@particle/esim-tooling 1.0.0

package/src/es10/index.ts

@@ -0,0 +1,42 @@
+export {
+  encodeGetEidRequest,
+  decodeGetEidResponse,
+  encodeGetProfilesInfoRequest,
+  decodeGetProfilesInfoResponse,
+  encodeEnableProfileRequest,
+  decodeEnableProfileResponse,
+  encodeDisableProfileRequest,
+  decodeDisableProfileResponse,
+  encodeDeleteProfileRequest,
+  decodeDeleteProfileResponse,
+} from './es10c.js';
+
+export {
+  encodeGetEuiccChallengeRequest,
+  decodeGetEuiccChallengeResponse,
+  encodeGetEuiccInfo1Request,
+  encodeAuthenticateServerRequest,
+  decodeAuthenticateServerResponse,
+  encodePrepareDownloadRequest,
+  decodePrepareDownloadResponse,
+  hashConfirmationCode,
+  encodeCancelSessionRequest,
+} from './es10b.js';
+
+export type {
+  AuthenticateServerParams,
+  PrepareDownloadParams,
+  AuthenticateServerDecodedResponse,
+  PrepareDownloadDecodedResponse,
+} from './es10b.js';
+
+export {
+  encodeListNotificationRequest,
+  decodeListNotificationResponse,
+  encodeRetrieveNotificationsListRequest,
+  decodeRetrieveNotificationsListResponse,
+  decodeRetrieveNotificationsListFull,
+  decodeBppInstallationResult,
+  encodeRemoveNotificationRequest,
+  decodeRemoveNotificationResponse,
+} from './es10b-notifications.js';

package/src/es10/tags.ts

@@ -0,0 +1,69 @@
+// ES10c - Profile Management
+export const TAG_PROFILE_INFO_LIST_REQUEST = 0xbf2d;
+export const TAG_PROFILE_INFO = 0xe3;
+export const TAG_ICCID = 0x5a;
+export const TAG_ISDP_AID = 0x4f;
+export const TAG_PROFILE_STATE = 0x9f70;
+export const TAG_PROFILE_NICKNAME = 0x90;
+export const TAG_SERVICE_PROVIDER_NAME = 0x91;
+export const TAG_PROFILE_NAME = 0x92;
+export const TAG_PROFILE_CLASS = 0x95;
+export const TAG_TAG_LIST = 0x5c;
+export const TAG_GET_EID_REQUEST = 0xbf3e;
+export const TAG_EID = 0x5a;
+export const TAG_ENABLE_PROFILE_REQUEST = 0xbf31;
+export const TAG_DISABLE_PROFILE_REQUEST = 0xbf32;
+export const TAG_DELETE_PROFILE_REQUEST = 0xbf33;
+export const TAG_PROFILE_IDENTIFIER = 0xa0;
+export const TAG_REFRESH_FLAG = 0x81;
+export const TAG_RESULT = 0x80;
+
+// ES10b - Profile Download
+export const TAG_GET_EUICC_CHALLENGE_REQUEST = 0xbf2e;
+export const TAG_EUICC_CHALLENGE = 0x80;
+export const TAG_GET_EUICC_INFO1_REQUEST = 0xbf20;
+export const TAG_AUTHENTICATE_SERVER_REQUEST = 0xbf38;
+export const TAG_CTX_PARAMS1 = 0xa0;
+export const TAG_MATCHING_ID = 0x80;
+export const TAG_DEVICE_INFO = 0xa1;
+export const TAG_PREPARE_DOWNLOAD_REQUEST = 0xbf21;
+export const TAG_HASH_CC = 0x04;
+export const TAG_EUICC_SIGNATURE1 = 0x5f37;
+export const TAG_CANCEL_SESSION_REQUEST = 0xbf41;
+export const TAG_CANCEL_SESSION_REASON = 0x80;
+export const TAG_CANCEL_SESSION_TRANSACTION_ID = 0x80;
+
+// ES10b - BPP Loading
+export const TAG_BOUND_PROFILE_PACKAGE = 0xbf36;
+
+// ES10b - Notifications
+export const TAG_LIST_NOTIFICATION_REQUEST = 0xbf28;
+export const TAG_NOTIFICATION_METADATA_LIST = 0xa0;
+export const TAG_NOTIFICATION_METADATA = 0xbf2f;
+export const TAG_NOTIFICATION_SEQ_NUMBER = 0x80;
+export const TAG_NOTIFICATION_OPERATION = 0x81;
+export const TAG_NOTIFICATION_ADDRESS = 0x0c;
+export const TAG_NOTIFICATION_ICCID = 0x5a;
+export const TAG_RETRIEVE_NOTIFICATIONS_LIST_REQUEST = 0xbf2b;
+export const TAG_NOTIFICATION_SEARCH_CRITERIA = 0xa0;
+export const TAG_REMOVE_NOTIFICATION_REQUEST = 0xbf30;
+export const TAG_DELETE_NOTIFICATION_STATUS = 0x80;
+
