npm - @renown/sdk - Versions diffs - 6.0.2-staging.2 → 6.0.2-staging.4 - Mend

@renown/sdk 6.0.2-staging.2 → 6.0.2-staging.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (147) hide show

package/README.md +1 -0
package/dist/index.d.ts +77 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +173 -0
package/dist/index.js.map +1 -0
package/dist/node.d.ts +136 -0
package/dist/node.d.ts.map +1 -0
package/dist/node.js +305 -0
package/dist/node.js.map +1 -0
package/dist/renown-builder-xQpZet3I.js +816 -0
package/dist/renown-builder-xQpZet3I.js.map +1 -0
package/dist/utils-D7B6E7_Z.d.ts +682 -0
package/dist/utils-D7B6E7_Z.d.ts.map +1 -0
package/package.json +14 -13
package/dist/src/common.d.ts +0 -23
package/dist/src/common.d.ts.map +0 -1
package/dist/src/common.js +0 -145
package/dist/src/common.js.map +0 -1
package/dist/src/constants.d.ts +0 -130
package/dist/src/constants.d.ts.map +0 -1
package/dist/src/constants.js +0 -40
package/dist/src/constants.js.map +0 -1
package/dist/src/crypto/browser-key-storage.d.ts +0 -10
package/dist/src/crypto/browser-key-storage.d.ts.map +0 -1
package/dist/src/crypto/browser-key-storage.js +0 -76
package/dist/src/crypto/browser-key-storage.js.map +0 -1
package/dist/src/crypto/common.d.ts +0 -6
package/dist/src/crypto/common.d.ts.map +0 -1
package/dist/src/crypto/common.js +0 -8
package/dist/src/crypto/common.js.map +0 -1
package/dist/src/crypto/index.d.ts +0 -3
package/dist/src/crypto/index.d.ts.map +0 -1
package/dist/src/crypto/index.js +0 -3
package/dist/src/crypto/index.js.map +0 -1
package/dist/src/crypto/memory-key-storage.d.ts +0 -9
package/dist/src/crypto/memory-key-storage.d.ts.map +0 -1
package/dist/src/crypto/memory-key-storage.js +0 -18
package/dist/src/crypto/memory-key-storage.js.map +0 -1
package/dist/src/crypto/node-key-storage.d.ts +0 -21
package/dist/src/crypto/node-key-storage.d.ts.map +0 -1
package/dist/src/crypto/node-key-storage.js +0 -107
package/dist/src/crypto/node-key-storage.js.map +0 -1
package/dist/src/crypto/node.d.ts +0 -3
package/dist/src/crypto/node.d.ts.map +0 -1
package/dist/src/crypto/node.js +0 -3
package/dist/src/crypto/node.js.map +0 -1
package/dist/src/crypto/renown-crypto-builder.d.ts +0 -11
package/dist/src/crypto/renown-crypto-builder.d.ts.map +0 -1
package/dist/src/crypto/renown-crypto-builder.js +0 -34
package/dist/src/crypto/renown-crypto-builder.js.map +0 -1
package/dist/src/crypto/renown-crypto.d.ts +0 -26
package/dist/src/crypto/renown-crypto.d.ts.map +0 -1
package/dist/src/crypto/renown-crypto.js +0 -56
package/dist/src/crypto/renown-crypto.js.map +0 -1
package/dist/src/crypto/signer.d.ts +0 -74
package/dist/src/crypto/signer.d.ts.map +0 -1
package/dist/src/crypto/signer.js +0 -306
package/dist/src/crypto/signer.js.map +0 -1
package/dist/src/crypto/types.d.ts +0 -27
package/dist/src/crypto/types.d.ts.map +0 -1
package/dist/src/crypto/types.js +0 -2
package/dist/src/crypto/types.js.map +0 -1
package/dist/src/crypto/utils.d.ts +0 -13
package/dist/src/crypto/utils.d.ts.map +0 -1
package/dist/src/crypto/utils.js +0 -39
package/dist/src/crypto/utils.js.map +0 -1
package/dist/src/event/event.browser.d.ts +0 -10
package/dist/src/event/event.browser.d.ts.map +0 -1
package/dist/src/event/event.browser.js +0 -24
package/dist/src/event/event.browser.js.map +0 -1
package/dist/src/event/event.node.d.ts +0 -8
package/dist/src/event/event.node.d.ts.map +0 -1
package/dist/src/event/event.node.js +0 -17
package/dist/src/event/event.node.js.map +0 -1
package/dist/src/event/memory.d.ts +0 -8
package/dist/src/event/memory.d.ts.map +0 -1
package/dist/src/event/memory.js +0 -16
package/dist/src/event/memory.js.map +0 -1
package/dist/src/event/types.d.ts +0 -16
package/dist/src/event/types.d.ts.map +0 -1
package/dist/src/event/types.js +0 -2
package/dist/src/event/types.js.map +0 -1
package/dist/src/index.d.ts +0 -8
package/dist/src/index.d.ts.map +0 -1
package/dist/src/index.js +0 -8
package/dist/src/index.js.map +0 -1
