@lit-protocol/vincent-app-sdk 0.0.4-mma

package/dist/src/jwt/core/validate.js

@@ -0,0 +1,143 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verify = verify;
+exports.decode = decode;
+const tslib_1 = require("tslib");
+const secp256k1 = tslib_1.__importStar(require("@noble/secp256k1"));
+const didJWT = tslib_1.__importStar(require("did-jwt"));
+const did_jwt_1 = require("did-jwt");
+const ethers_1 = require("ethers");
+const utils_1 = require("ethers/lib/utils");
+const typeGuards_1 = require("../typeGuards");
+const isExpired_1 = require("./isExpired");
+const utils_2 = require("./utils");
+/**
+ * Decodes and verifies an {@link VincentJWT} token in string form
+ *
+ * This function returns the decoded {@link VincentJWT} object only if:
+ * 1. The JWT signature is valid
+ * 2. The JWT is not expired
+ * 3. All time claims (nbf, iat) are valid
+ * 4. The JWT has an audience claim that includes the expected audience
+ *
+ * @param params
+ * @param jwt - The JWT string to verify
+ * @param expectedAudience - String that should be in the audience claim(s)
+ * @param requiredAppId - The appId that should be in the payload of the JWT. If app is not defined, or app.id is different, this method will throw.
+ *
+ * @returns {VincentJWT} The decoded VincentJWT object if it was verified successfully
+ *
+ * @category API
+ * @inline
+ * @expand
+ * @function
+ *
+ * @example
+ * ```typescript
+ *  import { verify } from '@lit-protocol/vincent-app-sdk/jwt';
+ *
+ *  try {
+ *    const decodedAndVerifiedVincentJWT = verify({ jwt, expectedAudience: 'https://myapp.com', requiredAppId: 555 });
+ *   } catch(e) {
+ *    // Handle invalid/expired JWT casew
+ *  }
+ * ```
+ */
+function verify({ jwt, expectedAudience, requiredAppId, }) {
+    if (!expectedAudience) {
+        throw new Error(`You must provide an expectedAudience`);
+    }
+    const decoded = decode({ jwt, requiredAppId });
+    const { aud, exp, pkp } = decoded.payload;
+    if (!exp) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT does not contain an expiration claim (exp)`);
+    }
+    const expired = (0, isExpired_1.isExpired)(decoded);
+    if (expired) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT expired at ${exp}`);
+    }
+    (0, utils_2.validateJWTTime)(decoded.payload, Math.floor(Date.now() / 1000));
+    // Always validate audience - reject if no audience claim or expected audience isn't included
+    if (!aud) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT does not contain an audience claim (aud)`);
+    }
+    const audiences = Array.isArray(aud) ? aud : [aud];
+    if (!audiences.includes(expectedAudience)) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_AUDIENCE}: Expected audience ${expectedAudience} not found in aud claim`);
+    }
+    try {
+        const { signedData, signature } = (0, utils_2.splitJWT)(jwt);
+        // Process signature from base64url to binary
+        const signatureBytes = (0, utils_2.processJWTSignature)(signature);
+        // Extract r and s values from the signature
+        const r = signatureBytes.slice(0, 32);
+        const s = signatureBytes.slice(32, 64);
+        const publicKeyBytes = (0, utils_1.arrayify)(pkp.publicKey);
+        // PKPEthersWallet.signMessage() adds Ethereum prefix, so we need to add it here too
+        const ethPrefixedMessage = '\x19Ethereum Signed Message:\n' + signedData.length + signedData;
+        const messageHash = ethers_1.ethers.utils.keccak256((0, utils_1.toUtf8Bytes)(ethPrefixedMessage));
+        const messageHashBytes = (0, utils_1.arrayify)(messageHash);
+        const signatureForSecp = new Uint8Array([...r, ...s]);
+        // Verify the signature against the public key
+        const isVerified = secp256k1.verify(signatureForSecp, messageHashBytes, publicKeyBytes);
+        if (!isVerified) {
+            throw new Error(`Signature verify() did not pass for ${signature}`);
+        }
+        return decoded;
+    }
+    catch (error) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_SIGNATURE}: Invalid signature: ${error.message}`);
+    }
+}
+/** Decodes a Vincent JWT in string form and returns an {@link VincentJWT} decoded object for your use
+ *
+ * @param jwt - The jwt in string form. It will be decoded and checked to be sure it is not malformed.
+ * @param requiredAppId - The appId that should be in the payload of the JWT. If app is not defined, or app.id is different, this method will throw.
+ *
+ * <div class="box info-box">
+ *   <p class="box-title info-box-title">
+ *     <span class="box-icon info-icon">Info</span> Note
+ *   </p>
+ * This method only <i><b>decodes</b></i> the JWT_ -- you still need to {@link verify} the JWT to be sure it is valid!
+ * If the JWT is expired, you need to use a {@link webAuthClient.WebAuthClient | WebAuthClient} to get a new JWT.
+ *
+ * See {@link webAuthClient.getWebAuthClient | getWebAuthClient}
+ *
+ * </div>
+ * @inline
+ * @expand
+ * @function
+ * @category API
+ *
+ * @example
+ *  ```typescript
+ *   import { decode, isExpired } from '@lit-protocol/vincent-app-sdk/jwt';
+ *
+ *   const decodedVincentJWT = decode({ jwt, requiredAppId: 555 });
+ *   const isJWTExpired = isExpired(decodedVincentJWT);
+ *
+ *   if(!isJWTExpired) {
+ *     // User is logged in
+ *     // You still need to verify the JWT!
+ *   } else {
+ *     // User needs to get a new JWT
+ *     webAuthClient.redirectToDelegationAuthPage({redirectUri: window.location.href });
+ *   }
+ *
+ *  ```
+ * */
+function decode({ jwt, requiredAppId, }) {
+    const decodedJwt = didJWT.decodeJWT(jwt);
+    (0, typeGuards_1.assertIsVincentJWT)(decodedJwt);
+    if (requiredAppId) {
+        if (!(0, typeGuards_1.isAppSpecificJWT)(decodedJwt)) {
+            throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: JWT is not app specific; cannot verify requiredAppId`);
+        }
+        const { app } = decodedJwt.payload;
+        if (requiredAppId != app.id) { // TODO temp loose equality to support dashboard not yet migrated to use this as numbers
+            throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: appId in JWT does not match requiredAppId. Expected ${requiredAppId}, got ${app.id} `);
+        }
+    }
+    return decodedJwt;
+}
+//# sourceMappingURL=validate.js.map

