@interop/was-react 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (223) hide show
  1. package/LICENSE.md +20 -0
  2. package/README.md +410 -0
  3. package/dist/auth/chapi.d.ts +43 -0
  4. package/dist/auth/chapi.d.ts.map +1 -0
  5. package/dist/auth/chapi.js +107 -0
  6. package/dist/auth/chapi.js.map +1 -0
  7. package/dist/auth/loginFlow.d.ts +93 -0
  8. package/dist/auth/loginFlow.d.ts.map +1 -0
  9. package/dist/auth/loginFlow.js +149 -0
  10. package/dist/auth/loginFlow.js.map +1 -0
  11. package/dist/auth/loginRequest.d.ts +66 -0
  12. package/dist/auth/loginRequest.d.ts.map +1 -0
  13. package/dist/auth/loginRequest.js +83 -0
  14. package/dist/auth/loginRequest.js.map +1 -0
  15. package/dist/auth/verifyResponse.d.ts +52 -0
  16. package/dist/auth/verifyResponse.d.ts.map +1 -0
  17. package/dist/auth/verifyResponse.js +138 -0
  18. package/dist/auth/verifyResponse.js.map +1 -0
  19. package/dist/auth/verifyResponse.test.d.ts +2 -0
  20. package/dist/auth/verifyResponse.test.d.ts.map +1 -0
  21. package/dist/auth/verifyResponse.test.js +282 -0
  22. package/dist/auth/verifyResponse.test.js.map +1 -0
  23. package/dist/auth/walletRequestTypes.d.ts +143 -0
  24. package/dist/auth/walletRequestTypes.d.ts.map +1 -0
  25. package/dist/auth/walletRequestTypes.js +2 -0
  26. package/dist/auth/walletRequestTypes.js.map +1 -0
  27. package/dist/config.d.ts +150 -0
  28. package/dist/config.d.ts.map +1 -0
  29. package/dist/config.js +27 -0
  30. package/dist/config.js.map +1 -0
  31. package/dist/dev/cli.d.ts +16 -0
  32. package/dist/dev/cli.d.ts.map +1 -0
  33. package/dist/dev/cli.js +122 -0
  34. package/dist/dev/cli.js.map +1 -0
  35. package/dist/dev/cli.test.d.ts +2 -0
  36. package/dist/dev/cli.test.d.ts.map +1 -0
  37. package/dist/dev/cli.test.js +39 -0
  38. package/dist/dev/cli.test.js.map +1 -0
  39. package/dist/dev/index.d.ts +10 -0
  40. package/dist/dev/index.d.ts.map +1 -0
  41. package/dist/dev/index.js +10 -0
  42. package/dist/dev/index.js.map +1 -0
  43. package/dist/dev/provisionDevGrants.d.ts +73 -0
  44. package/dist/dev/provisionDevGrants.d.ts.map +1 -0
  45. package/dist/dev/provisionDevGrants.js +176 -0
  46. package/dist/dev/provisionDevGrants.js.map +1 -0
  47. package/dist/grants.d.ts +59 -0
  48. package/dist/grants.d.ts.map +1 -0
  49. package/dist/grants.js +82 -0
  50. package/dist/grants.js.map +1 -0
  51. package/dist/grants.test.d.ts +2 -0
  52. package/dist/grants.test.d.ts.map +1 -0
  53. package/dist/grants.test.js +79 -0
  54. package/dist/grants.test.js.map +1 -0
  55. package/dist/identity/agents.d.ts +99 -0
  56. package/dist/identity/agents.d.ts.map +1 -0
  57. package/dist/identity/agents.js +132 -0
  58. package/dist/identity/agents.js.map +1 -0
  59. package/dist/identity/appSession.d.ts +78 -0
  60. package/dist/identity/appSession.d.ts.map +1 -0
  61. package/dist/identity/appSession.js +93 -0
  62. package/dist/identity/appSession.js.map +1 -0
  63. package/dist/identity/documentLoader.d.ts +20 -0
  64. package/dist/identity/documentLoader.d.ts.map +1 -0
  65. package/dist/identity/documentLoader.js +99 -0
  66. package/dist/identity/documentLoader.js.map +1 -0
  67. package/dist/identity/initAppSession.d.ts +27 -0
  68. package/dist/identity/initAppSession.d.ts.map +1 -0
  69. package/dist/identity/initAppSession.js +30 -0
  70. package/dist/identity/initAppSession.js.map +1 -0
  71. package/dist/identity/seedCredential.d.ts +74 -0
  72. package/dist/identity/seedCredential.d.ts.map +1 -0
  73. package/dist/identity/seedCredential.js +165 -0
  74. package/dist/identity/seedCredential.js.map +1 -0
  75. package/dist/identity/seedCredential.test.d.ts +2 -0
  76. package/dist/identity/seedCredential.test.d.ts.map +1 -0
  77. package/dist/identity/seedCredential.test.js +205 -0
  78. package/dist/identity/seedCredential.test.js.map +1 -0
  79. package/dist/identity/seedStore.d.ts +27 -0
  80. package/dist/identity/seedStore.d.ts.map +1 -0
  81. package/dist/identity/seedStore.js +74 -0
  82. package/dist/identity/seedStore.js.map +1 -0
  83. package/dist/index.d.ts +37 -0
  84. package/dist/index.d.ts.map +1 -0
  85. package/dist/index.js +46 -0
  86. package/dist/index.js.map +1 -0
  87. package/dist/mui/ProtectedRoute.d.ts +10 -0
  88. package/dist/mui/ProtectedRoute.d.ts.map +1 -0
  89. package/dist/mui/ProtectedRoute.js +54 -0
  90. package/dist/mui/ProtectedRoute.js.map +1 -0
  91. package/dist/mui/ReconnectBanner.d.ts +2 -0
  92. package/dist/mui/ReconnectBanner.d.ts.map +1 -0
  93. package/dist/mui/ReconnectBanner.js +20 -0
  94. package/dist/mui/ReconnectBanner.js.map +1 -0
  95. package/dist/mui/SyncStatusChip.d.ts +2 -0
  96. package/dist/mui/SyncStatusChip.d.ts.map +1 -0
  97. package/dist/mui/SyncStatusChip.js +27 -0
  98. package/dist/mui/SyncStatusChip.js.map +1 -0
  99. package/dist/mui/index.d.ts +12 -0
  100. package/dist/mui/index.d.ts.map +1 -0
  101. package/dist/mui/index.js +12 -0
  102. package/dist/mui/index.js.map +1 -0
  103. package/dist/react/WasSessionProvider.d.ts +36 -0
  104. package/dist/react/WasSessionProvider.d.ts.map +1 -0
  105. package/dist/react/WasSessionProvider.js +35 -0
  106. package/dist/react/WasSessionProvider.js.map +1 -0
  107. package/dist/react/hooks.d.ts +66 -0
  108. package/dist/react/hooks.d.ts.map +1 -0
  109. package/dist/react/hooks.js +121 -0
  110. package/dist/react/hooks.js.map +1 -0
  111. package/dist/react/index.d.ts +11 -0
  112. package/dist/react/index.d.ts.map +1 -0
  113. package/dist/react/index.js +11 -0
  114. package/dist/react/index.js.map +1 -0
  115. package/dist/session/appReadyStore.d.ts +10 -0
  116. package/dist/session/appReadyStore.d.ts.map +1 -0
  117. package/dist/session/appReadyStore.js +22 -0
  118. package/dist/session/appReadyStore.js.map +1 -0
  119. package/dist/session/authStore.d.ts +71 -0
