@opendatalabs/vana-sdk 3.0.1 → 3.2.0-canary.88d802d

package/dist/auth/oauth-client.js

@@ -0,0 +1,228 @@
+import { computePkceChallenge, generatePkceVerifier } from "./pkce.js";
+import {
+  InMemoryTokenStore
+} from "./token-store.js";
+const VERIFIER_TTL_SECONDS = 600;
+const RESERVED_AUTHORIZE_PARAMS = /* @__PURE__ */ new Set([
+  "response_type",
+  "client_id",
+  "redirect_uri",
+  "scope",
+  "state",
+  "code_challenge",
+  "code_challenge_method"
+]);
+class OAuthClient {
+  #config;
+  constructor(config) {
+    const fetchImpl = config.fetchImpl ?? globalThis.fetch;
+    if (typeof fetchImpl !== "function") {
+      throw new TypeError(
+        "OAuthClient requires a global `fetch` or an explicit `fetchImpl`"
+      );
+    }
+    this.#config = {
+      authorizationEndpoint: config.authorizationEndpoint,
+      tokenEndpoint: config.tokenEndpoint,
+      clientId: config.clientId,
+      redirectUri: config.redirectUri,
+      scope: config.scope,
+      tokenStore: config.tokenStore ?? new InMemoryTokenStore(),
+      fetchImpl,
+      generateState: config.generateState ?? defaultGenerateState
+    };
+  }
+  /** Build the authorize URL and persist the PKCE verifier keyed by `state`. */
+  async buildAuthorizationUrl(opts = {}) {
+    const state = opts.state ?? this.#config.generateState();
+    const scope = opts.scope ?? this.#config.scope;
+    const verifier = generatePkceVerifier();
+    const challenge = await computePkceChallenge(verifier);
+    await this.#config.tokenStore.set(this.#verifierKey(state), {
+      token: verifier,
+      expiresAt: Math.floor(Date.now() / 1e3) + VERIFIER_TTL_SECONDS
+    });
+    const params = new URLSearchParams();
+    params.set("response_type", "code");
+    params.set("client_id", this.#config.clientId);
+    params.set("redirect_uri", this.#config.redirectUri);
+    if (scope !== void 0 && scope.length > 0) {
+      params.set("scope", scope);
+    }
+    params.set("state", state);
+    params.set("code_challenge", challenge);
+    params.set("code_challenge_method", "S256");
+    if (opts.extraParams !== void 0) {
+      for (const k of Object.keys(opts.extraParams)) {
+        if (RESERVED_AUTHORIZE_PARAMS.has(k)) {
+          throw new Error(
+            `extraParams may not override the reserved OAuth/PKCE parameter "${k}"`
+          );
+        }
+      }
+      for (const [k, v] of Object.entries(opts.extraParams)) {
+        params.set(k, v);
+      }
+    }
+    const sep = this.#config.authorizationEndpoint.includes("?") ? "&" : "?";
+    const url = `${this.#config.authorizationEndpoint}${sep}${params.toString()}`;
+    return { url, state };
+  }
+  /**
+   * Handle the redirect-callback URL. Validates `state`, retrieves the saved
+   * verifier, exchanges the authorization code + verifier for tokens, and
+   * persists them. Returns the access {@link TokenRecord}.
+   */
+  async handleCallback(callbackUrl) {
+    const parsed = new URL(callbackUrl);
+    const params = parsed.searchParams;
+    const errorCode = params.get("error");
+    if (errorCode !== null) {
+      throw new Error(
+        formatOAuthError({
+          error: errorCode,
+          error_description: params.get("error_description") ?? void 0
+        })
+      );
+    }
+    const code = params.get("code");
+    const state = params.get("state");
+    if (code === null || state === null) {
+      throw new Error("OAuth callback is missing `code` or `state`");
+    }
+    const verifierRecord = await this.#config.tokenStore.get(
+      this.#verifierKey(state)
+    );
+    if (verifierRecord === null) {
+      throw new Error(
+        "OAuth callback state does not match any in-flight verifier (possible CSRF or expired flow)"
+      );
+    }
+    const body = new URLSearchParams();
+    body.set("grant_type", "authorization_code");
+    body.set("code", code);
+    body.set("redirect_uri", this.#config.redirectUri);
+    body.set("client_id", this.#config.clientId);
+    body.set("code_verifier", verifierRecord.token);
+    let tokens;
+    try {
+      tokens = await this.#tokenRequest(body);
+    } finally {
+      await this.#config.tokenStore.delete(this.#verifierKey(state));
+    }
+    return this.#persistTokens(tokens);
+  }
+  /**
+   * Exchange a stored refresh token for a fresh access token. Throws if no
+   * refresh token is available.
+   */
+  async refresh() {
+    const refreshRecord = await this.#config.tokenStore.get(this.#refreshKey());
+    if (refreshRecord === null) {
+      throw new Error("OAuth refresh failed: no refresh token stored");
+    }
+    const body = new URLSearchParams();
+    body.set("grant_type", "refresh_token");
+    body.set("refresh_token", refreshRecord.token);
+    body.set("client_id", this.#config.clientId);
+    const tokens = await this.#tokenRequest(body);
+    return this.#persistTokens(tokens, refreshRecord.token);
+  }
+  /**
+   * Get the current access token if valid (refreshing first if expired and a
+   * refresh token is available). Returns `null` when no usable token exists.
+   */
+  async getAccessToken() {
+    const stored = await this.#config.tokenStore.get(this.#accessKey());
+    if (stored !== null) return stored.token;
+    const refresh = await this.#config.tokenStore.get(this.#refreshKey());
+    if (refresh === null) return null;
+    try {
+      const refreshed = await this.refresh();
+      return refreshed.token;
+    } catch {
+      return null;
+    }
+  }
+  /** Forget tokens (logout). Does NOT call any remote revocation endpoint. */
+  async signOut() {
+    await this.#config.tokenStore.delete(this.#accessKey());
+    await this.#config.tokenStore.delete(this.#refreshKey());
+  }
+  #accessKey() {
+    return `oauth:tokens:${this.#config.clientId}`;
+  }
+  #refreshKey() {
+    return `oauth:refresh:${this.#config.clientId}`;
+  }
+  #verifierKey(state) {
+    return `oauth:verifier:${state}`;
+  }
+  async #tokenRequest(body) {
+    const response = await this.#config.fetchImpl(this.#config.tokenEndpoint, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Accept: "application/json"
+      },
+      body: body.toString()
+    });
+    const text = await response.text();
+    const parsed = parseJsonBody(text);
+    if (!response.ok) {
+      throw new Error(formatOAuthError(parsed ?? {}, response.status));
+    }
+    if (parsed === null || typeof parsed !== "object" || typeof parsed.access_token !== "string") {
+      throw new Error(
+        "OAuth token endpoint returned a response without an `access_token` string"
+      );
+    }
+    return parsed;
+  }
+  async #persistTokens(tokens, previousRefreshToken) {
+    const record = { token: tokens.access_token };
+    if (typeof tokens.expires_in === "number" && tokens.expires_in > 0) {
+      record.expiresAt = Math.floor(Date.now() / 1e3) + tokens.expires_in;
+    }
+    await this.#config.tokenStore.set(this.#accessKey(), record);
+    const newRefresh = tokens.refresh_token ?? previousRefreshToken;
+    if (newRefresh !== void 0) {
+      await this.#config.tokenStore.set(this.#refreshKey(), {
+        token: newRefresh
+      });
+    }
+    return record;
+  }
+}
+function defaultGenerateState() {
+  const bytes = new Uint8Array(24);
+  crypto.getRandomValues(bytes);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function parseJsonBody(text) {
+  if (text.length === 0) return null;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+}
+function formatOAuthError(body, status) {
+  const parts = ["OAuth token request failed"];
+  if (status !== void 0) parts.push(`(HTTP ${String(status)})`);
+  if (body.error !== void 0 && body.error.length > 0) {
+    parts.push(`: ${body.error}`);
+    if (body.error_description !== void 0 && body.error_description.length > 0) {
+      parts.push(`- ${body.error_description}`);
+    }
+  }
+  return parts.join(" ").replace(" : ", ": ").replace(" - ", " - ");
+}
+export {
+  OAuthClient
+};
+//# sourceMappingURL=oauth-client.js.map

