@openvtc/pnm-core 0.1.0

package/dist/didcomm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/didcomm/index.ts"],"names":[],"mappings":"AAAA,oDAAoD;AACpD,EAAE;AACF,qEAAqE;AACrE,mEAAmE;AACnE,kEAAkE;AAClE,iEAAiE;AACjE,iEAAiE;AACjE,kCAAkC;AAClC,EAAE;AACF,8DAA8D;AAC9D,iEAAiE;AACjE,+DAA+D;AAC/D,sEAAsE;AACtE,qEAAqE;AACrE,qEAAqE;AACrE,2CAA2C;AAE3C,OAAO,EACL,IAAI,IAAI,OAAO,EACf,aAAa,IAAI,gBAAgB,EACjC,MAAM,IAAI,SAAS,EACnB,YAAY,IAAI,eAAe,EAC/B,yBAAyB,IAAI,sBAAsB,EACnD,eAAe,IAAI,kBAAkB,EACrC,OAAO,IAAI,UAAU,EACrB,sBAAsB,IAAI,yBAAyB,EACnD,eAAe,IAAI,kBAAkB,EACrC,MAAM,EACN,GAAG,IAAI,MAAM,GACd,MAAM,yBAAyB,CAAC;AAuCjC,MAAM,OAAO,GAAG,IAAI,OAAO,EAA4B,CAAC;AAExD,SAAS,aAAa,CAAC,EAAY;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,OAAO,QAAQ;IACV,GAAG,CAAS;IACZ,GAAG,CAAS;IAErB,YAAoB,GAAW,EAAE,GAAW,EAAE,UAAqB;QACjE,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,CAAC;IACzC,CAAC;IAED;;wDAEoD;IACpD,MAAM,CAAC,QAAQ,CAAC,GAAW;QACzB,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;QAC3D,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;QAChE,OAAO,IAAI,QAAQ,CAAC,GAAG,EAAE,GAAG,GAAG,QAAQ,EAAE;YACvC,GAAG,EAAE,KAAK;YACV,GAAG,EAAE,QAAQ;YACb,CAAC,EAAE,IAAI,CAAC,CAAC;YACT,CAAC,EAAE,IAAI,CAAC,CAAW;SACpB,CAAC,CAAC;IACL,CAAC;IAED,wCAAwC;IACxC,MAAM,CAAC,aAAa,CAAC,KAIpB;QACC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,IAAI,SAAS,CAAC,yDAAyD,CAAC,CAAC;QACjF,CAAC;QACD,OAAO,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,EAAE,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,4EAA4E;IAC5E,SAAS;QACP,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QAC3C,MAAM,GAAG,GAAc;YACrB,GAAG,EAAE,UAAU,CAAC,GAAG;YACnB,GAAG,EAAE,UAAU,CAAC,GAAG;YACnB,CAAC,EAAE,UAAU,CAAC,CAAC;SAChB,CAAC;QACF,IAAI,UAAU,CAAC,CAAC,KAAK,SAAS;YAAE,GAAG,CAAC,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC;QACrD,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IACrC,CAAC;IAED,qDAAqD;IACrD,SAAS;QACP,MAAM,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,EAAE,CAAC;IAClE,CAAC;IAED,4DAA4D;IAC5D,OAAO;QACL,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACvB,CAAC;CACF;AAoBD,SAAS,MAAM,CAA4B,OAAU;IACnD,IAAI,OAAO,CAAC,EAAE;QAAE,OAAO,OAA6B,CAAC;IACrD,OAAO,EAAE,GAAG,OAAO,EAAE,EAAE,EAAE,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;AAC5D,CAAC;AAED,SAAS,eAAe,CAAC,UAA8B;IACrD,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;IAChC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,sDAAsD,UAAU,CAAC,MAAM,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,qEAAqE;AACrE,MAAM,UAAU,qBAAqB,CAAC,KAA4B;IAChE,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,sDAAsD;AACtD,MAAM,UAAU,aAAa,CAC3B,OAA8B,EAC9B,UAA8B;IAE9B,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO,gBAAgB,CAAC;QACtB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC;QACxB,SAAS,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE;KAC5D,CAAC,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAmB,EACnB,UAA8B;IAE9B,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO,gBAAgB,CAAC;QACtB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;QAChC,SAAS,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE;KAC5D,CAAC,CAAC;AACL,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAC/B,WAAmB,EACnB,MAAgB,EAChB,UAA8B;IAE9B,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO,OAAO,CAAC;QACb,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC;QAChC,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE;QAC1D,SAAS,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE;KAC5D,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,WAAW,CACzB,IAAY,EACZ,IAAY,EACZ,WAAmB,EACnB,YAAoB;IAEpB,OAAO,IAAI,CAAC,SAAS,CACnB,eAAe,CAAC;QACd,IAAI;QACJ,IAAI;QACJ,WAAW;QACX,QAAQ,EAAE,YAAY;KACvB,CAA4B,CAC9B,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAC3B,OAA8B,EAC9B,MAAgB,EAChB,UAA8B;IAE9B,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC,MAAM,SAAS,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IAC9C,OAAO,OAAO,CAAC;QACb,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC;QACxB,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE;QAC1D,SAAS,EAAE,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE;KAC5D,CAAC,CAAC;AACL,CAAC;AAED,qEAAqE;AACrE,uEAAuE;AACvE,oEAAoE;AACpE,kEAAkE;AAClE,qEAAqE;AACrE,qEAAqE;AACrE,8DAA8D;AAC9D,gCAAgC;AAChC,SAAS,mBAAmB,CAAC,OAAe,EAAE,SAAiB;IAC7D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAE7B,CAAC;QACF,MAAM,OAAO,GAAG,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;QACrC,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,KAAK,SAAS,CAAC;YAAE,OAAO,SAAS,CAAC;QACxE,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACxE,IAAI,OAAO,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,8DAA8D;QAC9D,eAAe;IACjB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAsD,EACtD,SAAmB;IAEnB,MAAM,MAAM,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;IACxC,MAAM,YAAY,GAAG,mBAAmB,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,MAAM,SAAS,CAC5B,IAAI,CAAC,KAAK,EACV,EAAE,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,EACpD,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC,CAAC,SAAS,CAC3E,CAAC;IACF,MAAM,GAAG,GAAiD;QACxD,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,MAAM,CAAC,OAAkC;QAClD,aAAa,EAAE,MAAM,CAAC,aAAa;QACnC,aAAa,EAAE,YAAY;KAC5B,CAAC;IACF,IAAI,MAAM,CAAC,SAAS;QAAE,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC;IACxD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,2DAA2D;AAC3D,MAAM,UAAU,mBAAmB;IACjC,OAAO,yBAAyB,CAAC;AACnC,CAAC;AAED,8EAA8E;AAC9E,yEAAyE;AACzE,4EAA4E;AAC5E,oEAAoE;AACpE,wEAAwE;AACxE,uBAAuB;AACvB,8EAA8E;AAE9E,SAAS,eAAe,CAAC,KAAiB;IACxC,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC9C,