package/dist/src/init.browser.d.ts +0 -52
package/dist/src/init.browser.d.ts.map +0 -1
package/dist/src/init.browser.js +0 -66
package/dist/src/init.browser.js.map +0 -1
package/dist/src/init.node.d.ts +0 -29
package/dist/src/init.node.d.ts.map +0 -1
package/dist/src/init.node.js +0 -30
package/dist/src/init.node.js.map +0 -1
package/dist/src/node.d.ts +0 -10
package/dist/src/node.d.ts.map +0 -1
package/dist/src/node.js +0 -10
package/dist/src/node.js.map +0 -1
package/dist/src/profile.d.ts +0 -3
package/dist/src/profile.d.ts.map +0 -1
package/dist/src/profile.js +0 -22
package/dist/src/profile.js.map +0 -1
package/dist/src/renown-builder.d.ts +0 -68
package/dist/src/renown-builder.d.ts.map +0 -1
package/dist/src/renown-builder.js +0 -130
package/dist/src/renown-builder.js.map +0 -1
package/dist/src/storage/common.d.ts +0 -17
package/dist/src/storage/common.d.ts.map +0 -1
package/dist/src/storage/common.js +0 -20
package/dist/src/storage/common.js.map +0 -1
package/dist/src/storage/storage.browser.d.ts +0 -10
package/dist/src/storage/storage.browser.d.ts.map +0 -1
package/dist/src/storage/storage.browser.js +0 -27
package/dist/src/storage/storage.browser.js.map +0 -1
package/dist/src/storage/storage.node.d.ts +0 -11
package/dist/src/storage/storage.node.d.ts.map +0 -1
package/dist/src/storage/storage.node.js +0 -42
package/dist/src/storage/storage.node.js.map +0 -1
package/dist/src/types.d.ts +0 -126
package/dist/src/types.d.ts.map +0 -1
package/dist/src/types.js +0 -2
package/dist/src/types.js.map +0 -1
package/dist/src/utils.d.ts +0 -24
package/dist/src/utils.d.ts.map +0 -1
package/dist/src/utils.js +0 -94
package/dist/src/utils.js.map +0 -1
package/dist/test/auth.test.d.ts +0 -2
package/dist/test/auth.test.d.ts.map +0 -1
package/dist/test/auth.test.js +0 -13
package/dist/test/auth.test.js.map +0 -1
package/dist/test/crypto/signer.test.d.ts +0 -2
package/dist/test/crypto/signer.test.d.ts.map +0 -1
package/dist/test/crypto/signer.test.js +0 -184
package/dist/test/crypto/signer.test.js.map +0 -1
package/dist/test/renown.test.d.ts +0 -2
package/dist/test/renown.test.d.ts.map +0 -1
package/dist/test/renown.test.js +0 -287
package/dist/test/renown.test.js.map +0 -1
package/dist/test/storage.node.test.d.ts +0 -2
package/dist/test/storage.node.test.d.ts.map +0 -1
package/dist/test/storage.node.test.js +0 -66
package/dist/test/storage.node.test.js.map +0 -1
package/dist/tsconfig.tsbuildinfo +0 -1
package/dist/vitest.config.d.ts +0 -3
package/dist/vitest.config.d.ts.map +0 -1
package/dist/vitest.config.js +0 -7
package/dist/vitest.config.js.map +0 -1

package/dist/renown-builder-xQpZet3I.js ADDED Viewed

@@ -0,0 +1,816 @@
+import { bytesToBase64url } from "did-jwt";
+import { fromString } from "uint8arrays";
+import { createVerifiableCredentialJwt, verifyCredential } from "did-jwt-vc";
+import { Resolver } from "did-resolver";
+import { getResolver } from "key-did-resolver";
+import { compressedKeyInHexfromRaw, encodeDIDfromHexString, rawKeyInHexfromUncompressed } from "did-key-creator";
+//#region src/constants.ts
+const DEFAULT_RENOWN_URL = "https://www.renown.id";
+const DEFAULT_RENOWN_NETWORK_ID = "eip155";
+const DEFAULT_RENOWN_CHAIN_ID = "1";
+const DOMAIN_TYPE = [
+	{
+		name: "name",
+		type: "string"
+	},
+	{
+		name: "version",
+		type: "string"
+	},
+	{
+		name: "chainId",
+		type: "uint256"
+	},
+	{
+		name: "verifyingContract",
+		type: "address"
+	}
+];
+const VERIFIABLE_CREDENTIAL_EIP712_TYPE = [
+	{
+		name: "@context",
+		type: "string[]"
+	},
+	{
+		name: "type",
+		type: "string[]"
+	},
+	{
+		name: "id",
+		type: "string"
+	},
+	{
+		name: "issuer",
+		type: "Issuer"
+	},
+	{
+		name: "credentialSubject",
+		type: "CredentialSubject"
+	},
+	{
+		name: "credentialSchema",
+		type: "CredentialSchema"
+	},
+	{
+		name: "issuanceDate",
+		type: "string"
+	},
+	{
+		name: "expirationDate",
+		type: "string"
+	}
+];
+const CREDENTIAL_SCHEMA_EIP712_TYPE = [{
+	name: "id",
+	type: "string"
+}, {
