@renown/sdk 6.0.2-staging.2 → 6.0.2-staging.3

package/dist/node.js

@@ -0,0 +1,305 @@
+import { C as DEFAULT_RENOWN_CHAIN_ID, D as ISSUER_TYPE, E as DOMAIN_TYPE, O as VERIFIABLE_CREDENTIAL_EIP712_TYPE, S as CREDENTIAL_TYPES, T as DEFAULT_RENOWN_URL, _ as getResolver, a as BaseStorage, b as CREDENTIAL_SCHEMA_EIP712_TYPE, c as extractResultingHashFromSignature, d as MemoryKeyStorage, f as RenownCryptoBuilder, g as createAuthBearerToken, h as assertIsAuthCredential, i as RenownMemoryStorage, l as parseSignatureHashField, m as RenownCrypto, n as fetchRenownProfile, o as RenownCryptoSigner, p as ConnectCrypto, r as Renown, s as createSignatureVerifier, t as BaseRenownBuilder, u as signatureHasResultingHash, v as parsePkhDid, w as DEFAULT_RENOWN_NETWORK_ID, x as CREDENTIAL_SUBJECT_TYPE, y as verifyAuthBearerToken } from "./renown-builder-xQpZet3I.js";
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { EventEmitter } from "node:events";
+//#region src/crypto/node-key-storage.ts
+const RENOWN_PRIVATE_KEY_ENV = "PH_RENOWN_PRIVATE_KEY";
+const DEFAULT_KEYPAIR_PATH = ".ph/.keypair.json";
+/**
+* Key storage that supports:
+* 1. PH_RENOWN_PRIVATE_KEY environment variable (JSON-encoded JwkKeyPair)
+* 2. Custom file path passed via options
+* 3. Falls back to file storage at .ph/.keypair.json in current working directory
+*/
+var NodeKeyStorage = class {
+	#filePath;
+	#envKeyName;
+	#logger;
+	static DEFAULT_KEYPAIR_PATH = DEFAULT_KEYPAIR_PATH;
+	static RENOWN_PRIVATE_KEY_ENV = RENOWN_PRIVATE_KEY_ENV;
+	constructor(filePath, options = {}) {
+		this.#filePath = filePath || join(process.cwd(), ".ph/.keypair.json");
+		this.#envKeyName = options.envKeyName || "PH_RENOWN_PRIVATE_KEY";
+		this.#logger = options.logger;
+		const dir = dirname(this.#filePath);
+		if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+	}
+	loadKeyPair() {
+		const envKey = process.env[this.#envKeyName];
+		if (envKey) try {
+			const keyPairJson = JSON.parse(envKey);
+			const keyPair = this.#parseKeyPair(keyPairJson);
+			this.#logger?.debug("Loaded keypair from environment variable");
+			return Promise.resolve(keyPair);
+		} catch (e) {
+			throw new Error(`Failed to parse ${this.#envKeyName}: ${e instanceof Error ? e.message : String(e)}`, { cause: e });
+		}
+		return Promise.resolve(this.#loadFromFile());
+	}
+	async saveKeyPair(keyPair) {
+		if (process.env[this.#envKeyName]) return;
+		this.#saveToFile(keyPair);
+		return Promise.resolve();
+	}
+	removeKeyPair() {
+		if (process.env[this.#envKeyName]) delete process.env[this.#envKeyName];
+		if (existsSync(this.#filePath)) unlinkSync(this.#filePath);
+		return Promise.resolve();
+	}
+	#loadFromFile() {
+		try {
+			if (!existsSync(this.#filePath)) return;
+			const data = readFileSync(this.#filePath, "utf-8");
+			const parsed = JSON.parse(data);
+			const keyPair = this.#parseKeyPair(parsed);
+			this.#logger?.debug(`Loaded keypair from ${this.#filePath}`);
+			return keyPair;
+		} catch (e) {
+			throw new Error(`Failed to parse ${this.#filePath}: ${e instanceof Error ? e.message : String(e)}`, { cause: e });
+		}
+	}
+	#saveToFile(keyPair) {
+		const data = { keyPair };
+		writeFileSync(this.#filePath, JSON.stringify(data, null, 2), "utf-8");
+		this.#logger?.debug(`Saved keypair to ${this.#filePath}`);
+	}
+	#parseKeyPair(json) {
+		if (typeof json !== "object") throw new Error("Invalid keyPair format:" + JSON.stringify(json));
+		const object = json;
+		let keyPair;
+		if ("keyPair" in object) keyPair = object.keyPair;
+		else keyPair = object;
+		if ("publicKey" in keyPair && "privateKey" in keyPair) return keyPair;
+		else throw new Error("Invalid keyPair format:" + JSON.stringify(json));
+	}
+};
+//#endregion
+//#region src/event/event.node.ts
+var NodeEventEmitter = class {
+	#emitter = new EventEmitter();
+	constructor() {
+		this.#emitter.setMaxListeners(0);
+	}
+	on(event, listener) {
+		this.#emitter.on(event, listener);
+		return () => {
+			this.#emitter.removeListener(event.toString(), listener);
+		};
+	}
+	emit(event, data) {
+		this.#emitter.emit(event.toString(), data);
+	}
+};
+//#endregion
+//#region src/storage/storage.node.ts
+var NodeStorage = class extends BaseStorage {
+	filePath;
+	constructor(filePath) {
+		super();
+		this.filePath = filePath;
+		mkdirSync(dirname(this.filePath), { recursive: true });
+		if (!existsSync(this.filePath)) writeFileSync(this.filePath, JSON.stringify({}));
+	}
+	readData() {
+		const data = readFileSync(this.filePath, "utf-8");
+		return JSON.parse(data);
+	}
+	writeData(data) {
+		writeFileSync(this.filePath, JSON.stringify(data, null, 2));
+	}
+	get(key) {
+		return this.readData()[key];
+	}
+	set(key, value) {
+		const data = this.readData();
+		if (value === void 0) delete data[key];
+		else data[key] = value;
+		this.writeData(data);
+	}
+	delete(key) {
+		const data = this.readData();
+		delete data[key];
+		this.writeData(data);
+	}
+};
+//#endregion
+//#region src/init.node.ts
+var NodeRenownEventEmitter = class extends NodeEventEmitter {};
+var NodeRenownStorage = class extends NodeStorage {};
+const DEFAULT_RENOWN_STORAGE_PATH = "./.ph/.renown.json";
+/**
+* Node.js-specific Renown builder with pre-configured defaults.
