npm - @qlever-llc/trellis - Versions diffs - 0.8.4 → 0.9.0-rc.10 - Mend

@qlever-llc/trellis 0.8.4 → 0.9.0-rc.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (693) hide show

package/README.md +1 -1
package/bin/trellis-generate.js +0 -0
package/esm/auth/browser/login.d.ts.map +1 -1
package/esm/auth/browser/login.js +46 -3
package/esm/auth/browser/portal.d.ts.map +1 -1
package/esm/auth/browser/portal.js +5 -1
package/esm/auth/browser/session.d.ts +18 -7
package/esm/auth/browser/session.d.ts.map +1 -1
package/esm/auth/browser/session.js +47 -11
package/esm/auth/browser/storage.d.ts +6 -1
package/esm/auth/browser/storage.d.ts.map +1 -1
package/esm/auth/browser/storage.js +15 -3
package/esm/auth/browser.d.ts +2 -2
package/esm/auth/browser.d.ts.map +1 -1
package/esm/auth/browser.js +1 -1
package/esm/auth/device_activation.d.ts +36 -33
package/esm/auth/device_activation.d.ts.map +1 -1
package/esm/auth/device_activation.js +26 -22
package/esm/auth/mod.d.ts +4 -4
package/esm/auth/mod.d.ts.map +1 -1
package/esm/auth/mod.js +2 -2
package/esm/auth/proof.d.ts +3 -1
package/esm/auth/proof.d.ts.map +1 -1
package/esm/auth/proof.js +21 -15
package/esm/auth/protocol.d.ts +2457 -941
package/esm/auth/protocol.d.ts.map +1 -1
package/esm/auth/protocol.js +747 -375
package/esm/auth/schemas.d.ts +25 -4
package/esm/auth/schemas.d.ts.map +1 -1
package/esm/auth/schemas.js +14 -4
package/esm/auth/session_auth.d.ts +1 -1
package/esm/auth/session_auth.d.ts.map +1 -1
package/esm/auth/session_auth.js +7 -1
package/esm/client_connect.d.ts +2 -0
package/esm/client_connect.d.ts.map +1 -1
package/esm/client_connect.js +76 -15
package/esm/contract.d.ts +3 -0
package/esm/contract.d.ts.map +1 -1
package/esm/contract_support/mod.d.ts +422 -43
package/esm/contract_support/mod.d.ts.map +1 -1
package/esm/contract_support/mod.js +734 -33
package/esm/contract_support/protocol.d.ts +20 -5
package/esm/contract_support/protocol.d.ts.map +1 -1
package/esm/contract_support/protocol.js +18 -10
package/esm/contract_support/runtime.d.ts +11 -0
package/esm/contract_support/runtime.d.ts.map +1 -1
package/esm/contract_support/schema_pointers.d.ts.map +1 -1
package/esm/contract_support/schema_pointers.js +32 -14
package/esm/device.d.ts +2 -0
package/esm/device.d.ts.map +1 -1
package/esm/device.js +3 -0
package/esm/errors/AuthError.d.ts +2 -1
package/esm/errors/AuthError.d.ts.map +1 -1
package/esm/errors/AuthError.js +8 -3
package/esm/errors/index.d.ts +4 -4
package/esm/errors/index.d.ts.map +1 -1
package/esm/errors/index.js +1 -0
package/esm/generated-sdk/auth/api.d.ts +27 -9
package/esm/generated-sdk/auth/api.d.ts.map +1 -1
package/esm/generated-sdk/auth/api.js +16 -590
package/esm/generated-sdk/auth/client.d.ts +91 -85
package/esm/generated-sdk/auth/client.d.ts.map +1 -1
package/esm/generated-sdk/auth/contract.d.ts +1 -1
package/esm/generated-sdk/auth/contract.d.ts.map +1 -1
package/esm/generated-sdk/auth/contract.js +4 -2
package/esm/generated-sdk/auth/mod.d.ts +1 -0
package/esm/generated-sdk/auth/mod.d.ts.map +1 -1
package/esm/generated-sdk/auth/owned_api.d.ts +3 -0
package/esm/generated-sdk/auth/owned_api.d.ts.map +1 -0
package/esm/generated-sdk/auth/owned_api.js +594 -0
package/esm/generated-sdk/auth/schemas.d.ts +9959 -5160
package/esm/generated-sdk/auth/schemas.d.ts.map +1 -1
package/esm/generated-sdk/auth/schemas.js +136 -137
package/esm/generated-sdk/auth/types.d.ts +2418 -1557
package/esm/generated-sdk/auth/types.d.ts.map +1 -1
package/esm/generated-sdk/auth/types.js +1 -1
package/esm/generated-sdk/health/api.d.ts +24 -9
package/esm/generated-sdk/health/api.d.ts.map +1 -1
package/esm/generated-sdk/health/api.js +12 -20
package/esm/generated-sdk/health/client.d.ts +2 -1
package/esm/generated-sdk/health/client.d.ts.map +1 -1
package/esm/generated-sdk/health/contract.d.ts.map +1 -1
package/esm/generated-sdk/health/contract.js +2 -0
package/esm/generated-sdk/health/owned_api.d.ts +3 -0
package/esm/generated-sdk/health/owned_api.d.ts.map +1 -0
package/esm/generated-sdk/health/owned_api.js +16 -0
package/esm/generated-sdk/health/types.d.ts +2 -0
package/esm/generated-sdk/health/types.d.ts.map +1 -1
package/esm/generated-sdk/jobs/api.d.ts +33 -9
package/esm/generated-sdk/jobs/api.d.ts.map +1 -1
package/esm/generated-sdk/jobs/api.js +22 -87
package/esm/generated-sdk/jobs/client.d.ts +9 -2
package/esm/generated-sdk/jobs/client.d.ts.map +1 -1
package/esm/generated-sdk/jobs/contract.d.ts +1 -1
package/esm/generated-sdk/jobs/contract.d.ts.map +1 -1
package/esm/generated-sdk/jobs/contract.js +4 -2
package/esm/generated-sdk/jobs/owned_api.d.ts +3 -0
package/esm/generated-sdk/jobs/owned_api.d.ts.map +1 -0
package/esm/generated-sdk/jobs/owned_api.js +118 -0
package/esm/generated-sdk/jobs/schemas.d.ts +336 -123
package/esm/generated-sdk/jobs/schemas.d.ts.map +1 -1
package/esm/generated-sdk/jobs/schemas.js +17 -15
package/esm/generated-sdk/jobs/types.d.ts +144 -34
package/esm/generated-sdk/jobs/types.d.ts.map +1 -1
package/esm/generated-sdk/jobs/types.js +36 -1
package/esm/generated-sdk/state/api.d.ts +27 -9
package/esm/generated-sdk/state/api.d.ts.map +1 -1
package/esm/generated-sdk/state/api.js +16 -71
package/esm/generated-sdk/state/client.d.ts +4 -2
package/esm/generated-sdk/state/client.d.ts.map +1 -1
package/esm/generated-sdk/state/contract.d.ts +1 -1
package/esm/generated-sdk/state/contract.d.ts.map +1 -1
package/esm/generated-sdk/state/contract.js +4 -2
package/esm/generated-sdk/state/owned_api.d.ts +3 -0
package/esm/generated-sdk/state/owned_api.d.ts.map +1 -0
package/esm/generated-sdk/state/owned_api.js +66 -0
package/esm/generated-sdk/state/schemas.d.ts +264 -284
package/esm/generated-sdk/state/schemas.d.ts.map +1 -1
package/esm/generated-sdk/state/schemas.js +6 -6
package/esm/generated-sdk/state/types.d.ts +24 -23
package/esm/generated-sdk/state/types.d.ts.map +1 -1
package/esm/generated-sdk/state/types.js +1 -1
package/esm/generated-sdk/trellis-core/api.d.ts +27 -9
package/esm/generated-sdk/trellis-core/api.d.ts.map +1 -1
package/esm/generated-sdk/trellis-core/api.js +16 -39
package/esm/generated-sdk/trellis-core/client.d.ts +5 -2
package/esm/generated-sdk/trellis-core/client.d.ts.map +1 -1
package/esm/generated-sdk/trellis-core/contract.d.ts +1 -1
package/esm/generated-sdk/trellis-core/contract.d.ts.map +1 -1
package/esm/generated-sdk/trellis-core/contract.js +4 -2
package/esm/generated-sdk/trellis-core/owned_api.d.ts +3 -0
package/esm/generated-sdk/trellis-core/owned_api.d.ts.map +1 -0
package/esm/generated-sdk/trellis-core/owned_api.js +42 -0
package/esm/generated-sdk/trellis-core/schemas.d.ts +259 -11
package/esm/generated-sdk/trellis-core/schemas.d.ts.map +1 -1
package/esm/generated-sdk/trellis-core/schemas.js +5 -3
package/esm/generated-sdk/trellis-core/types.d.ts +56 -1
package/esm/generated-sdk/trellis-core/types.d.ts.map +1 -1
