@eudiplo/sdk-core 4.3.0 → 4.5.0

package/dist/index.js

@@ -27,10 +27,7 @@ var formDataBodySerializer = {
   }
 };
 var jsonBodySerializer = {
-  bodySerializer: (body) => JSON.stringify(
-    body,
-    (_key, value) => typeof value === "bigint" ? value.toString() : value
-  )
+  bodySerializer: (body) => JSON.stringify(body, (_key, value) => typeof value === "bigint" ? value.toString() : value)
 };
 
 // src/api/core/serverSentEvents.gen.ts
@@ -74,10 +71,7 @@ function createSseClient({
         }
         const _fetch = options.fetch ?? globalThis.fetch;
         const response = await _fetch(request);
-        if (!response.ok)
-          throw new Error(
-            `SSE failed: ${response.status} ${response.statusText}`
-          );
+        if (!response.ok) throw new Error(`SSE failed: ${response.status} ${response.statusText}`);
         if (!response.body) throw new Error("No body in SSE response");
         const reader = response.body.pipeThrough(new TextDecoderStream()).getReader();
         let buffer = "";
@@ -108,10 +102,7 @@ function createSseClient({
                 } else if (line.startsWith("id:")) {
                   lastEventId = line.replace(/^id:\s*/, "");
                 } else if (line.startsWith("retry:")) {
-                  const parsed = Number.parseInt(
-                    line.replace(/^retry:\s*/, ""),
-                    10
-                  );
+                  const parsed = Number.parseInt(line.replace(/^retry:\s*/, ""), 10);
                   if (!Number.isNaN(parsed)) {
                     retryDelay = parsed;
                   }
@@ -157,10 +148,7 @@ function createSseClient({
         if (sseMaxRetryAttempts !== void 0 && attempt >= sseMaxRetryAttempts) {
           break;
         }
-        const backoff = Math.min(
-          retryDelay * 2 ** (attempt - 1),
-          sseMaxRetryDelay ?? 3e4
-        );
+        const backoff = Math.min(retryDelay * 2 ** (attempt - 1), sseMaxRetryDelay ?? 3e4);
         await sleep(backoff);
       }
     }
@@ -268,11 +256,7 @@ var serializeObjectParam = ({
   if (style !== "deepObject" && !explode) {
     let values = [];
     Object.entries(value).forEach(([key, v]) => {
-      values = [
-        ...values,
-        key,
-        allowReserved ? v : encodeURIComponent(v)
-      ];
+      values = [...values, key, allowReserved ? v : encodeURIComponent(v)];
     });
     const joinedValues2 = values.join(",");
     switch (style) {
@@ -323,10 +307,7 @@ var defaultPathSerializer = ({ path, url: _url }) => {
         continue;
       }
       if (Array.isArray(value)) {
-        url = url.replace(
-          match,
-          serializeArrayParam({ explode, name, style, value })
-        );
+        url = url.replace(match, serializeArrayParam({ explode, name, style, value }));
         continue;
       }
       if (typeof value === "object") {
@@ -474,9 +455,7 @@ var getParseAs = (contentType) => {
   if (cleanContent === "multipart/form-data") {
     return "formData";
   }
-  if (["application/", "audio/", "image/", "video/"].some(
-    (type) => cleanContent.startsWith(type)
-  )) {
+  if (["application/", "audio/", "image/", "video/"].some((type) => cleanContent.startsWith(type))) {
     return "blob";
   }
   if (cleanContent.startsWith("text/")) {
@@ -493,11 +472,8 @@ var checkForExistence = (options, name) => {
   }
   return false;
 };
-var setAuthParams = async ({
-  security,
-  ...options
-}) => {
-  for (const auth of security) {
+async function setAuthParams(options) {
+  for (const auth of options.security ?? []) {
     if (checkForExistence(options, auth.name)) {
       continue;
     }
@@ -522,7 +498,7 @@ var setAuthParams = async ({
         break;
     }
   }
-};
+}
 var buildUrl = (options) => getUrl({
   baseUrl: options.baseUrl,
   path: options.path,
@@ -648,10 +624,7 @@ var createClient = (config = {}) => {
       serializedBody: void 0
     };
     if (opts.security) {
-      await setAuthParams({
-        ...opts,
-        security: opts.security
-      });
+      await setAuthParams(opts);
     }
     if (opts.requestValidator) {
       await opts.requestValidator(opts);
@@ -764,12 +737,7 @@ var createClient = (config = {}) => {
       let finalError = error;
       for (const fn of interceptors.error.fns) {
         if (fn) {
-          finalError = await fn(
-            finalError,
-            response,
-            request2,
-            options
-          );
+          finalError = await fn(finalError, response, request2, options);
         }
       }
       finalError = finalError || {};
@@ -834,9 +802,7 @@ var createClient = (config = {}) => {
 };
 
 // src/api/client.gen.ts
-var client = createClient(
-  createConfig({ throwOnError: true })
-);
+var client = createClient(createConfig({ throwOnError: true }));
 
 // src/api/sdk.gen.ts
 var appControllerGetVersion = (options) => (options?.client ?? client).get({
@@ -849,6 +815,14 @@ var appControllerGetFrontendConfig = (options) => (options?.client ?? client).ge
   url: "/api/frontend-config",
   ...options
 });
+var authControllerGetOAuth2Token = (options) => (options.client ?? client).post({
+  url: "/api/oauth2/token",
+  ...options,
+  headers: {
+    "Content-Type": "application/json",
+    ...options.headers
+  }
+});
 var tenantControllerGetTenants = (options) => (options?.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/api/tenant",
