@enbox/dwn-sdk-js 0.4.0 → 0.4.1

package/dist/types/src/core/dwn-error.d.ts

@@ -19,7 +19,6 @@ export declare enum DwnErrorCode {
     EventLogNotOpenError = "EventLogNotOpenError",
     EventLogProgressGap = "EventLogProgressGap",
     MessagesGrantAuthorizationMismatchedProtocol = "MessagesGrantAuthorizationMismatchedProtocol",
-    MessagesGrantAuthorizationProtocolSyncInfrastructureProtocol = "MessagesGrantAuthorizationProtocolSyncInfrastructureProtocol",
     MessagesGrantAuthorizationSubscribeProtocolMismatch = "MessagesGrantAuthorizationSubscribeProtocolMismatch",
     MessagesGrantAuthorizationUnfilteredSubscribeProtocolScope = "MessagesGrantAuthorizationUnfilteredSubscribeProtocolScope",
     MessagesSubscribeAuthorizationFailed = "MessagesSubscribeAuthorizationFailed",
@@ -44,6 +43,13 @@ export declare enum DwnErrorCode {
     IndexInvalidSortPropertyInMemory = "IndexInvalidSortPropertyInMemory",
     IndexMissingIndexableProperty = "IndexMissingIndexableProperty",
     JwsDecodePlainObjectPayloadInvalid = "JwsDecodePlainObjectPayloadInvalid",
+    MessageStoreDeleteLogEntryMissing = "MessageStoreDeleteLogEntryMissing",
+    MessageStoreFingerprintScopeMutation = "MessageStoreFingerprintScopeMutation",
+    MessageStorePreSubstrateLayout = "MessageStorePreSubstrateLayout",
+    MessageStoreReplicationPositionOverflow = "MessageStoreReplicationPositionOverflow",
+    MessageStoreUpdateMessageAndIndexesCidMismatch = "MessageStoreUpdateMessageAndIndexesCidMismatch",
+    MessageStoreUpdateMessageAndIndexesMessageNotFound = "MessageStoreUpdateMessageAndIndexesMessageNotFound",
+    MessageStoreUpdateIndexesMessageNotFound = "MessageStoreUpdateIndexesMessageNotFound",
     MessagePermissionGrantCreateInvocationAmbiguous = "MessagePermissionGrantCreateInvocationAmbiguous",
     MessagePermissionGrantDescriptorPayloadMismatch = "MessagePermissionGrantDescriptorPayloadMismatch",
     MessagePermissionGrantIdsDescriptorPayloadMismatch = "MessagePermissionGrantIdsDescriptorPayloadMismatch",
@@ -51,11 +57,11 @@ export declare enum DwnErrorCode {
     MessagePermissionGrantIdsNotCanonical = "MessagePermissionGrantIdsNotCanonical",
     MessagePermissionGrantValidateInvocationAmbiguous = "MessagePermissionGrantValidateInvocationAmbiguous",
     MessagesReadInvalidCid = "MessagesReadInvalidCid",
+    MessagesQueryAuthorizationFailed = "MessagesQueryAuthorizationFailed",
+    MessagesQueryReplicationFeedUnimplemented = "MessagesQueryReplicationFeedUnimplemented",
     MessagesReadAuthorizationFailed = "MessagesReadAuthorizationFailed",
     MessageGetInvalidCid = "MessageGetInvalidCid",
     MessagesReadVerifyScopeFailed = "MessagesReadVerifyScopeFailed",
-    MessagesSyncAuthorizationFailed = "MessagesSyncAuthorizationFailed",
-    MessagesSyncInvalidPrefix = "MessagesSyncInvalidPrefix",
     ParseCidCodecNotSupported = "ParseCidCodecNotSupported",
     ParseCidMultihashNotSupported = "ParseCidMultihashNotSupported",
     PermissionsProtocolCreateGrantScopeContextIdProtocolPathConflict = "PermissionsProtocolCreateGrantScopeContextIdProtocolPathConflict",
@@ -97,7 +103,6 @@ export declare enum DwnErrorCode {
     ProtocolAuthorizationMatchingRoleRecordNotFound = "ProtocolAuthorizationMatchingRoleRecordNotFound",
     ProtocolAuthorizationMaxSizeInvalid = "ProtocolAuthorizationMaxSizeInvalid",
     ProtocolAuthorizationMinSizeInvalid = "ProtocolAuthorizationMinSizeInvalid",
-    ProtocolAuthorizationRecordLimitExceeded = "ProtocolAuthorizationRecordLimitExceeded",
     ProtocolAuthorizationRecordLimitStrategyNotImplemented = "ProtocolAuthorizationRecordLimitStrategyNotImplemented",
     ProtocolAuthorizationSquashNotEnabled = "ProtocolAuthorizationSquashNotEnabled",
     ProtocolAuthorizationSquashNotInitialWrite = "ProtocolAuthorizationSquashNotInitialWrite",
@@ -150,6 +155,7 @@ export declare enum DwnErrorCode {
     RecordsAuthorDelegatedGrantNotADelegatedGrant = "RecordsAuthorDelegatedGrantNotADelegatedGrant",
     RecordsDecryptNoMatchingKeyEncryptedFound = "RecordsDecryptNoMatchingKeyEncryptedFound",
     RecordsCountFilterMissingRequiredProperties = "RecordsCountFilterMissingRequiredProperties",
+    RecordsCountNestedProtocolPathContextIdInvalid = "RecordsCountNestedProtocolPathContextIdInvalid",
     RecordsQueryCreateFilterPublishedSortInvalid = "RecordsQueryCreateFilterPublishedSortInvalid",
     RecordsQueryParseFilterPublishedSortInvalid = "RecordsQueryParseFilterPublishedSortInvalid",
     RecordsGrantAuthorizationConditionPublicationProhibited = "RecordsGrantAuthorizationConditionPublicationProhibited",
@@ -167,10 +173,12 @@ export declare enum DwnErrorCode {
     RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch = "RecordsOwnerDelegatedGrantGrantedToAndOwnerSignatureMismatch",
     RecordsOwnerDelegatedGrantNotADelegatedGrant = "RecordsOwnerDelegatedGrantNotADelegatedGrant",
     RecordsQueryFilterMissingRequiredProperties = "RecordsQueryFilterMissingRequiredProperties",
+    RecordsQueryNestedProtocolPathContextIdInvalid = "RecordsQueryNestedProtocolPathContextIdInvalid",
     RecordsReadCreateFilterPublishedSortInvalid = "RecordsReadCreateFilterPublishedSortInvalid",
     RecordsReadParseFilterPublishedSortInvalid = "RecordsReadParseFilterPublishedSortInvalid",
     RecordsSubscribeEventLogUnimplemented = "RecordsSubscribeEventLogUnimplemented",
     RecordsSubscribeFilterMissingRequiredProperties = "RecordsSubscribeFilterMissingRequiredProperties",
+    RecordsSubscribeNestedProtocolPathContextIdInvalid = "RecordsSubscribeNestedProtocolPathContextIdInvalid",
     RecordsWriteAttestationIntegrityMoreThanOneSignature = "RecordsWriteAttestationIntegrityMoreThanOneSignature",
     RecordsWriteAttestationIntegrityDescriptorCidMismatch = "RecordsWriteAttestationIntegrityDescriptorCidMismatch",
     RecordsWriteAttestationIntegrityInvalidPayloadProperty = "RecordsWriteAttestationIntegrityInvalidPayloadProperty",

