@openvtc/pnm-core 0.1.0

package/dist/vta/smoke.d.ts

@@ -0,0 +1,59 @@
+import type { DidcommMessageBridge } from "./transport.js";
+export interface SmokeDidcommEnrollChallengeResult {
+    ok: boolean;
+    outerJweLength: number;
+    innerJweLength: number;
+    requestId: string;
+    forwardWrapped: boolean;
+    error?: string;
+}
+/**
+ * Exercise the full DIDComm enrollment-challenge construction path
+ * end-to-end:
+ *
+ * 1. Mint stub holder / VTA / mediator identities (ephemeral).
+ * 2. Build the inner enroll-challenge plaintext message.
+ * 3. Authcrypt holder → VTA.
+ * 4. Wrap in a Routing 2.0 forward envelope addressed to the VTA.
+ * 5. Anoncrypt the forward envelope to the mediator.
+ *
+ * Returns the byte-length of each envelope plus the request id, so
+ * the PWA console can confirm both inner and outer JWEs are
+ * non-empty (i.e. crypto ran end-to-end) and that the forward
+ * wrapping actually grew the bundle (i.e. the mediator step fired).
+ */
+export declare function smokeBuildDidcommEnrollChallenge(): Promise<SmokeDidcommEnrollChallengeResult>;
+export interface SmokeDidcommRoundtripResult {
+    ok: boolean;
+    recoveredChallenge?: string;
+    recoveredRpId?: string;
+    error?: string;
+}
+export declare function smokeDidcommVtaTransportRoundtrip(): Promise<SmokeDidcommRoundtripResult>;
+export type { DidcommMessageBridge };
+export interface SmokeMediatorEnrollmentResult {
+    ok: boolean;
+    routingDid?: string;
+    keylistUpdateResult?: string;
+    error?: string;
+}
+export declare function smokeMediatorEnrollment(): Promise<SmokeMediatorEnrollmentResult>;
+export interface SmokeLiveDeliveryResult {
+    ok: boolean;
+    recordedFlag?: boolean;
+    ackedIdsCount?: number;
+    error?: string;
+}
+export declare function smokeMediatorNotifications(): Promise<SmokeLiveDeliveryResult>;
+export interface SmokeWalletBootResult {
+    ok: boolean;
+    /** Holder DID was identical across the two boots (persistence works). */
+    didStablePerBoot?: boolean;
+    /** Fake VTA's enroll-challenge reply round-tripped through the session. */
+    recoveredChallenge?: string;
+    /** Second boot reloaded the persisted identity (didn't mint fresh). */
+    resumeReloadedIdentity?: boolean;
+    error?: string;
+}
+export declare function smokeWalletBoot(): Promise<SmokeWalletBootResult>;
+//# sourceMappingURL=smoke.d.ts.map

package/dist/vta/smoke.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"smoke.d.ts","sourceRoot":"","sources":["../../src/vta/smoke.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAC;AAI3D,MAAM,WAAW,iCAAiC;IAChD,EAAE,EAAE,OAAO,CAAC;IACZ,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,OAAO,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,gCAAgC,IAAI,OAAO,CAAC,iCAAiC,CAAC,CA2DnG;AAUD,MAAM,WAAW,2BAA2B;IAC1C,EAAE,EAAE,OAAO,CAAC;IACZ,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAKD,wBAAsB,iCAAiC,IAAI,OAAO,CAAC,2BAA2B,CAAC,CAiG9F;AAID,YAAY,EAAE,oBAAoB,EAAE,CAAC;AAUrC,MAAM,WAAW,6BAA6B;IAC5C,EAAE,EAAE,OAAO,CAAC;IACZ,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,wBAAsB,uBAAuB,IAAI,OAAO,CAAC,6BAA6B,CAAC,CA8EtF;AASD,MAAM,WAAW,uBAAuB;IACtC,EAAE,EAAE,OAAO,CAAC;IACZ,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,0BAA0B,IAAI,OAAO,CAAC,uBAAuB,CAAC,CAmEnF;AAUD,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,OAAO,CAAC;IACZ,yEAAyE;IACzE,gBAAgB,CAAC,EAAE,OAAO,CAAC;IAC3B,2EAA2E;IAC3E,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,uEAAuE;IACvE,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,qBAAqB,CAAC,CAsGtE"}

package/dist/vta/smoke.js

@@ -0,0 +1,408 @@
+import { Identity } from "../didcomm/index.js";
+import { InMemoryKVStore } from "../store/index.js";
+import { InMemoryDidcommBridge } from "./bridge-memory.js";
+import { DidcommVtaTransport } from "./didcomm.js";
+import { CoordinateMediationProtocol, } from "./mediation.js";
+import { MediatorClient } from "./mediator-client.js";
+import { PickupProtocol } from "./pickup.js";
+import { PasskeyVmTask, TRUST_TASK_ENVELOPE_TYPE, TRUST_TASK_ERROR_TYPE, } from "./protocol.js";
+import { WalletSession } from "./wallet-session.js";
+/**
+ * Exercise the full DIDComm enrollment-challenge construction path
+ * end-to-end:
+ *
+ * 1. Mint stub holder / VTA / mediator identities (ephemeral).
