@lit-protocol/vincent-app-sdk 0.0.4-ea

package/dist/src/jwt/core/isExpired.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isExpired = isExpired;
+/** Checks if a JWT is expired based on its 'exp' claim
+ *
+ * @returns true if expired, false otherwise
+ * @param decodedJWT
+ * @category API
+ */
+function isExpired(decodedJWT) {
+    const { payload } = decodedJWT;
+    // Tokens that never expire are treated as expired for security.
+    if (!payload.exp) {
+        return true;
+    }
+    // JWT exp is in seconds, Date.now() is in milliseconds
+    const currentTime = Math.floor(Date.now() / 1000);
+    return currentTime >= payload.exp;
+}
+//# sourceMappingURL=isExpired.js.map

package/dist/src/jwt/core/isExpired.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"isExpired.js","sourceRoot":"","sources":["../../../../src/jwt/core/isExpired.ts"],"names":[],"mappings":";;AAQA,8BAWC;AAjBD;;;;;GAKG;AACH,SAAgB,SAAS,CAAC,UAAsB;IAC9C,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,CAAC;IAE/B,gEAAgE;IAChE,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,uDAAuD;IACvD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAClD,OAAO,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC;AACpC,CAAC"}

package/dist/src/jwt/core/utils/base64.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Decodes a base64 or base64url string into a Uint8Array.
+ * Works in Node.js, Deno, browsers, and Web Workers.
+ *
+ * No Buffer polyfill requirement.
+ */
+export declare function fromBase64(base64: string): Uint8Array;
+/**
+ * Converts a Uint8Array to a base64url-encoded string.
+ * Works in all JS environments (Node.js, Deno, browser, Web Workers).
+ * No Buffer polyfill requirement.
+ */
+export declare function toBase64Url(bytes: Uint8Array): string;
+//# sourceMappingURL=base64.d.ts.map

package/dist/src/jwt/core/utils/base64.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,UAAU,CAuBrD;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAkBrD"}

package/dist/src/jwt/core/utils/base64.js

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fromBase64 = fromBase64;
+exports.toBase64Url = toBase64Url;
+/**
+ * Decodes a base64 or base64url string into a Uint8Array.
+ * Works in Node.js, Deno, browsers, and Web Workers.
+ *
+ * No Buffer polyfill requirement.
+ */
+function fromBase64(base64) {
+    // Normalize base64url → base64
+    const normalized = base64
+        .replace(/-/g, '+')
+        .replace(/_/g, '/')
+        .padEnd(Math.ceil(base64.length / 4) * 4, '=');
+    // Node.js
+    if (typeof Buffer !== 'undefined' && typeof Buffer.from === 'function') {
+        return new Uint8Array(Buffer.from(normalized, 'base64'));
+    }
+    // Browser / Web Worker / Deno
+    if (typeof atob !== 'undefined') {
+        const binary = atob(normalized);
+        const bytes = new Uint8Array(binary.length);
+        for (let i = 0; i < binary.length; i++) {
+            bytes[i] = binary.charCodeAt(i);
+        }
+        return bytes;
+    }
+    throw new Error('No base64 decoding method available in this environment.');
+}
+/**
+ * Converts a Uint8Array to a base64url-encoded string.
+ * Works in all JS environments (Node.js, Deno, browser, Web Workers).
+ * No Buffer polyfill requirement.
+ */
+function toBase64Url(bytes) {
+    // Node.js
+    if (typeof Buffer !== 'undefined' && typeof Buffer.from === 'function') {
+        return Buffer.from(bytes)
+            .toString('base64')
+            .replace(/\+/g, '-')
+            .replace(/\//g, '_')
+            .replace(/=+$/, '');
+    }
+    // Browser / Deno / Web Worker
+    if (typeof btoa !== 'undefined') {
+        const binString = String.fromCharCode(...bytes);
+        const base64 = btoa(binString);
+        return base64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+    }
+    throw new Error('No base64 encoding method available in this environment.');
+}
+//# sourceMappingURL=base64.js.map

