@interop/zcap 10.1.0 → 11.0.0

package/dist/CapabilityProofPurpose.js

@@ -0,0 +1,531 @@
+/*!
+ * Copyright (c) 2018-2024 Digital Bazaar, Inc. All rights reserved.
+ */
+import * as utils from './utils.js';
+import jsigs from '@interop/jsonld-signatures';
+const { ControllerProofPurpose } = jsigs.purposes;
+export class CapabilityProofPurpose extends ControllerProofPurpose {
+    allowTargetAttenuation;
+    expectedRootCapability;
+    inspectCapabilityChain;
+    maxChainLength;
+    maxClockSkew;
+    maxDelegationTtl;
+    suite;
+    /**
+     * @param options - The options.
+     * @param options.allowTargetAttenuation - Allow the invocationTarget of a
+     *   delegation chain to be increasingly restrictive based on a hierarchical
+     *   RESTful URL structure.
+     * @param options.controller - The description of the controller, if it is not
+     *   to be dereferenced via a `documentLoader`.
+     * @param options.date - Used during proof verification as the expected date
+     *   for the creation of the proof (within a maximum timestamp delta) and for
+     *   checking to see if a capability has expired; if not passed the current
+     *   date will be used.
+     * @param options.expectedRootCapability - The expected root capability for
+     *   the delegation chain (a single root capability ID string, or an array of
+     *   acceptable root capability ID strings).
+     * @param options.inspectCapabilityChain - An async function that can be used
+     *   to check for revocations related to any of verified capabilities.
+     * @param options.maxChainLength - The maximum length of the capability
+     *   delegation chain.
+     * @param options.maxClockSkew - A maximum number of seconds that clocks may
+     *   be skewed checking capability expiration date-times against `date` and
+     *   when comparing invocation proof creation time against delegation proof
+     *   creation time.
+     * @param options.maxDelegationTtl - The maximum milliseconds to live for a
+     *   delegated zcap as measured by the time difference between `expires` and
+     *   `created` on the delegation proof.
+     * @param options.maxTimestampDelta - A maximum number of seconds that a
+     *   capability invocation proof (only used by this proof type) "created" date
+     *   can deviate from `date`, defaults to `Infinity`.
+     * @param options.suite - The jsonld-signature suite(s) to use to verify the
+     *   capability chain. Required only when verifying a proof; unused (and
+     *   omitted) when creating a delegation proof.
+     * @param options.term - The term `capabilityInvocation` or
+     *   `capabilityDelegation` to look for in an LD proof.
+     */
+    constructor({ 
+    // proof verification params (and common to all derived classes)
+    allowTargetAttenuation = false, controller, date, expectedRootCapability, inspectCapabilityChain, maxChainLength, maxDelegationTtl = Infinity, maxTimestampDelta = Infinity, maxClockSkew = 300, suite, term } = {}) {
+        super({ term, controller, date, maxTimestampDelta });
+        // params used to verify a proof
+        const hasVerifyProofParams = controller ||
+            date ||
+            expectedRootCapability ||
+            inspectCapabilityChain ||
+            suite;
+        if (hasVerifyProofParams) {
+            if (!(typeof expectedRootCapability === 'string' ||
+                Array.isArray(expectedRootCapability))) {
+                throw new TypeError('"expectedRootCapability" must be a string or array.');
+            }
+            // expected root capability values must be absolute URIs
+            const expectedRootCapabilities = Array.isArray(expectedRootCapability)
+                ? expectedRootCapability
+                : [expectedRootCapability];
+            for (const erc of expectedRootCapabilities) {
+                if (!(typeof erc === 'string' && erc.includes(':'))) {
+                    throw new Error('"expectedRootCapability" values must be absolute URI strings.');
+                }
+            }
+            if (typeof maxClockSkew !== 'number') {
+                throw new TypeError('"maxClockSkew" must be a number.');
+            }
+            this.allowTargetAttenuation = allowTargetAttenuation;
+            this.expectedRootCapability = expectedRootCapability;
+            this.inspectCapabilityChain = inspectCapabilityChain;
+            this.maxChainLength = maxChainLength;
+            this.maxClockSkew = maxClockSkew;
+            this.maxDelegationTtl = maxDelegationTtl;
+            this.suite = suite;
+        }
+    }
+    /**
+     * Validates a capability proof by verifying its capability delegation chain
+     * from the root outward. Overrides
+     * {@link jsigs.ControllerProofPurpose#validate} and is structurally
+     * compatible with it.
+     *
+     * @param proof - The proof to validate.
+     * @param validateOptions - The validation options (passed through from
+     *   `jsigs`), including `document` and `documentLoader`.
+     *
+     * @returns Resolves to `{valid, error?}` (plus an internal
+     *   `dereferencedChain` on success).
+     */
+    async validate(proof, validateOptions) {
+        /* Note: Trust begins at the root zcap, so we start chain validation at
+        the root and move forward toward the tail from there. This also helps
+        prevent an attacker from wasting time when they submit long zcap chains
+        that are extensions of otherwise valid chains.
+    
+        So, each parent zcap must be verified before its child is. This also means
+        that we can't simply recursively unwind the chain in reverse; therefore,
+        the code is a bit more complex.
+    
+        Note that if a chain is being checked without an invocation, i.e., without
+        invoking the tail capability, then the tail's capability delegation *proof*
+        will have been cryptographically verified prior to this call. Otherwise,
+        it will need to be cryptographically verified. There is a signal described
+        below to indicate whether this verification needs to occur. Regardless, the
+        tail has not yet been validated as a tail for the chain and won't be until
+        the rest of the chain, starting at the root, is validated.