  120. package/dist/session/authStore.d.ts.map +1 -0
  121. package/dist/session/authStore.js +347 -0
  122. package/dist/session/authStore.js.map +1 -0
  123. package/dist/session/index.d.ts +10 -0
  124. package/dist/session/index.d.ts.map +1 -0
  125. package/dist/session/index.js +10 -0
  126. package/dist/session/index.js.map +1 -0
  127. package/dist/storage/entityStore.d.ts +51 -0
  128. package/dist/storage/entityStore.d.ts.map +1 -0
  129. package/dist/storage/entityStore.js +78 -0
  130. package/dist/storage/entityStore.js.map +1 -0
  131. package/dist/storage/localStore.d.ts +144 -0
  132. package/dist/storage/localStore.d.ts.map +1 -0
  133. package/dist/storage/localStore.js +289 -0
  134. package/dist/storage/localStore.js.map +1 -0
  135. package/dist/storage/rehydrate.d.ts +56 -0
  136. package/dist/storage/rehydrate.d.ts.map +1 -0
  137. package/dist/storage/rehydrate.js +87 -0
  138. package/dist/storage/rehydrate.js.map +1 -0
  139. package/dist/storage/rehydrate.test.d.ts +2 -0
  140. package/dist/storage/rehydrate.test.d.ts.map +1 -0
  141. package/dist/storage/rehydrate.test.js +172 -0
  142. package/dist/storage/rehydrate.test.js.map +1 -0
  143. package/dist/storage/storageManager.d.ts +39 -0
  144. package/dist/storage/storageManager.d.ts.map +1 -0
  145. package/dist/storage/storageManager.js +68 -0
  146. package/dist/storage/storageManager.js.map +1 -0
  147. package/dist/storage/syncController.d.ts +79 -0
  148. package/dist/storage/syncController.d.ts.map +1 -0
  149. package/dist/storage/syncController.js +189 -0
  150. package/dist/storage/syncController.js.map +1 -0
  151. package/dist/storage/syncStatusStore.d.ts +17 -0
  152. package/dist/storage/syncStatusStore.d.ts.map +1 -0
  153. package/dist/storage/syncStatusStore.js +19 -0
  154. package/dist/storage/syncStatusStore.js.map +1 -0
  155. package/dist/storage/wasRemoteStore.d.ts +73 -0
  156. package/dist/storage/wasRemoteStore.d.ts.map +1 -0
  157. package/dist/storage/wasRemoteStore.js +76 -0
  158. package/dist/storage/wasRemoteStore.js.map +1 -0
  159. package/dist/storage/wasSync.d.ts +42 -0
  160. package/dist/storage/wasSync.d.ts.map +1 -0
  161. package/dist/storage/wasSync.js +34 -0
  162. package/dist/storage/wasSync.js.map +1 -0
  163. package/dist/sync/changesQuery.d.ts +44 -0
  164. package/dist/sync/changesQuery.d.ts.map +1 -0
  165. package/dist/sync/changesQuery.js +61 -0
  166. package/dist/sync/changesQuery.js.map +1 -0
  167. package/dist/sync/changesQuery.test.d.ts +2 -0
  168. package/dist/sync/changesQuery.test.d.ts.map +1 -0
  169. package/dist/sync/changesQuery.test.js +145 -0
  170. package/dist/sync/changesQuery.test.js.map +1 -0
  171. package/dist/sync/docCipher.d.ts +68 -0
  172. package/dist/sync/docCipher.d.ts.map +1 -0
  173. package/dist/sync/docCipher.js +89 -0
  174. package/dist/sync/docCipher.js.map +1 -0
  175. package/dist/sync/feedMasterPort.d.ts +30 -0
  176. package/dist/sync/feedMasterPort.d.ts.map +1 -0
  177. package/dist/sync/feedMasterPort.js +58 -0
  178. package/dist/sync/feedMasterPort.js.map +1 -0
  179. package/dist/sync/index.d.ts +21 -0
  180. package/dist/sync/index.d.ts.map +1 -0
  181. package/dist/sync/index.js +21 -0
  182. package/dist/sync/index.js.map +1 -0
  183. package/dist/sync/lww.d.ts +29 -0
  184. package/dist/sync/lww.d.ts.map +1 -0
  185. package/dist/sync/lww.js +28 -0
  186. package/dist/sync/lww.js.map +1 -0
  187. package/dist/sync/lww.test.d.ts +2 -0
  188. package/dist/sync/lww.test.d.ts.map +1 -0
  189. package/dist/sync/lww.test.js +28 -0
  190. package/dist/sync/lww.test.js.map +1 -0
  191. package/dist/sync/lwwConflictHandler.d.ts +49 -0
  192. package/dist/sync/lwwConflictHandler.d.ts.map +1 -0
  193. package/dist/sync/lwwConflictHandler.js +65 -0
  194. package/dist/sync/lwwConflictHandler.js.map +1 -0
  195. package/dist/sync/lwwConflictHandler.test.d.ts +2 -0
  196. package/dist/sync/lwwConflictHandler.test.d.ts.map +1 -0
  197. package/dist/sync/lwwConflictHandler.test.js +78 -0
  198. package/dist/sync/lwwConflictHandler.test.js.map +1 -0
  199. package/dist/sync/pushWrites.d.ts +57 -0
  200. package/dist/sync/pushWrites.d.ts.map +1 -0
  201. package/dist/sync/pushWrites.js +159 -0
  202. package/dist/sync/pushWrites.js.map +1 -0
  203. package/dist/sync/pushWrites.test.d.ts +2 -0
  204. package/dist/sync/pushWrites.test.d.ts.map +1 -0
  205. package/dist/sync/pushWrites.test.js +287 -0
  206. package/dist/sync/pushWrites.test.js.map +1 -0
  207. package/dist/sync/syncedDocSchema.d.ts +22 -0
  208. package/dist/sync/syncedDocSchema.d.ts.map +1 -0
  209. package/dist/sync/syncedDocSchema.js +26 -0
  210. package/dist/sync/syncedDocSchema.js.map +1 -0
  211. package/dist/sync/types.d.ts +194 -0
  212. package/dist/sync/types.d.ts.map +1 -0
  213. package/dist/sync/types.js +36 -0
  214. package/dist/sync/types.js.map +1 -0
  215. package/dist/sync/wasReplication.d.ts +47 -0
  216. package/dist/sync/wasReplication.d.ts.map +1 -0
  217. package/dist/sync/wasReplication.js +55 -0
  218. package/dist/sync/wasReplication.js.map +1 -0
  219. package/dist/sync/wasSyncPort.d.ts +45 -0
  220. package/dist/sync/wasSyncPort.d.ts.map +1 -0
  221. package/dist/sync/wasSyncPort.js +170 -0
  222. package/dist/sync/wasSyncPort.js.map +1 -0
  223. package/package.json +142 -0
@@ -0,0 +1,282 @@
1
+ /*!
2
+ * Copyright (c) 2026 Interop Alliance. All rights reserved.
3
+ */
4
+ /**
5
+ * verifyResponse tests. A mock "wallet" (its own did:key identity, distinct
6
+ * from the app's) signs presentations exactly the way freewallet does --
7
+ * Ed25519Signature2020 DIDAuth proof over a VP with the app-key VC embedded
8
+ * and/or a `zcap` grant array (bare term added to the context) -- and the
9
+ * RP-side checks are exercised against good and crafted-bad inputs.
