@enbox/dwn-sdk-js 0.0.1

package/dist/types/src/core/dwn-error.d.ts

@@ -0,0 +1,164 @@
+/**
+ * A class that represents a DWN error.
+ */
+export declare class DwnError extends Error {
+    code: string;
+    constructor(code: string, message: string);
+}
+/**
+ * DWN SDK error codes.
+ */
+export declare enum DwnErrorCode {
+    AuthenticateJwsMissing = "AuthenticateJwsMissing",
+    AuthenticateDescriptorCidMismatch = "AuthenticateDescriptorCidMismatch",
+    AuthenticationMoreThanOneSignatureNotSupported = "AuthenticationMoreThanOneSignatureNotSupported",
+    AuthorizationNotGrantedToAuthor = "AuthorizationNotGrantedToAuthor",
+    ComputeCidCodecNotSupported = "ComputeCidCodecNotSupported",
+    ComputeCidMultihashNotSupported = "ComputeCidMultihashNotSupported",
+    Ed25519InvalidJwk = "Ed25519InvalidJwk",
+    EventEmitterStreamNotOpenError = "EventEmitterStreamNotOpenError",
+    MessagesGrantAuthorizationMismatchedProtocol = "EventsGrantAuthorizationMismatchedProtocol",
+    MessagesSubscribeAuthorizationFailed = "MessagesSubscribeAuthorizationFailed",
+    MessagesSubscribeEventStreamUnimplemented = "MessagesSubscribeEventStreamUnimplemented",
+    GeneralJwsVerifierGetPublicKeyNotFound = "GeneralJwsVerifierGetPublicKeyNotFound",
+    GeneralJwsVerifierInvalidSignature = "GeneralJwsVerifierInvalidSignature",
+    GrantAuthorizationGrantExpired = "GrantAuthorizationGrantExpired",
+    GrantAuthorizationGrantMissing = "GrantAuthorizationGrantMissing",
+    GrantAuthorizationGrantRevoked = "GrantAuthorizationGrantRevoked",
+    GrantAuthorizationInterfaceMismatch = "GrantAuthorizationInterfaceMismatch",
+    GrantAuthorizationMethodMismatch = "GrantAuthorizationMethodMismatch",
+    GrantAuthorizationNotGrantedForTenant = "GrantAuthorizationNotGrantedForTenant",
+    GrantAuthorizationNotGrantedToAuthor = "GrantAuthorizationNotGrantedToAuthor",
+    GrantAuthorizationGrantNotYetActive = "GrantAuthorizationGrantNotYetActive",
+    HdKeyDerivationPathInvalid = "HdKeyDerivationPathInvalid",
+    JwsVerifySignatureUnsupportedCrv = "JwsVerifySignatureUnsupportedCrv",
+    IndexInvalidCursorValueType = "IndexInvalidCursorValueType",
+    IndexInvalidCursorSortProperty = "IndexInvalidCursorSortProperty",
+    IndexInvalidSortPropertyInMemory = "IndexInvalidSortPropertyInMemory",
+    IndexMissingIndexableProperty = "IndexMissingIndexableProperty",
+    JwsDecodePlainObjectPayloadInvalid = "JwsDecodePlainObjectPayloadInvalid",
+    MessagesReadInvalidCid = "MessagesReadInvalidCid",
+    MessagesReadAuthorizationFailed = "MessagesReadAuthorizationFailed",
+    MessageGetInvalidCid = "MessageGetInvalidCid",
+    MessagesQueryAuthorizationFailed = "MessagesQueryAuthorizationFailed",
+    MessagesReadVerifyScopeFailed = "MessagesReadVerifyScopeFailed",
+    ParseCidCodecNotSupported = "ParseCidCodecNotSupported",
+    ParseCidMultihashNotSupported = "ParseCidMultihashNotSupported",
+    PermissionsProtocolCreateGrantRecordsScopeMissingProtocol = "PermissionsProtocolCreateGrantRecordsScopeMissingProtocol",
+    PermissionsProtocolCreateRequestRecordsScopeMissingProtocol = "PermissionsProtocolCreateRequestRecordsScopeMissingProtocol",
+    PermissionsProtocolGetScopeInvalidProtocol = "PermissionsProtocolGetScopeInvalidProtocol",
+    PermissionsProtocolValidateSchemaUnexpectedRecord = "PermissionsProtocolValidateSchemaUnexpectedRecord",
+    PermissionsProtocolValidateScopeContextIdProhibitedProperties = "PermissionsProtocolValidateScopeContextIdProhibitedProperties",
+    PermissionsProtocolValidateScopeProtocolMismatch = "PermissionsProtocolValidateScopeProtocolMismatch",
+    PermissionsProtocolValidateScopeMissingProtocolTag = "PermissionsProtocolValidateScopeMissingProtocolTag",
+    PermissionsProtocolValidateRevocationProtocolTagMismatch = "PermissionsProtocolValidateRevocationProtocolTagMismatch",
+    PrivateKeySignerUnableToDeduceAlgorithm = "PrivateKeySignerUnableToDeduceAlgorithm",
+    PrivateKeySignerUnableToDeduceKeyId = "PrivateKeySignerUnableToDeduceKeyId",
+    PrivateKeySignerUnsupportedCurve = "PrivateKeySignerUnsupportedCurve",
+    ProtocolAuthorizationActionNotAllowed = "ProtocolAuthorizationActionNotAllowed",
+    ProtocolAuthorizationActionRulesNotFound = "ProtocolAuthorizationActionRulesNotFound",
+    ProtocolAuthorizationIncorrectDataFormat = "ProtocolAuthorizationIncorrectDataFormat",
+    ProtocolAuthorizationIncorrectContextId = "ProtocolAuthorizationIncorrectContextId",
+    ProtocolAuthorizationIncorrectProtocolPath = "ProtocolAuthorizationIncorrectProtocolPath",
+    ProtocolAuthorizationDuplicateRoleRecipient = "ProtocolAuthorizationDuplicateRoleRecipient",
