npm - @tdfc/sunbreak-react - Versions diffs - 0.1.7 → 0.1.8 - Mend

@tdfc/sunbreak-react 0.1.7 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.cjs CHANGED Viewed

@@ -3,7 +3,23 @@
 var react = require('react');
 var jsxRuntime = require('react/jsx-runtime');
-var Xr=Object.defineProperty;var _t=e=>{throw TypeError(e)};var Zr=(e,t,r)=>t in e?Xr(e,t,{enumerable:true,configurable:true,writable:true,value:r}):e[t]=r;var H=(e,t,r)=>Zr(e,typeof t!="symbol"?t+"":t,r),Dt=(e,t,r)=>t.has(e)||_t("Cannot "+r);var y=(e,t,r)=>(Dt(e,t,"read from private field"),r?r.call(e):t.get(e)),O=(e,t,r)=>t.has(e)?_t("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),U=(e,t,r,n)=>(Dt(e,t,"write to private field"),t.set(e,r),r);var Pe=async(e,t,r)=>{switch(e.name){case "custom":return {method:"provider_jwt",issuer:"custom",token:t,meta:r||{}};case "privy":return {method:"provider_jwt",issuer:"privy",token:t,meta:{app_id:e.appId}};case "dynamic":return e.expectedAud?{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId,expected_aud:e.expectedAud}}:{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId}};default:throw new Error(`Unknown adapter: ${e}`)}};var Qr="sunbreak-kv",ve="kv",$e="sunbreak_dpop_meta_v1",x="sunbreak_dpop_key_v1",Ke="ES256",E="P-256",Ae=e=>`${$e}:${e}`,Wt=()=>new Promise((e,t)=>{let r=indexedDB.open(Qr,1);r.onupgradeneeded=()=>r.result.createObjectStore(ve),r.onsuccess=()=>e(r.result),r.onerror=()=>t(r.error);}),C=async e=>{try{let t=await Wt();return await new Promise((r,n)=>{let a=t.transaction(ve,"readonly").objectStore(ve).get(e);a.onsuccess=()=>r(a.result),a.onerror=()=>n(a.error);})}catch{return}},g=async(e,t)=>{let r=await Wt();await new Promise((n,o)=>{let i=r.transaction(ve,"readwrite").objectStore(ve).put(t,e);i.onsuccess=()=>n(),i.onerror=()=>o(i.error);});};var en=e=>{let t=new URL(e);if(t.protocol!=="https:"&&t.hostname!=="localhost"&&t.hostname!=="127.0.0.1")throw new Error("Sunbreak: insecure base URL");return t.hash="",t.origin},tn=e=>e.replace(/\/+$/,""),st=e=>{let t=tn(e);return en(t)};function ut(e){let t=new URL(e.baseUrl),r=t.host,n=e.meta.lastHost??null,o=rn(n);return e.setLastHost(o),t.host=`${o}.${r}`,t.origin}var rn=e=>{for(let t=0;t<ct.length;t++){let r=ct[Math.floor(Math.random()*ct.length)].toLowerCase();if(r!==e)return r}return "alpha"},ct=["Alpha","Bravo","Charlie","Delta","Echo","Foxtrot","Golf","Hotel","India","Juliett","Kilo","Lima","Mike","November","Oscar","Papa","Quebec","Romeo","Sierra","Tango","Uniform","Victor","Whiskey","X-ray","Yankee","Zulu"];var $=(e,t)=>{let r={clientId:e.clientId,wallet:e.wallet,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0,...t};Object.keys(r).forEach(o=>r[o]===void 0&&delete r[o]);let n=JSON.stringify(r);return btoa(n)};var nn=new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailer","transfer-encoding","upgrade","via"]),on=new Set(["user-agent","referer","origin","host","content-length","sec-fetch-site","sec-fetch-mode","sec-fetch-dest","sec-fetch-user","sec-ch-ua","sec-ch-ua-mobile","sec-ch-ua-platform","sec-ch-ua-platform-version","sec-ch-ua-full-version","sec-ch-ua-arch","sec-ch-ua-model","sec-ch-ua-bitness","cookie","set-cookie"]),an=new Set(["dpop","x-sunbreak-meta"]),sn=64,Lt=2048,cn=64;function lt(e){let t={};if(!e)return t;let r=e instanceof Headers?Array.from(e.entries()):Object.entries(e),n=0;for(let[o,a]of r){if(n>=cn)break;if(o==null||a==null)continue;let i=String(o).toLowerCase().trim();if(!i||i.length>sn||nn.has(i)||on.has(i)||an.has(i))continue;let s=String(a);s.length>Lt&&(s=s.slice(0,Lt)),t[i]=s,n++;}return t}var Q=new TextEncoder,me=new TextDecoder;function Ht(...e){let t=e.reduce((o,{length:a})=>o+a,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Mt(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function jt(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function Ot(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:me.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=me.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return jt(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function Ne(e){let t=e;return typeof t=="string"&&(t=Q.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:true}):Mt(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var ue=class extends Error{constructor(r,n){super(r,n);H(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor);}};H(ue,"code","ERR_JOSE_GENERIC");var _=class extends ue{constructor(){super(...arguments);H(this,"code","ERR_JOSE_NOT_SUPPORTED");}};H(_,"code","ERR_JOSE_NOT_SUPPORTED");var ee=class extends ue{constructor(){super(...arguments);H(this,"code","ERR_JWS_INVALID");}};H(ee,"code","ERR_JWS_INVALID");var xe=class extends ue{constructor(){super(...arguments);H(this,"code","ERR_JWT_INVALID");}};H(xe,"code","ERR_JWT_INVALID");var Ut,$t,ft=class extends($t=ue,Ut=Symbol.asyncIterator,$t){constructor(r="multiple matching keys found in the JSON Web Key Set",n){super(r,n);H(this,Ut);H(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");}};H(ft,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");function F(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function we(e,t){return e.name===t}function dt(e){return parseInt(e.name.slice(4),10)}function fn(e){switch(e){case "ES256":return "P-256";case "ES384":return "P-384";case "ES512":return "P-521";default:throw new Error("unreachable")}}function dn(e,t){if(!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function Nt(e,t,r){switch(t){case "HS256":case "HS384":case "HS512":{if(!we(e.algorithm,"HMAC"))throw F("HMAC");let n=parseInt(t.slice(2),10);if(dt(e.algorithm.hash)!==n)throw F(`SHA-${n}`,"algorithm.hash");break}case "RS256":case "RS384":case "RS512":{if(!we(e.algorithm,"RSASSA-PKCS1-v1_5"))throw F("RSASSA-PKCS1-v1_5");let n=parseInt(t.slice(2),10);if(dt(e.algorithm.hash)!==n)throw F(`SHA-${n}`,"algorithm.hash");break}case "PS256":case "PS384":case "PS512":{if(!we(e.algorithm,"RSA-PSS"))throw F("RSA-PSS");let n=parseInt(t.slice(2),10);if(dt(e.algorithm.hash)!==n)throw F(`SHA-${n}`,"algorithm.hash");break}case "Ed25519":case "EdDSA":{if(!we(e.algorithm,"Ed25519"))throw F("Ed25519");break}case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":{if(!we(e.algorithm,t))throw F(t);break}case "ES256":case "ES384":case "ES512":{if(!we(e.algorithm,"ECDSA"))throw F("ECDSA");let n=fn(t);if(e.algorithm.namedCurve!==n)throw F(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}dn(e,r);}function Bt(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`;}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var Vt=(e,...t)=>Bt("Key must be ",e,...t);function pt(e,t,...r){return Bt(`Key for the ${e} algorithm must be `,t,...r)}function yt(e){return e?.[Symbol.toStringTag]==="CryptoKey"}function mt(e){return e?.[Symbol.toStringTag]==="KeyObject"}var wt=e=>yt(e)||mt(e);var Ft=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return  true;let r;for(let n of t){let o=Object.keys(n);if(!r||r.size===0){r=new Set(o);continue}for(let a of o){if(r.has(a))return  false;r.add(a);}}return  true};function pn(e){return typeof e=="object"&&e!==null}var Be=e=>{if(!pn(e)||Object.prototype.toString.call(e)!=="[object Object]")return  false;if(Object.getPrototypeOf(e)===null)return  true;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t};var Gt=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function yn(e){let t,r;switch(e.kty){case "AKP":{switch(e.alg){case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "RSA":{switch(e.alg){case "PS256":case "PS384":case "PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RS256":case "RS384":case "RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RSA-OAEP":case "RSA-OAEP-256":case "RSA-OAEP-384":case "RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "EC":{switch(e.alg){case "ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case "ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case "ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "OKP":{switch(e.alg){case "Ed25519":case "EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new _('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return {algorithm:t,keyUsages:r}}var qt=async e=>{if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=yn(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)};var zt=(e,t,r,n,o)=>{if(o.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let i of n.crit){if(!a.has(i))throw new _(`Extension Header Parameter "${i}" is not recognized`);if(o[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(a.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)};function Ce(e){return Be(e)&&typeof e.kty=="string"}function Yt(e){return e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string")}function Xt(e){return e.kty!=="oct"&&typeof e.d>"u"&&typeof e.priv>"u"}function Zt(e){return e.kty==="oct"&&typeof e.k=="string"}var he,Qt=async(e,t,r,n=false)=>{he||(he=new WeakMap);let o=he.get(e);if(o?.[r])return o[r];let a=await qt({...t,alg:r});return n&&Object.freeze(e),o?o[r]=a:he.set(e,{[r]:a}),a},wn=(e,t)=>{he||(he=new WeakMap);let r=he.get(e);if(r?.[t])return r[t];let n=e.type==="public",o=!!n,a;if(e.asymmetricKeyType==="x25519"){switch(t){case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}a=e.toCryptoKey(e.asymmetricKeyType,o,n?[]:["deriveBits"]);}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}switch(e.asymmetricKeyType){case "ml-dsa-44":case "ml-dsa-65":case "ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case "RSA-OAEP":i="SHA-1";break;case "RS256":case "PS256":case "RSA-OAEP-256":i="SHA-256";break;case "RS384":case "PS384":case "RSA-OAEP-384":i="SHA-384";break;case "RS512":case "PS512":case "RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},o,n?["encrypt"]:["decrypt"]);a=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},o,[n?"verify":"sign"]);}if(e.asymmetricKeyType==="ec"){let s=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!s)throw new TypeError("given KeyObject instance cannot be used for this algorithm");t==="ES256"&&s==="P-256"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t==="ES384"&&s==="P-384"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t==="ES512"&&s==="P-521"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(a=e.toCryptoKey({name:"ECDH",namedCurve:s},o,n?[]:["deriveBits"]));}if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=a:he.set(e,{[t]:a}),a},er=async(e,t)=>{if(e instanceof Uint8Array||yt(e))return e;if(mt(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return wn(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return Qt(e,r,t)}if(Ce(e))return e.k?Ot(e.k):Qt(e,e,t,true);throw new Error("unreachable")};var be=e=>e?.[Symbol.toStringTag],ht=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case "sign":case "verify":n="sig";break;case "encrypt":case "decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(true){case(r==="sign"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n="unwrapKey":n=r;break;case(r==="encrypt"):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===false)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return  true},hn=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(Ce(t)){if(Zt(t)&&ht(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!wt(t))throw new TypeError(pt(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${be(t)} instances for symmetric algorithms must be of type "secret"`)}},bn=(e,t,r)=>{if(Ce(t))switch(r){case "decrypt":case "sign":if(Yt(t)&&ht(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case "encrypt":case "verify":if(Xt(t)&&ht(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!wt(t))throw new TypeError(pt(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${be(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case "sign":throw new TypeError(`${be(t)} instances for asymmetric algorithm signing must be of type "private"`);case "decrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm decryption must be of type "private"`);}if(t.type==="private")switch(r){case "verify":throw new TypeError(`${be(t)} instances for asymmetric algorithm verifying must be of type "public"`);case "encrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm encryption must be of type "public"`);}},tr=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e)||/^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e)?hn(e,t,r):bn(e,t,r);};var rr=(e,t)=>{let r=`SHA-${e.slice(-3)}`;switch(e){case "HS256":case "HS384":case "HS512":return {hash:r,name:"HMAC"};case "PS256":case "PS384":case "PS512":return {hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case "RS256":case "RS384":case "RS512":return {hash:r,name:"RSASSA-PKCS1-v1_5"};case "ES256":case "ES384":case "ES512":return {hash:r,name:"ECDSA",namedCurve:t.namedCurve};case "Ed25519":case "EdDSA":return {name:"Ed25519"};case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":return {name:e};default:throw new _(`alg ${e} is not supported either by JOSE or your javascript runtime`)}};var nr=async(e,t,r)=>{if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(Vt(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},false,[r])}return Nt(t,e,r),t};var ne=e=>Math.floor(e.getTime()/1e3);var Sn=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,Ve=e=>{let t=Sn.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),o;switch(n){case "sec":case "secs":case "second":case "seconds":case "s":o=Math.round(r);break;case "minute":case "minutes":case "min":case "mins":case "m":o=Math.round(r*60);break;case "hour":case "hours":case "hr":case "hrs":case "h":o=Math.round(r*3600);break;case "day":case "days":case "d":o=Math.round(r*86400);break;case "week":case "weeks":case "w":o=Math.round(r*604800);break;default:o=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-o:o};function le(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var v,Fe=class{constructor(t){O(this,v);if(!Be(t))throw new TypeError("JWT Claims Set MUST be an object");U(this,v,structuredClone(t));}data(){return Q.encode(JSON.stringify(y(this,v)))}get iss(){return y(this,v).iss}set iss(t){y(this,v).iss=t;}get sub(){return y(this,v).sub}set sub(t){y(this,v).sub=t;}get aud(){return y(this,v).aud}set aud(t){y(this,v).aud=t;}set jti(t){y(this,v).jti=t;}set nbf(t){typeof t=="number"?y(this,v).nbf=le("setNotBefore",t):t instanceof Date?y(this,v).nbf=le("setNotBefore",ne(t)):y(this,v).nbf=ne(new Date)+Ve(t);}set exp(t){typeof t=="number"?y(this,v).exp=le("setExpirationTime",t):t instanceof Date?y(this,v).exp=le("setExpirationTime",ne(t)):y(this,v).exp=ne(new Date)+Ve(t);}set iat(t){typeof t>"u"?y(this,v).iat=ne(new Date):t instanceof Date?y(this,v).iat=le("setIssuedAt",ne(t)):typeof t=="string"?y(this,v).iat=le("setIssuedAt",ne(new Date)+Ve(t)):y(this,v).iat=le("setIssuedAt",t);}};v=new WeakMap;var or=async(e,t,r)=>{let n=await nr(e,t,"sign");Gt(e,n);let o=await crypto.subtle.sign(rr(e,n.algorithm),n,r);return new Uint8Array(o)};var Te,D,G,Ge=class{constructor(t){O(this,Te);O(this,D);O(this,G);if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");U(this,Te,t);}setProtectedHeader(t){if(y(this,D))throw new TypeError("setProtectedHeader can only be called once");return U(this,D,t),this}setUnprotectedHeader(t){if(y(this,G))throw new TypeError("setUnprotectedHeader can only be called once");return U(this,G,t),this}async sign(t,r){if(!y(this,D)&&!y(this,G))throw new ee("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Ft(y(this,D),y(this,G)))throw new ee("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...y(this,D),...y(this,G)},o=zt(ee,new Map([["b64",true]]),r?.crit,y(this,D),n),a=true;if(o.has("b64")&&(a=y(this,D).b64,typeof a!