package/dist/src/jwt/core/utils/base64.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base64.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/base64.ts"],"names":[],"mappings":";;AAMA,gCAuBC;AAOD,kCAkBC;AAtDD;;;;;GAKG;AACH,SAAgB,UAAU,CAAC,MAAc;IACvC,+BAA+B;IAC/B,MAAM,UAAU,GAAG,MAAM;SACtB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;SAClB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;IAEjD,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;QAClC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC;AAED;;;;GAIG;AACH,SAAgB,WAAW,CAAC,KAAiB;IAC3C,UAAU;IACV,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QACvE,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC;aACtB,QAAQ,CAAC,QAAQ,CAAC;aAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,8BAA8B;IAC9B,IAAI,OAAO,IAAI,KAAK,WAAW,EAAE,CAAC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC;QAChD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,CAAC;QAC/B,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;AAC9E,CAAC"}

package/dist/src/jwt/core/utils/definedObject.d.ts

@@ -0,0 +1,2 @@
+export declare function isDefinedObject(value: unknown): value is object;
+//# sourceMappingURL=definedObject.d.ts.map

package/dist/src/jwt/core/utils/definedObject.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"definedObject.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/definedObject.ts"],"names":[],"mappings":"AAAA,wBAAgB,eAAe,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,MAAM,CAE/D"}

package/dist/src/jwt/core/utils/definedObject.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isDefinedObject = isDefinedObject;
+function isDefinedObject(value) {
+    return typeof value === 'object' && value !== null;
+}
+//# sourceMappingURL=definedObject.js.map

package/dist/src/jwt/core/utils/definedObject.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"definedObject.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/definedObject.ts"],"names":[],"mappings":";;AAAA,0CAEC;AAFD,SAAgB,eAAe,CAAC,KAAc;IAC5C,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC;AACrD,CAAC"}

package/dist/src/jwt/core/utils/index.d.ts

@@ -0,0 +1,5 @@
+export { isDefinedObject } from './definedObject';
+export { validateJWTTime } from './validateJWTTime';
+export { splitJWT } from './splitJWT';
+export { processJWTSignature } from './processJWTSignature';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/jwt/core/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACtC,OAAO,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/src/jwt/core/utils/index.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processJWTSignature = exports.splitJWT = exports.validateJWTTime = exports.isDefinedObject = void 0;
+var definedObject_1 = require("./definedObject");
+Object.defineProperty(exports, "isDefinedObject", { enumerable: true, get: function () { return definedObject_1.isDefinedObject; } });
+var validateJWTTime_1 = require("./validateJWTTime");
+Object.defineProperty(exports, "validateJWTTime", { enumerable: true, get: function () { return validateJWTTime_1.validateJWTTime; } });
+var splitJWT_1 = require("./splitJWT");
+Object.defineProperty(exports, "splitJWT", { enumerable: true, get: function () { return splitJWT_1.splitJWT; } });
+var processJWTSignature_1 = require("./processJWTSignature");
+Object.defineProperty(exports, "processJWTSignature", { enumerable: true, get: function () { return processJWTSignature_1.processJWTSignature; } });
+//# sourceMappingURL=index.js.map

package/dist/src/jwt/core/utils/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/index.ts"],"names":[],"mappings":";;;AAAA,iDAAkD;AAAzC,gHAAA,eAAe,OAAA;AACxB,qDAAoD;AAA3C,kHAAA,eAAe,OAAA;AACxB,uCAAsC;AAA7B,oGAAA,QAAQ,OAAA;AACjB,6DAA4D;AAAnD,0HAAA,mBAAmB,OAAA"}

package/dist/src/jwt/core/utils/processJWTSignature.d.ts

@@ -0,0 +1,8 @@
+/** Processes a JWT signature from base64url to binary
+ * @ignore
+ *
+ * @param signature - The base64url encoded signature string
+ * @returns A Uint8Array of the binary signature
+ */
+export declare function processJWTSignature(signature: string): Uint8Array;
+//# sourceMappingURL=processJWTSignature.d.ts.map

