@sphereon/ssi-sdk.siopv2-oid4vp-op-auth 0.33.1-feature.vcdm2.tsup.31 → 0.33.1-next.2

package/dist/index.js

@@ -1,2421 +1,32 @@
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
-var __commonJS = (cb, mod) => function __require() {
-  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
-};
-
-// src/localization/translations/en.json
-var require_en = __commonJS({
-  "src/localization/translations/en.json"(exports, module) {
-    module.exports = {
-      siopv2_machine_identifier_error_title: "Getting identifier",
-      siopv2_machine_create_config_error_title: "Creating siopV2 config",
-      siopv2_machine_get_request_error_title: "Getting siopV2 request",
-      siopv2_machine_get_selectable_credentials_error_title: "Getting siopV2 selectable credentials",
-      siopv2_machine_retrieve_contact_error_title: "Retrieve contact",
-      siopv2_machine_add_contact_identity_error_title: "Add contact identity",
-      siopv2_machine_send_response_error_title: "Sending siopV2 response"
-    };
-  }
-});
-
-// src/localization/translations/nl.json
-var require_nl = __commonJS({
-  "src/localization/translations/nl.json"(exports, module) {
-    module.exports = {
-      siopv2_machine_identifier_error_title: "Identifier ophalen",
-      siopv2_machine_create_config_error_title: "SiopV2 configuratie maken",
-      siopv2_machine_get_request_error_title: "SiopV2 verzoek ophalen",
-      siopv2_machine_retrieve_contact_error_title: "Ophalen credential",
-      siopv2_machine_add_contact_identity_error_title: "Toevoegen identiteit contact",
-      siopv2_machine_send_response_error_title: "SiopV2 antwoord verzenden"
-    };
-  }
-});
-
-// plugin.schema.json
-var require_plugin_schema = __commonJS({
-  "plugin.schema.json"(exports, module) {
-    module.exports = {
-      IDidAuthSiopOpAuthenticator: {
-        components: {
-          schemas: {
-            IGetSiopSessionArgs: {
-              type: "object",
-              properties: {
-                sessionId: {
-                  type: "string"
-                },
-                additionalProperties: false
-              },
-              required: ["sessionId"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSessionForSiop } "
-            },
-            IRegisterSiopSessionArgs: {
-              type: "object",
-              properties: {
-                identifier: {
-                  type: "object",
-                  properties: {
-                    did: {
-                      type: "string"
-                    },
-                    alias: {
-                      type: "string"
-                    },
-                    provider: {
-                      type: "string"
-                    },
-                    controllerKeyId: {
-                      type: "string"
-                    },
-                    keys: {
-                      type: "array",
-                      items: {
-                        type: "object",
-                        properties: {
-                          additionalProperties: true
-                        }
-                      }
-                    },
-                    services: {
-                      type: "array",
-                      items: {
-                        type: "object",
-                        properties: {
-                          additionalProperties: true
-                        }
-                      }
-                    }
-                  },
-                  additionalProperties: false,
-                  required: ["did", "provider", "keys", "services"]
-                },
-                sessionId: {
-                  type: "string"
-                },
-                expiresIn: {
-                  type: "number"
-                },
-                additionalProperties: false
-              },
-              required: ["identifier"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.registerSessionForSiop } "
-            },
-            IRemoveSiopSessionArgs: {
-              type: "object",
-              properties: {
-                sessionId: {
-                  type: "string"
-                },
-                additionalProperties: false
-              },
-              required: ["sessionId"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.removeSessionForSiop } "
-            },
-            IAuthenticateWithSiopArgs: {
-              type: "object",
-              properties: {
-                sessionId: {
-                  type: "string"
-                },
-                stateId: {
-                  type: "string"
-                },
-                redirectUrl: {
-                  type: "string"
-                },
-                additionalProperties: false
-              },
-              required: ["sessionId", "stateId", "redirectUrl"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.authenticateWithSiop } "
-            },
-            IResponse: {
-              type: "object",
-              properties: {
-                status: {
-                  type: "number"
-                },
-                additionalProperties: true
-              },
-              required: ["status"],
-              description: "Result of {@link DidAuthSiopOpAuthenticator.authenticateWithSiop & DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
-            },
-            IGetSiopAuthenticationRequestFromRpArgs: {
-              type: "object",
-              properties: {
-                sessionId: {
-                  type: "string"
-                },
-                stateId: {
-                  type: "string"
-                },
-                redirectUrl: {
-                  type: "string"
-                },
-                additionalProperties: false
-              },
-              required: ["sessionId", "stateId", "redirectUrl"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
-            },
-            ParsedAuthenticationRequestURI: {
-              type: "object",
-              properties: {
-                jwt: {
-                  type: "string"
-                },
-                requestPayload: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                registration: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                additionalProperties: false
-              },
-              required: ["jwt", "requestPayload", "registration"],
-              description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestFromRP } "
-            },
-            IGetSiopAuthenticationRequestDetailsArgs: {
-              type: "object",
-              properties: {
-                sessionId: {
-                  type: "string"
-                },
-                verifiedAuthenticationRequest: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                credentialFilter: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                additionalProperties: false
-              },
-              required: ["sessionId", "verifiedAuthenticationRequest"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
-            },
-            IAuthRequestDetails: {
-              type: "object",
-              properties: {
-                id: {
-                  type: "string"
-                },
-                alsoKnownAs: {
-                  type: "array",
-                  items: {
-                    type: "string"
-                  }
-                },
-                vpResponseOpts: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                additionalProperties: false
-              },
-              required: ["id", "vpResponseOpts"],
-              description: "Result of {@link DidAuthSiopOpAuthenticator.getSiopAuthenticationRequestDetails } "
-            },
-            IVerifySiopAuthenticationRequestUriArgs: {
-              type: "object",
-              properties: {
-                sessionId: {
-                  type: "string"
-                },
-                ParsedAuthenticationRequestURI: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                additionalProperties: false
-              },
-              required: ["sessionId", "ParsedAuthenticationRequestURI"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
-            },
-            VerifiedAuthorizationRequest: {
-              type: "object",
-              properties: {
-                payload: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                presentationDefinitions: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                verifyOpts: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                additionalProperties: false
-              },
-              required: ["payload", "verifyOpts"],
-              description: "Result of {@link DidAuthSiopOpAuthenticator.verifySiopAuthenticationRequestURI } "
-            },
-            ISendSiopAuthenticationResponseArgs: {
-              type: "object",
-              properties: {
-                sessionId: {
-                  type: "string"
-                },
-                verifiedAuthenticationRequest: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                verifiablePresentationResponse: {
-                  type: "object",
-                  properties: {
-                    additionalProperties: true
-                  }
-                },
-                additionalProperties: false
-              },
-              required: ["sessionId", "verifiedAuthenticationRequest"],
-              description: "Arguments needed for {@link DidAuthSiopOpAuthenticator.sendSiopAuthenticationResponse } "
-            }
-          },
-          methods: {
-            getSessionForSiop: {
-              description: "Get SIOP session",
-              arguments: {
-                $ref: "#/components/schemas/IGetSiopSessionArgs"
-              },
-              returnType: "object"
-            },
-            registerSessionForSiop: {
-              description: "Register SIOP session",
-              arguments: {
-                $ref: "#/components/schemas/IRegisterSiopSessionArgs"
-              },
-              returnType: "object"
-            },
-            removeSessionForSiop: {
-              description: "Remove SIOP session",
-              arguments: {
-                $ref: "#/components/schemas/IRemoveSiopSessionArgs"
-              },
-              returnType: "boolean"
-            },
-            authenticateWithSiop: {
-              description: "Authenticate using DID Auth SIOP",
-              arguments: {
-                $ref: "#/components/schemas/IAuthenticateWithSiopArgs"
-              },
-              returnType: {
-                $ref: "#/components/schemas/Response"
-              }
-            },
-            getSiopAuthenticationRequestFromRP: {
-              description: "Get authentication request from RP",
-              arguments: {
-                $ref: "#/components/schemas/IGetSiopAuthenticationRequestFromRpArgs"
-              },
-              returnType: {
-                $ref: "#/components/schemas/ParsedAuthenticationRequestURI"
-              }
-            },
-            getSiopAuthenticationRequestDetails: {
-              description: "Get authentication request details",
-              arguments: {
-                $ref: "#/components/schemas/IGetSiopAuthenticationRequestDetailsArgs"
-              },
-              returnType: {
-                $ref: "#/components/schemas/IAuthRequestDetails"
-              }
-            },
-            verifySiopAuthenticationRequestURI: {
-              description: "Verify authentication request URI",
-              arguments: {
-                $ref: "#/components/schemas/IVerifySiopAuthenticationRequestUriArgs"
-              },
-              returnType: {
-                $ref: "#/components/schemas/VerifiedAuthorizationRequest"
-              }
-            },
-            sendSiopAuthenticationResponse: {
-              description: "Send authentication response",
-              arguments: {
-                $ref: "#/components/schemas/ISendSiopAuthenticationResponseArgs"
-              },
-              returnType: {
-                $ref: "#/components/schemas/IRequiredContext"
