@qlever-llc/trellis 0.8.3 → 0.9.0-rc.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qlever-llc/trellis",
-  "version": "0.8.3",
+  "version": "0.9.0-rc.2",
   "description": "Client-side Trellis runtime, models, and contract helpers for TypeScript applications.",
   "homepage": "https://github.com/Qlever-LLC/trellis#readme",
   "repository": {
@@ -116,17 +116,19 @@
     "@nats-io/obj": "^3.3.1",
     "@nats-io/nats-core": "^3.3.1",
     "@nats-io/transport-node": "^3.3.1",
-    "json-schema-library": "^10.5.2",
     "js-sha256": "^0.11.1",
     "pino": "^9.11.0",
     "tweetnacl": "^1.0.3",
     "ts-deepmerge": "^7.0.3",
     "typebox": "^1.0.15",
     "ulid": "^3.0.1",
-    "@qlever-llc/result": "^0.8.3"
+    "@qlever-llc/result": "0.9.0-rc.2"
   },
   "devDependencies": {
     "@types/node": "^20.9.0"
   },
-  "_generatedBy": "dnt@dev"
+  "_generatedBy": "dnt@dev",
+  "bin": {
+    "trellis-generate": "./bin/trellis-generate.js"
+  }
 }

package/script/auth/browser/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../auth/browser/login.ts"],"names":[],"mappings":"AACA,OAAO,EAGL,KAAK,iBAAiB,EAEtB,KAAK,YAAY,EAEjB,KAAK,mBAAmB,EAEzB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD,YAAY,EACV,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,mBAAmB,EACnB,gBAAgB,EAChB,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AA2BF,wBAAsB,aAAa,CACjC,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,EACxB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,MAAM,CAAC,CAAC;AACnB,wBAAsB,aAAa,CACjC,IAAI,EAAE;IACJ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;AACnB,wBAAsB,aAAa,CACjC,IAAI,EAAE;IACJ,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;AA0CnB,wBAAsB,gBAAgB,CAAC,IAAI,EAAE;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAgC7B;AAwCD,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,YAAY,GACrB,QAAQ,IAAI,mBAAmB,CAEjC;AAED,wBAAsB,QAAQ,CAC5B,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CAwBvB"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../../auth/browser/login.ts"],"names":[],"mappings":"AAKA,OAAO,EAGL,KAAK,iBAAiB,EAEtB,KAAK,YAAY,EAEjB,KAAK,mBAAmB,EAEzB,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAGrD,YAAY,EACV,qBAAqB,EACrB,gBAAgB,EAChB,iBAAiB,EACjB,YAAY,EACZ,mBAAmB,EACnB,gBAAgB,EAChB,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AA2BF,wBAAsB,aAAa,CACjC,MAAM,EAAE,UAAU,EAClB,QAAQ,EAAE,MAAM,GAAG,SAAS,EAC5B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,gBAAgB,EACxB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,OAAO,CAAC,EAAE,OAAO,GAChB,OAAO,CAAC,MAAM,CAAC,CAAC;AACnB,wBAAsB,aAAa,CACjC,IAAI,EAAE;IACJ,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;AACnB,wBAAsB,aAAa,CACjC,IAAI,EAAE;IACJ,MAAM,EAAE,UAAU,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GACA,OAAO,CAAC,MAAM,CAAC,CAAC;AA0CnB,wBAAsB,gBAAgB,CAAC,IAAI,EAAE;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,gBAAgB,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAqD7B;AA0ED,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,YAAY,GACrB,QAAQ,IAAI,mBAAmB,CAEjC;AAED,wBAAsB,QAAQ,CAC5B,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CAwBvB"}

package/script/auth/browser/login.js

@@ -5,6 +5,7 @@ exports.startAuthRequest = startAuthRequest;
 exports.isBindSuccessResponse = isBindSuccessResponse;
 exports.bindFlow = bindFlow;
 const value_1 = require("typebox/value");
+const mod_ts_1 = require("../../contract_support/mod.js");
 const schemas_ts_1 = require("../schemas.js");
 const session_ts_1 = require("./session.js");
 function contextRecord(value) {
@@ -41,26 +42,61 @@ async function buildLoginUrl(argsOrConfig, provider, redirectTo, handle, contrac
 }
 async function startAuthRequest(args) {
     const context = contextRecord(args.context);
-    const sig = await (0, session_ts_1.oauthInitSig)(args.handle, args.redirectTo, context, args.provider, args.contract);
+    const contractDigest = isTrellisContractV1(args.contract)
+        ? (0, mod_ts_1.digestContractManifest)(args.contract)
+        : undefined;
+    const sig = await (0, session_ts_1.oauthInitSig)(args.handle, args.redirectTo, context, args.provider, contractDigest ?? args.contract);
     const request = value_1.Value.Parse(schemas_ts_1.AuthStartRequestSchema, {
         redirectTo: args.redirectTo,
         sessionKey: (0, session_ts_1.getPublicSessionKey)(args.handle),
         sig,
-        contract: args.contract,
+        ...(contractDigest ? { contractDigest } : { contract: args.contract }),
         ...(args.provider ? { provider: args.provider } : {}),
         ...(context ? { context } : {}),
     });
-    const response = await fetch(`${args.authUrl}/auth/requests`, {
+    let response = await fetch(`${args.authUrl}/auth/requests`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify(request),
     });
+    if (await authStartNeedsManifest(response)) {
+        const fullSig = await (0, session_ts_1.oauthInitSig)(args.handle, args.redirectTo, context, args.provider, args.contract);
+        response = await fetch(`${args.authUrl}/auth/requests`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+                ...request,
+                sig: fullSig,
+                contract: args.contract,
+            }),
+        });
+    }
     if (!response.ok) {
         const text = await response.text();
         throw new Error(`Auth request failed: ${response.status} ${text}`);
     }
     return value_1.Value.Parse(schemas_ts_1.AuthStartResponseSchema, await response.json());
 }
+async function authStartNeedsManifest(response) {
+    if (response.ok || response.status !== 409)
+        return false;
+    const clone = response.clone();
+    let payload;
+    try {
+        payload = await clone.json();
+    }
+    catch {
+        payload = undefined;
+    }
+    if (payload && typeof payload === "object") {
+        const record = payload;
+        return record.reason === "manifest_required" ||
+            record.code === "manifest_required" ||
+            record.error === "manifest_required" ||
+            record.message === "manifest_required";
+    }
+    return (await response.clone().text()).includes("manifest_required");
+}
 function buildLoginUrlArgsFromPositional(config, provider, redirectTo, handle, contract, context) {
     if (redirectTo === undefined || handle === undefined || contract === undefined) {
         throw new TypeError("buildLoginUrl requires redirectTo, handle, and contract");
@@ -74,6 +110,13 @@ function buildLoginUrlArgsFromPositional(config, provider, redirectTo, handle, c
         context,
     };
 }
+function isTrellisContractV1(contract) {
+    return contract.format === "trellis.contract.v1" &&
+        typeof contract.id === "string" &&
+        typeof contract.displayName === "string" &&
+        typeof contract.description === "string" &&
+        typeof contract.kind === "string";
+}
 function isNestedBuildLoginUrlArgs(value) {
     return "config" in value;
 }