+* Uses file-based storage for both user data and key storage.
+*/
+var RenownBuilder = class extends BaseRenownBuilder {
+	/**
+	* @param appName - Application name used for signing context
+	* @param options - Node.js-specific configuration options
+	*/
+	constructor(appName, options = {}) {
+		super(appName);
+		const { storagePath = DEFAULT_RENOWN_STORAGE_PATH, keyPath, baseUrl } = options;
+		this.withKeyPairStorage(new NodeKeyStorage(keyPath));
+		this.withStorage(new NodeRenownStorage(storagePath));
+		this.withEventEmitter(new NodeRenownEventEmitter());
+		if (baseUrl) this.withBaseUrl(baseUrl);
+	}
+};
+//#endregion
+//#region src/login.node.ts
+const DEFAULT_TIMEOUT_MS = 300 * 1e3;
+const POLL_INTERVAL_MS = 2e3;
+const SECONDS_IN_DAY = 1440 * 60;
+function abortReason(signal) {
+	if (signal.reason instanceof Error) return signal.reason;
+	if (signal.reason) return new Error(String(signal.reason));
+	return new DOMException("Aborted", "AbortError");
+}
+function sleep(ms, signal) {
+	return new Promise((resolve, reject) => {
+		if (signal?.aborted) {
+			reject(abortReason(signal));
+			return;
+		}
+		const onAbort = () => {
+			clearTimeout(timer);
+			reject(abortReason(signal));
+		};
+		const timer = setTimeout(() => {
+			signal?.removeEventListener("abort", onAbort);
+			resolve();
+		}, ms);
+		signal?.addEventListener("abort", onAbort, { once: true });
+	});
+}
+/**
+* Open a URL in the default browser (cross-platform).
+*/
+async function openBrowser(url) {
+	const { execFile } = await import("node:child_process");
+	const { promisify } = await import("node:util");
+	const execFileAsync = promisify(execFile);
+	const platform = process.platform;
+	if (platform === "darwin") await execFileAsync("open", [url]);
+	else if (platform === "win32") await execFileAsync("cmd", [
+		"/c",
+		"start",
+		"",
+		url
+	]);
+	else await execFileAsync("xdg-open", [url]);
+}
+async function pollSession(renownUrl, sessionId, timeoutMs, onPollTick, signal) {
+	const startTime = Date.now();
+	const sessionUrl = new URL(`/api/console/session/${sessionId}`, renownUrl).toString();
+	while (Date.now() - startTime < timeoutMs) {
+		signal?.throwIfAborted();
+		try {
+			const response = await fetch(sessionUrl, { signal });
+			if (response.ok) {
+				const data = await response.json();
+				if (data.status === "ready") return data;
+			}
+		} catch (error) {
+			if (error instanceof DOMException && error.name === "AbortError") throw error;
+		}
+		onPollTick?.();
+		await sleep(POLL_INTERVAL_MS, signal);
+	}
+	return null;
+}
+/**
+* Perform a browser-based login flow with Renown.
+* Opens the user's browser to authenticate, then polls for completion.
+* Throws if already authenticated or if the flow times out.
+* If the browser fails to open, the flow continues polling — callers
+* can use onBrowserOpenFailed to show the URL as a fallback.
+*/
+async function browserLogin(renown, options) {
+	if (renown.user?.credential) throw new Error(`Already authenticated as ${renown.user.address}. Logout first.`);
+	const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+	const sessionId = crypto.randomUUID();
+	const loginUrl = new URL("/console", options.renownUrl);
+	loginUrl.searchParams.set("session", sessionId);
+	loginUrl.searchParams.set("connect", renown.did);
+	loginUrl.searchParams.set("app", renown.did);
+	const url = loginUrl.toString();
+	options.onLoginUrl?.(url, sessionId);
+	try {
+		await openBrowser(url);
+	} catch {
+		options.onBrowserOpenFailed?.(url);
+	}
+	const result = await pollSession(options.renownUrl, sessionId, timeoutMs, options.onPollTick, options.signal);
+	if (!result) throw new Error("Authentication timed out.");
+	return {
+		user: await renown.login(result.did),
+		cliDid: renown.did
+	};
+}
+/**
+* Get the current authentication status from a Renown instance.
+*/
+function getAuthStatus(renown) {
+	const user = renown.user;
+	const credential = user?.credential;
+	return {
+		authenticated: !!credential,
+		address: user?.address,
+		userDid: user?.did,
+		chainId: user?.chainId,
+		cliDid: renown.did,
+		authenticatedAt: credential ? new Date(credential.issuanceDate) : void 0,
+		baseUrl: renown.baseUrl
+	};
+}
+/**
+* Generate a bearer token for API authentication.
+* Requires the user to be authenticated (via browserLogin or equivalent).
+* Throws if not authenticated.
+*/
+async function generateAccessToken(renown, options) {
+	const user = renown.user;
+	if (!user?.credential) throw new Error("Not authenticated. Login first to generate access tokens.");
+	return {
+		token: await renown.getBearerToken(options ?? {}),
+		did: renown.did,
+		address: user.address,
+		expiresIn: options?.expiresIn ?? 0
+	};
+}
+/**
+* Parse a human-readable expiry string to seconds.
+* Supports formats: "7d" (days), "24h" (hours), "3600" (seconds), "3600s" (seconds).