package/dist/auth/oauth-client.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/auth/oauth-client.ts"],"sourcesContent":["/**\n * OAuth 2.0 Authorization Code + PKCE client orchestration.\n *\n * @remarks\n * Drives the full authorize → callback → token-exchange → refresh dance on top\n * of the {@link TokenStore} and PKCE primitives that ship with this package.\n * Implements RFC 6749 §4.1 with the RFC 7636 PKCE extension (S256 only).\n *\n * @category Auth\n * @module auth/oauth-client\n */\n\nimport { computePkceChallenge, generatePkceVerifier } from \"./pkce\";\nimport {\n  InMemoryTokenStore,\n  type TokenRecord,\n  type TokenStore,\n} from \"./token-store\";\n\n/**\n * Constructor options for {@link OAuthClient}.\n */\nexport interface OAuthClientConfig {\n  /** Authorization endpoint, e.g. `https://account.vana.org/oauth/authorize`. */\n  authorizationEndpoint: string;\n  /** Token endpoint, e.g. `https://account.vana.org/oauth/token`. */\n  tokenEndpoint: string;\n  /** OAuth `client_id` (public; PKCE protects the flow). */\n  clientId: string;\n  /** Redirect URI registered with the authorization server. */\n  redirectUri: string;\n  /** Default scope; can be overridden per call. */\n  scope?: string;\n  /**\n   * Where to persist access + refresh tokens and the in-flight code verifier\n   * between `authorize` → `callback`. Defaults to a fresh\n   * {@link InMemoryTokenStore}. Use IndexedDB/localStorage-backed\n   * implementations for browser apps where the user navigates away during the\n   * dance.\n   */\n  tokenStore?: TokenStore;\n  /** Override the global `fetch` (e.g. for tests). Defaults to `globalThis.fetch`. */\n  fetchImpl?: typeof fetch;\n  /**\n   * Override the random-state generator (mostly for tests). Must return a\n   * URL-safe string of >= 16 bytes of entropy.\n   */\n  generateState?: () => string;\n}\n\n/**\n * Result of {@link OAuthClient.buildAuthorizationUrl}.\n */\nexport interface AuthorizationUrlResult {\n  /** The full authorize URL to redirect / `window.open` to. */\n  url: string;\n  /** The `state` value the auth server will echo back; used for CSRF check. */\n  state: string;\n}\n\n/** TTL for the in-flight verifier record (seconds). */\nconst VERIFIER_TTL_SECONDS = 600;\n\n/** RFC 6749 spec-compliant OAuth error payload shape. */\ninterface OAuthErrorBody {\n  error?: string;\n  error_description?: string;\n  error_uri?: string;\n}\n\n/** Successful token-endpoint response shape (RFC 6749 §5.1). */\ninterface TokenEndpointResponse {\n  access_token: string;\n  token_type?: string;\n  expires_in?: number;\n  refresh_token?: string;\n  scope?: string;\n}\n\n/**\n * Authorize-URL parameters the client owns. Callers may NOT supply these\n * via `extraParams` — otherwise PKCE/CSRF protection can be silently\n * bypassed (e.g. `extraParams: { state: \"x\" }` would store the verifier\n * under the generated state but send `x` on the wire, breaking the\n * callback CSRF check; `code_challenge_method` could downgrade S256).\n */\nconst RESERVED_AUTHORIZE_PARAMS = new Set([\n  \"response_type\",\n  \"client_id\",\n  \"redirect_uri\",\n  \"scope\",\n  \"state\",\n  \"code_challenge\",\n  \"code_challenge_method\",\n]);\n\n/**\n * OAuth 2.0 Authorization Code + PKCE client.\n *\n * @remarks\n * Storage layout under the supplied {@link TokenStore} (all keys namespaced):\n * - `oauth:tokens:{clientId}`  → access token record\n * - `oauth:refresh:{clientId}` → refresh token record (no expiry)\n * - `oauth:verifier:{state}`   → in-flight PKCE verifier (10 min TTL)\n *\n * @category Auth\n */\nexport class OAuthClient {\n  readonly #config: Required<\n    Omit<\n      OAuthClientConfig,\n      \"scope\" | \"tokenStore\" | \"fetchImpl\" | \"generateState\"\n    >\n  > & {\n    scope?: string;\n    tokenStore: TokenStore;\n    fetchImpl: typeof fetch;\n    generateState: () => string;\n  };\n\n  public constructor(config: OAuthClientConfig) {\n    const fetchImpl = config.fetchImpl ?? globalThis.fetch;\n    if (typeof fetchImpl !== \"function\") {\n      throw new TypeError(\n        \"OAuthClient requires a global `fetch` or an explicit `fetchImpl`\",\n      );\n    }\n\n    this.