@limrun/ui 0.9.0-rc.5 → 0.9.0-rc.7

package/src/components/remote-control.tsx

@@ -65,8 +65,10 @@ interface RemoteControlProps {
    * video stream.
    *
    * - `true` — Select mode. Boxes are clickable, click pins a selection
-   *   with action buttons (Tap / Copy selector / Copy id), ESC clears.
-   *   Device input is blocked while in this mode.
+   *   with action buttons (Tap / Copy selector / Copy command), ESC
+   *   clears. The cursor turns into a crosshair while inspecting and the
+   *   info card hangs off the pointer. Device input is blocked while in
+   *   this mode.
    * - `'hover-only'` — Boxes follow the cursor as a visual preview. Device
    *   input still passes through, so you can drive the simulator while
    *   inspecting.
@@ -74,6 +76,16 @@ interface RemoteControlProps {
    */
   inspectMode?: boolean | 'hover-only';
 
+  /**
+   * Optional instance id used to render the "Copy command" button in the
+   * inspect-mode info card. When provided, the button copies a CLI
+   * invocation like
+   * `lim ios tap-element --ax-label 'Sign in' --type Button --id <instanceId>`
+   * (or its Android equivalent) that targets this exact element on this
+   * exact instance. When omitted the button is hidden.
+   */
+  instanceId?: string;
+
   /**
    * Fires whenever a fresh accessibility snapshot is delivered.
    *
@@ -333,6 +345,7 @@ export const RemoteControl = forwardRef<RemoteControlHandle, RemoteControlProps>
       showFrame = true,
       autoReconnect = false,
       inspectMode,
+      instanceId,
       onAxSnapshotChange,
       onInspectSelectionChange,
       onAxStatusChange,
@@ -2529,6 +2542,7 @@ export const RemoteControl = forwardRef<RemoteControlHandle, RemoteControlProps>
             highlightedId={axHighlightedId}
             selectedId={axSelectedId}
             mode={inspectModeResolved}
+            instanceId={instanceId}
             cursorPosition={axCursorPosition}
             frozenCursorPosition={axFrozenCursorPosition}
             onSelectChange={(element, clickPosition) => {

package/src/core/ax-tree.test.ts

@@ -11,9 +11,11 @@ import {
   AxElement,
   AxSnapshot,
   AX_UNAVAILABLE_ERROR,
+  axCliTapCommand,
   axElementAtPoint,
   axElementRoleLabel,
   axElementSelectorExpression,
+  axElementSelectorObject,
   axElementSummary,
   axElementsEqual,
   axSnapshotsEqual,
@@ -483,6 +485,128 @@ describe('axElementSelectorExpression', () => {
   });
 });
 
