@kagal/acme 0.1.0

package/dist/schema.mjs

@@ -0,0 +1,389 @@
+import * as v from 'valibot';
+import { b as accountStatuses, i as identifierTypes, d as challengeStatuses, c as authorizationStatuses, o as orderStatuses } from './shared/acme.BvAs3CeC.mjs';
+
+const base64url = /^[A-Za-z0-9_-]+$/;
+const base64urlOrEmpty = /^[A-Za-z0-9_-]*$/;
+const Base64urlSchema = v.pipe(
+  v.string(),
+  v.regex(base64url),
+  v.check(
+    (s) => s.length % 4 !== 1,
+    "invalid base64url length"
+  )
+);
+const Base64urlOrEmptySchema = v.pipe(
+  v.string(),
+  v.regex(base64urlOrEmpty),
+  v.check(
+    (s) => s === "" || s.length % 4 !== 1,
+    "invalid base64url length"
+  )
+);
+
+const jwkBase = {
+  "kid": v.optional(v.string()),
+  "alg": v.optional(v.string()),
+  "use": v.optional(v.string()),
+  "key_ops": v.optional(v.pipe(
+    v.array(v.string()),
+    v.readonly()
+  )),
+  "x5u": v.optional(v.string()),
+  "x5c": v.optional(v.pipe(
+    v.array(v.string()),
+    v.readonly()
+  )),
+  "x5t": v.optional(v.string()),
+  "x5t#S256": v.optional(v.string())
+};
+const JWKSchema = v.variant("kty", [
+  v.looseObject({
+    kty: v.literal("EC"),
+    crv: v.string(),
+    x: v.string(),
+    y: v.string(),
+    ...jwkBase
+  }),
+  v.looseObject({
+    kty: v.literal("OKP"),
+    crv: v.string(),
+    x: v.string(),
+    ...jwkBase
+  }),
+  v.looseObject({
+    kty: v.literal("RSA"),
+    n: v.string(),
+    e: v.string(),
+    ...jwkBase
+  })
+]);
+
+const FlattenedJWSSchema = v.strictObject({
+  protected: Base64urlSchema,
+  payload: Base64urlOrEmptySchema,
+  signature: Base64urlSchema
+});
+const jwsProtectedHeaderBase = {
+  alg: v.string(),
+  jwk: v.optional(JWKSchema),
+  kid: v.optional(v.string())
+};
+const JWSProtectedHeaderSchema = v.looseObject({
+  ...jwsProtectedHeaderBase
+});
+const ACMEProtectedHeaderSchema = v.looseObject({
+  ...jwsProtectedHeaderBase,
+  nonce: v.string(),
+  url: v.string()
+});
+const acmeRequestHeaderBase = {
+  alg: v.string(),
+  nonce: v.string(),
+  url: v.string()
+};
+const ACMERequestHeaderSchema = v.pipe(
+  v.union([
+    v.looseObject({
+      ...acmeRequestHeaderBase,
+      jwk: JWKSchema
+    }),
+    v.looseObject({
+      ...acmeRequestHeaderBase,
+      kid: v.string()
+    })
+  ]),
+  v.check(
+    (input) => !("jwk" in input && "kid" in input),
+    "Provide 'jwk' or 'kid', not both"
+  )
+);
+
+const AccountSchema = v.looseObject({
+  status: v.picklist(accountStatuses),
+  contact: v.optional(v.array(v.string())),
+  termsOfServiceAgreed: v.optional(v.boolean()),
+  externalAccountBinding: v.optional(FlattenedJWSSchema),
+  orders: v.string()
+});
+
+const identifierFields = {
+  type: v.picklist(identifierTypes),
+  value: v.pipe(v.string(), v.minLength(1))
+};
+const IdentifierSchema = v.looseObject(
+  identifierFields
+);
+const StrictIdentifierSchema = v.strictObject(
+  identifierFields
+);
+
+const SubproblemSchema = v.looseObject({
+  type: v.string(),
+  title: v.optional(v.string()),
+  detail: v.optional(v.string()),
+  status: v.optional(
+    v.pipe(v.number(), v.integer(), v.minValue(100), v.maxValue(599))
+  ),
+  instance: v.optional(v.string()),
+  identifier: v.optional(IdentifierSchema)
+});
+const ProblemSchema = v.looseObject({
+  type: v.string(),
+  title: v.optional(v.string()),
+  detail: v.optional(v.string()),
+  status: v.optional(
+    v.pipe(v.number(), v.integer(), v.minValue(100), v.maxValue(599))
+  ),
+  instance: v.optional(v.string()),
+  identifier: v.optional(IdentifierSchema),
+  subproblems: v.optional(v.array(SubproblemSchema))
+});
+
+const challengeBase = {
+  url: v.string(),
+  status: v.picklist(challengeStatuses),
+  validated: v.optional(v.string()),
+  error: v.optional(ProblemSchema),
+  token: v.string()
+};
+const ChallengeSchema = v.variant("type", [
+  v.looseObject({
+    ...challengeBase,
+    type: v.literal("dns-01")
+  }),
+  v.looseObject({
+    ...challengeBase,
+    type: v.literal("http-01")
+  }),
+  v.looseObject({
+    ...challengeBase,
+    type: v.literal("tls-alpn-01")
+  })
+]);
+
+const authorizationOtherStatuses = authorizationStatuses.filter(
+  (s) => s !== "pending" && s !== "valid"
+);
+const authorizationBase = {
+  identifier: IdentifierSchema,
+  challenges: v.array(ChallengeSchema),
+  wildcard: v.optional(v.boolean())
+};
+const AuthorizationSchema = v.variant("status", [
+  v.looseObject({
+    ...authorizationBase,
+    status: v.literal("pending"),
+    expires: v.optional(v.string())
+  }),
+  v.looseObject({
+    ...authorizationBase,
+    status: v.literal("valid"),
+    expires: v.string()
+  }),
+  v.looseObject({
+    ...authorizationBase,
+    status: v.picklist(authorizationOtherStatuses),
+    expires: v.optional(v.string())
+  })
+]);
+
+const DirectoryMetaSchema = v.looseObject({
+  termsOfService: v.optional(v.string()),
+  website: v.optional(v.string()),
+  caaIdentities: v.optional(v.array(v.string())),
+  externalAccountRequired: v.optional(v.boolean()),
+  profiles: v.optional(v.record(v.string(), v.string()))
+});
+const DirectorySchema = v.looseObject({
+  newNonce: v.string(),
+  newAccount: v.string(),
+  newOrder: v.string(),
+  newAuthz: v.optional(v.string()),
+  revokeCert: v.string(),
+  keyChange: v.string(),
+  renewalInfo: v.optional(v.string()),
+  meta: v.optional(DirectoryMetaSchema)
+});
+
+const FinalizeSchema = v.strictObject({
+  csr: Base64urlSchema
+});
+
+const KeyChangeSchema = v.strictObject({
+  account: v.string(),
+  oldKey: JWKSchema
+});
+
+const NewAccountSchema = v.strictObject({
+  contact: v.optional(v.array(v.string())),
+  termsOfServiceAgreed: v.optional(v.boolean()),
+  onlyReturnExisting: v.optional(v.boolean()),
+  externalAccountBinding: v.optional(
+    FlattenedJWSSchema
+  )
+});
+const DeactivateAccountSchema = v.strictObject({
+  status: v.literal("deactivated")
+});
+
+const NewAuthzSchema = v.strictObject({
+  identifier: StrictIdentifierSchema
+});
+const DeactivateAuthorizationSchema = v.strictObject({
+  status: v.literal("deactivated")
+});
+
+const SuggestedWindowSchema = v.pipe(
+  v.strictObject({
+    start: v.pipe(v.string(), v.isoTimestamp()),
+    end: v.pipe(v.string(), v.isoTimestamp())
+  }),
+  v.check(
+    (input) => Date.parse(input.start) < Date.parse(input.end),
+    "'start' must be before 'end'"
+  )
+);
+const RenewalInfoSchema = v.looseObject({
+  suggestedWindow: SuggestedWindowSchema,
+  explanationURL: v.optional(v.string())
+});
+const certIDPattern = /^[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+$/;
+const CertIDSchema = v.pipe(
+  v.string(),
+  v.regex(certIDPattern)
+);
+
+const NewOrderSchema = v.strictObject({
+  identifiers: v.pipe(
+    v.array(StrictIdentifierSchema),
+    v.minLength(1)
+  ),
+  notBefore: v.optional(v.string()),
+  notAfter: v.optional(v.string()),
+  profile: v.optional(v.string()),
+  replaces: v.optional(CertIDSchema)
+});
+
+const OrderSchema = v.looseObject({
+  status: v.picklist(orderStatuses),
+  expires: v.optional(v.string()),
+  identifiers: v.array(IdentifierSchema),
+  notBefore: v.optional(v.string()),
+  notAfter: v.optional(v.string()),
+  error: v.optional(ProblemSchema),
+  authorizations: v.array(v.string()),
+  finalize: v.string(),
+  certificate: v.optional(v.string()),
+  replaces: v.optional(CertIDSchema),