+    ProtocolAuthorizationInvalidSchema = "ProtocolAuthorizationInvalidSchema",
+    ProtocolAuthorizationInvalidType = "ProtocolAuthorizationInvalidType",
+    ProtocolAuthorizationMatchingRoleRecordNotFound = "ProtocolAuthorizationMatchingRoleRecordNotFound",
+    ProtocolAuthorizationMaxSizeInvalid = "ProtocolAuthorizationMaxSizeInvalid",
+    ProtocolAuthorizationMinSizeInvalid = "ProtocolAuthorizationMinSizeInvalid",
+    ProtocolAuthorizationMissingContextId = "ProtocolAuthorizationMissingContextId",
+    ProtocolAuthorizationMissingRuleSet = "ProtocolAuthorizationMissingRuleSet",
+    ProtocolAuthorizationParentlessIncorrectProtocolPath = "ProtocolAuthorizationParentlessIncorrectProtocolPath",
+    ProtocolAuthorizationNotARole = "ProtocolAuthorizationNotARole",
+    ProtocolAuthorizationParentNotFoundConstructingRecordChain = "ProtocolAuthorizationParentNotFoundConstructingRecordChain",
+    ProtocolAuthorizationProtocolNotFound = "ProtocolAuthorizationProtocolNotFound",
+    ProtocolAuthorizationRoleMissingRecipient = "ProtocolAuthorizationRoleMissingRecipient",
+    ProtocolAuthorizationTagsInvalidSchema = "ProtocolAuthorizationTagsInvalidSchema",
+    ProtocolsConfigureAuthorizationFailed = "ProtocolsConfigureAuthorizationFailed",
+    ProtocolsConfigureDuplicateActorInRuleSet = "ProtocolsConfigureDuplicateActorInRuleSet",
+    ProtocolsConfigureDuplicateRoleInRuleSet = "ProtocolsConfigureDuplicateRoleInRuleSet",
+    ProtocolsConfigureInvalidSize = "ProtocolsConfigureInvalidSize",
+    ProtocolsConfigureInvalidActionMissingOf = "ProtocolsConfigureInvalidActionMissingOf",
+    ProtocolsConfigureInvalidActionOfNotAllowed = "ProtocolsConfigureInvalidActionOfNotAllowed",
+    ProtocolsConfigureInvalidActionDeleteWithoutCreate = "ProtocolsConfigureInvalidActionDeleteWithoutCreate",
+    ProtocolsConfigureInvalidActionUpdateWithoutCreate = "ProtocolsConfigureInvalidActionUpdateWithoutCreate",
+    ProtocolsConfigureInvalidRecipientOfAction = "ProtocolsConfigureInvalidRecipientOfAction",
+    ProtocolsConfigureInvalidRuleSetRecordType = "ProtocolsConfigureInvalidRuleSetRecordType",
+    ProtocolsConfigureInvalidTagSchema = "ProtocolsConfigureInvalidTagSchema",
+    ProtocolsConfigureRecordNestingDepthExceeded = "ProtocolsConfigureRecordNestingDepthExceeded",
+    ProtocolsConfigureRoleDoesNotExistAtGivenPath = "ProtocolsConfigureRoleDoesNotExistAtGivenPath",
+    ProtocolsConfigureRoleReadActionMissing = "ProtocolsConfigureRoleReadActionMissing",
+    ProtocolsGrantAuthorizationQueryProtocolScopeMismatch = "ProtocolsGrantAuthorizationQueryProtocolScopeMismatch",
+    ProtocolsGrantAuthorizationScopeProtocolMismatch = "ProtocolsGrantAuthorizationScopeProtocolMismatch",
+    ProtocolsQueryUnauthorized = "ProtocolsQueryUnauthorized",
+    RecordsAuthorDelegatedGrantAndIdExistenceMismatch = "RecordsAuthorDelegatedGrantAndIdExistenceMismatch",
+    RecordsAuthorDelegatedGrantCidMismatch = "RecordsAuthorDelegatedGrantCidMismatch",
+    RecordsAuthorDelegatedGrantGrantedToAndOwnerSignatureMismatch = "RecordsAuthorDelegatedGrantGrantedToAndOwnerSignatureMismatch",
+    RecordsAuthorDelegatedGrantNotADelegatedGrant = "RecordsAuthorDelegatedGrantNotADelegatedGrant",
+    RecordsDecryptNoMatchingKeyEncryptedFound = "RecordsDecryptNoMatchingKeyEncryptedFound",
+    RecordsDeleteAuthorizationFailed = "RecordsDeleteAuthorizationFailed",
+    RecordsQueryCreateFilterPublishedSortInvalid = "RecordsQueryCreateFilterPublishedSortInvalid",
+    RecordsQueryParseFilterPublishedSortInvalid = "RecordsQueryParseFilterPublishedSortInvalid",
+    RecordsGrantAuthorizationConditionPublicationProhibited = "RecordsGrantAuthorizationConditionPublicationProhibited",
+    RecordsGrantAuthorizationConditionPublicationRequired = "RecordsGrantAuthorizationConditionPublicationRequired",
+    RecordsGrantAuthorizationDeleteProtocolScopeMismatch = "RecordsGrantAuthorizationDeleteProtocolScopeMismatch",
+    RecordsGrantAuthorizationQueryOrSubscribeProtocolScopeMismatch = "RecordsGrantAuthorizationQueryOrSubscribeProtocolScopeMismatch",
+    RecordsGrantAuthorizationScopeContextIdMismatch = "RecordsGrantAuthorizationScopeContextIdMismatch",
+    RecordsGrantAuthorizationScopeProtocolMismatch = "RecordsGrantAuthorizationScopeProtocolMismatch",
+    RecordsGrantAuthorizationScopeProtocolPathMismatch = "RecordsGrantAuthorizationScopeProtocolPathMismatch",
+    RecordsDerivePrivateKeyUnSupportedCurve = "RecordsDerivePrivateKeyUnSupportedCurve",
+    RecordsInvalidAncestorKeyDerivationSegment = "RecordsInvalidAncestorKeyDerivationSegment",
