DID);
+                return undefined;
+            }
+            return finalizeSession({
+                userAgent,
+                emitter,
+                storage,
+                connectedDid: userAgent.agentDid.uri,
+                emitIdentityAdded: false,
+            });
+        }
+        const { connectedDid, delegateDid } = resolveIdentityDids(identity, storedDelegateDid !== null && storedDelegateDid !== void 0 ? storedDelegateDid : undefined);
+        // Persist session info, build AuthSession, and emit lifecycle events.
+        // Session restore does not emit `identity-added` (identity was already added in the original flow).
+        return finalizeSession({
+            userAgent,
+            emitter,
+            storage,
+            connectedDid,
+            delegateDid,
+            identityName: identity.metadata.name,
+            identityConnectedDid: identity.metadata.connectedDid,
+            emitIdentityAdded: false,
+        });
+    });
+}
+//# sourceMappingURL=restore.js.map

package/dist/esm/connect/restore.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"restore.js","sourceRoot":"","sources":["../../../src/connect/restore.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;;;;;;;;;;AAMH,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAC;AACzD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,mBAAmB,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,gBAAgB,CAAC;AAE7H;;;;;GAKG;AACH,MAAM,UAAgB,cAAc;yDAClC,GAAgB,EAChB,UAAiC,EAAE;QAEnC,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAE5C,yCAAyC;QACzC,MAAM,mBAAmB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;QACjF,IAAI,mBAAmB,KAAK,MAAM,EAAE,CAAC;YACnC,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,iGAAiG;QACjG,oFAAoF;QACpF,iFAAiF;QACjF,iDAAiD;QACjD,IAAI,gBAAgB,GAAG,OAAO,CAAC,QAAQ,CAAC;QAExC,IAAI,CAAC,gBAAgB,IAAI,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,kBAAkB,EAAE,CAAC;YAC5E,gBAAgB,GAAG,MAAM,OAAO,CAAC,kBAAkB,EAAE,CAAC;QACxD,CAAC;QAED,sEAAsE;QACtE,yDAAyD;QACzD,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC;QACpD,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;YACxD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;QAErE,6CAA6C;QAC7C,MAAM,gBAAgB,CAAC;YACrB,SAAS;YACT,OAAO;YACP,QAAQ;YACR,aAAa,EAAE,KAAK;SACrB,CAAC,CAAC;QAEH,8EAA8E;QAC9E,sEAAsE;QACtE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC;YAChC,MAAM,sBAAsB,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;QAED,yCAAyC;QACzC,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;QAC1E,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QAEvE,gEAAgE;QAChE,IAAI,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,4CAA4C;YAC5C,IAAI,iBAAiB,EAAE,CAAC;gBACtB,QAAQ,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACzE,CAAC;YAED,6CAA6C;YAC7C,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnD,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;QAED,cAAc;QACd,kBAAkB,CAAC,SAAS,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,oEAAoE;YACpE,uEAAuE;YACvE,8DAA8D;YAC9D,yDAAyD;YACzD,MAAM,kBAAkB,GAAG,iBAAiB,KAAK,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC;YAExE,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,gDAAgD;gBAChD,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;gBACxD,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC;gBACnD,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;gBAChD,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;gBACjD,OAAO,SAAS,CAAC;YACnB,CAAC;YAED,OAAO,eAAe,CAAC;gBACrB,SAAS;gBACT,OAAO;gBACP,OAAO;gBACP,YAAY,EAAQ,SAAS,CAAC,QAAQ,CAAC,GAAG;gBAC1C,iBAAiB,EAAG,KAAK;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,MAAM,EAAE,YAAY,EAAE,WAAW,EAAE,GAAG,mBAAmB,CACvD,QAAQ,EAAE,iBAAiB,aAAjB,iBAAiB,cAAjB,iBAAiB,GAAI,SAAS,CACzC,CAAC;QAEF,sEAAsE;QACtE,oGAAoG;QACpG,OAAO,eAAe,CAAC;YACrB,SAAS;YACT,OAAO;YACP,OAAO;YACP,YAAY;YACZ,WAAW;YACX,YAAY,EAAW,QAAQ,CAAC,QAAQ,CAAC,IAAI;YAC7C,oBAAoB,EAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY;YACrD,iBAAiB,EAAM,KAAK;SAC7B,CAAC,CAAC;IACL,CAAC;CAAA"}