+  profile: v.optional(v.string())
+});
+
+const RevokeCertSchema = v.strictObject({
+  certificate: Base64urlSchema,
+  reason: v.optional(v.pipe(
+    v.number(),
+    v.integer(),
+    v.picklist([0, 1, 2, 3, 4, 5, 6, 8, 9, 10])
+  ))
+});
+
+function safeValidate(schema, input) {
+  const result = v.safeParse(schema, input);
+  return result.success ? { success: true, data: result.output } : { success: false, issues: result.issues };
+}
+function validateBase64url(input) {
+  return safeValidate(Base64urlSchema, input);
+}
+function validateBase64urlOrEmpty(input) {
+  return safeValidate(Base64urlOrEmptySchema, input);
+}
+function validateAccount(input) {
+  return safeValidate(AccountSchema, input);
+}
+function validateAuthorization(input) {
+  return safeValidate(AuthorizationSchema, input);
+}
+function validateChallenge(input) {
+  return safeValidate(ChallengeSchema, input);
+}
+function validateCertID(input) {
+  return safeValidate(CertIDSchema, input);
+}
+function validateDirectory(input) {
+  return safeValidate(DirectorySchema, input);
+}
+function validateDirectoryMeta(input) {
+  return safeValidate(DirectoryMetaSchema, input);
+}
+function validateFinalize(input) {
+  return safeValidate(FinalizeSchema, input);
+}
+function validateFlattenedJWS(input) {
+  return safeValidate(FlattenedJWSSchema, input);
+}
+function validateJWSProtectedHeader(input) {
+  return safeValidate(
+    JWSProtectedHeaderSchema,
+    input
+  );
+}
+function validateACMEProtectedHeader(input) {
+  return safeValidate(
+    ACMEProtectedHeaderSchema,
+    input
+  );
+}
+function validateACMERequestHeader(input) {
+  return safeValidate(
+    ACMERequestHeaderSchema,
+    input
+  );
+}
+function validateIdentifier(input) {
+  return safeValidate(IdentifierSchema, input);
+}
+function validateOrder(input) {
+  return safeValidate(OrderSchema, input);
+}
+function validateProblem(input) {
+  return safeValidate(ProblemSchema, input);
+}
+function validateRenewalInfo(input) {
+  return safeValidate(RenewalInfoSchema, input);
+}
+function validateRevokeCert(input) {
+  return safeValidate(RevokeCertSchema, input);
+}
+function validateSubproblem(input) {
+  return safeValidate(SubproblemSchema, input);
+}
+function validateJWK(input) {
+  return safeValidate(JWKSchema, input);
+}
+function validateKeyChange(input) {
+  return safeValidate(KeyChangeSchema, input);
+}
+function validateNewAccount(input) {
+  return safeValidate(NewAccountSchema, input);
+}
+function validateDeactivateAccount(input) {
+  return safeValidate(
+    DeactivateAccountSchema,
+    input
+  );
+}
+function validateNewOrder(input) {
+  return safeValidate(NewOrderSchema, input);
+}
+function validateNewAuthz(input) {
+  return safeValidate(NewAuthzSchema, input);
+}
+function validateDeactivateAuthorization(input) {
+  return safeValidate(
+    DeactivateAuthorizationSchema,
+    input
+  );
+}
+
+export { ACMEProtectedHeaderSchema, ACMERequestHeaderSchema, AccountSchema, AuthorizationSchema, Base64urlOrEmptySchema, Base64urlSchema, CertIDSchema, ChallengeSchema, DeactivateAccountSchema, DeactivateAuthorizationSchema, DirectoryMetaSchema, DirectorySchema, FinalizeSchema, FlattenedJWSSchema, IdentifierSchema, JWKSchema, JWSProtectedHeaderSchema, KeyChangeSchema, NewAccountSchema, NewAuthzSchema, NewOrderSchema, OrderSchema, ProblemSchema, RenewalInfoSchema, RevokeCertSchema, StrictIdentifierSchema, SubproblemSchema, validateACMEProtectedHeader, validateACMERequestHeader, validateAccount, validateAuthorization, validateBase64url, validateBase64urlOrEmpty, validateCertID, validateChallenge, validateDeactivateAccount, validateDeactivateAuthorization, validateDirectory, validateDirectoryMeta, validateFinalize, validateFlattenedJWS, validateIdentifier, validateJWK, validateJWSProtectedHeader, validateKeyChange, validateNewAccount, validateNewAuthz, validateNewOrder, validateOrder, validateProblem, validateRenewalInfo, validateRevokeCert, validateSubproblem };
+//# sourceMappingURL=schema.mjs.map

package/dist/schema.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.mjs","sources":["../src/schema/encoding.ts","../src/schema/jwk.ts","../src/schema/jws.ts","../src/schema/account.ts","../src/schema/identifier.ts","../src/schema/problem.ts","../src/schema/challenge.ts","../src/schema/authorization.ts","../src/schema/directory.ts","../src/schema/finalize.ts","../src/schema/key-change.ts","../src/schema/new-account.ts","../src/schema/new-authz.ts","../src/schema/renewal-info.ts","../src/schema/new-order.ts","../src/schema/order.ts","../src/schema/revoke-cert.ts","../src/schema/index.ts"],"sourcesContent":["// Encoding validators\n\nimport * as v from 'valibot';\n\n/** Base64url without padding (RFC 7515 §2). */\nconst base64url = /^[A-Za-z0-9_-]+$/;\n\n/** Base64url allowing empty (POST-as-GET payload). */\nconst base64urlOrEmpty = /^[A-Za-z0-9_-]*$/;\n\n/**\n * Non-empty {@link Base64url} schema.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7515#section-2}\n */\nexport const Base64urlSchema = v.pipe(\n  v.string(),\n  v.regex(base64url),\n  v.check(\n    (s) => s.length % 4 !== 1,\n    'invalid base64url length',\n  ),\n);\n\n/**\n * {@link Base64url} schema allowing empty string\n * (POST-as-GET payload, RFC 8555 §6.3).\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-6.3}\n */\nexport const Base64urlOrEmptySchema = v.pipe(\n  v.string(),\n  v.regex(base64urlOrEmpty),\n  v.check(\n    (s) => s === '' || s.length % 4 !== 1,\n    'invalid base64url length',\n  ),\n);\n","// JWK schema (RFC 7517)\n\nimport * as v from 'valibot';\n\n/** Shared optional JWK members (RFC 7517 §4). */\nconst jwkBase = {\n  'kid': v.optional(v.string()),\n  'alg': v.optional(v.string()),\n  'use': v.optional(v.string()),\n  'key_ops': v.optional(v.pipe(\n    v.array(v.string()), v.readonly(),\n  )),\n  'x5u': v.optional(v.string()),\n  'x5c': v.optional(v.pipe(\n    v.array(v.string()), v.readonly(),\n  )),\n  'x5t': v.optional(v.string()),\n  'x5t#S256': v.optional(v.string()),\n};\n\n/**\n * {@link JWK} schema (RFC 7517).\n *\n * @remarks\n * Uses `v.variant` on `kty` to discriminate\n * EC, OKP, and RSA key types. Each variant uses\n * `looseObject` — JWKs may contain additional\n * members (RFC 7517 §4).\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7517}\n */\nexport const JWKSchema = v.variant('kty', [\n  v.looseObject({\n    kty: v.literal('EC'),\n    crv: v.string(),\n    x: v.string(),\n    y: v.string(),\n    ...jwkBase,\n  }),\n  v.looseObject({\n    kty: v.literal('OKP'),\n    crv: v.string(),\n    x: v.string(),\n    ...jwkBase,\n  }),\n  v.looseObject({\n    kty: v.literal('RSA'),\n    n: v.string(),\n    e: v.string(),\n    ...jwkBase,\n  }),\n]);\n","// JWS schemas (RFC 7515, RFC 8555)\n\nimport * as v from 'valibot';\n\nimport {\n  Base64urlOrEmptySchema,\n  Base64urlSchema,\n} from './encoding';\nimport { JWKSchema } from './jwk';\n\n/**\n * {@link FlattenedJWS} schema (RFC 7515 §7.2.2).\n *\n * @remarks\n * Uses `strictObject` — the three base64url fields\n * are the only expected properties. `payload` may be\n * empty for POST-as-GET requests (RFC 8555 §6.3).