+    RecordsOwnerDelegatedGrantAndIdExistenceMismatch = "RecordsOwnerDelegatedGrantAndIdExistenceMismatch",
+    RecordsOwnerDelegatedGrantCidMismatch = "RecordsOwnerDelegatedGrantCidMismatch",
+    RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch = "RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch",
+    RecordsOwnerDelegatedGrantNotADelegatedGrant = "RecordsOwnerDelegatedGrantNotADelegatedGrant",
+    RecordsProtocolContextDerivationSchemeMissingContextId = "RecordsProtocolContextDerivationSchemeMissingContextId",
+    RecordsProtocolPathDerivationSchemeMissingProtocol = "RecordsProtocolPathDerivationSchemeMissingProtocol",
+    RecordsQueryFilterMissingRequiredProperties = "RecordsQueryFilterMissingRequiredProperties",
+    RecordsReadReturnedMultiple = "RecordsReadReturnedMultiple",
+    RecordsReadAuthorizationFailed = "RecordsReadAuthorizationFailed",
+    RecordsSubscribeEventStreamUnimplemented = "RecordsSubscribeEventStreamUnimplemented",
+    RecordsSubscribeFilterMissingRequiredProperties = "RecordsSubscribeFilterMissingRequiredProperties",
+    RecordsSchemasDerivationSchemeMissingSchema = "RecordsSchemasDerivationSchemeMissingSchema",
+    RecordsWriteAttestationIntegrityMoreThanOneSignature = "RecordsWriteAttestationIntegrityMoreThanOneSignature",
+    RecordsWriteAttestationIntegrityDescriptorCidMismatch = "RecordsWriteAttestationIntegrityDescriptorCidMismatch",
+    RecordsWriteAttestationIntegrityInvalidPayloadProperty = "RecordsWriteAttestationIntegrityInvalidPayloadProperty",
+    RecordsWriteAuthorizationFailed = "RecordsWriteAuthorizationFailed",
+    RecordsWriteCreateMissingSigner = "RecordsWriteCreateMissingSigner",
+    RecordsWriteCreateDataAndDataCidMutuallyExclusive = "RecordsWriteCreateDataAndDataCidMutuallyExclusive",
+    RecordsWriteCreateDataCidAndDataSizeMutuallyInclusive = "RecordsWriteCreateDataCidAndDataSizeMutuallyInclusive",
+    RecordsWriteCreateProtocolAndProtocolPathMutuallyInclusive = "RecordsWriteCreateProtocolAndProtocolPathMutuallyInclusive",
+    RecordsWriteDataCidMismatch = "RecordsWriteDataCidMismatch",
+    RecordsWriteDataSizeMismatch = "RecordsWriteDataSizeMismatch",
+    RecordsWriteGetEntryIdUndefinedAuthor = "RecordsWriteGetEntryIdUndefinedAuthor",
+    RecordsWriteGetNewestWriteRecordNotFound = "RecordsWriteGetNewestWriteRecordNotFound",
+    RecordsWriteGetInitialWriteNotFound = "RecordsWriteGetInitialWriteNotFound",
+    RecordsWriteImmutablePropertyChanged = "RecordsWriteImmutablePropertyChanged",
+    RecordsWriteMissingSigner = "RecordsWriteMissingSigner",
+    RecordsWriteMissingDataInPrevious = "RecordsWriteMissingDataInPrevious",
+    RecordsWriteMissingEncodedDataInPrevious = "RecordsWriteMissingEncodedDataInPrevious",
+    RecordsWriteMissingProtocol = "RecordsWriteMissingProtocol",
+    RecordsWriteMissingSchema = "RecordsWriteMissingSchema",
+    RecordsWriteNotAllowedAfterDelete = "RecordsWriteNotAllowedAfterDelete",
+    RecordsWriteOwnerAndTenantMismatch = "RecordsWriteOwnerAndTenantMismatch",
+    RecordsWriteSignAsOwnerDelegateUnknownAuthor = "RecordsWriteSignAsOwnerDelegateUnknownAuthor",
+    RecordsWriteSignAsOwnerUnknownAuthor = "RecordsWriteSignAsOwnerUnknownAuthor",
+    RecordsWriteValidateIntegrityAttestationMismatch = "RecordsWriteValidateIntegrityAttestationMismatch",
+    RecordsWriteValidateIntegrityContextIdMismatch = "RecordsWriteValidateIntegrityContextIdMismatch",
+    RecordsWriteValidateIntegrityContextIdNotInSignerSignaturePayload = "RecordsWriteValidateIntegrityContextIdNotInSignerSignaturePayload",
+    RecordsWriteValidateIntegrityDateCreatedMismatch = "RecordsWriteValidateIntegrityDateCreatedMismatch",
+    RecordsWriteValidateIntegrityEncryptionCidMismatch = "RecordsWriteValidateIntegrityEncryptionCidMismatch",
+    RecordsWriteValidateIntegrityRecordIdUnauthorized = "RecordsWriteValidateIntegrityRecordIdUnauthorized",
+    SchemaValidatorAdditionalPropertyNotAllowed = "SchemaValidatorAdditionalPropertyNotAllowed",
+    SchemaValidatorFailure = "SchemaValidatorFailure",
+    SchemaValidatorSchemaNotFound = "SchemaValidatorSchemaNotFound",
+    SchemaValidatorUnevaluatedPropertyNotAllowed = "SchemaValidatorUnevaluatedPropertyNotAllowed",
+    Secp256k1KeyNotValid = "Secp256k1KeyNotValid",
+    Secp256r1KeyNotValid = "Secp256r1KeyNotValid",
+    TimestampInvalid = "TimestampInvalid",
+    UrlProtocolNotNormalized = "UrlProtocolNotNormalized",
+    UrlProtocolNotNormalizable = "UrlProtocolNotNormalizable",
+    UrlSchemaNotNormalized = "UrlSchemaNotNormalized",
+    RecordsReadInitialWriteNotFound = "RecordsReadInitialWriteNotFound"
+}
+//# sourceMappingURL=dwn-error.d.ts.map