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;AACjD,CAAC;AASD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,GAAW;IACnD,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;IAC7D,OAAO;QACL,GAAG;QACH,eAAe,EAAE,GAAG;QACpB,qBAAqB,EAAE,eAAe,CAAC,SAAS,CAAC;KAClD,CAAC;AACJ,CAAC;AAYD;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,WAAmB,EACnB,UAAuC,EAAE;IAEzC,MAAM,CAAC,GAAG,MAAM,kBAAkB,CAAC,WAAW,EAAE;QAC9C,aAAa,EAAE,OAAO,CAAC,aAAa,IAAI,KAAK;KAC9C,CAAC,CAAC;IACH,IAAI,CAAC,CAAC,CAAC,UAAU,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,YAAY,WAAW,qDAAqD,CAC7E,CAAC;IACJ,CAAC;IACD,OAAO;QACL,GAAG,EAAE,CAAC,CAAC,GAAG;QACV,eAAe,EAAE,CAAC,CAAC,GAAG;QACtB,qBAAqB,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;QACnD,YAAY,EAAE,CAAC,CAAC,UAAU;QAC1B,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,YAAY,EAAE,CAAC,CAAC,YAAY;KAC7B,CAAC;AACJ,CAAC;AAYD;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,GAAW;IAClD,MAAM,UAAU,GAAG,CAAC,MAAM,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC,CAE5C,CAAC;IACF,MAAM,QAAQ,GAAG,UAAU,CAAC,WAAW,EAAE,OAAO,IAAI,EAAE,CAAC;IACvD,MAAM,GAAG,GAAgB,EAAE,CAAC;IAE5B,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAE9C,IAAI,QAAQ,KAAK,UAAU,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtD,qDAAqD;YACrD,IAAI,OAAO,GAAG,CAAC,eAAe,KAAK,QAAQ,EAAE,CAAC;gBAC5C,GAAG,CAAC,IAAI,GAAG,EAAE,OAAO,EAAE,GAAG,CAAC,eAAe,EAAE,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,IAAI,QAAQ,KAAK,aAAa,IAAI,GAAG,CAAC,IAAI,KAAK,kBAAkB,EAAE,CAAC;YAClE,sEAAsE;YACtE,qDAAqD;YACrD,MAAM,EAAE,GAAG,GAAG,CAAC,eAAe,CAAC;YAC/B,IAAI,WAA+B,CAAC;YACpC,IAAI,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;gBAAE,WAAW,GAAI,EAAE,CAAC,CAAC,CAAkC,EAAE,GAAG,CAAC;iBAC7E,IAAI,EAAE,IAAI,OAAO,EAAE,KAAK,QAAQ;gBAAE,WAAW,GAAI,EAAuB,CAAC,GAAG,CAAC;iBAC7E,IAAI,OAAO,EAAE,KAAK,QAAQ;gBAAE,WAAW,GAAG,EAAE,CAAC;YAClD,0EAA0E;YAC1E,IAAI,WAAW,IAAI,CAAC,QAAQ,KAAK,aAAa,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAChE,GAAG,CAAC,OAAO,GAAG,EAAE,WAAW,EAAE,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAsBD,MAAM,sBAAsB,GAAG,yBAQsC,CAAC;AAiDtE;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,IAAmC;IAEnC,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,UAKlB,CAAC;IACF,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,YAAY,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE3C,MAAM,IAAI,GAAG,MAAM,sBAAsB,CAAC;QACxC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG;QAC1B,mBAAmB,EAAE,aAAa;QAClC,kBAAkB,EAAE,YAAY;QAChC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG;QAC1B,aAAa,EAAE,IAAI,CAAC,aAAa,IAAI,KAAK;QAC1C,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7C,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,mBAAmB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAEnD,sEAAsE;IACtE,oBAAoB;IACpB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAmC;QAC3D,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,qBAAqB,EAAE,CAAC;KACxD,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,IAAI,kBAAkB,CAAC;QACrC,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,MAAM,EAAE;YACN,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG;YACpB,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG;YACpB,UAAU,EAAE,aAAa;YACzB,SAAS,EAAE,YAAY;SACxB;QACD,UAAU;QACV,aAAa,EAAE,KAAK,EAAE,GAAW,EAAE,EAAE;YACnC,MAAM,CAAC,GAAG,MAAM,sBAAsB,CAAC,GAAG,CAAC,CAAC;YAC5C,OAAO,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACrD,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,GAAG,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACrE,CAAC,CAAC;IACH,MAAM,OAAO,CAAC,OAAO,EAAE,CAAC;IAExB,MAAM,WAAW,GAAG,OAAyC,CAAC;IAC9D,OAAO;QACL,IAAI,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC;QACxC,OAAO,EAAE,CAAC,IAAY,EAAE,SAAiB,EAAE,EAAE,CAC3C,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,SAAS,CAAqC;QACtE,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE;QAC5B,IAAI,MAAM;YACR,OAAO,WAAW,CAAC,MAAM,CAAC;QAC5B,CAAC;QACD,wEAAwE;QACxE,oDAAoD;QACpD,SAAS,EAAE,CAAC,OAAO,EAAE,EAAE;YACpB,OAAoD,CAAC,SAAS,GAAG,OAAO,CAAC;QAC5E,CAAC;QACD,GAAG;QACH,QAAQ,EAAE;YACR,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YACtB,eAAe,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG;YAClC,qBAAqB,EAAE,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;SAChE;KACF,CAAC;AACJ,CAAC;AAgBD,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC3C,IAAI,KAAK,GAAoB,IAAI,CAAC;IAClC,IAAI,GAAG,GAAoB,IAAI,CAAC;IAChC,IAAI,CAAC;QACH,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QAC/C,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;QAC/B,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QAEnC,MAAM,MAAM,GAAG,MAAM,aAAa,CAChC;YACE,IAAI,EAAE,8CAA8C;YACpD,IAAI,EAAE,KAAK,CAAC,GAAG;YACf,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;YACb,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE;SAC9D,EACD,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;QAEF,MAAM,GAAG,GAAG,MAAM,aAAa,CAC7B,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,QAAQ,CAAC,GAAG,EAAE,EAClD,GAAG,CACJ,CAAC;QACF,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YAC7B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,YAAY,EAAE,MAAM,CAAC,MAAM;gBAC3B,oBAAoB,EAAE,SAAS;gBAC/B,aAAa,EAAE,SAAS;gBACxB,KAAK,EAAE,mBAAmB,GAAG,CAAC,IAAI,EAAE;aACrC,CAAC;QACJ,CAAC;QACD,OAAO;YACL,EAAE,EAAE,IAAI;YACR,YAAY,EAAE,MAAM,CAAC,MAAM;YAC3B,oBAAoB,EAAE,GAAG,CAAC,OAAO,CAAC,MAAM,CAAuB;YAC/D,aAAa,EAAE,GAAG,CAAC,aAAa;SACjC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,YAAY,EAAE,CAAC;YACf,oBAAoB,EAAE,SAAS;YAC/B,aAAa,EAAE,SAAS;YACxB,KAAK,EAAG,GAAa,CAAC,OAAO;SAC9B,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,KAAK,EAAE,OAAO,EAAE,CAAC;QACjB,GAAG,EAAE,OAAO,EAAE,CAAC;IACjB,CAAC;AACH,CAAC"}