="boolean"))throw new ee('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new ee('JWS "alg" (Algorithm) Header Parameter missing or invalid');tr(i,t,"sign");let s=y(this,Te);a&&(s=Q.encode(Ne(s)));let c;y(this,D)?c=Q.encode(Ne(JSON.stringify(y(this,D)))):c=Q.encode("");let u=Ht(c,Q.encode("."),s),l=await er(t,i),f=await or(i,l,u),p={signature:Ne(f),payload:""};return a&&(p.payload=me.decode(s)),y(this,G)&&(p.header=y(this,G)),y(this,D)&&(p.protected=me.decode(c)),p}};Te=new WeakMap,D=new WeakMap,G=new WeakMap;var Se,qe=class{constructor(t){O(this,Se);U(this,Se,new Ge(t));}setProtectedHeader(t){return y(this,Se).setProtectedHeader(t),this}async sign(t,r){let n=await y(this,Se).sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return `${n.protected}.${n.payload}.${n.signature}`}};Se=new WeakMap;var oe,M,fe=class{constructor(t={}){O(this,oe);O(this,M);U(this,M,new Fe(t));}setIssuer(t){return y(this,M).iss=t,this}setSubject(t){return y(this,M).sub=t,this}setAudience(t){return y(this,M).aud=t,this}setJti(t){return y(this,M).jti=t,this}setNotBefore(t){return y(this,M).nbf=t,this}setExpirationTime(t){return y(this,M).exp=t,this}setIssuedAt(t){return y(this,M).iat=t,this}setProtectedHeader(t){return U(this,oe,t),this}async sign(t,r){let n=new qe(y(this,M).data());if(n.setProtectedHeader(y(this,oe)),Array.isArray(y(this,oe)?.crit)&&y(this,oe).crit.includes("b64")&&y(this,oe).b64===false)throw new xe("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};oe=new WeakMap,M=new WeakMap;var Rn=e=>btoa(String.fromCharCode(...new Uint8Array(e))).replaceAll("+","-").replaceAll("/","_").replaceAll("=",""),ze=async e=>{let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Rn(r)},N=async e=>{let{method:t,url:r,nonce:n,ath:o,privateKey:a,publicJwk:i}=e,s={htm:t.toUpperCase(),htu:r,jti:crypto.randomUUID(),iat:Math.floor(Date.now()/1e3)};return n&&(s.nonce=n),o&&(s.ath=o),await new fe(s).setProtectedHeader({alg:"ES256",typ:"dpop+jwt",jwk:i}).sign(a)};var W=async e=>{let t={crv:e.crv,kty:"EC",x:e.x,y:e.y},r=JSON.stringify(t),n=new TextEncoder().encode(r),o=await crypto.subtle.digest("SHA-256",n);return btoa(String.fromCharCode(...new Uint8Array(o))).replaceAll("+","-").replaceAll("/","_").replaceAll("=","")};async function de(e){let{rootPrivateKey:t,rootPublicJwk:r,childJkt:n,clientId:o,sid:a,ttlSec:i=300}=e,s=Math.floor(Date.now()/1e3),c=s+Math.max(60,Math.min(i,3600)),u={child_jkt:n,client_id:o,aud:"issuer",iat:s,exp:c,jti:crypto.randomUUID()};return a&&(u.sid=a),await new fe(u).setProtectedHeader({alg:"ES256",typ:"pode+jwt",jwk:r}).sign(t)}function Je(e,t=300){return e.replace(/<[^>]*>/g,"").slice(0,t)}async function Ie(e){let t=e.status,r=Array.from(e.headers.keys()).some(s=>s.toLowerCase().startsWith("x-amzn-waf")),n,o,a=e.headers.get("content-type")||"";if(a.includes("application/json"))try{let s=await e.clone().json();n=typeof s?.error=="string"?s.error:void 0,o=typeof s?.detail=="string"?s.detail:void 0;}catch{}let i=t===403&&!r&&!a.includes("application/json");return {status:t,code:n,detail:o,waf:r,alb403:i}}function pe(e,t){let r=new Error(e);return r.status=t.status,r.code=t.code,r.detail=t.detail,r.waf=t.waf,r.alb403=t.alb403,r}var Re={boundWallet:null,clientId:null,jkt:null,refreshId:null,lastPolicyHash:null,lastPolicyProof:null,lastHost:null,rootJkt:null},bt=react.createContext(void 0);function ur(e){try{return JSON.parse(localStorage.getItem(e)||"null")??Re}catch{return Re}}function En(e,t){try{localStorage.setItem(e,JSON.stringify(t));}catch{}}var St=({children:e,clientId:t})=>{let[r,n]=react.useState(Re),o=react.useRef(false),[a,i]=react.useState(false),s=react.useMemo(()=>Ae(t),[t]);react.useEffect(()=>{let d=true;return (async()=>{let I=await C(s)??await C($e)??ur(s);d&&(n({...Re,...I}),o.current=true,i(true));})(),()=>{d=false;}},[s]),react.useEffect(()=>{o.current&&(async()=>(await g(s,r),En(s,r)))();},[r,s]);let c=react.useCallback(d=>n(w=>({...w,refreshId:d})),[]),u=react.useCallback(d=>n(w=>({...w,lastPolicyHash:d})),[]),l=react.useCallback(d=>n(w=>({...w,lastPolicyProof:d})),[]),f=react.useCallback(d=>n(w=>({...w,lastHost:d})),[]),p=react.useCallback(d=>n(w=>({...w,rootJkt:d})),[]),h=async()=>{try{let d=localStorage.getItem(s);if(d){let w=JSON.parse(d);if(typeof w?.refreshId=="string"&&w.refreshId)return w.refreshId}}catch{}try{let d=await C(s);if(typeof d?.refreshId=="string"&&d.refreshId)return d.refreshId}catch{}return null},m=react.useCallback(d=>n(w=>({...w,boundWallet:d})),[]),R=react.useCallback(d=>n(w=>({...w,clientId:d})),[]),k=react.useCallback(d=>n(w=>({...w,jkt:d})),[]),P=react.useCallback(()=>n(Re),[]),b=react.useCallback(async()=>{let w=await C(s)??ur(s);n({...Re,...w});},[]),S=react.useMemo(()=>({meta:r,setBoundWallet:m,setClientId:R,setJkt:k,resetMeta:P,reload:b,setRefreshId:c,getRefreshId:h,ready:a,setLastPolicyHash:u,setLastPolicyProof:l,setLastHost:f,setRootJkt:p}),[r,m,R,k,P,b,a,c,h,u,l,f,p]);return jsxRuntime.jsx(bt.Provider,{value:S,children:e})};function Rt(){let e=react.useContext(bt);if(!e)throw new Error("useMeta must be used within <MetaProvider>");return e}var fr=`${x}:wrap`;async function Ye(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!1,["sign","verify"]),t=`${x}:probe_safe`;await g(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await C(t);return await g(t,void 0),!!(r&&r.privKey)}catch{return  false}}async function Kn(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!0,["sign","verify"]),t=`${x}:probe`;await g(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await C(t);return await g(t,void 0),!!(r&&r.privKey)}catch{return  false}}function ke(e){let t={...e};return delete t.d,t.kty="EC",t.crv=E,t.alg=Ke,t.use="sig",t}async function dr(){let e=await C(fr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await g(fr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function gt(e){let t=await dr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function An(e,t){let r=await dr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var kt=()=>{let e=react.useRef(null),t=react.useRef(null),r=react.useCallback(async()=>{let c=await C(x);if(!c)return  false;if(c.fmt==="cryptokey"){let l=c;if(!l.privKey)return await g(x,void 0),false;let f=l.privKey;try{if(f.extractable&&await Ye()){let h=await crypto.subtle.exportKey("jwk",f),m=await crypto.subtle.importKey("jwk",h,{name:"ECDSA",namedCurve:E},!1,["sign"]),R={fmt:"cryptokey",privKey:m,pubJwk:ke(l.pubJwk)};await g(x,R),f=m;}}catch{}return e.current=f,t.current=ke(l.pubJwk),true}if(c.fmt==="encjwk"){let l=c;try{let f=await An(l.encPrivJwk,l.iv),p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},!1,["sign"]);return e.current=p,t.current=ke(l.pubJwk),!0}catch{return await g(x,void 0),false}}let u=c;if(u&&u.d){let{d:l,...f}=u,p=ke(f),h=await Ye(),m=h||await Kn();if(m&&h){let b=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);return await g(x,{fmt:"cryptokey",privKey:b,pubJwk:p}),e.current=b,t.current=p,true}if(m){let b=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},true,["sign"]);return await g(x,{fmt:"cryptokey",privKey:b,pubJwk:p}),e.current=b,t.current=p,true}let{encPrivJwk:R,iv:k}=await gt(u);await g(x,{fmt:"encjwk",encPrivJwk:R,iv:k,pubJwk:p});let P=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);return e.current=P,t.current=p,true}return await g(x,void 0),false},[]),n=react.useCallback(async(c,u)=>{await g(x,{fmt:"cryptokey",privKey:c,pubJwk:u});},[]),o=react.useCallback(async(c,u)=>{let{encPrivJwk:l,iv:f}=await gt(c);await g(x,{fmt:"encjwk",encPrivJwk:l,iv:f,pubJwk:u});},[]),a=react.useCallback(async()=>{if(e.current&&t.current||await r())return;let c=await Ye(),u=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",u.publicKey)),f=await crypto.subtle.exportKey("jwk",u.privateKey);if(c){let p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);await n(p,l),e.current=p,t.current=l;}else {await o(f,l);let p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=p,t.current=l;}},[r,n,o]),i=react.useCallback(async()=>{let c=await Ye(),u=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",u.publicKey)),f=await crypto.subtle.exportKey("jwk",u.privateKey);if(c){let p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);await g(x,{fmt:"cryptokey",privKey:p,pubJwk:l}),e.current=p,t.current=l;}else {let{encPrivJwk:p,iv:h}=await gt(f);await g(x,{fmt:"encjwk",encPrivJwk:p,iv:h,pubJwk:l});let m=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=m,t.current=l;}},[]),s=react.useCallback(async()=>{await g(x,void 0),e.current=null,t.current=null;},[]);return {ensureKeypair:a,rotate:i,clear:s,privRef:e,pubJwkRef:t}};var z="sunbreak_root_key_v1",yr=`${z}:wrap`;async function mr(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!1,["sign","verify"]),t=`${z}:probe_safe`;await g(t,{fmt:"cryptokey",privKey:e.privateKey,createdAt:Date.now(),pubJwk:{}});let r=await C(t);return await g(t,void 0),!!(r&&r.privKey)}catch{return  false}}function Xe(e){let t={...e};return delete t.d,t.kty="EC",t.crv=E,t.alg=Ke,t.use="sig",t}async function wr(){let e=await C(yr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await g(yr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function xn(e){let t=await wr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function Cn(e,t){let r=await wr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var Pt=()=>{let e=react.useRef(null),t=react.useRef(null),r=react.useCallback(async()=>{let a=await C(z);if(!a)return  false;if(a.fmt==="cryptokey"){let i=a;if(!i.privKey)return await g(z,void 0),false;let s=i.privKey;try{if(s.extractable&&await mr()){let u=await crypto.subtle.exportKey("jwk",s),l=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},!1,["sign"]),f={fmt:"cryptokey",privKey:l,pubJwk:Xe(i.pubJwk),createdAt:i.createdAt};await g(z,f),s=l;}}catch{}return e.current=s,t.current=Xe(i.pubJwk),true}if(a.fmt==="encjwk"){let i=a;try{let s=await Cn(i.encPrivJwk,i.iv),c=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:E},!1,["sign"]);return e.current=c,t.current=Xe(i.pubJwk),!0}catch{return await g(z,void 0),false}}return await g(z,void 0),false},[]),n=react.useCallback(async()=>{if(e.current&&t.current||await r())return;let a=await mr(),i=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),s=Xe(await crypto.subtle.exportKey("jwk",i.publicKey)),c=Date.now(),u=await crypto.subtle.exportKey("jwk",i.privateKey);if(a){let l=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);await g(z,{fmt:"cryptokey",privKey:l,pubJwk:s,createdAt:c}),e.current=l,t.current=s;}else {let{encPrivJwk:l,iv:f}=await xn(u);await g(z,{fmt:"encjwk",encPrivJwk:l,iv:f,pubJwk:s,createdAt:c});let h=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=h,t.current=s;}},[r]),o=react.useCallback(async()=>{await g(z,void 0),e.current=null,t.current=null;},[]);return {ensureRootKeypair:n,clear:o,rootPrivRef:e,rootPubJwkRef:t}};var Tn=()=>crypto.randomUUID(),hr=e=>{let{clientId:t,wallet:r,base:n="https://api.tdfc.com",fetchImpl:o,timeoutMs:a=15e3,proof:i=null,providerAdapter:s,refreshDeps:c=[]}=e,u=st(n),l=typeof window<"u"?(o??fetch).bind(window):o??fetch,{meta:f,setBoundWallet:p,setJkt:h,setRefreshId:m,getRefreshId:R,setLastPolicyHash:k,setLastPolicyProof:P,setLastHost:b,setRootJkt:S,ready:d}=Rt(),{ensureRootKeypair:w,rootPrivRef:I,rootPubJwkRef:L}=Pt(),We=react.useCallback(async()=>{await w();try{if(!f.rootJkt&&L.current){let ce=await W(L.current);S(ce);}}catch{}},[w,f.rootJkt,L]),{ensureKeypair:te,rotate:Ee,privRef:A,pubJwkRef:Le}=kt(),[He,xt]=react.useState(false),[J,V]=react.useState(0),[j,Z]=react.useState(null),[ie,re]=react.useState(null),[et,tt]=react.useState(null),[rt,Ar]=react.useState(null),[xr,Cr]=react.useState(null),[Tr,Jr]=react.useState(null),Ir=react.useRef(null),_r=react.useRef(null),Dr=react.useRef(null),Wr=react.useRef(null),Lr=react.useRef(null),Hr=react.useRef(null),Mr=react.useRef(null),jr=react.useRef(false),Or=react.useRef(false),Ur=react.useRef(void 0),Me=react.useRef(false),nt=react.useRef(false),Ct=react.useRef(null),se=react.useRef(null);se.current||(se.current=new Promise(ce=>{Ct.current=ce;}));let ot=react.useRef(null),$r=react.useRef(i),Nr=react.useRef(null),je=react.useRef(null),Tt=react.useRef(null),Oe=react.useRef(null),Jt=()=>Date.now(),Br=()=>(Oe.current??0)>0&&Oe.current<Jt(),at=react.useCallback((ce,Yr=15e3)=>{let It=Tn();return je.current=It,Tt.current=ce,Oe.current=Jt()+Math.max(1e3,Yr),It},[]),Vr=react.useCallback(()=>((!je.current||Br())&&at("adhoc",1e4),je.current),[at]),it=react.useRef(null),Ue=react.useRef(null);Ue.current||(Ue.current=new Promise(ce=>{it.current=ce;}));let Fr=react.useCallback(async()=>{!Me.current&&Ue.current&&await Ue.current;},[]),Gr=react.useCallback(()=>{Me.current||(Me.current=true,it.current?.(),it.current=null);},[]),qr=react.useCallback(async()=>{!nt.current&&se.current&&await se.current;},[]),zr=react.useCallback(async()=>{!nt.current&&se.current&&await se.current,ot.current&&await ot.current;},[]);return {clientId:t,wallet:r,baseUrl:u,fetchImpl:l,timeoutMs:a,providerAdapter:s,refreshDeps:c,ensureKeypair:te,rotate:Ee,ensureRootKeypair:We,rootPrivRef:I,rootPubJwkRef:L,privRef:A,pubJwkRef:Le,meta:f,setBoundWallet:p,setJkt:h,setRefreshId:m,accessTokenRef:Dr,tokenExpRef:Wr,authenticated:He,setAuthenticated:xt,loadingCount:J,setLoadingCount:V,error:j,setError:Z,allowed:ie,setAllowed:re,denyReason:et,setDenyReason:tt,sessionExpiry:rt,setSessionExpiry:Ar,sessionData:xr,setSessionData:Cr,verifyData:Tr,setVerifyData:Jr,authWalletRef:_r,refreshLock:Lr,registerLock:Hr,sessionLock:Mr,didInitialRefresh:jr,didInitialSession:Or,prevWalletRef:Ur,initResolvedRef:nt,initReady:se,initResolveRef:Ct,rotateLock:ot,waitReady:qr,awaitKeyStable:zr,proofRef:$r,registerCooldownUntilRef:Ir,reqIdRef:je,flowLabelRef:Tt,flowExpireRef:Oe,beginFlow:at,currentReqId:Vr,awaitProbe:Fr,markProbed:Gr,hasProbedRef:Me,getRefreshId:R,setLastPolicyHash:k,setLastPolicyProof:P,setLastHost:b,setRootJkt:S,metaReady:d,probeLock:Nr}};var B=e=>e.accessTokenRef.current??null,Y=e=>{let t=e.privRef.current;if(!t)throw new Error("Sunbreak: private key not initialized");return t},T=e=>{let t=e.pubJwkRef.current;if(!t)throw new Error("Sunbreak: public JWK not initialized");return t};var Jn=(e,t)=>`${e.toUpperCase()} ${t}`;async function _e(e,t,r){if(!t)return  false;let n=_e._nonceCacheRef||(_e._nonceCacheRef={map:new Map});try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair(),e.setError(null),e.beginFlow("register",2e4);let o;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let d=await W(e.rootPubJwkRef.current);e.setRootJkt?.(d);}catch{}let b=await W(T(e)),S=await e.getRefreshId();o=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:b,clientId:e.clientId,sid:S||void 0,ttlSec:300});}}catch{}let a=e.currentReqId(),i="/auth/register",s=`${e.baseUrl}${i}`,c=new URL(e.baseUrl).origin,u="POST",l=`${c}${i}`,f=Jn(u,l),p=n.map.get(f),h=await N({method:u,url:l,nonce:p,privateKey:Y(e),publicJwk:T(e)}),m=async b=>e.fetchImpl(s,{method:u,headers:{"content-type":"application/json","x-sunbreak-meta":$(e,{reqId:a,pode:o||void 0}),...b},credentials:"include",body:JSON.stringify({wallet:t,proof:r})}),R=await m({DPoP:h}),k=b=>{let S=b.headers.get("dpop-nonce");S&&n.map.set(f,S);};if(R.status===401){let b=R.headers.get("www-authenticate"),d=(b&&b.match(/dpop-nonce="([^"]+)"/i))?.