package/dist/src/jwt/core/utils/processJWTSignature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"processJWTSignature.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/processJWTSignature.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,CAEjE"}

package/dist/src/jwt/core/utils/processJWTSignature.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processJWTSignature = processJWTSignature;
+const base64_1 = require("./base64");
+/** Processes a JWT signature from base64url to binary
+ * @ignore
+ *
+ * @param signature - The base64url encoded signature string
+ * @returns A Uint8Array of the binary signature
+ */
+function processJWTSignature(signature) {
+    return (0, base64_1.fromBase64)(signature);
+}
+//# sourceMappingURL=processJWTSignature.js.map

package/dist/src/jwt/core/utils/processJWTSignature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"processJWTSignature.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/processJWTSignature.ts"],"names":[],"mappings":";;AAQA,kDAEC;AAVD,qCAAsC;AAEtC;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,SAAiB;IACnD,OAAO,IAAA,mBAAU,EAAC,SAAS,CAAC,CAAC;AAC/B,CAAC"}

package/dist/src/jwt/core/utils/splitJWT.d.ts

@@ -0,0 +1,11 @@
+/** Splits a JWT into its signed data portion and signature
+ * @ignore
+ *
+ * @param jwt - The JWT string
+ * @returns An object with signedData and signature
+ */
+export declare function splitJWT(jwt: string): {
+    signedData: string;
+    signature: string;
+};
+//# sourceMappingURL=splitJWT.d.ts.map

package/dist/src/jwt/core/utils/splitJWT.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"splitJWT.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/splitJWT.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAU/E"}

package/dist/src/jwt/core/utils/splitJWT.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.splitJWT = splitJWT;
+const did_jwt_1 = require("did-jwt");
+/** Splits a JWT into its signed data portion and signature
+ * @ignore
+ *
+ * @param jwt - The JWT string
+ * @returns An object with signedData and signature
+ */
+function splitJWT(jwt) {
+    const parts = jwt.split('.');
+    if (parts.length !== 3) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT format: must contain 3 parts separated by "."`);
+    }
+    return {
+        signedData: `${parts[0]}.${parts[1]}`,
+        signature: parts[2],
+    };
+}
+//# sourceMappingURL=splitJWT.js.map

package/dist/src/jwt/core/utils/splitJWT.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"splitJWT.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/splitJWT.ts"],"names":[],"mappings":";;AAQA,4BAUC;AAlBD,qCAAoC;AAEpC;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,GAAW;IAClC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,qDAAqD,CAAC,CAAC;IACjG,CAAC;IAED,OAAO;QACL,UAAU,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,EAAE;QACrC,SAAS,EAAE,KAAK,CAAC,CAAC,CAAC;KACpB,CAAC;AACJ,CAAC"}

package/dist/src/jwt/core/utils/validateJWTTime.d.ts

@@ -0,0 +1,12 @@
+/** Validates JWT time claims (iat and nbf)
+ * @ignore
+ *
+ * @param payload - The decoded JWT payload
+ * @param currentTime The time to compare the claims against
+ * @returns true if time claims are valid, false otherwise
+ */
+export declare function validateJWTTime(payload: {
+    nbf?: number;
+    iat?: number;
+}, currentTime: number): boolean;
+//# sourceMappingURL=validateJWTTime.d.ts.map

package/dist/src/jwt/core/utils/validateJWTTime.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validateJWTTime.d.ts","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/validateJWTTime.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,OAAO,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,EACvC,WAAW,EAAE,MAAM,GAClB,OAAO,CAeT"}