+* Only accepts positive integers — decimals like "1.5h" are rejected.
+*/
+function parseExpiry(expiry) {
+	const match = expiry.trim().toLowerCase().match(/^(\d+)(d|h|s)?$/);
+	if (!match) throw new Error(`Invalid expiry format: ${expiry}. Expected a positive integer with optional suffix: "7d", "24h", "3600s", or "3600".`);
+	const value = Number(match[1]);
+	const unit = match[2];
+	if (value <= 0) throw new Error(`Invalid expiry format: ${expiry}. Value must be a positive integer.`);
+	switch (unit) {
+		case "d": return value * SECONDS_IN_DAY;
+		case "h": return value * 60 * 60;
+		default: return value;
+	}
+}
+/**
+* Format an expiry duration in seconds to a human-readable string.
+*/
+function formatExpiry(expiresIn) {
+	const days = Math.floor(expiresIn / SECONDS_IN_DAY);
+	const hours = Math.floor(expiresIn % SECONDS_IN_DAY / 3600);
+	if (days > 0) {
+		const dayStr = `${days} day${days !== 1 ? "s" : ""}`;
+		if (hours > 0) return `${dayStr} and ${hours} hour${hours !== 1 ? "s" : ""}`;
+		return dayStr;
+	}
+	if (hours > 0) return `${hours} hour${hours !== 1 ? "s" : ""}`;
+	return `${expiresIn} second${expiresIn !== 1 ? "s" : ""}`;
+}
+//#endregion
+export { BaseRenownBuilder, CREDENTIAL_SCHEMA_EIP712_TYPE, CREDENTIAL_SUBJECT_TYPE, CREDENTIAL_TYPES, ConnectCrypto, DEFAULT_KEYPAIR_PATH, DEFAULT_RENOWN_CHAIN_ID, DEFAULT_RENOWN_NETWORK_ID, DEFAULT_RENOWN_STORAGE_PATH, DEFAULT_RENOWN_URL, DOMAIN_TYPE, ISSUER_TYPE, MemoryKeyStorage, NodeEventEmitter, NodeKeyStorage, NodeRenownEventEmitter, NodeRenownStorage, NodeStorage, RENOWN_PRIVATE_KEY_ENV, Renown, RenownBuilder, RenownCrypto, RenownCryptoBuilder, RenownCryptoSigner, RenownMemoryStorage, VERIFIABLE_CREDENTIAL_EIP712_TYPE, assertIsAuthCredential, browserLogin, createAuthBearerToken, createSignatureVerifier, extractResultingHashFromSignature, fetchRenownProfile, formatExpiry, generateAccessToken, getAuthStatus, getResolver, openBrowser, parseExpiry, parsePkhDid, parseSignatureHashField, signatureHasResultingHash, verifyAuthBearerToken };
+
+//# sourceMappingURL=node.js.map

package/dist/node.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.js","names":["#filePath","#envKeyName","#logger","#parseKeyPair","#loadFromFile","#saveToFile","#emitter"],"sources":["../src/crypto/node-key-storage.ts","../src/event/event.node.ts","../src/storage/storage.node.ts","../src/init.node.ts","../src/login.node.ts"],"sourcesContent":["import {\n  existsSync,\n  mkdirSync,\n  readFileSync,\n  unlinkSync,\n  writeFileSync,\n} from \"node:fs\";\nimport { dirname, join } from \"node:path\";\nimport type { ILogger } from \"../utils.js\";\nimport type { JsonWebKeyPairStorage, JwkKeyPair } from \"./types.js\";\n\nexport const RENOWN_PRIVATE_KEY_ENV = \"PH_RENOWN_PRIVATE_KEY\";\nexport const DEFAULT_KEYPAIR_PATH = \".ph/.keypair.json\";\n\n/**\n * Key storage that supports:\n * 1. PH_RENOWN_PRIVATE_KEY environment variable (JSON-encoded JwkKeyPair)\n * 2. Custom file path passed via options\n * 3. Falls back to file storage at .ph/.keypair.json in current working directory\n */\nexport class NodeKeyStorage implements JsonWebKeyPairStorage {\n  #filePath: string;\n  #envKeyName: string;\n  #logger?: ILogger;\n\n  static readonly DEFAULT_KEYPAIR_PATH = DEFAULT_KEYPAIR_PATH;\n  static readonly RENOWN_PRIVATE_KEY_ENV = RENOWN_PRIVATE_KEY_ENV;\n\n  constructor(\n    filePath?: string,\n    options: { envKeyName?: string; logger?: ILogger } = {},\n  ) {\n    this.#filePath = filePath || join(process.cwd(), DEFAULT_KEYPAIR_PATH);\n    this.#envKeyName = options.envKeyName || RENOWN_PRIVATE_KEY_ENV;\n    this.#logger = options.logger;\n\n    // Ensure directory exists\n    const dir = dirname(this.#filePath);\n    if (!existsSync(dir)) {\n      mkdirSync(dir, { recursive: true });\n    }\n  }\n\n  loadKeyPair(): Promise<JwkKeyPair | undefined> {\n    // First check environment variable\n    const envKey = process.env[this.