-              }
-            }
-          }
-        }
-      }
-    };
-  }
-});
-
-// src/agent/DidAuthSiopOpAuthenticator.ts
-import { decodeUriAsJson, SupportedVersion as SupportedVersion3 } from "@sphereon/did-auth-siop";
-import { ConnectionType as ConnectionType2, CorrelationIdentifierType, CredentialDocumentFormat, CredentialRole as CredentialRole2, DocumentType, IdentityOrigin } from "@sphereon/ssi-sdk.data-store";
-import { Loggers as Loggers4 } from "@sphereon/ssi-types";
-import { v4 as uuidv4 } from "uuid";
-
-// src/session/functions.ts
-import { OP, PassBy, ResponseMode, SupportedVersion } from "@sphereon/did-auth-siop";
-import { SigningAlgo } from "@sphereon/oid4vc-common";
-import { isManagedIdentifierDidOpts, isManagedIdentifierX5cOpts } from "@sphereon/ssi-sdk-ext.identifier-resolution";
-import { createPEXPresentationSignCallback } from "@sphereon/ssi-sdk.presentation-exchange";
-import { EventEmitter } from "events";
-async function createOID4VPPresentationSignCallback({ presentationSignCallback, idOpts: idOpts1, domain, fetchRemoteContexts, challenge, format, context, skipDidResolution }) {
-  if (typeof presentationSignCallback === "function") {
-    return presentationSignCallback;
-  }
-  return createPEXPresentationSignCallback({
-    idOpts: idOpts1,
-    fetchRemoteContexts,
-    domain,
-    challenge,
-    format,
-    skipDidResolution
-  }, context);
-}
-__name(createOID4VPPresentationSignCallback, "createOID4VPPresentationSignCallback");
-async function createOPBuilder({ opOptions, idOpts: idOpts1, context }) {
-  const eventEmitter = opOptions.eventEmitter ?? new EventEmitter();
-  const builder = OP.builder().withResponseMode(opOptions.responseMode ?? ResponseMode.DIRECT_POST).withSupportedVersions(opOptions.supportedVersions ?? [
-    SupportedVersion.SIOPv2_ID1,
-    SupportedVersion.JWT_VC_PRESENTATION_PROFILE_v1,
-    SupportedVersion.SIOPv2_D11,
-    SupportedVersion.SIOPv2_D12_OID4VP_D18
-  ]).withExpiresIn(opOptions.expiresIn ?? 300).withEventEmitter(eventEmitter).withRegistration({
-    passBy: PassBy.VALUE
-  });
-  const wellknownDIDVerifyCallback = opOptions.wellknownDIDVerifyCallback ? opOptions.wellknownDIDVerifyCallback : async (args) => {
-    const result = await context.agent.cvVerifyCredential({
-      credential: args.credential,
-      fetchRemoteContexts: true
-    });
-    return {
-      verified: result.result
-    };
-  };
-  builder.withVerifyJwtCallback(opOptions.verifyJwtCallback ? opOptions.verifyJwtCallback : getVerifyJwtCallback({
-    verifyOpts: {
-      wellknownDIDVerifyCallback,
-      checkLinkedDomain: "if_present"
-    }
-  }, context));
-  if (idOpts1) {
-    if (opOptions.skipDidResolution && isManagedIdentifierDidOpts(idOpts1)) {
-      idOpts1.offlineWhenNoDIDRegistered = true;
-    }
-    const createJwtCallback = createJwtCallbackWithIdOpts(idOpts1, context);
-    builder.withCreateJwtCallback(createJwtCallback);
-    builder.withPresentationSignCallback(await createOID4VPPresentationSignCallback({
-      presentationSignCallback: opOptions.presentationSignCallback,
-      skipDidResolution: opOptions.skipDidResolution ?? false,
-      idOpts: idOpts1,
-      context
-    }));
-  } else {
-    const createJwtCallback = createJwtCallbackWithOpOpts(opOptions, context);
-    builder.withCreateJwtCallback(createJwtCallback);
-  }
-  return builder;
-}
-__name(createOPBuilder, "createOPBuilder");
-function createJwtCallbackWithIdOpts(idOpts1, context) {
-  return async (jwtIssuer, jwt) => {
-    let issuer;
-    if (isManagedIdentifierDidOpts(idOpts1)) {
-      issuer = {
-        ...idOpts1,
-        method: idOpts1.method,
-        noIdentifierInHeader: false
-      };
-    } else if (isManagedIdentifierX5cOpts(idOpts1)) {
-      issuer = {
-        ...idOpts1,
-        method: idOpts1.method,
-        noIdentifierInHeader: false
-      };
-    } else {
-      return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`));
-    }
-    const result = await context.agent.jwtCreateJwsCompactSignature({
-      issuer,
-      protectedHeader: jwt.header,
-      payload: jwt.payload
-    });
-    return result.jwt;
-  };
-}
-__name(createJwtCallbackWithIdOpts, "createJwtCallbackWithIdOpts");
-function createJwtCallbackWithOpOpts(opOpts, context) {
-  return async (jwtIssuer, jwt) => {
-    let identifier;
-    if (jwtIssuer.method == "did") {
-      identifier = jwtIssuer.didUrl;
-    } else if (jwtIssuer.method == "x5c") {
-      identifier = jwtIssuer.x5c;
-    } else {
-      return Promise.reject(Error(`JWT issuer method ${jwtIssuer.method} not yet supported`));
-    }
-    const result = await context.agent.jwtCreateJwsCompactSignature({
-      // FIXME fix cose-key inference
-      // @ts-ignore
-      issuer: {
-        identifier,
-        kmsKeyRef: idOpts.kmsKeyRef,
-        noIdentifierInHeader: false
-      },
-      // FIXME fix JWK key_ops
-      // @ts-ignore
-      protectedHeader: jwt.header,
-      payload: jwt.payload
-    });
-    return result.jwt;
-  };
-}
-__name(createJwtCallbackWithOpOpts, "createJwtCallbackWithOpOpts");
-function getVerifyJwtCallback(_opts, context) {
-  return async (_jwtVerifier, jwt) => {
-    const result = await context.agent.jwtVerifyJwsSignature({
-      jws: jwt.raw
-    });
-    console.log(result.message);
-    return !result.error;
-  };
-}
-__name(getVerifyJwtCallback, "getVerifyJwtCallback");
-async function createOP({ opOptions, idOpts: idOpts1, context }) {
-  return (await createOPBuilder({
-    opOptions,
-    idOpts: idOpts1,
-    context
-  })).build();
-}
-__name(createOP, "createOP");
-function getSigningAlgo(type) {
-  switch (type) {
-    case "Ed25519":
-      return SigningAlgo.EDDSA;
-    case "Secp256k1":
-      return SigningAlgo.ES256K;
-    case "Secp256r1":
-      return SigningAlgo.ES256;
-    // @ts-ignore
-    case "RSA":
-      return SigningAlgo.RS256;
-    default:
-      throw Error("Key type not yet supported");
-  }
-}
-__name(getSigningAlgo, "getSigningAlgo");
-
-// src/session/OID4VP.ts
-import { PresentationExchange } from "@sphereon/did-auth-siop";
-import { Status } from "@sphereon/pex";
-import { isManagedIdentifierDidResult, isOID4VCIssuerIdentifier } from "@sphereon/ssi-sdk-ext.identifier-resolution";
-import { defaultHasher } from "@sphereon/ssi-sdk.core";
-import { verifiableCredentialForRoleFilter } from "@sphereon/ssi-sdk.credential-store";
-
-// src/types/IDidAuthSiopOpAuthenticator.ts
-var LOGGER_NAMESPACE = "sphereon:siopv2-oid4vp:op-auth";
-var events = /* @__PURE__ */ function(events2) {
-  events2["DID_SIOP_AUTHENTICATED"] = "didSiopAuthenticated";
-  return events2;
-}({});
-var DEFAULT_JWT_PROOF_TYPE = "JwtProof2020";
-
-// src/types/siop-service/index.ts
-var Siopv2HolderEvent = /* @__PURE__ */ function(Siopv2HolderEvent2) {
-  Siopv2HolderEvent2["CONTACT_IDENTITY_CREATED"] = "contact_identity_created";
-  Siopv2HolderEvent2["IDENTIFIER_CREATED"] = "identifier_created";
-  return Siopv2HolderEvent2;
-}({});
-var SupportedLanguage = /* @__PURE__ */ function(SupportedLanguage2) {
-  SupportedLanguage2["ENGLISH"] = "en";
-  SupportedLanguage2["DUTCH"] = "nl";
-  return SupportedLanguage2;
-}({});
-
-// src/types/machine/index.ts
-var Siopv2MachineStates = /* @__PURE__ */ function(Siopv2MachineStates2) {
-  Siopv2MachineStates2["createConfig"] = "createConfig";
-  Siopv2MachineStates2["getSiopRequest"] = "getSiopRequest";
-  Siopv2MachineStates2["getSelectableCredentials"] = "getSelectableCredentials";
-  Siopv2MachineStates2["retrieveContact"] = "retrieveContact";
-  Siopv2MachineStates2["transitionFromSetup"] = "transitionFromSetup";
-  Siopv2MachineStates2["addContact"] = "addContact";
-  Siopv2MachineStates2["addContactIdentity"] = "addContactIdentity";
-  Siopv2MachineStates2["selectCredentials"] = "selectCredentials";
-  Siopv2MachineStates2["sendResponse"] = "sendResponse";
-  Siopv2MachineStates2["handleError"] = "handleError";
-  Siopv2MachineStates2["aborted"] = "aborted";
-  Siopv2MachineStates2["declined"] = "declined";
-  Siopv2MachineStates2["error"] = "error";
-  Siopv2MachineStates2["done"] = "done";
-  return Siopv2MachineStates2;
-}({});
-var Siopv2MachineAddContactStates = /* @__PURE__ */ function(Siopv2MachineAddContactStates2) {
-  Siopv2MachineAddContactStates2["idle"] = "idle";
-  Siopv2MachineAddContactStates2["executing"] = "executing";
-  Siopv2MachineAddContactStates2["next"] = "next";
-  return Siopv2MachineAddContactStates2;
-}({});
-var Siopv2MachineEvents = /* @__PURE__ */ function(Siopv2MachineEvents2) {
-  Siopv2MachineEvents2["NEXT"] = "NEXT";
-  Siopv2MachineEvents2["PREVIOUS"] = "PREVIOUS";
-  Siopv2MachineEvents2["DECLINE"] = "DECLINE";
-  Siopv2MachineEvents2["SET_CONTACT_ALIAS"] = "SET_CONTACT_ALIAS";
-  Siopv2MachineEvents2["SET_CONTACT_CONSENT"] = "SET_CONTACT_CONSENT";
-  Siopv2MachineEvents2["CREATE_CONTACT"] = "CREATE_CONTACT";
-  Siopv2MachineEvents2["SET_SELECTED_CREDENTIALS"] = "SET_SELECTED_CREDENTIALS";
-  return Siopv2MachineEvents2;
-}({});
-var Siopv2MachineGuards = /* @__PURE__ */ function(Siopv2MachineGuards2) {
-  Siopv2MachineGuards2["hasNoContactGuard"] = "Siopv2HasNoContactGuard";
-  Siopv2MachineGuards2["createContactGuard"] = "Siopv2CreateContactGuard";
-  Siopv2MachineGuards2["hasContactGuard"] = "Siopv2HasContactGuard";
-  Siopv2MachineGuards2["hasAuthorizationRequestGuard"] = "Siopv2HasAuthorizationRequestGuard";
-  Siopv2MachineGuards2["hasSelectableCredentialsAndContactGuard"] = "Siopv2HasSelectableCredentialsAndContactGuard";
-  Siopv2MachineGuards2["hasSelectedRequiredCredentialsGuard"] = "Siopv2HasSelectedRequiredCredentialsGuard";
-  Siopv2MachineGuards2["siopOnlyGuard"] = "Siopv2IsSiopOnlyGuard";
-  Siopv2MachineGuards2["siopWithOID4VPGuard"] = "Siopv2IsSiopWithOID4VPGuard";
-  return Siopv2MachineGuards2;
-}({});
-var Siopv2MachineServices = /* @__PURE__ */ function(Siopv2MachineServices2) {
-  Siopv2MachineServices2["getSiopRequest"] = "getSiopRequest";
-  Siopv2MachineServices2["getSelectableCredentials"] = "getSelectableCredentials";
-  Siopv2MachineServices2["retrieveContact"] = "retrieveContact";
-  Siopv2MachineServices2["addContactIdentity"] = "addContactIdentity";
-  Siopv2MachineServices2["sendResponse"] = "sendResponse";
-  Siopv2MachineServices2["createConfig"] = "createConfig";
-  return Siopv2MachineServices2;
-}({});
-
-// src/types/identifier/index.ts
-var DID_PREFIX = "did";
-
-// src/session/OID4VP.ts
-var OID4VP = class _OID4VP {
-  static {
-    __name(this, "OID4VP");
-  }
-  session;
-  allIdentifiers;
-  hasher;
-  constructor(args) {
-    const { session, allIdentifiers, hasher = defaultHasher } = args;
-    this.session = session;
-    this.allIdentifiers = allIdentifiers ?? [];
-    this.hasher = hasher;
-  }
-  static async init(session, allIdentifiers, hasher) {
-    return new _OID4VP({
-      session,
-      allIdentifiers: allIdentifiers ?? await session.getSupportedDIDs(),
-      hasher
-    });
-  }
-  async getPresentationDefinitions() {
-    const definitions = await this.session.getPresentationDefinitions();
-    if (definitions) {
-      PresentationExchange.assertValidPresentationDefinitionWithLocations(definitions);
-    }
-    return definitions;
-  }
-  getPresentationExchange(args) {
-    const { verifiableCredentials, allIdentifiers, hasher } = args;
-    return new PresentationExchange({
-      allDIDs: allIdentifiers ?? this.allIdentifiers,
-      allVerifiableCredentials: verifiableCredentials,
-      hasher: hasher ?? this.hasher
-    });
-  }
-  async createVerifiablePresentations(credentialRole, credentialsWithDefinitions, opts) {
-    return await Promise.all(credentialsWithDefinitions.map((cred) => this.createVerifiablePresentation(credentialRole, cred, opts)));
-  }
-  async createVerifiablePresentation(credentialRole, selectedVerifiableCredentials, opts) {
-    const { subjectIsHolder, holder, forceNoCredentialsInVP = false } = {
-      ...opts
-    };
-    if (subjectIsHolder && holder) {
-      throw Error("Cannot both have subject is holder and a holderDID value at the same time (programming error)");
-    }
-    if (forceNoCredentialsInVP) {
-      selectedVerifiableCredentials.credentials = [];