package/dist/src/jwt/core/utils/validateJWTTime.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateJWTTime = validateJWTTime;
+const did_jwt_1 = require("did-jwt");
+/** Validates JWT time claims (iat and nbf)
+ * @ignore
+ *
+ * @param payload - The decoded JWT payload
+ * @param currentTime The time to compare the claims against
+ * @returns true if time claims are valid, false otherwise
+ */
+function validateJWTTime(payload, currentTime) {
+    // Check 'not before' claim if present
+    if (payload.nbf && currentTime < payload.nbf) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Token not yet valid (nbf claim is in the future)`);
+    }
+    // Check 'issued at' claim if present
+    // Allow a small leeway (30 seconds) for clock skew
+    if (payload.iat && currentTime < payload.iat - 30) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Token issued in the future (iat claim is ahead of current time)`);
+    }
+    return true;
+}
+//# sourceMappingURL=validateJWTTime.js.map

package/dist/src/jwt/core/utils/validateJWTTime.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validateJWTTime.js","sourceRoot":"","sources":["../../../../../src/jwt/core/utils/validateJWTTime.ts"],"names":[],"mappings":";;AASA,0CAkBC;AA3BD,qCAAoC;AAEpC;;;;;;GAMG;AACH,SAAgB,eAAe,CAC7B,OAAuC,EACvC,WAAmB;IAEnB,sCAAsC;IACtC,IAAI,OAAO,CAAC,GAAG,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,oDAAoD,CAAC,CAAC;IAChG,CAAC;IAED,qCAAqC;IACrC,mDAAmD;IACnD,IAAI,OAAO,CAAC,GAAG,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,GAAG,EAAE,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,mEAAmE,CAC5F,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/src/jwt/core/validate.d.ts

@@ -0,0 +1,29 @@
+import type { VincentJWT, VincentJWTAppSpecific } from '../types';
+export declare function verify({ jwt, expectedAudience, }: {
+    jwt: string;
+    expectedAudience: string;
+    requiredAppId: undefined;
+}): VincentJWT;
+export declare function verify({ jwt, expectedAudience, requiredAppId, }: {
+    jwt: string;
+    expectedAudience: string;
+    requiredAppId: number;
+}): VincentJWTAppSpecific;
+export declare function verify({ jwt, expectedAudience, requiredAppId, }: {
+    jwt: string;
+    expectedAudience: string;
+    requiredAppId: number | undefined;
+}): VincentJWT | VincentJWTAppSpecific;
+export declare function decode({ jwt, requiredAppId, }: {
+    jwt: string;
+    requiredAppId: undefined;
+}): VincentJWT;
+export declare function decode({ jwt, requiredAppId, }: {
+    jwt: string;
+    requiredAppId: number;
+}): VincentJWTAppSpecific;
+export declare function decode({ jwt, requiredAppId, }: {
+    jwt: string;
+    requiredAppId: number | undefined;
+}): VincentJWT | VincentJWTAppSpecific;
+//# sourceMappingURL=validate.d.ts.map

package/dist/src/jwt/core/validate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../../../src/jwt/core/validate.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAMlE,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,GACjB,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,SAAS,CAAC;CAC1B,GAAG,UAAU,CAAC;AAEf,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,EAChB,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG,qBAAqB,CAAC;AAE1B,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,EAChB,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;CACnC,GAAG,UAAU,GAAG,qBAAqB,CAAC;AA4GvC,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,SAAS,CAAC;CAC1B,GAAG,UAAU,CAAC;AAEf,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,MAAM,CAAC;CACvB,GAAG,qBAAqB,CAAC;AAE1B,wBAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GACd,EAAE;IACD,GAAG,EAAE,MAAM,CAAC;IACZ,aAAa,EAAE,MAAM,GAAG,SAAS,CAAC;CACnC,GAAG,UAAU,GAAG,qBAAqB,CAAC"}

