@naughtbot/e2ee-payloads 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/dist/index.d.ts +17 -0
  2. package/dist/index.d.ts.map +1 -1
  3. package/dist/schema.d.ts +370 -10
  4. package/dist/schema.d.ts.map +1 -1
  5. package/package.json +1 -1
  6. package/src/index.test.ts +203 -5
  7. package/src/index.ts +17 -0
  8. package/src/schema.ts +370 -10
package/dist/index.d.ts CHANGED
@@ -2,6 +2,10 @@ export type { components, paths, webhooks } from "./schema.js";
2
2
  import type { components } from "./schema.js";
3
3
  export type MailboxEnvelopeV1 = components["schemas"]["MailboxEnvelopeV1"];
4
4
  export type MailboxEnvelopeType = components["schemas"]["MailboxEnvelopeType"];
5
+ export type ApprovalChallenge = components["schemas"]["ApprovalChallenge"];
6
+ export type ApprovalProofStatement = components["schemas"]["ApprovalProofStatement"];
7
+ export type ApprovalAttestationV1 = components["schemas"]["ApprovalAttestationV1"];
8
+ export type ApprovalAttestedKeyProof = components["schemas"]["ApprovalAttestedKeyProof"];
5
9
  export type MailboxSshAuthRequestPayloadV1 = components["schemas"]["MailboxSshAuthRequestPayloadV1"];
6
10
  export type MailboxSshAuthResponsePayloadV1 = components["schemas"]["MailboxSshAuthResponsePayloadV1"];
7
11
  export type MailboxSshAuthResponseSuccessV1 = components["schemas"]["MailboxSshAuthResponseSuccessV1"];
@@ -40,4 +44,17 @@ export type MailboxBrowserApprovalBindingFormat = components["schemas"]["Mailbox
40
44
  export type MailboxBrowserApprovalRequestPayloadV1 = components["schemas"]["MailboxBrowserApprovalRequestPayloadV1"];
41
45
  export type MailboxBrowserApprovalDecisionBindingV1 = components["schemas"]["MailboxBrowserApprovalDecisionBindingV1"];
42
46
  export type MailboxBrowserApprovalResponsePayloadV1 = components["schemas"]["MailboxBrowserApprovalResponsePayloadV1"];
47
+ export type MailboxFirstPartyRequestKind = components["schemas"]["MailboxFirstPartyRequestKind"];
48
+ export type MailboxFirstPartyPrivilegedActionType = components["schemas"]["MailboxFirstPartyPrivilegedActionType"];
49
+ export type MailboxFirstPartyApprovalDecision = components["schemas"]["MailboxFirstPartyApprovalDecision"];
50
+ export type MailboxFirstPartyResponseStatus = components["schemas"]["MailboxFirstPartyResponseStatus"];
51
+ export type MailboxFirstPartyApprovalBindingFormat = components["schemas"]["MailboxFirstPartyApprovalBindingFormat"];
52
+ export type MailboxFirstPartyRelyingPartyRegisterActionV1 = components["schemas"]["MailboxFirstPartyRelyingPartyRegisterActionV1"];
53
+ export type MailboxFirstPartyRelyingPartyRotateSecretActionV1 = components["schemas"]["MailboxFirstPartyRelyingPartyRotateSecretActionV1"];
54
+ export type MailboxFirstPartyDeviceRevokeOtherActionV1 = components["schemas"]["MailboxFirstPartyDeviceRevokeOtherActionV1"];
55
+ export type MailboxFirstPartyPrivilegedAction = components["schemas"]["MailboxFirstPartyPrivilegedAction"];
56
+ export type MailboxFirstPartyPrivilegedActionRequestV1 = components["schemas"]["MailboxFirstPartyPrivilegedActionRequestV1"];
57
+ export type MailboxFirstPartyRequestPayloadV1 = components["schemas"]["MailboxFirstPartyRequestPayloadV1"];
58
+ export type MailboxFirstPartyPrivilegedActionDecisionBindingV1 = components["schemas"]["MailboxFirstPartyPrivilegedActionDecisionBindingV1"];
59
+ export type MailboxFirstPartyResponsePayloadV1 = components["schemas"]["MailboxFirstPartyResponsePayloadV1"];
43
60
  //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,YAAY,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAE/D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;AAC3E,MAAM,MAAM,mBAAmB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC;AAC/E,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,gCAAgC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,kCAAkC,CAAC,CAAC;AACzG,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,mCAAmC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,qCAAqC,CAAC,CAAC;AAC/G,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,6BAA6B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,+BAA+B,CAAC,CAAC;AACnG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,mCAAmC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,qCAAqC,CAAC,CAAC;AAC/G,MAAM,MAAM,sCAAsC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,wCAAwC,CAAC,CAAC;AACrH,MAAM,MAAM,uCAAuC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,yCAAyC,CAAC,CAAC;AACvH,MAAM,MAAM,uCAAuC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,yCAAyC,CAAC,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,YAAY,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAE/D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;AAC3E,MAAM,MAAM,mBAAmB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC;AAC/E,MAAM,MAAM,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;AAC3E,MAAM,MAAM,sBAAsB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;AACrF,MAAM,MAAM,qBAAqB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;AACnF,MAAM,MAAM,wBAAwB,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;AACzF,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,gCAAgC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,kCAAkC,CAAC,CAAC;AACzG,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;AAC7G,MAAM,MAAM,mCAAmC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,qCAAqC,CAAC,CAAC;AAC/G,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,6BAA6B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,+BAA+B,CAAC,CAAC;AACnG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,8BAA8B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;AACrG,MAAM,MAAM,oCAAoC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;AACjH,MAAM,MAAM,mCAAmC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,qCAAqC,CAAC,CAAC;AAC/G,MAAM,MAAM,sCAAsC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,wCAAwC,CAAC,CAAC;AACrH,MAAM,MAAM,uCAAuC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,yCAAyC,CAAC,CAAC;AACvH,MAAM,MAAM,uCAAuC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,yCAAyC,CAAC,CAAC;AACvH,MAAM,MAAM,4BAA4B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,8BAA8B,CAAC,CAAC;AACjG,MAAM,MAAM,qCAAqC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,uCAAuC,CAAC,CAAC;AACnH,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,+BAA+B,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;AACvG,MAAM,MAAM,sCAAsC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,wCAAwC,CAAC,CAAC;AACrH,MAAM,MAAM,6CAA6C,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,+CAA+C,CAAC,CAAC;AACnI,MAAM,MAAM,iDAAiD,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mDAAmD,CAAC,CAAC;AAC3I,MAAM,MAAM,0CAA0C,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,4CAA4C,CAAC,CAAC;AAC7H,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,0CAA0C,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,4CAA4C,CAAC,CAAC;AAC7H,MAAM,MAAM,iCAAiC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;AAC3G,MAAM,MAAM,kDAAkD,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oDAAoD,CAAC,CAAC;AAC7I,MAAM,MAAM,kCAAkC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC"}
package/dist/schema.d.ts CHANGED
@@ -42,7 +42,7 @@ export interface components {
42
42
  * @example ssh_sign
43
43
  * @enum {string}
44
44
  */
45
- MailboxEnvelopeType: "link_request" | "link_approval" | "link_rejection" | "captcha_request" | "captcha_response" | "ssh_auth" | "ssh_sign" | "gpg_sign" | "gpg_decrypt" | "age_unwrap" | "pkcs11_sign" | "pkcs11_derive" | "enroll" | "browser_approval_request" | "browser_approval_response";
45
+ MailboxEnvelopeType: "link_request" | "link_approval" | "link_rejection" | "captcha_request" | "captcha_response" | "ssh_auth" | "ssh_sign" | "gpg_sign" | "gpg_decrypt" | "age_unwrap" | "pkcs11_sign" | "pkcs11_derive" | "enroll" | "browser_approval_request" | "browser_approval_response" | "first_party_request" | "first_party_response";
46
46
  /**
47
47
  * ApprovalChallenge
48
48
  * @description Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
@@ -856,6 +856,7 @@ export interface components {
856
856
  * @example appr_2af7b1fb2b5b4b5b8c7e9a0d
857
857
  */
858
858
  approval_id: string;
859
+ approval_challenge: components["schemas"]["ApprovalChallenge"];
859
860
  /**
860
861
  * @description Human-readable browser/device label shown to the mobile user.
861
862
  * @example Chrome on MacBook Pro
@@ -1000,7 +1001,7 @@ export interface components {
1000
1001
  };
1001
1002
  /**
1002
1003
  * MailboxBrowserApprovalResponsePayloadV1
1003
- * @description Response payload for the `browser_approval_response` envelope type. The response carries the mobile decision plus the exact canonical bytes and signature over `MailboxBrowserApprovalDecisionBindingV1`.
1004
+ * @description Response payload for the `browser_approval_response` envelope type. The response carries the mobile decision plus the exact canonical bytes and attested-key-zk proof over `MailboxBrowserApprovalDecisionBindingV1`.
1004
1005
  */
1005
1006
  MailboxBrowserApprovalResponsePayloadV1: {
1006
1007
  /**
@@ -1014,29 +1015,388 @@ export interface components {
1014
1015
  * @example appr_2af7b1fb2b5b4b5b8c7e9a0d
1015
1016
  */
1016
1017
  approval_id: string;
1018
+ approval_proof: components["schemas"]["ApprovalAttestedKeyProof"];
1019
+ /**
1020
+ * @description RFC 3339 UTC timestamp of the mobile decision.
1021
+ * @example 2026-05-14T19:31:00Z
1022
+ */
1023
+ decided_at: string;
1024
+ decision: components["schemas"]["MailboxBrowserApprovalDecision"];
1025
+ /**
1026
+ * Format: uuid
1027
+ * @description Envelope id of the browser approval request being answered.
1028
+ * @example 11111111-2222-4333-8444-555555555555
1029
+ */
1030
+ request_envelope_id: string;
1031
+ status: components["schemas"]["MailboxBrowserApprovalResponseStatus"];
1032
+ };
1033
+ /**
1034
+ * MailboxFirstPartyRequestKind
1035
+ * @description First-party request category delivered to a user's devices.
1036
+ * @example privileged_action_approval
1037
+ * @enum {string}
1038
+ */
1039
+ MailboxFirstPartyRequestKind: "privileged_action_approval";
1040
+ /**
1041
+ * MailboxFirstPartyPrivilegedActionType
1042
+ * @description Privileged server-side action that requires mobile approval.
1043
+ * @example relying_party.register
1044
+ * @enum {string}
1045
+ */
1046
+ MailboxFirstPartyPrivilegedActionType: "relying_party.register" | "relying_party.rotate_secret" | "device.revoke_other";
1047
+ /**
1048
+ * MailboxFirstPartyApprovalDecision
1049
+ * @description Mobile user's signed decision for a first-party request.
1050
+ * @example approved
1051
+ * @enum {string}
1052
+ */
1053
+ MailboxFirstPartyApprovalDecision: "approved" | "denied";
1054
+ /**
1055
+ * MailboxFirstPartyResponseStatus
1056
+ * @description Response lifecycle status. The signed `decision` carries the approval outcome.