#envKeyName];\n    if (envKey) {\n      try {\n        const keyPairJson = JSON.parse(envKey) as unknown;\n        const keyPair: JwkKeyPair = this.#parseKeyPair(keyPairJson);\n\n        // Validate it has the required structure\n        this.#logger?.debug(\"Loaded keypair from environment variable\");\n        return Promise.resolve(keyPair);\n      } catch (e) {\n        throw new Error(\n          `Failed to parse ${this.#envKeyName}: ${e instanceof Error ? e.message : String(e)}`,\n          {\n            cause: e,\n          },\n        );\n      }\n    }\n\n    // Fall back to file storage\n    return Promise.resolve(this.#loadFromFile());\n  }\n\n  async saveKeyPair(keyPair: JwkKeyPair): Promise<void> {\n    // Don't save if using env var\n    if (process.env[this.#envKeyName]) {\n      return;\n    }\n\n    // Save to file\n    this.#saveToFile(keyPair);\n    return Promise.resolve();\n  }\n\n  removeKeyPair(): Promise<void> {\n    if (process.env[this.#envKeyName]) {\n      delete process.env[this.#envKeyName];\n    }\n    if (existsSync(this.#filePath)) {\n      unlinkSync(this.#filePath);\n    }\n    return Promise.resolve();\n  }\n\n  #loadFromFile(): JwkKeyPair | undefined {\n    try {\n      if (!existsSync(this.#filePath)) {\n        return undefined;\n      }\n      const data = readFileSync(this.#filePath, \"utf-8\");\n      const parsed = JSON.parse(data) as unknown;\n      const keyPair: JwkKeyPair = this.#parseKeyPair(parsed);\n      this.#logger?.debug(`Loaded keypair from ${this.#filePath}`);\n      return keyPair;\n    } catch (e) {\n      throw new Error(\n        `Failed to parse ${this.#filePath}: ${e instanceof Error ? e.message : String(e)}`,\n        {\n          cause: e,\n        },\n      );\n    }\n  }\n\n  #saveToFile(keyPair: JwkKeyPair): void {\n    const data = { keyPair };\n    writeFileSync(this.#filePath, JSON.stringify(data, null, 2), \"utf-8\");\n    this.#logger?.debug(`Saved keypair to ${this.#filePath}`);\n  }\n\n  #parseKeyPair(json: unknown): JwkKeyPair {\n    if (typeof json !== \"object\") {\n      throw new Error(\"Invalid keyPair format:\" + JSON.stringify(json));\n    }\n\n    const object = json as JwkKeyPair | { keyPair: JwkKeyPair };\n    let keyPair: JwkKeyPair;\n    if (\"keyPair\" in object) {\n      keyPair = object.keyPair;\n    } else {\n      keyPair = object;\n    }\n\n    if (\"publicKey\" in keyPair && \"privateKey\" in keyPair) {\n      return keyPair;\n    } else {\n      throw new Error(\"Invalid keyPair format:\" + JSON.stringify(json));\n    }\n  }\n}\n","import { EventEmitter } from \"node:events\";\nimport type { IEventEmitter } from \"./types.js\";\n\nexport class NodeEventEmitter<\n  Events extends Record<string, unknown>,\n> implements IEventEmitter<Events> {\n  #emitter = new EventEmitter();\n\n  constructor() {\n    this.#emitter.setMaxListeners(0);\n  }\n\n  on<K extends keyof Events>(\n    event: K,\n    listener: (data: Events[K]) => void,\n  ): () => void {\n    this.#emitter.on(event as string, listener);\n    return () => {\n      this.#emitter.removeListener(event.toString(), listener);\n    };\n  }\n\n  emit<K extends keyof Events>(event: K, data: Events[K]): void {\n    this.#emitter.emit(event.toString(), data);\n  }\n}\n","import { existsSync, mkdirSync, readFileSync, writeFileSync } from \"node:fs\";\nimport { dirname } from \"node:path\";\nimport { BaseStorage } from \"./common.js\";\n\nexport class NodeStorage<\n  T extends Record<string, unknown> = Record<string, unknown>,\n> extends BaseStorage<T> {\n  private readonly filePath: string;\n\n  constructor(filePath: string) {\n    super();\n    this.filePath = filePath;\n\n    const parentFolder = dirname(this.filePath);\n    mkdirSync(parentFolder, { recursive: true });\n\n    if (!existsSync(this.filePath)) {\n      writeFileSync(this.filePath, JSON.stringify({}));\n    }\n  }\n\n  private readData(): T {\n    const data = readFileSync(this.filePath, \"utf-8\");\n    return JSON.parse(data) as T;\n  }\n\n  private writeData(data: T): void {\n    writeFileSync(this.filePath, JSON.stringify(data, null, 2));\n  }\n\n  get<Key extends keyof T>(key: Key): T[Key] | undefined {\n    const data = this.readData();\n    return data[key];\n  }\n\n  set<Key extends keyof T>(key: Key, value?: T[Key]): void {\n    const data = this.readData();\n    if (value === undefined) {\n      delete data[key];\n    } else {\n      data[key] = value;\n    }\n    this.writeData(data);\n  }\n\n  delete(key: keyof T): void {\n    const data = this.readData();\n    delete data[key];\n    this.writeData(data);\n  }\n}\n","import { NodeKeyStorage } from \"./crypto/node-key-storage.js\";\nimport { NodeEventEmitter } from \"./event/event.node.js\";\nimport { BaseRenownBuilder } from \"./renown-builder.js\";\nimport { NodeStorage } from \"./storage/storage.node.js\";\nimport type { RenownEvents, RenownStorageMap } from \"./types.js\";\n\nexport class NodeRenownEventEmitter extends NodeEventEmitter<RenownEvents> {}\nexport class NodeRenownStorage extends NodeStorage<RenownStorageMap> {}\n\nexport const DEFAULT_RENOWN_STORAGE_PATH = \"./.ph/.renown.json\";\n\nexport interface NodeRenownBuilderOptions {\n  /** File path for user storage. Defaults to \".ph/.renown.json\" in cwd */\n  storagePath?: string;\n  /** File path for keypair storage. Defaults to \".ph/.keypair.json\" in cwd */\n  keyPath?: string;\n  /** Renown server URL. Defaults to https://www.renown.id */\n  baseUrl?: string;\n}\n\n/**\n * Node.js-specific Renown builder with pre-configured defaults.\n * Uses file-based storage for both user data and key storage.\n */\nexport class RenownBuilder extends BaseRenownBuilder {\n  /**\n   * @param appName - Application name used for signing context\n   * @param options - Node.js-specific configuration options\n   */\n  constructor(appName: string, options: NodeRenownBuilderOptions = {}) {\n    super(appName);\n\n    const {\n      storagePath = DEFAULT_RENOWN_STORAGE_PATH,\n      keyPath,\n      baseUrl,\n    } = options;\n\n    this.withKeyPairStorage(new NodeKeyStorage(keyPath));\n    this.withStorage(new NodeRenownStorage(storagePath));\n    this.withEventEmitter(new NodeRenownEventEmitter());\n    if (baseUrl) {\n      this.withBaseUrl(baseUrl);\n    }\n  }\n}\n","import type { CreateBearerTokenOptions, IRenown, User } from \"./types.js\";\n\nconst DEFAULT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\nconst POLL_INTERVAL_MS = 2000; // 2 seconds\nconst SECONDS_IN_DAY = 24 * 60 * 60;\n\nexport interface BrowserLoginOptions {\n  /** Renown server URL */\n  renownUrl: string;\n  /** Timeout in milliseconds. Defaults to 5 minutes. */\n  timeoutMs?: number;\n  /** Called with the login URL and session ID before the browser is opened */\n  onLoginUrl?: (url: string, sessionId: string) => void;\n  /** Called on each poll tick while waiting for authentication */\n  onPollTick?: () => void;\n  /** Called when the browser failed to open automatically */\n  onBrowserOpenFailed?: (url: string) => void;\n  /** AbortSignal to cancel the login flow */\n  signal?: AbortSignal;\n}\n\nexport interface BrowserLoginResult {\n  user: User;\n  cliDid: string;\n}\n\nexport interface AuthStatusResult {\n  authenticated: boolean;\n  address?: string;\n  userDid?: string;\n  chainId?: number;\n  cliDid: string;\n  authenticatedAt?: Date;\n  baseUrl: string;\n}\n\ninterface PendingSessionResponse {\n  sessionId: string;\n  status: \"pending\";\n}\n\ninterface ReadySessionResponse {\n  sessionId: string;\n  status: \"ready\";\n  address: string;\n  chainId: number;\n  did: string;\n  credentialId: string;\n  userDocumentId: string;\n}\n\ntype SessionResponse = PendingSessionResponse | ReadySessionResponse;\n\nfunction abortReason(signal: AbortSignal): Error {\n  if (signal.reason instanceof Error) return signal.reason;\n  if (signal.reason) return new Error(String(signal.reason));\n  return new DOMException(\"Aborted\", \"AbortError\");\n}\n\nfunction sleep(ms: number, signal?: AbortSignal): Promise<void> {\n  return new Promise((resolve, reject) => {\n    if (signal?.aborted) {\n      reject(abortReason(signal));\n      return;\n    }\n    const onAbort = () => {\n      clearTimeout(timer);\n      reject(abortReason(signal!));\n    };\n    const timer = setTimeout(() => {\n      signal?.removeEventListener(\"abort\", onAbort);\n      resolve();\n    }, ms);\n    signal?.addEventListener(\"abort\", onAbort, { once: true });\n  });\n}\n\n/**\n * Open a URL in the default browser (cross-platform).