+describe('axElementSelectorObject', () => {
+  const mk = (sel: Partial<AxElement['selectors']>, value = ''): AxElement => ({
+    id: '0',
+    path: '0',
+    label: '',
+    value,
+    role: '',
+    type: '',
+    enabled: true,
+    focused: false,
+    frame: { x: 0, y: 0, width: 1, height: 1 },
+    selectors: sel,
+    raw: {},
+  });
+
+  test('iOS: includes every available selector field, mapping className to type', () => {
+    expect(
+      axElementSelectorObject(mk({ AXUniqueId: 'signin', AXLabel: 'Sign in', className: 'Button' }), 'ios'),
+    ).toEqual({ AXUniqueId: 'signin', AXLabel: 'Sign in', type: 'Button' });
+  });
+
+  test('iOS: falls back to AXLabel + type when AXUniqueId is missing', () => {
+    expect(axElementSelectorObject(mk({ AXLabel: 'OK', className: 'Button' }), 'ios')).toEqual({
+      AXLabel: 'OK',
+      type: 'Button',
+    });
+  });
+
+  test('iOS: returns null when only a generic type/className is available', () => {
+    expect(axElementSelectorObject(mk({ className: 'Button' }), 'ios')).toBeNull();
+    expect(axElementSelectorObject(mk({}), 'ios')).toBeNull();
+  });
+
+  test('Android: includes every available selector field', () => {
+    expect(
+      axElementSelectorObject(
+        mk({
+          resourceId: 'com.example:id/submit',
+          contentDesc: 'Submit',
+          text: 'Submit',
+          className: 'android.widget.Button',
+        }),
+        'android',
+      ),
+    ).toEqual({
+      resourceId: 'com.example:id/submit',
+      contentDesc: 'Submit',
+      text: 'Submit',
+      className: 'android.widget.Button',
+    });
+  });
+
+  test('Android: returns null when only a className is present', () => {
+    expect(axElementSelectorObject(mk({ className: 'android.widget.View' }), 'android')).toBeNull();
+    expect(axElementSelectorObject(mk({}), 'android')).toBeNull();
+  });
+});
+
+describe('axCliTapCommand', () => {
+  const mk = (sel: Partial<AxElement['selectors']>): AxElement => ({
+    id: '0',
+    path: '0',
+    label: '',
+    value: '',
+    role: '',
+    type: '',
+    enabled: true,
+    focused: false,
+    frame: { x: 0, y: 0, width: 1, height: 1 },
+    selectors: sel,
+    raw: {},
+  });
+
+  test('iOS: emits tap-element with every available selector flag', () => {
+    expect(
+      axCliTapCommand(
+        mk({ AXUniqueId: 'signin', AXLabel: 'Sign in', className: 'Button' }),
+        'ios',
+        'ios_abc',
+      ),
+    ).toBe(`lim ios tap-element --ax-unique-id signin --ax-label 'Sign in' --type Button --id ios_abc`);
+  });
+
+  test('iOS: AXLabel + type fallback when AXUniqueId is missing', () => {
+    expect(axCliTapCommand(mk({ AXLabel: 'OK', className: 'Button' }), 'ios', 'ios_abc')).toBe(
+      `lim ios tap-element --ax-label OK --type Button --id ios_abc`,
+    );
+  });
+
+  test('Android: emits tap-element with resource-id / content-desc / text / class-name', () => {
+    expect(
+      axCliTapCommand(
+        mk({
+          resourceId: 'com.example:id/submit',
+          contentDesc: 'Submit button',
+          text: 'Submit',
+          className: 'android.widget.Button',
+        }),
+        'android',
+        'and_1',
+      ),
+    ).toBe(
+      `lim android tap-element --resource-id com.example:id/submit --content-desc 'Submit button' --text Submit --class-name android.widget.Button --id and_1`,
+    );
+  });
+
+  test('shell-quotes values containing apostrophes', () => {
+    expect(axCliTapCommand(mk({ AXLabel: `Bob's button` }), 'ios', 'ios_abc')).toBe(
+      `lim ios tap-element --ax-label 'Bob'\\''s button' --id ios_abc`,
+    );
+  });
+
+  test('returns null when no specific selector is available', () => {
+    expect(axCliTapCommand(mk({ className: 'Button' }), 'ios', 'ios_abc')).toBeNull();
+    expect(axCliTapCommand(mk({}), 'android', 'and_1')).toBeNull();
+  });
+
+  test('returns null when instanceId is empty', () => {
+    expect(axCliTapCommand(mk({ AXUniqueId: 'signin' }), 'ios', '')).toBeNull();
+  });
+});
+
 describe('AX_UNAVAILABLE_ERROR', () => {
   test('is a non-empty string customers can compare against', () => {
     expect(typeof AX_UNAVAILABLE_ERROR).toBe('string');

package/src/core/ax-tree.ts

@@ -382,6 +382,113 @@ export function axElementSelectorExpression(el: AxElement, platform: AxPlatform)
   return null;
 }
 