-    } else if (!selectedVerifiableCredentials?.credentials || selectedVerifiableCredentials.credentials.length === 0) {
-      throw Error("No verifiable verifiableCredentials provided for presentation definition");
-    }
-    const proofOptions = {
-      ...opts?.proofOpts,
-      challenge: opts?.proofOpts?.nonce ?? opts?.proofOpts?.challenge ?? this.session.nonce,
-      domain: opts?.proofOpts?.domain ?? await this.session.getRedirectUri()
-    };
-    let idOpts2 = opts?.idOpts;
-    if (!idOpts2) {
-      if (opts?.subjectIsHolder) {
-        if (forceNoCredentialsInVP) {
-          return Promise.reject(Error(`Cannot have subject is holder, when force no credentials is being used, as we could never determine the holder then. Please provide holderDID`));
-        }
-        const firstUniqueDC = selectedVerifiableCredentials.credentials[0];
-        if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
-          return Promise.reject(Error("If no opts provided, credentials should be of type UniqueDigitalCredential"));
-        }
-        idOpts2 = isOID4VCIssuerIdentifier(firstUniqueDC.digitalCredential.kmsKeyRef) ? await this.session.context.agent.identifierManagedGetByIssuer({
-          identifier: firstUniqueDC.digitalCredential.kmsKeyRef
-        }) : await this.session.context.agent.identifierManagedGetByKid({
-          identifier: firstUniqueDC.digitalCredential.kmsKeyRef,
-          kmsKeyRef: firstUniqueDC.digitalCredential.kmsKeyRef
-        });
-      } else if (opts?.holder) {
-        idOpts2 = {
-          identifier: opts.holder
-        };
-      }
-    }
-    const vcs = forceNoCredentialsInVP ? selectedVerifiableCredentials : opts?.applyFilter ? await this.filterCredentials(credentialRole, selectedVerifiableCredentials.definition, {
-      restrictToFormats: opts?.restrictToFormats,
-      restrictToDIDMethods: opts?.restrictToDIDMethods,
-      filterOpts: {
-        verifiableCredentials: selectedVerifiableCredentials.credentials
-      }
-    }) : {
-      definition: selectedVerifiableCredentials.definition,
-      credentials: selectedVerifiableCredentials.credentials
-    };
-    if (!idOpts2) {
-      return Promise.reject(Error(`No identifier options present at this point`));
-    }
-    const signCallback = await createOID4VPPresentationSignCallback({
-      presentationSignCallback: this.session.options.presentationSignCallback,
-      idOpts: idOpts2,
-      context: this.session.context,
-      domain: proofOptions.domain,
-      challenge: proofOptions.challenge,
-      format: opts?.restrictToFormats ?? selectedVerifiableCredentials.definition.definition.format,
-      skipDidResolution: opts?.skipDidResolution ?? false
-    });
-    const identifier = await this.session.context.agent.identifierManagedGet(idOpts2);
-    const verifiableCredentials = vcs.credentials.map((credential) => typeof credential === "object" && "digitalCredential" in credential ? credential.originalVerifiableCredential : credential);
-    const presentationResult = await this.getPresentationExchange({
-      verifiableCredentials,
-      allIdentifiers: this.allIdentifiers,
-      hasher: opts?.hasher
-    }).createVerifiablePresentation(vcs.definition.definition, verifiableCredentials, signCallback, {
-      proofOptions,
-      // fixme: Update to newer siop-vp to not require dids here. But when Veramo is creating the VP it's still looking at this field to pass into didManagerGet
-      ...identifier && isManagedIdentifierDidResult(identifier) && {
-        holderDID: identifier.did
-      }
-    });
-    const verifiablePresentations = presentationResult.verifiablePresentations.map((verifiablePresentation) => typeof verifiablePresentation !== "string" && "proof" in verifiablePresentation && "jwt" in verifiablePresentation.proof && verifiablePresentation.proof.jwt ? verifiablePresentation.proof.jwt : verifiablePresentation);
-    return {
-      ...presentationResult,
-      verifiablePresentations,
-      verifiableCredentials,
-      definition: selectedVerifiableCredentials.definition,
-      idOpts: idOpts2
-    };
-  }
-  async filterCredentialsAgainstAllDefinitions(credentialRole, opts) {
-    const defs = await this.getPresentationDefinitions();
-    const result = [];
-    if (defs) {
-      for (const definition of defs) {
-        result.push(await this.filterCredentials(credentialRole, definition, opts));
-      }
-    }
-    return result;
-  }
-  async filterCredentials(credentialRole, presentationDefinition, opts) {
-    const udcMap = /* @__PURE__ */ new Map();
-    opts?.filterOpts?.verifiableCredentials?.forEach((credential) => {
-      if (typeof credential === "object" && "digitalCredential" in credential) {
-        udcMap.set(credential.originalVerifiableCredential, credential);
-      } else {
-        udcMap.set(credential, credential);
-      }
-    });
-    const credentials = (await this.filterCredentialsWithSelectionStatus(credentialRole, presentationDefinition, {
-      ...opts,
-      filterOpts: {
-        verifiableCredentials: opts?.filterOpts?.verifiableCredentials?.map((credential) => {
-          if (typeof credential === "object" && "digitalCredential" in credential) {
-            return credential.originalVerifiableCredential;
-          } else {
-            return credential;
-          }
-        })
-      }
-    })).verifiableCredential;
-    return {
-      definition: presentationDefinition,
-      credentials: credentials?.map((vc) => udcMap.get(vc)) ?? []
-    };
-  }
-  async filterCredentialsWithSelectionStatus(credentialRole, presentationDefinition, opts) {
-    const selectionResults = await this.getPresentationExchange({
-      verifiableCredentials: await this.getCredentials(credentialRole, opts?.filterOpts)
-    }).selectVerifiableCredentialsForSubmission(presentationDefinition.definition, opts);
-    if (selectionResults.errors && selectionResults.errors.length > 0) {
-      throw Error(JSON.stringify(selectionResults.errors));
-    } else if (selectionResults.areRequiredCredentialsPresent === Status.ERROR) {
-      throw Error(`Not all required credentials are available to satisfy the relying party's request`);
-    }
-    const matches = selectionResults.matches;
-    if (!matches || matches.length === 0 || !selectionResults.verifiableCredential || selectionResults.verifiableCredential.length === 0) {
-      throw Error(JSON.stringify(selectionResults.errors));
-    }
-    return selectionResults;
-  }
-  async getCredentials(credentialRole, filterOpts) {
-    if (filterOpts?.verifiableCredentials && filterOpts.verifiableCredentials.length > 0) {
-      return filterOpts.verifiableCredentials;
-    }
-    const filter = verifiableCredentialForRoleFilter(credentialRole, filterOpts?.filter);
-    const uniqueCredentials = await this.session.context.agent.crsGetUniqueCredentials({
-      filter
-    });
-    return uniqueCredentials.map((uniqueVC) => {
-      const vc = uniqueVC.uniformVerifiableCredential;
-      const proof = Array.isArray(vc.proof) ? vc.proof : [
-        vc.proof
-      ];
-      const jwtProof = proof.find((p) => p?.type === DEFAULT_JWT_PROOF_TYPE);
-      return jwtProof ? jwtProof.jwt : vc;
-    });
-  }
-};
-
-// src/session/OpSession.ts
-import { OP as OP2, URI } from "@sphereon/did-auth-siop";
-import { getAgentDIDMethods, getAgentResolver } from "@sphereon/ssi-sdk-ext.did-utils";
-import { encodeBase64url } from "@sphereon/ssi-sdk.core";
-import { CredentialMapper, parseDid } from "@sphereon/ssi-types";
-import { v4 } from "uuid";
-import { PEX } from "@sphereon/pex";
-import { Loggers } from "@sphereon/ssi-types";
-var logger = Loggers.DEFAULT.get("sphereon:oid4vp:OpSession");
-var OpSession = class _OpSession {
-  static {
-    __name(this, "OpSession");
-  }
-  ts = (/* @__PURE__ */ new Date()).getDate();
-  id;
-  options;
-  context;
-  requestJwtOrUri;
-  verifiedAuthorizationRequest;
-  _nonce;
-  _state;
-  _providedPresentationDefinitions;
-  constructor(options) {
-    this.id = options.sessionId;
-    this.options = options.op;
-    this.context = options.context;
-    this.requestJwtOrUri = options.requestJwtOrUri;
-    this._providedPresentationDefinitions = options.providedPresentationDefinitions;
-  }
-  static async init(options) {
-    return new _OpSession(options);
-  }
-  async getAuthorizationRequest() {
-    if (!this.verifiedAuthorizationRequest) {
-      const op = await createOP({
-        opOptions: this.options,
-        context: this.context
-      });
-      this.verifiedAuthorizationRequest = await op.verifyAuthorizationRequest(this.requestJwtOrUri);
-      this._nonce = await this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty("nonce");
-      this._state = await this.verifiedAuthorizationRequest.authorizationRequest.getMergedProperty("state");
-      await this.getSupportedDIDMethods();
-    }
-    return this.verifiedAuthorizationRequest;
-  }
-  async getAuthorizationRequestURI() {
-    return await URI.fromAuthorizationRequest((await this.getAuthorizationRequest()).authorizationRequest);
-  }
-  get nonce() {
-    if (!this._nonce) {
-      throw Error("No nonce available. Please get authorization request first");
-    }
-    return this._nonce;
-  }
-  get state() {
-    if (!this._state) {
-      throw Error("No state available. Please get authorization request first");
-    }
-    return this._state;
-  }
-  clear() {
-    this._nonce = void 0;
-    this._state = void 0;
-    this.verifiedAuthorizationRequest = void 0;
-    return this;
-  }
-  async getSupportedDIDMethods(didPrefix) {
-    const agentMethods = this.getAgentDIDMethodsSupported({
-      didPrefix
-    });
-    let rpMethods = await this.getRPDIDMethodsSupported({
-      didPrefix,
-      agentMethods
-    });
-    logger.debug(`RP supports subject syntax types: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
-    if (rpMethods.dids.length === 0) {
-      logger.debug(`RP does not support DIDs. Supported: ${JSON.stringify(this.getSubjectSyntaxTypesSupported())}`);
-      return [];
-    }
-    let intersection;
-    if (rpMethods.dids.includes("did")) {
-      intersection = agentMethods && agentMethods.length > 0 ? agentMethods : (await getAgentDIDMethods(this.context)).map((method) => convertDidMethod(method, didPrefix));
-    } else if (!agentMethods || agentMethods.length === 0) {
-      intersection = rpMethods.dids?.map((method) => convertDidMethod(method, didPrefix));
-    } else {
-      intersection = agentMethods.filter((value) => rpMethods.dids.includes(value));
-    }
-    if (intersection.length === 0) {
-      throw Error("No matching DID methods between agent and relying party");
-    }
-    return intersection.map((value) => convertDidMethod(value, didPrefix));
-  }
-  getAgentDIDMethodsSupported(opts) {
-    const agentMethods = this.options.supportedDIDMethods?.map((method) => convertDidMethod(method, opts.didPrefix));
-    logger.debug(`agent methods: ${JSON.stringify(agentMethods)}`);
-    return agentMethods;
-  }
-  async getSubjectSyntaxTypesSupported() {
-    const authReq = await this.getAuthorizationRequest();
-    const subjectSyntaxTypesSupported = authReq.registrationMetadataPayload?.subject_syntax_types_supported;
-    return subjectSyntaxTypesSupported ?? [];
-  }
-  async getRPDIDMethodsSupported(opts) {
-    let keyType;
-    const agentMethods = (opts.agentMethods ?? this.getAgentDIDMethodsSupported(opts))?.map((method) => convertDidMethod(method, opts.didPrefix)) ?? [];
-    logger.debug(`agent methods supported: ${JSON.stringify(agentMethods)}`);
-    const authReq = await this.getAuthorizationRequest();
-    const subjectSyntaxTypesSupported = authReq.registrationMetadataPayload?.subject_syntax_types_supported?.map((method) => convertDidMethod(method, opts.didPrefix)).filter((val) => !val.startsWith("did"));
-    logger.debug(`subject syntax types supported in rp method supported: ${JSON.stringify(subjectSyntaxTypesSupported)}`);
-    const aud = await authReq.authorizationRequest.getMergedProperty("aud");
-    let rpMethods = [];
-    if (aud && aud.startsWith("did:")) {
-      const didMethod = convertDidMethod(parseDid(aud).method, opts.didPrefix);