package/esm/generated-sdk/trellis-core/types.js +1 -1
package/esm/helpers.d.ts.map +1 -1
package/esm/index.d.ts +4 -3
package/esm/index.d.ts.map +1 -1
package/esm/index.js +1 -0
package/esm/jobs.d.ts +10 -1
package/esm/jobs.d.ts.map +1 -1
package/esm/jobs.js +16 -1
package/esm/kv.d.ts.map +1 -1
package/esm/kv.js +10 -4
package/esm/models/auth/rpc/Logout.d.ts +4 -4
package/esm/models/auth/rpc/Logout.d.ts.map +1 -1
package/esm/models/auth/rpc/Logout.js +2 -2
package/esm/models/trellis/Page.d.ts +2 -0
package/esm/models/trellis/Page.d.ts.map +1 -0
package/esm/models/trellis/Page.js +1 -0
package/esm/models/trellis/State.d.ts +1 -0
package/esm/models/trellis/State.d.ts.map +1 -1
package/esm/models/trellis/State.js +1 -0
package/esm/models/trellis/rpc/StateList.d.ts +9 -12
package/esm/models/trellis/rpc/StateList.d.ts.map +1 -1
package/esm/models/trellis/rpc/StateList.js +16 -18
package/esm/npm/src/auth/browser/login.d.ts.map +1 -1
package/esm/npm/src/auth/browser/login.js +46 -3
package/esm/npm/src/auth/browser/portal.d.ts.map +1 -1
package/esm/npm/src/auth/browser/portal.js +5 -1
package/esm/npm/src/auth/browser/session.d.ts +18 -7
package/esm/npm/src/auth/browser/session.d.ts.map +1 -1
package/esm/npm/src/auth/browser/session.js +47 -11
package/esm/npm/src/auth/browser/storage.d.ts +6 -1
package/esm/npm/src/auth/browser/storage.d.ts.map +1 -1
package/esm/npm/src/auth/browser/storage.js +15 -3
package/esm/npm/src/auth/browser.d.ts +2 -2
package/esm/npm/src/auth/browser.d.ts.map +1 -1
package/esm/npm/src/auth/browser.js +1 -1
package/esm/npm/src/auth/device_activation.d.ts +36 -33
package/esm/npm/src/auth/device_activation.d.ts.map +1 -1
package/esm/npm/src/auth/device_activation.js +26 -22
package/esm/npm/src/auth/mod.d.ts +4 -4
package/esm/npm/src/auth/mod.d.ts.map +1 -1
package/esm/npm/src/auth/mod.js +2 -2
package/esm/npm/src/auth/proof.d.ts +3 -1
package/esm/npm/src/auth/proof.d.ts.map +1 -1
package/esm/npm/src/auth/proof.js +21 -15
package/esm/npm/src/auth/protocol.d.ts +2457 -941
package/esm/npm/src/auth/protocol.d.ts.map +1 -1
package/esm/npm/src/auth/protocol.js +747 -375
package/esm/npm/src/auth/schemas.d.ts +25 -4
package/esm/npm/src/auth/schemas.d.ts.map +1 -1
package/esm/npm/src/auth/schemas.js +14 -4
package/esm/npm/src/auth/session_auth.d.ts +1 -1
package/esm/npm/src/auth/session_auth.d.ts.map +1 -1
package/esm/npm/src/auth/session_auth.js +7 -1
package/esm/npm/src/client_connect.d.ts +2 -0
package/esm/npm/src/client_connect.d.ts.map +1 -1
package/esm/npm/src/client_connect.js +76 -15
package/esm/npm/src/contract.d.ts +3 -0
package/esm/npm/src/contract.d.ts.map +1 -1
package/esm/npm/src/contract_support/mod.d.ts +422 -43
package/esm/npm/src/contract_support/mod.d.ts.map +1 -1
package/esm/npm/src/contract_support/mod.js +734 -33
package/esm/npm/src/contract_support/protocol.d.ts +20 -5
package/esm/npm/src/contract_support/protocol.d.ts.map +1 -1
package/esm/npm/src/contract_support/protocol.js +18 -10
package/esm/npm/src/contract_support/runtime.d.ts +11 -0
package/esm/npm/src/contract_support/runtime.d.ts.map +1 -1
package/esm/npm/src/contract_support/schema_pointers.d.ts.map +1 -1
package/esm/npm/src/contract_support/schema_pointers.js +32 -14
package/esm/npm/src/device/deno.d.ts.map +1 -1
package/esm/npm/src/device/deno.js +6 -0
package/esm/npm/src/device.d.ts +2 -0
package/esm/npm/src/device.d.ts.map +1 -1
package/esm/npm/src/device.js +3 -0
package/esm/npm/src/errors/AuthError.d.ts +2 -1
package/esm/npm/src/errors/AuthError.d.ts.map +1 -1
package/esm/npm/src/errors/AuthError.js +8 -3
package/esm/npm/src/errors/index.d.ts +4 -4
package/esm/npm/src/errors/index.d.ts.map +1 -1
package/esm/npm/src/errors/index.js +1 -0
package/esm/npm/src/generate.js +39 -26
package/esm/npm/src/helpers.d.ts.map +1 -1
package/esm/npm/src/index.d.ts +4 -3
package/esm/npm/src/index.d.ts.map +1 -1
package/esm/npm/src/index.js +1 -0
package/esm/npm/src/jobs.d.ts +10 -1
package/esm/npm/src/jobs.d.ts.map +1 -1
package/esm/npm/src/jobs.js +16 -1
package/esm/npm/src/kv.d.ts.map +1 -1
package/esm/npm/src/kv.js +10 -4
package/esm/npm/src/models/auth/rpc/Logout.d.ts +4 -4
package/esm/npm/src/models/auth/rpc/Logout.d.ts.map +1 -1
package/esm/npm/src/models/auth/rpc/Logout.js +2 -2
package/esm/npm/src/models/trellis/Page.d.ts +2 -0
package/esm/npm/src/models/trellis/Page.d.ts.map +1 -0
package/esm/npm/src/models/trellis/Page.js +1 -0
package/esm/npm/src/models/trellis/State.d.ts +1 -0
package/esm/npm/src/models/trellis/State.d.ts.map +1 -1
package/esm/npm/src/models/trellis/State.js +1 -0
package/esm/npm/src/models/trellis/rpc/StateList.d.ts +9 -12
package/esm/npm/src/models/trellis/rpc/StateList.d.ts.map +1 -1
package/esm/npm/src/models/trellis/rpc/StateList.js +16 -18
package/esm/npm/src/operations.d.ts +16 -7
package/esm/npm/src/operations.d.ts.map +1 -1
package/esm/npm/src/operations.js +84 -19
package/esm/npm/src/runtime_transport.d.ts +2 -0
package/esm/npm/src/runtime_transport.d.ts.map +1 -1
package/esm/npm/src/runtime_transport.js +1 -0
package/esm/npm/src/server/internal_jobs/active-job.d.ts +2 -1
package/esm/npm/src/server/internal_jobs/active-job.d.ts.map +1 -1
package/esm/npm/src/server/internal_jobs/active-job.js +3 -0
package/esm/npm/src/server/internal_jobs/job-manager.d.ts +4 -1
package/esm/npm/src/server/internal_jobs/job-manager.d.ts.map +1 -1
package/esm/npm/src/server/internal_jobs/job-manager.js +61 -1
package/esm/npm/src/server/internal_jobs/projection.js +1 -0
package/esm/npm/src/server/internal_jobs/runtime-worker.d.ts +13 -1
package/esm/npm/src/server/internal_jobs/runtime-worker.d.ts.map +1 -1
package/esm/npm/src/server/internal_jobs/runtime-worker.js +73 -13
package/esm/npm/src/server/internal_jobs/types.d.ts +19 -0
package/esm/npm/src/server/internal_jobs/types.d.ts.map +1 -1
package/esm/npm/src/server/internal_jobs/types.js +10 -0
package/esm/npm/src/server/runtime.d.ts +1 -0
package/esm/npm/src/server/runtime.d.ts.map +1 -1
package/esm/npm/src/server/service.d.ts +10 -1
package/esm/npm/src/server/service.d.ts.map +1 -1
package/esm/npm/src/server/service.js +210 -64
package/esm/npm/src/server/transfer.d.ts.map +1 -1
package/esm/npm/src/server/transfer.js +4 -0
package/esm/npm/src/server.d.ts.map +1 -1
package/esm/npm/src/server.js +337 -34
package/esm/npm/src/store.d.ts +8 -1
package/esm/npm/src/store.d.ts.map +1 -1
package/esm/npm/src/store.js +46 -8
package/esm/npm/src/transfer.d.ts +3 -0
package/esm/npm/src/transfer.d.ts.map +1 -1
package/esm/npm/src/transfer.js +20 -30
package/esm/npm/src/trellis.d.ts +85 -22
package/esm/npm/src/trellis.d.ts.map +1 -1
package/esm/npm/src/trellis.js +525 -61
package/esm/operations.d.ts +16 -7
package/esm/operations.d.ts.map +1 -1
package/esm/operations.js +84 -19
package/esm/runtime_transport.d.ts +2 -0