+// Returns a plain selector object for the element using the same key names the
+// CLI / instance API expect (`AXUniqueId`, `AXLabel`, `type` on iOS;
+// `resourceId`, `contentDesc`, `text`, `className` on Android). Includes every
+// CLI-supportable selector field present on the element so the consumer can
+// disambiguate (e.g. `{AXLabel:"Submit", type:"Button"}`).
+//
+// Returns null when the element has no anchor field specific enough to drive
+// a tap — a lone `type` / `className` is intentionally treated as
+// non-actionable to avoid copying a near-useless selector. This mirrors the
+// precedence used by `axElementSelectorExpression`.
+export function axElementSelectorObject(el: AxElement, platform: AxPlatform): Record<string, string> | null {
+  const out: Record<string, string> = {};
+  let hasSpecific = false;
+  if (platform === 'ios') {
+    if (el.selectors.AXUniqueId) {
+      out.AXUniqueId = el.selectors.AXUniqueId;
+      hasSpecific = true;
+    }
+    if (el.selectors.AXLabel) {
+      out.AXLabel = el.selectors.AXLabel;
+      hasSpecific = true;
+    }
+    // `selectors.className` carries the iOS element `type` (e.g. "Button").
+    // The CLI / API expose it under the key `type`, so rename here.
+    if (el.selectors.className) {
+      out.type = el.selectors.className;
+    }
+  } else {
+    if (el.selectors.resourceId) {
+      out.resourceId = el.selectors.resourceId;
+      hasSpecific = true;
+    }
+    if (el.selectors.contentDesc) {
+      out.contentDesc = el.selectors.contentDesc;
+      hasSpecific = true;
+    }
+    if (el.selectors.text) {
+      out.text = el.selectors.text;
+      hasSpecific = true;
+    }
+    if (el.selectors.className) {
+      out.className = el.selectors.className;
+    }
+  }
+  return hasSpecific ? out : null;
+}
+
+// POSIX-safe single quoting for shell command rendering. Bare-prints "safe"
+// tokens (alphanumerics, slashes, dots, etc.) so common identifiers like
+// UUIDs and Android resource IDs (`com.example:id/submit`) stay readable;
+// everything else gets single-quoted with internal apostrophes escaped as
+// `'\''`.
+const shellQuote = (value: string): string => {
+  if (value === '') return "''";
+  if (/^[A-Za-z0-9_./\-:@%+=,]+$/.test(value)) return value;
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+};
+
+// Maps `axElementSelectorObject` keys to their `lim … tap-element` CLI
+// flags. Scoped to the keys emitted by `axElementSelectorObject` — any
+// future selector field added there must also be added here.
+const CLI_FLAG_BY_SELECTOR_KEY: Record<AxPlatform, Record<string, string>> = {
+  ios: {
+    AXUniqueId: '--ax-unique-id',
+    AXLabel: '--ax-label',
+    type: '--type',
+  },
+  android: {
+    resourceId: '--resource-id',
+    contentDesc: '--content-desc',
+    text: '--text',
+    className: '--class-name',
+  },
+};
+
+// Renders the `lim` CLI command that taps the element via selector flags
+// rather than coordinates. Includes every CLI-supportable selector field
+// present on the element (same precedence as `axElementSelectorObject`) so
+// matches are unambiguous and resilient to layout changes.
+//
+// Example outputs:
+//   lim ios tap-element --ax-unique-id signin --id <id>
+//   lim ios tap-element --ax-label 'Sign in' --type Button --id <id>
+//   lim android tap-element --resource-id com.example:id/submit --id <id>
+//
+// Returns null when:
+//   - `instanceId` is empty, or
+//   - the element has no field specific enough to drive a selector tap
+//     (matches `axElementSelectorObject` returning null — e.g. only a
+//     generic className/type is available).
+export function axCliTapCommand(el: AxElement, platform: AxPlatform, instanceId: string): string | null {
+  if (!instanceId) return null;
+  const selectors = axElementSelectorObject(el, platform);
+  if (!selectors) return null;
+
+  const flagMap = CLI_FLAG_BY_SELECTOR_KEY[platform];
+  const parts: string[] = ['lim', platform, 'tap-element'];
+  for (const [key, flag] of Object.entries(flagMap)) {
+    const value = selectors[key];
+    if (value) {
+      parts.push(flag, shellQuote(value));
+    }
+  }
+  parts.push('--id', shellQuote(instanceId));
+  return parts.join(' ');
+}
+
 // Cleans up internal-looking role tokens. iOS's `role_description` can be
 // raw strings like "AXGenericElement" or empty when AppKit doesn't have a
 // description for the role. Android sets role to the className which is