package/dist/src/jwt/core/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../../../src/jwt/core/validate.ts"],"names":[],"mappings":";;AAyEA,wBAwEC;AA+DD,wBA2BC;;AA3OD,oEAA8C;AAC9C,wDAAkC;AAClC,qCAAoC;AACpC,mCAAgC;AAChC,4CAAyD;AAIzD,8CAAqE;AACrE,2CAAwC;AACxC,mCAAyE;AA+BzE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,SAAgB,MAAM,CAAC,EACrB,GAAG,EACH,gBAAgB,EAChB,aAAa,GAKd;IACC,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,EAAE,GAAG,EAAE,aAAa,EAAE,CAAC,CAAC;IAC/C,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAE1C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,MAAM,OAAO,GAAG,IAAA,qBAAS,EAAC,OAAO,CAAC,CAAC;IACnC,IAAI,OAAO,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,oBAAoB,GAAG,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,IAAA,uBAAe,EAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC;IAEhE,6FAA6F;IAC7F,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,gDAAgD,CAAC,CAAC;IAC5F,CAAC;IAED,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IAEnD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,gBAAgB,uBAAuB,gBAAgB,yBAAyB,CAC9F,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,CAAC;QAEhD,6CAA6C;QAC7C,MAAM,cAAc,GAAG,IAAA,2BAAmB,EAAC,SAAS,CAAC,CAAC;QAEtD,4CAA4C;QAC5C,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACtC,MAAM,CAAC,GAAG,cAAc,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAEvC,MAAM,cAAc,GAAG,IAAA,gBAAQ,EAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE/C,oFAAoF;QACpF,MAAM,kBAAkB,GAAG,gCAAgC,GAAG,UAAU,CAAC,MAAM,GAAG,UAAU,CAAC;QAC7F,MAAM,WAAW,GAAG,eAAM,CAAC,KAAK,CAAC,SAAS,CAAC,IAAA,mBAAW,EAAC,kBAAkB,CAAC,CAAC,CAAC;QAC5E,MAAM,gBAAgB,GAAG,IAAA,gBAAQ,EAAC,WAAW,CAAC,CAAC;QAE/C,MAAM,gBAAgB,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEtD,8CAA8C;QAC9C,MAAM,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC,gBAAgB,EAAE,gBAAgB,EAAE,cAAc,CAAC,CAAC;QAExF,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,uCAAuC,SAAS,EAAE,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,iBAAiB,wBAAyB,KAAe,CAAC,OAAO,EAAE,CACjF,CAAC;IACJ,CAAC;AACH,CAAC;AA0BD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;KAoCK;AACL,SAAgB,MAAM,CAAC,EACrB,GAAG,EACH,aAAa,GAId;IACC,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAEzC,IAAA,+BAAkB,EAAC,UAAU,CAAC,CAAC;IAE/B,IAAI,aAAa,EAAE,CAAC;QAClB,IAAI,CAAC,IAAA,6BAAgB,EAAC,UAAU,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,wDAAwD,CACjF,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;QACnC,IAAI,aAAa,IAAI,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,wFAAwF;YACrH,MAAM,IAAI,KAAK,CACb,GAAG,mBAAS,CAAC,WAAW,yDAAyD,aAAa,SAAS,GAAG,CAAC,EAAE,GAAG,CACjH,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/src/jwt/index.d.ts

@@ -0,0 +1,21 @@
+/** The `jwt` module provides helper methods that allow you to decode and validate Vincent-specific JWTs.
+ *
+ * Vincent JWTs are composed using the `did-jwt` library, but have a custom `alg` of `ES256K`, and are signed using
+ * PKP ethereum keys.
+ *
+ * Vincent JWTs are issued by the Vincent Dashboard when a user provides delegation permission for your app to their agent PKP.
+ * They are passed to your web app using a redirectUri which you configure on your app.
+ *
+ * The methods exported by the `jwt` module are low-level - you probably will just want to use {@link webAuthClient.getWebAuthClient | getWebAuthClient} to get
+ * a {@link webAuthClient.WebAuthClient | WebAuthClient} which handles the redirect process, parsing the JWT from the URL, and verifying it for you.
+ *
+ * @packageDocumentation
+ *
+ */
+export { create } from './core/create';
+export { isExpired } from './core/isExpired';
+export { decode, verify } from './core/validate';
+export { isGeneralJWT, isAppSpecificJWT, assertIsVincentJWT } from './typeGuards';
+export type { JWTConfig, VincentJWT, VincentJWTAppSpecific } from './types';
+export { getAppInfo, getPKPInfo } from './accessors';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/jwt/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAElF,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC"}