+	name: "type",
+	type: "string"
+}];
+const CREDENTIAL_SUBJECT_TYPE = [
+	{
+		name: "app",
+		type: "string"
+	},
+	{
+		name: "id",
+		type: "string"
+	},
+	{
+		name: "name",
+		type: "string"
+	}
+];
+const ISSUER_TYPE = [{
+	name: "id",
+	type: "string"
+}, {
+	name: "ethereumAddress",
+	type: "string"
+}];
+const CREDENTIAL_TYPES = {
+	EIP712Domain: DOMAIN_TYPE,
+	VerifiableCredential: VERIFIABLE_CREDENTIAL_EIP712_TYPE,
+	CredentialSchema: CREDENTIAL_SCHEMA_EIP712_TYPE,
+	CredentialSubject: CREDENTIAL_SUBJECT_TYPE,
+	Issuer: ISSUER_TYPE
+};
+//#endregion
+//#region src/utils.ts
+/**
+* Parse a DID:pkh string to extract network, chain ID, and address information
+* @param did - The DID string in format "did:pkh:networkId:chainId:address"
+* @returns Parsed DID information
+* @throws Error if the DID format is invalid
+*/
+function parsePkhDid(did) {
+	const parts = did.split(":");
+	if (!did.startsWith("did:pkh:") || parts.length !== 5) throw new Error("Invalid pkh did");
+	const [, , networkId, chainIdStr, address] = parts;
+	if (!address.startsWith("0x")) throw new Error(`Invalid address: ${address}`);
+	const chainId = Number(chainIdStr);
+	if (isNaN(chainId)) throw new Error(`Invalid chain id: ${chainIdStr}`);
+	return {
+		chainId,
+		networkId,
+		address
+	};
+}
+async function verifyAuthBearerToken(jwt) {
+	try {
+		const now = parseInt(String(Date.now() / 1e3));
+		const verified = await verifyCredential(jwt, getResolver$1(), { policies: {
+			now: parseInt(String(Date.now() / 1e3)),
+			expirationDate: true,
+			issuanceDate: true
+		} });
+		if (verified.payload.exp && verified.payload.exp < now) return false;
+		assertIsAuthCredential(verified);
+		return verified;
+	} catch (e) {
+		console.error(e);
+		return false;
+	}
+}
+function assertIsAuthCredential(credential) {
+	const subjectKeys = Object.keys(credential.verifiableCredential.credentialSubject);
+	if (![
+		"address",
+		"chainId",
+		"networkId"
+	].every((key) => subjectKeys.includes(key))) throw new Error("Invalid Auth Credential Subject:" + JSON.stringify(credential.verifiableCredential.credentialSubject, null, 2));
+}
+async function createAuthBearerToken(chainId, networkId, address, issuer, options) {
+	return await createVerifiableCredentialJwt({
+		sub: issuer.did,
+		vc: {
+			"@context": ["https://www.w3.org/2018/credentials/v1"],
+			type: ["VerifiableCredential"],
+			credentialSubject: {
+				chainId,
+				networkId,
+				address
+			}
+		},
+		aud: options?.aud
+	}, issuer, { expiresIn: options?.expiresIn });
+}
+const getResolver$1 = () => {
+	const keyResolver = getResolver();
+	if (!keyResolver) throw new Error("Failed to get key resolver");
+	return new Resolver(keyResolver);
+};
+//#endregion
+//#region src/crypto/utils.ts
+const ECDSA_ALGORITHM = {
+	name: "ECDSA",
+	namedCurve: "P-256"
+};
+const ECDSA_SIGN_ALGORITHM = {
+	name: "ECDSA",
+	namedCurve: "P-256",
+	hash: "SHA-256"
+};
+function ab2hex(ab) {
+	return Array.prototype.map.call(new Uint8Array(ab), (x) => ("00" + x.toString(16)).slice(-2)).join("");
+}
+async function parseDid(keyPair, subtleCrypto) {
+	return encodeDIDfromHexString("p256-pub", compressedKeyInHexfromRaw(rawKeyInHexfromUncompressed(ab2hex(await subtleCrypto.exportKey("raw", keyPair.publicKey)))));
+}
+async function exportKeyPair(keyPair, subtleCrypto) {
+	return {
+		publicKey: await subtleCrypto.exportKey("jwk", keyPair.publicKey),
+		privateKey: await subtleCrypto.exportKey("jwk", keyPair.privateKey)
+	};
+}
+async function importKeyPair(jwkKeyPair, subtleCrypto, algorithm = ECDSA_ALGORITHM) {
+	return {
+		publicKey: await subtleCrypto.importKey("jwk", jwkKeyPair.publicKey, algorithm, true, ["verify"]),
+		privateKey: await subtleCrypto.importKey("jwk", jwkKeyPair.privateKey, algorithm, true, ["sign"])
+	};
+}
+async function generateKeyPair(subtleCrypto, algorithm = ECDSA_ALGORITHM) {
+	return subtleCrypto.generateKey(algorithm, true, ["sign", "verify"]);
+}