\n */\nexport async function openBrowser(url: string): Promise<void> {\n  const { execFile } = await import(\"node:child_process\");\n  const { promisify } = await import(\"node:util\");\n  const execFileAsync = promisify(execFile);\n  const platform = process.platform;\n\n  if (platform === \"darwin\") {\n    await execFileAsync(\"open\", [url]);\n  } else if (platform === \"win32\") {\n    await execFileAsync(\"cmd\", [\"/c\", \"start\", \"\", url]);\n  } else {\n    await execFileAsync(\"xdg-open\", [url]);\n  }\n}\n\nasync function pollSession(\n  renownUrl: string,\n  sessionId: string,\n  timeoutMs: number,\n  onPollTick?: () => void,\n  signal?: AbortSignal,\n): Promise<ReadySessionResponse | null> {\n  const startTime = Date.now();\n  const sessionUrl = new URL(\n    `/api/console/session/${sessionId}`,\n    renownUrl,\n  ).toString();\n\n  while (Date.now() - startTime < timeoutMs) {\n    signal?.throwIfAborted();\n    try {\n      const response = await fetch(sessionUrl, { signal });\n      if (response.ok) {\n        const data = (await response.json()) as SessionResponse;\n        if (data.status === \"ready\") {\n          return data;\n        }\n      }\n    } catch (error) {\n      if (error instanceof DOMException && error.name === \"AbortError\")\n        throw error;\n      // Network error, will retry\n    }\n    onPollTick?.();\n    await sleep(POLL_INTERVAL_MS, signal);\n  }\n\n  return null;\n}\n\n/**\n * Perform a browser-based login flow with Renown.\n * Opens the user's browser to authenticate, then polls for completion.\n * Throws if already authenticated or if the flow times out.\n * If the browser fails to open, the flow continues polling — callers\n * can use onBrowserOpenFailed to show the URL as a fallback.\n */\nexport async function browserLogin(\n  renown: IRenown,\n  options: BrowserLoginOptions,\n): Promise<BrowserLoginResult> {\n  if (renown.user?.credential) {\n    throw new Error(\n      `Already authenticated as ${renown.user.address}. Logout first.`,\n    );\n  }\n\n  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n  const sessionId = crypto.randomUUID();\n\n  const loginUrl = new URL(\"/console\", options.renownUrl);\n  loginUrl.searchParams.set(\"session\", sessionId);\n  loginUrl.searchParams.set(\"connect\", renown.did);\n  loginUrl.searchParams.set(\"app\", renown.did);\n\n  const url = loginUrl.toString();\n  options.onLoginUrl?.(url, sessionId);\n\n  try {\n    await openBrowser(url);\n  } catch {\n    options.onBrowserOpenFailed?.(url);\n  }\n\n  const result = await pollSession(\n    options.renownUrl,\n    sessionId,\n    timeoutMs,\n    options.onPollTick,\n    options.signal,\n  );\n\n  if (!result) {\n    throw new Error(\"Authentication timed out.\");\n  }\n\n  const user = await renown.login(result.did);\n  return { user, cliDid: renown.did };\n}\n\n/**\n * Get the current authentication status from a Renown instance.\n */\nexport function getAuthStatus(renown: IRenown): AuthStatusResult {\n  const user = renown.user;\n  const credential = user?.credential;\n\n  return {\n    authenticated: !!credential,\n    address: user?.address,\n    userDid: user?.did,\n    chainId: user?.chainId,\n    cliDid: renown.did,\n    authenticatedAt: credential ? new Date(credential.issuanceDate) : undefined,\n    baseUrl: renown.baseUrl,\n  };\n}\n\nexport interface AccessTokenResult {\n  token: string;\n  did: string;\n  address: string;\n  expiresIn: number;\n}\n\n/**\n * Generate a bearer token for API authentication.