package/dist/src/jwt/index.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPKPInfo = exports.getAppInfo = exports.assertIsVincentJWT = exports.isAppSpecificJWT = exports.isGeneralJWT = exports.verify = exports.decode = exports.isExpired = exports.create = void 0;
+/** The `jwt` module provides helper methods that allow you to decode and validate Vincent-specific JWTs.
+ *
+ * Vincent JWTs are composed using the `did-jwt` library, but have a custom `alg` of `ES256K`, and are signed using
+ * PKP ethereum keys.
+ *
+ * Vincent JWTs are issued by the Vincent Dashboard when a user provides delegation permission for your app to their agent PKP.
+ * They are passed to your web app using a redirectUri which you configure on your app.
+ *
+ * The methods exported by the `jwt` module are low-level - you probably will just want to use {@link webAuthClient.getWebAuthClient | getWebAuthClient} to get
+ * a {@link webAuthClient.WebAuthClient | WebAuthClient} which handles the redirect process, parsing the JWT from the URL, and verifying it for you.
+ *
+ * @packageDocumentation
+ *
+ */
+var create_1 = require("./core/create");
+Object.defineProperty(exports, "create", { enumerable: true, get: function () { return create_1.create; } });
+var isExpired_1 = require("./core/isExpired");
+Object.defineProperty(exports, "isExpired", { enumerable: true, get: function () { return isExpired_1.isExpired; } });
+var validate_1 = require("./core/validate");
+Object.defineProperty(exports, "decode", { enumerable: true, get: function () { return validate_1.decode; } });
+Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return validate_1.verify; } });
+var typeGuards_1 = require("./typeGuards");
+Object.defineProperty(exports, "isGeneralJWT", { enumerable: true, get: function () { return typeGuards_1.isGeneralJWT; } });
+Object.defineProperty(exports, "isAppSpecificJWT", { enumerable: true, get: function () { return typeGuards_1.isAppSpecificJWT; } });
+Object.defineProperty(exports, "assertIsVincentJWT", { enumerable: true, get: function () { return typeGuards_1.assertIsVincentJWT; } });
+var accessors_1 = require("./accessors");
+Object.defineProperty(exports, "getAppInfo", { enumerable: true, get: function () { return accessors_1.getAppInfo; } });
+Object.defineProperty(exports, "getPKPInfo", { enumerable: true, get: function () { return accessors_1.getPKPInfo; } });
+//# sourceMappingURL=index.js.map

package/dist/src/jwt/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/jwt/index.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;GAaG;AACH,wCAAuC;AAA9B,gGAAA,MAAM,OAAA;AACf,8CAA6C;AAApC,sGAAA,SAAS,OAAA;AAClB,4CAAiD;AAAxC,kGAAA,MAAM,OAAA;AAAE,kGAAA,MAAM,OAAA;AACvB,2CAAkF;AAAzE,0GAAA,YAAY,OAAA;AAAE,8GAAA,gBAAgB,OAAA;AAAE,gHAAA,kBAAkB,OAAA;AAG3D,yCAAqD;AAA5C,uGAAA,UAAU,OAAA;AAAE,uGAAA,UAAU,OAAA"}

package/dist/src/jwt/typeGuards.d.ts

@@ -0,0 +1,14 @@
+import type { JWTDecoded, VincentJWT, VincentJWTAppSpecific } from './types';
+/** Use this typeguard function to identify if the JWT is appId specific and make subsequent type-safe
+ * references into the payload of the JWT
+ */
+export declare function isAppSpecificJWT(decodedJWT: VincentJWT): decodedJWT is VincentJWTAppSpecific;
+/** Use this typeguard function to identify if the JWT is a general authentication JWT that has no specific app target */
+export declare function isGeneralJWT(decodedJWT: VincentJWT): decodedJWT is VincentJWT;
+/** This assert function is used internally to throw if decoding a JWT that is expected to be a VincentJWT gives a malformed response.
+ * You probably don't need it -- use `decode()` and `verify()`
+ *
+ * @hidden
+ */
+export declare function assertIsVincentJWT(decodedJWT: JWTDecoded): asserts decodedJWT is VincentJWT | VincentJWTAppSpecific;
+//# sourceMappingURL=typeGuards.d.ts.map

package/dist/src/jwt/typeGuards.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typeGuards.d.ts","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,UAAU,EAAE,qBAAqB,EAAE,MAAM,SAAS,CAAC;AAI7E;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,qBAAqB,CAE5F;AAED,yHAAyH;AACzH,wBAAgB,YAAY,CAAC,UAAU,EAAE,UAAU,GAAG,UAAU,IAAI,UAAU,CAE7E;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,UAAU,IAAI,UAAU,GAAG,qBAAqB,CAU1D"}

package/dist/src/jwt/typeGuards.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isAppSpecificJWT = isAppSpecificJWT;
+exports.isGeneralJWT = isGeneralJWT;
+exports.assertIsVincentJWT = assertIsVincentJWT;
+const did_jwt_1 = require("did-jwt");
+const index_1 = require("./core/utils/index");
+/** Use this typeguard function to identify if the JWT is appId specific and make subsequent type-safe
+ * references into the payload of the JWT
+ */
+function isAppSpecificJWT(decodedJWT) {
+    return decodedJWT.payload.app && decodedJWT.payload.app.id;
+}
+/** Use this typeguard function to identify if the JWT is a general authentication JWT that has no specific app target */
+function isGeneralJWT(decodedJWT) {
+    return !isAppSpecificJWT(decodedJWT);
+}
+/** This assert function is used internally to throw if decoding a JWT that is expected to be a VincentJWT gives a malformed response.
+ * You probably don't need it -- use `decode()` and `verify()`
+ *
+ * @hidden
+ */
+function assertIsVincentJWT(decodedJWT) {
+    const { authentication, pkp } = decodedJWT.payload;
+    if (!(0, index_1.isDefinedObject)(authentication)) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "authentication" field in JWT payload.`);
+    }
+    if (!(0, index_1.isDefinedObject)(pkp)) {
+        throw new Error(`${did_jwt_1.JWT_ERROR.INVALID_JWT}: Missing "pkp" field in JWT payload.`);
+    }
+}
+//# sourceMappingURL=typeGuards.js.map