package/esm/runtime_transport.d.ts.map +1 -1
package/esm/runtime_transport.js +1 -0
package/esm/store.d.ts +8 -1
package/esm/store.d.ts.map +1 -1
package/esm/store.js +46 -8
package/esm/transfer.d.ts +3 -0
package/esm/transfer.d.ts.map +1 -1
package/esm/transfer.js +20 -30
package/esm/trellis.d.ts +85 -22
package/esm/trellis.d.ts.map +1 -1
package/esm/trellis.js +525 -61
package/package.json +6 -3
package/script/auth/browser/login.d.ts.map +1 -1
package/script/auth/browser/login.js +46 -3
package/script/auth/browser/portal.d.ts.map +1 -1
package/script/auth/browser/portal.js +5 -1
package/script/auth/browser/session.d.ts +18 -7
package/script/auth/browser/session.d.ts.map +1 -1
package/script/auth/browser/session.js +47 -11
package/script/auth/browser/storage.d.ts +6 -1
package/script/auth/browser/storage.d.ts.map +1 -1
package/script/auth/browser/storage.js +15 -3
package/script/auth/browser.d.ts +2 -2
package/script/auth/browser.d.ts.map +1 -1
package/script/auth/browser.js +2 -1
package/script/auth/device_activation.d.ts +36 -33
package/script/auth/device_activation.d.ts.map +1 -1
package/script/auth/device_activation.js +25 -21
package/script/auth/mod.d.ts +4 -4
package/script/auth/mod.d.ts.map +1 -1
package/script/auth/mod.js +132 -137
package/script/auth/proof.d.ts +3 -1
package/script/auth/proof.d.ts.map +1 -1
package/script/auth/proof.js +21 -15
package/script/auth/protocol.d.ts +2457 -941
package/script/auth/protocol.d.ts.map +1 -1
package/script/auth/protocol.js +749 -377
package/script/auth/schemas.d.ts +25 -4
package/script/auth/schemas.d.ts.map +1 -1
package/script/auth/schemas.js +16 -5
package/script/auth/session_auth.d.ts +1 -1
package/script/auth/session_auth.d.ts.map +1 -1
package/script/auth/session_auth.js +7 -1
package/script/client_connect.d.ts +2 -0
package/script/client_connect.d.ts.map +1 -1
package/script/client_connect.js +76 -15
package/script/contract.d.ts +3 -0
package/script/contract.d.ts.map +1 -1
package/script/contract_support/mod.d.ts +422 -43
package/script/contract_support/mod.d.ts.map +1 -1
package/script/contract_support/mod.js +757 -51
package/script/contract_support/protocol.d.ts +20 -5
package/script/contract_support/protocol.d.ts.map +1 -1
package/script/contract_support/protocol.js +20 -11
package/script/contract_support/runtime.d.ts +11 -0
package/script/contract_support/runtime.d.ts.map +1 -1
package/script/contract_support/schema_pointers.d.ts.map +1 -1
package/script/contract_support/schema_pointers.js +32 -14
package/script/device.d.ts +2 -0
package/script/device.d.ts.map +1 -1
package/script/device.js +3 -0
package/script/errors/AuthError.d.ts +2 -1
package/script/errors/AuthError.d.ts.map +1 -1
package/script/errors/AuthError.js +8 -3
package/script/errors/index.d.ts +4 -4
package/script/errors/index.d.ts.map +1 -1
package/script/errors/index.js +1 -0
package/script/generated-sdk/auth/api.d.ts +27 -9
package/script/generated-sdk/auth/api.d.ts.map +1 -1
package/script/generated-sdk/auth/api.js +17 -591
package/script/generated-sdk/auth/client.d.ts +91 -85
package/script/generated-sdk/auth/client.d.ts.map +1 -1
package/script/generated-sdk/auth/contract.d.ts +1 -1
package/script/generated-sdk/auth/contract.d.ts.map +1 -1
package/script/generated-sdk/auth/contract.js +4 -2
package/script/generated-sdk/auth/mod.d.ts +1 -0
package/script/generated-sdk/auth/mod.d.ts.map +1 -1
package/script/generated-sdk/auth/owned_api.d.ts +3 -0
package/script/generated-sdk/auth/owned_api.d.ts.map +1 -0
package/script/generated-sdk/auth/owned_api.js +597 -0
package/script/generated-sdk/auth/schemas.d.ts +9959 -5160
package/script/generated-sdk/auth/schemas.d.ts.map +1 -1
package/script/generated-sdk/auth/schemas.js +139 -140
package/script/generated-sdk/auth/types.d.ts +2418 -1557
package/script/generated-sdk/auth/types.d.ts.map +1 -1
package/script/generated-sdk/auth/types.js +1 -1
package/script/generated-sdk/health/api.d.ts +24 -9
package/script/generated-sdk/health/api.d.ts.map +1 -1
package/script/generated-sdk/health/api.js +13 -21
package/script/generated-sdk/health/client.d.ts +2 -1
package/script/generated-sdk/health/client.d.ts.map +1 -1
package/script/generated-sdk/health/contract.d.ts.map +1 -1
package/script/generated-sdk/health/contract.js +2 -0
package/script/generated-sdk/health/owned_api.d.ts +3 -0
package/script/generated-sdk/health/owned_api.d.ts.map +1 -0
package/script/generated-sdk/health/owned_api.js +19 -0
package/script/generated-sdk/health/types.d.ts +2 -0
package/script/generated-sdk/health/types.d.ts.map +1 -1
package/script/generated-sdk/jobs/api.d.ts +33 -9
package/script/generated-sdk/jobs/api.d.ts.map +1 -1
package/script/generated-sdk/jobs/api.js +23 -88
package/script/generated-sdk/jobs/client.d.ts +9 -2
package/script/generated-sdk/jobs/client.d.ts.map +1 -1
package/script/generated-sdk/jobs/contract.d.ts +1 -1
package/script/generated-sdk/jobs/contract.d.ts.map +1 -1
package/script/generated-sdk/jobs/contract.js +4 -2
package/script/generated-sdk/jobs/owned_api.d.ts +3 -0
package/script/generated-sdk/jobs/owned_api.d.ts.map +1 -0
package/script/generated-sdk/jobs/owned_api.js +154 -0
package/script/generated-sdk/jobs/schemas.d.ts +336 -123
package/script/generated-sdk/jobs/schemas.d.ts.map +1 -1
package/script/generated-sdk/jobs/schemas.js +18 -16
package/script/generated-sdk/jobs/types.d.ts +144 -34
package/script/generated-sdk/jobs/types.d.ts.map +1 -1
package/script/generated-sdk/jobs/types.js +38 -2
package/script/generated-sdk/state/api.d.ts +27 -9
package/script/generated-sdk/state/api.d.ts.map +1 -1
package/script/generated-sdk/state/api.js +17 -72
package/script/generated-sdk/state/client.d.ts +4 -2
package/script/generated-sdk/state/client.d.ts.map +1 -1
package/script/generated-sdk/state/contract.d.ts +1 -1
package/script/generated-sdk/state/contract.d.ts.map +1 -1
package/script/generated-sdk/state/contract.js +4 -2
package/script/generated-sdk/state/owned_api.d.ts +3 -0
package/script/generated-sdk/state/owned_api.d.ts.map +1 -0
package/script/generated-sdk/state/owned_api.js +69 -0
package/script/generated-sdk/state/schemas.d.ts +264 -284
package/script/generated-sdk/state/schemas.d.ts.map +1 -1
package/script/generated-sdk/state/schemas.js +6 -6
package/script/generated-sdk/state/types.d.ts +24 -23
package/script/generated-sdk/state/types.d.ts.map +1 -1
package/script/generated-sdk/state/types.js +1 -1
package/script/generated-sdk/trellis-core/api.d.ts +27 -9
package/script/generated-sdk/trellis-core/api.d.ts.map +1 -1
package/script/generated-sdk/trellis-core/api.js +17 -40
package/script/generated-sdk/trellis-core/client.d.ts +5 -2
package/script/generated-sdk/trellis-core/client.d.ts.map +1 -1
package/script/generated-sdk/trellis-core/contract.d.ts +1 -1
