@keetanetwork/anchor 0.0.45 → 0.0.48

package/lib/token-metadata.generated.js

@@ -0,0 +1,70 @@
+import * as __typia_transform__assertGuard from "typia/lib/internal/_assertGuard.js";
+import * as __typia_transform__jsonStringifyString from "typia/lib/internal/_jsonStringifyString.js";
+import * as __typia_transform__throwTypeGuardError from "typia/lib/internal/_throwTypeGuardError.js";
+import { createAssert, json } from "typia";
+export const parseTokenMetadataJSON = (() => { const _io0 = input => ("string" === typeof input.decimalPlaces || "number" === typeof input.decimalPlaces) && (undefined === input.logoURI || "string" === typeof input.logoURI); const _ao0 = (input, _path, _exceptionable = true) => ("string" === typeof input.decimalPlaces || "number" === typeof input.decimalPlaces || __typia_transform__assertGuard._assertGuard(_exceptionable, {
+    method: "json.createAssertParse",
+    path: _path + ".decimalPlaces",
+    expected: "(number | string)",
+    value: input.decimalPlaces
+}, _errorFactory)) && (undefined === input.logoURI || "string" === typeof input.logoURI || __typia_transform__assertGuard._assertGuard(_exceptionable, {
+    method: "json.createAssertParse",
+    path: _path + ".logoURI",
+    expected: "(string | undefined)",
+    value: input.logoURI
+}, _errorFactory)); const __is = input => "object" === typeof input && null !== input && _io0(input); let _errorFactory; const __assert = (input, errorFactory) => {
+    if (false === __is(input)) {
+        _errorFactory = errorFactory;
+        ((input, _path, _exceptionable = true) => ("object" === typeof input && null !== input || __typia_transform__assertGuard._assertGuard(true, {
+            method: "json.createAssertParse",
+            path: _path + "",
+            expected: "TokenMetadataJSON",
+            value: input
+        }, _errorFactory)) && _ao0(input, _path + "", true) || __typia_transform__assertGuard._assertGuard(true, {
+            method: "json.createAssertParse",
+            path: _path + "",
+            expected: "TokenMetadataJSON",
+            value: input
+        }, _errorFactory))(input, "$input", true);
+    }
+    return input;
+}; return (input, errorFactory) => __assert(JSON.parse(input), errorFactory); })();
+export const stringifyTokenMetadataJSON = (() => { const _so0 = input => `{${undefined === input.logoURI ? "" : `"logoURI":${undefined !== input.logoURI ? __typia_transform__jsonStringifyString._jsonStringifyString(input.logoURI) : undefined},`}"decimalPlaces":${(() => {
+    if ("string" === typeof input.decimalPlaces)
+        return __typia_transform__jsonStringifyString._jsonStringifyString(input.decimalPlaces);
+    if ("number" === typeof input.decimalPlaces)
+        return input.decimalPlaces;
+    __typia_transform__throwTypeGuardError._throwTypeGuardError({
+        method: "json.createStringify",
+        expected: "(number | string)",
+        value: input.decimalPlaces
+    });
+})()}}`; return input => _so0(input); })();
+export const assertTokenMetadataJSON = (() => { const _io0 = input => ("string" === typeof input.decimalPlaces || "number" === typeof input.decimalPlaces) && (undefined === input.logoURI || "string" === typeof input.logoURI); const _ao0 = (input, _path, _exceptionable = true) => ("string" === typeof input.decimalPlaces || "number" === typeof input.decimalPlaces || __typia_transform__assertGuard._assertGuard(_exceptionable, {
+    method: "createAssert",
+    path: _path + ".decimalPlaces",
+    expected: "(number | string)",
+    value: input.decimalPlaces
+}, _errorFactory)) && (undefined === input.logoURI || "string" === typeof input.logoURI || __typia_transform__assertGuard._assertGuard(_exceptionable, {
+    method: "createAssert",
+    path: _path + ".logoURI",
+    expected: "(string | undefined)",
+    value: input.logoURI
+}, _errorFactory)); const __is = input => "object" === typeof input && null !== input && _io0(input); let _errorFactory; return (input, errorFactory) => {
+    if (false === __is(input)) {
+        _errorFactory = errorFactory;
+        ((input, _path, _exceptionable = true) => ("object" === typeof input && null !== input || __typia_transform__assertGuard._assertGuard(true, {
+            method: "createAssert",
+            path: _path + "",
+            expected: "TokenMetadataJSON",
+            value: input
+        }, _errorFactory)) && _ao0(input, _path + "", true) || __typia_transform__assertGuard._assertGuard(true, {
+            method: "createAssert",
+            path: _path + "",
+            expected: "TokenMetadataJSON",
+            value: input
+        }, _errorFactory))(input, "$input", true);
+    }
+    return input;
+}; })();
+//# sourceMappingURL=token-metadata.generated.js.map

package/lib/token-metadata.generated.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-metadata.generated.js","sourceRoot":"","sources":["../../src/lib/token-metadata.generated.ts"],"names":[],"mappings":";;;AAAA,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC;AAG3C,MAAM,CAAC,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;kFAAoF,CAAC;AACxH,MAAM,CAAC,MAAM,0BAA0B;;;;;;;;;;0CAAkF,CAAC;AAC1H,MAAM,CAAC,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;;OAA2E,CAAC","sourcesContent":["import { createAssert, json } from \"typia\";\nimport type { TokenMetadataJSON } from \"./token-metadata.js\";\n\nexport const parseTokenMetadataJSON: (input: string) => TokenMetadataJSON = json.createAssertParse<TokenMetadataJSON>();\nexport const stringifyTokenMetadataJSON: (input: TokenMetadataJSON) => string = json.createStringify<TokenMetadataJSON>();\nexport const assertTokenMetadataJSON: (input: unknown) => TokenMetadataJSON = createAssert<TokenMetadataJSON>();\n"]}