package/dist/inbound/confirm.d.ts

@@ -0,0 +1,50 @@
+import { type Identity } from "../didcomm/index.js";
+import type { RemoteDidcommEndpoint } from "../vta/didcomm.js";
+export declare const CONFIRM_REQUEST_TYPE = "https://trusttasks.org/spec/confirm/request/0.1";
+export declare const CONFIRM_RESPONSE_TYPE = "https://trusttasks.org/spec/confirm/response/0.1";
+/** Body of an inbound confirm request (RP → wallet). */
+export interface ConfirmRequest {
+    /** RP-issued nonce; the wallet echoes it in the response so the RP can
+     *  correlate + prevent replay. */
+    challenge: string;
+    /** Human-readable action the user is being asked to confirm. */
+    action: string;
+    /** Optional RP display name for the consent prompt. */
+    rpName?: string;
+}
+/** A parsed, validated inbound confirm request. */
+export interface ParsedConfirmRequest {
+    /** The requesting RP's DID (the authcrypt sender). */
+    rpDid: string;
+    /** Thread id to echo on the response so the RP correlates it. */
+    thid: string;
+    request: ConfirmRequest;
+}
+/**
+ * Validate a decrypted inbound DIDComm message as a `confirm/1.0` request.
+ * Returns `null` if it isn't one (so an `onInbound` handler can ignore other
+ * traffic). The `from` field is the authcrypt-authenticated RP DID.
+ */
+export declare function parseConfirmRequest(message: Record<string, unknown>): ParsedConfirmRequest | null;
+export interface BuildConfirmResponseArgs {
+    /** The wallet's holder identity (authcrypt sender of the response). */
+    holder: Identity;
+    /** The RP's resolved keyAgreement endpoint (authcrypt recipient). */
+    rp: RemoteDidcommEndpoint;
+    /** Mediator to forward through (the shared mediator for the demo). */
+    mediator: RemoteDidcommEndpoint;
+    /** The user's decision. */
+    approved: boolean;
+    /** The request's challenge, echoed back for correlation. */
+    challenge: string;
+    /** The request's thread id, echoed as the response `thid`. */
+    thid: string;
+}
+/**
+ * Build the outer (routing/2.0/forward) JWE for a confirm response, ready to
+ * `send()` over the wallet's mediator session. Authcrypts the response to the
+ * RP, then wraps it in a forward to the mediator — the same outbound shape as
+ * `loginViaDidcomm`/`requestVtaApproval`.
+ */
+export declare function buildConfirmResponse(args: BuildConfirmResponseArgs): Promise<string>;
+//# sourceMappingURL=confirm.d.ts.map

package/dist/inbound/confirm.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirm.d.ts","sourceRoot":"","sources":["../../src/inbound/confirm.ts"],"names":[],"mappings":"AAQA,OAAO,EAAiD,KAAK,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACnG,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAM/D,eAAO,MAAM,oBAAoB,oDAAoD,CAAC;AACtF,eAAO,MAAM,qBAAqB,qDAAqD,CAAC;AAExF,wDAAwD;AACxD,MAAM,WAAW,cAAc;IAC7B;sCACkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,MAAM,EAAE,MAAM,CAAC;IACf,uDAAuD;IACvD,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,mDAAmD;AACnD,MAAM,WAAW,oBAAoB;IACnC,sDAAsD;IACtD,KAAK,EAAE,MAAM,CAAC;IACd,iEAAiE;IACjE,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,cAAc,CAAC;CACzB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,oBAAoB,GAAG,IAAI,CAkB7B;AAED,MAAM,WAAW,wBAAwB;IACvC,uEAAuE;IACvE,MAAM,EAAE,QAAQ,CAAC;IACjB,qEAAqE;IACrE,EAAE,EAAE,qBAAqB,CAAC;IAC1B,sEAAsE;IACtE,QAAQ,EAAE,qBAAqB,CAAC;IAChC,2BAA2B;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,4DAA4D;IAC5D,SAAS,EAAE,MAAM,CAAC;IAClB,8DAA8D;IAC9D,IAAI,EAAE,MAAM,CAAC;CACd;AAED;;;;;GAKG;AACH,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,wBAAwB,GAAG,OAAO,CAAC,MAAM,CAAC,CAiB1F"}