+// ES10b - ProfileInstallationResult (in notifications and BPP response)
+export const TAG_PROFILE_INSTALLATION_RESULT = 0xbf37;
+export const TAG_PROFILE_INSTALLATION_RESULT_DATA = 0xbf27;
+export const TAG_FINAL_RESULT = 0xa2; // success - contains ICCID
+export const TAG_ERROR_RESULT = 0xa1; // failure - contains subjectCode + reasonCode
+export const TAG_SUBJECT_CODE = 0x80;
+export const TAG_REASON_CODE = 0x81;
+
+// ES10b - OtherSignedNotification (SEQUENCE tag)
+export const TAG_OTHER_SIGNED_NOTIFICATION = 0x30;
+
+// ES10b - AuthenticateServer response
+export const TAG_AUTH_SERVER_RESPONSE_OK = 0xa0;
+export const TAG_AUTH_SERVER_RESPONSE_ERROR = 0xa1;
+
+// ES10b - PrepareDownload response
+export const TAG_PREPARE_DOWNLOAD_RESPONSE_OK = 0xa0;
+export const TAG_PREPARE_DOWNLOAD_RESPONSE_ERROR = 0xa1;

package/src/es9plus.ts

@@ -0,0 +1,331 @@
+import { Es9PlusError } from './errors.js';
+import type { ServerAdapter } from './types.js';
+import { tlvEncode, tlvDecode, tlvConcat, type TlvNode } from './tlv.js';
+import { decodeIccid } from './es10/iccid.js';
+
+// ES9+ operation tags (SGP.22 ASN.1)
+const TAG_REMOTE_PROFILE_PROVISIONING = 0xa2; // [2] RemoteProfileProvisioningRequest/Response wrapper (SGP.22 6.6.1)
+const TAG_INITIATE_AUTH = 0xbf39; // [57] InitiateAuthenticationRequest/Response
+const TAG_GET_BPP = 0xbf3a; // [58] GetBoundProfilePackageRequest/Response
+const TAG_AUTHENTICATE_CLIENT = 0xbf3b; // [59] AuthenticateClientRequest/Response
+const TAG_HANDLE_NOTIFICATION = 0xbf3d; // [61] HandleNotification
+const TAG_CANCEL_SESSION = 0xbf41; // [65] CancelSessionRequestEs9/Response
+
+// Common ASN.1 tags
+const TAG_OCTET_STRING = 0x04;
+
+// ES9+ CHOICE response tags (AUTOMATIC TAGS → implicit context tags)
+// Success variants are context [0], error INTEGER is context [1]
+const TAG_RESPONSE_OK = 0xa0; // [0] IMPLICIT SEQUENCE (constructed)
+const TAG_RESPONSE_ERROR = 0x81; // [1] IMPLICIT INTEGER (primitive)
+
+// ES9+ error code names (SGP.22 Section 6.5.2)
+const ES9PLUS_ERROR_NAMES: Record<number, string> = {
+  1: 'eumCertificateInvalid',
+  2: 'eumCertificateExpired',
+  3: 'euiccCertificateInvalid',
+  4: 'euiccCertificateExpired',
+  5: 'euiccSignatureInvalid',
+  6: 'matchingIdRefused',
+  7: 'eidMismatch',
+  8: 'noEligibleProfile',
+  9: 'ciPKUnknown',
+  10: 'invalidTransactionId',
+  11: 'insufficientMemory',
+  12: 'ciPKMismatch',
+  127: 'undefinedError',
+};
+
+// Context tags for IMPLICIT fields in ES9+ SEQUENCE members
+const TAG_TRANSACTION_ID = 0x80; // [0] TransactionId (OCTET STRING)
+const TAG_EUICC_CHALLENGE = 0x81; // [1] Octet16
+const TAG_SMDP_ADDRESS = 0x83; // [3] UTF8String
+
+// Tags inside StoreMetadataRequest (profileMetadata)
+const TAG_ICCID = 0x5a; // [APPLICATION 26] ICCID
+const TAG_PROFILE_METADATA = 0xbf25; // [37] StoreMetadataRequest
+const TAG_SERVICE_PROVIDER_NAME = 0x91; // [17] UTF8String
+const TAG_PROFILE_NAME = 0x92; // [18] UTF8String
+
+export interface InitiateAuthParams {
+  euiccChallenge: Uint8Array;
+  euiccInfo1: Uint8Array;
+}
+
+export interface InitiateAuthResponse {
+  transactionId: string;
+  serverSigned1: Uint8Array;
+  serverSignature1: Uint8Array;
+  euiccCiPKIdToBeUsed: Uint8Array;
+  serverCertificate: Uint8Array;
+}
+
+export interface AuthenticateClientParams {
+  transactionId: string;
+  authenticateServerResponse: Uint8Array;
+}
+
