@ledgerhq/vault-common 2.1.1 → 2.1.3

package/lib/chunk-6TT6A6YA.mjs

@@ -1,1176 +0,0 @@
-import {
-  createNetwork
-} from "./chunk-VOB7PA3G.mjs";
-import {
-  getAccountTypeByCurrency,
-  getAccountUnit,
-  getCurrencyUnit,
-  getWorkspaceFromGate,
-  serializeUnitValue,
-  unwrapConnection,
-  wait
-} from "./chunk-QNNV5GBH.mjs";
-import {
-  decodeData,
-  genKeys,
-  sign
-} from "./chunk-HU7O2ZFW.mjs";
-
-// src/reviewAPIRequest.ts
-import { SILENT_LOGGER as SILENT_LOGGER2 } from "@ledgerhq/vault-utils";
-
-// src/apiUser/index.ts
-import chalk from "chalk";
-
-// src/createDefaultRunner.ts
-import { SILENT_LOGGER } from "@ledgerhq/vault-utils";
-import invariant2 from "invariant";
-import { v4 as uuidv4 } from "uuid";
-
-// src/prepareRequest.ts
-import invariant from "invariant";
-var prepareUserCreation = ({ data }) => {
-  const { role, name, userID } = data;
-  return {
-    type: role === "operator" ? "CREATE_OPERATOR" : "CREATE_ADMIN",
-    username: name,
-    user_id: userID
-  };
-};
-var prepareAPIUserCreation = ({ data }) => {
-  const { publicKey, name, role } = data;
-  return {
-    type: "CREATE_API_USER",
-    user_data: {
-      username: name,
-      public_key: publicKey,
-      role
-    }
-  };
-};
-var prepareAPIUserAccessCreation = ({ data }) => {
-  const { name } = data;
-  return {
-    type: "CREATE_API_USER_ACCESS",
-    user_data: {
-      username: name
-    }
-  };
-};
-var prepareAccountCreation = ({ type, data }) => {
-  const {
-    account,
-    usersByDevice,
-    whitelistsIDsByName,
-    groupsIDsByName,
-    accountsByName,
-    hsmCustodiansIDsByName,
-    hsmAssetManagersIDsByName,
-    hsmExchangesIDsByName,
-    usersByName,
-    tokens
-  } = data;
-  const allAccounts = Object.keys(accountsByName).map((key) => accountsByName[key]);
-  const token = "contractAddress" in account ? tokens.find((t) => t.contract_address === account.contractAddress) : null;
-  if ("contractAddress" in account && !token) {
-    throw new Error(`Can't find token with contract address ${account.contractAddress}`);
-  }
-  let account_type = null;
-  if (token?.family === "ethereum") {
-    if (token.parent_currency === "bsc") {
-      account_type = "Bep20";
-    } else {
-      account_type = "Erc20";
-    }
-  } else if ("accountType" in account) {
-    account_type = account.accountType;
-  } else if ("currency" in account) {
-    account_type = getAccountTypeByCurrency(account.currency);
-  }
-  if (!account_type) {
-    throw new Error(`Can't determine account type`);
-  }
-  const unit = getAccountUnit(account, tokens);
-  const governance_rules = "tradelink_data" in account && !!account.tradelink_data ? null : transformManifestRules({
-    rules: account.rules,
-    unit,
-    usersByDevice,
-    usersByName,
-    whitelistsIDsByName,
-    groupsIDsByName,
-    // VG-18120 accounts *must* enforce having a tx-filter rule of type SEND for rules that are
-    // not SCI and not "any-other-type-of-filter".
-    enforceSendTxFilter: true
-  });
-  const account_data = {
-    name: account.name,
-    ...governance_rules ? { governance_rules } : {}
-  };
-  if ("readOnly" in account && !!account.readOnly) {
-    Object.assign(account_data, {
-      xpub: account.readOnly.xpub,
-      extended_public_key: {
-        public_key: account.readOnly.publicKey,
-        chain_code: account.readOnly.chainCode
-      },
-      address: account.readOnly.address
-    });
-  }
-  if ("contractAddress" in account && token) {
-    const currencyName = token.parent_currency;
-    const parentAccountName = account.parentAccount;
-    const parent_account = parentAccountName ? (() => {
-      let parentAccountID = null;
-      const existingParentAccount = allAccounts.find(
-        (a) => !!a && a.name === parentAccountName
-      );
-      if (existingParentAccount) {
-        parentAccountID = existingParentAccount.id;
-      } else {
-        const createdParentAccount = accountsByName[parentAccountName];
-        if (!createdParentAccount) {
-          return { name: parentAccountName };
-        }
-        parentAccountID = createdParentAccount.id;
-      }
-      return { id: parentAccountID };
-    })() : null;
-    if (process.env.LEGACY_TOKENS) {
-      const erc20 = {
-        ticker: token.ticker,
-        address: token.contract_address,
-        decimals: token.units[0].magnitude,
-        hsm_account_parameters: token.__legacy_hsm_account_parameters,
-        hsm_signature: token.__legacy_hsm_signature
-      };
-      Object.assign(account_data, { erc20 });
-    } else {
-      Object.assign(account_data, {
-        token: { type: token.token_type, address: token.contract_address }