package/dist/src/jwt/typeGuards.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"typeGuards.js","sourceRoot":"","sources":["../../../src/jwt/typeGuards.ts"],"names":[],"mappings":";;AASA,4CAEC;AAGD,oCAEC;AAOD,gDAYC;AAnCD,qCAAoC;AAIpC,8CAAqD;AAErD;;GAEG;AACH,SAAgB,gBAAgB,CAAC,UAAsB;IACrD,OAAO,UAAU,CAAC,OAAO,CAAC,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;AAC7D,CAAC;AAED,yHAAyH;AACzH,SAAgB,YAAY,CAAC,UAAsB;IACjD,OAAO,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC;AACvC,CAAC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAChC,UAAsB;IAEtB,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC;IAEnD,IAAI,CAAC,IAAA,uBAAe,EAAC,cAAc,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,kDAAkD,CAAC,CAAC;IAC9F,CAAC;IAED,IAAI,CAAC,IAAA,uBAAe,EAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,mBAAS,CAAC,WAAW,uCAAuC,CAAC,CAAC;IACnF,CAAC;AACH,CAAC"}

package/dist/src/jwt/types.d.ts

@@ -0,0 +1,82 @@
+import type { JWTHeader, JWTPayload } from 'did-jwt';
+import type { PKPEthersWallet } from '@lit-protocol/pkp-ethers';
+import type { IRelayPKP } from '@lit-protocol/types';
+export interface JWTDecoded {
+    header: JWTHeader;
+    payload: JWTPayload;
+    signature: string;
+    data: string;
+}
+/**
+ * Configuration interface for creating a JWT (JSON Web Token) signed by a PKP wallet.
+ * Vincent App developers will likely never need this function, as the provider of the JWT is the Vincent delegation auth page frontend
+ *
+ * @interface JWTConfig
+ * @hidden
+ * @property pkpWallet - The PKP Ethers wallet instance used for signing the JWT
+ * @property pkp - The PKP object
+ * @property payload - Custom claims to include in the JWT payload
+ * @property expiresInMinutes - Token expiration time in minutes from current time
+ * @property [app] - The app / appversion that the JWT is limited to (if it is at all)
+ * @property audience - The domain(s) this token is intended for (aud claim)
+ * @property authentication - The authentication method used to generate the JWT.
+ *
+ */
+export interface JWTConfig {
+    pkpWallet: PKPEthersWallet;
+    pkp: IRelayPKP;
+    payload: Record<string, unknown>;
+    expiresInMinutes: number;
+    audience: string | string[];
+    app?: {
+        id: number;
+        version: number;
+    };
+    authentication: {
+        type: string;
+        value?: string;
+    };
+}
+/**
+ * Extended payload interface for Vincent-specific JWTs.
+ *
+ * @interface BaseVincentJWTPayload
+ * @extends {JWTPayload} Extends the JWTPayload type from `did-jwt` with Vincent-specific properties
+ *
+ * @property pkp - The PKP details associated with the JWT.
+ * @property authentication - The authentication method that was used to authenticate with the PKP that generated the JWT.
+ *
+ * @category Interfaces
+ */
+export interface BaseVincentJWTPayload extends JWTPayload {
+    pkp: IRelayPKP;
+    authentication: {
+        type: string;
+        value?: string;
+    };
+}
+/**
+ * Interface representing a decoded Vincent JWT
+ *
+ * @interface VincentJWT
+ * @property { BaseVincentJWTPayload } payload - The payload of the JWT
+ *
+ * @category Interfaces
+ */
+export interface VincentJWT extends JWTDecoded {
+    payload: BaseVincentJWTPayload;
+}
+/** App-specific Vincent JWT payloads are used to authenticate with a specific app @ a specific version */
+interface VincentJWTAppSpecificPayload extends BaseVincentJWTPayload {
+    app: {
+        id: number;
+        version: number;
+    };
+}
+/** VincentJWTAppSpecific type JWTs are used to signal authorization from a user to use a specific app / appVersion
+ */
+export interface VincentJWTAppSpecific extends VincentJWT {
+    payload: VincentJWTAppSpecificPayload;
+}
+export {};
+//# sourceMappingURL=types.d.ts.map

package/dist/src/jwt/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/jwt/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAGrD,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,SAAS,CAAC;IAClB,OAAO,EAAE,UAAU,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,SAAS;IACxB,SAAS,EAAE,eAAe,CAAC;IAC3B,GAAG,EAAE,SAAS,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IAC5B,GAAG,CAAC,EAAE;QACJ,EAAE,EAAE,MAAM,CAAC;QACX,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;IACF,cAAc,EAAE;QACd,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,qBAAsB,SAAQ,UAAU;IACvD,GAAG,EAAE,SAAS,CAAC;IACf,cAAc,EAAE;QACd,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,CAAC;CACH;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,UAAW,SAAQ,UAAU;IAC5C,OAAO,EAAE,qBAAqB,CAAC;CAChC;AAED,0GAA0G;AAC1G,UAAU,4BAA6B,SAAQ,qBAAqB;IAClE,GAAG,EAAE;QACH,EAAE,EAAE,MAAM,CAAC;QACX,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED;GACG;AACH,MAAM,WAAW,qBAAsB,SAAQ,UAAU;IACvD,OAAO,EAAE,4BAA4B,CAAC;CACvC"}

package/dist/src/jwt/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/src/jwt/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/jwt/types.ts"],"names":[],"mappings":""}

package/dist/src/toolClient/constants.d.ts

@@ -0,0 +1,2 @@
+export declare const VINCENT_TOOL_API_VERSION = "2.0.0";
+//# sourceMappingURL=constants.d.ts.map

package/dist/src/toolClient/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/toolClient/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,wBAAwB,UAAU,CAAC"}

package/dist/src/toolClient/constants.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VINCENT_TOOL_API_VERSION = void 0;
+exports.VINCENT_TOOL_API_VERSION = '2.0.0';
+//# sourceMappingURL=constants.js.map