package/script/generated-sdk/trellis-core/contract.d.ts.map +1 -1
package/script/generated-sdk/trellis-core/contract.js +4 -2
package/script/generated-sdk/trellis-core/owned_api.d.ts +3 -0
package/script/generated-sdk/trellis-core/owned_api.d.ts.map +1 -0
package/script/generated-sdk/trellis-core/owned_api.js +45 -0
package/script/generated-sdk/trellis-core/schemas.d.ts +259 -11
package/script/generated-sdk/trellis-core/schemas.d.ts.map +1 -1
package/script/generated-sdk/trellis-core/schemas.js +6 -4
package/script/generated-sdk/trellis-core/types.d.ts +56 -1
package/script/generated-sdk/trellis-core/types.d.ts.map +1 -1
package/script/generated-sdk/trellis-core/types.js +1 -1
package/script/helpers.d.ts.map +1 -1
package/script/index.d.ts +4 -3
package/script/index.d.ts.map +1 -1
package/script/index.js +5 -2
package/script/jobs.d.ts +10 -1
package/script/jobs.d.ts.map +1 -1
package/script/jobs.js +17 -2
package/script/kv.d.ts.map +1 -1
package/script/kv.js +10 -4
package/script/models/auth/rpc/Logout.d.ts +4 -4
package/script/models/auth/rpc/Logout.d.ts.map +1 -1
package/script/models/auth/rpc/Logout.js +3 -3
package/script/models/trellis/Page.d.ts +2 -0
package/script/models/trellis/Page.d.ts.map +1 -0
package/script/models/trellis/Page.js +6 -0
package/script/models/trellis/State.d.ts +1 -0
package/script/models/trellis/State.d.ts.map +1 -1
package/script/models/trellis/State.js +1 -0
package/script/models/trellis/rpc/StateList.d.ts +9 -12
package/script/models/trellis/rpc/StateList.d.ts.map +1 -1
package/script/models/trellis/rpc/StateList.js +16 -18
package/script/npm/src/auth/browser/login.d.ts.map +1 -1
package/script/npm/src/auth/browser/login.js +46 -3
package/script/npm/src/auth/browser/portal.d.ts.map +1 -1
package/script/npm/src/auth/browser/portal.js +5 -1
package/script/npm/src/auth/browser/session.d.ts +18 -7
package/script/npm/src/auth/browser/session.d.ts.map +1 -1
package/script/npm/src/auth/browser/session.js +47 -11
package/script/npm/src/auth/browser/storage.d.ts +6 -1
package/script/npm/src/auth/browser/storage.d.ts.map +1 -1
package/script/npm/src/auth/browser/storage.js +15 -3
package/script/npm/src/auth/browser.d.ts +2 -2
package/script/npm/src/auth/browser.d.ts.map +1 -1
package/script/npm/src/auth/browser.js +2 -1
package/script/npm/src/auth/device_activation.d.ts +36 -33
package/script/npm/src/auth/device_activation.d.ts.map +1 -1
package/script/npm/src/auth/device_activation.js +25 -21
package/script/npm/src/auth/mod.d.ts +4 -4
package/script/npm/src/auth/mod.d.ts.map +1 -1
package/script/npm/src/auth/mod.js +132 -137
package/script/npm/src/auth/proof.d.ts +3 -1
package/script/npm/src/auth/proof.d.ts.map +1 -1
package/script/npm/src/auth/proof.js +21 -15
package/script/npm/src/auth/protocol.d.ts +2457 -941
package/script/npm/src/auth/protocol.d.ts.map +1 -1
package/script/npm/src/auth/protocol.js +749 -377
package/script/npm/src/auth/schemas.d.ts +25 -4
package/script/npm/src/auth/schemas.d.ts.map +1 -1
package/script/npm/src/auth/schemas.js +16 -5
package/script/npm/src/auth/session_auth.d.ts +1 -1
package/script/npm/src/auth/session_auth.d.ts.map +1 -1
package/script/npm/src/auth/session_auth.js +7 -1
package/script/npm/src/client_connect.d.ts +2 -0
package/script/npm/src/client_connect.d.ts.map +1 -1
package/script/npm/src/client_connect.js +76 -15
package/script/npm/src/contract.d.ts +3 -0
package/script/npm/src/contract.d.ts.map +1 -1
package/script/npm/src/contract_support/mod.d.ts +422 -43
package/script/npm/src/contract_support/mod.d.ts.map +1 -1
package/script/npm/src/contract_support/mod.js +757 -51
package/script/npm/src/contract_support/protocol.d.ts +20 -5
package/script/npm/src/contract_support/protocol.d.ts.map +1 -1
package/script/npm/src/contract_support/protocol.js +20 -11
package/script/npm/src/contract_support/runtime.d.ts +11 -0
package/script/npm/src/contract_support/runtime.d.ts.map +1 -1
package/script/npm/src/contract_support/schema_pointers.d.ts.map +1 -1
package/script/npm/src/contract_support/schema_pointers.js +32 -14
package/script/npm/src/device/deno.d.ts.map +1 -1
package/script/npm/src/device/deno.js +6 -0
package/script/npm/src/device.d.ts +2 -0
package/script/npm/src/device.d.ts.map +1 -1
package/script/npm/src/device.js +3 -0
package/script/npm/src/errors/AuthError.d.ts +2 -1
package/script/npm/src/errors/AuthError.d.ts.map +1 -1
package/script/npm/src/errors/AuthError.js +8 -3
package/script/npm/src/errors/index.d.ts +4 -4
package/script/npm/src/errors/index.d.ts.map +1 -1
package/script/npm/src/errors/index.js +1 -0
package/script/npm/src/generate.js +39 -59
package/script/npm/src/helpers.d.ts.map +1 -1
package/script/npm/src/index.d.ts +4 -3
package/script/npm/src/index.d.ts.map +1 -1
package/script/npm/src/index.js +5 -2
package/script/npm/src/jobs.d.ts +10 -1
package/script/npm/src/jobs.d.ts.map +1 -1
package/script/npm/src/jobs.js +17 -2
package/script/npm/src/kv.d.ts.map +1 -1
package/script/npm/src/kv.js +10 -4
package/script/npm/src/models/auth/rpc/Logout.d.ts +4 -4
package/script/npm/src/models/auth/rpc/Logout.d.ts.map +1 -1
package/script/npm/src/models/auth/rpc/Logout.js +3 -3
package/script/npm/src/models/trellis/Page.d.ts +2 -0
package/script/npm/src/models/trellis/Page.d.ts.map +1 -0
package/script/npm/src/models/trellis/Page.js +6 -0
package/script/npm/src/models/trellis/State.d.ts +1 -0
package/script/npm/src/models/trellis/State.d.ts.map +1 -1
package/script/npm/src/models/trellis/State.js +1 -0
package/script/npm/src/models/trellis/rpc/StateList.d.ts +9 -12
package/script/npm/src/models/trellis/rpc/StateList.d.ts.map +1 -1
package/script/npm/src/models/trellis/rpc/StateList.js +16 -18
package/script/npm/src/operations.d.ts +16 -7
package/script/npm/src/operations.d.ts.map +1 -1
package/script/npm/src/operations.js +84 -19
package/script/npm/src/runtime_transport.d.ts +2 -0
package/script/npm/src/runtime_transport.d.ts.map +1 -1
package/script/npm/src/runtime_transport.js +2 -1
package/script/npm/src/server/internal_jobs/active-job.d.ts +2 -1
package/script/npm/src/server/internal_jobs/active-job.d.ts.map +1 -1
package/script/npm/src/server/internal_jobs/active-job.js +3 -0
package/script/npm/src/server/internal_jobs/job-manager.d.ts +4 -1
package/script/npm/src/server/internal_jobs/job-manager.d.ts.map +1 -1
package/script/npm/src/server/internal_jobs/job-manager.js +61 -1
package/script/npm/src/server/internal_jobs/projection.js +1 -0
package/script/npm/src/server/internal_jobs/runtime-worker.d.ts +13 -1
package/script/npm/src/server/internal_jobs/runtime-worker.d.ts.map +1 -1
package/script/npm/src/server/internal_jobs/runtime-worker.js +74 -13
package/script/npm/src/server/internal_jobs/types.d.ts +19 -0
package/script/npm/src/server/internal_jobs/types.d.ts.map +1 -1
package/script/npm/src/server/internal_jobs/types.js +11 -1