package/dist/types/src/core/dwn-error.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dwn-error.d.ts","sourceRoot":"","sources":["../../../../src/core/dwn-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,QAAS,SAAQ,KAAK;IACb,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAKlD;AAED;;GAEG;AACH,oBAAY,YAAY;IACtB,sBAAsB,2BAA2B;IACjD,iCAAiC,sCAAsC;IACvE,8CAA8C,mDAAmD;IACjG,+BAA+B,oCAAoC;IACnE,2BAA2B,gCAAgC;IAC3D,+BAA+B,oCAAoC;IACnE,iBAAiB,sBAAsB;IACvC,8BAA8B,mCAAmC;IACjE,4CAA4C,+CAA+C;IAC3F,oCAAoC,yCAAyC;IAC7E,yCAAyC,8CAA8C;IACvF,sCAAsC,2CAA2C;IACjF,kCAAkC,uCAAuC;IACzE,8BAA8B,mCAAmC;IACjE,8BAA8B,mCAAmC;IACjE,8BAA8B,mCAAmC;IACjE,mCAAmC,wCAAwC;IAC3E,gCAAgC,qCAAqC;IACrE,qCAAqC,0CAA0C;IAC/E,oCAAoC,yCAAyC;IAC7E,mCAAmC,wCAAwC;IAC3E,0BAA0B,+BAA+B;IACzD,gCAAgC,qCAAqC;IACrE,2BAA2B,gCAAgC;IAC3D,8BAA8B,mCAAmC;IACjE,gCAAgC,qCAAqC;IACrE,6BAA6B,kCAAkC;IAC/D,kCAAkC,uCAAuC;IACzE,sBAAsB,2BAA2B;IACjD,+BAA+B,oCAAoC;IACnE,oBAAoB,yBAAyB;IAC7C,gCAAgC,qCAAqC;IACrE,6BAA6B,kCAAkC;IAC/D,yBAAyB,8BAA8B;IACvD,6BAA6B,kCAAkC;IAC/D,yDAAyD,8DAA8D;IACvH,2DAA2D,gEAAgE;IAC3H,0CAA0C,+CAA+C;IACzF,iDAAiD,sDAAsD;IACvG,6DAA6D,kEAAkE;IAC/H,gDAAgD,qDAAqD;IACrG,kDAAkD,uDAAuD;IACzG,wDAAwD,6DAA6D;IACrH,uCAAuC,4CAA4C;IACnF,mCAAmC,wCAAwC;IAC3E,gCAAgC,qCAAqC;IACrE,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,wCAAwC,6CAA6C;IACrF,uCAAuC,4CAA4C;IACnF,0CAA0C,+CAA+C;IACzF,2CAA2C,gDAAgD;IAC3F,kCAAkC,uCAAuC;IACzE,gCAAgC,qCAAqC;IACrE,+CAA+C,oDAAoD;IACnG,mCAAmC,wCAAwC;IAC3E,mCAAmC,wCAAwC;IAC3E,qCAAqC,0CAA0C;IAC/E,mCAAmC,wCAAwC;IAC3E,oDAAoD,yDAAyD;IAC7G,6BAA6B,kCAAkC;IAC/D,0DAA0D,+DAA+D;IACzH,qCAAqC,0CAA0C;IAC/E,yCAAyC,8CAA8C;IACvF,sCAAsC,2CAA2C;IACjF,qCAAqC,0CAA0C;IAC/E,yCAAyC,8CAA8C;IACvF,wCAAwC,6CAA6C;IACrF,6BAA6B,kCAAkC;IAC/D,wCAAwC,6CAA6C;IACrF,2CAA2C,gDAAgD;IAC3F,kDAAkD,uDAAuD;IACzG,kDAAkD,uDAAuD;IACzG,0CAA0C,+CAA+C;IACzF,0CAA0C,+CAA+C;IACzF,kCAAkC,uCAAuC;IACzE,4CAA4C,iDAAiD;IAC7F,6CAA6C,kDAAkD;IAC/F,uCAAuC,4CAA4C;IACnF,qDAAqD,0DAA0D;IAC/G,gDAAgD,qDAAqD;IACrG,0BAA0B,+BAA+B;IACzD,iDAAiD,sDAAsD;IACvG,sCAAsC,2CAA2C;IACjF,6DAA6D,kEAAkE;IAC/H,6CAA6C,kDAAkD;IAC/F,yCAAyC,8CAA8C;IACvF,gCAAgC,qCAAqC;IACrE,4CAA4C,iDAAiD;IAC7F,2CAA2C,gDAAgD;IAC3F,uDAAuD,4DAA4D;IACnH,qDAAqD,0DAA0D;IAC/G,oDAAoD,yDAAyD;IAC7G,8DAA8D,mEAAmE;IACjI,+CAA+C,oDAAoD;IACnG,8CAA8C,mDAAmD;IACjG,kDAAkD,uDAAuD;IACzG,uCAAuC,4CAA4C;IACnF,0CAA0C,+CAA+C;IACzF,gDAAgD,qDAAqD;IACrG,qCAAqC,0CAA0C;IAC/E,4DAA4D,iEAAiE;IAC7H,4CAA4C,iDAAiD;IAC7F,sDAAsD,2DAA2D;IACjH,kDAAkD,uDAAuD;IACzG,2CAA2C,gDAAgD;IAC3F,2BAA2B,gCAAgC;IAC3D,8BAA8B,mCAAmC;IACjE,wCAAwC,6CAA6C;IACrF,+CAA+C,oDAAoD;IACnG,2CAA2C,gDAAgD;IAC3F,oDAAoD,yDAAyD;IAC7G,qDAAqD,0DAA0D;IAC/G,sDAAsD,2DAA2D;IACjH,+BAA+B,oCAAoC;IACnE,+BAA+B,oCAAoC;IACnE,iDAAiD,sDAAsD;IACvG,qDAAqD,0DAA0D;IAC/G,0DAA0D,+DAA+D;IACzH,2BAA2B,gCAAgC;IAC3D,4BAA4B,iCAAiC;IAC7D,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,mCAAmC,wCAAwC;IAC3E,oCAAoC,yCAAyC;IAC7E,yBAAyB,8BAA8B;IACvD,iCAAiC,sCAAsC;IACvE,wCAAwC,6CAA6C;IACrF,2BAA2B,gCAAgC;IAC3D,yBAAyB,8BAA8B;IACvD,iCAAiC,sCAAsC;IACvE,kCAAkC,uCAAuC;IACzE,4CAA4C,iDAAiD;IAC7F,oCAAoC,yCAAyC;IAC7E,gDAAgD,qDAAqD;IACrG,8CAA8C,mDAAmD;IACjG,iEAAiE,sEAAsE;IACvI,gDAAgD,qDAAqD;IACrG,kDAAkD,uDAAuD;IACzG,iDAAiD,sDAAsD;IACvG,2CAA2C,gDAAgD;IAC3F,sBAAsB,2BAA2B;IACjD,6BAA6B,kCAAkC;IAC/D,4CAA4C,iDAAiD;IAC7F,oBAAoB,yBAAyB;IAC7C,oBAAoB,yBAAyB;IAC7C,gBAAgB,qBAAqB;IACrC,wBAAwB,6BAA6B;IACrD,0BAA0B,+BAA+B;IACzD,sBAAsB,2BAA2B;IACjD,+BAA+B,oCAAoC;CACpE"}