@@ -882,6 +856,11 @@ var tenantControllerUpdateTenant = (options) => (options.client ?? client).patch
     ...options.headers
   }
 });
+var auditLogControllerGetAuditLogs = (options) => (options?.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/admin/audit-logs",
+  ...options
+});
 var clientControllerGetClients = (options) => (options?.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/api/client",
@@ -1106,18 +1085,81 @@ var credentialConfigControllerUpdateCredentialConfiguration = (options) => (opti
     ...options.headers
   }
 });
-var credentialConfigControllerSignSchemaMetaConfig = (options) => (options.client ?? client).post({
+var schemaMetadataControllerSignSchemaMetaConfig = (options) => (options.client ?? client).post({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/sign",
+  ...options,
+  headers: {
+    "Content-Type": "application/json",
+    ...options.headers
+  }
+});
+var schemaMetadataControllerSignVersionSchemaMetaConfig = (options) => (options.client ?? client).post({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/sign-version",
+  ...options,
+  headers: {
+    "Content-Type": "application/json",
+    ...options.headers
+  }
+});
+var schemaMetadataControllerGetVocabularies = (options) => (options?.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/vocabularies",
+  ...options
+});
+var schemaMetadataControllerFindAll = (options) => (options?.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata",
+  ...options
+});
+var schemaMetadataControllerFindOne = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/issuer/credentials/schema-metadata/sign",
+  url: "/api/schema-metadata/{id}",
+  ...options
+});
+var schemaMetadataControllerRemove = (options) => (options.client ?? client).delete({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/{id}/versions/{version}",
+  ...options
+});
+var schemaMetadataControllerUpdate = (options) => (options.client ?? client).patch({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/{id}/versions/{version}",
   ...options,
   headers: {
     "Content-Type": "application/json",
     ...options.headers
   }
 });
-var credentialConfigControllerSignVersionSchemaMetaConfig = (options) => (options.client ?? client).post({
+var schemaMetadataControllerGetLatest = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/{id}/latest",
+  ...options
+});
+var schemaMetadataControllerGetVersions = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/issuer/credentials/schema-metadata/sign-version",
+  url: "/api/schema-metadata/{id}/versions",
+  ...options
+});
+var schemaMetadataControllerGetJwt = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/{id}/versions/{version}/jwt",
+  ...options
+});
+var schemaMetadataControllerExport = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/{id}/versions/{version}/export",
+  ...options
+});
+var schemaMetadataControllerGetSchema = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/{id}/versions/{version}/schemas/{format}",
+  ...options
+});
+var schemaMetadataControllerDeprecateVersion = (options) => (options.client ?? client).patch({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/schema-metadata/{id}/versions/{version}/deprecation",
   ...options,
   headers: {
     "Content-Type": "application/json",
@@ -1238,6 +1280,26 @@ var trustListControllerGetTrustListVersion = (options) => (options.client ?? cli
   url: "/api/trust-list/{id}/versions/{versionId}",
   ...options
 });
+var cacheControllerGetStats = (options) => (options?.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/cache/stats",
+  ...options
+});
+var cacheControllerClearAllCaches = (options) => (options?.client ?? client).delete({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/cache",
+  ...options
+});
+var cacheControllerClearTrustListCache = (options) => (options?.client ?? client).delete({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/cache/trust-list",
+  ...options
+});
+var cacheControllerClearStatusListCache = (options) => (options?.client ?? client).delete({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/cache/status-list",
+  ...options
+});
 var presentationManagementControllerConfiguration = (options) => (options?.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/api/verifier/config",
@@ -1299,26 +1361,6 @@ var presentationManagementControllerReissueRegistrationCertificate = (options) =
   url: "/api/verifier/config/{id}/registration-cert/reissue",
   ...options
 });
-var cacheControllerGetStats = (options) => (options?.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/cache/stats",
-  ...options
-});
-var cacheControllerClearAllCaches = (options) => (options?.client ?? client).delete({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/cache",
-  ...options
-});
-var cacheControllerClearTrustListCache = (options) => (options?.client ?? client).delete({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/cache/trust-list",
-  ...options
-});
-var cacheControllerClearStatusListCache = (options) => (options?.client ?? client).delete({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/cache/status-list",
-  ...options
-});
 var registrarControllerDeleteConfig = (options) => (options?.client ?? client).delete({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/api/registrar/config",
@@ -1356,69 +1398,6 @@ var registrarControllerCreateAccessCertificate = (options) => (options.client ??