package/script/npm/src/server/runtime.d.ts +1 -0
package/script/npm/src/server/runtime.d.ts.map +1 -1
package/script/npm/src/server/service.d.ts +10 -1
package/script/npm/src/server/service.d.ts.map +1 -1
package/script/npm/src/server/service.js +208 -62
package/script/npm/src/server/transfer.d.ts.map +1 -1
package/script/npm/src/server/transfer.js +4 -0
package/script/npm/src/server.d.ts.map +1 -1
package/script/npm/src/server.js +336 -33
package/script/npm/src/store.d.ts +8 -1
package/script/npm/src/store.d.ts.map +1 -1
package/script/npm/src/store.js +46 -8
package/script/npm/src/transfer.d.ts +3 -0
package/script/npm/src/transfer.d.ts.map +1 -1
package/script/npm/src/transfer.js +19 -29
package/script/npm/src/trellis.d.ts +85 -22
package/script/npm/src/trellis.d.ts.map +1 -1
package/script/npm/src/trellis.js +525 -61
package/script/operations.d.ts +16 -7
package/script/operations.d.ts.map +1 -1
package/script/operations.js +84 -19
package/script/runtime_transport.d.ts +2 -0
package/script/runtime_transport.d.ts.map +1 -1
package/script/runtime_transport.js +2 -1
package/script/store.d.ts +8 -1
package/script/store.d.ts.map +1 -1
package/script/store.js +46 -8
package/script/transfer.d.ts +3 -0
package/script/transfer.d.ts.map +1 -1
package/script/transfer.js +19 -29
package/script/trellis.d.ts +85 -22
package/script/trellis.d.ts.map +1 -1
package/script/trellis.js +525 -61
package/src/_dnt.polyfills.ts +274 -0
package/src/_dnt.shims.ts +64 -0
package/src/auth/browser/login.ts +295 -0
package/src/auth/browser/portal.ts +75 -0
package/src/auth/browser/session.ts +197 -0
package/src/auth/browser/storage.ts +105 -0
package/src/auth/browser.ts +82 -0
package/src/auth/device_activation.ts +715 -0
package/src/auth/keys.ts +116 -0
package/src/auth/mod.ts +298 -0
package/src/auth/proof.ts +111 -0
package/src/auth/protocol.ts +1629 -0
package/src/auth/schemas.ts +145 -0
package/src/auth/session_auth.ts +167 -0
package/src/auth/time.ts +15 -0
package/src/auth/trellis_id.ts +9 -0
package/src/auth/types.ts +4 -0
package/src/auth/utils.ts +87 -0
package/src/auth.ts +2 -0
package/src/browser.ts +8 -0
package/src/client.ts +164 -0
package/src/client_connect.ts +1328 -0
package/src/codec.ts +107 -0
package/src/connection.ts +466 -0
package/src/contract.ts +84 -0
package/src/contract_support/canonical.ts +217 -0
package/src/contract_support/mod.ts +5079 -0
package/src/contract_support/protocol.ts +213 -0
package/src/contract_support/runtime.ts +129 -0
package/src/contract_support/schema_pointers.ts +161 -0
package/src/contracts.ts +9 -0
package/src/device/deno.ts +941 -0
package/src/device.ts +989 -0
package/src/env.ts +1 -0
package/src/errors/AuthError.ts +82 -0
package/src/errors/KVError.ts +47 -0
package/src/errors/RemoteError.ts +111 -0
package/src/errors/StoreError.ts +43 -0
package/src/errors/TransferError.ts +43 -0
package/src/errors/TransportError.ts +48 -0
package/src/errors/TrellisError.ts +20 -0
package/src/errors/ValidationError.ts +80 -0
package/src/errors/index.ts +195 -0
package/src/generate.ts +329 -0
package/src/globals.ts +26 -0
package/src/health.ts +28 -0
package/src/helpers.ts +63 -0
package/src/host/mod.ts +9 -0
package/src/host/node.ts +9 -0
package/src/index.ts +233 -0
package/src/jobs.ts +344 -0
package/src/kv.ts +564 -0
package/src/models/auth/rpc/Logout.ts +15 -0
package/src/models/trellis/Page.ts +6 -0
package/src/models/trellis/State.ts +55 -0
package/src/models/trellis/TrellisError.ts +21 -0
package/src/models/trellis/rpc/StateDelete.ts +13 -0
package/src/models/trellis/rpc/StateGet.ts +25 -0
package/src/models/trellis/rpc/StateList.ts +26 -0
package/src/models/trellis/rpc/StatePut.ts +42 -0
package/src/operations.ts +1508 -0
package/src/runtime_transport.ts +132 -0
package/src/sdk/auth.ts +2 -0
package/src/sdk/core.ts +2 -0
package/src/sdk/health.ts +2 -0
package/src/sdk/jobs.ts +2 -0
package/src/sdk/state.ts +2 -0
package/src/server/health.ts +379 -0
package/src/server/health_rpc.ts +51 -0
package/src/server/health_schemas.ts +61 -0
package/src/server/internal_jobs/active-job.ts +115 -0
package/src/server/internal_jobs/bindings.ts +26 -0
package/src/server/internal_jobs/cancellation-registry.ts +71 -0
package/src/server/internal_jobs/heartbeat.ts +120 -0
package/src/server/internal_jobs/job-manager.ts +456 -0
package/src/server/internal_jobs/projection.ts +48 -0
package/src/server/internal_jobs/runtime-worker.ts +741 -0
package/src/server/internal_jobs/types.ts +124 -0
package/src/server/runtime.ts +27 -0
package/src/server/service.ts +2377 -0
package/src/server/subscription.ts +143 -0
package/src/server/transfer.ts +962 -0
package/src/server.ts +1725 -0
package/src/server_logger.ts +10 -0
package/src/service/deno.ts +18 -0
package/src/service/mod.ts +68 -0
package/src/service/node.ts +18 -0
package/src/store.ts +658 -0
package/src/tasks.ts +34 -0
package/src/telemetry/carrier.ts +35 -0
package/src/telemetry/core.ts +31 -0
package/src/telemetry/env.ts +23 -0
package/src/telemetry/mod.ts +26 -0
package/src/telemetry/nats.ts +15 -0
package/src/telemetry/result.ts +20 -0
package/src/telemetry/trace.ts +39 -0
package/src/telemetry/trellis.ts +1 -0
package/src/tracing.ts +28 -0
package/src/transfer.ts +602 -0
package/src/trellis.ts +3650 -0
package/esm/models/trellis/Paginate.d.ts +0 -7
package/esm/models/trellis/Paginate.d.ts.map +0 -1
package/esm/models/trellis/Paginate.js +0 -5
package/esm/npm/src/models/trellis/Paginate.d.ts +0 -7
package/esm/npm/src/models/trellis/Paginate.d.ts.map +0 -1
package/esm/npm/src/models/trellis/Paginate.js +0 -5
package/script/models/trellis/Paginate.d.ts +0 -7
package/script/models/trellis/Paginate.d.ts.map +0 -1
package/script/models/trellis/Paginate.js +0 -11
package/script/npm/src/models/trellis/Paginate.d.ts +0 -7
package/script/npm/src/models/trellis/Paginate.d.ts.map +0 -1
package/script/npm/src/models/trellis/Paginate.js +0 -11

package/src/auth/device_activation.ts ADDED Viewed

@@ -0,0 +1,715 @@
+import type { StaticDecode } from "typebox";
+import { Type } from "typebox";
+import { Value } from "typebox/value";
+import type { BaseError } from "@qlever-llc/result";
+import { AsyncResult } from "@qlever-llc/result";
+import type { OperationRef } from "../operations.js";
+import {
+  importEd25519PrivateKeyFromSeedBase64url,
+  importEd25519PublicKeyFromBase64url,
+  publicKeyBase64urlFromPrivateKey,
+} from "./keys.js";
+import type { NatsAuthTokenV1 } from "./schemas.js";
+import {
+  AuthDevicesConnectInfoGetResponseSchema,
+  AuthDevicesConnectInfoGetSchema,
+  AuthDeviceUserAuthoritiesListResponseSchema,
+  AuthDeviceUserAuthoritiesListSchema,
+  AuthDeviceUserAuthoritiesRevokeResponseSchema,
+  AuthDeviceUserAuthoritiesRevokeSchema,
+  AuthResolveDeviceUserAuthoritiesProgressSchema,