+    
+        The validation process is:
+    
+        0. Run a short-circuit check to ensure that we only verify the capability
+          chain once; that is, we only start checking the chain when we haven't
+          verified any parent zcaps yet. Whether we've started checking the chain
+          yet or not is handled by a derived class that implements
+          `_shortCircuitValidate`, returning the short-circuit validation result
+          if the chain check has already started and `undefined` if it hasn't.
+        1. If we haven't been short-circuited, then dereference the capability
+          chain referenced in the tail proof to get all zcaps in the chain.
+        2. Run any proof-purpose specific checks prior to checking the rest of
+          the chain. This allows shortcuts when checking a capability invocation
+          proof, e.g., if an invocation is immediately invalid for some reason,
+          there is no need to check that the delegation rules were followed along
+          the entire chain. This method also returns the `capabilityChainMeta`
+          array to use to hold the capability delegation proof verify results. If
+          a capability delegation proof for the tail has already been verified,
+          this array will have a placeholder for its full proof validation result
+          as a signal to avoid duplicating this work later.
+        3. Verify the chain from root => tail by calling `verifyCapabilityChain`
+          just once -- when validating the tail. The short-circuit check above
+          ensures we don't call this more than once. Additionally, the
+          `capabilityChainMeta` array signals whether we need to cryptographically
+          verify the capability delegation proof on the tail or if we must skip
+          this to avoid duplicating that work.
+        4. Run any purpose-specific checks after chain verification. This allows
+          capability delegation proof checks to be run on the tail against the now
+          verified parent, allowing its proof validation result to be fully
+          constructed and updated in the `capabilityChainMeta` array (as well
+          as the return value for this function).
+        5. Run the `inspectCapabilityChain` hook, if given, to allow for custom
+          implementations to check for revoked zcaps in databases or whatever other
+          behavior is desired. */
+        try {
+            // ensure proof has expected context (even though this is called in
+            // `match`, it is possible to call `validate` separately without calling
+            // `match`, so check here too)
+            utils.checkProofContext({ proof });
+            const { document, documentLoader } = validateOptions;
+            // 0. Run any proof-purpose-specific short-circuit check.
+            const shortcircuit = await this._shortCircuitValidate({
+                proof,
+                validateOptions
+            });
+            if (shortcircuit) {
+                return shortcircuit;
+            }
+            /* 1. Dereference the capability chain. This involves finding all
+            embedded delegated zcaps, using a verifier-trusted hook to dereference
+            the root zcap, and putting the full zcaps in order (root => tail) in an
+            array. The `tail` is the zcap that was invoked. */
+            const { dereferencedChain } = await this._dereferenceChain({
+                document,
+                documentLoader,
+                proof
+            });
+            /* 2. Run any proof-purpose-specific early checks prior to chain
+            verification. */
+            const { capabilityChainMeta } = await this._runChecksBeforeChainVerification({
+                dereferencedChain,
+                proof,
+                validateOptions
+            });
+            /* 3. Verify the capability delegation chain. This will make sure that
+            the root zcap in the chain is as expected (for the endpoint where the
+            invocation occurred) and that every other zcap in the chain (including
+            the invoked one), has been properly delegated. */
+            const { verified, error } = await this._verifyCapabilityChain({
+                // required to avoid circular dependencies
+                CapabilityDelegation: this._getCapabilityDelegationClass(),
+                capabilityChainMeta,
+                dereferencedChain,
+                documentLoader
+            });
+            if (!verified) {
+                throw error;
+            }
+            /* 4. Run any proof-purpose-specific checks after chain verification
+              to get the proof validation result. */
+            const validateResult = await this._runChecksAfterChainVerification({
+                capabilityChainMeta,
+                dereferencedChain,
+                proof,
+                validateOptions
+            });
+            // 5. Run `inspectCapabilityChain` hook.
+            const { inspectCapabilityChain } = this;
+            if (inspectCapabilityChain) {
+                const { valid, error } = await inspectCapabilityChain({
+                    // full chain, including root zcap
+                    capabilityChain: dereferencedChain,
+                    // capability chain meta including `null` for root zcap
+                    capabilityChainMeta: [{ verifyResult: null }, ...capabilityChainMeta]
+                });
+                if (!valid) {
+                    throw error;
+                }
+            }
+            // include dereferenced chain result
+            validateResult.dereferencedChain = dereferencedChain;
+            return validateResult;
+        }
+        catch (error) {
+            return { valid: false, error: error };
+        }
+    }
+    /**
+     * Dereferences the capability chain for the tail capability of the given
+     * proof, using `expectedRootCapability` to gate which root zcap is trusted
+     * and `documentLoader` to load it. Delegates to
+     * {@link utils.dereferenceCapabilityChain}.
+     *
+     * @param options - The options.
+     * @param options.document - The document the proof is attached to.
+     * @param options.documentLoader - The document loader used to load the
+     *   (trusted) root capability.
+     * @param options.proof - The proof whose capability chain is to be
+     *   dereferenced.
+     *
+     * @returns Resolves to the full dereferenced chain ordered root to tail.
+     */
+    async _dereferenceChain({ document, documentLoader, proof }) {
+        const { expectedRootCapability, maxChainLength } = this;
+        const { capability } = this._getTailCapability({ document, proof });
+        const { dereferencedChain } = await utils.dereferenceCapabilityChain({
+            capability: capability,
+            async getRootCapability({ id }) {
+                // ensure root zcap in chain is as expected
+                let match;
+                if (typeof expectedRootCapability === 'string') {
+                    match = expectedRootCapability === id;
+                }
+                else {
+                    match = expectedRootCapability?.includes(id);
+                }
+                if (!match) {
+                    throw utils.createDetailedError(`Actual root capability (${id}) does not match expected root ` +
+                        `capability (${String(expectedRootCapability)}).`, { actual: id, expected: expectedRootCapability });
+                }
+                // load root zcap
+                const { document } = await documentLoader(id);
+                return { rootCapability: document };
+            },
+            maxChainLength
+        });
+        return { dereferencedChain };
+    }
+    /**
+     * Returns the `CapabilityDelegation` class, passed in by derived classes to
+     * avoid a circular import. Abstract; must be overridden.