\n * Requires the user to be authenticated (via browserLogin or equivalent).\n * Throws if not authenticated.\n */\nexport async function generateAccessToken(\n  renown: IRenown,\n  options?: CreateBearerTokenOptions,\n): Promise<AccessTokenResult> {\n  const user = renown.user;\n  if (!user?.credential) {\n    throw new Error(\n      \"Not authenticated. Login first to generate access tokens.\",\n    );\n  }\n\n  const token = await renown.getBearerToken(options ?? {});\n\n  return {\n    token,\n    did: renown.did,\n    address: user.address,\n    expiresIn: options?.expiresIn ?? 0,\n  };\n}\n\n/**\n * Parse a human-readable expiry string to seconds.\n * Supports formats: \"7d\" (days), \"24h\" (hours), \"3600\" (seconds), \"3600s\" (seconds).\n * Only accepts positive integers — decimals like \"1.5h\" are rejected.\n */\nexport function parseExpiry(expiry: string): number {\n  const trimmed = expiry.trim().toLowerCase();\n  const match = trimmed.match(/^(\\d+)(d|h|s)?$/);\n\n  if (!match) {\n    throw new Error(\n      `Invalid expiry format: ${expiry}. Expected a positive integer with optional suffix: \"7d\", \"24h\", \"3600s\", or \"3600\".`,\n    );\n  }\n\n  const value = Number(match[1]);\n  const unit = match[2];\n\n  if (value <= 0) {\n    throw new Error(\n      `Invalid expiry format: ${expiry}. Value must be a positive integer.`,\n    );\n  }\n\n  switch (unit) {\n    case \"d\":\n      return value * SECONDS_IN_DAY;\n    case \"h\":\n      return value * 60 * 60;\n    default:\n      return value;\n  }\n}\n\n/**\n * Format an expiry duration in seconds to a human-readable string.\n */\nexport function formatExpiry(expiresIn: number): string {\n  const days = Math.floor(expiresIn / SECONDS_IN_DAY);\n  const hours = Math.floor((expiresIn % SECONDS_IN_DAY) / 3600);\n\n  if (days > 0) {\n    const dayStr = `${days} day${days !== 1 ? \"s\" : \"\"}`;\n    if (hours > 0) {\n      return `${dayStr} and ${hours} hour${hours !== 1 ? \"s\" : \"\"}`;\n    }\n    return dayStr;\n  }\n\n  if (hours > 0) {\n    return `${hours} hour${hours !== 1 ? \"s\" : \"\"}`;\n  }\n\n  return `${expiresIn} second${expiresIn !== 1 ? \"s\" : \"\"}`;\n}\n"],"mappings":";;;;;AAWA,MAAa,yBAAyB;AACtC,MAAa,uBAAuB;;;;;;;AAQpC,IAAa,iBAAb,MAA6D;CAC3D;CACA;CACA;CAEA,OAAgB,uBAAuB;CACvC,OAAgB,yBAAyB;CAEzC,YACE,UACA,UAAqD,EAAE,EACvD;AACA,QAAA,WAAiB,YAAY,KAAK,QAAQ,KAAK,EAAA,oBAAuB;AACtE,QAAA,aAAmB,QAAQ,cAAA;AAC3B,QAAA,SAAe,QAAQ;EAGvB,MAAM,MAAM,QAAQ,MAAA,SAAe;AACnC,MAAI,CAAC,WAAW,IAAI,CAClB,WAAU,KAAK,EAAE,WAAW,MAAM,CAAC;;CAIvC,cAA+C;EAE7C,MAAM,SAAS,QAAQ,IAAI,MAAA;AAC3B,MAAI,OACF,KAAI;GACF,MAAM,cAAc,KAAK,MAAM,OAAO;GACtC,MAAM,UAAsB,MAAA,aAAmB,YAAY;AAG3D,SAAA,QAAc,MAAM,2CAA2C;AAC/D,UAAO,QAAQ,QAAQ,QAAQ;WACxB,GAAG;AACV,SAAM,IAAI,MACR,mBAAmB,MAAA,WAAiB,IAAI,aAAa,QAAQ,EAAE,UAAU,OAAO,EAAE,IAClF,EACE,OAAO,GACR,CACF;;AAKL,SAAO,QAAQ,QAAQ,MAAA,cAAoB,CAAC;;CAG9C,MAAM,YAAY,SAAoC;AAEpD,MAAI,QAAQ,IAAI,MAAA,YACd;AAIF,QAAA,WAAiB,QAAQ;AACzB,SAAO,QAAQ,SAAS;;CAG1B,gBAA+B;AAC7B,MAAI,QAAQ,IAAI,MAAA,YACd,QAAO,QAAQ,IAAI,MAAA;AAErB,MAAI,WAAW,MAAA,SAAe,CAC5B,YAAW,MAAA,SAAe;AAE5B,SAAO,QAAQ,SAAS;;CAG1B,gBAAwC;AACtC,MAAI;AACF,OAAI,CAAC,WAAW,MAAA,SAAe,CAC7B;GAEF,MAAM,OAAO,aAAa,MAAA,UAAgB,QAAQ;GAClD,MAAM,SAAS,KAAK,MAAM,KAAK;GAC/B,MAAM,UAAsB,MAAA,aAAmB,OAAO;AACtD,SAAA,QAAc,MAAM,uBAAuB,MAAA,WAAiB;AAC5D,UAAO;WACA,GAAG;AACV,SAAM,IAAI,MACR,mBAAmB,MAAA,SAAe,IAAI,aAAa,QAAQ,EAAE,UAAU,OAAO,EAAE,IAChF,EACE,OAAO,GACR,CACF;;;CAIL,YAAY,SAA2B;EACrC,MAAM,OAAO,EAAE,SAAS;AACxB,gBAAc,MAAA,UAAgB,KAAK,UAAU,MAAM,MAAM,EAAE,EAAE,QAAQ;AACrE,QAAA,QAAc,MAAM,oBAAoB,MAAA,WAAiB;;CAG3D,cAAc,MAA2B;AACvC,MAAI,OAAO,SAAS,SAClB,OAAM,IAAI,MAAM,4BAA4B,KAAK,UAAU,KAAK,CAAC;EAGnE,MAAM,SAAS;EACf,IAAI;AACJ,MAAI,aAAa,OACf,WAAU,OAAO;MAEjB,WAAU;AAGZ,MAAI,eAAe,WAAW,gBAAgB,QAC5C,QAAO;MAEP,OAAM,IAAI,MAAM,4BAA4B,KAAK,UAAU,KAAK,CAAC;;;;;AChIvE,IAAa,mBAAb,MAEmC;CACjC,WAAW,IAAI,cAAc;CAE7B,cAAc;AACZ,QAAA,QAAc,gBAAgB,EAAE;;CAGlC,GACE,OACA,UACY;AACZ,QAAA,QAAc,GAAG,OAAiB,SAAS;AAC3C