package/dist/src/toolClient/constants.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/toolClient/constants.ts"],"names":[],"mappings":";;;AAAa,QAAA,wBAAwB,GAAG,OAAO,CAAC"}

package/dist/src/toolClient/execute/generateVincentToolSessionSigs.d.ts

@@ -0,0 +1,8 @@
+import type { ethers } from 'ethers';
+import type { LitNodeClient } from '@lit-protocol/lit-node-client';
+/** @hidden */
+export declare const generateVincentToolSessionSigs: ({ litNodeClient, ethersSigner, }: {
+    litNodeClient: LitNodeClient;
+    ethersSigner: ethers.Signer;
+}) => Promise<import("@lit-protocol/types").SessionSigsMap>;
+//# sourceMappingURL=generateVincentToolSessionSigs.d.ts.map

package/dist/src/toolClient/execute/generateVincentToolSessionSigs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generateVincentToolSessionSigs.d.ts","sourceRoot":"","sources":["../../../../src/toolClient/execute/generateVincentToolSessionSigs.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAErC,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AAUnE,cAAc;AACd,eAAO,MAAM,8BAA8B,GAAU,kCAGlD;IACD,aAAa,EAAE,aAAa,CAAC;IAC7B,YAAY,EAAE,MAAM,CAAC,MAAM,CAAC;CAC7B,0DAyBA,CAAC"}

package/dist/src/toolClient/execute/generateVincentToolSessionSigs.js

@@ -0,0 +1,33 @@
+"use strict";
+// src/toolClient/execute/generateVincentToolSessionSigs.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateVincentToolSessionSigs = void 0;
+const auth_helpers_1 = require("@lit-protocol/auth-helpers");
+const constants_1 = require("@lit-protocol/constants");
+/** @hidden */
+const generateVincentToolSessionSigs = async ({ litNodeClient, ethersSigner, }) => {
+    return litNodeClient.getSessionSigs({
+        chain: 'ethereum',
+        resourceAbilityRequests: [
+            { resource: new auth_helpers_1.LitPKPResource('*'), ability: constants_1.LIT_ABILITY.PKPSigning },
+            { resource: new auth_helpers_1.LitActionResource('*'), ability: constants_1.LIT_ABILITY.LitActionExecution },
+        ],
+        authNeededCallback: async ({ resourceAbilityRequests, uri }) => {
+            const [walletAddress, nonce] = await Promise.all([
+                ethersSigner.getAddress(),
+                litNodeClient.getLatestBlockhash(),
+            ]);
+            const toSign = await (0, auth_helpers_1.createSiweMessageWithRecaps)({
+                uri: uri || 'http://localhost:3000',
+                expiration: new Date(Date.now() + 1000 * 60 * 10).toISOString(),
+                resources: resourceAbilityRequests || [],
+                walletAddress,
+                nonce,
+                litNodeClient,
+            });
+            return await (0, auth_helpers_1.generateAuthSig)({ signer: ethersSigner, toSign });
+        },
+    });
+};
+exports.generateVincentToolSessionSigs = generateVincentToolSessionSigs;
+//# sourceMappingURL=generateVincentToolSessionSigs.js.map

package/dist/src/toolClient/execute/generateVincentToolSessionSigs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generateVincentToolSessionSigs.js","sourceRoot":"","sources":["../../../../src/toolClient/execute/generateVincentToolSessionSigs.ts"],"names":[],"mappings":";AAAA,2DAA2D;;;AAM3D,6DAKoC;AACpC,uDAAsD;AAEtD,cAAc;AACP,MAAM,8BAA8B,GAAG,KAAK,EAAE,EACnD,aAAa,EACb,YAAY,GAIb,EAAE,EAAE;IACH,OAAO,aAAa,CAAC,cAAc,CAAC;QAClC,KAAK,EAAE,UAAU;QACjB,uBAAuB,EAAE;YACvB,EAAE,QAAQ,EAAE,IAAI,6BAAc,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,uBAAW,CAAC,UAAU,EAAE;YACtE,EAAE,QAAQ,EAAE,IAAI,gCAAiB,CAAC,GAAG,CAAC,EAAE,OAAO,EAAE,uBAAW,CAAC,kBAAkB,EAAE;SAClF;QACD,kBAAkB,EAAE,KAAK,EAAE,EAAE,uBAAuB,EAAE,GAAG,EAAE,EAAE,EAAE;YAC7D,MAAM,CAAC,aAAa,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;gBAC/C,YAAY,CAAC,UAAU,EAAE;gBACzB,aAAa,CAAC,kBAAkB,EAAE;aACnC,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,IAAA,0CAA2B,EAAC;gBAC/C,GAAG,EAAE,GAAG,IAAI,uBAAuB;gBACnC,UAAU,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE;gBAC/D,SAAS,EAAE,uBAAuB,IAAI,EAAE;gBACxC,aAAa;gBACb,KAAK;gBACL,aAAa;aACd,CAAC,CAAC;YAEH,OAAO,MAAM,IAAA,8BAAe,EAAC,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAC;QACjE,CAAC;KACF,CAAC,CAAC;AACL,CAAC,CAAC;AA/BW,QAAA,8BAA8B,kCA+BzC"}