package/dist/inbound/confirm.js

@@ -0,0 +1,64 @@
+// RP→wallet confirmation protocol (Slice 2). An RP authcrypts a
+// `confirm/1.0` request to the wallet's holder did:peer (routed via its
+// mediator service); the wallet shows a consent prompt and authcrypts a
+// `confirm-response/1.0` back. Authentication is the authcrypt envelope on
+// both legs: the wallet trusts the RP because the request is authcrypted
+// from the RP's DID, and the RP trusts the response because it's authcrypted
+// from the holder did:peer it addressed. No extra signature needed.
+import { packAuthcrypt, packAuthcryptJson, wrapForward } from "../didcomm/index.js";
+// Canonical RP→wallet consent specs from trusttasks-tf. Replaces
+// the former wallet/confirm/* slugs; conformance + payload shape
+// documented at https://trusttasks.org/spec/confirm/request/0.1 and
+// /spec/confirm/response/0.1.
+export const CONFIRM_REQUEST_TYPE = "https://trusttasks.org/spec/confirm/request/0.1";
+export const CONFIRM_RESPONSE_TYPE = "https://trusttasks.org/spec/confirm/response/0.1";
+/**
+ * Validate a decrypted inbound DIDComm message as a `confirm/1.0` request.
+ * Returns `null` if it isn't one (so an `onInbound` handler can ignore other
+ * traffic). The `from` field is the authcrypt-authenticated RP DID.
+ */
+export function parseConfirmRequest(message) {
+    if (message.type !== CONFIRM_REQUEST_TYPE)
+        return null;
+    const from = typeof message.from === "string" ? message.from : null;
+    if (!from)
+        return null;
+    const body = (message.body ?? {});
+    if (typeof body.challenge !== "string" || typeof body.action !== "string")
+        return null;
+    const thid = (typeof message.thid === "string" ? message.thid : undefined) ??
+        (typeof message.id === "string" ? message.id : "");
+    return {
+        rpDid: from,
+        thid,
+        request: {
+            challenge: body.challenge,
+            action: body.action,
+            ...(typeof body.rpName === "string" ? { rpName: body.rpName } : {}),
+        },
+    };
+}
+/**
+ * Build the outer (routing/2.0/forward) JWE for a confirm response, ready to
+ * `send()` over the wallet's mediator session. Authcrypts the response to the
+ * RP, then wraps it in a forward to the mediator — the same outbound shape as
+ * `loginViaDidcomm`/`requestVtaApproval`.
+ */
+export async function buildConfirmResponse(args) {
+    const message = {
+        id: globalThis.crypto.randomUUID(),
+        type: CONFIRM_RESPONSE_TYPE,
+        from: args.holder.did,
+        to: [args.rp.did],
+        thid: args.thid,
+        body: { approved: args.approved, challenge: args.challenge },
+    };
+    const inner = await packAuthcrypt(message, args.holder, [
+        { kid: args.rp.keyAgreementKid, jwk: args.rp.keyAgreementPublicJwk },
+    ]);
+    const forwardJson = wrapForward(args.rp.did, args.holder.did, args.mediator.did, inner);
+    return packAuthcryptJson(forwardJson, args.holder, [
+        { kid: args.mediator.keyAgreementKid, jwk: args.mediator.keyAgreementPublicJwk },
+    ]);
+}
+//# sourceMappingURL=confirm.js.map

package/dist/inbound/confirm.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"confirm.js","sourceRoot":"","sources":["../../src/inbound/confirm.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,wEAAwE;AACxE,wEAAwE;AACxE,2EAA2E;AAC3E,yEAAyE;AACzE,6EAA6E;AAC7E,oEAAoE;AAEpE,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAiB,MAAM,qBAAqB,CAAC;AAGnG,iEAAiE;AACjE,iEAAiE;AACjE,oEAAoE;AACpE,8BAA8B;AAC9B,MAAM,CAAC,MAAM,oBAAoB,GAAG,iDAAiD,CAAC;AACtF,MAAM,CAAC,MAAM,qBAAqB,GAAG,kDAAkD,CAAC;AAsBxF;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CACjC,OAAgC;IAEhC,IAAI,OAAO,CAAC,IAAI,KAAK,oBAAoB;QAAE,OAAO,IAAI,CAAC;IACvD,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACpE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IACvB,MAAM,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAA4B,CAAC;IAC7D,IAAI,OAAO,IAAI,CAAC,SAAS,KAAK,QAAQ,IAAI,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IACvF,MAAM,IAAI,GACR,CAAC,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAC7D,CAAC,OAAO,OAAO,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACrD,OAAO;QACL,KAAK,EAAE,IAAI;QACX,IAAI;QACJ,OAAO,EAAE;YACP,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,GAAG,CAAC,OAAO,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpE;KACF,CAAC;AACJ,CAAC;AAiBD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAA8B;IACvE,MAAM,OAAO,GAAG;QACd,EAAE,EAAE,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE;QAClC,IAAI,EAAE,qBAAqB;QAC3B,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG;QACrB,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE;KAC7D,CAAC;IAEF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,EAAE;QACtD,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,eAAe,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,CAAC,qBAAqB,EAAE;KACrE,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACxF,OAAO,iBAAiB,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE;QACjD,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE;KACjF,CAAC,CAAC;AACL,CAAC"}

package/dist/inbound/dedup.d.ts

@@ -0,0 +1,9 @@
+import type { KVStore } from "../store/kv-store.js";
+/**
+ * Atomically record that an inbound message id has been handled.
+ *
+ * @returns `true` if the id was newly recorded (caller should process the
+ *   message); `false` if it had already been handled (a replay — skip it).
+ */
+export declare function markInboundHandled(store: KVStore, id: string): Promise<boolean>;
+//# sourceMappingURL=dedup.d.ts.map

package/dist/inbound/dedup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dedup.d.ts","sourceRoot":"","sources":["../../src/inbound/dedup.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAKpD;;;;;GAKG;AACH,wBAAsB,kBAAkB,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAOrF"}