package/dist/esm/connect/wallet.js

@@ -0,0 +1,80 @@
+/**
+ * Wallet connect (Enbox Connect relay) flow.
+ *
+ * Connects to an external wallet via the Enbox Connect relay protocol,
+ * importing a delegated DID with permission grants.
+ * This replaces the "Mode B/C" paths in Enbox.connect().
+ * @module
+ */
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { DEFAULT_DWN_ENDPOINTS } from '../types.js';
+import { registerWithDwnEndpoints } from '../registration.js';
+import { WalletConnect } from '../wallet-connect-client.js';
+import { ensureVaultReady, finalizeDelegateSession, importDelegateAndSetupSync, resolvePassword } from './lifecycle.js';
+// Re-export for backward compatibility — processConnectedGrants moved to lifecycle.ts.
+export { processConnectedGrants } from './lifecycle.js';
+/**
+ * Execute the wallet connect flow.
+ *
+ * 1. Passes the permission requests directly to `WalletConnect.initClient()`.
+ * 2. Imports the delegate DID and processes grants.
+ * 3. Sets up sync and returns an AuthSession.
+ */
+export function walletConnect(ctx, options) {
+    return __awaiter(this, void 0, void 0, function* () {
+        var _a, _b, _c;
+        const { userAgent, emitter, storage } = ctx;
+        const sync = (_a = options.sync) !== null && _a !== void 0 ? _a : ctx.defaultSync;
+        if (sync === 'off') {
+            throw new Error('[@enbox/auth] Sync must be enabled when using wallet connect. ' +
+                'Remove sync: "off" or set an interval like "15s".');
+        }
+        // Ensure the agent is initialized and started before the relay flow.
+        const isFirstLaunch = yield userAgent.firstLaunch();
+        const password = yield resolvePassword(ctx, undefined, isFirstLaunch);
+        yield ensureVaultReady({ userAgent, emitter, password, isFirstLaunch });
+        // Run the Enbox Connect relay flow.
+        const result = yield WalletConnect.initClient({
+            displayName: options.displayName,
+            connectServerUrl: options.connectServerUrl,
+            walletUri: (_b = options.walletUri) !== null && _b !== void 0 ? _b : 'enbox://connect',
+            permissionRequests: options.permissionRequests,
+            onWalletUriReady: options.onWalletUriReady,
+            validatePin: options.validatePin,
+        });
+        if (!result) {
+            throw new Error('[@enbox/auth] Wallet connect flow was cancelled or returned no result.');
+        }
+        // Import delegate DID, process grants, and set up sync.
+        const { delegatePortableDid, connectedDid, delegateGrants } = result;
+        const identity = yield importDelegateAndSetupSync({
+            userAgent, delegatePortableDid, connectedDid, delegateGrants,
+            flowName: 'Wallet connect',
+        });
+        // Register with DWN endpoints (if registration options are provided).
+        if (ctx.registration) {
+            const dwnEndpoints = (_c = ctx.defaultDwnEndpoints) !== null && _c !== void 0 ? _c : DEFAULT_DWN_ENDPOINTS;
+            yield registerWithDwnEndpoints({
+                userAgent,
+                dwnEndpoints,
+                agentDid: userAgent.agentDid.uri,
+                connectedDid,
+                storage,
+            }, ctx.registration);
+        }
+        // Finalize session.
+        return finalizeDelegateSession({
+            userAgent, emitter, storage, identity,
+            connectedDid, delegateDid: delegatePortableDid.uri, sync,
+        });
+    });
+}
+//# sourceMappingURL=wallet.js.map