+  AuthResolveDeviceUserAuthoritiesResponseSchema,
+  AuthResolveDeviceUserAuthoritiesSchema,
+  WaitForDeviceActivationRequestSchema,
+  WaitForDeviceActivationResponseSchema,
+} from "./protocol.js";
+import {
+  base64urlDecode,
+  base64urlEncode,
+  sha256,
+  toArrayBuffer,
+  utf8,
+} from "./utils.js";
+import { buildNatsConnectSignaturePayload } from "./session_auth.js";
+const DEVICE_IDENTITY_HKDF_INFO = "trellis/device-identity/v1";
+const DEVICE_ACTIVATION_HKDF_INFO = "trellis/device-activate/v1";
+const DEVICE_QR_MAC_DOMAIN = "trellis-device-qr/v1";
+const DEVICE_CONFIRMATION_DOMAIN = "trellis-device-confirm/v1";
+const CROCKFORD_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+const DEFAULT_WAIT_POLL_INTERVAL_MS = 3_000;
+export const DeviceActivationPayloadSchema = Type.Object({
+  v: Type.Literal(1),
+  publicIdentityKey: Type.String({ minLength: 1 }),
+  nonce: Type.String({ minLength: 1 }),
+  qrMac: Type.String({ minLength: 1 }),
+});
+export const DeviceActivationWaitRequestSchema =
+  WaitForDeviceActivationRequestSchema;
+export type DeviceActivationPayload = StaticDecode<
+  typeof DeviceActivationPayloadSchema
+>;
+export type DeviceActivationWaitRequest = StaticDecode<
+  typeof DeviceActivationWaitRequestSchema
+>;
+export type WaitForDeviceActivationResponse = StaticDecode<
+  typeof WaitForDeviceActivationResponseSchema
+>;
+export type AuthResolveDeviceUserAuthoritiesInput = StaticDecode<
+  typeof AuthResolveDeviceUserAuthoritiesSchema
+>;
+export type AuthResolveDeviceUserAuthoritiesProgress = StaticDecode<
+  typeof AuthResolveDeviceUserAuthoritiesProgressSchema
+>;
+export type AuthResolveDeviceUserAuthoritiesOutput = StaticDecode<
+  typeof AuthResolveDeviceUserAuthoritiesResponseSchema
+>;
+export type AuthDeviceUserAuthoritiesListInput = StaticDecode<
+  typeof AuthDeviceUserAuthoritiesListSchema
+>;
+export type AuthDeviceUserAuthoritiesListOutput = StaticDecode<
+  typeof AuthDeviceUserAuthoritiesListResponseSchema
+>;
+export type AuthDeviceUserAuthoritiesRevokeInput = StaticDecode<
+  typeof AuthDeviceUserAuthoritiesRevokeSchema
+>;
+export type AuthDeviceUserAuthoritiesRevokeResponse = StaticDecode<
+  typeof AuthDeviceUserAuthoritiesRevokeResponseSchema
+>;
+export type GetDeviceConnectInfoInput = StaticDecode<
+  typeof AuthDevicesConnectInfoGetSchema
+>;
+export type GetDeviceConnectInfoOutput = StaticDecode<
+  typeof AuthDevicesConnectInfoGetResponseSchema
+>;
+export type DeviceIdentity = {
+  identitySeed: Uint8Array;
+  identitySeedBase64url: string;
+  publicIdentityKey: string;
+  activationKey: Uint8Array;
+  activationKeyBase64url: string;
+};
+type DeviceActivationRpcMethod =
+  | "Auth.DeviceUserAuthorities.List"
+  | "Auth.DeviceUserAuthorities.Revoke"
+  | "Auth.Devices.ConnectInfo.Get";
+type AuthResolveDeviceUserAuthoritiesOperationShape = {
+  subject: string;
+  input: typeof AuthResolveDeviceUserAuthoritiesSchema;
+  progress: typeof AuthResolveDeviceUserAuthoritiesProgressSchema;
+  output: typeof AuthResolveDeviceUserAuthoritiesResponseSchema;
+};
+export type AuthResolveDeviceUserAuthoritiesOperation = OperationRef<
+  AuthResolveDeviceUserAuthoritiesOperationShape,
+  AuthResolveDeviceUserAuthoritiesProgress,
+  AuthResolveDeviceUserAuthoritiesOutput
+>;
+type DeviceActivationRpcInputMap = {
+  "Auth.DeviceUserAuthorities.List": AuthDeviceUserAuthoritiesListInput;
+  "Auth.DeviceUserAuthorities.Revoke": AuthDeviceUserAuthoritiesRevokeInput;
+  "Auth.Devices.ConnectInfo.Get": GetDeviceConnectInfoInput;
+};
+type DeviceActivationRpcOutputMap = {
+  "Auth.DeviceUserAuthorities.List": AuthDeviceUserAuthoritiesListOutput;
+  "Auth.DeviceUserAuthorities.Revoke": AuthDeviceUserAuthoritiesRevokeResponse;
+  "Auth.Devices.ConnectInfo.Get": GetDeviceConnectInfoOutput;
+};
+type RequestClient = {
+  request<M extends DeviceActivationRpcMethod>(
+    method: M,
+    input: DeviceActivationRpcInputMap[M],
+    opts?: unknown,
+  ): AsyncResult<DeviceActivationRpcOutputMap[M], BaseError>;
+};
+type ResolveDeviceUserAuthoritiesOperationClient = {
+  operation(method: "Auth.DeviceUserAuthorities.Resolve"): {
+    input(
+      input: AuthResolveDeviceUserAuthoritiesInput,
+    ): {
+      start(): AsyncResult<
+        AuthResolveDeviceUserAuthoritiesOperation,
+        BaseError
+      >;
+    };
+  };
+};
+export type DeviceActivationTransport =
+  & RequestClient
+  & ResolveDeviceUserAuthoritiesOperationClient;
+function concatBytes(parts: Uint8Array[]): Uint8Array {
+  const size = parts.reduce((total, part) => total + part.length, 0);
+  const bytes = new Uint8Array(size);
+  let offset = 0;
+  for (const part of parts) {
+    bytes.set(part, offset);
+    offset += part.length;
+  }
+  return bytes;
+}
+function normalizeSecretBytes(
+  value: Uint8Array | string,
+  name: string,
+): Uint8Array {
+  if (typeof value === "string") {
+    const decoded = base64urlDecode(value);
+    if (decoded.length === 0) throw new Error(`${name} must not be empty`);
+    return decoded;
+  }
+  if (value.length === 0) throw new Error(`${name} must not be empty`);
+  return value;
+}
+async function hkdfSha256(
+  inputKeyingMaterial: Uint8Array,
+  info: string,
+  length: number,
+): Promise<Uint8Array> {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    toArrayBuffer(inputKeyingMaterial),
+    "HKDF",
+    false,
+    ["deriveBits"],
+  );
+  const derivedBits = await crypto.subtle.deriveBits(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: toArrayBuffer(new Uint8Array(0)),
+      info: toArrayBuffer(utf8(info)),
+    },
+    key,
+    length * 8,
+  );
+  return new Uint8Array(derivedBits);
+}
+async function hmacSha256(
+  keyBytes: Uint8Array,
+  data: Uint8Array,
+): Promise<Uint8Array> {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    toArrayBuffer(keyBytes),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"],
+  );
+  return new Uint8Array(
+    await crypto.subtle.sign("HMAC", key, toArrayBuffer(data)),
+  );
+}
+function crockfordEncode(bytes: Uint8Array): string {
+  let value = 0;
+  let bits = 0;
+  let output = "";
+  for (const byte of bytes) {
+    value = (value << 8) | byte;
+    bits += 8;
+    while (bits >= 5) {
+      bits -= 5;
+      output += CROCKFORD_ALPHABET[(value >>> bits) & 31] ?? "0";
+    }
+  }
+  if (bits > 0) {
+    output += CROCKFORD_ALPHABET[(value << (5 - bits)) & 31] ?? "0";
+  }
+  return output;
+}
+function normalizeCrockford(value: string): string {
+  return value.trim().toUpperCase().replace(/O/g, "0").replace(/[IL]/g, "1");
+}
+async function sleep(ms: number, signal?: AbortSignal): Promise<void> {
+  if (signal?.aborted) {
+    throw signal.reason ?? new DOMException("Aborted", "AbortError");
+  }
+  await new Promise<void>((resolve, reject) => {