10
+ */
11
+ import { beforeAll, describe, expect, it } from 'vitest';
12
+ import * as vc from '@interop/vc';
13
+ import { Ed25519Signature2020 } from '@interop/ed25519-signature';
14
+ import { CapabilityAgent } from '@interop/webkms-client';
15
+ import { issueSeedCredential } from '../identity/seedCredential.js';
16
+ import { createDocumentLoader } from '../identity/documentLoader.js';
17
+ import { deriveIdentity } from '../identity/agents.js';
18
+ import { checkGrants, grantsOf, verifyLoginPresentation } from './verifyResponse.js';
19
+ const ORIGIN = 'http://localhost:5173';
20
+ const SERVER_URL = 'http://localhost:3999';
21
+ const SPACE_URL = `${SERVER_URL}/space/e2e-space`;
22
+ const CONFIG = {
23
+ credentialType: 'TestAppKey',
24
+ vocabBase: 'urn:test-app:vocab#'
25
+ };
26
+ const TEST_COLLECTIONS = [
27
+ 'action-items',
28
+ 'projects',
29
+ 'goals',
30
+ 'questions',
31
+ 'answers',
32
+ 'web-links',
33
+ 'thoughts',
34
+ 'current-focus'
35
+ ];
36
+ const documentLoader = createDocumentLoader();
37
+ const ZCAP_TERM_CONTEXT = {
38
+ '@protected': true,
39
+ zcap: { '@id': 'urn:freewallet:vocab#zcap', '@container': '@set' }
40
+ };
41
+ let wallet;
42
+ let appDid;
43
+ let appSeed;
44
+ beforeAll(async () => {
45
+ const agent = await CapabilityAgent.fromSeed({
46
+ seed: crypto.getRandomValues(new Uint8Array(32)),
47
+ handle: 'mock-wallet',
48
+ keyName: 'wallet-key'
49
+ });
50
+ wallet = {
51
+ holder: agent.id,
52
+ suite: new Ed25519Signature2020({ signer: agent.getSigner() })
53
+ };
54
+ appSeed = crypto.getRandomValues(new Uint8Array(32));
55
+ appDid = (await deriveIdentity({ seed: appSeed })).controllerDid;
56
+ });
57
+ /** An UNSIGNED structural grant (checkGrants is structural, not cryptographic). */
58
+ function grantFor({ collectionId, controller = appDid, expires = new Date(Date.now() + 86_400_000).toISOString(), actions = ['GET', 'HEAD', 'PUT', 'POST', 'DELETE'], spaceUrl = SPACE_URL }) {
59
+ return {
60
+ '@context': 'https://w3id.org/zcap/v1',
61
+ id: `urn:zcap:${crypto.randomUUID()}`,
62
+ controller,
63
+ parentCapability: `urn:zcap:root:${encodeURIComponent(spaceUrl)}`,
64
+ invocationTarget: collectionId ? `${spaceUrl}/${collectionId}` : spaceUrl,
65
+ allowedAction: actions,
66
+ expires
67
+ };
68
+ }
69
+ /** The full wallet-shaped grant set: RW collection grants + space read. */
70
+ function fullGrantSet() {
71
+ const grants = TEST_COLLECTIONS.map(id => grantFor({ collectionId: id }));
72
+ grants.push(grantFor({ actions: ['GET', 'HEAD'] }));
73
+ return grants;
74
+ }
75
+ /** Signs a wallet-style VP with optional embedded VC and zcap array. */
76
+ async function walletVp({ challenge, domain = ORIGIN, credential, zcaps }) {
77
+ const presentation = vc.createPresentation({
78
+ holder: wallet.holder,
79
+ ...(credential && { verifiableCredential: [credential] }),
80
+ verify: false,
81
+ version: 1.0
82
+ });
83
+ if (zcaps && zcaps.length > 0) {
84
+ const base = presentation['@context'];
85
+ presentation['@context'] = [
86
+ ...(Array.isArray(base) ? base : [base]),
87
+ ZCAP_TERM_CONTEXT
88
+ ];
89
+ presentation.zcap = zcaps;
90
+ }
91
+ return (await vc.signPresentation({
92
+ presentation: presentation,
93
+ challenge,
94
+ domain,
95
+ documentLoader,
96
+ suite: wallet.suite
97
+ }));
98
+ }
99
+ describe('verifyLoginPresentation', () => {
100
+ it('accepts a wallet-signed VP with an embedded app key and grants', async () => {
101
+ const challenge = crypto.randomUUID();
102
+ const credential = await issueSeedCredential({
103
+ seed: appSeed,
104
+ origin: ORIGIN,
105
+ config: CONFIG,
106
+ documentLoader
107
+ });
108
+ const presentation = await walletVp({
109
+ challenge,
110
+ credential,
111
+ zcaps: fullGrantSet()
112
+ });
113
+ await expect(verifyLoginPresentation({
114
+ presentation,
115
+ challenge,
116
+ domain: ORIGIN,
117
+ documentLoader
118
+ })).resolves.toBeUndefined();
119
+ expect(grantsOf(presentation)).toHaveLength(TEST_COLLECTIONS.length + 1);
120
+ });
121
+ it('rejects a challenge mismatch', async () => {
122
+ const presentation = await walletVp({ challenge: 'sent-nonce' });
123
+ await expect(verifyLoginPresentation({
124
+ presentation,
125
+ challenge: 'other-nonce',
126
+ domain: ORIGIN,
127
+ documentLoader
128
+ })).rejects.toThrow();
129
+ });
130
+ it('rejects a domain mismatch', async () => {
131
+ const challenge = crypto.randomUUID();
132
+ const presentation = await walletVp({
133
+ challenge,
134
+ domain: 'https://evil.example'
135
+ });
136
+ await expect(verifyLoginPresentation({
137
+ presentation,
138
+ challenge,
139
+ domain: ORIGIN,
140
+ documentLoader
141
+ })).rejects.toThrow(/domain/);
142
+ });
143
+ it('rejects a tampered presentation', async () => {
144
+ const challenge = crypto.randomUUID();
145
+ const presentation = await walletVp({
146
+ challenge,
147
+ zcaps: fullGrantSet()
148
+ });
149
+ const tampered = {
150
+ ...presentation,
151
+ zcap: [
152
+ ...presentation.zcap.slice(1),
153
+ grantFor({
154
+ collectionId: 'injected',
155
+ controller: 'did:example:mallory'
156
+ })
157
+ ]
158
+ };
159
+ await expect(verifyLoginPresentation({
160
+ presentation: tampered,
161
+ challenge,
162
+ domain: ORIGIN,
163
+ documentLoader
164
+ })).rejects.toThrow();
165
+ });
166
+ it('rejects an unsigned presentation', async () => {
167
+ const presentation = {
168
+ '@context': ['https://www.w3.org/2018/credentials/v1'],
169
+ type: ['VerifiablePresentation']
170
+ };
171
+ await expect(verifyLoginPresentation({
172
+ presentation,
173
+ challenge: 'x',
174
+ domain: ORIGIN,
175
+ documentLoader
176
+ })).rejects.toThrow();
177
+ });
178
+ it('rejects a tampered embedded credential', async () => {
179
+ const challenge = crypto.randomUUID();
180
+ const credential = await issueSeedCredential({
181
+ seed: appSeed,
182
+ origin: ORIGIN,
183
+ config: CONFIG,
184
+ documentLoader
185
+ });
186
+ const subject = credential.credentialSubject;
187
+ const tamperedVc = {
188
+ ...credential,
189
+ credentialSubject: { ...subject, origin: 'https://evil.example' }
190
+ };