1057
+ * @example decided
1058
+ * @enum {string}
1059
+ */
1060
+ MailboxFirstPartyResponseStatus: "decided";
1061
+ /**
1062
+ * MailboxFirstPartyApprovalBindingFormat
1063
+ * @description Canonical byte format signed by the approving device key.
1064
+ * @example first-party-privileged-action-decision-binding/v1+json
1065
+ * @enum {string}
1066
+ */
1067
+ MailboxFirstPartyApprovalBindingFormat: "first-party-privileged-action-decision-binding/v1+json";
1068
+ /**
1069
+ * MailboxFirstPartyRelyingPartyRegisterActionV1
1070
+ * @description Canonical action details for `relying_party.register`. Mobile displays these exact fields before approving creation of the relying party and its paired public/confidential clients.
1071
+ */
1072
+ MailboxFirstPartyRelyingPartyRegisterActionV1: {
1073
+ /**
1074
+ * @description Discriminator for this privileged action payload.
1075
+ * @enum {string}
1076
+ */
1077
+ action_type: "relying_party.register";
1078
+ /**
1079
+ * @description Whether approval returns a one-time plaintext client secret to the initiating console flow.
1080
+ * @example true
1081
+ */
1082
+ client_secret_returned_once: boolean;
1083
+ /**
1084
+ * @description OAuth resource audience requested for confidential client credentials.
1085
+ * @example verify.api
1086
+ */
1087
+ confidential_client_audience: string;
1088
+ /**
1089
+ * @description Requested scopes for the confidential backend client.
1090
+ * @example [
1091
+ * "verify:proof"
1092
+ * ]
1093
+ */
1094
+ confidential_client_scopes: string[];
1095
+ /**
1096
+ * @description Human-readable relying-party label shown to the user.
1097
+ * @example Customer Portal
1098
+ */
1099
+ display_name: string;
1100
+ /**
1101
+ * Format: uri
1102
+ * @description Browser origin that will host the public relying-party client.
1103
+ * @example https://customer.example
1104
+ */
1105
+ origin: string;
1106
+ /**
1107
+ * @description Requested scopes for the public browser Sign in client.
1108
+ * @example [
1109
+ * "openid",
1110
+ * "offline_access",
1111
+ * "mailbox:pairing:start"
1112
+ * ]
1113
+ */
1114
+ public_client_scopes: string[];
1115
+ /**
1116
+ * @description Exact browser callback URIs for the public authorization-code client.
1117
+ * @example [
1118
+ * "https://customer.example/oauth/callback"
1119
+ * ]
1120
+ */
1121
+ redirect_uris: string[];
1122
+ };
1123
+ /**
1124
+ * MailboxFirstPartyRelyingPartyRotateSecretActionV1
1125
+ * @description Canonical action details for `relying_party.rotate_secret`. Approval authorizes replacing the confidential client's stored secret hash and returning the new secret once to the initiating console flow.
1126
+ */
1127
+ MailboxFirstPartyRelyingPartyRotateSecretActionV1: {
1128
+ /**
1129
+ * @description Discriminator for this privileged action payload.
1130
+ * @enum {string}
1131
+ */
1132
+ action_type: "relying_party.rotate_secret";
1133
+ /**
1134
+ * @description Whether approval returns a one-time plaintext client secret to the initiating console flow.
1135
+ * @example true
1136
+ */
1137
+ client_secret_returned_once: boolean;
1138
+ /**
1139
+ * @description Confidential backend client id whose secret will rotate.
1140
+ * @example rp_conf_9d58fb4c6ff84f46
1141
+ */
1142
+ confidential_client_id: string;
1143
+ /**
1144
+ * @description Human-readable relying-party label shown to the user.
1145
+ * @example Customer Portal
1146
+ */
1147
+ display_name: string;
1148
+ /**
1149
+ * Format: uri
1150
+ * @description Browser origin attached to the relying party.
1151
+ * @example https://customer.example
1152
+ */
1153
+ origin: string;
1154
+ /**
1155
+ * @description Relying-party record id whose confidential secret will rotate.
1156
+ * @example rp_2af7b1fb2b5b4b5b8
1157
+ */
1158
+ relying_party_id: string;
1159
+ };
1160
+ /**
1161
+ * MailboxFirstPartyDeviceRevokeOtherActionV1
1162
+ * @description Canonical action details for `device.revoke_other`. Approval authorizes revoking another active device on the same user account.
1163
+ */
1164
+ MailboxFirstPartyDeviceRevokeOtherActionV1: {
1165
+ /**
1166
+ * @description Discriminator for this privileged action payload.
1167
+ * @enum {string}
1168
+ */
1169
+ action_type: "device.revoke_other";
1170
+ /**
1171
+ * @description Whether approval cascades revocation to pairings involving the target device.
1172
+ * @example true
1173
+ */
1174
+ revoke_pairings: boolean;
1175
+ /**
1176
+ * @description Whether approval revokes refresh-token families bound to the target device.
1177
+ * @example true
1178
+ */
1179
+ revoke_refresh_tokens: boolean;
1180
+ /**
1181
+ * @description RFC 3339 UTC creation timestamp for the target device.
1182
+ * @example 2026-05-01T12:00:00Z
1183
+ */
1184
+ target_device_created_at: string;
1185
+ /**
1186
+ * Format: uuid
1187
+ * @description Device id that will be revoked.
1188
+ * @example 22222222-3333-4444-8555-666666666666
1189
+ */
1190
+ target_device_id: string;
1191
+ /**
1192
+ * @description Optional human-readable device name shown to the user.
1193
+ * @example Taylor's iPhone
1194
+ */
1195
+ target_device_name?: string | null;
1196
+ /**
1197
+ * @description Registered platform type for the target device.
1198
+ * @example ios
1199
+ * @enum {string}
1200
+ */
1201
+ target_device_type: "ios" | "android";
1202
+ };
1203
+ /**
1204
+ * MailboxFirstPartyPrivilegedAction
1205
+ * @description Typed canonical privileged action details shown on mobile.
1206
+ */
1207
+ MailboxFirstPartyPrivilegedAction: components["schemas"]["MailboxFirstPartyRelyingPartyRegisterActionV1"] | components["schemas"]["MailboxFirstPartyRelyingPartyRotateSecretActionV1"] | components["schemas"]["MailboxFirstPartyDeviceRevokeOtherActionV1"];
1208
+ /**
1209
+ * MailboxFirstPartyPrivilegedActionRequestV1
1210
+ * @description Privileged console action approval request. `canonical_action_bytes` are the UTF-8 JSON bytes of the typed `action` object encoded with lexicographic property order and no insignificant whitespace; the hash pins the exact action details auth will execute after approval.
1211
+ */
1212
+ MailboxFirstPartyPrivilegedActionRequestV1: {
1213
+ action: components["schemas"]["MailboxFirstPartyPrivilegedAction"];
1214
+ action_type: components["schemas"]["MailboxFirstPartyPrivilegedActionType"];
1017
1215
  /**
1018
1216
  * Format: byte
1019
- * @description RFC 4648 standard base64 with `=` padding for the signature over `approval_binding_bytes`.
1217
+ * @description RFC 4648 standard base64 with `=` padding for the canonical privileged action JSON bytes.
1218
+ */
1219
+ canonical_action_bytes: string;
1220
+ /**
1221
+ * @description SHA-256 hash of `canonical_action_bytes` after base64 decoding.
1222
+ * @example sha256:70f1e52bd01429bc2f405b182a3abc72751bda213dba41684a12db5116698c3c
1223
+ */
1224
+ canonical_action_hash: string;
1225
+ /**
1226
+ * @description RFC 3339 UTC timestamp when auth created the privileged-action intent.
1227
+ * @example 2026-05-16T20:40:00Z
1228
+ */
1229
+ created_at: string;
1230
+ /**
1231
+ * @description OAuth client id for the console flow that initiated the intent.
1232
+ * @example naughtbot-console
1233
+ */
1234
+ initiating_client_id: string;
1235
+ /**
1236
+ * @description Base64url SHA-256 thumbprint of the initiating browser DPoP key.
1237
+ * @example 2oNQXcW2Upi5b1xHZQW1Yf3N0aYVnX_Jf7mRiS7Jm8A
1238
+ */
1239
+ initiating_dpop_jkt: string;
1240
+ /**
1241
+ * @description Opaque privileged-action intent id.
1242
+ * @example pai_2af7b1fb2b5b4b5b8
1243
+ */
1244
+ intent_id: string;
1245
+ };
1246
+ /**
1247
+ * MailboxFirstPartyRequestPayloadV1
1248
+ * @description Request payload for the `first_party_request` envelope type.
1249
+ */
1250
+ MailboxFirstPartyRequestPayloadV1: {
1251
+ /**
1252
+ * @description RFC 3339 UTC timestamp after which the request is invalid.
1253
+ * @example 2026-05-16T20:45:00Z
1254
+ */
1255
+ expires_at: string;
1256
+ /**
1257
+ * @description RFC 3339 UTC timestamp with canonical `Z` suffix.
1258
+ * @example 2026-05-16T20:40:00Z
1259
+ */
1260
+ issued_at: string;
1261
+ /**
1262
+ * @description Opaque nonce bound into the mobile-signed decision.
1263
+ * @example first-party-nonce-fixture
1264
+ */
1265
+ nonce: string;
1266
+ privileged_action: components["schemas"]["MailboxFirstPartyPrivilegedActionRequestV1"];
1267
+ /**
1268
+ * @description Opaque auth/mailbox-scoped first-party request id.
1269
+ * @example fpr_2af7b1fb2b5b4b5b8
1270
+ */
1271
+ request_id: string;
1272
+ request_kind: components["schemas"]["MailboxFirstPartyRequestKind"];
1273
+ };
1274
+ /**
1275
+ * MailboxFirstPartyPrivilegedActionDecisionBindingV1
1276
+ * @description Canonical JSON object whose UTF-8 bytes are signed by the approving device key. Producers encode these fields in lexicographic property order with no insignificant whitespace and place the resulting bytes in `MailboxFirstPartyResponsePayloadV1.approval_binding_bytes`.
1277
+ */
1278
+ MailboxFirstPartyPrivilegedActionDecisionBindingV1: {
1279
+ action_type: components["schemas"]["MailboxFirstPartyPrivilegedActionType"];
1280
+ /**
1281
+ * Format: uuid
1282
+ * @description Device id whose signing key created `approval_signature`.
1283
+ * @example 33333333-4444-4555-8666-777777777777
1284
+ */
1285
+ approving_device_id: string;
1286
+ /**
1287
+ * @description Base64url SHA-256 thumbprint of the approving device signing key.
1288
+ * @example uJx87scLEhI5vT1YdtXx5ERw2IW0aP2mMNJ1lUu1Dx4
1289
+ */
1290
+ approving_device_signing_key_jkt: string;
1291
+ /**
1292
+ * @description Hash copied from the request payload.
1293
+ * @example sha256:70f1e52bd01429bc2f405b182a3abc72751bda213dba41684a12db5116698c3c
1294
+ */
1295
+ canonical_action_hash: string;
1296
+ /**
1297
+ * @description RFC 3339 UTC timestamp of the mobile decision.