package/dist/src/jwt/core/validate.js

@@ -0,0 +1,143 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verify = verify;
+exports.decode = decode;
+const tslib_1 = require("tslib");
+const secp256k1 = tslib_1.__importStar(require("@noble/secp256k1"));
+const didJWT = tslib_1.__importStar(require("did-jwt"));
+const did_jwt_1 = require("did-jwt");
+const ethers_1 = require("ethers");
+const utils_1 = require("ethers/lib/utils");
+const typeGuards_1 = require("../typeGuards");
+const isExpired_1 = require("./isExpired");
+const utils_2 = require("./utils");
+/**
+ * Decodes and verifies an {@link VincentJWT} token in string form
+ *
+ * This function returns the decoded {@link VincentJWT} object only if:
+ * 1. The JWT signature is valid
+ * 2. The JWT is not expired
+ * 3. All time claims (nbf, iat) are valid
+ * 4. The JWT has an audience claim that includes the expected audience
+ *
+ * @param params
+ * @param jwt - The JWT string to verify
+ * @param expectedAudience - String that should be in the audience claim(s)
+ * @param requiredAppId - The appId that should be in the payload of the JWT. If app is not defined, or app.id is different, this method will throw.
+ *
+ * @returns {VincentJWT} The decoded VincentJWT object if it was verified successfully
+ *
+ * @category API
+ * @inline
+ * @expand
+ * @function
+ *
+ * @example
+ * ```typescript
+ *  import { verify } from '@lit-protocol/vincent-app-sdk/jwt';
+ *
+ *  try {
+ *    const decodedAndVerifiedVincentJWT = verify({ jwt, expectedAudience: 'https://myapp.com', requiredAppId: 555 });
+ *   } catch(e) {
+ *    // Handle invalid/expired JWT casew
+ *  }
+ * ```
+ */
+function verify({ jwt, expectedAudience, requiredAppId, }) {
+    if (!expectedAudience) {
+        throw new Error(`You must provide an expectedAudience`);
+    }
+    const decoded = decode({ jwt, requiredAppId });
+    const { aud, exp, pkp } = decoded.payload;
+    if (!exp) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT does not contain an expiration claim (exp)`);
+    }
+    const expired = (0, isExpired_1.isExpired)(decoded);
+    if (expired) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT expired at ${exp}`);
+    }
+    (0, utils_2.validateJWTTime)(decoded.payload, Math.floor(Date.now() / 1000));
+    // Always validate audience - reject if no audience claim or expected audience isn't included
+    if (!aud) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT does not contain an audience claim (aud)`);
+    }
+    const audiences = Array.isArray(aud) ? aud : [aud];
+    if (!audiences.includes(expectedAudience)) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_AUDIENCE}: Expected audience ${expectedAudience} not found in aud claim`);
+    }
+    try {
+        const { signedData, signature } = (0, utils_2.splitJWT)(jwt);
+        // Process signature from base64url to binary
+        const signatureBytes = (0, utils_2.processJWTSignature)(signature);
+        // Extract r and s values from the signature
+        const r = signatureBytes.slice(0, 32);
+        const s = signatureBytes.slice(32, 64);
+        const publicKeyBytes = (0, utils_1.arrayify)(pkp.publicKey);
+        // PKPEthersWallet.signMessage() adds Ethereum prefix, so we need to add it here too
+        const ethPrefixedMessage = '\x19Ethereum Signed Message:\n' + signedData.length + signedData;
+        const messageHash = ethers_1.ethers.utils.keccak256((0, utils_1.toUtf8Bytes)(ethPrefixedMessage));
+        const messageHashBytes = (0, utils_1.arrayify)(messageHash);
+        const signatureForSecp = new Uint8Array([...r, ...s]);
+        // Verify the signature against the public key
+        const isVerified = secp256k1.verify(signatureForSecp, messageHashBytes, publicKeyBytes);
+        if (!isVerified) {
+            throw new Error(`Signature verify() did not pass for ${signature}`);
+        }
+        return decoded;
+    }
+    catch (error) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_SIGNATURE}: Invalid signature: ${error.message}`);
+    }
+}
+/** Decodes a Vincent JWT in string form and returns an {@link VincentJWT} decoded object for your use
+ *
+ * @param jwt - The jwt in string form. It will be decoded and checked to be sure it is not malformed.
+ * @param requiredAppId - The appId that should be in the payload of the JWT. If app is not defined, or app.id is different, this method will throw.
+ *
+ * <div class="box info-box">
+ *   <p class="box-title info-box-title">
+ *     <span class="box-icon info-icon">Info</span> Note
+ *   </p>
+ * This method only <i><b>decodes</b></i> the JWT_ -- you still need to {@link verify} the JWT to be sure it is valid!
+ * If the JWT is expired, you need to use a {@link webAuthClient.WebAuthClient | WebAuthClient} to get a new JWT.
+ *
+ * See {@link webAuthClient.getWebAuthClient | getWebAuthClient}
+ *
+ * </div>
+ * @inline
+ * @expand
+ * @function
+ * @category API
+ *
+ * @example
+ *  ```typescript
+ *   import { decode, isExpired } from '@lit-protocol/vincent-app-sdk/jwt';
+ *
+ *   const decodedVincentJWT = decode({ jwt, requiredAppId: 555 });
+ *   const isJWTExpired = isExpired(decodedVincentJWT);
+ *
+ *   if(!isJWTExpired) {
+ *     // User is logged in
+ *     // You still need to verify the JWT!
+ *   } else {
+ *     // User needs to get a new JWT
+ *     webAuthClient.redirectToConnectPage({redirectUri: window.location.href });
+ *   }
+ *
+ *  ```
+ * */
+function decode({ jwt, requiredAppId, }) {
+    const decodedJwt = didJWT.decodeJWT(jwt);
+    (0, typeGuards_1.assertIsVincentJWT)(decodedJwt);
+    if (requiredAppId) {
+        if (!(0, typeGuards_1.isAppSpecificJWT)(decodedJwt)) {
+            throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT is not app specific; cannot verify requiredAppId`);
+        }
+        const { app } = decodedJwt.payload;
+        if (requiredAppId !== app.id) {
+            throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: appId in JWT does not match requiredAppId. Expected ${requiredAppId}, got ${app.id} `);
+        }
+    }
+    return decodedJwt;
+}
+//# sourceMappingURL=validate.js.map