[1];if(d){n.map.set(f,d);let w=await N({method:u,url:l,nonce:d,privateKey:Y(e),publicJwk:T(e)});R=await m({DPoP:w});}}if(k(R),!R.ok){let b=await Ie(R);if((R.headers.get("content-type")||"").includes("application/json")){let d;try{d=await R.clone().json();}catch{}let w=Je(d&&(d.error||d.message||d.detail)||`HTTP ${R.status}`);throw pe(w,b)}else {let d=b.waf?"Blocked by WAF (403)":b.alb403?"Blocked at origin (ALB 403)":`HTTP ${R.status}`;throw pe(d,b)}}let P=await R.json();e.accessTokenRef.current=P.access,e.authWalletRef.current=t.toLowerCase(),e.setAuthenticated(!0);try{let b=Math.floor(Date.now()/1e3);e.tokenExpRef.current=b+(P.expiresIn??0);}catch{}e.didInitialRefresh.current=!0,e.setBoundWallet(t),e.setLastPolicyHash(null),e.setLastPolicyProof(null);try{e.setJkt(await W(T(e)));}catch{}try{let b={...e.meta,boundWallet:t,clientId:e.meta.clientId??e.clientId,jkt:e.meta.jkt??null,refreshId:P.refreshId??null};e.setRefreshId(P.refreshId??null);let S=Ae(e.clientId);await g(S,b);try{localStorage.setItem(S,JSON.stringify(b));}catch{}}catch{}return !0}catch(o){let a=Number(o?.status||0),i=String(o?.code||""),s=String(o?.message||""),c=Math.floor(Math.random()*1e3);if((a===401||a===403)&&i.toLowerCase()==="replay"){if(e.providerAdapter)try{let u=await e.providerAdapter.getToken()??null;if(u)return await e.awaitKeyStable(),await e.ensureKeypair(),await e.rotate(),e.proofRef.current=await Pe(e.providerAdapter,u),e.registerCooldownUntilRef.current=Date.now()+5e3+c,!1}catch{}else return e.proofRef.current=null,e.setError("Proof replayed; please sign a fresh proof."),e.registerCooldownUntilRef.current=Date.now()+1e4+c,false;return e.registerCooldownUntilRef.current=Date.now()+8e3+c,false}if(a===403&&(o?.waf||o?.alb403))return e.setError(s||"Forbidden at edge/origin"),e.registerCooldownUntilRef.current=Date.now()+3e4+c,false;if(a===403)return e.setError(i||s||"Forbidden"),e.registerCooldownUntilRef.current=Date.now()+15e3+c,false;if(a===429||a===503){e.setError(i||s||"Rate limited / unavailable");let u=a===429?5e3:8e3;return e.registerCooldownUntilRef.current=Date.now()+u+c,false}return e.setError(i||s||"Register failed"),e.registerCooldownUntilRef.current=Date.now()+5e3+c,false}}var In=(e,t)=>`${e.toUpperCase()} ${t}`;function Ze(e){if(e.refreshLock.current)return e.refreshLock.current;if(e.registerLock.current){let t=e.registerLock.current.then(()=>{if(e.authenticated&&B(e))return  true;if(B(e)){let n=e.tokenExpRef.current,o=Math.floor(Date.now()/1e3);if(!!n&&n-o>5)return  true}return  false});return e.refreshLock.current=t.finally(()=>{e.refreshLock.current=null;}),e.refreshLock.current}return e.refreshLock.current=(async()=>{try{if(await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),e.wallet&&e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return e.accessTokenRef.current=null,e.setAuthenticated(!1),!1;let t=B(e);if(t){let S=e.tokenExpRef.current,d=Math.floor(Date.now()/1e3);if(!!t&&!!S&&S-d>5)return !0}e.beginFlow("refresh",15e3);let r=e.currentReqId();await e.ensureKeypair();let n;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let w=await W(e.rootPubJwkRef.current);e.setRootJkt?.(w);}catch{}let S=await W(T(e)),d=await e.getRefreshId();n=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:S,clientId:e.clientId,sid:d||void 0,ttlSec:300});}}catch{}let o="/auth/refresh",a=`${e.baseUrl}${o}`,i=new URL(e.baseUrl).origin,s="POST",c=`${i}${o}`,u=In(s,c),l=Ze._nonceCacheRef||(Ze._nonceCacheRef={map:new Map}),f=async S=>await N({method:s,url:c,nonce:S,privateKey:Y(e),publicJwk:T(e)}),p=await e.getRefreshId(),h={"x-sunbreak-meta":$(e,{reqId:r,refreshId:p||void 0,pode:n||void 0}),"content-type":"application/json"},m=async S=>e.fetchImpl(a,{method:s,headers:{DPoP:S,...h},credentials:"include",body:"{}"}),R=S=>{let d=S.headers.get("dpop-nonce");d&&l.map.set(u,d);},k=await m(await f(l.map.get(u)));if(k.status===401){let S=k.headers.get("www-authenticate"),w=(S&&S.match(/dpop-nonce="([^"]+)"/i))?.[1];w&&(l.map.set(u,w),k=await m(await f(w)));}if(R(k),!k.ok){try{if((k.headers.get("content-type")||"").includes("application/json")){let d=await k.clone().json().catch(()=>{}),w=d&&(d.error||d.code||d.message)||"",I=String(w).toLowerCase();if(I.includes("missing")&&I.includes("refresh")){try{e.setRefreshId?.(null);}catch{}try{e.setBoundWallet?.(null);}catch{}e.accessTokenRef.current=null,e.setAuthenticated(!1);}}}catch{}return !1}let P=await k.json();e.accessTokenRef.current=P.access,e.setAuthenticated(!0);let b=(e.wallet&&(!e.meta.boundWallet||e.meta.boundWallet===e.wallet)?e.wallet:e.meta.boundWallet)||null;e.authWalletRef.current=b?b.toLowerCase():null;try{let S=Math.floor(Date.now()/1e3);e.tokenExpRef.current=S+(P.expiresIn??0);}catch{}try{e.setJkt(await W(T(e)));}catch{}return P.refreshId&&e.setRefreshId(P.refreshId),!0}finally{e.refreshLock.current=null;}})(),e.refreshLock.current}var _n=(e,t)=>`${e.toUpperCase()} ${t}`,vt=new Map,De;try{let e=globalThis;De=e.__sunbreak_page_probe_guard??(e.__sunbreak_page_probe_guard=new Set);}catch{De=new Set;}var Dn=e=>{try{let t=new URL(e.baseUrl).origin;return `${e.clientId}::${t}`}catch{return `${e.clientId}::${e.baseUrl}`}};async function br(e){let t=Dn(e);if(e.probeLock.current){await e.probeLock.current,e.markProbed();return}if(e.hasProbedRef.current){e.markProbed();return}if(De.has(t)){e.markProbed();return}De.add(t);let r=(async()=>{let n=new URL(e.baseUrl).origin;try{if(await e.awaitKeyStable(),await e.ensureKeypair(),!e.rootPrivRef.current)try{await e.ensureRootKeypair();}catch{}let o;if(e.rootPrivRef.current&&e.rootPubJwkRef.current)try{let m=await W(T(e));o=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:m,clientId:e.clientId,ttlSec:300});}catch{}let a="POST",i="/auth/probe",s=`${e.baseUrl}${i}`,c=`${n}${i}`,u=_n(a,c),l=async m=>N({method:a,url:c,nonce:m,privateKey:Y(e),publicJwk:T(e)}),f=async m=>e.fetchImpl(s,{method:a,headers:{DPoP:m,"x-sunbreak-meta":$(e,{pode:o}),"content-type":"application/json"},credentials:"include",body:"{}"}),p=m=>{let R=m.headers.get("dpop-nonce");R&&vt.set(u,R);},h=await f(await l(vt.get(u)));if(p(h),h.status===401){let m=h.headers.get("www-authenticate"),k=(m&&m.match(/dpop-nonce="([^"]+)"/i))?.[1];k&&(vt.set(u,k),h=await f(await l(k)),p(h));}}catch{try{De.delete(t);}catch{}}finally{e.markProbed();}})();e.probeLock.current=r;try{await r;}finally{e.probeLock.current=null;}}var Sr=e=>{let t=react.useCallback(()=>Ze(e),[e]),r=react.useCallback(async()=>{let o=Date.now(),a=e.registerCooldownUntilRef.current??0;if(o<a||!e.wallet||!e.initResolvedRef.current||e.refreshLock.current||e.registerLock.current)return;let i=e.wallet,s=e.meta.boundWallet;if(i&&s&&i.toLowerCase()===s.toLowerCase()&&!e.didInitialRefresh.current)return;let u=e.proofRef.current;!u||!(!B(e)||e.meta.boundWallet!==e.wallet)||(await e.awaitKeyStable(),e.registerLock.current=(async()=>{try{await _e(e,e.wallet,u)&&(e.didInitialSession.current=!0);}catch(p){e.setError(p?.message||String(p)||"Register failed");}finally{e.registerLock.current=null;}})());},[e]),n=react.useCallback(async o=>{let a=()=>(e.registerCooldownUntilRef.current??0)>Date.now();if(!e.providerAdapter||a())return;let i=await Pe(e.providerAdapter,o);e.proofRef.current=i;},[e]);return {refresh:t,register:(o,a)=>_e(e,o,a),attemptRegister:r,setProofFromAdapterToken:n}};var Wn=(e,t)=>`${e.toUpperCase()} ${t}`,Ln=(e,t)=>!!e&&!!t&&e.toLowerCase()===t.toLowerCase();async function Qe(e,t,r,n,o,a={}){e.setLoadingCount(u=>u+1),e.setError(null);let i=n.startsWith("/api/session"),s=new AbortController,c=setTimeout(()=>s.abort(),e.timeoutMs);try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair();let l=`${i?ut(e):e.baseUrl}${n.startsWith("/")?"":"/"}${n}`,p=`${new URL(e.baseUrl).origin}${n.startsWith("/")?"":"/"}${n}`,h=Wn(r,p),m=n.startsWith("/auth/"),R=!1,k=!1,P=e.currentReqId(),b=Qe._nonceCacheRef||(Qe._nonceCacheRef={map:new Map}),S=J=>{let V=J.headers.get("dpop-nonce");V&&b.map.set(h,V);},d=!!e.wallet&&!!e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase(),w=()=>m||!e.wallet?!1:!!(e.authenticated||Ln(e.wallet,e.meta.boundWallet)||typeof e.meta.refreshId=="string"&&e.meta.refreshId),I,L,We=async()=>{if(m||d)return;try{let ie=B(e),re=e.tokenExpRef.current,et=Math.floor(Date.now()/1e3),tt=!!re&&re-et<=60;if(ie){if(tt&&!await t().catch(()=>!1))return}else if(!w()||!await t().catch(()=>!1))return}catch{}let J=B(e);if(!J)return;let V=await ze(J),j=b.map.get(h),Z=await N({method:r,url:p,nonce:j,ath:V,privateKey:Y(e),publicJwk:T(e)});I=`Bearer ${e.accessTokenRef.current}`,L=Z;};await We();let te={"content-type":"application/json","x-sunbreak-auth":I||"","x-sunbreak-meta":$(e,{reqId:P,auth:I,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0}),...lt(a.headers)};L&&(te.DPoP=L);let Ee=async()=>e.fetchImpl(l,{...a,method:r,headers:te,body:o!==void 0?JSON.stringify(o):void 0,credentials:"include",signal:s.signal}),A=await Ee(),Le=A.headers.get("x-sunbreak-policy-hash"),He=A.headers.get("x-sunbreak-policy-proof");if(Le&&e.setLastPolicyHash(Le),He&&e.setLastPolicyProof(He),S(A),A.status===401&&!m){let J=B(e),V=A.headers.get("www-authenticate"),Z=(V&&V.match(/dpop-nonce="([^"]+)"/i))?.[1];if(!d&&Z&&J&&!k){k=!0,b.map.set(h,Z);let ie=await ze(J),re=await N({method:r,url:p,nonce:Z,ath:ie,privateKey:Y(e),publicJwk:T(e)});I=`Bearer ${e.accessTokenRef.current}`,L=re,te["x-sunbreak-meta"]=$(e,{reqId:P,auth:I}),te.DPoP=L,A=await Ee(),S(A);}if(A.status===401&&!R&&(R=!0,!d&&w())){let ie=await t(),re=B(e);ie&&re&&!d&&(await We(),te["x-sunbreak-meta"]=$(e,{reqId:P,auth:I}),L&&(te.DPoP=L),A=await Ee(),S(A));}if(A.status===401)throw new Error("Unauthorized")}if(!A.ok){let J=await Ie(A);if((A.headers.get("content-type")||"").includes("application/json")){let j=await A.json().catch(()=>{}),Z=Je(j&&(j.error||j.message||j.detail)||`HTTP ${A.status}`);throw pe(Z,J)}else {let j=J.waf?"Blocked by WAF (403)":J.alb403?"Blocked at origin (ALB 403)":`HTTP ${A.status}`;throw pe(j,J)}}return (A.headers.get("content-type")||"").includes("application/json")?await A.json():void 0}finally{clearTimeout(c),e.setLoadingCount(u=>Math.max(0,u-1));}}var Rr=(e,t)=>react.useCallback(async(r,n,o,a={})=>Qe(e,t,r,n,o,a),[e,t]);async function gr(e,t){let r=await t("GET","/api/session");if(r){e.setAllowed(!!r.allowed),e.setDenyReason(r.reason??null),e.setSessionData(r),e.setSessionExpiry(r.expiry??null);let n=r?.wallet;typeof n=="string"&&n&&e.setBoundWallet(n.toLowerCase());}return r}async function kr(e,t){let r=await t("GET","/api/verify");return r&&(e.setSessionExpiry(r.expiry??null),e.setVerifyData(r)),r}var Pr=(e,t)=>{let r=react.useCallback(async()=>{if(e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet))return e.sessionLock.current||(e.sessionLock.current=(async()=>{try{return await gr(e,t)}finally{e.sessionLock.current=null;}})()),e.sessionLock.current},[e,t]),n=react.useCallback(async()=>{if(e.wallet)return await kr(e,t)},[e,t]);return {session:r,verify:n}};var vr=(e,t)=>{let{refresh:r,session:n,attemptRegister:o,setProofFromAdapterToken:a,proofProp:i}=t;react.useEffect(()=>{return (async()=>{try{await e.waitReady(),await e.awaitKeyStable(),await e.ensureRootKeypair(),await br(e);}catch{}})(),()=>{}},[]);let s=()=>(e.registerCooldownUntilRef.current??0)>Date.now();react.useEffect(()=>{let c=e.prevWalletRef.current;if(e.prevWalletRef.current=e.wallet,e.wallet!==c&&(e.didInitialRefresh.current=false),!e.wallet){e.setAllowed(null),e.setDenyReason(null),e.setSessionExpiry(null),e.setSessionData(null),e.setAuthenticated(false),e.accessTokenRef.current=null,e.proofRef.current=null,e.setError(null),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.didInitialRefresh.current=false;return}c&&e.wallet&&c!==e.wallet&&(e.rotateLock.current=(async()=>{await e.rotate(),e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}));},[e.wallet]),react.useEffect(()=>{if(!e.providerAdapter||s()||!e.metaReady)return;let c=e.wallet,u=e.meta.boundWallet;if(c&&u&&c.toLowerCase()===u.toLowerCase()&&!e.didInitialRefresh.current)return;let l=false;return (async()=>{try{let f=await e.providerAdapter.getToken()??null;if(await e.awaitKeyStable(),l||!f)return;await a(f),await o();}catch{}})(),()=>{l=true;}},[e.providerAdapter,e.wallet,e.meta.boundWallet,e.metaReady,e.registerCooldownUntilRef,e.didInitialRefresh,...e.refreshDeps]),react.useEffect(()=>{if(typeof i<"u"&&(e.proofRef.current=i??null),!e.metaReady)return;let c=e.wallet,u=e.meta.boundWallet;if(c&&u&&c.toLowerCase()===u.toLowerCase()&&!e.didInitialRefresh.current)return;let f=!!c,p=!!e.proofRef.current,h=!!c&&!!e.authWalletRef.current&&c.toLowerCase()!==e.authWalletRef.current.toLowerCase();f&&p&&!e.authenticated&&!h&&e.initResolvedRef.current&&!s()&&o();},[i,e.wallet,e.authenticated,e.meta.boundWallet,e.metaReady,e.providerAdapter,e.initResolvedRef,e.didInitialRefresh,o]),react.useEffect(()=>{let c=e.wallet,u=e.meta.boundWallet,l=!!(u||e.meta.refreshId);if(!e.metaReady||e.didInitialRefresh.current)return;let f=true;return (async()=>{try{if(await e.waitReady(),e.accessTokenRef.current||e.authenticated){e.didInitialRefresh.current=!0,c&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());return}let p=!!c&&!l,h=!c&&!l;if(l&&!c){e.didInitialRefresh.current=!0;return}if(p||h){e.didInitialRefresh.current=!0;return}if(c&&u&&c.toLowerCase()!==u.toLowerCase()){e.didInitialRefresh.current=!0;return}e.didInitialRefresh.current=!0;let m=await r();if(!f)return;e.setAuthenticated(m),m&&c&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());}catch(p){if(!f)return;e.didInitialRefresh.current=true,e.setAuthenticated(false),e.setError(p?.message||String(p)||"Unknown error");}})(),()=>{f=false;}},[e.wallet,e.meta.boundWallet,e.meta.refreshId,e.metaReady,e.didInitialRefresh,r,n]),react.useEffect(()=>{e.initResolvedRef.current||(async()=>{if(await e.ensureKeypair(),!e.wallet){e.initResolvedRef.current=true,e.initResolveRef.current?.();return}e.meta.boundWallet&&e.meta.boundWallet!==e.wallet&&(e.rotateLock.current=(async()=>{e.accessTokenRef.current=null,e.setAuthenticated(false);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}),e.rotateLock.current&&await e.rotateLock.current),e.initResolvedRef.current=true,e.initResolveRef.current?.();})();},[e]),react.useEffect(()=>{(async()=>{if(e.authenticated&&e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)&&!e.didInitialSession.current){e.didInitialSession.current=true;try{await n();}catch(c){e.setError(c?.message||String(c));}}})();},[e.authenticated,e.wallet,e.meta.boundWallet,n]),react.useEffect(()=>{e.wallet&&e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase()&&(e.accessTokenRef.current=null,e.setAuthenticated(false));},[e.wallet,e.authWalletRef.current]),react.useEffect(()=>{let u=()=>{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return  false;let p=e.tokenExpRef.current;if(!p)return  false;let h=Math.floor(Date.now()/1e3);return p-h<=30},l=async()=>{try{u()&&await r();}catch{}},f=async()=>{document.visibilityState==="visible"&&await l();};return window.addEventListener("focus",l),document.addEventListener("visibilitychange",f),()=>{window.removeEventListener("focus",l),document.removeEventListener("visibilitychange",f);}},[e,r]),react.useEffect(()=>{let l=()=>{let h=Math.floor(Date.now()/1e3),m=e.tokenExpRef.current,R=e.sessionExpiry,k=!!m&&m-h<=30&&m-h>0,P=!!R&&R-h<=3600&&R-h>0;return {tokenSoon:k,sessionSoon:P}},f=async()=>{try{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return;let{tokenSoon:h,sessionSoon:m}=l();(h||m)&&await r()&&m&&await n();}catch{}},p=async()=>{document.visibilityState==="visible"&&await f();};return window.addEventListener("focus",f),document.addEventListener("visibilitychange",p),()=>{window.removeEventListener("focus",f),document.removeEventListener("visibilitychange",p);}},[e,e.sessionExpiry,r,n]);};var Kr=react.createContext(void 0),Un=e=>{let t=hr(e),{refresh:r,attemptRegister:n,setProofFromAdapterToken:o}=Sr(t),a=Rr(t,r),{session:i,verify:s}=Pr(t,a);vr(t,{refresh:r,session:i,attemptRegister:n,setProofFromAdapterToken:o,proofProp:e.proof});let c=react.useMemo(()=>({get:(u,l)=>a("GET",u,void 0,l),post:(u,l,f)=>a("POST",u,l,f),verify:s,session:i,refresh:r,authenticated:t.authenticated,loading:t.loadingCount>0,error:t.error,allowed:t.allowed,denyReason:t.denyReason,sessionExpiry:t.sessionExpiry,sessionData:t.sessionData,verifyData:t.verifyData,wallet:t.wallet}),[a,s,i,r,t.authenticated,t.loadingCount,t.error,t.allowed,t.denyReason,t.sessionExpiry,t.sessionData,t.verifyData,t.wallet]);return jsxRuntime.jsx(Kr.Provider,{value:c,children:e.children})},$n=e=>jsxRuntime.jsx(St,{clientId:e.clientId,children:jsxRuntime.jsx(Un,{...e})}),Nn=()=>{let e=react.useContext(Kr);if(!e)throw new Error("useSunbreak must be used within a SunbreakProvider");return e};