package/lib/token-metadata.js

@@ -0,0 +1,57 @@
+import { KeetaAnchorUserValidationError } from "./error.js";
+import { parseTokenMetadataJSON, stringifyTokenMetadataJSON } from "./token-metadata.generated.js";
+function parseDecimalPlaces(input) {
+    let valid = true;
+    let value = input;
+    if (typeof value === 'string') {
+        if (value.trim() === '') {
+            valid = false;
+        }
+        value = Number(value);
+    }
+    if (Number.isNaN(value) || value < 0 || !Number.isInteger(value)) {
+        valid = false;
+    }
+    if (!valid) {
+        throw (new KeetaAnchorUserValidationError({
+            fields: [
+                {
+                    path: 'decimalPlaces',
+                    message: `Invalid decimalPlaces value: ${input}`
+                }
+            ]
+        }));
+    }
+    return (value);
+}
+/**
+ * Parse token metadata from a base64-encoded JSON string or a TokenMetadataJSON object, returning a TokenMetadata object.
+ * @param encoded the value to parse
+ * @returns the parsed TokenMetadata object
+ */
+export function decodeTokenMetadata(encoded) {
+    let decoded;
+    if (typeof encoded === "string") {
+        decoded = parseTokenMetadataJSON(atob(encoded));
+    }
+    else {
+        decoded = encoded;
+    }
+    return ({
+        ...decoded,
+        decimalPlaces: parseDecimalPlaces(decoded.decimalPlaces)
+    });
+}
+/**
+ * Encodes token metadata into a base64-encoded JSON string.
+ *
+ * @param metadata - The token metadata to encode {@link TokenMetadata}
+ * @returns The base64-encoded JSON string containing the token metadata
+ */
+export function encodeTokenMetadata(metadata) {
+    // Normalize metadata so that decimalPlaces is always a number, ensuring canonical encoding
+    const normalized = decodeTokenMetadata(metadata);
+    const payload = stringifyTokenMetadataJSON(normalized);
+    return (btoa(payload));
+}
+//# sourceMappingURL=token-metadata.js.map

package/lib/token-metadata.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-metadata.js","sourceRoot":"","sources":["../../src/lib/token-metadata.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,8BAA8B,EAAE,MAAM,YAAY,CAAC;AAC5D,OAAO,EAAE,sBAAsB,EAAE,0BAA0B,EAAE,MAAM,+BAA+B,CAAC;AAYnG,SAAS,kBAAkB,CAAC,KAAsB;IACjD,IAAI,KAAK,GAAG,IAAI,CAAC;IAEjB,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAC/B,IAAI,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YACzB,KAAK,GAAG,KAAK,CAAC;QACf,CAAC;QAED,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IACvB,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAClE,KAAK,GAAG,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACZ,MAAK,CAAC,IAAI,8BAA8B,CAAC;YACxC,MAAM,EAAE;gBACP;oBACC,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,gCAAgC,KAAK,EAAE;iBAChD;aACD;SACD,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAM,CAAC,KAAK,CAAC,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAmD;IACtF,IAAI,OAAO,CAAC;IACZ,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QACjC,OAAO,GAAG,sBAAsB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,CAAC;SAAM,CAAC;QACP,OAAO,GAAG,OAAO,CAAC;IACnB,CAAC;IAED,OAAM,CAAC;QACN,GAAG,OAAO;QACV,aAAa,EAAE,kBAAkB,CAAC,OAAO,CAAC,aAAa,CAAC;KACxD,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAA2C;IAC9E,2FAA2F;IAC3F,MAAM,UAAU,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,0BAA0B,CAAC,UAAU,CAAC,CAAC;IACvD,OAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;AACvB,CAAC","sourcesContent":["import { KeetaAnchorUserValidationError } from \"./error.js\";\nimport { parseTokenMetadataJSON, stringifyTokenMetadataJSON } from \"./token-metadata.generated.js\";\n\nexport interface TokenMetadata {\n\tdecimalPlaces: number;\n\tlogoURI?: string;\n}\n\n\nexport interface TokenMetadataJSON extends Omit<TokenMetadata, \"decimalPlaces\"> {\n\tdecimalPlaces: number | string;\n}\n\nfunction parseDecimalPlaces(input: number | string): number {\n\tlet valid = true;\n\n\tlet value = input;\n\tif (typeof value === 'string') {\n\t\tif (value.trim() === '') {\n\t\t\tvalid = false;\n\t\t}\n\n\t\tvalue = Number(value);\n\t}\n\n\tif (Number.isNaN(value) || value < 0 || !Number.isInteger(value)) {\n\t\tvalid = false;\n\t}\n\n\tif (!valid) {\n\t\tthrow(new KeetaAnchorUserValidationError({\n\t\t\tfields: [\n\t\t\t\t{\n\t\t\t\t\tpath: 'decimalPlaces',\n\t\t\t\t\tmessage: `Invalid decimalPlaces value: ${input}`\n\t\t\t\t}\n\t\t\t]\n\t\t}));\n\t}\n\n\treturn(value);\n}\n\n/**\n * Parse token metadata from a base64-encoded JSON string or a TokenMetadataJSON object, returning a TokenMetadata object.\n * @param encoded the value to parse\n * @returns the parsed TokenMetadata object\n */\nexport function decodeTokenMetadata(encoded: string | TokenMetadataJSON | TokenMetadata): TokenMetadata {\n\tlet decoded;\n\tif (typeof encoded === \"string\") {\n\t\tdecoded = parseTokenMetadataJSON(atob(encoded));\n\t} else {\n\t\tdecoded = encoded;\n\t}\n\n\treturn({\n\t\t...decoded,\n\t\tdecimalPlaces: parseDecimalPlaces(decoded.decimalPlaces)\n\t});\n}\n\n/**\n * Encodes token metadata into a base64-encoded JSON string.\n *\n * @param metadata - The token metadata to encode {@link TokenMetadata}\n * @returns The base64-encoded JSON string containing the token metadata\n */\nexport function encodeTokenMetadata(metadata: TokenMetadata | TokenMetadataJSON): string {\n\t// Normalize metadata so that decimalPlaces is always a number, ensuring canonical encoding\n\tconst normalized = decodeTokenMetadata(metadata);\n\tconst payload = stringifyTokenMetadataJSON(normalized);\n\treturn(btoa(payload));\n}\n"]}