-      logger.debug(`aud did method: ${didMethod}`);
-      if (subjectSyntaxTypesSupported && subjectSyntaxTypesSupported.length > 0 && !subjectSyntaxTypesSupported.includes("did") && !subjectSyntaxTypesSupported.includes(didMethod)) {
-        throw Error(`The aud DID method ${didMethod} is not in the supported types ${subjectSyntaxTypesSupported}`);
-      }
-      rpMethods = [
-        didMethod
-      ];
-    } else if (subjectSyntaxTypesSupported) {
-      rpMethods = (Array.isArray(subjectSyntaxTypesSupported) ? subjectSyntaxTypesSupported : [
-        subjectSyntaxTypesSupported
-      ]).map((method) => convertDidMethod(method, opts.didPrefix));
-    }
-    const isEBSI = rpMethods.length === 0 && (authReq.issuer?.includes(".ebsi.eu") || (await authReq.authorizationRequest.getMergedProperty("client_id"))?.includes(".ebsi.eu"));
-    let codecName = void 0;
-    if (isEBSI && (!aud || !aud.startsWith("http"))) {
-      logger.debug(`EBSI detected, adding did:key to supported DID methods for RP`);
-      const didKeyMethod = convertDidMethod("did:key", opts.didPrefix);
-      if (!agentMethods?.includes(didKeyMethod)) {
-        throw Error(`EBSI detected, but agent did not support did:key. Please reconfigure agent`);
-      }
-      rpMethods = [
-        didKeyMethod
-      ];
-      keyType = "Secp256r1";
-      codecName = "jwk_jcs-pub";
-    }
-    return {
-      dids: rpMethods,
-      codecName,
-      keyType
-    };
-  }
-  async getSupportedIdentifiers(opts) {
-    const methods = await this.getSupportedDIDMethods(true);
-    logger.debug(`supported DID methods (did: prefix = true): ${JSON.stringify(methods)}`);
-    if (methods.length === 0) {
-      throw Error(`No DID methods are supported`);
-    }
-    const identifiers = await this.context.agent.didManagerFind().then((ids) => ids.filter((id) => methods.includes(id.provider)));
-    if (identifiers.length === 0) {
-      logger.debug(`No identifiers available in agent supporting methods ${JSON.stringify(methods)}`);
-      if (opts?.createInCaseNoDIDFound !== false) {
-        const { codecName, keyType } = await this.getRPDIDMethodsSupported({
-          didPrefix: true,
-          agentMethods: methods
-        });
-        const identifier = await this.context.agent.didManagerCreate({
-          provider: methods[0],
-          options: {
-            codecName,
-            keyType,
-            type: keyType
-          }
-        });
-        logger.debug(`Created a new identifier for the SIOP interaction: ${identifier.did}`);
-        identifiers.push(identifier);
-      }
-    }
-    logger.debug(`supported identifiers: ${JSON.stringify(identifiers.map((id) => id.did))}`);
-    return identifiers;
-  }
-  async getSupportedDIDs() {
-    return (await this.getSupportedIdentifiers()).map((id) => id.did);
-  }
-  async getRedirectUri() {
-    return Promise.resolve(this.verifiedAuthorizationRequest.responseURI);
-  }
-  async hasPresentationDefinitions() {
-    const defs = this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions;
-    return defs !== void 0 && defs.length > 0;
-  }
-  async getPresentationDefinitions() {
-    if (!await this.hasPresentationDefinitions()) {
-      throw Error(`No presentation definitions found`);
-    }
-    return this._providedPresentationDefinitions ?? (await this.getAuthorizationRequest()).presentationDefinitions;
-  }
-  async getOID4VP(args) {
-    return await OID4VP.init(this, args.allIdentifiers ?? [], args.hasher);
-  }
-  createPresentationVerificationCallback(context) {
-    async function presentationVerificationCallback(args, presentationSubmission) {
-      let result;
-      if (CredentialMapper.isSdJwtEncoded(args)) {
-        try {
-          const sdJwtResult = await context.agent.verifySdJwtPresentation({
-            presentation: args
-          });
-          result = {
-            verified: "header" in sdJwtResult,
-            error: "header" in sdJwtResult ? void 0 : {
-              message: "could not verify SD JWT presentation"
-            }
-          };
-        } catch (error) {
-          result = {
-            verified: false,
-            error: {
-              message: error.message
-            }
-          };
-        }
-      } else {
-        result = await context.agent.verifyPresentation({
-          presentation: args
-        });
-      }
-      return result;
-    }
-    __name(presentationVerificationCallback, "presentationVerificationCallback");
-    return presentationVerificationCallback;
-  }
-  async createJarmResponseCallback({ responseOpts }) {
-    const agent = this.context.agent;
-    return /* @__PURE__ */ __name(async function jarmResponse(opts) {
-      const { clientMetadata, requestObjectPayload, authorizationResponsePayload: authResponse } = opts;
-      const jwk = await OP2.extractEncJwksFromClientMetadata(clientMetadata);
-      const recipientKey = await agent.identifierExternalResolveByJwk({
-        identifier: jwk
-      });
-      return await agent.jwtEncryptJweCompactJwt({
-        recipientKey,
-        protectedHeader: {},
-        alg: requestObjectPayload.client_metadata.authorization_encrypted_response_alg ?? "ECDH-ES",
-        enc: requestObjectPayload.client_metadata.authorization_encrypted_response_enc ?? "A256GCM",
-        apv: encodeBase64url(opts.requestObjectPayload.nonce),
-        apu: encodeBase64url(v4()),
-        payload: authResponse,
-        issuer: responseOpts.issuer,
-        audience: responseOpts.audience
-      }).then((result) => {
-        return {
-          response: result.jwt
-        };
-      });
-    }, "jarmResponse");
-  }
-  async sendAuthorizationResponse(args) {
-    const resolveOpts = this.options.resolveOpts ?? {
-      resolver: getAgentResolver(this.context, {
-        uniresolverResolution: true,
-        localResolution: true,
-        resolverResolution: true
-      })
-    };
-    if (!resolveOpts.subjectSyntaxTypesSupported || resolveOpts.subjectSyntaxTypesSupported.length === 0) {
-      resolveOpts.subjectSyntaxTypesSupported = await this.getSupportedDIDMethods(true);
-    }
-    const verification = {
-      presentationVerificationCallback: this.createPresentationVerificationCallback(this.context)
-    };
-    const request = await this.getAuthorizationRequest();
-    const hasDefinitions = await this.hasPresentationDefinitions();
-    if (hasDefinitions) {
-      const totalInputDescriptors = request.presentationDefinitions?.reduce((sum, pd) => {
-        return sum + pd.definition.input_descriptors.length;
-      }, 0);
-      const totalVCs = args.verifiablePresentations ? this.countVCsInAllVPs(args.verifiablePresentations, args.hasher) : 0;
-      if (!request.presentationDefinitions || !args.verifiablePresentations || totalVCs !== totalInputDescriptors) {
-        throw Error(`Amount of presentations ${args.verifiablePresentations?.length}, doesn't match expected ${request.presentationDefinitions?.length}`);
-      } else if (!args.presentationSubmission) {
-        throw Error(`Presentation submission is required when verifiable presentations are required`);
-      }
-    }
-    const verifiablePresentations = args.verifiablePresentations ? args.verifiablePresentations.map((vp) => CredentialMapper.storedPresentationToOriginalFormat(vp)) : [];
-    const op = await createOP({
-      opOptions: {
-        ...this.options,
-        resolveOpts: {
-          ...this.options.resolveOpts
-        },
-        eventEmitter: this.options.eventEmitter,
-        presentationSignCallback: this.options.presentationSignCallback,
-        wellknownDIDVerifyCallback: this.options.wellknownDIDVerifyCallback,
-        supportedVersions: request.versions
-      },
-      idOpts: args.responseSignerOpts,
-      context: this.context
-    });
-    let issuer = args.responseSignerOpts.issuer;
-    const responseOpts = {
-      verification,
-      issuer,
-      ...args.isFirstParty && {
-        isFirstParty: args.isFirstParty
-      },
-      ...args.verifiablePresentations && {
-        presentationExchange: {
-          verifiablePresentations,
-          presentationSubmission: args.presentationSubmission
-        }
-      },
-      dcqlQuery: args.dcqlResponse
-    };
-    const authResponse = await op.createAuthorizationResponse(request, responseOpts);
-    const response = await op.submitAuthorizationResponse(authResponse, await this.createJarmResponseCallback({
-      responseOpts
-    }));
-    if (response.status >= 400) {
-      throw Error(`Error ${response.status}: ${response.statusText || await response.text()}`);
-    } else {
-      return response;
-    }
-  }
-  countVCsInAllVPs(verifiablePresentations, hasher) {
-    return verifiablePresentations.reduce((sum, vp) => {
-      if (CredentialMapper.isMsoMdocDecodedPresentation(vp) || CredentialMapper.isMsoMdocOid4VPEncoded(vp)) {
-        return sum + 1;
-      }
-      const uvp = CredentialMapper.toUniformPresentation(vp, {
-        hasher: hasher ?? this.options.hasher
-      });
-      if (uvp.verifiableCredential?.length) {
-        return sum + uvp.verifiableCredential?.length;
-      }
-      const isSdJWT = CredentialMapper.isSdJwtDecodedCredential(uvp);
-      if (isSdJWT || uvp.verifiableCredential && !PEX.allowMultipleVCsPerPresentation(uvp.verifiableCredential)) {
-        return sum + 1;
-      }
-      return sum;
-    }, 0);
-  }
-};
-function convertDidMethod(didMethod, didPrefix) {
-  if (didPrefix === false) {
-    return didMethod.startsWith("did:") ? didMethod.toLowerCase().replace("did:", "") : didMethod.toLowerCase();
-  }
-  return didMethod.startsWith("did:") ? didMethod.toLowerCase() : `did:${didMethod.toLowerCase().replace("did:", "")}`;
-}
-__name(convertDidMethod, "convertDidMethod");
-
-// src/agent/DidAuthSiopOpAuthenticator.ts
-import { PEX as PEX3, Status as Status2 } from "@sphereon/pex";
-import { computeEntryHash } from "@veramo/utils";
-import { DcqlQuery as DcqlQuery2 } from "dcql";
-
-// src/machine/Siopv2Machine.ts
-import { assign, createMachine, interpret } from "xstate";
-
-// src/localization/Localization.ts
-import i18n from "i18n-js";
-import memoize from "lodash.memoize";
-var Localization = class Localization2 {
-  static {
-    __name(this, "Localization");
-  }
-  static translationGetters = {
-    [SupportedLanguage.ENGLISH]: () => require_en(),
-    [SupportedLanguage.DUTCH]: () => require_nl()
-  };
-  static translate = memoize((key, config) => {
-    if (Object.keys(i18n.translations).length === 0) {
-      i18n.translations = {
-        [SupportedLanguage.ENGLISH]: Localization2.translationGetters[SupportedLanguage.ENGLISH]()
-      };
-      i18n.locale = SupportedLanguage.ENGLISH;
-    } else {
-      i18n.translations = {
-        [i18n.locale]: {
-          ...i18n.translations[i18n.locale],
-          ...Localization2.translationGetters[this.findSupportedLanguage(i18n.locale) || SupportedLanguage.ENGLISH]()
-        }
-      };
-    }
-    return i18n.t(key, config);
-  }, (key, config) => config ? key + JSON.stringify(config) : key);
-  static findSupportedLanguage = /* @__PURE__ */ __name((locale) => {
-    for (const language of Object.values(SupportedLanguage)) {
-      if (language === locale) {
-        return language;
-      }
-    }
-    return void 0;
-  }, "findSupportedLanguage");
-  static getLocale = /* @__PURE__ */ __name(() => {
-    return i18n.locale || SupportedLanguage.ENGLISH;
-  }, "getLocale");
-};
-var translate = Localization.translate;
-
-// src/machine/Siopv2Machine.ts
-import { Loggers as Loggers2 } from "@sphereon/ssi-types";
-var logger2 = Loggers2.DEFAULT.get(LOGGER_NAMESPACE);
-var Siopv2HasNoContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contact } = _ctx;
-  return contact === void 0;
-}, "Siopv2HasNoContactGuard");
-var Siopv2HasContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contact } = _ctx;
-  return contact !== void 0;
-}, "Siopv2HasContactGuard");
-var Siopv2HasAuthorizationRequestGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { authorizationRequestData } = _ctx;
-  return authorizationRequestData !== void 0;
-}, "Siopv2HasAuthorizationRequestGuard");
-var Siopv2HasSelectableCredentialsAndContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { authorizationRequestData, contact } = _ctx;
-  if (!authorizationRequestData) {
-    throw new Error("Missing authorization request data in context");
-  }
-  if (!contact) {
-    throw new Error("Missing contact request data in context");
-  }
-  return authorizationRequestData.presentationDefinitions !== void 0;
-}, "Siopv2HasSelectableCredentialsAndContactGuard");
-var Siopv2CreateContactGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { contactAlias, hasContactConsent } = _ctx;
-  return hasContactConsent && contactAlias !== void 0 && contactAlias.length > 0;
-}, "Siopv2CreateContactGuard");
-var Siopv2HasSelectedRequiredCredentialsGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { authorizationRequestData } = _ctx;
-  if (authorizationRequestData === void 0) {
-    throw new Error("Missing authorization request data in context");
-  }
-  if (authorizationRequestData.presentationDefinitions === void 0 || authorizationRequestData.presentationDefinitions.length === 0) {
-    throw Error("No presentation definitions present");
-  }
-  return _ctx.selectedCredentials.length > 0;
-}, "Siopv2HasSelectedRequiredCredentialsGuard");
-var Siopv2IsSiopOnlyGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { authorizationRequestData } = _ctx;
-  if (authorizationRequestData === void 0) {
-    throw new Error("Missing authorization request data in context");
-  }
-  return authorizationRequestData.presentationDefinitions === void 0;
-}, "Siopv2IsSiopOnlyGuard");
-var Siopv2IsSiopWithOID4VPGuard = /* @__PURE__ */ __name((_ctx, _event) => {
-  const { authorizationRequestData, selectableCredentialsMap } = _ctx;
-  if (!authorizationRequestData) {
-    throw new Error("Missing authorization request data in context");
-  }
-  if (!selectableCredentialsMap) {
-    throw new Error("Missing selectableCredentialsMap in context");
-  }
-  return authorizationRequestData.presentationDefinitions !== void 0;
-}, "Siopv2IsSiopWithOID4VPGuard");
-var createSiopv2Machine = /* @__PURE__ */ __name((opts) => {
-  const { url, idOpts: idOpts2 } = opts;
-  const initialContext = {
-    url: new URL(url).toString(),
-    hasContactConsent: true,
-    contactAlias: "",
-    selectedCredentials: [],
-    idOpts: idOpts2
-  };
-  return createMachine({
-    id: opts?.machineId ?? "Siopv2",
-    predictableActionArguments: true,
-    initial: Siopv2MachineStates.createConfig,
-    schema: {
-      events: {},
-      guards: {},
-      services: {}
-    },
-    context: initialContext,
-    states: {
-      [Siopv2MachineStates.createConfig]: {
-        id: Siopv2MachineStates.createConfig,
-        invoke: {
-          src: Siopv2MachineServices.createConfig,
-          onDone: {
-            target: Siopv2MachineStates.getSiopRequest,
-            actions: assign({
-              didAuthConfig: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "didAuthConfig")
-            })
-          },
-          onError: {
-            target: Siopv2MachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("siopv2_machine_create_config_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [Siopv2MachineStates.getSiopRequest]: {
-        id: Siopv2MachineStates.getSiopRequest,
-        invoke: {
-          src: Siopv2MachineServices.getSiopRequest,
-          onDone: {
-            target: Siopv2MachineStates.retrieveContact,
-            actions: assign({
-              authorizationRequestData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationRequestData")
-            })
-          },
-          onError: {
-            target: Siopv2MachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("siopv2_machine_get_request_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [Siopv2MachineStates.retrieveContact]: {
-        id: Siopv2MachineStates.retrieveContact,
-        invoke: {
-          src: Siopv2MachineServices.retrieveContact,
-          onDone: {
-            target: Siopv2MachineStates.transitionFromSetup,
-            actions: assign({
-              contact: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "contact")
-            })
-          },
-          onError: {
-            target: Siopv2MachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("siopv2_machine_retrieve_contact_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [Siopv2MachineStates.transitionFromSetup]: {
-        id: Siopv2MachineStates.transitionFromSetup,
-        always: [
-          {
-            target: Siopv2MachineStates.addContact,
-            cond: Siopv2MachineGuards.hasNoContactGuard
-          },
-          {
-            target: Siopv2MachineStates.sendResponse,
-            cond: Siopv2MachineGuards.siopOnlyGuard
-          },
-          {
-            target: Siopv2MachineStates.getSelectableCredentials,
-            cond: Siopv2MachineGuards.hasSelectableCredentialsAndContactGuard
-          },
-          {
-            target: Siopv2MachineStates.selectCredentials,
-            cond: Siopv2MachineGuards.siopWithOID4VPGuard
-          }
-        ]
-      },
-      [Siopv2MachineStates.addContact]: {
-        id: Siopv2MachineStates.addContact,
-        initial: Siopv2MachineAddContactStates.idle,
-        on: {
-          [Siopv2MachineEvents.SET_CONTACT_CONSENT]: {
-            actions: assign({
-              hasContactConsent: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "hasContactConsent")
-            })
-          },
-          [Siopv2MachineEvents.SET_CONTACT_ALIAS]: {
-            actions: assign({
-              contactAlias: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "contactAlias")
-            })
-          },
-          [Siopv2MachineEvents.CREATE_CONTACT]: {
-            target: `.${Siopv2MachineAddContactStates.next}`,
-            actions: assign({
-              contact: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "contact")
-            }),
-            cond: Siopv2MachineGuards.createContactGuard
-          },
-          [Siopv2MachineEvents.DECLINE]: {
-            target: Siopv2MachineStates.declined
-          },
-          [Siopv2MachineEvents.PREVIOUS]: {
-            target: Siopv2MachineStates.aborted
-          }
-        },
-        states: {
-          [Siopv2MachineAddContactStates.idle]: {},
-          [Siopv2MachineAddContactStates.next]: {
-            always: {
-              target: `#${Siopv2MachineStates.transitionFromSetup}`,
-              cond: Siopv2MachineGuards.hasContactGuard
-            }
-          }
-        }
-      },
-      [Siopv2MachineStates.addContactIdentity]: {
-        id: Siopv2MachineStates.addContactIdentity,
-        invoke: {
-          src: Siopv2MachineServices.addContactIdentity,
-          onDone: [
-            {
-              target: Siopv2MachineStates.getSelectableCredentials,
-              actions: /* @__PURE__ */ __name((_ctx, _event) => {
-                _ctx.contact?.identities.push(_event.data);
-              }, "actions"),
-              cond: Siopv2MachineGuards.hasSelectableCredentialsAndContactGuard
-            },
-            {
-              target: Siopv2MachineStates.sendResponse,
-              actions: /* @__PURE__ */ __name((_ctx, _event) => {
-                _ctx.contact?.identities.push(_event.data);
-              }, "actions"),
-              cond: Siopv2MachineGuards.siopOnlyGuard
-            }
-          ],
-          onError: {
-            target: Siopv2MachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("siopv2_machine_add_contact_identity_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [Siopv2MachineStates.getSelectableCredentials]: {
-        id: Siopv2MachineStates.getSelectableCredentials,
-        invoke: {
-          src: Siopv2MachineServices.getSelectableCredentials,
-          onDone: {
-            target: Siopv2MachineStates.selectCredentials,
-            actions: assign({
-              selectableCredentialsMap: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectableCredentialsMap")
-            })
-          },
-          onError: {
-            target: Siopv2MachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("siopv2_machine_get_selectable_credentials_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [Siopv2MachineStates.selectCredentials]: {
-        id: Siopv2MachineStates.selectCredentials,
-        on: {
-          [Siopv2MachineEvents.SET_SELECTED_CREDENTIALS]: {
-            actions: assign({
-              selectedCredentials: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "selectedCredentials")
-            })
-          },
-          [Siopv2MachineEvents.NEXT]: {
-            target: Siopv2MachineStates.sendResponse,
-            cond: Siopv2MachineGuards.hasSelectedRequiredCredentialsGuard
-          },
-          [Siopv2MachineEvents.DECLINE]: {
-            target: Siopv2MachineStates.declined
-          },
-          [Siopv2MachineEvents.PREVIOUS]: {
-            target: Siopv2MachineStates.aborted
-          }
-        }
-      },
-      [Siopv2MachineStates.sendResponse]: {
-        id: Siopv2MachineStates.sendResponse,
-        invoke: {
-          src: Siopv2MachineServices.sendResponse,
-          onDone: {
-            target: Siopv2MachineStates.done,
-            actions: assign({
-              authorizationResponseData: /* @__PURE__ */ __name((_ctx, _event) => _event.data, "authorizationResponseData")
-            })
-          },
-          onError: {
-            target: Siopv2MachineStates.handleError,
-            actions: assign({
-              error: /* @__PURE__ */ __name((_ctx, _event) => ({
-                title: translate("siopv2_machine_send_response_error_title"),
-                message: _event.data.message,
-                stack: _event.data.stack
-              }), "error")
-            })
-          }
-        }
-      },
-      [Siopv2MachineStates.handleError]: {
-        id: Siopv2MachineStates.handleError,
-        on: {
-          [Siopv2MachineEvents.NEXT]: {
-            target: Siopv2MachineStates.error
-          },
-          [Siopv2MachineEvents.PREVIOUS]: {
-            target: Siopv2MachineStates.error
-          }
-        }
-      },
-      [Siopv2MachineStates.aborted]: {
-        id: Siopv2MachineStates.aborted,
-        type: "final"
-      },
-      [Siopv2MachineStates.declined]: {
-        id: Siopv2MachineStates.declined,
-        type: "final"
-      },
-      [Siopv2MachineStates.error]: {
-        id: Siopv2MachineStates.error,
-        type: "final"
-      },
-      [Siopv2MachineStates.done]: {
-        id: Siopv2MachineStates.done,
-        type: "final"
-      }
-    }
-  });
-}, "createSiopv2Machine");
-var Siopv2Machine = class {
-  static {
-    __name(this, "Siopv2Machine");
-  }
-  static newInstance(opts) {
-    logger2.info("New Siopv2Machine instance");
-    const interpreter = interpret(createSiopv2Machine(opts).withConfig({
-      services: {
-        ...opts?.services
-      },
-      guards: {
-        Siopv2HasNoContactGuard,
-        Siopv2HasContactGuard,
-        Siopv2HasAuthorizationRequestGuard,
-        Siopv2HasSelectableCredentialsAndContactGuard,
-        Siopv2HasSelectedRequiredCredentialsGuard,
-        Siopv2IsSiopOnlyGuard,
-        Siopv2IsSiopWithOID4VPGuard,
-        Siopv2CreateContactGuard,
-        ...opts?.guards
-      }
-    }));
-    if (typeof opts?.subscription === "function") {
-      interpreter.onTransition(opts.subscription);
-    }
-    if (opts?.requireCustomNavigationHook !== true) {
-      interpreter.onTransition((snapshot) => {
-        if (opts.stateNavigationListener !== void 0) {
-          void opts.stateNavigationListener(interpreter, snapshot);
-        }
-      });
-    }
-    interpreter.onTransition((snapshot) => {
-      logger2.info("onTransition to new state", snapshot.value);
-    });
-    return {
-      interpreter
-    };
-  }
-};
-
-// src/services/Siopv2MachineService.ts
-import { SupportedVersion as SupportedVersion2 } from "@sphereon/did-auth-siop";
-import { PEX as PEX2 } from "@sphereon/pex";
-import { isOID4VCIssuerIdentifier as isOID4VCIssuerIdentifier2 } from "@sphereon/ssi-sdk-ext.identifier-resolution";