+var on=Object.defineProperty;var Mt=e=>{throw TypeError(e)};var an=(e,t,r)=>t in e?on(e,t,{enumerable:true,configurable:true,writable:true,value:r}):e[t]=r;var M=(e,t,r)=>an(e,typeof t!="symbol"?t+"":t,r),$t=(e,t,r)=>t.has(e)||Mt("Cannot "+r);var h=(e,t,r)=>($t(e,t,"read from private field"),r?r.call(e):t.get(e)),j=(e,t,r)=>t.has(e)?Mt("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),N=(e,t,r,n)=>($t(e,t,"write to private field"),t.set(e,r),r);var ve=async(e,t,r)=>{switch(e.name){case "custom":return {method:"provider_jwt",issuer:"custom",token:t,meta:r||{}};case "privy":return {method:"provider_jwt",issuer:"privy",token:t,meta:{app_id:e.appId}};case "dynamic":return e.expectedAud?{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId,expected_aud:e.expectedAud}}:{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId}};default:throw new Error(`Unknown adapter: ${e}`)}};var sn="sunbreak-kv",Ae="kv",Fe="sunbreak_dpop_meta_v1",T="sunbreak_dpop_key_v1",xe="ES256",v="P-256",Ke=e=>`${Fe}:${e}`,Ot=()=>new Promise((e,t)=>{let r=indexedDB.open(sn,1);r.onupgradeneeded=()=>r.result.createObjectStore(Ae),r.onsuccess=()=>e(r.result),r.onerror=()=>t(r.error);}),I=async e=>{try{let t=await Ot();return await new Promise((r,n)=>{let a=t.transaction(Ae,"readonly").objectStore(Ae).get(e);a.onsuccess=()=>r(a.result),a.onerror=()=>n(a.error);})}catch{return}},R=async(e,t)=>{let r=await Ot();await new Promise((n,o)=>{let i=r.transaction(Ae,"readwrite").objectStore(Ae).put(t,e);i.onsuccess=()=>n(),i.onerror=()=>o(i.error);});};var cn=e=>{let t=new URL(e);if(t.protocol!=="https:"&&t.hostname!=="localhost"&&t.hostname!=="127.0.0.1")throw new Error("Sunbreak: insecure base URL");return t.hash="",t.origin},ln=e=>e.replace(/\/+$/,""),ft=e=>{let t=ln(e);return cn(t)};function pt(e){let t=new URL(e.baseUrl),r=t.host,n=e.meta.lastHost??null,o=un(n);return e.setLastHost(o),t.host=`${o}.${r}`,t.origin}var un=e=>{for(let t=0;t<dt.length;t++){let r=dt[Math.floor(Math.random()*dt.length)].toLowerCase();if(r!==e)return r}return "alpha"},dt=["Alpha","Bravo","Charlie","Delta","Echo","Foxtrot","Golf","Hotel","India","Juliett","Kilo","Lima","Mike","November","Oscar","Papa","Quebec","Romeo","Sierra","Tango","Uniform","Victor","Whiskey","X-ray","Yankee","Zulu"];var F=(e,t)=>{let r={clientId:e.clientId,wallet:e.wallet,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0,...t};Object.keys(r).forEach(o=>r[o]===void 0&&delete r[o]);let n=JSON.stringify(r);return btoa(n)};var fn=new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailer","transfer-encoding","upgrade","via"]),dn=new Set(["user-agent","referer","origin","host","content-length","sec-fetch-site","sec-fetch-mode","sec-fetch-dest","sec-fetch-user","sec-ch-ua","sec-ch-ua-mobile","sec-ch-ua-platform","sec-ch-ua-platform-version","sec-ch-ua-full-version","sec-ch-ua-arch","sec-ch-ua-model","sec-ch-ua-bitness","cookie","set-cookie"]),pn=new Set(["dpop","x-sunbreak-meta"]),hn=64,Ut=2048,yn=64;function ht(e){let t={};if(!e)return t;let r=e instanceof Headers?Array.from(e.entries()):Object.entries(e),n=0;for(let[o,a]of r){if(n>=yn)break;if(o==null||a==null)continue;let i=String(o).toLowerCase().trim();if(!i||i.length>hn||fn.has(i)||dn.has(i)||pn.has(i))continue;let c=String(a);c.length>Ut&&(c=c.slice(0,Ut)),t[i]=c,n++;}return t}var re=new TextEncoder,me=new TextDecoder;function jt(...e){let t=e.reduce((o,{length:a})=>o+a,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Nt(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function Ft(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function Bt(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:me.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=me.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return Ft(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function Be(e){let t=e;return typeof t=="string"&&(t=re.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:true}):Nt(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var ue=class extends Error{constructor(r,n){super(r,n);M(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor);}};M(ue,"code","ERR_JOSE_GENERIC");var D=class extends ue{constructor(){super(...arguments);M(this,"code","ERR_JOSE_NOT_SUPPORTED");}};M(D,"code","ERR_JOSE_NOT_SUPPORTED");var ne=class extends ue{constructor(){super(...arguments);M(this,"code","ERR_JWS_INVALID");}};M(ne,"code","ERR_JWS_INVALID");var Ce=class extends ue{constructor(){super(...arguments);M(this,"code","ERR_JWT_INVALID");}};M(Ce,"code","ERR_JWT_INVALID");var Vt,Gt,yt=class extends(Gt=ue,Vt=Symbol.asyncIterator,Gt){constructor(r="multiple matching keys found in the JSON Web Key Set",n){super(r,n);M(this,Vt);M(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");}};M(yt,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");function q(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function we(e,t){return e.name===t}function mt(e){return parseInt(e.name.slice(4),10)}function gn(e){switch(e){case "ES256":return "P-256";case "ES384":return "P-384";case "ES512":return "P-521";default:throw new Error("unreachable")}}function bn(e,t){if(!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function qt(e,t,r){switch(t){case "HS256":case "HS384":case "HS512":{if(!we(e.algorithm,"HMAC"))throw q("HMAC");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "RS256":case "RS384":case "RS512":{if(!we(e.algorithm,"RSASSA-PKCS1-v1_5"))throw q("RSASSA-PKCS1-v1_5");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "PS256":case "PS384":case "PS512":{if(!we(e.algorithm,"RSA-PSS"))throw q("RSA-PSS");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "Ed25519":case "EdDSA":{if(!we(e.algorithm,"Ed25519"))throw q("Ed25519");break}case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":{if(!we(e.algorithm,t))throw q(t);break}case "ES256":case "ES384":case "ES512":{if(!we(e.algorithm,"ECDSA"))throw q("ECDSA");let n=gn(t);if(e.algorithm.namedCurve!==n)throw q(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}bn(e,r);}function zt(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`;}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var Xt=(e,...t)=>zt("Key must be ",e,...t);function wt(e,t,...r){return zt(`Key for the ${e} algorithm must be `,t,...r)}function gt(e){return e?.[Symbol.toStringTag]==="CryptoKey"}function bt(e){return e?.[Symbol.toStringTag]==="KeyObject"}var St=e=>gt(e)||bt(e);var Yt=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return  true;let r;for(let n of t){let o=Object.keys(n);if(!r||r.size===0){r=new Set(o);continue}for(let a of o){if(r.has(a))return  false;r.add(a);}}return  true};function Sn(e){return typeof e=="object"&&e!==null}var Ve=e=>{if(!Sn(e)||Object.prototype.toString.call(e)!=="[object Object]")return  false;if(Object.getPrototypeOf(e)===null)return  true;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t};var Zt=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function Rn(e){let t,r;switch(e.kty){case "AKP":{switch(e.alg){case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "RSA":{switch(e.alg){case "PS256":case "PS384":case "PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RS256":case "RS384":case "RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RSA-OAEP":case "RSA-OAEP-256":case "RSA-OAEP-384":case "RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "EC":{switch(e.alg){case "ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case "ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case "ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "OKP":{switch(e.alg){case "Ed25519":case "EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new D('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return {algorithm:t,keyUsages:r}}var Qt=async e=>{if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=Rn(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)};var er=(e,t,r,n,o)=>{if(o.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let i of n.crit){if(!a.has(i))throw new D(`Extension Header Parameter "${i}" is not recognized`);if(o[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(a.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)};function Te(e){return Ve(e)&&typeof e.kty=="string"}function tr(e){return e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string")}function rr(e){return e.kty!=="oct"&&typeof e.d>"u"&&typeof e.priv>"u"}function nr(e){return e.kty==="oct"&&typeof e.k=="string"}var ge,or=async(e,t,r,n=false)=>{ge||(ge=new WeakMap);let o=ge.get(e);if(o?.[r])return o[r];let a=await Qt({...t,alg:r});return n&&Object.freeze(e),o?o[r]=a:ge.set(e,{[r]:a}),a},kn=(e,t)=>{ge||(ge=new WeakMap);let r=ge.get(e);if(r?.[t])return r[t];let n=e.type==="public",o=!!n,a;if(e.asymmetricKeyType==="x25519"){switch(t){case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}a=e.toCryptoKey(e.asymmetricKeyType,o,n?[]:["deriveBits"]);}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}switch(e.asymmetricKeyType){case "ml-dsa-44":case "ml-dsa-65":case "ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case "RSA-OAEP":i="SHA-1";break;case "RS256":case "PS256":case "RSA-OAEP-256":i="SHA-256";break;case "RS384":case "PS384":case "RSA-OAEP-384":i="SHA-384";break;case "RS512":case "PS512":case "RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},o,n?["encrypt"]:["decrypt"]);a=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},o,[n?"verify":"sign"]);}if(e.asymmetricKeyType==="ec"){let c=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!c)throw new TypeError("given KeyObject instance cannot be used for this algorithm");t==="ES256"&&c==="P-256"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t==="ES384"&&c==="P-384"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t==="ES512"&&c==="P-521"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(a=e.toCryptoKey({name:"ECDH",namedCurve:c},o,n?[]:["deriveBits"]));}if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=a:ge.set(e,{[t]:a}),a},ar=async(e,t)=>{if(e instanceof Uint8Array||gt(e))return e;if(bt(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return kn(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return or(e,r,t)}if(Te(e))return e.k?Bt(e.k):or(e,e,t,true);throw new Error("unreachable")};var be=e=>e?.[Symbol.toStringTag],Rt=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case "sign":case "verify":n="sig";break;case "encrypt":case "decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(true){case(r==="sign"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n="unwrapKey":n=r;break;case(r==="encrypt"):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===false)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return  true},Pn=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(Te(t)){if(nr(t)&&Rt(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!St(t))throw new TypeError(wt(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${be(t)} instances for symmetric algorithms must be of type "secret"`)}},vn=(e,t,r)=>{if(Te(t))switch(r){case "decrypt":case "sign":if(tr(t)&&Rt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case "encrypt":case "verify":if(rr(t)&&Rt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!St(t))throw new TypeError(wt(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${be(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case "sign":throw new TypeError(`${be(t)} instances for asymmetric algorithm signing must be of type "private"`);case "decrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm decryption must be of type "private"`);}if(t.type==="private")switch(r){case "verify":throw new TypeError(`${be(t)} instances for asymmetric algorithm verifying must be of type "public"`);case "encrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm encryption must be of type "public"`);}},ir=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e)||/^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e)?Pn(e,t,r):vn(e,t,r);};var sr=(e,t)=>{let r=`SHA-${e.slice(-3)}`;switch(e){case "HS256":case "HS384":case "HS512":return {hash:r,name:"HMAC"};case "PS256":case "PS384":case "PS512":return {hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case "RS256":case "RS384":case "RS512":return {hash:r,name:"RSASSA-PKCS1-v1_5"};case "ES256":case "ES384":case "ES512":return {hash:r,name:"ECDSA",namedCurve:t.namedCurve};case "Ed25519":case "EdDSA":return {name:"Ed25519"};case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":return {name:e};default:throw new D(`alg ${e} is not supported either by JOSE or your javascript runtime`)}};var cr=async(e,t,r)=>{if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(Xt(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},false,[r])}return qt(t,e,r),t};var ae=e=>Math.floor(e.getTime()/1e3);var An=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,Ge=e=>{let t=An.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),o;switch(n){case "sec":case "secs":case "second":case "seconds":case "s":o=Math.round(r);break;case "minute":case "minutes":case "min":case "mins":case "m":o=Math.round(r*60);break;case "hour":case "hours":case "hr":case "hrs":case "h":o=Math.round(r*3600);break;case "day":case "days":case "d":o=Math.round(r*86400);break;case "week":case "weeks":case "w":o=Math.round(r*604800);break;default:o=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-o:o};function fe(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var x,qe=class{constructor(t){j(this,x);if(!Ve(t))throw new TypeError("JWT Claims Set MUST be an object");N(this,x,structuredClone(t));}data(){return re.encode(JSON.stringify(h(this,x)))}get iss(){return h(this,x).iss}set iss(t){h(this,x).iss=t;}get sub(){return h(this,x).sub}set sub(t){h(this,x).sub=t;}get aud(){return h(this,x).aud}set aud(t){h(this,x).aud=t;}set jti(t){h(this,x).jti=t;}set nbf(t){typeof t=="number"?h(this,x).nbf=fe("setNotBefore",t):t instanceof Date?h(this,x).nbf=fe("setNotBefore",ae(t)):h(this,x).nbf=ae(new Date)+Ge(t);}set exp(t){typeof t=="number"?h(this,x).exp=fe("setExpirationTime",t):t instanceof Date?h(this,x).exp=fe("setExpirationTime",ae(t)):h(this,x).exp=ae(new Date)+Ge(t);}set iat(t){typeof t>"u"?h(this,x).iat=ae(new Date):t instanceof Date?h(this,x).iat=fe("setIssuedAt",ae(t)):typeof t=="string"?h(this,x).iat=fe("setIssuedAt",ae(new Date)+Ge(t)):h(this,x).iat=fe("setIssuedAt",t);}};x=new WeakMap;var lr=async(e,t,r)=>{let n=await cr(e,t,"sign");Zt(e,n);let o=await crypto.subtle.sign(sr(e,n.algorithm),n,r);return new Uint8Array(o)};var Ie,L,z,ze=class{constructor(t){j(this,Ie);j(this,L);j(this,z);if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");N(this,Ie,t);}setProtectedHeader(t){if(h(this,L))throw new TypeError("setProtectedHeader can only be called once");return N(this,L,t),this}setUnprotectedHeader(t){if(h(this,z))throw new TypeError("setUnprotectedHeader can only be called once");return N(this,z,t),this}async sign(t,r){if(!h(this,L)&&!h(this,z))throw new ne("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Yt(h(this,L),h(this,z)))throw new ne("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...h(this,L),...h(this,z)},o=er(ne,new Map([["b64",true]]),r?.crit,h(this,L),n),a=true;if(o.has("b64")&&(a=h(this,L).b64,typeof a!