@renown/sdk 6.0.0-dev.19 → 6.0.0-dev.190

package/dist/renown-builder-xQpZet3I.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"renown-builder-xQpZet3I.js","names":["getResolver","keyDidResolver","#keyPairStorage","#subtleCrypto","#keyPair","#stringToBytes","#initializeKeyPair","#store","#eventEmitter","#baseUrl","#crypto","#appName","#profileFetcher","#signer","#status","#updateStatus","#getCredential","#updateUser","#listeners","#appName","#storage","#eventEmitter","#crypto","#keyPairStorage","#baseUrl","#profileFetcher"],"sources":["../src/constants.ts","../src/utils.ts","../src/crypto/utils.ts","../src/crypto/renown-crypto.ts","../src/crypto/renown-crypto-builder.ts","../src/crypto/memory-key-storage.ts","../src/crypto/signer.ts","../src/storage/common.ts","../src/common.ts","../src/event/memory.ts","../src/profile.ts","../src/renown-builder.ts"],"sourcesContent":["export const DEFAULT_RENOWN_URL = \"https://www.renown.id\";\nexport const DEFAULT_RENOWN_NETWORK_ID = \"eip155\";\nexport const DEFAULT_RENOWN_CHAIN_ID = \"1\";\n\nexport const DOMAIN_TYPE = [\n  { name: \"name\", type: \"string\" },\n  { name: \"version\", type: \"string\" },\n  { name: \"chainId\", type: \"uint256\" },\n  { name: \"verifyingContract\", type: \"address\" },\n] as const;\n\nexport const VERIFIABLE_CREDENTIAL_EIP712_TYPE = [\n  { name: \"@context\", type: \"string[]\" },\n  { name: \"type\", type: \"string[]\" },\n  { name: \"id\", type: \"string\" },\n  { name: \"issuer\", type: \"Issuer\" },\n  { name: \"credentialSubject\", type: \"CredentialSubject\" },\n  { name: \"credentialSchema\", type: \"CredentialSchema\" },\n  { name: \"issuanceDate\", type: \"string\" },\n  { name: \"expirationDate\", type: \"string\" },\n] as const;\n\nexport const CREDENTIAL_SCHEMA_EIP712_TYPE = [\n  { name: \"id\", type: \"string\" },\n  { name: \"type\", type: \"string\" },\n] as const;\n\nexport const CREDENTIAL_SUBJECT_TYPE = [\n  { name: \"app\", type: \"string\" },\n  { name: \"id\", type: \"string\" },\n  { name: \"name\", type: \"string\" },\n] as const;\n\nexport const ISSUER_TYPE = [\n  { name: \"id\", type: \"string\" },\n  { name: \"ethereumAddress\", type: \"string\" },\n] as const;\n\nexport const CREDENTIAL_TYPES = {\n  EIP712Domain: DOMAIN_TYPE,\n  VerifiableCredential: VERIFIABLE_CREDENTIAL_EIP712_TYPE,\n  CredentialSchema: CREDENTIAL_SCHEMA_EIP712_TYPE,\n  CredentialSubject: CREDENTIAL_SUBJECT_TYPE,\n  Issuer: ISSUER_TYPE,\n} as const;\n","import type {\n  Issuer,\n  JwtCredentialPayload,\n  VerifiedCredential,\n} from \"did-jwt-vc\";\nimport { createVerifiableCredentialJwt, verifyCredential } from \"did-jwt-vc\";\nimport { Resolver } from \"did-resolver\";\nimport { getResolver as keyDidResolver } from \"key-did-resolver\";\nimport type {\n  AuthVerifiedCredential,\n  CreateBearerTokenOptions,\n  IAuthCredentialSubject,\n  PKHDid,\n} from \"./types.js\";\n\nexport type ILogger = {\n  level: \"verbose\" | \"debug\" | \"info\" | \"warn\" | \"error\";\n\n  verbose: (message: string, ...replacements: any[]) => void;\n  debug: (message: string, ...replacements: any[]) => void;\n  info: (message: string, ...replacements: any[]) => void;\n  warn: (message: string, ...replacements: any[]) => void;\n  error: (message: string, ...replacements: any[]) => void;\n};\n\n/**\n * Parse a DID:pkh string to extract network, chain ID, and address information\n * @param did - The DID string in format \"did:pkh:networkId:chainId:address\"\n * @returns Parsed DID information\n * @throws Error if the DID format is invalid\n */\nexport function parsePkhDid(did: string): PKHDid {\n  const parts = did.split(\":\");\n  if (!did.startsWith(\"did:pkh:\") || parts.length !== 5) {\n    throw new Error(\"Invalid pkh did\");\n  }\n  const [, , networkId, chainIdStr, address] = parts;\n\n  if (!address.startsWith(\"0x\")) {\n    throw new Error(`Invalid address: ${address}`);\n  }\n\n  const chainId = Number(chainIdStr);\n  if (isNaN(chainId)) {\n    throw new Error(`Invalid chain id: ${chainIdStr}`);\n  }\n\n  return {\n    chainId,\n    networkId,\n    address: address as PKHDid[\"address\"],\n  };\n}\n\nexport async function verifyAuthBearerToken(\n  jwt: string,\n): Promise<false | AuthVerifiedCredential> {\n  try {\n    const now = parseInt(String(Date.now() / 1000));\n    const verified = await verifyCredential(jwt, getResolver(), {\n      policies: {\n        now: parseInt(String(Date.now() / 1000)),\n        expirationDate: true,\n        issuanceDate: true,\n      },\n    });\n\n    if (verified.payload.exp && verified.payload.exp! < now) {\n      return false;\n    }\n    assertIsAuthCredential(verified);\n    return verified;\n  } catch (e) {\n    console.error(e);\n    return false;\n  }\n}\n\nexport function assertIsAuthCredential(\n  credential: VerifiedCredential,\n): asserts credential is AuthVerifiedCredential {\n  const subjectKeys = Object.keys(\n    credential.verifiableCredential.credentialSubject,\n  );\n  if (\n    ![\"address\", \"chainId\", \"networkId\"].every((key) =>\n      subjectKeys.includes(key),\n    )\n  ) {\n    throw new Error(\n      \"Invalid Auth Credential Subject:\" +\n        JSON.stringify(\n          credential.verifiableCredential.credentialSubject,\n          null,\n          2,\n        ),\n    );\n  }\n}\n\nexport async function createAuthBearerToken(\n  chainId: number,\n  networkId: string,\n  address: string,\n  issuer: Issuer,\n  options?: CreateBearerTokenOptions,\n) {\n  const vcPayload: JwtCredentialPayload = {\n    sub: issuer.did,\n    vc: {\n      \"@context\": [\"https://www.w3.org/2018/credentials/v1\"],\n      type: [\"VerifiableCredential\"],\n      credentialSubject: {\n        chainId,\n        networkId,\n        address,\n      } satisfies IAuthCredentialSubject,\n    },\n    aud: options?.aud,\n  };\n\n  const jwt = await createVerifiableCredentialJwt(vcPayload, issuer, {\n    expiresIn: options?.expiresIn,\n  });\n  return jwt;\n}\n\nexport const getResolver = () => {\n  const keyResolver = keyDidResolver();\n  if (!keyResolver) {\n    throw new Error(\"Failed to get key resolver\");\n  }\n\n  return new Resolver(keyResolver);\n};\n","import {\n  compressedKeyInHexfromRaw,\n  encodeDIDfromHexString,\n  rawKeyInHexfromUncompressed,\n} from \"did-key-creator\";\nimport type { DID, JwkKeyPair } from \"./types.js\";\n\nexport const ECDSA_ALGORITHM: EcKeyAlgorithm = {\n  name: \"ECDSA\",\n  namedCurve: \"P-256\",\n};\n\nexport const ECDSA_SIGN_ALGORITHM = {\n  name: \"ECDSA\",\n  namedCurve: \"P-256\",\n  hash: \"SHA-256\",\n};\n\nexport function ab2hex(ab: ArrayBuffer): string {\n  return Array.prototype.map\n    .call(new Uint8Array(ab), (x: number) => (\"00\" + x.toString(16)).slice(-2))\n    .join(\"\");\n}\n\nexport async function parseDid(\n  keyPair: CryptoKeyPair,\n  subtleCrypto: SubtleCrypto,\n): Promise<DID> {\n  const publicKeyRaw = await subtleCrypto.exportKey(\"raw\", keyPair.publicKey);\n  const multicodecName = \"p256-pub\";\n  const rawKey = rawKeyInHexfromUncompressed(ab2hex(publicKeyRaw));\n  const compressedKey = compressedKeyInHexfromRaw(rawKey);\n  const did = encodeDIDfromHexString(multicodecName, compressedKey);\n  return did as DID;\n}\n\nexport async function exportKeyPair(\n  keyPair: CryptoKeyPair,\n  subtleCrypto: SubtleCrypto,\n): Promise<JwkKeyPair> {\n  return {\n    publicKey: await subtleCrypto.exportKey(\"jwk\", keyPair.publicKey),\n    privateKey: await subtleCrypto.exportKey(\"jwk\", keyPair.privateKey),\n  };\n}\n\nexport async function importKeyPair(\n  jwkKeyPair: JwkKeyPair,\n  subtleCrypto: SubtleCrypto,\n  algorithm: EcKeyAlgorithm = ECDSA_ALGORITHM,\n): Promise<CryptoKeyPair> {\n  return {\n    publicKey: await subtleCrypto.importKey(\n      \"jwk\",\n      jwkKeyPair.publicKey,\n      algorithm,\n      true,\n      [\"verify\"],\n    ),\n    privateKey: await subtleCrypto.importKey(\n      \"jwk\",\n      jwkKeyPair.privateKey,\n      algorithm,\n      true,\n      [\"sign\"],\n    ),\n  };\n}\n\nexport async function generateKeyPair(\n  subtleCrypto: SubtleCrypto,\n  algorithm: EcKeyAlgorithm = ECDSA_ALGORITHM,\n): Promise<CryptoKeyPair> {\n  return subtleCrypto.generateKey(algorithm, true, [\"sign\", \"verify\"]);\n}\n","import { bytesToBase64url } from \"did-jwt\";\nimport type { Issuer } from \"did-jwt-vc\";\nimport { fromString } from \"uint8arrays\";\nimport type { CreateBearerTokenOptions } from \"../types.js\";\nimport { createAuthBearerToken } from \"../utils.js\";\nimport type { DID, IRenownCrypto, JsonWebKeyPairStorage } from \"./types.js\";\nimport { ECDSA_ALGORITHM, ECDSA_SIGN_ALGORITHM } from \"./utils.js\";\n\nconst RENOWN_NETWORK_ID = \"eip155\";\nconst RENOWN_CHAIN_ID = 1;\n\nexport class RenownCrypto implements IRenownCrypto {\n  #subtleCrypto: SubtleCrypto;\n  #keyPair: CryptoKeyPair;\n  #keyPairStorage: JsonWebKeyPairStorage;\n\n  readonly did: DID;\n\n  static algorithm = ECDSA_ALGORITHM;\n  static signAlgorithm = ECDSA_SIGN_ALGORITHM;\n\n  constructor(\n    keyPairStorage: JsonWebKeyPairStorage,\n    crypto: SubtleCrypto,\n    keyPair: CryptoKeyPair,\n    did: DID,\n  ) {\n    this.