package/lib/utils/pii.d.ts

@@ -0,0 +1,128 @@
+import type * as KeetaNetClient from '@keetanetwork/keetanet-client';
+import { type CertificateAttributeValueMap, type CertificateAttributeValue } from '../../services/kyc/iso20022.generated.js';
+import type { CertificateBuilder, Certificate } from '../certificates.js';
+import { SensitiveAttribute } from '../certificates.js';
+import { KeetaAnchorError } from '../error.js';
+type AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];
+type KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;
+/**
+ * Type alias for certificate attribute names
+ */
+export type PIIAttributeNames = keyof CertificateAttributeValueMap;
+/**
+ * PII error codes
+ */
+export type PIIErrorCode = 'PII_ATTRIBUTE_NOT_FOUND' | 'PII_EXTERNAL_ATTRIBUTE';
+/**
+ * Error class for PII-related errors
+ */
+export declare class PIIError extends KeetaAnchorError {
+    static readonly name: string;
+    private readonly PIIErrorObjectTypeID;
+    private static readonly PIIErrorObjectTypeID;
+    readonly code: PIIErrorCode;
+    readonly attributeName: string;
+    constructor(code: PIIErrorCode, attributeName: string, message: string);
+    static isInstance(input: unknown, code?: PIIErrorCode): input is PIIError;
+}
+/**
+ * PIIStore is a secure container for Personally Identifiable Information (PII).
+ *
+ * It encapsulates sensitive data and prevents accidental logging or serialization
+ * by overriding common output methods to return redacted placeholders.
+ *
+ * @example
+ * ```typescript
+ * const store = new PIIStore();
+ * store.setAttribute('firstName', 'John');
+ * store.setAttribute('lastName', 'Doe');
+ *
+ * console.log(store); // '[PIIStore: REDACTED]'
+ * JSON.stringify(store); // '{"type":"PIIStore","message":"REDACTED"}'
+ * ```
+ */
+export declare class PIIStore {
+    #private;
+    constructor();
+    /**
+     * Create a PIIStore from a Certificate, extracting all attributes
+     *
+     * @param certificate - The certificate to extract attributes from
+     *
+     * @returns A new PIIStore populated with the certificate's attributes
+     */
+    static fromCertificate(certificate: Certificate): PIIStore;
+    /**
+     * Set a known certificate attribute
+     *
+     * @param name - The attribute name
+     * @param value - The value to store
+     * @param sensitive - Whether the attribute is sensitive (default: true)
+     */
+    setAttribute<K extends PIIAttributeNames>(name: K, value: CertificateAttributeValue<K>, sensitive?: boolean): void;
+    setAttribute<T>(name: string, value: T, sensitive?: boolean): void;
+    /**
+     * Check if an attribute exists in the store
+     */
+    hasAttribute(name: string): boolean;
+    /**
+     * Get all attribute names currently stored
+     */
+    getAttributeNames(): string[];
+    /**
+     * Execute a function with scoped access to PII values
+     *
+     * Provides controlled access to all attribute values. Known certificate attributes
+     * are automatically typed; external attributes require an explicit type parameter.
+     *
+     * @param fn - Function that receives a getter for accessing attribute values
+     * @returns The return value of the callback function
+     *
+     * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if accessing a missing attribute
+     */
+    run<R>(fn: (get: {
+        <K extends PIIAttributeNames>(name: K): CertificateAttributeValue<K>;
+        <T>(name: string): T;
+    }) => R): R;
+    /**
+     * Create a SensitiveAttribute for a known certificate attribute
+     *
+     * Only known certificate attributes are supported. External attributes
+     * cannot be converted to SensitiveAttributes.
+     *
+     * @param name - The attribute name to convert (must be a known certificate attribute)
+     * @param subjectKey - The account to encrypt the attribute for
+     * @returns A SensitiveAttribute containing the encrypted value
+     *
+     * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if the attribute is not set
+     * @throws Error if the attribute is not a known certificate attribute
+     */
+    toSensitiveAttribute<K extends PIIAttributeNames>(name: K, subjectKey: KeetaNetAccount): Promise<SensitiveAttribute<CertificateAttributeValue<K>>>;
+    /**
+     * Apply known attributes to a CertificateBuilder
+     *
+     * External attributes are not included in the certificate.
+     *
+     * @param builder - The certificate builder to apply attributes to
+     * @param subjectKey - The subject's account key (required to encrypt sensitive attributes)
+     * @returns The certificate builder with the attributes applied
+     */
+    toCertificateBuilder(builder: CertificateBuilder, subjectKey: KeetaNetAccount): Promise<CertificateBuilder>;
+    /**
+     * Prevent logging of PII data via string coercion
+     */
+    toString(): string;
+    /**
+     * Serialize to JSON with redacted values
+     *
+     * Shows attribute names for debugging, but all values are redacted.
+     */
+    toJSON(): {
+        type: string;
+        attributes: {
+            [key: string]: string;
+        };
+    };
+}
+export {};
+//# sourceMappingURL=pii.d.ts.map