package/src/core/device-install/apple/client.ts

@@ -0,0 +1,152 @@
+import { AppleGsaSrpClient } from './gsa-srp';
+import {
+  createAppleRelaySession,
+  deleteAppleRelaySession,
+  fetchAppleAccountSession,
+  proxyPhoneTwoFactorCode,
+  proxySrpComplete,
+  proxySrpInit,
+  proxyTwoFactorCode,
+  triggerPhoneTwoFactor,
+  triggerTrustedDeviceTwoFactor,
+  type AppleRelayResponse,
+} from './relay';
+
+export type AppleIDLoginInput = {
+  limbuildApiUrl: string;
+  accountName: string;
+  password: string;
+  token?: string;
+};
+
+export type AppleIDLoginResult = {
+  appleSessionId: string;
+  completeResponse: AppleRelayResponse;
+  twoFactorChallengeResponse?: AppleRelayResponse;
+  requiresTwoFactor: boolean;
+  finishTwoFactor: (code: string) => Promise<AppleRelayResponse>;
+  finalize: () => Promise<AppleRelayResponse>;
+  close: () => Promise<void>;
+};
+
+type TwoFactorMethod =
+  | { type: 'trustedDevice' }
+  | { type: 'phone'; phoneNumberId: number; mode: string };
+
+export async function startBrowserOwnedAppleIDLogin({
+  limbuildApiUrl,
+  accountName,
+  password,
+  token,
+}: AppleIDLoginInput): Promise<AppleIDLoginResult> {
+  const { appleSessionId } = await createAppleRelaySession(limbuildApiUrl, token);
+  try {
+    const srp = new AppleGsaSrpClient(accountName);
+    const initResponse = await proxySrpInit(limbuildApiUrl, appleSessionId, await srp.init(), token);
+    if (initResponse.status < 200 || initResponse.status >= 300) {
+      throw new Error(`Apple SRP init failed: HTTP ${initResponse.status} ${initResponse.rawBody ?? ''}`.trim());
+    }
+    if (!initResponse.body) {
+      throw new Error('Apple SRP init response did not include a body.');
+    }
+    const proof = await srp.complete(password, initResponse.body);
+    const completeResponse = await proxySrpComplete(
+      limbuildApiUrl,
+      appleSessionId,
+      {
+        ...proof,
+        rememberMe: false,
+        trustTokens: [],
+      },
+      token,
+    );
+    const requiresTwoFactor = completeResponse.status === 409;
+    let twoFactorChallengeResponse: AppleRelayResponse | undefined;
+    let twoFactorMethod: TwoFactorMethod = { type: 'trustedDevice' };
+    if (requiresTwoFactor) {
+      twoFactorChallengeResponse = await triggerTrustedDeviceTwoFactor(limbuildApiUrl, appleSessionId, token);
+      const phone = trustedPhoneNumberFromChallenge(twoFactorChallengeResponse.body);
+      if (phone) {
+        twoFactorMethod = {
+          type: 'phone',
+          phoneNumberId: phone.id,
+          mode: phone.pushMode ?? 'sms',
+        };
+      }
+      if (twoFactorChallengeResponse.status === 412) {
+        if (!phone) {
+          throw new Error('Apple requested phone verification but did not include a trusted phone number.');
+        }
+        twoFactorChallengeResponse = await triggerPhoneTwoFactor(
+          limbuildApiUrl,
+          appleSessionId,
+          phone.id,
+          phone.pushMode ?? 'sms',
+          token,
+        );
+      }
+      if (twoFactorChallengeResponse.status < 200 || twoFactorChallengeResponse.status >= 300) {
+        throw new Error(
+          `Apple two-factor challenge failed: HTTP ${twoFactorChallengeResponse.status} ${
+            twoFactorChallengeResponse.rawBody ?? ''
+          }`.trim(),
+        );
+      }
+    } else if (completeResponse.status < 200 || completeResponse.status >= 300) {
+      throw new Error(`Apple SRP complete failed: HTTP ${completeResponse.status} ${completeResponse.rawBody ?? ''}`.trim());
+    }
+    return {
+      appleSessionId,
+      completeResponse,
+      twoFactorChallengeResponse,
+      requiresTwoFactor,
+      finishTwoFactor: async (code) => {
+        const response =
+          twoFactorMethod.type === 'phone'
+            ? await proxyPhoneTwoFactorCode(
+                limbuildApiUrl,
+                appleSessionId,
+                twoFactorMethod.phoneNumberId,
+                code,
+                twoFactorMethod.mode,
+                token,
+              )
+            : await proxyTwoFactorCode(limbuildApiUrl, appleSessionId, code, token);
+        if (response.status < 200 || response.status >= 300) {
+          throw new Error(`Apple two-factor code failed: HTTP ${response.status} ${response.rawBody ?? ''}`.trim());
+        }
+        return response;
+      },
+      finalize: async () => fetchAppleAccountSession(limbuildApiUrl, appleSessionId, token),
+      close: () => deleteAppleRelaySession(limbuildApiUrl, appleSessionId, token),
+    };
+  } catch (error) {
+    await deleteAppleRelaySession(limbuildApiUrl, appleSessionId, token).catch(() => undefined);
+    throw error;
+  }
+}
+
+function trustedPhoneNumberFromChallenge(body: unknown) {
+  if (!isRecord(body)) return undefined;
+  const verification = isRecord(body.phoneNumberVerification) ? body.phoneNumberVerification : undefined;
+  const trustedPhoneNumber =
+    recordValue(verification?.trustedPhoneNumber) ??
+    recordValue(body.trustedPhoneNumber) ??
+    recordValue(body.phoneNumber);
+  if (!trustedPhoneNumber) return undefined;
+  const id = trustedPhoneNumber.id;
+  if (typeof id !== 'number') return undefined;
+  const pushMode =
+    typeof trustedPhoneNumber.pushMode === 'string' ? trustedPhoneNumber.pushMode
+    : typeof body.mode === 'string' ? body.mode
+    : undefined;
+  return { id, pushMode };
+}
+
+function recordValue(value: unknown) {
+  return isRecord(value) ? value : undefined;
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}