package/script/auth/browser/portal.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../../../auth/browser/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AAC7E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,YAAY,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAMtD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI,CAE3D;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,CAAC,CAY1B;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,MAAM,CAKR;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC,CAkB1B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,eAAe,GAAG,IAAI,GAC5B,MAAM,GAAG,IAAI,CAEf"}
+{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../../../auth/browser/portal.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,eAAe,EAAyB,MAAM,gBAAgB,CAAC;AAC7E,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAG7C,YAAY,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACtD,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAMtD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,GAAG,GAAG,MAAM,GAAG,IAAI,CAE3D;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,CAAC,CAY1B;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,GACb,MAAM,CAKR;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,UAAU,EAClB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC,CAkB1B;AAED,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,eAAe,GAAG,IAAI,GAC5B,MAAM,GAAG,IAAI,CAIf"}

package/script/auth/browser/portal.js

@@ -36,5 +36,9 @@ async function submitPortalApproval(config, flowId, decision) {
     return value_1.Value.Parse(protocol_ts_1.PortalFlowStateSchema, await response.json());
 }
 function portalRedirectLocation(state) {
-    return state?.status === "redirect" ? state.location : null;
+    if (state?.status === "redirect")
+        return state.location;
+    if (state?.status === "approval_denied")
+        return state.returnLocation ?? null;
+    return null;
 }

package/script/auth/browser/session.d.ts

@@ -3,16 +3,27 @@ export type SessionKeyHandle = {
     publicKey: CryptoKey;
     publicKeyRaw: Uint8Array;
     sessionKey: string;
+    persistence?: SessionKeyPersistenceMode;
+    expiresAt?: number;
 };
-export declare function generateSessionKey(): Promise<SessionKeyHandle>;
-export declare function loadSessionKey(): Promise<SessionKeyHandle | null>;
-export declare function getOrCreateSessionKey(): Promise<SessionKeyHandle>;
+export type SessionKeyPersistenceMode = "temporary" | "remembered";
+export type SessionKeyOptions = {
+    /** Defaults to remembered IndexedDB storage. */
+    persistence?: SessionKeyPersistenceMode;
+    /** Expiry for remembered keys, as epoch milliseconds or a Date. */
+    expiresAt?: number | Date;
+    /** Relative expiry for remembered keys. Ignored when expiresAt is set. */
+    ttlMs?: number;
+};
+export declare function generateSessionKey(options?: SessionKeyOptions): Promise<SessionKeyHandle>;
+export declare function loadSessionKey(options?: Pick<SessionKeyOptions, "persistence">): Promise<SessionKeyHandle | null>;
+export declare function getOrCreateSessionKey(options?: SessionKeyOptions): Promise<SessionKeyHandle>;
 export declare function signBytes(handle: SessionKeyHandle, data: Uint8Array): Promise<Uint8Array>;
 export declare function getPublicSessionKey(handle: SessionKeyHandle): string;
-export declare function oauthInitSig(handle: SessionKeyHandle, redirectTo: string, context?: unknown, provider?: string, contract?: Record<string, unknown>): Promise<string>;
+export declare function oauthInitSig(handle: SessionKeyHandle, redirectTo: string, context?: unknown, provider?: string, contract?: Record<string, unknown> | string): Promise<string>;
 export declare function bindFlowSig(handle: SessionKeyHandle, flowId: string): Promise<string>;
 export declare function natsConnectSigForIat(handle: SessionKeyHandle, iat: number, contractDigest: string): Promise<string>;
-export declare function createRpcProof(handle: SessionKeyHandle, subject: string, payload: Uint8Array): Promise<string>;
-export declare function clearSessionKey(): Promise<void>;
-export declare function hasSessionKey(): Promise<boolean>;
+export declare function createRpcProof(handle: SessionKeyHandle, subject: string, payload: Uint8Array, requestId: string, iat: number): Promise<string>;
+export declare function clearSessionKey(options?: Pick<SessionKeyOptions, "persistence">): Promise<void>;
+export declare function hasSessionKey(options?: Pick<SessionKeyOptions, "persistence">): Promise<boolean>;
 //# sourceMappingURL=session.d.ts.map

package/script/auth/browser/session.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../auth/browser/session.ts"],"names":[],"mappings":"AAgBA,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAoBpE;AAED,wBAAsB,cAAc,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CASvE;AAED,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAIvE;AAED,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAOrB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAEpE;AAED,wBAAsB,YAAY,CAChC,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,OAAO,EACjB,QAAQ,CAAC,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GACjC,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED,wBAAsB,WAAW,CAC/B,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAIjB;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC,CAQjB;AAED,wBAAsB,cAAc,CAClC,MAAM,EAAE,gBAAgB,EACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,MAAM,CAAC,CAOjB;AAED,wBAAsB,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC,CAErD;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,OAAO,CAAC,CAEtD"}
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../../../auth/browser/session.ts"],"names":[],"mappings":"AAgBA,MAAM,MAAM,gBAAgB,GAAG;IAC7B,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG,WAAW,GAAG,YAAY,CAAC;AAEnE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,gDAAgD;IAChD,WAAW,CAAC,EAAE,yBAAyB,CAAC;IACxC,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,0EAA0E;IAC1E,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAWF,wBAAsB,kBAAkB,CACtC,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CA8B3B;AAED,wBAAsB,cAAc,CAClC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAalC;AAED,wBAAsB,qBAAqB,CACzC,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CAI3B;AAED,wBAAsB,SAAS,CAC7B,MAAM,EAAE,gBAAgB,EACxB,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,UAAU,CAAC,CAOrB;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAEpE;AAED,wBAAsB,YAAY,CAChC,MAAM,EAAE,gBAAgB,EACxB,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,OAAO,EACjB,QAAQ,CAAC,EAAE,MAAM,EACjB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAC1C,OAAO,CAAC,MAAM,CAAC,CAUjB;AAED,wBAAsB,WAAW,CAC/B,MAAM,EAAE,gBAAgB,EACxB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAIjB;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,gBAAgB,EACxB,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,MAAM,CAAC,CAQjB;AAED,wBAAsB,cAAc,CAClC,MAAM,EAAE,gBAAgB,EACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,wBAAsB,eAAe,CACnC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,IAAI,CAAC,CAQf;AAED,wBAAsB,aAAa,CACjC,OAAO,GAAE,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAM,GACnD,OAAO,CAAC,OAAO,CAAC,CAIlB"}