-      });
-    }
-    Object.assign(account_data, {
-      currency: { name: currencyName },
-      parent_account
-    });
-  }
-  if ("currency" in account) {
-    Object.assign(account_data, {
-      currency: {
-        name: account.currency
-      }
-    });
-    if ("derivationMode" in account) {
-      Object.assign(account_data, {
-        derivation_mode: account.derivationMode
-      });
-    }
-  }
-  let tradelinkData;
-  if ("tradelink_data" in account && !!account.tradelink_data) {
-    const custodianID = hsmCustodiansIDsByName[account.tradelink_data.custodian.name];
-    if (typeof custodianID === "undefined")
-      throw new Error(`Invalid custodian name ${account.tradelink_data.custodian.name}`);
-    const assetManagerID = hsmAssetManagersIDsByName[account.tradelink_data.asset_manager.name];
-    if (typeof assetManagerID === "undefined")
-      throw new Error(`Invalid asset manager name ${account.tradelink_data.asset_manager.name}`);
-    tradelinkData = {
-      currency: account.tradelink_data.currency,
-      custodian: custodianID,
-      asset_manager: assetManagerID,
-      exchanges: account.tradelink_data.exchanges.map((exchange) => {
-        const exchangeID = hsmExchangesIDsByName[exchange.name];
-        if (typeof exchangeID === "undefined")
-          throw new Error(`Invalid exchange name ${exchange.name}`);
-        return {
-          auto_repledge_enabled: exchange.auto_repledge_enabled,
-          requires_pre_approval: exchange.requires_pre_approval,
-          id: exchangeID
-        };
-      })
-    };
-  }
-  return {
-    type,
-    ...account.index !== void 0 ? { index: account.index } : {},
-    ...tradelinkData ? { tradelink_data: tradelinkData } : {},
-    account_type,
-    account_data
-  };
-};
-var prepareAccountEdition = ({ type, data }) => {
-  const {
-    account,
-    existingAccount,
-    usersByDevice,
-    usersByName,
-    whitelistsIDsByName,
-    groupsIDsByName,
-    tokens
-  } = data;
-  if (!existingAccount) {
-    throw new Error("No existingAccount given");
-  }
-  const unit = getAccountUnit(account, tokens);
-  const governance_rules = transformManifestRules({
-    rules: account.rules,
-    unit,
-    usersByDevice,
-    usersByName,
-    whitelistsIDsByName,
-    groupsIDsByName,
-    enforceSendTxFilter: true
-  });
-  const edit_data = {
-    name: account.name,
-    governance_rules
-  };
-  if ("contractAddress" in account) {
-    const token = tokens.find((t) => t.contract_address === account.contractAddress);
-    if (!token) {
-      throw new Error(`Can't find token with contract address ${account.contractAddress}`);
-    }
-    if (process.env.LEGACY_TOKENS) {
-      const erc20 = {
-        ticker: token.ticker,
-        address: token.contract_address,
-        decimals: token.units[0].magnitude,
-        hsm_account_parameters: token.__legacy_hsm_account_parameters,
-        hsm_signature: token.__legacy_hsm_signature
-      };
-      Object.assign(edit_data, { erc20 });
-    } else {
-      Object.assign(edit_data, {
-        token: { type: "erc20", address: token.contract_address }
-      });
-    }
-  }
-  return {
-    type,
-    account_id: existingAccount.id,
-    edit_data
-  };
-};
-var serializeGroupMembers = (groupUsers, { usersByDevice, usersByName }) => {
-  return groupUsers.map((device) => {
-    if (typeof device === "number") {
-      const u = usersByDevice[device];
-      if (!u) throw new Error(`Invalid device ${device}`);
-      return u.id;
-    } else {
-      const u = usersByName[device];
-      if (!u) throw new Error(`Invalid user name ${device}`);
-      return u.id;
-    }
-  });
-};
-var prepareGroupCreation = ({ type, data }) => {
-  const { group } = data;
-  const members = serializeGroupMembers(group.users, data);
-  return {
-    type,
-    name: group.name,
-    description: group.description || "",
-    members
-  };
-};
-var prepareGroupEdition = ({ type, data }) => {
-  const { group, existingGroup } = data;
-  if (!existingGroup) {
-    throw new Error("No existingGroup given");
-  }
-  const members = serializeGroupMembers(group.users, data);
-  return {
-    type,
-    name: group.name,
-    description: group.description || "",
-    group_id: existingGroup.id,
-    edit_data: {
-      name: group.name,
-      members
-    }
-  };
-};
-var serializeVaultEntityAccounts = (vaultEntityAccounts, { accountsByName }) => {
-  return vaultEntityAccounts.map((accountName) => {
-    const a = accountsByName[accountName];
-    if (!a) throw new Error(`Invalid account ${accountName}`);
-    return a.id;
-  });
-};
-var prepareVaultEntityCreation = ({ type, data }) => {