1298
+ * @example 2026-05-16T20:41:00Z
1299
+ */
1300
+ decided_at: string;
1301
+ decision: components["schemas"]["MailboxFirstPartyApprovalDecision"];
1302
+ /**
1303
+ * @description Request expiry copied from the request payload.
1304
+ * @example 2026-05-16T20:45:00Z
1305
+ */
1306
+ expires_at: string;
1307
+ /**
1308
+ * @description Privileged-action intent id copied from the request payload.
1309
+ * @example pai_2af7b1fb2b5b4b5b8
1310
+ */
1311
+ intent_id: string;
1312
+ /**
1313
+ * @description Nonce copied from the request payload.
1314
+ * @example first-party-nonce-fixture
1315
+ */
1316
+ nonce: string;
1317
+ /**
1318
+ * Format: uuid
1319
+ * @description Envelope id of the first-party request being answered.
1320
+ * @example 11111111-2222-4333-8444-555555555555
1321
+ */
1322
+ request_envelope_id: string;
1323
+ /**
1324
+ * @description Envelope `issued_at` timestamp of the request being answered.
1325
+ * @example 2026-05-16T20:40:00Z
1326
+ */
1327
+ request_envelope_issued_at: string;
1328
+ /**
1329
+ * @description Envelope type of the request being answered.
1330
+ * @example first_party_request
1331
+ * @enum {string}
1332
+ */
1333
+ request_envelope_type: "first_party_request";
1334
+ /**
1335
+ * @description First-party request id copied from the request payload.
1336
+ * @example fpr_2af7b1fb2b5b4b5b8
1337
+ */
1338
+ request_id: string;
1339
+ /**
1340
+ * @description Canonical decision binding schema version.
1341
+ * @enum {string}
1342
+ */
1343
+ version: "first-party-privileged-action-decision-binding/v1";
1344
+ };
1345
+ /**
1346
+ * MailboxFirstPartyResponsePayloadV1
1347
+ * @description Response payload for the `first_party_response` envelope type. The response carries the mobile decision, the exact canonical bytes signed by the approving device, and the raw device signature over those bytes.
1348
+ */
1349
+ MailboxFirstPartyResponsePayloadV1: {
1350
+ /**
1351
+ * Format: byte
1352
+ * @description RFC 4648 standard base64 with `=` padding for the canonical `MailboxFirstPartyPrivilegedActionDecisionBindingV1` UTF-8 JSON bytes.
1353
+ */
1354
+ approval_binding_bytes: string;
1355
+ approval_binding_format: components["schemas"]["MailboxFirstPartyApprovalBindingFormat"];
1356
+ /**
1357
+ * Format: byte
1358
+ * @description RFC 4648 standard base64 with `=` padding for the raw signature over `approval_binding_bytes` after base64 decoding.
1020
1359
  */
1021
1360
  approval_signature: string;
1361
+ /**
1362
+ * @description Device signing-key algorithm identifier.
1363
+ * @example ES256
1364
+ */
1365
+ approval_signature_algorithm: string;
1366
+ /**
1367
+ * Format: uuid
1368
+ * @description Device id whose signing key created `approval_signature`.
1369
+ * @example 33333333-4444-4555-8666-777777777777
1370
+ */
1371
+ approving_device_id: string;
1372
+ /**
1373
+ * @description Base64url SHA-256 thumbprint of the approving device signing key.
1374
+ * @example uJx87scLEhI5vT1YdtXx5ERw2IW0aP2mMNJ1lUu1Dx4
1375
+ */
1376
+ approving_device_signing_key_jkt: string;
1022
1377
  /**
1023
1378
  * @description RFC 3339 UTC timestamp of the mobile decision.
1024
- * @example 2026-05-14T19:31:00Z
1379
+ * @example 2026-05-16T20:41:00Z
1025
1380
  */
1026
1381
  decided_at: string;
1027
- decision: components["schemas"]["MailboxBrowserApprovalDecision"];
1382
+ decision: components["schemas"]["MailboxFirstPartyApprovalDecision"];
1383
+ /**
1384
+ * @description Privileged-action intent id copied from the request payload.
1385
+ * @example pai_2af7b1fb2b5b4b5b8
1386
+ */
1387
+ intent_id: string;
1028
1388
  /**
1029
1389
  * Format: uuid
1030
- * @description Envelope id of the browser approval request being answered.
1390
+ * @description Envelope id of the first-party request being answered.
1031
1391
  * @example 11111111-2222-4333-8444-555555555555
1032
1392
  */
1033
1393
  request_envelope_id: string;
1034
1394
  /**
1035
- * @description Mobile signing key id that produced `approval_signature`.
1036
- * @example mobile-key-browser-approval-1
1395
+ * @description First-party request id copied from the request payload.
1396
+ * @example fpr_2af7b1fb2b5b4b5b8
1037
1397
  */
1038
- signing_key_id: string;
1039
- status: components["schemas"]["MailboxBrowserApprovalResponseStatus"];
1398
+ request_id: string;
1399
+ status: components["schemas"]["MailboxFirstPartyResponseStatus"];
1040
1400
  };
1041
1401
  };
1042
1402
  responses: never;
package/dist/schema.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC7C,MAAM,WAAW,UAAU;IACvB,OAAO,EAAE;QACL;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,CAAC,EAAE,CAAC,CAAC;YACL;;;eAGG;YACH,IAAI,EAAE,MAAM,CAAC;YACb;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,mPAAmP;YACnP,OAAO,EAAE;gBACL,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;aAC1B,CAAC;SACL,CAAC;QACF;;;;;WAKG;QACH,mBAAmB,EAAE,cAAc,GAAG,eAAe,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,GAAG,aAAa,GAAG,YAAY,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,GAAG,0BAA0B,GAAG,2BAA2B,CAAC;QAChS;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,OAAO,EAAE,uBAAuB,CAAC;YACjC,uFAAuF;YACvF,KAAK,EAAE,MAAM,CAAC;YACd,oEAAoE;YACpE,UAAU,EAAE,MAAM,CAAC;YACnB,0FAA0F;YAC1F,cAAc,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,sBAAsB,EAAE;YACpB,0HAA0H;YAC1H,qBAAqB,EAAE,MAAM,CAAC;YAC9B,oFAAoF;YACpF,eAAe,EAAE,MAAM,CAAC;YACxB;;;eAGG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,oFAAoF;YACpF,mBAAmB,EAAE,MAAM,CAAC;YAC5B,uFAAuF;YACvF,iBAAiB,EAAE,MAAM,CAAC;YAC1B,gGAAgG;YAChG,iBAAiB,EAAE,MAAM,CAAC;SAC7B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,OAAO,EAAE,yBAAyB,CAAC;YACnC;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;SACrB,CAAC;QACF;;;WAGG;QACH,wBAAwB,EAAE;YACtB;;;eAGG;YACH,OAAO,EAAE,gCAAgC,CAAC;YAC1C,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YACtD,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC3D,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC5D;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;;WAIG;QACH,uBAAuB,EAAE,oBAAoB,GAAG,aAAa,GAAG,mBAAmB,GAAG,UAAU,GAAG,gBAAgB,CAAC;QACpH;;;WAGG;QACH,sBAAsB,EAAE;YACpB,6JAA6J;YAC7J,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gBAAgB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,yBAAyB,CAAC,CAAC;YACnE;;;eAGG;YACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,qBAAqB,EAAE,MAAM,CAAC;YAC9B,qHAAqH;YACrH,0BAA0B,CAAC,EAAE,MAAM,CAAC;SACvC,CAAC;QACF;;;;;WAKG;QACH,gBAAgB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC;;;;;WAKG;QACH,UAAU,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;QAClC;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,UAAU,CAAC,EAAE,OAAO,CAAC;YACrB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB,6DAA6D;YAC7D,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,aAAa,EAAE;YACX;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd,4DAA4D;YAC5D,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,qDAAqD;YACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,uCAAuC;YACvC,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SACnD,CAAC;QACF;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,iDAAiD;YACjD,QAAQ,EAAE,MAAM,CAAC;YACjB,gDAAgD;YAChD,OAAO,EAAE,MAAM,CAAC;SACnB,CAAC;QACF;;;WAGG;QACH,UAAU,EAAE;YACR,4CAA4C;YAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,6CAA6C;YAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,0EAA0E;YAC1E,aAAa,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SAC3D,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,iBAAiB,EAAE,MAAM,CAAC;YAC1B,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,CAAC;YAC1C;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,SAAS,EAAE;YACP;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB;;;;eAIG;YACH,MAAM,EAAE,MAAM,CAAC;YACf;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;SACvB,CAAC;QACF;;;WAGG;QACH,gCAAgC,EAAE;YAC9B;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;;eAIG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;QAC3J;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,6GAA6G;YAC7G,aAAa,EAAE,MAAM,CAAC;YACtB,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,mCAAmC,EAAE;YACjC;;;eAGG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB,0GAA0G;YAC1G,aAAa,EAAE,MAAM,CAAC;YACtB,GAAG,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YACrD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;QACpK;;;WAGG;QACH,oCAAoC,EAAE;YAClC;;;;eAIG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,6BAA6B,EAAE;YAC3B,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;YAC7C;;;eAGG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf;;;eAGG;YACH,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACpJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX,6IAA6I;YAC7I,cAAc,EAAE,MAAM,CAAC;YACvB,qJAAqJ;YACrJ,aAAa,EAAE,MAAM,CAAC;YACtB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gEAAgE;YAChE,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;eAIG;YACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC;;;eAGG;YACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B;;;eAGG;YACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;YAC1B,4HAA4H;YAC5H,yBAAyB,CAAC,EAAE,MAAM,CAAC;YACnC,+EAA+E;YAC/E,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC;;;eAGG;YACH,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC9D,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;;;WAKG;QACH,8BAA8B,EAAE,UAAU,GAAG,QAAQ,CAAC;QACtD;;;;;WAKG;QACH,oCAAoC,EAAE,SAAS,CAAC;QAChD;;;;;WAKG;QACH,mCAAmC,EAAE,2CAA2C,CAAC;QACjF;;;WAGG;QACH,sCAAsC,EAAE;YACpC;;;eAGG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;eAGG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB,yEAAyE;YACzE,kBAAkB,CAAC,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,4BAA4B,EAAE,MAAM,CAAC;YACrC;;;eAGG;YACH,6BAA6B,EAAE,MAAM,CAAC;YACtC;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;eAGG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,sBAAsB,EAAE,MAAM,CAAC;YAC/B;;;eAGG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;SACtB,CAAC;QACF;;;WAGG;QACH,uCAAuC,EAAE;YACrC;;;eAGG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,4BAA4B,EAAE,MAAM,CAAC;YACrC;;;eAGG;YACH,6BAA6B,EAAE,MAAM,CAAC;YACtC;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;YAClE;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,uBAAuB,EAAE,MAAM,CAAC;YAChC;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,0BAA0B,EAAE,MAAM,CAAC;YACnC;;;;eAIG;YACH,qBAAqB,EAAE,0BAA0B,CAAC;YAClD;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;eAGG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,yBAAyB,EAAE,MAAM,CAAC;YAClC;;;eAGG;YACH,OAAO,EAAE,sCAAsC,CAAC;SACnD,CAAC;QACF;;;WAGG;QACH,uCAAuC,EAAE;YACrC;;;eAGG;YACH,sBAAsB,EAAE,MAAM,CAAC;YAC/B,uBAAuB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,qCAAqC,CAAC,CAAC;YACtF;;;eAGG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,kBAAkB,EAAE,MAAM,CAAC;YAC3B;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;YAClE;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;SACzE,CAAC;KACL,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;IACjB,UAAU,EAAE,KAAK,CAAC;IAClB,aAAa,EAAE,KAAK,CAAC;IACrB,OAAO,EAAE,KAAK,CAAC;IACf,SAAS,EAAE,KAAK,CAAC;CACpB;AACD,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC"}