package/dist/types/src/core/dwn-error.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"dwn-error.d.ts","sourceRoot":"","sources":["../../../../src/core/dwn-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,QAAS,SAAQ,KAAK;IACb,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAKlD;AAED;;GAEG;AACH,oBAAY,YAAY;IACtB,sBAAsB,2BAA2B;IACjD,iCAAiC,sCAAsC;IACvE,8CAA8C,mDAAmD;IACjG,+BAA+B,oCAAoC;IACnE,2BAA2B,gCAAgC;IAC3D,+BAA+B,oCAAoC;IACnE,iBAAiB,sBAAsB;IACvC,oBAAoB,yBAAyB;IAC7C,mBAAmB,wBAAwB;IAC3C,4CAA4C,iDAAiD;IAC7F,4DAA4D,iEAAiE;IAC7H,mDAAmD,wDAAwD;IAC3G,0DAA0D,+DAA+D;IACzH,oCAAoC,yCAAyC;IAC7E,4CAA4C,iDAAiD;IAC7F,sCAAsC,2CAA2C;IACjF,sCAAsC,2CAA2C;IACjF,kCAAkC,uCAAuC;IACzE,4BAA4B,iCAAiC;IAC7D,4BAA4B,iCAAiC;IAC7D,8BAA8B,mCAAmC;IACjE,8BAA8B,mCAAmC;IACjE,8BAA8B,mCAAmC;IACjE,mCAAmC,wCAAwC;IAC3E,gCAAgC,qCAAqC;IACrE,qCAAqC,0CAA0C;IAC/E,oCAAoC,yCAAyC;IAC7E,mCAAmC,wCAAwC;IAC3E,0BAA0B,+BAA+B;IACzD,gCAAgC,qCAAqC;IACrE,2BAA2B,gCAAgC;IAC3D,8BAA8B,mCAAmC;IACjE,gCAAgC,qCAAqC;IACrE,6BAA6B,kCAAkC;IAC/D,kCAAkC,uCAAuC;IACzE,+CAA+C,oDAAoD;IACnG,+CAA+C,oDAAoD;IACnG,kDAAkD,uDAAuD;IACzG,8BAA8B,mCAAmC;IACjE,qCAAqC,0CAA0C;IAC/E,iDAAiD,sDAAsD;IACvG,sBAAsB,2BAA2B;IACjD,+BAA+B,oCAAoC;IACnE,oBAAoB,yBAAyB;IAC7C,6BAA6B,kCAAkC;IAC/D,+BAA+B,oCAAoC;IACnE,yBAAyB,8BAA8B;IACvD,yBAAyB,8BAA8B;IACvD,6BAA6B,kCAAkC;IAC/D,gEAAgE,qEAAqE;IACrI,yDAAyD,8DAA8D;IACvH,yDAAyD,8DAA8D;IACvH,kEAAkE,uEAAuE;IACzI,2DAA2D,gEAAgE;IAC3H,2DAA2D,gEAAgE;IAC3H,0CAA0C,+CAA+C;IACzF,iDAAiD,sDAAsD;IACvG,6DAA6D,kEAAkE;IAC/H,2DAA2D,gEAAgE;IAC3H,gDAAgD,qDAAqD;IACrG,kDAAkD,uDAAuD;IACzG,wDAAwD,6DAA6D;IACrH,wCAAwC,6CAA6C;IACrF,sCAAsC,2CAA2C;IACjF,oCAAoC,yCAAyC;IAC7E,gCAAgC,qCAAqC;IACrE,sCAAsC,2CAA2C;IACjF,0CAA0C,+CAA+C;IACzF,wCAAwC,6CAA6C;IACrF,kCAAkC,uCAAuC;IACzE,uCAAuC,4CAA4C;IACnF,mCAAmC,wCAAwC;IAC3E,gCAAgC,qCAAqC;IACrE,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,gDAAgD,qDAAqD;IACrG,wCAAwC,6CAA6C;IACrF,uCAAuC,4CAA4C;IACnF,0CAA0C,+CAA+C;IACzF,uDAAuD,4DAA4D;IACnH,2CAA2C,gDAAgD;IAC3F,uCAAuC,4CAA4C;IACnF,oCAAoC,yCAAyC;IAC7E,kCAAkC,uCAAuC;IACzE,gCAAgC,qCAAqC;IACrE,+CAA+C,oDAAoD;IACnG,mCAAmC,wCAAwC;IAC3E,mCAAmC,wCAAwC;IAC3E,wCAAwC,6CAA6C;IACrF,sDAAsD,2DAA2D;IACjH,qCAAqC,0CAA0C;IAC/E,0CAA0C,+CAA+C;IACzF,mCAAmC,wCAAwC;IAC3E,uDAAuD,4DAA4D;IACnH,0DAA0D,+DAA+D;IACzH,2DAA2D,gEAAgE;IAC3H,qCAAqC,0CAA0C;IAC/E,mCAAmC,wCAAwC;IAC3E,yCAAyC,8CAA8C;IACvF,oDAAoD,yDAAyD;IAC7G,6BAA6B,kCAAkC;IAC/D,0DAA0D,+DAA+D;IACzH,qCAAqC,0CAA0C;IAC/E,yCAAyC,8CAA8C;IACvF,sCAAsC,2CAA2C;IACjF,qCAAqC,0CAA0C;IAC/E,8CAA8C,mDAAmD;IACjG,yCAAyC,8CAA8C;IACvF,wCAAwC,6CAA6C;IACrF,iCAAiC,sCAAsC;IACvE,6CAA6C,kDAAkD;IAC/F,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,4CAA4C,iDAAiD;IAC7F,oCAAoC,yCAAyC;IAC7E,6BAA6B,kCAAkC;IAC/D,wCAAwC,6CAA6C;IACrF,8CAA8C,mDAAmD;IACjG,2CAA2C,gDAAgD;IAC3F,kDAAkD,uDAAuD;IACzG,iDAAiD,sDAAsD;IACvG,kDAAkD,uDAAuD;IACzG,wCAAwC,6CAA6C;IACrF,0CAA0C,+CAA+C;IACzF,0CAA0C,+CAA+C;IACzF,0CAA0C,+CAA+C;IACzF,kCAAkC,uCAAuC;IACzE,kCAAkC,uCAAuC;IACzE,wCAAwC,6CAA6C;IACrF,0CAA0C,+CAA+C;IACzF,4CAA4C,iDAAiD;IAC7F,6CAA6C,kDAAkD;IAC/F,qDAAqD,0DAA0D;IAC/G,gDAAgD,qDAAqD;IACrG,0BAA0B,+BAA+B;IACzD,iDAAiD,sDAAsD;IACvG,sCAAsC,2CAA2C;IACjF,6DAA6D,kEAAkE;IAC/H,6CAA6C,kDAAkD;IAC/F,yCAAyC,8CAA8C;IACvF,2CAA2C,gDAAgD;IAE3F,4CAA4C,iDAAiD;IAC7F,2CAA2C,gDAAgD;IAC3F,uDAAuD,4DAA4D;IACnH,qDAAqD,0DAA0D;IAC/G,oDAAoD,yDAAyD;IAC7G,8DAA8D,mEAAmE;IACjI,+CAA+C,oDAAoD;IACnG,sCAAsC,2CAA2C;IACjF,8CAA8C,mDAAmD;IACjG,kDAAkD,uDAAuD;IACzG,uCAAuC,4CAA4C;IACnF,0CAA0C,+CAA+C;IACzF,gDAAgD,qDAAqD;IACrG,qCAAqC,0CAA0C;IAC/E,4DAA4D,iEAAiE;IAC7H,4CAA4C,iDAAiD;IAE7F,2CAA2C,gDAAgD;IAE3F,2CAA2C,gDAAgD;IAC3F,0CAA0C,+CAA+C;IACzF,qCAAqC,0CAA0C;IAC/E,+CAA+C,oDAAoD;IAEnG,oDAAoD,yDAAyD;IAC7G,qDAAqD,0DAA0D;IAC/G,sDAAsD,2DAA2D;IAEjH,+BAA+B,oCAAoC;IACnE,iDAAiD,sDAAsD;IACvG,qDAAqD,0DAA0D;IAC/G,iCAAiC,sCAAsC;IACvE,2BAA2B,gCAAgC;IAC3D,4BAA4B,iCAAiC;IAC7D,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,mCAAmC,wCAAwC;IAC3E,oCAAoC,yCAAyC;IAC7E,yBAAyB,8BAA8B;IACvD,iCAAiC,sCAAsC;IACvE,wCAAwC,6CAA6C;IACrF,6BAA6B,kCAAkC;IAE/D,iCAAiC,sCAAsC;IACvE,kCAAkC,uCAAuC;IACzE,4CAA4C,iDAAiD;IAC7F,oCAAoC,yCAAyC;IAC7E,gDAAgD,qDAAqD;IACrG,8CAA8C,mDAAmD;IACjG,iEAAiE,sEAAsE;IACvI,gDAAgD,qDAAqD;IACrG,kDAAkD,uDAAuD;IACzG,iDAAiD,sDAAsD;IACvG,2CAA2C,gDAAgD;IAC3F,sBAAsB,2BAA2B;IACjD,6BAA6B,kCAAkC;IAC/D,4CAA4C,iDAAiD;IAC7F,oBAAoB,yBAAyB;IAC7C,oBAAoB,yBAAyB;IAC7C,gBAAgB,qBAAqB;IACrC,wBAAwB,6BAA6B;IACrD,0BAA0B,+BAA+B;IACzD,sBAAsB,2BAA2B;IACjD,+BAA+B,oCAAoC;CACpE"}
+{"version":3,"file":"dwn-error.d.ts","sourceRoot":"","sources":["../../../../src/core/dwn-error.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,qBAAa,QAAS,SAAQ,KAAK;IACb,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAKlD;AAED;;GAEG;AACH,oBAAY,YAAY;IACtB,sBAAsB,2BAA2B;IACjD,iCAAiC,sCAAsC;IACvE,8CAA8C,mDAAmD;IACjG,+BAA+B,oCAAoC;IACnE,2BAA2B,gCAAgC;IAC3D,+BAA+B,oCAAoC;IACnE,iBAAiB,sBAAsB;IACvC,oBAAoB,yBAAyB;IAC7C,mBAAmB,wBAAwB;IAC3C,4CAA4C,iDAAiD;IAC7F,mDAAmD,wDAAwD;IAC3G,0DAA0D,+DAA+D;IACzH,oCAAoC,yCAAyC;IAC7E,4CAA4C,iDAAiD;IAC7F,sCAAsC,2CAA2C;IACjF,sCAAsC,2CAA2C;IACjF,kCAAkC,uCAAuC;IACzE,4BAA4B,iCAAiC;IAC7D,4BAA4B,iCAAiC;IAC7D,8BAA8B,mCAAmC;IACjE,8BAA8B,mCAAmC;IACjE,8BAA8B,mCAAmC;IACjE,mCAAmC,wCAAwC;IAC3E,gCAAgC,qCAAqC;IACrE,qCAAqC,0CAA0C;IAC/E,oCAAoC,yCAAyC;IAC7E,mCAAmC,wCAAwC;IAC3E,0BAA0B,+BAA+B;IACzD,gCAAgC,qCAAqC;IACrE,2BAA2B,gCAAgC;IAC3D,8BAA8B,mCAAmC;IACjE,gCAAgC,qCAAqC;IACrE,6BAA6B,kCAAkC;IAC/D,kCAAkC,uCAAuC;IACzE,iCAAiC,sCAAsC;IACvE,oCAAoC,yCAAyC;IAC7E,8BAA8B,mCAAmC;IACjE,uCAAuC,4CAA4C;IACnF,8CAA8C,mDAAmD;IACjG,kDAAkD,uDAAuD;IACzG,wCAAwC,6CAA6C;IACrF,+CAA+C,oDAAoD;IACnG,+CAA+C,oDAAoD;IACnG,kDAAkD,uDAAuD;IACzG,8BAA8B,mCAAmC;IACjE,qCAAqC,0CAA0C;IAC/E,iDAAiD,sDAAsD;IACvG,sBAAsB,2BAA2B;IACjD,gCAAgC,qCAAqC;IACrE,yCAAyC,8CAA8C;IACvF,+BAA+B,oCAAoC;IACnE,oBAAoB,yBAAyB;IAC7C,6BAA6B,kCAAkC;IAC/D,yBAAyB,8BAA8B;IACvD,6BAA6B,kCAAkC;IAC/D,gEAAgE,qEAAqE;IACrI,yDAAyD,8DAA8D;IACvH,yDAAyD,8DAA8D;IACvH,kEAAkE,uEAAuE;IACzI,2DAA2D,gEAAgE;IAC3H,2DAA2D,gEAAgE;IAC3H,0CAA0C,+CAA+C;IACzF,iDAAiD,sDAAsD;IACvG,6DAA6D,kEAAkE;IAC/H,2DAA2D,gEAAgE;IAC3H,gDAAgD,qDAAqD;IACrG,kDAAkD,uDAAuD;IACzG,wDAAwD,6DAA6D;IACrH,wCAAwC,6CAA6C;IACrF,sCAAsC,2CAA2C;IACjF,oCAAoC,yCAAyC;IAC7E,gCAAgC,qCAAqC;IACrE,sCAAsC,2CAA2C;IACjF,0CAA0C,+CAA+C;IACzF,wCAAwC,6CAA6C;IACrF,kCAAkC,uCAAuC;IACzE,uCAAuC,4CAA4C;IACnF,mCAAmC,wCAAwC;IAC3E,gCAAgC,qCAAqC;IACrE,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,gDAAgD,qDAAqD;IACrG,wCAAwC,6CAA6C;IACrF,uCAAuC,4CAA4C;IACnF,0CAA0C,+CAA+C;IACzF,uDAAuD,4DAA4D;IACnH,2CAA2C,gDAAgD;IAC3F,uCAAuC,4CAA4C;IACnF,oCAAoC,yCAAyC;IAC7E,kCAAkC,uCAAuC;IACzE,gCAAgC,qCAAqC;IACrE,+CAA+C,oDAAoD;IACnG,mCAAmC,wCAAwC;IAC3E,mCAAmC,wCAAwC;IAC3E,sDAAsD,2DAA2D;IACjH,qCAAqC,0CAA0C;IAC/E,0CAA0C,+CAA+C;IACzF,mCAAmC,wCAAwC;IAC3E,uDAAuD,4DAA4D;IACnH,0DAA0D,+DAA+D;IACzH,2DAA2D,gEAAgE;IAC3H,qCAAqC,0CAA0C;IAC/E,mCAAmC,wCAAwC;IAC3E,yCAAyC,8CAA8C;IACvF,oDAAoD,yDAAyD;IAC7G,6BAA6B,kCAAkC;IAC/D,0DAA0D,+DAA+D;IACzH,qCAAqC,0CAA0C;IAC/E,yCAAyC,8CAA8C;IACvF,sCAAsC,2CAA2C;IACjF,qCAAqC,0CAA0C;IAC/E,8CAA8C,mDAAmD;IACjG,yCAAyC,8CAA8C;IACvF,wCAAwC,6CAA6C;IACrF,iCAAiC,sCAAsC;IACvE,6CAA6C,kDAAkD;IAC/F,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,4CAA4C,iDAAiD;IAC7F,oCAAoC,yCAAyC;IAC7E,6BAA6B,kCAAkC;IAC/D,wCAAwC,6CAA6C;IACrF,8CAA8C,mDAAmD;IACjG,2CAA2C,gDAAgD;IAC3F,kDAAkD,uDAAuD;IACzG,iDAAiD,sDAAsD;IACvG,kDAAkD,uDAAuD;IACzG,wCAAwC,6CAA6C;IACrF,0CAA0C,+CAA+C;IACzF,0CAA0C,+CAA+C;IACzF,0CAA0C,+CAA+C;IACzF,kCAAkC,uCAAuC;IACzE,kCAAkC,uCAAuC;IACzE,wCAAwC,6CAA6C;IACrF,0CAA0C,+CAA+C;IACzF,4CAA4C,iDAAiD;IAC7F,6CAA6C,kDAAkD;IAC/F,qDAAqD,0DAA0D;IAC/G,gDAAgD,qDAAqD;IACrG,0BAA0B,+BAA+B;IACzD,iDAAiD,sDAAsD;IACvG,sCAAsC,2CAA2C;IACjF,6DAA6D,kEAAkE;IAC/H,6CAA6C,kDAAkD;IAC/F,yCAAyC,8CAA8C;IACvF,2CAA2C,gDAAgD;IAC3F,8CAA8C,mDAAmD;IAEjG,4CAA4C,iDAAiD;IAC7F,2CAA2C,gDAAgD;IAC3F,uDAAuD,4DAA4D;IACnH,qDAAqD,0DAA0D;IAC/G,oDAAoD,yDAAyD;IAC7G,8DAA8D,mEAAmE;IACjI,+CAA+C,oDAAoD;IACnG,sCAAsC,2CAA2C;IACjF,8CAA8C,mDAAmD;IACjG,kDAAkD,uDAAuD;IACzG,uCAAuC,4CAA4C;IACnF,0CAA0C,+CAA+C;IACzF,gDAAgD,qDAAqD;IACrG,qCAAqC,0CAA0C;IAC/E,4DAA4D,iEAAiE;IAC7H,4CAA4C,iDAAiD;IAE7F,2CAA2C,gDAAgD;IAC3F,8CAA8C,mDAAmD;IAEjG,2CAA2C,gDAAgD;IAC3F,0CAA0C,+CAA+C;IACzF,qCAAqC,0CAA0C;IAC/E,+CAA+C,oDAAoD;IACnG,kDAAkD,uDAAuD;IAEzG,oDAAoD,yDAAyD;IAC7G,qDAAqD,0DAA0D;IAC/G,sDAAsD,2DAA2D;IAEjH,+BAA+B,oCAAoC;IACnE,iDAAiD,sDAAsD;IACvG,qDAAqD,0DAA0D;IAC/G,iCAAiC,sCAAsC;IACvE,2BAA2B,gCAAgC;IAC3D,4BAA4B,iCAAiC;IAC7D,qCAAqC,0CAA0C;IAC/E,wCAAwC,6CAA6C;IACrF,mCAAmC,wCAAwC;IAC3E,oCAAoC,yCAAyC;IAC7E,yBAAyB,8BAA8B;IACvD,iCAAiC,sCAAsC;IACvE,wCAAwC,6CAA6C;IACrF,6BAA6B,kCAAkC;IAE/D,iCAAiC,sCAAsC;IACvE,kCAAkC,uCAAuC;IACzE,4CAA4C,iDAAiD;IAC7F,oCAAoC,yCAAyC;IAC7E,gDAAgD,qDAAqD;IACrG,8CAA8C,mDAAmD;IACjG,iEAAiE,sEAAsE;IACvI,gDAAgD,qDAAqD;IACrG,kDAAkD,uDAAuD;IACzG,iDAAiD,sDAAsD;IACvG,2CAA2C,gDAAgD;IAC3F,sBAAsB,2BAA2B;IACjD,6BAA6B,kCAAkC;IAC/D,4CAA4C,iDAAiD;IAC7F,oBAAoB,yBAAyB;IAC7C,oBAAoB,yBAAyB;IAC7C,gBAAgB,qBAAqB;IACrC,wBAAwB,6BAA6B;IACrD,0BAA0B,+BAA+B;IACzD,sBAAsB,2BAA2B;IACjD,+BAA+B,oCAAoC;CACpE"}