     ...options.headers
   }
 });
-var schemaMetadataControllerGetVocabularies = (options) => (options?.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/vocabularies",
-  ...options
-});
-var schemaMetadataControllerFindAll = (options) => (options?.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata",
-  ...options
-});
-var schemaMetadataControllerFindOne = (options) => (options.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}",
-  ...options
-});
-var schemaMetadataControllerRemove = (options) => (options.client ?? client).delete({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/versions/{version}",
-  ...options
-});
-var schemaMetadataControllerUpdate = (options) => (options.client ?? client).patch({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/versions/{version}",
-  ...options,
-  headers: {
-    "Content-Type": "application/json",
-    ...options.headers
-  }
-});
-var schemaMetadataControllerGetLatest = (options) => (options.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/latest",
-  ...options
-});
-var schemaMetadataControllerGetVersions = (options) => (options.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/versions",
-  ...options
-});
-var schemaMetadataControllerGetJwt = (options) => (options.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/versions/{version}/jwt",
-  ...options
-});
-var schemaMetadataControllerExport = (options) => (options.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/versions/{version}/export",
-  ...options
-});
-var schemaMetadataControllerGetSchema = (options) => (options.client ?? client).get({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/versions/{version}/schemas/{format}",
-  ...options
-});
-var schemaMetadataControllerDeprecateVersion = (options) => (options.client ?? client).patch({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/api/schema-metadata/{id}/versions/{version}/deprecation",
-  ...options,
-  headers: {
-    "Content-Type": "application/json",
-    ...options.headers
-  }
-});
 var credentialOfferControllerGetOffer = (options) => (options.client ?? client).post({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/api/issuer/offer",
@@ -1451,6 +1430,11 @@ var keyChainControllerGetProviders = (options) => (options?.client ?? client).ge
   url: "/api/key-chain/providers",
   ...options
 });
+var keyChainControllerGetProvidersHealth = (options) => (options?.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/api/key-chain/providers/health",
+  ...options
+});
 var keyChainControllerGetAll = (options) => (options?.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/api/key-chain",
@@ -1537,6 +1521,26 @@ function decodeJwtPayload(jwt) {
   const jsonPayload = atob(base64);
   return JSON.parse(jsonPayload);
 }
+function extractResponseUriFromRequestObject(requestObject) {
+  const requestPayload = decodeJwtPayload(requestObject);
+  if (!requestPayload.response_uri) {
+    throw new Error("No response_uri found in request object");
+  }
+  return requestPayload.response_uri;
+}
+function mapDcApiPresentationResult(result) {
+  let resolvedCredentials;
+  if (Array.isArray(result)) {
+    resolvedCredentials = result;
+  } else if (Array.isArray(result?.credentials)) {
+    resolvedCredentials = result.credentials;
+  }
+  return {
+    credentials: resolvedCredentials,
+    response: result,
+    redirectUri: result?.redirect_uri
+  };
+}
 var EudiploClient = class {
   config;
   accessToken;
@@ -1569,7 +1573,7 @@ var EudiploClient = class {
   }
   async _doAuthenticate() {
     const fetchFn = this.config.fetch ?? globalThis.fetch;
-    const res = await fetchFn(`${this.config.baseUrl}/oauth2/token`, {
+    const res = await fetchFn(`${this.config.baseUrl}/api/oauth2/token`, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify({
@@ -1628,15 +1632,14 @@ var EudiploClient = class {
       tx_code: options.txCode
     };
     if (options.claims) {
-      body.credentialClaims = {
-        additionalProperties: void 0
-      };
+      const credentialClaims = {};
       for (const [configId, claims] of Object.entries(options.claims)) {
-        body.credentialClaims[configId] = {
+        credentialClaims[configId] = {