+//#endregion
+//#region src/crypto/renown-crypto.ts
+const RENOWN_NETWORK_ID = "eip155";
+const RENOWN_CHAIN_ID = 1;
+var RenownCrypto = class RenownCrypto {
+	#subtleCrypto;
+	#keyPair;
+	#keyPairStorage;
+	did;
+	static algorithm = ECDSA_ALGORITHM;
+	static signAlgorithm = ECDSA_SIGN_ALGORITHM;
+	constructor(keyPairStorage, crypto, keyPair, did) {
+		this.#keyPairStorage = keyPairStorage;
+		this.#subtleCrypto = crypto;
+		this.#keyPair = keyPair;
+		this.did = did;
+	}
+	get publicKey() {
+		return this.#keyPair.publicKey;
+	}
+	async getBearerToken(address, options) {
+		return await createAuthBearerToken(Number(RENOWN_CHAIN_ID), RENOWN_NETWORK_ID, address || this.did, this.issuer, options);
+	}
+	async removeDid() {
+		await this.#keyPairStorage.removeKeyPair();
+	}
+	#stringToBytes(s) {
+		return fromString(s, "utf-8");
+	}
+	async sign(data) {
+		const dataBytes = typeof data === "string" ? this.#stringToBytes(data) : data;
+		const arrayBuffer = await this.#subtleCrypto.sign(RenownCrypto.signAlgorithm, this.#keyPair.privateKey, dataBytes.buffer);
+		return new Uint8Array(arrayBuffer);
+	}
+	async verify(data, signature) {
+		return this.#subtleCrypto.verify({
+			name: "ECDSA",
+			hash: "SHA-256"
+		}, this.#keyPair.publicKey, signature.buffer, data.buffer);
+	}
+	get issuer() {
+		return {
+			did: this.did,
+			signer: async (data) => {
+				return bytesToBase64url(await this.sign(typeof data === "string" ? new TextEncoder().encode(data) : data));
+			},
+			alg: "ES256"
+		};
+	}
+};
+/**
+* @deprecated Use RenownCrypto instead
+*/
+var ConnectCrypto = class extends RenownCrypto {};
+//#endregion
+//#region src/crypto/renown-crypto-builder.ts
+var RenownCryptoBuilder = class {
+	keyPairStorage;
+	subtleCrypto;
+	withKeyPairStorage(storage) {
+		this.keyPairStorage = storage;
+		return this;
+	}
+	withSubtleCrypto(crypto) {
+		this.subtleCrypto = crypto;
+		return this;
+	}
+	async build() {
+		if (!this.keyPairStorage) throw new Error("KeyPairStorage is required. Use withKeyPairStorage() to set it.");
+		const subtleCrypto = this.subtleCrypto ?? globalThis.crypto.subtle;
+		const keyPair = await this.#initializeKeyPair(subtleCrypto, this.keyPairStorage);
+		const did = await parseDid(keyPair, subtleCrypto);
+		return new RenownCrypto(this.keyPairStorage, subtleCrypto, keyPair, did);
+	}
+	async #initializeKeyPair(subtleCrypto, keyPairStorage) {
+		const loadedKeyPair = await keyPairStorage.loadKeyPair();
+		if (loadedKeyPair) return importKeyPair(loadedKeyPair, subtleCrypto);
+		const keyPair = await generateKeyPair(subtleCrypto);
+		const exported = await exportKeyPair(keyPair, subtleCrypto);
+		await keyPairStorage.saveKeyPair(exported);
+		return keyPair;
+	}
+};
+//#endregion
+//#region src/crypto/memory-key-storage.ts
+var MemoryKeyStorage = class {
+	keyPair;
+	constructor(keyPair) {
+		this.keyPair = keyPair;
+	}
+	loadKeyPair() {
+		return Promise.resolve(this.keyPair);
+	}
+	saveKeyPair(keyPair) {
+		this.keyPair = keyPair;
+		return Promise.resolve();
+	}
+	removeKeyPair() {
+		this.keyPair = void 0;
+		return Promise.resolve();
+	}
+};
+//#endregion
+//#region src/crypto/signer.ts
+var InvalidSignatureError = class extends Error {
+	constructor() {
+		super("Invalid signature");
+	}
+};
+var RenownCryptoSigner = class {
+	app;
+	constructor(crypto, appName, user) {
+		this.crypto = crypto;
+		this.appName = appName;
+		this.user = user;
+		this.app = {
+			key: this.crypto.did,
+			name: this.appName
+		};
+	}
+	get publicKey() {
+		return this.crypto.publicKey;
+	}
+	async sign(data) {
+		return this.crypto.sign(data);
+	}
+	async verify(data, signature) {
+		if (!await this.crypto.verify(data, signature)) throw new InvalidSignatureError();
+	}
+	async signAction(action, abortSignal) {
+		const hashField = action.context?.prevOpHash ?? "";
+		return this._signAction(action, hashField, abortSignal);
+	}
+	/**
+	* Signs an action including a predicted resulting state hash.