package/dist/esm/connect/wallet.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../../src/connect/wallet.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;;;;;;;;;;AAMH,OAAO,EAAE,qBAAqB,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,uBAAuB,EAAE,0BAA0B,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAExH,uFAAuF;AACvF,OAAO,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAExD;;;;;;GAMG;AACH,MAAM,UAAgB,aAAa,CACjC,GAAgB,EAChB,OAA6B;;;QAE7B,MAAM,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAA,OAAO,CAAC,IAAI,mCAAI,GAAG,CAAC,WAAW,CAAC;QAE7C,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,gEAAgE;gBAChE,mDAAmD,CACpD,CAAC;QACJ,CAAC;QAED,qEAAqE;QACrE,MAAM,aAAa,GAAG,MAAM,SAAS,CAAC,WAAW,EAAE,CAAC;QACpD,MAAM,QAAQ,GAAG,MAAM,eAAe,CAAC,GAAG,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;QACtE,MAAM,gBAAgB,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC;QAExE,oCAAoC;QACpC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC;YAC5C,WAAW,EAAU,OAAO,CAAC,WAAW;YACxC,gBAAgB,EAAK,OAAO,CAAC,gBAAgB;YAC7C,SAAS,EAAY,MAAA,OAAO,CAAC,SAAS,mCAAI,iBAAiB;YAC3D,kBAAkB,EAAG,OAAO,CAAC,kBAAkB;YAC/C,gBAAgB,EAAK,OAAO,CAAC,gBAAgB;YAC7C,WAAW,EAAU,OAAO,CAAC,WAAW;SACzC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;QAC5F,CAAC;QAED,wDAAwD;QACxD,MAAM,EAAE,mBAAmB,EAAE,YAAY,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;QACrE,MAAM,QAAQ,GAAG,MAAM,0BAA0B,CAAC;YAChD,SAAS,EAAE,mBAAmB,EAAE,YAAY,EAAE,cAAc;YAC5D,QAAQ,EAAE,gBAAgB;SAC3B,CAAC,CAAC;QAEH,sEAAsE;QACtE,IAAI,GAAG,CAAC,YAAY,EAAE,CAAC;YACrB,MAAM,YAAY,GAAG,MAAA,GAAG,CAAC,mBAAmB,mCAAI,qBAAqB,CAAC;YACtE,MAAM,wBAAwB,CAC5B;gBACE,SAAS;gBACT,YAAY;gBACZ,QAAQ,EAAE,SAAS,CAAC,QAAQ,CAAC,GAAG;gBAChC,YAAY;gBACZ,OAAO;aACR,EACD,GAAG,CAAC,YAAY,CACjB,CAAC;QACJ,CAAC;QAED,oBAAoB;QACpB,OAAO,uBAAuB,CAAC;YAC7B,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ;YACrC,YAAY,EAAE,WAAW,EAAE,mBAAmB,CAAC,GAAG,EAAE,IAAI;SACzD,CAAC,CAAC;IACL,CAAC;CAAA"}

package/dist/esm/{flows/dwn-discovery.js → discovery.js}

@@ -35,7 +35,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 import { EnboxRpcClient } from '@enbox/dwn-clients';
 import { buildDwnConnectUrl, localDwnServerName, normalizeBaseUrl, readDwnDiscoveryPayloadFromUrl } from '@enbox/agent';
-import { STORAGE_KEYS } from '../types.js';
+import { STORAGE_KEYS } from './types.js';
 /**
  * Check the current page URL for a `DwnDiscoveryPayload` in the fragment.
  *
@@ -293,4 +293,4 @@ function currentPageUrl() {
     }
     return globalThis.location.href.split('#')[0];
 }
-//# sourceMappingURL=dwn-discovery.js.map
+//# sourceMappingURL=discovery.js.map