           type: "inline",
           claims
         };
       }
+      body.credentialClaims = credentialClaims;
     }
     const response = await credentialOfferControllerGetOffer({
       body
@@ -1677,10 +1680,12 @@ var EudiploClient = class {
    */
   async createPresentationRequest(options) {
     await this.ensureAuthenticated();
+    const inferredOrigin = options.origin ?? (typeof globalThis.location === "object" ? globalThis.location.origin : void 0);
     const body = {
       response_type: options.responseType ?? "uri",
       requestId: options.configId,
-      redirectUri: options.redirectUri
+      redirectUri: options.redirectUri,
+      expected_origin: options.responseType === "dc-api" ? inferredOrigin : void 0
     };
     const response = await verifierOfferControllerGetOffer({
       body
@@ -1898,10 +1903,12 @@ var EudiploClient = class {
    */
   async createDcApiPresentationRequest(options) {
     await this.ensureAuthenticated();
+    const inferredOrigin = options.origin ?? (typeof globalThis.location === "object" ? globalThis.location.origin : void 0);
     const body = {
       response_type: "dc-api",
       requestId: options.configId,
-      redirectUri: options.redirectUri
+      redirectUri: options.redirectUri,
+      expected_origin: inferredOrigin
     };
     const response = await verifierOfferControllerGetOffer({
       body
@@ -1909,7 +1916,34 @@ var EudiploClient = class {
     if (!response.data) {
       throw new Error("Failed to create DC API presentation request");
     }
-    return this.getSession(response.data.session);
+    const session = await this.getSession(response.data.session);
+    if (session.requestObject) {
+      return session;
+    }
+    const nonceOrId = session.walletNonce ?? session.id;
+    const requestObjectUrl = `${this.config.baseUrl}/api/presentations/${encodeURIComponent(nonceOrId)}/oid4vp/request`;
+    const fetchImpl = this.config.fetch ?? fetch;
+    const requestObjectResponse = await fetchImpl(requestObjectUrl, {
+      method: "GET",
+      headers: {
+        Accept: "application/oauth-authz-req+jwt",
+        ...inferredOrigin ? { Origin: inferredOrigin } : {}
+      }
+    });
+    if (!requestObjectResponse.ok) {
+      const errorText = await requestObjectResponse.text();
+      throw new Error(
+        `Failed to fetch DC API request object: ${requestObjectResponse.status} ${errorText}`
+      );
+    }
+    const requestObject = (await requestObjectResponse.text()).trim();
+    if (!requestObject) {
+      throw new Error("DC API request endpoint returned an empty requestObject");
+    }
+    return {
+      ...session,
+      requestObject
+    };
   }
   /**
    * Submit a presentation using the Digital Credentials API.
@@ -1941,54 +1975,13 @@ var EudiploClient = class {
         'Session does not contain a requestObject. Make sure to create the session with response_type: "dc-api"'
       );
     }
-    const dcResponse = await navigator.credentials.get({
-      mediation: "required",
-      digital: {
-        requests: [
-          {
-            protocol: "openid4vp-v1-signed",
-            data: { request: session.requestObject }
-          }
-        ]
-      }
-    });
-    if (!dcResponse) {
-      throw new Error("No response from Digital Credentials API");
-    }
-    if (dcResponse.data?.error) {
-      throw new Error(
-        `Wallet error: ${dcResponse.data.error}${dcResponse.data.error_description ? ` - ${dcResponse.data.error_description}` : ""}`
-      );
-    }
-    const requestPayload = decodeJwtPayload(
-      session.requestObject
-    );
-    if (!requestPayload.response_uri) {
-      throw new Error("No response_uri found in request object");
-    }
-    const fetchImpl = this.config.fetch ?? fetch;
-    const submitResponse = await fetchImpl(requestPayload.response_uri, {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        ...dcResponse.data,
-        sendResponse: options.sendResponse ?? true
-      })
+    const walletResponse = await invokeDcApi(session.requestObject);
+    return submitDcApiResponse({
+      responseUri: extractResponseUriFromRequestObject(session.requestObject),