#config = {\n      authorizationEndpoint: config.authorizationEndpoint,\n      tokenEndpoint: config.tokenEndpoint,\n      clientId: config.clientId,\n      redirectUri: config.redirectUri,\n      scope: config.scope,\n      tokenStore: config.tokenStore ?? new InMemoryTokenStore(),\n      fetchImpl,\n      generateState: config.generateState ?? defaultGenerateState,\n    };\n  }\n\n  /** Build the authorize URL and persist the PKCE verifier keyed by `state`. */\n  public async buildAuthorizationUrl(\n    opts: {\n      state?: string;\n      scope?: string;\n      extraParams?: Record<string, string>;\n    } = {},\n  ): Promise<AuthorizationUrlResult> {\n    const state = opts.state ?? this.#config.generateState();\n    const scope = opts.scope ?? this.#config.scope;\n\n    const verifier = generatePkceVerifier();\n    const challenge = await computePkceChallenge(verifier);\n\n    await this.#config.tokenStore.set(this.#verifierKey(state), {\n      token: verifier,\n      expiresAt: Math.floor(Date.now() / 1000) + VERIFIER_TTL_SECONDS,\n    });\n\n    const params = new URLSearchParams();\n    params.set(\"response_type\", \"code\");\n    params.set(\"client_id\", this.#config.clientId);\n    params.set(\"redirect_uri\", this.#config.redirectUri);\n    if (scope !== undefined && scope.length > 0) {\n      params.set(\"scope\", scope);\n    }\n    params.set(\"state\", state);\n    params.set(\"code_challenge\", challenge);\n    params.set(\"code_challenge_method\", \"S256\");\n    if (opts.extraParams !== undefined) {\n      for (const k of Object.keys(opts.extraParams)) {\n        if (RESERVED_AUTHORIZE_PARAMS.has(k)) {\n          throw new Error(\n            `extraParams may not override the reserved OAuth/PKCE parameter \"${k}\"`,\n          );\n        }\n      }\n      for (const [k, v] of Object.entries(opts.extraParams)) {\n        params.set(k, v);\n      }\n    }\n\n    const sep = this.#config.authorizationEndpoint.includes(\"?\") ? \"&\" : \"?\";\n    const url = `${this.#config.authorizationEndpoint}${sep}${params.toString()}`;\n\n    return { url, state };\n  }\n\n  /**\n   * Handle the redirect-callback URL. Validates `state`, retrieves the saved\n   * verifier, exchanges the authorization code + verifier for tokens, and\n   * persists them. Returns the access {@link TokenRecord}.\n   */\n  public async handleCallback(callbackUrl: string): Promise<TokenRecord> {\n    const parsed = new URL(callbackUrl);\n    const params = parsed.searchParams;\n\n    const errorCode = params.get(\"error\");\n    if (errorCode !== null) {\n      throw new Error(\n        formatOAuthError({\n          error: errorCode,\n          error_description: params.get(\"error_description\") ?? undefined,\n        }),\n      );\n    }\n\n    const code = params.get(\"code\");\n    const state = params.get(\"state\");\n    if (code === null || state === null) {\n      throw new Error(\"OAuth callback is missing `code` or `state`\");\n    }\n\n    const verifierRecord = await this.#config.tokenStore.get(\n      this.#verifierKey(state),\n    );\n    if (verifierRecord === null) {\n      throw new Error(\n        \"OAuth callback state does not match any in-flight verifier (possible CSRF or expired flow)\",\n      );\n    }\n\n    const body = new URLSearchParams();\n    body.set(\"grant_type\", \"authorization_code\");\n    body.set(\"code\", code);\n    body.set(\"redirect_uri\", this.#config.redirectUri);\n    body.set(\"client_id\", this.#config.clientId);\n    body.set(\"code_verifier\", verifierRecord.token);\n\n    let tokens: TokenEndpointResponse;\n    try {\n      tokens = await this.#tokenRequest(body);\n    } finally {\n      // Always clear the one-shot verifier, even on a failed exchange.\n      await this.#config.tokenStore.delete(this.#verifierKey(state));\n    }\n\n    return this.#persistTokens(tokens);\n  }\n\n  /**\n   * Exchange a stored refresh token for a fresh access token. Throws if no\n   * refresh token is available.\n   */\n  public async refresh(): Promise<TokenRecord> {\n    const refreshRecord = await this.#config.tokenStore.get(this.#refreshKey());\n    if (refreshRecord === null) {\n      throw new Error(\"OAuth refresh failed: no refresh token stored\");\n    }\n\n    const body = new URLSearchParams();\n    body.set(\"grant_type\", \"refresh_token\");\n    body.set(\"refresh_token\", refreshRecord.token);\n    body.set(\"client_id\", this.#config.clientId);\n\n    const tokens = await this.#tokenRequest(body);\n    return this.#persistTokens(tokens, refreshRecord.token);\n  }\n\n  /**\n   * Get the current access token if valid (refreshing first if expired and a\n   * refresh token is available). Returns `null` when no usable token exists.