package/dist/types/src/core/grant-authorization.d.ts

@@ -0,0 +1,43 @@
+import type { GenericMessage } from '../types/message-types.js';
+import type { MessageStore } from '../types/message-store.js';
+import type { PermissionGrant } from '../protocols/permission-grant.js';
+export declare class GrantAuthorization {
+    /**
+     * Performs base permissions-grant-based authorization against the given message:
+     * 1. Validates the `expectedGrantor` and `expectedGrantee` values against the actual values in given permission grant.
+     * 2. Verifies that the incoming message is within the allowed time frame of the grant, and the grant has not been revoked.
+     * 3. Verifies that the `interface` and `method` grant scopes match the incoming message.
+     *
+     * NOTE: Does not validate grant `conditions` or `scope` beyond `interface` and `method`
+     *
+     * @param messageStore Used to check if the grant has been revoked.
+     * @throws {DwnError} if validation fails
+     */
+    static performBaseValidation(input: {
+        incomingMessage: GenericMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Verifies the given `expectedGrantor` and `expectedGrantee` values against
+     * the actual signer and recipient in given permission grant.
+     * @throws {DwnError} if `expectedGrantor` or `expectedGrantee` do not match the actual values in the grant.
+     */
+    private static verifyExpectedGrantorAndGrantee;
+    /**
+     * Verify that the incoming message is within the allowed time frame of the grant,
+     * and the grant has not been revoked.
+     * @param messageStore Used to check if the grant has been revoked.
+     * @throws {DwnError} if incomingMessage has timestamp for a time in which the grant is not active.
+     */
+    private static verifyGrantActive;
+    /**
+     * Verify that the `interface` and `method` grant scopes match the incoming message
+     * @param permissionGrantId Purely being passed for logging purposes.
+     * @throws {DwnError} if the `interface` and `method` of the incoming message do not match the scope of the permission grant.
+     */
+    private static verifyGrantScopeInterfaceAndMethod;
+}
+//# sourceMappingURL=grant-authorization.d.ts.map

package/dist/types/src/core/grant-authorization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAKxE,qBAAa,kBAAkB;IAE7B;;;;;;;;;;OAUG;WACiB,qBAAqB,CAAC,KAAK,EAAE;QAC/C,eAAe,EAAE,cAAc,CAAC;QAChC,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC1B,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBnB;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,+BAA+B;IAuB9C;;;;;OAKG;mBACkB,iBAAiB;IAwCtC;;;;OAIG;mBACkB,kCAAkC;CAkBxD"}

package/dist/types/src/core/message-reply.d.ts

@@ -0,0 +1,32 @@
+import type { MessagesReadReplyEntry } from '../types/messages-types.js';
+import type { PaginationCursor } from '../types/query-types.js';
+import type { ProtocolsConfigureMessage } from '../types/protocols-types.js';
+import type { RecordsReadReplyEntry } from '../types/records-types.js';
+import type { GenericMessageReply, MessageSubscription, QueryResultEntry } from '../types/message-types.js';
+export declare function messageReplyFromError(e: unknown, code: number): GenericMessageReply;
+/**
+ * Catch-all message reply type. It is recommended to use GenericMessageReply or a message-specific reply type wherever possible.
+ */
+export type UnionMessageReply = GenericMessageReply & {
+    /**
+     * A container for the data returned from a `RecordsRead` or `MessagesRead`.
+     * Mutually exclusive with (`entries` + `cursor`) and `subscription`.
+     */
+    entry?: MessagesReadReplyEntry & RecordsReadReplyEntry;
+    /**
+     * Resulting message entries or events returned from the invocation of the corresponding message.
+     * e.g. the resulting messages from a RecordsQuery, or array of messageCid strings for MessagesQuery
+     * Mutually exclusive with `record`.
+     */
+    entries?: QueryResultEntry[] | ProtocolsConfigureMessage[] | string[];
+    /**
+     * A cursor for pagination if applicable (e.g. RecordsQuery).
+     * Mutually exclusive with `record`.
+     */
+    cursor?: PaginationCursor;
+    /**
+     * A subscription object if a subscription was requested.
+     */
+    subscription?: MessageSubscription;
+};
+//# sourceMappingURL=message-reply.d.ts.map

package/dist/types/src/core/message-reply.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"message-reply.d.ts","sourceRoot":"","sources":["../../../../src/core/message-reply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACzE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAC7E,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAE5G,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAKnF;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,GAAG;IACpD;;;OAGG;IACH,KAAK,CAAC,EAAE,sBAAsB,GAAG,qBAAqB,CAAC;IAEvD;;;;OAIG;IACH,OAAO,CAAC,EAAE,gBAAgB,EAAE,GAAG,yBAAyB,EAAE,GAAG,MAAM,EAAE,CAAC;IAEtE;;;OAGG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC,CAAC"}