\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7515#section-7.2.2}\n */\nexport const FlattenedJWSSchema = v.strictObject({\n  protected: Base64urlSchema,\n  payload: Base64urlOrEmptySchema,\n  signature: Base64urlSchema,\n});\n\n/** Shared JWS protected header fields (RFC 7515 §4.1). */\nconst jwsProtectedHeaderBase = {\n  alg: v.string(),\n  jwk: v.optional(JWKSchema),\n  kid: v.optional(v.string()),\n};\n\n/**\n * {@link JWSProtectedHeader} schema (RFC 7515 §4.1).\n *\n * @remarks\n * Uses `looseObject` — JWS headers may contain\n * additional registered or private parameters.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7515#section-4.1}\n */\nexport const JWSProtectedHeaderSchema = v.looseObject({\n  ...jwsProtectedHeaderBase,\n});\n\n/**\n * {@link ACMEProtectedHeader} schema (RFC 8555 §6.2).\n *\n * @remarks\n * Uses `looseObject` — extends\n * {@link JWSProtectedHeaderSchema} with ACME-required\n * `nonce` and `url`.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-6.2}\n */\nexport const ACMEProtectedHeaderSchema = v.looseObject({\n  ...jwsProtectedHeaderBase,\n  nonce: v.string(),\n  url: v.string(),\n});\n\n/** Shared ACME request header fields. */\nconst acmeRequestHeaderBase = {\n  alg: v.string(),\n  nonce: v.string(),\n  url: v.string(),\n};\n\n/**\n * {@link ACMERequestHeader} schema (RFC 8555 §6.2).\n *\n * @remarks\n * Enforces `jwk` XOR `kid` — servers MUST reject\n * headers containing both. Uses `looseObject` for\n * header extensibility with a `check` action for\n * mutual exclusion.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-6.2}\n */\nexport const ACMERequestHeaderSchema = v.pipe(\n  v.union([\n    v.looseObject({\n      ...acmeRequestHeaderBase,\n      jwk: JWKSchema,\n    }),\n    v.looseObject({\n      ...acmeRequestHeaderBase,\n      kid: v.string(),\n    }),\n  ]),\n  v.check(\n    (input) => !('jwk' in input && 'kid' in input),\n    'Provide \\'jwk\\' or \\'kid\\', not both',\n  ),\n);\n","// Account schema (RFC 8555 §7.1.2)\n\nimport * as v from 'valibot';\n\nimport {\n  accountStatuses,\n} from '../types/constants/status';\n\nimport { FlattenedJWSSchema } from './jws';\n\n/**\n * {@link Account} schema.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n * `externalAccountBinding` is validated as a\n * {@link FlattenedJWSSchema} (structural alias).\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.2}\n */\nexport const AccountSchema = v.looseObject({\n  status: v.picklist(accountStatuses),\n  contact: v.optional(v.array(v.string())),\n  termsOfServiceAgreed: v.optional(v.boolean()),\n  externalAccountBinding: v.optional(FlattenedJWSSchema),\n  orders: v.string(),\n});\n","// Identifier schema (RFC 8555 §9.7.7, RFC 8738)\n\nimport * as v from 'valibot';\n\nimport { identifierTypes } from '../types/constants/identifier-type';\n\n/** Shared identifier fields. */\nconst identifierFields = {\n  type: v.picklist(identifierTypes),\n  value: v.pipe(v.string(), v.minLength(1)),\n};\n\n/**\n * {@link Identifier} schema.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-9.7.7}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8738}\n */\nexport const IdentifierSchema = v.looseObject(\n  identifierFields,\n);\n\n/**\n * Strict {@link Identifier} schema for request\n * payloads.\n *\n * @remarks\n * Uses `strictObject` — the client controls the\n * structure.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-9.7.7}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8738}\n */\nexport const StrictIdentifierSchema = v.strictObject(\n  identifierFields,\n);\n","// Problem schema (RFC 7807, RFC 8555 §6.7.1)\n\nimport * as v from 'valibot';\n\nimport { IdentifierSchema } from './identifier';\n\n/**\n * {@link Subproblem} schema.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-6.7.1}\n */\nexport const SubproblemSchema = v.looseObject({\n  type: v.string(),\n  title: v.optional(v.string()),\n  detail: v.optional(v.string()),\n  status: v.optional(\n    v.pipe(v.number(), v.integer(), v.minValue(100), v.maxValue(599)),\n  ),\n  instance: v.optional(v.string()),\n  identifier: v.optional(IdentifierSchema),\n});\n\n/**\n * {@link Problem} schema.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n * `type` is validated as a plain string, not against\n * {@link ErrorTypes}, to accept server-defined URNs\n * beyond the ACME namespace.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc7807}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-6.7.1}\n */\nexport const ProblemSchema = v.looseObject({\n  type: v.string(),\n  title: v.optional(v.string()),\n  detail: v.optional(v.string()),\n  status: v.optional(\n    v.pipe(v.number(), v.integer(), v.minValue(100), v.maxValue(599)),\n  ),\n  instance: v.optional(v.string()),\n  identifier: v.optional(IdentifierSchema),\n  subproblems: v.optional(v.array(SubproblemSchema)),\n});\n","// Challenge schemas (RFC 8555 §7.1.5, RFC 8737)\n\nimport * as v from 'valibot';\n\nimport {\n  challengeStatuses,\n} from '../types/constants/status';\n\nimport { ProblemSchema } from './problem';\n\n/** Shared challenge fields. */\nconst challengeBase = {\n  url: v.string(),\n  status: v.picklist(challengeStatuses),\n  validated: v.optional(v.string()),\n  error: v.optional(ProblemSchema),\n  token: v.string(),\n};\n\n/**\n * {@link Challenge} schema — discriminated on `type`.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n * The union is closed: unknown challenge types fail\n * validation. Consumers must upgrade to support new\n * challenge types from future RFCs.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.5}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8737}\n */\nexport const ChallengeSchema = v.variant('type', [\n  v.looseObject({\n    ...challengeBase,\n    type: v.literal('dns-01'),\n  }),\n  v.looseObject({\n    ...challengeBase,\n    type: v.literal('http-01'),\n  }),\n  v.looseObject({\n    ...challengeBase,\n    type: v.literal('tls-alpn-01'),\n  }),\n]);\n","// Authorization schema (RFC 8555 §7.1.4)\n\nimport * as v from 'valibot';\n\nimport type { AuthorizationStatus } from '../types/constants/status';\nimport {\n  authorizationStatuses,\n} from '../types/constants/status';\n\nimport { ChallengeSchema } from './challenge';\nimport { IdentifierSchema } from './identifier';\n\n/** Statuses handled by their own variant branches. */\nconst authorizationOtherStatuses = authorizationStatuses.filter(\n  (s): s is Exclude<AuthorizationStatus, 'pending' | 'valid'> =>\n    s !== 'pending' && s !== 'valid',\n);\n\n/** Shared authorisation fields. */\nconst authorizationBase = {\n  identifier: IdentifierSchema,\n  challenges: v.array(ChallengeSchema),\n  wildcard: v.optional(v.boolean()),\n};\n\n/**\n * {@link Authorization} schema — discriminated on\n * `status`.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n * `expires` is required when status is `'valid'`.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.4}\n */\nexport const AuthorizationSchema = v.variant('status', [\n  v.looseObject({\n    ...authorizationBase,\n    status: v.literal('pending'),\n    expires: v.optional(v.string()),\n  }),\n  v.looseObject({\n    ...authorizationBase,\n    status: v.literal('valid'),\n    expires: v.string(),\n  }),\n  v.looseObject({\n    ...authorizationBase,\n    status: v.picklist(authorizationOtherStatuses),\n    expires: v.optional(v.string()),\n  }),\n]);\n","// Directory schema (RFC 8555 §7.1.1)\n\nimport * as v from 'valibot';\n\n/**\n * {@link DirectoryMeta} schema.