package/lib/utils/pii.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii.d.ts","sourceRoot":"","sources":["../../../src/lib/utils/pii.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,KAAK,cAAc,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAA6B,KAAK,4BAA4B,EAAE,KAAK,yBAAyB,EAAE,MAAM,0CAA0C,CAAC;AACxJ,OAAO,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAC1E,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,KAAK,mBAAmB,GAAG,YAAY,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,CAAC;AACtF,KAAK,eAAe,GAAG,UAAU,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,CAAC;AAEnG;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG,MAAM,4BAA4B,CAAC;AAOnE;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,yBAAyB,GAAG,wBAAwB,CAAC;AAEhF;;GAEG;AACH,qBAAa,QAAS,SAAQ,gBAAgB;IAC7C,gBAAyB,IAAI,EAAE,MAAM,CAAc;IACnD,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAU;IAC/C,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,oBAAoB,CAA0C;IAEtF,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;gBAEnB,IAAI,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;IAYtE,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,YAAY,GAAG,KAAK,IAAI,QAAQ;CAUzE;AAOD;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,QAAQ;;;IAapB;;;;;;OAMG;IACH,MAAM,CAAC,eAAe,CAAC,WAAW,EAAE,WAAW,GAAG,QAAQ;IAkB1D;;;;;;OAMG;IACH,YAAY,CAAC,CAAC,SAAS,iBAAiB,EAAE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,yBAAyB,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,OAAO,GAAG,IAAI;IAClH,YAAY,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,CAAC,EAAE,OAAO,GAAG,IAAI;IAKlE;;OAEG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAInC;;OAEG;IACH,iBAAiB,IAAI,MAAM,EAAE;IAI7B;;;;;;;;;;OAUG;IACH,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,EAAE;QAChB,CAAC,CAAC,SAAS,iBAAiB,EAAE,IAAI,EAAE,CAAC,GAAG,yBAAyB,CAAC,CAAC,CAAC,CAAC;QACrE,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,CAAC,CAAC;KACrB,KAAK,CAAC,GAAG,CAAC;IAcX;;;;;;;;;;;;OAYG;IACG,oBAAoB,CAAC,CAAC,SAAS,iBAAiB,EACrD,IAAI,EAAE,CAAC,EACP,UAAU,EAAE,eAAe,GACzB,OAAO,CAAC,kBAAkB,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,CAAC;IAqB5D;;;;;;;;OAQG;IACG,oBAAoB,CAAC,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,eAAe,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAejH;;OAEG;IACH,QAAQ,IAAI,MAAM;IAIlB;;;;OAIG;IACH,MAAM,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE;YAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;SAAE,CAAA;KAAC;CAYhE"}

package/lib/utils/pii.js

@@ -0,0 +1,198 @@
+import { CertificateAttributeOIDDB } from '../../services/kyc/iso20022.generated.js';
+import { SensitiveAttribute } from '../certificates.js';
+import { KeetaAnchorError } from '../error.js';
+/**
+ * Redacted message shown when attempting to log or serialize PIIStore
+ */
+const REDACTED = '[PII: REDACTED]';
+/**
+ * Error class for PII-related errors
+ */
+export class PIIError extends KeetaAnchorError {
+    static name = 'PIIError';
+    PIIErrorObjectTypeID;
+    static PIIErrorObjectTypeID = 'b8e3c7a1-5d2f-4e6b-9a1c-3f8d2e7b4c5a';
+    code;
+    attributeName;
+    constructor(code, attributeName, message) {
+        super(message);
+        Object.defineProperty(this, 'PIIErrorObjectTypeID', {
+            value: PIIError.PIIErrorObjectTypeID,
+            enumerable: false
+        });
+        this.code = code;
+        this.attributeName = attributeName;
+    }
+    static isInstance(input, code) {
+        if (!this.hasPropWithValue(input, 'PIIErrorObjectTypeID', PIIError.PIIErrorObjectTypeID)) {
+            return (false);
+        }
+        if (code && !this.hasPropWithValue(input, 'code', code)) {
+            return (false);
+        }
+        return (true);
+    }
+}
+/**
+ * PIIStore is a secure container for Personally Identifiable Information (PII).
+ *
+ * It encapsulates sensitive data and prevents accidental logging or serialization
+ * by overriding common output methods to return redacted placeholders.
+ *
+ * @example
+ * ```typescript
+ * const store = new PIIStore();
+ * store.setAttribute('firstName', 'John');
+ * store.setAttribute('lastName', 'Doe');
+ *
+ * console.log(store); // '[PIIStore: REDACTED]'
+ * JSON.stringify(store); // '{"type":"PIIStore","message":"REDACTED"}'
+ * ```
+ */
+export class PIIStore {
+    #attributes = new Map();
+    constructor() {
+        // Define Node.js util.inspect custom formatter to prevent PII exposure
+        Object.defineProperty(this, Symbol.for('nodejs.util.inspect.custom'), {
+            value: () => REDACTED,
+            enumerable: false,
+            writable: false,
+            configurable: false
+        });
+    }
+    /**
+     * Create a PIIStore from a Certificate, extracting all attributes
+     *
+     * @param certificate - The certificate to extract attributes from
+     *
+     * @returns A new PIIStore populated with the certificate's attributes
+     */
+    static fromCertificate(certificate) {
+        const store = new PIIStore();