package/dist/types/src/core/message.d.ts

@@ -0,0 +1,94 @@
+import type { DataEncodedRecordsWriteMessage } from '../types/records-types.js';
+import type { GeneralJws } from '../types/jws-types.js';
+import type { Signer } from '../types/signer.js';
+import type { AuthorizationModel, Descriptor, GenericMessage, GenericSignaturePayload } from '../types/message-types.js';
+/**
+ * A class containing utility methods for working with DWN messages.
+ */
+export declare class Message {
+    /**
+     * Gets the DID of the author of the given message.
+     */
+    static getAuthor(message: GenericMessage): string | undefined;
+    /**
+     * Validates the given message against the corresponding JSON schema.
+     * @throws {Error} if fails validation.
+     */
+    static validateJsonSchema(rawMessage: any): void;
+    /**
+     * Gets the DID of the signer of the given message, returns `undefined` if message is not signed.
+     */
+    static getSigner(message: GenericMessage): string | undefined;
+    /**
+     * Gets the CID of the given message.
+     */
+    static getCid(message: GenericMessage): Promise<string>;
+    /**
+     * Compares message CID in lexicographical order according to the spec.
+     * @returns 1 if `a` is larger than `b`; -1 if `a` is smaller/older than `b`; 0 otherwise (same message)
+     */
+    static compareCid(a: GenericMessage, b: GenericMessage): Promise<number>;
+    /**
+     * Creates the `authorization` property to be included in a DWN message.
+     * @param signer Message signer.
+     * @returns {AuthorizationModel} used as an `authorization` property.
+     */
+    static createAuthorization(input: {
+        descriptor: Descriptor;
+        signer: Signer;
+        delegatedGrant?: DataEncodedRecordsWriteMessage;
+        permissionGrantId?: string;
+        protocolRole?: string;
+    }): Promise<AuthorizationModel>;
+    /**
+     * Creates a generic signature from the given DWN message descriptor by including `descriptorCid` as the required property in the signature payload.
+     * NOTE: there is an opportunity to consolidate RecordsWrite.createSignerSignature() wth this method
+     */
+    static createSignature(descriptor: Descriptor, signer: Signer, additionalPayloadProperties?: {
+        delegatedGrantId?: string;
+        permissionGrantId?: string;
+        protocolRole?: string;
+    }): Promise<GeneralJws>;
+    /**
+     * @returns newest message in the array. `undefined` if given array is empty.
+     */
+    static getNewestMessage(messages: GenericMessage[]): Promise<GenericMessage | undefined>;
+    /**
+     * @returns oldest message in the array. `undefined` if given array is empty.
+     */
+    static getOldestMessage(messages: GenericMessage[]): Promise<GenericMessage | undefined>;
+    /**
+     * Checks if first message is newer than second message.
+     * @returns `true` if `a` is newer than `b`; `false` otherwise
+     */
+    static isNewer(a: GenericMessage, b: GenericMessage): Promise<boolean>;
+    /**
+     * Checks if first message is older than second message.
+     * @returns `true` if `a` is older than `b`; `false` otherwise
+     */
+    static isOlder(a: GenericMessage, b: GenericMessage): Promise<boolean>;
+    /**
+     * See if the given message is signed by an author-delegate.
+     */
+    static isSignedByAuthorDelegate(message: GenericMessage): boolean;
+    /**
+     * See if the given message is signed by an owner-delegate.
+     */
+    static isSignedByOwnerDelegate(message: GenericMessage): boolean;
+    /**
+     * Compares the `messageTimestamp` of the given messages with a fallback to message CID according to the spec.
+     * @returns 1 if `a` is larger/newer than `b`; -1 if `a` is smaller/older than `b`; 0 otherwise (same age)
+     */
+    static compareMessageTimestamp(a: GenericMessage, b: GenericMessage): Promise<number>;
+    /**
+     * Validates the structural integrity of the message signature given:
+     * 1. The message signature must contain exactly 1 signature
+     * 2. Passes JSON schema validation
+     * 3. The `descriptorCid` property matches the CID of the message descriptor
+     * NOTE: signature is NOT verified.
+     * @param payloadJsonSchemaKey The key to look up the JSON schema referenced in `compile-validators.js` and perform payload schema validation on.
+     * @returns the parsed JSON payload object if validation succeeds.
+     */
+    static validateSignatureStructure(messageSignature: GeneralJws, messageDescriptor: Descriptor, payloadJsonSchemaKey?: string): Promise<GenericSignaturePayload>;
+}
+//# sourceMappingURL=message.d.ts.map

package/dist/types/src/core/message.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"message.d.ts","sourceRoot":"","sources":["../../../../src/core/message.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,8BAA8B,EAAE,MAAM,2BAA2B,CAAC;AAChF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,kBAAkB,EAAE,UAAU,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAWzH;;GAEG;AACH,qBAAa,OAAO;IAElB;;OAEG;WACW,SAAS,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,GAAG,SAAS;IAepE;;;OAGG;WACW,kBAAkB,CAAC,UAAU,EAAE,GAAG,GAAG,IAAI;IASvD;;OAEG;WACW,SAAS,CAAC,OAAO,EAAE,cAAc,GAAG,MAAM,GAAG,SAAS;IASpE;;OAEG;WACiB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAgBpE;;;OAGG;WACiB,UAAU,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAOrF;;;;OAIG;WACiB,mBAAmB,CAAC,KAAK,EAAE;QAC7C,UAAU,EAAE,UAAU,CAAC;QACvB,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,8BAA8B,CAAC;QAChD,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAC3B,YAAY,CAAC,EAAE,MAAM,CAAA;KACtB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAqB/B;;;OAGG;WACiB,eAAe,CACjC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,EACd,2BAA2B,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QAAC,YAAY,CAAC,EAAE,MAAM,CAAA;KAAE,GAC7G,OAAO,CAAC,UAAU,CAAC;IActB;;OAEG;WACiB,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;IAWrG;;OAEG;WACiB,gBAAgB,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;IAWrG;;;OAGG;WACiB,OAAO,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;IAKnF;;;OAGG;WACiB,OAAO,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC;IAKnF;;OAEG;WACW,wBAAwB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO;IAIxE;;OAEG;WACW,uBAAuB,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO;IAIvE;;;OAGG;WACiB,uBAAuB,CAAC,CAAC,EAAE,cAAc,EAAE,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAYlG;;;;;;;;OAQG;WACiB,0BAA0B,CAC5C,gBAAgB,EAAE,UAAU,EAC5B,iBAAiB,EAAE,UAAU,EAC7B,oBAAoB,GAAE,MAAkC,GACvD,OAAO,CAAC,uBAAuB,CAAC;CAuBpC"}

package/dist/types/src/core/messages-grant-authorization.d.ts

@@ -0,0 +1,34 @@
+import type { GenericMessage } from '../types/message-types.js';
+import type { MessageStore } from '../types/message-store.js';
+import type { PermissionGrant } from '../protocols/permission-grant.js';
+import type { MessagesQueryMessage, MessagesReadMessage, MessagesSubscribeMessage } from '../types/messages-types.js';
+export declare class MessagesGrantAuthorization {
+    /**
+     * Authorizes a MessagesReadMessage using the given permission grant.
+     * @param messageStore Used to check if the given grant has been revoked; and to fetch related RecordsWrites if needed.
+     */
+    static authorizeMessagesRead(input: {
+        messagesReadMessage: MessagesReadMessage;
+        messageToRead: GenericMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Authorizes the scope of a permission grant for MessagesQuery or MessagesSubscribe.
+     * @param messageStore Used to check if the grant has been revoked.
+     */
+    static authorizeQueryOrSubscribe(input: {
+        incomingMessage: MessagesQueryMessage | MessagesSubscribeMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Verifies the given record against the scope of the given grant.
+     */
+    private static verifyScope;
+}
+//# sourceMappingURL=messages-grant-authorization.d.ts.map