package/dist/types/src/core/grant-authorization.d.ts

@@ -1,6 +1,6 @@
 import type { GenericMessage } from '../types/message-types.js';
-import type { MessageStore } from '../types/message-store.js';
 import type { PermissionGrant } from '../protocols/permission-grant.js';
+import type { ValidationStateReader } from '../types/validation-state-reader.js';
 export declare class GrantAuthorization {
     /**
      * Performs base permissions-grant-based authorization against the given message:
@@ -10,7 +10,7 @@ export declare class GrantAuthorization {
      *
      * NOTE: Does not validate grant `conditions` or `scope` beyond `interface` and `method`
      *
-     * @param messageStore Used to check if the grant has been revoked.
+     * @param validationStateReader Used to check if the grant has been revoked.
      * @throws {DwnError} if validation fails
      */
     static performBaseValidation(input: {
@@ -18,7 +18,7 @@ export declare class GrantAuthorization {
         expectedGrantor: string;
         expectedGrantee: string;
         permissionGrant: PermissionGrant;
-        messageStore: MessageStore;
+        validationStateReader: ValidationStateReader;
     }): Promise<void>;
     /**
      * Verifies the given `expectedGrantor` and `expectedGrantee` values against
@@ -29,7 +29,7 @@ export declare class GrantAuthorization {
     /**
      * Verify that the incoming message is within the allowed time frame of the grant,
      * and the grant has not been revoked.
-     * @param messageStore Used to check if the grant has been revoked.
+     * @param validationStateReader Used to check if the grant has been revoked.
      * @throws {DwnError} if incomingMessage has timestamp for a time in which the grant is not active.
      */
     private static verifyGrantActive;
@@ -37,7 +37,7 @@ export declare class GrantAuthorization {
      * Verify that the `interface` and `method` grant scopes match the incoming message.
      *
      * For the Messages interface, a `Read` scope is treated as a unified scope that also authorizes
-     * `Subscribe` and `Sync` operations.
+     * `Query`, `Subscribe`, and `Sync` operations.
      *
      * @throws {DwnError} if the `interface` and `method` of the incoming message do not match the scope of the permission grant.
      */