="boolean"))throw new ne('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new ne('JWS "alg" (Algorithm) Header Parameter missing or invalid');ir(i,t,"sign");let c=h(this,Ie);a&&(c=re.encode(Be(c)));let u;h(this,L)?u=re.encode(Be(JSON.stringify(h(this,L)))):u=re.encode("");let s=jt(u,re.encode("."),c),l=await ar(t,i),d=await lr(i,l,s),f={signature:Be(d),payload:""};return a&&(f.payload=me.decode(c)),h(this,z)&&(f.header=h(this,z)),h(this,L)&&(f.protected=me.decode(u)),f}};Ie=new WeakMap,L=new WeakMap,z=new WeakMap;var Se,Xe=class{constructor(t){j(this,Se);N(this,Se,new ze(t));}setProtectedHeader(t){return h(this,Se).setProtectedHeader(t),this}async sign(t,r){let n=await h(this,Se).sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return `${n.protected}.${n.payload}.${n.signature}`}};Se=new WeakMap;var ie,$,de=class{constructor(t={}){j(this,ie);j(this,$);N(this,$,new qe(t));}setIssuer(t){return h(this,$).iss=t,this}setSubject(t){return h(this,$).sub=t,this}setAudience(t){return h(this,$).aud=t,this}setJti(t){return h(this,$).jti=t,this}setNotBefore(t){return h(this,$).nbf=t,this}setExpirationTime(t){return h(this,$).exp=t,this}setIssuedAt(t){return h(this,$).iat=t,this}setProtectedHeader(t){return N(this,ie,t),this}async sign(t,r){let n=new Xe(h(this,$).data());if(n.setProtectedHeader(h(this,ie)),Array.isArray(h(this,ie)?.crit)&&h(this,ie).crit.includes("b64")&&h(this,ie).b64===false)throw new Ce("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};ie=new WeakMap,$=new WeakMap;var xn=e=>btoa(String.fromCharCode(...new Uint8Array(e))).replaceAll("+","-").replaceAll("/","_").replaceAll("=",""),Ye=async e=>{let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return xn(r)},B=async e=>{let{method:t,url:r,nonce:n,ath:o,privateKey:a,publicJwk:i}=e,c={htm:t.toUpperCase(),htu:r,jti:crypto.randomUUID(),iat:Math.floor(Date.now()/1e3)};return n&&(c.nonce=n),o&&(c.ath=o),await new de(c).setProtectedHeader({alg:"ES256",typ:"dpop+jwt",jwk:i}).sign(a)};var _=async e=>{let t={crv:e.crv,kty:"EC",x:e.x,y:e.y},r=JSON.stringify(t),n=new TextEncoder().encode(r),o=await crypto.subtle.digest("SHA-256",n);return btoa(String.fromCharCode(...new Uint8Array(o))).replaceAll("+","-").replaceAll("/","_").replaceAll("=","")};async function pe(e){let{rootPrivateKey:t,rootPublicJwk:r,childJkt:n,clientId:o,sid:a,ttlSec:i=300}=e,c=Math.floor(Date.now()/1e3),u=c+Math.max(60,Math.min(i,3600)),s={child_jkt:n,client_id:o,aud:"issuer",iat:c,exp:u,jti:crypto.randomUUID()};return a&&(s.sid=a),await new de(s).setProtectedHeader({alg:"ES256",typ:"pode+jwt",jwk:r}).sign(t)}function We(e,t=300){return e.replace(/<[^>]*>/g,"").slice(0,t)}async function Je(e){let t=e.status,r=Array.from(e.headers.keys()).some(c=>c.toLowerCase().startsWith("x-amzn-waf")),n,o,a=e.headers.get("content-type")||"";if(a.includes("application/json"))try{let c=await e.clone().json();n=typeof c?.error=="string"?c.error:void 0,o=typeof c?.detail=="string"?c.detail:void 0;}catch{}let i=t===403&&!r&&!a.includes("application/json");return {status:t,code:n,detail:o,waf:r,alb403:i}}function he(e,t){let r=new Error(e);return r.status=t.status,r.code=t.code,r.detail=t.detail,r.waf=t.waf,r.alb403=t.alb403,r}var Re={boundWallet:null,clientId:null,jkt:null,refreshId:null,lastPolicyHash:null,lastPolicyProof:null,lastHost:null,rootJkt:null},Et=react.createContext(void 0);function hr(e){try{return JSON.parse(localStorage.getItem(e)||"null")??Re}catch{return Re}}function Tn(e,t){try{localStorage.setItem(e,JSON.stringify(t));}catch{}}var kt=({children:e,clientId:t})=>{let[r,n]=react.useState(Re),o=react.useRef(false),[a,i]=react.useState(false),c=react.useMemo(()=>Ke(t),[t]);react.useEffect(()=>{let p=true;return (async()=>{let y=await I(c)??await I(Fe)??hr(c);p&&(n({...Re,...y}),o.current=true,i(true));})(),()=>{p=false;}},[c]),react.useEffect(()=>{o.current&&(async()=>(await R(c,r),Tn(c,r)))();},[r,c]);let u=react.useCallback(p=>n(g=>({...g,refreshId:p})),[]),s=react.useCallback(p=>n(g=>({...g,lastPolicyHash:p})),[]),l=react.useCallback(p=>n(g=>({...g,lastPolicyProof:p})),[]),d=react.useCallback(p=>n(g=>({...g,lastHost:p})),[]),f=react.useCallback(p=>n(g=>({...g,rootJkt:p})),[]),w=async()=>{try{let p=localStorage.getItem(c);if(p){let g=JSON.parse(p);if(typeof g?.refreshId=="string"&&g.refreshId)return g.refreshId}}catch{}try{let p=await I(c);if(typeof p?.refreshId=="string"&&p.refreshId)return p.refreshId}catch{}return null},S=react.useCallback(p=>n(g=>({...g,boundWallet:p})),[]),E=react.useCallback(p=>n(g=>({...g,clientId:p})),[]),m=react.useCallback(p=>n(g=>({...g,jkt:p})),[]),k=react.useCallback(()=>n(Re),[]),b=react.useCallback(async()=>{let g=await I(c)??hr(c);n({...Re,...g});},[]),H=react.useMemo(()=>({meta:r,setBoundWallet:S,setClientId:E,setJkt:m,resetMeta:k,reload:b,setRefreshId:u,getRefreshId:w,ready:a,setLastPolicyHash:s,setLastPolicyProof:l,setLastHost:d,setRootJkt:f}),[r,S,E,m,k,b,a,u,w,s,l,d,f]);return jsxRuntime.jsx(Et.Provider,{value:H,children:e})};function Pt(){let e=react.useContext(Et);if(!e)throw new Error("useMeta must be used within <MetaProvider>");return e}var mr=`${T}:wrap`;async function Ze(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!1,["sign","verify"]),t=`${T}:probe_safe`;await R(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await R(t,void 0),!!(r&&r.privKey)}catch{return  false}}async function Jn(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!0,["sign","verify"]),t=`${T}:probe`;await R(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await R(t,void 0),!!(r&&r.privKey)}catch{return  false}}function ke(e){let t={...e};return delete t.d,t.kty="EC",t.crv=v,t.alg=xe,t.use="sig",t}async function wr(){let e=await I(mr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await R(mr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function vt(e){let t=await wr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function Dn(e,t){let r=await wr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var At=()=>{let e=react.useRef(null),t=react.useRef(null),r=react.useCallback(async()=>{let u=await I(T);if(!u)return  false;if(u.fmt==="cryptokey"){let l=u;if(!l.privKey)return await R(T,void 0),false;let d=l.privKey;try{if(d.extractable&&await Ze()){let w=await crypto.subtle.exportKey("jwk",d),S=await crypto.subtle.importKey("jwk",w,{name:"ECDSA",namedCurve:v},!1,["sign"]),E={fmt:"cryptokey",privKey:S,pubJwk:ke(l.pubJwk)};await R(T,E),d=S;}}catch{}return e.current=d,t.current=ke(l.pubJwk),true}if(u.fmt==="encjwk"){let l=u;try{let d=await Dn(l.encPrivJwk,l.iv),f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},!1,["sign"]);return e.current=f,t.current=ke(l.pubJwk),!0}catch{return await R(T,void 0),false}}let s=u;if(s&&s.d){let{d:l,...d}=s,f=ke(d),w=await Ze(),S=w||await Jn();if(S&&w){let b=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);return await R(T,{fmt:"cryptokey",privKey:b,pubJwk:f}),e.current=b,t.current=f,true}if(S){let b=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},true,["sign"]);return await R(T,{fmt:"cryptokey",privKey:b,pubJwk:f}),e.current=b,t.current=f,true}let{encPrivJwk:E,iv:m}=await vt(s);await R(T,{fmt:"encjwk",encPrivJwk:E,iv:m,pubJwk:f});let k=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);return e.current=k,t.current=f,true}return await R(T,void 0),false},[]),n=react.useCallback(async(u,s)=>{await R(T,{fmt:"cryptokey",privKey:u,pubJwk:s});},[]),o=react.useCallback(async(u,s)=>{let{encPrivJwk:l,iv:d}=await vt(u);await R(T,{fmt:"encjwk",encPrivJwk:l,iv:d,pubJwk:s});},[]),a=react.useCallback(async()=>{if(e.current&&t.current||await r())return;let u=await Ze(),s=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",s.publicKey)),d=await crypto.subtle.exportKey("jwk",s.privateKey);if(u){let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);await n(f,l),e.current=f,t.current=l;}else {await o(d,l);let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=f,t.current=l;}},[r,n,o]),i=react.useCallback(async()=>{let u=await Ze(),s=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",s.publicKey)),d=await crypto.subtle.exportKey("jwk",s.privateKey);if(u){let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);await R(T,{fmt:"cryptokey",privKey:f,pubJwk:l}),e.current=f,t.current=l;}else {let{encPrivJwk:f,iv:w}=await vt(d);await R(T,{fmt:"encjwk",encPrivJwk:f,iv:w,pubJwk:l});let S=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=S,t.current=l;}},[]),c=react.useCallback(async()=>{await R(T,void 0),e.current=null,t.current=null;},[]);return {ensureKeypair:a,rotate:i,clear:c,privRef:e,pubJwkRef:t}};var Y="sunbreak_root_key_v1",br=`${Y}:wrap`;async function Sr(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!1,["sign","verify"]),t=`${Y}:probe_safe`;await R(t,{fmt:"cryptokey",privKey:e.privateKey,createdAt:Date.now(),pubJwk:{}});let r=await I(t);return await R(t,void 0),!!(r&&r.privKey)}catch{return  false}}function Qe(e){let t={...e};return delete t.d,t.kty="EC",t.crv=v,t.alg=xe,t.use="sig",t}async function Rr(){let e=await I(br);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await R(br,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function Ln(e){let t=await Rr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function _n(e,t){let r=await Rr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var Kt=()=>{let e=react.useRef(null),t=react.useRef(null),r=react.useCallback(async()=>{let a=await I(Y);if(!a)return  false;if(a.fmt==="cryptokey"){let i=a;if(!i.privKey)return await R(Y,void 0),false;let c=i.privKey;try{if(c.extractable&&await Sr()){let s=await crypto.subtle.exportKey("jwk",c),l=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},!1,["sign"]),d={fmt:"cryptokey",privKey:l,pubJwk:Qe(i.pubJwk),createdAt:i.createdAt};await R(Y,d),c=l;}}catch{}return e.current=c,t.current=Qe(i.pubJwk),true}if(a.fmt==="encjwk"){let i=a;try{let c=await _n(i.encPrivJwk,i.iv),u=await crypto.subtle.importKey("jwk",c,{name:"ECDSA",namedCurve:v},!1,["sign"]);return e.current=u,t.current=Qe(i.pubJwk),!0}catch{return await R(Y,void 0),false}}return await R(Y,void 0),false},[]),n=react.useCallback(async()=>{if(e.current&&t.current||await r())return;let a=await Sr(),i=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),c=Qe(await crypto.subtle.exportKey("jwk",i.publicKey)),u=Date.now(),s=await crypto.subtle.exportKey("jwk",i.privateKey);if(a){let l=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);await R(Y,{fmt:"cryptokey",privKey:l,pubJwk:c,createdAt:u}),e.current=l,t.current=c;}else {let{encPrivJwk:l,iv:d}=await Ln(s);await R(Y,{fmt:"encjwk",encPrivJwk:l,iv:d,pubJwk:c,createdAt:u});let w=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=w,t.current=c;}},[r]),o=react.useCallback(async()=>{await R(Y,void 0),e.current=null,t.current=null;},[]);return {ensureRootKeypair:n,clear:o,rootPrivRef:e,rootPubJwkRef:t}};var De=class e{constructor(t,r=false){this.colors={flow:"#00D9FF",state:"#00FF88",decision:"#FFB800",api:"#B388FF",guard:"#FFEA00",error:"#FF5252",warn:"#FF9100",info:"#90CAF9"};this.enabled=r,this.prefix=t?`[Sunbreak:${t.slice(0,8)}]`:"[Sunbreak]";}log(t,r,n){if(!this.enabled)return;let o=this.colors[t],a=new Date().toISOString().slice(11,23),i=this.getEmoji(t);console.log(`%c${i} ${this.prefix} [${a}] [${t.toUpperCase()}]%c ${r}`,`color: ${o}; font-weight: bold`,"color: inherit; font-weight: normal",n!==void 0?n:"");}getEmoji(t){switch(t){case "flow":return "\u{1F504}";case "state":return "\u{1F500}";case "decision":return "\u{1F914}";case "api":return "\u{1F4E1}";case "guard":return "\u{1F6E1}\uFE0F";case "error":return "\u274C";case "warn":return "\u26A0\uFE0F";case "info":return "\u2139\uFE0F";default:return "\u2022"}}flow(t,r,n){this.log("flow",`[${t.toUpperCase()}] ${r}`,n);}state(t,r,n,o){this.log("state",`${t} \u2192 ${r}: ${n}`,o);}decision(t,r,n,o){this.log("decision",`${t} = ${r?"\u2713 YES":"\u2717 NO"} (${n})`,o);}api(t,r,n){let o=n.status,i=o>=200&&o<300?"\u2713":"\u2717";this.log("api",`${i} ${t} ${r} \u2192 ${o}${n.error?` (${n.error})`:""}`,n.data);}guard(t,r,n,o){this.log("guard",`${t}: ${r?"\u2713 PASS":"\u2717 BLOCK"} (${n})`,o);}error(t,r){this.log("error",t,r);}warn(t,r){this.log("warn",t,r);}info(t,r){this.log("info",t,r);}group(t){this.enabled&&console.group(`${this.prefix} ${t}`);}groupEnd(){this.enabled&&console.groupEnd();}child(t){let r=new e(void 0,this.enabled);return r.prefix=`${this.prefix}[${t}]`,r}},Ct=null;function Er(){return Ct||(Ct=new De(void 0,true)),Ct}var et=class{constructor(t){this.currentState="unknown";this.previousState="unknown";this.logger=Er();this.hadSessionHistory=false;this.inActiveSession=false;t&&this.initialize(t);}initialize(t){this.logger.group("\u{1F527} Initializing Session State Machine");let r=!!(t.boundWallet||t.refreshId);this.hadSessionHistory=r,this.logger.info("Initial context",{wallet:t.wallet,boundWallet:t.boundWallet,refreshId:t.refreshId?"present":"null",hasToken:t.hasToken,authenticated:t.authenticated,hasHistory:r}),t.authenticated&&t.hasToken?(this.transition("authenticated","Has valid token"),this.inActiveSession=true):r?this.transition("refreshable","Has session history"):this.transition("unregistered","No session history"),this.logger.groupEnd();}transition(t,r){if(this.currentState===t){this.logger.info(`State unchanged: ${t} (${r})`);return}this.previousState=this.currentState,this.currentState=t,this.logger.state(this.previousState,t,r);}getState(){return this.currentState}isInActiveSession(){return this.inActiveSession}markHadSession(){this.hadSessionHistory||(this.logger.info("Marked hadSessionHistory = true"),this.hadSessionHistory=true);}clearSessionHistory(){this.logger.info("Cleared session history"),this.hadSessionHistory=false,this.inActiveSession=false;}onProbeComplete(t){if(this.logger.flow("probe","Probe completed, determining initial state"),this.currentState!=="unknown"){this.logger.warn("Probe called but state is not UNKNOWN",{currentState:this.currentState});return}!!(t.boundWallet||t.refreshId)||this.hadSessionHistory?this.transition("refreshable","Session history found"):this.transition("unregistered","No session history");}onRegisterSuccess(t){this.logger.flow("register","Register succeeded"),this.transition("authenticated","Register succeeded"),this.inActiveSession=true,this.hadSessionHistory=true;}onRegisterFailure(t){this.logger.flow("register",`Register failed: ${t}`);}onRefreshSuccess(t){this.logger.flow("refresh","Refresh succeeded"),this.transition("authenticated","Refresh succeeded"),this.inActiveSession=true;}onRefreshExpired(){this.logger.flow("refresh","Refresh failed: session expired (missing refresh identifier)"),this.transition("expired","Session expired"),this.inActiveSession=false;}onRefreshFailure(t){this.logger.flow("refresh",`Refresh failed: ${t}`);}onTokenExpired(){this.logger.flow("token","Token expired"),this.currentState==="authenticated"&&this.transition("refreshable","Token expired");}onWalletChange(t,r,n){if(this.logger.flow("wallet",`Wallet changed: ${t||"null"} \u2192 ${r||"null"}`),!r){this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;return}r.toLowerCase()===n.boundWallet?.toLowerCase()?this.hadSessionHistory&&this.transition("refreshable","Wallet reconnected with history"):(this.transition("unregistered","Wallet changed to different address"),this.inActiveSession=false);}onWalletDisconnect(){this.logger.flow("wallet","Wallet disconnected"),this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;}shouldAttemptProbe(){let t=this.currentState==="unknown";return this.logger.decision("Should attempt probe?",t,`State is ${this.currentState}`),t}shouldAttemptRefresh(t){if(this.currentState!