+      walletResponse,
+      sendResponse: options.sendResponse,
+      fetch: this.config.fetch
     });
-    if (!submitResponse.ok) {
-      const errorText = await submitResponse.text();
-      throw new Error(
-        `Failed to submit presentation: ${submitResponse.status} ${errorText}`
-      );
-    }
-    const result = await submitResponse.json();
-    return {
-      credentials: result.credentials ?? result,
-      response: result,
-      redirectUri: result.redirect_uri
-    };
   }
   /**
    * Convenience method to create a presentation request and immediately
@@ -2007,111 +2000,7 @@ var EudiploClient = class {
     return this.submitDcApiPresentation(session, dcOptions);
   }
 };
-async function verify(options) {
-  const client2 = new EudiploClient({
-    baseUrl: options.baseUrl,
-    clientId: options.clientId,
-    clientSecret: options.clientSecret
-  });
-  const { uri, sessionId } = await client2.createPresentationRequest({
-    configId: options.configId,
-    redirectUri: options.redirectUri
-  });
-  return {
-    uri,
-    sessionId,
-    waitForCompletion: (pollingOptions) => client2.waitForSession(sessionId, { ...options.polling, ...pollingOptions }),
-    getStatus: () => client2.getSession(sessionId)
-  };
-}
-async function issue(options) {
-  const client2 = new EudiploClient({
-    baseUrl: options.baseUrl,
-    clientId: options.clientId,
-    clientSecret: options.clientSecret
-  });
-  const { uri, sessionId } = await client2.createIssuanceOffer({
-    credentialConfigurationIds: options.credentialConfigurationIds,
-    claims: options.claims,
-    txCode: options.txCode
-  });
-  return {
-    uri,
-    sessionId,
-    waitForCompletion: (pollingOptions) => client2.waitForSession(sessionId, { ...options.polling, ...pollingOptions }),
-    getStatus: () => client2.getSession(sessionId)
-  };
-}
-async function verifyAndWait(options) {
-  const { uri, waitForCompletion } = await verify(options);
-  options.onUri(uri);
-  return waitForCompletion(options.polling);
-}
-async function issueAndWait(options) {
-  const { uri, waitForCompletion } = await issue(options);
-  options.onUri(uri);
-  return waitForCompletion(options.polling);
-}
-async function verifyWithDcApi(options) {
-  const eudiploClient = new EudiploClient({
-    baseUrl: options.baseUrl,
-    clientId: options.clientId,
-    clientSecret: options.clientSecret
-  });
-  return eudiploClient.verifyWithDcApi(
-    {
-      configId: options.configId,
-      redirectUri: options.redirectUri
-    },
-    {
-      sendResponse: options.sendResponse
-    }
-  );
-}
-async function createDcApiRequest(options) {
-  const eudiploClient = new EudiploClient({
-    baseUrl: options.baseUrl,
-    clientId: options.clientId,
-    clientSecret: options.clientSecret
-  });
-  const session = await eudiploClient.createDcApiPresentationRequest({
-    configId: options.configId,
-    redirectUri: options.redirectUri
-  });
-  return {
-    session,
-    submit: (dcOptions) => eudiploClient.submitDcApiPresentation(session, {
-      sendResponse: options.sendResponse,
-      ...dcOptions
-    })
-  };
-}
-async function createDcApiRequestForBrowser(options) {
-  const eudiploClient = new EudiploClient({
-    baseUrl: options.baseUrl,
-    clientId: options.clientId,
-    clientSecret: options.clientSecret
-  });
-  const session = await eudiploClient.createDcApiPresentationRequest({
-    configId: options.configId,
-    redirectUri: options.redirectUri
-  });
-  if (!session.requestObject) {
-    throw new Error("Session does not contain a requestObject");
-  }
-  const requestPayload = decodeJwtPayload(
-    session.requestObject
-  );
-  if (!requestPayload.response_uri) {
-    throw new Error("No response_uri found in request object");
-  }
-  return {
-    requestObject: session.requestObject,
-    sessionId: session.id,
-    responseUri: requestPayload.response_uri
-  };
-}
-async function callDcApi(requestObject) {
+async function invokeDcApi(requestObject) {
   if (!isDcApiAvailable()) {
     throw new Error(
       "Digital Credentials API is not available in this browser. Please use a supported browser or fall back to QR code flow."