package/dist/esm/discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discovery.js","sourceRoot":"","sources":["../../src/discovery.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;;;;;;;;AAIH,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,8BAA8B,EAAE,MAAM,cAAc,CAAC;AAKxH,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C;;;;;;;;;;GAUG;AACH,MAAM,UAAU,8BAA8B;IAC5C,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,8BAA8B,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;IACzE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,kEAAkE;IAClE,qDAAqD;IACrD,IAAI,OAAO,UAAU,CAAC,OAAO,KAAK,WAAW,IAAI,UAAU,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QACjF,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACxD,UAAU,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,QAAQ,CAAC,CAAC;IACtD,CAAC;IAED,OAAO,OAAO,CAAC,QAAQ,CAAC;AAC1B,CAAC;AAED,mEAAmE;AAEnE;;;;;;;;;GASG;AACH,SAAe,0BAA0B,CAAC,QAAgB;;QACxD,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,cAAc,EAAE,CAAC;YACjC,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;YACvD,IAAI,UAAU,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBAC7C,OAAO,UAAU,CAAC;YACpB,CAAC;QACH,CAAC;QAAC,WAAM,CAAC;YACP,oCAAoC;QACtC,CAAC;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;CAAA;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAgB,gBAAgB,CACpC,OAAuB;;QAEvB,yDAAyD;QACzD,MAAM,aAAa,GAAG,8BAA8B,EAAE,CAAC;QACvD,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,SAAS,GAAG,MAAM,0BAA0B,CAAC,aAAa,CAAC,CAAC;YAClE,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,uBAAuB,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;gBAClD,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,uEAAuE;QACzE,CAAC;QAED,yDAAyD;QACzD,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;QAClE,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,SAAS,GAAG,MAAM,0BAA0B,CAAC,MAAM,CAAC,CAAC;YAC3D,IAAI,SAAS,EAAE,CAAC;gBACd,OAAO,SAAS,CAAC;YACnB,CAAC;YACD,oCAAoC;YACpC,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;GAKG;AACH,MAAM,UAAgB,uBAAuB,CAC3C,OAAuB,EACvB,QAAgB;;QAEhB,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;CAAA;AAED;;;;;;;GAOG;AACH,MAAM,UAAgB,qBAAqB,CACzC,OAAuB;;QAEvB,MAAM,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;IACxD,CAAC;CAAA;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAgB,uBAAuB,CAC3C,KAAqB,EACrB,OAAuB;;QAEvB,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,QAAQ,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,4DAA4D;YAC5D,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAgB,sBAAsB,CAC1C,KAAqB,EACrB,OAAuB,EACvB,OAA0B;;QAE1B,kFAAkF;QAClF,MAAM,aAAa,GAAG,8BAA8B,EAAE,CAAC;QAEvD,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,yBAAyB,CAAC,aAAa,CAAC,CAAC;YAC1E,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,uBAAuB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;gBACtD,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,CAAC,CAAC;gBAClE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,yEAAyE;QAC3E,CAAC;QAED,sCAAsC;QACtC,MAAM,QAAQ,GAAG,MAAM,uBAAuB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QAE/D,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC;YACpE,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;YACrD,CAAC;QACH,CAAC;aAAM,CAAC;YACN,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAC,uBAAuB,EAAE,EAAE,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC;CAAA;AAED,mEAAmE;AAEnE;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,wBAAwB,CAAC,WAAoB;IAC3D,MAAM,gBAAgB,GAAG,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,cAAc,EAAE,CAAC;IACzD,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,WAAW,GAAG,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;IAEzD,mEAAmE;IACnE,mEAAmE;IACnE,8BAA8B;IAC9B,IAAI,OAAO,UAAU,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC1C,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8DAA8D;IAC9D,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC/C,UAAU,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,mEAAmE;AAEnE,wEAAwE;AACxE,SAAS,cAAc;IACrB,IAAI,OAAO,UAAU,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC/C,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC"}