package/script/auth/browser/session.js

@@ -15,19 +15,42 @@ const utils_ts_1 = require("../utils.js");
 const proof_ts_1 = require("../proof.js");
 const session_auth_ts_1 = require("../session_auth.js");
 const storage_ts_1 = require("./storage.js");
-async function generateSessionKey() {
+let temporarySessionKey = null;
+function resolveExpiresAt(options) {
+    if (options.expiresAt instanceof Date)
+        return options.expiresAt.getTime();
+    if (typeof options.expiresAt === "number")
+        return options.expiresAt;
+    if (typeof options.ttlMs === "number")
+        return Date.now() + options.ttlMs;
+    return undefined;
+}
+async function generateSessionKey(options = {}) {
+    const persistence = options.persistence ?? "remembered";
+    const expiresAt = resolveExpiresAt(options);
     const keyPair = await crypto.subtle.generateKey({ name: "Ed25519" }, false, ["sign", "verify"]);
     const publicKeyRaw = new Uint8Array(await crypto.subtle.exportKey("raw", keyPair.publicKey));
     const sessionKey = (0, utils_ts_1.base64urlEncode)(publicKeyRaw);
-    await (0, storage_ts_1.storeKeyPair)(keyPair, publicKeyRaw);
-    return {
+    const handle = {
         privateKey: keyPair.privateKey,
         publicKey: keyPair.publicKey,
         publicKeyRaw,
         sessionKey,
+        persistence,
+        ...(expiresAt === undefined ? {} : { expiresAt }),
     };
+    if (persistence === "temporary") {
+        temporarySessionKey = handle;
+    }
+    else {
+        await (0, storage_ts_1.storeKeyPair)(keyPair, publicKeyRaw, { expiresAt });
+    }
+    return handle;
 }
-async function loadSessionKey() {
+async function loadSessionKey(options = {}) {
+    const persistence = options.persistence ?? "remembered";
+    if (persistence === "temporary")
+        return temporarySessionKey;
     const stored = await (0, storage_ts_1.loadKeyPair)();
     if (!stored)
         return null;
@@ -36,13 +59,15 @@ async function loadSessionKey() {
         publicKey: stored.publicKey,
         publicKeyRaw: stored.publicKeyRaw,
         sessionKey: (0, utils_ts_1.base64urlEncode)(stored.publicKeyRaw),
+        persistence: "remembered",
+        ...(stored.expiresAt === undefined ? {} : { expiresAt: stored.expiresAt }),
     };
 }
-async function getOrCreateSessionKey() {
-    const existing = await loadSessionKey();
+async function getOrCreateSessionKey(options = {}) {
+    const existing = await loadSessionKey(options);
     if (existing)
         return existing;
-    return await generateSessionKey();
+    return await generateSessionKey(options);
 }
 async function signBytes(handle, data) {
     const sig = await crypto.subtle.sign({ name: "Ed25519" }, handle.privateKey, (0, utils_ts_1.toArrayBuffer)(data));
@@ -70,17 +95,28 @@ async function natsConnectSigForIat(handle, iat, contractDigest) {
     const sig = await signBytes(handle, digest);
     return (0, utils_ts_1.base64urlEncode)(sig);
 }
-async function createRpcProof(handle, subject, payload) {
+async function createRpcProof(handle, subject, payload, requestId, iat) {
     const payloadHash = await (0, utils_ts_1.sha256)(payload);
     return await (0, proof_ts_1.createProof)(handle.privateKey, {
         sessionKey: handle.sessionKey,
         subject,
         payloadHash,
+        iat,
+        requestId,
     });
 }
-async function clearSessionKey() {
-    await (0, storage_ts_1.deleteKeyPair)();
+async function clearSessionKey(options = {}) {
+    const persistence = options.persistence;
+    if (persistence === undefined || persistence === "temporary") {
+        temporarySessionKey = null;
+    }
+    if (persistence === undefined || persistence === "remembered") {
+        await (0, storage_ts_1.deleteKeyPair)();
+    }
 }
-async function hasSessionKey() {
+async function hasSessionKey(options = {}) {
+    const persistence = options.persistence ?? "remembered";
+    if (persistence === "temporary")
+        return temporarySessionKey !== null;
     return await (0, storage_ts_1.hasKeyPair)();
 }

package/script/auth/browser/storage.d.ts

@@ -4,8 +4,13 @@ export type StoredKeyPair = {
     publicKey: CryptoKey;
     publicKeyRaw: Uint8Array;
     createdAt: number;
+    persistence?: "remembered";
+    expiresAt?: number;
 };
-export declare function storeKeyPair(keyPair: CryptoKeyPair, publicKeyRaw: Uint8Array): Promise<void>;
+export type StoredKeyPairOptions = {
+    expiresAt?: number;
+};
+export declare function storeKeyPair(keyPair: CryptoKeyPair, publicKeyRaw: Uint8Array, options?: StoredKeyPairOptions): Promise<void>;
 export declare function loadKeyPair(): Promise<StoredKeyPair | null>;
 export declare function deleteKeyPair(): Promise<void>;
 export declare function hasKeyPair(): Promise<boolean>;

package/script/auth/browser/storage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../../auth/browser/storage.ts"],"names":[],"mappings":"AAqBA,MAAM,MAAM,aAAa,GAAG;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,wBAAsB,YAAY,CAChC,OAAO,EAAE,aAAa,EACtB,YAAY,EAAE,UAAU,GACvB,OAAO,CAAC,IAAI,CAAC,CAoBf;AAED,wBAAsB,WAAW,IAAI,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAYjE;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAYnD;AAED,wBAAsB,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,CAGnD"}
+{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../../../auth/browser/storage.ts"],"names":[],"mappings":"AAqBA,MAAM,MAAM,aAAa,GAAG;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,SAAS,CAAC;IACtB,SAAS,EAAE,SAAS,CAAC;IACrB,YAAY,EAAE,UAAU,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,YAAY,CAAC;IAC3B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,wBAAsB,YAAY,CAChC,OAAO,EAAE,aAAa,EACtB,YAAY,EAAE,UAAU,EACxB,OAAO,GAAE,oBAAyB,GACjC,OAAO,CAAC,IAAI,CAAC,CAwBf;AAED,wBAAsB,WAAW,IAAI,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAoBjE;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC,CAYnD;AAED,wBAAsB,UAAU,IAAI,OAAO,CAAC,OAAO,CAAC,CAGnD"}