package/dist/src/toolClient/execute/resultCreators.d.ts

@@ -0,0 +1,71 @@
+import type { z } from 'zod';
+import type { BaseToolContext, PolicyEvaluationResultContext, SchemaValidationError } from '@lit-protocol/vincent-tool-sdk';
+import type { ToolExecuteResponseFailure, ToolExecuteResponseFailureNoResult, ToolExecuteResponseSuccess, ToolExecuteResponseSuccessNoResult } from './types';
+export declare function createAllowEvaluationResult<PoliciesByPackageName extends Record<string, any>>(evaluatedPolicies: Array<keyof PoliciesByPackageName>, allowedPolicies: {
+    [K in keyof PoliciesByPackageName]?: {
+        result: PoliciesByPackageName[K]['__schemaTypes'] extends {
+            evalAllowResultSchema: infer Schema;
+        } ? Schema extends z.ZodType ? z.infer<Schema> : never : never;
+    };
+}): {
+    allow: true;
+    evaluatedPolicies: Array<keyof PoliciesByPackageName>;
+    allowedPolicies: {
+        [K in keyof PoliciesByPackageName]?: {
+            result: PoliciesByPackageName[K]['__schemaTypes'] extends {
+                evalAllowResultSchema: infer Schema;
+            } ? Schema extends z.ZodType ? z.infer<Schema> : never : never;
+        };
+    };
+};
+export declare function createDenyEvaluationResult<PoliciesByPackageName extends Record<string, any>>(evaluatedPolicies: Array<keyof PoliciesByPackageName>, allowedPolicies: {
+    [K in keyof PoliciesByPackageName]?: {
+        result: PoliciesByPackageName[K]['__schemaTypes'] extends {
+            evalAllowResultSchema: infer Schema;
+        } ? Schema extends z.ZodType ? z.infer<Schema> : never : never;
+    };
+}, deniedPolicy: {
+    packageName: keyof PoliciesByPackageName;
+    runtimeError?: string;
+    schemaValidationError?: SchemaValidationError;
+    result: PoliciesByPackageName[keyof PoliciesByPackageName]['__schemaTypes'] extends {
+        evalDenyResultSchema: infer Schema;
+    } ? Schema extends z.ZodType ? z.infer<Schema> : undefined : undefined;
+}): {
+    allow: false;
+    evaluatedPolicies: Array<keyof PoliciesByPackageName>;
+    allowedPolicies: {
+        [K in keyof PoliciesByPackageName]?: {
+            result: PoliciesByPackageName[K]['__schemaTypes'] extends {
+                evalAllowResultSchema: infer Schema;
+            } ? Schema extends z.ZodType ? z.infer<Schema> : never : never;
+        };
+    };
+    deniedPolicy: {
+        packageName: keyof PoliciesByPackageName;
+        runtimeError?: string;
+        schemaValidationError?: SchemaValidationError;
+        result: PoliciesByPackageName[keyof PoliciesByPackageName]['__schemaTypes'] extends {
+            evalDenyResultSchema: infer Schema;
+        } ? Schema extends z.ZodType ? z.infer<Schema> : undefined : undefined;
+    };
+};
+export declare function createToolExecuteResponseSuccess<Success, Policies extends Record<any, any>>(params: {
+    result: Success;
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}): ToolExecuteResponseSuccess<Success, Policies>;
+export declare function createToolExecuteResponseSuccessNoResult<Policies extends Record<any, any>>(params?: {
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}): ToolExecuteResponseSuccessNoResult<Policies>;
+export declare function createToolExecuteResponseFailure<Fail, Policies extends Record<any, any>>(params: {
+    result: Fail;
+    runtimeError?: string;
+    schemaValidationError?: SchemaValidationError;
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}): ToolExecuteResponseFailure<Fail, Policies>;
+export declare function createToolExecuteResponseFailureNoResult<Policies extends Record<any, any>>(params: {
+    runtimeError?: string;
+    schemaValidationError?: SchemaValidationError;
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}): ToolExecuteResponseFailureNoResult<Policies>;
+//# sourceMappingURL=resultCreators.d.ts.map