+        // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+        const attributeNames = Object.keys(certificate.attributes);
+        for (const name of attributeNames) {
+            const attr = certificate.attributes[name];
+            if (attr) {
+                store.#attributes.set(name, {
+                    value: attr.value,
+                    sensitive: attr.sensitive
+                });
+            }
+        }
+        return (store);
+    }
+    setAttribute(name, value, sensitive = true) {
+        this.#attributes.set(name, { value, sensitive });
+    }
+    /**
+     * Check if an attribute exists in the store
+     */
+    hasAttribute(name) {
+        return (this.#attributes.has(name));
+    }
+    /**
+     * Get all attribute names currently stored
+     */
+    getAttributeNames() {
+        return (Array.from(this.#attributes.keys()));
+    }
+    /**
+     * Execute a function with scoped access to PII values
+     *
+     * Provides controlled access to all attribute values. Known certificate attributes
+     * are automatically typed; external attributes require an explicit type parameter.
+     *
+     * @param fn - Function that receives a getter for accessing attribute values
+     * @returns The return value of the callback function
+     *
+     * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if accessing a missing attribute
+     */
+    run(fn) {
+        const attributes = this.#attributes;
+        const get = (name) => {
+            if (!this.hasAttribute(name)) {
+                throw (new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));
+            }
+            // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+            return attributes.get(name)?.value;
+        };
+        return (fn(get));
+    }
+    /**
+     * Create a SensitiveAttribute for a known certificate attribute
+     *
+     * Only known certificate attributes are supported. External attributes
+     * cannot be converted to SensitiveAttributes.
+     *
+     * @param name - The attribute name to convert (must be a known certificate attribute)
+     * @param subjectKey - The account to encrypt the attribute for
+     * @returns A SensitiveAttribute containing the encrypted value
+     *
+     * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if the attribute is not set
+     * @throws Error if the attribute is not a known certificate attribute
+     */
+    async toSensitiveAttribute(name, subjectKey) {
+        if (!this.hasAttribute(name)) {
+            throw (new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));
+        }
+        if (!this.#isKnownAttribute(name)) {
+            throw (new PIIError('PII_EXTERNAL_ATTRIBUTE', name, `Cannot convert external attribute '${name}' to SensitiveAttribute`));
+        }
+        const stored = this.#attributes.get(name);
+        const storedValue = stored?.value;
+        if (SensitiveAttribute.isInstance(storedValue)) {
+            // If already a SensitiveAttribute, return it directly
+            // eslint-disable-next-line @typescript-eslint/consistent-type-assertions
+            return storedValue;
+        }
+        // @ts-expect-error storedValue type is validated at setAttribute time
+        const result = await SensitiveAttribute.create(subjectKey, name, storedValue);
+        return (result);
+    }
+    /**
+     * Apply known attributes to a CertificateBuilder
+     *
+     * External attributes are not included in the certificate.
+     *
+     * @param builder - The certificate builder to apply attributes to
+     * @param subjectKey - The subject's account key (required to encrypt sensitive attributes)
+     * @returns The certificate builder with the attributes applied
+     */
+    async toCertificateBuilder(builder, subjectKey) {
+        for (const [name, attr] of this.#attributes.entries()) {
+            if (this.#isKnownAttribute(name) && attr.value !== undefined && attr.value !== null) {
+                if (attr.sensitive) {
+                    const sensitiveAttr = await this.toSensitiveAttribute(name, subjectKey);
+                    builder.setSensitiveAttribute(name, sensitiveAttr);
+                }
+                else {
+                    builder.setAttribute(name, false, attr.value);
+                }
+            }
+        }
+        return (builder);
+    }
+    /**
+     * Prevent logging of PII data via string coercion
+     */
+    toString() {
+        return (REDACTED);
+    }
+    /**
+     * Serialize to JSON with redacted values
+     *
+     * Shows attribute names for debugging, but all values are redacted.
+     */
+    toJSON() {
+        const attributes = {};
+        for (const name of this.#attributes.keys()) {
+            attributes[name] = '[REDACTED]';
+        }
+        return ({ type: 'PIIStore', attributes });
+    }
+    #isKnownAttribute(name) {
+        return (name in CertificateAttributeOIDDB);
+    }
+}
+//# sourceMappingURL=pii.js.map