+ * 2. Build the inner enroll-challenge plaintext message.
+ * 3. Authcrypt holder → VTA.
+ * 4. Wrap in a Routing 2.0 forward envelope addressed to the VTA.
+ * 5. Anoncrypt the forward envelope to the mediator.
+ *
+ * Returns the byte-length of each envelope plus the request id, so
+ * the PWA console can confirm both inner and outer JWEs are
+ * non-empty (i.e. crypto ran end-to-end) and that the forward
+ * wrapping actually grew the bundle (i.e. the mediator step fired).
+ */
+export async function smokeBuildDidcommEnrollChallenge() {
+    let holder = null;
+    let vta = null;
+    let mediator = null;
+    try {
+        holder = Identity.generate("did:key:zHolderStub");
+        vta = Identity.generate("did:webvh:vta.example.com:abc");
+        mediator = Identity.generate("did:key:zMediatorStub");
+        const vtaPub = vta.publicJwk();
+        const medPub = mediator.publicJwk();
+        const bridge = {
+            sendAndAwaitReply: () => {
+                throw new Error("smoke bridge not callable — construction-only test");
+            },
+            send: () => Promise.resolve(),
+        };
+        const transport = new DidcommVtaTransport({
+            bridge,
+            holder,
+            vta: {
+                did: vta.did,
+                keyAgreementKid: vtaPub.kid,
+                keyAgreementPublicJwk: vtaPub.jwk,
+            },
+            mediator: {
+                did: mediator.did,
+                keyAgreementKid: medPub.kid,
+                keyAgreementPublicJwk: medPub.jwk,
+            },
+        });
+        const built = await transport.buildOutbound(PasskeyVmTask.enrollChallenge, {
+            did: holder.did,
+        });
+        return {
+            ok: true,
+            outerJweLength: built.outer.length,
+            innerJweLength: built.inner.length,
+            requestId: built.requestId,
+            forwardWrapped: built.outer !== built.inner,
+        };
+    }
+    catch (err) {
+        return {
+            ok: false,
+            outerJweLength: 0,
+            innerJweLength: 0,
+            requestId: "",
+            forwardWrapped: false,
+            error: err.message,
+        };
+    }
+    finally {
+        holder?.dispose();
+        vta?.dispose();
+        mediator?.dispose();
+    }
+}
+const FAKE_CHALLENGE = "AAECAwQFBgcICQoLDA0ODw";
+const FAKE_RP_ID = "wallet.example.com";
+export async function smokeDidcommVtaTransportRoundtrip() {
+    let holder = null;
+    let vta = null;
+    let mediator = null;
+    try {
+        holder = Identity.generate("did:key:zHolderStub");
+        vta = Identity.generate("did:webvh:vta.example.com:abc");
+        mediator = Identity.generate("did:key:zMediatorStub");
+        const vtaPub = vta.publicJwk();
+        const medPub = mediator.publicJwk();
+        const holderPub = holder.publicJwk();
+        const bridge = new InMemoryDidcommBridge({
+            vta,
+            mediator,
+            holderPublicJwk: holderPub,
+            vtaHandlers: {
+                // The fake VTA receives one binding-envelope type; it switches on
+                // the inner TrustTask's own `type` and replies with a trust-task
+                // result envelope (matching the real VTA's DIDComm binding).
+                [TRUST_TASK_ENVELOPE_TYPE]: (req) => {
+                    const tt = req.body;
+                    if (tt.type === PasskeyVmTask.enrollChallenge) {
+                        const result = {
+                            ceremonyId: "ceremony-001",
+                            challenge: FAKE_CHALLENGE,
+                            rpId: FAKE_RP_ID,
+                            rpName: "Test Wallet",
+                            userHandle: "dXNlci0wMDE",
+                            userName: tt.payload?.did ?? "anon",
+                            userDisplayName: "Test User",
+                            timeoutMs: 60_000,
+                        };
+                        return {
+                            type: TRUST_TASK_ENVELOPE_TYPE,
+                            body: {
+                                id: "resp-enroll-challenge",
+                                type: PasskeyVmTask.enrollChallenge,
+                                payload: result,
+                            },
+                        };
+                    }
+                    return {
+                        type: TRUST_TASK_ENVELOPE_TYPE,
+                        body: {
+                            id: "resp-error",
+                            type: TRUST_TASK_ERROR_TYPE,
+                            payload: { code: "unsupported_type", message: tt.type ?? "" },
+                        },
+                    };
+                },
+            },
+        });
+        const transport = new DidcommVtaTransport({
+            bridge,
+            holder,
+            vta: {
+                did: vta.did,
+                keyAgreementKid: vtaPub.kid,
+                keyAgreementPublicJwk: vtaPub.jwk,
+            },
+            mediator: {
+                did: mediator.did,
+                keyAgreementKid: medPub.kid,
+                keyAgreementPublicJwk: medPub.jwk,
+            },
+        });
+        const challenge = await transport.requestEnrollmentChallenge(holder.did);
+        if (challenge.challenge !== FAKE_CHALLENGE) {
+            return {
+                ok: false,
+                error: `challenge mismatch: ${challenge.challenge} != ${FAKE_CHALLENGE}`,
+            };
+        }
+        if (challenge.rpId !== FAKE_RP_ID) {