-  const {
-    vaultEntity: { name, accounts }
-  } = data;
-  return {
-    type,
-    name,
-    accounts: accounts ? serializeVaultEntityAccounts(accounts, data) : []
-  };
-};
-var prepareVaultEntityEdition = ({ type, data }) => {
-  const { vaultEntity, existingVaultEntity } = data;
-  if (!existingVaultEntity) {
-    throw new Error("No existing VaultEntity given");
-  }
-  return {
-    type,
-    entity_id: existingVaultEntity.id,
-    edit_data: {
-      name: vaultEntity.name,
-      accounts: vaultEntity.accounts ? serializeVaultEntityAccounts(vaultEntity.accounts, data) : []
-    }
-  };
-};
-var prepareWhitelistCreation = ({ type, data }) => {
-  const { whitelist } = data;
-  const addresses = whitelist.addresses.map((a, i) => ({
-    ...a,
-    name: a.name || `${a.currency}-${i + 1}`
-  }));
-  return {
-    type,
-    name: whitelist.name,
-    description: whitelist.description || "",
-    addresses,
-    ...whitelist.type && { whitelist_type: whitelist.type }
-  };
-};
-var prepareWhitelistEdition = ({ type, data }) => {
-  const { whitelist, existingWhitelist } = data;
-  if (!existingWhitelist) {
-    throw new Error(`No existingWhitelist given`);
-  }
-  const addresses = whitelist.addresses.map((a, i) => ({
-    ...a,
-    name: a.name || `${a.currency}-${i + 1}`
-  }));
-  return {
-    type,
-    name: whitelist.name,
-    description: "",
-    whitelist_id: existingWhitelist.id,
-    edit_data: {
-      name: whitelist.name,
-      addresses
-    }
-  };
-};
-var prepareExchangeCreation = ({ type, data }) => {
-  const { exchange, usersByDevice, usersByName, groupsIDsByName } = data;
-  const governance_rules = exchange.rules ? transformManifestRules({ rules: exchange.rules, usersByDevice, usersByName, groupsIDsByName }) : [];
-  return {
-    type,
-    exchange_data: {
-      name: exchange.name,
-      governance_rules,
-      platform: exchange.platform,
-      credentials: {
-        apiKey: exchange.configuration.apiKey,
-        secret: exchange.configuration.apiSecret
-      }
-    }
-  };
-};
-var preparePolicyCreation = ({ type, data }) => {
-  const { policy, usersByName, usersByDevice, groupsIDsByName, whitelistsIDsByName } = data;
-  const unit = getCurrencyUnit(data.policy.currency);
-  const governance_rules = transformManifestRules({
-    rules: policy.rules,
-    unit,
-    usersByDevice,
-    usersByName,
-    groupsIDsByName,
-    whitelistsIDsByName
-  });
-  return {
-    type,
-    policy_data: {
-      name: policy.name,
-      governance_rules,
-      currency: {
-        name: policy.currency
-      }
-    }
-  };
-};
-var prepareQuorumEdition = ({ data }) => {
-  return {
-    type: "UPDATE_QUORUM",
-    quorum: data.quorum
-  };
-};
-var prepareRequest = (data) => {
-  if (data.type === "EDIT_GROUP") {
-    return prepareGroupEdition(data);
-  }
-  if (data.type === "CREATE_GROUP") {
-    return prepareGroupCreation(data);
-  }
-  if (data.type === "EDIT_WHITELIST") {
-    return prepareWhitelistEdition(data);
-  }
-  if (data.type === "CREATE_WHITELIST") {
-    return prepareWhitelistCreation(data);
-  }
-  if (data.type === "CREATE_ACCOUNT") {
-    return prepareAccountCreation(data);
-  }
-  if (data.type === "EDIT_ACCOUNT") {
-    return prepareAccountEdition(data);
-  }
-  if (data.type === "CREATE_ENTITY") {
-    return prepareVaultEntityCreation(data);
-  }
-  if (data.type === "EDIT_ENTITY") {
-    return prepareVaultEntityEdition(data);
-  }
-  if (data.type === "CREATE_ADMIN" || data.type === "CREATE_OPERATOR") {
-    return prepareUserCreation(data);
-  }
-  if (data.type === "CREATE_API_USER") {
-    return prepareAPIUserCreation(data);
-  }
-  if (data.type === "CREATE_API_USER_ACCESS") {
-    return prepareAPIUserAccessCreation(data);
-  }
-  if (data.type === "UPDATE_QUORUM") {
-    return prepareQuorumEdition(data);
-  }
-  if (data.type === "IMPORT_EXCHANGE") {
-    return prepareExchangeCreation(data);
-  }
-  if (data.type === "CREATE_POLICY") {
-    return preparePolicyCreation(data);
-  }
-  throw new Error(`Unhandled request type ${data.type}`);
-};
-var getGroupID = (groupsIDsByName, groupName) => {
-  const groupID = groupsIDsByName[groupName];
-  if (typeof groupID === "undefined") throw new Error(`Invalid group name ${groupName}`);
-  return groupID;
-};
-var transformMultiAuthRuleFromManifest = (rule, groupsIDsByName, usersByDevice, usersByName) => {
-  return {
-    type: rule.type,
-    data: rule.steps.map((step) => {
-      return {
-        quorum: step.quorum,
-        ..."group" in step ? { group_id: getGroupID(groupsIDsByName, step.group) } : {
-          users: step.users.map((d) => {