191
+ const presentation = await walletVp({ challenge });
192
+ presentation.verifiableCredential =
193
+ [tamperedVc];
194
+ await expect(verifyLoginPresentation({
195
+ presentation,
196
+ challenge,
197
+ domain: ORIGIN,
198
+ documentLoader
199
+ })).rejects.toThrow();
200
+ });
201
+ });
202
+ describe('checkGrants', () => {
203
+ it('accepts the full wallet grant set and reports topology + expiry', () => {
204
+ const soon = new Date(Date.now() + 3_600_000).toISOString();
205
+ const later = new Date(Date.now() + 86_400_000).toISOString();
206
+ const grants = TEST_COLLECTIONS.map((id, index) => grantFor({ collectionId: id, expires: index === 0 ? soon : later }));
207
+ grants.push(grantFor({ actions: ['GET', 'HEAD'], expires: later }));
208
+ const checked = checkGrants({
209
+ grants,
210
+ controllerDid: appDid,
211
+ collections: TEST_COLLECTIONS,
212
+ expectedServerUrl: SERVER_URL
213
+ });
214
+ expect(checked.parsed.serverUrl).toBe(SERVER_URL);
215
+ expect(checked.parsed.spaceId).toBe('e2e-space');
216
+ expect(Object.keys(checked.parsed.byCollectionId)).toHaveLength(TEST_COLLECTIONS.length);
217
+ expect(checked.expires).toBe(soon);
218
+ });
219
+ it('rejects an empty grant set', () => {
220
+ expect(() => checkGrants({
221
+ grants: [],
222
+ controllerDid: appDid,
223
+ collections: TEST_COLLECTIONS
224
+ })).toThrow(/no storage grants/);
225
+ });
226
+ it('rejects a grant controlled by another DID', () => {
227
+ const grants = fullGrantSet();
228
+ grants[0].controller = 'did:example:mallory';
229
+ expect(() => checkGrants({
230
+ grants,
231
+ controllerDid: appDid,
232
+ collections: TEST_COLLECTIONS
233
+ })).toThrow(/controlled by/);
234
+ });
235
+ it('rejects an expired grant', () => {
236
+ const grants = fullGrantSet();
237
+ grants[2].expires = new Date(Date.now() - 1000).toISOString();
238
+ expect(() => checkGrants({
239
+ grants,
240
+ controllerDid: appDid,
241
+ collections: TEST_COLLECTIONS
242
+ })).toThrow(/expired/);
243
+ });
244
+ it('rejects a grant set on the wrong server', () => {
245
+ expect(() => checkGrants({
246
+ grants: fullGrantSet(),
247
+ controllerDid: appDid,
248
+ collections: TEST_COLLECTIONS,
249
+ expectedServerUrl: 'http://localhost:4000'
250
+ })).toThrow(/expected/);
251
+ });
252
+ it('rejects a grant set spanning two spaces', () => {
253
+ const grants = fullGrantSet();
254
+ grants.push(grantFor({
255
+ collectionId: 'projects',
256
+ spaceUrl: `${SERVER_URL}/space/other-space`
257
+ }));
258
+ expect(() => checkGrants({
259
+ grants,
260
+ controllerDid: appDid,
261
+ collections: TEST_COLLECTIONS
262
+ })).toThrow(/two spaces/);
263
+ });
264
+ it('rejects a set missing a collection', () => {
265
+ const grants = TEST_COLLECTIONS.slice(1).map(id => grantFor({ collectionId: id }));
266
+ expect(() => checkGrants({
267
+ grants,
268
+ controllerDid: appDid,
269
+ collections: TEST_COLLECTIONS
270
+ })).toThrow(new RegExp(`No grant covers the "${TEST_COLLECTIONS[0]}"`));
271
+ });
272
+ it('rejects a collection grant with insufficient actions', () => {
273
+ const grants = fullGrantSet();
274
+ grants[0].allowedAction = ['GET', 'HEAD'];
275
+ expect(() => checkGrants({
276
+ grants,
277
+ controllerDid: appDid,
278
+ collections: TEST_COLLECTIONS
279
+ })).toThrow(/lacks required actions/);
280
+ });
281
+ });
282
+ //# sourceMappingURL=verifyResponse.test.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"verifyResponse.test.js","sourceRoot":"","sources":["../../src/auth/verifyResponse.test.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH;;;;;;GAMG;AACH,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AACxD,OAAO,KAAK,EAAE,MAAM,aAAa,CAAA;AACjC,OAAO,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAA;AACjE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAMxD,OAAO,EACL,mBAAmB,EAEpB,MAAM,+BAA+B,CAAA;AACtC,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAA;AACpE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAA;AACtD,OAAO,EACL,WAAW,EACX,QAAQ,EACR,uBAAuB,EACxB,MAAM,qBAAqB,CAAA;AAE5B,MAAM,MAAM,GAAG,uBAAuB,CAAA;AACtC,MAAM,UAAU,GAAG,uBAAuB,CAAA;AAC1C,MAAM,SAAS,GAAG,GAAG,UAAU,kBAAkB,CAAA;AACjD,MAAM,MAAM,GAAyB;IACnC,cAAc,EAAE,YAAY;IAC5B,SAAS,EAAE,qBAAqB;CACjC,CAAA;AACD,MAAM,gBAAgB,GAAG;IACvB,cAAc;IACd,UAAU;IACV,OAAO;IACP,WAAW;IACX,SAAS;IACT,WAAW;IACX,UAAU;IACV,eAAe;CAChB,CAAA;AACD,MAAM,cAAc,GAAG,oBAAoB,EAAE,CAAA;AAE7C,MAAM,iBAAiB,GAAG;IACxB,YAAY,EAAE,IAAI;IAClB,IAAI,EAAE,EAAE,KAAK,EAAE,2BAA2B,EAAE,YAAY,EAAE,MAAM,EAAE;CAC1D,CAAA;AAOV,IAAI,MAAsB,CAAA;AAC1B,IAAI,MAAc,CAAA;AAClB,IAAI,OAAmB,CAAA;AAEvB,SAAS,CAAC,KAAK,IAAI,EAAE;IACnB,MAAM,KAAK,GAAG,MAAM,eAAe,CAAC,QAAQ,CAAC;QAC3C,IAAI,EAAE,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAChD,MAAM,EAAE,aAAa;QACrB,OAAO,EAAE,YAAY;KACtB,CAAC,CAAA;IACF,MAAM,GAAG;QACP,MAAM,EAAE,KAAK,CAAC,EAAE;QAChB,KAAK,EAAE,IAAI,oBAAoB,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,SAAS,EAAE,EAAE,CAAC;KAC/D,CAAA;IACD,OAAO,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAA;IACpD,MAAM,GAAG,CAAC,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,aAAa,CAAA;AAClE,CAAC,CAAC,CAAA;AAEF,mFAAmF;AACnF,SAAS,QAAQ,CAAC,EAChB,YAAY,EACZ,UAAU,GAAG,MAAM,EACnB,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,CAAC,WAAW,EAAE,EACzD,OAAO,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,EAClD,QAAQ,GAAG,SAAS,EAOrB;IACC,OAAO;QACL,UAAU,EAAE,0BAA0B;QACtC,EAAE,EAAE,YAAY,MAAM,CAAC,UAAU,EAAE,EAAE;QACrC,UAAU;QACV,gBAAgB,EAAE,iBAAiB,kBAAkB,CAAC,QAAQ,CAAC,EAAE;QACjE,gBAAgB,EAAE,YAAY,CAAC,CAAC,CAAC,GAAG,QAAQ,IAAI,YAAY,EAAE,CAAC,CAAC,CAAC,QAAQ;QACzE,aAAa,EAAE,OAAO;QACtB,OAAO;KACY,CAAA;AACvB,CAAC;AAED,2EAA2E;AAC3E,SAAS,YAAY;IACnB,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,QAAQ,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAAC,CAAA;IACzE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAA;IACnD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,wEAAwE;AACxE,KAAK,UAAU,QAAQ,CAAC,EACtB,SAAS,EACT,MAAM,GAAG,MAAM,EACf,UAAU,EACV,KAAK,EAMN;IACC,MAAM,YAAY,GAAG,EAAE,CAAC,kBAAkB,CAAC;QACzC,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,GAAG,CAAC,UAAU,IAAI,EAAE,oBAAoB,