+            return {
+                ok: false,
+                error: `rpId mismatch: ${challenge.rpId} != ${FAKE_RP_ID}`,
+            };
+        }
+        return {
+            ok: true,
+            recoveredChallenge: challenge.challenge,
+            recoveredRpId: challenge.rpId,
+        };
+    }
+    catch (err) {
+        return { ok: false, error: err.message };
+    }
+    finally {
+        holder?.dispose();
+        vta?.dispose();
+        mediator?.dispose();
+    }
+}
+const FAKE_ROUTING_DID = "did:key:zMediatorRouting";
+export async function smokeMediatorEnrollment() {
+    let holder = null;
+    let mediator = null;
+    try {
+        holder = Identity.generate("did:key:zHolderForMediation");
+        mediator = Identity.generate("did:key:zMediatorEnrollment");
+        const mediatorPub = mediator.publicJwk();
+        const holderPub = holder.publicJwk();
+        const bridge = new InMemoryDidcommBridge({
+            mediator,
+            holderPublicJwk: holderPub,
+            mediatorHandlers: {
+                [CoordinateMediationProtocol.mediateRequest]: () => {
+                    const reply = { routing_did: [FAKE_ROUTING_DID] };
+                    return { type: CoordinateMediationProtocol.mediateGrant, body: reply };
+                },
+                [CoordinateMediationProtocol.keylistUpdate]: (req) => {
+                    const body = req.body;
+                    const updated = body.updates?.map((u) => ({
+                        recipient_did: u.recipient_did,
+                        action: u.action,
+                        result: "success",
+                    })) ?? [];
+                    const reply = { updated };
+                    return {
+                        type: CoordinateMediationProtocol.keylistUpdateResponse,
+                        body: reply,
+                    };
+                },
+            },
+        });
+        const client = new MediatorClient({
+            bridge,
+            holder,
+            mediator: {
+                did: mediator.did,
+                keyAgreementKid: mediatorPub.kid,
+                keyAgreementPublicJwk: mediatorPub.jwk,
+            },
+            timeoutMs: 5_000,
+        });
+        const grant = await client.requestMediation();
+        if (grant.routing_did[0] !== FAKE_ROUTING_DID) {
+            return {
+                ok: false,
+                error: `routing_did mismatch: ${grant.routing_did[0]} != ${FAKE_ROUTING_DID}`,
+            };
+        }
+        const updateResp = await client.updateKeylist([
+            { recipient_did: holder.did, action: "add" },
+        ]);
+        const first = updateResp.updated[0];
+        if (!first || first.result !== "success") {
+            return {
+                ok: false,
+                error: `keylist-update did not return success (${first?.result ?? "(none)"})`,
+            };
+        }
+        return {
+            ok: true,
+            routingDid: grant.routing_did[0],
+            keylistUpdateResult: first.result,
+        };
+    }
+    catch (err) {
+        return { ok: false, error: err.message };
+    }
+    finally {
+        holder?.dispose();
+        mediator?.dispose();
+    }
+}
+export async function smokeMediatorNotifications() {
+    let holder = null;
+    let mediator = null;
+    try {
+        holder = Identity.generate("did:key:zHolderNotify");
+        mediator = Identity.generate("did:key:zMediatorNotify");
+        const mediatorPub = mediator.publicJwk();
+        const holderPub = holder.publicJwk();
+        let recordedFlag;
+        let ackedIds = [];
+        const bridge = new InMemoryDidcommBridge({
+            mediator,
+            holderPublicJwk: holderPub,
+            mediatorHandlers: {
+                [PickupProtocol.liveDeliveryChange]: (req) => {
+                    const body = req.body;
+                    recordedFlag = body.live_delivery;
+                    return null; // notification — no reply
+                },
+                [PickupProtocol.messagesReceived]: (req) => {
+                    const body = req.body;
+                    ackedIds = body.message_id_list ?? [];
+                    return null; // notification — no reply
+                },
+            },
+        });
+        const client = new MediatorClient({
+            bridge,
+            holder,
+            mediator: {
+                did: mediator.did,
+                keyAgreementKid: mediatorPub.kid,
+                keyAgreementPublicJwk: mediatorPub.jwk,
+            },
+        });
+        await client.setLiveDelivery(true);
+        if (recordedFlag !== true) {
+            return {
+                ok: false,
+                error: `expected recordedFlag=true, got ${recordedFlag}`,
+            };
+        }
+        await client.acknowledgeMessages(["msg-1", "msg-2", "msg-3"]);
+        if (ackedIds.length !== 3) {
+            return {
+                ok: false,
+                error: `expected 3 acked ids, got ${ackedIds.length}`,
+            };
+        }
+        return {
+            ok: true,
+            recordedFlag,
+            ackedIdsCount: ackedIds.length,
+        };
+    }
+    catch (err) {
+        return { ok: false, error: err.message };
+    }
+    finally {
+        holder?.dispose();
+        mediator?.dispose();
+    }
+}
+export async function smokeWalletBoot() {
+    // Identities representing the network the wallet talks to. These
+    // would normally be resolved from the VTA's + mediator's DID docs.