+export interface AuthenticateClientResponse {
+  transactionId: string;
+  smdpSigned2: Uint8Array;
+  smdpSignature2: Uint8Array;
+  smdpCertificate: Uint8Array;
+  profileMetadata?: ProfileMetadata;
+}
+
+export interface ProfileMetadata {
+  iccid?: string;
+  serviceProviderName?: string;
+  profileName?: string;
+}
+
+export interface GetBppParams {
+  transactionId: string;
+  prepareDownloadResponse: Uint8Array;
+}
+
+export interface GetBppResponse {
+  transactionId: string;
+  boundProfilePackage: Uint8Array;
+}
+
+export class Es9PlusClient {
+  private server: ServerAdapter;
+
+  constructor(server: ServerAdapter) {
+    this.server = server;
+  }
+
+  async initiateAuthentication(smdpAddress: string, params: InitiateAuthParams): Promise<InitiateAuthResponse> {
+    const body = tlvConcat(
+      tlvEncode(TAG_EUICC_CHALLENGE, params.euiccChallenge),
+      tlvEncode(TAG_SMDP_ADDRESS, new TextEncoder().encode(smdpAddress)),
+      params.euiccInfo1, // already DER-encoded with BF20 tag
+    );
+    const requestData = tlvEncode(TAG_INITIATE_AUTH, body);
+
+    const responseData = await this.sendRequest(smdpAddress, 'initiateAuthentication', requestData);
+    const outer = tlvDecode(responseData);
+    this.expectTag(outer, TAG_INITIATE_AUTH, 'initiateAuthentication');
+
+    const inner = this.getFirstChild(outer, 'initiateAuthentication');
+    if (inner.tag === TAG_RESPONSE_ERROR) {
+      throw this.makeError('initiateAuthentication', inner.value);
+    }
+
+    // Success SEQUENCE: [0]txId, ServerSigned1, 5F37 sig, 04 ciPKId, Certificate
+    const children = this.expectChildren(inner, 5, 'initiateAuthentication');
+
+    return {
+      transactionId: bytesToHex(children[0].value),
+      serverSigned1: children[1].raw!,
+      serverSignature1: children[2].raw!,
+      euiccCiPKIdToBeUsed: children[3].raw!,
+      serverCertificate: children[4].raw!,
+    };
+  }
+
+  async authenticateClient(smdpAddress: string, params: AuthenticateClientParams): Promise<AuthenticateClientResponse> {
+    const body = tlvConcat(
+      tlvEncode(TAG_TRANSACTION_ID, hexToBytes(params.transactionId)),
+      params.authenticateServerResponse, // already DER-encoded with BF38 tag
+    );
+    const requestData = tlvEncode(TAG_AUTHENTICATE_CLIENT, body);
+
+    const responseData = await this.sendRequest(smdpAddress, 'authenticateClient', requestData);
+    const outer = tlvDecode(responseData);
+    this.expectTag(outer, TAG_AUTHENTICATE_CLIENT, 'authenticateClient');
+
+    const inner = this.getFirstChild(outer, 'authenticateClient');
+    if (inner.tag === TAG_RESPONSE_ERROR) {
+      throw this.makeError('authenticateClient', inner.value);
+    }
+
+    // Success SEQUENCE: [0]txId, [37]profileMetadata?, SmdpSigned2, 5F37 sig, Certificate
+    const children = inner.children;
+    if (!children || children.length < 4) {
+      throw new Es9PlusError({ statusCode: 200, message: 'Incomplete authenticateClient response' });
+    }
+
+    let idx = 0;
+    const txId = bytesToHex(children[idx++].value);
+
+    let profileMetadata: ProfileMetadata | undefined;
+    if (idx < children.length && children[idx].tag === TAG_PROFILE_METADATA) {
+      profileMetadata = this.parseProfileMetadata(children[idx]);
+      idx++;
+    }
+
+    if (idx + 3 > children.length) {
+      throw new Es9PlusError({ statusCode: 200, message: 'Incomplete authenticateClient response' });