=="refreshable"&&this.currentState!=="authenticated")return this.logger.decision("Should attempt refresh?",false,`State is ${this.currentState}, not REFRESHABLE or AUTHENTICATED`),false;if(!(t.boundWallet||t.wallet))return this.logger.decision("Should attempt refresh?",false,"No wallet available (neither boundWallet nor current wallet)"),false;if(t.wallet&&t.boundWallet&&t.wallet.toLowerCase()!==t.boundWallet.toLowerCase())return this.logger.decision("Should attempt refresh?",false,"Wallet mismatch"),false;if(t.hasToken&&t.tokenExpiry){let n=Math.floor(Date.now()/1e3);if(t.tokenExpiry-n>5&&this.currentState==="authenticated")return this.logger.decision("Should attempt refresh?",false,"Token still valid"),false}return this.logger.decision("Should attempt refresh?",true,`State is ${this.currentState}, token ${t.hasToken?"present":"missing"}`),true}shouldAttemptRegister(t){return this.inActiveSession?(this.logger.decision("Should attempt register?",false,"Already in active session - proof changes ignored"),false):this.currentState!=="unregistered"&&this.currentState!=="expired"?(this.logger.decision("Should attempt register?",false,`State is ${this.currentState}, not UNREGISTERED or EXPIRED`),false):t.wallet?t.hasProof?t.authenticated&&t.hasToken?(this.logger.decision("Should attempt register?",false,"Already authenticated"),false):(this.logger.decision("Should attempt register?",true,`State is ${this.currentState}, have wallet + proof`),true):(this.logger.decision("Should attempt register?",false,"No proof available"),false):(this.logger.decision("Should attempt register?",false,"No wallet connected"),false)}shouldWaitForInitialRefresh(t,r){return this.currentState!=="refreshable"||t?false:r.wallet&&r.boundWallet&&r.wallet.toLowerCase()===r.boundWallet.toLowerCase()?(this.logger.decision("Should wait for initial refresh?",true,"Returning user - let refresh attempt first"),true):false}getStateReport(t){return `
+\u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
+\u2502  Session State Machine Report          \u2502
+\u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
+\u2502 Current State:    ${this.currentState.padEnd(20)} \u2502
+\u2502 Previous State:   ${this.previousState.padEnd(20)} \u2502
+\u2502 Active Session:   ${String(this.inActiveSession).padEnd(20)} \u2502
+\u2502 Had History:      ${String(this.hadSessionHistory).padEnd(20)} \u2502
+\u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
+\u2502 Wallet:           ${(t.wallet||"null").padEnd(20)} \u2502
+\u2502 Bound Wallet:     ${(t.boundWallet||"null").padEnd(20)} \u2502
+\u2502 Refresh ID:       ${(t.refreshId?"present":"null").padEnd(20)} \u2502
+\u2502 Has Token:        ${String(t.hasToken).padEnd(20)} \u2502
+\u2502 Authenticated:    ${String(t.authenticated).padEnd(20)} \u2502
+\u2502 Has Proof:        ${String(t.hasProof).padEnd(20)} \u2502
+\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518
+    `.trim()}};var Hn=()=>crypto.randomUUID(),kr=e=>{let{clientId:t,wallet:r,base:n="https://api.tdfc.com",fetchImpl:o,timeoutMs:a=15e3,proof:i=null,providerAdapter:c,refreshDeps:u=[],debug:s}=e,l=ft(n),d=typeof window<"u"?(o??fetch).bind(window):o??fetch,{meta:f,setBoundWallet:w,setJkt:S,setRefreshId:E,getRefreshId:m,setLastPolicyHash:k,setLastPolicyProof:b,setLastHost:H,setRootJkt:p,ready:g}=Pt(),{ensureRootKeypair:y,rootPrivRef:P,rootPubJwkRef:C}=Kt(),O=react.useCallback(async()=>{await y();try{if(!f.rootJkt&&C.current){let te=await _(C.current);p(te);}}catch{}},[y,f.rootJkt,C]),{ensureKeypair:Pe,rotate:K,privRef:Me,pubJwkRef:$e}=At(),[Jt,J]=react.useState(false),[G,U]=react.useState(0),[ee,ce]=react.useState(null),[oe,rt]=react.useState(null),[nt,ot]=react.useState(null),[Jr,Dr]=react.useState(null),[Lr,_r]=react.useState(null),[Hr,Mr]=react.useState(null),$r=react.useRef(null),Or=react.useRef(null),Ur=react.useRef(null),jr=react.useRef(null),Nr=react.useRef(null),Fr=react.useRef(null),Br=react.useRef(null),Vr=react.useRef(false),Gr=react.useRef(false),qr=react.useRef(void 0),Oe=react.useRef(false),at=react.useRef(false),Dt=react.useRef(null),le=react.useRef(null);le.current||(le.current=new Promise(te=>{Dt.current=te;}));let it=react.useRef(null),zr=react.useRef(i),Xr=react.useRef(null),st=react.useRef(null);if(!st.current){let te=s??false;st.current=new De(t,te);}let ct=react.useRef(null);ct.current||(ct.current=new et);let Ue=react.useRef(null),Lt=react.useRef(null),je=react.useRef(null),_t=()=>Date.now(),Yr=()=>(je.current??0)>0&&je.current<_t(),lt=react.useCallback((te,nn=15e3)=>{let Ht=Hn();return Ue.current=Ht,Lt.current=te,je.current=_t()+Math.max(1e3,nn),Ht},[]),Zr=react.useCallback(()=>((!Ue.current||Yr())&&lt("adhoc",1e4),Ue.current),[lt]),ut=react.useRef(null),Ne=react.useRef(null);Ne.current||(Ne.current=new Promise(te=>{ut.current=te;}));let Qr=react.useCallback(async()=>{!Oe.current&&Ne.current&&await Ne.current;},[]),en=react.useCallback(()=>{Oe.current||(Oe.current=true,ut.current?.(),ut.current=null);},[]),tn=react.useCallback(async()=>{!at.current&&le.current&&await le.current;},[]),rn=react.useCallback(async()=>{!at.current&&le.current&&await le.current,it.current&&await it.current;},[]);return {clientId:t,wallet:r,baseUrl:l,fetchImpl:d,timeoutMs:a,providerAdapter:c,refreshDeps:u,ensureKeypair:Pe,rotate:K,ensureRootKeypair:O,rootPrivRef:P,rootPubJwkRef:C,privRef:Me,pubJwkRef:$e,meta:f,setBoundWallet:w,setJkt:S,setRefreshId:E,accessTokenRef:Ur,tokenExpRef:jr,authenticated:Jt,setAuthenticated:J,loadingCount:G,setLoadingCount:U,error:ee,setError:ce,allowed:oe,setAllowed:rt,denyReason:nt,setDenyReason:ot,sessionExpiry:Jr,setSessionExpiry:Dr,sessionData:Lr,setSessionData:_r,verifyData:Hr,setVerifyData:Mr,authWalletRef:Or,refreshLock:Nr,registerLock:Fr,sessionLock:Br,didInitialRefresh:Vr,didInitialSession:Gr,prevWalletRef:qr,initResolvedRef:at,initReady:le,initResolveRef:Dt,rotateLock:it,waitReady:tn,awaitKeyStable:rn,proofRef:zr,registerCooldownUntilRef:$r,reqIdRef:Ue,flowLabelRef:Lt,flowExpireRef:je,beginFlow:lt,currentReqId:Zr,awaitProbe:Qr,markProbed:en,hasProbedRef:Oe,getRefreshId:m,setLastPolicyHash:k,setLastPolicyProof:b,setLastHost:H,setRootJkt:p,metaReady:g,probeLock:Xr,stateMachine:ct.current,logger:st.current}};var V=e=>e.accessTokenRef.current??null,Z=e=>{let t=e.privRef.current;if(!t)throw new Error("Sunbreak: private key not initialized");return t},W=e=>{let t=e.pubJwkRef.current;if(!t)throw new Error("Sunbreak: public JWK not initialized");return t};var Mn=(e,t)=>`${e.toUpperCase()} ${t}`;async function Le(e,t,r,n){if(!t)return e.logger.guard("register",false,"No wallet provided"),false;e.logger.flow("register","Starting register flow",{wallet:t});let o=Le._nonceCacheRef||(Le._nonceCacheRef={map:new Map});try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair(),e.setError(null),e.beginFlow("register",2e4);let a;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let y=await _(e.rootPubJwkRef.current);e.setRootJkt?.(y);}catch{}let p=await _(W(e)),g=await e.getRefreshId();a=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:p,clientId:e.clientId,sid:g||void 0,ttlSec:300});}}catch(p){e.logger.warn("Failed to create PODE for register",p);}let i=e.currentReqId(),c="/auth/register",u=`${e.baseUrl}${c}`,s=new URL(e.baseUrl).origin,l="POST",d=`${s}${c}`,f=Mn(l,d),w=o.map.get(f),S=await B({method:l,url:d,nonce:w,privateKey:Z(e),publicJwk:W(e)}),E=async p=>e.fetchImpl(u,{method:l,headers:{"content-type":"application/json","x-sunbreak-meta":F(e,{reqId:i,pode:a||void 0}),...p},credentials:"include",body:JSON.stringify({wallet:t,proof:r})}),m=await E({DPoP:S}),k=p=>{let g=p.headers.get("dpop-nonce");g&&o.map.set(f,g);};if(m.status===401){e.logger.info("Register got 401, retrying with nonce");let p=m.headers.get("www-authenticate"),y=(p&&p.match(/dpop-nonce="([^"]+)"/i))?.[1];if(y){o.map.set(f,y);let P=await B({method:l,url:d,nonce:y,privateKey:Z(e),publicJwk:W(e)});m=await E({DPoP:P});}}if(k(m),e.logger.api(l,c,{status:m.status}),!m.ok){let p=await Je(m);if((m.headers.get("content-type")||"").includes("application/json")){let y;try{y=await m.clone().json();}catch{}let P=We(y&&(y.error||y.message||y.detail)||`HTTP ${m.status}`);throw he(P,p)}else {let y=p.waf?"Blocked by WAF (403)":p.alb403?"Blocked at origin (ALB 403)":`HTTP ${m.status}`;throw he(y,p)}}let b=await m.json();e.logger.info("Register succeeded",{expiresIn:b.expiresIn,hasRefreshId:!!b.refreshId}),e.accessTokenRef.current=b.access,e.authWalletRef.current=t.toLowerCase(),e.setAuthenticated(!0);try{let p=Math.floor(Date.now()/1e3);e.tokenExpRef.current=p+(b.expiresIn??0);}catch{}e.didInitialRefresh.current=!0,e.setBoundWallet(t),e.setLastPolicyHash(null),e.setLastPolicyProof(null);try{e.setJkt(await _(W(e)));}catch{}try{let p={...e.meta,boundWallet:t,clientId:e.meta.clientId??e.clientId,jkt:e.meta.jkt??null,refreshId:b.refreshId??null};e.setRefreshId(b.refreshId??null);let g=Ke(e.clientId);await R(g,p);try{localStorage.setItem(g,JSON.stringify(p));}catch{}}catch{}let H={wallet:t,boundWallet:t,refreshId:b.refreshId??null,hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!0,authenticated:!0};return e.stateMachine.onRegisterSuccess(H),!0}catch(a){let i=Number(a?.status||0),c=String(a?.code||"").toLowerCase(),u=String(a?.message||"").toLowerCase(),s=Math.floor(Math.random()*1e3);e.logger.error("Register failed",{status:i,code:c,msg:u}),e.stateMachine.onRegisterFailure(`${c||u||"Unknown error"}`);let l=c==="session_exists"||c==="already_authenticated"||u.includes("already")&&(u.includes("session")||u.includes("authenticated")),d=(i===401||i===403)&&c==="replay";if((l||d)&&n?.refreshFallback&&(!e.meta.boundWallet||e.meta.boundWallet.toLowerCase()===t.toLowerCase())){e.logger.info("Register failed with recoverable error, attempting refresh fallback",{code:c,isSessionExists:l,isReplay:d});try{if(await n.refreshFallback())return e.logger.info("Refresh fallback succeeded after register failure"),e.meta.boundWallet||e.setBoundWallet(t),!0}catch(w){e.logger.warn("Refresh fallback failed",w);}}if(d){if(e.providerAdapter)try{let f=await e.providerAdapter.getToken()??null;if(f)return await e.awaitKeyStable(),await e.ensureKeypair(),await e.rotate(),e.proofRef.current=await ve(e.providerAdapter,f),e.registerCooldownUntilRef.current=Date.now()+5e3+s,!1}catch{}else return e.proofRef.current=null,e.setError("Proof replayed; please sign a fresh proof."),e.registerCooldownUntilRef.current=Date.now()+1e4+s,false;return e.registerCooldownUntilRef.current=Date.now()+8e3+s,false}if(l)return e.setError("Session already exists. Try refreshing the page."),e.registerCooldownUntilRef.current=Date.now()+3e3+s,false;if(i===403&&(a?.waf||a?.alb403))return e.setError(u||"Forbidden at edge/origin"),e.registerCooldownUntilRef.current=Date.now()+3e4+s,false;if(i===403)return e.setError(c||u||"Forbidden"),e.registerCooldownUntilRef.current=Date.now()+15e3+s,false;if(i===429||i===503){e.setError(c||u||"Rate limited / unavailable");let f=i===429?5e3:8e3;return e.registerCooldownUntilRef.current=Date.now()+f+s,false}return e.setError(c||u||"Register failed"),e.registerCooldownUntilRef.current=Date.now()+5e3+s,false}}var $n=(e,t)=>`${e.toUpperCase()} ${t}`;function _e(e){if(e.refreshLock.current)return e.logger.guard("refreshLock",false,"Refresh already in progress"),e.refreshLock.current;if(e.registerLock.current){e.logger.guard("registerLock",false,"Registration in progress, waiting");let t=e.registerLock.current.then(()=>{if(e.authenticated&&V(e))return  true;if(V(e)){let n=e.tokenExpRef.current,o=Math.floor(Date.now()/1e3);if(!!n&&n-o>5)return  true}return  false});return e.refreshLock.current=t.finally(()=>{e.refreshLock.current=null;}),e.refreshLock.current}return e.logger.flow("refresh","Starting refresh flow"),e.refreshLock.current=(async()=>{try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe();let t=e.meta.boundWallet||e.wallet;if(!t)return e.logger.warn("No wallet available for refresh (neither boundWallet nor current wallet)"),!1;if(e.wallet&&e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return e.logger.warn("Wallet mismatch during refresh",{current:e.wallet,bound:e.meta.boundWallet}),e.accessTokenRef.current=null,e.setAuthenticated(!1),!1;let r=V(e);if(r){let y=e.tokenExpRef.current,P=Math.floor(Date.now()/1e3);if(!!r&&!!y&&y-P>5)return e.logger.info("Token still valid, skipping refresh"),!0}e.beginFlow("refresh",15e3);let n=e.currentReqId();await e.ensureKeypair();let o;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let C=await _(e.rootPubJwkRef.current);e.setRootJkt?.(C);}catch{}let y=await _(W(e)),P=await e.getRefreshId();o=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:y,clientId:e.clientId,sid:P||void 0,ttlSec:300});}}catch(y){e.logger.warn("Failed to create PODE for refresh",y);}let a="/auth/refresh",i=`${e.baseUrl}${a}`,c=new URL(e.baseUrl).origin,u="POST",s=`${c}${a}`,l=$n(u,s),d=_e._nonceCacheRef||(_e._nonceCacheRef={map:new Map}),f=async y=>await B({method:u,url:s,nonce:y,privateKey:Z(e),publicJwk:W(e)}),w=await e.getRefreshId(),S={"x-sunbreak-meta":F(e,{reqId:n,refreshId:w||void 0,pode:o||void 0,wallet:t}),"content-type":"application/json"},E=async y=>e.fetchImpl(i,{method:u,headers:{DPoP:y,...S},credentials:"include",body:"{}"}),m=y=>{let P=y.headers.get("dpop-nonce");P&&d.map.set(l,P);},k=await E(await f(d.map.get(l)));if(k.status===401){e.logger.info("Refresh got 401, retrying with nonce");let y=k.headers.get("www-authenticate"),C=(y&&y.match(/dpop-nonce="([^"]+)"/i))?.[1];C&&(d.map.set(l,C),k=await E(await f(C)));}if(m(k),e.logger.api(u,a,{status:k.status}),!k.ok){try{if((k.headers.get("content-type")||"").includes("application/json")){let P=await k.clone().json().catch(()=>{}),C=P&&(P.error||P.code||P.message)||"",O=String(C).toLowerCase();if(O.includes("missing")&&O.includes("refresh")){e.logger.warn("Refresh session expired (missing refresh identifier)"),e.stateMachine.onRefreshExpired();try{e.setRefreshId?.(null);}catch{}e.accessTokenRef.current=null,e.setAuthenticated(!1);}else e.logger.warn("Refresh failed",{error:C}),e.stateMachine.onRefreshFailure(String(C));}}catch{}return !1}let b=await k.json();e.logger.info("Refresh succeeded",{expiresIn:b.expiresIn,hasRefreshId:!!b.refreshId}),e.accessTokenRef.current=b.access,e.setAuthenticated(!0);let H=(e.wallet&&(!e.meta.boundWallet||e.meta.boundWallet===e.wallet)?e.wallet:e.meta.boundWallet)||null;e.authWalletRef.current=H?H.toLowerCase():null;try{let y=Math.floor(Date.now()/1e3);e.tokenExpRef.current=y+(b.expiresIn??0);}catch{}try{e.setJkt(await _(W(e)));}catch{}b.refreshId&&e.setRefreshId(b.refreshId);let p=y=>!y||y==="null"||y==="undefined"?null:y,g={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:p(b.refreshId??e.meta.refreshId??null),hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!!e.proofRef.current,authenticated:!0};return e.stateMachine.onRefreshSuccess(g),!0}finally{e.refreshLock.current=null;}})(),e.refreshLock.current}var On=(e,t)=>`${e.toUpperCase()} ${t}`,Tt=new Map,He;try{let e=globalThis;He=e.