package/dist/esm/index.js

@@ -5,30 +5,23 @@
  * in both browser and CLI environments. Depends only on `@enbox/agent`
  * and can be used standalone or consumed by `@enbox/api`.
  *
- * @example Standalone auth
+ * @example Standalone auth (wallet app)
  * ```ts
  * import { AuthManager } from '@enbox/auth';
  *
  * const auth = await AuthManager.create({ sync: '15s' });
- * const session = await auth.restoreSession() ?? await auth.connect();
- *
- * // session.agent — the authenticated Enbox agent
- * // session.did   — the connected DID URI
+ * const session = await auth.connectLocal({ password: userPin });
  * ```
  *
- * @example With @enbox/api
+ * @example Dapp with browser connect handler
  * ```ts
  * import { AuthManager } from '@enbox/auth';
- * import { Enbox } from '@enbox/api';
- *
- * const auth = await AuthManager.create({ sync: '15s' });
- * const session = await auth.connect();
+ * import { BrowserConnectHandler } from '@enbox/browser';
  *
- * const enbox = Enbox.connect({
- *   agent: session.agent,
- *   connectedDid: session.did,
- *   delegateDid: session.delegateDid,
+ * const auth = await AuthManager.create({
+ *   connectHandler: BrowserConnectHandler(),
  * });
+ * const session = await auth.connect({ protocols: [NotesProtocol] });
  * ```
  *
  * @packageDocumentation
@@ -36,19 +29,20 @@
 // Core classes
 export { AuthManager } from './auth-manager.js';
 export { AuthSession } from './identity-session.js';
-export { VaultManager } from './vault/vault-manager.js';
 export { AuthEventEmitter } from './events.js';
 // Password providers
 export { PasswordProvider } from './password-provider.js';
 // Re-export agent classes so consumers can construct custom agents/vaults
 // without a direct @enbox/agent dependency.
 export { EnboxUserAgent, HdIdentityVault } from '@enbox/agent';
-// Wallet-connect helpers
-export { processConnectedGrants } from './flows/wallet-connect.js';
+// Connect helpers
+export { processConnectedGrants } from './connect/wallet.js';
+export { normalizeProtocolRequests } from './permissions.js';
+export { WalletConnect } from './wallet-connect-client.js';
 // Registration token storage helpers
-export { loadTokensFromStorage, saveTokensToStorage } from './flows/dwn-registration.js';
+export { loadTokensFromStorage, saveTokensToStorage } from './registration.js';
 // Local DWN discovery (browser dwn:// protocol integration)
-export { applyLocalDwnDiscovery, checkUrlForDwnDiscoveryPayload, clearLocalDwnEndpoint, discoverLocalDwn, persistLocalDwnEndpoint, requestLocalDwnDiscovery, restoreLocalDwnEndpoint, } from './flows/dwn-discovery.js';
+export { applyLocalDwnDiscovery, checkUrlForDwnDiscoveryPayload, clearLocalDwnEndpoint, discoverLocalDwn, persistLocalDwnEndpoint, requestLocalDwnDiscovery, restoreLocalDwnEndpoint, } from './discovery.js';
 // Storage adapters
 export { BrowserStorage, LevelStorage, MemoryStorage, createDefaultStorage } from './storage/storage.js';
 //# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAEH,eAAe;AACf,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,qBAAqB;AACrB,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,0EAA0E;AAC1E,4CAA4C;AAC5C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/D,yBAAyB;AACzB,OAAO,EAAE,sBAAsB,EAAE,MAAM,2BAA2B,CAAC;AAEnE,qCAAqC;AACrC,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAEzF,4DAA4D;AAC5D,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,0BAA0B,CAAC;AAElC,mBAAmB;AACnB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,eAAe;AACf,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,qBAAqB;AACrB,OAAO,EAAE,gBAAgB,EAAE,MAAM,wBAAwB,CAAC;AAG1D,0EAA0E;AAC1E,4CAA4C;AAC5C,OAAO,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/D,kBAAkB;AAClB,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,yBAAyB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAG3D,qCAAqC;AACrC,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAE/E,4DAA4D;AAC5D,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,qBAAqB,EACrB,gBAAgB,EAChB,uBAAuB,EACvB,wBAAwB,EACxB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC;AAExB,mBAAmB;AACnB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,aAAa,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/esm/permissions.js