1
+ {"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC7C,MAAM,WAAW,UAAU;IACvB,OAAO,EAAE;QACL;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,CAAC,EAAE,CAAC,CAAC;YACL;;;eAGG;YACH,IAAI,EAAE,MAAM,CAAC;YACb;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,mPAAmP;YACnP,OAAO,EAAE;gBACL,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;aAC1B,CAAC;SACL,CAAC;QACF;;;;;WAKG;QACH,mBAAmB,EAAE,cAAc,GAAG,eAAe,GAAG,gBAAgB,GAAG,iBAAiB,GAAG,kBAAkB,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,GAAG,aAAa,GAAG,YAAY,GAAG,aAAa,GAAG,eAAe,GAAG,QAAQ,GAAG,0BAA0B,GAAG,2BAA2B,GAAG,qBAAqB,GAAG,sBAAsB,CAAC;QACjV;;;WAGG;QACH,iBAAiB,EAAE;YACf;;;eAGG;YACH,OAAO,EAAE,uBAAuB,CAAC;YACjC,uFAAuF;YACvF,KAAK,EAAE,MAAM,CAAC;YACd,oEAAoE;YACpE,UAAU,EAAE,MAAM,CAAC;YACnB,0FAA0F;YAC1F,cAAc,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,sBAAsB,EAAE;YACpB,0HAA0H;YAC1H,qBAAqB,EAAE,MAAM,CAAC;YAC9B,oFAAoF;YACpF,eAAe,EAAE,MAAM,CAAC;YACxB;;;eAGG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,oFAAoF;YACpF,mBAAmB,EAAE,MAAM,CAAC;YAC5B,uFAAuF;YACvF,iBAAiB,EAAE,MAAM,CAAC;YAC1B,gGAAgG;YAChG,iBAAiB,EAAE,MAAM,CAAC;SAC7B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,OAAO,EAAE,yBAAyB,CAAC;YACnC;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;SACrB,CAAC;QACF;;;WAGG;QACH,wBAAwB,EAAE;YACtB;;;eAGG;YACH,OAAO,EAAE,gCAAgC,CAAC;YAC1C,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YACtD,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC3D,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YAC5D;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;;WAIG;QACH,uBAAuB,EAAE,oBAAoB,GAAG,aAAa,GAAG,mBAAmB,GAAG,UAAU,GAAG,gBAAgB,CAAC;QACpH;;;WAGG;QACH,sBAAsB,EAAE;YACpB,6JAA6J;YAC7J,cAAc,EAAE,MAAM,CAAC;YACvB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gBAAgB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,yBAAyB,CAAC,CAAC;YACnE;;;eAGG;YACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,qBAAqB,EAAE,MAAM,CAAC;YAC9B,qHAAqH;YACrH,0BAA0B,CAAC,EAAE,MAAM,CAAC;SACvC,CAAC;QACF;;;;;WAKG;QACH,gBAAgB,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACxC;;;;;WAKG;QACH,UAAU,EAAE,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;QAClC;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,UAAU,CAAC,EAAE,OAAO,CAAC;YACrB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB;;;eAGG;YACH,SAAS,CAAC,EAAE,OAAO,CAAC;YACpB,6DAA6D;YAC7D,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,aAAa,EAAE;YACX;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd,4DAA4D;YAC5D,aAAa,CAAC,EAAE,MAAM,CAAC;YACvB,qDAAqD;YACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,uCAAuC;YACvC,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SACnD,CAAC;QACF;;;WAGG;QACH,YAAY,EAAE;YACV;;;eAGG;YACH,GAAG,EAAE,MAAM,CAAC;YACZ,iDAAiD;YACjD,QAAQ,EAAE,MAAM,CAAC;YACjB,gDAAgD;YAChD,OAAO,EAAE,MAAM,CAAC;SACnB,CAAC;QACF;;;WAGG;QACH,UAAU,EAAE;YACR,4CAA4C;YAC5C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,6CAA6C;YAC7C,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,QAAQ,CAAC,EAAE,MAAM,CAAC;YAClB,wDAAwD;YACxD,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,0EAA0E;YAC1E,aAAa,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,cAAc,CAAC,EAAE,CAAC;SAC3D,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB;;;eAGG;YACH,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;;eAKG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf,2IAA2I;YAC3I,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE;YAC5B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACrJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,iBAAiB,EAAE,MAAM,CAAC;YAC1B,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,cAAc,EAAE,MAAM,CAAC;YACvB,KAAK,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,WAAW,CAAC,CAAC;YAC1C;;;eAGG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,SAAS,EAAE;YACP;;;;eAIG;YACH,OAAO,EAAE,MAAM,CAAC;YAChB;;;;eAIG;YACH,MAAM,EAAE,MAAM,CAAC;YACf;;;;eAIG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB;;;;eAIG;YACH,WAAW,EAAE,MAAM,CAAC;SACvB,CAAC;QACF;;;WAGG;QACH,gCAAgC,EAAE;YAC9B;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;;eAIG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;QAC3J;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;;eAIG;YACH,QAAQ,EAAE,MAAM,CAAC;YACjB,6GAA6G;YAC7G,aAAa,EAAE,MAAM,CAAC;YACtB,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,oCAAoC,CAAC,CAAC;QAC9J;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,mCAAmC,EAAE;YACjC;;;eAGG;YACH,eAAe,EAAE,MAAM,CAAC;YACxB,0GAA0G;YAC1G,aAAa,EAAE,MAAM,CAAC;YACtB,GAAG,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uBAAuB,CAAC,CAAC;YACrD,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;QACpK;;;WAGG;QACH,oCAAoC,EAAE;YAClC;;;;eAIG;YACH,aAAa,EAAE,MAAM,CAAC;YACtB,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,oCAAoC,EAAE;YAClC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;WAGG;QACH,qBAAqB,EAAE;YACnB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,UAAU,CAAC,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,IAAI,CAAC,EAAE,MAAM,CAAC;SACjB,CAAC;QACF;;;WAGG;QACH,6BAA6B,EAAE;YAC3B,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;YAC7C;;;eAGG;YACH,KAAK,CAAC,EAAE,MAAM,CAAC;YACf;;;eAGG;YACH,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;YAChC,kBAAkB,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAChE,OAAO,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,eAAe,CAAC,CAAC;YACjD,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,YAAY,CAAC,CAAC;SACrD,CAAC;QACF;;;WAGG;QACH,8BAA8B,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;QACpJ;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB;;;eAGG;YACH,EAAE,EAAE,MAAM,CAAC;YACX,6IAA6I;YAC7I,cAAc,EAAE,MAAM,CAAC;YACvB,qJAAqJ;YACrJ,aAAa,EAAE,MAAM,CAAC;YACtB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB,gEAAgE;YAChE,WAAW,CAAC,EAAE,MAAM,CAAC;YACrB;;;;eAIG;YACH,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC;;;eAGG;YACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;YAC3B;;;eAGG;YACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;YAC1B,4HAA4H;YAC5H,yBAAyB,CAAC,EAAE,MAAM,CAAC;YACnC,+EAA+E;YAC/E,sBAAsB,CAAC,EAAE,MAAM,CAAC;YAChC;;;eAGG;YACH,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,WAAW,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wBAAwB,CAAC,CAAC;YAC9D,cAAc,CAAC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;SACtE,CAAC;QACF;;;WAGG;QACH,+BAA+B,EAAE;YAC7B;;;eAGG;YACH,MAAM,EAAE,UAAU,CAAC;YACnB,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,kBAAkB,CAAC,CAAC;YACtD;;;eAGG;YACH,aAAa,CAAC,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF;;;;;WAKG;QACH,8BAA8B,EAAE,UAAU,GAAG,QAAQ,CAAC;QACtD;;;;;WAKG;QACH,oCAAoC,EAAE,SAAS,CAAC;QAChD;;;;;WAKG;QACH,mCAAmC,EAAE,2CAA2C,CAAC;QACjF;;;WAGG;QACH,sCAAsC,EAAE;YACpC;;;eAGG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB,kBAAkB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mBAAmB,CAAC,CAAC;YAC/D;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;eAGG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB,yEAAyE;YACzE,kBAAkB,CAAC,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,4BAA4B,EAAE,MAAM,CAAC;YACrC;;;eAGG;YACH,6BAA6B,EAAE,MAAM,CAAC;YACtC;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;eAGG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,sBAAsB,EAAE,MAAM,CAAC;YAC/B;;;eAGG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;SACtB,CAAC;QACF;;;WAGG;QACH,uCAAuC,EAAE;YACrC;;;eAGG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB;;;eAGG;YACH,4BAA4B,EAAE,MAAM,CAAC;YACrC;;;eAGG;YACH,6BAA6B,EAAE,MAAM,CAAC;YACtC;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;YAClE;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;eAGG;YACH,uBAAuB,EAAE,MAAM,CAAC;YAChC;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,0BAA0B,EAAE,MAAM,CAAC;YACnC;;;;eAIG;YACH,qBAAqB,EAAE,0BAA0B,CAAC;YAClD;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;eAGG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,yBAAyB,EAAE,MAAM,CAAC;YAClC;;;eAGG;YACH,OAAO,EAAE,sCAAsC,CAAC;SACnD,CAAC;QACF;;;WAGG;QACH,uCAAuC,EAAE;YACrC;;;eAGG;YACH,sBAAsB,EAAE,MAAM,CAAC;YAC/B,uBAAuB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,qCAAqC,CAAC,CAAC;YACtF;;;eAGG;YACH,WAAW,EAAE,MAAM,CAAC;YACpB,cAAc,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,0BAA0B,CAAC,CAAC;YAClE;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,gCAAgC,CAAC,CAAC;YAClE;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,sCAAsC,CAAC,CAAC;SACzE,CAAC;QACF;;;;;WAKG;QACH,4BAA4B,EAAE,4BAA4B,CAAC;QAC3D;;;;;WAKG;QACH,qCAAqC,EAAE,wBAAwB,GAAG,6BAA6B,GAAG,qBAAqB,CAAC;QACxH;;;;;WAKG;QACH,iCAAiC,EAAE,UAAU,GAAG,QAAQ,CAAC;QACzD;;;;;WAKG;QACH,+BAA+B,EAAE,SAAS,CAAC;QAC3C;;;;;WAKG;QACH,sCAAsC,EAAE,wDAAwD,CAAC;QACjG;;;WAGG;QACH,6CAA6C,EAAE;YAC3C;;;eAGG;YACH,WAAW,EAAE,wBAAwB,CAAC;YACtC;;;eAGG;YACH,2BAA2B,EAAE,OAAO,CAAC;YACrC;;;eAGG;YACH,4BAA4B,EAAE