package/dist/types/src/core/messages-grant-authorization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"messages-grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/messages-grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAGxE,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AAStH,qBAAa,0BAA0B;IAErC;;;OAGG;WACiB,qBAAqB,CAAC,KAAK,EAAE;QAC/C,mBAAmB,EAAE,mBAAmB,CAAC;QACzC,aAAa,EAAE,cAAc,CAAC;QAC9B,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBjB;;;OAGG;WACiB,yBAAyB,CAAC,KAAK,EAAE;QACnD,eAAe,EAAE,oBAAoB,GAAG,wBAAwB,CAAC;QACjE,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BjB;;OAEG;mBACkB,WAAW;CAgDjC"}

package/dist/types/src/core/protocol-authorization.d.ts

@@ -0,0 +1,103 @@
+import type { MessageStore } from '../types/message-store.js';
+import type { RecordsDelete } from '../interfaces/records-delete.js';
+import type { RecordsQuery } from '../interfaces/records-query.js';
+import type { RecordsRead } from '../interfaces/records-read.js';
+import type { RecordsSubscribe } from '../interfaces/records-subscribe.js';
+import { RecordsWrite } from '../interfaces/records-write.js';
+export declare class ProtocolAuthorization {
+    /**
+     * Performs validation on the structure of RecordsWrite messages that use a protocol.
+     * @throws {Error} if validation fails.
+     */
+    static validateReferentialIntegrity(tenant: string, incomingMessage: RecordsWrite, messageStore: MessageStore): Promise<void>;
+    /**
+     * Performs protocol-based authorization against the incoming RecordsWrite message.
+     * @throws {Error} if authorization fails.
+     */
+    static authorizeWrite(tenant: string, incomingMessage: RecordsWrite, messageStore: MessageStore): Promise<void>;
+    /**
+     * Performs protocol-based authorization against the incoming `RecordsRead` message.
+     * @param newestRecordsWrite The latest RecordsWrite associated with the recordId being read.
+     * @throws {Error} if authorization fails.
+     */
+    static authorizeRead(tenant: string, incomingMessage: RecordsRead, newestRecordsWrite: RecordsWrite, messageStore: MessageStore): Promise<void>;
+    static authorizeQueryOrSubscribe(tenant: string, incomingMessage: RecordsQuery | RecordsSubscribe, messageStore: MessageStore): Promise<void>;
+    /**
+     * Performs protocol-based authorization against the incoming `RecordsDelete` message.
+     * @param recordsWrite A `RecordsWrite` of the record being deleted.
+     */
+    static authorizeDelete(tenant: string, incomingMessage: RecordsDelete, recordsWrite: RecordsWrite, messageStore: MessageStore): Promise<void>;
+    /**
+     * Fetches the protocol definition based on the protocol specified in the given message.
+     */
+    private static fetchProtocolDefinition;
+    /**
+     * Constructs the chain of EXISTING records in the datastore where the first record is the root initial `RecordsWrite` of the record chain
+     * and last record is the initial `RecordsWrite` of the descendant record specified.
+     * @param descendantRecordId The ID of the descendent record to start constructing the record chain from by repeatedly looking up the parent.
+     * @returns the record chain where each record is represented by its initial `RecordsWrite`;
+     *          returns empty array if `descendantRecordId` is `undefined`.
+     * @throws {DwnError} if `descendantRecordId` is defined but any initial `RecordsWrite` is not found in the chain of records.
+     */
+    private static constructRecordChain;
+    /**
+     * Fetches the initial RecordsWrite message associated with the given (tenant + recordId).
+     */
+    private static fetchInitialWrite;
+    /**
+     * Gets the rule set corresponding to the given protocolPath.
+     */
+    private static getRuleSet;
+    /**
+     * Verifies the `protocolPath` declared in the given message (if it is a RecordsWrite) matches the path of actual record chain.
+     * @throws {DwnError} if fails verification.
+     */
+    private static verifyProtocolPathAndContextId;
+    /**
+     * Verifies the `dataFormat` and `schema` declared in the given message (if it is a RecordsWrite) matches dataFormat
+     * and schema of the type in the given protocol.
+     * @throws {DwnError} if fails verification.
+     */
+    private static verifyType;
+    /**
+     * Check if the incoming message is invoking a role. If so, validate the invoked role.
+     */
+    private static verifyInvokedRole;
+    /**
+     * Returns all the ProtocolActions that would authorized the incoming message
+     * (but we still need to later verify if there is a rule defined that matches one of the actions).
+     * NOTE: the reason why there could be multiple actions is because:
+     * - In case of an initial RecordsWrite, the RecordsWrite can be authorized by an allow `create` or `write` rule.
+     * - In case of a non-initial RecordsWrite by the original record author, the RecordsWrite can be authorized by a `write` or `co-update` rule.
+     *
+     * It is important to recognize that the `write` access that allowed the original record author to create the record maybe revoked
+     * (e.g. by role revocation) by the time a "non-initial" write by the same author is attempted.
+     */
+    private static getActionsSeekingARuleMatch;
+    /**
+     * Verifies the given message is authorized by one of the action rules in the given protocol rule set.
+     * @throws {Error} if action not allowed.
+     */
+    private static authorizeAgainstAllowedActions;
+    /**
+     * Verifies that writes adhere to the $size constraints if provided
+     * @throws {Error} if size is exceeded.
+     */
+    private static verifySizeLimit;
+    private static verifyTagsIfNeeded;
+    /**
+     * If the given RecordsWrite is not a role record, this method does nothing and succeeds immediately.
+     *
+     * Else it verifies the validity of the given `RecordsWrite` as a role record, including:
+     * 1. The same role has not been assigned to the same entity/recipient.
+     */
+    private static verifyAsRoleRecordIfNeeded;
+    private static getRuleSetAtProtocolPath;
+    /**
+     * Checks if the `who: 'author' | 'recipient'` action rule has a matching record in the record chain.
+     * @returns `true` if the action rule is satisfied; `false` otherwise.
+     */
+    private static checkActor;
+    private static getTypeName;
+}
+//# sourceMappingURL=protocol-authorization.d.ts.map