+	*
+	* The resulting hash is packed into the signature tuple's 4th element (index 3)
+	* using the format: `${prevStateHash}:${resultingStateHash}`
+	*
+	* This allows offline verification of documents without reducer logic:
+	* - Verifier can check that the signature is valid for the claimed resulting state
+	* - Verifier can compare claimed resulting state to actual operation.hash
+	*
+	* @param action - The action to sign
+	* @param resultingStateHash - The predicted hash of document state AFTER this action runs
+	* @param abortSignal - Optional abort signal
+	* @returns A Signature tuple with the resulting hash encoded in element [3]
+	*/
+	async signActionWithResultingState(action, resultingStateHash, abortSignal) {
+		const hashField = `${action.context?.prevOpHash ?? ""}:${resultingStateHash}`;
+		return this._signAction(action, hashField, abortSignal);
+	}
+	/**
+	* Internal signing implementation shared by signAction and signActionWithResultingState.
+	*/
+	async _signAction(action, hashField, abortSignal) {
+		if (abortSignal?.aborted) throw new Error("Signing aborted");
+		const timestamp = ((/* @__PURE__ */ new Date()).getTime() / 1e3).toFixed(0);
+		const hash = await this.hashAction(action);
+		if (abortSignal?.aborted) throw new Error("Signing aborted");
+		const params = [
+			timestamp,
+			this.crypto.did,
+			hash,
+			hashField
+		];
+		const message = this.buildSignatureMessage(params);
+		const signatureBytes = await this.crypto.sign(message);
+		const signatureHex = `0x${this.arrayBufferToHex(signatureBytes)}`;
+		if (abortSignal?.aborted) throw new Error("Signing aborted");
+		return [...params, signatureHex];
+	}
+	async hashAction(action) {
+		const payload = [
+			action.scope,
+			action.type,
+			JSON.stringify(action.input)
+		].join("");
+		const data = new TextEncoder().encode(payload);
+		const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+		return this.arrayBufferToBase64(hashBuffer);
+	}
+	buildSignatureMessage(params) {
+		const message = params.join("");
+		const prefix = "Signed Operation:\n" + message.length.toString();
+		return new TextEncoder().encode(prefix + message);
+	}
+	arrayBufferToHex(buffer) {
+		const bytes = buffer instanceof Uint8Array ? buffer : new Uint8Array(buffer);
+		return Array.from(bytes).map((byte) => byte.toString(16).padStart(2, "0")).join("");
+	}
+	arrayBufferToBase64(buffer) {
+		const bytes = new Uint8Array(buffer);
+		let binary = "";
+		for (let i = 0; i < bytes.length; i++) binary += String.fromCharCode(bytes[i]);
+		return btoa(binary);
+	}
+};
+/**
+* Creates a signature verification handler that verifies signatures using the Web Crypto API.
+* The verification uses ECDSA with P-256 curve and SHA-256 hash, matching the RenownCrypto signing algorithm.
+*/
+function createSignatureVerifier(requireSignature = false) {
+	return async (operation, publicKey) => {
+		const signer = operation.action.context?.signer;
+		if (!signer || !publicKey) return !requireSignature;
+		const signatures = signer.signatures;
+		if (signatures.length === 0) return false;
+		const [timestamp, signerKey, hash, prevStateHash, signatureHex] = signatures[signatures.length - 1];
+		if (signerKey !== publicKey) return false;
+		const message = buildSignatureMessage([
+			timestamp,
+			signerKey,
+			hash,
+			prevStateHash
+		]);
+		const signatureBytes = hexToUint8Array(signatureHex);
+		const cryptoKey = await importPublicKey(publicKey);
+		return await crypto.subtle.verify({
+			name: "ECDSA",
+			hash: "SHA-256"
+		}, cryptoKey, signatureBytes.buffer, message.buffer);
+	};
+}
+function buildSignatureMessage(params) {
+	const message = params.join("");
+	const prefix = "Signed Operation:\n" + message.length.toString();
+	return new TextEncoder().encode(prefix + message);
+}
+function hexToUint8Array(hex) {
+	const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
+	const bytes = new Uint8Array(cleanHex.length / 2);
+	for (let i = 0; i < cleanHex.length; i += 2) bytes[i / 2] = parseInt(cleanHex.substring(i, i + 2), 16);
+	return bytes;
+}