-import { verifiableCredentialForRoleFilter as verifiableCredentialForRoleFilter2 } from "@sphereon/ssi-sdk.credential-store";
-import { ConnectionType, CredentialRole } from "@sphereon/ssi-sdk.data-store";
-import { CredentialMapper as CredentialMapper4, Loggers as Loggers3 } from "@sphereon/ssi-types";
-import { getOrCreatePrimaryIdentifier, SupportedDidMethodEnum } from "@sphereon/ssi-sdk-ext.did-utils";
-import { defaultHasher as defaultHasher2, encodeJoseBlob } from "@sphereon/ssi-sdk.core";
-import { DcqlPresentation, DcqlQuery } from "dcql";
-
-// src/utils/dcql.ts
-import { CredentialMapper as CredentialMapper3 } from "@sphereon/ssi-types";
-
-// src/utils/CredentialUtils.ts
-import { CredentialMapper as CredentialMapper2 } from "@sphereon/ssi-types";
-var getOriginalVerifiableCredential = /* @__PURE__ */ __name((credential) => {
-  if (isUniqueDigitalCredential(credential)) {
-    if (!credential.originalVerifiableCredential) {
-      throw new Error("originalVerifiableCredential is not defined in UniqueDigitalCredential");
-    }
-    return getCredentialFromProofOrWrapped(credential.originalVerifiableCredential);
-  }
-  return getCredentialFromProofOrWrapped(credential);
-}, "getOriginalVerifiableCredential");
-var getCredentialFromProofOrWrapped = /* @__PURE__ */ __name((cred, hasher) => {
-  if (typeof cred === "object" && "proof" in cred && "jwt" in cred.proof && CredentialMapper2.isSdJwtEncoded(cred.proof.jwt)) {
-    return cred.proof.jwt;
-  }
-  return CredentialMapper2.toWrappedVerifiableCredential(cred, {
-    hasher
-  }).original;
-}, "getCredentialFromProofOrWrapped");
-var isUniqueDigitalCredential = /* @__PURE__ */ __name((credential) => {
-  return credential.digitalCredential !== void 0;
-}, "isUniqueDigitalCredential");
-
-// src/utils/dcql.ts
-function convertToDcqlCredentials(credential, hasher) {
-  let payload;
-  if (isUniqueDigitalCredential(credential)) {
-    if (!credential.originalVerifiableCredential) {
-      throw new Error("originalVerifiableCredential is not defined in UniqueDigitalCredential");
-    }
-    payload = CredentialMapper3.decodeVerifiableCredential(credential.originalVerifiableCredential, hasher);
-  } else {
-    payload = CredentialMapper3.decodeVerifiableCredential(credential, hasher);
-  }
-  if (!payload) {
-    throw new Error("No payload found");
-  }
-  if ("decodedPayload" in payload && payload.decodedPayload) {
-    payload = payload.decodedPayload;
-  }
-  if ("vct" in payload) {
-    return {
-      vct: payload.vct,
-      claims: payload,
-      credential_format: "vc+sd-jwt"
-    };
-  } else if ("docType" in payload && "namespaces" in payload) {
-    return {
-      docType: payload.docType,
-      namespaces: payload.namespaces,
-      claims: payload
-    };
-  } else {
-    return {
-      claims: payload,
-      credential_format: "jwt_vc_json"
-    };
-  }
-}
-__name(convertToDcqlCredentials, "convertToDcqlCredentials");
-
-// src/services/Siopv2MachineService.ts
-var logger3 = Loggers3.DEFAULT.get(LOGGER_NAMESPACE);
-var createEbsiIdentifier = /* @__PURE__ */ __name(async (agentContext) => {
-  logger3.log(`No EBSI key present yet. Creating a new one...`);
-  const { result: newIdentifier, created } = await getOrCreatePrimaryIdentifier(agentContext, {
-    method: SupportedDidMethodEnum.DID_KEY,
-    createOpts: {
-      options: {
-        codecName: "jwk_jcs-pub",
-        type: "Secp256r1"
-      }
-    }
-  });
-  logger3.log(`EBSI key created: ${newIdentifier.did}`);
-  if (created) {
-    await agentContext.agent.emit(Siopv2HolderEvent.IDENTIFIER_CREATED, {
-      result: newIdentifier
-    });
-  }
-  return await agentContext.agent.identifierManagedGetByDid({
-    identifier: newIdentifier.did
-  });
-}, "createEbsiIdentifier");
-var hasEbsiClient = /* @__PURE__ */ __name(async (authorizationRequest) => {
-  const clientId = await authorizationRequest.getMergedProperty("client_id");
-  const redirectUri = await authorizationRequest.getMergedProperty("redirect_uri");
-  return clientId?.toLowerCase().includes(".ebsi.eu") || redirectUri?.toLowerCase().includes(".ebsi.eu");
-}, "hasEbsiClient");
-var siopSendAuthorizationResponse = /* @__PURE__ */ __name(async (connectionType, args, context) => {
-  const { agent } = context;
-  const agentContext = {
-    ...context,
-    agent: context.agent
-  };
-  let { idOpts: idOpts2, isFirstParty, hasher = defaultHasher2 } = args;
-  if (connectionType !== ConnectionType.SIOPv2_OpenID4VP) {
-    return Promise.reject(Error(`No supported authentication provider for type: ${connectionType}`));
-  }
-  const session = await agent.siopGetOPSession({
-    sessionId: args.sessionId
-  });
-  const request = await session.getAuthorizationRequest();
-  const aud = await request.authorizationRequest.getMergedProperty("aud");
-  logger3.debug(`AUD: ${aud}`);
-  logger3.debug(JSON.stringify(request.authorizationRequest));
-  let presentationsAndDefs;
-  let presentationSubmission;
-  if (await session.hasPresentationDefinitions()) {
-    const oid4vp = await session.getOID4VP({
-      hasher
-    });
-    const credentialsAndDefinitions = args.verifiableCredentialsWithDefinition ? args.verifiableCredentialsWithDefinition : await oid4vp.filterCredentialsAgainstAllDefinitions(CredentialRole.HOLDER);
-    const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? (request.versions.includes(SupportedVersion2.JWT_VC_PRESENTATION_PROFILE_v1) ? "https://self-issued.me/v2/openid-vc" : "https://self-issued.me/v2");
-    logger3.log(`NONCE: ${session.nonce}, domain: ${domain}`);
-    const firstUniqueDC = credentialsAndDefinitions[0].credentials[0];
-    if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
-      return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
-    }
-    let identifier;
-    const digitalCredential = firstUniqueDC.digitalCredential;
-    const firstVC = firstUniqueDC.uniformVerifiableCredential;
-    const holder = CredentialMapper4.isSdJwtDecodedCredential(firstVC) ? firstVC.decodedPayload.cnf?.jwk ? (
-      //doesn't apply to did:jwk only, as you can represent any DID key as a JWK. So whenever you encounter a JWK it doesn't mean it had to come from a did:jwk in the system. It just can always be represented as a did:jwk
-      `did:jwk:${encodeJoseBlob(firstVC.decodedPayload.cnf?.jwk)}#0`
-    ) : firstVC.decodedPayload.sub : Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
-    if (!digitalCredential.kmsKeyRef) {
-      if (!holder) {
-        return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
-      }
-      try {
-        identifier = await session.context.agent.identifierManagedGet({
-          identifier: holder
-        });
-      } catch (e) {
-        logger3.debug(`Holder DID not found: ${holder}`);
-        throw e;
-      }
-    } else if (isOID4VCIssuerIdentifier2(digitalCredential.kmsKeyRef)) {
-      identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
-        identifier: firstUniqueDC.digitalCredential.kmsKeyRef
-      });
-    } else {
-      switch (digitalCredential.subjectCorrelationType) {
-        case "DID":
-          identifier = await session.context.agent.identifierManagedGetByDid({
-            identifier: digitalCredential.subjectCorrelationId ?? holder,
-            kmsKeyRef: digitalCredential.kmsKeyRef
-          });
-          break;
-        // TODO other implementations?
-        default:
-          if (digitalCredential.subjectCorrelationId?.startsWith("did:") || holder?.startsWith("did:")) {
-            identifier = await session.context.agent.identifierManagedGetByDid({
-              identifier: digitalCredential.subjectCorrelationId ?? holder,
-              kmsKeyRef: digitalCredential.kmsKeyRef
-            });
-          } else {
-            identifier = await session.context.agent.identifierManagedGetByKid({
-              identifier: digitalCredential.subjectCorrelationId ?? holder ?? digitalCredential.kmsKeyRef,
-              kmsKeyRef: digitalCredential.kmsKeyRef
-            });
-          }
-      }
-    }
-    if (identifier === void 0 && idOpts2 !== void 0 && await hasEbsiClient(request.authorizationRequest)) {
-      identifier = await createEbsiIdentifier(agentContext);
-    }
-    logger3.debug(`Identifier`, identifier);
-    presentationsAndDefs = await oid4vp.createVerifiablePresentations(CredentialRole.HOLDER, credentialsAndDefinitions, {
-      idOpts: identifier,
-      proofOpts: {
-        nonce: session.nonce,
-        domain
-      }
-    });
-    if (!presentationsAndDefs || presentationsAndDefs.length === 0) {
-      throw Error("No verifiable presentations could be created");
-    } else if (presentationsAndDefs.length > 1) {
-      throw Error(`Only one verifiable presentation supported for now. Got ${presentationsAndDefs.length}`);
-    }
-    idOpts2 = presentationsAndDefs[0].idOpts;
-    presentationSubmission = presentationsAndDefs[0].presentationSubmission;
-    logger3.log(`Definitions and locations:`, JSON.stringify(presentationsAndDefs?.[0]?.verifiablePresentations, null, 2));
-    logger3.log(`Presentation Submission:`, JSON.stringify(presentationSubmission, null, 2));
-    const mergedVerifiablePresentations = presentationsAndDefs?.flatMap((pd) => pd.verifiablePresentations) || [];
-    return await session.sendAuthorizationResponse({
-      ...presentationsAndDefs && {
-        verifiablePresentations: mergedVerifiablePresentations
-      },
-      ...presentationSubmission && {
-        presentationSubmission
-      },
-      // todo: Change issuer value in case we do not use identifier. Use key.meta.jwkThumbprint then
-      responseSignerOpts: idOpts2,
-      isFirstParty
-    });
-  } else if (request.dcqlQuery) {
-    if (args.verifiableCredentialsWithDefinition !== void 0 && args.verifiableCredentialsWithDefinition !== null) {
-      const vcs = args.verifiableCredentialsWithDefinition.flatMap((vcd) => vcd.credentials);
-      const domain = await request.authorizationRequest.getMergedProperty("client_id") ?? request.issuer ?? (request.versions.includes(SupportedVersion2.JWT_VC_PRESENTATION_PROFILE_v1) ? "https://self-issued.me/v2/openid-vc" : "https://self-issued.me/v2");
-      logger3.debug(`NONCE: ${session.nonce}, domain: ${domain}`);
-      const firstUniqueDC = vcs[0];
-      if (typeof firstUniqueDC !== "object" || !("digitalCredential" in firstUniqueDC)) {
-        return Promise.reject(Error("SiopMachine only supports UniqueDigitalCredentials for now"));
-      }
-      let identifier;
-      const digitalCredential = firstUniqueDC.digitalCredential;
-      const firstVC = firstUniqueDC.uniformVerifiableCredential;
-      const holder = CredentialMapper4.isSdJwtDecodedCredential(firstVC) ? firstVC.decodedPayload.cnf?.jwk ? (
-        //doesn't apply to did:jwk only, as you can represent any DID key as a JWK. So whenever you encounter a JWK it doesn't mean it had to come from a did:jwk in the system. It just can always be represented as a did:jwk
-        `did:jwk:${encodeJoseBlob(firstVC.decodedPayload.cnf?.jwk)}#0`
-      ) : firstVC.decodedPayload.sub : Array.isArray(firstVC.credentialSubject) ? firstVC.credentialSubject[0].id : firstVC.credentialSubject.id;
-      if (!digitalCredential.kmsKeyRef) {
-        if (!holder) {
-          return Promise.reject(`No holder found and no kmsKeyRef in DB. Cannot determine identifier to use`);
-        }
-        try {
-          identifier = await session.context.agent.identifierManagedGet({
-            identifier: holder
-          });
-        } catch (e) {
-          logger3.debug(`Holder DID not found: ${holder}`);
-          throw e;
-        }
-      } else if (isOID4VCIssuerIdentifier2(digitalCredential.kmsKeyRef)) {
-        identifier = await session.context.agent.identifierManagedGetByOID4VCIssuer({
-          identifier: firstUniqueDC.digitalCredential.kmsKeyRef
-        });
-      } else {
-        switch (digitalCredential.subjectCorrelationType) {
-          case "DID":
-            identifier = await session.context.agent.identifierManagedGetByDid({
-              identifier: digitalCredential.subjectCorrelationId ?? holder,
-              kmsKeyRef: digitalCredential.kmsKeyRef
-            });
-            break;
-          // TODO other implementations?