package/dist/inbound/dedup.js

@@ -0,0 +1,31 @@
+// Durable de-duplication for inbound DIDComm messages.
+//
+// A message-pickup mediator keeps every un-acked message queued and replays
+// it on each (re)connection. An MV3 service worker is ephemeral, so the
+// offscreen mediator session reconnects often — without de-dup, the same
+// RP-initiated `confirm` request fires a fresh consent popup every time the
+// worker respawns. The mediator-side `messages-received` ack is the upstream
+// fix, but its effect depends on the mediator's queue-id semantics; this
+// client-side guard is the durable backstop and works regardless.
+//
+// State is persisted (KVStore → IndexedDB) so it survives worker respawns,
+// which is exactly when the replays arrive. Bounded to the most recent N ids.
+const HANDLED_IDS_KEY = "inbound:handled-ids";
+const MAX_HANDLED_IDS = 256;
+/**
+ * Atomically record that an inbound message id has been handled.
+ *
+ * @returns `true` if the id was newly recorded (caller should process the
+ *   message); `false` if it had already been handled (a replay — skip it).
+ */
+export async function markInboundHandled(store, id) {
+    const ids = (await store.get(HANDLED_IDS_KEY)) ?? [];
+    if (ids.includes(id))
+        return false;
+    ids.push(id);
+    if (ids.length > MAX_HANDLED_IDS)
+        ids.splice(0, ids.length - MAX_HANDLED_IDS);
+    await store.put(HANDLED_IDS_KEY, ids);
+    return true;
+}
+//# sourceMappingURL=dedup.js.map

package/dist/inbound/dedup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dedup.js","sourceRoot":"","sources":["../../src/inbound/dedup.ts"],"names":[],"mappings":"AAAA,uDAAuD;AACvD,EAAE;AACF,4EAA4E;AAC5E,wEAAwE;AACxE,yEAAyE;AACzE,4EAA4E;AAC5E,6EAA6E;AAC7E,yEAAyE;AACzE,kEAAkE;AAClE,EAAE;AACF,2EAA2E;AAC3E,8EAA8E;AAI9E,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAC9C,MAAM,eAAe,GAAG,GAAG,CAAC;AAE5B;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAAc,EAAE,EAAU;IACjE,MAAM,GAAG,GAAG,CAAC,MAAM,KAAK,CAAC,GAAG,CAAW,eAAe,CAAC,CAAC,IAAI,EAAE,CAAC;IAC/D,IAAI,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IACnC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,IAAI,GAAG,CAAC,MAAM,GAAG,eAAe;QAAE,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,eAAe,CAAC,CAAC;IAC9E,MAAM,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;IACtC,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/inbound/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./confirm.js";
+export * from "./dedup.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/inbound/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/inbound/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC"}

package/dist/inbound/index.js

@@ -0,0 +1,3 @@
+export * from "./confirm.js";
+export * from "./dedup.js";
+//# sourceMappingURL=index.js.map

package/dist/inbound/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/inbound/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,14 @@
+export * from "./webauthn/index.js";
+export * from "./did/index.js";
+export * from "./vta/index.js";
+export * from "./didcomm/index.js";
+export * from "./siop/index.js";
+export * from "./rp-login/index.js";
+export * from "./inbound/index.js";
+export * from "./onboarding/index.js";
+export * from "./store/index.js";
+export * from "./trust-tasks/index.js";
+export * from "./vault/index.js";
+export * from "./provision/index.js";
+export * from "./util/timing.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC"}

package/dist/index.js

@@ -0,0 +1,14 @@
+export * from "./webauthn/index.js";
+export * from "./did/index.js";
+export * from "./vta/index.js";
+export * from "./didcomm/index.js";
+export * from "./siop/index.js";
+export * from "./rp-login/index.js";
+export * from "./inbound/index.js";
+export * from "./onboarding/index.js";
+export * from "./store/index.js";
+export * from "./trust-tasks/index.js";
+export * from "./vault/index.js";
+export * from "./provision/index.js";
+export * from "./util/timing.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC;AACpC,cAAc,gBAAgB,CAAC;AAC/B,cAAc,gBAAgB,CAAC;AAC/B,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC;AAChC,cAAc,qBAAqB,CAAC;AACpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC;AACjC,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC"}

package/dist/onboarding/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./swap.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/onboarding/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/onboarding/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC"}

package/dist/onboarding/index.js

@@ -0,0 +1,2 @@
+export * from "./swap.js";
+//# sourceMappingURL=index.js.map

package/dist/onboarding/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/onboarding/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAC"}

package/dist/onboarding/swap.d.ts

@@ -0,0 +1,60 @@
+import { type Identity } from "../didcomm/index.js";
+import { type SigningIdentity } from "../siop/self-issued.js";
+import type { RemoteDidcommEndpoint } from "../vta/didcomm.js";
+import type { DidcommMessageBridge } from "../vta/transport.js";
+/** The ACL entry created for the new DID (the swap-acl result body). */
+export interface AclSwapResult {
+    did: string;
+    role: string;
+    label?: string | null;
+    allowed_contexts: string[];
+    created_at: number;
+    created_by: string;
+    expires_at?: number | null;
+}
+export interface SwapAclDidcommOptions {
+    /** Mediator-backed bridge that ships the JWE and surfaces the decrypted,
+     *  sender-authenticated reply (keyed by `thid`). */
+    bridge: DidcommMessageBridge;
+    /** Authcrypt sender = the OLD DID (the operator-granted ephemeral did:key). */
+    ephemeral: Identity;
+    /** Signs the VP-JWT; its DID is the NEW DID (the wallet's holder did:peer). */
+    holderSigning: SigningIdentity;
+    /** The VTA's DID + keyAgreement key (inner authcrypt recipient). */
+    service: RemoteDidcommEndpoint;
+    /** The VTA's mediator (forward target); omit for a direct, non-mediated send. */
+    mediator?: RemoteDidcommEndpoint;
+    /** The VTA's DID — the presentation `aud` + the expected reply `from`. */
+    vtaDid: string;
+    timeoutMs?: number;
+}
+/**
+ * Rotate the caller's ACL entry from the ephemeral DID onto the holder
+ * did:peer over DIDComm. Returns the new ACL entry. Throws if the VTA replies
+ * with anything other than a swap-acl-result (e.g. a problem-report).
+ */
+export declare function swapAclDidcomm(opts: SwapAclDidcommOptions): Promise<AclSwapResult>;
+export interface SwapAclRestOptions {
+    /** VTA REST base URL (from `#vta-rest`, e.g. `http://localhost:8100`). */
+    baseUrl: string;
+    /** Authcrypt sender = the OLD DID (the operator-granted ephemeral). */
+    ephemeral: Identity;
+    /** Signs the VP-JWT; its DID is the NEW DID (the wallet's holder did:peer). */
+    holderSigning: SigningIdentity;
+    /** The VTA's DID + keyAgreement (authcrypt recipient for `/auth/`). */
+    service: RemoteDidcommEndpoint;
+    /** The VTA's DID — the presentation `aud`. Usually `service.did`. */
+    vtaDid: string;
+    /** fetch impl (defaults to global). */
+    fetch?: typeof fetch;
+}
+/**
+ * REST-only swap: when a VTA advertises `#vta-rest` but no `#vta-didcomm`, the
+ * wallet still uses DIDComm authcrypt to authenticate (the VTA's `/auth/`
+ * unpacks a DIDComm message), then POSTs the swap over HTTP. Same proofs as
+ * the DIDComm path — the authcrypted authenticate message proves control of
+ * the ephemeral, the VP-JWT proves control of the holder did:peer — only the
+ * transport differs (direct HTTP, no mediator).
+ */
+export declare function swapAclRest(opts: SwapAclRestOptions): Promise<AclSwapResult>;
+//# sourceMappingURL=swap.d.ts.map