\n   */\n  public async getAccessToken(): Promise<string | null> {\n    const stored = await this.#config.tokenStore.get(this.#accessKey());\n    if (stored !== null) return stored.token;\n\n    // Stored access token is missing or already evicted by the store's TTL.\n    const refresh = await this.#config.tokenStore.get(this.#refreshKey());\n    if (refresh === null) return null;\n\n    try {\n      const refreshed = await this.refresh();\n      return refreshed.token;\n    } catch {\n      return null;\n    }\n  }\n\n  /** Forget tokens (logout). Does NOT call any remote revocation endpoint. */\n  public async signOut(): Promise<void> {\n    await this.#config.tokenStore.delete(this.#accessKey());\n    await this.#config.tokenStore.delete(this.#refreshKey());\n  }\n\n  #accessKey(): string {\n    return `oauth:tokens:${this.#config.clientId}`;\n  }\n\n  #refreshKey(): string {\n    return `oauth:refresh:${this.#config.clientId}`;\n  }\n\n  #verifierKey(state: string): string {\n    return `oauth:verifier:${state}`;\n  }\n\n  async #tokenRequest(body: URLSearchParams): Promise<TokenEndpointResponse> {\n    const response = await this.#config.fetchImpl(this.#config.tokenEndpoint, {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/x-www-form-urlencoded\",\n        Accept: \"application/json\",\n      },\n      body: body.toString(),\n    });\n\n    const text = await response.text();\n    const parsed = parseJsonBody(text);\n\n    if (!response.ok) {\n      throw new Error(formatOAuthError(parsed ?? {}, response.status));\n    }\n\n    if (\n      parsed === null ||\n      typeof parsed !== \"object\" ||\n      typeof (parsed as { access_token?: unknown }).access_token !== \"string\"\n    ) {\n      throw new Error(\n        \"OAuth token endpoint returned a response without an `access_token` string\",\n      );\n    }\n\n    return parsed as TokenEndpointResponse;\n  }\n\n  async #persistTokens(\n    tokens: TokenEndpointResponse,\n    previousRefreshToken?: string,\n  ): Promise<TokenRecord> {\n    const record: TokenRecord = { token: tokens.access_token };\n    if (typeof tokens.expires_in === \"number\" && tokens.expires_in > 0) {\n      record.expiresAt = Math.floor(Date.now() / 1000) + tokens.expires_in;\n    }\n    await this.#config.tokenStore.set(this.#accessKey(), record);\n\n    const newRefresh = tokens.refresh_token ?? previousRefreshToken;\n    if (newRefresh !== undefined) {\n      await this.#config.tokenStore.set(this.#refreshKey(), {\n        token: newRefresh,\n      });\n    }\n\n    return record;\n  }\n}\n\nfunction defaultGenerateState(): string {\n  const bytes = new Uint8Array(24);\n  crypto.getRandomValues(bytes);\n  let binary = \"\";\n  for (let i = 0; i < bytes.length; i++) {\n    binary += String.fromCharCode(bytes[i] as number);\n  }\n  return btoa(binary)\n    .replace(/\\+/g, \"-\")\n    .replace(/\\//g, \"_\")\n    .replace(/=+$/, \"\");\n}\n\nfunction parseJsonBody(text: string): unknown {\n  if (text.length === 0) return null;\n  try {\n    return JSON.parse(text) as unknown;\n  } catch {\n    return null;\n  }\n}\n\nfunction formatOAuthError(body: OAuthErrorBody, status?: number): string {\n  const parts: string[] = [\"OAuth token request failed\"];\n  if (status !== undefined) parts.push(`(HTTP ${String(status)})`);\n  if (body.error !== undefined && body.error.length > 0) {\n    parts.push(`: ${body.error}`);\n    if (\n      body.error_description !== undefined &&\n      body.error_description.length > 0\n    ) {\n      parts.push(`- ${body.error_description}`);\n    }\n  }\n  return parts.join(\" \").replace(\" : \", \": \").replace(\" - \", \" - \");\n}\n"],"mappings":"AAYA,SAAS,sBAAsB,4BAA4B;AAC3D;AAAA,EACE;AAAA,OAGK;AA4CP,MAAM,uBAAuB;AAyB7B,MAAM,4BAA4B,oBAAI,IAAI;AAAA,EACxC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAaM,MAAM,YAAY;AAAA,EACd;AAAA,EAYF,YAAY,QAA2B;AAC5C,UAAM,YAAY,OAAO,aAAa,WAAW;AACjD,QAAI,OAAO,cAAc,YAAY;AACnC,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,SAAK,UAAU;AAAA,MACb,uBAAuB,OAAO;AAAA,MAC9B,eAAe,OAAO;AAAA,MACtB,UAAU,OAAO;AAAA,MACjB,aAAa,OAAO;AAAA,MACpB,OAAO,OAAO;AAAA,MACd,YAAY,OAAO,cAAc,IAAI,mBAAmB;AAAA,MACxD;AAAA,MACA,eAAe,OAAO,iBAAiB;AAAA,IACzC;AAAA,EACF;AAAA;AAAA,EAGA,MAAa,sBACX,OAII,CAAC,GAC4B;AACjC,UAAM,QAAQ,KAAK,SAAS,KAAK,QAAQ,cAAc;AACvD,UAAM,QAAQ,KAAK,SAAS,KAAK,QAAQ;AAEzC,UAAM,WAAW,qBAAqB;AACtC,UAAM,YAAY,MAAM,qBAAqB,QAAQ;AAErD,UAAM,KAAK,QAAQ,WAAW,IAAI,KAAK,aAAa,KAAK,GAAG;AAAA,MAC1D