+     *
+     * @returns The `CapabilityDelegation` class.
+     */
+    _getCapabilityDelegationClass() {
+        throw new Error('Not implemented.');
+    }
+    /**
+     * Resolves the "tail" capability (the one being invoked or delegated) from
+     * the document and/or proof. Abstract; must be overridden.
+     *
+     * @param _options - The options (`document`, `proof`).
+     *
+     * @returns The tail capability (a root zcap ID string or a full zcap object).
+     */
+    _getTailCapability(_options) {
+        throw new Error('Not implemented.');
+    }
+    /**
+     * Hook for proof-purpose-specific checks run *before* chain verification.
+     * Overridden by derived classes.
+     *
+     * @param _options - The options.
+     *
+     * @returns The initial capability chain meta array.
+     */
+    async _runChecksBeforeChainVerification(_options) {
+        return { capabilityChainMeta: [] };
+    }
+    /**
+     * Hook for proof-purpose-specific checks run *after* chain verification.
+     * Abstract; must be overridden.
+     *
+     * @param _options - The options.
+     *
+     * @returns The proof validation result.
+     */
+    async _runChecksAfterChainVerification(_options) {
+        throw new Error('Not implemented.');
+    }
+    /**
+     * Runs the base class (`ControllerProofPurpose`) validation checks for the
+     * proof, throwing on failure.
+     *
+     * @param options - The options.
+     * @param options.proof - The proof to validate.
+     * @param options.validateOptions - The validation options passed through from
+     *   `jsigs` (including `document`, `documentLoader`, and `verificationMethod`).
+     *
+     * @returns Resolves to the base validation result (includes
+     *   `{valid, controller, ...}`).
+     */
+    async _runBaseProofValidation({ proof, validateOptions }) {
+        // run super class's validation checks
+        const result = await super.validate(proof, validateOptions);
+        if (!result.valid) {
+            throw result.error;
+        }
+        return result;
+    }
+    /**
+     * Hook allowing a derived class to short-circuit proof validation (e.g., when
+     * a verified parent capability is already available). No-op by default.
+     *
+     * @param _options - The options (`proof`, `validateOptions`).
+     *
+     * @returns A proof validation result to short-circuit with, or nothing to
+     *   continue full validation.
+     */
+    async _shortCircuitValidate(_options) { }
+    /**
+     * Verifies the given dereferenced capability chain. This involves ensuring
+     * that the root zcap in the chain is as expected (for the endpoint where an
+     * invocation or a simple chain chain is occurring) and that every other zcap
+     * in the chain (including any invoked one), has been properly delegated.
+     *
+     * @param options - The options.
+     * @param options.CapabilityDelegation - The CapabilityDelegation class; this
+     *   must be passed to avoid circular references in this module.
+     * @param options.capabilityChainMeta - The array of results for inspecting
+     *   the capability chain; if this has a value when passed, then it is
+     *   presumed to be the verify result for the tail capability and that tail
+     *   capability will not be verified internally by this function to avoid
+     *   duplicating work; all verification results (including the tail's --
+     *   either computed locally or reused from what was passed) will be added to
+     *   this array in order from root => tail.
+     * @param options.dereferencedChain - The dereferenced capability chain for
+     *   `capability`, starting at the root capability and ending at `capability`.
+     * @param options.documentLoader - A configured jsonld documentLoader.
+     *
+     * @returns Resolves to an object with `{verified, error}`.
+     */
+    async _verifyCapabilityChain({ CapabilityDelegation, capabilityChainMeta, dereferencedChain, documentLoader }) {
+        /* Note: We start verifying a capability chain at its root of trust (the
+        root capability) and then move toward the tail. To prevent recursively
+        repeating checks, we pass a `verifiedParentCapability` each time we start
+        verifying another capability delegation proof in the capability chain.
+    
+        Verification process is:
+    
+        1. If the chain only as the root capability, exit early.
+        2. For each capability `zcap` in the chain, verify the capability delegation
+          proof on `zcap` (if `capabilityChainMeta` has no precomputed result) and
+          that all of the delegation rules have been followed. */
+        try {
+            // 1. If the chain only has the root, exit early.
+            if (dereferencedChain.length === 1) {
+                return { verified: true };
+            }
+            // 2. For each capability `zcap` in the chain, verify the capability
+            //   delegation proof on `zcap` and that the delegation rules have been
+            //   followed.