package/dist/types/src/core/grant-authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAOxE,qBAAa,kBAAkB;IAE7B;;;;;;;;;;OAUG;WACiB,qBAAqB,CAAC,KAAK,EAAE;QAC/C,eAAe,EAAE,cAAc,CAAC;QAChC,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC1B,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBnB;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,+BAA+B;IAuB9C;;;;;OAKG;mBACkB,iBAAiB;IAwCtC;;;;;;;OAOG;mBACkB,kCAAkC;CAuCxD"}
+{"version":3,"file":"grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAKjF,qBAAa,kBAAkB;IAE7B;;;;;;;;;;OAUG;WACiB,qBAAqB,CAAC,KAAK,EAAE;QAC/C,eAAe,EAAE,cAAc,CAAC;QAChC,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,qBAAqB,EAAE,qBAAqB,CAAC;KAC5C,GAAG,OAAO,CAAC,IAAI,CAAC;IAwBnB;;;;OAIG;IACH,OAAO,CAAC,MAAM,CAAC,+BAA+B;IAuB9C;;;;;OAKG;mBACkB,iBAAiB;IAiCtC;;;;;;;OAOG;mBACkB,kCAAkC;CAuCxD"}

package/dist/types/src/core/message-reply.d.ts

@@ -1,8 +1,9 @@
-import type { MessagesReadReplyEntry } from '../types/messages-types.js';
 import type { PaginationCursor } from '../types/query-types.js';
+import type { ProgressToken } from '../types/subscriptions.js';
 import type { ProtocolsConfigureMessage } from '../types/protocols-types.js';
 import type { RecordsReadReplyEntry } from '../types/records-types.js';
 import type { GenericMessageReply, MessageSubscription, QueryResultEntry } from '../types/message-types.js';
+import type { MessagesQueryReplyEntry, MessagesReadReplyEntry } from '../types/messages-types.js';
 export declare function messageReplyFromError(e: unknown, code: number): GenericMessageReply;
 /**
  * Catch-all message reply type. It is recommended to use GenericMessageReply or a message-specific reply type wherever possible.
@@ -15,15 +16,15 @@ export type UnionMessageReply = GenericMessageReply & {
     entry?: MessagesReadReplyEntry & RecordsReadReplyEntry;
     /**
      * Resulting message entries or events returned from the invocation of the corresponding message.
-     * e.g. the resulting messages from a RecordsQuery, or array of messageCid strings for MessagesSync
+     * e.g. the resulting messages from a RecordsQuery or MessagesQuery.
      * Mutually exclusive with `record`.
      */
-    entries?: QueryResultEntry[] | ProtocolsConfigureMessage[] | string[];
+    entries?: QueryResultEntry[] | ProtocolsConfigureMessage[] | MessagesQueryReplyEntry[] | string[];
     /**
      * A cursor for pagination if applicable (e.g. RecordsQuery).
      * Mutually exclusive with `record`.
      */
-    cursor?: PaginationCursor;
+    cursor?: PaginationCursor | ProgressToken;
     /**
      * A subscription object if a subscription was requested.
      */

package/dist/types/src/core/message-reply.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"message-reply.d.ts","sourceRoot":"","sources":["../../../../src/core/message-reply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AACzE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAC7E,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAE5G,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAKnF;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,GAAG;IACpD;;;OAGG;IACH,KAAK,CAAC,EAAE,sBAAsB,GAAG,qBAAqB,CAAC;IAEvD;;;;OAIG;IACH,OAAO,CAAC,EAAE,gBAAgB,EAAE,GAAG,yBAAyB,EAAE,GAAG,MAAM,EAAE,CAAC;IAEtE;;;OAGG;IACH,MAAM,CAAC,EAAE,gBAAgB,CAAC;IAE1B;;OAEG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC,CAAC"}
+{"version":3,"file":"message-reply.d.ts","sourceRoot":"","sources":["../../../../src/core/message-reply.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAChE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,2BAA2B,CAAC;AAC/D,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAC7E,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AACvE,OAAO,KAAK,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC5G,OAAO,KAAK,EAAE,uBAAuB,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAElG,wBAAgB,qBAAqB,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,mBAAmB,CAKnF;AAED;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,mBAAmB,GAAG;IACpD;;;OAGG;IACH,KAAK,CAAC,EAAE,sBAAsB,GAAG,qBAAqB,CAAC;IAEvD;;;;OAIG;IACH,OAAO,CAAC,EAAE,gBAAgB,EAAE,GAAG,yBAAyB,EAAE,GAAG,uBAAuB,EAAE,GAAG,MAAM,EAAE,CAAC;IAElG;;;OAGG;IACH,MAAM,CAAC,EAAE,gBAAgB,GAAG,aAAa,CAAC;IAE1C;;OAEG;IACH,YAAY,CAAC,EAAE,mBAAmB,CAAC;CACpC,CAAC"}

package/dist/types/src/core/messages-grant-authorization.d.ts

@@ -1,12 +1,12 @@
 import type { GenericMessage } from '../types/message-types.js';
-import type { MessageStore } from '../types/message-store.js';
 import type { PermissionGrant } from '../protocols/permission-grant.js';
-import type { MessagesReadMessage, MessagesSubscribeMessage, MessagesSyncMessage } from '../types/messages-types.js';
+import type { ValidationStateReader } from '../types/validation-state-reader.js';
+import type { MessagesQueryMessage, MessagesReadMessage, MessagesSubscribeMessage } from '../types/messages-types.js';
 export declare class MessagesGrantAuthorization {
-    static fetchPermissionGrants(tenant: string, messageStore: MessageStore, permissionGrantIds: string[]): Promise<PermissionGrant[]>;
+    static fetchPermissionGrants(tenant: string, validationStateReader: ValidationStateReader, permissionGrantIds: string[]): Promise<PermissionGrant[]>;
     /**
      * Authorizes a MessagesReadMessage using the given permission grant.
-     * @param messageStore Used to check if the given grant has been revoked; and to fetch related RecordsWrites if needed.
+     * @param validationStateReader Used to check grant revocation and fetch related RecordsWrites if needed.
      */
     static authorizeMessagesRead(input: {
         messagesReadMessage: MessagesReadMessage;
@@ -14,22 +14,20 @@ export declare class MessagesGrantAuthorization {
         expectedGrantor: string;
         expectedGrantee: string;
         permissionGrants: PermissionGrant[];
-        messageStore: MessageStore;
+        validationStateReader: ValidationStateReader;
     }): Promise<void>;
     /**
-     * Authorizes the scope of a permission grant for MessagesSubscribe or MessagesSync.
-     * @param messageStore Used to check if the grant has been revoked.
+     * Authorizes the scope of a permission grant for MessagesQuery or MessagesSubscribe.
+     * @param validationStateReader Used to check if the grant has been revoked.
      */
-    static authorizeSubscribeOrSync(input: {
-        incomingMessage: MessagesSubscribeMessage | MessagesSyncMessage;
+    static authorizeQueryOrSubscribe(input: {
+        incomingMessage: MessagesQueryMessage | MessagesSubscribeMessage;
         expectedGrantor: string;
         expectedGrantee: string;
         permissionGrants: PermissionGrant[];
-        messageStore: MessageStore;
+        validationStateReader: ValidationStateReader;
     }): Promise<void>;
-    private static authorizeSyncScope;
-    private static authorizeProtocolSyncScope;
-    private static authorizeSubscribeScope;
+    private static authorizeFilterScope;
     private static someScopeMatches;
     private static hasUnscopedGrant;
     /**
@@ -43,7 +41,7 @@ export declare class MessagesGrantAuthorization {
         expectedGrantor: string;
         expectedGrantee: string;
         permissionGrants: PermissionGrant[];
-        messageStore: MessageStore;
+        validationStateReader: ValidationStateReader;
         deliveryTimestamp: string;
     }): Promise<void>;
     /**

package/dist/types/src/core/messages-grant-authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"messages-grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/messages-grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAIxE,OAAO,KAAK,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC;AAWrH,qBAAa,0BAA0B;WAEjB,qBAAqB,CACvC,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,YAAY,EAC1B,kBAAkB,EAAE,MAAM,EAAE,GAC3B,OAAO,CAAC,eAAe,EAAE,CAAC;IAM7B;;;OAGG;WACiB,qBAAqB,CAAC,KAAK,EAAE;QAC/C,mBAAmB,EAAE,mBAAmB,CAAC;QACzC,aAAa,EAAE,cAAc,CAAC;QAC9B,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;QACpC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjB;;;OAGG;WACiB,wBAAwB,CAAC,KAAK,EAAE;QAClD,eAAe,EAAE,wBAAwB,GAAG,mBAAmB,CAAC;QAChE,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;QACpC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjB,OAAO,CAAC,MAAM,CAAC,kBAAkB;IAOjC,OAAO,CAAC,MAAM,CAAC,0BAA0B;IAmBzC,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAyBtC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAI/B,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAI/B;;;;;OAKG;WACiB,0BAA0B,CAAC,KAAK,EAAE;QACpD,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;QACpC,YAAY,EAAE,YAAY,CAAC;QAC3B,iBAAiB,EAAE,MAAM,CAAC;KAC3B,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BjB;;;OAGG;mBACkB,gCAAgC;IAsBrD;;OAEG;mBACkB,iBAAiB;mBA6BjB,+BAA+B;mBAwB/B,iCAAiC;IAoBtD,OAAO,CAAC,MAAM,CAAC,mCAAmC;mBAU7B,yBAAyB;IAY9C,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAMpC,OAAO,CAAC,MAAM,CAAC,cAAc;CAG9B"}
+{"version":3,"file":"messages-grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/messages-grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAEhE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAGxE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAEjF,OAAO,KAAK,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,wBAAwB,EAAE,MAAM,4BAA4B,CAAC;AAStH,qBAAa,0BAA0B;WAEjB,qBAAqB,CACvC,MAAM,EAAE,MAAM,EACd,qBAAqB,EAAE,qBAAqB,EAC5C,kBAAkB,EAAE,MAAM,EAAE,GAC3B,OAAO,CAAC,eAAe,EAAE,CAAC;IAM7B;;;OAGG;WACiB,qBAAqB,CAAC,KAAK,EAAE;QAC/C,mBAAmB,EAAE,mBAAmB,CAAC;QACzC,aAAa,EAAE,cAAc,CAAC;QAC9B,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;QACpC,qBAAqB,EAAE,qBAAqB,CAAC;KAC9C,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjB;;;OAGG;WACiB,yBAAyB,CAAC,KAAK,EAAE;QACnD,eAAe,EAAE,oBAAoB,GAAG,wBAAwB,CAAC;QACjE,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;QACpC,qBAAqB,EAAE,qBAAqB,CAAC;KAC9C,GAAG,OAAO,CAAC,IAAI,CAAC;IAkBjB,OAAO,CAAC,MAAM,CAAC,oBAAoB;IAyBnC,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAI/B,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAI/B;;;;;OAKG;WACiB,0BAA0B,CAAC,KAAK,EAAE;QACpD,wBAAwB,EAAE,wBAAwB,CAAC;QACnD,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,eAAe,EAAE,CAAC;QACpC,qBAAqB,EAAE,qBAAqB,CAAC;QAC7C,iBAAiB,EAAE,MAAM,CAAC;KAC3B,GAAG,OAAO,CAAC,IAAI,CAAC;IA2BjB;;;OAGG;mBACkB,gCAAgC;IAsBrD;;OAEG;mBACkB,iBAAiB;mBA6BjB,+BAA+B;mBAwB/B,iCAAiC;IAoBtD,OAAO,CAAC,MAAM,CAAC,mCAAmC;mBAU7B,yBAAyB;IAY9C,OAAO,CAAC,MAAM,CAAC,qBAAqB;IAMpC,OAAO,CAAC,MAAM,CAAC,cAAc;CAG9B"}