-            if (typeof d === "number") {
-              const user2 = usersByDevice[d];
-              if (!user2) throw new Error(`Invalid device ${d}`);
-              return user2.id;
-            }
-            const user = usersByName[d];
-            if (!user) throw new Error(`Invalid name ${d}`);
-            return user.id;
-          })
-        }
-      };
-    })
-  };
-};
-var transformWhitelistRuleFromManifest = (rule, whitelistsIDsByName) => {
-  return {
-    type: rule.type,
-    data: rule.whitelists.map((w) => {
-      const whitelistID = whitelistsIDsByName[w];
-      if (typeof whitelistID === "undefined") throw new Error(`Invalid whitelist name ${w}`);
-      return whitelistID;
-    })
-  };
-};
-var transformSCIRuleFromManifest = (rule) => {
-  return {
-    type: rule.type,
-    data: [
-      {
-        enabled: rule.enabled
-      }
-    ]
-  };
-};
-var transformTezosDelegationRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "TEZOS_DELEGATION" } };
-};
-var transformPolkadotStakingRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "POLKADOT_STAKING" } };
-};
-var transformSolanaStakingRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "SOLANA_STAKING" } };
-};
-var transformMessageSigningRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "MESSAGE_SIGNING" } };
-};
-var transformCreateSplTokenAccountRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "CREATE_SPL_TOKEN_ACCOUNT" } };
-};
-var transformCardanoStakingRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "CARDANO_STAKING" } };
-};
-var transformRawTransactionRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "RAW_SIGNING" } };
-};
-var transformSendTransactionRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "SEND" } };
-};
-var transformSmartContractDeploymentFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "DEPLOY_CONTRACT" } };
-};
-var transformStakeTransactionRuleFromManifest = () => {
-  return { type: "TRANSACTION_FILTER", data: { preset: "STAKE" } };
-};
-var transformThresholdRuleFromManifest = (rule, unit) => {
-  return {
-    type: rule.type,
-    data: [
-      {
-        currency_type: "CRYPTO",
-        ...rule.max ? { max: serializeUnitValue(unit, rule.max) } : {},
-        min: serializeUnitValue(unit, rule.min || 0)
-      }
-    ]
-  };
-};
-var transformManifestRules = ({
-  rules,
-  unit,
-  usersByDevice,
-  usersByName,
-  whitelistsIDsByName,
-  groupsIDsByName,
-  enforceSendTxFilter
-}) => {
-  const governance_rules = rules && rules.length ? rules.map((rules2, i) => {
-    return {
-      name: `Rule ${i + 1}`,
-      rules: rules2.map((rule) => {
-        if (rule.type === "MULTI_AUTHORIZATIONS") {
-          return transformMultiAuthRuleFromManifest(
-            rule,
-            groupsIDsByName,
-            usersByDevice,
-            usersByName
-          );
-        }
-        if (rule.type === "WHITELIST") {
-          invariant(
-            whitelistsIDsByName,
-            "WHITELIST rule configured outside of account context"
-          );
-          return transformWhitelistRuleFromManifest(rule, whitelistsIDsByName);
-        }
-        if (rule.type === "THRESHOLD") {
-          invariant(unit, "THRESHOLD: no unit provided");
-          return transformThresholdRuleFromManifest(rule, unit);
-        }
-        if (rule.type === "SMART_CONTRACT_INTERACTION") {
-          return transformSCIRuleFromManifest(rule);
-        }
-        if (rule.type === "DEPLOY_CONTRACT") {
-          return transformSmartContractDeploymentFromManifest();
-        }
-        if (rule.type === "TEZOS_DELEGATION") {
-          return transformTezosDelegationRuleFromManifest();
-        }
-        if (rule.type === "POLKADOT_STAKING") {
-          return transformPolkadotStakingRuleFromManifest();
-        }
-        if (rule.type === "SOLANA_STAKING") {
-          return transformSolanaStakingRuleFromManifest();
-        }
-        if (rule.type === "CARDANO_STAKING") {
-          return transformCardanoStakingRuleFromManifest();
-        }
-        if (rule.type === "RAW_SIGNING") {
-          return transformRawTransactionRuleFromManifest();
-        }
-        if (rule.type === "SEND") {
-          return transformSendTransactionRuleFromManifest();
-        }
-        if (rule.type === "STAKE") {
-          return transformStakeTransactionRuleFromManifest();
-        }
-        if (rule.type === "MESSAGE_SIGNING") {
-          return transformMessageSigningRuleFromManifest();
-        }
-        if (rule.type === "CREATE_SPL_TOKEN_ACCOUNT") {
-          return transformCreateSplTokenAccountRuleFromManifest();
-        }