,MAAM,CAAC;YACrC;;;;;eAKG;YACH,0BAA0B,EAAE,MAAM,EAAE,CAAC;YACrC;;;eAGG;YACH,YAAY,EAAE,MAAM,CAAC;YACrB;;;;eAIG;YACH,MAAM,EAAE,MAAM,CAAC;YACf;;;;;;;eAOG;YACH,oBAAoB,EAAE,MAAM,EAAE,CAAC;YAC/B;;;;;eAKG;YACH,aAAa,EAAE,MAAM,EAAE,CAAC;SAC3B,CAAC;QACF;;;WAGG;QACH,iDAAiD,EAAE;YAC/C;;;eAGG;YACH,WAAW,EAAE,6BAA6B,CAAC;YAC3C;;;eAGG;YACH,2BAA2B,EAAE,OAAO,CAAC;YACrC;;;eAGG;YACH,sBAAsB,EAAE,MAAM,CAAC;YAC/B;;;eAGG;YACH,YAAY,EAAE,MAAM,CAAC;YACrB;;;;eAIG;YACH,MAAM,EAAE,MAAM,CAAC;YACf;;;eAGG;YACH,gBAAgB,EAAE,MAAM,CAAC;SAC5B,CAAC;QACF;;;WAGG;QACH,0CAA0C,EAAE;YACxC;;;eAGG;YACH,WAAW,EAAE,qBAAqB,CAAC;YACnC;;;eAGG;YACH,eAAe,EAAE,OAAO,CAAC;YACzB;;;eAGG;YACH,qBAAqB,EAAE,OAAO,CAAC;YAC/B;;;eAGG;YACH,wBAAwB,EAAE,MAAM,CAAC;YACjC;;;;eAIG;YACH,gBAAgB,EAAE,MAAM,CAAC;YACzB;;;eAGG;YACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;YACnC;;;;eAIG;YACH,kBAAkB,EAAE,KAAK,GAAG,SAAS,CAAC;SACzC,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,+CAA+C,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,mDAAmD,CAAC,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,4CAA4C,CAAC,CAAC;QAC7P;;;WAGG;QACH,0CAA0C,EAAE;YACxC,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;YACnE,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uCAAuC,CAAC,CAAC;YAC5E;;;eAGG;YACH,sBAAsB,EAAE,MAAM,CAAC;YAC/B;;;eAGG;YACH,qBAAqB,EAAE,MAAM,CAAC;YAC9B;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,oBAAoB,EAAE,MAAM,CAAC;YAC7B;;;eAGG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;SACrB,CAAC;QACF;;;WAGG;QACH,iCAAiC,EAAE;YAC/B;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd,iBAAiB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,4CAA4C,CAAC,CAAC;YACvF;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,YAAY,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,8BAA8B,CAAC,CAAC;SACvE,CAAC;QACF;;;WAGG;QACH,kDAAkD,EAAE;YAChD,WAAW,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,uCAAuC,CAAC,CAAC;YAC5E;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,gCAAgC,EAAE,MAAM,CAAC;YACzC;;;eAGG;YACH,qBAAqB,EAAE,MAAM,CAAC;YAC9B;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;YACrE;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;eAGG;YACH,KAAK,EAAE,MAAM,CAAC;YACd;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,0BAA0B,EAAE,MAAM,CAAC;YACnC;;;;eAIG;YACH,qBAAqB,EAAE,qBAAqB,CAAC;YAC7C;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB;;;eAGG;YACH,OAAO,EAAE,mDAAmD,CAAC;SAChE,CAAC;QACF;;;WAGG;QACH,kCAAkC,EAAE;YAChC;;;eAGG;YACH,sBAAsB,EAAE,MAAM,CAAC;YAC/B,uBAAuB,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,wCAAwC,CAAC,CAAC;YACzF;;;eAGG;YACH,kBAAkB,EAAE,MAAM,CAAC;YAC3B;;;eAGG;YACH,4BAA4B,EAAE,MAAM,CAAC;YACrC;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,gCAAgC,EAAE,MAAM,CAAC;YACzC;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,QAAQ,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,mCAAmC,CAAC,CAAC;YACrE;;;eAGG;YACH,SAAS,EAAE,MAAM,CAAC;YAClB;;;;eAIG;YACH,mBAAmB,EAAE,MAAM,CAAC;YAC5B;;;eAGG;YACH,UAAU,EAAE,MAAM,CAAC;YACnB,MAAM,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC,iCAAiC,CAAC,CAAC;SACpE,CAAC;KACL,CAAC;IACF,SAAS,EAAE,KAAK,CAAC;IACjB,UAAU,EAAE,KAAK,CAAC;IAClB,aAAa,EAAE,KAAK,CAAC;IACrB,OAAO,EAAE,KAAK,CAAC;IACf,SAAS,EAAE,KAAK,CAAC;CACpB;AACD,MAAM,MAAM,KAAK,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AAC1C,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@naughtbot/e2ee-payloads",
3
- "version": "0.3.0",
3
+ "version": "0.4.0",
4
4
  "description": "Generated TypeScript types for the NaughtBot mailbox envelope and per-type payload schemas.",
5
5
  "type": "module",
6
6
  "license": "MIT",
package/src/index.test.ts CHANGED
@@ -5,12 +5,20 @@ import { strict as assert } from "node:assert";
5
5
  import { describe, it } from "node:test";
6
6
 
7
7
  import type {
8
+ ApprovalAttestedKeyProof,
8
9
  MailboxAgeUnwrapRequestPayloadV1,
9
10
  MailboxBrowserApprovalDecisionBindingV1,
11
+ MailboxBrowserApprovalRequestPayloadV1,
10
12
  MailboxBrowserApprovalResponsePayloadV1,
11
13
  MailboxEnrollResponseApprovedV1,
12
14
  MailboxEnrollResponsePayloadV1,
13
15
  MailboxEnvelopeV1,
16
+ MailboxFirstPartyDeviceRevokeOtherActionV1,
17
+ MailboxFirstPartyPrivilegedActionDecisionBindingV1,
18
+ MailboxFirstPartyRequestPayloadV1,
19
+ MailboxFirstPartyResponsePayloadV1,
20
+ MailboxFirstPartyRelyingPartyRegisterActionV1,
21
+ MailboxFirstPartyRelyingPartyRotateSecretActionV1,
14
22
  MailboxGpgDecryptResponseSuccessV1,
15
23
  MailboxSshAuthResponseSuccessV1,
16
24
  MailboxSshSignRequestPayloadV1,
@@ -20,6 +28,12 @@ import type {
20
28
 
21
29
  const browserApprovalDecisionBindingFixtureJSON =
22
30
  '{"approval_id":"appr_browser_approval_fixture","browser_public_key_algorithm":"ES256","browser_public_key_thumbprint":"sha256:8uLz73VtBwmU5O_Jr3r2StpLrNxW41Oq9p6FwR2C7xA","decided_at":"2026-05-14T19:31:00Z","decision":"approved","expires_at":"2026-05-14T19:35:00Z","nonce":"m4H2YxTjueEXAMPLE","pairing_transcript_hash":"sha256:6f5902ac237024bdd0c176cb93063dc4f1e01e1191450b5f8f457c56f48e1f4f","request_envelope_id":"11111111-2222-4333-8444-555555555555","request_envelope_issued_at":"2026-05-14T19:30:00Z","request_envelope_type":"browser_approval_request","requested_capability":"captcha.browser_credential","requester_client_id":"captcha-service","requester_origin":"https://captcha.naughtbot.com","service_mobile_pairing_id":"pair_9d58fb4c6ff84f46","version":"browser-approval-decision-binding/v1"}';
31
+ const firstPartyRegisterActionFixtureJSON =
32
+ '{"action_type":"relying_party.register","client_secret_returned_once":true,"confidential_client_audience":"verify.api","confidential_client_scopes":["verify:proof"],"display_name":"Customer Portal","origin":"https://customer.example","public_client_scopes":["openid","offline_access","mailbox:pairing:start"],"redirect_uris":["https://customer.example/oauth/callback"]}';
33
+ const firstPartyRegisterActionFixtureHash =
34
+ "sha256:9d235424c61b5923caae6be03894226a09b80a4cc28d015dc7ac6260424ed1d7";
35
+ const firstPartyDecisionBindingFixtureJSON =
36
+ '{"action_type":"relying_party.register","approving_device_id":"33333333-4444-4555-8666-777777777777","approving_device_signing_key_jkt":"uJx87scLEhI5vT1YdtXx5ERw2IW0aP2mMNJ1lUu1Dx4","canonical_action_hash":"sha256:9d235424c61b5923caae6be03894226a09b80a4cc28d015dc7ac6260424ed1d7","decided_at":"2026-05-16T20:41:00Z","decision":"approved","expires_at":"2026-05-16T20:45:00Z","intent_id":"pai_first_party_fixture","nonce":"first-party-nonce-fixture","request_envelope_id":"11111111-2222-4333-8444-555555555555","request_envelope_issued_at":"2026-05-16T20:40:00Z","request_envelope_type":"first_party_request","request_id":"fpr_first_party_fixture","version":"first-party-privileged-action-decision-binding/v1"}';
23
37
 
24
38
  describe("MailboxEnvelopeV1", () => {
25
39
  it("round-trips the literal RFC 3339 issued_at string", () => {
@@ -133,6 +147,28 @@ describe("SSH-SK counter + flags (issue #17)", () => {
133
147
 
134
148
  describe("MailboxBrowserApprovalDecisionBindingV1", () => {
135
149
  it("matches the cross-language canonical JSON fixture", () => {
150
+ const challenge = approvalChallengeFixture();
151
+ const request: MailboxBrowserApprovalRequestPayloadV1 = {
152
+ approval_challenge: challenge,
153
+ approval_id: "appr_browser_approval_fixture",
154
+ browser_display_name: "Chrome on MacBook Pro",
155
+ browser_platform: "macOS",
156
+ browser_public_key_algorithm: "ES256",
157
+ browser_public_key_thumbprint:
158
+ "sha256:8uLz73VtBwmU5O_Jr3r2StpLrNxW41Oq9p6FwR2C7xA",
159
+ expires_at: "2026-05-14T19:35:00Z",
160
+ issued_at: "2026-05-14T19:30:00Z",
161
+ nonce: "m4H2YxTjueEXAMPLE",
162
+ requested_capability: "captcha.browser_credential",
163
+ requester_client_id: "captcha-service",
164
+ requester_display_name: "NaughtBot Captcha",
165
+ requester_origin: "https://captcha.naughtbot.com",
166
+ };
167
+ const requestParsed = JSON.parse(
168
+ JSON.stringify(request),
169
+ ) as MailboxBrowserApprovalRequestPayloadV1;
170
+ assert.deepEqual(requestParsed.approval_challenge, challenge);
171
+
136
172
  const binding: MailboxBrowserApprovalDecisionBindingV1 = {
137
173
  approval_id: "appr_browser_approval_fixture",
138
174
  browser_public_key_algorithm: "ES256",
@@ -160,14 +196,10 @@ describe("MailboxBrowserApprovalDecisionBindingV1", () => {
160
196
  approval_binding_bytes: Buffer.from(json, "utf8").toString("base64"),
161
197
  approval_binding_format: "browser-approval-decision-binding/v1+json",
162
198
  approval_id: binding.approval_id,
163
- approval_signature: Buffer.from(
164
- "approval-signature-fixture",
165
- "utf8",
166
- ).toString("base64"),
199
+ approval_proof: approvalProofFixture(),
167
200
  decided_at: binding.decided_at,
168
201
  decision: binding.decision,
169
202
  request_envelope_id: binding.request_envelope_id,
170
- signing_key_id: "mobile-key-browser-approval-1",
171
203
  status: "decided",
172
204
  };
173
205
  const parsed = JSON.parse(
@@ -179,9 +211,175 @@ describe("MailboxBrowserApprovalDecisionBindingV1", () => {
179
211
  );
180
212
  assert.equal(parsed.decision, "approved");
181
213
  assert.equal(parsed.status, "decided");
214
+ assert.equal(
215
+ Buffer.from(parsed.approval_proof.proof, "base64").toString("utf8"),
216
+ "browser-approval-proof",
217
+ );
182
218
  });
183
219
  });
184
220
 
221
+ describe("MailboxFirstPartyPrivilegedActionDecisionBindingV1", () => {
222
+ it("matches the cross-language canonical action and decision fixtures", () => {
223
+ const action: MailboxFirstPartyRelyingPartyRegisterActionV1 = {
224
+ action_type: "relying_party.register",
225
+ client_secret_returned_once: true,
226
+ confidential_client_audience: "verify.api",
227
+ confidential_client_scopes: ["verify:proof"],
228
+ display_name: "Customer Portal",
229
+ origin: "https://customer.example",
230
+ public_client_scopes: [
231
+ "openid",
232
+ "offline_access",
233
+ "mailbox:pairing:start",
234
+ ],
235
+ redirect_uris: ["https://customer.example/oauth/callback"],
236
+ };