,OAAO;AAAA,MACP,WAAW,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI;AAAA,IAC7C,CAAC;AAED,UAAM,SAAS,IAAI,gBAAgB;AACnC,WAAO,IAAI,iBAAiB,MAAM;AAClC,WAAO,IAAI,aAAa,KAAK,QAAQ,QAAQ;AAC7C,WAAO,IAAI,gBAAgB,KAAK,QAAQ,WAAW;AACnD,QAAI,UAAU,UAAa,MAAM,SAAS,GAAG;AAC3C,aAAO,IAAI,SAAS,KAAK;AAAA,IAC3B;AACA,WAAO,IAAI,SAAS,KAAK;AACzB,WAAO,IAAI,kBAAkB,SAAS;AACtC,WAAO,IAAI,yBAAyB,MAAM;AAC1C,QAAI,KAAK,gBAAgB,QAAW;AAClC,iBAAW,KAAK,OAAO,KAAK,KAAK,WAAW,GAAG;AAC7C,YAAI,0BAA0B,IAAI,CAAC,GAAG;AACpC,gBAAM,IAAI;AAAA,YACR,mEAAmE,CAAC;AAAA,UACtE;AAAA,QACF;AAAA,MACF;AACA,iBAAW,CAAC,GAAG,CAAC,KAAK,OAAO,QAAQ,KAAK,WAAW,GAAG;AACrD,eAAO,IAAI,GAAG,CAAC;AAAA,MACjB;AAAA,IACF;AAEA,UAAM,MAAM,KAAK,QAAQ,sBAAsB,SAAS,GAAG,IAAI,MAAM;AACrE,UAAM,MAAM,GAAG,KAAK,QAAQ,qBAAqB,GAAG,GAAG,GAAG,OAAO,SAAS,CAAC;AAE3E,WAAO,EAAE,KAAK,MAAM;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAa,eAAe,aAA2C;AACrE,UAAM,SAAS,IAAI,IAAI,WAAW;AAClC,UAAM,SAAS,OAAO;AAEtB,UAAM,YAAY,OAAO,IAAI,OAAO;AACpC,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI;AAAA,QACR,iBAAiB;AAAA,UACf,OAAO;AAAA,UACP,mBAAmB,OAAO,IAAI,mBAAmB,KAAK;AAAA,QACxD,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,OAAO,OAAO,IAAI,MAAM;AAC9B,UAAM,QAAQ,OAAO,IAAI,OAAO;AAChC,QAAI,SAAS,QAAQ,UAAU,MAAM;AACnC,YAAM,IAAI,MAAM,6CAA6C;AAAA,IAC/D;AAEA,UAAM,iBAAiB,MAAM,KAAK,QAAQ,WAAW;AAAA,MACnD,KAAK,aAAa,KAAK;AAAA,IACzB;AACA,QAAI,mBAAmB,MAAM;AAC3B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,OAAO,IAAI,gBAAgB;AACjC,SAAK,IAAI,cAAc,oBAAoB;AAC3C,SAAK,IAAI,QAAQ,IAAI;AACrB,SAAK,IAAI,gBAAgB,KAAK,QAAQ,WAAW;AACjD,SAAK,IAAI,aAAa,KAAK,QAAQ,QAAQ;AAC3C,SAAK,IAAI,iBAAiB,eAAe,KAAK;AAE9C,QAAI;AACJ,QAAI;AACF,eAAS,MAAM,KAAK,cAAc,IAAI;AAAA,IACxC,UAAE;AAEA,YAAM,KAAK,QAAQ,WAAW,OAAO,KAAK,aAAa,KAAK,CAAC;AAAA,IAC/D;AAEA,WAAO,KAAK,eAAe,MAAM;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAa,UAAgC;AAC3C,UAAM,gBAAgB,MAAM,KAAK,QAAQ,WAAW,IAAI,KAAK,YAAY,CAAC;AAC1E,QAAI,kBAAkB,MAAM;AAC1B,YAAM,IAAI,MAAM,+CAA+C;AAAA,IACjE;AAEA,UAAM,OAAO,IAAI,gBAAgB;AACjC,SAAK,IAAI,cAAc,eAAe;AACtC,SAAK,IAAI,iBAAiB,cAAc,KAAK;AAC7C,SAAK,IAAI,aAAa,KAAK,QAAQ,QAAQ;AAE3C,UAAM,SAAS,MAAM,KAAK,cAAc,IAAI;AAC5C,WAAO,KAAK,eAAe,QAAQ,cAAc,KAAK;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAa,iBAAyC;AACpD,UAAM,SAAS,MAAM,KAAK,QAAQ,WAAW,IAAI,KAAK,WAAW,CAAC;AAClE,QAAI,WAAW,KAAM,QAAO,OAAO;AAGnC,UAAM,UAAU,MAAM,KAAK,QAAQ,WAAW,IAAI,KAAK,YAAY,CAAC;AACpE,QAAI,YAAY,KAAM,QAAO;AAE7B,QAAI;AACF,YAAM,YAAY,MAAM,KAAK,QAAQ;AACrC,aAAO,UAAU;AAAA,IACnB,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA,EAGA,MAAa,UAAyB;AACpC,UAAM,KAAK,QAAQ,WAAW,OAAO,KAAK,WAAW,CAAC;AACtD,UAAM,KAAK,QAAQ,WAAW,OAAO,KAAK,YAAY,CAAC;AAAA,EACzD;AAAA,EAEA,aAAqB;AACnB,WAAO,gBAAgB,KAAK,QAAQ,QAAQ;AAAA,EAC9C;AAAA,EAEA,cAAsB;AACpB,WAAO,iBAAiB,KAAK,QAAQ,QAAQ;AAAA,EAC/C;AAAA,EAEA,aAAa,OAAuB;AAClC,WAAO,kBAAkB,KAAK;AAAA,EAChC;AAAA,EAEA,MAAM,cAAc,MAAuD;AACzE,UAAM,WAAW,MAAM,KAAK,QAAQ,UAAU,KAAK,QAAQ,eAAe;AAAA,MACxE,QAAQ;AAAA,MACR,SAAS;AAAA,QACP,gBAAgB;AAAA,QAChB,QAAQ;AAAA,MACV;AAAA,MACA,MAAM,KAAK,SAAS;AAAA,IACtB,CAAC;AAED,UAAM,OAAO,MAAM,SAAS,KAAK;AACjC,UAAM,SAAS,cAAc,IAAI;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,MAAM,iBAAiB,UAAU,CAAC,GAAG,SAAS,MAAM,CAAC;AAAA,IACjE;AAEA,QACE,WAAW,QACX,OAAO,WAAW,YAClB,OAAQ,OAAsC,iBAAiB,UAC/D;AACA,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,eACJ,QACA,sBACsB;AACtB,UAAM,SAAsB,EAAE,OAAO,OAAO,aAAa;AACzD,QAAI,OAAO,OAAO,eAAe,YAAY,OAAO,aAAa,GAAG;AAClE,aAAO,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,IAAI,OAAO;AAAA,IAC5D;AACA,UAAM,KAAK,QAAQ,WAAW,IAAI,KAAK,WAAW,GAAG,MAAM;AAE3D,UAAM,aAAa,OAAO,iBAAiB;AAC3C,QAAI,eAAe,QAAW;AAC5B,YAAM,KAAK,QAAQ,WAAW,IAAI,KAAK,YAAY,GAAG;AAAA,QACpD,OAAO;AAAA,MACT,CAAC;AAAA,IACH;AAEA,WAAO;AAAA,EACT;AACF;AAEA,SAAS,uBAA+B;AACtC,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,SAAO,gBAAgB,KAAK;AAC5B,MAAI,SAAS;AACb,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,cAAU,OAAO,aAAa,MAAM,CAAC,CAAW;AAAA,EAClD;AACA,SAAO,KAAK,MAAM,EACf,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,GAAG,EAClB,QAAQ,OAAO,EAAE;AACtB;AAEA,SAAS,cAAc,MAAuB;AAC5C,MAAI,KAAK,WAAW,EAAG,QAAO;AAC9B,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,iBAAiB,MAAsB,QAAyB;AACvE,QAAM,QAAkB,CAAC,4BAA4B;AACrD,MAAI,WAAW,OAAW,OAAM,KAAK,SAAS,OAAO,MAAM,CAAC,GAAG;AAC/D,MAAI,KAAK,UAAU,UAAa,KAAK,MAAM,SAAS,GAAG;AACrD,UAAM,KAAK,KAAK,KAAK,KAAK,EAAE;AAC5B,QACE,KAAK,sBAAsB,UAC3B,KAAK,kBAAkB,SAAS,GAChC;AACA,YAAM,KAAK,KAAK,KAAK,iBAAiB,EAAE;AAAA,IAC1C;AAAA,EACF;AACA,SAAO,MAAM,KAAK,GAAG,EAAE,QAAQ,OAAO,IAAI,EAAE,QAAQ,OAAO,KAAK;AAClE;","names":[]}