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n * Includes Profiles `profiles`\n * (draft-ietf-acme-profiles) extension.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1}\n */\nexport const DirectoryMetaSchema = v.looseObject({\n  termsOfService: v.optional(v.string()),\n  website: v.optional(v.string()),\n  caaIdentities: v.optional(v.array(v.string())),\n  externalAccountRequired: v.optional(v.boolean()),\n  profiles: v.optional(v.record(v.string(), v.string())),\n});\n\n/**\n * {@link Directory} schema.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.1}\n */\nexport const DirectorySchema = v.looseObject({\n  newNonce: v.string(),\n  newAccount: v.string(),\n  newOrder: v.string(),\n  newAuthz: v.optional(v.string()),\n  revokeCert: v.string(),\n  keyChange: v.string(),\n  renewalInfo: v.optional(v.string()),\n  meta: v.optional(DirectoryMetaSchema),\n});\n","// Finalize request payload schema (RFC 8555 §7.4)\n\nimport * as v from 'valibot';\n\nimport { Base64urlSchema } from './encoding';\n\n/**\n * {@link Finalize} schema (RFC 8555 §7.4).\n *\n * @remarks\n * Uses `strictObject` — the CSR is the only\n * expected field. Validates base64url encoding.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.4}\n */\nexport const FinalizeSchema = v.strictObject({\n  csr: Base64urlSchema,\n});\n","// keyChange inner payload schema (RFC 8555 §7.3.5)\n\nimport * as v from 'valibot';\n\nimport { JWKSchema } from './jwk';\n\n/**\n * {@link KeyChange} schema (RFC 8555 §7.3.5).\n *\n * @remarks\n * Uses `strictObject` — the inner JWS payload has\n * exactly two fields.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.5}\n */\nexport const KeyChangeSchema = v.strictObject({\n  account: v.string(),\n  oldKey: JWKSchema,\n});\n","// newAccount request payload schema (RFC 8555 §7.3)\n\nimport * as v from 'valibot';\n\nimport { FlattenedJWSSchema } from './jws';\n\n/**\n * {@link NewAccount} schema (RFC 8555 §7.3).\n *\n * @remarks\n * Uses `strictObject` — request payloads have a\n * fixed set of fields.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.3}\n */\nexport const NewAccountSchema = v.strictObject({\n  contact: v.optional(v.array(v.string())),\n  termsOfServiceAgreed: v.optional(v.boolean()),\n  onlyReturnExisting: v.optional(v.boolean()),\n  externalAccountBinding: v.optional(\n    FlattenedJWSSchema,\n  ),\n});\n\n/**\n * {@link DeactivateAccount} schema\n * (RFC 8555 §7.3.6).\n *\n * @remarks\n * Uses `strictObject` — deactivation sends only\n * `status: 'deactivated'`.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.3.6}\n */\nexport const DeactivateAccountSchema =\n  v.strictObject({\n    status: v.literal('deactivated'),\n  });\n","// newAuthz request payload schema (RFC 8555 §7.4.1)\n\nimport * as v from 'valibot';\n\nimport { StrictIdentifierSchema } from './identifier';\n\n/**\n * {@link NewAuthz} schema (RFC 8555 §7.4.1).\n *\n * @remarks\n * Uses `strictObject` — request payloads have a\n * fixed set of fields.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.4.1}\n */\nexport const NewAuthzSchema = v.strictObject({\n  identifier: StrictIdentifierSchema,\n});\n\n/**\n * {@link DeactivateAuthorization} schema\n * (RFC 8555 §7.5.2).\n *\n * @remarks\n * Uses `strictObject` — deactivation sends only\n * `status: 'deactivated'`.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.5.2}\n */\nexport const DeactivateAuthorizationSchema =\n  v.strictObject({\n    status: v.literal('deactivated'),\n  });\n","// ARI extension schemas (RFC 9773)\n\nimport * as v from 'valibot';\n\n/** Suggested renewal window (start/end RFC 3339 timestamps). */\nconst SuggestedWindowSchema = v.pipe(\n  v.strictObject({\n    start: v.pipe(v.string(), v.isoTimestamp()),\n    end: v.pipe(v.string(), v.isoTimestamp()),\n  }),\n  v.check(\n    (input) => Date.parse(input.start) < Date.parse(input.end),\n    '\\'start\\' must be before \\'end\\'',\n  ),\n);\n\n/**\n * {@link RenewalInfo} schema (RFC 9773 §4).\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9773#section-4}\n */\nexport const RenewalInfoSchema = v.looseObject({\n  suggestedWindow: SuggestedWindowSchema,\n  explanationURL: v.optional(v.string()),\n});\n\n/**\n * ARI certID format:\n * `base64url(AKI) + \".\" + base64url(Serial)`.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9773#section-4.1}\n */\nconst certIDPattern = /^[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+$/;\n\n/**\n * {@link CertID} schema (RFC 9773 §4.1).\n *\n * @remarks\n * Validates the `base64url(AKI).base64url(Serial)`\n * format used to identify certificates in ARI.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc9773#section-4.1}\n */\nexport const CertIDSchema = v.pipe(\n  v.string(),\n  v.regex(certIDPattern),\n);\n","// newOrder request payload schema (RFC 8555 §7.4)\n\nimport * as v from 'valibot';\n\nimport { StrictIdentifierSchema } from './identifier';\nimport { CertIDSchema } from './renewal-info';\n\n/**\n * {@link NewOrder} schema (RFC 8555 §7.4).\n *\n * @remarks\n * Uses `strictObject` — request payloads have a\n * fixed set of fields. Includes ARI `replaces`\n * (RFC 9773) and Profiles `profile`\n * (draft-ietf-acme-profiles) extensions.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.4}\n */\nexport const NewOrderSchema = v.strictObject({\n  identifiers: v.pipe(\n    v.array(StrictIdentifierSchema), v.minLength(1),\n  ),\n  notBefore: v.optional(v.string()),\n  notAfter: v.optional(v.string()),\n  profile: v.optional(v.string()),\n  replaces: v.optional(CertIDSchema),\n});\n","// Order schema (RFC 8555 §7.1.3)\n\nimport * as v from 'valibot';\n\nimport { orderStatuses } from '../types/constants/status';\n\nimport { IdentifierSchema } from './identifier';\nimport { ProblemSchema } from './problem';\nimport { CertIDSchema } from './renewal-info';\n\n/**\n * {@link Order} schema.\n *\n * @remarks\n * Uses `looseObject` — unknown fields pass through.\n * Includes ARI `replaces` (RFC 9773) and Profiles\n * `profile` (draft-ietf-acme-profiles) extensions.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.3}\n */\nexport const OrderSchema = v.looseObject({\n  status: v.picklist(orderStatuses),\n  expires: v.optional(v.string()),\n  identifiers: v.array(IdentifierSchema),\n  notBefore: v.optional(v.string()),\n  notAfter: v.optional(v.string()),\n  error: v.optional(ProblemSchema),\n  authorizations: v.array(v.string()),\n  finalize: v.string(),\n  certificate: v.optional(v.string()),\n  replaces: v.optional(CertIDSchema),\n  profile: v.optional(v.string()),\n});\n","// revokeCert request payload schema (RFC 8555 §7.6)\n\nimport * as v from 'valibot';\n\nimport { Base64urlSchema } from './encoding';\n\n/**\n * {@link RevokeCert} schema (RFC 8555 §7.6).\n *\n * @remarks\n * Uses `strictObject` — only `certificate` and\n * optional `reason` are expected.