package/dist/types/src/core/protocol-authorization-action.d.ts

@@ -1,20 +1,19 @@
-import type { MessageStore } from '../types/message-store.js';
 import type { RecordsCount } from '../interfaces/records-count.js';
 import type { RecordsDelete } from '../interfaces/records-delete.js';
 import type { RecordsQuery } from '../interfaces/records-query.js';
 import type { RecordsRead } from '../interfaces/records-read.js';
 import type { RecordsSubscribe } from '../interfaces/records-subscribe.js';
 import type { RecordsWriteMessage } from '../types/records-types.js';
+import type { ValidationStateReader } from '../types/validation-state-reader.js';
 import type { ProtocolActionRule, ProtocolDefinition, ProtocolRuleSet } from '../types/protocols-types.js';
 import { RecordsWrite } from '../interfaces/records-write.js';
 import { ProtocolAction } from '../types/protocols-types.js';
-import type { FetchProtocolDefinitionFn } from './protocol-authorization.js';
 /**
  * Check if the incoming message is invoking a role. If so, validate the invoked role.
  * For cross-protocol role invocation, the role record may live in a different protocol
  * (resolved via the composing protocol's `uses` map).
  */
-export declare function verifyInvokedRole(tenant: string, incomingMessage: RecordsCount | RecordsDelete | RecordsQuery | RecordsRead | RecordsSubscribe | RecordsWrite, protocolUri: string, contextId: string | undefined, protocolDefinition: ProtocolDefinition, messageStore: MessageStore, fetchProtocolDefinition: FetchProtocolDefinitionFn, governingTimestamp?: string): Promise<void>;
+export declare function verifyInvokedRole(tenant: string, incomingMessage: RecordsCount | RecordsDelete | RecordsQuery | RecordsRead | RecordsSubscribe | RecordsWrite, protocolUri: string, contextId: string | undefined, protocolDefinition: ProtocolDefinition, validationStateReader: ValidationStateReader, protocolDefinitionTimestamp?: string): Promise<void>;
 /**
  * Returns all the ProtocolActions that would authorized the incoming message
  * (but we still need to later verify if there is a rule defined that matches one of the actions).
@@ -25,13 +24,13 @@ export declare function verifyInvokedRole(tenant: string, incomingMessage: Recor
  * It is important to recognize that the `write` access that allowed the original record author to create the record maybe revoked
  * (e.g. by role revocation) by the time a "non-initial" write by the same author is attempted.
  */
-export declare function getActionsSeekingARuleMatch(tenant: string, incomingMessage: RecordsCount | RecordsDelete | RecordsQuery | RecordsRead | RecordsSubscribe | RecordsWrite, messageStore: MessageStore): Promise<ProtocolAction[]>;
+export declare function getActionsSeekingARuleMatch(tenant: string, incomingMessage: RecordsCount | RecordsDelete | RecordsQuery | RecordsRead | RecordsSubscribe | RecordsWrite, validationStateReader: ValidationStateReader): Promise<ProtocolAction[]>;
 /**
  * Verifies the given message is authorized by one of the action rules in the given protocol rule set.
  * @param protocolDefinition Optional protocol definition for resolving cross-protocol `of` and `role` references.
  * @throws {Error} if action not allowed.
  */
-export declare function authorizeAgainstAllowedActions(tenant: string, incomingMessage: RecordsCount | RecordsDelete | RecordsQuery | RecordsRead | RecordsSubscribe | RecordsWrite, ruleSet: ProtocolRuleSet, recordChain: RecordsWriteMessage[], messageStore: MessageStore, protocolDefinition?: ProtocolDefinition): Promise<void>;
+export declare function authorizeAgainstAllowedActions(tenant: string, incomingMessage: RecordsCount | RecordsDelete | RecordsQuery | RecordsRead | RecordsSubscribe | RecordsWrite, ruleSet: ProtocolRuleSet, recordChain: RecordsWriteMessage[], validationStateReader: ValidationStateReader, protocolDefinition?: ProtocolDefinition): Promise<void>;
 /**
  * Checks if the `who: 'author' | 'recipient'` action rule has a matching record in the record chain.
  * For cross-protocol `of` references (e.g., `"threads:thread"`), matches against both the protocol URI

package/dist/types/src/core/protocol-authorization-action.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"protocol-authorization-action.d.ts","sourceRoot":"","sources":["../../../../src/core/protocol-authorization-action.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAG3G,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAI9D,OAAO,EAAE,cAAc,EAAiB,MAAM,6BAA6B,CAAC;AAE5E,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAE7E;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,YAAY,EAC5G,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,kBAAkB,EAAE,kBAAkB,EACtC,YAAY,EAAE,YAAY,EAC1B,uBAAuB,EAAE,yBAAyB,EAClD,kBAAkB,CAAC,EAAE,MAAM,GAC1B,OAAO,CAAC,IAAI,CAAC,CA6Ff;AAED;;;;;;;;;GASG;AACH,wBAAsB,2BAA2B,CAC/C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,YAAY,EAC5G,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,cAAc,EAAE,CAAC,CAiF3B;AAED;;;;GAIG;AACH,wBAAsB,8BAA8B,CAClD,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,YAAY,EAC5G,OAAO,EAAE,eAAe,EACxB,WAAW,EAAE,mBAAmB,EAAE,EAClC,YAAY,EAAE,YAAY,EAC1B,kBAAkB,CAAC,EAAE,kBAAkB,GACtC,OAAO,CAAC,IAAI,CAAC,CAyFf;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,kBAAkB,EAC9B,WAAW,EAAE,mBAAmB,EAAE,EAClC,mBAAmB,CAAC,EAAE,kBAAkB,GACvC,OAAO,CAAC,OAAO,CAAC,CA0ClB"}
+{"version":3,"file":"protocol-authorization-action.d.ts","sourceRoot":"","sources":["../../../../src/core/protocol-authorization-action.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,KAAK,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAG3G,OAAO,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAG9D,OAAO,EAAE,cAAc,EAAiB,MAAM,6BAA6B,CAAC;AAE5E;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,YAAY,EAC5G,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,kBAAkB,EAAE,kBAAkB,EACtC,qBAAqB,EAAE,qBAAqB,EAC5C,2BAA2B,CAAC,EAAE,MAAM,GACnC,OAAO,CAAC,IAAI,CAAC,CAuFf;AAED;;;;;;;;;GASG;AACH,wBAAsB,2BAA2B,CAC/C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,YAAY,EAC5G,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,cAAc,EAAE,CAAC,CAmF3B;AAED;;;;GAIG;AACH,wBAAsB,8BAA8B,CAClD,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,aAAa,GAAG,YAAY,GAAG,WAAW,GAAG,gBAAgB,GAAG,YAAY,EAC5G,OAAO,EAAE,eAAe,EACxB,WAAW,EAAE,mBAAmB,EAAE,EAClC,qBAAqB,EAAE,qBAAqB,EAC5C,kBAAkB,CAAC,EAAE,kBAAkB,GACtC,OAAO,CAAC,IAAI,CAAC,CAyFf;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAC9B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,kBAAkB,EAC9B,WAAW,EAAE,mBAAmB,EAAE,EAClC,mBAAmB,CAAC,EAAE,kBAAkB,GACvC,OAAO,CAAC,OAAO,CAAC,CA0ClB"}