package/script/auth/browser/storage.js

@@ -21,7 +21,7 @@ function openDB() {
         };
     });
 }
-async function storeKeyPair(keyPair, publicKeyRaw) {
+async function storeKeyPair(keyPair, publicKeyRaw, options = {}) {
     const db = await openDB();
     return new Promise((resolve, reject) => {
         const tx = db.transaction(STORE_NAME, "readwrite");
@@ -32,6 +32,10 @@ async function storeKeyPair(keyPair, publicKeyRaw) {
             publicKey: keyPair.publicKey,
             publicKeyRaw,
             createdAt: Date.now(),
+            persistence: "remembered",
+            ...(options.expiresAt === undefined
+                ? {}
+                : { expiresAt: options.expiresAt }),
         };
         const request = store.put(record);
         request.onerror = () => reject(request.error);
@@ -42,11 +46,19 @@ async function storeKeyPair(keyPair, publicKeyRaw) {
 async function loadKeyPair() {
     const db = await openDB();
     return new Promise((resolve, reject) => {
-        const tx = db.transaction(STORE_NAME, "readonly");
+        const tx = db.transaction(STORE_NAME, "readwrite");
         const store = tx.objectStore(STORE_NAME);
         const request = store.get(KEY_ID);
         request.onerror = () => reject(request.error);
-        request.onsuccess = () => resolve(request.result ?? null);
+        request.onsuccess = () => {
+            const result = request.result;
+            if (result?.expiresAt !== undefined && result.expiresAt <= Date.now()) {
+                store.delete(KEY_ID);
+                resolve(null);
+                return;
+            }
+            resolve(result ?? null);
+        };
         tx.oncomplete = () => db.close();
     });
 }

package/script/auth/browser.d.ts

@@ -5,9 +5,9 @@
  */
 export { type AuthConfig, type AuthStartFlowResponse, type AuthStartRequest, type AuthStartResponse, bindFlow, type BindResponse, type BindSuccessResponse, buildLoginUrl, isBindSuccessResponse, type SentinelCreds, startAuthRequest, } from "./browser/login.ts";
 export { type ApprovalDecision, fetchPortalFlowState, portalFlowIdFromUrl, type PortalFlowState, type PortalFlowState as BrowserPortalFlowState, portalProviderLoginUrl, portalRedirectLocation, submitPortalApproval, } from "./browser/portal.ts";
-export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, natsConnectSigForIat, type SessionKeyHandle, signBytes, } from "./browser/session.ts";
+export { bindFlowSig, clearSessionKey, createRpcProof, generateSessionKey, getOrCreateSessionKey, getPublicSessionKey, hasSessionKey, loadSessionKey, natsConnectSigForIat, type SessionKeyHandle, type SessionKeyOptions, type SessionKeyPersistenceMode, signBytes, } from "./browser/session.ts";
 export { deleteKeyPair, hasKeyPair } from "./browser/storage.ts";
-export { type ApprovalDecision as ApprovalDecisionData, ApprovalDecisionSchema, type AuthStartFlowResponse as AuthStartFlowResponseData, AuthStartFlowResponseSchema, type AuthStartRequest as AuthStartRequestData, AuthStartRequestSchema, type AuthStartResponse as AuthStartResponseData, AuthStartResponseSchema, type BindResponse as BindResponseData, BindResponseSchema, type BindSuccessResponse as BindSuccessResponseData, BindSuccessResponseSchema, type ClientTransportEndpoints as ClientTransportEndpointsData, ClientTransportEndpointsSchema, type ClientTransports as ClientTransportsData, ClientTransportsSchema, type ContractApproval as ContractApprovalData, ContractApprovalSchema, type NatsAuthTokenV1 as NatsAuthTokenV1Data, NatsAuthTokenV1Schema, type SentinelCreds as SentinelCredsData, SentinelCredsSchema, } from "./schemas.ts";
+export { approvalCapabilityKeys, type ApprovalDecision as ApprovalDecisionData, ApprovalDecisionSchema, type AuthStartFlowResponse as AuthStartFlowResponseData, AuthStartFlowResponseSchema, type AuthStartRequest as AuthStartRequestData, AuthStartRequestSchema, type AuthStartResponse as AuthStartResponseData, AuthStartResponseSchema, type BindResponse as BindResponseData, BindResponseSchema, type BindSuccessResponse as BindSuccessResponseData, BindSuccessResponseSchema, type ClientTransportEndpoints as ClientTransportEndpointsData, ClientTransportEndpointsSchema, type ClientTransports as ClientTransportsData, ClientTransportsSchema, type ContractApproval as ContractApprovalData, type ContractApprovalCapability as ContractApprovalCapabilityData, ContractApprovalSchema, type NatsAuthTokenV1 as NatsAuthTokenV1Data, NatsAuthTokenV1Schema, type SentinelCreds as SentinelCredsData, SentinelCredsSchema, } from "./schemas.ts";
 export type { NatsAuthTokenV1 } from "./types.ts";
 export { base64urlDecode, base64urlEncode, sha256, toArrayBuffer, utf8, } from "./utils.ts";
 //# sourceMappingURL=browser.d.ts.map

package/script/auth/browser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../../auth/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,aAAa,EACb,qBAAqB,EACrB,KAAK,aAAa,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,KAAK,gBAAgB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,IAAI,sBAAsB,EAC9C,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EACL,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,qBAAqB,IAAI,yBAAyB,EACvD,2BAA2B,EAC3B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,YAAY,IAAI,gBAAgB,EACrC,kBAAkB,EAClB,KAAK,mBAAmB,IAAI,uBAAuB,EACnD,yBAAyB,EACzB,KAAK,wBAAwB,IAAI,4BAA4B,EAC7D,8BAA8B,EAC9B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,eAAe,IAAI,mBAAmB,EAC3C,qBAAqB,EACrB,KAAK,aAAa,IAAI,iBAAiB,EACvC,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,eAAe,EACf,eAAe,EACf,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}
+{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../../../auth/browser.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,KAAK,UAAU,EACf,KAAK,qBAAqB,EAC1B,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,QAAQ,EACR,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,aAAa,EACb,qBAAqB,EACrB,KAAK,aAAa,EAClB,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,KAAK,gBAAgB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,IAAI,sBAAsB,EAC9C,sBAAsB,EACtB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,WAAW,EACX,eAAe,EACf,cAAc,EACd,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,KAAK,yBAAyB,EAC9B,SAAS,GACV,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,sBAAsB,CAAC;AACjE,OAAO,EACL,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,qBAAqB,IAAI,yBAAyB,EACvD,2BAA2B,EAC3B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,iBAAiB,IAAI,qBAAqB,EAC/C,uBAAuB,EACvB,KAAK,YAAY,IAAI,gBAAgB,EACrC,kBAAkB,EAClB,KAAK,mBAAmB,IAAI,uBAAuB,EACnD,yBAAyB,EACzB,KAAK,wBAAwB,IAAI,4BAA4B,EAC7D,8BAA8B,EAC9B,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,sBAAsB,EACtB,KAAK,gBAAgB,IAAI,oBAAoB,EAC7C,KAAK,0BAA0B,IAAI,8BAA8B,EACjE,sBAAsB,EACtB,KAAK,eAAe,IAAI,mBAAmB,EAC3C,qBAAqB,EACrB,KAAK,aAAa,IAAI,iBAAiB,EACvC,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClD,OAAO,EACL,eAAe,EACf,eAAe,EACf,MAAM,EACN,aAAa,EACb,IAAI,GACL,MAAM,YAAY,CAAC"}