237
+ const actionJSON = JSON.stringify(action);
238
+ assert.equal(actionJSON, firstPartyRegisterActionFixtureJSON);
239
+
240
+ const request: MailboxFirstPartyRequestPayloadV1 = {
241
+ expires_at: "2026-05-16T20:45:00Z",
242
+ issued_at: "2026-05-16T20:40:00Z",
243
+ nonce: "first-party-nonce-fixture",
244
+ privileged_action: {
245
+ action,
246
+ action_type: "relying_party.register",
247
+ canonical_action_bytes: Buffer.from(actionJSON, "utf8").toString(
248
+ "base64",
249
+ ),
250
+ canonical_action_hash: firstPartyRegisterActionFixtureHash,
251
+ created_at: "2026-05-16T20:40:00Z",
252
+ initiating_client_id: "naughtbot-console",
253
+ initiating_dpop_jkt: "2oNQXcW2Upi5b1xHZQW1Yf3N0aYVnX_Jf7mRiS7Jm8A",
254
+ intent_id: "pai_first_party_fixture",
255
+ },
256
+ request_id: "fpr_first_party_fixture",
257
+ request_kind: "privileged_action_approval",
258
+ };
259
+ const requestParsed = JSON.parse(
260
+ JSON.stringify(request),
261
+ ) as MailboxFirstPartyRequestPayloadV1;
262
+ assert.equal(requestParsed.privileged_action.action_type, action.action_type);
263
+ assert.equal(
264
+ Buffer.from(
265
+ requestParsed.privileged_action.canonical_action_bytes,
266
+ "base64",
267
+ ).toString("utf8"),
268
+ firstPartyRegisterActionFixtureJSON,
269
+ );
270
+
271
+ const binding: MailboxFirstPartyPrivilegedActionDecisionBindingV1 = {
272
+ action_type: "relying_party.register",
273
+ approving_device_id: "33333333-4444-4555-8666-777777777777",
274
+ approving_device_signing_key_jkt:
275
+ "uJx87scLEhI5vT1YdtXx5ERw2IW0aP2mMNJ1lUu1Dx4",
276
+ canonical_action_hash: firstPartyRegisterActionFixtureHash,
277
+ decided_at: "2026-05-16T20:41:00Z",
278
+ decision: "approved",
279
+ expires_at: "2026-05-16T20:45:00Z",
280
+ intent_id: "pai_first_party_fixture",
281
+ nonce: "first-party-nonce-fixture",
282
+ request_envelope_id: "11111111-2222-4333-8444-555555555555",
283
+ request_envelope_issued_at: "2026-05-16T20:40:00Z",
284
+ request_envelope_type: "first_party_request",
285
+ request_id: "fpr_first_party_fixture",
286
+ version: "first-party-privileged-action-decision-binding/v1",
287
+ };
288
+ const bindingJSON = JSON.stringify(binding);
289
+ assert.equal(bindingJSON, firstPartyDecisionBindingFixtureJSON);
290
+
291
+ const response: MailboxFirstPartyResponsePayloadV1 = {
292
+ approval_binding_bytes: Buffer.from(bindingJSON, "utf8").toString(
293
+ "base64",
294
+ ),
295
+ approval_binding_format:
296
+ "first-party-privileged-action-decision-binding/v1+json",
297
+ approval_signature: Buffer.from(
298
+ "first-party-signature",
299
+ "utf8",
300
+ ).toString("base64"),
301
+ approval_signature_algorithm: "ES256",
302
+ approving_device_id: binding.approving_device_id,
303
+ approving_device_signing_key_jkt:
304
+ binding.approving_device_signing_key_jkt,
305
+ decided_at: binding.decided_at,
306
+ decision: binding.decision,
307
+ intent_id: binding.intent_id,
308
+ request_envelope_id: binding.request_envelope_id,
309
+ request_id: binding.request_id,
310
+ status: "decided",
311
+ };
312
+ const parsed = JSON.parse(
313
+ JSON.stringify(response),
314
+ ) as MailboxFirstPartyResponsePayloadV1;
315
+ assert.equal(
316
+ Buffer.from(parsed.approval_binding_bytes, "base64").toString("utf8"),
317
+ firstPartyDecisionBindingFixtureJSON,
318
+ );
319
+ assert.equal(
320
+ Buffer.from(parsed.approval_signature, "base64").toString("utf8"),
321
+ "first-party-signature",
322
+ );
323
+
324
+ const rotate: MailboxFirstPartyRelyingPartyRotateSecretActionV1 = {
325
+ action_type: "relying_party.rotate_secret",
326
+ client_secret_returned_once: true,
327
+ confidential_client_id: "rp_conf_9d58fb4c6ff84f46",
328
+ display_name: "Customer Portal",
329
+ origin: "https://customer.example",
330
+ relying_party_id: "rp_2af7b1fb2b5b4b5b8",
331
+ };
332
+ const revoke: MailboxFirstPartyDeviceRevokeOtherActionV1 = {
333
+ action_type: "device.revoke_other",
334
+ revoke_pairings: true,
335
+ revoke_refresh_tokens: true,
336
+ target_device_created_at: "2026-05-01T12:00:00Z",
337
+ target_device_id: "22222222-3333-4444-8555-666666666666",
338
+ target_device_name: "Taylor's iPhone",
339
+ target_device_type: "ios",
340
+ };
341
+ assert.equal(rotate.action_type, "relying_party.rotate_secret");
342
+ assert.equal(revoke.action_type, "device.revoke_other");
343
+ });
344
+ });
345
+
346
+ function approvalChallengeFixture(): ApprovalAttestedKeyProof["challenge"] {
347
+ return {
348
+ version: "approval-challenge/v1",
349
+ nonce: "browser-approval-nonce",
350
+ request_id: "11111111-2222-4333-8444-555555555555",
351
+ plaintext_hash:
352
+ "sha256:cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc",
353
+ };
354
+ }
355
+
356
+ function approvalProofFixture(): ApprovalAttestedKeyProof {
357
+ return {
358
+ version: "approval-attested-key-proof/v1",
359
+ challenge: approvalChallengeFixture(),
360
+ statement: {
361
+ issuer_public_key_hex:
362
+ "02aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
363
+ app_id_hash_hex:
364
+ "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
365
+ policy_version: 1,
366
+ now: 1_778_787_060,
367
+ challenge_nonce_hex:
368
+ "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
369
+ audience_hash_hex:
370
+ "eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee",
371
+ approval_hash_hex:
372
+ "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
373
+ },
374
+ attestation: {
375
+ version: "approval-attestation/v1",
376
+ bytes: Buffer.from("attestation-bytes", "utf8").toString("base64"),
377
+ signature: Buffer.from("attestation-signature", "utf8").toString("base64"),
378
+ },
379
+ proof: Buffer.from("browser-approval-proof", "utf8").toString("base64"),
380
+ };
381
+ }
382
+
185
383
  describe("MailboxGpgDecryptResponseSuccessV1", () => {
186
384
  it("requires both session_key and algorithm on success", () => {
187
385
  // Bind to the success branch directly so the compile-time check is
package/src/index.ts CHANGED
@@ -6,6 +6,10 @@ import type { components } from "./schema.js";
6
6
 
7
7
  export type MailboxEnvelopeV1 = components["schemas"]["MailboxEnvelopeV1"];
8
8
  export type MailboxEnvelopeType = components["schemas"]["MailboxEnvelopeType"];
9
+ export type ApprovalChallenge = components["schemas"]["ApprovalChallenge"];
10
+ export type ApprovalProofStatement = components["schemas"]["ApprovalProofStatement"];
11
+ export type ApprovalAttestationV1 = components["schemas"]["ApprovalAttestationV1"];
12
+ export type ApprovalAttestedKeyProof = components["schemas"]["ApprovalAttestedKeyProof"];
9
13
  export type MailboxSshAuthRequestPayloadV1 = components["schemas"]["MailboxSshAuthRequestPayloadV1"];
10
14
  export type MailboxSshAuthResponsePayloadV1 = components["schemas"]["MailboxSshAuthResponsePayloadV1"];
11
15
  export type MailboxSshAuthResponseSuccessV1 = components["schemas"]["MailboxSshAuthResponseSuccessV1"];
@@ -44,3 +48,16 @@ export type MailboxBrowserApprovalBindingFormat = components["schemas"]["Mailbox
44
48
  export type MailboxBrowserApprovalRequestPayloadV1 = components["schemas"]["MailboxBrowserApprovalRequestPayloadV1"];
45
49
  export type MailboxBrowserApprovalDecisionBindingV1 = components["schemas"]["MailboxBrowserApprovalDecisionBindingV1"];
46
50
  export type MailboxBrowserApprovalResponsePayloadV1 = components["schemas"]["MailboxBrowserApprovalResponsePayloadV1"];
51
+ export type MailboxFirstPartyRequestKind = components["schemas"]["MailboxFirstPartyRequestKind"];
52
+ export type MailboxFirstPartyPrivilegedActionType = components["schemas"]["MailboxFirstPartyPrivilegedActionType"];
53
+ export type MailboxFirstPartyApprovalDecision = components["schemas"]["MailboxFirstPartyApprovalDecision"];
54
+ export type MailboxFirstPartyResponseStatus = components["schemas"]["MailboxFirstPartyResponseStatus"];
55
+ export type MailboxFirstPartyApprovalBindingFormat = components["schemas"]["MailboxFirstPartyApprovalBindingFormat"];
56
+ export type MailboxFirstPartyRelyingPartyRegisterActionV1 = components["schemas"]["MailboxFirstPartyRelyingPartyRegisterActionV1"];
57
+ export type MailboxFirstPartyRelyingPartyRotateSecretActionV1 = components["schemas"]["MailboxFirstPartyRelyingPartyRotateSecretActionV1"];
58
+ export type MailboxFirstPartyDeviceRevokeOtherActionV1 = components["schemas"]["MailboxFirstPartyDeviceRevokeOtherActionV1"];
59
+ export type MailboxFirstPartyPrivilegedAction = components["schemas"]["MailboxFirstPartyPrivilegedAction"];
60
+ export type MailboxFirstPartyPrivilegedActionRequestV1 = components["schemas"]["MailboxFirstPartyPrivilegedActionRequestV1"];
61
+ export type MailboxFirstPartyRequestPayloadV1 = components["schemas"]["MailboxFirstPartyRequestPayloadV1"];
62
+ export type MailboxFirstPartyPrivilegedActionDecisionBindingV1 = components["schemas"]["MailboxFirstPartyPrivilegedActionDecisionBindingV1"];
63
+ export type MailboxFirstPartyResponsePayloadV1 = components["schemas"]["MailboxFirstPartyResponsePayloadV1"];
package/src/schema.ts CHANGED
@@ -43,7 +43,7 @@ export interface components {
43
43
  * @example ssh_sign
44
44
  * @enum {string}
45
45
  */
46
- MailboxEnvelopeType: "link_request" | "link_approval" | "link_rejection" | "captcha_request" | "captcha_response" | "ssh_auth" | "ssh_sign" | "gpg_sign" | "gpg_decrypt" | "age_unwrap" | "pkcs11_sign" | "pkcs11_derive" | "enroll" | "browser_approval_request" | "browser_approval_response";
46
+ MailboxEnvelopeType: "link_request" | "link_approval" | "link_rejection" | "captcha_request" | "captcha_response" | "ssh_auth" | "ssh_sign" | "gpg_sign" | "gpg_decrypt" | "age_unwrap" | "pkcs11_sign" | "pkcs11_derive" | "enroll" | "browser_approval_request" | "browser_approval_response" | "first_party_request" | "first_party_response";
47
47
  /**
48
48
  * ApprovalChallenge
49
49
  * @description Canonical Longfellow / attested-key-zk approval challenge. Producer sends this inside the request payload; the approver binds it into the approval proof returned in the response payload.