package/src/core/device-install/apple/crypto.ts

@@ -0,0 +1,202 @@
+import forge from 'node-forge';
+
+export type AppleSigningKeyMaterial = {
+  privateKey: CryptoKey;
+  privateKeyPKCS8Base64: string;
+  publicKeySPKIBase64: string;
+  csrPEM: string;
+  csrBase64: string;
+};
+
+export type AppleCSRInput = {
+  commonName: string;
+  emailAddress?: string;
+};
+
+export type ExportP12Input = {
+  privateKeyPKCS8Base64: string;
+  certificateBase64?: string;
+  certificatePEM?: string;
+  password: string;
+  friendlyName?: string;
+};
+
+const rsaAlgorithm: RsaHashedKeyGenParams = {
+  name: 'RSASSA-PKCS1-v1_5',
+  modulusLength: 2048,
+  publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+  hash: 'SHA-256',
+};
+
+export async function generateAppleSigningKeyAndCSR(input: AppleCSRInput): Promise<AppleSigningKeyMaterial> {
+  if (!crypto.subtle) {
+    throw new Error('WebCrypto is not available in this browser.');
+  }
+  const keyPair = await crypto.subtle.generateKey(rsaAlgorithm, true, ['sign', 'verify']);
+  const publicKeySPKI = new Uint8Array(await crypto.subtle.exportKey('spki', keyPair.publicKey));
+  const certificationRequestInfo = derSequence(
+    derInteger(0),
+    derName(input),
+    publicKeySPKI,
+    derContext(0, new Uint8Array()),
+  );
+  const signature = new Uint8Array(
+    await crypto.subtle.sign('RSASSA-PKCS1-v1_5', keyPair.privateKey, toArrayBuffer(certificationRequestInfo)),
+  );
+  const csrDER = derSequence(
+    certificationRequestInfo,
+    derSequence(derOID('1.2.840.113549.1.1.11'), derNull()),
+    derBitString(signature),
+  );
+  const privateKeyPKCS8 = new Uint8Array(await crypto.subtle.exportKey('pkcs8', keyPair.privateKey));
+  return {
+    privateKey: keyPair.privateKey,
+    privateKeyPKCS8Base64: bytesToBase64(privateKeyPKCS8),
+    publicKeySPKIBase64: bytesToBase64(publicKeySPKI),
+    csrPEM: pemBlock('CERTIFICATE REQUEST', csrDER),
+    csrBase64: bytesToBase64(csrDER),
+  };
+}
+
+export function exportAppleCertificateP12(input: ExportP12Input) {
+  if (!input.certificateBase64 && !input.certificatePEM) {
+    throw new Error('certificateBase64 or certificatePEM is required.');
+  }
+  const privateKey = forge.pki.privateKeyFromPem(
+    pemFromBase64('PRIVATE KEY', input.privateKeyPKCS8Base64),
+  );
+  const certificate = input.certificatePEM
+    ? forge.pki.certificateFromPem(input.certificatePEM)
+    : forge.pki.certificateFromAsn1(
+        forge.asn1.fromDer(forge.util.createBuffer(base64ToBinary(input.certificateBase64!))),
+      );
+  const p12 = forge.pkcs12.toPkcs12Asn1(privateKey, [certificate], input.password, {
+    algorithm: '3des',
+    friendlyName: input.friendlyName,
+  });
+  const der = forge.asn1.toDer(p12).getBytes();
+  return binaryToBase64(der);
+}
+
+function derName(input: AppleCSRInput) {
+  const attributes = [derAttribute('2.5.4.3', derUTF8String(input.commonName))];
+  if (input.emailAddress) {
+    attributes.push(derAttribute('1.2.840.113549.1.9.1', derIA5String(input.emailAddress)));
+  }