package/dist/onboarding/swap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"swap.d.ts","sourceRoot":"","sources":["../../src/onboarding/swap.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAiD,KAAK,QAAQ,EAAE,MAAM,qBAAqB,CAAC;AACnG,OAAO,EAAyB,KAAK,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACrF,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAOhE,wEAAwE;AACxE,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,MAAM,WAAW,qBAAqB;IACpC;wDACoD;IACpD,MAAM,EAAE,oBAAoB,CAAC;IAC7B,+EAA+E;IAC/E,SAAS,EAAE,QAAQ,CAAC;IACpB,+EAA+E;IAC/E,aAAa,EAAE,eAAe,CAAC;IAC/B,oEAAoE;IACpE,OAAO,EAAE,qBAAqB,CAAC;IAC/B,iFAAiF;IACjF,QAAQ,CAAC,EAAE,qBAAqB,CAAC;IACjC,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,IAAI,EAAE,qBAAqB,GAAG,OAAO,CAAC,aAAa,CAAC,CA+CxF;AAED,MAAM,WAAW,kBAAkB;IACjC,0EAA0E;IAC1E,OAAO,EAAE,MAAM,CAAC;IAChB,uEAAuE;IACvE,SAAS,EAAE,QAAQ,CAAC;IACpB,+EAA+E;IAC/E,aAAa,EAAE,eAAe,CAAC;IAC/B,uEAAuE;IACvE,OAAO,EAAE,qBAAqB,CAAC;IAC/B,qEAAqE;IACrE,MAAM,EAAE,MAAM,CAAC;IACf,uCAAuC;IACvC,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;CACtB;AAED;;;;;;;GAOG;AACH,wBAAsB,WAAW,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAsElF"}