@@ -857,6 +857,7 @@ export interface components {
857
857
  * @example appr_2af7b1fb2b5b4b5b8c7e9a0d
858
858
  */
859
859
  approval_id: string;
860
+ approval_challenge: components["schemas"]["ApprovalChallenge"];
860
861
  /**
861
862
  * @description Human-readable browser/device label shown to the mobile user.
862
863
  * @example Chrome on MacBook Pro
@@ -1001,7 +1002,7 @@ export interface components {
1001
1002
  };
1002
1003
  /**
1003
1004
  * MailboxBrowserApprovalResponsePayloadV1
1004
- * @description Response payload for the `browser_approval_response` envelope type. The response carries the mobile decision plus the exact canonical bytes and signature over `MailboxBrowserApprovalDecisionBindingV1`.
1005
+ * @description Response payload for the `browser_approval_response` envelope type. The response carries the mobile decision plus the exact canonical bytes and attested-key-zk proof over `MailboxBrowserApprovalDecisionBindingV1`.
1005
1006
  */
1006
1007
  MailboxBrowserApprovalResponsePayloadV1: {
1007
1008
  /**
@@ -1015,29 +1016,388 @@ export interface components {
1015
1016
  * @example appr_2af7b1fb2b5b4b5b8c7e9a0d
1016
1017
  */
1017
1018
  approval_id: string;
1019
+ approval_proof: components["schemas"]["ApprovalAttestedKeyProof"];
1020
+ /**
1021
+ * @description RFC 3339 UTC timestamp of the mobile decision.
1022
+ * @example 2026-05-14T19:31:00Z
1023
+ */
1024
+ decided_at: string;
1025
+ decision: components["schemas"]["MailboxBrowserApprovalDecision"];
1026
+ /**
1027
+ * Format: uuid
1028
+ * @description Envelope id of the browser approval request being answered.
1029
+ * @example 11111111-2222-4333-8444-555555555555
1030
+ */
1031
+ request_envelope_id: string;
1032
+ status: components["schemas"]["MailboxBrowserApprovalResponseStatus"];
1033
+ };
1034
+ /**
1035
+ * MailboxFirstPartyRequestKind
1036
+ * @description First-party request category delivered to a user's devices.
1037
+ * @example privileged_action_approval
1038
+ * @enum {string}
1039
+ */
1040
+ MailboxFirstPartyRequestKind: "privileged_action_approval";
1041
+ /**
1042
+ * MailboxFirstPartyPrivilegedActionType
1043
+ * @description Privileged server-side action that requires mobile approval.
1044
+ * @example relying_party.register
1045
+ * @enum {string}
1046
+ */
1047
+ MailboxFirstPartyPrivilegedActionType: "relying_party.register" | "relying_party.rotate_secret" | "device.revoke_other";
1048
+ /**
1049
+ * MailboxFirstPartyApprovalDecision
1050
+ * @description Mobile user's signed decision for a first-party request.
1051
+ * @example approved
1052
+ * @enum {string}
1053
+ */
1054
+ MailboxFirstPartyApprovalDecision: "approved" | "denied";
1055
+ /**
1056
+ * MailboxFirstPartyResponseStatus
1057
+ * @description Response lifecycle status. The signed `decision` carries the approval outcome.
1058
+ * @example decided
1059
+ * @enum {string}
1060
+ */
1061
+ MailboxFirstPartyResponseStatus: "decided";
1062
+ /**
1063
+ * MailboxFirstPartyApprovalBindingFormat
1064
+ * @description Canonical byte format signed by the approving device key.
1065
+ * @example first-party-privileged-action-decision-binding/v1+json
1066
+ * @enum {string}
1067
+ */
1068
+ MailboxFirstPartyApprovalBindingFormat: "first-party-privileged-action-decision-binding/v1+json";
1069
+ /**
1070
+ * MailboxFirstPartyRelyingPartyRegisterActionV1
1071
+ * @description Canonical action details for `relying_party.register`. Mobile displays these exact fields before approving creation of the relying party and its paired public/confidential clients.
1072
+ */
1073
+ MailboxFirstPartyRelyingPartyRegisterActionV1: {
1074
+ /**
1075
+ * @description Discriminator for this privileged action payload.
1076
+ * @enum {string}
1077
+ */
1078
+ action_type: "relying_party.register";
1079
+ /**
1080
+ * @description Whether approval returns a one-time plaintext client secret to the initiating console flow.
1081
+ * @example true
1082
+ */
1083
+ client_secret_returned_once: boolean;
1084
+ /**
1085
+ * @description OAuth resource audience requested for confidential client credentials.
1086
+ * @example verify.api
1087
+ */
1088
+ confidential_client_audience: string;
1089
+ /**
1090
+ * @description Requested scopes for the confidential backend client.
1091
+ * @example [
1092
+ * "verify:proof"
1093
+ * ]
1094
+ */
1095
+ confidential_client_scopes: string[];
1096
+ /**
1097
+ * @description Human-readable relying-party label shown to the user.
1098
+ * @example Customer Portal
1099
+ */
1100
+ display_name: string;
1101
+ /**
1102
+ * Format: uri
1103
+ * @description Browser origin that will host the public relying-party client.
1104
+ * @example https://customer.example
1105
+ */
1106
+ origin: string;
1107
+ /**
1108
+ * @description Requested scopes for the public browser Sign in client.
1109
+ * @example [
1110
+ * "openid",
1111
+ * "offline_access",
1112
+ * "mailbox:pairing:start"
1113
+ * ]
1114
+ */
1115
+ public_client_scopes: string[];
1116
+ /**
1117
+ * @description Exact browser callback URIs for the public authorization-code client.
1118
+ * @example [
1119
+ * "https://customer.example/oauth/callback"
1120
+ * ]
1121
+ */
1122
+ redirect_uris: string[];
1123
+ };
1124
+ /**
1125
+ * MailboxFirstPartyRelyingPartyRotateSecretActionV1
1126
+ * @description Canonical action details for `relying_party.rotate_secret`. Approval authorizes replacing the confidential client's stored secret hash and returning the new secret once to the initiating console flow.
1127
+ */
1128
+ MailboxFirstPartyRelyingPartyRotateSecretActionV1: {
1129
+ /**
1130
+ * @description Discriminator for this privileged action payload.
1131
+ * @enum {string}
1132
+ */
1133
+ action_type: "relying_party.rotate_secret";
1134
+ /**
1135
+ * @description Whether approval returns a one-time plaintext client secret to the initiating console flow.
1136
+ * @example true
1137
+ */
1138
+ client_secret_returned_once: boolean;
1139
+ /**
1140
+ * @description Confidential backend client id whose secret will rotate.
1141
+ * @example rp_conf_9d58fb4c6ff84f46
1142
+ */
1143
+ confidential_client_id: string;
1144
+ /**
1145
+ * @description Human-readable relying-party label shown to the user.
1146
+ * @example Customer Portal
1147
+ */
1148
+ display_name: string;
1149
+ /**
1150
+ * Format: uri
1151
+ * @description Browser origin attached to the relying party.
1152
+ * @example https://customer.example
1153
+ */
1154
+ origin: string;
1155
+ /**
1156
+ * @description Relying-party record id whose confidential secret will rotate.
1157
+ * @example rp_2af7b1fb2b5b4b5b8
1158
+ */
1159
+ relying_party_id: string;
1160
+ };
1161
+ /**
1162
+ * MailboxFirstPartyDeviceRevokeOtherActionV1
1163
+ * @description Canonical action details for `device.revoke_other`. Approval authorizes revoking another active device on the same user account.
1164
+ */
1165
+ MailboxFirstPartyDeviceRevokeOtherActionV1: {
1166
+ /**
1167
+ * @description Discriminator for this privileged action payload.
1168
+ * @enum {string}
1169
+ */
1170
+ action_type: "device.revoke_other";
1171
+ /**
1172
+ * @description Whether approval cascades revocation to pairings involving the target device.
1173
+ * @example true
1174
+ */
1175
+ revoke_pairings: boolean;
1176
+ /**
1177
+ * @description Whether approval revokes refresh-token families bound to the target device.
1178
+ * @example true
1179
+ */
1180
+ revoke_refresh_tokens: boolean;
1181
+ /**
1182
+ * @description RFC 3339 UTC creation timestamp for the target device.