package/script/auth/browser.js

@@ -5,7 +5,7 @@
  * Uses WebCrypto API and IndexedDB for secure key storage.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.utf8 = exports.toArrayBuffer = exports.sha256 = exports.base64urlEncode = exports.base64urlDecode = exports.SentinelCredsSchema = exports.NatsAuthTokenV1Schema = exports.ContractApprovalSchema = exports.ClientTransportsSchema = exports.ClientTransportEndpointsSchema = exports.BindSuccessResponseSchema = exports.BindResponseSchema = exports.AuthStartResponseSchema = exports.AuthStartRequestSchema = exports.AuthStartFlowResponseSchema = exports.ApprovalDecisionSchema = exports.hasKeyPair = exports.deleteKeyPair = exports.signBytes = exports.natsConnectSigForIat = exports.loadSessionKey = exports.hasSessionKey = exports.getPublicSessionKey = exports.getOrCreateSessionKey = exports.generateSessionKey = exports.createRpcProof = exports.clearSessionKey = exports.bindFlowSig = exports.submitPortalApproval = exports.portalRedirectLocation = exports.portalProviderLoginUrl = exports.portalFlowIdFromUrl = exports.fetchPortalFlowState = exports.startAuthRequest = exports.isBindSuccessResponse = exports.buildLoginUrl = exports.bindFlow = void 0;
+exports.utf8 = exports.toArrayBuffer = exports.sha256 = exports.base64urlEncode = exports.base64urlDecode = exports.SentinelCredsSchema = exports.NatsAuthTokenV1Schema = exports.ContractApprovalSchema = exports.ClientTransportsSchema = exports.ClientTransportEndpointsSchema = exports.BindSuccessResponseSchema = exports.BindResponseSchema = exports.AuthStartResponseSchema = exports.AuthStartRequestSchema = exports.AuthStartFlowResponseSchema = exports.ApprovalDecisionSchema = exports.approvalCapabilityKeys = exports.hasKeyPair = exports.deleteKeyPair = exports.signBytes = exports.natsConnectSigForIat = exports.loadSessionKey = exports.hasSessionKey = exports.getPublicSessionKey = exports.getOrCreateSessionKey = exports.generateSessionKey = exports.createRpcProof = exports.clearSessionKey = exports.bindFlowSig = exports.submitPortalApproval = exports.portalRedirectLocation = exports.portalProviderLoginUrl = exports.portalFlowIdFromUrl = exports.fetchPortalFlowState = exports.startAuthRequest = exports.isBindSuccessResponse = exports.buildLoginUrl = exports.bindFlow = void 0;
 var login_ts_1 = require("./browser/login.js");
 Object.defineProperty(exports, "bindFlow", { enumerable: true, get: function () { return login_ts_1.bindFlow; } });
 Object.defineProperty(exports, "buildLoginUrl", { enumerable: true, get: function () { return login_ts_1.buildLoginUrl; } });
@@ -32,6 +32,7 @@ var storage_ts_1 = require("./browser/storage.js");
 Object.defineProperty(exports, "deleteKeyPair", { enumerable: true, get: function () { return storage_ts_1.deleteKeyPair; } });
 Object.defineProperty(exports, "hasKeyPair", { enumerable: true, get: function () { return storage_ts_1.hasKeyPair; } });
 var schemas_ts_1 = require("./schemas.js");
+Object.defineProperty(exports, "approvalCapabilityKeys", { enumerable: true, get: function () { return schemas_ts_1.approvalCapabilityKeys; } });
 Object.defineProperty(exports, "ApprovalDecisionSchema", { enumerable: true, get: function () { return schemas_ts_1.ApprovalDecisionSchema; } });
 Object.defineProperty(exports, "AuthStartFlowResponseSchema", { enumerable: true, get: function () { return schemas_ts_1.AuthStartFlowResponseSchema; } });
 Object.defineProperty(exports, "AuthStartRequestSchema", { enumerable: true, get: function () { return schemas_ts_1.AuthStartRequestSchema; } });