+async function importPublicKey(did) {
+	const keyData = extractKeyFromDid(did);
+	return crypto.subtle.importKey("raw", keyData.buffer, {
+		name: "ECDSA",
+		namedCurve: "P-256"
+	}, true, ["verify"]);
+}
+function extractKeyFromDid(did) {
+	const parts = did.split(":");
+	if (parts.length < 3 || parts[0] !== "did" || parts[1] !== "key") throw new Error(`Invalid DID format: ${did}`);
+	const multibaseKey = parts[2];
+	if (!multibaseKey.startsWith("z")) throw new Error(`Unsupported multibase encoding: ${multibaseKey[0]}`);
+	const decoded = base58Decode(multibaseKey.slice(1));
+	if (decoded[0] !== 128 || decoded[1] !== 36) throw new Error("Not a P-256 public key multicodec");
+	return decompressP256PublicKey(decoded.slice(2));
+}
+function base58Decode(input) {
+	const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+	const ALPHABET_MAP = /* @__PURE__ */ new Map();
+	for (let i = 0; i < 58; i++) ALPHABET_MAP.set(ALPHABET[i], i);
+	if (input.length === 0) return new Uint8Array(0);
+	const bytes = [0];
+	for (const char of input) {
+		const value = ALPHABET_MAP.get(char);
+		if (value === void 0) throw new Error(`Invalid base58 character: ${char}`);
+		let carry = value;
+		for (let j = 0; j < bytes.length; j++) {
+			carry += bytes[j] * 58;
+			bytes[j] = carry & 255;
+			carry >>= 8;
+		}
+		while (carry > 0) {
+			bytes.push(carry & 255);
+			carry >>= 8;
+		}
+	}
+	for (const char of input) {
+		if (char !== "1") break;
+		bytes.push(0);
+	}
+	return new Uint8Array(bytes.reverse());
+}
+function decompressP256PublicKey(compressed) {
+	if (compressed.length !== 33) throw new Error(`Invalid compressed key length: ${compressed.length}`);
+	const prefix = compressed[0];
+	if (prefix !== 2 && prefix !== 3) throw new Error(`Invalid compression prefix: ${prefix}`);
+	const p = BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff");
+	const a = BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc");
+	const b = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
+	let x = BigInt(0);
+	for (let i = 1; i < compressed.length; i++) x = x << BigInt(8) | BigInt(compressed[i]);
+	let y = modPow((modPow(x, BigInt(3), p) + a * x + b) % p, (p + BigInt(1)) / BigInt(4), p);
+	if (y % BigInt(2) === BigInt(0) !== (prefix === 2)) y = p - y;
+	const uncompressed = new Uint8Array(65);
+	uncompressed[0] = 4;
+	const xBytes = bigIntToBytes(x, 32);
+	const yBytes = bigIntToBytes(y, 32);
+	uncompressed.set(xBytes, 1);
+	uncompressed.set(yBytes, 33);
+	return uncompressed;
+}
+function modPow(base, exp, mod) {
+	let result = BigInt(1);
+	base = base % mod;
+	while (exp > BigInt(0)) {
+		if (exp % BigInt(2) === BigInt(1)) result = result * base % mod;
+		exp = exp >> BigInt(1);
+		base = base * base % mod;
+	}
+	return result;
+}
+function bigIntToBytes(n, length) {
+	const bytes = new Uint8Array(length);
+	for (let i = length - 1; i >= 0; i--) {
+		bytes[i] = Number(n & BigInt(255));
+		n = n >> BigInt(8);
+	}
+	return bytes;
+}
+/**
+* Parses the hash field (element [3]) from a signature tuple.
+*
+* Supports two formats:
+* - Old format: just `prevStateHash` (no colon)
+* - New format: `prevStateHash:resultingStateHash` (colon-separated)
+*
+* @param hashField - The 4th element of a Signature tuple
+* @returns Object with prevStateHash and optional resultingStateHash
+*/
+function parseSignatureHashField(hashField) {
+	const colonIndex = hashField.indexOf(":");
+	if (colonIndex === -1) return {
+		prevStateHash: hashField,
+		resultingStateHash: void 0
+	};
+	return {
+		prevStateHash: hashField.substring(0, colonIndex),
+		resultingStateHash: hashField.substring(colonIndex + 1)
+	};
+}
+/**
+* Extracts the resulting state hash from a signature, if present.
+*
+* @param signature - A Signature tuple
+* @returns The resulting state hash, or undefined if not present
+*/
+function extractResultingHashFromSignature(signature) {
+	const hashField = signature[3];
+	const { resultingStateHash } = parseSignatureHashField(hashField);
+	return resultingStateHash;
+}
+/**
+* Checks if a signature includes a resulting state hash.