-        throw new Error(`Unhandled rule type ${rule.type}`);
-      })
-    };
-  }) : getDefaultRule(usersByDevice);
-  if (enforceSendTxFilter) {
-    governance_rules.forEach((rulesSet) => {
-      const hasTxFilterRule = !!rulesSet.rules.find((r) => r.type === "TRANSACTION_FILTER");
-      const hasSCIRule = !!rulesSet.rules.find((r) => r.type === "SMART_CONTRACT_INTERACTION");
-      if (!hasTxFilterRule && !hasSCIRule) {
-        rulesSet.rules.unshift({ type: "TRANSACTION_FILTER", data: { preset: "SEND" } });
-      }
-    });
-  }
-  return governance_rules;
-};
-var getDefaultRule = (usersByDevice) => {
-  const operatorsDevices = Object.keys(usersByDevice).filter((key) => {
-    const u = usersByDevice[key];
-    if (!u) throw new Error(`Invalid device ${key}`);
-    return u.role === "OPERATOR";
-  });
-  const lastCreatedOperatorDevice = operatorsDevices[0];
-  if (!lastCreatedOperatorDevice) {
-    throw new Error(`Can't get the last created operator device`);
-  }
-  const lastCreatedOperator = usersByDevice[lastCreatedOperatorDevice];
-  if (!lastCreatedOperator) {
-    throw new Error(`Can't get the last created operator`);
-  }
-  return [
-    {
-      name: "Rule 1",
-      rules: [
-        {
-          type: "MULTI_AUTHORIZATIONS",
-          data: [
-            {
-              quorum: 1,
-              users: [lastCreatedOperator.id]
-            }
-          ]
-        }
-      ]
-    }
-  ];
-};
-var TWO_STEPS_CREATION_REQUESTS = [
-  "CREATE_ACCOUNT",
-  "CREATE_GROUP",
-  "CREATE_TRANSACTION",
-  "CREATE_WHITELIST",
-  "EDIT_ACCOUNT",
-  "EDIT_GROUP",
-  "EDIT_WHITELIST",
-  "REVOKE_USER",
-  "UPDATE_QUORUM"
-];
-var performRequest = async (payload, pool, options) => {
-  const adminDevices = await pool.getOnboardingAdminDevices();
-  const admin = await pool.login(adminDevices[0][1]);
-  let request = options?.existingRequest;
-  if (!request) {
-    const enableTwoStepsCreation = options?.twoStepsRequest && TWO_STEPS_CREATION_REQUESTS.includes(payload.type);
-    if (enableTwoStepsCreation) {
-      Object.assign(payload, { enable_two_step_request_creation: true });
-    }
-    const r = await admin.post("/requests", payload);
-    request = r;
-    if (enableTwoStepsCreation) {
-      const pingChallenge = async () => {
-        try {
-          await admin.post(`/requests/${r.id}/post-create`, {});
-        } catch (err) {
-          await pingChallenge();
-        }
-      };
-      await pingChallenge();
-    }
-  }
-  if (!options || !options.noApproval) {
-    await pool.runWithQuorum(
-      (admin2) => options?.withoutHSM ? admin2.approveRequestWithoutHSM(request) : admin2.approveRequest(request)
-    );
-  }
-  return request;
-};
-var prepareRequest_default = prepareRequest;
-
-// src/createDefaultRunner.ts
-var createDefaultRunner = (pool, options) => {
-  const { twoStepsRequest } = options;
-  const basicHandler = (type, options2) => {
-    return async (params) => {
-      const { data, existingRequest, noApproval } = params;
-      const payload = prepareRequest_default({ type, data });
-      const extra = { noApproval, existingRequest, twoStepsRequest, ...options2 };
-      return performRequest(payload, pool, extra);
-    };
-  };
-  const createAccount = async (params) => {
-    const { account, data, tradelinkAM } = params;
-    if ("readOnly" in account && account.readOnly) {
-      const adminDevices = await pool.getOnboardingAdminDevices();
-      const admin = await pool.login(adminDevices[0][1]);
-      const payload = prepareRequest_default({ type: "CREATE_ACCOUNT", data });
-      return admin.post("/dev/accounts", payload);
-    }
-    let res;
-    try {
-      res = await basicHandler("CREATE_ACCOUNT")(params);
-      if (tradelinkAM) {
-        const adminDevices = await pool.getOnboardingAdminDevices();
-        const admin = await pool.login(adminDevices[0][1]);
-        const reqResp = await admin.get(
-          `/requests?page=1&type=ACTIVATE&target_id=${res.account.id}`
-        );
-        const requests = unwrapConnection(reqResp);
-        const activationRequest = requests[0];
-        if (!activationRequest) {
-          throw new Error(`No account activation request found for account ${res.account.name}`);
-        }
-        if (!pool.apiGateway) {
-          throw new Error("apiGateway URL is not set");
-        }
-        await reviewAPIRequest_default(
-          {
-            pool,
-            requestID: activationRequest.id,
-            apiUser: tradelinkAM,
-            gate: pool.gate,
-            apiGateway: pool.apiGateway,
-            reviewType: "APPROVE"
-          },
-          { logger: SILENT_LOGGER }