__sunbreak_page_probe_guard??(e.__sunbreak_page_probe_guard=new Set);}catch{He=new Set;}var Un=e=>{try{let t=new URL(e.baseUrl).origin;return `${e.clientId}::${t}`}catch{return `${e.clientId}::${e.baseUrl}`}};async function Pr(e){let t=Un(e);if(e.probeLock.current){e.logger.guard("probeLock",false,"Probe already in progress, waiting"),await e.probeLock.current,e.markProbed();return}if(e.hasProbedRef.current){e.logger.guard("hasProbedRef",false,"Already probed in this session"),e.markProbed();return}if(He.has(t)){e.logger.guard("pageProbeGuard",false,"Already probed for this page load"),e.markProbed();return}He.add(t),e.logger.flow("probe","Starting probe flow",{clientId:e.clientId,pageKey:t});let r=(async()=>{let n=new URL(e.baseUrl).origin;try{if(await e.awaitKeyStable(),await e.ensureKeypair(),!e.rootPrivRef.current)try{await e.ensureRootKeypair();}catch{}let o;if(e.rootPrivRef.current&&e.rootPubJwkRef.current)try{let m=await _(W(e));o=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:m,clientId:e.clientId,ttlSec:300});}catch(m){e.logger.warn("Failed to create PODE for probe",m);}let a="POST",i="/auth/probe",c=`${e.baseUrl}${i}`,u=`${n}${i}`,s=On(a,u),l=async m=>B({method:a,url:u,nonce:m,privateKey:Z(e),publicJwk:W(e)}),d=async m=>e.fetchImpl(c,{method:a,headers:{DPoP:m,"x-sunbreak-meta":F(e,{pode:o}),"content-type":"application/json"},credentials:"include",body:"{}"}),f=m=>{let k=m.headers.get("dpop-nonce");k&&Tt.set(s,k);},w=await d(await l(Tt.get(s)));if(f(w),w.status===401){e.logger.info("Probe got 401, retrying with nonce from www-authenticate");let m=w.headers.get("www-authenticate"),b=(m&&m.match(/dpop-nonce="([^"]+)"/i))?.[1];b&&(Tt.set(s,b),w=await d(await l(b)),f(w));}e.logger.api(a,i,{status:w.status});let S=m=>!m||m==="null"||m==="undefined"?null:m,E={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:S(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};e.stateMachine.onProbeComplete(E);}catch(o){e.logger.error("Probe failed",o);try{He.delete(t);}catch{}}finally{e.markProbed(),e.logger.flow("probe","Probe flow completed");}})();e.probeLock.current=r;try{await r;}finally{e.probeLock.current=null;}}var vr=e=>{let t=react.useCallback(()=>_e(e),[e]),r=react.useCallback(async()=>{let o=Date.now(),a=e.registerCooldownUntilRef.current??0;if(o<a){e.logger.guard("registerCooldown",false,"Cooldown active");return}if(!e.wallet){e.logger.guard("attemptRegister",false,"No wallet");return}if(!e.initResolvedRef.current){e.logger.guard("attemptRegister",false,"Not initialized");return}if(e.refreshLock.current){e.logger.guard("attemptRegister",false,"Refresh in progress");return}if(e.registerLock.current){e.logger.guard("attemptRegister",false,"Register already in progress");return}let i=s=>!s||s==="null"||s==="undefined"?null:s,c={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:i(e.meta.refreshId),hasToken:!!V(e),tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};if(!e.stateMachine.shouldAttemptRegister(c)){e.logger.guard("attemptRegister",false,`State machine blocked (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}let u=e.proofRef.current;if(!u){e.logger.guard("attemptRegister",false,"No proof available");return}e.logger.guard("attemptRegister",true,"All guards passed, proceeding"),await e.awaitKeyStable(),e.registerLock.current=(async()=>{try{await Le(e,e.wallet,u,{refreshFallback:async()=>{e.logger.info("Attempting refresh as fallback after register failure");let l=!!e.meta.boundWallet;!l&&e.wallet&&e.setBoundWallet(e.wallet);try{return await _e(e)}catch{return l||e.setBoundWallet(null),!1}}})&&(e.didInitialSession.current=!0);}catch(s){e.setError(s?.message||String(s)||"Register failed");}finally{e.registerLock.current=null;}})();},[e]),n=react.useCallback(async o=>{let a=()=>(e.registerCooldownUntilRef.current??0)>Date.now();if(!e.providerAdapter||a())return;let i=await ve(e.providerAdapter,o);e.proofRef.current=i;},[e]);return {refresh:t,register:(o,a,i)=>Le(e,o,a,i),attemptRegister:r,setProofFromAdapterToken:n}};var jn=(e,t)=>`${e.toUpperCase()} ${t}`,Nn=(e,t)=>!!e&&!!t&&e.toLowerCase()===t.toLowerCase();async function tt(e,t,r,n,o,a={}){e.setLoadingCount(s=>s+1),e.setError(null);let i=n.startsWith("/api/session"),c=new AbortController,u=setTimeout(()=>c.abort(),e.timeoutMs);try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair();let l=`${i?pt(e):e.baseUrl}${n.startsWith("/")?"":"/"}${n}`,f=`${new URL(e.baseUrl).origin}${n.startsWith("/")?"":"/"}${n}`,w=jn(r,f),S=n.startsWith("/auth/"),E=!1,m=!1,k=e.currentReqId(),b=tt._nonceCacheRef||(tt._nonceCacheRef={map:new Map}),H=J=>{let G=J.headers.get("dpop-nonce");G&&b.map.set(w,G);},p=!!e.wallet&&!!e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase(),g=()=>S||!e.wallet?!1:!!(e.authenticated||Nn(e.wallet,e.meta.boundWallet)||typeof e.meta.refreshId=="string"&&e.meta.refreshId),y,P,C=async()=>{if(S||p)return;try{let ce=V(e),oe=e.tokenExpRef.current,rt=Math.floor(Date.now()/1e3),nt=!!oe&&oe-rt<=60;if(ce){if(nt&&!await t().catch(()=>!1))return}else if(!g()||!await t().catch(()=>!1))return}catch{}let J=V(e);if(!J)return;let G=await Ye(J),U=b.map.get(w),ee=await B({method:r,url:f,nonce:U,ath:G,privateKey:Z(e),publicJwk:W(e)});y=`Bearer ${e.accessTokenRef.current}`,P=ee;};await C();let O={"content-type":"application/json","x-sunbreak-auth":y||"","x-sunbreak-meta":F(e,{reqId:k,auth:y,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0}),...ht(a.headers)};P&&(O.DPoP=P);let Pe=async()=>e.fetchImpl(l,{...a,method:r,headers:O,body:o!==void 0?JSON.stringify(o):void 0,credentials:"include",signal:c.signal}),K=await Pe(),Me=K.headers.get("x-sunbreak-policy-hash"),$e=K.headers.get("x-sunbreak-policy-proof");if(Me&&e.setLastPolicyHash(Me),$e&&e.setLastPolicyProof($e),H(K),K.status===401&&!S){let J=V(e),G=K.headers.get("www-authenticate"),ee=(G&&G.match(/dpop-nonce="([^"]+)"/i))?.[1];if(!p&&ee&&J&&!m){m=!0,b.map.set(w,ee);let ce=await Ye(J),oe=await B({method:r,url:f,nonce:ee,ath:ce,privateKey:Z(e),publicJwk:W(e)});y=`Bearer ${e.accessTokenRef.current}`,P=oe,O["x-sunbreak-meta"]=F(e,{reqId:k,auth:y}),O.DPoP=P,K=await Pe(),H(K);}if(K.status===401&&!E&&(E=!0,!p&&g())){let ce=await t(),oe=V(e);ce&&oe&&!p&&(await C(),O["x-sunbreak-meta"]=F(e,{reqId:k,auth:y}),P&&(O.DPoP=P),K=await Pe(),H(K));}if(K.status===401)throw new Error("Unauthorized")}if(!K.ok){let J=await Je(K);if((K.headers.get("content-type")||"").includes("application/json")){let U=await K.json().catch(()=>{}),ee=We(U&&(U.error||U.message||U.detail)||`HTTP ${K.status}`);throw he(ee,J)}else {let U=J.waf?"Blocked by WAF (403)":J.alb403?"Blocked at origin (ALB 403)":`HTTP ${K.status}`;throw he(U,J)}}return (K.headers.get("content-type")||"").includes("application/json")?await K.json():void 0}finally{clearTimeout(u),e.setLoadingCount(s=>Math.max(0,s-1));}}var Ar=(e,t)=>react.useCallback(async(r,n,o,a={})=>tt(e,t,r,n,o,a),[e,t]);async function xr(e,t){let r=await t("GET","/api/session");if(r){e.setAllowed(!!r.allowed),e.setDenyReason(r.reason??null),e.setSessionData(r),e.setSessionExpiry(r.expiry??null);let n=r?.wallet;typeof n=="string"&&n&&e.setBoundWallet(n.toLowerCase());}return r}async function Kr(e,t){let r=await t("GET","/api/verify");return r&&(e.setSessionExpiry(r.expiry??null),e.setVerifyData(r)),r}var Tr=(e,t)=>{let r=react.useCallback(async()=>{if(e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet))return e.sessionLock.current||(e.sessionLock.current=(async()=>{try{return await xr(e,t)}catch(o){throw e.logger.error("Session request failed",o),o}finally{e.sessionLock.current=null;}})()),e.sessionLock.current},[e,t]),n=react.useCallback(async()=>{if(e.wallet)return await Kr(e,t)},[e,t]);return {session:r,verify:n}};var Ir=(e,t)=>{let{refresh:r,session:n,attemptRegister:o,setProofFromAdapterToken:a,proofProp:i}=t,c=()=>(e.registerCooldownUntilRef.current??0)>Date.now(),u=()=>{let s=l=>!l||l==="null"||l==="undefined"?null:l;return {wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:s(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated}};react.useEffect(()=>{if(!e.metaReady)return;let s=true;return (async()=>{try{if(await e.waitReady(),!s||(await e.awaitKeyStable(),!s)||(await e.ensureRootKeypair(),!s))return;let l=u();e.stateMachine.initialize(l),await Pr(e);}catch(l){if(!s)return;e.logger.error("Probe initialization failed",l);}})(),()=>{s=false;}},[e.metaReady]),react.useEffect(()=>{let s=e.prevWalletRef.current;if(e.prevWalletRef.current=e.wallet,e.wallet!==s&&(e.didInitialRefresh.current=false),!e.wallet){e.logger.flow("wallet","Wallet disconnected"),e.stateMachine.onWalletDisconnect(),e.setAllowed(null),e.setDenyReason(null),e.setSessionExpiry(null),e.setSessionData(null),e.setAuthenticated(false),e.accessTokenRef.current=null,e.proofRef.current=null,e.setError(null),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.didInitialRefresh.current=false;return}if(s&&e.wallet&&s!==e.wallet){e.logger.flow("wallet",`Wallet changed: ${s} \u2192 ${e.wallet}`);let l=u();e.stateMachine.onWalletChange(s,e.wallet,l),e.rotateLock.current=(async()=>{await e.rotate(),e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;});}},[e.wallet]),react.useEffect(()=>{if(!e.providerAdapter||c()||!e.metaReady||!e.wallet)return;if(e.stateMachine.isInActiveSession()){e.logger.decision("Provider adapter should trigger register?",false,"Already in active session");return}if(e.authenticated){e.logger.decision("Provider adapter should trigger register?",false,"Already authenticated");return}let s=u();if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,s)){e.logger.decision("Provider adapter should wait for initial refresh?",true,"Returning user - refresh first");return}e.logger.decision("Provider adapter should trigger register?",true,`Fetching token (state: ${e.stateMachine.getState()})`);let l=false;return (async()=>{try{let d=e.providerAdapter.getToken(),f=new Promise((S,E)=>setTimeout(()=>E(new Error("Provider adapter timeout (30s)")),3e4)),w=await Promise.race([d,f]).catch(S=>(e.logger.warn("Provider adapter getToken failed",S),null))??null;if(await e.awaitKeyStable(),l||!w)return;e.logger.info("Provider adapter: got token, setting proof"),await a(w),await o();}catch(d){e.logger.error("Provider adapter flow failed",d);}})(),()=>{l=true;}},[e.providerAdapter,e.wallet,e.meta.boundWallet,e.metaReady,e.registerCooldownUntilRef,e.didInitialRefresh,e.authenticated,...e.refreshDeps]),react.useEffect(()=>{if(typeof i<"u"&&(e.proofRef.current=i??null,i&&e.logger.info("Proof prop updated",{hasProof:!!i})),!e.metaReady)return;let s=u();if(!e.stateMachine.shouldAttemptRegister(s)){e.logger.decision("Proof prop should trigger register?",false,`State machine says no (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,s)){e.logger.decision("Proof prop should wait for initial refresh?",true,"Returning user - refresh first");return}let l=!!e.wallet,d=!!e.proofRef.current;l&&d&&e.initResolvedRef.current&&!c()&&(e.logger.info("Proof prop conditions met, attempting register"),o());},[i,e.wallet,e.authenticated,e.meta.boundWallet,e.metaReady,e.providerAdapter,e.initResolvedRef,e.didInitialRefresh,o]),react.useEffect(()=>{if(!e.metaReady||e.didInitialRefresh.current)return;let s=true;return (async()=>{try{await e.waitReady(),await e.awaitProbe();let l=u();if(e.accessTokenRef.current||e.authenticated){e.logger.info("Already authenticated, skipping initial refresh"),e.didInitialRefresh.current=!0,e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());return}if(!e.stateMachine.shouldAttemptRefresh(l)){e.logger.decision("Should attempt initial refresh?",!1,`State: ${e.stateMachine.getState()}`),e.didInitialRefresh.current=!0;return}e.logger.decision("Should attempt initial refresh?",!0,`State: ${e.stateMachine.getState()}`),e.didInitialRefresh.current=!0;let f=await r();if(!s)return;e.setAuthenticated(f),f&&e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());}catch(l){if(!s)return;e.didInitialRefresh.current=true,e.setAuthenticated(false),e.setError(l?.message||String(l)||"Unknown error");}})(),()=>{s=false;}},[e.wallet,e.meta.boundWallet,e.meta.refreshId,e.metaReady,e.didInitialRefresh,r,n]),react.useEffect(()=>{e.initResolvedRef.current||(async()=>{if(await e.ensureKeypair(),!e.wallet){e.initResolvedRef.current=true,e.initResolveRef.current?.();return}e.meta.boundWallet&&e.meta.boundWallet!==e.wallet&&(e.rotateLock.current=(async()=>{e.accessTokenRef.current=null,e.setAuthenticated(false);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}),e.rotateLock.current&&await e.rotateLock.current),e.initResolvedRef.current=true,e.initResolveRef.current?.();})();},[e]),react.useEffect(()=>{(async()=>{if(e.authenticated&&e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)&&!e.didInitialSession.current){e.didInitialSession.current=true;try{e.logger.flow("session","Calling session after authentication"),await n();}catch(s){e.setError(s?.message||String(s));}}})();},[e.authenticated,e.wallet,e.meta.boundWallet,n]),react.useEffect(()=>{e.wallet&&e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase()&&(e.logger.warn("Wallet mismatch detected, clearing auth",{current:e.wallet,authWallet:e.authWalletRef.current}),e.accessTokenRef.current=null,e.setAuthenticated(false));},[e.wallet,e.authWalletRef.current]),react.useEffect(()=>{let l=()=>{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return  false;let w=e.tokenExpRef.current;if(!w)return  false;let S=Math.floor(Date.now()/1e3);return w-S<=30},d=async()=>{try{l()&&(e.logger.info("Token expiring soon, refreshing on focus"),await r());}catch{}},f=async()=>{document.visibilityState==="visible"&&await d();};return window.addEventListener("focus",d),document.addEventListener("visibilitychange",f),()=>{window.removeEventListener("focus",d),document.removeEventListener("visibilitychange",f);}},[e,r]),react.useEffect(()=>{let d=()=>{let S=Math.floor(Date.now()/1e3),E=e.tokenExpRef.current,m=e.sessionExpiry,k=!!E&&E-S<=30&&E-S>0,b=!!m&&m-S<=3600&&m-S>0;return {tokenSoon:k,sessionSoon:b}},f=async()=>{try{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return;let{tokenSoon:S,sessionSoon:E}=d();(S||E)&&(e.logger.info("Refreshing on focus",{tokenSoon:S,sessionSoon:E}),await r()&&E&&await n());}catch{}},w=async()=>{document.visibilityState==="visible"&&await f();};return window.addEventListener("focus",f),document.addEventListener("visibilitychange",w),()=>{window.removeEventListener("focus",f),document.removeEventListener("visibilitychange",w);}},[e,e.sessionExpiry,r,n]);};var Wr=react.createContext(void 0),qn=e=>{let t=kr(e),{refresh:r,attemptRegister:n,setProofFromAdapterToken:o}=vr(t),a=Ar(t,r),{session:i,verify:c}=Tr(t,a);Ir(t,{refresh:r,session:i,attemptRegister:n,setProofFromAdapterToken:o,proofProp:e.proof});let u=react.useMemo(()=>({get:(s,l)=>a("GET",s,void 0,l),post:(s,l,d)=>a("POST",s,l,d),verify:c,session:i,refresh:r,authenticated:t.authenticated,loading:t.loadingCount>0,error:t.error,allowed:t.allowed,denyReason:t.denyReason,sessionExpiry:t.sessionExpiry,sessionData:t.sessionData,verifyData:t.verifyData,wallet:t.wallet}),[a,c,i,r,t.authenticated,t.loadingCount,t.error,t.allowed,t.denyReason,t.sessionExpiry,t.sessionData,t.verifyData,t.wallet]);return jsxRuntime.jsx(Wr.Provider,{value:u,children:e.children})},zn=e=>jsxRuntime.jsx(kt,{clientId:e.clientId,children:jsxRuntime.jsx(qn,{...e})}),Xn=()=>{let e=react.useContext(Wr);if(!e)throw new Error("useSunbreak must be used within a SunbreakProvider");return e};