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;QACzD,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,GAAG;KACb,CAA4C,CAAA;IAC7C,IAAI,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAG,YAAY,CAAC,UAAU,CAAC,CAAA;QACrC,YAAY,CAAC,UAAU,CAAC,GAAG;YACzB,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACxC,iBAAiB;SAClB,CAAA;QACD,YAAY,CAAC,IAAI,GAAG,KAAK,CAAA;IAC3B,CAAC;IACD,OAAO,CAAC,MAAM,EAAE,CAAC,gBAAgB,CAAC;QAChC,YAAY,EAAE,YAA0C;QACxD,SAAS;QACT,MAAM;QACN,cAAc;QACd,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC,CAA4B,CAAA;AAChC,CAAC;AAED,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC;YAC3C,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CAAA;QACF,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC;YAClC,SAAS;YACT,UAAU;YACV,KAAK,EAAE,YAAY,EAAE;SACtB,CAAC,CAAA;QACF,MAAM,MAAM,CACV,uBAAuB,CAAC;YACtB,YAAY;YACZ,SAAS;YACT,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CACH,CAAC,QAAQ,CAAC,aAAa,EAAE,CAAA;QAC1B,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAC1E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,CAAC,CAAA;QAChE,MAAM,MAAM,CACV,uBAAuB,CAAC;YACtB,YAAY;YACZ,SAAS,EAAE,aAAa;YACxB,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACrB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QACrC,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC;YAClC,SAAS;YACT,MAAM,EAAE,sBAAsB;SAC/B,CAAC,CAAA;QACF,MAAM,MAAM,CACV,uBAAuB,CAAC;YACtB,YAAY;YACZ,SAAS;YACT,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC7B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QACrC,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC;YAClC,SAAS;YACT,KAAK,EAAE,YAAY,EAAE;SACtB,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG;YACf,GAAG,YAAY;YACf,IAAI,EAAE;gBACJ,GAAI,YAA6C,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC/D,QAAQ,CAAC;oBACP,YAAY,EAAE,UAAU;oBACxB,UAAU,EAAE,qBAAqB;iBAClC,CAAC;aACH;SACyB,CAAA;QAC5B,MAAM,MAAM,CACV,uBAAuB,CAAC;YACtB,YAAY,EAAE,QAAQ;YACtB,SAAS;YACT,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACrB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,YAAY,GAAG;YACnB,UAAU,EAAE,CAAC,wCAAwC,CAAC;YACtD,IAAI,EAAE,CAAC,wBAAwB,CAAC;SACK,CAAA;QACvC,MAAM,MAAM,CACV,uBAAuB,CAAC;YACtB,YAAY;YACZ,SAAS,EAAE,GAAG;YACd,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACrB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAA;QACrC,MAAM,UAAU,GAAG,MAAM,mBAAmB,CAAC;YAC3C,IAAI,EAAE,OAAO;YACb,MAAM,EAAE,MAAM;YACd,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CAAA;QACF,MAAM,OAAO,GAAG,UAAU,CAAC,iBAA4C,CAAA;QACvE,MAAM,UAAU,GAAG;YACjB,GAAG,UAAU;YACb,iBAAiB,EAAE,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,sBAAsB,EAAE;SACzC,CAAA;QAC1B,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,EAAE,SAAS,EAAE,CAAC,CACjD;QAAC,YAAmD,CAAC,oBAAoB;YACxE,CAAC,UAAU,CAAC,CAAA;QACd,MAAM,MAAM,CACV,uBAAuB,CAAC;YACtB,YAAY;YACZ,SAAS;YACT,MAAM,EAAE,MAAM;YACd,cAAc;SACf,CAAC,CACH,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACrB,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,EAAE,CAAC,iEAAiE,EAAE,GAAG,EAAE;QACzE,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,CAAC,WAAW,EAAE,CAAA;QAC3D,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,CAAC,WAAW,EAAE,CAAA;QAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,CAChD,QAAQ,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,OAAO,EAAE,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CACpE,CAAA;QACD,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,CAAA;QACnE,MAAM,OAAO,GAAG,WAAW,CAAC;YAC1B,MAAM;YACN,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;YAC7B,iBAAiB,EAAE,UAAU;SAC9B,CAAC,CAAA;QACF,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;QACjD,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,CAC7D,gBAAgB,CAAC,MAAM,CACxB,CAAA;QACD,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACpC,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC;YACV,MAAM,EAAE,EAAE;YACV,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;SAC9B,CAAC,CACH,CAAC,OAAO,CAAC,mBAAmB,CAAC,CAAA;IAChC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,MAAM,GAAG,YAAY,EAAE,CAC5B;QAAC,MAAM,CAAC,CAAC,CAA4B,CAAC,UAAU,GAAG,qBAAqB,CAAA;QACzE,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC;YACV,MAAM;YACN,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;SAC9B,CAAC,CACH,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,MAAM,GAAG,YAAY,EAAE,CAC5B;QAAC,MAAM,CAAC,CAAC,CAAyB,CAAC,OAAO,GAAG,IAAI,IAAI,CACpD,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAClB,CAAC,WAAW,EAAE,CAAA;QACf,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC;YACV,MAAM;YACN,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;SAC9B,CAAC,CACH,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IACtB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC;YACV,MAAM,EAAE,YAAY,EAAE;YACtB,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;YAC7B,iBAAiB,EAAE,uBAAuB;SAC3C,CAAC,CACH,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACvB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,MAAM,MAAM,GAAG,YAAY,EAAE,CAAA;QAC7B,MAAM,CAAC,IAAI,CACT,QAAQ,CAAC;YACP,YAAY,EAAE,UAAU;YACxB,QAAQ,EAAE,GAAG,UAAU,oBAAoB;SAC5C,CAAC,CACH,CAAA;QACD,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC;YACV,MAAM;YACN,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;SAC9B,CAAC,CACH,CAAC,OAAO,CAAC,YAAY,CAAC,CAAA;IACzB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAChD,QAAQ,CAAC,EAAE,YAAY,EAAE,EAAE,EAAE,CAAC,CAC/B,CAAA;QACD,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC;YACV,MAAM;YACN,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;SAC9B,CAAC,CACH,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,wBAAwB,gBAAgB,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;IACvE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,MAAM,GAAG,YAAY,EAAE,CAC5B;QAAC,MAAM,CAAC,CAAC,CAAiC,CAAC,aAAa,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAA;QAC3E,MAAM,CAAC,GAAG,EAAE,CACV,WAAW,CAAC;YACV,MAAM;YACN,aAAa,EAAE,MAAM;YACrB,WAAW,EAAE,gBAAgB;SAC9B,CAAC,CACH,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAA;IACrC,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}
@@ -0,0 +1,143 @@
1
+ /*!