+            let parentAllowedAction;
+            let parentDelegationTime;
+            let parentExpirationTime;
+            const [root] = dereferencedChain;
+            let parentInvocationTarget = root.invocationTarget;
+            // track whether `capabilityChainMeta` needs its first result shifted to
+            // the end (if a result was present, it is for the last or "tail" zcap,
+            // so we set a flag to remember to move it to the end when we're done
+            // checking zcaps below)
+            const mustShift = capabilityChainMeta.length > 0;
+            // get all delegated capabilities (no root zcap since it has no delegation
+            // proof to check)
+            const delegatedCapabilities = dereferencedChain.slice(1);
+            const { allowTargetAttenuation, expectedRootCapability, date, maxClockSkew = 300, maxDelegationTtl = Infinity, suite } = this;
+            const currentDate = (date && new Date(date)) || new Date();
+            for (let i = 0; i < delegatedCapabilities.length; ++i) {
+                const zcap = delegatedCapabilities[i];
+                /* Note: Passing `_verifiedParentCapability` will prevent repetitive
+                checking of the same segments of the chain (once a parent is verified,
+                its chain is not checked again when checking its children). */
+                const _verifiedParentCapability = delegatedCapabilities[i - 1] || root;
+                // verify proof on zcap if no result has been computed yet (one
+                // verify result will be present in `capabilityChainMeta` per
+                // delegated capability)
+                if (capabilityChainMeta.length < delegatedCapabilities.length) {
+                    const verifyResult = await jsigs.verify(zcap, {
+                        suite: suite,
+                        purpose: new CapabilityDelegation({
+                            allowTargetAttenuation,
+                            date: currentDate,
+                            expectedRootCapability,
+                            maxDelegationTtl,
+                            _verifiedParentCapability
+                        }),
+                        documentLoader
+                    });
+                    if (!verifyResult.verified) {
+                        throw verifyResult.error;
+                    }
+                    // delegation proof verified; save meta data for later inspection
+                    capabilityChainMeta.push({ verifyResult });
+                }
+                // ensure `allowedAction` is valid (compared against parent)
+                const allowedAction = 'allowedAction' in zcap ? zcap.allowedAction : undefined;
+                if (!utils.hasValidAllowedAction({ allowedAction, parentAllowedAction })) {
+                    throw new Error('The "allowedAction" in a delegated capability ' +
+                        'must not be less restrictive than its parent.');
+                }
+                // ensure `invocationTarget` delegation is acceptable
+                const invocationTarget = utils.getTarget({ capability: zcap });
+                if (!utils.isValidTarget({
+                    invocationTarget,
+                    baseInvocationTarget: parentInvocationTarget,
+                    allowTargetAttenuation
+                })) {
+                    if (allowTargetAttenuation) {
+                        throw new Error(`The "invocationTarget" in a delegated capability must not be ` +
+                            'less restrictive than its parent.');
+                    }
+                    else {
+                        throw new Error('The "invocationTarget" in a delegated capability ' +
+                            'must be equivalent to its parent.');
+                    }
+                }
+                // verify expiration dates
+                // expires date has been previously validated, so just parse it
+                const currentCapabilityExpirationTime = Date.parse('expires' in zcap ? zcap.expires : '');
+                // if the parent does not specify an expiration date, then any more
+                // restrictive expiration date is acceptable
+                if (parentExpirationTime !== undefined) {
+                    // handle case where `expires` is set in the parent, but the child
+                    // has an expiration date greater than the parent
+                    if (currentCapabilityExpirationTime > parentExpirationTime) {
+                        // `utils.compareTime` intentionally not used; the delegator MUST
+                        // not use an `expires` value later than what is in the parent,
+                        // which they have access to (not a decentralized clock problem)
+                        throw new Error('The `expires` property in a delegated capability must not ' +
+                            'be less restrictive than its parent.');
+                    }
+                    // use `utils.compareTime` to allow for allow for clock drift because
+                    // we are comparing against `currentDate`
+                    if (utils.compareTime({
+                        t1: currentDate.getTime(),
+                        t2: parentExpirationTime,
+                        maxClockSkew
+                    }) > 0) {
+                        throw new Error('A capability in the delegation chain has expired.');
+                    }
+                }
+                // get delegated date-time
+                // note: there can be only one proof here and this has already been
+                // validated to be the case during `dereferenceCapabilityChain`
+                const [proof] = utils.getDelegationProofs({ capability: zcap });
+                const currentCapabilityDelegationTime = Date.parse(proof.created);
+                // verify parent capability was not delegated after child
+                if (parentDelegationTime !== undefined &&
+                    parentDelegationTime > currentCapabilityDelegationTime) {
+                    throw new Error('A capability in the delegation chain was delegated before ' +
+                        'its parent.');
+                }
+                // some systems may require historical verification of zcaps, so
+                // allow `maxDelegationTtl` of `Infinity`
+                if (maxDelegationTtl < Infinity) {
+                    /* Note: Here we ensure zcap has a time-to-live (TTL) that is
+                    sufficiently short. This is to prevent the use of zcaps that, when
+                    revoked, will have to be stored for long periods of time. We have to
+                    ensure:
+          
+                    1. The zcap's delegation date is not in the future (this also ensures
+                      that the zcap's expiration date is not before its delegation date
+                      as it would have triggered an expiration error in a previous check).