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.6}\n */\nexport const RevokeCertSchema = v.strictObject({\n  certificate: Base64urlSchema,\n  reason: v.optional(v.pipe(\n    v.number(),\n    v.integer(),\n    v.picklist([0, 1, 2, 3, 4, 5, 6, 8, 9, 10]),\n  )),\n});\n","// @kagal/acme/schema — Valibot validators for\n// ACME protocol objects and request payloads\n// (RFC 8555)\n\nimport * as v from 'valibot';\n\nimport type { Base64url } from '../types/encoding';\nimport type { JWK } from '../types/jws/jwk';\nimport type {\n  ACMEProtectedHeader,\n  ACMERequestHeader,\n  FlattenedJWS,\n  JWSProtectedHeader,\n} from '../types/jws/jws';\nimport type { Account } from '../types/objects/account';\nimport type {\n  Authorization,\n} from '../types/objects/authorization';\nimport type {\n  Challenge,\n} from '../types/objects/challenge';\nimport type {\n  Directory,\n  DirectoryMeta,\n} from '../types/objects/directory';\nimport type {\n  Identifier,\n} from '../types/objects/identifier';\nimport type { Order } from '../types/objects/order';\nimport type {\n  Problem,\n  Subproblem,\n} from '../types/objects/problem';\nimport type {\n  CertID,\n  RenewalInfo,\n} from '../types/objects/renewal-info';\nimport type { Finalize } from '../types/requests/finalize';\nimport type {\n  KeyChange,\n} from '../types/requests/key-change';\nimport type {\n  DeactivateAccount,\n  NewAccount,\n} from '../types/requests/new-account';\nimport type {\n  DeactivateAuthorization,\n  NewAuthz,\n} from '../types/requests/new-authz';\nimport type { NewOrder } from '../types/requests/new-order';\nimport type {\n  RevokeCert,\n} from '../types/requests/revoke-cert';\n\nimport { AccountSchema } from './account';\nimport { AuthorizationSchema } from './authorization';\nimport { ChallengeSchema } from './challenge';\nimport {\n  DirectoryMetaSchema,\n  DirectorySchema,\n} from './directory';\nimport {\n  Base64urlOrEmptySchema,\n  Base64urlSchema,\n} from './encoding';\nimport { FinalizeSchema } from './finalize';\nimport { IdentifierSchema } from './identifier';\nimport { JWKSchema } from './jwk';\nimport {\n  ACMEProtectedHeaderSchema,\n  ACMERequestHeaderSchema,\n  FlattenedJWSSchema,\n  JWSProtectedHeaderSchema,\n} from './jws';\nimport { KeyChangeSchema } from './key-change';\nimport {\n  DeactivateAccountSchema,\n  NewAccountSchema,\n} from './new-account';\nimport {\n  DeactivateAuthorizationSchema,\n  NewAuthzSchema,\n} from './new-authz';\nimport { NewOrderSchema } from './new-order';\nimport { OrderSchema } from './order';\nimport {\n  ProblemSchema,\n  SubproblemSchema,\n} from './problem';\nimport {\n  CertIDSchema,\n  RenewalInfoSchema,\n} from './renewal-info';\nimport { RevokeCertSchema } from './revoke-cert';\n\nexport { AccountSchema } from './account';\nexport { AuthorizationSchema } from './authorization';\nexport { ChallengeSchema } from './challenge';\nexport {\n  DirectoryMetaSchema,\n  DirectorySchema,\n} from './directory';\nexport {\n  Base64urlOrEmptySchema,\n  Base64urlSchema,\n} from './encoding';\nexport { FinalizeSchema } from './finalize';\nexport {\n  IdentifierSchema,\n  StrictIdentifierSchema,\n} from './identifier';\nexport { JWKSchema } from './jwk';\nexport {\n  ACMEProtectedHeaderSchema,\n  ACMERequestHeaderSchema,\n  FlattenedJWSSchema,\n  JWSProtectedHeaderSchema,\n} from './jws';\nexport { KeyChangeSchema } from './key-change';\nexport {\n  DeactivateAccountSchema,\n  NewAccountSchema,\n} from './new-account';\nexport {\n  DeactivateAuthorizationSchema,\n  NewAuthzSchema,\n} from './new-authz';\nexport { NewOrderSchema } from './new-order';\nexport { OrderSchema } from './order';\nexport {\n  ProblemSchema,\n  SubproblemSchema,\n} from './problem';\nexport {\n  CertIDSchema,\n  RenewalInfoSchema,\n} from './renewal-info';\nexport { RevokeCertSchema } from './revoke-cert';\n\n/**\n * Successful validation — discriminate on `success`.\n *\n * @typeParam T - the validated type\n */\nexport type ValidationSuccess<T> = {\n  success: true\n\n  data: T\n};\n\n/**\n * Failed validation — discriminate on `success`.\n *\n * @remarks\n * `issues` contains Valibot's structured error\n * details (path, message, expected/received).\n */\nexport type ValidationFailure = {\n  success: false\n\n  issues: v.BaseIssue<unknown>[]\n};\n\n/**\n * Discriminated validation result.\n *\n * @typeParam T - the validated type on success\n *\n * @example\n * ```typescript\n * const result = validateOrder(json);\n * if (result.success) {\n *   result.data; // Order\n * } else {\n *   result.issues; // BaseIssue<unknown>[]\n * }\n * ```\n */\nexport type ValidationResult<T> =\n  ValidationFailure |\n  ValidationSuccess<T>;\n\nfunction safeValidate<\n  TSchema extends v.BaseSchema<\n    unknown, unknown, v.BaseIssue<unknown>\n  >,\n  T,\n>(\n  schema: TSchema,\n  input: unknown,\n): ValidationResult<T> {\n  const result = v.safeParse(schema, input);\n  // Safe: conformance.types.ts asserts InferOutput ≡ T\n  return result.success ?\n    { success: true, data: result.output as T } :\n    { success: false, issues: result.issues };\n}\n\n/**\n * Validate a {@link Base64url} string.\n *\n * @param input - raw string\n * @returns {@link ValidationResult} with\n *   {@link Base64url} on success\n */\nexport function validateBase64url(\n  input: unknown,\n): ValidationResult<Base64url> {\n  return safeValidate(Base64urlSchema, input);\n}\n\n/**\n * Validate a {@link Base64url} string, allowing empty\n * (POST-as-GET payload).\n *\n * @param input - raw string\n * @returns {@link ValidationResult} with\n *   {@link Base64url} or empty string on success\n */\nexport function validateBase64urlOrEmpty(\n  input: unknown,\n): ValidationResult<string> {\n  return safeValidate(Base64urlOrEmptySchema, input);\n}\n\n/**\n * Validate an {@link Account} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Account} on success\n */\nexport function validateAccount(\n  input: unknown,\n): ValidationResult<Account> {\n  return safeValidate(AccountSchema, input);\n}\n\n/**\n * Validate an {@link Authorization} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Authorization} on success\n */\nexport function validateAuthorization(\n  input: unknown,\n): ValidationResult<Authorization> {\n  return safeValidate(AuthorizationSchema, input);\n}\n\n/**\n * Validate a {@link Challenge} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Challenge} on success\n */\nexport function validateChallenge(\n  input: unknown,\n): ValidationResult<Challenge> {\n  return safeValidate(ChallengeSchema, input);\n}\n\n/**\n * Validate a {@link CertID} string.\n *\n * @param input - raw string\n * @returns {@link ValidationResult} with\n *   {@link CertID} on success\n */\nexport function validateCertID(\n  input: unknown,\n): ValidationResult<CertID> {\n  return safeValidate(CertIDSchema, input);\n}\n\n/**\n * Validate a {@link Directory} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Directory} on success\n */\nexport function validateDirectory(\n  input: unknown,\n): ValidationResult<Directory> {\n  return safeValidate(DirectorySchema, input);\n}\n\n/**\n * Validate a {@link DirectoryMeta} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link DirectoryMeta} on success\n */\nexport function validateDirectoryMeta(\n  input: unknown,\n): ValidationResult<DirectoryMeta> {\n  return safeValidate(DirectoryMetaSchema, input);\n}\n\n/**\n * Validate a {@link Finalize} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Finalize} on success\n */\nexport function validateFinalize(\n  input: unknown,\n): ValidationResult<Finalize> {\n  return safeValidate(FinalizeSchema, input);\n}\n\n/**\n * Validate a {@link FlattenedJWS} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link FlattenedJWS} on success\n */\nexport function validateFlattenedJWS(\n  input: unknown,\n): ValidationResult<FlattenedJWS> {\n  return safeValidate(FlattenedJWSSchema, input);\n}\n\n/**\n * Validate a {@link JWSProtectedHeader} payload.