2
+ * Copyright (c) 2026 Interop Alliance. All rights reserved.
3
+ */
4
+ /**
5
+ * VC API message types for external messages to the wallet -- either offers of
6
+ * credentials (`IVpOffer`) or requests for credentials / DID Authentication
7
+ * (`IVpRequest`).
8
+ *
9
+ * These messages arrive today via CHAPI popups, but the shapes are transport
10
+ * agnostic so the same classification/compose logic can later back other entry
11
+ * points (QR scan, paste-into-Add-Credential) without dragging React or CHAPI
12
+ * along.
13
+ *
14
+ * @see https://w3c-ccg.github.io/vp-request-spec/
15
+ */
16
+ import type { IVerifiableCredential, IVerifiablePresentation, IZcap } from '@interop/data-integrity-core';
17
+ /**
18
+ * The union of VC API message types the wallet can classify. Zcap and exchange
19
+ * invitation / issue request messages are deferred to later work.
20
+ */
21
+ export type WalletAPIMessage = IVPRequest | IVPOffer;
22
+ /**
23
+ * "I'm offering the following credentials" -- a Verifiable Presentation offered
24
+ * to the wallet for storage.
25
+ *
26
+ * @see https://vcplayground.org/docs/n/chapi/wallets/native/#vc-api
27
+ */
28
+ export type IVPOffer = {
29
+ credentialRequestOrigin?: string;
30
+ verifiablePresentation: IVerifiablePresentation;
31
+ redirectUrl?: string;
32
+ };
33
+ /**
34
+ * "The following things are requested" -- a Verifiable Presentation Request
35
+ * asking the wallet to share credentials and/or prove DID Authentication.
36
+ *
37
+ * @see https://w3c-ccg.github.io/vp-request-spec/
38
+ */
39
+ export type IVPRequest = {
40
+ credentialRequestOrigin?: string;
41
+ verifiablePresentationRequest: IVPRDetails;
42
+ redirectUrl?: string;
43
+ };
44
+ /**
45
+ * The body of a Verifiable Presentation Request: one or more queries, plus the
46
+ * `challenge` / `domain` used when a DID Authentication proof is requested.
47
+ */
48
+ export type IVPRDetails = {
49
+ query: IVPRQuery | IVPRQuery[];
50
+ challenge?: string;
51
+ domain?: string;
52
+ };
53
+ export type IVPRQuery = IQueryByExample | IDIDAuthenticationQuery | IZcapQuery;
54
+ /**
55
+ * A request for one or more VCs matching an example credential shape.
56
+ *
57
+ * @see https://w3c-ccg.github.io/vp-request-spec/#query-by-example
58
+ */
59
+ export type IQueryByExample = {
60
+ type: 'QueryByExample';
61
+ acceptedCryptosuites?: Array<{
62
+ cryptosuite: string;
63
+ }>;
64
+ credentialQuery: {
65
+ reason?: string;
66
+ example: {
67
+ '@context'?: string | object | Array<string | object>;
68
+ type?: string | string[];
69
+ issuer?: string | object | Array<string | object>;
70
+ [x: string]: unknown;
71
+ };
72
+ };
73
+ };
74
+ /**
75
+ * A request for a proof of DID Authentication (a signed VerifiablePresentation
76
+ * over the request's `challenge` / `domain`).
77
+ *
78
+ * @see https://w3c-ccg.github.io/vp-request-spec/#the-did-authentication-query-format
79
+ */
80
+ export type IDIDAuthenticationQuery = {
81
+ type: 'DIDAuthentication';
82
+ acceptedMethods?: Array<{
83
+ method: string;
84
+ }>;
85
+ acceptedCryptosuites?: Array<{
86
+ cryptosuite: string;
87
+ }>;
88
+ };
89
+ /**
90
+ * A request for one or more delegated capabilities (zcaps) on the user's WAS
91
+ * storage. `AuthorizationCapabilityQuery` is the canonical type string (VCALM
92
+ * §3.4.4); `ZcapQuery` is a legacy alias sent by DCW / the
93
+ * `wallet-to-webapp-demo`. `capabilityQuery` may be a single detail object or
94
+ * an array of them.
95
+ *
96
+ * @see https://w3c.github.io/vcalm/ -- AuthorizationCapabilityQuery
97
+ */
98
+ export type IZcapQuery = {
99
+ type: 'AuthorizationCapabilityQuery' | 'ZcapQuery';
100
+ capabilityQuery: ICapabilityQueryDetail | ICapabilityQueryDetail[];
101
+ challenge?: string;
102
+ };
103
+ /**
104
+ * A single requested capability: which actions (`allowedAction`) the RP
105
+ * (`controller`) wants on which storage target (`invocationTarget`), with an
106
+ * optional human-readable `reason` and RP-chosen `referenceId`. The
107
+ * `invocationTarget` is either a plain URL (satisfied only under the user's own
108
+ * Space) or a wallet-defined descriptor object (`urn:was:collection` /
109
+ * `urn:was:space`), resolved by `resolveInvocationTarget`.
110
+ */
111
+ export type ICapabilityQueryDetail = {
112
+ referenceId?: string;
113
+ reason?: string;
114
+ allowedAction?: string | string[];
115
+ controller: string;
116
+ invocationTarget: string | {
117
+ type: string;
118
+ name?: string;
119
+ };
120
+ };
121
+ /**
122
+ * The wallet's response to a request, delivered by whichever transport received
123
+ * it (CHAPI `respondWith`, a future exchange-URL POST, etc). Delegated zcaps
124
+ * ride *inside* the response VP (as a `zcap` array, embedded before signing),
125
+ * so this shape stays credential-presentation only.
126
+ */
127
+ export type WalletResponse = {
128
+ verifiablePresentation?: IVerifiablePresentation;
129
+ };
130
+ /**
131
+ * A VP Request classified on two independent axes: whether DID Authentication
132
+ * is requested, and separately what content is asked for (credentials and/or
133
+ * capability delegations). Any combination is valid, including zcap-only. The
134
+ * consent screen renders one section per non-empty axis; the two axes replace
135
+ * the former `'vc' | 'didauth' | 'vc+didauth'` cross-product enum.