+*
+* @param signature - A Signature tuple
+* @returns true if the signature includes a resulting state hash
+*/
+function signatureHasResultingHash(signature) {
+	return extractResultingHashFromSignature(signature) !== void 0;
+}
+//#endregion
+//#region src/storage/common.ts
+var BaseStorage = class {};
+var MemoryStorage = class extends BaseStorage {
+	data = /* @__PURE__ */ new Map();
+	get(key) {
+		return this.data.get(key);
+	}
+	set(key, value) {
+		if (value === void 0) this.data.delete(key);
+		else this.data.set(key, value);
+	}
+	delete(key) {
+		this.data.delete(key);
+	}
+};
+//#endregion
+//#region src/common.ts
+var RenownMemoryStorage = class extends MemoryStorage {};
+var Renown = class {
+	#baseUrl;
+	#store;
+	#eventEmitter;
+	#appName;
+	#crypto;
+	#signer;
+	#profileFetcher;
+	#status = "initial";
+	constructor(store, eventEmitter, crypto, appName, baseUrl = DEFAULT_RENOWN_URL, profileFetcher) {
+		this.#store = store;
+		this.#eventEmitter = eventEmitter;
+		this.#baseUrl = baseUrl;
+		this.#crypto = crypto;
+		this.#appName = appName;
+		this.#profileFetcher = profileFetcher;
+		this.#signer = new RenownCryptoSigner(crypto, this.#appName, this.user);
+		this.on("user", (user) => {
+			this.#signer.user = user;
+		});
+	}
+	get baseUrl() {
+		return this.#baseUrl;
+	}
+	get user() {
+		return this.#store.get("user");
+	}
+	get status() {
+		return this.#status;
+	}
+	get signer() {
+		return this.#signer;
+	}
+	get crypto() {
+		return this.#crypto;
+	}
+	get did() {
+		return this.#crypto.did;
+	}
+	get profileFetcher() {
+		return this.#profileFetcher;
+	}
+	#updateStatus(status) {
+		this.#status = status;
+		this.#eventEmitter.emit("status", status);
+	}
+	#updateUser(user) {
+		if (user) this.#store.set("user", user);
+		else this.#store.delete("user");
+		this.#eventEmitter.emit("user", user);
+	}
+	async login(userDid) {
+		this.#updateStatus("checking");
+		try {
+			const result = parsePkhDid(userDid);
+			const credential = await this.#getCredential(result.address, result.chainId, this.#crypto.did);
+			if (!credential) {
+				this.#updateUser(void 0);
+				throw new Error("Credential not found");
+			}
+			if (!(credential.issuer.id === userDid && credential.credentialSubject.id === this.did)) throw new Error("Invalid credential");
+			const user = {
+				...result,
+				address: credential.issuer.ethereumAddress,
+				did: userDid,
+				credential
+			};
+			this.#updateUser(user);
+			this.#updateStatus("authorized");
+			if (this.#profileFetcher) this.#profileFetcher(user, this.#baseUrl).then((profile) => {
+				if (profile && this.user?.address === user.address && this.user.chainId === user.chainId) this.#updateUser({
+					...this.user,
+					profile,
+					ens: {
+						name: profile.username ?? void 0,
+						avatarUrl: profile.userImage ?? void 0
+					}
+				});
+			}).catch(console.error);
+			return user;
+		} catch (error) {
+			this.#updateUser(void 0);
+			this.#updateStatus("not-authorized");
+			throw error;
+		}
+	}
+	logout() {
+		this.#updateUser(void 0);
+		this.#updateStatus("initial");
+		return Promise.resolve();
+	}
+	on(event, listener) {
+		return this.#eventEmitter.on(event, listener);
+	}
+	async #getCredential(address, chainId, appDid) {
+		if (!this.#baseUrl) throw new Error("RENOWN_URL is not set");
+		const url = new URL(`/api/auth/credential?address=${encodeURIComponent(address)}&chainId=${encodeURIComponent(chainId)}&connectId=${encodeURIComponent(appDid)}&appId=${encodeURIComponent(appDid)}`, this.#baseUrl);
+		const response = await fetch(url, { method: "GET" });
+		if (response.ok) return (await response.json()).credential;
+		else throw new Error(`Failed to get credential: ${response.status}`);
+	}
+	async verifyBearerToken(token) {
+		return verifyAuthBearerToken(token);
+	}
+	async getBearerToken(options) {
+		if (!this.user) throw new Error("User not found");
+		return this.#crypto.getBearerToken(this.user.address, options);
+	}
+};
+//#endregion
+//#region src/event/memory.ts
+var MemoryEventEmitter = class {
+	#listeners = /* @__PURE__ */ new Map();
+	on(event, listener) {
+		if (!this.#listeners.has(event)) this.#listeners.set(event, /* @__PURE__ */ new Set());
+		this.#listeners.get(event).add(listener);
+		return () => {
+			this.#listeners.get(event)?.delete(listener);
+		};
+	}
+	emit(event, data) {
+		this.#listeners.get(event)?.forEach((listener) => listener(data));
+	}
+};
+//#endregion
+//#region src/profile.ts
+const fetchRenownProfile = async (user, baseUrl) => {
+	try {
+		const response = await fetch(`${baseUrl}/api/profile`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify({ ethAddress: user.address })
+		});
+		if (!response.ok) return;
+		return (await response.json()).profile ?? void 0;
+	} catch {
+		return;
+	}
+};
+//#endregion
+//#region src/renown-builder.ts
+/**
+* Base builder for creating Renown instances.