package/dist/types/src/core/protocol-authorization-validation.d.ts

@@ -1,14 +1,13 @@
-import type { MessageStore } from '../types/message-store.js';
+import type { RecordsWrite } from '../interfaces/records-write.js';
 import type { RecordsWriteMessage } from '../types/records-types.js';
+import type { ValidationStateReader } from '../types/validation-state-reader.js';
 import type { ProtocolDefinition, ProtocolRuleSet, ProtocolTypes } from '../types/protocols-types.js';
-import type { RecordsWrite } from '../interfaces/records-write.js';
-import type { FetchProtocolDefinitionFn } from './protocol-authorization.js';
 /**
  * Verifies the `protocolPath` declared in the given message matches the path of actual record chain.
  * For cross-protocol composition, the parent record may belong to a different protocol (resolved via `$ref` in the composing protocol).
  * @throws {DwnError} if fails verification.
  */
-export declare function verifyProtocolPathAndContextId(tenant: string, inboundMessage: RecordsWrite, messageStore: MessageStore, fetchProtocolDefinition: FetchProtocolDefinitionFn, governingTimestamp?: string): Promise<void>;
+export declare function verifyProtocolPathAndContextId(tenant: string, inboundMessage: RecordsWrite, validationStateReader: ValidationStateReader, protocolDefinitionTimestamp?: string): Promise<void>;
 /**
  * Resolves the protocol URI that should be used when querying for the parent record.
  * For standard (non-composed) records, this is the same as the child's protocol.
@@ -21,19 +20,19 @@ export declare function verifyProtocolPathAndContextId(tenant: string, inboundMe
  * live in the referenced protocol. Specifically, the `$ref` at the topmost ancestor tells us
  * the parent's protocol URI.
  */
-export declare function resolveParentProtocolUri(tenant: string, childProtocolUri: string, childProtocolPath: string, messageStore: MessageStore, fetchProtocolDefinition: FetchProtocolDefinitionFn, governingTimestamp?: string): Promise<string>;
+export declare function resolveParentProtocolUri(tenant: string, childProtocolUri: string, childProtocolPath: string, validationStateReader: ValidationStateReader, protocolDefinitionTimestamp?: string): Promise<string>;
 /**
  * Verifies the `dataFormat` and `schema` declared in the given message matches the type in the protocol.
  * For cross-protocol composition, if the type is at a `$ref` position in the structure,
  * the type definition is looked up in the referenced protocol's `types` map instead.
  */
-export declare function verifyTypeWithComposition(tenant: string, inboundMessage: RecordsWriteMessage, protocolDefinition: ProtocolDefinition, messageStore: MessageStore, fetchProtocolDefinition: FetchProtocolDefinitionFn, governingTimestamp?: string): Promise<void>;
+export declare function verifyTypeWithComposition(tenant: string, inboundMessage: RecordsWriteMessage, protocolDefinition: ProtocolDefinition, validationStateReader: ValidationStateReader, protocolDefinitionTimestamp?: string): Promise<void>;
 /**
  * Resolves the `ProtocolTypes` map that contains the type definition for the given protocol path.
  * For non-composed records, this is the protocol definition's own `types` map.
  * For records at a `$ref` position, this is the referenced protocol's `types` map.
  */
-export declare function resolveProtocolTypesForPath(tenant: string, protocolPath: string, protocolDefinition: ProtocolDefinition, messageStore: MessageStore, fetchProtocolDefinition: FetchProtocolDefinitionFn, governingTimestamp?: string): Promise<ProtocolTypes>;
+export declare function resolveProtocolTypesForPath(tenant: string, protocolPath: string, protocolDefinition: ProtocolDefinition, validationStateReader: ValidationStateReader, protocolDefinitionTimestamp?: string): Promise<ProtocolTypes>;
 /**
  * Verifies the `dataFormat` and `schema` declared in the given message (if it is a RecordsWrite) matches dataFormat
  * and schema of the type in the given protocol.
@@ -56,19 +55,17 @@ export declare function verifyTagsIfNeeded(incomingMessage: RecordsWrite, ruleSe
  * Else it verifies the validity of the given `RecordsWrite` as a role record, including:
  * 1. The same role has not been assigned to the same entity/recipient.
  */
-export declare function verifyAsRoleRecordIfNeeded(tenant: string, incomingMessage: RecordsWrite, ruleSet: ProtocolRuleSet, messageStore: MessageStore): Promise<void>;
+export declare function verifyAsRoleRecordIfNeeded(tenant: string, incomingMessage: RecordsWrite, ruleSet: ProtocolRuleSet, validationStateReader: ValidationStateReader): Promise<void>;
 /**
- * Verifies that a new record creation does not exceed the `$recordLimit` defined in the rule set.
+ * Verifies that the `$recordLimit` strategy is supported for a new record creation.
  *
- * This check only applies to initial writes (new records). Updates to existing records are not counted.
- * The count is scoped to the same `protocol + protocolPath` within the parent context:
- * - For root-level records: counted across the entire protocol for the tenant.
- * - For nested records: counted within the parent record's context.
+ * This check only applies to initial writes (new records). Updates to existing records do not
+ * affect record-limit occupancy. The supported `reject` strategy admits every candidate and
+ * projects the visible occupant set at read time, so validation stays independent of arrival order.
  *
- * @throws {DwnError} with `ProtocolAuthorizationRecordLimitExceeded` if the limit is reached and strategy is `reject`.
- * @throws {DwnError} with `ProtocolAuthorizationRecordLimitStrategyNotImplemented` if strategy is not yet implemented.
+ * @throws {DwnError} with `ProtocolAuthorizationRecordLimitStrategyNotImplemented` if strategy is not implemented.
  */
-export declare function verifyRecordLimit(tenant: string, incomingMessage: RecordsWrite, ruleSet: ProtocolRuleSet, messageStore: MessageStore): Promise<void>;
+export declare function verifyRecordLimit(incomingMessage: RecordsWrite, ruleSet: ProtocolRuleSet): Promise<void>;
 /**
  * Verifies that a `RecordsWrite` with `squash: true` is eligible:
  * 1. The protocol rule set at the record's `protocolPath` must have `$squash: true`.

package/dist/types/src/core/protocol-authorization-validation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"protocol-authorization-validation.d.ts","sourceRoot":"","sources":["../../../../src/core/protocol-authorization-validation.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,kBAAkB,EAAE,eAAe,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAIpH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AASnE,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAE7E;;;;GAIG;AACH,wBAAsB,8BAA8B,CAClD,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,YAAY,EAC5B,YAAY,EAAE,YAAY,EAC1B,uBAAuB,EAAE,yBAAyB,EAClD,kBAAkB,CAAC,EAAE,MAAM,GAC1B,OAAO,CAAC,IAAI,CAAC,CAwEf;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,MAAM,EACd,gBAAgB,EAAE,MAAM,EACxB,iBAAiB,EAAE,MAAM,EACzB,YAAY,EAAE,YAAY,EAC1B,uBAAuB,EAAE,yBAAyB,EAClD,kBAAkB,CAAC,EAAE,MAAM,GAC1B,OAAO,CAAC,MAAM,CAAC,CAuCjB;AAED;;;;GAIG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,mBAAmB,EACnC,kBAAkB,EAAE,kBAAkB,EACtC,YAAY,EAAE,YAAY,EAC1B,uBAAuB,EAAE,yBAAyB,EAClD,kBAAkB,CAAC,EAAE,MAAM,GAC1B,OAAO,CAAC,IAAI,CAAC,CAWf;AAED;;;;GAIG;AACH,wBAAsB,2BAA2B,CAC/C,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,EACpB,kBAAkB,EAAE,kBAAkB,EACtC,YAAY,EAAE,YAAY,EAC1B,uBAAuB,EAAE,yBAAyB,EAClD,kBAAkB,CAAC,EAAE,MAAM,GAC1B,OAAO,CAAC,aAAa,CAAC,CAqBxB;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CACxB,cAAc,EAAE,mBAAmB,EACnC,aAAa,EAAE,aAAa,EAC5B,QAAQ,CAAC,EAAE,MAAM,GAChB,IAAI,CAsCN;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,IAAI,CAgBN;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,IAAI,CA8BN;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,EACxB,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC,CA6Cf;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,EACxB,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,IAAI,CAAC,CAiDf;AAED;;;;;;;GAOG;AACH,wBAAsB,uBAAuB,CAC3C,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CAwBf;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CAcf"}
+{"version":3,"file":"protocol-authorization-validation.d.ts","sourceRoot":"","sources":["../../../../src/core/protocol-authorization-validation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,KAAK,EAAE,kBAAkB,EAAE,eAAe,EAAgB,aAAa,EAAE,MAAM,6BAA6B,CAAC;AASpH;;;;GAIG;AACH,wBAAsB,8BAA8B,CAClD,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,YAAY,EAC5B,qBAAqB,EAAE,qBAAqB,EAC5C,2BAA2B,CAAC,EAAE,MAAM,GACnC,OAAO,CAAC,IAAI,CAAC,CAoEf;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,wBAAwB,CAC5C,MAAM,EAAE,MAAM,EACd,gBAAgB,EAAE,MAAM,EACxB,iBAAiB,EAAE,MAAM,EACzB,qBAAqB,EAAE,qBAAqB,EAC5C,2BAA2B,CAAC,EAAE,MAAM,GACnC,OAAO,CAAC,MAAM,CAAC,CAuCjB;AAED;;;;GAIG;AACH,wBAAsB,yBAAyB,CAC7C,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,mBAAmB,EACnC,kBAAkB,EAAE,kBAAkB,EACtC,qBAAqB,EAAE,qBAAqB,EAC5C,2BAA2B,CAAC,EAAE,MAAM,GACnC,OAAO,CAAC,IAAI,CAAC,CAWf;AAED;;;;GAIG;AACH,wBAAsB,2BAA2B,CAC/C,MAAM,EAAE,MAAM,EACd,YAAY,EAAE,MAAM,EACpB,kBAAkB,EAAE,kBAAkB,EACtC,qBAAqB,EAAE,qBAAqB,EAC5C,2BAA2B,CAAC,EAAE,MAAM,GACnC,OAAO,CAAC,aAAa,CAAC,CAqBxB;AAED;;;;GAIG;AACH,wBAAgB,UAAU,CACxB,cAAc,EAAE,mBAAmB,EACnC,aAAa,EAAE,aAAa,EAC5B,QAAQ,CAAC,EAAE,MAAM,GAChB,IAAI,CAsCN;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAC7B,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,IAAI,CAgBN;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,IAAI,CA8BN;AAED;;;;;GAKG;AACH,wBAAsB,0BAA0B,CAC9C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,EACxB,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,IAAI,CAAC,CAqCf;AAED;;;;;;;;GAQG;AACH,wBAAsB,iBAAiB,CACrC,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CAkBf;AAED;;;;;;;GAOG;AACH,wBAAsB,uBAAuB,CAC3C,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CAwBf;AAED;;;;;;;GAOG;AACH,wBAAsB,kBAAkB,CACtC,eAAe,EAAE,YAAY,EAC7B,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,IAAI,CAAC,CAcf"}