1183
+ * @example 2026-05-01T12:00:00Z
1184
+ */
1185
+ target_device_created_at: string;
1186
+ /**
1187
+ * Format: uuid
1188
+ * @description Device id that will be revoked.
1189
+ * @example 22222222-3333-4444-8555-666666666666
1190
+ */
1191
+ target_device_id: string;
1192
+ /**
1193
+ * @description Optional human-readable device name shown to the user.
1194
+ * @example Taylor's iPhone
1195
+ */
1196
+ target_device_name?: string | null;
1197
+ /**
1198
+ * @description Registered platform type for the target device.
1199
+ * @example ios
1200
+ * @enum {string}
1201
+ */
1202
+ target_device_type: "ios" | "android";
1203
+ };
1204
+ /**
1205
+ * MailboxFirstPartyPrivilegedAction
1206
+ * @description Typed canonical privileged action details shown on mobile.
1207
+ */
1208
+ MailboxFirstPartyPrivilegedAction: components["schemas"]["MailboxFirstPartyRelyingPartyRegisterActionV1"] | components["schemas"]["MailboxFirstPartyRelyingPartyRotateSecretActionV1"] | components["schemas"]["MailboxFirstPartyDeviceRevokeOtherActionV1"];
1209
+ /**
1210
+ * MailboxFirstPartyPrivilegedActionRequestV1
1211
+ * @description Privileged console action approval request. `canonical_action_bytes` are the UTF-8 JSON bytes of the typed `action` object encoded with lexicographic property order and no insignificant whitespace; the hash pins the exact action details auth will execute after approval.
1212
+ */
1213
+ MailboxFirstPartyPrivilegedActionRequestV1: {
1214
+ action: components["schemas"]["MailboxFirstPartyPrivilegedAction"];
1215
+ action_type: components["schemas"]["MailboxFirstPartyPrivilegedActionType"];
1018
1216
  /**
1019
1217
  * Format: byte
1020
- * @description RFC 4648 standard base64 with `=` padding for the signature over `approval_binding_bytes`.
1218
+ * @description RFC 4648 standard base64 with `=` padding for the canonical privileged action JSON bytes.
1219
+ */
1220
+ canonical_action_bytes: string;
1221
+ /**
1222
+ * @description SHA-256 hash of `canonical_action_bytes` after base64 decoding.
1223
+ * @example sha256:70f1e52bd01429bc2f405b182a3abc72751bda213dba41684a12db5116698c3c
1224
+ */
1225
+ canonical_action_hash: string;
1226
+ /**
1227
+ * @description RFC 3339 UTC timestamp when auth created the privileged-action intent.
1228
+ * @example 2026-05-16T20:40:00Z
1229
+ */
1230
+ created_at: string;
1231
+ /**
1232
+ * @description OAuth client id for the console flow that initiated the intent.
1233
+ * @example naughtbot-console
1234
+ */
1235
+ initiating_client_id: string;
1236
+ /**
1237
+ * @description Base64url SHA-256 thumbprint of the initiating browser DPoP key.
1238
+ * @example 2oNQXcW2Upi5b1xHZQW1Yf3N0aYVnX_Jf7mRiS7Jm8A
1239
+ */
1240
+ initiating_dpop_jkt: string;
1241
+ /**
1242
+ * @description Opaque privileged-action intent id.
1243
+ * @example pai_2af7b1fb2b5b4b5b8
1244
+ */
1245
+ intent_id: string;
1246
+ };
1247
+ /**
1248
+ * MailboxFirstPartyRequestPayloadV1
1249
+ * @description Request payload for the `first_party_request` envelope type.
1250
+ */
1251
+ MailboxFirstPartyRequestPayloadV1: {
1252
+ /**
1253
+ * @description RFC 3339 UTC timestamp after which the request is invalid.
1254
+ * @example 2026-05-16T20:45:00Z
1255
+ */
1256
+ expires_at: string;
1257
+ /**
1258
+ * @description RFC 3339 UTC timestamp with canonical `Z` suffix.
1259
+ * @example 2026-05-16T20:40:00Z
1260
+ */
1261
+ issued_at: string;
1262
+ /**
1263
+ * @description Opaque nonce bound into the mobile-signed decision.
1264
+ * @example first-party-nonce-fixture
1265
+ */
1266
+ nonce: string;
1267
+ privileged_action: components["schemas"]["MailboxFirstPartyPrivilegedActionRequestV1"];
1268
+ /**
1269
+ * @description Opaque auth/mailbox-scoped first-party request id.
1270
+ * @example fpr_2af7b1fb2b5b4b5b8
1271
+ */
1272
+ request_id: string;
1273
+ request_kind: components["schemas"]["MailboxFirstPartyRequestKind"];
1274
+ };
1275
+ /**
1276
+ * MailboxFirstPartyPrivilegedActionDecisionBindingV1
1277
+ * @description Canonical JSON object whose UTF-8 bytes are signed by the approving device key. Producers encode these fields in lexicographic property order with no insignificant whitespace and place the resulting bytes in `MailboxFirstPartyResponsePayloadV1.approval_binding_bytes`.
1278
+ */
1279
+ MailboxFirstPartyPrivilegedActionDecisionBindingV1: {
1280
+ action_type: components["schemas"]["MailboxFirstPartyPrivilegedActionType"];
1281
+ /**
1282
+ * Format: uuid
1283
+ * @description Device id whose signing key created `approval_signature`.
1284
+ * @example 33333333-4444-4555-8666-777777777777
1285
+ */
1286
+ approving_device_id: string;
1287
+ /**
1288
+ * @description Base64url SHA-256 thumbprint of the approving device signing key.
1289
+ * @example uJx87scLEhI5vT1YdtXx5ERw2IW0aP2mMNJ1lUu1Dx4
1290
+ */
1291
+ approving_device_signing_key_jkt: string;
1292
+ /**
1293
+ * @description Hash copied from the request payload.
1294
+ * @example sha256:70f1e52bd01429bc2f405b182a3abc72751bda213dba41684a12db5116698c3c
1295
+ */
1296
+ canonical_action_hash: string;
1297
+ /**
1298
+ * @description RFC 3339 UTC timestamp of the mobile decision.
1299
+ * @example 2026-05-16T20:41:00Z
1300
+ */
1301
+ decided_at: string;
1302
+ decision: components["schemas"]["MailboxFirstPartyApprovalDecision"];
1303
+ /**
1304
+ * @description Request expiry copied from the request payload.
1305
+ * @example 2026-05-16T20:45:00Z
1306
+ */
1307
+ expires_at: string;
1308
+ /**
1309
+ * @description Privileged-action intent id copied from the request payload.
1310
+ * @example pai_2af7b1fb2b5b4b5b8
1311
+ */
1312
+ intent_id: string;
1313
+ /**
1314
+ * @description Nonce copied from the request payload.
1315
+ * @example first-party-nonce-fixture
1316
+ */
1317
+ nonce: string;
1318
+ /**
1319
+ * Format: uuid
1320
+ * @description Envelope id of the first-party request being answered.
1321
+ * @example 11111111-2222-4333-8444-555555555555
1322
+ */
1323
+ request_envelope_id: string;
1324
+ /**
1325
+ * @description Envelope `issued_at` timestamp of the request being answered.
1326
+ * @example 2026-05-16T20:40:00Z
1327
+ */
1328
+ request_envelope_issued_at: string;
1329
+ /**
1330
+ * @description Envelope type of the request being answered.
1331
+ * @example first_party_request
1332
+ * @enum {string}
1333
+ */
1334
+ request_envelope_type: "first_party_request";
1335
+ /**
1336
+ * @description First-party request id copied from the request payload.
1337
+ * @example fpr_2af7b1fb2b5b4b5b8
1338
+ */
1339
+ request_id: string;
1340
+ /**
1341
+ * @description Canonical decision binding schema version.
1342
+ * @enum {string}
1343
+ */
1344
+ version: "first-party-privileged-action-decision-binding/v1";
1345
+ };
1346
+ /**
1347
+ * MailboxFirstPartyResponsePayloadV1
1348
+ * @description Response payload for the `first_party_response` envelope type. The response carries the mobile decision, the exact canonical bytes signed by the approving device, and the raw device signature over those bytes.
1349
+ */
1350
+ MailboxFirstPartyResponsePayloadV1: {
1351
+ /**
1352
+ * Format: byte
1353
+ * @description RFC 4648 standard base64 with `=` padding for the canonical `MailboxFirstPartyPrivilegedActionDecisionBindingV1` UTF-8 JSON bytes.
1354
+ */
1355
+ approval_binding_bytes: string;
1356
+ approval_binding_format: components["schemas"]["MailboxFirstPartyApprovalBindingFormat"];
1357
+ /**
1358
+ * Format: byte
1359
+ * @description RFC 4648 standard base64 with `=` padding for the raw signature over `approval_binding_bytes` after base64 decoding.
1021
1360
  */
1022
1361
  approval_signature: string;
1362
+ /**
1363
+ * @description Device signing-key algorithm identifier.
1364
+ * @example ES256
1365
+ */
1366
+ approval_signature_algorithm: string;
1367
+ /**
1368
+ * Format: uuid
1369
+ * @description Device id whose signing key created `approval_signature`.
1370
+ * @example 33333333-4444-4555-8666-777777777777
1371
+ */
1372
+ approving_device_id: string;
1373
+ /**
1374
+ * @description Base64url SHA-256 thumbprint of the approving device signing key.
1375
+ * @example uJx87scLEhI5vT1YdtXx5ERw2IW0aP2mMNJ1lUu1Dx4
1376
+ */
1377
+ approving_device_signing_key_jkt: string;
1023
1378
  /**
1024
1379
  * @description RFC 3339 UTC timestamp of the mobile decision.
1025
- * @example 2026-05-14T19:31:00Z
1380
+ * @example 2026-05-16T20:41:00Z
1026
1381
  */
1027
1382
  decided_at: string;
1028
- decision: components["schemas"]["MailboxBrowserApprovalDecision"];
1383
+ decision: components["schemas"]["MailboxFirstPartyApprovalDecision"];
1384
+ /**
1385
+ * @description Privileged-action intent id copied from the request payload.
1386
+ * @example pai_2af7b1fb2b5b4b5b8
1387
+ */
1388
+ intent_id: string;
1029
1389
  /**
1030
1390
  * Format: uuid
1031
- * @description Envelope id of the browser approval request being answered.
1391
+ * @description Envelope id of the first-party request being answered.
1032
1392
  * @example 11111111-2222-4333-8444-555555555555
1033
1393
  */
1034
1394
  request_envelope_id: string;
1035
1395
  /**
1036
- * @description Mobile signing key id that produced `approval_signature`.
1037
- * @example mobile-key-browser-approval-1
1396
+ * @description First-party request id copied from the request payload.
1397
+ * @example fpr_2af7b1fb2b5b4b5b8
1038
1398
  */
1039
- signing_key_id: string;
1040
- status: components["schemas"]["MailboxBrowserApprovalResponseStatus"];
1399
+ request_id: string;
1400
+ status: components["schemas"]["MailboxFirstPartyResponseStatus"];
1041
1401
  };
1042
1402
  };
1043
1403
  responses: never;