@@ -2138,7 +2027,7 @@ async function callDcApi(requestObject) {
   }
   return dcResponse.data;
 }
-async function submitDcApiWalletResponse(options) {
+async function submitDcApiResponse(options) {
   const fetchImpl = options.fetch ?? fetch;
   const submitResponse = await fetchImpl(options.responseUri, {
     method: "POST",
@@ -2157,10 +2046,217 @@ async function submitDcApiWalletResponse(options) {
     );
   }
   const result = await submitResponse.json();
+  return mapDcApiPresentationResult(result);
+}
+
+// src/config/derive.ts
+var JSON_SCHEMA_DRAFT_2020_12 = "https://json-schema.org/draft/2020-12/schema";
+function segmentToKey(segment) {
+  if (segment === null) {
+    return "*";
+  }
+  return String(segment);
+}
+function getOrCreateChild(target, key, nextIsArray) {
+  const current = target[key];
+  if (current !== void 0) {
+    if (Array.isArray(current)) {
+      return current;
+    }
+    if (typeof current === "object" && current !== null) {
+      return current;
+    }
+  }
+  const created = nextIsArray ? [] : {};
+  target[key] = created;
+  return created;
+}
+function setValueAtPath(target, path, value) {
+  if (path.length === 0) {
+    return;
+  }
+  let cursor = target;
+  for (let index = 0; index < path.length; index += 1) {
+    const segment = path[index];
+    const isLast = index === path.length - 1;
+    const next = path[index + 1];
+    if (Array.isArray(cursor)) {
+      const arrayIndex = typeof segment === "number" ? segment : Number(segmentToKey(segment));
+      if (!Number.isFinite(arrayIndex) || arrayIndex < 0) {
+        return;
+      }
+      if (isLast) {
+        cursor[arrayIndex] = value;
+        return;
+      }
+      const current = cursor[arrayIndex];
+      if (typeof current !== "object" || current === null) {
+        cursor[arrayIndex] = typeof next === "number" ? [] : {};
+      }
+      cursor = cursor[arrayIndex];
+      continue;
+    }
+    const key = segmentToKey(segment);
+    if (isLast) {
+      cursor[key] = value;
+      return;
+    }
+    cursor = getOrCreateChild(cursor, key, typeof next === "number");
+  }
+}
+function getDisplayTitle(display) {
+  if (!display || display.length === 0) {
+    return void 0;
+  }
+  const en = display.find((entry) => entry.locale.toLowerCase().startsWith("en"));
+  return en?.name ?? display[0]?.name;
+}
+function mergeLeafSchema(existing, next) {
+  const merged = { ...next };
+  if (existing.properties && Object.keys(existing.properties).length > 0) {
+    merged.properties = existing.properties;
+  }
+  if (Array.isArray(existing.required) && existing.required.length > 0) {
+    merged.required = existing.required;
+  }
+  return merged;
+}
+function ensureSchemaNode(root, path) {
+  let cursor = root;
+  for (const segment of path) {
+    const key = segmentToKey(segment);
+    cursor.properties ??= {};
+    if (!cursor.properties[key]) {
+      cursor.properties[key] = {
+        type: "object",
+        properties: {}
+      };
+    }
+    cursor = cursor.properties[key];
+  }
+  return cursor;
+}
+function ensureFrameNode(root, path) {
+  let cursor = root;
+  for (const segment of path) {
+    const key = segmentToKey(segment);
+    const current = cursor[key];
+    if (!current || typeof current !== "object" || Array.isArray(current)) {
+      cursor[key] = {};
+    }
+    cursor = cursor[key];
+  }
+  return cursor;
+}
+function buildClaims(fields) {
+  const claims = {};
+  for (const field of fields) {
+    if (!Object.prototype.hasOwnProperty.call(field, "defaultValue")) {
+      continue;
+    }
+    setValueAtPath(claims, field.path, field.defaultValue);
+  }
+  return claims;
+}
+function buildDisclosureFrame(fields) {
+  const frame = {};
+  let hasDisclosure = false;
+  for (const field of fields) {
+    if (!field.disclosable || field.path.length === 0) {
+      continue;
+    }
+    const parentPath = field.path.slice(0, -1);
+    const leaf = segmentToKey(field.path.at(-1) ?? "");
+    const node = ensureFrameNode(frame, parentPath);
+    const existing = Array.isArray(node._sd) ? node._sd : [];
+    if (!existing.includes(leaf)) {
+      existing.push(leaf);
+      node._sd = existing;
+    }
+    hasDisclosure = true;
+  }