#keyPairStorage = keyPairStorage;\n    this.#subtleCrypto = crypto;\n    this.#keyPair = keyPair;\n    this.did = did;\n  }\n\n  get publicKey() {\n    return this.#keyPair.publicKey;\n  }\n\n  async getBearerToken(\n    address: string | undefined,\n    options?: CreateBearerTokenOptions,\n  ): Promise<string> {\n    return await createAuthBearerToken(\n      Number(RENOWN_CHAIN_ID),\n      RENOWN_NETWORK_ID,\n      address || this.did,\n      this.issuer,\n      options,\n    );\n  }\n\n  async removeDid(): Promise<void> {\n    await this.#keyPairStorage.removeKeyPair();\n  }\n\n  #stringToBytes(s: string): Uint8Array {\n    return fromString(s, \"utf-8\");\n  }\n\n  async sign(data: Uint8Array | string): Promise<Uint8Array> {\n    const dataBytes: Uint8Array =\n      typeof data === \"string\" ? this.#stringToBytes(data) : data;\n\n    const arrayBuffer = await this.#subtleCrypto.sign(\n      RenownCrypto.signAlgorithm,\n      this.#keyPair.privateKey,\n      dataBytes.buffer as ArrayBuffer,\n    );\n\n    return new Uint8Array(arrayBuffer);\n  }\n\n  async verify(data: Uint8Array, signature: Uint8Array): Promise<boolean> {\n    return this.#subtleCrypto.verify(\n      { name: \"ECDSA\", hash: \"SHA-256\" },\n      this.#keyPair.publicKey,\n      signature.buffer as ArrayBuffer,\n      data.buffer as ArrayBuffer,\n    );\n  }\n\n  get issuer(): Issuer {\n    return {\n      did: this.did,\n      signer: async (data: string | Uint8Array) => {\n        const signature = await this.sign(\n          typeof data === \"string\" ? new TextEncoder().encode(data) : data,\n        );\n        return bytesToBase64url(signature);\n      },\n      alg: \"ES256\",\n    };\n  }\n}\n\n/**\n * @deprecated Use RenownCrypto instead\n */\nexport class ConnectCrypto extends RenownCrypto {}\n","import { RenownCrypto } from \"./renown-crypto.js\";\nimport type { JsonWebKeyPairStorage } from \"./types.js\";\nimport {\n  exportKeyPair,\n  generateKeyPair,\n  importKeyPair,\n  parseDid,\n} from \"./utils.js\";\n\nexport class RenownCryptoBuilder {\n  private keyPairStorage?: JsonWebKeyPairStorage;\n  private subtleCrypto?: SubtleCrypto;\n\n  withKeyPairStorage(storage: JsonWebKeyPairStorage): this {\n    this.keyPairStorage = storage;\n    return this;\n  }\n\n  withSubtleCrypto(crypto: SubtleCrypto): this {\n    this.subtleCrypto = crypto;\n    return this;\n  }\n\n  async build(): Promise<RenownCrypto> {\n    if (!this.keyPairStorage) {\n      throw new Error(\n        \"KeyPairStorage is required. Use withKeyPairStorage() to set it.\",\n      );\n    }\n\n    const subtleCrypto = this.subtleCrypto ?? globalThis.crypto.subtle;\n    const keyPair = await this.#initializeKeyPair(\n      subtleCrypto,\n      this.keyPairStorage,\n    );\n    const did = await parseDid(keyPair, subtleCrypto);\n\n    return new RenownCrypto(this.keyPairStorage, subtleCrypto, keyPair, did);\n  }\n\n  async #initializeKeyPair(\n    subtleCrypto: SubtleCrypto,\n    keyPairStorage: JsonWebKeyPairStorage,\n  ): Promise<CryptoKeyPair> {\n    const loadedKeyPair = await keyPairStorage.loadKeyPair();\n    if (loadedKeyPair) {\n      return importKeyPair(loadedKeyPair, subtleCrypto);\n    }\n\n    const keyPair = await generateKeyPair(subtleCrypto);\n    const exported = await exportKeyPair(keyPair, subtleCrypto);\n    await keyPairStorage.saveKeyPair(exported);\n    return keyPair;\n  }\n}\n","import type { JsonWebKeyPairStorage, JwkKeyPair } from \"./types.js\";\n\nexport class MemoryKeyStorage implements JsonWebKeyPairStorage {\n  private keyPair: JwkKeyPair | undefined;\n\n  constructor(keyPair?: JwkKeyPair) {\n    this.keyPair = keyPair;\n  }\n\n  loadKeyPair() {\n    return Promise.resolve(this.keyPair);\n  }\n\n  saveKeyPair(keyPair: JwkKeyPair) {\n    this.keyPair = keyPair;\n    return Promise.resolve();\n  }\n\n  removeKeyPair() {\n    this.keyPair = undefined;\n    return Promise.resolve();\n  }\n}\n","import type {\n  Action,\n  AppActionSigner,\n  ISigner,\n  Operation,\n  Signature,\n  SignatureVerificationHandler,\n  UserActionSigner,\n} from \"@powerhousedao/shared/document-model\";\nimport type { IRenownCrypto } from \"./index.js\";\n\nexport class InvalidSignatureError extends Error {\n  constructor() {\n    super(\"Invalid signature\");\n  }\n}\n\nexport class RenownCryptoSigner implements ISigner {\n  readonly app: AppActionSigner;\n\n  constructor(\n    private readonly crypto: IRenownCrypto,\n    private readonly appName: string,\n    public user?: UserActionSigner,\n  ) {\n    this.app = {\n      key: this.crypto.did,\n      name: this.appName,\n    };\n  }\n\n  get publicKey() {\n    return this.crypto.publicKey;\n  }\n\n  async sign(data: Uint8Array): Promise<Uint8Array> {\n    return this.crypto.sign(data);\n  }\n\n  async verify(data: Uint8Array, signature: Uint8Array): Promise<void> {\n    const isValid = await this.crypto.verify(data, signature);\n    if (!isValid) {\n      throw new InvalidSignatureError();\n    }\n  }\n\n  async signAction(\n    action: Action,\n    abortSignal?: AbortSignal,\n  ): Promise<Signature> {\n    const hashField = action.context?.prevOpHash ?? \"\";\n    return this._signAction(action, hashField, abortSignal);\n  }\n\n  /**\n   * Signs an action including a predicted resulting state hash.\n   *\n   * The resulting hash is packed into the signature tuple's 4th element (index 3)\n   * using the format: `${prevStateHash}:${resultingStateHash}`\n   *\n   * This allows offline verification of documents without reducer logic:\n   * - Verifier can check that the signature is valid for the claimed resulting state\n   * - Verifier can compare claimed resulting state to actual operation.hash\n   *\n   * @param action - The action to sign\n   * @param resultingStateHash - The predicted hash of document state AFTER this action runs\n   * @param abortSignal - Optional abort signal\n   * @returns A Signature tuple with the resulting hash encoded in element [3]\n   */\n  async signActionWithResultingState(\n    action: Action,\n    resultingStateHash: string,\n    abortSignal?: AbortSignal,\n  ): Promise<Signature> {\n    const prevStateHash = action.context?.prevOpHash ?? \"\";\n    const hashField = `${prevStateHash}:${resultingStateHash}`;\n    return this._signAction(action, hashField, abortSignal);\n  }\n\n  /**\n   * Internal signing implementation shared by signAction and signActionWithResultingState.\n   */\n  private async _signAction(\n    action: Action,\n    hashField: string,\n    abortSignal?: AbortSignal,\n  ): Promise<Signature> {\n    if (abortSignal?.aborted) {\n      throw new Error(\"Signing aborted\");\n    }\n\n    const timestamp = (new Date().getTime() / 1000).toFixed(0);\n    const hash = await this.hashAction(action);\n\n    if (abortSignal?.aborted) {\n      throw new Error(\"Signing aborted\");\n    }\n\n    const params: [string, string, string, string] = [\n      timestamp,\n      this.crypto.did,\n      hash,\n      hashField,\n    ];\n    const message = this.buildSignatureMessage(params);\n    const signatureBytes = await this.crypto.sign(message);\n    const signatureHex = `0x${this.arrayBufferToHex(signatureBytes)}`;\n\n    if (abortSignal?.aborted) {\n      throw new Error(\"Signing aborted\");\n    }\n\n    return [...params, signatureHex];\n  }\n\n  private async hashAction(action: Action): Promise<string> {\n    const payload = [\n      action.scope,\n      action.type,\n      JSON.stringify(action.input),\n    ].join(\"\");\n    const encoder = new TextEncoder();\n    const data = encoder.encode(payload);\n    const hashBuffer = await crypto.subtle.digest(\"SHA-256\", data);\n    return this.arrayBufferToBase64(hashBuffer);\n  }\n\n  private buildSignatureMessage(\n    params: [string, string, string, string],\n  ): Uint8Array {\n    const message = params.join(\"\");\n    const prefix = \"\\x19Signed Operation:\\n\" + message.length.toString();\n    const encoder = new TextEncoder();\n    return encoder.encode(prefix + message);\n  }\n\n  private arrayBufferToHex(buffer: Uint8Array | ArrayBuffer): string {\n    const bytes =\n      buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);\n    return Array.from(bytes)\n      .map((byte) => byte.toString(16).padStart(2, \"0\"))\n      .join(\"\");\n  }\n\n  private arrayBufferToBase64(buffer: ArrayBuffer): string {\n    const bytes = new Uint8Array(buffer);\n    let binary = \"\";\n    for (let i = 0; i < bytes.length; i++) {\n      binary += String.fromCharCode(bytes[i]);\n    }\n    return btoa(binary);\n  }\n}\n\n/**\n * Creates a signature verification handler that verifies signatures using the Web Crypto API.