+    }
+
+    return {
+      transactionId: txId,
+      smdpSigned2: children[idx].raw!,
+      smdpSignature2: children[idx + 1].raw!,
+      smdpCertificate: children[idx + 2].raw!,
+      profileMetadata,
+    };
+  }
+
+  async getBoundProfilePackage(smdpAddress: string, params: GetBppParams): Promise<GetBppResponse> {
+    const body = tlvConcat(
+      tlvEncode(TAG_TRANSACTION_ID, hexToBytes(params.transactionId)),
+      params.prepareDownloadResponse, // already DER-encoded with BF21 tag
+    );
+    const requestData = tlvEncode(TAG_GET_BPP, body);
+
+    const responseData = await this.sendRequest(smdpAddress, 'getBoundProfilePackage', requestData);
+    const outer = tlvDecode(responseData);
+    this.expectTag(outer, TAG_GET_BPP, 'getBoundProfilePackage');
+
+    const inner = this.getFirstChild(outer, 'getBoundProfilePackage');
+    if (inner.tag === TAG_RESPONSE_ERROR) {
+      throw this.makeError('getBoundProfilePackage', inner.value);
+    }
+
+    // Success SEQUENCE: [0]txId, BF36{bpp}
+    const children = this.expectChildren(inner, 2, 'getBoundProfilePackage');
+
+    return {
+      transactionId: bytesToHex(children[0].value),
+      boundProfilePackage: children[1].raw!,
+    };
+  }
+
+  async handleNotification(notificationAddress: string, pendingNotification: Uint8Array): Promise<void> {
+    // BF3D { pendingNotification }, wrapped in A2 per SGP.22 Section 6.6.1
+    const innerRequest = tlvEncode(TAG_HANDLE_NOTIFICATION, pendingNotification);
+    const requestData = tlvEncode(TAG_REMOTE_PROFILE_PROVISIONING, innerRequest);
+
+    const response = await this.server.sendRsp(
+      notificationAddress,
+      'handleNotification',
+      requestData,
+    );
+
+    if (response.statusCode === 204) return;
+
+    if (response.statusCode !== 200) {
+      throw new Es9PlusError({
+        statusCode: response.statusCode,
+        message: `handleNotification failed: HTTP ${response.statusCode}`,
+      });
+    }
+  }
+
+  async cancelSession(smdpAddress: string, transactionId: string, cancelSessionResponse: Uint8Array): Promise<void> {
+    // CancelSessionRequestEs9: transactionId has no context tag, uses native OCTET STRING
+    const body = tlvConcat(
+      tlvEncode(TAG_OCTET_STRING, hexToBytes(transactionId)),
+      cancelSessionResponse, // already DER-encoded with BF41 tag
+    );
+    const requestData = tlvEncode(TAG_CANCEL_SESSION, body);
+
+    await this.sendRequest(smdpAddress, 'cancelSession', requestData);
+  }
+
+  private async sendRequest(smdpAddress: string, endpoint: string, requestData: Uint8Array): Promise<Uint8Array> {
+    // Wrap request in RemoteProfileProvisioningRequest (A2) per SGP.22 Section 6.6.1
+    const wrappedRequest = tlvEncode(TAG_REMOTE_PROFILE_PROVISIONING, requestData);
+
+    const response = await this.server.sendRsp(smdpAddress, endpoint, wrappedRequest);
+
+    if (response.statusCode !== 200) {
+      throw new Es9PlusError({
+        statusCode: response.statusCode,
+        message: `${endpoint} failed: HTTP ${response.statusCode}`,
+      });
+    }
+
+    if (!response.responseData || response.responseData.length === 0) {
+      throw new Es9PlusError({
+        statusCode: response.statusCode,
+        message: `${endpoint} returned empty response`,
+      });
+    }
+
+    // Unwrap RemoteProfileProvisioningResponse (A2) wrapper per SGP.22 Section 6.6.1