package/dist/types/src/core/protocol-authorization.d.ts

@@ -1,23 +1,17 @@
-import type { CoreProtocolRegistry } from './core-protocol.js';
-import type { MessageStore } from '../types/message-store.js';
 import type { RecordsCount } from '../interfaces/records-count.js';
 import type { RecordsDelete } from '../interfaces/records-delete.js';
 import type { RecordsQuery } from '../interfaces/records-query.js';
 import type { RecordsRead } from '../interfaces/records-read.js';
 import type { RecordsSubscribe } from '../interfaces/records-subscribe.js';
 import type { RecordsWrite } from '../interfaces/records-write.js';
-import type { ProtocolDefinition } from '../types/protocols-types.js';
-/**
- * Function signature for fetching a protocol definition.
- * Used by extracted modules to break the circular dependency on `ProtocolAuthorization`.
- */
-export type FetchProtocolDefinitionFn = (tenant: string, protocolUri: string, messageStore: MessageStore, messageTimestamp?: string) => Promise<ProtocolDefinition>;
+import type { ValidationStateReader } from '../types/validation-state-reader.js';
+import type { ProtocolRuleSet } from '../types/protocols-types.js';
 export declare class ProtocolAuthorization {
     /**
      * Performs validation on the structure of RecordsWrite messages that use a protocol.
      * @throws {Error} if validation fails.
      */
-    static validateReferentialIntegrity(tenant: string, incomingMessage: RecordsWrite, messageStore: MessageStore, coreProtocols?: CoreProtocolRegistry): Promise<void>;
+    static validateReferentialIntegrity(tenant: string, incomingMessage: RecordsWrite, validationStateReader: ValidationStateReader): Promise<ProtocolRuleSet>;
     /**
      * Revalidates a stored initial write against the protocol definition that governed its creation timestamp.
      *
@@ -25,43 +19,24 @@ export declare class ProtocolAuthorization {
      * structure and avoids live dependency checks. Missing grant, role, or parent records must not cause
      * an already-admitted record to be hard-purged.
      */
-    static validateStoredInitialWrite(tenant: string, incomingMessage: RecordsWrite, messageStore: MessageStore, coreProtocols?: CoreProtocolRegistry): Promise<void>;
+    static validateStoredInitialWrite(tenant: string, incomingMessage: RecordsWrite, validationStateReader: ValidationStateReader): Promise<void>;
     /**
      * Performs protocol-based authorization against the incoming RecordsWrite message.
      * @throws {Error} if authorization fails.
      */
-    static authorizeWrite(tenant: string, incomingMessage: RecordsWrite, messageStore: MessageStore, coreProtocols?: CoreProtocolRegistry): Promise<void>;
+    static authorizeWrite(tenant: string, incomingMessage: RecordsWrite, validationStateReader: ValidationStateReader): Promise<void>;
     /**
      * Performs protocol-based authorization against the incoming `RecordsRead` message.
      * @param newestRecordsWrite The latest RecordsWrite associated with the recordId being read.
      * @throws {Error} if authorization fails.
      */
-    static authorizeRead(tenant: string, incomingMessage: RecordsRead, newestRecordsWrite: RecordsWrite, messageStore: MessageStore, coreProtocols?: CoreProtocolRegistry): Promise<void>;
-    static authorizeQueryOrSubscribe(tenant: string, incomingMessage: RecordsCount | RecordsQuery | RecordsSubscribe, messageStore: MessageStore, coreProtocols?: CoreProtocolRegistry): Promise<void>;
+    static authorizeRead(tenant: string, incomingMessage: RecordsRead, newestRecordsWrite: RecordsWrite, validationStateReader: ValidationStateReader): Promise<void>;
+    static authorizeQueryOrSubscribe(tenant: string, incomingMessage: RecordsCount | RecordsQuery | RecordsSubscribe, validationStateReader: ValidationStateReader): Promise<void>;
     /**
      * Performs protocol-based authorization against the incoming `RecordsDelete` message.
      * @param recordsWrite A `RecordsWrite` of the record being deleted.
      */
-    static authorizeDelete(tenant: string, incomingMessage: RecordsDelete, recordsWrite: RecordsWrite, messageStore: MessageStore, coreProtocols?: CoreProtocolRegistry): Promise<void>;
-    /**
-     * Fetches the protocol definition based on the protocol specified in the given message.
-     * When `messageTimestamp` is provided, returns the protocol definition that was active at that
-     * point in time — i.e. the ProtocolsConfigure with the greatest `messageTimestamp` that is <= the
-     * given timestamp. When not provided, returns the latest (current) protocol definition.
-     *
-     * When `coreProtocols` is provided, core protocol definitions are returned directly from the
-     * registry without a message store query. The extra parameter does not affect the
-     * `FetchProtocolDefinitionFn` callback type — callers that pass this function as a callback
-     * should bind the registry via a closure (see `createBoundFetchDefinition`).
-     */
-    static fetchProtocolDefinition(tenant: string, protocolUri: string, messageStore: MessageStore, messageTimestamp?: string, coreProtocols?: CoreProtocolRegistry): Promise<ProtocolDefinition>;
-    /**
-     * Creates a `FetchProtocolDefinitionFn` closure that binds the given `CoreProtocolRegistry`.
-     * This allows core protocol definitions to be resolved from the registry without changing
-     * the `FetchProtocolDefinitionFn` type signature — zero ripple to downstream consumers
-     * like `protocol-authorization-action.ts` and `protocol-authorization-validation.ts`.
-     */
-    private static createBoundFetchDefinition;
+    static authorizeDelete(tenant: string, incomingMessage: RecordsDelete, recordsWrite: RecordsWrite, validationStateReader: ValidationStateReader): Promise<void>;
     /**
      * Gets the rule set corresponding to the given protocolPath.
      */

package/dist/types/src/core/protocol-authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"protocol-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/protocol-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE/D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAEnE,OAAO,KAAK,EAAE,kBAAkB,EAA8C,MAAM,6BAA6B,CAAC;AAqBlH;;;GAGG;AACH,MAAM,MAAM,yBAAyB,GAAG,CACtC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,YAAY,EAC1B,gBAAgB,CAAC,EAAE,MAAM,KACtB,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAEjC,qBAAa,qBAAqB;IAEhC;;;OAGG;WACiB,4BAA4B,CAC9C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,YAAY,EAAE,YAAY,EAC1B,aAAa,CAAC,EAAE,oBAAoB,GACnC,OAAO,CAAC,IAAI,CAAC;IA+DhB;;;;;;OAMG;WACiB,0BAA0B,CAC5C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,YAAY,EAAE,YAAY,EAC1B,aAAa,CAAC,EAAE,oBAAoB,GACnC,OAAO,CAAC,IAAI,CAAC;IAkChB;;;OAGG;WACiB,cAAc,CAChC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,YAAY,EAAE,YAAY,EAC1B,aAAa,CAAC,EAAE,oBAAoB,GACnC,OAAO,CAAC,IAAI,CAAC;IA0DhB;;;;OAIG;WACiB,aAAa,CAC/B,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,WAAW,EAC5B,kBAAkB,EAAE,YAAY,EAChC,YAAY,EAAE,YAAY,EAC1B,aAAa,CAAC,EAAE,oBAAoB,GACnC,OAAO,CAAC,IAAI,CAAC;WAsDI,yBAAyB,CAC3C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,YAAY,GAAG,gBAAgB,EAC/D,YAAY,EAAE,YAAY,EAC1B,aAAa,CAAC,EAAE,oBAAoB,GACnC,OAAO,CAAC,IAAI,CAAC;IA0ChB;;;OAGG;WACiB,eAAe,CACjC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,aAAa,EAC9B,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,aAAa,CAAC,EAAE,oBAAoB,GACnC,OAAO,CAAC,IAAI,CAAC;IAsDhB;;;;;;;;;;OAUG;WACiB,uBAAuB,CACzC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,YAAY,EAC1B,gBAAgB,CAAC,EAAE,MAAM,EACzB,aAAa,CAAC,EAAE,oBAAoB,GACnC,OAAO,CAAC,kBAAkB,CAAC;IAuC9B;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,0BAA0B;IAWzC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;mBAYJ,wBAAwB;IAW7C,OAAO,CAAC,MAAM,CAAC,6CAA6C;IAc5D,OAAO,CAAC,MAAM,CAAC,oCAAoC;IAkDnD,OAAO,CAAC,MAAM,CAAC,sCAAsC;CAQtD"}
+{"version":3,"file":"protocol-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/protocol-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oCAAoC,CAAC;AAC3E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AAEnE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,KAAK,EAAsB,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAkBvF,qBAAa,qBAAqB;IAEhC;;;OAGG;WACiB,4BAA4B,CAC9C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,eAAe,CAAC;IAqD3B;;;;;;OAMG;WACiB,0BAA0B,CAC5C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,IAAI,CAAC;IA6BhB;;;OAGG;WACiB,cAAc,CAChC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,EAC7B,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,IAAI,CAAC;IAkDhB;;;;OAIG;WACiB,aAAa,CAC/B,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,WAAW,EAC5B,kBAAkB,EAAE,YAAY,EAChC,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,IAAI,CAAC;WA0CI,yBAAyB,CAC3C,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,YAAY,GAAG,YAAY,GAAG,gBAAgB,EAC/D,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,IAAI,CAAC;IAqChB;;;OAGG;WACiB,eAAe,CACjC,MAAM,EAAE,MAAM,EACd,eAAe,EAAE,aAAa,EAC9B,YAAY,EAAE,YAAY,EAC1B,qBAAqB,EAAE,qBAAqB,GAC3C,OAAO,CAAC,IAAI,CAAC;IA2ChB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,UAAU;mBAYJ,wBAAwB;IAW7C,OAAO,CAAC,MAAM,CAAC,6CAA6C;IAc5D,OAAO,CAAC,MAAM,CAAC,oCAAoC;IAkDnD,OAAO,CAAC,MAAM,CAAC,sCAAsC;CAQtD"}