\n * The verification uses ECDSA with P-256 curve and SHA-256 hash, matching the RenownCrypto signing algorithm.\n */\nexport function createSignatureVerifier(\n  requireSignature = false,\n): SignatureVerificationHandler {\n  return async (operation: Operation, publicKey: string): Promise<boolean> => {\n    const signer = operation.action.context?.signer;\n    if (!signer || !publicKey) {\n      return !requireSignature;\n    }\n\n    const signatures = signer.signatures;\n    if (signatures.length === 0) {\n      return false;\n    }\n\n    const signature = signatures[signatures.length - 1];\n    const [timestamp, signerKey, hash, prevStateHash, signatureHex] = signature;\n\n    if (signerKey !== publicKey) {\n      return false;\n    }\n\n    const params: [string, string, string, string] = [\n      timestamp,\n      signerKey,\n      hash,\n      prevStateHash,\n    ];\n    const message = buildSignatureMessage(params);\n    const signatureBytes = hexToUint8Array(signatureHex);\n\n    const cryptoKey = await importPublicKey(publicKey);\n\n    const isValid = await crypto.subtle.verify(\n      { name: \"ECDSA\", hash: \"SHA-256\" },\n      cryptoKey,\n      signatureBytes.buffer as ArrayBuffer,\n      message.buffer as ArrayBuffer,\n    );\n\n    return isValid;\n  };\n}\n\nfunction buildSignatureMessage(\n  params: [string, string, string, string],\n): Uint8Array {\n  const message = params.join(\"\");\n  const prefix = \"\\x19Signed Operation:\\n\" + message.length.toString();\n  const encoder = new TextEncoder();\n  return encoder.encode(prefix + message);\n}\n\nfunction hexToUint8Array(hex: string): Uint8Array {\n  const cleanHex = hex.startsWith(\"0x\") ? hex.slice(2) : hex;\n  const bytes = new Uint8Array(cleanHex.length / 2);\n  for (let i = 0; i < cleanHex.length; i += 2) {\n    bytes[i / 2] = parseInt(cleanHex.substring(i, i + 2), 16);\n  }\n  return bytes;\n}\n\nasync function importPublicKey(did: string): Promise<CryptoKey> {\n  const keyData = extractKeyFromDid(did);\n  return crypto.subtle.importKey(\n    \"raw\",\n    keyData.buffer as ArrayBuffer,\n    { name: \"ECDSA\", namedCurve: \"P-256\" },\n    true,\n    [\"verify\"],\n  );\n}\n\nfunction extractKeyFromDid(did: string): Uint8Array {\n  const parts = did.split(\":\");\n  if (parts.length < 3 || parts[0] !== \"did\" || parts[1] !== \"key\") {\n    throw new Error(`Invalid DID format: ${did}`);\n  }\n\n  const multibaseKey = parts[2];\n  if (!multibaseKey.startsWith(\"z\")) {\n    throw new Error(`Unsupported multibase encoding: ${multibaseKey[0]}`);\n  }\n\n  const decoded = base58Decode(multibaseKey.slice(1));\n\n  if (decoded[0] !== 0x80 || decoded[1] !== 0x24) {\n    throw new Error(\"Not a P-256 public key multicodec\");\n  }\n\n  const compressedKey = decoded.slice(2);\n  return decompressP256PublicKey(compressedKey);\n}\n\nfunction base58Decode(input: string): Uint8Array {\n  const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n  const ALPHABET_MAP = new Map<string, number>();\n  for (let i = 0; i < ALPHABET.length; i++) {\n    ALPHABET_MAP.set(ALPHABET[i], i);\n  }\n\n  if (input.length === 0) {\n    return new Uint8Array(0);\n  }\n\n  const bytes: number[] = [0];\n  for (const char of input) {\n    const value = ALPHABET_MAP.get(char);\n    if (value === undefined) {\n      throw new Error(`Invalid base58 character: ${char}`);\n    }\n\n    let carry = value;\n    for (let j = 0; j < bytes.length; j++) {\n      carry += bytes[j] * 58;\n      bytes[j] = carry & 0xff;\n      carry >>= 8;\n    }\n\n    while (carry > 0) {\n      bytes.push(carry & 0xff);\n      carry >>= 8;\n    }\n  }\n\n  for (const char of input) {\n    if (char !== \"1\") break;\n    bytes.push(0);\n  }\n\n  return new Uint8Array(bytes.reverse());\n}\n\nfunction decompressP256PublicKey(compressed: Uint8Array): Uint8Array {\n  if (compressed.length !== 33) {\n    throw new Error(`Invalid compressed key length: ${compressed.length}`);\n  }\n\n  const prefix = compressed[0];\n  if (prefix !== 0x02 && prefix !== 0x03) {\n    throw new Error(`Invalid compression prefix: ${prefix}`);\n  }\n\n  const p = BigInt(\n    \"0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff\",\n  );\n  const a = BigInt(\n    \"0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc\",\n  );\n  const b = BigInt(\n    \"0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b\",\n  );\n\n  let x = BigInt(0);\n  for (let i = 1; i < compressed.length; i++) {\n    x = (x << BigInt(8)) | BigInt(compressed[i]);\n  }\n\n  const ySquared = (modPow(x, BigInt(3), p) + a * x + b) % p;\n  let y = modPow(ySquared, (p + BigInt(1)) / BigInt(4), p);\n\n  const isYEven = y % BigInt(2) === BigInt(0);\n  const shouldBeEven = prefix === 0x02;\n  if (isYEven !== shouldBeEven) {\n    y = p - y;\n  }\n\n  const uncompressed = new Uint8Array(65);\n  uncompressed[0] = 0x04;\n\n  const xBytes = bigIntToBytes(x, 32);\n  const yBytes = bigIntToBytes(y, 32);\n\n  uncompressed.set(xBytes, 1);\n  uncompressed.set(yBytes, 33);\n\n  return uncompressed;\n}\n\nfunction modPow(base: bigint, exp: bigint, mod: bigint): bigint {\n  let result = BigInt(1);\n  base = base % mod;\n  while (exp > BigInt(0)) {\n    if (exp % BigInt(2) === BigInt(1)) {\n      result = (result * base) % mod;\n    }\n    exp = exp >> BigInt(1);\n    base = (base * base) % mod;\n  }\n  return result;\n}\n\nfunction bigIntToBytes(n: bigint, length: number): Uint8Array {\n  const bytes = new Uint8Array(length);\n  for (let i = length - 1; i >= 0; i--) {\n    bytes[i] = Number(n & BigInt(0xff));\n    n = n >> BigInt(8);\n  }\n  return bytes;\n}\n\n/**\n * Parses the hash field (element [3]) from a signature tuple.\n *\n * Supports two formats:\n * - Old format: just `prevStateHash` (no colon)\n * - New format: `prevStateHash:resultingStateHash` (colon-separated)\n *\n * @param hashField - The 4th element of a Signature tuple\n * @returns Object with prevStateHash and optional resultingStateHash\n */\nexport function parseSignatureHashField(hashField: string): {\n  prevStateHash: string;\n  resultingStateHash: string | undefined;\n} {\n  const colonIndex = hashField.indexOf(\":\");\n\n  if (colonIndex === -1) {\n    return {\n      prevStateHash: hashField,\n      resultingStateHash: undefined,\n    };\n  }\n\n  return {\n    prevStateHash: hashField.substring(0, colonIndex),\n    resultingStateHash: hashField.substring(colonIndex + 1),\n  };\n}\n\n/**\n * Extracts the resulting state hash from a signature, if present.\n *\n * @param signature - A Signature tuple\n * @returns The resulting state hash, or undefined if not present\n */\nexport function extractResultingHashFromSignature(\n  signature: Signature,\n): string | undefined {\n  const hashField = signature[3];\n  const { resultingStateHash } = parseSignatureHashField(hashField);\n  return resultingStateHash;\n}\n\n/**\n * Checks if a signature includes a resulting state hash.\n *\n * @param signature - A Signature tuple\n * @returns true if the signature includes a resulting state hash\n */\nexport function signatureHasResultingHash(signature: Signature): boolean {\n  return extractResultingHashFromSignature(signature) !