-          default:
-            identifier = await session.context.agent.identifierManagedGetByKid({
-              identifier: digitalCredential.subjectCorrelationId ?? holder ?? digitalCredential.kmsKeyRef,
-              kmsKeyRef: digitalCredential.kmsKeyRef
-            });
-        }
-      }
-      console.log(`Identifier`, identifier);
-      const dcqlRepresentations = [];
-      vcs.forEach((vc) => {
-        const rep = convertToDcqlCredentials(vc, args.hasher);
-        if (rep) {
-          dcqlRepresentations.push(rep);
-        }
-      });
-      const queryResult = DcqlQuery.query(request.dcqlQuery, dcqlRepresentations);
-      const presentation = {};
-      for (const [key, value] of Object.entries(queryResult.credential_matches)) {
-        const allMatches = Array.isArray(value) ? value : [
-          value
-        ];
-        allMatches.forEach((match) => {
-          if (match.success) {
-            const originalCredential = getOriginalVerifiableCredential(vcs[match.input_credential_index]);
-            if (!originalCredential) {
-              throw new Error(`Index ${match.input_credential_index} out of range in credentials array`);
-            }
-            presentation[key] = originalCredential["compactSdJwtVc"] !== void 0 ? originalCredential.compactSdJwtVc : originalCredential;
-          }
-        });
-      }
-      const response = session.sendAuthorizationResponse({
-        responseSignerOpts: identifier,
-        ...{
-          dcqlQuery: {
-            dcqlPresentation: DcqlPresentation.parse(presentation)
-          }
-        }
-      });
-      logger3.debug(`Response: `, response);
-      return response;
-    }
-  }
-  throw Error("Presentation Definition or DCQL is required");
-}, "siopSendAuthorizationResponse");
-function buildPartialPD(inputDescriptor, presentationDefinition) {
-  return {
-    ...presentationDefinition,
-    input_descriptors: [
-      inputDescriptor
-    ]
-  };
-}
-__name(buildPartialPD, "buildPartialPD");
-var getSelectableCredentials = /* @__PURE__ */ __name(async (presentationDefinition, context) => {
-  const agentContext = {
-    ...context,
-    agent: context.agent
-  };
-  const { agent } = agentContext;
-  const pex = new PEX2();
-  const uniqueVerifiableCredentials = await agent.crsGetUniqueCredentials({
-    filter: verifiableCredentialForRoleFilter2(CredentialRole.HOLDER)
-  });
-  const credentialBranding = await agent.ibGetCredentialBranding();
-  const selectableCredentialsMap = /* @__PURE__ */ new Map();
-  for (const inputDescriptor of presentationDefinition.input_descriptors) {
-    const partialPD = buildPartialPD(inputDescriptor, presentationDefinition);
-    const originalCredentials = uniqueVerifiableCredentials.map((uniqueVC) => {
-      return CredentialMapper4.storedCredentialToOriginalFormat(uniqueVC.originalVerifiableCredential);
-    });
-    const selectionResults = pex.selectFrom(partialPD, originalCredentials);
-    const selectableCredentials = [];
-    for (const selectedCredential of selectionResults.verifiableCredential || []) {
-      const filteredUniqueVC = uniqueVerifiableCredentials.find((uniqueVC) => {
-        const proof = uniqueVC.uniformVerifiableCredential.proof;
-        return Array.isArray(proof) ? proof.some((proofItem) => proofItem.jwt === selectedCredential) : proof.jwt === selectedCredential;
-      });
-      if (filteredUniqueVC) {
-        const filteredCredentialBrandings = credentialBranding.filter((cb) => cb.vcHash === filteredUniqueVC.hash);
-        const issuerPartyIdentity = await agent.cmGetContacts({
-          filter: [
-            {
-              identities: {
-                identifier: {
-                  correlationId: filteredUniqueVC.uniformVerifiableCredential.issuerDid
-                }
-              }
-            }
-          ]
-        });
-        const subjectPartyIdentity = await agent.cmGetContacts({
-          filter: [
-            {
-              identities: {
-                identifier: {
-                  correlationId: filteredUniqueVC.uniformVerifiableCredential.subjectDid
-                }
-              }
-            }
-          ]
-        });
-        selectableCredentials.push({
-          credential: filteredUniqueVC,
-          credentialBranding: filteredCredentialBrandings[0]?.localeBranding,
-          issuerParty: issuerPartyIdentity?.[0],
-          subjectParty: subjectPartyIdentity?.[0]
-        });
-      }
-    }
-    selectableCredentialsMap.set(inputDescriptor.id, selectableCredentials);
-  }
-  return selectableCredentialsMap;
-}, "getSelectableCredentials");
-var translateCorrelationIdToName = /* @__PURE__ */ __name(async (correlationId, context) => {
-  const { agent } = context;
-  const contacts = await agent.cmGetContacts({
-    filter: [
-      {
-        identities: {
-          identifier: {
-            correlationId
-          }
-        }
-      }
-    ]
-  });
-  if (contacts.length === 0) {
-    return void 0;
-  }
-  return contacts[0].contact.displayName;
-}, "translateCorrelationIdToName");
-
-// src/agent/DidAuthSiopOpAuthenticator.ts
-var logger4 = Loggers4.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
-var didAuthSiopOpAuthenticatorMethods = [
-  "cmGetContacts",
-  "cmGetContact",
-  "cmAddContact",
-  "cmAddIdentity",
-  "didManagerFind",
-  "didManagerGet",
-  "keyManagerSign",
-  "didManagerGetProviders",
-  "dataStoreORMGetVerifiableCredentials",
-  "createVerifiablePresentation"
-];
-var DidAuthSiopOpAuthenticator = class {
-  static {
-    __name(this, "DidAuthSiopOpAuthenticator");
-  }
-  schema = schema.IDidAuthSiopOpAuthenticator;
-  methods = {
-    siopGetOPSession: this.siopGetOPSession.bind(this),
-    siopRegisterOPSession: this.siopRegisterOPSession.bind(this),
-    siopRemoveOPSession: this.siopRemoveOPSession.bind(this),
-    siopRegisterOPCustomApproval: this.siopRegisterOPCustomApproval.bind(this),
-    siopRemoveOPCustomApproval: this.siopRemoveOPCustomApproval.bind(this),
-    siopGetMachineInterpreter: this.siopGetMachineInterpreter.bind(this),
-    siopCreateConfig: this.siopCreateConfig.bind(this),
-    siopGetSiopRequest: this.siopGetSiopRequest.bind(this),
-    siopRetrieveContact: this.siopRetrieveContact.bind(this),
-    siopAddIdentity: this.siopAddContactIdentity.bind(this),
-    siopSendResponse: this.siopSendResponse.bind(this),
-    siopGetSelectableCredentials: this.siopGetSelectableCredentials.bind(this)
-  };
-  sessions;
-  customApprovals;
-  presentationSignCallback;
-  onContactIdentityCreated;
-  onIdentifierCreated;
-  eventEmitter;
-  hasher;
-  constructor(options) {
-    const { onContactIdentityCreated, onIdentifierCreated, hasher, customApprovals = {}, presentationSignCallback } = {
-      ...options
-    };
-    this.hasher = hasher;
-    this.onContactIdentityCreated = onContactIdentityCreated;
-    this.onIdentifierCreated = onIdentifierCreated;
-    this.presentationSignCallback = presentationSignCallback;
-    this.sessions = /* @__PURE__ */ new Map();
-    this.customApprovals = customApprovals;
-  }
-  async onEvent(event, context) {
-    switch (event.type) {
-      case Siopv2HolderEvent.CONTACT_IDENTITY_CREATED:
-        this.onContactIdentityCreated?.(event.data);
-        break;
-      case Siopv2HolderEvent.IDENTIFIER_CREATED:
-        this.onIdentifierCreated?.(event.data);
-        break;
-      default:
-        return Promise.reject(Error(`Event type ${event.type} not supported`));
-    }
-  }
-  async siopGetOPSession(args, context) {
-    if (!this.sessions.has(args.sessionId)) {
-      throw Error(`No session found for id: ${args.sessionId}`);
-    }
-    return this.sessions.get(args.sessionId);
-  }
-  async siopRegisterOPSession(args, context) {
-    const sessionId = args.sessionId || uuidv4();
-    if (this.sessions.has(sessionId)) {
-      return Promise.reject(new Error(`Session with id: ${args.sessionId} already present`));
-    }
-    const opts = {
-      ...args,
-      sessionId,
-      context
-    };
-    if (!opts.op?.presentationSignCallback) {
-      opts.op = {
-        ...opts.op,
-        presentationSignCallback: this.presentationSignCallback
-      };
-    }
-    const session = await OpSession.init(opts);
-    this.sessions.set(sessionId, session);
-    return session;
-  }
-  async siopRemoveOPSession(args, context) {
-    return this.sessions.delete(args.sessionId);
-  }
-  async siopRegisterOPCustomApproval(args, context) {
-    if (this.customApprovals[args.key] !== void 0) {
-      return Promise.reject(new Error(`Custom approval with key: ${args.key} already present`));
-    }
-    this.customApprovals[args.key] = args.customApproval;
-  }
-  async siopRemoveOPCustomApproval(args, context) {
-    return delete this.customApprovals[args.key];
-  }
-  async siopGetMachineInterpreter(opts, context) {
-    const { stateNavigationListener, url } = opts;
-    const services = {
-      createConfig: /* @__PURE__ */ __name((args) => this.siopCreateConfig(args), "createConfig"),
-      getSiopRequest: /* @__PURE__ */ __name((args) => this.siopGetSiopRequest(args, context), "getSiopRequest"),
-      getSelectableCredentials: /* @__PURE__ */ __name((args) => this.siopGetSelectableCredentials(args, context), "getSelectableCredentials"),
-      retrieveContact: /* @__PURE__ */ __name((args) => this.siopRetrieveContact(args, context), "retrieveContact"),
-      addContactIdentity: /* @__PURE__ */ __name((args) => this.siopAddContactIdentity(args, context), "addContactIdentity"),
-      sendResponse: /* @__PURE__ */ __name((args) => this.siopSendResponse(args, context), "sendResponse"),
-      ...opts?.services
-    };
-    const siopv2MachineOpts = {
-      ...opts,
-      url,
-      stateNavigationListener,
-      services: {
-        ...services,
-        ...opts.services
-      }
-    };
-    return Siopv2Machine.newInstance(siopv2MachineOpts);
-  }
-  async siopCreateConfig(context) {
-    const { url } = context;
-    if (!url) {
-      return Promise.reject(Error("Missing request uri in context"));
-    }
-    return {
-      id: uuidv4(),
-      // FIXME: Update these values in SSI-SDK. Only the URI (not a redirectURI) would be available at this point
-      sessionId: uuidv4(),
-      redirectUrl: url
-    };
-  }
-  async siopGetSiopRequest(args, context) {
-    const { agent } = context;
-    const { didAuthConfig } = args;
-    if (args.url === void 0) {
-      return Promise.reject(Error("Missing request uri in context"));
-    }
-    if (didAuthConfig === void 0) {
-      return Promise.reject(Error("Missing config in context"));
-    }
-    const { sessionId, redirectUrl } = didAuthConfig;
-    const session = await agent.siopGetOPSession({
-      sessionId
-    }).catch(async () => await agent.siopRegisterOPSession({
-      requestJwtOrUri: redirectUrl,
-      sessionId,
-      op: {
-        eventEmitter: this.eventEmitter,
-        hasher: this.hasher
-      }
-    }));
-    logger4.debug(`session: ${JSON.stringify(session.id, null, 2)}`);
-    const verifiedAuthorizationRequest = await session.getAuthorizationRequest();
-    const clientName = verifiedAuthorizationRequest.registrationMetadataPayload?.client_name;
-    const url = verifiedAuthorizationRequest.responseURI ?? (args.url.includes("request_uri") ? decodeURIComponent(args.url.split("?request_uri=")[1].trim()) : verifiedAuthorizationRequest.issuer ?? verifiedAuthorizationRequest.registrationMetadataPayload?.client_id);
-    const uri = url.includes("://") ? new URL(url) : void 0;
-    const correlationId = uri?.hostname ?? await this.determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context);
-    const clientId = await verifiedAuthorizationRequest.authorizationRequest.getMergedProperty("client_id");
-    return {
-      issuer: verifiedAuthorizationRequest.issuer,
-      correlationId,
-      registrationMetadataPayload: verifiedAuthorizationRequest.registrationMetadataPayload,
-      uri,
-      name: clientName,
-      clientId,
-      presentationDefinitions: await verifiedAuthorizationRequest.authorizationRequest.containsResponseType("vp_token") || verifiedAuthorizationRequest.versions.every((version) => version <= SupportedVersion3.JWT_VC_PRESENTATION_PROFILE_v1) && verifiedAuthorizationRequest.presentationDefinitions && verifiedAuthorizationRequest.presentationDefinitions.length > 0 ? verifiedAuthorizationRequest.presentationDefinitions : void 0,
-      dcqlQuery: verifiedAuthorizationRequest.dcqlQuery
-    };
-  }
-  async determineCorrelationId(uri, verifiedAuthorizationRequest, clientName, context) {
-    if (uri) {
-      return await translateCorrelationIdToName(uri.hostname, context) ?? uri.hostname;
-    }
-    if (verifiedAuthorizationRequest.issuer) {
-      const issuerHostname = verifiedAuthorizationRequest.issuer.split("://")[1];
-      return await translateCorrelationIdToName(issuerHostname, context) ?? issuerHostname;
-    }
-    if (clientName) {
-      return clientName;
-    }
-    throw new Error("Can't determine correlationId from request");
-  }
-  async siopRetrieveContact(args, context) {
-    const { authorizationRequestData } = args;