package/dist/src/jwt/core/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../../src/jwt/core/validate.ts"],"names":[],"mappings":";;AAyEA,wBAwEC;AA+DD,wBA2BC;;AA3OD,oEAA8C;AAC9C,wDAAkC;AAClC,qCAAoC;AACpC,mCAAgC;AAChC,4CAAyD;AAIzD,8CAAqE;AACrE,2CAAwC;AACxC,mCAAyE;AA+BzE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,EAChB,aAAa,GAKd;IACC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,CAAC;IAC/C,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAE1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,qBAAS,EAAC,OAAO,CAAC,CAAC;IACnC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,oBAAoB,GAAG,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,IAAA,uBAAe,EAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAEhE,6FAA6F;IAC7F,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,gDAAgD,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,gBAAgB,uBAAuB,gBAAgB,yBAAyB,CAC9F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAC;QAEhD,6CAA6C;QAC7C,MAAM,cAAc,GAAG,IAAA,2BAAmB,EAAC,SAAS,CAAC,CAAC;QAEtD,4CAA4C;QAC5C,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAEvC,MAAM,cAAc,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE/C,oFAAoF;QACpF,MAAM,kBAAkB,GAAG,gCAAgC,GAAG,UAAU,CAAC,MAAM,GAAG,UAAU,CAAC;QAC7F,MAAM,WAAW,GAAG,eAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC,CAAC;QAC5E,MAAM,gBAAgB,GAAG,IAAA,gBAAQ,EAAC,WAAW,CAAC,CAAC;QAE/C,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEtD,8CAA8C;QAC9C,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAExF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,iBAAiB,wBAAyB,KAAe,CAAC,OAAO,EAAE,CACjF,CAAC;IACJ,CAAC;AACH,CAAC;AA0BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAoCK;AACL,SAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GAId;IACC,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAEzC,IAAA,+BAAkB,EAAC,UAAU,CAAC,CAAC;IAE/B,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,IAAA,6BAAgB,EAAC,UAAU,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,wDAAwD,CACjF,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;QACnC,IAAI,aAAa,KAAK,GAAG,CAAC,EAAE,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,yDAAyD,aAAa,SAAS,GAAG,CAAC,EAAE,GAAG,CACjH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/src/jwt/index.d.ts