package/dist/onboarding/swap.js

@@ -0,0 +1,148 @@
+// Onboarding key rotation — the wallet's ephemeral did:key, granted into a
+// VTA's ACL by the operator, is swapped onto the wallet's long-term holder
+// did:peer on first connect via the canonical Trust Task `acl/swap-key/0.1`.
+//
+// Two proofs ride along, exactly as the VTA's swap-acl handler expects:
+//   - the DIDComm authcrypt envelope authenticates the **ephemeral** (the
+//     "currentSubject" being rotated away from), via its sender key;
+//   - the inner VP-JWT (`issueSwapPresentation`) — carried as `linkProof` —
+//     proves control of the **holder did:peer** (the "newSubject"),
+//     signed by its #key-2.
+//
+// Mirrors `requestVtaApproval`: build message → authcrypt to the VTA → forward
+// via its mediator → await the reply by `thid`. DIDComm is the first-class
+// path — the authcrypt envelope *is* the caller authentication, so no separate
+// token round-trip is needed.
+//
+// Wire format: the canonical Trust Task URI `acl/swap-key/0.1` per the
+// dtgwg-trust-tasks-tf registry. The VTA also accepts the legacy
+// `firstperson.network/protocols/acl-management/1.0/swap-acl` URI during the
+// deprecation window so older plugins keep working; new plugins SHOULD emit
+// the canonical URI.
+import { packAuthcrypt, packAuthcryptJson, wrapForward } from "../didcomm/index.js";
+import { issueSwapPresentation } from "../siop/self-issued.js";
+const ACL_SWAP_KEY = "https://trusttasks.org/spec/acl/swap-key/0.1";
+const ACL_SWAP_KEY_RESPONSE = "https://trusttasks.org/spec/acl/swap-key/0.1#response";
+const VTA_AUTHENTICATE = "https://affinidi.com/atm/1.0/authenticate";
+const DEFAULT_TIMEOUT_MS = 30_000;
+/**
+ * Rotate the caller's ACL entry from the ephemeral DID onto the holder
+ * did:peer over DIDComm. Returns the new ACL entry. Throws if the VTA replies
+ * with anything other than a swap-acl-result (e.g. a problem-report).
+ */
+export async function swapAclDidcomm(opts) {
+    const { bridge, ephemeral, holderSigning, service, mediator, vtaDid } = opts;
+    const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    const linkProof = issueSwapPresentation({ holder: holderSigning, audience: vtaDid });
+    const requestId = globalThis.crypto.randomUUID();
+    const message = {
+        id: requestId,
+        type: ACL_SWAP_KEY,
+        from: ephemeral.did,
+        to: [service.did],
+        body: {
+            currentSubject: ephemeral.did,
+            newSubject: holderSigning.did,
+            linkProof,
+        },
+    };
+    const inner = await packAuthcrypt(message, ephemeral, [
+        { kid: service.keyAgreementKid, jwk: service.keyAgreementPublicJwk },
+    ]);
+    let outer = inner;
+    if (mediator) {
+        const forwardJson = wrapForward(service.did, ephemeral.did, mediator.did, inner);
+        outer = await packAuthcryptJson(forwardJson, ephemeral, [
+            { kid: mediator.keyAgreementKid, jwk: mediator.keyAgreementPublicJwk },
+        ]);
+    }
+    const reply = await bridge.sendAndAwaitReply(outer, requestId, { timeoutMs });
+    if (reply.thid !== requestId) {
+        throw new Error(`acl/swap-key: reply thid ${reply.thid ?? "(none)"} != request ${requestId}`);
+    }
+    if (reply.from !== vtaDid) {
+        throw new Error(`acl/swap-key: reply from ${reply.from ?? "(none)"} != VTA ${vtaDid}`);
+    }
+    if (reply.type !== ACL_SWAP_KEY_RESPONSE) {
+        // Most commonly a problem-report (e.g. the VP failed to verify, or the
+        // ephemeral isn't in the ACL yet).
+        throw new Error(`acl/swap-key: ${reply.type ?? "(no type)"} — ${JSON.stringify(reply.body ?? {})}`);
+    }
+    return (reply.body ?? {});
+}
+/**
+ * REST-only swap: when a VTA advertises `#vta-rest` but no `#vta-didcomm`, the
+ * wallet still uses DIDComm authcrypt to authenticate (the VTA's `/auth/`
+ * unpacks a DIDComm message), then POSTs the swap over HTTP. Same proofs as
+ * the DIDComm path — the authcrypted authenticate message proves control of
+ * the ephemeral, the VP-JWT proves control of the holder did:peer — only the
+ * transport differs (direct HTTP, no mediator).
+ */
+export async function swapAclRest(opts) {
+    const { baseUrl, ephemeral, holderSigning, service, vtaDid } = opts;
+    const f = opts.fetch ?? fetch.bind(globalThis);
+    const base = baseUrl.replace(/\/+$/, "");
+    // 1. /auth/challenge → flat { challenge, sessionId, expiresAt } per
+    //    `vti_common::auth::handlers::challenge::ChallengeResponse`. Fields
+    //    are top-level, NOT nested under `data`.
+    const cRes = await f(`${base}/auth/challenge`, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify({ did: ephemeral.did }),
+    });
+    if (!cRes.ok) {
+        throw new Error(`vta /auth/challenge failed (${cRes.status}): ${await cRes.text()}`);
+    }
+    const cBody = (await cRes.json());
+    if (!cBody.sessionId || !cBody.challenge) {
+        throw new Error(`vta /auth/challenge: malformed response: ${JSON.stringify(cBody)}`);
+    }
+    // 2. Authcrypt an `atm/1.0/authenticate` message to the VTA (direct, no
+    //    forward — there's no mediator on this transport).
+    const authMsg = {
+        id: globalThis.crypto.randomUUID(),
+        type: VTA_AUTHENTICATE,
+        from: ephemeral.did,
+        to: [service.did],
+        body: { challenge: cBody.challenge, session_id: cBody.sessionId },
+    };
+    const packed = await packAuthcrypt(authMsg, ephemeral, [
+        { kid: service.keyAgreementKid, jwk: service.keyAgreementPublicJwk },
+    ]);
+    // 3. POST the packed JWE to `/auth/` → AuthenticateResponse with
+    //    { session, tokens: { accessToken, ... } } per vta-sdk's
+    //    `protocols::auth::AuthenticateResponse`.
+    const aRes = await f(`${base}/auth/`, {
+        method: "POST",
+        headers: { "content-type": "application/didcomm-encrypted+json" },
+        body: packed,
+    });
+    if (!aRes.ok) {
+        throw new Error(`vta /auth/ failed (${aRes.status}): ${await aRes.text()}`);
+    }
+    const aBody = (await aRes.json());
+    const accessToken = aBody.tokens?.accessToken;
+    if (!accessToken) {
+        throw new Error(`vta /auth/: malformed response: ${JSON.stringify(aBody)}`);
+    }
+    // 4. POST /acl/swap with Bearer + the holder's VP-JWT (as `linkProof`) → the
+    //    new ACL entry. Canonical Trust Task `acl/swap-key/0.1` body shape.
+    const linkProof = issueSwapPresentation({ holder: holderSigning, audience: vtaDid });
+    const sRes = await f(`${base}/acl/swap`, {
+        method: "POST",
+        headers: {
+            "content-type": "application/json",
+            authorization: `Bearer ${accessToken}`,
+        },
+        body: JSON.stringify({
+            currentSubject: ephemeral.did,
+            newSubject: holderSigning.did,
+            linkProof,
+        }),
+    });
+    if (!sRes.ok) {
+        throw new Error(`vta /acl/swap failed (${sRes.status}): ${await sRes.text()}`);
+    }
+    return (await sRes.json());
+}
+//# sourceMappingURL=swap.js.map