+    let vtaIdentity = null;
+    let mediatorIdentity = null;
+    let session1 = null;
+    let session2 = null;
+    try {
+        vtaIdentity = Identity.generate("did:webvh:vta.example.com:abc");
+        mediatorIdentity = Identity.generate("did:key:zMediatorWallet");
+        const vtaPub = vtaIdentity.publicJwk();
+        const medPub = mediatorIdentity.publicJwk();
+        const store = new InMemoryKVStore();
+        const vtaEndpoint = {
+            did: vtaIdentity.did,
+            keyAgreementKid: vtaPub.kid,
+            keyAgreementPublicJwk: vtaPub.jwk,
+        };
+        const mediatorEndpoint = {
+            did: mediatorIdentity.did,
+            keyAgreementKid: medPub.kid,
+            keyAgreementPublicJwk: medPub.jwk,
+        };
+        // The in-memory bridge needs the holder's public JWK to unpack its
+        // authcrypt requests, so we pre-resolve the holder once (minting +
+        // persisting it) before building the bridge. Both WalletSessions
+        // then reload that same persisted holder.
+        const { generateOrLoadHolderIdentity: gen } = await import("../store/index.js");
+        const peek = await gen(store);
+        const holderPub = peek.identity.publicJwk();
+        peek.identity.dispose();
+        const makeBridge = () => new InMemoryDidcommBridge({
+            vta: vtaIdentity,
+            mediator: mediatorIdentity,
+            holderPublicJwk: holderPub,
+            vtaHandlers: {
+                [TRUST_TASK_ENVELOPE_TYPE]: () => ({
+                    type: TRUST_TASK_ENVELOPE_TYPE,
+                    body: {
+                        id: "resp-wallet-boot",
+                        type: PasskeyVmTask.enrollChallenge,
+                        payload: {
+                            ceremonyId: "ceremony-wallet-boot",
+                            challenge: "Y2hhbGwtd2FsbGV0LWJvb3Q",
+                            rpId: "wallet.example.com",
+                            rpName: "Wallet Boot Smoke",
+                            userHandle: "dXNlcg",
+                            userName: "alice",
+                            userDisplayName: "Alice",
+                            timeoutMs: 60_000,
+                        },
+                    },
+                }),
+            },
+        });
+        // ---- First boot ----
+        session1 = await WalletSession.withBridge({
+            store,
+            bridge: makeBridge(),
+            vta: vtaEndpoint,
+            mediator: mediatorEndpoint,
+            timeoutMs: 5_000,
+        });
+        const holderDid1 = session1.state().holder.did;
+        const challenge1 = await session1
+            .transport()
+            .requestEnrollmentChallenge(holderDid1);
+        session1.close();
+        // ---- Second boot: resume from the persisted identity ----
+        session2 = await WalletSession.withBridge({
+            store,
+            bridge: makeBridge(),
+            vta: vtaEndpoint,
+            mediator: mediatorEndpoint,
+            timeoutMs: 5_000,
+        });
+        const state2 = session2.state();
+        const holderDid2 = state2.holder.did;
+        session2.close();
+        return {
+            ok: true,
+            didStablePerBoot: holderDid1 === holderDid2,
+            recoveredChallenge: challenge1.challenge,
+            resumeReloadedIdentity: !state2.freshlyMintedIdentity,
+        };
+    }
+    catch (err) {
+        return { ok: false, error: err.message };
+    }
+    finally {
+        vtaIdentity?.dispose();
+        mediatorIdentity?.dispose();
+    }
+}
+//# sourceMappingURL=smoke.js.map