@@ -0,0 +1,41 @@
+/**
+ * Permission request normalization utilities.
+ *
+ * Converts simplified `ProtocolRequest` entries (just a protocol definition
+ * or `{ definition, permissions }`) into agent-level `ConnectPermissionRequest`
+ * objects used by connect handlers.
+ *
+ * @module
+ * @internal
+ */
+import { DEFAULT_PERMISSIONS } from './types.js';
+import { WalletConnect } from './wallet-connect-client.js';
+/**
+ * Normalize simplified `ProtocolRequest[]` into agent-level
+ * `ConnectPermissionRequest[]`.
+ */
+export function normalizeProtocolRequests(protocols) {
+    if (!protocols || protocols.length === 0) {
+        return [];
+    }
+    return protocols.map((entry) => {
+        let definition;
+        let permissions;
+        if ('protocol' in entry && 'types' in entry && 'structure' in entry) {
+            // Bare protocol definition — use default permissions.
+            definition = entry;
+            permissions = [...DEFAULT_PERMISSIONS];
+        }
+        else {
+            // Object with explicit permissions.
+            const explicit = entry;
+            definition = explicit.definition;
+            permissions = explicit.permissions;
+        }
+        return WalletConnect.createPermissionRequestForProtocol({
+            definition,
+            permissions: permissions,
+        });
+    });
+}
+//# sourceMappingURL=permissions.js.map

package/dist/esm/permissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"permissions.js","sourceRoot":"","sources":["../../src/permissions.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH,OAAO,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AACjD,OAAO,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAE3D;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CACvC,SAAwC;IAExC,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAAC,OAAO,EAAE,CAAC;IAAC,CAAC;IAExD,OAAO,SAAS,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QAC7B,IAAI,UAAiC,CAAC;QACtC,IAAI,WAAqB,CAAC;QAE1B,IAAI,UAAU,IAAI,KAAK,IAAI,OAAO,IAAI,KAAK,IAAI,WAAW,IAAI,KAAK,EAAE,CAAC;YACpE,sDAAsD;YACtD,UAAU,GAAG,KAA8B,CAAC;YAC5C,WAAW,GAAG,CAAC,GAAG,mBAAmB,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,MAAM,QAAQ,GAAG,KAAqE,CAAC;YACvF,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAC;YACjC,WAAW,GAAG,QAAQ,CAAC,WAAW,CAAC;QACrC,CAAC;QAED,OAAO,aAAa,CAAC,kCAAkC,CAAC;YACtD,UAAU;YACV,WAAW,EAAE,WAAoG;SAClH,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/esm/{flows/dwn-registration.js → registration.js}

@@ -20,7 +20,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
     });
 };
 import { DwnRegistrar } from '@enbox/dwn-clients';
-import { STORAGE_KEYS } from '../types.js';
+import { STORAGE_KEYS } from './types.js';
 /**
  * Register the agent and connected DIDs with the configured DWN endpoints.
  *
@@ -165,4 +165,4 @@ export function saveTokensToStorage(storage, tokens) {
         yield storage.set(STORAGE_KEYS.REGISTRATION_TOKENS, JSON.stringify(tokens));
     });
 }
-//# sourceMappingURL=dwn-registration.js.map
+//# sourceMappingURL=registration.js.map