\n *\n * @param input - decoded protected header JSON\n * @returns {@link ValidationResult} with\n *   {@link JWSProtectedHeader} on success\n */\nexport function validateJWSProtectedHeader(\n  input: unknown,\n): ValidationResult<JWSProtectedHeader> {\n  return safeValidate(\n    JWSProtectedHeaderSchema, input,\n  );\n}\n\n/**\n * Validate an {@link ACMEProtectedHeader} payload.\n *\n * @param input - decoded protected header JSON\n * @returns {@link ValidationResult} with\n *   {@link ACMEProtectedHeader} on success\n */\nexport function validateACMEProtectedHeader(\n  input: unknown,\n): ValidationResult<ACMEProtectedHeader> {\n  return safeValidate(\n    ACMEProtectedHeaderSchema, input,\n  );\n}\n\n/**\n * Validate an {@link ACMERequestHeader} payload.\n *\n * @param input - decoded protected header JSON\n * @returns {@link ValidationResult} with\n *   {@link ACMERequestHeader} on success\n */\nexport function validateACMERequestHeader(\n  input: unknown,\n): ValidationResult<ACMERequestHeader> {\n  return safeValidate(\n    ACMERequestHeaderSchema, input,\n  );\n}\n\n/**\n * Validate an {@link Identifier} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Identifier} on success\n */\nexport function validateIdentifier(\n  input: unknown,\n): ValidationResult<Identifier> {\n  return safeValidate(IdentifierSchema, input);\n}\n\n/**\n * Validate an {@link Order} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Order} on success\n */\nexport function validateOrder(\n  input: unknown,\n): ValidationResult<Order> {\n  return safeValidate(OrderSchema, input);\n}\n\n/**\n * Validate a {@link Problem} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Problem} on success\n */\nexport function validateProblem(\n  input: unknown,\n): ValidationResult<Problem> {\n  return safeValidate(ProblemSchema, input);\n}\n\n/**\n * Validate a {@link RenewalInfo} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link RenewalInfo} on success\n */\nexport function validateRenewalInfo(\n  input: unknown,\n): ValidationResult<RenewalInfo> {\n  return safeValidate(RenewalInfoSchema, input);\n}\n\n/**\n * Validate a {@link RevokeCert} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link RevokeCert} on success\n */\nexport function validateRevokeCert(\n  input: unknown,\n): ValidationResult<RevokeCert> {\n  return safeValidate(RevokeCertSchema, input);\n}\n\n/**\n * Validate a {@link Subproblem} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link Subproblem} on success\n */\nexport function validateSubproblem(\n  input: unknown,\n): ValidationResult<Subproblem> {\n  return safeValidate(SubproblemSchema, input);\n}\n\n/**\n * Validate a {@link JWK} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link JWK} on success\n */\nexport function validateJWK(\n  input: unknown,\n): ValidationResult<JWK> {\n  return safeValidate(JWKSchema, input);\n}\n\n/**\n * Validate a {@link KeyChange} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link KeyChange} on success\n */\nexport function validateKeyChange(\n  input: unknown,\n): ValidationResult<KeyChange> {\n  return safeValidate(KeyChangeSchema, input);\n}\n\n/**\n * Validate a {@link NewAccount} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link NewAccount} on success\n */\nexport function validateNewAccount(\n  input: unknown,\n): ValidationResult<NewAccount> {\n  return safeValidate(NewAccountSchema, input);\n}\n\n/**\n * Validate a {@link DeactivateAccount} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link DeactivateAccount} on success\n */\nexport function validateDeactivateAccount(\n  input: unknown,\n): ValidationResult<DeactivateAccount> {\n  return safeValidate(\n    DeactivateAccountSchema, input,\n  );\n}\n\n/**\n * Validate a {@link NewOrder} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link NewOrder} on success\n */\nexport function validateNewOrder(\n  input: unknown,\n): ValidationResult<NewOrder> {\n  return safeValidate(NewOrderSchema, input);\n}\n\n/**\n * Validate a {@link NewAuthz} payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link NewAuthz} on success\n */\nexport function validateNewAuthz(\n  input: unknown,\n): ValidationResult<NewAuthz> {\n  return safeValidate(NewAuthzSchema, input);\n}\n\n/**\n * Validate a {@link DeactivateAuthorization}\n * payload.\n *\n * @param input - parsed JSON\n * @returns {@link ValidationResult} with\n *   {@link DeactivateAuthorization} on success\n */\nexport function validateDeactivateAuthorization(\n  input: unknown,\n): ValidationResult<DeactivateAuthorization> {\n  return safeValidate(\n    DeactivateAuthorizationSchema, input,\n  );\n}\n"],"names":[],"mappings":";;;AAKA,MAAM,SAAA,GAAY,kBAAA;AAGlB,MAAM,gBAAA,GAAmB,kBAAA;AAOlB,MAAM,kBAAkB,CAAA,CAAE,IAAA;AAAA,EAC/B,EAAE,MAAA,EAAO;AAAA,EACT,CAAA,CAAE,MAAM,SAAS,CAAA;AAAA,EACjB,CAAA,CAAE,KAAA;AAAA,IACA,CAAC,CAAA,KAAM,CAAA,CAAE,MAAA,GAAS,CAAA,KAAM,CAAA;AAAA,IACxB;AAAA;AAEJ;AAQO,MAAM,yBAAyB,CAAA,CAAE,IAAA;AAAA,EACtC,EAAE,MAAA,EAAO;AAAA,EACT,CAAA,CAAE,MAAM,gBAAgB,CAAA;AAAA,EACxB,CAAA,CAAE,KAAA;AAAA,IACA,CAAC,CAAA,KAAM,CAAA,KAAM,EAAA,IAAM,CAAA,CAAE,SAAS,CAAA,KAAM,CAAA;AAAA,IACpC;AAAA;AAEJ;;AChCA,MAAM,OAAA,GAAU;AAAA,EACd,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5B,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5B,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5B,SAAA,EAAW,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,IAAA;AAAA,IACtB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,MAAA,EAAQ,CAAA;AAAA,IAAG,EAAE,QAAA;AAAS,GACjC,CAAA;AAAA,EACD,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5B,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,IAAA;AAAA,IAClB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,MAAA,EAAQ,CAAA;AAAA,IAAG,EAAE,QAAA;AAAS,GACjC,CAAA;AAAA,EACD,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5B,UAAA,EAAY,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ;AACnC,CAAA;AAaO,MAAM,SAAA,GAAY,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO;AAAA,EACxC,EAAE,WAAA,CAAY;AAAA,IACZ,GAAA,EAAK,CAAA,CAAE,OAAA,CAAQ,IAAI,CAAA;AAAA,IACnB,GAAA,EAAK,EAAE,MAAA,EAAO;AAAA,IACd,CAAA,EAAG,EAAE,MAAA,EAAO;AAAA,IACZ,CAAA,EAAG,EAAE,MAAA,EAAO;AAAA,IACZ,GAAG;AAAA,GACJ,CAAA;AAAA,EACD,EAAE,WAAA,CAAY;AAAA,IACZ,GAAA,EAAK,CAAA,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,IACpB,GAAA,EAAK,EAAE,MAAA,EAAO;AAAA,IACd,CAAA,EAAG,EAAE,MAAA,EAAO;AAAA,IACZ,GAAG;AAAA,GACJ,CAAA;AAAA,EACD,EAAE,WAAA,CAAY;AAAA,IACZ,GAAA,EAAK,CAAA,CAAE,OAAA,CAAQ,KAAK,CAAA;AAAA,IACpB,CAAA,EAAG,EAAE,MAAA,EAAO;AAAA,IACZ,CAAA,EAAG,EAAE,MAAA,EAAO;AAAA,IACZ,GAAG;AAAA,GACJ;AACH,CAAC;;AC/BM,MAAM,kBAAA,GAAqB,EAAE,YAAA,CAAa;AAAA,EAC/C,SAAA,EAAW,eAAA;AAAA,EACX,OAAA,EAAS,sBAAA;AAAA,EACT,SAAA,EAAW;AACb,CAAC;AAGD,MAAM,sBAAA,GAAyB;AAAA,EAC7B,GAAA,EAAK,EAAE,MAAA,EAAO;AAAA,EACd,GAAA,EAAK,CAAA,CAAE,QAAA,CAAS,SAAS,CAAA;AAAA,EACzB,GAAA,EAAK,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ;AAC5B,CAAA;AAWO,MAAM,wBAAA,GAA2B,EAAE,WAAA,CAAY;AAAA,EACpD,GAAG;AACL,CAAC;AAYM,MAAM,yBAAA,GAA4B,EAAE,WAAA,CAAY;AAAA,EACrD,GAAG,sBAAA;AAAA,EACH,KAAA,EAAO,EAAE,MAAA,EAAO;AAAA,EAChB,GAAA,EAAK,EAAE,MAAA;AACT,CAAC;AAGD,MAAM,qBAAA,GAAwB;AAAA,EAC5B,GAAA,EAAK,EAAE,MAAA,EAAO;AAAA,EACd,KAAA,EAAO,EAAE,MAAA,EAAO;AAAA,EAChB,GAAA,EAAK,EAAE,MAAA;AACT,CAAA;AAaO,MAAM,0BAA0B,CAAA,CAAE,IAAA;AAAA,EACvC,EAAE,KAAA,CAAM;AAAA,IACN,EAAE,WAAA,CAAY;AAAA,MACZ,GAAG,qBAAA;AAAA,MACH,GAAA,EAAK;AAAA,KACN,CAAA;AAAA,IACD,EAAE,WAAA,CAAY;AAAA,MACZ,GAAG,qBAAA;AAAA,MACH,GAAA,EAAK,EAAE,MAAA;AAAO,KACf;AAAA,GACF,CAAA;AAAA,EACD,CAAA,CAAE,KAAA;AAAA,IACA,CAAC,KAAA,KAAU,EAAE,KAAA,IAAS,SAAS,KAAA,IAAS,KAAA,CAAA;AAAA,IACxC;AAAA;AAEJ;;AC3EO,MAAM,aAAA,GAAgB,EAAE,WAAA,CAAY;AAAA,EACzC,MAAA,EAAQ,CAAA,CAAE,QAAA,CAAS,eAAe,CAAA;AAAA,EAClC,OAAA,EAAS,EAAE,QAAA,CAAS,CAAA,CAAE,MAAM,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA;AAAA,EACvC,oBAAA,EAAsB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,SAAS,CAAA;AAAA,EAC5C,sBAAA,EAAwB,CAAA,CAAE,QAAA,CAAS,kBAAkB,CAAA;AAAA,EACrD,MAAA,EAAQ,EAAE,MAAA;AACZ,CAAC;;ACnBD,MAAM,gBAAA,GAAmB;AAAA,EACvB,IAAA,EAAM,CAAA,CAAE,QAAA,CAAS,eAAe,CAAA;AAAA,EAChC,KAAA,EAAO,EAAE,IAAA,CAAK,CAAA,CAAE,QAAO,EAAG,CAAA,CAAE,SAAA,CAAU,CAAC,CAAC;AAC1C,CAAA;AAWO,MAAM,mBAAmB,CAAA,CAAE,WAAA;AAAA,EAChC;AACF;AAaO,MAAM,yBAAyB,CAAA,CAAE,YAAA;AAAA,EACtC;AACF;;ACxBO,MAAM,gBAAA,GAAmB,EAAE,WAAA,CAAY;AAAA,EAC5C,IAAA,EAAM,EAAE,MAAA,EAAO;AAAA,EACf,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5B,MAAA,EAAQ,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC7B,QAAQ,CAAA,CAAE,QAAA;AAAA,IACR,CAAA,CAAE,IAAA,CAAK,CAAA,CAAE,MAAA,IAAU,CAAA,CAAE,OAAA,EAAQ,EAAG,CAAA,CAAE,SAAS,GAAG,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,GAAG,CAAC;AAAA,GAClE;AAAA,EACA,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC/B,UAAA,EAAY,CAAA,CAAE,QAAA,CAAS,gBAAgB;AACzC,CAAC;AAcM,MAAM,aAAA,GAAgB,EAAE,WAAA,CAAY;AAAA,EACzC,IAAA,EAAM,EAAE,MAAA,EAAO;AAAA,EACf,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC5B,MAAA,EAAQ,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC7B,QAAQ,CAAA,CAAE,QAAA;AAAA,IACR,CAAA,CAAE,IAAA,CAAK,CAAA,CAAE,MAAA,IAAU,CAAA,CAAE,OAAA,EAAQ,EAAG,CAAA,CAAE,SAAS,GAAG,CAAA,EAAG,CAAA,CAAE,QAAA,CAAS,GAAG,CAAC;AAAA,GAClE;AAAA,EACA,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC/B,UAAA,EAAY,CAAA,CAAE,QAAA,CAAS,gBAAgB,CAAA;AAAA,EACvC,aAAa,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,KAAA,CAAM,gBAAgB,CAAC;AACnD,CAAC;;ACpCD,MAAM,aAAA,GAAgB;AAAA,EACpB,GAAA,EAAK,EAAE,MAAA,EAAO;AAAA,EACd,MAAA,EAAQ,CAAA,CAAE,QAAA,CAAS,iBAAiB,CAAA;AAAA,EACpC,SAAA,EAAW,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAChC,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,aAAa,CAAA;AAAA,EAC/B,KAAA,EAAO,EAAE,MAAA;AACX,CAAA;AAcO,MAAM,eAAA,GAAkB,CAAA,CAAE,OAAA,CAAQ,MAAA,EAAQ;AAAA,EAC/C,EAAE,WAAA,CAAY;AAAA,IACZ,GAAG,aAAA;AAAA,IACH,IAAA,EAAM,CAAA,CAAE,OAAA,CAAQ,QAAQ;AAAA,GACzB,CAAA;AAAA,EACD,EAAE,WAAA,CAAY;AAAA,IACZ,GAAG,aAAA;AAAA,IACH,IAAA,EAAM,CAAA,CAAE,OAAA,CAAQ,SAAS;AAAA,GAC1B,CAAA;AAAA,EACD,EAAE,WAAA,CAAY;AAAA,IACZ,GAAG,aAAA;AAAA,IACH,IAAA,EAAM,CAAA,CAAE,OAAA,CAAQ,aAAa;AAAA,GAC9B;AACH,CAAC;;AC/BD,MAAM,6BAA6B,qBAAA,CAAsB,MAAA;AAAA,EACvD,CAAC,CAAA,KACC,CAAA,KAAM,SAAA,IAAa,CAAA,KAAM;AAC7B,CAAA;AAGA,MAAM,iBAAA,GAAoB;AAAA,EACxB,UAAA,EAAY,gBAAA;AAAA,EACZ,UAAA,EAAY,CAAA,CAAE,KAAA,CAAM,eAAe,CAAA;AAAA,EACnC,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,SAAS;AAClC,CAAA;AAYO,MAAM,mBAAA,GAAsB,CAAA,CAAE,OAAA,CAAQ,QAAA,EAAU;AAAA,EACrD,EAAE,WAAA,CAAY;AAAA,IACZ,GAAG,iBAAA;AAAA,IACH,MAAA,EAAQ,CAAA,CAAE,OAAA,CAAQ,SAAS,CAAA;AAAA,IAC3B,OAAA,EAAS,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ;AAAA,GAC/B,CAAA;AAAA,EACD,EAAE,WAAA,CAAY;AAAA,IACZ,GAAG,iBAAA;AAAA,IACH,MAAA,EAAQ,CAAA,CAAE,OAAA,CAAQ,OAAO,CAAA;AAAA,IACzB,OAAA,EAAS,EAAE,MAAA;AAAO,GACnB,CAAA;AAAA,EACD,EAAE,WAAA,CAAY;AAAA,IACZ,GAAG,iBAAA;AAAA,IACH,MAAA,EAAQ,CAAA,CAAE,QAAA,CAAS,0BAA0B,CAAA;AAAA,IAC7C,OAAA,EAAS,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ;AAAA,GAC/B;AACH,CAAC;;ACrCM,MAAM,mBAAA,GAAsB,EAAE,WAAA,CAAY;AAAA,EAC/C,cAAA,EAAgB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EACrC,OAAA,EAAS,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC9B,aAAA,EAAe,EAAE,QAAA,CAAS,CAAA,CAAE,MAAM,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA;AAAA,EAC7C,uBAAA,EAAyB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,SAAS,CAAA;AAAA,EAC/C,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,MAAA,CAAO,CAAA,CAAE,MAAA,EAAO,EAAG,CAAA,CAAE,MAAA,EAAQ,CAAC;AACvD,CAAC;AAUM,MAAM,eAAA,GAAkB,EAAE,WAAA,CAAY;AAAA,EAC3C,QAAA,EAAU,EAAE,MAAA,EAAO;AAAA,EACnB,UAAA,EAAY,EAAE,MAAA,EAAO;AAAA,EACrB,QAAA,EAAU,EAAE,MAAA,EAAO;AAAA,EACnB,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC/B,UAAA,EAAY,EAAE,MAAA,EAAO;AAAA,EACrB,SAAA,EAAW,EAAE,MAAA,EAAO;AAAA,EACpB,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAClC,IAAA,EAAM,CAAA,CAAE,QAAA,CAAS,mBAAmB;AACtC,CAAC;;ACxBM,MAAM,cAAA,GAAiB,EAAE,YAAA,CAAa;AAAA,EAC3C,GAAA,EAAK;AACP,CAAC;;ACFM,MAAM,eAAA,GAAkB,EAAE,YAAA,CAAa;AAAA,EAC5C,OAAA,EAAS,EAAE,MAAA,EAAO;AAAA,EAClB,MAAA,EAAQ;AACV,CAAC;;ACHM,MAAM,gBAAA,GAAmB,EAAE,YAAA,CAAa;AAAA,EAC7C,OAAA,EAAS,EAAE,QAAA,CAAS,CAAA,CAAE,MAAM,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA;AAAA,EACvC,oBAAA,EAAsB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,SAAS,CAAA;AAAA,EAC5C,kBAAA,EAAoB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,SAAS,CAAA;AAAA,EAC1C,wBAAwB,CAAA,CAAE,QAAA;AAAA,IACxB;AAAA;AAEJ,CAAC;AAYM,MAAM,uBAAA,GACX,EAAE,YAAA,CAAa;AAAA,EACb,MAAA,EAAQ,CAAA,CAAE,OAAA,CAAQ,aAAa;AACjC,CAAC;;ACtBI,MAAM,cAAA,GAAiB,EAAE,YAAA,CAAa;AAAA,EAC3C,UAAA,EAAY;AACd,CAAC;AAYM,MAAM,6BAAA,GACX,EAAE,YAAA,CAAa;AAAA,EACb,MAAA,EAAQ,CAAA,CAAE,OAAA,CAAQ,aAAa;AACjC,CAAC;;AC3BH,MAAM,wBAAwB,CAAA,CAAE,IAAA;AAAA,EAC9B,EAAE,YAAA,CAAa;AAAA,IACb,KAAA,EAAO,EAAE,IAAA,CAAK,CAAA,CAAE,QAAO,EAAG,CAAA,CAAE,cAAc,CAAA;AAAA,IAC1C,GAAA,EAAK,EAAE,IAAA,CAAK,CAAA,CAAE,QAAO,EAAG,CAAA,CAAE,cAAc;AAAA,GACzC,CAAA;AAAA,EACD,CAAA,CAAE,KAAA;AAAA,IACA,CAAC,KAAA,KAAU,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,KAAK,CAAA,GAAI,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,GAAG,CAAA;AAAA,IACzD;AAAA;AAEJ,CAAA;AAUO,MAAM,iBAAA,GAAoB,EAAE,WAAA,CAAY;AAAA,EAC7C,eAAA,EAAiB,qBAAA;AAAA,EACjB,cAAA,EAAgB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ;AACvC,CAAC;AAQD,MAAM,aAAA,GAAgB,kCAAA;AAWf,MAAM,eAAe,CAAA,CAAE,IAAA;AAAA,EAC5B,EAAE,MAAA,EAAO;AAAA,EACT,CAAA,CAAE,MAAM,aAAa;AACvB;;AC/BO,MAAM,cAAA,GAAiB,EAAE,YAAA,CAAa;AAAA,EAC3C,aAAa,CAAA,CAAE,IAAA;AAAA,IACb,CAAA,CAAE,MAAM,sBAAsB,CAAA;AAAA,IAAG,CAAA,CAAE,UAAU,CAAC;AAAA,GAChD;AAAA,EACA,SAAA,EAAW,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAChC,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC/B,OAAA,EAAS,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC9B,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,YAAY;AACnC,CAAC;;ACNM,MAAM,WAAA,GAAc,EAAE,WAAA,CAAY;AAAA,EACvC,MAAA,EAAQ,CAAA,CAAE,QAAA,CAAS,aAAa,CAAA;AAAA,EAChC,OAAA,EAAS,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC9B,WAAA,EAAa,CAAA,CAAE,KAAA,CAAM,gBAAgB,CAAA;AAAA,EACrC,SAAA,EAAW,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAChC,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAC/B,KAAA,EAAO,CAAA,CAAE,QAAA,CAAS,aAAa,CAAA;AAAA,EAC/B,cAAA,EAAgB,CAAA,CAAE,KAAA,CAAM,CAAA,CAAE,QAAQ,CAAA;AAAA,EAClC,QAAA,EAAU,EAAE,MAAA,EAAO;AAAA,EACnB,WAAA,EAAa,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ,CAAA;AAAA,EAClC,QAAA,EAAU,CAAA,CAAE,QAAA,CAAS,YAAY,CAAA;AAAA,EACjC,OAAA,EAAS,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAQ;AAChC,CAAC;;ACjBM,MAAM,gBAAA,GAAmB,EAAE,YAAA,CAAa;AAAA,EAC7C,WAAA,EAAa,eAAA;AAAA,EACb,MAAA,EAAQ,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,IAAA;AAAA