+    const wrapper = tlvDecode(response.responseData);
+    this.expectTag(wrapper, TAG_REMOTE_PROFILE_PROVISIONING, endpoint);
+
+    // Return the raw bytes of the inner CHOICE element
+    const inner = this.getFirstChild(wrapper, endpoint);
+    return inner.raw!;
+  }
+
+  private expectTag(node: TlvNode, tag: number, operation: string): void {
+    if (node.tag !== tag) {
+      throw new Es9PlusError({
+        statusCode: 200,
+        message: `${operation}: unexpected response tag 0x${node.tag.toString(16)}`,
+      });
+    }
+  }
+
+  private getFirstChild(node: TlvNode, operation: string): TlvNode {
+    const inner = node.children?.[0];
+    if (!inner) {
+      throw new Es9PlusError({ statusCode: 200, message: `${operation}: empty response` });
+    }
+    return inner;
+  }
+
+  private expectChildren(node: TlvNode, minCount: number, operation: string): TlvNode[] {
+    const children = node.children;
+    if (!children || children.length < minCount) {
+      throw new Es9PlusError({
+        statusCode: 200,
+        message: `${operation}: incomplete response (expected ${minCount} fields, got ${children?.length ?? 0})`,
+      });
+    }
+    return children;
+  }
+
+  private parseProfileMetadata(node: TlvNode): ProfileMetadata {
+    const result: ProfileMetadata = {};
+    if (!node.children) return result;
+
+    for (const child of node.children) {
+      switch (child.tag) {
+        case TAG_ICCID:
+          result.iccid = decodeIccid(child.value);
+          break;
+        case TAG_SERVICE_PROVIDER_NAME:
+          result.serviceProviderName = new TextDecoder().decode(child.value);
+          break;
+        case TAG_PROFILE_NAME:
+          result.profileName = new TextDecoder().decode(child.value);
+          break;
+      }
+    }
+
+    return result;
+  }
+
+  private makeError(operation: string, errorValue: Uint8Array): Es9PlusError {
+    const code = errorValue.length > 0 ? errorValue[0] : 0;
+    const name = ES9PLUS_ERROR_NAMES[code] ?? `code ${code}`;
+    return new Es9PlusError({
+      statusCode: 200,
+      serverStatus: 'Failed',
+      reasonCode: String(code),
+      message: `${operation} failed: ${name}`,
+    });
+  }
+}
+
+function hexToBytes(hex: string): Uint8Array {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+  }
+  return bytes;
+}
+
+function bytesToHex(bytes: Uint8Array): string {
+  return Array.from(bytes)
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
+}

package/src/gsma-rsp2-root-ci1.ts

@@ -0,0 +1,53 @@
+/**
+ * GSMA RSP2 Root CI1 Certificate
+ *
+ * This is the root Certificate Issuer (CI) for the GSMA Remote SIM Provisioning
+ * (RSP) ecosystem. It is used to:
+ *
+ * 1. Sign TLS certificates for SM-DP+ servers (enabling secure HTTPS connections)
+ * 2. Sign the SGP.22 PKI chain (EUM certificates, eUICC certificates)
+ *
+ * Certificate Details:
+ * - Subject: O=GSM Association, CN=GSM Association - RSP2 Root CI1
+ * - Issuer: Self-signed (same as subject)
+ * - Validity: Feb 22, 2017 - Feb 21, 2052
+ * - Subject Key ID: 81:37:0F:51:25:D0:B1:D4:08:D4:C3:B2:32:E6:D2:5E:79:5B:EB:FB
+ * - Algorithm: ECDSA with SHA-256 (P-256 curve)
+ *
+ * This certificate is NOT included in standard OS/browser CA stores because it's
+ * a private PKI specific to the GSMA eSIM ecosystem. Embedding it here allows
+ * the proxy to securely connect to SM-DP+ servers without disabling TLS verification.