+                    2. The zcap's current TTL is <= `maxDelegationTtl`
+                    3. The zcap's TTL was never > `maxDelegationTtl`. */
+                    // use `utils.compareTime` to allow for allow for clock drift because
+                    // we are comparing against `currentDate`
+                    if (utils.compareTime({
+                        t1: currentCapabilityDelegationTime,
+                        t2: currentDate.getTime(),
+                        maxClockSkew
+                    }) > 0) {
+                        throw new Error('A delegated capability in the delegation chain was delegated ' +
+                            'in the future.');
+                    }
+                    const currentTtl = currentCapabilityExpirationTime - currentDate.getTime();
+                    const maxTtl = currentCapabilityExpirationTime - currentCapabilityDelegationTime;
+                    // use `utils.compareTime` to allow for allow for clock drift because
+                    // we are comparing against `currentDate`
+                    const currentTtlComparison = utils.compareTime({
+                        t1: currentTtl,
+                        t2: maxDelegationTtl,
+                        maxClockSkew
+                    });
+                    if (currentTtlComparison > 0 || maxTtl > maxDelegationTtl) {
+                        throw new Error('A delegated capability in the delegation chain has a time to ' +
+                            'live that is too long.');
+                    }
+                }
+                parentAllowedAction = allowedAction;
+                parentExpirationTime = currentCapabilityExpirationTime;
+                parentDelegationTime = currentCapabilityDelegationTime;
+                parentInvocationTarget = invocationTarget;
+            }
+            // shift zcap verify result for last zcap to the end of meta array if
+            // necessary
+            if (mustShift) {
+                capabilityChainMeta.push(capabilityChainMeta.shift());
+            }
+            return { verified: true };
+        }
+        catch (error) {
+            return { verified: false, error: error };
+        }
+    }
+}
+//# sourceMappingURL=CapabilityProofPurpose.js.map

package/dist/CapabilityProofPurpose.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CapabilityProofPurpose.js","sourceRoot":"","sources":["../src/CapabilityProofPurpose.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,KAAK,MAAM,YAAY,CAAA;AACnC,OAAO,KAAK,MAAM,4BAA4B,CAAA;AAmB9C,MAAM,EAAE,sBAAsB,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAA;AAajD,MAAM,OAAO,sBAAuB,SAAQ,sBAAsB;IAChE,sBAAsB,CAAU;IAChC,sBAAsB,CAAoB;IAC1C,sBAAsB,CAAyB;IAC/C,cAAc,CAAS;IACvB,YAAY,CAAS;IACrB,gBAAgB,CAAS;IACzB,KAAK,CAAsC;IAE3C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACH,YACE;IACE,gEAAgE;IAChE,sBAAsB,GAAG,KAAK,EAC9B,UAAU,EACV,IAAI,EACJ,sBAAsB,EACtB,sBAAsB,EACtB,cAAc,EACd,gBAAgB,GAAG,QAAQ,EAC3B,iBAAiB,GAAG,QAAQ,EAC5B,YAAY,GAAG,GAAG,EAClB,KAAK,EACL,IAAI,KAC6B,EAAmC;QAEtE,KAAK,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,CAAA;QAEpD,gCAAgC;QAChC,MAAM,oBAAoB,GACxB,UAAU;YACV,IAAI;YACJ,sBAAsB;YACtB,sBAAsB;YACtB,KAAK,CAAA;QACP,IAAI,oBAAoB,EAAE,CAAC;YACzB,IACE,CAAC,CACC,OAAO,sBAAsB,KAAK,QAAQ;gBAC1C,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC,CACtC,EACD,CAAC;gBACD,MAAM,IAAI,SAAS,CACjB,qDAAqD,CACtD,CAAA;YACH,CAAC;YAED,wDAAwD;YACxD,MAAM,wBAAwB,GAAG,KAAK,CAAC,OAAO,CAAC,sBAAsB,CAAC;gBACpE,CAAC,CAAC,sBAAsB;gBACxB,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAA;YAC5B,KAAK,MAAM,GAAG,IAAI,wBAAwB,EAAE,CAAC;gBAC3C,IAAI,CAAC,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;oBACpD,MAAM,IAAI,KAAK,CACb,+DAA+D,CAChE,CAAA;gBACH,CAAC;YACH,CAAC;YAED,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;gBACrC,MAAM,IAAI,SAAS,CAAC,kCAAkC,CAAC,CAAA;YACzD,CAAC;YAED,IAAI,CAAC,sBAAsB,GAAG,sBAAsB,CAAA;YACpD,IAAI,CAAC,sBAAsB,GAAG,sBAAsB,CAAA;YACpD,IAAI,CAAC,sBAAsB,GAAG,sBAAsB,CAAA;YACpD,IAAI,CAAC,cAAc,GAAG,cAAc,CAAA;YACpC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAA;YAChC,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAA;YACxC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;QACpB,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,QAAQ,CACZ,KAAwB,EACxB,eAAgC;QAEhC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAiDyB;QAEzB,IAAI,CAAC;YACH,mEAAmE;YACnE,wEAAwE;YACxE,8BAA8B;YAC9B,KAAK,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,CAAA;YAElC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,eAAe,CAAA;YAEpD,yDAAyD;YACzD,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,qBAAqB,CAAC;gBACpD,KAAK;gBACL,eAAe;aAChB,CAAC,CAAA;YACF,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO,YAAY,CAAA;YACrB,CAAC;YAED;;;8DAGkD;YAClD,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC;gBACzD,QAAQ;gBACR,cAAc;gBACd,KAAK;aACN,CAAC,CAAA;YAEF;4BACgB;YAChB,MAAM,EAAE,mBAAmB,EAAE,GAC3B,MAAM,IAAI,CAAC,iCAAiC,CAAC;gBAC3C,iBAAiB;gBACjB,KAAK;gBACL,eAAe;aAChB,CAAC,CAAA;YAEJ;;;6DAGiD;YACjD,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC;gBAC5D,0CAA0C;gBAC1C,oBAAoB,EAAE,IAAI,CAAC,6BAA6B,EAAE;gBAC1D,mBAAmB;gBACnB,iBAAiB;gBACjB,cAAc;aACf,CAAC,CAAA;YACF,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,KAAK,CAAA;YACb,CAAC;YAED;oDACwC;YACxC,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,gCAAgC,CAAC;gBACjE,mBAAmB;gBACnB,iBAAiB;gBACjB,KAAK;gBACL,eAAe;aAChB,CAAC,CAAA;YAEF,wCAAwC;YACxC,MAAM,EAAE,sBAAsB,EAAE,GAAG,IAAI,CAAA;YACvC,IAAI,sBAAsB,EAAE,CAAC;gBAC3B,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,MAAM,sBAAsB,CAAC;oBACpD,kCAAkC;oBAClC,eAAe,EAAE,iBAAiB;oBAClC,uDAAuD;oBACvD,mBAAmB,EAAE,CAAC,EAAE,YAAY,EAAE,IAAI,EAAE,EAAE,GAAG,mBAAmB,CAAC;iBACtE,CAAC,CAAA;gBACF,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,KAAK,CAAA;gBACb,CAAC;YACH,CAAC;YAED,oCAAoC;YACpC,cAAc,CAAC,iBAAiB,GAAG,iBAAiB,CAAA;YAEpD,OAAO,cAAc,CAAA;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAc,EAAE,CAAA;QAChD,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,iBAAiB,CAAC,EACtB,QAAQ,EACR,cAAc,EACd,KAAK,EAKN;QACC,MAAM,EAAE,sBAAsB,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;QACvD,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAA;QACnE,MAAM,EAAE,iBAAiB,EAAE,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC;YACnE,UAAU,EAAE,UAAqC;YACjD,KAAK,CAAC,iBAAiB,CAAC,EAAE,EAAE,EAAkB;gBAC5C,2CAA2C;gBAC3C,IAAI,KAAK,CAAA;gBACT,IAAI,OAAO,sBAAsB,KAAK,QAAQ,EAAE,CAAC;oBAC/C,KAAK,GAAG,sBAAsB,KAAK,EAAE,CAAA;gBACvC,CAAC;qBAAM,CAAC;oBACN,KAAK,GAAG,sBAAsB,EAAE,QAAQ,CAAC,EAAE,CAAC,CAAA;gBAC9C,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,KAAK,CAAC,mBAAmB,CAC7B,2BAA2B,EAAE,iCAAiC;wBAC5D,eAAe,MAAM,CAAC,sBAAsB,CAAC,IAAI,EACnD,EAAE,MAAM,EAAE,EAAE,EAAE,QAAQ,EAAE,sBAAsB,EAAE,CACjD,CAAA;gBACH,CAAC;gBAED,iBAAiB;gBACjB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,cAAe,CAAC,EAAE,CAAC,CAAA;gBAC9C,OAAO,EAAE,cAAc,EAAE,QAAqB,EAAE,CAAA;YAClD,CAAC;YACD,cAAc;SACf,CAAC,CAAA;QACF,OAAO,EAAE,iBAAiB,EAAE,CAAA;IAC9B,CAAC;IAED;;;;;OAKG;IACH,6BAA6B;QAC3B,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACrC,CAAC;IAED;;;;;;;OAOG;IACH,kBAAkB,CAAC,QAGlB;QACC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACrC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iCAAiC,CAAC,QAIvC;QACC,OAAO,EAAE,mBAAmB,EAAE,EAAE,EAAE,CAAA;IACpC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,gCAAgC,CAAC,QAKtC;QACC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAA;IACrC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,uBAAuB,CAAC,EAC5B,KAAK,EACL,eAAe,EAIhB;QACC,sCAAsC;QACtC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,eAAe,CAAC,CAAA;QAC3D,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,MAAM,CAAC,KAAK,CAAA;QACpB,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,qBAAqB,CAAC,QAG3B,IAA6C,CAAC;IAE/C;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,KAAK,CAAC,sBAAsB,CAAC,EAC3B,oBAAoB,EACpB,mBAAmB,EACnB,iBAAiB,EACjB,cAAc,EAMf;QACC;;;;;;;;;;iEAUyD;QAEzD,IAAI,CAAC;YACH,iDAAiD;YACjD,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACnC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;YAC3B,CAAC;YAED,oEAAoE;YACpE,uEAAuE;YACvE,cAAc;YACd,IAAI,mBAAkD,CAAA;YACtD,IAAI,oBAAwC,CAAA;YAC5C,IAAI,oBAAwC,CAAA;YAC5C,MAAM,CAAC,IAAI,CAAC,GAAG,iBAAiB,CAAA;YAChC,IAAI,sBAAsB,GAAG,IAAK,CAAC,gBAAgB,CAAA;YAEnD,wEAAwE;YACxE,uEAAuE;YACvE,qEAAqE;YACrE,wBAAwB;YACxB,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,GAAG,CAAC,CAAA;YAEhD,0EAA0E;YAC1E,kBAAkB;YAClB,MAAM,qBAAqB,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;YACxD,MAAM,EACJ,sBAAsB,EACtB,sBAAsB,EACtB,IAAI,EACJ,YAAY,GAAG,GAAG,EAClB,gBAAgB,GAAG,QAAQ,EAC3B,KAAK,EACN,GAAG,IAAI,CAAA;YACR,MAAM,WAAW,GAAG,CAAC,IAAI,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,EAAE,CAAA;YAC1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,qBAAqB,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;gBACtD,MAAM,IAAI,GAAG,qBAAqB,CAAC,CAAC,CAAE,CAAA;gBACtC;;8EAE8D;gBAC9D,MAAM,yBAAyB,GAAG,qBAAqB,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,IAAI,CAAA;gBAEtE,+DAA+D;gBAC/D,6DAA6D;gBAC7D,wBAAwB;gBACxB,IAAI,mBAAmB,CAAC,MAAM,GAAG,qBAAqB,CAAC,MAAM,EAAE,CAAC;oBAC9D,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE;wBAC5C,KAAK,EAAE,KAAM;wBACb,OAAO,EAAE,IAAI,oBAAoB,CAAC;4BAChC,sBAAsB;4BACtB,IAAI,EAAE,WAAW;4BACjB,sBAAsB;4BACtB,gBAAgB;4BAChB,yBAAyB;yBAC1B,CAAC;wBACF,cAAc;qBACf,CAAC,CAAA;oBACF,IAAI,CAAC,YAAY,CAAC,QAAQ,EAAE,CAAC;wBAC3B,MAAM,YAAY,CAAC,KAAK,CAAA;oBAC1B,CAAC;oBACD,iEAAiE;oBACjE,mBAAmB,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,CAAC,CAAA;gBAC5C,CAAC;gBAED,4DAA4D;gBAC5D,MAAM,aAAa,GACjB,eAAe,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAA;gBAC1D,IACE,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC,EACpE,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,gDAAgD;wBAC9C,+CAA+C,CAClD,CAAA;gBACH,CAAC;gBAED,qDAAqD;gBACrD,MAAM,gBAAgB,GAAG,KAAK,CAAC,SAAS,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC9D,IACE,CAAC,KAAK,CAAC,aAAa,CAAC;oBACnB,gBAAgB;oBAChB,oBAAoB,EAAE,sBAAsB;oBAC5C,sBAAsB;iBACvB,CAAC,EACF,CAAC;oBACD,IAAI,sBAAsB,EAAE,CAAC;wBAC3B,MAAM,IAAI,KAAK,CACb,+DAA+D;4BAC7D,mCAAmC,CACtC,CAAA;oBACH,CAAC;yBAAM,CAAC;wBACN,MAAM,IAAI,KAAK,CACb,mDAAmD;4BACjD,mCAAmC,CACtC,CAAA;oBACH,CAAC;gBACH,CAAC;gBAED,0BAA0B;gBAC1B,+DAA+D;gBAC/D,MAAM,+BAA+B,GAAG,IAAI,CAAC,KAAK,CAChD,SAAS,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CACtC,CAAA;gBAED,mEAAmE;gBACnE,4CAA4C;gBAC5C,IAAI,oBAAoB,KAAK,SAAS,EAAE,CAAC;oBACvC,kEAAkE;oBAClE,iDAAiD;oBACjD,IAAI,+BAA+B,GAAG,oBAAoB,EAAE,CAAC;wBAC3D,iEAAiE;wBACjE,+DAA+D;wBAC/D,gEAAgE;wBAChE,MAAM,IAAI,KAAK,CACb,4DAA4D;4BAC1D,sCAAsC,CACzC,CAAA;oBACH,CAAC;oBACD,qEAAqE;oBACrE,yCAAyC;oBACzC,IACE,KAAK,CAAC,WAAW,CAAC;wBAChB,EAAE,EAAE,WAAW,CAAC,OAAO,EAAE;wBACzB,EAAE,EAAE,oBAAoB;wBACxB,YAAY;qBACb,CAAC,GAAG,CAAC,EACN,CAAC;wBACD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;oBACtE,CAAC;gBACH,CAAC;gBAED,0BAA0B;gBAC1B,mEAAmE;gBACnE,+DAA+D;gBAC/D,MAAM,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,mBAAmB,CAAC,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;gBAC/D,MAAM,+BAA+B,GAAG,IAAI,CAAC,KAAK,CAAC,KAAM,CAAC,OAAO,CAAC,CAAA;gBAElE,yDAAyD;gBACzD,IACE,oBAAoB,KAAK,SAAS;oBAClC,oBAAoB,GAAG,+BAA+B,EACtD,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,4DAA4D;wBAC1D,aAAa,CAChB,CAAA;gBACH,CAAC;gBAED,gEAAgE;gBAChE,yCAAyC;gBACzC,IAAI,gBAAgB,GAAG,QAAQ,EAAE,CAAC;oBAChC;;;;;;;;;wEASoD;oBAEpD,qEAAqE;oBACrE,yCAAyC;oBACzC,IACE,KAAK,CAAC,WAAW,CAAC;wBAChB,EAAE,EAAE,+BAA+B;wBACnC,EAAE,EAAE,WAAW,CAAC,OAAO,EAAE;wBACzB,YAAY;qBACb,CAAC,GAAG,CAAC,EACN,CAAC;wBACD,MAAM,IAAI,KAAK,CACb,+DAA+D;4BAC7D,gBAAgB,CACnB,CAAA;oBACH,CAAC;oBACD,MAAM,UAAU,GACd,+BAA+B,GAAG,WAAW,CAAC,OAAO,EAAE,CAAA;oBACzD,MAAM,MAAM,GACV,+BAA+B,GAAG,+BAA+B,CAAA;oBACnE,qEAAqE;oBACrE,yCAAyC;oBACzC,MAAM,oBAAoB,GAAG,KAAK,CAAC,WAAW,CAAC;wBAC7C,EAAE,EAAE,UAAU;wBACd,EAAE,EAAE,gBAAgB;wBACpB,YAAY;qBACb,CAAC,CAAA;oBACF,IAAI,oBAAoB,GAAG,CAAC,IAAI,MAAM,GAAG,gBAAgB,EAAE,CAAC;wBAC1D,MAAM,IAAI,KAAK,CACb,+DAA+D;4BAC7D,wBAAwB,CAC3B,CAAA;oBACH,CAAC;gBACH,CAAC;gBAED,mBAAmB,GAAG,aAAa,CAAA;gBACnC,oBAAoB,GAAG,+BAA+B,CAAA;gBACtD,oBAAoB,GAAG,+BAA+B,CAAA;gBACtD,sBAAsB,GAAG,gBAAgB,CAAA;YAC3C,CAAC;YAED,qEAAqE;YACrE,YAAY;YACZ,IAAI,SAAS,EAAE,CAAC;gBACd,mBAAmB,CAAC,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAG,CAAC,CAAA;YACxD,CAAC;YAED,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAA;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,EAAE,KAAc,EAAE,CAAA;QACnD,CAAC;IACH,CAAC;CACF"}

package/dist/constants.d.ts

@@ -0,0 +1,11 @@
+/** The zcap JSON-LD context document. */
+export declare const ZCAP_CONTEXT: object;
+/** The zcap JSON-LD context URL (`https://w3id.org/zcap/v1`). */
+export declare const ZCAP_CONTEXT_URL: string;
+/** URI prefix for root capability IDs (`urn:zcap:root:`). */
+export declare const ZCAP_ROOT_PREFIX = "urn:zcap:root:";
+/**
+ * Default maximum capability delegation chain length (inclusive of the tail).