package/dist/auth/oauth-client.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/auth/web3-signed-builder.js

@@ -1,6 +1,6 @@
 import { sha256 } from "@noble/hashes/sha2";
 import { bytesToHex } from "viem";
-import { toBase64 } from "../utils/encoding";
+import { toBase64 } from "../utils/encoding.js";
 const EMPTY_BODY_HASH = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855";
 const DEFAULT_TTL_SECONDS = 300;
 function base64urlEncode(input) {

package/dist/auth/web3-signed.js

@@ -1,11 +1,11 @@
 import { recoverMessageAddress } from "viem";
-import { fromBase64 } from "../utils/encoding";
+import { fromBase64 } from "../utils/encoding.js";
 import {
   MissingAuthError,
   InvalidSignatureError,
   ExpiredTokenError
-} from "./errors";
-import { computeBodyHash } from "./web3-signed-builder";
+} from "./errors.js";
+import { computeBodyHash } from "./web3-signed-builder.js";
 const WEB3_SIGNED_PREFIX = "Web3Signed ";
 const CLOCK_SKEW_SECONDS = 60;
 function base64urlDecode(input) {

package/dist/browser.js

@@ -1,4 +1,4 @@
-import { BrowserPlatformAdapter } from "./platform/browser";
+import { BrowserPlatformAdapter } from "./platform/browser.js";
 export {
   BrowserPlatformAdapter
 };

package/dist/chains/definitions.js

@@ -1,4 +1,4 @@
-import { mainnetServices, mokshaServices } from "../config/default-services";
+import { mainnetServices, mokshaServices } from "../config/default-services.js";
 const vanaMainnet = {
   id: 1480,
   name: "Vana",

package/dist/chains/index.js

@@ -4,7 +4,7 @@ import {
   mokshaTestnet,
   getChainConfig,
   getAllChains
-} from "./definitions";
+} from "./definitions.js";
 export {
   getAllChains,
   getChainConfig,

package/dist/chains.browser.js

@@ -4,7 +4,7 @@ import {
   mokshaTestnet,
   getChainConfig,
   getAllChains
-} from "./chains/definitions";
+} from "./chains/definitions.js";
 export {
   getAllChains,
   getChainConfig,

package/dist/chains.js

@@ -4,7 +4,7 @@ import {
   mokshaTestnet,
   getChainConfig,
   getAllChains
-} from "./chains/definitions";
+} from "./chains/definitions.js";
 export {
   getAllChains,
   getChainConfig,

package/dist/chains.node.js

@@ -4,7 +4,7 @@ import {
   mokshaTestnet,
   getChainConfig,
   getAllChains
-} from "./chains/definitions";
+} from "./chains/definitions.js";
 export {
   getAllChains,
   getChainConfig,

package/dist/contracts/contractController.js

@@ -1,10 +1,10 @@
 import {
   getContract
 } from "viem";
-import { getAbi } from "../generated/abi";
-import { getContractAddress, CONTRACT_ADDRESSES } from "../generated/addresses";
-import { createClient } from "../core/client";
-import { vanaMainnet } from "../config/chains";
+import { getAbi } from "../generated/abi/index.js";
+import { getContractAddress, CONTRACT_ADDRESSES } from "../generated/addresses.js";
+import { createClient } from "../core/client.js";
+import { vanaMainnet } from "../config/chains.js";
 const contractCache = /* @__PURE__ */ new Map();
 const contractCacheForTesting = contractCache;
 function createCacheKey(contract, chainId) {

package/dist/core/client.js

@@ -3,7 +3,7 @@ import {
   http,
   createWalletClient as viemCreateWalletClient
 } from "viem";
-import { chains, mokshaTestnet } from "../config/chains";
+import { chains, mokshaTestnet } from "../config/chains.js";
 const defaultFromBlocks = {
   14800: 732312n,
   // Moksha Testnet - earliest contract deployment

package/dist/crypto/ecies/base.js

@@ -1,6 +1,6 @@
-import { ECIESError, isECIESEncrypted } from "./interface";
-import { CURVE, CIPHER, KDF } from "./constants";
-import { constantTimeEqual } from "./utils";
+import { ECIESError, isECIESEncrypted } from "./interface.js";
+import { CURVE, CIPHER, KDF } from "./constants.js";
+import { constantTimeEqual } from "./utils.js";
 import { concat } from "viem";
 class BaseECIESUint8 {
   // Cache for validated public keys to avoid repeated validation

package/dist/crypto/ecies/browser.js

@@ -1,5 +1,5 @@
 import * as secp256k1 from "@noble/secp256k1";
-import { BaseECIESUint8 } from "./base";
+import { BaseECIESUint8 } from "./base.js";
 import { toHex } from "viem";
 import { hmac } from "@noble/hashes/hmac";
 import { sha256, sha512 as nobleSha512 } from "@noble/hashes/sha2";

package/dist/crypto/ecies/index.js

@@ -3,7 +3,7 @@ import {
   isECIESEncrypted,
   serializeECIES,
   deserializeECIES
-} from "./interface";
+} from "./interface.js";
 export {
   ECIESError,
   deserializeECIES,

package/dist/crypto/ecies/interface.js

@@ -1,4 +1,4 @@
-import { CIPHER, CURVE, MAC, FORMAT } from "./constants";
+import { CIPHER, CURVE, MAC, FORMAT } from "./constants.js";
 import { fromHex, toHex } from "viem";
 class ECIESError extends Error {
   constructor(message, code, cause) {

package/dist/crypto/ecies/node.js

@@ -6,7 +6,7 @@ import {
   createDecipheriv
 } from "crypto";
 import secp256k1Import from "secp256k1";
-import { BaseECIESUint8 } from "./base";
+import { BaseECIESUint8 } from "./base.js";
 import { toHex } from "viem";
 const secp256k1 = secp256k1Import;
 class NodeECIESUint8Provider extends BaseECIESUint8 {

package/dist/crypto/services/WalletKeyEncryptionService.js

@@ -2,7 +2,7 @@ import {
   processWalletPublicKey,
   processWalletPrivateKey,
   parseEncryptedDataBuffer
-} from "../../utils/crypto-utils";
+} from "../../utils/crypto-utils.js";
 import { stringToBytes, bytesToString, toHex, fromHex, concat } from "viem";
 class WalletKeyEncryptionService {
   eciesProvider;