package/dist/esm/registration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registration.js","sourceRoot":"","sources":["../../src/registration.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;;;;;;;;;;AAIH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA6B1C;;;;;;;;;;;GAWG;AACH,MAAM,UAAgB,wBAAwB,CAC5C,GAAwB,EACxB,YAAiC;;;QAEjC,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;QAEzE,wEAAwE;QACxE,8EAA8E;QAC9E,IAAI,UAAU,GAA0C,EAAE,CAAC;QAE3D,IAAI,YAAY,CAAC,aAAa,IAAI,OAAO,EAAE,CAAC;YAC1C,UAAU,GAAG,MAAM,qBAAqB,CAAC,OAAO,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,MAAA,YAAY,CAAC,kBAAkB,mCAAI,EAAE,CAAC;QACrD,CAAC;QAED,MAAM,aAAa,qBAA+C,UAAU,CAAE,CAAC;QAE/E,IAAI,CAAC;YACH,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE,CAAC;gBACvC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,GAAG,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC;gBAElE,IAAI,UAAU,CAAC,wBAAwB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACrD,SAAS;gBACX,CAAC;gBAED,gCAAgC;gBAChC,MAAM,cAAc,GAAG,CAAC,QAAQ,EAAE,YAAY,CAAC;qBAC5C,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAiB,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC;gBAElE,MAAM,eAAe,GACnB,UAAU,CAAC,wBAAwB,CAAC,QAAQ,CAAC,kBAAkB,CAAC;uBAC7D,UAAU,CAAC,YAAY,KAAK,SAAS,CAAC;gBAE3C,IAAI,eAAe,IAAI,YAAY,CAAC,sBAAsB,EAAE,CAAC;oBAC3D,6BAA6B;oBAC7B,IAAI,SAAS,GAAG,aAAa,CAAC,WAAW,CAAsC,CAAC;oBAEhF,0BAA0B;oBAC1B,IAAI,CAAA,SAAS,aAAT,SAAS,uBAAT,SAAS,CAAE,SAAS,MAAK,SAAS,IAAI,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;wBAC3E,IAAI,SAAS,CAAC,UAAU,IAAI,SAAS,CAAC,YAAY,EAAE,CAAC;4BACnD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,wBAAwB,CAC3D,SAAS,CAAC,UAAU,EAAE,SAAS,CAAC,YAAY,CAC7C,CAAC;4BACF,SAAS,GAAG;gCACV,iBAAiB,EAAG,SAAS,CAAC,iBAAiB;gCAC/C,YAAY,EAAQ,SAAS,CAAC,YAAY;gCAC1C,SAAS,EAAW,SAAS,CAAC,SAAS,KAAK,SAAS;oCACnD,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,SAAS,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;gCACzD,QAAQ,EAAK,SAAS,CAAC,QAAQ;gCAC/B,UAAU,EAAG,SAAS,CAAC,UAAU;6BAClC,CAAC;4BACF,aAAa,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;wBACzC,CAAC;6BAAM,CAAC;4BACN,SAAS,GAAG,SAAS,CAAC;wBACxB,CAAC;oBACH,CAAC;oBAED,8CAA8C;oBAC9C,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;wBAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;wBAClC,MAAM,YAAY,GAAG,UAAU,CAAC,YAAa,CAAC;wBAC9C,MAAM,SAAS,GAAG,YAAY,CAAC,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;wBACtE,MAAM,YAAY,GAAG,GAAG,YAAY,CAAC,YAAY,GAAG,SAAS,EAAE;8BAC3D,gBAAgB,kBAAkB,CAAC,WAAW,CAAC,EAAE;8BACjD,UAAU,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC;wBAE1C,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,sBAAsB,CAAC;4BAC3D,YAAY;4BACZ,WAAW;4BACX,KAAK;yBACN,CAAC,CAAC;wBAEH,IAAI,UAAU,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;4BAC/B,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;wBAC/E,CAAC;wBAED,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,gBAAgB,CACvD,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,IAAI,EAAE,WAAW,CACpD,CAAC;wBAEF,SAAS,GAAG;4BACV,iBAAiB,EAAG,aAAa,CAAC,iBAAiB;4BACnD,YAAY,EAAQ,aAAa,CAAC,YAAY;4BAC9C,SAAS,EAAW,aAAa,CAAC,SAAS,KAAK,SAAS;gCACvD,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;4BAC7D,QAAQ,EAAK,YAAY,CAAC,QAAQ;4BAClC,UAAU,EAAG,YAAY,CAAC,UAAU;yBACrC,CAAC;wBACF,aAAa,CAAC,WAAW,CAAC,GAAG,SAAS,CAAC;oBACzC,CAAC;oBAED,mDAAmD;oBACnD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;wBACjC,MAAM,YAAY,CAAC,uBAAuB,CACxC,WAAW,EAAE,GAAG,EAAE,SAAS,CAAC,iBAAiB,CAC9C,CAAC;oBACJ,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,oDAAoD;oBACpD,KAAK,MAAM,GAAG,IAAI,cAAc,EAAE,CAAC;wBACjC,MAAM,YAAY,CAAC,cAAc,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;oBACtD,CAAC;gBACH,CAAC;YACH,CAAC;YAED,8DAA8D;YAC9D,IAAI,YAAY,CAAC,aAAa,IAAI,OAAO,EAAE,CAAC;gBAC1C,MAAM,mBAAmB,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;YACpD,CAAC;YAED,oEAAoE;YACpE,IAAI,YAAY,CAAC,oBAAoB,EAAE,CAAC;gBACtC,YAAY,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC;YACnD,CAAC;YAED,YAAY,CAAC,SAAS,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,YAAY,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAChC,CAAC;IACH,CAAC;CAAA;AAED,qEAAqE;AAErE;;;;;;;GAOG;AACH,MAAM,UAAgB,qBAAqB,CACzC,OAAuB;;QAEvB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,mBAAmB,CAAC,CAAC;YAChE,IAAI,CAAC,GAAG,EAAE,CAAC;gBAAC,OAAO,EAAE,CAAC;YAAC,CAAC;YACxB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAA0C,CAAC;QAClE,CAAC;QAAC,WAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;CAAA;AAED;;;GAGG;AACH,MAAM,UAAgB,mBAAmB,CACvC,OAAuB,EACvB,MAA6C;;QAE7C,MAAM,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,mBAAmB,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,CAAC;CAAA"}