+ */
+export declare const MAX_CHAIN_LENGTH = 10;
+//# sourceMappingURL=constants.d.ts.map

package/dist/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAYA,yCAAyC;AACzC,eAAO,MAAM,YAAY,EAAE,MAAgB,CAAA;AAE3C,iEAAiE;AACjE,eAAO,MAAM,gBAAgB,EAAE,MAAoB,CAAA;AAEnD,6DAA6D;AAC7D,eAAO,MAAM,gBAAgB,mBAAmB,CAAA;AAEhD;;GAEG;AAGH,eAAO,MAAM,gBAAgB,KAAK,CAAA"}

package/dist/constants.js

@@ -0,0 +1,23 @@
+/*!
+ * Copyright (c) 2018-2022 Digital Bazaar, Inc. All rights reserved.
+ */
+import { CONTEXT, CONTEXT_URL } from '@digitalbazaar/zcap-context';
+// Re-exported through local typed bindings (rather than a direct
+// `export ... from`) so the values carry explicit types instead of pointing at
+// `@digitalbazaar/zcap-context`, which ships no types. This lets downstream
+// consumers resolve `ZCAP_CONTEXT`/`ZCAP_CONTEXT_URL` without needing types for
+// that package. The values are `const` in zcap-context, so the snapshot binding
+// is equivalent to a live one.
+/** The zcap JSON-LD context document. */
+export const ZCAP_CONTEXT = CONTEXT;
+/** The zcap JSON-LD context URL (`https://w3id.org/zcap/v1`). */
+export const ZCAP_CONTEXT_URL = CONTEXT_URL;
+/** URI prefix for root capability IDs (`urn:zcap:root:`). */
+export const ZCAP_ROOT_PREFIX = 'urn:zcap:root:';
+/**
+ * Default maximum capability delegation chain length (inclusive of the tail).
+ */
+// 6 is probably more reasonable for Kevin Bacon reasons? but picking a
+// power of 10
+export const MAX_CHAIN_LENGTH = 10;
+//# sourceMappingURL=constants.js.map

package/dist/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAA;AAElE,iEAAiE;AACjE,+EAA+E;AAC/E,4EAA4E;AAC5E,gFAAgF;AAChF,gFAAgF;AAChF,+BAA+B;AAE/B,yCAAyC;AACzC,MAAM,CAAC,MAAM,YAAY,GAAW,OAAO,CAAA;AAE3C,iEAAiE;AACjE,MAAM,CAAC,MAAM,gBAAgB,GAAW,WAAW,CAAA;AAEnD,6DAA6D;AAC7D,MAAM,CAAC,MAAM,gBAAgB,GAAG,gBAAgB,CAAA;AAEhD;;GAEG;AACH,uEAAuE;AACvE,cAAc;AACd,MAAM,CAAC,MAAM,gBAAgB,GAAG,EAAE,CAAA"}

package/dist/index.d.ts

@@ -0,0 +1,25 @@
+import * as constants from './constants.js';
+import type { IDocumentLoader } from '@interop/data-integrity-core/loader';
+export { CapabilityInvocation } from './CapabilityInvocation.js';
+export { CapabilityDelegation } from './CapabilityDelegation.js';
+export { createRootCapability } from './utils.js';
+export { constants };
+export type { CapabilityChainDetails, CapabilityMeta, InspectCapabilityChain, InspectResult, VerifyResult, VerifyProofResult, VerifyProofPurposeResult, CapabilityInvocationOptions, CapabilityDelegationOptions, CapabilityValidateResult, GetRootCapability } from './types.js';
+/**
+ * Wraps an existing document loader so that it also serves the zcap JSON-LD
+ * context. The wrapped loader is called for all other URLs.
+ *
+ * @param documentLoader - An existing JSON-LD document loader to extend.
+ *
+ * @returns A new document loader that handles the zcap context URL and
+ *   delegates all other URLs to the wrapped loader.
+ */
+export declare function extendDocumentLoader(documentLoader: IDocumentLoader): IDocumentLoader;
+/**
+ * A default JSON-LD document loader that serves only the zcap and
+ * jsonld-signatures contexts. Suitable for use when no other contexts are
+ * needed. Extend it with {@link extendDocumentLoader} if additional contexts
+ * are required.
+ */
+export declare const documentLoader: IDocumentLoader;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,SAAS,MAAM,gBAAgB,CAAA;AAC3C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qCAAqC,CAAA;AAG1E,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AACjD,OAAO,EAAE,SAAS,EAAE,CAAA;AAGpB,YAAY,EACV,sBAAsB,EACtB,cAAc,EACd,sBAAsB,EACtB,aAAa,EACb,YAAY,EACZ,iBAAiB,EACjB,wBAAwB,EACxB,2BAA2B,EAC3B,2BAA2B,EAC3B,wBAAwB,EACxB,iBAAiB,EAClB,MAAM,YAAY,CAAA;AAEnB;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAClC,cAAc,EAAE,eAAe,GAC9B,eAAe,CAYjB;AAED;;;;;GAKG;AACH,eAAO,MAAM,cAAc,EAAE,eAE5B,CAAA"}