-    const { agent } = context;
-    if (authorizationRequestData === void 0) {
-      return Promise.reject(Error("Missing authorization request data in context"));
-    }
-    return agent.cmGetContacts({
-      filter: [
-        {
-          identities: {
-            identifier: {
-              correlationId: authorizationRequestData.correlationId
-            }
-          }
-        }
-      ]
-    }).then((contacts) => contacts.length === 1 ? contacts[0] : void 0);
-  }
-  async siopAddContactIdentity(args, context) {
-    const { agent } = context;
-    const { contact, authorizationRequestData } = args;
-    if (contact === void 0) {
-      return Promise.reject(Error("Missing contact in context"));
-    }
-    if (authorizationRequestData === void 0) {
-      return Promise.reject(Error("Missing authorization request data in context"));
-    }
-    const clientId = authorizationRequestData.clientId ?? authorizationRequestData.issuer;
-    const correlationId = clientId ? clientId.startsWith("did:") ? clientId : `${new URL(clientId).protocol}//${new URL(clientId).hostname}` : void 0;
-    if (correlationId) {
-      const identity = {
-        alias: correlationId,
-        origin: IdentityOrigin.EXTERNAL,
-        roles: [
-          CredentialRole2.ISSUER
-        ],
-        identifier: {
-          type: correlationId.startsWith("did:") ? CorrelationIdentifierType.DID : CorrelationIdentifierType.URL,
-          correlationId
-        }
-      };
-      const addedIdentity = await agent.cmAddIdentity({
-        contactId: contact.id,
-        identity
-      });
-      await context.agent.emit(Siopv2HolderEvent.CONTACT_IDENTITY_CREATED, {
-        contactId: contact.id,
-        identity: addedIdentity
-      });
-      logger4.info(`Contact identity created: ${JSON.stringify(addedIdentity)}`);
-    }
-  }
-  async siopSendResponse(args, context) {
-    const { didAuthConfig, authorizationRequestData, selectedCredentials, isFirstParty } = args;
-    if (didAuthConfig === void 0) {
-      return Promise.reject(Error("Missing config in context"));
-    }
-    if (authorizationRequestData === void 0) {
-      return Promise.reject(Error("Missing authorization request data in context"));
-    }
-    const pex = new PEX3({
-      hasher: this.hasher
-    });
-    const verifiableCredentialsWithDefinition = [];
-    const dcqlCredentialsWithCredentials = /* @__PURE__ */ new Map();
-    if (Array.isArray(authorizationRequestData.presentationDefinitions) && authorizationRequestData?.presentationDefinitions.length > 0) {
-      try {
-        authorizationRequestData.presentationDefinitions?.forEach((presentationDefinition) => {
-          const { areRequiredCredentialsPresent, verifiableCredential: verifiableCredentials } = pex.selectFrom(presentationDefinition.definition, selectedCredentials.map((udc) => udc.originalVerifiableCredential));
-          if (areRequiredCredentialsPresent !== Status2.ERROR && verifiableCredentials) {
-            let uniqueDigitalCredentials = [];
-            uniqueDigitalCredentials = verifiableCredentials.map((vc) => {
-              const hash = typeof vc === "string" ? computeEntryHash(vc.split("~"[0])) : computeEntryHash(vc);
-              const udc = selectedCredentials.find((udc2) => udc2.hash == hash || udc2.originalVerifiableCredential == vc);
-              if (!udc) {
-                throw Error(`UniqueDigitalCredential could not be found in store. Either the credential is not present in the store or the hash is not correct.`);
-              }
-              return udc;
-            });
-            verifiableCredentialsWithDefinition.push({
-              definition: presentationDefinition,
-              credentials: uniqueDigitalCredentials
-            });
-          }
-        });
-      } catch (e) {
-        return Promise.reject(e);
-      }
-      if (verifiableCredentialsWithDefinition.length === 0) {
-        return Promise.reject(Error("None of the selected credentials match any of the presentation definitions."));
-      }
-    } else if (authorizationRequestData.dcqlQuery) {
-      if (this.hasMDocCredentials(selectedCredentials) || this.hasSdJwtCredentials(selectedCredentials)) {
-        try {
-          selectedCredentials.forEach((vc) => {
-            if (this.isSdJwtCredential(vc)) {
-              const payload = vc.originalVerifiableCredential.decodedPayload;
-              const result = {
-                claims: payload,
-                vct: payload.vct,
-                credential_format: "vc+sd-jwt"
-              };
-              dcqlCredentialsWithCredentials.set(result, vc);
-            } else {
-              throw Error(`Invalid credential format: ${vc.digitalCredential.documentFormat}`);
-            }
-          });
-        } catch (e) {
-          return Promise.reject(e);
-        }
-        const dcqlPresentationRecord = {};
-        const queryResult = DcqlQuery2.query(authorizationRequestData.dcqlQuery, Array.from(dcqlCredentialsWithCredentials.keys()));
-        for (const [key, value] of Object.entries(queryResult.credential_matches)) {
-          if (value.success) {
-            dcqlPresentationRecord[key] = this.retrieveEncodedCredential(dcqlCredentialsWithCredentials.get(value.output));
-          }
-        }
-      }
-    }
-    const response = await siopSendAuthorizationResponse(ConnectionType2.SIOPv2_OpenID4VP, {
-      sessionId: didAuthConfig.sessionId,
-      ...args.idOpts && {
-        idOpts: args.idOpts
-      },
-      ...authorizationRequestData.presentationDefinitions !== void 0 && {
-        verifiableCredentialsWithDefinition
-      },
-      isFirstParty,
-      hasher: this.hasher
-    }, context);
-    const contentType = response.headers.get("content-type") || "";
-    let responseBody = null;
-    const text = await response.text();
-    if (text) {
-      responseBody = contentType.includes("application/json") || text.startsWith("{") ? JSON.parse(text) : text;
-    }
-    return {
-      body: responseBody,
-      url: response?.url,
-      queryParams: decodeUriAsJson(response?.url)
-    };
-  }
-  hasMDocCredentials = /* @__PURE__ */ __name((credentials) => {
-    return credentials.some(this.isMDocCredential);
-  }, "hasMDocCredentials");
-  isMDocCredential = /* @__PURE__ */ __name((credential) => {
-    return credential.digitalCredential.documentFormat === CredentialDocumentFormat.MSO_MDOC && credential.digitalCredential.documentType === DocumentType.VC;
-  }, "isMDocCredential");
-  hasSdJwtCredentials = /* @__PURE__ */ __name((credentials) => {
-    return credentials.some(this.isSdJwtCredential);
-  }, "hasSdJwtCredentials");
-  isSdJwtCredential = /* @__PURE__ */ __name((credential) => {
-    return credential.digitalCredential.documentFormat === CredentialDocumentFormat.SD_JWT && credential.digitalCredential.documentType === DocumentType.VC;
-  }, "isSdJwtCredential");
-  retrieveEncodedCredential = /* @__PURE__ */ __name((credential) => {
-    return credential.originalVerifiableCredential !== void 0 && credential.originalVerifiableCredential !== null && credential?.originalVerifiableCredential?.compactSdJwtVc !== void 0 && credential?.originalVerifiableCredential?.compactSdJwtVc !== null ? credential.originalVerifiableCredential.compactSdJwtVc : credential.originalVerifiableCredential;
-  }, "retrieveEncodedCredential");
-  async siopGetSelectableCredentials(args, context) {
-    const { authorizationRequestData } = args;
-    if (!authorizationRequestData || !authorizationRequestData.presentationDefinitions || authorizationRequestData.presentationDefinitions.length === 0) {
-      return Promise.reject(Error("Missing required fields in arguments or context"));
-    }
-    if (authorizationRequestData.presentationDefinitions.length > 1) {
-      return Promise.reject(Error("Multiple presentation definitions present"));
-    }
-    return getSelectableCredentials(authorizationRequestData.presentationDefinitions[0].definition, context);
-  }
-};
-
-// src/machine/CallbackStateListener.ts
-import { Loggers as Loggers5, LogLevel, LogMethod } from "@sphereon/ssi-types";
-var logger5 = Loggers5.DEFAULT.options("sphereon:siopv2-oid4vp:op-auth", {
-  defaultLogLevel: LogLevel.DEBUG,
-  methods: [
-    LogMethod.CONSOLE
-  ]
-}).get("sphereon:siopv2-oid4vp:op-auth");
-var OID4VPCallbackStateListener = /* @__PURE__ */ __name((callbacks) => {
-  return async (oid4vciMachine, state) => {
-    if (state._event.type === "internal") {
-      logger5.debug("oid4vpCallbackStateListener: internal event");
-      return;
-    }
-    logger5.info(`VP state listener state: ${JSON.stringify(state.value)}`);
-    if (!callbacks || callbacks.size === 0) {
-      logger5.info(`VP no callbacks registered for state: ${JSON.stringify(state.value)}`);
-      return;
-    }
-    for (const [stateKey, callback] of callbacks) {
-      if (state.matches(stateKey)) {
-        logger5.log(`VP state callback for state: ${JSON.stringify(state.value)}, will execute...`);
-        await callback(oid4vciMachine, state).then(() => logger5.log(`VP state callback executed for state: ${JSON.stringify(state.value)}`)).catch((error) => {
-          logger5.error(`VP state callback failed for state: ${JSON.stringify(state.value)}, error: ${JSON.stringify(error?.message)}, ${JSON.stringify(state.event)}`);
-          if (error.stack) {
-            logger5.error(error.stack);
-          }
-        });
-        break;
-      }
-    }
-  };
-}, "OID4VPCallbackStateListener");
-
-// src/link-handler/index.ts
-import { contextHasPlugin } from "@sphereon/ssi-sdk.agent-config";
-import { LinkHandlerAdapter } from "@sphereon/ssi-sdk.core";
-import { interpreterStartOrResume } from "@sphereon/ssi-sdk.xstate-machine-persistence";
-import { Loggers as Loggers6 } from "@sphereon/ssi-types";
-var logger6 = Loggers6.DEFAULT.options(LOGGER_NAMESPACE, {}).get(LOGGER_NAMESPACE);
-var Siopv2OID4VPLinkHandler = class extends LinkHandlerAdapter {
-  static {
-    __name(this, "Siopv2OID4VPLinkHandler");
-  }
-  context;
-  stateNavigationListener;
-  noStateMachinePersistence;
-  idOpts;
-  constructor(args) {
-    super({
-      ...args,
-      id: "Siopv2"
-    });
-    this.context = args.context;
-    this.noStateMachinePersistence = args.noStateMachinePersistence === true;
-    this.stateNavigationListener = args.stateNavigationListener;
-    this.idOpts = args.idOpts;
-  }
-  async handle(url, opts) {
-    logger6.debug(`handling SIOP link: ${url}`);
-    const siopv2Machine = await this.context.agent.siopGetMachineInterpreter({
-      url,
-      idOpts: opts?.idOpts ?? this.idOpts,
-      stateNavigationListener: this.stateNavigationListener
-    });
-    const interpreter = siopv2Machine.interpreter;
-    if (!this.noStateMachinePersistence && !opts?.machineState && contextHasPlugin(this.context, "machineStatesFindActive")) {
-      const init = await interpreterStartOrResume({
-        interpreter,
-        context: this.context,
-        cleanupAllOtherInstances: true,
-        cleanupOnFinalState: true,
-        singletonCheck: true,
-        noRegistration: this.noStateMachinePersistence
-      });
-      logger6.debug(`SIOP machine started for link: ${url}`, init);
-    } else {
-      interpreter.start(opts?.machineState);
-      logger6.debug(`SIOP machine started for link: ${url}`);
-    }
-  }
-};
-
-// src/index.ts
-var schema = require_plugin_schema();
-export {
-  DEFAULT_JWT_PROOF_TYPE,
-  DID_PREFIX,
-  DidAuthSiopOpAuthenticator,
-  LOGGER_NAMESPACE,
-  OID4VP,
-  OID4VPCallbackStateListener,
-  OpSession,
-  Siopv2HolderEvent,
-  Siopv2Machine,
-  Siopv2MachineAddContactStates,
-  Siopv2MachineEvents,
-  Siopv2MachineGuards,
-  Siopv2MachineServices,
-  Siopv2MachineStates,
-  Siopv2OID4VPLinkHandler,
-  SupportedLanguage,
-  createJwtCallbackWithIdOpts,
-  createJwtCallbackWithOpOpts,
-  createOID4VPPresentationSignCallback,
-  createOP,
-  createOPBuilder,
-  didAuthSiopOpAuthenticatorMethods,
-  events,
-  getSigningAlgo,
-  schema
-};
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Siopv2Machine = exports.didAuthSiopOpAuthenticatorMethods = exports.DidAuthSiopOpAuthenticator = exports.schema = void 0;
+/**
+ * @public
+ */
+const schema = require('../plugin.schema.json');
+exports.schema = schema;
+var DidAuthSiopOpAuthenticator_1 = require("./agent/DidAuthSiopOpAuthenticator");
+Object.defineProperty(exports, "DidAuthSiopOpAuthenticator", { enumerable: true, get: function () { return DidAuthSiopOpAuthenticator_1.DidAuthSiopOpAuthenticator; } });
+Object.defineProperty(exports, "didAuthSiopOpAuthenticatorMethods", { enumerable: true, get: function () { return DidAuthSiopOpAuthenticator_1.didAuthSiopOpAuthenticatorMethods; } });
+var Siopv2Machine_1 = require("./machine/Siopv2Machine");
+Object.defineProperty(exports, "Siopv2Machine", { enumerable: true, get: function () { return Siopv2Machine_1.Siopv2Machine; } });
+__exportStar(require("./machine/CallbackStateListener"), exports);
+__exportStar(require("./session"), exports);
+__exportStar(require("./types"), exports);
+__exportStar(require("./link-handler"), exports);
 //# sourceMappingURL=index.js.map