package/dist/vta/smoke.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"smoke.js","sourceRoot":"","sources":["../../src/vta/smoke.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAkB,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AACnD,OAAO,EACL,2BAA2B,GAG5B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AACtD,OAAO,EAAE,cAAc,EAA+B,MAAM,aAAa,CAAC;AAC1E,OAAO,EACL,aAAa,EACb,wBAAwB,EACxB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAWpD;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC;IACpD,IAAI,MAAM,GAAoB,IAAI,CAAC;IACnC,IAAI,GAAG,GAAoB,IAAI,CAAC;IAChC,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;QAClD,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,+BAA+B,CAAC,CAAC;QACzD,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,EAAqC,CAAC;QAClE,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAqC,CAAC;QAEvE,MAAM,MAAM,GAAyB;YACnC,iBAAiB,EAAE,GAAG,EAAE;gBACtB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;YACxE,CAAC;YACD,IAAI,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE;SAC9B,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,mBAAmB,CAAC;YACxC,MAAM;YACN,MAAM;YACN,GAAG,EAAE;gBACH,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,eAAe,EAAE,MAAM,CAAC,GAAG;gBAC3B,qBAAqB,EAAE,MAAM,CAAC,GAAG;aAClC;YACD,QAAQ,EAAE;gBACR,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,eAAe,EAAE,MAAM,CAAC,GAAG;gBAC3B,qBAAqB,EAAE,MAAM,CAAC,GAAG;aAClC;SACF,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,aAAa,CAAC,eAAe,EAAE;YACzE,GAAG,EAAE,MAAM,CAAC,GAAG;SAChB,CAAC,CAAC;QAEH,OAAO;YACL,EAAE,EAAE,IAAI;YACR,cAAc,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;YAClC,cAAc,EAAE,KAAK,CAAC,KAAK,CAAC,MAAM;YAClC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,cAAc,EAAE,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK;SAC5C,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,cAAc,EAAE,CAAC;YACjB,cAAc,EAAE,CAAC;YACjB,SAAS,EAAE,EAAE;YACb,cAAc,EAAE,KAAK;YACrB,KAAK,EAAG,GAAa,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,GAAG,EAAE,OAAO,EAAE,CAAC;QACf,QAAQ,EAAE,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAiBD,MAAM,cAAc,GAAG,wBAAwB,CAAC;AAChD,MAAM,UAAU,GAAG,oBAAoB,CAAC;AAExC,MAAM,CAAC,KAAK,UAAU,iCAAiC;IACrD,IAAI,MAAM,GAAoB,IAAI,CAAC;IACnC,IAAI,GAAG,GAAoB,IAAI,CAAC;IAChC,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC;QAClD,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,+BAA+B,CAAC,CAAC;QACzD,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QAEtD,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,EAAqC,CAAC;QAClE,MAAM,MAAM,GAAG,QAAQ,CAAC,SAAS,EAAqC,CAAC;QACvE,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,EAAqC,CAAC;QAExE,MAAM,MAAM,GAAG,IAAI,qBAAqB,CAAC;YACvC,GAAG;YACH,QAAQ;YACR,eAAe,EAAE,SAAS;YAC1B,WAAW,EAAE;gBACX,kEAAkE;gBAClE,iEAAiE;gBACjE,6DAA6D;gBAC7D,CAAC,wBAAwB,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE;oBAClC,MAAM,EAAE,GAAG,GAAG,CAAC,IAAqD,CAAC;oBACrE,IAAI,EAAE,CAAC,IAAI,KAAK,aAAa,CAAC,eAAe,EAAE,CAAC;wBAC9C,MAAM,MAAM,GAAgC;4BAC1C,UAAU,EAAE,cAAc;4BAC1B,SAAS,EAAE,cAAc;4BACzB,IAAI,EAAE,UAAU;4BAChB,MAAM,EAAE,aAAa;4BACrB,UAAU,EAAE,aAAa;4BACzB,QAAQ,EAAE,EAAE,CAAC,OAAO,EAAE,GAAG,IAAI,MAAM;4BACnC,eAAe,EAAE,WAAW;4BAC5B,SAAS,EAAE,MAAM;yBAClB,CAAC;wBACF,OAAO;4BACL,IAAI,EAAE,wBAAwB;4BAC9B,IAAI,EAAE;gCACJ,EAAE,EAAE,uBAAuB;gCAC3B,IAAI,EAAE,aAAa,CAAC,eAAe;gCACnC,OAAO,EAAE,MAAM;6BAChB;yBACF,CAAC;oBACJ,CAAC;oBACD,OAAO;wBACL,IAAI,EAAE,wBAAwB;wBAC9B,IAAI,EAAE;4BACJ,EAAE,EAAE,YAAY;4BAChB,IAAI,EAAE,qBAAqB;4BAC3B,OAAO,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,IAAI,EAAE,EAAE;yBAC9D;qBACF,CAAC;gBACJ,CAAC;aACF;SACF,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,IAAI,mBAAmB,CAAC;YACxC,MAAM;YACN,MAAM;YACN,GAAG,EAAE;gBACH,GAAG,EAAE,GAAG,CAAC,GAAG;gBACZ,eAAe,EAAE,MAAM,CAAC,GAAG;gBAC3B,qBAAqB,EAAE,MAAM,CAAC,GAAG;aAClC;YACD,QAAQ,EAAE;gBACR,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,eAAe,EAAE,MAAM,CAAC,GAAG;gBAC3B,qBAAqB,EAAE,MAAM,CAAC,GAAG;aAClC;SACF,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,0BAA0B,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAEzE,IAAI,SAAS,CAAC,SAAS,KAAK,cAAc,EAAE,CAAC;YAC3C,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,uBAAuB,SAAS,CAAC,SAAS,OAAO,cAAc,EAAE;aACzE,CAAC;QACJ,CAAC;QACD,IAAI,SAAS,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAClC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,kBAAkB,SAAS,CAAC,IAAI,OAAO,UAAU,EAAE;aAC3D,CAAC;QACJ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAI;YACR,kBAAkB,EAAE,SAAS,CAAC,SAAS;YACvC,aAAa,EAAE,SAAS,CAAC,IAAI;SAC9B