package/dist/src/toolClient/execute/resultCreators.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resultCreators.d.ts","sourceRoot":"","sources":["../../../../src/toolClient/execute/resultCreators.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAE7B,OAAO,KAAK,EACV,eAAe,EACf,6BAA6B,EAC7B,qBAAqB,EACtB,MAAM,gCAAgC,CAAC;AAExC,OAAO,KAAK,EACV,0BAA0B,EAC1B,kCAAkC,EAClC,0BAA0B,EAC1B,kCAAkC,EACnC,MAAM,SAAS,CAAC;AAEjB,wBAAgB,2BAA2B,CAAC,qBAAqB,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3F,iBAAiB,EAAE,KAAK,CAAC,MAAM,qBAAqB,CAAC,EACrD,eAAe,EAAE;KACd,CAAC,IAAI,MAAM,qBAAqB,CAAC,CAAC,EAAE;QACnC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS;YACxD,qBAAqB,EAAE,MAAM,MAAM,CAAC;SACrC,GACG,MAAM,SAAS,CAAC,CAAC,OAAO,GACtB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GACf,KAAK,GACP,KAAK,CAAC;KACX;CACF,GACA;IACD,KAAK,EAAE,IAAI,CAAC;IACZ,iBAAiB,EAAE,KAAK,CAAC,MAAM,qBAAqB,CAAC,CAAC;IACtD,eAAe,EAAE;SACd,CAAC,IAAI,MAAM,qBAAqB,CAAC,CAAC,EAAE;YACnC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS;gBACxD,qBAAqB,EAAE,MAAM,MAAM,CAAC;aACrC,GACG,MAAM,SAAS,CAAC,CAAC,OAAO,GACtB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GACf,KAAK,GACP,KAAK,CAAC;SACX;KACF,CAAC;CACH,CAMA;AAED,wBAAgB,0BAA0B,CAAC,qBAAqB,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC1F,iBAAiB,EAAE,KAAK,CAAC,MAAM,qBAAqB,CAAC,EACrD,eAAe,EAAE;KACd,CAAC,IAAI,MAAM,qBAAqB,CAAC,CAAC,EAAE;QACnC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS;YACxD,qBAAqB,EAAE,MAAM,MAAM,CAAC;SACrC,GACG,MAAM,SAAS,CAAC,CAAC,OAAO,GACtB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GACf,KAAK,GACP,KAAK,CAAC;KACX;CACF,EACD,YAAY,EAAE;IACZ,WAAW,EAAE,MAAM,qBAAqB,CAAC;IACzC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,MAAM,EAAE,qBAAqB,CAAC,MAAM,qBAAqB,CAAC,CAAC,eAAe,CAAC,SAAS;QAClF,oBAAoB,EAAE,MAAM,MAAM,CAAC;KACpC,GACG,MAAM,SAAS,CAAC,CAAC,OAAO,GACtB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GACf,SAAS,GACX,SAAS,CAAC;CACf,GACA;IACD,KAAK,EAAE,KAAK,CAAC;IACb,iBAAiB,EAAE,KAAK,CAAC,MAAM,qBAAqB,CAAC,CAAC;IACtD,eAAe,EAAE;SACd,CAAC,IAAI,MAAM,qBAAqB,CAAC,CAAC,EAAE;YACnC,MAAM,EAAE,qBAAqB,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,SAAS;gBACxD,qBAAqB,EAAE,MAAM,MAAM,CAAC;aACrC,GACG,MAAM,SAAS,CAAC,CAAC,OAAO,GACtB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GACf,KAAK,GACP,KAAK,CAAC;SACX;KACF,CAAC;IACF,YAAY,EAAE;QACZ,WAAW,EAAE,MAAM,qBAAqB,CAAC;QACzC,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;QAC9C,MAAM,EAAE,qBAAqB,CAAC,MAAM,qBAAqB,CAAC,CAAC,eAAe,CAAC,SAAS;YAClF,oBAAoB,EAAE,MAAM,MAAM,CAAC;SACpC,GACG,MAAM,SAAS,CAAC,CAAC,OAAO,GACtB,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,GACf,SAAS,GACX,SAAS,CAAC;KACf,CAAC;CACH,CAOA;AAED,wBAAgB,gCAAgC,CAC9C,OAAO,EACP,QAAQ,SAAS,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,EACjC,MAAM,EAAE;IACR,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE,GAAG,0BAA0B,CAAC,OAAO,EAAE,QAAQ,CAAC,CAMhD;AAED,wBAAgB,wCAAwC,CACtD,QAAQ,SAAS,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,EACjC,MAAM,CAAC,EAAE;IACT,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE,GAAG,kCAAkC,CAAC,QAAQ,CAAC,CAM/C;AAED,wBAAgB,gCAAgC,CAAC,IAAI,EAAE,QAAQ,SAAS,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,MAAM,EAAE;IAChG,MAAM,EAAE,IAAI,CAAC;IACb,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE,GAAG,0BAA0B,CAAC,IAAI,EAAE,QAAQ,CAAC,CAQ7C;AAED,wBAAgB,wCAAwC,CACtD,QAAQ,SAAS,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,EACjC,MAAM,EAAE;IACR,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE,GAAG,kCAAkC,CAAC,QAAQ,CAAC,CAQ/C"}

package/dist/src/toolClient/execute/resultCreators.js

@@ -0,0 +1,57 @@
+"use strict";
+// src/toolClient/execute/resultCreators.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAllowEvaluationResult = createAllowEvaluationResult;
+exports.createDenyEvaluationResult = createDenyEvaluationResult;
+exports.createToolExecuteResponseSuccess = createToolExecuteResponseSuccess;
+exports.createToolExecuteResponseSuccessNoResult = createToolExecuteResponseSuccessNoResult;
+exports.createToolExecuteResponseFailure = createToolExecuteResponseFailure;
+exports.createToolExecuteResponseFailureNoResult = createToolExecuteResponseFailureNoResult;
+function createAllowEvaluationResult(evaluatedPolicies, allowedPolicies) {
+    return {
+        allow: true,
+        evaluatedPolicies,
+        allowedPolicies,
+    };
+}
+function createDenyEvaluationResult(evaluatedPolicies, allowedPolicies, deniedPolicy) {
+    return {
+        allow: false,
+        evaluatedPolicies,
+        allowedPolicies,
+        deniedPolicy,
+    };
+}
+function createToolExecuteResponseSuccess(params) {
+    return {
+        success: true,
+        result: params.result,
+        context: params.context,
+    };
+}
+function createToolExecuteResponseSuccessNoResult(params) {
+    return {
+        success: true,
+        result: undefined,
+        context: params === null || params === void 0 ? void 0 : params.context,
+    };
+}
+function createToolExecuteResponseFailure(params) {
+    return {
+        success: false,
+        runtimeError: params.runtimeError,
+        schemaValidationError: params.schemaValidationError,
+        result: params.result,
+        context: params.context,
+    };
+}
+function createToolExecuteResponseFailureNoResult(params) {
+    return {
+        success: false,
+        runtimeError: params.runtimeError,
+        schemaValidationError: params.schemaValidationError,
+        result: undefined,
+        context: params.context,
+    };
+}
+//# sourceMappingURL=resultCreators.js.map