136
+ */
137
+ export type WalletRequestProfile = {
138
+ didAuth: boolean;
139
+ vcQueries: IQueryByExample[];
140
+ zcapRequests: ICapabilityQueryDetail[];
141
+ };
142
+ export type { IVerifiableCredential, IVerifiablePresentation, IZcap };
143
+ //# sourceMappingURL=walletRequestTypes.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"walletRequestTypes.d.ts","sourceRoot":"","sources":["../../src/auth/walletRequestTypes.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH;;;;;;;;;;;GAWG;AACH,OAAO,KAAK,EACV,qBAAqB,EACrB,uBAAuB,EACvB,KAAK,EACN,MAAM,8BAA8B,CAAA;AAErC;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG,UAAU,GAAG,QAAQ,CAAA;AAEpD;;;;;GAKG;AACH,MAAM,MAAM,QAAQ,GAAG;IACrB,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,sBAAsB,EAAE,uBAAuB,CAAA;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,6BAA6B,EAAE,WAAW,CAAA;IAC1C,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,SAAS,GAAG,SAAS,EAAE,CAAA;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,SAAS,GAAG,eAAe,GAAG,uBAAuB,GAAG,UAAU,CAAA;AAE9E;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,gBAAgB,CAAA;IACtB,oBAAoB,CAAC,EAAE,KAAK,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACrD,eAAe,EAAE;QACf,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,OAAO,EAAE;YACP,UAAU,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAA;YACrD,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;YACxB,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC,CAAA;YACjD,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;SACrB,CAAA;KACF,CAAA;CACF,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,mBAAmB,CAAA;IACzB,eAAe,CAAC,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC3C,oBAAoB,CAAC,EAAE,KAAK,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACtD,CAAA;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,8BAA8B,GAAG,WAAW,CAAA;IAClD,eAAe,EAAE,sBAAsB,GAAG,sBAAsB,EAAE,CAAA;IAClE,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,gBAAgB,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAA;CAC3D,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,sBAAsB,CAAC,EAAE,uBAAuB,CAAA;CACjD,CAAA;AAED;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,OAAO,EAAE,OAAO,CAAA;IAChB,SAAS,EAAE,eAAe,EAAE,CAAA;IAC5B,YAAY,EAAE,sBAAsB,EAAE,CAAA;CACvC,CAAA;AAED,YAAY,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,KAAK,EAAE,CAAA"}
@@ -0,0 +1,2 @@
1
+ export {};
2
+ //# sourceMappingURL=walletRequestTypes.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"walletRequestTypes.js","sourceRoot":"","sources":["../../src/auth/walletRequestTypes.ts"],"names":[],"mappings":""}
@@ -0,0 +1,150 @@
1
+ /*!
2
+ * Copyright (c) 2026 Interop Alliance. All rights reserved.
3
+ */
4
+ /**
5
+ * The central configuration contract for a WAS-backed local-first app: the app
6
+ * identity/origin, the registry of storage collections, the seed-credential
7
+ * naming, and the (all-optional) sync/expiry tuning. An app builds one
8
+ * {@link WasAppConfig} and threads it through the auth, storage, and sync
9
+ * layers.
10
+ *
11
+ * A collection is a logical `key` (the app-side / RxDB collection handle) mapped
12
+ * to its WAS collection `id` (the deliberately unprefixed, generic name shared
13
+ * across interoperable apps). The auth layer consumes only the `id`s; this
14
+ * config layer owns the `{ key, id }` registry the storage layer routes on.
15
+ *
16
+ * The STORE REGISTRY ({@link StoreRegistry}) is the injection seam that replaces
17
+ * the storage-layer's former hardcoded per-entity maps: an app supplies, per
18
+ * collection key, the four handlers the rehydrate mechanism drives (hydrate the
19
+ * whole collection, per-doc upsert/drop of an already-decrypted payload, and
20
+ * clear-on-logout). Expressing each collection as its own set of functions lets
21
+ * an app special-case a singleton collection (e.g. a current-focus doc) without
22
+ * a rigid CRUD interface.
23
+ */
24
+ import type { SeedCredentialConfig } from './identity/seedCredential.js';
25
+ /**
26
+ * One storage collection: the logical `key` (app-side / RxDB collection handle)
27
+ * mapped to its WAS collection `id` (the generic, interoperable name).
28
+ */
29
+ export interface WasCollectionConfig {
30
+ /** App-side name; the localStore / RxDB collection handle. */
31
+ key: string;
32
+ /** WAS collection id (the unprefixed, cross-app generic name). */
33
+ id: string;
34
+ }
35
+ /** Optional replication tuning; each field falls back to a documented default. */
36
+ export interface WasSyncConfig {
37
+ /** Replication batch size; `undefined` leaves the adapter default. */
38
+ batchSize?: number;
39
+ /** RxDB `retryTime` backoff (ms); `undefined` leaves the adapter default. */
40
+ retryMs?: number;
41
+ /**
42
+ * Periodic re-sync interval (ms) that keeps an open session converging while
43
+ * the pull side is poll-based. Defaults to {@link DEFAULT_SYNC_POLL_MS}; set
44
+ * to 0 to disable the periodic poll.
45
+ */
46
+ pollMs?: number;
47
+ }
48
+ /** Optional near-expiry warning tuning; each field has the same default. */
49
+ export interface WasExpiryConfig {
50
+ /**
51
+ * How close to grant expiry (ms) the reconnect warning is raised proactively.
52
+ * Defaults to {@link DEFAULT_EXPIRY_WARNING_MS} (1h).
53
+ */
54
+ warningMs?: number;
55
+ /**
56
+ * Poll interval (ms) for the near-expiry watch (grant expiry is
57
+ * coarse-grained). Defaults to {@link DEFAULT_EXPIRY_WATCH_MS} (1min).
58
+ */
59
+ watchMs?: number;
60
+ }
61
+ /**
62
+ * The cohesive, app-wide configuration. Built once by the app and threaded
63
+ * through the auth, storage, and sync layers.
64
+ */
65
+ export interface WasAppConfig {
66
+ /** Human-readable app name, used in the wallet consent reason lines. */
67
+ appName: string;
68
+ /** This app's own web origin (the anti-phishing bind on the app key). */
69
+ appOrigin: string;
70
+ /**
71
+ * The expected WAS server URL. When set, every granted zcap must target it;
72
+ * grants pointing anywhere else are rejected at login.
73
+ */
74
+ wasServerUrl?: string;
75
+ /** The CHAPI mediator base URL (the requesting origin is appended). */
76
+ mediatorBase?: string;
77
+ /** The storage collections (logical key to WAS collection id). */
78
+ collections: WasCollectionConfig[];
79
+ /** The seed-credential type name + vocabulary namespace. */
80
+ credential: SeedCredentialConfig;
81
+ /**
82
+ * Base name for the local RxDB database and session IndexedDB naming. Defaults
83
+ * to {@link DEFAULT_DB_NAME}.
84
+ */
85
+ dbName?: string;
86
+ /**
87
+ * Prefix for this app's `localStorage` keys (e.g. the device id). Defaults to
88
+ * {@link DEFAULT_STORAGE_KEY_PREFIX}. Migrating apps should set their prior
89
+ * prefix so an existing per-install device id is preserved.
90
+ */
91
+ storageKeyPrefix?: string;
92
+ /** Replication tuning; all fields optional with documented defaults. */
93
+ sync?: WasSyncConfig;
94
+ /** Near-expiry warning tuning; all fields optional with the same default. */
95
+ expiry?: WasExpiryConfig;
96
+ }
97
+ /**
98
+ * One collection's re-hydrate + patch handlers, supplied by the app. The
99
+ * rehydrate mechanism drives these; expressing each collection as its own set of
100
+ * functions lets an app special-case a singleton (e.g. a current-focus doc)
101
+ * without a rigid CRUD interface.
102
+ */
103
+ export interface StoreRegistryEntry {
104
+ /** Decrypt every live row of this collection into the app's store. */
105
+ hydrate: () => Promise<void>;
106
+ /**
107
+ * Upsert one already-decrypted payload into the store WITHOUT persisting (the
108
+ * sync stream already owns the persisted row).