== undefined;\n}\n","export interface IStorage<\n  T extends Record<string, unknown> = Record<string, unknown>,\n  Key extends keyof T = keyof T,\n> {\n  get(key: Key): T[Key] | undefined;\n  set(key: Key, value?: T[Key]): void;\n  delete(key: Key): void;\n}\n\nexport abstract class BaseStorage<\n  T extends Record<string, unknown> = Record<string, unknown>,\n  Key extends keyof T = keyof T,\n> implements IStorage<T> {\n  abstract get(key: Key): T[Key] | undefined;\n  abstract set(key: Key, value?: T[Key]): void;\n  abstract delete(key: Key): void;\n}\n\nexport class MemoryStorage<\n  T extends Record<string, unknown> = Record<string, unknown>,\n  Key extends keyof T = keyof T,\n> extends BaseStorage<T> {\n  private readonly data = new Map<Key, T[Key]>();\n\n  get(key: Key) {\n    return this.data.get(key);\n  }\n\n  set(key: Key, value?: T[Key]): void {\n    if (value === undefined) {\n      this.data.delete(key);\n    } else {\n      this.data.set(key, value);\n    }\n  }\n\n  delete(key: Key): void {\n    this.data.delete(key);\n  }\n}\n","import { DEFAULT_RENOWN_URL } from \"./constants.js\";\nimport { RenownCryptoSigner, type IRenownCrypto } from \"./crypto/index.js\";\nimport { MemoryStorage } from \"./storage/common.js\";\nimport type {\n  CreateBearerTokenOptions,\n  IRenown,\n  ISigner,\n  LoginStatus,\n  PowerhouseVerifiableCredential,\n  ProfileFetcher,\n  RenownEventEmitter,\n  RenownEvents,\n  RenownStorage,\n  RenownStorageMap,\n  User,\n} from \"./types.js\";\nimport { parsePkhDid, verifyAuthBearerToken } from \"./utils.js\";\nexport * from \"./constants.js\";\n\nexport class RenownMemoryStorage extends MemoryStorage<RenownStorageMap> {}\n\nexport class Renown implements IRenown {\n  #baseUrl: string;\n  #store: RenownStorage;\n  #eventEmitter: RenownEventEmitter;\n  #appName: string;\n  #crypto: IRenownCrypto;\n  #signer: ISigner;\n  #profileFetcher?: ProfileFetcher;\n  #status: LoginStatus = \"initial\";\n\n  constructor(\n    store: RenownStorage,\n    eventEmitter: RenownEventEmitter,\n    crypto: IRenownCrypto,\n    appName: string,\n    baseUrl = DEFAULT_RENOWN_URL,\n    profileFetcher?: ProfileFetcher,\n  ) {\n    this.#store = store;\n    this.#eventEmitter = eventEmitter;\n    this.#baseUrl = baseUrl;\n    this.#crypto = crypto;\n    this.#appName = appName;\n    this.#profileFetcher = profileFetcher;\n    this.#signer = new RenownCryptoSigner(crypto, this.#appName, this.user);\n\n    this.on(\"user\", (user) => {\n      this.#signer.user = user;\n    });\n  }\n\n  get baseUrl() {\n    return this.#baseUrl;\n  }\n\n  get user() {\n    return this.#store.get(\"user\");\n  }\n\n  get status() {\n    return this.#status;\n  }\n\n  get signer() {\n    return this.#signer;\n  }\n\n  get crypto() {\n    return this.#crypto;\n  }\n\n  get did() {\n    return this.#crypto.did;\n  }\n\n  get profileFetcher() {\n    return this.#profileFetcher;\n  }\n\n  #updateStatus(status: LoginStatus) {\n    this.#status = status;\n    this.#eventEmitter.emit(\"status\", status);\n  }\n\n  #updateUser(user: User | undefined) {\n    if (user) {\n      this.#store.set(\"user\", user);\n    } else {\n      this.#store.delete(\"user\");\n    }\n    this.#eventEmitter.emit(\"user\", user);\n  }\n\n  async login(userDid: string): Promise<User> {\n    this.#updateStatus(\"checking\");\n    try {\n      const result = parsePkhDid(userDid);\n      const credential = await this.#getCredential(\n        result.address,\n        result.chainId,\n        this.#crypto.did,\n      );\n\n      if (!credential) {\n        this.#updateUser(undefined);\n        throw new Error(\"Credential not found\");\n      }\n\n      if (\n        !(\n          credential.issuer.id === userDid &&\n          credential.credentialSubject.id === this.did\n        )\n      ) {\n        throw new Error(\"Invalid credential\");\n      }\n\n      const user: User = {\n        ...result,\n        address: credential.issuer.ethereumAddress,\n        did: userDid,\n        credential,\n      };\n\n      this.#updateUser(user);\n      this.#updateStatus(\"authorized\");\n\n      // Fetch profile data in the background if a fetcher is configured\n      if (this.#profileFetcher) {\n        this.#profileFetcher(user, this.#baseUrl)\n          .then((profile) => {\n            if (\n              profile &&\n              this.user?.address === user.address &&\n              this.user.chainId === user.chainId\n            ) {\n              this.#updateUser({\n                ...this.user,\n                profile,\n                ens: {\n                  name: profile.username ?? undefined,\n                  avatarUrl: profile.userImage ?? undefined,\n                },\n              });\n            }\n          })\n          .catch(console.error);\n      }\n\n      return user;\n    } catch (error) {\n      this.#updateUser(undefined);\n      this.#updateStatus(\"not-authorized\");\n      throw error;\n    }\n  }\n\n  logout() {\n    this.#updateUser(undefined);\n    this.#updateStatus(\"initial\");\n    return Promise.resolve();\n  }\n\n  on<K extends keyof RenownEvents>(\n    event: K,\n    listener: (data: RenownEvents[K]) => void,\n  ): () => void {\n    return this.#eventEmitter.on(event, listener);\n  }\n\n  async #getCredential(\n    address: string,\n    chainId: number,\n    appDid: string,\n  ): Promise<PowerhouseVerifiableCredential | undefined> {\n    if (!this.#baseUrl) {\n      throw new Error(\"RENOWN_URL is not set\");\n    }\n    const url = new URL(\n      `/api/auth/credential?address=${encodeURIComponent(address)}&chainId=${encodeURIComponent(chainId)}&connectId=${encodeURIComponent(appDid)}&appId=${encodeURIComponent(appDid)}`,\n      this.#baseUrl,\n    );\n    const response = await fetch(url, {\n      method: \"GET\",\n    });\n    if (response.ok) {\n      const result = (await response.json()) as {\n        credential: PowerhouseVerifiableCredential;\n      };\n      return result.credential;\n    } else {\n      throw new Error(`Failed to get credential: ${response.status}`);\n    }\n  }\n\n  async verifyBearerToken(token: string) {\n    return verifyAuthBearerToken(token);\n  }\n\n  async getBearerToken(options: CreateBearerTokenOptions) {\n    if (!this.user) {\n      throw new Error(\"User not found\");\n    }\n    return this.#crypto.getBearerToken(this.user.address, options);\n  }\n}\n","import type { RenownEvents } from \"../types.js\";\nimport type { IEventEmitter } from \"./types.js\";\n\nexport class MemoryEventEmitter implements IEventEmitter<RenownEvents> {\n  #listeners = new Map<keyof RenownEvents, Set<(data: unknown) => void>>();\n\n  on<K extends keyof RenownEvents>(\n    event: K,\n    listener: (data: RenownEvents[K]) => void,\n  ): () => void {\n    if (!this.#listeners.has(event)) {\n      this.#listeners.set(event, new Set());\n    }\n    this.#listeners.get(event)!.add(listener as (data: unknown) => void);\n    return () => {\n      this.#listeners.get(event)?.delete(listener as (data: unknown) => void);\n    };\n  }\n\n  emit<K extends keyof RenownEvents>(event: K, data: RenownEvents[K]): void {\n    this.#listeners.get(event)?.forEach((listener) => listener(data));\n  }\n}\n","import type { ProfileFetcher, RenownProfile } from \"./types.js\";\n\nexport const fetchRenownProfile: ProfileFetcher = async (user, baseUrl) => {\n  try {\n    const response = await fetch(`${baseUrl}/api/profile`, {\n      method: \"POST\",\n      headers: {\n        \"Content-Type\": \"application/json\",\n      },\n      body: JSON.stringify({\n        ethAddress: user.address,\n      }),\n    });\n\n    if (!response.ok) {\n      return undefined;\n    }\n\n    const result = (await response.json()) as {\n      profile?: RenownProfile;\n    };\n\n    return result.profile ?? undefined;\n  } catch {\n    return undefined;\n  }\n};\n","import { Renown, RenownMemoryStorage } from \"./common.js\";\nimport { DEFAULT_RENOWN_URL } from \"./constants.js\";\nimport { RenownCryptoBuilder } from \"./crypto/renown-crypto-builder.js\";\nimport type { IRenownCrypto, JsonWebKeyPairStorage } from \"./crypto/types.js\";\nimport { MemoryEventEmitter } from \"./event/memory.js\";\nimport { fetchRenownProfile } from \"./profile.js\";\nimport type {\n  ProfileFetcher,\n  RenownEventEmitter,\n  RenownStorage,\n} from \"./types.js\";\n\nexport interface RenownBuilderOptions {\n  appName: string;\n  storage?: RenownStorage;\n  eventEmitter?: RenownEventEmitter;\n  crypto?: IRenownCrypto;\n  keyPairStorage?: JsonWebKeyPairStorage;\n  baseUrl?: string;\n  profileFetcher?: ProfileFetcher;\n}\n\n/**\n * Base builder for creating Renown instances.