+    const timer = setTimeout(() => {
+      signal?.removeEventListener("abort", onAbort);
+      resolve();
+    }, ms);
+    function onAbort() {
+      clearTimeout(timer);
+      reject(signal?.reason ?? new DOMException("Aborted", "AbortError"));
+    }
+    signal?.addEventListener("abort", onAbort, { once: true });
+  });
+}
+function retryAfterDelayMs(response: Response): number | null {
+  const value = response.headers.get("Retry-After");
+  if (!value) return null;
+  const seconds = Number(value);
+  if (Number.isFinite(seconds) && seconds >= 0) return seconds * 1_000;
+  const dateMs = Date.parse(value);
+  if (!Number.isFinite(dateMs)) return null;
+  return Math.max(0, dateMs - Date.now());
+}
+async function responseErrorDetail(response: Response): Promise<string | null> {
+  const text = await response.text();
+  if (!text) return null;
+  try {
+    const parsed = JSON.parse(text) as Record<string, unknown>;
+    if (typeof parsed.reason === "string" && parsed.reason.length > 0) {
+      return parsed.reason;
+    }
+    if (typeof parsed.message === "string" && parsed.message.length > 0) {
+      return parsed.message;
+    }
+  } catch {
+    // Fall through to raw text below.
+  }
+  return text;
+}
+export async function deriveDeviceIdentity(
+  deviceRootSecret: Uint8Array,
+): Promise<DeviceIdentity> {
+  if (deviceRootSecret.length !== 32) {
+    throw new Error(
+      `Invalid device root secret length: ${deviceRootSecret.length} (expected 32)`,
+    );
+  }
+  const identitySeed = await hkdfSha256(
+    deviceRootSecret,
+    DEVICE_IDENTITY_HKDF_INFO,
+    32,
+  );
+  const activationKey = await hkdfSha256(
+    deviceRootSecret,
+    DEVICE_ACTIVATION_HKDF_INFO,
+    32,
+  );
+  const identitySeedBase64url = base64urlEncode(identitySeed);
+  const identityPrivateKey = await importEd25519PrivateKeyFromSeedBase64url(
+    identitySeedBase64url,
+  );
+  const publicIdentityKey = await publicKeyBase64urlFromPrivateKey(
+    identityPrivateKey,
+  );
+  return {
+    identitySeed,
+    identitySeedBase64url,
+    publicIdentityKey,
+    activationKey,
+    activationKeyBase64url: base64urlEncode(activationKey),
+  };
+}
+export async function deriveDeviceQrMac(input: {
+  activationKey: Uint8Array | string;
+  publicIdentityKey: string;
+  nonce: string;
+}): Promise<string> {
+  const activationKey = normalizeSecretBytes(
+    input.activationKey,
+    "activationKey",
+  );
+  const mac = await hmacSha256(
+    activationKey,
+    concatBytes([
+      utf8(DEVICE_QR_MAC_DOMAIN),
+      utf8(input.publicIdentityKey),
+      utf8(input.nonce),
+    ]),
+  );
+  return base64urlEncode(mac.slice(0, 8));
+}
+export async function buildDeviceActivationPayload(input: {
+  activationKey: Uint8Array | string;
+  publicIdentityKey: string;
+  nonce: string;
+}): Promise<DeviceActivationPayload> {
+  const qrMac = await deriveDeviceQrMac(input);
+  return {
+    v: 1,
+    publicIdentityKey: input.publicIdentityKey,
+    nonce: input.nonce,
+    qrMac,
+  };
+}
+export function encodeDeviceActivationPayload(
+  payload: DeviceActivationPayload,
+): string {
+  return base64urlEncode(utf8(JSON.stringify(payload)));
+}
+export function parseDeviceActivationPayload(
+  value: string,
+): DeviceActivationPayload {
+  const decoded = new TextDecoder().decode(base64urlDecode(value));
+  const parsed = JSON.parse(decoded);
+  if (!Value.Check(DeviceActivationPayloadSchema, parsed)) {
+    throw new Error("Invalid device activation payload");
+  }
+  return parsed;
+}
+export async function startDeviceActivationRequest(args: {
+  trellisUrl: string;
+  payload: DeviceActivationPayload;
+}): Promise<
+  {
+    flowId: string;
+    instanceId: string;
+    deploymentId: string;
+    activationUrl: string;
+  }
+> {
+  const response = await fetch(
+    new URL("/auth/devices/activate/requests", args.trellisUrl),
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ payload: args.payload }),
+    },
+  );
+  if (!response.ok) {
+    const detail = await responseErrorDetail(response);
+    throw new Error(
+      `Device activation request failed: ${response.status}${
+        detail ? ` ${detail}` : ""
+      }`,
+    );
+  }
+  const parsed = await response.json() as Record<string, unknown>;
+  if (
+    typeof parsed.flowId !== "string" ||
+    typeof parsed.instanceId !== "string" ||
+    typeof parsed.deploymentId !== "string" ||
+    typeof parsed.activationUrl !== "string"
+  ) {
+    throw new Error("Device activation request returned an invalid response");
+  }
+  return {
+    flowId: parsed.flowId,
+    instanceId: parsed.instanceId,
+    deploymentId: parsed.deploymentId,
+    activationUrl: parsed.activationUrl,
+  };
+}
+export async function deriveDeviceConfirmationCode(input: {
+  activationKey: Uint8Array | string;
+  publicIdentityKey: string;
+  nonce: string;
+}): Promise<string> {
+  const activationKey = normalizeSecretBytes(
+    input.activationKey,
+    "activationKey",
+  );
+  const mac = await hmacSha256(
+    activationKey,
+    concatBytes([
+      utf8(DEVICE_CONFIRMATION_DOMAIN),
+      utf8(input.publicIdentityKey),
+      utf8(input.nonce),
+    ]),
+  );
+  return crockfordEncode(mac.slice(0, 5)).slice(0, 8);
+}
+export async function verifyDeviceConfirmationCode(input: {
+  activationKey: Uint8Array | string;
+  publicIdentityKey: string;
+  nonce: string;
+  confirmationCode: string;
+}): Promise<boolean> {
+  const expected = await deriveDeviceConfirmationCode(input);
+  return normalizeCrockford(expected) ===
+    normalizeCrockford(input.confirmationCode);
+}
+export function buildDeviceWaitProofInput(
+  flowId: string,
+  publicIdentityKey: string,
+  nonce: string,
+  iat: number,
+  contractDigest: string,
+): Uint8Array {
+  const enc = new TextEncoder();
+  const flowIdBytes = enc.encode(flowId);
+  const publicIdentityKeyBytes = enc.encode(publicIdentityKey);
+  const nonceBytes = enc.encode(nonce);
+  const iatBytes = enc.encode(String(iat));
+  const contractDigestBytes = enc.encode(contractDigest);
+  const buf = new Uint8Array(
+    4 + flowIdBytes.length +
+      4 + publicIdentityKeyBytes.length +
+      4 + nonceBytes.length +
+      4 + iatBytes.length +
+      4 + contractDigestBytes.length,
+  );
+  const view = new DataView(buf.buffer);
+  let offset = 0;
+  view.setUint32(offset, flowIdBytes.length);
+  offset += 4;
+  buf.set(flowIdBytes, offset);
+  offset += flowIdBytes.length;
+  view.setUint32(offset, publicIdentityKeyBytes.length);
+  offset += 4;
+  buf.set(publicIdentityKeyBytes, offset);
+  offset += publicIdentityKeyBytes.length;
+  view.setUint32(offset, nonceBytes.length);
+  offset += 4;
+  buf.set(nonceBytes, offset);
+  offset += nonceBytes.length;
+  view.setUint32(offset, iatBytes.length);
+  offset += 4;