package/dist/esm/types.js

@@ -2,9 +2,13 @@
  * @module @enbox/auth
  * Public types for the authentication and identity management SDK.
  */
+/** Default permissions granted when only a protocol definition is provided. */
+export const DEFAULT_PERMISSIONS = ['read', 'write', 'query', 'subscribe'];
 // ─── Internal helpers ────────────────────────────────────────────
 /** The insecure default password used when none is provided. */
 export const INSECURE_DEFAULT_PASSWORD = 'insecure-static-phrase';
+/** Default DWN endpoints for new identities when none are configured. */
+export const DEFAULT_DWN_ENDPOINTS = ['https://enbox-dwn.fly.dev'];
 /**
  * Storage keys used by the auth manager for session persistence.
  * @internal

package/dist/esm/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AA0cH,oEAAoE;AAEpE,gEAAgE;AAChE,MAAM,CAAC,MAAM,yBAAyB,GAAG,wBAAwB,CAAC;AAElE;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,oDAAoD;IACpD,oBAAoB,EAAE,gCAAgC;IAEtD,+CAA+C;IAC/C,eAAe,EAAE,2BAA2B;IAE5C,4DAA4D;IAC5D,YAAY,EAAE,wBAAwB;IAEtC,yDAAyD;IACzD,aAAa,EAAE,yBAAyB;IAExC;;;;;;OAMG;IACH,kBAAkB,EAAE,6BAA6B;IAEjD;;;;;;OAMG;IACH,mBAAmB,EAAE,+BAA+B;CAC5C,CAAC"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAqaH,+EAA+E;AAC/E,MAAM,CAAC,MAAM,mBAAmB,GAAiB,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;AAwMzF,oEAAoE;AAEpE,gEAAgE;AAChE,MAAM,CAAC,MAAM,yBAAyB,GAAG,wBAAwB,CAAC;AAElE,yEAAyE;AACzE,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,2BAA2B,CAAC,CAAC;AAEnE;;;GAGG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,oDAAoD;IACpD,oBAAoB,EAAE,gCAAgC;IAEtD,+CAA+C;IAC/C,eAAe,EAAE,2BAA2B;IAE5C,4DAA4D;IAC5D,YAAY,EAAE,wBAAwB;IAEtC,yDAAyD;IACzD,aAAa,EAAE,yBAAyB;IAExC;;;;;;OAMG;IACH,kBAAkB,EAAE,6BAA6B;IAEjD;;;;;;OAMG;IACH,mBAAmB,EAAE,+BAA+B;CAC5C,CAAC"}