\n * Use platform-specific builders (RenownBuilder from init.browser.js or init.node.js)\n * for pre-configured defaults.\n */\nexport class BaseRenownBuilder {\n  #appName: string;\n  #storage?: RenownStorage;\n  #eventEmitter?: RenownEventEmitter;\n  #crypto?: IRenownCrypto;\n  #keyPairStorage?: JsonWebKeyPairStorage;\n  #baseUrl?: string;\n  #profileFetcher?: ProfileFetcher;\n\n  /**\n   * @param appName - Application name used for signing context\n   */\n  constructor(appName: string) {\n    this.#appName = appName;\n  }\n\n  /**\n   * Set custom storage for user data persistence.\n   * Defaults to in-memory storage if not set.\n   */\n  withStorage(storage: RenownStorage): this {\n    this.#storage = storage;\n    return this;\n  }\n\n  /**\n   * Set custom event emitter for user state changes.\n   * Defaults to in-memory event emitter if not set.\n   */\n  withEventEmitter(eventEmitter: RenownEventEmitter): this {\n    this.#eventEmitter = eventEmitter;\n    return this;\n  }\n\n  /**\n   * Set a pre-built crypto instance.\n   * Either crypto or keyPairStorage must be provided.\n   */\n  withCrypto(crypto: IRenownCrypto): this {\n    this.#crypto = crypto;\n    return this;\n  }\n\n  /**\n   * Set key pair storage for cryptographic keys.\n   * A crypto instance will be built from this storage.\n   * Either crypto or keyPairStorage must be provided.\n   */\n  withKeyPairStorage(keyPairStorage: JsonWebKeyPairStorage): this {\n    this.#keyPairStorage = keyPairStorage;\n    return this;\n  }\n\n  /**\n   * Set the Renown server URL for credential verification.\n   * Defaults to https://www.renown.id\n   */\n  withBaseUrl(baseUrl: string): this {\n    this.#baseUrl = baseUrl;\n    return this;\n  }\n\n  /**\n   * Set a profile fetcher strategy for enriching user data after login.\n   * The fetcher receives the authenticated user and the base URL,\n   * and returns a RenownProfile. Called in the background after each login.\n   * Defaults to fetchRenownProfile which calls the Renown API.\n   */\n  withProfileFetcher(profileFetcher: ProfileFetcher): this {\n    this.#profileFetcher = profileFetcher;\n    return this;\n  }\n\n  /**\n   * Build and initialize the Renown instance.\n   * If a user is stored, attempts to re-authenticate them.\n   * @throws Error if neither crypto nor keyPairStorage is provided\n   */\n  async build(): Promise<Renown> {\n    if (!this.#crypto && !this.#keyPairStorage) {\n      throw new Error(\n        \"Either crypto or keyPairStorage is required. Use withCrypto() or withKeyPairStorage() to set one.\",\n      );\n    }\n\n    const crypto =\n      this.#crypto ??\n      (await new RenownCryptoBuilder()\n        .withKeyPairStorage(this.#keyPairStorage!)\n        .build());\n\n    const storage = this.#storage ?? new RenownMemoryStorage();\n    const eventEmitter = this.#eventEmitter ?? new MemoryEventEmitter();\n    const baseUrl = this.#baseUrl ?? DEFAULT_RENOWN_URL;\n\n    const renown = new Renown(\n      storage,\n      eventEmitter,\n      crypto,\n      this.#appName,\n      baseUrl,\n      this.#profileFetcher ?? fetchRenownProfile,\n    );\n\n    // Re-authenticate stored user if present\n    if (renown.user) {\n      try {\n        await renown.login(renown.user.did);\n      } catch (error) {\n        console.error(\"Failed to re-authenticate user:\", error);\n      }\n    }\n\n    return renown;\n  }\n\n  /**\n   * Create a BaseRenownBuilder from options object for a more concise API\n   */\n  static from(options: RenownBuilderOptions): BaseRenownBuilder {\n    const builder = new BaseRenownBuilder(options.appName);\n\n    if (options.storage) {\n      builder.withStorage(options.storage);\n    }\n    if (options.eventEmitter) {\n      builder.withEventEmitter(options.eventEmitter);\n    }\n    if (options.crypto) {\n      builder.withCrypto(options.crypto);\n    }\n    if (options.keyPairStorage) {\n      builder.withKeyPairStorage(options.keyPairStorage);\n    }\n    if (options.baseUrl) {\n      builder.withBaseUrl(options.baseUrl);\n    }\n    if (options.profileFetcher) {\n      builder.withProfileFetcher(options.profileFetcher);\n    }\n\n    return builder;\n  }\n}\n"],"mappings":";;;;;;;AAAA,MAAa,qBAAqB;AAClC,MAAa,4BAA4B;AACzC,MAAa,0BAA0B;AAEvC,MAAa,cAAc;CACzB;EAAE,MAAM;EAAQ,MAAM;EAAU;CAChC;EAAE,MAAM;EAAW,MAAM;EAAU;CACnC;EAAE,MAAM;EAAW,MAAM;EAAW;CACpC;EAAE,MAAM;EAAqB,MAAM;EAAW;CAC/C;AAED,MAAa,oCAAoC;CAC/C;EAAE,MAAM;EAAY,MAAM;EAAY;CACtC;EAAE,MAAM;EAAQ,MAAM;EAAY;CAClC;EAAE,MAAM;EAAM,MAAM;EAAU;CAC9B;EAAE,MAAM;EAAU,MAAM;EAAU;CAClC;EAAE,MAAM;EAAqB,MAAM;EAAqB;CACxD;EAAE,MAAM;EAAoB,MAAM;EAAoB;CACtD;EAAE,MAAM;EAAgB,MAAM;EAAU;CACxC;EAAE,MAAM;EAAkB,MAAM;EAAU;CAC3C;AAED,MAAa,gCAAgC,CAC3C;CAAE,MAAM;CAAM,MAAM;CAAU,EAC9B;CAAE,MAAM;CAAQ,MAAM;CAAU,CACjC;AAED,MAAa,0BAA0B;CACrC;EAAE,MAAM;EAAO,MAAM;EAAU;CAC/B;EAAE,MAAM;EAAM,MAAM;EAAU;CAC9B;EAAE,MAAM;EAAQ,MAAM;EAAU;CACjC;AAED,MAAa,cAAc,CACzB;CAAE,MAAM;CAAM,MAAM;CAAU,EAC9B;CAAE,MAAM;CAAmB,MAAM;CAAU,CAC5C;AAED,MAAa,mBAAmB;CAC9B,cAAc;CACd,sBAAsB;CACtB,kBAAkB;CAClB,mBAAmB;CACnB,QAAQ;CACT;;;;;;;;;ACbD,SAAgB,YAAY,KAAqB;CAC/C,MAAM,QAAQ,IAAI,MAAM,IAAI;AAC5B,KAAI,CAAC,IAAI,WAAW,WAAW,IAAI,MAAM,WAAW,EAClD,OAAM,IAAI,MAAM,kBAAkB;CAEpC,MAAM,KAAK,WAAW,YAAY,WAAW;AAE7C,KAAI,CAAC,QAAQ,WAAW,KAAK,CAC3B,OAAM,IAAI,MAAM,oBAAoB,UAAU;CAGhD,MAAM,UAAU,OAAO,WAAW;AAClC,KAAI,MAAM,QAAQ,CAChB,OAAM,IAAI,MAAM,qBAAqB,aAAa;AAGpD,QAAO;EACL;EACA;EACS;EACV;;AAGH,eAAsB,sBACpB,KACyC;AACzC,KAAI;EACF,MAAM,MAAM,SAAS,OAAO,KAAK,KAAK,GAAG,IAAK,CAAC;EAC/C,MAAM,WAAW,MAAM,iBAAiB,KAAKA,eAAa,EAAE,EAC1D,UAAU;GACR,KAAK,SAAS,OAAO,KAAK,KAAK,GAAG,IAAK,CAAC;GACxC,gBAAgB;GAChB,cAAc;GACf,EACF,CAAC;AAEF,MAAI,SAAS,QAAQ,OAAO,SAAS,QAAQ,MAAO,IAClD,QAAO;AAET,yBAAuB,SAAS;AAChC,SAAO;UACA,GAAG;AACV,UAAQ,MAAM,EAAE;AAChB,SAAO;;;AAIX,SAAgB,uBACd,YAC8C;CAC9C,MAAM,cAAc,OAAO,KACzB,WAAW,qBAAqB,kBACjC;AACD,KACE,CAAC;EAAC;EAAW;EAAW;EAAY,CAAC,OAAO,QAC1C,YAAY,SAAS,IAAI,CAC1B,CAED,OAAM,IAAI,MACR,qCACE,KAAK,UACH,WAAW,qBAAqB,mBAChC,MACA,EACD,CACJ;;AAIL,eAAsB,sBACpB,SACA,WACA,SACA,QACA,SACA;AAkBA,QAHY,MAAM,8BAdsB;EACtC,KAAK,OAAO;EACZ,IAAI;GACF,YAAY,CAAC,yCAAyC;GACtD,MAAM,CAAC,uBAAuB;GAC9B,mBAAmB;IACjB;IACA;IACA;IACD;GACF;EACD,KAAK,SAAS;EACf,EAE0D,QAAQ,EACjE,WAAW,SAAS,WACrB,CAAC;;AAIJ,MAAaA,sBAAoB;CAC/B,MAAM,cAAcC,aAAgB;AACpC,KAAI,CAAC,YACH,OAAM,IAAI,MAAM,6BAA6B;AAG/C,QAAO,IAAI,SAAS,YAAY;;;;AC9HlC,MAAa,kBAAkC;CAC7C,MAAM;CACN,YAAY;CACb;AAED,MAAa,uBAAuB;CAClC,MAAM;CACN,YAAY;CACZ,MAAM;CACP;AAED,SAAgB,OAAO,IAAyB;AAC9C,QAAO,MAAM,UAAU,IACpB,KAAK,IAAI,WAAW,GAAG,GAAG,OAAe,OAAO,EAAE,SAAS,GAAG,EAAE,MAAM,GAAG,CAAC,CAC1E,KAAK,GAAG;;AAGb,eAAsB,SACpB,SACA,cACc;AAMd,QADY,uBAHW,YAED,0BADP,4BAA4B,OAFtB,MAAM,aAAa,UAAU,OAAO,QAAQ,UAAU,CAEZ,CAAC,CACT,CACU;;AAInE,eAAsB,cACpB,SACA,cACqB;AACrB,QAAO;EACL,WAAW,MAAM,aAAa,UAAU,OAAO,QAAQ,UAAU;EACjE,YAAY,MAAM,aAAa,UAAU,OAAO,QAAQ,WAAW;EACpE;;AAGH,eAAsB,cACpB,YACA,cACA,YAA4B,iBACJ;AACxB,QAAO;EACL,WAAW,MAAM,aAAa,UAC5B,OACA,WAAW,WACX,WACA,MACA,CAAC,SAAS,CACX;EACD,YAAY,MAAM,aAAa,UAC7B,OACA,WAAW,YACX,WACA,MACA,CAAC,OAAO,CACT;EACF;;AAGH,eAAsB,gBACpB,cACA,YAA4B,iBACJ;AACxB,QAAO,aAAa,YAAY,WAAW,MAAM,CAAC,QAAQ,SAAS,CAAC;;;;ACjEtE,MAAM,oBAAoB;AAC1B,MAAM,kBAAkB;AAExB,IAAa,eAAb,MAAa,aAAsC;CACjD;CACA;CACA;CAEA;CAEA,OAAO,YAAY;CACnB,OAAO,gBAAgB;CAEvB,YACE,gBACA,QACA,SACA,KACA;AACA,QAAA,iBAAuB;AACvB,QAAA,eAAqB;AACrB,QAAA,UAAgB;AAChB,OAAK,MAAM;;CAGb,IAAI,YAAY;AACd,SAAO,MAAA,QAAc;;CAGvB,MAAM,eACJ,SACA,SACiB;AACjB,SAAO,MAAM,sBACX,OAAO,gBAAgB,EACvB,mBACA,WAAW,KAAK,KAChB,KAAK,QACL,QACD;;CAGH,MAAM,YAA2B;AAC/B,QAAM,MAAA,eAAqB,eAAe;;CAG5C,eAAe,GAAuB;AACpC,SAAO,WAAW,GAAG,QAAQ;;CAG/B,MAAM,KAAK,MAAgD;EACzD,MAAM,YACJ,OAAO,SAAS,WAAW,MAAA,cAAoB,KAAK,GAAG;EAEzD,MAAM,cAAc,MAAM,MAAA,aAAmB,KAC3C,aAAa,eACb,MAAA,QAAc,YACd,UAAU,OACX;AAED,SAAO,IAAI,WAAW,YAAY;;CAGpC,MAAM,OAAO,MAAkB,WAAyC;AACtE,SAAO,MAAA,aAAmB,OACxB;GAAE,MAAM;GAAS,MAAM;GAAW,EAClC,MAAA,QAAc,WACd,UAAU,QACV,KAAK,OACN;;CAGH,IAAI,SAAiB;AACnB,SAAO;GACL,KAAK,KAAK;GACV,QAAQ,OAAO,SAA8B;AAI3C,WAAO,iBAHW,MAAM,KAAK,KAC3B,OAAO,SAAS,WAAW,IAAI,aAAa,CAAC,OAAO,KAAK,GAAG,KAC7D,CACiC;;GAEpC,KAAK;GACN;;;;;;AAOL,IAAa,gBAAb,cAAmC,aAAa;;;ACxFhD,IAAa,sBAAb,MAAiC;CAC/B;CACA;CAEA,mBAAmB,SAAsC;AACvD,OAAK,iBAAiB;AACtB,SAAO;;CAGT,iBAAiB,QAA4B;AAC3C,OAAK,eAAe;AACpB,SAAO;;CAGT,MAAM,QAA+B;AACnC,MAAI,CAAC,KAAK,eACR,OAAM,IAAI,MACR,kEACD;EAGH,MAAM,eAAe,KAAK,gBAAgB,WAAW,OAAO;EAC5D,MAAM,UAAU,MAAM,MAAA,kBACpB,cACA,KAAK,eACN;EACD,MAAM,MAAM,MAAM,SAAS,SAAS,aAAa;AAEjD,SAAO,IAAI,aAAa,KAAK,gBAAgB,cAAc,SAAS,IAAI;;CAG1E,OAAA,kBACE,cACA,gBACwB;EACxB,MAAM,gBAAgB,MAAM,eAAe,aAAa;AACxD,MAAI,cACF,QAAO,cAAc,eAAe,aAAa;EAGnD,MAAM,UAAU,MAAM,gBAAgB,aAAa;EACnD,MAAM,WAAW,MAAM,cAAc,SAAS,aAAa;AAC3D,QAAM,eAAe,YAAY,SAAS;AAC1C,SAAO;;;;;AClDX,IAAa,mBAAb,MAA+D;CAC7D;CAEA,YAAY,SAAsB;AAChC,OAAK,UAAU;;CAGjB,cAAc;AACZ,SAAO,QAAQ,QAAQ,KAAK,QAAQ;;CAGtC,YAAY,SAAqB;AAC/B,OAAK,UAAU;AACf,SAAO,QAAQ,SAAS;;CAG1B,gBAAgB;AACd,OAAK,UAAU,KAAA;AACf,SAAO,QAAQ,SAAS;;;;;ACT5B,IAAa,wBAAb,cAA2C,MAAM;CAC/C,cAAc;AACZ,QAAM,oBAAoB;;;AAI9B,IAAa,qBAAb,MAAmD;CACjD;CAEA,YACE,QACA,SACA,MACA;AAHiB,OAAA,SAAA;AACA,OAAA,UAAA;AACV,OAAA,OAAA;AAEP,OAAK,MAAM;GACT,KAAK,KAAK,OAAO;GACjB,MAAM,KAAK;GACZ;;CAGH,IAAI,YAAY;AACd,SAAO,KAAK,OAAO;;CAGrB,MAAM,KAAK,MAAuC;AAChD,SAAO,KAAK,OAAO,KAAK,KAAK;;CAG/B,MAAM,OAAO,MAAkB,WAAsC;AAEnE,MAAI,CADY,MAAM,KAAK,OAAO,OAAO,MAAM,UAAU,CAEvD,OAAM,IAAI,uBAAuB;;CAIrC,MAAM,WACJ,QACA,aACoB;EACpB,MAAM,YAAY,OAAO,SAAS,cAAc;AAChD,SAAO,KAAK,YAAY,QAAQ,WAAW,YAAY;;;;;;;;;;;;;;;;;CAkBzD,MAAM,6BACJ,QACA,oBACA,aACoB;EAEpB,MAAM,YAAY,GADI,OAAO,SAAS,cAAc,GACjB,GAAG;AACtC,SAAO,KAAK,YAAY,QAAQ,WAAW,YAAY;;;;;CAMzD,MAAc,YACZ,QACA,WACA,aACoB;AACpB,MAAI,aAAa,QACf,OAAM,IAAI,MAAM,kBAAkB;EAGpC,MAAM,8BAAa,IAAI,MAAM,EAAC,SAAS,GAAG,KAAM,QAAQ,EAAE;EAC1D,MAAM,OAAO,MAAM,KAAK,WAAW,OAAO;AAE1C,MAAI,aAAa,QACf,OAAM,IAAI,MAAM,kBAAkB;EAGpC,MAAM,SAA2C;GAC/C;GACA,KAAK,OAAO;GACZ;GACA;GACD;EACD,MAAM,UAAU,KAAK,sBAAsB,OAAO;EAClD,MAAM,iBAAiB,MAAM,KAAK,OAAO,KAAK,QAAQ;EACtD,MAAM,eAAe,KAAK,KAAK,iBAAiB,eAAe;AAE/D,MAAI,aAAa,QACf,OAAM,IAAI,MAAM,kBAAkB;AAGpC,SAAO,CAAC,GAAG,QAAQ,aAAa;;CAGlC,MAAc,WAAW,QAAiC;EACxD,MAAM,UAAU;GACd,OAAO;GACP,OAAO;GACP,KAAK,UAAU,OAAO,MAAM;GAC7B,CAAC,KAAK,GAAG;EAEV,MAAM,OADU,IAAI,aAAa,CACZ,OAAO,QAAQ;EACpC,MAAM,aAAa,MAAM,OAAO,OAAO,OAAO,WAAW,KAAK;AAC9D,SAAO,KAAK,oBAAoB,WAAW;;CAG7C,sBACE,QACY;EACZ,MAAM,UAAU,OAAO,KAAK,GAAG;EAC/B,MAAM,SAAS,yBAA4B,QAAQ,OAAO,UAAU;AAEpE,SADgB,IAAI,aAAa,CAClB,OAAO,SAAS,QAAQ;;CAGzC,iBAAyB,QAA0C;EACjE,MAAM,QACJ,kBAAkB,aAAa,SAAS,IAAI,WAAW,OAAO;AAChE,SAAO,MAAM,KAAK,MAAM,CACrB,KAAK,SAAS,KAAK,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CACjD,KAAK,GAAG;;CAGb,oBAA4B,QAA6B;EACvD,MAAM,QAAQ,IAAI,WAAW,OAAO;EACpC,IAAI,SAAS;AACb,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,IAChC,WAAU,OAAO,aAAa,MAAM,GAAG;AAEzC,SAAO,KAAK,OAAO;;;;;;;AAQvB,SAAgB,wBACd,mBAAmB,OACW;AAC9B,QAAO,OAAO,WAAsB,cAAwC;EAC1E,MAAM,SAAS,UAAU,OAAO,SAAS;AACzC,MAAI,CAAC,UAAU,CAAC,UACd,QAAO,CAAC;EAGV,MAAM,aAAa,OAAO;AAC1B,MAAI,WAAW,WAAW,EACxB,QAAO;EAIT,MAAM,CAAC,WAAW,WAAW,MAAM,eAAe,gBADhC,WAAW,WAAW,SAAS;AAGjD,MAAI,cAAc,UAChB,QAAO;EAST,MAAM,UAAU,sBANiC;GAC/C;GACA;GACA;GACA;GACD,CAC4C;EAC7C,MAAM,iBAAiB,gBAAgB,aAAa;EAEpD,MAAM,YAAY,MAAM,gBAAgB,UAAU;AASlD,SAPgB,MAAM,OAAO,OAAO,OAClC;GAAE,MAAM;GAAS,MAAM;GAAW,EAClC,WACA,eAAe,QACf,QAAQ,OACT;;;AAML,SAAS,sBACP,QACY;CACZ,MAAM,UAAU,OAAO,KAAK,GAAG;CAC/B,MAAM,SAAS,yBAA4B,QAAQ,OAAO,UAAU;AAEpE,QADgB,IAAI,aAAa,CAClB,OAAO,SAAS,QAAQ;;AAGzC,SAAS,gBAAgB,KAAyB;CAChD,MAAM,WAAW,IAAI,WAAW,KAAK,GAAG,IAAI,MAAM,EAAE,GAAG;CACvD,MAAM,QAAQ,IAAI,WAAW,SAAS,SAAS,EAAE;AACjD,MAAK,IAAI,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK,EACxC,OAAM,IAAI,KAAK,SAAS,SAAS,UAAU,GAAG,IAAI,EAAE,EAAE,GAAG;AAE3D,QAAO;;AAGT,eAAe,gBAAgB,KAAiC;CAC9D,MAAM,UAAU,kBAAkB,IAAI;AACtC,QAAO,OAAO,OAAO,UACnB,OACA,QAAQ,QACR;EAAE,MAAM;EAAS,YAAY;EAAS,EACtC,MACA,CAAC,SAAS,CACX;;AAGH,SAAS,kBAAkB,KAAyB;CAClD,MAAM,QAAQ,IAAI,MAAM,IAAI;AAC5B,KAAI,MAAM,SAAS,KAAK,MAAM,OAAO,SAAS,MAAM,OAAO,MACzD,OAAM,IAAI,MAAM,uBAAuB,MAAM;CAG/C,MAAM,eAAe,MAAM;AAC3B,KAAI,CAAC,aAAa,WAAW,IAAI,CAC/B,OAAM,IAAI,MAAM,mCAAmC,aAAa,KAAK;CAGvE,MAAM,UAAU,aAAa,aAAa,MAAM,EAAE,CAAC;AAEnD,KAAI,QAAQ,OAAO,OAAQ,QAAQ,OAAO,GACxC,OAAM,IAAI,MAAM,oCAAoC;AAItD,QAAO,wBADe,QAAQ,MAAM,EAAE,CACO;;AAG/C,SAAS,aAAa,OAA2B;CAC/C,MAAM,WAAW;CACjB,MAAM,+BAAe,IAAI,KAAqB;AAC9C,MAAK,IAAI,IAAI,GAAG,IAAI,IAAiB,IACnC,cAAa,IAAI,SAAS,IAAI,EAAE;AAGlC,KAAI,MAAM,WAAW,EACnB,QAAO,IAAI,WAAW,EAAE;CAG1B,MAAM,QAAkB,CAAC,EAAE;AAC3B,MAAK,MAAM,QAAQ,OAAO;EACxB,MAAM,QAAQ,aAAa,IAAI,KAAK;AACpC,MAAI,UAAU,KAAA,EACZ,OAAM,IAAI,MAAM,6BAA6B,OAAO;EAGtD,IAAI,QAAQ;AACZ,OAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,YAAS,MAAM,KAAK;AACpB,SAAM,KAAK,QAAQ;AACnB,aAAU;;AAGZ,SAAO,QAAQ,GAAG;AAChB,SAAM,KAAK,QAAQ,IAAK;AACxB,aAAU;;;AAId,MAAK,MAAM,QAAQ,OAAO;AACxB,MAAI,SAAS,IAAK;AAClB,QAAM,KAAK,EAAE;;AAGf,QAAO,IAAI,WAAW,MAAM,SAAS,CAAC;;AAGxC,SAAS,wBAAwB,YAAoC;AACnE,KAAI,WAAW,WAAW,GACxB,OAAM,IAAI,MAAM,kCAAkC,WAAW,SAAS;CAGxE,MAAM,SAAS,WAAW;AAC1B,KAAI,WAAW,KAAQ,WAAW,EAChC,OAAM,IAAI,MAAM,+BAA+B,SAAS;CAG1D,MAAM,IAAI,OACR,qEACD;CACD,MAAM,IAAI,OACR,qEACD;CACD,MAAM,IAAI,OACR,qEACD;CAED,IAAI,IAAI,OAAO,EAAE;AACjB,MAAK,IAAI,IAAI,GAAG,IAAI,WAAW,QAAQ,IACrC,KAAK,KAAK,OAAO,EAAE,GAAI,OAAO,WAAW,GAAG;CAI9C,IAAI,IAAI,QADU,OAAO,GAAG,OAAO,EAAE,EAAE,EAAE,GAAG,IAAI,IAAI,KAAK,IAC/B,IAAI,OAAO,EAAE,IAAI,OAAO,EAAE,EAAE,EAAE;AAIxD,KAFgB,IAAI,OAAO,EAAE,KAAK,OAAO,EAAE,MACtB,WAAW,GAE9B,KAAI,IAAI;CAGV,MAAM,eAAe,IAAI,WAAW,GAAG;AACvC,cAAa,KAAK;CAElB,MAAM,SAAS,cAAc,GAAG,GAAG;CACnC,MAAM,SAAS,cAAc,GAAG,GAAG;AAEnC,cAAa,IAAI,QAAQ,EAAE;AAC3B,cAAa,IAAI,QAAQ,GAAG;AAE5B,QAAO;;AAGT,SAAS,OAAO,MAAc,KAAa,KAAqB;CAC9D,IAAI,SAAS,OAAO,EAAE;AACtB,QAAO,OAAO;AACd,QAAO,MAAM,OAAO,EAAE,EAAE;AACtB,MAAI,MAAM,OAAO,EAAE,KAAK,OAAO,EAAE,CAC/B,UAAU,SAAS,OAAQ;AAE7B,QAAM,OAAO,OAAO,EAAE;AACtB,SAAQ,OAAO,OAAQ;;AAEzB,QAAO;;AAGT,SAAS,cAAc,GAAW,QAA4B;CAC5D,MAAM,QAAQ,IAAI,WAAW,OAAO;AACpC,MAAK,IAAI,IAAI,SAAS,GAAG,KAAK,GAAG,KAAK;AACpC,QAAM,KAAK,OAAO,IAAI,OAAO,IAAK,CAAC;AACnC,MAAI,KAAK,OAAO,EAAE;;AAEpB,QAAO;;;;;;;;;;;;AAaT,SAAgB,wBAAwB,WAGtC;CACA,MAAM,aAAa,UAAU,QAAQ,IAAI;AAEzC,KAAI,eAAe,GACjB,QAAO;EACL,eAAe;EACf,oBAAoB,KAAA;EACrB;AAGH,QAAO;EACL,eAAe,UAAU,UAAU,GAAG,WAAW;EACjD,oBAAoB,UAAU,UAAU,aAAa,EAAE;EACxD;;;;;;;;AASH,SAAgB,kCACd,WACoB;CACpB,MAAM,YAAY,UAAU;CAC5B,MAAM,EAAE,uBAAuB,wBAAwB,UAAU;AACjE,QAAO;;;;;;;;AAST,SAAgB,0BAA0B,WAA+B;AACvE,QAAO,kCAAkC,UAAU,KAAK,KAAA;;;;AC/Y1D,IAAsB,cAAtB,MAGyB;AAMzB,IAAa,gBAAb,cAGU,YAAe;CACvB,uBAAwB,IAAI,KAAkB;CAE9C,IAAI,KAAU;AACZ,SAAO,KAAK,KAAK,IAAI,IAAI;;CAG3B,IAAI,KAAU,OAAsB;AAClC,MAAI,UAAU,KAAA,EACZ,MAAK,KAAK,OAAO,IAAI;MAErB,MAAK,KAAK,IAAI,KAAK,MAAM;;CAI7B,OAAO,KAAgB;AACrB,OAAK,KAAK,OAAO,IAAI;;;;;AClBzB,IAAa,sBAAb,cAAyC,cAAgC;AAEzE,IAAa,SAAb,MAAuC;CACrC;CACA;CACA;CACA;CACA;CACA;CACA;CACA,UAAuB;CAEvB,YACE,OACA,cACA,QACA,SACA,UAAU,oBACV,gBACA;AACA,QAAA,QAAc;AACd,QAAA,eAAqB;AACrB,QAAA,UAAgB;AAChB,QAAA,SAAe;AACf,QAAA,UAAgB;AAChB,QAAA,iBAAuB;AACvB,QAAA,SAAe,IAAI,mBAAmB,QAAQ,MAAA,SAAe,KAAK,KAAK;AAEvE,OAAK,GAAG,SAAS,SAAS;AACxB,SAAA,OAAa,OAAO;IACpB;;CAGJ,IAAI,UAAU;AACZ,SAAO,MAAA;;CAGT,IAAI,OAAO;AACT,SAAO,MAAA,MAAY,IAAI,OAAO;;CAGhC,IAAI,SAAS;AACX,SAAO,MAAA;;CAGT,IAAI,SAAS;AACX,SAAO,MAAA;;CAGT,IAAI,SAAS;AACX,SAAO,MAAA;;CAGT,IAAI,MAAM;AACR,SAAO,MAAA,OAAa;;CAGtB,IAAI,iBAAiB;AACnB,SAAO,MAAA;;CAGT,cAAc,QAAqB;AACjC,QAAA,SAAe;AACf,QAAA,aAAmB,KAAK,UAAU,OAAO;;CAG3C,YAAY,MAAwB;AAClC,MAAI,KACF,OAAA,MAAY,IAAI,QAAQ,KAAK;MAE7B,OAAA,MAAY,OAAO,OAAO;AAE5B,QAAA,aAAmB,KAAK,QAAQ,KAAK;;CAGvC,MAAM,MAAM,SAAgC;AAC1C,QAAA,aAAmB,WAAW;AAC9B,MAAI;GACF,MAAM,SAAS,YAAY,QAAQ;GACnC,MAAM,aAAa,MAAM,MAAA,cACvB,OAAO,SACP,OAAO,SACP,MAAA,OAAa,IACd;AAED,OAAI,CAAC,YAAY;AACf,UAAA,WAAiB,KAAA,EAAU;AAC3B,UAAM,IAAI,MAAM,uBAAuB;;AAGzC,OACE,EACE,WAAW,OAAO,OAAO,WACzB,WAAW,kBAAkB,OAAO,KAAK,KAG3C,OAAM,IAAI,MAAM,qBAAqB;GAGvC,MAAM,OAAa;IACjB,GAAG;IACH,SAAS,WAAW,OAAO;IAC3B,KAAK;IACL;IACD;AAED,SAAA,WAAiB,KAAK;AACtB,SAAA,aAAmB,aAAa;AAGhC,OAAI,MAAA,eACF,OAAA,eAAqB,MAAM,MAAA,QAAc,CACtC,MAAM,YAAY;AACjB,QACE,WACA,KAAK,MAAM,YAAY,KAAK,WAC5B,KAAK,KAAK,YAAY,KAAK,QAE3B,OAAA,WAAiB;KACf,GAAG,KAAK;KACR;KACA,KAAK;MACH,MAAM,QAAQ,YAAY,KAAA;MAC1B,WAAW,QAAQ,aAAa,KAAA;MACjC;KACF,CAAC;KAEJ,CACD,MAAM,QAAQ,MAAM;AAGzB,UAAO;WACA,OAAO;AACd,SAAA,WAAiB,KAAA,EAAU;AAC3B,SAAA,aAAmB,iBAAiB;AACpC,SAAM;;;CAIV,SAAS;AACP,QAAA,WAAiB,KAAA,EAAU;AAC3B,QAAA,aAAmB,UAAU;AAC7B,SAAO,QAAQ,SAAS;;CAG1B,GACE,OACA,UACY;AACZ,SAAO,MAAA,aAAmB,GAAG,OAAO,SAAS;;CAG/C,OAAA,cACE,SACA,SACA,QACqD;AACrD,MAAI,CAAC,MAAA,QACH,OAAM,IAAI,MAAM,wBAAwB;EAE1C,MAAM,MAAM,IAAI,IACd,gCAAgC,mBAAmB,QAAQ,CAAC,WAAW,mBAAmB,QAAQ,CAAC,aAAa,mBAAmB,OAAO,CAAC,SAAS,mBAAmB,OAAO,IAC9K,MAAA,QACD;EACD,MAAM,WAAW,MAAM,MAAM,KAAK,EAChC,QAAQ,OACT,CAAC;AACF,MAAI,SAAS,GAIX,SAHgB,MAAM,SAAS,MAAM,EAGvB;MAEd,OAAM,IAAI,MAAM,6BAA6B,SAAS,SAAS;;CAInE,MAAM,kBAAkB,OAAe;AACrC,SAAO,sBAAsB,MAAM;;CAGrC,MAAM,eAAe,SAAmC;AACtD,MAAI,CAAC,KAAK,KACR,OAAM,IAAI,MAAM,iBAAiB;AAEnC,SAAO,MAAA,OAAa,eAAe,KAAK,KAAK,SAAS,QAAQ;;;;;ACzMlE,IAAa,qBAAb,MAAuE;CACrE,6BAAa,IAAI,KAAuD;CAExE,GACE,OACA,UACY;AACZ,MAAI,CAAC,MAAA,UAAgB,IAAI,MAAM,CAC7B,OAAA,UAAgB,IAAI,uBAAO,IAAI,KAAK,CAAC;AAEvC,QAAA,UAAgB,IAAI,MAAM,CAAE,IAAI,SAAoC;AACpE,eAAa;AACX,SAAA,UAAgB,IAAI,MAAM,EAAE,OAAO,SAAoC;;;CAI3E,KAAmC,OAAU,MAA6B;AACxE,QAAA,UAAgB,IAAI,MAAM,EAAE,SAAS,aAAa,SAAS,KAAK,CAAC;;;;;AClBrE,MAAa,qBAAqC,OAAO,MAAM,YAAY;AACzE,KAAI;EACF,MAAM,WAAW,MAAM,MAAM,GAAG,QAAQ,eAAe;GACrD,QAAQ;GACR,SAAS,EACP,gBAAgB,oBACjB;GACD,MAAM,KAAK,UAAU,EACnB,YAAY,KAAK,SAClB,CAAC;GACH,CAAC;AAEF,MAAI,CAAC,SAAS,GACZ;AAOF,UAJgB,MAAM,SAAS,MAAM,EAIvB,WAAW,KAAA;SACnB;AACN;;;;;;;;;;ACGJ,IAAa,oBAAb,MAAa,kBAAkB;CAC7B;CACA;CACA;CACA;CACA;CACA;CACA;;;;CAKA,YAAY,SAAiB;AAC3B,QAAA,UAAgB;;;;;;CAOlB,YAAY,SAA8B;AACxC,QAAA,UAAgB;AAChB,SAAO;;;;;;CAOT,iBAAiB,cAAwC;AACvD,QAAA,eAAqB;AACrB,SAAO;;;;;;CAOT,WAAW,QAA6B;AACtC,QAAA,SAAe;AACf,SAAO;;;;;;;CAQT,mBAAmB,gBAA6C;AAC9D,QAAA,iBAAuB;AACvB,SAAO;;;;;;CAOT,YAAY,SAAuB;AACjC,QAAA,UAAgB;AAChB,SAAO;;;;;;;;CAST,mBAAmB,gBAAsC;AACvD,QAAA,iBAAuB;AACvB,SAAO;;;;;;;CAQT,MAAM,QAAyB;AAC7B,MAAI,CAAC,MAAA,UAAgB,CAAC,MAAA,eACpB,OAAM,IAAI,MACR,oGACD;EAGH,MAAM,SACJ,MAAA,UACC,MAAM,IAAI,qBAAqB,CAC7B,mBAAmB,MAAA,eAAsB,CACzC,OAAO;EAEZ,MAAM,UAAU,MAAA,WAAiB,IAAI,qBAAqB;EAC1D,MAAM,eAAe,MAAA,gBAAsB,IAAI,oBAAoB;EACnE,MAAM,UAAU,MAAA,WAAKuB;EAErB,MAAM,SAAS,IAAI,OACjB,SACA,cACA,QACA,MAAA,SACA,SACA,MAAA,kBAAwB,mBACzB;AAGD,MAAI,OAAO,KACT,KAAI;AACF,SAAM,OAAO,MAAM,OAAO,KAAK,IAAI;WAC5B,OAAO;AACd,WAAQ,MAAM,mCAAmC,MAAM;;AAI3D,SAAO;;;;;CAMT,OAAO,KAAK,SAAkD;EAC5D,MAAM,UAAU,IAAI,kBAAkB,QAAQ,QAAQ;AAEtD,MAAI,QAAQ,QACV,SAAQ,YAAY,QAAQ,QAAQ;AAEtC,MAAI,QAAQ,aACV,SAAQ,iBAAiB,QAAQ,aAAa;AAEhD,MAAI,QAAQ,OACV,SAAQ,WAAW,QAAQ,OAAO;AAEpC,MAAI,QAAQ,eACV,SAAQ,mBAAmB,QAAQ,eAAe;AAEpD,MAAI,QAAQ,QACV,SAAQ,YAAY,QAAQ,QAAQ;AAEtC,MAAI,QAAQ,eACV,SAAQ,mBAAmB,QAAQ,eAAe;AAGpD,SAAO"}

package/dist/utils-Dx7V4t4D.d.ts

@@ -0,0 +1,548 @@
+import { Issuer, Verifiable, VerifiedCredential } from "did-jwt-vc";
+import { Resolver } from "did-resolver";
+import { Action, AppActionSigner, ISigner, ISigner as ISigner$1, Signature, SignatureVerificationHandler, User, UserActionSigner } from "@powerhousedao/shared/document-model";
+
+//#region src/constants.d.ts
+declare const DEFAULT_RENOWN_URL = "https://www.renown.id";
+declare const DEFAULT_RENOWN_NETWORK_ID = "eip155";
+declare const DEFAULT_RENOWN_CHAIN_ID = "1";
+declare const DOMAIN_TYPE: readonly [{
+  readonly name: "name";
+  readonly type: "string";
+}, {
+  readonly name: "version";
+  readonly type: "string";
+}, {
+  readonly name: "chainId";
+  readonly type: "uint256";
+}, {
+  readonly name: "verifyingContract";
+  readonly type: "address";
+}];
+declare const VERIFIABLE_CREDENTIAL_EIP712_TYPE: readonly [{
+  readonly name: "@context";
+  readonly type: "string[]";
+}, {
+  readonly name: "type";
+  readonly type: "string[]";
+}, {
+  readonly name: "id";
+  readonly type: "string";
+}, {
+  readonly name: "issuer";
+  readonly type: "Issuer";
+}, {
+  readonly name: "credentialSubject";
+  readonly type: "CredentialSubject";
+}, {
+  readonly name: "credentialSchema";
+  readonly type: "CredentialSchema";
+}, {
+  readonly name: "issuanceDate";
+  readonly type: "string";
+}, {
+  readonly name: "expirationDate";
+  readonly type: "string";
+}];
+declare const CREDENTIAL_SCHEMA_EIP712_TYPE: readonly [{
+  readonly name: "id";
+  readonly type: "string";
+}, {
+  readonly name: "type";
+  readonly type: "string";
+}];
+declare const CREDENTIAL_SUBJECT_TYPE: readonly [{
+  readonly name: "app";
+  readonly type: "string";
+}, {
+  readonly name: "id";
+  readonly type: "string";
+}, {
+  readonly name: "name";
+  readonly type: "string";
+}];
+declare const ISSUER_TYPE: readonly [{
+  readonly name: "id";
+  readonly type: "string";
+}, {
+  readonly name: "ethereumAddress";
+  readonly type: "string";
+}];
+declare const CREDENTIAL_TYPES: {
+  readonly EIP712Domain: readonly [{
+    readonly name: "name";
+    readonly type: "string";
+  }, {
+    readonly name: "version";
+    readonly type: "string";
+  }, {
+    readonly name: "chainId";
+    readonly type: "uint256";
+  }, {
+    readonly name: "verifyingContract";
+    readonly type: "address";
+  }];
+  readonly VerifiableCredential: readonly [{
+    readonly name: "@context";
+    readonly type: "string[]";
+  }, {
+    readonly name: "type";
+    readonly type: "string[]";
+  }, {
+    readonly name: "id";
+    readonly type: "string";
+  }, {
+    readonly name: "issuer";
+    readonly type: "Issuer";
+  }, {
+    readonly name: "credentialSubject";
+    readonly type: "CredentialSubject";
+  }, {
+    readonly name: "credentialSchema";
+    readonly type: "CredentialSchema";
+  }, {
+    readonly name: "issuanceDate";
+    readonly type: "string";
+  }, {
+    readonly name: "expirationDate";
+    readonly type: "string";
+  }];
+  readonly CredentialSchema: readonly [{
+    readonly name: "id";
+    readonly type: "string";
+  }, {
+    readonly name: "type";
+    readonly type: "string";
+  }];
+  readonly CredentialSubject: readonly [{
+    readonly name: "app";
+    readonly type: "string";
+  }, {
+    readonly name: "id";
+    readonly type: "string";
+  }, {
+    readonly name: "name";
+    readonly type: "string";
+  }];
+  readonly Issuer: readonly [{
+    readonly name: "id";
+    readonly type: "string";
+  }, {
+    readonly name: "ethereumAddress";
+    readonly type: "string";
+  }];
+};
+//#endregion
+//#region src/crypto/types.d.ts
+type JwkKeyPair = {
+  publicKey: JsonWebKey;
+  privateKey: JsonWebKey;
+};
+interface JsonWebKeyPairStorage {
+  loadKeyPair(): Promise<JwkKeyPair | undefined>;
+  saveKeyPair(keyPair: JwkKeyPair): Promise<void>;
+  removeKeyPair(): Promise<void>;
+}
+type DID = `did:${string}`;
+interface IRenownCrypto {
+  did: DID;
+  publicKey: CryptoKey;
+  removeDid(): Promise<void>;
+  sign: (data: Uint8Array) => Promise<Uint8Array>;
+  verify: (data: Uint8Array, signature: Uint8Array) => Promise<boolean>;
+  issuer: Issuer;
+  getBearerToken: (address: string | undefined, options?: CreateBearerTokenOptions) => Promise<string>;
+}
+/**
+ * @deprecated Use IRenownCrypto instead
+ */
+interface IConnectCrypto extends IRenownCrypto {}
+//#endregion
+//#region src/event/types.d.ts
+interface IEventEmitter<Events extends Record<string, unknown>> {
+  /**
+   * Registers a listener for the specified event.
+   * @param event - The event name.
+   * @param listener - The listener function for the event.
+   * @returns A function to remove the listener.
+   */
+  on<K extends keyof Events>(event: K, listener: (data: Events[K]) => void): () => void;
+  /**
+   * Emits an event with the specified data.
+   * @param event - The event name.
+   * @param data - The data to pass to listeners.
+   */
+  emit<K extends keyof Events>(event: K, data: Events[K]): void;
+}
+//#endregion
+//#region src/storage/common.d.ts
+interface IStorage<T extends Record<string, unknown> = Record<string, unknown>, Key extends keyof T = keyof T> {
+  get(key: Key): T[Key] | undefined;
+  set(key: Key, value?: T[Key]): void;
+  delete(key: Key): void;
+}
+declare abstract class BaseStorage<T extends Record<string, unknown> = Record<string, unknown>, Key extends keyof T = keyof T> implements IStorage<T> {
+  abstract get(key: Key): T[Key] | undefined;
+  abstract set(key: Key, value?: T[Key]): void;
+  abstract delete(key: Key): void;
+}
+declare class MemoryStorage<T extends Record<string, unknown> = Record<string, unknown>, Key extends keyof T = keyof T> extends BaseStorage<T> {
+  private readonly data;
+  get(key: Key): T[Key] | undefined;
+  set(key: Key, value?: T[Key]): void;
+  delete(key: Key): void;
+}
+//#endregion
+//#region src/types.d.ts
+type RenownProfile = {
+  documentId: string;
+  username: string | null;
+  ethAddress: string | null;
+  userImage: string | null;
+  createdAt: string;
+  updatedAt: string;
+};
+type InternalUser = User & {
+  did: string;
+  credential: PowerhouseVerifiableCredential | undefined;
+  profile?: RenownProfile;
+};
+type User$1 = InternalUser;
+/**
+ * Strategy function for fetching user profile data.
+ * Called after successful authentication to enrich the user object.
+ * Should return the user's Renown profile, or undefined if not available.
+ * Must not throw — return undefined on failure.