package/dist/types/src/core/protocols-grant-authorization.d.ts

@@ -1,5 +1,5 @@
-import type { MessageStore } from '../types/message-store.js';
 import type { PermissionGrant } from '../protocols/permission-grant.js';
+import type { ValidationStateReader } from '../types/validation-state-reader.js';
 import type { ProtocolsConfigureMessage, ProtocolsQueryMessage } from '../types/protocols-types.js';
 export declare class ProtocolsGrantAuthorization {
     /**
@@ -10,18 +10,18 @@ export declare class ProtocolsGrantAuthorization {
         expectedGrantor: string;
         expectedGrantee: string;
         permissionGrant: PermissionGrant;
-        messageStore: MessageStore;
+        validationStateReader: ValidationStateReader;
     }): Promise<void>;
     /**
      * Authorizes the scope of a permission grant for a ProtocolsQuery message.
-     * @param messageStore Used to check if the grant has been revoked.
+     * @param validationStateReader Used to check if the grant has been revoked.
      */
     static authorizeQuery(input: {
         expectedGrantor: string;
         expectedGrantee: string;
         incomingMessage: ProtocolsQueryMessage;
         permissionGrant: PermissionGrant;
-        messageStore: MessageStore;
+        validationStateReader: ValidationStateReader;
     }): Promise<void>;
     /**
      * Verifies a ProtocolsConfigure against the scope of the given grant.

package/dist/types/src/core/protocols-grant-authorization.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"protocols-grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/protocols-grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAExE,OAAO,KAAK,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAKpG,qBAAa,2BAA2B;IACtC;;OAEG;WACiB,kBAAkB,CAAC,KAAK,EAAE;QAC5C,yBAAyB,EAAE,yBAAyB,CAAC;QACrD,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjB;;;OAGG;WACiB,cAAc,CAAC,KAAK,EAAE;QACxC,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,qBAAqB,CAAC;QACvC,eAAe,EAAE,eAAe,CAAC;QACjC,YAAY,EAAE,YAAY,CAAC;KAC5B,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;CAiB3B"}
+{"version":3,"file":"protocols-grant-authorization.d.ts","sourceRoot":"","sources":["../../../../src/core/protocols-grant-authorization.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAExE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AACjF,OAAO,KAAK,EAAE,yBAAyB,EAAE,qBAAqB,EAAE,MAAM,6BAA6B,CAAC;AAKpG,qBAAa,2BAA2B;IACtC;;OAEG;WACiB,kBAAkB,CAAC,KAAK,EAAE;QAC5C,yBAAyB,EAAE,yBAAyB,CAAC;QACrD,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,eAAe,CAAC;QACjC,qBAAqB,EAAE,qBAAqB,CAAC;KAC9C,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjB;;;OAGG;WACiB,cAAc,CAAC,KAAK,EAAE;QACxC,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,MAAM,CAAC;QACxB,eAAe,EAAE,qBAAqB,CAAC;QACvC,eAAe,EAAE,eAAe,CAAC;QACjC,qBAAqB,EAAE,qBAAqB,CAAC;KAC9C,GAAG,OAAO,CAAC,IAAI,CAAC;IAuBjB;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;CAiB3B"}

package/dist/types/src/core/recording-validation-state-reader.d.ts

@@ -0,0 +1,75 @@
+import type { GenericMessage } from '../types/message-types.js';
+import type { PermissionGrant } from '../protocols/permission-grant.js';
+import type { ProtocolDefinition } from '../types/protocols-types.js';
+import type { RecordsWrite } from '../interfaces/records-write.js';
+import type { RecordsWriteMessage } from '../types/records-types.js';
+import type { ValidationStateReader } from '../types/validation-state-reader.js';
+/**
+ * One recorded validation-time state read: the reader method invoked.
+ */
+export type RecordedValidationRead = {
+    method: keyof ValidationStateReader;
+};
+/**
+ * A `ValidationStateReader` decorator that records every read before delegating to the wrapped
+ * reader. Used by the replay-basis closure tests (and harnesses) to assert that admission
+ * performs no validation read outside the reader surface, and to keep recorded read-traces as a
+ * regression artifact when validation reads change.
+ *
+ * Inject via `DwnConfig.instrumentValidationStateReader`.
+ */
+export declare class RecordingValidationStateReader implements ValidationStateReader {
+    private readonly inner;
+    private readonly recordedReads;
+    constructor(inner: ValidationStateReader);
+    /** All reads recorded since construction or the last `clearRecordedReads()`. */
+    get reads(): RecordedValidationRead[];
+    /** Clears the recorded reads, e.g. between closure-test scenarios. */
+    clearRecordedReads(): void;
+    /** @inheritdoc */
+    fetchInitialRecordsWrite(tenant: string, recordId: string): Promise<RecordsWrite | undefined>;
+    /** @inheritdoc */
+    fetchInitialWrite(tenant: string, recordId: string): Promise<RecordsWriteMessage | undefined>;
+    /** @inheritdoc */
+    constructRecordChain(tenant: string, descendantRecordId: string | undefined): Promise<RecordsWriteMessage[]>;
+    /** @inheritdoc */
+    fetchParentRecord(input: {
+        tenant: string;
+        parentProtocolUri: string;
+        parentId: string;
+    }): Promise<RecordsWriteMessage | undefined>;
+    /** @inheritdoc */
+    hasMatchingRoleRecord(input: {
+        tenant: string;
+        protocol: string;
+        protocolPath: string;
+        recipient: string;
+        contextIdPrefix?: string;
+    }): Promise<boolean>;
+    /** @inheritdoc */
+    queryLatestRoleRecords(input: {
+        tenant: string;
+        protocol: string;
+        protocolPath: string;
+        recipient: string;
+        contextIdPrefix?: string;
+    }): Promise<RecordsWriteMessage[]>;
+    /** @inheritdoc */
+    fetchGrant(tenant: string, permissionGrantId: string): Promise<PermissionGrant>;
+    /** @inheritdoc */
+    fetchOldestGrantRevocation(tenant: string, permissionGrantId: string): Promise<GenericMessage | undefined>;
+    /** @inheritdoc */
+    fetchNewestRecordsWrite(tenant: string, recordId: string): Promise<RecordsWriteMessage>;
+    /** @inheritdoc */
+    fetchProtocolDefinition(tenant: string, protocolUri: string, messageTimestamp?: string): Promise<ProtocolDefinition>;
+    /** @inheritdoc */
+    fetchLatestSquashRecordAtScope(input: {
+        tenant: string;
+        protocol: string;
+        protocolPath: string;
+        contextIdPrefix?: string;
+    }): Promise<RecordsWriteMessage | undefined>;
+    /** @inheritdoc */
+    hasStoredData(tenant: string, recordId: string, dataCid: string): Promise<boolean>;
+}
+//# sourceMappingURL=recording-validation-state-reader.d.ts.map

package/dist/types/src/core/recording-validation-state-reader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"recording-validation-state-reader.d.ts","sourceRoot":"","sources":["../../../../src/core/recording-validation-state-reader.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AACxE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACtE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gCAAgC,CAAC;AACnE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAEjF;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,MAAM,EAAE,MAAM,qBAAqB,CAAC;CACrC,CAAC;AAEF;;;;;;;GAOG;AACH,qBAAa,8BAA+B,YAAW,qBAAqB;IAGvD,OAAO,CAAC,QAAQ,CAAC,KAAK;IAFzC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAgC;gBAE1B,KAAK,EAAE,qBAAqB;IAEhE,gFAAgF;IAChF,IAAW,KAAK,IAAI,sBAAsB,EAAE,CAE3C;IAED,sEAAsE;IAC/D,kBAAkB,IAAI,IAAI;IAIjC,kBAAkB;IACL,wBAAwB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,SAAS,CAAC;IAK1G,kBAAkB;IACL,iBAAiB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;IAK1G,kBAAkB;IACL,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAKzH,kBAAkB;IACL,iBAAiB,CAAC,KAAK,EAAE;QACpC,MAAM,EAAE,MAAM,CAAC;QACf,iBAAiB,EAAE,MAAM,CAAC;QAC1B,QAAQ,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;IAK5C,kBAAkB;IACL,qBAAqB,CAAC,KAAK,EAAE;QACxC,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,OAAO,CAAC;IAKpB,kBAAkB;IACL,sBAAsB,CAAC,KAAK,EAAE;QACzC,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,mBAAmB,EAAE,CAAC;IAKlC,kBAAkB;IACL,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAK5F,kBAAkB;IACL,0BAA0B,CAAC,MAAM,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,SAAS,CAAC;IAKvH,kBAAkB;IACL,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAKpG,kBAAkB;IACL,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAKjI,kBAAkB;IACL,8BAA8B,CAAC,KAAK,EAAE;QACjD,MAAM,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,MAAM,CAAC;QACjB,YAAY,EAAE,MAAM,CAAC;QACrB,eAAe,CAAC,EAAE,MAAM,CAAC;KAC1B,GAAG,OAAO,CAAC,mBAAmB,GAAG,SAAS,CAAC;IAK5C,kBAAkB;IACL,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAIhG"}