,IACnB,EAAE,MAAA,EAAO;AAAA,IACT,EAAE,OAAA,EAAQ;AAAA,IACV,CAAA,CAAE,QAAA,CAAS,CAAC,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,CAAA,EAAG,EAAE,CAAC;AAAA,GAC3C;AACH,CAAC;;ACgKD,SAAS,YAAA,CAMP,QACA,KAAA,EACqB;AACrB,EAAA,MAAM,MAAA,GAAS,CAAA,CAAE,SAAA,CAAU,MAAA,EAAQ,KAAK,CAAA;AAExC,EAAA,OAAO,MAAA,CAAO,OAAA,GACZ,EAAE,OAAA,EAAS,MAAM,IAAA,EAAM,MAAA,CAAO,MAAA,EAAY,GAC1C,EAAE,OAAA,EAAS,KAAA,EAAO,MAAA,EAAQ,OAAO,MAAA,EAAO;AAC5C;AASO,SAAS,kBACd,KAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,iBAAiB,KAAK,CAAA;AAC5C;AAUO,SAAS,yBACd,KAAA,EAC0B;AAC1B,EAAA,OAAO,YAAA,CAAa,wBAAwB,KAAK,CAAA;AACnD;AASO,SAAS,gBACd,KAAA,EAC2B;AAC3B,EAAA,OAAO,YAAA,CAAa,eAAe,KAAK,CAAA;AAC1C;AASO,SAAS,sBACd,KAAA,EACiC;AACjC,EAAA,OAAO,YAAA,CAAa,qBAAqB,KAAK,CAAA;AAChD;AASO,SAAS,kBACd,KAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,iBAAiB,KAAK,CAAA;AAC5C;AASO,SAAS,eACd,KAAA,EAC0B;AAC1B,EAAA,OAAO,YAAA,CAAa,cAAc,KAAK,CAAA;AACzC;AASO,SAAS,kBACd,KAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,iBAAiB,KAAK,CAAA;AAC5C;AASO,SAAS,sBACd,KAAA,EACiC;AACjC,EAAA,OAAO,YAAA,CAAa,qBAAqB,KAAK,CAAA;AAChD;AASO,SAAS,iBACd,KAAA,EAC4B;AAC5B,EAAA,OAAO,YAAA,CAAa,gBAAgB,KAAK,CAAA;AAC3C;AASO,SAAS,qBACd,KAAA,EACgC;AAChC,EAAA,OAAO,YAAA,CAAa,oBAAoB,KAAK,CAAA;AAC/C;AASO,SAAS,2BACd,KAAA,EACsC;AACtC,EAAA,OAAO,YAAA;AAAA,IACL,wBAAA;AAAA,IAA0B;AAAA,GAC5B;AACF;AASO,SAAS,4BACd,KAAA,EACuC;AACvC,EAAA,OAAO,YAAA;AAAA,IACL,yBAAA;AAAA,IAA2B;AAAA,GAC7B;AACF;AASO,SAAS,0BACd,KAAA,EACqC;AACrC,EAAA,OAAO,YAAA;AAAA,IACL,uBAAA;AAAA,IAAyB;AAAA,GAC3B;AACF;AASO,SAAS,mBACd,KAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,kBAAkB,KAAK,CAAA;AAC7C;AASO,SAAS,cACd,KAAA,EACyB;AACzB,EAAA,OAAO,YAAA,CAAa,aAAa,KAAK,CAAA;AACxC;AASO,SAAS,gBACd,KAAA,EAC2B;AAC3B,EAAA,OAAO,YAAA,CAAa,eAAe,KAAK,CAAA;AAC1C;AASO,SAAS,oBACd,KAAA,EAC+B;AAC/B,EAAA,OAAO,YAAA,CAAa,mBAAmB,KAAK,CAAA;AAC9C;AASO,SAAS,mBACd,KAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,kBAAkB,KAAK,CAAA;AAC7C;AASO,SAAS,mBACd,KAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,kBAAkB,KAAK,CAAA;AAC7C;AASO,SAAS,YACd,KAAA,EACuB;AACvB,EAAA,OAAO,YAAA,CAAa,WAAW,KAAK,CAAA;AACtC;AASO,SAAS,kBACd,KAAA,EAC6B;AAC7B,EAAA,OAAO,YAAA,CAAa,iBAAiB,KAAK,CAAA;AAC5C;AASO,SAAS,mBACd,KAAA,EAC8B;AAC9B,EAAA,OAAO,YAAA,CAAa,kBAAkB,KAAK,CAAA;AAC7C;AASO,SAAS,0BACd,KAAA,EACqC;AACrC,EAAA,OAAO,YAAA;AAAA,IACL,uBAAA;AAAA,IAAyB;AAAA,GAC3B;AACF;AASO,SAAS,iBACd,KAAA,EAC4B;AAC5B,EAAA,OAAO,YAAA,CAAa,gBAAgB,KAAK,CAAA;AAC3C;AASO,SAAS,iBACd,KAAA,EAC4B;AAC5B,EAAA,OAAO,YAAA,CAAa,gBAAgB,KAAK,CAAA;AAC3C;AAUO,SAAS,gCACd,KAAA,EAC2C;AAC3C,EAAA,OAAO,YAAA;AAAA,IACL,6BAAA;AAAA,IAA+B;AAAA,GACjC;AACF;;;;"}

package/dist/server.d.mts

@@ -0,0 +1 @@
+export { VERSION } from './index.mjs';

package/dist/server.d.ts

@@ -0,0 +1 @@
+export { VERSION } from './index.js';

package/dist/server.mjs

@@ -0,0 +1,2 @@
+export { VERSION } from './index.mjs';
+//# sourceMappingURL=server.mjs.map

package/dist/server.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":""}

package/dist/shared/acme.BvAs3CeC.mjs

@@ -0,0 +1,36 @@
+const identifierTypes = ["dns", "ip"];
+const IdentifierTypes = new Set(identifierTypes);
+
+const orderStatuses = [
+  "pending",
+  "ready",
+  "processing",
+  "valid",
+  "invalid"
+];
+const OrderStatuses = new Set(orderStatuses);
+const authorizationStatuses = [
+  "pending",
+  "valid",
+  "invalid",
+  "deactivated",
+  "expired",
+  "revoked"
+];
+const AuthorizationStatuses = new Set(authorizationStatuses);
+const challengeStatuses = [
+  "pending",
+  "processing",
+  "valid",
+  "invalid"
+];
+const ChallengeStatuses = new Set(challengeStatuses);
+const accountStatuses = [
+  "valid",
+  "deactivated",
+  "revoked"
+];
+const AccountStatuses = new Set(accountStatuses);
+
+export { AccountStatuses as A, ChallengeStatuses as C, IdentifierTypes as I, OrderStatuses as O, AuthorizationStatuses as a, accountStatuses as b, authorizationStatuses as c, challengeStatuses as d, identifierTypes as i, orderStatuses as o };
+//# sourceMappingURL=acme.BvAs3CeC.mjs.map

package/dist/shared/acme.BvAs3CeC.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"acme.BvAs3CeC.mjs","sources":["../../src/types/constants/identifier-type.ts","../../src/types/constants/status.ts"],"sourcesContent":["// ACME identifier type constants (RFC 8555 + RFC 8738)\n\n/** Identifier type values. */\nexport const identifierTypes = ['dns', 'ip'] as const;\n\n/**\n * Identifier type union.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-9.7.7}\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8738}\n */\nexport type IdentifierType = (typeof identifierTypes)[number];\n\n/** Runtime set of valid identifier types. */\nexport const IdentifierTypes: ReadonlySet<IdentifierType> = new Set(identifierTypes);\n","// ACME object status constants (RFC 8555)\n\n/** Order status values (RFC 8555 §7.1.3). */\nexport const orderStatuses = [\n  'pending',\n  'ready',\n  'processing',\n  'valid',\n  'invalid',\n] as const;\n\n/**\n * Order status union type.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.3}\n */\nexport type OrderStatus = (typeof orderStatuses)[number];\n\n/** Runtime set of valid order statuses. */\nexport const OrderStatuses: ReadonlySet<OrderStatus> = new Set(orderStatuses);\n\n/** Authorization status values (RFC 8555 §7.1.4). */\nexport const authorizationStatuses = [\n  'pending',\n  'valid',\n  'invalid',\n  'deactivated',\n  'expired',\n  'revoked',\n] as const;\n\n/**\n * Authorisation status union type.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.4}\n */\nexport type AuthorizationStatus = (typeof authorizationStatuses)[number];\n\n/** Runtime set of valid authorisation statuses. */\nexport const AuthorizationStatuses: ReadonlySet<AuthorizationStatus> = new Set(authorizationStatuses);\n\n/** Challenge status values (RFC 8555 §7.1.5). */\nexport const challengeStatuses = [\n  'pending',\n  'processing',\n  'valid',\n  'invalid',\n] as const;\n\n/**\n * Challenge status union type.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.5}\n */\nexport type ChallengeStatus = (typeof challengeStatuses)[number];\n\n/** Runtime set of valid challenge statuses. */\nexport const ChallengeStatuses: ReadonlySet<ChallengeStatus> = new Set(challengeStatuses);\n\n/** Account status values (RFC 8555 §7.1.2). */\nexport const accountStatuses = [\n  'valid',\n  'deactivated',\n  'revoked',\n] as const;\n\n/**\n * Account status union type.\n *\n * @see {@link https://datatracker.ietf.org/doc/html/rfc8555#section-7.1.2}\n */\nexport type AccountStatus = (typeof accountStatuses)[number];\n\n/** Runtime set of valid account statuses. */\nexport const AccountStatuses: ReadonlySet<AccountStatus> = new Set(accountStatuses);\n"],"names":[],"mappings":"AAGO,MAAM,eAAA,GAAkB,CAAC,KAAA,EAAO,IAAI;AAWpC,MAAM,eAAA,GAA+C,IAAI,GAAA,CAAI,eAAe;;ACX5E,MAAM,aAAA,GAAgB;AAAA,EAC3B,SAAA;AAAA,EACA,OAAA;AAAA,EACA,YAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAUO,MAAM,aAAA,GAA0C,IAAI,GAAA,CAAI,aAAa;AAGrE,MAAM,qBAAA,GAAwB;AAAA,EACnC,SAAA;AAAA,EACA,OAAA;AAAA,EACA,SAAA;AAAA,EACA,aAAA;AAAA,EACA,SAAA;AAAA,EACA;AACF;AAUO,MAAM,qBAAA,GAA0D,IAAI,GAAA,CAAI,qBAAqB;AAG7F,MAAM,iBAAA,GAAoB;AAAA,EAC/B,SAAA;AAAA,EACA,YAAA;AAAA,EACA,OAAA;AAAA,EACA;AACF;AAUO,MAAM,iBAAA,GAAkD,IAAI,GAAA,CAAI,iBAAiB;AAGjF,MAAM,eAAA,GAAkB;AAAA,EAC7B,OAAA;AAAA,EACA,aAAA;AAAA,EACA;AACF;AAUO,MAAM,eAAA,GAA8C,IAAI,GAAA,CAAI,eAAe;;;;"}