109
+ */
110
+ upsert: (doc: {
111
+ id: string;
112
+ }) => void;
113
+ /** Drop one payload (by logical uuid) from the store WITHOUT persisting. */
114
+ drop: (uuid: string) => void;
115
+ /** Empty this collection's store (logout). */
116
+ clear: () => void;
117
+ }
118
+ /**
119
+ * The per-collection store handlers, keyed by the collection logical `key`. The
120
+ * injection seam replacing the storage layer's former hardcoded maps.
121
+ */
122
+ export type StoreRegistry = Record<string, StoreRegistryEntry>;
123
+ /** Default base name for the local RxDB database + session IndexedDB naming. */
124
+ export declare const DEFAULT_DB_NAME = "was-react";
125
+ /** Default `localStorage` key prefix (e.g. `was-react:deviceId`). */
126
+ export declare const DEFAULT_STORAGE_KEY_PREFIX = "was-react:";
127
+ /**
128
+ * Default periodic re-sync interval (ms). The pull side is poll-based (no
129
+ * server-side live stream yet), so an open session only sees another device's
130
+ * changes when it re-pulls; a low-frequency periodic re-sync keeps open sessions
131
+ * converging live.
132
+ */
133
+ export declare const DEFAULT_SYNC_POLL_MS = 15000;
134
+ /** Default near-expiry warning threshold (ms): 1 hour. */
135
+ export declare const DEFAULT_EXPIRY_WARNING_MS: number;
136
+ /** Default near-expiry watch poll interval (ms): 1 minute. */
137
+ export declare const DEFAULT_EXPIRY_WATCH_MS: number;
138
+ /**
139
+ * Resolves a localStore/RxDB collection `key` from its WAS collection `id`.
140
+ *
141
+ * @param options {object}
142
+ * @param options.collections {WasCollectionConfig[]} the collection registry
143
+ * @param options.id {string} the WAS collection id
144
+ * @returns {string | undefined}
145
+ */
146
+ export declare function collectionKeyForId({ collections, id }: {
147
+ collections: WasCollectionConfig[];
148
+ id: string;
149
+ }): string | undefined;
150
+ //# sourceMappingURL=config.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH;;;;;;;;;;;;;;;;;;;GAmBG;AACH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAA;AAExE;;;GAGG;AACH,MAAM,WAAW,mBAAmB;IAClC,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAA;IACX,kEAAkE;IAClE,EAAE,EAAE,MAAM,CAAA;CACX;AAED,kFAAkF;AAClF,MAAM,WAAW,aAAa;IAC5B,sEAAsE;IACtE,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,6EAA6E;IAC7E,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB;;;;OAIG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,4EAA4E;AAC5E,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAA;CACjB;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,wEAAwE;IACxE,OAAO,EAAE,MAAM,CAAA;IACf,yEAAyE;IACzE,SAAS,EAAE,MAAM,CAAA;IACjB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,uEAAuE;IACvE,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,kEAAkE;IAClE,WAAW,EAAE,mBAAmB,EAAE,CAAA;IAClC,4DAA4D;IAC5D,UAAU,EAAE,oBAAoB,CAAA;IAChC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,wEAAwE;IACxE,IAAI,CAAC,EAAE,aAAa,CAAA;IACpB,6EAA6E;IAC7E,MAAM,CAAC,EAAE,eAAe,CAAA;CACzB;AAED;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,sEAAsE;IACtE,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5B;;;OAGG;IACH,MAAM,EAAE,CAAC,GAAG,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,KAAK,IAAI,CAAA;IACrC,4EAA4E;IAC5E,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAA;IAC5B,8CAA8C;IAC9C,KAAK,EAAE,MAAM,IAAI,CAAA;CAClB;AAED;;;GAGG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAA;AAE9D,gFAAgF;AAChF,eAAO,MAAM,eAAe,cAAc,CAAA;AAE1C,qEAAqE;AACrE,eAAO,MAAM,0BAA0B,eAAe,CAAA;AAEtD;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB,QAAQ,CAAA;AAEzC,0DAA0D;AAC1D,eAAO,MAAM,yBAAyB,QAAiB,CAAA;AAEvD,8DAA8D;AAC9D,eAAO,MAAM,uBAAuB,QAAY,CAAA;AAEhD;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,EACjC,WAAW,EACX,EAAE,EACH,EAAE;IACD,WAAW,EAAE,mBAAmB,EAAE,CAAA;IAClC,EAAE,EAAE,MAAM,CAAA;CACX,GAAG,MAAM,GAAG,SAAS,CAErB"}
package/dist/config.js ADDED
@@ -0,0 +1,27 @@
1
+ /** Default base name for the local RxDB database + session IndexedDB naming. */
2
+ export const DEFAULT_DB_NAME = 'was-react';
3
+ /** Default `localStorage` key prefix (e.g. `was-react:deviceId`). */
4
+ export const DEFAULT_STORAGE_KEY_PREFIX = 'was-react:';
5
+ /**
6
+ * Default periodic re-sync interval (ms). The pull side is poll-based (no
7
+ * server-side live stream yet), so an open session only sees another device's
8
+ * changes when it re-pulls; a low-frequency periodic re-sync keeps open sessions
9
+ * converging live.
10
+ */
11
+ export const DEFAULT_SYNC_POLL_MS = 15000;
12
+ /** Default near-expiry warning threshold (ms): 1 hour. */
13
+ export const DEFAULT_EXPIRY_WARNING_MS = 60 * 60 * 1000;
14
+ /** Default near-expiry watch poll interval (ms): 1 minute. */
15
+ export const DEFAULT_EXPIRY_WATCH_MS = 60 * 1000;
16
+ /**
17
+ * Resolves a localStore/RxDB collection `key` from its WAS collection `id`.
18
+ *
19
+ * @param options {object}
20
+ * @param options.collections {WasCollectionConfig[]} the collection registry
21
+ * @param options.id {string} the WAS collection id
22
+ * @returns {string | undefined}
23
+ */
24
+ export function collectionKeyForId({ collections, id }) {
25
+ return collections.find(entry => entry.id === id)?.key;
26
+ }
27
+ //# sourceMappingURL=config.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AA+HA,gFAAgF;AAChF,MAAM,CAAC,MAAM,eAAe,GAAG,WAAW,CAAA;AAE1C,qEAAqE;AACrE,MAAM,CAAC,MAAM,0BAA0B,GAAG,YAAY,CAAA;AAEtD;;;;;GAKG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,KAAK,CAAA;AAEzC,0DAA0D;AAC1D,MAAM,CAAC,MAAM,yBAAyB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA;AAEvD,8DAA8D;AAC9D,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,GAAG,IAAI,CAAA;AAEhD;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAAC,EACjC,WAAW,EACX,EAAE,EAIH;IACC,OAAO,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,CAAA;AACxD,CAAC"}
@@ -0,0 +1,16 @@
1
+ #!/usr/bin/env node
2
+ /**
3
+ * Decodes a seed string as hex (all hex chars, even length) or base64url.
4
+ *
5
+ * @param input {string}
6
+ * @returns {Uint8Array}
7
+ */
8
+ export declare function parseSeed(input: string): Uint8Array;
9
+ /**
10
+ * Splits a comma-separated collection-ids string into a trimmed, non-empty list.
11
+ *
12
+ * @param input {string}
13
+ * @returns {string[]}
14
+ */
15
+ export declare function parseCollections(input: string): string[];
16
+ //# sourceMappingURL=cli.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"cli.d.ts","sourceRoot":"","sources":["../../src/dev/cli.ts"],"names":[],"mappings":";AAoCA;;;;;GAKG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAWnD;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAKxD"}