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,GAAG,EAAE,OAAO,EAAE,CAAC;QACf,QAAQ,EAAE,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAqBD,MAAM,gBAAgB,GAAG,0BAA0B,CAAC;AAEpD,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC3C,IAAI,MAAM,GAAoB,IAAI,CAAC;IACnC,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;QAC1D,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;QAE5D,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,EAAqC,CAAC;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,EAAqC,CAAC;QAExE,MAAM,MAAM,GAAG,IAAI,qBAAqB,CAAC;YACvC,QAAQ;YACR,eAAe,EAAE,SAAS;YAC1B,gBAAgB,EAAE;gBAChB,CAAC,2BAA2B,CAAC,cAAc,CAAC,EAAE,GAAG,EAAE;oBACjD,MAAM,KAAK,GAAqB,EAAE,WAAW,EAAE,CAAC,gBAAgB,CAAC,EAAE,CAAC;oBACpE,OAAO,EAAE,IAAI,EAAE,2BAA2B,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;gBACzE,CAAC;gBACD,CAAC,2BAA2B,CAAC,aAAa,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE;oBACnD,MAAM,IAAI,GAAG,GAAG,CAAC,IAEhB,CAAC;oBACF,MAAM,OAAO,GACX,IAAI,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;wBACxB,aAAa,EAAE,CAAC,CAAC,aAAa;wBAC9B,MAAM,EAAE,CAAC,CAAC,MAAM;wBAChB,MAAM,EAAE,SAAkB;qBAC3B,CAAC,CAAC,IAAI,EAAE,CAAC;oBACZ,MAAM,KAAK,GAA8B,EAAE,OAAO,EAAE,CAAC;oBACrD,OAAO;wBACL,IAAI,EAAE,2BAA2B,CAAC,qBAAqB;wBACvD,IAAI,EAAE,KAAK;qBACZ,CAAC;gBACJ,CAAC;aACF;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;YAChC,MAAM;YACN,MAAM;YACN,QAAQ,EAAE;gBACR,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,eAAe,EAAE,WAAW,CAAC,GAAG;gBAChC,qBAAqB,EAAE,WAAW,CAAC,GAAG;aACvC;YACD,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC9C,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,gBAAgB,EAAE,CAAC;YAC9C,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,yBAAyB,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,gBAAgB,EAAE;aAC9E,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;YAC5C,EAAE,aAAa,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE;SAC7C,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACzC,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,0CAA0C,KAAK,EAAE,MAAM,IAAI,QAAQ,GAAG;aAC9E,CAAC;QACJ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAI;YACR,UAAU,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC;YAChC,mBAAmB,EAAE,KAAK,CAAC,MAAM;SAClC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAgBD,MAAM,CAAC,KAAK,UAAU,0BAA0B;IAC9C,IAAI,MAAM,GAAoB,IAAI,CAAC;IACnC,IAAI,QAAQ,GAAoB,IAAI,CAAC;IACrC,IAAI,CAAC;QACH,MAAM,GAAG,QAAQ,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAAC;QACpD,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC;QAExD,MAAM,WAAW,GAAG,QAAQ,CAAC,SAAS,EAAqC,CAAC;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,EAAqC,CAAC;QAExE,IAAI,YAAiC,CAAC;QACtC,IAAI,QAAQ,GAAa,EAAE,CAAC;QAE5B,MAAM,MAAM,GAAG,IAAI,qBAAqB,CAAC;YACvC,QAAQ;YACR,eAAe,EAAE,SAAS;YAC1B,gBAAgB,EAAE;gBAChB,CAAC,cAAc,CAAC,kBAAkB,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE;oBAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,IAA8B,CAAC;oBAChD,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC;oBAClC,OAAO,IAAI,CAAC,CAAC,0BAA0B;gBACzC,CAAC;gBACD,CAAC,cAAc,CAAC,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE;oBACzC,MAAM,IAAI,GAAG,GAAG,CAAC,IAAsC,CAAC;oBACxD,QAAQ,GAAG,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC;oBACtC,OAAO,IAAI,CAAC,CAAC,0BAA0B;gBACzC,CAAC;aACF;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,cAAc,CAAC;YAChC,MAAM;YACN,MAAM;YACN,QAAQ,EAAE;gBACR,GAAG,EAAE,QAAQ,CAAC,GAAG;gBACjB,eAAe,EAAE,WAAW,CAAC,GAAG;gBAChC,qBAAqB,EAAE,WAAW,CAAC,GAAG;aACvC;SACF,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,YAAY,KAAK,IAAI,EAAE,CAAC;YAC1B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,mCAAmC,YAAY,EAAE;aACzD,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QAC9D,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,KAAK,EAAE,6BAA6B,QAAQ,CAAC,MAAM,EAAE;aACtD,CAAC;QACJ,CAAC;QAED,OAAO;YACL,EAAE,EAAE,IAAI;YACR,YAAY;YACZ,aAAa,EAAE,QAAQ,CAAC,MAAM;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,MAAM,EAAE,OAAO,EAAE,CAAC;QAClB,QAAQ,EAAE,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC;AAqBD,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