package/script/auth/device_activation.d.ts

@@ -4,7 +4,7 @@ import type { BaseError } from "@qlever-llc/result";
 import { AsyncResult } from "@qlever-llc/result";
 import type { OperationRef } from "../operations.ts";
 import type { NatsAuthTokenV1 } from "./schemas.ts";
-import { AuthActivateDeviceProgressSchema, AuthActivateDeviceResponseSchema, AuthActivateDeviceSchema, AuthGetDeviceConnectInfoResponseSchema, AuthGetDeviceConnectInfoSchema, AuthListDeviceActivationsResponseSchema, AuthListDeviceActivationsSchema, AuthRevokeDeviceActivationResponseSchema, AuthRevokeDeviceActivationSchema, WaitForDeviceActivationResponseSchema } from "./protocol.ts";
+import { AuthDevicesConnectInfoGetResponseSchema, AuthDevicesConnectInfoGetSchema, AuthDeviceUserAuthoritiesListResponseSchema, AuthDeviceUserAuthoritiesListSchema, AuthDeviceUserAuthoritiesRevokeResponseSchema, AuthDeviceUserAuthoritiesRevokeSchema, AuthResolveDeviceUserAuthoritiesProgressSchema, AuthResolveDeviceUserAuthoritiesResponseSchema, AuthResolveDeviceUserAuthoritiesSchema, WaitForDeviceActivationResponseSchema } from "./protocol.ts";
 export declare const DeviceActivationPayloadSchema: Type.TObject<{
     v: Type.TLiteral<1>;
     publicIdentityKey: Type.TString;
@@ -12,24 +12,25 @@ export declare const DeviceActivationPayloadSchema: Type.TObject<{
     qrMac: Type.TString;
 }>;
 export declare const DeviceActivationWaitRequestSchema: Type.TObject<{
+    flowId: Type.TString;
     publicIdentityKey: Type.TString;
     nonce: Type.TString;
-    contractDigest: Type.TOptional<Type.TString>;
+    contractDigest: Type.TString;
     iat: Type.TNumber;
     sig: Type.TString;
 }>;
 export type DeviceActivationPayload = StaticDecode<typeof DeviceActivationPayloadSchema>;
 export type DeviceActivationWaitRequest = StaticDecode<typeof DeviceActivationWaitRequestSchema>;
 export type WaitForDeviceActivationResponse = StaticDecode<typeof WaitForDeviceActivationResponseSchema>;
-export type AuthActivateDeviceInput = StaticDecode<typeof AuthActivateDeviceSchema>;
-export type AuthActivateDeviceProgress = StaticDecode<typeof AuthActivateDeviceProgressSchema>;
-export type AuthActivateDeviceOutput = StaticDecode<typeof AuthActivateDeviceResponseSchema>;
-export type AuthListDeviceActivationsInput = StaticDecode<typeof AuthListDeviceActivationsSchema>;
-export type AuthListDeviceActivationsOutput = StaticDecode<typeof AuthListDeviceActivationsResponseSchema>;
-export type AuthRevokeDeviceActivationInput = StaticDecode<typeof AuthRevokeDeviceActivationSchema>;
-export type AuthRevokeDeviceActivationResponse = StaticDecode<typeof AuthRevokeDeviceActivationResponseSchema>;
-export type GetDeviceConnectInfoInput = StaticDecode<typeof AuthGetDeviceConnectInfoSchema>;
-export type GetDeviceConnectInfoOutput = StaticDecode<typeof AuthGetDeviceConnectInfoResponseSchema>;
+export type AuthResolveDeviceUserAuthoritiesInput = StaticDecode<typeof AuthResolveDeviceUserAuthoritiesSchema>;
+export type AuthResolveDeviceUserAuthoritiesProgress = StaticDecode<typeof AuthResolveDeviceUserAuthoritiesProgressSchema>;
+export type AuthResolveDeviceUserAuthoritiesOutput = StaticDecode<typeof AuthResolveDeviceUserAuthoritiesResponseSchema>;
+export type AuthDeviceUserAuthoritiesListInput = StaticDecode<typeof AuthDeviceUserAuthoritiesListSchema>;
+export type AuthDeviceUserAuthoritiesListOutput = StaticDecode<typeof AuthDeviceUserAuthoritiesListResponseSchema>;
+export type AuthDeviceUserAuthoritiesRevokeInput = StaticDecode<typeof AuthDeviceUserAuthoritiesRevokeSchema>;
+export type AuthDeviceUserAuthoritiesRevokeResponse = StaticDecode<typeof AuthDeviceUserAuthoritiesRevokeResponseSchema>;
+export type GetDeviceConnectInfoInput = StaticDecode<typeof AuthDevicesConnectInfoGetSchema>;
+export type GetDeviceConnectInfoOutput = StaticDecode<typeof AuthDevicesConnectInfoGetResponseSchema>;
 export type DeviceIdentity = {
     identitySeed: Uint8Array;
     identitySeedBase64url: string;
@@ -37,35 +38,35 @@ export type DeviceIdentity = {
     activationKey: Uint8Array;
     activationKeyBase64url: string;
 };
-type DeviceActivationRpcMethod = "Auth.ListDeviceActivations" | "Auth.RevokeDeviceActivation" | "Auth.GetDeviceConnectInfo";
-type AuthActivateDeviceOperationShape = {
+type DeviceActivationRpcMethod = "Auth.DeviceUserAuthorities.List" | "Auth.DeviceUserAuthorities.Revoke" | "Auth.Devices.ConnectInfo.Get";
+type AuthResolveDeviceUserAuthoritiesOperationShape = {
     subject: string;
-    input: typeof AuthActivateDeviceSchema;
-    progress: typeof AuthActivateDeviceProgressSchema;
-    output: typeof AuthActivateDeviceResponseSchema;
+    input: typeof AuthResolveDeviceUserAuthoritiesSchema;
+    progress: typeof AuthResolveDeviceUserAuthoritiesProgressSchema;
+    output: typeof AuthResolveDeviceUserAuthoritiesResponseSchema;
 };
-export type AuthActivateDeviceOperation = OperationRef<AuthActivateDeviceOperationShape, AuthActivateDeviceProgress, AuthActivateDeviceOutput>;
+export type AuthResolveDeviceUserAuthoritiesOperation = OperationRef<AuthResolveDeviceUserAuthoritiesOperationShape, AuthResolveDeviceUserAuthoritiesProgress, AuthResolveDeviceUserAuthoritiesOutput>;
 type DeviceActivationRpcInputMap = {
-    "Auth.ListDeviceActivations": AuthListDeviceActivationsInput;
-    "Auth.RevokeDeviceActivation": AuthRevokeDeviceActivationInput;
-    "Auth.GetDeviceConnectInfo": GetDeviceConnectInfoInput;
+    "Auth.DeviceUserAuthorities.List": AuthDeviceUserAuthoritiesListInput;
+    "Auth.DeviceUserAuthorities.Revoke": AuthDeviceUserAuthoritiesRevokeInput;
+    "Auth.Devices.ConnectInfo.Get": GetDeviceConnectInfoInput;
 };
 type DeviceActivationRpcOutputMap = {
-    "Auth.ListDeviceActivations": AuthListDeviceActivationsOutput;
-    "Auth.RevokeDeviceActivation": AuthRevokeDeviceActivationResponse;
-    "Auth.GetDeviceConnectInfo": GetDeviceConnectInfoOutput;
+    "Auth.DeviceUserAuthorities.List": AuthDeviceUserAuthoritiesListOutput;
+    "Auth.DeviceUserAuthorities.Revoke": AuthDeviceUserAuthoritiesRevokeResponse;
+    "Auth.Devices.ConnectInfo.Get": GetDeviceConnectInfoOutput;
 };
 type RequestClient = {
     request<M extends DeviceActivationRpcMethod>(method: M, input: DeviceActivationRpcInputMap[M], opts?: unknown): AsyncResult<DeviceActivationRpcOutputMap[M], BaseError>;
 };
-type ActivateDeviceOperationClient = {
-    operation(method: "Auth.ActivateDevice"): {
-        input(input: AuthActivateDeviceInput): {
-            start(): AsyncResult<AuthActivateDeviceOperation, BaseError>;
+type ResolveDeviceUserAuthoritiesOperationClient = {
+    operation(method: "Auth.DeviceUserAuthorities.Resolve"): {
+        input(input: AuthResolveDeviceUserAuthoritiesInput): {
+            start(): AsyncResult<AuthResolveDeviceUserAuthoritiesOperation, BaseError>;
         };
     };
 };
-export type DeviceActivationTransport = RequestClient & ActivateDeviceOperationClient;
+export type DeviceActivationTransport = RequestClient & ResolveDeviceUserAuthoritiesOperationClient;
 export declare function deriveDeviceIdentity(deviceRootSecret: Uint8Array): Promise<DeviceIdentity>;
 export declare function deriveDeviceQrMac(input: {
     activationKey: Uint8Array | string;
@@ -99,12 +100,13 @@ export declare function verifyDeviceConfirmationCode(input: {
     nonce: string;
     confirmationCode: string;
 }): Promise<boolean>;
-export declare function buildDeviceWaitProofInput(publicIdentityKey: string, nonce: string, iat: number, contractDigest?: string): Uint8Array;
+export declare function buildDeviceWaitProofInput(flowId: string, publicIdentityKey: string, nonce: string, iat: number, contractDigest: string): Uint8Array;
 export declare function signDeviceWaitRequest(args: {
+    flowId: string;
     publicIdentityKey: string;
     nonce: string;
     identitySeed: Uint8Array | string;
-    contractDigest?: string;
+    contractDigest: string;
     iat?: number;
 }): Promise<DeviceActivationWaitRequest>;
 export declare function createDeviceNatsAuthToken(args: {
@@ -117,6 +119,7 @@ export declare function createDeviceNatsAuthToken(args: {
 }>;
 export declare function waitForDeviceActivation(args: {
     trellisUrl: string;
+    flowId: string;
     publicIdentityKey: string;
     nonce: string;
     identitySeed: Uint8Array | string;
@@ -134,9 +137,9 @@ export declare function getDeviceConnectInfo(args: {
     iat?: number;
 }): Promise<GetDeviceConnectInfoOutput>;
 export declare function createDeviceActivationClient(client: DeviceActivationTransport): {
-    activateDevice(input: AuthActivateDeviceInput): any;
-    listDeviceActivations(input?: AuthListDeviceActivationsInput): any;
-    revokeDeviceActivation(input: AuthRevokeDeviceActivationInput): any;
+    resolveDeviceUserAuthorities(input: AuthResolveDeviceUserAuthoritiesInput): any;
+    listDeviceActivations(input: AuthDeviceUserAuthoritiesListInput): any;
+    revokeDeviceActivation(input: AuthDeviceUserAuthoritiesRevokeInput): any;
     getDeviceConnectInfo(input: GetDeviceConnectInfoInput): any;
 };
 export declare function verifyDeviceWaitSignature(input: DeviceActivationWaitRequest): Promise<boolean>;