-        );
-      }
-    } catch (err) {
-      if (err instanceof Error && err.name === "ACCOUNT_CHILD_ALREADY_EXISTED_EXCEPTION" && "contractAddress" in account && !!account.parentAccount) {
-        const adminDevices = await pool.getOnboardingAdminDevices();
-        const admin = await pool.login(adminDevices[0][1]);
-        const parentAccountsConnection = await admin.network(
-          "GET",
-          `/accounts?name=${account.parentAccount}`
-        );
-        const parentAccountEdge = parentAccountsConnection.edges.find(
-          (e) => e.node.name === account.parentAccount
-        );
-        invariant2(parentAccountEdge, `Parent account not found for ${account.name}`);
-        const parentAccount = parentAccountEdge.node;
-        const rawCurrencyQuery = `${parentAccount.currency}:${account.contractAddress}`;
-        const currencyQuery = encodeURIComponent(rawCurrencyQuery);
-        const potentialAccounts = await admin.network(
-          "GET",
-          `/accounts?currency=${currencyQuery}&index=${parentAccount.index}`
-        );
-        invariant2(
-          potentialAccounts.edges.length === 1,
-          `We should have one matching token account for ${currencyQuery} (index: ${parentAccount.index})`
-        );
-        const existingAccount = potentialAccounts.edges[0].node;
-        const editParams = {
-          ...params,
-          data: { ...params.data, existingAccount }
-        };
-        res = await basicHandler("EDIT_ACCOUNT")(editParams);
-      } else {
-        throw err;
-      }
-    }
-    if (params.waitForActive) {
-      const accountId = res.target_id;
-      const adminDevices = await pool.getOnboardingAdminDevices();
-      const admin = await pool.login(adminDevices[0][1]);
-      for (let i = 0; i < 60; i++) {
-        const account2 = await admin.get(`/accounts/${accountId}`);
-        if (account2.status === "ACTIVE") {
-          res.account = account2;
-          break;
-        }
-        await wait(3e3);
-      }
-    }
-    return res;
-  };
-  const createUser = async (params) => {
-    const { role, userID, name, device } = params;
-    const type = role === "operator" ? "CREATE_OPERATOR" : "CREATE_ADMIN";
-    const data = { userID, role, name };
-    const payload = prepareRequest_default({ type, data });
-    const extra = { noApproval: true };
-    const req = await performRequest(payload, pool, extra);
-    const res = await pool.registerDevice(device, req);
-    req.user.pub_key = res.u2f_key.pubKey;
-    if (!options.noApproval) {
-      await pool.runWithQuorum((admin) => admin.approveRequest(req));
-    }
-    return req;
-  };
-  const createAPIUser = async (params, manifestFromGate) => {
-    const { user, name, userID } = params;
-    let request = manifestFromGate.rawData.pendingUserRequests.find((e) => e.user.username === name) || null;
-    if (!request) {
-      request = await performRequest(
-        {
-          type: "CREATE_OPERATOR",
-          username: name,
-          user_id: userID,
-          is_api: true,
-          view_all_override: user.viewAll
-        },
-        pool,
-        { noApproval: true }
-      );
-    }
-    if (request.status != "PENDING_APPROVAL")
-      await pool.lamAPI.registerUser(name, request.url_id);
-    if (!options.noApproval) {
-      await pool.runWithQuorum((admin) => admin.approveRequest(request));
-    }
-    return request;
-  };
-  const createAPIV2User = async (params) => {
-    const { name, publicKey, role } = params;
-    const type = "CREATE_API_USER";
-    const data = { publicKey, name, role };
-    const payload = prepareRequest_default({ type, data });
-    const extra = { noApproval: true };
-    const req = await performRequest(payload, pool, extra);
-    if (!options.noApproval) {
-      await pool.runWithQuorum((admin) => admin.approveRequest(req));
-    }
-    return req;
-  };
-  const createAPIV2UserAccess = async (params) => {
-    const { name } = params;
-    const type = "CREATE_API_USER_ACCESS";
-    const data = { name };
-    const payload = prepareRequest_default({ type, data });
-    const extra = { noApproval: true };
-    return await performRequest(payload, pool, extra);
-  };
-  const createTradelinkEntity = async (params) => {
-    const { tradelinkEntity, type } = params;
-    const adminDevices = await pool.getOnboardingAdminDevices();
-    const admin = await pool.login(adminDevices[0][1]);
-    const data = {
-      id: tradelinkEntity.id,
-      name: tradelinkEntity.name,
-      code: tradelinkEntity.code,
-      logo_url: tradelinkEntity.logoUrl
-    };
-    return await admin.post(`/tradelink/${type}`, data);