package/dist/onboarding/swap.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"swap.js","sourceRoot":"","sources":["../../src/onboarding/swap.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,2EAA2E;AAC3E,6EAA6E;AAC7E,EAAE;AACF,wEAAwE;AACxE,0EAA0E;AAC1E,qEAAqE;AACrE,4EAA4E;AAC5E,oEAAoE;AACpE,4BAA4B;AAC5B,EAAE;AACF,+EAA+E;AAC/E,2EAA2E;AAC3E,+EAA+E;AAC/E,8BAA8B;AAC9B,EAAE;AACF,uEAAuE;AACvE,iEAAiE;AACjE,6EAA6E;AAC7E,4EAA4E;AAC5E,qBAAqB;AAErB,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,WAAW,EAAiB,MAAM,qBAAqB,CAAC;AACnG,OAAO,EAAE,qBAAqB,EAAwB,MAAM,wBAAwB,CAAC;AAIrF,MAAM,YAAY,GAAG,8CAA8C,CAAC;AACpE,MAAM,qBAAqB,GAAG,uDAAuD,CAAC;AACtF,MAAM,gBAAgB,GAAG,2CAA2C,CAAC;AACrE,MAAM,kBAAkB,GAAG,MAAM,CAAC;AA8BlC;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAA2B;IAC9D,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,kBAAkB,CAAC;IAEvD,MAAM,SAAS,GAAG,qBAAqB,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IACrF,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IACjD,MAAM,OAAO,GAAG;QACd,EAAE,EAAE,SAAS;QACb,IAAI,EAAE,YAAY;QAClB,IAAI,EAAE,SAAS,CAAC,GAAG;QACnB,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;QACjB,IAAI,EAAE;YACJ,cAAc,EAAE,SAAS,CAAC,GAAG;YAC7B,UAAU,EAAE,aAAa,CAAC,GAAG;YAC7B,SAAS;SACV;KACF,CAAC;IAEF,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE;QACpD,EAAE,GAAG,EAAE,OAAO,CAAC,eAAe,EAAE,GAAG,EAAE,OAAO,CAAC,qBAAqB,EAAE;KACrE,CAAC,CAAC;IAEH,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,QAAQ,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACjF,KAAK,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,SAAS,EAAE;YACtD,EAAE,GAAG,EAAE,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE,QAAQ,CAAC,qBAAqB,EAAE;SACvE,CAAC,CAAC;IACL,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;IAE9E,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,CAAC,IAAI,IAAI,QAAQ,eAAe,SAAS,EAAE,CAAC,CAAC;IAChG,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,CAAC,IAAI,IAAI,QAAQ,WAAW,MAAM,EAAE,CAAC,CAAC;IACzF,CAAC;IACD,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;QACzC,uEAAuE;QACvE,mCAAmC;QACnC,MAAM,IAAI,KAAK,CACb,iBAAiB,KAAK,CAAC,IAAI,IAAI,WAAW,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CACnF,CAAC;IACJ,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,IAAI,IAAI,EAAE,CAAkB,CAAC;AAC7C,CAAC;AAiBD;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,IAAwB;IACxD,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACpE,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAEzC,oEAAoE;IACpE,wEAAwE;IACxE,6CAA6C;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,iBAAiB,EAAE;QAC7C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,SAAS,CAAC,GAAG,EAAE,CAAC;KAC7C,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,MAAM,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACvF,CAAC;IACD,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA+C,CAAC;IAChF,IAAI,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvF,CAAC;IAED,wEAAwE;IACxE,uDAAuD;IACvD,MAAM,OAAO,GAAG;QACd,EAAE,EAAE,UAAU,CAAC,MAAM,CAAC,UAAU,EAAE;QAClC,IAAI,EAAE,gBAAgB;QACtB,IAAI,EAAE,SAAS,CAAC,GAAG;QACnB,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;QACjB,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,UAAU,EAAE,KAAK,CAAC,SAAS,EAAE;KAClE,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE;QACrD,EAAE,GAAG,EAAE,OAAO,CAAC,eAAe,EAAE,GAAG,EAAE,OAAO,CAAC,qBAAqB,EAAE;KACrE,CAAC,CAAC;IAEH,iEAAiE;IACjE,6DAA6D;IAC7D,8CAA8C;IAC9C,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,QAAQ,EAAE;QACpC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,oCAAoC,EAAE;QACjE,IAAI,EAAE,MAAM;KACb,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,CAAC,MAAM,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAA0C,CAAC;IAC3E,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC;IAC9C,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,mCAAmC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,6EAA6E;IAC7E,wEAAwE;IACxE,MAAM,SAAS,GAAG,qBAAqB,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;IACrF,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,IAAI,WAAW,EAAE;QACvC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,WAAW,EAAE;SACvC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,cAAc,EAAE,SAAS,CAAC,GAAG;YAC7B,UAAU,EAAE,aAAa,CAAC,GAAG;YAC7B,SAAS;SACV,CAAC;KACH,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,CAAC,MAAM,MAAM,MAAM,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACjF,CAAC;IACD,OAAO,CAAC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAkB,CAAC;AAC9C,CAAC"}

package/dist/provision/adopt.d.ts

@@ -0,0 +1,31 @@
+import type { MinimalAdminReply } from "./run.js";
+/** Inputs for `installVtaMintedHolder` extracted from a VTA admin reply.
+ *
+ *  The wallet persists the Ed25519 SEED only — the X25519 keyAgreement
+ *  secret is deterministic from the seed (Montgomery clamping). That's
+ *  the same persistence model the v3 did:peer holder uses and what
+ *  `buildHolder` reconstructs on load. */
+export interface HolderInputsFromAdminReply {
+    did: string;
+    signingKid: string;
+    keyAgreementKid: string;
+    edSeed: Uint8Array;
+    vtaDid: string;
+    vtaUrl?: string;
+}
+/** Pull the wallet-persistable shape out of a `MinimalAdminReply`.
+ *
+ *  Decodes the multibase private keys, verifies the multicodec prefix,
+ *  and cross-checks that:
+ *    - the X25519 secret the VTA shipped equals `toMontgomerySecret(edSeed)`
+ *      — defence against a buggy or hostile VTA that ships an X25519
+ *      secret independent of the Ed25519 seed; the wallet's loader will
+ *      *always* recompute X25519 from the seed, so the two MUST agree
+ *      or any DIDComm authcrypt the wallet attempts later will fail in
+ *      a deeply confusing way at AEAD-open time.
+ *    - the Ed25519 public key the seed expands to matches the multibase
+ *      identifier inside the `did:key` — confirms the wallet receives a
+ *      legitimate did:key (not a forged DID claiming a key it doesn't
+ *      control). */
+export declare function holderInputsFromAdminReply(reply: MinimalAdminReply): HolderInputsFromAdminReply;
+//# sourceMappingURL=adopt.d.ts.map

package/dist/provision/adopt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adopt.d.ts","sourceRoot":"","sources":["../../src/provision/adopt.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAKlD;;;;;0CAK0C;AAC1C,MAAM,WAAW,0BAA0B;IACzC,GAAG,EAAE,MAAM,CAAC;IACZ,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,MAAM,EAAE,UAAU,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;;;;oBAaoB;AACpB,wBAAgB,0BAA0B,CACxC,KAAK,EAAE,iBAAiB,GACvB,0BAA0B,CAkE5B"}