+  return hasDisclosure ? frame : void 0;
+}
+function buildClaimsMetadata(fields) {
+  return fields.filter((field) => field.path.length > 0).map((field) => {
+    const metadata = {
+      path: field.path
+    };
+    if (typeof field.mandatory === "boolean") {
+      metadata.mandatory = field.mandatory;
+    }
+    if (field.display && field.display.length > 0) {
+      metadata.display = field.display;
+    }
+    return metadata;
+  });
+}
+function buildLeafSchema(field) {
+  const schema = {
+    ...field.constraints,
+    type: field.type === "date" ? "string" : field.type
+  };
+  if (field.type === "date" && !schema.format) {
+    schema.format = "date";
+  }
+  const title = getDisplayTitle(field.display);
+  if (title) {
+    schema.title = title;
+  }
+  return schema;
+}
+function addRequired(parent, key) {
+  if (!Array.isArray(parent.required)) {
+    parent.required = [];
+  }
+  if (!parent.required.includes(key)) {
+    parent.required.push(key);
+  }
+}
+function buildJsonSchema(fields) {
+  const root = {
+    $schema: JSON_SCHEMA_DRAFT_2020_12,
+    type: "object",
+    properties: {}
+  };
+  for (const field of fields) {
+    if (field.path.length === 0) {
+      continue;
+    }
+    const parent = ensureSchemaNode(root, field.path.slice(0, -1));
+    const leafKey = segmentToKey(field.path.at(-1) ?? "");
+    parent.properties ??= {};
+    const leafSchema = buildLeafSchema(field);
+    const existing = parent.properties[leafKey];
+    parent.properties[leafKey] = existing && typeof existing === "object" && !Array.isArray(existing) ? mergeLeafSchema(existing, leafSchema) : leafSchema;
+    if (field.mandatory) {
+      addRequired(parent, leafKey);
+    }
+  }
+  return root;
+}
+function buildClaimsByNamespace(fields) {
+  const byNamespace = {};
+  for (const field of fields) {
+    if (!field.namespace || !Object.prototype.hasOwnProperty.call(field, "defaultValue")) {
+      continue;
+    }
+    if (!byNamespace[field.namespace]) {
+      byNamespace[field.namespace] = {};
+    }
+    const namespaceTarget = byNamespace[field.namespace];
+    const normalizedPath = field.path.length > 0 && segmentToKey(field.path[0] ?? "") === field.namespace ? field.path.slice(1) : field.path;
+    setValueAtPath(namespaceTarget, normalizedPath, field.defaultValue);
+  }
+  return byNamespace;
+}
+function deriveRuntimeArtifacts(fields) {
   return {
-    credentials: result.credentials ?? result,
-    response: result,
-    redirectUri: result.redirect_uri
+    claims: buildClaims(fields),
+    disclosureFrame: buildDisclosureFrame(fields),
+    claimsMetadata: buildClaimsMetadata(fields),
+    schema: buildJsonSchema(fields),
+    claimsByNamespace: buildClaimsByNamespace(fields)
   };
 }
 
@@ -2172,11 +2268,17 @@ exports.attributeProviderControllerDelete = attributeProviderControllerDelete;
 exports.attributeProviderControllerGetAll = attributeProviderControllerGetAll;
 exports.attributeProviderControllerGetById = attributeProviderControllerGetById;
 exports.attributeProviderControllerUpdate = attributeProviderControllerUpdate;
+exports.auditLogControllerGetAuditLogs = auditLogControllerGetAuditLogs;
+exports.authControllerGetOAuth2Token = authControllerGetOAuth2Token;
+exports.buildClaims = buildClaims;
+exports.buildClaimsByNamespace = buildClaimsByNamespace;
+exports.buildClaimsMetadata = buildClaimsMetadata;
+exports.buildDisclosureFrame = buildDisclosureFrame;
+exports.buildJsonSchema = buildJsonSchema;
 exports.cacheControllerClearAllCaches = cacheControllerClearAllCaches;
 exports.cacheControllerClearStatusListCache = cacheControllerClearStatusListCache;
 exports.cacheControllerClearTrustListCache = cacheControllerClearTrustListCache;
 exports.cacheControllerGetStats = cacheControllerGetStats;
-exports.callDcApi = callDcApi;
 exports.client = client;
 exports.clientControllerCreateClient = clientControllerCreateClient;
 exports.clientControllerDeleteClient = clientControllerDeleteClient;
@@ -2185,29 +2287,25 @@ exports.clientControllerGetClientSecret = clientControllerGetClientSecret;
 exports.clientControllerGetClients = clientControllerGetClients;
 exports.clientControllerRotateClientSecret = clientControllerRotateClientSecret;