package/lib/utils/pii.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pii.js","sourceRoot":"","sources":["../../../src/lib/utils/pii.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,yBAAyB,EAAqE,MAAM,0CAA0C,CAAC;AAExJ,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAU/C;;GAEG;AACH,MAAM,QAAQ,GAAG,iBAAiB,CAAC;AAOnC;;GAEG;AACH,MAAM,OAAO,QAAS,SAAQ,gBAAgB;IAC7C,MAAM,CAAmB,IAAI,GAAW,UAAU,CAAC;IAClC,oBAAoB,CAAU;IACvC,MAAM,CAAU,oBAAoB,GAAG,sCAAsC,CAAC;IAE7E,IAAI,CAAe;IACnB,aAAa,CAAS;IAE/B,YAAY,IAAkB,EAAE,aAAqB,EAAE,OAAe;QACrE,KAAK,CAAC,OAAO,CAAC,CAAC;QAEf,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,sBAAsB,EAAE;YACnD,KAAK,EAAE,QAAQ,CAAC,oBAAoB;YACpC,UAAU,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,aAAa,GAAG,aAAa,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,KAAc,EAAE,IAAmB;QACpD,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,sBAAsB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC1F,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QACD,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;YACzD,OAAM,CAAC,KAAK,CAAC,CAAC;QACf,CAAC;QAED,OAAM,CAAC,IAAI,CAAC,CAAC;IACd,CAAC;;AAQF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,QAAQ;IACX,WAAW,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE1D;QACC,uEAAuE;QACvE,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,EAAE;YACrE,KAAK,EAAE,GAAG,EAAE,CAAC,QAAQ;YACrB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,KAAK;YACf,YAAY,EAAE,KAAK;SACnB,CAAC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,eAAe,CAAC,WAAwB;QAC9C,MAAM,KAAK,GAAG,IAAI,QAAQ,EAAE,CAAC;QAE7B,yEAAyE;QACzE,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAwB,CAAC;QAClF,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,WAAW,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,IAAI,EAAE,CAAC;gBACV,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE;oBAC3B,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;iBACzB,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAM,CAAC,KAAK,CAAC,CAAC;IACf,CAAC;IAWD,YAAY,CAAC,IAAY,EAAE,KAAc,EAAE,SAAS,GAAG,IAAI;QAC1D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,IAAY;QACxB,OAAM,CAAC,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,iBAAiB;QAChB,OAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED;;;;;;;;;;OAUG;IACH,GAAG,CAAI,EAGA;QACN,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC;QACpC,MAAM,GAAG,GAAG,CAAI,IAAY,EAAK,EAAE;YAClC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,MAAK,CAAC,IAAI,QAAQ,CAAC,yBAAyB,EAAE,IAAI,EAAE,cAAc,IAAI,yBAAyB,CAAC,CAAC,CAAC;YACnG,CAAC;YAED,yEAAyE;YACzE,OAAO,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,KAAW,CAAC;QAC1C,CAAC,CAAC;QAEF,OAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACjB,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,oBAAoB,CACzB,IAAO,EACP,UAA2B;QAE3B,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;YAC9B,MAAK,CAAC,IAAI,QAAQ,CAAC,yBAAyB,EAAE,IAAI,EAAE,cAAc,IAAI,yBAAyB,CAAC,CAAC,CAAC;QACnG,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,EAAE,CAAC;YACnC,MAAK,CAAC,IAAI,QAAQ,CAAC,wBAAwB,EAAE,IAAI,EAAE,sCAAsC,IAAI,yBAAyB,CAAC,CAAC,CAAC;QAC1H,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,MAAM,EAAE,KAAK,CAAC;QAClC,IAAI,kBAAkB,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAChD,sDAAsD;YACtD,yEAAyE;YACzE,OAAO,WAAgE,CAAC;QACzE,CAAC;QAED,sEAAsE;QACtE,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;QAC9E,OAAM,CAAC,MAAM,CAAC,CAAC;IAChB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,oBAAoB,CAAC,OAA2B,EAAE,UAA2B;QAClF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,IAAI,IAAI,CAAC,KAAK,KAAK,IAAI,EAAE,CAAC;gBACrF,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;oBACpB,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;oBACxE,OAAO,CAAC,qBAAqB,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;gBACpD,CAAC;qBAAM,CAAC;oBACP,OAAO,CAAC,YAAY,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC/C,CAAC;YACF,CAAC;QACF,CAAC;QAED,OAAM,CAAC,OAAO,CAAC,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,QAAQ;QACP,OAAM,CAAC,QAAQ,CAAC,CAAC;IAClB,CAAC;IAED;;;;OAIG;IACH,MAAM;QACL,MAAM,UAAU,GAA8B,EAAE,CAAC;QACjD,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,EAAE,CAAC;YAC5C,UAAU,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC;QACjC,CAAC;QAED,OAAM,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;IAC1C,CAAC;IAED,iBAAiB,CAAC,IAAY;QAC7B,OAAM,CAAC,IAAI,IAAI,yBAAyB,CAAC,CAAC;IAC3C,CAAC;CACD","sourcesContent":["import type * as KeetaNetClient from '@keetanetwork/keetanet-client';\nimport { CertificateAttributeOIDDB, type CertificateAttributeValueMap, type CertificateAttributeValue } from '../../services/kyc/iso20022.generated.js';\nimport type { CertificateBuilder, Certificate } from '../certificates.js';\nimport { SensitiveAttribute } from '../certificates.js';\nimport { KeetaAnchorError } from '../error.js';\n\ntype AccountKeyAlgorithm = InstanceType<typeof KeetaNetClient.lib.Account>['keyType'];\ntype KeetaNetAccount = ReturnType<typeof KeetaNetClient.lib.Account.fromSeed<AccountKeyAlgorithm>>;\n\n/**\n * Type alias for certificate attribute names\n */\nexport type PIIAttributeNames = keyof CertificateAttributeValueMap;\n\n/**\n * Redacted message shown when attempting to log or serialize PIIStore\n */\nconst REDACTED = '[PII: REDACTED]';\n\n/**\n * PII error codes\n */\nexport type PIIErrorCode = 'PII_ATTRIBUTE_NOT_FOUND' | 'PII_EXTERNAL_ATTRIBUTE';\n\n/**\n * Error class for PII-related errors\n */\nexport class PIIError extends KeetaAnchorError {\n\tstatic override readonly name: string = 'PIIError';\n\tprivate readonly PIIErrorObjectTypeID!: string;\n\tprivate static readonly PIIErrorObjectTypeID = 'b8e3c7a1-5d2f-4e6b-9a1c-3f8d2e7b4c5a';\n\n\treadonly code: PIIErrorCode;\n\treadonly attributeName: string;\n\n\tconstructor(code: PIIErrorCode, attributeName: string, message: string) {\n\t\tsuper(message);\n\n\t\tObject.defineProperty(this, 'PIIErrorObjectTypeID', {\n\t\t\tvalue: PIIError.PIIErrorObjectTypeID,\n\t\t\tenumerable: false\n\t\t});\n\n\t\tthis.code = code;\n\t\tthis.attributeName = attributeName;\n\t}\n\n\tstatic isInstance(input: unknown, code?: PIIErrorCode): input is PIIError {\n\t\tif (!this.hasPropWithValue(input, 'PIIErrorObjectTypeID', PIIError.PIIErrorObjectTypeID)) {\n\t\t\treturn(false);\n\t\t}\n\t\tif (code && !this.hasPropWithValue(input, 'code', code)) {\n\t\t\treturn(false);\n\t\t}\n\n\t\treturn(true);\n\t}\n}\n\ntype StoredAttribute = {\n\tvalue: unknown;\n\tsensitive: boolean;\n};\n\n/**\n * PIIStore is a secure container for Personally Identifiable Information (PII).\n *\n * It encapsulates sensitive data and prevents accidental logging or serialization\n * by overriding common output methods to return redacted placeholders.