@@ -0,0 +1,21 @@
+/** The `jwt` module provides helper methods that allow you to decode and validate Vincent-specific JWTs.
+ *
+ * Vincent JWTs are composed using the `did-jwt` library, but have a custom `alg` of `ES256K`, and are signed using
+ * PKP ethereum keys.
+ *
+ * Vincent JWTs are issued by the Vincent Dashboard when a user provides delegation permission for your app to their agent PKP.
+ * They are passed to your web app using a redirectUri which you configure on your app.
+ *
+ * The methods exported by the `jwt` module are low-level - you probably will just want to use {@link webAuthClient.getWebAuthClient | getWebAuthClient} to get
+ * a {@link webAuthClient.WebAuthClient | WebAuthClient} which handles the redirect process, parsing the JWT from the URL, and verifying it for you.
+ *
+ * @packageDocumentation
+ *
+ */
+export { create } from './core/create';
+export { isExpired } from './core/isExpired';
+export { decode, verify } from './core/validate';
+export { isGeneralJWT, isAppSpecificJWT, assertIsVincentJWT } from './typeGuards';
+export type { JWTConfig, VincentJWT, VincentJWTAppSpecific } from './types';
+export { getAppInfo, getPKPInfo } from './accessors';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/jwt/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAElF,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC"}

package/dist/src/jwt/index.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPKPInfo = exports.getAppInfo = exports.assertIsVincentJWT = exports.isAppSpecificJWT = exports.isGeneralJWT = exports.verify = exports.decode = exports.isExpired = exports.create = void 0;
+/** The `jwt` module provides helper methods that allow you to decode and validate Vincent-specific JWTs.
+ *
+ * Vincent JWTs are composed using the `did-jwt` library, but have a custom `alg` of `ES256K`, and are signed using
+ * PKP ethereum keys.
+ *
+ * Vincent JWTs are issued by the Vincent Dashboard when a user provides delegation permission for your app to their agent PKP.
+ * They are passed to your web app using a redirectUri which you configure on your app.
+ *
+ * The methods exported by the `jwt` module are low-level - you probably will just want to use {@link webAuthClient.getWebAuthClient | getWebAuthClient} to get
+ * a {@link webAuthClient.WebAuthClient | WebAuthClient} which handles the redirect process, parsing the JWT from the URL, and verifying it for you.
+ *
+ * @packageDocumentation
+ *
+ */
+var create_1 = require("./core/create");
+Object.defineProperty(exports, "create", { enumerable: true, get: function () { return create_1.create; } });
+var isExpired_1 = require("./core/isExpired");
+Object.defineProperty(exports, "isExpired", { enumerable: true, get: function () { return isExpired_1.isExpired; } });
+var validate_1 = require("./core/validate");
+Object.defineProperty(exports, "decode", { enumerable: true, get: function () { return validate_1.decode; } });
+Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return validate_1.verify; } });
+var typeGuards_1 = require("./typeGuards");
+Object.defineProperty(exports, "isGeneralJWT", { enumerable: true, get: function () { return typeGuards_1.isGeneralJWT; } });
+Object.defineProperty(exports, "isAppSpecificJWT", { enumerable: true, get: function () { return typeGuards_1.isAppSpecificJWT; } });
+Object.defineProperty(exports, "assertIsVincentJWT", { enumerable: true, get: function () { return typeGuards_1.assertIsVincentJWT; } });
+var accessors_1 = require("./accessors");
+Object.defineProperty(exports, "getAppInfo", { enumerable: true, get: function () { return accessors_1.getAppInfo; } });
+Object.defineProperty(exports, "getPKPInfo", { enumerable: true, get: function () { return accessors_1.getPKPInfo; } });
+//# sourceMappingURL=index.js.map