 exports.clientControllerUpdateClient = clientControllerUpdateClient;
-exports.createDcApiRequest = createDcApiRequest;
-exports.createDcApiRequestForBrowser = createDcApiRequestForBrowser;
 exports.credentialConfigControllerDeleteIssuanceConfiguration = credentialConfigControllerDeleteIssuanceConfiguration;
 exports.credentialConfigControllerGetConfigById = credentialConfigControllerGetConfigById;
 exports.credentialConfigControllerGetConfigs = credentialConfigControllerGetConfigs;
-exports.credentialConfigControllerSignSchemaMetaConfig = credentialConfigControllerSignSchemaMetaConfig;
-exports.credentialConfigControllerSignVersionSchemaMetaConfig = credentialConfigControllerSignVersionSchemaMetaConfig;
 exports.credentialConfigControllerStoreCredentialConfiguration = credentialConfigControllerStoreCredentialConfiguration;
 exports.credentialConfigControllerUpdateCredentialConfiguration = credentialConfigControllerUpdateCredentialConfiguration;
 exports.credentialOfferControllerGetOffer = credentialOfferControllerGetOffer;
 exports.deferredControllerCompleteDeferred = deferredControllerCompleteDeferred;
 exports.deferredControllerFailDeferred = deferredControllerFailDeferred;
+exports.deriveRuntimeArtifacts = deriveRuntimeArtifacts;
 exports.isDcApiAvailable = isDcApiAvailable;
 exports.issuanceConfigControllerGetIssuanceConfigurations = issuanceConfigControllerGetIssuanceConfigurations;
 exports.issuanceConfigControllerStoreIssuanceConfiguration = issuanceConfigControllerStoreIssuanceConfiguration;
-exports.issue = issue;
-exports.issueAndWait = issueAndWait;
 exports.keyChainControllerCreate = keyChainControllerCreate;
 exports.keyChainControllerDelete = keyChainControllerDelete;
 exports.keyChainControllerExport = keyChainControllerExport;
 exports.keyChainControllerGetAll = keyChainControllerGetAll;
 exports.keyChainControllerGetById = keyChainControllerGetById;
 exports.keyChainControllerGetProviders = keyChainControllerGetProviders;
+exports.keyChainControllerGetProvidersHealth = keyChainControllerGetProvidersHealth;
 exports.keyChainControllerImport = keyChainControllerImport;
 exports.keyChainControllerRotate = keyChainControllerRotate;
 exports.keyChainControllerUpdate = keyChainControllerUpdate;
@@ -2235,6 +2333,8 @@ exports.schemaMetadataControllerGetSchema = schemaMetadataControllerGetSchema;
 exports.schemaMetadataControllerGetVersions = schemaMetadataControllerGetVersions;
 exports.schemaMetadataControllerGetVocabularies = schemaMetadataControllerGetVocabularies;
 exports.schemaMetadataControllerRemove = schemaMetadataControllerRemove;
+exports.schemaMetadataControllerSignSchemaMetaConfig = schemaMetadataControllerSignSchemaMetaConfig;
+exports.schemaMetadataControllerSignVersionSchemaMetaConfig = schemaMetadataControllerSignVersionSchemaMetaConfig;
 exports.schemaMetadataControllerUpdate = schemaMetadataControllerUpdate;
 exports.sessionConfigControllerGetConfig = sessionConfigControllerGetConfig;
 exports.sessionConfigControllerResetConfig = sessionConfigControllerResetConfig;
@@ -2254,7 +2354,6 @@ exports.statusListManagementControllerGetList = statusListManagementControllerGe
 exports.statusListManagementControllerGetLists = statusListManagementControllerGetLists;
 exports.statusListManagementControllerUpdateList = statusListManagementControllerUpdateList;
 exports.storageControllerUpload = storageControllerUpload;
-exports.submitDcApiWalletResponse = submitDcApiWalletResponse;
 exports.tenantControllerDeleteTenant = tenantControllerDeleteTenant;
 exports.tenantControllerGetTenant = tenantControllerGetTenant;
 exports.tenantControllerGetTenants = tenantControllerGetTenants;
@@ -2274,9 +2373,6 @@ exports.userControllerGetUser = userControllerGetUser;
 exports.userControllerGetUsers = userControllerGetUsers;
 exports.userControllerUpdateUser = userControllerUpdateUser;
 exports.verifierOfferControllerGetOffer = verifierOfferControllerGetOffer;
-exports.verify = verify;
-exports.verifyAndWait = verifyAndWait;
-exports.verifyWithDcApi = verifyWithDcApi;
 exports.webhookEndpointControllerCreate = webhookEndpointControllerCreate;
 exports.webhookEndpointControllerDelete = webhookEndpointControllerDelete;
 exports.webhookEndpointControllerGetAll = webhookEndpointControllerGetAll;