,eAAa;AACX,SAAA,QAAc,eAAe,MAAM,UAAU,EAAE,SAAS;;;CAI5D,KAA6B,OAAU,MAAuB;AAC5D,QAAA,QAAc,KAAK,MAAM,UAAU,EAAE,KAAK;;;;;ACnB9C,IAAa,cAAb,cAEU,YAAe;CACvB;CAEA,YAAY,UAAkB;AAC5B,SAAO;AACP,OAAK,WAAW;AAGhB,YADqB,QAAQ,KAAK,SAAS,EACnB,EAAE,WAAW,MAAM,CAAC;AAE5C,MAAI,CAAC,WAAW,KAAK,SAAS,CAC5B,eAAc,KAAK,UAAU,KAAK,UAAU,EAAE,CAAC,CAAC;;CAIpD,WAAsB;EACpB,MAAM,OAAO,aAAa,KAAK,UAAU,QAAQ;AACjD,SAAO,KAAK,MAAM,KAAK;;CAGzB,UAAkB,MAAe;AAC/B,gBAAc,KAAK,UAAU,KAAK,UAAU,MAAM,MAAM,EAAE,CAAC;;CAG7D,IAAyB,KAA8B;AAErD,SADa,KAAK,UAAU,CAChB;;CAGd,IAAyB,KAAU,OAAsB;EACvD,MAAM,OAAO,KAAK,UAAU;AAC5B,MAAI,UAAU,KAAA,EACZ,QAAO,KAAK;MAEZ,MAAK,OAAO;AAEd,OAAK,UAAU,KAAK;;CAGtB,OAAO,KAAoB;EACzB,MAAM,OAAO,KAAK,UAAU;AAC5B,SAAO,KAAK;AACZ,OAAK,UAAU,KAAK;;;;;AC1CxB,IAAa,yBAAb,cAA4C,iBAA+B;AAC3E,IAAa,oBAAb,cAAuC,YAA8B;AAErE,MAAa,8BAA8B;;;;;AAe3C,IAAa,gBAAb,cAAmC,kBAAkB;;;;;CAKnD,YAAY,SAAiB,UAAoC,EAAE,EAAE;AACnE,QAAM,QAAQ;EAEd,MAAM,EACJ,cAAc,6BACd,SACA,YACE;AAEJ,OAAK,mBAAmB,IAAI,eAAe,QAAQ,CAAC;AACpD,OAAK,YAAY,IAAI,kBAAkB,YAAY,CAAC;AACpD,OAAK,iBAAiB,IAAI,wBAAwB,CAAC;AACnD,MAAI,QACF,MAAK,YAAY,QAAQ;;;;;ACxC/B,MAAM,qBAAqB,MAAS;AACpC,MAAM,mBAAmB;AACzB,MAAM,iBAAiB,OAAU;AAiDjC,SAAS,YAAY,QAA4B;AAC/C,KAAI,OAAO,kBAAkB,MAAO,QAAO,OAAO;AAClD,KAAI,OAAO,OAAQ,QAAO,IAAI,MAAM,OAAO,OAAO,OAAO,CAAC;AAC1D,QAAO,IAAI,aAAa,WAAW,aAAa;;AAGlD,SAAS,MAAM,IAAY,QAAqC;AAC9D,QAAO,IAAI,SAAS,SAAS,WAAW;AACtC,MAAI,QAAQ,SAAS;AACnB,UAAO,YAAY,OAAO,CAAC;AAC3B;;EAEF,MAAM,gBAAgB;AACpB,gBAAa,MAAM;AACnB,UAAO,YAAY,OAAQ,CAAC;;EAE9B,MAAM,QAAQ,iBAAiB;AAC7B,WAAQ,oBAAoB,SAAS,QAAQ;AAC7C,YAAS;KACR,GAAG;AACN,UAAQ,iBAAiB,SAAS,SAAS,EAAE,MAAM,MAAM,CAAC;GAC1D;;;;;AAMJ,eAAsB,YAAY,KAA4B;CAC5D,MAAM,EAAE,aAAa,MAAM,OAAO;CAClC,MAAM,EAAE,cAAc,MAAM,OAAO;CACnC,MAAM,gBAAgB,UAAU,SAAS;CACzC,MAAM,WAAW,QAAQ;AAEzB,KAAI,aAAa,SACf,OAAM,cAAc,QAAQ,CAAC,IAAI,CAAC;UACzB,aAAa,QACtB,OAAM,cAAc,OAAO;EAAC;EAAM;EAAS;EAAI;EAAI,CAAC;KAEpD,OAAM,cAAc,YAAY,CAAC,IAAI,CAAC;;AAI1C,eAAe,YACb,WACA,WACA,WACA,YACA,QACsC;CACtC,MAAM,YAAY,KAAK,KAAK;CAC5B,MAAM,aAAa,IAAI,IACrB,wBAAwB,aACxB,UACD,CAAC,UAAU;AAEZ,QAAO,KAAK,KAAK,GAAG,YAAY,WAAW;AACzC,UAAQ,gBAAgB;AACxB,MAAI;GACF,MAAM,WAAW,MAAM,MAAM,YAAY,EAAE,QAAQ,CAAC;AACpD,OAAI,SAAS,IAAI;IACf,MAAM,OAAQ,MAAM,SAAS,MAAM;AACnC,QAAI,KAAK,WAAW,QAClB,QAAO;;WAGJ,OAAO;AACd,OAAI,iBAAiB,gBAAgB,MAAM,SAAS,aAClD,OAAM;;AAGV,gBAAc;AACd,QAAM,MAAM,kBAAkB,OAAO;;AAGvC,QAAO;;;;;;;;;AAUT,eAAsB,aACpB,QACA,SAC6B;AAC7B,KAAI,OAAO,MAAM,WACf,OAAM,IAAI,MACR,4BAA4B,OAAO,KAAK,QAAQ,iBACjD;CAGH,MAAM,YAAY,QAAQ,aAAa;CACvC,MAAM,YAAY,OAAO,YAAY;CAErC,MAAM,WAAW,IAAI,IAAI,YAAY,QAAQ,UAAU;AACvD,UAAS,aAAa,IAAI,WAAW,UAAU;AAC/C,UAAS,aAAa,IAAI,WAAW,OAAO,IAAI;AAChD,UAAS,aAAa,IAAI,OAAO,OAAO,IAAI;CAE5C,MAAM,MAAM,SAAS,UAAU;AAC/B,SAAQ,aAAa,KAAK,UAAU;AAEpC,KAAI;AACF,QAAM,YAAY,IAAI;SAChB;AACN,UAAQ,sBAAsB,IAAI;;CAGpC,MAAM,SAAS,MAAM,YACnB,QAAQ,WACR,WACA,WACA,QAAQ,YACR,QAAQ,OACT;AAED,KAAI,CAAC,OACH,OAAM,IAAI,MAAM,4BAA4B;AAI9C,QAAO;EAAE,MADI,MAAM,OAAO,MAAM,OAAO,IAAI;EAC5B,QAAQ,OAAO;EAAK;;;;;AAMrC,SAAgB,cAAc,QAAmC;CAC/D,MAAM,OAAO,OAAO;CACpB,MAAM,aAAa,MAAM;AAEzB,QAAO;EACL,eAAe,CAAC,CAAC;EACjB,SAAS,MAAM;EACf,SAAS,MAAM;EACf,SAAS,MAAM;EACf,QAAQ,OAAO;EACf,iBAAiB,aAAa,IAAI,KAAK,WAAW,aAAa,GAAG,KAAA;EAClE,SAAS,OAAO;EACjB;;;;;;;AAeH,eAAsB,oBACpB,QACA,SAC4B;CAC5B,MAAM,OAAO,OAAO;AACpB,KAAI,CAAC,MAAM,WACT,OAAM,IAAI,MACR,4DACD;AAKH,QAAO;EACL,OAHY,MAAM,OAAO,eAAe,WAAW,EAAE,CAAC;EAItD,KAAK,OAAO;EACZ,SAAS,KAAK;EACd,WAAW,SAAS,aAAa;EAClC;;;;;;;AAQH,SAAgB,YAAY,QAAwB;CAElD,MAAM,QADU,OAAO,MAAM,CAAC,aAAa,CACrB,MAAM,kBAAkB;AAE9C,KAAI,CAAC,MACH,OAAM,IAAI,MACR,0BAA0B,OAAO,sFAClC;CAGH,MAAM,QAAQ,OAAO,MAAM,GAAG;CAC9B,MAAM,OAAO,MAAM;AAEnB,KAAI,SAAS,EACX,OAAM,IAAI,MACR,0BAA0B,OAAO,qCAClC;AAGH,SAAQ,MAAR;EACE,KAAK,IACH,QAAO,QAAQ;EACjB,KAAK,IACH,QAAO,QAAQ,KAAK;EACtB,QACE,QAAO;;;;;;AAOb,SAAgB,aAAa,WAA2B;CACtD,MAAM,OAAO,KAAK,MAAM,YAAY,eAAe;CACnD,MAAM,QAAQ,KAAK,MAAO,YAAY,iBAAkB,KAAK;AAE7D,KAAI,OAAO,GAAG;EACZ,MAAM,SAAS,GAAG,KAAK,MAAM,SAAS,IAAI,MAAM;AAChD,MAAI,QAAQ,EACV,QAAO,GAAG,OAAO,OAAO,MAAM,OAAO,UAAU,IAAI,MAAM;AAE3D,SAAO;;AAGT,KAAI,QAAQ,EACV,QAAO,GAAG,MAAM,OAAO,UAAU,IAAI,MAAM;AAG7C,QAAO,GAAG,UAAU,SAAS,cAAc,IAAI,MAAM"}