+* Use platform-specific builders (RenownBuilder from init.browser.js or init.node.js)
+* for pre-configured defaults.
+*/
+var BaseRenownBuilder = class BaseRenownBuilder {
+	#appName;
+	#storage;
+	#eventEmitter;
+	#crypto;
+	#keyPairStorage;
+	#baseUrl;
+	#profileFetcher;
+	/**
+	* @param appName - Application name used for signing context
+	*/
+	constructor(appName) {
+		this.#appName = appName;
+	}
+	/**
+	* Set custom storage for user data persistence.
+	* Defaults to in-memory storage if not set.
+	*/
+	withStorage(storage) {
+		this.#storage = storage;
+		return this;
+	}
+	/**
+	* Set custom event emitter for user state changes.
+	* Defaults to in-memory event emitter if not set.
+	*/
+	withEventEmitter(eventEmitter) {
+		this.#eventEmitter = eventEmitter;
+		return this;
+	}
+	/**
+	* Set a pre-built crypto instance.
+	* Either crypto or keyPairStorage must be provided.
+	*/
+	withCrypto(crypto) {
+		this.#crypto = crypto;
+		return this;
+	}
+	/**
+	* Set key pair storage for cryptographic keys.
+	* A crypto instance will be built from this storage.
+	* Either crypto or keyPairStorage must be provided.
+	*/
+	withKeyPairStorage(keyPairStorage) {
+		this.#keyPairStorage = keyPairStorage;
+		return this;
+	}
+	/**
+	* Set the Renown server URL for credential verification.
+	* Defaults to https://www.renown.id
+	*/
+	withBaseUrl(baseUrl) {
+		this.#baseUrl = baseUrl;
+		return this;
+	}
+	/**
+	* Set a profile fetcher strategy for enriching user data after login.
+	* The fetcher receives the authenticated user and the base URL,
+	* and returns a RenownProfile. Called in the background after each login.
+	* Defaults to fetchRenownProfile which calls the Renown API.
+	*/
+	withProfileFetcher(profileFetcher) {
+		this.#profileFetcher = profileFetcher;
+		return this;
+	}
+	/**
+	* Build and initialize the Renown instance.
+	* If a user is stored, attempts to re-authenticate them.
+	* @throws Error if neither crypto nor keyPairStorage is provided
+	*/
+	async build() {
+		if (!this.#crypto && !this.#keyPairStorage) throw new Error("Either crypto or keyPairStorage is required. Use withCrypto() or withKeyPairStorage() to set one.");
+		const crypto = this.#crypto ?? await new RenownCryptoBuilder().withKeyPairStorage(this.#keyPairStorage).build();
+		const storage = this.#storage ?? new RenownMemoryStorage();
+		const eventEmitter = this.#eventEmitter ?? new MemoryEventEmitter();
+		const baseUrl = this.#baseUrl ?? "https://www.renown.id";
+		const renown = new Renown(storage, eventEmitter, crypto, this.#appName, baseUrl, this.#profileFetcher ?? fetchRenownProfile);
+		if (renown.user) try {
+			await renown.login(renown.user.did);
+		} catch (error) {
+			console.error("Failed to re-authenticate user:", error);
+		}
+		return renown;
+	}
+	/**
+	* Create a BaseRenownBuilder from options object for a more concise API
+	*/
+	static from(options) {
+		const builder = new BaseRenownBuilder(options.appName);
+		if (options.storage) builder.withStorage(options.storage);
+		if (options.eventEmitter) builder.withEventEmitter(options.eventEmitter);
+		if (options.crypto) builder.withCrypto(options.crypto);
+		if (options.keyPairStorage) builder.withKeyPairStorage(options.keyPairStorage);
+		if (options.baseUrl) builder.withBaseUrl(options.baseUrl);
+		if (options.profileFetcher) builder.withProfileFetcher(options.profileFetcher);
+		return builder;
+	}
+};
+//#endregion
+export { DEFAULT_RENOWN_CHAIN_ID as C, ISSUER_TYPE as D, DOMAIN_TYPE as E, VERIFIABLE_CREDENTIAL_EIP712_TYPE as O, CREDENTIAL_TYPES as S, DEFAULT_RENOWN_URL as T, getResolver$1 as _, BaseStorage as a, CREDENTIAL_SCHEMA_EIP712_TYPE as b, extractResultingHashFromSignature as c, MemoryKeyStorage as d, RenownCryptoBuilder as f, createAuthBearerToken as g, assertIsAuthCredential as h, RenownMemoryStorage as i, parseSignatureHashField as l, RenownCrypto as m, fetchRenownProfile as n, RenownCryptoSigner as o, ConnectCrypto as p, Renown as r, createSignatureVerifier as s, BaseRenownBuilder as t, signatureHasResultingHash as u, parsePkhDid as v, DEFAULT_RENOWN_NETWORK_ID as w, CREDENTIAL_SUBJECT_TYPE as x, verifyAuthBearerToken as y };
+//# sourceMappingURL=renown-builder-xQpZet3I.js.map