package/dist/src/toolClient/execute/resultCreators.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resultCreators.js","sourceRoot":"","sources":["../../../../src/toolClient/execute/resultCreators.ts"],"names":[],"mappings":";AAAA,2CAA2C;;AAiB3C,kEAiCC;AAED,gEA0DC;AAED,4EAYC;AAED,4FAUC;AAED,4EAaC;AAED,4FAcC;AAtJD,SAAgB,2BAA2B,CACzC,iBAAqD,EACrD,eAUC;IAgBD,OAAO;QACL,KAAK,EAAE,IAAI;QACX,iBAAiB;QACjB,eAAe;KAChB,CAAC;AACJ,CAAC;AAED,SAAgB,0BAA0B,CACxC,iBAAqD,EACrD,eAUC,EACD,YAWC;IA4BD,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,iBAAiB;QACjB,eAAe;QACf,YAAY;KACb,CAAC;AACJ,CAAC;AAED,SAAgB,gCAAgC,CAG9C,MAGD;IACC,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;AACJ,CAAC;AAED,SAAgB,wCAAwC,CAEtD,MAED;IACC,OAAO;QACL,OAAO,EAAE,IAAI;QACb,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO;KACzB,CAAC;AACJ,CAAC;AAED,SAAgB,gCAAgC,CAA0C,MAKzF;IACC,OAAO;QACL,OAAO,EAAE,KAAK;QACd,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;QACnD,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;AACJ,CAAC;AAED,SAAgB,wCAAwC,CAEtD,MAID;IACC,OAAO;QACL,OAAO,EAAE,KAAK;QACd,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,qBAAqB,EAAE,MAAM,CAAC,qBAAqB;QACnD,MAAM,EAAE,SAAS;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC;AACJ,CAAC"}

package/dist/src/toolClient/execute/types.d.ts

@@ -0,0 +1,38 @@
+import type { z } from 'zod';
+import type { BaseToolContext, PolicyEvaluationResultContext, SchemaValidationError } from '@lit-protocol/vincent-tool-sdk';
+/** @category Interfaces */
+export interface ToolExecuteResponseSuccess<Result, Policies extends Record<string, any>> {
+    success: true;
+    result: Result;
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}
+/** @category Interfaces */
+export interface ToolExecuteResponseSuccessNoResult<Policies extends Record<string, any>> {
+    success: true;
+    result?: never;
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}
+/** @category Interfaces */
+export interface ToolExecuteResponseFailure<Result, Policies extends Record<string, any>> {
+    success: false;
+    runtimeError?: string;
+    schemaValidationError?: SchemaValidationError;
+    result: Result;
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}
+/** @category Interfaces */
+export interface ToolExecuteResponseFailureNoResult<Policies extends Record<string, any>> {
+    success: false;
+    runtimeError?: string;
+    schemaValidationError?: SchemaValidationError;
+    result?: never;
+    context?: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}
+/** @category Interfaces */
+export type ToolExecuteResponse<SuccessSchema extends z.ZodType | undefined, FailSchema extends z.ZodType | undefined, Policies extends Record<string, any>> = (SuccessSchema extends z.ZodType ? ToolExecuteResponseSuccess<z.infer<SuccessSchema>, Policies> : ToolExecuteResponseSuccessNoResult<Policies>) | (FailSchema extends z.ZodType ? ToolExecuteResponseFailure<z.infer<FailSchema>, Policies> : ToolExecuteResponseFailureNoResult<Policies>);
+/** @hidden */
+export interface RemoteVincentToolExecutionResult<SuccessSchema extends z.ZodType | undefined, FailSchema extends z.ZodType | undefined, Policies extends Record<string, any>> {
+    toolExecutionResult: ToolExecuteResponse<SuccessSchema, FailSchema, Policies>;
+    toolContext: BaseToolContext<PolicyEvaluationResultContext<Policies>>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/toolClient/execute/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/toolClient/execute/types.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAE7B,OAAO,KAAK,EACV,eAAe,EACf,6BAA6B,EAC7B,qBAAqB,EACtB,MAAM,gCAAgC,CAAC;AAExC,2BAA2B;AAC3B,MAAM,WAAW,0BAA0B,CAAC,MAAM,EAAE,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACtF,OAAO,EAAE,IAAI,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE;AAED,2BAA2B;AAC3B,MAAM,WAAW,kCAAkC,CAAC,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACtF,OAAO,EAAE,IAAI,CAAC;IACd,MAAM,CAAC,EAAE,KAAK,CAAC;IACf,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE;AAED,2BAA2B;AAC3B,MAAM,WAAW,0BAA0B,CAAC,MAAM,EAAE,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACtF,OAAO,EAAE,KAAK,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE;AAED,2BAA2B;AAC3B,MAAM,WAAW,kCAAkC,CAAC,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IACtF,OAAO,EAAE,KAAK,CAAC;IACf,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,qBAAqB,CAAC;IAC9C,MAAM,CAAC,EAAE,KAAK,CAAC;IACf,OAAO,CAAC,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACpE;AAED,2BAA2B;AAC3B,MAAM,MAAM,mBAAmB,CAC7B,aAAa,SAAS,CAAC,CAAC,OAAO,GAAG,SAAS,EAC3C,UAAU,SAAS,CAAC,CAAC,OAAO,GAAG,SAAS,EACxC,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAElC,CAAC,aAAa,SAAS,CAAC,CAAC,OAAO,GAC5B,0BAA0B,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,QAAQ,CAAC,GAC5D,kCAAkC,CAAC,QAAQ,CAAC,CAAC,GACjD,CAAC,UAAU,SAAS,CAAC,CAAC,OAAO,GACzB,0BAA0B,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,GACzD,kCAAkC,CAAC,QAAQ,CAAC,CAAC,CAAC;AAEtD,cAAc;AACd,MAAM,WAAW,gCAAgC,CAC/C,aAAa,SAAS,CAAC,CAAC,OAAO,GAAG,SAAS,EAC3C,UAAU,SAAS,CAAC,CAAC,OAAO,GAAG,SAAS,EACxC,QAAQ,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC;IAEpC,mBAAmB,EAAE,mBAAmB,CAAC,aAAa,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC9E,WAAW,EAAE,eAAe,CAAC,6BAA6B,CAAC,QAAQ,CAAC,CAAC,CAAC;CACvE"}

package/dist/src/toolClient/execute/types.js

@@ -0,0 +1,4 @@
+"use strict";
+// src/toolClient/execute/types.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/src/toolClient/execute/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/toolClient/execute/types.ts"],"names":[],"mappings":";AAAA,kCAAkC"}