+ *
+ * Source: Extracted from SM-DP+ server certificate chain
+ * Verified against: SGP.22 v2.2.2 Annex A, GSMA CI documentation
+ *
+ * @see https://www.gsma.com/esim/
+ * @see SGP.22 Section 4.1.1 (Certificate Issuer)
+ */
+export const GSMA_RSP2_ROOT_CI1_PEM = `-----BEGIN CERTIFICATE-----
+MIICSTCCAe+gAwIBAgIQbmhWeneg7nyF7hg5Y9+qejAKBggqhkjOPQQDAjBEMRgw
+FgYDVQQKEw9HU00gQXNzb2NpYXRpb24xKDAmBgNVBAMTH0dTTSBBc3NvY2lhdGlv
+biAtIFJTUDIgUm9vdCBDSTEwIBcNMTcwMjIyMDAwMDAwWhgPMjA1MjAyMjEyMzU5
+NTlaMEQxGDAWBgNVBAoTD0dTTSBBc3NvY2lhdGlvbjEoMCYGA1UEAxMfR1NNIEFz
+c29jaWF0aW9uIC0gUlNQMiBSb290IENJMTBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABJ1qutL0HCMX52GJ6/jeibsAqZfULWj/X10p/Min6seZN+hf5llovbCNuB2n
+unLz+O8UD0SUCBUVo8e6n9X1TuajgcAwgb0wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
+EwEB/wQFMAMBAf8wEwYDVR0RBAwwCogIKwYBBAGC6WAwFwYDVR0gAQH/BA0wCzAJ
+BgdngRIBAgEAME0GA1UdHwRGMEQwQqBAoD6GPGh0dHA6Ly9nc21hLWNybC5zeW1h
+dXRoLmNvbS9vZmZsaW5lY2EvZ3NtYS1yc3AyLXJvb3QtY2kxLmNybDAdBgNVHQ4E
+FgQUgTcPUSXQsdQI1MOyMubSXnlb6/swCgYIKoZIzj0EAwIDSAAwRQIgIJdYsOMF
+WziPK7l8nh5mu0qiRiVf25oa9ullG/OIASwCIQDqCmDrYf+GziHXBOiwJwnBaeBO
+aFsiLzIEOaUuZwdNUw==
+-----END CERTIFICATE-----`;
+
+/**
+ * Subject Key Identifier for GSMA RSP2 Root CI1
+ * This can be used to verify that an eUICC trusts this CI
+ * (appears in euiccInfo1.euiccCiPKIdListForVerification)
+ */
+export const GSMA_RSP2_ROOT_CI1_SKI = '81370F5125D0B1D408D4C3B232E6D25E795BEBFB';
+
+/**
+ * Common Name of the GSMA RSP2 Root CI1
+ */
+export const GSMA_RSP2_ROOT_CI1_CN = 'GSM Association - RSP2 Root CI1';

package/src/index.ts

@@ -0,0 +1,43 @@
+export { EsimLpa } from './lpa.js';
+
+export {
+  ProfileState,
+  ProfileClass,
+  NotificationEvent,
+  CancelSessionReason,
+  EnableProfileResult,
+  DisableProfileResult,
+  DeleteProfileResult,
+  BppInstallErrorCode,
+} from './types.js';
+
+export type {
+  DeviceAdapter,
+  ServerAdapter,
+  ServerResponse,
+  Profile,
+  Notification,
+  NotificationMetadata,
+  NotificationWithResult,
+  SendResult,
+  ProcessNotificationsOptions,
+  ProcessNotificationsResult,
+  ProfileInstallationResult,
+  ActivationCode,
+  DownloadStep,
+  DownloadProgress,
+  DownloadResult,
+  InstallProfileOptions,
+  EsimLpaOptions,
+} from './types.js';
+
+export {
+  EsimError,
+  DeviceError,
+  Es10Error,
+  Es9PlusError,
+  TlvError,
+  ActivationCodeError,
+} from './errors.js';
+
+export { parseActivationCode, isValidActivationCode, formatActivationCode } from './activation-code.js';