package/script/auth/device_activation.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"device_activation.d.ts","sourceRoot":"","sources":["../../../auth/device_activation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAE/B,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAOrD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EACL,gCAAgC,EAChC,gCAAgC,EAChC,wBAAwB,EACxB,sCAAsC,EACtC,8BAA8B,EAC9B,uCAAuC,EACvC,+BAA+B,EAC/B,wCAAwC,EACxC,gCAAgC,EAChC,qCAAqC,EACtC,MAAM,eAAe,CAAC;AAiBvB,eAAO,MAAM,6BAA6B;;;;;EAKP,CAAC;AAEpC,eAAO,MAAM,iCAAiC;;;;;;EAMX,CAAC;AAEpC,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAChD,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,2BAA2B,GAAG,YAAY,CACpD,OAAO,iCAAiC,CACzC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,qCAAqC,CAC7C,CAAC;AACF,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAChD,OAAO,wBAAwB,CAChC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,YAAY,CACnD,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,wBAAwB,GAAG,YAAY,CACjD,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,8BAA8B,GAAG,YAAY,CACvD,OAAO,+BAA+B,CACvC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,uCAAuC,CAC/C,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,gCAAgC,CACxC,CAAC;AACF,MAAM,MAAM,kCAAkC,GAAG,YAAY,CAC3D,OAAO,wCAAwC,CAChD,CAAC;AACF,MAAM,MAAM,yBAAyB,GAAG,YAAY,CAClD,OAAO,8BAA8B,CACtC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,YAAY,CACnD,OAAO,sCAAsC,CAC9C,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,UAAU,CAAC;IAC1B,sBAAsB,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,KAAK,yBAAyB,GAC1B,4BAA4B,GAC5B,6BAA6B,GAC7B,2BAA2B,CAAC;AAEhC,KAAK,gCAAgC,GAAG;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,wBAAwB,CAAC;IACvC,QAAQ,EAAE,OAAO,gCAAgC,CAAC;IAClD,MAAM,EAAE,OAAO,gCAAgC,CAAC;CACjD,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG,YAAY,CACpD,gCAAgC,EAChC,0BAA0B,EAC1B,wBAAwB,CACzB,CAAC;AAEF,KAAK,2BAA2B,GAAG;IACjC,4BAA4B,EAAE,8BAA8B,CAAC;IAC7D,6BAA6B,EAAE,+BAA+B,CAAC;IAC/D,2BAA2B,EAAE,yBAAyB,CAAC;CACxD,CAAC;AAEF,KAAK,4BAA4B,GAAG;IAClC,4BAA4B,EAAE,+BAA+B,CAAC;IAC9D,6BAA6B,EAAE,kCAAkC,CAAC;IAClE,2BAA2B,EAAE,0BAA0B,CAAC;CACzD,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,OAAO,CAAC,CAAC,SAAS,yBAAyB,EACzC,MAAM,EAAE,CAAC,EACT,KAAK,EAAE,2BAA2B,CAAC,CAAC,CAAC,EACrC,IAAI,CAAC,EAAE,OAAO,GACb,WAAW,CAAC,4BAA4B,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;CAC5D,CAAC;AAEF,KAAK,6BAA6B,GAAG;IACnC,SAAS,CAAC,MAAM,EAAE,qBAAqB,GAAG;QACxC,KAAK,CACH,KAAK,EAAE,uBAAuB,GAC7B;YACD,KAAK,IAAI,WAAW,CAAC,2BAA2B,EAAE,SAAS,CAAC,CAAC;SAC9D,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,yBAAyB,GACjC,aAAa,GACb,6BAA6B,CAAC;AAyIlC,wBAAsB,oBAAoB,CACxC,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,cAAc,CAAC,CA8BzB;AAED,wBAAsB,iBAAiB,CAAC,KAAK,EAAE;IAC7C,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAQnC;AAED,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,uBAAuB,GAC/B,MAAM,CAER;AAED,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,MAAM,GACZ,uBAAuB,CAOzB;AAED,wBAAsB,4BAA4B,CAAC,IAAI,EAAE;IACvD,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,uBAAuB,CAAC;CAClC,GAAG,OAAO,CACT;IACE,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CACF,CAkCA;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;CAC1B,GAAG,OAAO,CAAC,OAAO,CAAC,CAInB;AAED,wBAAgB,yBAAyB,CACvC,iBAAiB,EAAE,MAAM,EACzB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EACX,cAAc,CAAC,EAAE,MAAM,GACtB,UAAU,CA8BZ;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE;IAChD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,2BAA2B,CAAC,CA2BvC;AAED,wBAAsB,yBAAyB,CAAC,IAAI,EAAE;IACpD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,eAAe,GAAG;IAAE,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC,CA0BxD;AAED,wBAAsB,uBAAuB,CAAC,IAAI,EAAE;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CACT,OAAO,CAAC,+BAA+B,EAAE;IAAE,MAAM,EAAE,WAAW,CAAA;CAAE,CAAC,CAClE,CAuDA;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,0BAA0B,CAAC,CA8BtC;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,yBAAyB;0BAGT,uBAAuB;kCAIhB,8BAA8B;kCAG7B,+BAA+B;gCAGjC,yBAAyB;EAIxD;AAED,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,2BAA2B,GACjC,OAAO,CAAC,OAAO,CAAC,CAkBlB"}