-  };
-  const createTradelinkNetwork = async (params) => {
-    const adminDevices = await pool.getOnboardingAdminDevices();
-    const admin = await pool.login(adminDevices[0][1]);
-    const data = {
-      id: uuidv4(),
-      custodian: params.custodians[0],
-      exchanges: params.exchanges,
-      asset_managers: params.assetManagers
-    };
-    await admin.network("DELETE", "/tradelink/network").catch(
-      /* istanbul ignore next */
-      (error) => {
-        if (error.message.includes("404")) {
-        } else {
-          throw error;
-        }
-      }
-    );
-    return await admin.post(`/tradelink/network`, data);
-  };
-  const createTradelink = async (params) => {
-    const adminDevices = await pool.getOnboardingAdminDevices();
-    const admin = await pool.login(adminDevices[0][1]);
-    const request = await admin.post(`/requests`, params);
-    await pool.runWithQuorum((admin2) => admin2.approveRequest(request));
-    return request;
-  };
-  const onboardTradelinkEntity = async (params) => {
-    const { tradelinkEntity, type, tradelinkEntityApprover } = params;
-    const adminDevices = await pool.getOnboardingAdminDevices();
-    const admin = await pool.login(adminDevices[0][1]);
-    let data = {};
-    let request;
-    if (type === "exchanges") {
-      data = {
-        type: "CREATE_TRADELINK_EXCHANGE",
-        exchange_name: tradelinkEntity.name,
-        operators: tradelinkEntity.operators,
-        addresses: tradelinkEntity.addresses
-      };
-      request = await admin.post(`/requests`, data);
-    } else {
-      data = {
-        type: "CREATE_TRADELINK_ASSET_MANAGER",
-        asset_manager_name: tradelinkEntity.name,
-        operators: tradelinkEntity.operators,
-        addresses: tradelinkEntity.addresses
-      };
-      request = await admin.post(`/requests`, data);
-    }
-    await pool.runWithQuorum((admin2) => admin2.approveRequest(request));
-    if (!pool.apiGateway) {
-      throw new Error("apiGateway URL is not set");
-    }
-    await reviewAPIRequest_default(
-      {
-        pool,
-        requestID: request.id,
-        apiUser: tradelinkEntityApprover,
-        gate: pool.gate,
-        apiGateway: pool.apiGateway,
-        reviewType: "APPROVE"
-      },
-      { logger: SILENT_LOGGER }
-    );
-    return request;
-  };
-  const editQuorum = async (params) => {
-    const { quorum } = params;
-    const payload = prepareRequest_default({
-      type: "UPDATE_QUORUM",
-      data: { quorum }
-    });
-    await performRequest(payload, pool);
-  };
-  const editWorkspaceRule = async (params) => {
-    const { rule, usersByName } = params;
-    const payload = {
-      type: "EDIT_WORKSPACE_RULE",
-      permission: rule.permission,
-      edit_data: {
-        steps: rule.steps.map((s) => {
-          return {
-            quorum: s.quorum,
-            users: s.users.map((username) => {
-              const user = usersByName[username];
-              invariant2(user, `No user with name ${username}`);
-              return user.pub_key;
-            })
-          };
-        })
-      }
-    };
-    await performRequest(payload, pool);
-  };
-  const runner = {
-    editQuorum,
-    editWorkspaceRule,
-    createUser,
-    createAPIUser,
-    createAPIV2User,
-    createAPIV2UserAccess,
-    createGroup: basicHandler("CREATE_GROUP"),
-    editGroup: basicHandler("EDIT_GROUP"),
-    createAccount,
-    editAccount: basicHandler("EDIT_ACCOUNT"),
-    createWhitelist: basicHandler("CREATE_WHITELIST"),
-    editWhitelist: basicHandler("EDIT_WHITELIST"),
-    createVaultEntity: basicHandler("CREATE_ENTITY", {
-      withoutHSM: true
-    }),
-    editVaultEntity: basicHandler("EDIT_ENTITY", {
-      withoutHSM: true
-    }),
-    createExchange: basicHandler("IMPORT_EXCHANGE", {
-      withoutHSM: true
-    }),
-    editExchange: basicHandler("IMPORT_EXCHANGE", {
-      withoutHSM: true
-    }),
-    createPolicy: basicHandler("CREATE_POLICY"),
-    createTradelink,
-    createTradelinkEntity,
-    onboardTradelinkEntity,
-    createTradelinkNetwork
-  };
-  return runner;
-};
-var createDefaultRunner_default = createDefaultRunner;
-
-// src/apiUser/index.ts
-function getAPIHeader(bearerToken, workspace) {
-  return {
-    headers: {
-      "X-Ledger-Workspace": workspace,
-      "Content-Type": "application/json",
-      Authorization: `Bearer ${bearerToken}`
-    }
-  };
-}
-async function regenerateCredentials(pool, apiNetwork, workspace, apiUser, logger) {
-  const runner = createDefaultRunner_default(pool, {});
-  const postApiUserAccess = {
-    user: apiUser,
-    publicKey: genKeys(apiUser.name).hexPubKey,