\n *\n * @example\n * ```typescript\n * const store = new PIIStore();\n * store.setAttribute('firstName', 'John');\n * store.setAttribute('lastName', 'Doe');\n *\n * console.log(store); // '[PIIStore: REDACTED]'\n * JSON.stringify(store); // '{\"type\":\"PIIStore\",\"message\":\"REDACTED\"}'\n * ```\n */\nexport class PIIStore {\n\treadonly #attributes = new Map<string, StoredAttribute>();\n\n\tconstructor() {\n\t\t// Define Node.js util.inspect custom formatter to prevent PII exposure\n\t\tObject.defineProperty(this, Symbol.for('nodejs.util.inspect.custom'), {\n\t\t\tvalue: () => REDACTED,\n\t\t\tenumerable: false,\n\t\t\twritable: false,\n\t\t\tconfigurable: false\n\t\t});\n\t}\n\n\t/**\n\t * Create a PIIStore from a Certificate, extracting all attributes\n\t *\n\t * @param certificate - The certificate to extract attributes from\n\t *\n\t * @returns A new PIIStore populated with the certificate's attributes\n\t */\n\tstatic fromCertificate(certificate: Certificate): PIIStore {\n\t\tconst store = new PIIStore();\n\n\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\tconst attributeNames = Object.keys(certificate.attributes) as PIIAttributeNames[];\n\t\tfor (const name of attributeNames) {\n\t\t\tconst attr = certificate.attributes[name];\n\t\t\tif (attr) {\n\t\t\t\tstore.#attributes.set(name, {\n\t\t\t\t\tvalue: attr.value,\n\t\t\t\t\tsensitive: attr.sensitive\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\n\t\treturn(store);\n\t}\n\n\t/**\n\t * Set a known certificate attribute\n\t *\n\t * @param name - The attribute name\n\t * @param value - The value to store\n\t * @param sensitive - Whether the attribute is sensitive (default: true)\n\t */\n\tsetAttribute<K extends PIIAttributeNames>(name: K, value: CertificateAttributeValue<K>, sensitive?: boolean): void;\n\tsetAttribute<T>(name: string, value: T, sensitive?: boolean): void;\n\tsetAttribute(name: string, value: unknown, sensitive = true): void {\n\t\tthis.#attributes.set(name, { value, sensitive });\n\t}\n\n\t/**\n\t * Check if an attribute exists in the store\n\t */\n\thasAttribute(name: string): boolean {\n\t\treturn(this.#attributes.has(name));\n\t}\n\n\t/**\n\t * Get all attribute names currently stored\n\t */\n\tgetAttributeNames(): string[] {\n\t\treturn(Array.from(this.#attributes.keys()));\n\t}\n\n\t/**\n\t * Execute a function with scoped access to PII values\n\t *\n\t * Provides controlled access to all attribute values. Known certificate attributes\n\t * are automatically typed; external attributes require an explicit type parameter.\n\t *\n\t * @param fn - Function that receives a getter for accessing attribute values\n\t * @returns The return value of the callback function\n\t *\n\t * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if accessing a missing attribute\n\t */\n\trun<R>(fn: (get: {\n\t\t<K extends PIIAttributeNames>(name: K): CertificateAttributeValue<K>;\n\t\t<T>(name: string): T;\n\t}) => R): R {\n\t\tconst attributes = this.#attributes;\n\t\tconst get = <T>(name: string): T => {\n\t\t\tif (!this.hasAttribute(name)) {\n\t\t\t\tthrow(new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));\n\t\t\t}\n\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(attributes.get(name)?.value as T);\n\t\t};\n\n\t\treturn(fn(get));\n\t}\n\n\t/**\n\t * Create a SensitiveAttribute for a known certificate attribute\n\t *\n\t * Only known certificate attributes are supported. External attributes\n\t * cannot be converted to SensitiveAttributes.\n\t *\n\t * @param name - The attribute name to convert (must be a known certificate attribute)\n\t * @param subjectKey - The account to encrypt the attribute for\n\t * @returns A SensitiveAttribute containing the encrypted value\n\t *\n\t * @throws PIIError with PII_ATTRIBUTE_NOT_FOUND if the attribute is not set\n\t * @throws Error if the attribute is not a known certificate attribute\n\t */\n\tasync toSensitiveAttribute<K extends PIIAttributeNames>(\n\t\tname: K,\n\t\tsubjectKey: KeetaNetAccount\n\t): Promise<SensitiveAttribute<CertificateAttributeValue<K>>> {\n\t\tif (!this.hasAttribute(name)) {\n\t\t\tthrow(new PIIError('PII_ATTRIBUTE_NOT_FOUND', name, `Attribute '${name}' not found in PIIStore`));\n\t\t}\n\t\tif (!this.#isKnownAttribute(name)) {\n\t\t\tthrow(new PIIError('PII_EXTERNAL_ATTRIBUTE', name, `Cannot convert external attribute '${name}' to SensitiveAttribute`));\n\t\t}\n\n\t\tconst stored = this.#attributes.get(name);\n\t\tconst storedValue = stored?.value;\n\t\tif (SensitiveAttribute.isInstance(storedValue)) {\n\t\t\t// If already a SensitiveAttribute, return it directly\n\t\t\t// eslint-disable-next-line @typescript-eslint/consistent-type-assertions\n\t\t\treturn(storedValue as SensitiveAttribute<CertificateAttributeValue<K>>);\n\t\t}\n\n\t\t// @ts-expect-error storedValue type is validated at setAttribute time\n\t\tconst result = await SensitiveAttribute.create(subjectKey, name, storedValue);\n\t\treturn(result);\n\t}\n\n\t/**\n\t * Apply known attributes to a CertificateBuilder\n\t *\n\t * External attributes are not included in the certificate.\n\t *\n\t * @param builder - The certificate builder to apply attributes to\n\t * @param subjectKey - The subject's account key (required to encrypt sensitive attributes)\n\t * @returns The certificate builder with the attributes applied\n\t */\n\tasync toCertificateBuilder(builder: CertificateBuilder, subjectKey: KeetaNetAccount): Promise<CertificateBuilder> {\n\t\tfor (const [name, attr] of this.#attributes.entries()) {\n\t\t\tif (this.#isKnownAttribute(name) && attr.value !== undefined && attr.value !== null) {\n\t\t\t\tif (attr.sensitive) {\n\t\t\t\t\tconst sensitiveAttr = await this.toSensitiveAttribute(name, subjectKey);\n\t\t\t\t\tbuilder.setSensitiveAttribute(name, sensitiveAttr);\n\t\t\t\t} else {\n\t\t\t\t\tbuilder.setAttribute(name, false, attr.value);\n\t\t\t\t}\n\t\t\t}\n\t\t}\n\n\t\treturn(builder);\n\t}\n\n\t/**\n\t * Prevent logging of PII data via string coercion\n\t */\n\ttoString(): string {\n\t\treturn(REDACTED);\n\t}\n\n\t/**\n\t * Serialize to JSON with redacted values\n\t *\n\t * Shows attribute names for debugging, but all values are redacted.\n\t */\n\ttoJSON(): { type: string; attributes: { [key: string]: string }} {\n\t\tconst attributes: { [key: string]: string } = {};\n\t\tfor (const name of this.#attributes.keys()) {\n\t\t\tattributes[name] = '[REDACTED]';\n\t\t}\n\n\t\treturn({ type: 'PIIStore', attributes });\n\t}\n\n\t#isKnownAttribute(name: string): name is PIIAttributeNames {\n\t\treturn(name in CertificateAttributeOIDDB);\n\t}\n}\n"]}