+  return derSequence(...attributes);
+}
+
+function derAttribute(oid: string, value: Uint8Array) {
+  return derSet(derSequence(derOID(oid), value));
+}
+
+function derSequence(...values: Uint8Array[]) {
+  return derTLV(0x30, concatBytes(...values));
+}
+
+function derSet(...values: Uint8Array[]) {
+  return derTLV(0x31, concatBytes(...values));
+}
+
+function derContext(tag: number, value: Uint8Array) {
+  return derTLV(0xa0 + tag, value);
+}
+
+function derInteger(value: number) {
+  return derTLV(0x02, new Uint8Array([value]));
+}
+
+function derNull() {
+  return new Uint8Array([0x05, 0x00]);
+}
+
+function derUTF8String(value: string) {
+  return derTLV(0x0c, new TextEncoder().encode(value));
+}
+
+function derIA5String(value: string) {
+  return derTLV(0x16, new TextEncoder().encode(value));
+}
+
+function derBitString(value: Uint8Array) {
+  return derTLV(0x03, concatBytes(new Uint8Array([0]), value));
+}
+
+function derOID(oid: string) {
+  const parts = oid.split('.').map((part) => parseInt(part, 10));
+  if (parts.length < 2 || parts.some((part) => !Number.isFinite(part))) {
+    throw new Error(`Invalid OID: ${oid}`);
+  }
+  const encoded = [parts[0] * 40 + parts[1]];
+  for (const part of parts.slice(2)) {
+    const stack = [part & 0x7f];
+    let value = part >> 7;
+    while (value > 0) {
+      stack.unshift((value & 0x7f) | 0x80);
+      value >>= 7;
+    }
+    encoded.push(...stack);
+  }
+  return derTLV(0x06, new Uint8Array(encoded));
+}
+
+function derTLV(tag: number, value: Uint8Array) {
+  return concatBytes(new Uint8Array([tag]), derLength(value.byteLength), value);
+}
+
+function derLength(length: number) {
+  if (length < 0x80) {
+    return new Uint8Array([length]);
+  }
+  const bytes: number[] = [];
+  let value = length;
+  while (value > 0) {
+    bytes.unshift(value & 0xff);
+    value >>= 8;
+  }
+  return new Uint8Array([0x80 | bytes.length, ...bytes]);
+}
+
+function concatBytes(...chunks: Uint8Array[]) {
+  const length = chunks.reduce((sum, chunk) => sum + chunk.byteLength, 0);
+  const out = new Uint8Array(length);
+  let offset = 0;
+  for (const chunk of chunks) {
+    out.set(chunk, offset);
+    offset += chunk.byteLength;
+  }
+  return out;
+}
+
+function pemBlock(label: string, der: Uint8Array) {
+  const base64 = bytesToBase64(der);
+  const lines = base64.match(/.{1,64}/g) ?? [];
+  return `-----BEGIN ${label}-----\n${lines.join('\n')}\n-----END ${label}-----\n`;
+}
+
+function pemFromBase64(label: string, base64: string) {
+  const lines = base64.match(/.{1,64}/g) ?? [];
+  return `-----BEGIN ${label}-----\n${lines.join('\n')}\n-----END ${label}-----\n`;
+}
+
+function bytesToBase64(bytes: Uint8Array) {
+  let binary = '';
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+
+function binaryToBase64(binary: string) {
+  return btoa(binary);
+}
+
+function base64ToBinary(value: string) {
+  return atob(value);
+}
+
+function toArrayBuffer(bytes: Uint8Array): ArrayBuffer {
+  const copy = new Uint8Array(bytes.byteLength);
+  copy.set(bytes);
+  return copy.buffer;
+}