package/dist/generated/abi/index.js

@@ -1,29 +1,29 @@
-import { ComputeEngineABI } from "./ComputeEngineImplementation";
-import { DataRegistryABI } from "./DataRegistryImplementation";
-import { TeePoolPhalaABI } from "./TeePoolPhalaImplementation";
-import { DataPortabilityPermissionsABI } from "./DataPortabilityPermissionsImplementation";
-import { DataPortabilityServersABI } from "./DataPortabilityServersImplementation";
-import { DataPortabilityGranteesABI } from "./DataPortabilityGranteesImplementation";
-import { DataRefinerRegistryABI } from "./DataRefinerRegistryImplementation";
-import { QueryEngineABI } from "./QueryEngineImplementation";
-import { ComputeInstructionRegistryABI } from "./ComputeInstructionRegistryImplementation";
-import { TeePoolEphemeralStandardABI } from "./TeePoolEphemeralStandardImplementation";
-import { TeePoolPersistentStandardABI } from "./TeePoolPersistentStandardImplementation";
-import { TeePoolPersistentGpuABI } from "./TeePoolPersistentGpuImplementation";
-import { TeePoolDedicatedStandardABI } from "./TeePoolDedicatedStandardImplementation";
-import { TeePoolDedicatedGpuABI } from "./TeePoolDedicatedGpuImplementation";
-import { VanaEpochABI } from "./VanaEpochImplementation";
-import { DLPRegistryABI } from "./DLPRegistryImplementation";
-import { DLPRegistryTreasuryABI } from "./DLPTreasuryImplementation";
-import { VanaTreasuryABI } from "./VanaTreasuryImplementation";
-import { DLPRegistryTreasuryABI as DLPRegistryTreasuryImplementationABI } from "./DLPRegistryTreasuryImplementation";
-import { VanaPoolStakingABI } from "./VanaPoolStakingImplementation";
-import { VanaPoolEntityABI } from "./VanaPoolEntityImplementation";
-import { VanaPoolTreasuryABI } from "./VanaPoolTreasuryImplementation";
-import { DATABI } from "./DATImplementation";
-import { DATFactoryABI } from "./DATFactoryImplementation";
-import { DATPausableABI } from "./DATPausableImplementation";
-import { DATVotesABI } from "./DATVotesImplementation";
+import { ComputeEngineABI } from "./ComputeEngineImplementation.js";
+import { DataRegistryABI } from "./DataRegistryImplementation.js";
+import { TeePoolPhalaABI } from "./TeePoolPhalaImplementation.js";
+import { DataPortabilityPermissionsABI } from "./DataPortabilityPermissionsImplementation.js";
+import { DataPortabilityServersABI } from "./DataPortabilityServersImplementation.js";
+import { DataPortabilityGranteesABI } from "./DataPortabilityGranteesImplementation.js";
+import { DataRefinerRegistryABI } from "./DataRefinerRegistryImplementation.js";
+import { QueryEngineABI } from "./QueryEngineImplementation.js";
+import { ComputeInstructionRegistryABI } from "./ComputeInstructionRegistryImplementation.js";
+import { TeePoolEphemeralStandardABI } from "./TeePoolEphemeralStandardImplementation.js";
+import { TeePoolPersistentStandardABI } from "./TeePoolPersistentStandardImplementation.js";
+import { TeePoolPersistentGpuABI } from "./TeePoolPersistentGpuImplementation.js";
+import { TeePoolDedicatedStandardABI } from "./TeePoolDedicatedStandardImplementation.js";
+import { TeePoolDedicatedGpuABI } from "./TeePoolDedicatedGpuImplementation.js";
+import { VanaEpochABI } from "./VanaEpochImplementation.js";
+import { DLPRegistryABI } from "./DLPRegistryImplementation.js";
+import { DLPRegistryTreasuryABI } from "./DLPTreasuryImplementation.js";
+import { VanaTreasuryABI } from "./VanaTreasuryImplementation.js";
+import { DLPRegistryTreasuryABI as DLPRegistryTreasuryImplementationABI } from "./DLPRegistryTreasuryImplementation.js";
+import { VanaPoolStakingABI } from "./VanaPoolStakingImplementation.js";
+import { VanaPoolEntityABI } from "./VanaPoolEntityImplementation.js";
+import { VanaPoolTreasuryABI } from "./VanaPoolTreasuryImplementation.js";
+import { DATABI } from "./DATImplementation.js";
+import { DATFactoryABI } from "./DATFactoryImplementation.js";
+import { DATPausableABI } from "./DATPausableImplementation.js";
+import { DATVotesABI } from "./DATVotesImplementation.js";
 const contractAbis = {
   DataPortabilityPermissions: DataPortabilityPermissionsABI,
   DataPortabilityServers: DataPortabilityServersABI,