-    role: apiUser.role,
-    name: apiUser.name
-  };
-  const userAccessRequest = await runner.createAPIV2UserAccess(postApiUserAccess);
-  const apiUserAuth = {
-    api_key_id: userAccessRequest.api_key_id,
-    api_key_secret: userAccessRequest.api_key_secret
-  };
-  logger.info(
-    chalk`{red.bold IMPORTANT:} {red The API user credentials will not be displayed again so note them somewhere}`
-  );
-  logger.info(
-    JSON.stringify({
-      api_key_id: userAccessRequest.api_key_id,
-      api_key_secret: userAccessRequest.api_key_secret
-    })
-  );
-  return apiUserAuth;
-}
-async function getAuthTokens(apiNetwork, workspace, apiUserAuth) {
-  return await apiNetwork("POST", "/auth/token", apiUserAuth, {
-    headers: { "X-Ledger-Workspace": workspace }
-  });
-}
-async function authenticate(pool, apiNetwork, workspace, apiUser, logger) {
-  const apiUserAuth = await regenerateCredentials(pool, apiNetwork, workspace, apiUser, logger);
-  const bearerResp = await getAuthTokens(apiNetwork, workspace, apiUserAuth);
-  return bearerResp.access_token;
-}
-async function decodeChallenge({
-  apiNetwork,
-  workspace,
-  bearerToken,
-  requestID,
-  reviewType
-}) {
-  let challengeUrl = `/requests/${requestID}/challenge`;
-  if (reviewType === "REJECT") {
-    challengeUrl = `${challengeUrl}/reject`;
-  }
-  const challengeResp = await apiNetwork(
-    "GET",
-    challengeUrl,
-    {},
-    getAPIHeader(bearerToken, workspace)
-  ).catch((error) => {
-    if (error.message.includes("Get abort challenge is only available for tradelink settlement")) {
-      return { challenge: "" };
-    }
-    throw error;
-  });
-  if (challengeResp.challenge === "") {
-    return {
-      challenge: "",
-      decodedChallenge: ""
-    };
-  }
-  return {
-    challenge: challengeResp.challenge,
-    decodedChallenge: decodeData(challengeResp.challenge)
-  };
-}
-async function signAndApprove({
-  apiNetwork,
-  workspace,
-  bearerToken,
-  requestID,
-  apiUser,
-  challenge,
-  reviewType
-}) {
-  const keys = genKeys(apiUser.name);
-  let jws = "";
-  if (challenge !== "") {
-    jws = sign(String(keys.privateKey), challenge);
-  }
-  return await apiNetwork(
-    "POST",
-    `/requests/${requestID}/${reviewType.toLowerCase()}`,
-    { jws },
-    getAPIHeader(bearerToken, workspace)
-  );
-}
-async function getTradelinkPledge({
-  apiNetwork,
-  workspace,
-  gateAccount,
-  bearerToken,
-  exchange
-}) {
-  const pledgesResp = await apiNetwork(
-    "GET",
-    `/pledges?account_id=${gateAccount.id}`,
-    {},
-    getAPIHeader(bearerToken, workspace)
-  );
-  const pledgeResp = pledgesResp.edges.find((p) => p.node.exchange.name == exchange);
-  if (!pledgeResp) {
-    throw new Error(`Exchange '${exchange}' not found`);
-  }
-  return pledgeResp.node;
-}
-async function getTradelinkRecipient({
-  pool,
-  gateAccount,
-  pledge
-}) {
-  const exchangeWLId = pledge.exchange.whitelist_id;
-  const adminDevices = await pool.getOnboardingAdminDevices();
-  const admin = await pool.login(adminDevices[0][1]);
-  const wlResp = await admin.network(
-    "GET",
-    `/whitelists?id=${exchangeWLId}`
-  );
-  const wlAddress = wlResp.edges[0]?.node.addresses.find(
-    (a) => a.currency === gateAccount.currency
-  )?.address;
-  return String(wlAddress);
-}
-
-// src/reviewAPIRequest.ts
-async function reviewAPIRequest({
-  pool,
-  requestID,
-  apiUser,
-  gate,
-  apiGateway,
-  reviewType,
-  skipDecodeChallenge = false
-}, { logger = SILENT_LOGGER2 }) {
-  const workspace = getWorkspaceFromGate(gate);
-  const apiNetwork = createNetwork({
-    baseURL: apiGateway
-  });
-  logger.info(`Authenticate for ${apiUser.name}`);
-  const bearerToken = await authenticate(pool, apiNetwork, workspace, apiUser, logger);
-  let apiChallenge = {
-    challenge: "",
-    decodedChallenge: ""
-  };
-  if (skipDecodeChallenge === false) {
-    logger.info("Decode challenge");
-    apiChallenge = await decodeChallenge({
-      apiNetwork,
-      workspace,
-      bearerToken,
-      requestID,
-      reviewType
-    });
-  }
-  logger.info(apiChallenge.decodedChallenge);
-  logger.info("Sign and approve");
-  return signAndApprove({
-    apiNetwork,
-    workspace,
-    bearerToken,
-    requestID,
-    apiUser,
-    challenge: apiChallenge.challenge,
-    reviewType
-  });
-}
-var reviewAPIRequest_default = reviewAPIRequest;
-
-export {
-  performRequest,
-  prepareRequest_default,
-  reviewAPIRequest_default,
-  createDefaultRunner_default,
-  getAuthTokens,
-  authenticate,
-  decodeChallenge,
-  signAndApprove,
-  getTradelinkPledge,
-  getTradelinkRecipient
-};
-//# sourceMappingURL=chunk-6TT6A6YA.mjs.map