+{"version":3,"file":"device_activation.d.ts","sourceRoot":"","sources":["../../../auth/device_activation.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAE/B,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAOrD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AACpD,OAAO,EACL,uCAAuC,EACvC,+BAA+B,EAC/B,2CAA2C,EAC3C,mCAAmC,EACnC,6CAA6C,EAC7C,qCAAqC,EACrC,8CAA8C,EAC9C,8CAA8C,EAC9C,sCAAsC,EAEtC,qCAAqC,EACtC,MAAM,eAAe,CAAC;AAiBvB,eAAO,MAAM,6BAA6B;;;;;EAKxC,CAAC;AAEH,eAAO,MAAM,iCAAiC;;;;;;;EACR,CAAC;AAEvC,MAAM,MAAM,uBAAuB,GAAG,YAAY,CAChD,OAAO,6BAA6B,CACrC,CAAC;AACF,MAAM,MAAM,2BAA2B,GAAG,YAAY,CACpD,OAAO,iCAAiC,CACzC,CAAC;AACF,MAAM,MAAM,+BAA+B,GAAG,YAAY,CACxD,OAAO,qCAAqC,CAC7C,CAAC;AACF,MAAM,MAAM,qCAAqC,GAAG,YAAY,CAC9D,OAAO,sCAAsC,CAC9C,CAAC;AACF,MAAM,MAAM,wCAAwC,GAAG,YAAY,CACjE,OAAO,8CAA8C,CACtD,CAAC;AACF,MAAM,MAAM,sCAAsC,GAAG,YAAY,CAC/D,OAAO,8CAA8C,CACtD,CAAC;AACF,MAAM,MAAM,kCAAkC,GAAG,YAAY,CAC3D,OAAO,mCAAmC,CAC3C,CAAC;AACF,MAAM,MAAM,mCAAmC,GAAG,YAAY,CAC5D,OAAO,2CAA2C,CACnD,CAAC;AACF,MAAM,MAAM,oCAAoC,GAAG,YAAY,CAC7D,OAAO,qCAAqC,CAC7C,CAAC;AACF,MAAM,MAAM,uCAAuC,GAAG,YAAY,CAChE,OAAO,6CAA6C,CACrD,CAAC;AACF,MAAM,MAAM,yBAAyB,GAAG,YAAY,CAClD,OAAO,+BAA+B,CACvC,CAAC;AACF,MAAM,MAAM,0BAA0B,GAAG,YAAY,CACnD,OAAO,uCAAuC,CAC/C,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,YAAY,EAAE,UAAU,CAAC;IACzB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,aAAa,EAAE,UAAU,CAAC;IAC1B,sBAAsB,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,KAAK,yBAAyB,GAC1B,iCAAiC,GACjC,mCAAmC,GACnC,8BAA8B,CAAC;AAEnC,KAAK,8CAA8C,GAAG;IACpD,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,sCAAsC,CAAC;IACrD,QAAQ,EAAE,OAAO,8CAA8C,CAAC;IAChE,MAAM,EAAE,OAAO,8CAA8C,CAAC;CAC/D,CAAC;AAEF,MAAM,MAAM,yCAAyC,GAAG,YAAY,CAClE,8CAA8C,EAC9C,wCAAwC,EACxC,sCAAsC,CACvC,CAAC;AAEF,KAAK,2BAA2B,GAAG;IACjC,iCAAiC,EAAE,kCAAkC,CAAC;IACtE,mCAAmC,EAAE,oCAAoC,CAAC;IAC1E,8BAA8B,EAAE,yBAAyB,CAAC;CAC3D,CAAC;AAEF,KAAK,4BAA4B,GAAG;IAClC,iCAAiC,EAAE,mCAAmC,CAAC;IACvE,mCAAmC,EAAE,uCAAuC,CAAC;IAC7E,8BAA8B,EAAE,0BAA0B,CAAC;CAC5D,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,OAAO,CAAC,CAAC,SAAS,yBAAyB,EACzC,MAAM,EAAE,CAAC,EACT,KAAK,EAAE,2BAA2B,CAAC,CAAC,CAAC,EACrC,IAAI,CAAC,EAAE,OAAO,GACb,WAAW,CAAC,4BAA4B,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;CAC5D,CAAC;AAEF,KAAK,2CAA2C,GAAG;IACjD,SAAS,CAAC,MAAM,EAAE,oCAAoC,GAAG;QACvD,KAAK,CACH,KAAK,EAAE,qCAAqC,GAC3C;YACD,KAAK,IAAI,WAAW,CAClB,yCAAyC,EACzC,SAAS,CACV,CAAC;SACH,CAAC;KACH,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,yBAAyB,GACjC,aAAa,GACb,2CAA2C,CAAC;AAyIhD,wBAAsB,oBAAoB,CACxC,gBAAgB,EAAE,UAAU,GAC3B,OAAO,CAAC,cAAc,CAAC,CA8BzB;AAED,wBAAsB,iBAAiB,CAAC,KAAK,EAAE;IAC7C,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,uBAAuB,CAAC,CAQnC;AAED,wBAAgB,6BAA6B,CAC3C,OAAO,EAAE,uBAAuB,GAC/B,MAAM,CAER;AAED,wBAAgB,4BAA4B,CAC1C,KAAK,EAAE,MAAM,GACZ,uBAAuB,CAOzB;AAED,wBAAsB,4BAA4B,CAAC,IAAI,EAAE;IACvD,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,uBAAuB,CAAC;CAClC,GAAG,OAAO,CACT;IACE,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;CACvB,CACF,CAkCA;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf,GAAG,OAAO,CAAC,MAAM,CAAC,CAclB;AAED,wBAAsB,4BAA4B,CAAC,KAAK,EAAE;IACxD,aAAa,EAAE,UAAU,GAAG,MAAM,CAAC;IACnC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,gBAAgB,EAAE,MAAM,CAAC;CAC1B,GAAG,OAAO,CAAC,OAAO,CAAC,CAInB;AAED,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,MAAM,EACd,iBAAiB,EAAE,MAAM,EACzB,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,MAAM,EACX,cAAc,EAAE,MAAM,GACrB,UAAU,CAoCZ;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE;IAChD,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,2BAA2B,CAAC,CA6BvC;AAED,wBAAsB,yBAAyB,CAAC,IAAI,EAAE;IACpD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,eAAe,GAAG;IAAE,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC,CA0BxD;AAED,wBAAsB,uBAAuB,CAAC,IAAI,EAAE;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CACT,OAAO,CAAC,+BAA+B,EAAE;IAAE,MAAM,EAAE,WAAW,CAAA;CAAE,CAAC,CAClE,CAuDA;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE;IAC/C,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,UAAU,GAAG,MAAM,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;IACvB,GAAG,CAAC,EAAE,MAAM,CAAC;CACd,GAAG,OAAO,CAAC,0BAA0B,CAAC,CA+BtC;AAED,wBAAgB,4BAA4B,CAC1C,MAAM,EAAE,yBAAyB;wCAGK,qCAAqC;iCAK5C,kCAAkC;kCAGjC,oCAAoC;gCAItC,yBAAyB;EAIxD;AAED,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,2BAA2B,GACjC,OAAO,CAAC,OAAO,CAAC,CAmBlB"}