package/dist/src/jwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;GAaG;AACH,wCAAuC;AAA9B,gGAAA,MAAM,OAAA;AACf,8CAA6C;AAApC,sGAAA,SAAS,OAAA;AAClB,4CAAiD;AAAxC,kGAAA,MAAM,OAAA;AAAE,kGAAA,MAAM,OAAA;AACvB,2CAAkF;AAAzE,0GAAA,YAAY,OAAA;AAAE,8GAAA,gBAAgB,OAAA;AAAE,gHAAA,kBAAkB,OAAA;AAG3D,yCAAqD;AAA5C,uGAAA,UAAU,OAAA;AAAE,uGAAA,UAAU,OAAA"}

package/dist/src/jwt/typeGuards.d.ts

@@ -0,0 +1,14 @@
+import type { JWTDecoded, VincentJWT, VincentJWTAppSpecific } from './types';
+/** Use this typeguard function to identify if the JWT is appId specific and make subsequent type-safe
+ * references into the payload of the JWT
+ */
+export declare function isAppSpecificJWT(decodedJWT: VincentJWT): decodedJWT is VincentJWTAppSpecific;
+/** Use this typeguard function to identify if the JWT is a general authentication JWT that has no specific app target */
+export declare function isGeneralJWT(decodedJWT: VincentJWT): decodedJWT is VincentJWT;
+/** This assert function is used internally to throw if decoding a JWT that is expected to be a VincentJWT gives a malformed response.
+ * You probably don't need it -- use `decode()` and `verify()`
+ *
+ * @hidden
+ */
+export declare function assertIsVincentJWT(decodedJWT: JWTDecoded): asserts decodedJWT is VincentJWT | VincentJWTAppSpecific;
+//# sourceMappingURL=typeGuards.d.ts.map

package/dist/src/jwt/typeGuards.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typeGuards.d.ts","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAI7E;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,qBAAqB,CAE5F;AAED,yHAAyH;AACzH,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,UAAU,CAE7E;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,IAAI,UAAU,GAAG,qBAAqB,CAU1D"}

package/dist/src/jwt/typeGuards.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isAppSpecificJWT = isAppSpecificJWT;
+exports.isGeneralJWT = isGeneralJWT;
+exports.assertIsVincentJWT = assertIsVincentJWT;
+const did_jwt_1 = require("did-jwt");
+const index_1 = require("./core/utils/index");
+/** Use this typeguard function to identify if the JWT is appId specific and make subsequent type-safe
+ * references into the payload of the JWT
+ */
+function isAppSpecificJWT(decodedJWT) {
+    return decodedJWT.payload.app && decodedJWT.payload.app.id;
+}
+/** Use this typeguard function to identify if the JWT is a general authentication JWT that has no specific app target */
+function isGeneralJWT(decodedJWT) {
+    return !isAppSpecificJWT(decodedJWT);
+}
+/** This assert function is used internally to throw if decoding a JWT that is expected to be a VincentJWT gives a malformed response.
+ * You probably don't need it -- use `decode()` and `verify()`
+ *
+ * @hidden
+ */
+function assertIsVincentJWT(decodedJWT) {
+    const { authentication, pkp } = decodedJWT.payload;
+    if (!(0, index_1.isDefinedObject)(authentication)) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "authentication" field in JWT payload.`);
+    }
+    if (!(0, index_1.isDefinedObject)(pkp)) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "pkp" field in JWT payload.`);
+    }
+}
+//# sourceMappingURL=typeGuards.js.map

package/dist/src/jwt/typeGuards.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"typeGuards.js","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":";;AASA,4CAEC;AAGD,oCAEC;AAOD,gDAYC;AAnCD,qCAAoC;AAIpC,8CAAqD;AAErD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,UAAsB;IACrD,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;AAC7D,CAAC;AAED,yHAAyH;AACzH,SAAgB,YAAY,CAAC,UAAsB;IACjD,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAChC,UAAsB;IAEtB,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;IAEnD,IAAI,CAAC,IAAA,uBAAe,EAAC,cAAc,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,IAAI,CAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,uCAAuC,CAAC,CAAC;IACnF,CAAC;AACH,CAAC"}