package/dist/index.browser.d.ts

@@ -28,15 +28,21 @@ export type { ECIESProvider, ECIESEncrypted, ECIESOptions, } from "./crypto/ecie
 export { createBrowserPlatformAdapter, createPlatformAdapterSafe, } from "./platform/browser-only";
 export { generatePkceVerifier, computePkceChallenge, verifyPkceChallenge, assertValidPkceVerifier, PKCE_VERIFIER_PATTERN, PKCE_CHALLENGE_PATTERN, } from "./auth/pkce";
 export { InMemoryTokenStore, type TokenStore, type TokenRecord, } from "./auth/token-store";
+export { OAuthClient, type OAuthClientConfig, type AuthorizationUrlResult, } from "./auth/oauth-client";
 export { detectPlatform, isPlatformSupported, getPlatformCapabilities, } from "./platform/utils";
 export { deriveMasterKey, deriveScopeKey, recoverServerOwner, MASTER_KEY_MESSAGE, } from "./crypto/keys/derive";
 export { encryptWithPassword, decryptWithPassword, } from "./crypto/envelope/openpgp";
 export { parseWeb3SignedHeader, verifyWeb3Signed, type Web3SignedPayload, type VerifiedAuth, } from "./auth/web3-signed";
 export { buildWeb3SignedHeader, computeBodyHash, type Web3SignedSignFn, } from "./auth/web3-signed-builder";
 export { MissingAuthError, InvalidSignatureError, ExpiredTokenError, } from "./auth/errors";
-export { fileRegistrationDomain, grantRegistrationDomain, grantRevocationDomain, serverRegistrationDomain, builderRegistrationDomain, FILE_REGISTRATION_TYPES, GRANT_REGISTRATION_TYPES, GRANT_REVOCATION_TYPES, SERVER_REGISTRATION_TYPES, BUILDER_REGISTRATION_TYPES, type DataPortabilityContracts, type DataPortabilityGatewayConfig, type FileRegistrationMessage, type GrantRegistrationMessage, type GrantRevocationMessage, type ServerRegistrationMessage, type BuilderRegistrationMessage, } from "./protocol/eip712";
-export { isDataPortabilityGatewayConfig, parseGrantRegistrationPayload, verifyGrantRegistration, type DataPortabilityGrantPayload, type VerifyGrantRegistrationInput, type VerifyGrantRegistrationResult, } from "./protocol/grants";
+export { fileRegistrationDomain, grantRegistrationDomain, grantRevocationDomain, serverRegistrationDomain, builderRegistrationDomain, escrowPaymentDomain, dataRegistryDomain, FILE_REGISTRATION_TYPES, GRANT_REGISTRATION_TYPES, GRANT_REVOCATION_TYPES, SERVER_REGISTRATION_TYPES, BUILDER_REGISTRATION_TYPES, GENERIC_PAYMENT_TYPES, ADD_DATA_TYPES, RECORD_DATA_ACCESS_TYPES, NATIVE_VANA_ASSET, type DataPortabilityContracts, type DataPortabilityGatewayConfig, type FileRegistrationMessage, type GrantRegistrationMessage, type GrantRevocationMessage, type ServerRegistrationMessage, type BuilderRegistrationMessage, type GenericPaymentMessage, type AddDataMessage, type RecordDataAccessMessage, } from "./protocol/eip712";
+export { PERSONAL_SERVER_REGISTRATION_DEFAULT_CHAIN_ID, PERSONAL_SERVER_REGISTRATION_DEFAULT_VERIFYING_CONTRACT, personalServerRegistrationDomain, createViemPersonalServerRegistrationSigner, buildPersonalServerRegistrationTypedData, buildPersonalServerRegistrationSignature, registerPersonalServerSignature, type PersonalServerRegistrationTypedData, type PersonalServerRegistrationSigner, type PersonalServerRegistrationDomainInput, type ViemPersonalServerRegistrationWalletClient, type ViemPersonalServerRegistrationSignerSource, type BuildPersonalServerRegistrationTypedDataInput, type BuildPersonalServerRegistrationSignatureInput, type PersonalServerRegistrationSignature, } from "./protocol/personal-server-registration";
+export { PERSONAL_SERVER_LITE_OWNER_BINDING_VERSION, PERSONAL_SERVER_LITE_OWNER_BINDING_PURPOSE, PERSONAL_SERVER_LITE_OWNER_BINDING_PREFIX, buildPersonalServerLiteOwnerBindingMessage, createViemPersonalServerLiteOwnerBindingSigner, buildPersonalServerLiteOwnerBindingSignature, signPersonalServerLiteOwnerBinding, type PersonalServerLiteOwnerBindingPurpose, type PersonalServerLiteOwnerBindingMessage, type PersonalServerLiteOwnerBindingSigner, type ViemPersonalServerLiteOwnerBindingWalletClient, type ViemPersonalServerLiteOwnerBindingSignerSource, type BuildPersonalServerLiteOwnerBindingSignatureInput, type PersonalServerLiteOwnerBindingSignature, } from "./protocol/personal-server-lite-owner-binding";
+export { ACCOUNT_PERSONAL_SERVER_REGISTRATION_INTENT, AccountPersonalServerRegistrationError, signPersonalServerRegistrationWithAccount, type AccountPersonalServerRegistrationIntent, type AccountPersonalServerRegistrationSignature, type AccountPersonalServerRegistrationStatus, type AccountPersonalServerRegistrationRequest, type AccountPersonalServerRegistrationConfig, type AccountSignedPersonalServerRegistration, type AccountConfirmationRequiredPersonalServerRegistration, type AccountFallbackSignedPersonalServerRegistration, type AccountPersonalServerRegistrationResult, } from "./account/personal-server-registration";
+export { AccountPersonalServerLiteOwnerBindingError, signPersonalServerLiteOwnerBindingWithAccountClient, type AccountPersonalServerLiteOwnerBindingClient, type SignPersonalServerLiteOwnerBindingWithAccountClientConfig, } from "./account/personal-server-lite-owner-binding";
+export { isDataPortabilityGatewayConfig, verifyGrantRegistration, type VerifyGrantRegistrationInput, type VerifyGrantRegistrationResult, } from "./protocol/grants";
+export { ESCROW_DEPOSIT_ABI, escrowContractAddress, encodeDepositNativeData, encodeDepositTokenData, buildDepositNativeRequest, buildDepositTokenRequest, type DepositNativeInput, type DepositTokenInput, type DepositTransactionRequest, } from "./protocol/escrow-deposit";
 export { ScopeSchema, parseScope, scopeToPathSegments, scopeMatchesPattern, scopeCoveredByGrant, type Scope, type ParsedScope, } from "./protocol/scopes";
 export { DataFileEnvelopeSchema, createDataFileEnvelope, IngestResponseSchema, type DataFileEnvelope, type IngestResponse, } from "./protocol/data-file";
-export { createGatewayClient, type GatewayEnvelope, type GatewayProof, type Builder, type Schema, type ServerInfo, type GatewayGrantResponse, type GrantListItem, type FileRecord, type FileListResult, type RegisterServerParams, type RegisterServerResult, type RegisterFileParams, type CreateGrantParams, type RevokeGrantParams, type GatewayClient, } from "./protocol/gateway";
+export { createGatewayClient, type GatewayEnvelope, type GatewayProof, type Builder, type Schema, type ServerInfo, type GatewayGrantResponse, type GatewayGrantStatus, type GatewayGrantFee, type GrantListItem, type FileRecord, type FileListResult, type RegisterServerParams, type RegisterServerResult, type RegisterFileParams, type RegisterBuilderParams, type RegisterBuilderResult, type RegisterDataPointParams, type RegisterDataPointResult, type CreateGrantParams, type RevokeGrantParams, type PayForOperationParams, type PayForOperationResult, type AccessRecord, type SettleOpType, type SettleItem, type SettlePromoteResult, type SettleReconcileItem, type SettleParams, type SettleResult, type SubmitDepositParams, type DepositState, type EscrowBalance, type EscrowBalanceEntry, type EscrowDepositSubmitted, type EscrowDepositFinalized, type EscrowDepositFailed, type GatewayClient, } from "./protocol/gateway";
 export { PSError, parsePSError, type PSErrorCode } from "./types/ps-errors";