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
 	"name": "@keetanetwork/anchor",
-	"version": "0.0.45",
+	"version": "0.0.48",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "@keetanetwork/anchor",
-			"version": "0.0.45",
+			"version": "0.0.48",
 			"license": "SEE LICENSE IN LICENSE",
 			"dependencies": {
 				"@keetanetwork/currency-info": "1.2.5",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@keetanetwork/anchor",
-  "version": "0.0.45",
+  "version": "0.0.48",
   "description": "KeetaNetwork Network Anchor",
   "main": "client/index.js",
   "scripts": {

package/services/asset-movement/common.d.ts

@@ -1,41 +1,20 @@
 import type { ServiceMetadata } from '../../lib/resolver.ts';
-import { lib as KeetaNetLib } from '@keetanetwork/keetanet-client';
-import * as CurrencyInfo from '@keetanetwork/currency-info';
-import type { AccountKeyAlgorithm, IdentifierKeyAlgorithm, TokenAddress, TokenPublicKeyString } from '@keetanetwork/keetanet-client/lib/account.js';
+import type * as CurrencyInfo from '@keetanetwork/currency-info';
+import type { AccountKeyAlgorithm, IdentifierKeyAlgorithm, TokenPublicKeyString } from '@keetanetwork/keetanet-client/lib/account.js';
 import type { ToJSONSerializable } from '@keetanetwork/keetanet-client/lib/utils/conversion.js';
 import type { HTTPSignedField } from '../../lib/http-server/common.js';
 import type { Signable } from '../../lib/utils/signing.js';
 import type { SharableCertificateAttributes } from '../../lib/certificates.js';
-import { KeetaNet } from '../../client/index.js';
+import * as KeetaNet from '@keetanetwork/keetanet-client';
 import { KeetaAnchorUserError } from '../../lib/error.js';
 import type { AssetLocationLike, AssetLocationString, AssetLocationInput, AssetLocationCanonical } from './lib/location.js';
 import type { BankAccountAddressObfuscated, BankAccountAddressResolved, MobileWalletAddressObfuscated, MobileWalletAddressResolved } from './lib/data/addresses/types.generated.js';
+import type { HexString, KeetaNetAccount, MovableAsset, MovableAssetSearchCanonical, CurrencySearchCanonical } from '../../lib/asset.js';
 export * from './lib/data/addresses/types.generated.js';
 export * from './lib/location.js';
-type HexString = `0x${string}`;
-export type KeetaNetAccount = InstanceType<typeof KeetaNetLib.Account>;
-export type KeetaNetTokenPublicKeyString = ReturnType<InstanceType<typeof KeetaNetLib.Account<typeof KeetaNetLib.Account.AccountKeyAlgorithm.TOKEN>>['publicKeyString']['get']>;
+export type { HexString, KeetaNetAccount, KeetaNetTokenPublicKeyString, EVMAsset, TronAsset, SolanaAsset, ChainAssetString, MovableAssetSearchInput, MovableAssetSearchCanonical, MovableAsset, CurrencySearchCanonical, CurrencySearchInput, TokenSearchInput, TokenSearchCanonical } from '../../lib/asset.js';
+export { toEVMAsset, parseEVMAsset, isEVMAsset, toTronAsset, parseTronAsset, isTronAsset, toSolanaAsset, parseSolanaAsset, isSolanaAsset, convertAssetSearchInputToCanonical } from '../../lib/asset.js';
 export type ISOCountryCode = CurrencyInfo.ISOCountryCode;
-type CurrencySearchCanonical = CurrencyInfo.ISOCurrencyCode | `$${string}`;
-type CurrencySearchInput = CurrencySearchCanonical | CurrencyInfo.Currency;
-type TokenSearchInput = TokenAddress | TokenPublicKeyString;
-type TokenSearchCanonical = TokenPublicKeyString;
-export type EVMAsset = `evm:${HexString}`;
-export type TronAsset = `tron:${string}`;
-export type SolanaAsset = `solana:${string}`;
-export type ChainAssetString = SolanaAsset | EVMAsset | TronAsset | TokenPublicKeyString;
-export type MovableAssetSearchInput = CurrencySearchInput | TokenSearchInput | ChainAssetString;
-export type MovableAssetSearchCanonical = CurrencySearchCanonical | TokenSearchCanonical | ChainAssetString;
-export type MovableAsset = TokenAddress | TokenPublicKeyString | CurrencySearchInput | ChainAssetString;
-export declare function toEVMAsset(input: HexString): EVMAsset;
-export declare function parseEVMAsset(input: EVMAsset): HexString;
-export declare function isEVMAsset(input: unknown): input is EVMAsset;
-export declare function toTronAsset(input: string): TronAsset;
-export declare function parseTronAsset(input: TronAsset): string;
-export declare function isTronAsset(input: unknown): input is TronAsset;
-export declare function toSolanaAsset(input: string): SolanaAsset;
-export declare function parseSolanaAsset(input: SolanaAsset): string;
-export declare function isSolanaAsset(input: unknown): input is SolanaAsset;
 type RailOrRails = Rail | Rail[];
 /**
  * Search criteria for filtering asset movement rails when searching for supported rails for a given transfer.
@@ -164,7 +143,6 @@ export interface RailWithExtendedDetails {
 }
 export type RailOrRailWithExtendedDetails = Rail | RailWithExtendedDetails;
 export declare function commonJSONStringify(input: unknown): string;
-export declare function convertAssetSearchInputToCanonical(input: MovableAssetSearchInput): MovableAssetSearchCanonical;
 export type AssetPair<From extends MovableAsset = MovableAsset, To extends MovableAsset = MovableAsset> = {
     from: From;
     to: To;
@@ -332,7 +310,7 @@ export type AssetTransferInstructions = ({
      */
     contractMethodArgs: string[];
 } | {
-    type: 'WIRE' | 'ACH' | 'SEPA_PUSH';
+    type: FiatRails;
     /**
      * The resolved bank account address details to send funds to
      */