+ */
+type ProfileFetcher = (user: User$1, baseUrl: string) => Promise<RenownProfile | undefined>;
+type Unsubscribe = () => void;
+type LoginStatus = "initial" | "checking" | "authorized" | "not-authorized";
+type RenownStorageMap = {
+  user: InternalUser | undefined;
+};
+type RenownStorage = IStorage<RenownStorageMap>;
+type RenownEvents = {
+  user: User$1 | undefined;
+  status: LoginStatus;
+};
+type RenownEventEmitter = IEventEmitter<RenownEvents>;
+interface IRenown extends Pick<RenownEventEmitter, "on"> {
+  readonly baseUrl: string;
+  readonly user: User$1 | undefined;
+  readonly status: LoginStatus;
+  login: (userDid: string) => Promise<User$1>;
+  logout: () => Promise<void>;
+  readonly crypto: IRenownCrypto;
+  readonly signer: ISigner$1;
+  readonly did: string;
+  readonly profileFetcher: ProfileFetcher | undefined;
+  verifyBearerToken: (token: string) => Promise<false | VerifiedCredential>;
+  getBearerToken: (options: CreateBearerTokenOptions, refresh?: boolean) => Promise<string>;
+}
+type IssuerType<T> = {
+  id: string;
+} & T;
+type CredentialSubjecType<T> = {
+  id?: string;
+} & T;
+interface CredentialStatus {
+  id: string;
+  type: string;
+}
+interface CredentialSchema {
+  id: string;
+  type: string;
+}
+interface IVerifiableCredentialPayload<Subject, Issuer> {
+  "@context": string[];
+  id: string;
+  type: string[];
+  issuer: IssuerType<Issuer>;
+  issuanceDate: string;
+  expirationDate?: string;
+  credentialSubject: CredentialSubjecType<Subject>;
+  credentialStatus?: CredentialStatus;
+  credentialSchema: CredentialSchema;
+}
+interface IProof {
+  verificationMethod: string;
+  ethereumAddress: `0x${string}`;
+  created: string;
+  proofPurpose: string;
+  type: string;
+  proofValue: string;
+  eip712: {
+    domain: {
+      name: string;
+      version: string;
+      chainId: number;
+      verifyingContract: string;
+    };
+    types: typeof CREDENTIAL_TYPES;
+    primaryType: "VerifiableCredential";
+  };
+}
+interface IVerifiableCredential<Subject, Issuer> extends IVerifiableCredentialPayload<Subject, Issuer> {
+  proof: IProof;
+}
+interface IPowerhouseCredentialSubject {
+  id: string;
+  app: string;
+  name?: string;
+}
+interface IPowerhouseIssuerType {
+  ethereumAddress: `0x${string}`;
+}
+type PowerhouseVerifiableCredential = IVerifiableCredential<IPowerhouseCredentialSubject, IPowerhouseIssuerType>;
+interface IAuthCredentialSubject {
+  chainId: number;
+  networkId: string;
+  address: string;
+}
+type AuthVerifiableCredential = IVerifiableCredential<IAuthCredentialSubject, {}>;
+type AuthVerifiedCredential = VerifiedCredential & {
+  verifiableCredential: Verifiable<AuthVerifiableCredential>;
+};
+type PKHDid = {
+  networkId: string;
+  chainId: number;
+  address: `0x${string}`;
+};
+interface CreateBearerTokenOptions {
+  expiresIn?: number;
+  aud?: string;
+}
+//#endregion
+//#region src/crypto/renown-crypto.d.ts
+declare class RenownCrypto implements IRenownCrypto {
+  #private;
+  readonly did: DID;
+  static algorithm: EcKeyAlgorithm;
+  static signAlgorithm: {
+    name: string;
+    namedCurve: string;
+    hash: string;
+  };
+  constructor(keyPairStorage: JsonWebKeyPairStorage, crypto: SubtleCrypto, keyPair: CryptoKeyPair, did: DID);
+  get publicKey(): CryptoKey;
+  getBearerToken(address: string | undefined, options?: CreateBearerTokenOptions): Promise<string>;
+  removeDid(): Promise<void>;
+  sign(data: Uint8Array | string): Promise<Uint8Array>;
+  verify(data: Uint8Array, signature: Uint8Array): Promise<boolean>;
+  get issuer(): Issuer;
+}
+/**
+ * @deprecated Use RenownCrypto instead
+ */
+declare class ConnectCrypto extends RenownCrypto {}
+//#endregion
+//#region src/crypto/renown-crypto-builder.d.ts
+declare class RenownCryptoBuilder {
+  #private;
+  private keyPairStorage?;
+  private subtleCrypto?;
+  withKeyPairStorage(storage: JsonWebKeyPairStorage): this;
+  withSubtleCrypto(crypto: SubtleCrypto): this;
+  build(): Promise<RenownCrypto>;
+}
+//#endregion
+//#region src/crypto/memory-key-storage.d.ts
+declare class MemoryKeyStorage implements JsonWebKeyPairStorage {
+  private keyPair;
+  constructor(keyPair?: JwkKeyPair);
+  loadKeyPair(): Promise<JwkKeyPair | undefined>;
+  saveKeyPair(keyPair: JwkKeyPair): Promise<void>;
+  removeKeyPair(): Promise<void>;
+}
+//#endregion
+//#region src/crypto/signer.d.ts
+declare class RenownCryptoSigner implements ISigner {
+  private readonly crypto;
+  private readonly appName;
+  user?: UserActionSigner | undefined;
+  readonly app: AppActionSigner;
+  constructor(crypto: IRenownCrypto, appName: string, user?: UserActionSigner | undefined);
+  get publicKey(): CryptoKey;
+  sign(data: Uint8Array): Promise<Uint8Array>;
+  verify(data: Uint8Array, signature: Uint8Array): Promise<void>;
+  signAction(action: Action, abortSignal?: AbortSignal): Promise<Signature>;
+  /**
+   * Signs an action including a predicted resulting state hash.
+   *
+   * The resulting hash is packed into the signature tuple's 4th element (index 3)
+   * using the format: `${prevStateHash}:${resultingStateHash}`
+   *
+   * This allows offline verification of documents without reducer logic:
+   * - Verifier can check that the signature is valid for the claimed resulting state
+   * - Verifier can compare claimed resulting state to actual operation.hash
+   *
+   * @param action - The action to sign
+   * @param resultingStateHash - The predicted hash of document state AFTER this action runs
+   * @param abortSignal - Optional abort signal
+   * @returns A Signature tuple with the resulting hash encoded in element [3]
+   */
+  signActionWithResultingState(action: Action, resultingStateHash: string, abortSignal?: AbortSignal): Promise<Signature>;
+  /**
+   * Internal signing implementation shared by signAction and signActionWithResultingState.
+   */
+  private _signAction;
+  private hashAction;
+  private buildSignatureMessage;
+  private arrayBufferToHex;
+  private arrayBufferToBase64;
+}
+/**
+ * Creates a signature verification handler that verifies signatures using the Web Crypto API.
+ * The verification uses ECDSA with P-256 curve and SHA-256 hash, matching the RenownCrypto signing algorithm.
+ */
+declare function createSignatureVerifier(requireSignature?: boolean): SignatureVerificationHandler;
+/**
+ * Parses the hash field (element [3]) from a signature tuple.
+ *
+ * Supports two formats:
+ * - Old format: just `prevStateHash` (no colon)
+ * - New format: `prevStateHash:resultingStateHash` (colon-separated)
+ *
+ * @param hashField - The 4th element of a Signature tuple
+ * @returns Object with prevStateHash and optional resultingStateHash
+ */
+declare function parseSignatureHashField(hashField: string): {
+  prevStateHash: string;
+  resultingStateHash: string | undefined;
+};
+/**
+ * Extracts the resulting state hash from a signature, if present.
+ *
+ * @param signature - A Signature tuple
+ * @returns The resulting state hash, or undefined if not present
+ */
+declare function extractResultingHashFromSignature(signature: Signature): string | undefined;
+/**
+ * Checks if a signature includes a resulting state hash.
+ *
+ * @param signature - A Signature tuple
+ * @returns true if the signature includes a resulting state hash
+ */
+declare function signatureHasResultingHash(signature: Signature): boolean;
+//#endregion
+//#region src/crypto/browser-key-storage.d.ts
+declare class BrowserKeyStorage implements JsonWebKeyPairStorage {
+  #private;
+  constructor(db: IDBDatabase);
+  static create(dbName?: string): Promise<BrowserKeyStorage>;
+  saveKeyPair(keyPair: JwkKeyPair): Promise<void>;
+  loadKeyPair(): Promise<JwkKeyPair | undefined>;
+  removeKeyPair(): Promise<void>;
+}
+//#endregion
+//#region src/common.d.ts
+declare class RenownMemoryStorage extends MemoryStorage<RenownStorageMap> {}
+declare class Renown implements IRenown {
+  #private;
+  constructor(store: RenownStorage, eventEmitter: RenownEventEmitter, crypto: IRenownCrypto, appName: string, baseUrl?: string, profileFetcher?: ProfileFetcher);
+  get baseUrl(): string;
+  get user(): InternalUser | undefined;
+  get status(): LoginStatus;
+  get signer(): ISigner$1;
+  get crypto(): IRenownCrypto;
+  get did(): `did:${string}`;
+  get profileFetcher(): ProfileFetcher | undefined;
+  login(userDid: string): Promise<User$1>;
+  logout(): Promise<void>;
+  on<K extends keyof RenownEvents>(event: K, listener: (data: RenownEvents[K]) => void): () => void;
+  verifyBearerToken(token: string): Promise<false | AuthVerifiedCredential>;
+  getBearerToken(options: CreateBearerTokenOptions): Promise<string>;
+}
+//#endregion
+//#region src/renown-builder.d.ts
+interface RenownBuilderOptions {
+  appName: string;
+  storage?: RenownStorage;
+  eventEmitter?: RenownEventEmitter;
+  crypto?: IRenownCrypto;
+  keyPairStorage?: JsonWebKeyPairStorage;
+  baseUrl?: string;
+  profileFetcher?: ProfileFetcher;
+}
+/**
+ * Base builder for creating Renown instances.
+ * Use platform-specific builders (RenownBuilder from init.browser.js or init.node.js)
+ * for pre-configured defaults.
+ */
+declare class BaseRenownBuilder {
+  #private;
+  /**
+   * @param appName - Application name used for signing context
+   */
+  constructor(appName: string);
+  /**
+   * Set custom storage for user data persistence.
+   * Defaults to in-memory storage if not set.
+   */
+  withStorage(storage: RenownStorage): this;
+  /**
+   * Set custom event emitter for user state changes.
+   * Defaults to in-memory event emitter if not set.
+   */
+  withEventEmitter(eventEmitter: RenownEventEmitter): this;
+  /**
+   * Set a pre-built crypto instance.
+   * Either crypto or keyPairStorage must be provided.
+   */
+  withCrypto(crypto: IRenownCrypto): this;
+  /**
+   * Set key pair storage for cryptographic keys.
+   * A crypto instance will be built from this storage.
+   * Either crypto or keyPairStorage must be provided.
+   */
+  withKeyPairStorage(keyPairStorage: JsonWebKeyPairStorage): this;
+  /**
+   * Set the Renown server URL for credential verification.
+   * Defaults to https://www.renown.id
+   */
+  withBaseUrl(baseUrl: string): this;
+  /**
+   * Set a profile fetcher strategy for enriching user data after login.
+   * The fetcher receives the authenticated user and the base URL,
+   * and returns a RenownProfile. Called in the background after each login.
+   * Defaults to fetchRenownProfile which calls the Renown API.
+   */
+  withProfileFetcher(profileFetcher: ProfileFetcher): this;
+  /**
+   * Build and initialize the Renown instance.
+   * If a user is stored, attempts to re-authenticate them.
+   * @throws Error if neither crypto nor keyPairStorage is provided
+   */
+  build(): Promise<Renown>;
+  /**
+   * Create a BaseRenownBuilder from options object for a more concise API
+   */
+  static from(options: RenownBuilderOptions): BaseRenownBuilder;
+}
+//#endregion
+//#region src/profile.d.ts
+declare const fetchRenownProfile: ProfileFetcher;
+//#endregion
+//#region src/utils.d.ts
+type ILogger = {
+  level: "verbose" | "debug" | "info" | "warn" | "error";
+  verbose: (message: string, ...replacements: any[]) => void;
+  debug: (message: string, ...replacements: any[]) => void;
+  info: (message: string, ...replacements: any[]) => void;
+  warn: (message: string, ...replacements: any[]) => void;
+  error: (message: string, ...replacements: any[]) => void;
+};
+/**
+ * Parse a DID:pkh string to extract network, chain ID, and address information
+ * @param did - The DID string in format "did:pkh:networkId:chainId:address"
+ * @returns Parsed DID information
+ * @throws Error if the DID format is invalid
+ */
+declare function parsePkhDid(did: string): PKHDid;
+declare function verifyAuthBearerToken(jwt: string): Promise<false | AuthVerifiedCredential>;
+declare function assertIsAuthCredential(credential: VerifiedCredential): asserts credential is AuthVerifiedCredential;
+declare function createAuthBearerToken(chainId: number, networkId: string, address: string, issuer: Issuer, options?: CreateBearerTokenOptions): Promise<string>;
+declare const getResolver: () => Resolver;
+//#endregion
+export { CREDENTIAL_TYPES as $, ISigner$1 as A, RenownStorage as B, AuthVerifiedCredential as C, IPowerhouseIssuerType as D, IPowerhouseCredentialSubject as E, PowerhouseVerifiableCredential as F, IEventEmitter as G, Unsubscribe as H, ProfileFetcher as I, IRenownCrypto as J, DID as K, RenownEventEmitter as L, InternalUser as M, LoginStatus as N, IProof as O, PKHDid as P, CREDENTIAL_SUBJECT_TYPE as Q, RenownEvents as R, AuthVerifiableCredential as S, IAuthCredentialSubject as T, User$1 as U, RenownStorageMap as V, BaseStorage as W, JwkKeyPair as X, JsonWebKeyPairStorage as Y, CREDENTIAL_SCHEMA_EIP712_TYPE as Z, signatureHasResultingHash as _, parsePkhDid as a, VERIFIABLE_CREDENTIAL_EIP712_TYPE as at, ConnectCrypto as b, BaseRenownBuilder as c, RenownMemoryStorage as d, DEFAULT_RENOWN_CHAIN_ID as et, BrowserKeyStorage as f, parseSignatureHashField as g, extractResultingHashFromSignature as h, getResolver as i, ISSUER_TYPE as it, IVerifiableCredential as j, IRenown as k, RenownBuilderOptions as l, createSignatureVerifier as m, assertIsAuthCredential as n, DEFAULT_RENOWN_URL as nt, verifyAuthBearerToken as o, RenownCryptoSigner as p, IConnectCrypto as q, createAuthBearerToken as r, DOMAIN_TYPE as rt, fetchRenownProfile as s, ILogger as t, DEFAULT_RENOWN_NETWORK_ID as tt, Renown as u, MemoryKeyStorage as v, CreateBearerTokenOptions as w, RenownCrypto as x, RenownCryptoBuilder as y, RenownProfile as z };
+//# sourceMappingURL=utils-Dx7V4t4D.d.ts.map