,iEAAiE;IACjE,mEAAmE;IACnE,IAAI,WAAW,GAAoB,IAAI,CAAC;IACxC,IAAI,gBAAgB,GAAoB,IAAI,CAAC;IAC7C,IAAI,QAAQ,GAAyB,IAAI,CAAC;IAC1C,IAAI,QAAQ,GAAyB,IAAI,CAAC;IAE1C,IAAI,CAAC;QACH,WAAW,GAAG,QAAQ,CAAC,QAAQ,CAAC,+BAA+B,CAAC,CAAC;QACjE,gBAAgB,GAAG,QAAQ,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC;QAChE,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,EAAqC,CAAC;QAC1E,MAAM,MAAM,GAAG,gBAAgB,CAAC,SAAS,EAAqC,CAAC;QAE/E,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QAEpC,MAAM,WAAW,GAAG;YAClB,GAAG,EAAE,WAAW,CAAC,GAAG;YACpB,eAAe,EAAE,MAAM,CAAC,GAAG;YAC3B,qBAAqB,EAAE,MAAM,CAAC,GAAG;SAClC,CAAC;QACF,MAAM,gBAAgB,GAAG;YACvB,GAAG,EAAE,gBAAgB,CAAC,GAAG;YACzB,eAAe,EAAE,MAAM,CAAC,GAAG;YAC3B,qBAAqB,EAAE,MAAM,CAAC,GAAG;SAClC,CAAC;QAEF,mEAAmE;QACnE,mEAAmE;QACnE,iEAAiE;QACjE,0CAA0C;QAC1C,MAAM,EAAE,4BAA4B,EAAE,GAAG,EAAE,GAAG,MAAM,MAAM,CACxD,mBAAmB,CACpB,CAAC;QACF,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAqC,CAAC;QAC/E,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QAExB,MAAM,UAAU,GAAG,GAAG,EAAE,CACtB,IAAI,qBAAqB,CAAC;YACxB,GAAG,EAAE,WAAY;YACjB,QAAQ,EAAE,gBAAiB;YAC3B,eAAe,EAAE,SAAS;YAC1B,WAAW,EAAE;gBACX,CAAC,wBAAwB,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;oBACjC,IAAI,EAAE,wBAAwB;oBAC9B,IAAI,EAAE;wBACJ,EAAE,EAAE,kBAAkB;wBACtB,IAAI,EAAE,aAAa,CAAC,eAAe;wBACnC,OAAO,EAAE;4BACP,UAAU,EAAE,sBAAsB;4BAClC,SAAS,EAAE,yBAAyB;4BACpC,IAAI,EAAE,oBAAoB;4BAC1B,MAAM,EAAE,mBAAmB;4BAC3B,UAAU,EAAE,QAAQ;4BACpB,QAAQ,EAAE,OAAO;4BACjB,eAAe,EAAE,OAAO;4BACxB,SAAS,EAAE,MAAM;yBAClB;qBACF;iBACF,CAAC;aACH;SACF,CAAC,CAAC;QAEL,uBAAuB;QACvB,QAAQ,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC;YACxC,KAAK;YACL,MAAM,EAAE,UAAU,EAAE;YACpB,GAAG,EAAE,WAAW;YAChB,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QACH,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC;QAC/C,MAAM,UAAU,GAAG,MAAM,QAAQ;aAC9B,SAAS,EAAE;aACX,0BAA0B,CAAC,UAAU,CAAC,CAAC;QAC1C,QAAQ,CAAC,KAAK,EAAE,CAAC;QAEjB,4DAA4D;QAC5D,QAAQ,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC;YACxC,KAAK;YACL,MAAM,EAAE,UAAU,EAAE;YACpB,GAAG,EAAE,WAAW;YAChB,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,KAAK;SACjB,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC;QACrC,QAAQ,CAAC,KAAK,EAAE,CAAC;QAEjB,OAAO;YACL,EAAE,EAAE,IAAI;YACR,gBAAgB,EAAE,UAAU,KAAK,UAAU;YAC3C,kBAAkB,EAAE,UAAU,CAAC,SAAS;YACxC,sBAAsB,EAAE,CAAC,MAAM,CAAC,qBAAqB;SACtD,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAG,GAAa,CAAC,OAAO,EAAE,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,WAAW,EAAE,OAAO,EAAE,CAAC;QACvB,gBAAgB,EAAE,OAAO,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC"}

package/dist/vta/transport.d.ts

@@ -0,0 +1,55 @@
+import type { EnrollmentChallengeResponse, EnrollmentSubmitRequest, EnrollmentSubmitResponse, PasskeyList } from "./types.js";
+/**
+ * Transport-neutral passkey-management surface. Both the REST
+ * (`VtaClient`) and DIDComm (`DidcommVtaTransport`) implementations
+ * satisfy this — callers depend on the interface and pick the
+ * concrete transport based on what the VTA advertises.
+ */
+export interface VtaTransport {
+    requestEnrollmentChallenge(did: string): Promise<EnrollmentChallengeResponse>;
+    submitPasskeyEnrollment(req: EnrollmentSubmitRequest): Promise<EnrollmentSubmitResponse>;
+    listPasskeys(did: string): Promise<PasskeyList>;
+    removePasskey(did: string, fragment: string): Promise<void>;
+}
+/**
+ * An inbound DIDComm message after the bridge has decrypted it. The
+ * bridge owns unpacking — and, for the mediator-session bridge,
+ * authentication: only successfully sender-authenticated authcrypt
+ * frames are ever surfaced (anoncrypt frames are dropped). Callers
+ * validate `type` / `thid` / `from` on this shape.
+ */
+export interface DidcommReply {
+    type?: string;
+    thid?: string;
+    from?: string;
+    body?: unknown;
+}
+/**
+ * Seam for the DIDComm transport's send/receive plumbing. Lets us
+ * separate "build the right DIDComm message bytes" from "actually
+ * push them through a mediator". The first concern lives in
+ * `@openvtc/pnm-core`; the second is the bridge implementation.