+  buf.set(iatBytes, offset);
+  offset += iatBytes.length;
+  view.setUint32(offset, contractDigestBytes.length);
+  offset += 4;
+  buf.set(contractDigestBytes, offset);
+  return buf;
+}
+export async function signDeviceWaitRequest(args: {
+  flowId: string;
+  publicIdentityKey: string;
+  nonce: string;
+  identitySeed: Uint8Array | string;
+  contractDigest: string;
+  iat?: number;
+}): Promise<DeviceActivationWaitRequest> {
+  const identitySeed = normalizeSecretBytes(args.identitySeed, "identitySeed");
+  const identityPrivateKey = await importEd25519PrivateKeyFromSeedBase64url(
+    base64urlEncode(identitySeed),
+  );
+  const iat = args.iat ?? Math.floor(Date.now() / 1_000);
+  const proofInput = buildDeviceWaitProofInput(
+    args.flowId,
+    args.publicIdentityKey,
+    args.nonce,
+    iat,
+    args.contractDigest,
+  );
+  const proofHash = await sha256(proofInput);
+  const signature = new Uint8Array(
+    await crypto.subtle.sign(
+      "Ed25519",
+      identityPrivateKey,
+      toArrayBuffer(proofHash),
+    ),
+  );
+  return {
+    flowId: args.flowId,
+    publicIdentityKey: args.publicIdentityKey,
+    nonce: args.nonce,
+    contractDigest: args.contractDigest,
+    iat,
+    sig: base64urlEncode(signature),
+  };
+}
+export async function createDeviceNatsAuthToken(args: {
+  publicIdentityKey: string;
+  identitySeed: Uint8Array | string;
+  contractDigest: string;
+  iat?: number;
+}): Promise<NatsAuthTokenV1 & { contractDigest: string }> {
+  const identitySeed = normalizeSecretBytes(args.identitySeed, "identitySeed");
+  const identityPrivateKey = await importEd25519PrivateKeyFromSeedBase64url(
+    base64urlEncode(identitySeed),
+  );
+  const iat = args.iat ?? Math.floor(Date.now() / 1_000);
+  const digest = await crypto.subtle.digest(
+    "SHA-256",
+    toArrayBuffer(
+      utf8(
+        `nats-connect:${
+          buildNatsConnectSignaturePayload(iat, args.contractDigest)
+        }`,
+      ),
+    ),
+  );
+  const signature = new Uint8Array(
+    await crypto.subtle.sign("Ed25519", identityPrivateKey, digest),
+  );
+  return {
+    v: 1,
+    sessionKey: args.publicIdentityKey,
+    iat,
+    sig: base64urlEncode(signature),
+    contractDigest: args.contractDigest,
+  };
+}
+export async function waitForDeviceActivation(args: {
+  trellisUrl: string;
+  flowId: string;
+  publicIdentityKey: string;
+  nonce: string;
+  identitySeed: Uint8Array | string;
+  contractDigest: string;
+  signal?: AbortSignal;
+  pollIntervalMs?: number;
+}): Promise<
+  Extract<WaitForDeviceActivationResponse, { status: "activated" }>
+> {
+  const pollIntervalMs = args.pollIntervalMs ?? DEFAULT_WAIT_POLL_INTERVAL_MS;
+  while (true) {
+    const request = await signDeviceWaitRequest(args);
+    let response: Response;
+    try {
+      response = await fetch(
+        new URL("/auth/devices/activate/wait", args.trellisUrl),
+        {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify(request),
+          signal: args.signal,
+        },
+      );
+    } catch (error) {
+      if (args.signal?.aborted) {
+        throw error;
+      }
+      await sleep(pollIntervalMs, args.signal);
+      continue;
+    }
+    if (!response.ok) {
+      if (response.status === 429) {
+        const retryAfterMs = retryAfterDelayMs(response);
+        await sleep(
+          retryAfterMs === null
+            ? pollIntervalMs
+            : Math.max(pollIntervalMs, retryAfterMs),
+          args.signal,
+        );
+        continue;
+      }
+      const detail = await responseErrorDetail(response);
+      throw new Error(
+        detail
+          ? `device activation wait failed: ${response.status} ${detail}`
+          : `device activation wait failed: ${response.status}`,
+      );
+    }
+    const body = await response.json();
+    if (!Value.Check(WaitForDeviceActivationResponseSchema, body)) {
+      throw new Error("Invalid device activation wait response");
+    }
+    if (body.status === "pending") {
+      await sleep(pollIntervalMs, args.signal);
+      continue;
+    }
+    if (body.status === "rejected") {
+      throw new Error(
+        `device activation rejected: ${body.reason ?? "unknown_reason"}`,
+      );
+    }
+    return body;
+  }
+}
+export async function getDeviceConnectInfo(args: {
+  trellisUrl: string;
+  publicIdentityKey: string;
+  identitySeed: Uint8Array | string;
+  contractDigest: string;
+  iat?: number;
+}): Promise<GetDeviceConnectInfoOutput> {
+  const request = await signDeviceWaitRequest({
+    flowId: "connect-info",
+    publicIdentityKey: args.publicIdentityKey,
+    identitySeed: args.identitySeed,
+    contractDigest: args.contractDigest,
+    nonce: "connect-info",
+    iat: args.iat,
+  });
+  const payload: GetDeviceConnectInfoInput = {
+    publicIdentityKey: request.publicIdentityKey,
+    contractDigest: args.contractDigest,
+    iat: request.iat,
+    sig: request.sig,
+  };
+  const response = await fetch(
+    new URL("/auth/devices/connect-info", args.trellisUrl),
+    {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload),
+    },
+  );
+  if (!response.ok) {
+    throw new Error(`device connect info failed: ${response.status}`);
+  }
+  const body = await response.json();
+  if (!Value.Check(AuthDevicesConnectInfoGetResponseSchema, body)) {
+    throw new Error("Invalid device connect info response");
+  }
+  return body;
+}
+export function createDeviceActivationClient(
+  client: DeviceActivationTransport,
+) {
+  return {
+    resolveDeviceUserAuthorities(input: AuthResolveDeviceUserAuthoritiesInput) {
+      return client.operation("Auth.DeviceUserAuthorities.Resolve").input(input)
+        .start()
+        .orThrow();
+    },
+    listDeviceActivations(input: AuthDeviceUserAuthoritiesListInput) {
+      return client.request("Auth.DeviceUserAuthorities.List", input).orThrow();
+    },
+    revokeDeviceActivation(input: AuthDeviceUserAuthoritiesRevokeInput) {
+      return client.request("Auth.DeviceUserAuthorities.Revoke", input)
+        .orThrow();
+    },
+    getDeviceConnectInfo(input: GetDeviceConnectInfoInput) {
+      return client.request("Auth.Devices.ConnectInfo.Get", input).orThrow();
+    },
+  };
+}
+export async function verifyDeviceWaitSignature(
+  input: DeviceActivationWaitRequest,
+): Promise<boolean> {
+  const publicKey = await importEd25519PublicKeyFromBase64url(
+    input.publicIdentityKey,
+  );
+  const proofHash = await sha256(
+    buildDeviceWaitProofInput(
+      input.flowId,
+      input.publicIdentityKey,
+      input.nonce,
+      input.iat,
+      input.contractDigest,
+    ),
+  );
+  return await crypto.subtle.verify(
+    "Ed25519",
+    publicKey,
+    toArrayBuffer(base64urlDecode(input.sig)),
+    toArrayBuffer(proofHash),
+  );
+}