package/dist/types/src/core/protocol-authorization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocol-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/protocol-authorization.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAQ3E,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAK9D,qBAAa,qBAAqB;IAEhC;;;OAGG;WACiB,4BAA4B,CAC9C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC;IA0ChB;;;OAGG;WACiB,cAAc,CAChC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC;IA8ChB;;;;OAIG;WACiB,aAAa,CAC/B,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,WAAW,EAC5B,kBAAkB,EAAE,YAAY,EAChC,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC;WAsCI,yBAAyB,CAC3C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,gBAAgB,EAChD,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC;IAoChB;;;OAGG;WACiB,eAAe,CACjC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,aAAa,EAC9B,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC;IAuChB;;OAEG;mBACkB,uBAAuB;IA0B5C;;;;;;;OAOG;mBACkB,oBAAoB;IAoCzC;;OAEG;mBACkB,iBAAiB;IAqBtC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IAYzB;;;OAGG;mBACkB,8BAA8B;IAwDnD;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;IAuCzB;;OAEG;mBACkB,iBAAiB;IAgEtC;;;;;;;;;OASG;mBACkB,2BAA2B;IA+EhD;;;OAGG;mBACkB,8BAA8B;IA+FnD;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,eAAe;IAqB9B,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAmCjC;;;;;OAKG;mBACkB,0BAA0B;IAoD/C,OAAO,CAAC,MAAM,CAAC,wBAAwB;IAmBvC;;;OAGG;mBACkB,UAAU;IA2B/B,OAAO,CAAC,MAAM,CAAC,WAAW;CAG3B"}

package/dist/types/src/core/protocols-grant-authorization.d.ts

@@ -0,0 +1,31 @@
+import type { MessageStore } from '../types/message-store.js';
+import type { PermissionGrant } from '../protocols/permission-grant.js';
+import type { ProtocolsConfigureMessage, ProtocolsQueryMessage } from '../types/protocols-types.js';
+export declare class ProtocolsGrantAuthorization {
+    /**
+     * Authorizes the given ProtocolsConfigure in the scope of the DID given.
+     */
+    static authorizeConfigure(input: {
+        protocolsConfigureMessage: ProtocolsConfigureMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Authorizes the scope of a permission grant for a ProtocolsQuery message.
+     * @param messageStore Used to check if the grant has been revoked.
+     */
+    static authorizeQuery(input: {
+        expectedGrantor: string;
+        expectedGrantee: string;
+        incomingMessage: ProtocolsQueryMessage;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Verifies a ProtocolsConfigure against the scope of the given grant.
+     */
+    private static verifyScope;
+}
+//# sourceMappingURL=protocols-grant-authorization.d.ts.map

package/dist/types/src/core/protocols-grant-authorization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"protocols-grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/protocols-grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAExE,OAAO,KAAK,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAKpG,qBAAa,2BAA2B;IACtC;;OAEG;WACiB,kBAAkB,CAAC,KAAK,EAAE;QAC5C,yBAAyB,EAAE,yBAAyB,CAAC;QACrD,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjB;;;OAGG;WACiB,cAAc,CAAC,KAAK,EAAE;QACxC,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,qBAAqB,CAAC;QACvC,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;CAiB3B"}

package/dist/types/src/core/records-grant-authorization.d.ts

@@ -0,0 +1,60 @@
+import type { MessageStore } from '../types/message-store.js';
+import type { PermissionGrant } from '../protocols/permission-grant.js';
+import type { RecordsDeleteMessage, RecordsQueryMessage, RecordsReadMessage, RecordsSubscribeMessage, RecordsWriteMessage } from '../types/records-types.js';
+export declare class RecordsGrantAuthorization {
+    /**
+     * Authorizes the given RecordsWrite in the scope of the DID given.
+     */
+    static authorizeWrite(input: {
+        recordsWriteMessage: RecordsWriteMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Authorizes a RecordsReadMessage using the given permission grant.
+     * @param messageStore Used to check if the given grant has been revoked.
+     */
+    static authorizeRead(input: {
+        recordsReadMessage: RecordsReadMessage;
+        recordsWriteMessageToBeRead: RecordsWriteMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Authorizes the scope of a permission grant for RecordsQuery or RecordsSubscribe.
+     * @param messageStore Used to check if the grant has been revoked.
+     */
+    static authorizeQueryOrSubscribe(input: {
+        incomingMessage: RecordsQueryMessage | RecordsSubscribeMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Authorizes the scope of a permission grant for RecordsDelete.
+     * @param messageStore Used to check if the grant has been revoked.
+     */
+    static authorizeDelete(input: {
+        recordsDeleteMessage: RecordsDeleteMessage;
+        recordsWriteToDelete: RecordsWriteMessage;
+        expectedGrantor: string;
+        expectedGrantee: string;
+        permissionGrant: PermissionGrant;
+        messageStore: MessageStore;
+    }): Promise<void>;
+    /**
+     * Verifies a record against the scope of the given grant.
+     */
+    private static verifyScope;
+    /**
+     * Verifies grant `conditions`.
+     * Currently the only condition is `published` which only applies to RecordsWrites
+     */
+    private static verifyConditions;
+}
+//# sourceMappingURL=records-grant-authorization.d.ts.map

package/dist/types/src/core/records-grant-authorization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"records-grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/records-grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAExE,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAM7J,qBAAa,yBAAyB;IACpC;;OAEG;WACiB,cAAc,CAAC,KAAK,EAAE;QACxC,mBAAmB,EAAE,mBAAmB,CAAC;QACzC,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAmBjB;;;OAGG;WACiB,aAAa,CAAC,KAAK,EAAE;QACvC,kBAAkB,EAAE,kBAAkB,CAAC;QACvC,2BAA2B,EAAE,mBAAmB,CAAC;QACjD,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBjB;;;OAGG;WACiB,yBAAyB,CAAC,KAAK,EAAE;QACnD,eAAe,EAAE,mBAAmB,GAAG,uBAAuB,CAAC;QAC/D,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BjB;;;OAGG;WACiB,eAAe,CAAC,KAAK,EAAE;QACzC,oBAAoB,EAAE,oBAAoB,CAAC;QAC3C,oBAAoB,EAAE,mBAAmB,CAAC;QAC1C,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IA0BjB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAgC1B;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;CAkBhC"}