+ *
+ * Implementations transmit packed JWE bytes to the configured
+ * mediator and surface the **decrypted** reply. `sendAndAwaitReply`
+ * registers a reply expectation by `thid`; `send` is fire-and-forget
+ * for DIDComm notifications.
+ */
+export interface DidcommMessageBridge {
+    sendAndAwaitReply(
+    /** Outer JWE (forward envelope) to push to the mediator. */
+    outerPackedJwe: string, 
+    /** Expected `thid` of the reply, so the bridge can demultiplex. */
+    expectThreadId: string, options?: {
+        timeoutMs?: number;
+    }): Promise<DidcommReply>;
+    /**
+     * Fire-and-forget. The DIDComm protocol message in
+     * `outerPackedJwe` is one-way (notification) — caller doesn't
+     * expect a reply. Implementations resolve once the bytes are
+     * handed off to the underlying transport; they do not track
+     * delivery acknowledgement at this layer.
+     */
+    send(outerPackedJwe: string): Promise<void>;
+}
+//# sourceMappingURL=transport.d.ts.map

package/dist/vta/transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport.d.ts","sourceRoot":"","sources":["../../src/vta/transport.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,2BAA2B,EAC3B,uBAAuB,EACvB,wBAAwB,EACxB,WAAW,EACZ,MAAM,YAAY,CAAC;AAEpB;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,2BAA2B,CAAC,CAAC;IAC9E,uBAAuB,CAAC,GAAG,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC,CAAC;IACzF,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;IAChD,aAAa,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7D;AAED;;;;;;GAMG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,OAAO,CAAC;CAChB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,oBAAoB;IACnC,iBAAiB;IACf,4DAA4D;IAC5D,cAAc,EAAE,MAAM;IACtB,mEAAmE;IACnE,cAAc,EAAE,MAAM,EACtB,OAAO,CAAC,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,GAC/B,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzB;;;;;;OAMG;IACH,IAAI,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7C"}

package/dist/vta/transport.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=transport.js.map

package/dist/vta/transport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transport.js","sourceRoot":"","sources":["../../src/vta/transport.ts"],"names":[],"mappings":""}

package/dist/vta/types.d.ts

@@ -0,0 +1,50 @@
+import type { PasskeyVerificationMethod } from "../did/verification-method.js";
+/**
+ * Wire types for VTA passkey-management operations. Shared by the
+ * REST transport (`VtaClient`) and the DIDComm transport
+ * (`DidcommVtaTransport`) so both deliver the same logical surface.
+ */
+export interface EnrollmentChallengeResponse {
+    /** Opaque ceremony id bound server-side to this challenge. Echo it
+     *  back on submit so the VTA can correlate the WebAuthn registration
+     *  ceremony (a WebAuthn security requirement). */
+    ceremonyId: string;
+    /** Server-issued challenge (base64url). The browser passes the raw bytes
+     *  to `navigator.credentials.create`; the VTA verifies the returned
+     *  clientDataJSON against the same value. */
+    challenge: string;
+    /** Relying-Party identifier — typically the VTA's hostname. */
+    rpId: string;
+    rpName: string;
+    /** Stable user handle to associate with the credential. Bytes the VTA
+     *  picked; opaque to the client. */
+    userHandle: string;
+    userName: string;
+    userDisplayName: string;
+    /** Server-suggested timeout in milliseconds. */
+    timeoutMs?: number;
+}
+export interface EnrollmentSubmitRequest {
+    did: string;
+    /** Ceremony id from the matching `EnrollmentChallengeResponse`. */
+    ceremonyId: string;
+    credentialId: string;
+    publicKeyMultibase: string;
+    coseAlgorithm: number;
+    /** Raw WebAuthn fields the VTA needs for its own verification. */
+    attestationObject: string;
+    clientDataJson: string;
+    authenticatorData: string;
+    transports: AuthenticatorTransport[];
+    /** Optional human-friendly label. */
+    label?: string;
+}
+export interface EnrollmentSubmitResponse {
+    verificationMethod: PasskeyVerificationMethod;
+    /** WebVH log entry index that recorded the change. */
+    webvhVersion: string;
+}
+export interface PasskeyList {
+    verificationMethods: PasskeyVerificationMethod[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/vta/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/vta/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAE/E;;;;GAIG;AAEH,MAAM,WAAW,2BAA2B;IAC1C;;sDAEkD;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB;;iDAE6C;IAC7C,SAAS,EAAE,MAAM,CAAC;IAClB,+DAA+D;IAC/D,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf;wCACoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,uBAAuB;IACtC,GAAG,EAAE,MAAM,CAAC;IACZ,mEAAmE;IACnE,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,kEAAkE;IAClE,iBAAiB,EAAE,MAAM,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,UAAU,EAAE,sBAAsB,EAAE,CAAC;IACrC,qCAAqC;IACrC,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,wBAAwB;IACvC,kBAAkB,EAAE,yBAAyB,CAAC;IAC9C,sDAAsD;IACtD,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,mBAAmB,EAAE,yBAAyB,EAAE,CAAC;CAClD"}

package/dist/vta/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/vta/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/vta/types.ts"],"names":[],"mappings":""}