-exports.SunbreakProvider = $n;
-exports.useSunbreak = Nn;
+exports.SunbreakProvider = zn;
+exports.useSunbreak = Xn;

package/dist/index.d.cts CHANGED Viewed

@@ -90,6 +90,7 @@ interface SunbreakProviderProps {
     proof?: Proof | null;
     providerAdapter?: ProviderAdapter;
     refreshDeps?: unknown[];
+    debug?: boolean;
 }
 /**

package/dist/index.d.ts CHANGED Viewed

@@ -90,6 +90,7 @@ interface SunbreakProviderProps {
     proof?: Proof | null;
     providerAdapter?: ProviderAdapter;
     refreshDeps?: unknown[];
+    debug?: boolean;
 }
 /**

package/dist/index.mjs CHANGED Viewed

@@ -1,6 +1,22 @@
 import { createContext, useContext, useState, useRef, useMemo, useEffect, useCallback } from 'react';
 import { jsx } from 'react/jsx-runtime';
-var Xr=Object.defineProperty;var _t=e=>{throw TypeError(e)};var Zr=(e,t,r)=>t in e?Xr(e,t,{enumerable:true,configurable:true,writable:true,value:r}):e[t]=r;var H=(e,t,r)=>Zr(e,typeof t!="symbol"?t+"":t,r),Dt=(e,t,r)=>t.has(e)||_t("Cannot "+r);var y=(e,t,r)=>(Dt(e,t,"read from private field"),r?r.call(e):t.get(e)),O=(e,t,r)=>t.has(e)?_t("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),U=(e,t,r,n)=>(Dt(e,t,"write to private field"),t.set(e,r),r);var Pe=async(e,t,r)=>{switch(e.name){case "custom":return {method:"provider_jwt",issuer:"custom",token:t,meta:r||{}};case "privy":return {method:"provider_jwt",issuer:"privy",token:t,meta:{app_id:e.appId}};case "dynamic":return e.expectedAud?{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId,expected_aud:e.expectedAud}}:{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId}};default:throw new Error(`Unknown adapter: ${e}`)}};var Qr="sunbreak-kv",ve="kv",$e="sunbreak_dpop_meta_v1",x="sunbreak_dpop_key_v1",Ke="ES256",E="P-256",Ae=e=>`${$e}:${e}`,Wt=()=>new Promise((e,t)=>{let r=indexedDB.open(Qr,1);r.onupgradeneeded=()=>r.result.createObjectStore(ve),r.onsuccess=()=>e(r.result),r.onerror=()=>t(r.error);}),C=async e=>{try{let t=await Wt();return await new Promise((r,n)=>{let a=t.transaction(ve,"readonly").objectStore(ve).get(e);a.onsuccess=()=>r(a.result),a.onerror=()=>n(a.error);})}catch{return}},g=async(e,t)=>{let r=await Wt();await new Promise((n,o)=>{let i=r.transaction(ve,"readwrite").objectStore(ve).put(t,e);i.onsuccess=()=>n(),i.onerror=()=>o(i.error);});};var en=e=>{let t=new URL(e);if(t.protocol!=="https:"&&t.hostname!=="localhost"&&t.hostname!=="127.0.0.1")throw new Error("Sunbreak: insecure base URL");return t.hash="",t.origin},tn=e=>e.replace(/\/+$/,""),st=e=>{let t=tn(e);return en(t)};function ut(e){let t=new URL(e.baseUrl),r=t.host,n=e.meta.lastHost??null,o=rn(n);return e.setLastHost(o),t.host=`${o}.${r}`,t.origin}var rn=e=>{for(let t=0;t<ct.length;t++){let r=ct[Math.floor(Math.random()*ct.length)].toLowerCase();if(r!==e)return r}return "alpha"},ct=["Alpha","Bravo","Charlie","Delta","Echo","Foxtrot","Golf","Hotel","India","Juliett","Kilo","Lima","Mike","November","Oscar","Papa","Quebec","Romeo","Sierra","Tango","Uniform","Victor","Whiskey","X-ray","Yankee","Zulu"];var $=(e,t)=>{let r={clientId:e.clientId,wallet:e.wallet,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0,...t};Object.keys(r).forEach(o=>r[o]===void 0&&delete r[o]);let n=JSON.stringify(r);return btoa(n)};var nn=new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailer","transfer-encoding","upgrade","via"]),on=new Set(["user-agent","referer","origin","host","content-length","sec-fetch-site","sec-fetch-mode","sec-fetch-dest","sec-fetch-user","sec-ch-ua","sec-ch-ua-mobile","sec-ch-ua-platform","sec-ch-ua-platform-version","sec-ch-ua-full-version","sec-ch-ua-arch","sec-ch-ua-model","sec-ch-ua-bitness","cookie","set-cookie"]),an=new Set(["dpop","x-sunbreak-meta"]),sn=64,Lt=2048,cn=64;function lt(e){let t={};if(!e)return t;let r=e instanceof Headers?Array.from(e.entries()):Object.entries(e),n=0;for(let[o,a]of r){if(n>=cn)break;if(o==null||a==null)continue;let i=String(o).toLowerCase().trim();if(!i||i.length>sn||nn.has(i)||on.has(i)||an.has(i))continue;let s=String(a);s.length>Lt&&(s=s.slice(0,Lt)),t[i]=s,n++;}return t}var Q=new TextEncoder,me=new TextDecoder;function Ht(...e){let t=e.reduce((o,{length:a})=>o+a,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Mt(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function jt(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function Ot(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:me.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=me.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return jt(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function Ne(e){let t=e;return typeof t=="string"&&(t=Q.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:true}):Mt(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var ue=class extends Error{constructor(r,n){super(r,n);H(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor);}};H(ue,"code","ERR_JOSE_GENERIC");var _=class extends ue{constructor(){super(...arguments);H(this,"code","ERR_JOSE_NOT_SUPPORTED");}};H(_,"code","ERR_JOSE_NOT_SUPPORTED");var ee=class extends ue{constructor(){super(...arguments);H(this,"code","ERR_JWS_INVALID");}};H(ee,"code","ERR_JWS_INVALID");var xe=class extends ue{constructor(){super(...arguments);H(this,"code","ERR_JWT_INVALID");}};H(xe,"code","ERR_JWT_INVALID");var Ut,$t,ft=class extends($t=ue,Ut=Symbol.asyncIterator,$t){constructor(r="multiple matching keys found in the JSON Web Key Set",n){super(r,n);H(this,Ut);H(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");}};H(ft,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");function F(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function we(e,t){return e.name===t}function dt(e){return parseInt(e.name.slice(4),10)}function fn(e){switch(e){case "ES256":return "P-256";case "ES384":return "P-384";case "ES512":return "P-521";default:throw new Error("unreachable")}}function dn(e,t){if(!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function Nt(e,t,r){switch(t){case "HS256":case "HS384":case "HS512":{if(!we(e.algorithm,"HMAC"))throw F("HMAC");let n=parseInt(t.slice(2),10);if(dt(e.algorithm.hash)!==n)throw F(`SHA-${n}`,"algorithm.hash");break}case "RS256":case "RS384":case "RS512":{if(!we(e.algorithm,"RSASSA-PKCS1-v1_5"))throw F("RSASSA-PKCS1-v1_5");let n=parseInt(t.slice(2),10);if(dt(e.algorithm.hash)!==n)throw F(`SHA-${n}`,"algorithm.hash");break}case "PS256":case "PS384":case "PS512":{if(!we(e.algorithm,"RSA-PSS"))throw F("RSA-PSS");let n=parseInt(t.slice(2),10);if(dt(e.algorithm.hash)!==n)throw F(`SHA-${n}`,"algorithm.hash");break}case "Ed25519":case "EdDSA":{if(!we(e.algorithm,"Ed25519"))throw F("Ed25519");break}case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":{if(!we(e.algorithm,t))throw F(t);break}case "ES256":case "ES384":case "ES512":{if(!we(e.algorithm,"ECDSA"))throw F("ECDSA");let n=fn(t);if(e.algorithm.namedCurve!==n)throw F(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}dn(e,r);}function Bt(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`;}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var Vt=(e,...t)=>Bt("Key must be ",e,...t);function pt(e,t,...r){return Bt(`Key for the ${e} algorithm must be `,t,...r)}function yt(e){return e?.[Symbol.toStringTag]==="CryptoKey"}function mt(e){return e?.[Symbol.toStringTag]==="KeyObject"}var wt=e=>yt(e)||mt(e);var Ft=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return  true;let r;for(let n of t){let o=Object.keys(n);if(!r||r.size===0){r=new Set(o);continue}for(let a of o){if(r.has(a))return  false;r.add(a);}}return  true};function pn(e){return typeof e=="object"&&e!==null}var Be=e=>{if(!pn(e)||Object.prototype.toString.call(e)!=="[object Object]")return  false;if(Object.getPrototypeOf(e)===null)return  true;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t};var Gt=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function yn(e){let t,r;switch(e.kty){case "AKP":{switch(e.alg){case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "RSA":{switch(e.alg){case "PS256":case "PS384":case "PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RS256":case "RS384":case "RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RSA-OAEP":case "RSA-OAEP-256":case "RSA-OAEP-384":case "RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "EC":{switch(e.alg){case "ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case "ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case "ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "OKP":{switch(e.alg){case "Ed25519":case "EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new _('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new _('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return {algorithm:t,keyUsages:r}}var qt=async e=>{if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=yn(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)};var zt=(e,t,r,n,o)=>{if(o.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let i of n.crit){if(!a.has(i))throw new _(`Extension Header Parameter "${i}" is not recognized`);if(o[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(a.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)};function Ce(e){return Be(e)&&typeof e.kty=="string"}function Yt(e){return e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string")}function Xt(e){return e.kty!=="oct"&&typeof e.d>"u"&&typeof e.priv>"u"}function Zt(e){return e.kty==="oct"&&typeof e.k=="string"}var he,Qt=async(e,t,r,n=false)=>{he||(he=new WeakMap);let o=he.get(e);if(o?.[r])return o[r];let a=await qt({...t,alg:r});return n&&Object.freeze(e),o?o[r]=a:he.set(e,{[r]:a}),a},wn=(e,t)=>{he||(he=new WeakMap);let r=he.get(e);if(r?.[t])return r[t];let n=e.type==="public",o=!!n,a;if(e.asymmetricKeyType==="x25519"){switch(t){case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}a=e.toCryptoKey(e.asymmetricKeyType,o,n?[]:["deriveBits"]);}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}switch(e.asymmetricKeyType){case "ml-dsa-44":case "ml-dsa-65":case "ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case "RSA-OAEP":i="SHA-1";break;case "RS256":case "PS256":case "RSA-OAEP-256":i="SHA-256";break;case "RS384":case "PS384":case "RSA-OAEP-384":i="SHA-384";break;case "RS512":case "PS512":case "RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},o,n?["encrypt"]:["decrypt"]);a=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},o,[n?"verify":"sign"]);}if(e.asymmetricKeyType==="ec"){let s=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!s)throw new TypeError("given KeyObject instance cannot be used for this algorithm");t==="ES256"&&s==="P-256"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t==="ES384"&&s==="P-384"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t==="ES512"&&s==="P-521"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:s},o,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(a=e.toCryptoKey({name:"ECDH",namedCurve:s},o,n?[]:["deriveBits"]));}if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=a:he.set(e,{[t]:a}),a},er=async(e,t)=>{if(e instanceof Uint8Array||yt(e))return e;if(mt(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return wn(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return Qt(e,r,t)}if(Ce(e))return e.k?Ot(e.k):Qt(e,e,t,true);throw new Error("unreachable")};var be=e=>e?.[Symbol.toStringTag],ht=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case "sign":case "verify":n="sig";break;case "encrypt":case "decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(true){case(r==="sign"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n="unwrapKey":n=r;break;case(r==="encrypt"):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===false)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return  true},hn=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(Ce(t)){if(Zt(t)&&ht(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!wt(t))throw new TypeError(pt(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${be(t)} instances for symmetric algorithms must be of type "secret"`)}},bn=(e,t,r)=>{if(Ce(t))switch(r){case "decrypt":case "sign":if(Yt(t)&&ht(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case "encrypt":case "verify":if(Xt(t)&&ht(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!wt(t))throw new TypeError(pt(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${be(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case "sign":throw new TypeError(`${be(t)} instances for asymmetric algorithm signing must be of type "private"`);case "decrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm decryption must be of type "private"`);}if(t.type==="private")switch(r){case "verify":throw new TypeError(`${be(t)} instances for asymmetric algorithm verifying must be of type "public"`);case "encrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm encryption must be of type "public"`);}},tr=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e)||/^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e)?hn(e,t,r):bn(e,t,r);};var rr=(e,t)=>{let r=`SHA-${e.slice(-3)}`;switch(e){case "HS256":case "HS384":case "HS512":return {hash:r,name:"HMAC"};case "PS256":case "PS384":case "PS512":return {hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case "RS256":case "RS384":case "RS512":return {hash:r,name:"RSASSA-PKCS1-v1_5"};case "ES256":case "ES384":case "ES512":return {hash:r,name:"ECDSA",namedCurve:t.namedCurve};case "Ed25519":case "EdDSA":return {name:"Ed25519"};case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":return {name:e};default:throw new _(`alg ${e} is not supported either by JOSE or your javascript runtime`)}};var nr=async(e,t,r)=>{if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(Vt(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},false,[r])}return Nt(t,e,r),t};var ne=e=>Math.floor(e.getTime()/1e3);var Sn=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,Ve=e=>{let t=Sn.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),o;switch(n){case "sec":case "secs":case "second":case "seconds":case "s":o=Math.round(r);break;case "minute":case "minutes":case "min":case "mins":case "m":o=Math.round(r*60);break;case "hour":case "hours":case "hr":case "hrs":case "h":o=Math.round(r*3600);break;case "day":case "days":case "d":o=Math.round(r*86400);break;case "week":case "weeks":case "w":o=Math.round(r*604800);break;default:o=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-o:o};function le(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var v,Fe=class{constructor(t){O(this,v);if(!Be(t))throw new TypeError("JWT Claims Set MUST be an object");U(this,v,structuredClone(t));}data(){return Q.encode(JSON.stringify(y(this,v)))}get iss(){return y(this,v).iss}set iss(t){y(this,v).iss=t;}get sub(){return y(this,v).sub}set sub(t){y(this,v).sub=t;}get aud(){return y(this,v).aud}set aud(t){y(this,v).aud=t;}set jti(t){y(this,v).jti=t;}set nbf(t){typeof t=="number"?y(this,v).nbf=le("setNotBefore",t):t instanceof Date?y(this,v).nbf=le("setNotBefore",ne(t)):y(this,v).nbf=ne(new Date)+Ve(t);}set exp(t){typeof t=="number"?y(this,v).exp=le("setExpirationTime",t):t instanceof Date?y(this,v).exp=le("setExpirationTime",ne(t)):y(this,v).exp=ne(new Date)+Ve(t);}set iat(t){typeof t>"u"?y(this,v).iat=ne(new Date):t instanceof Date?y(this,v).iat=le("setIssuedAt",ne(t)):typeof t=="string"?y(this,v).iat=le("setIssuedAt",ne(new Date)+Ve(t)):y(this,v).iat=le("setIssuedAt",t);}};v=new WeakMap;var or=async(e,t,r)=>{let n=await nr(e,t,"sign");Gt(e,n);let o=await crypto.subtle.sign(rr(e,n.algorithm),n,r);return new Uint8Array(o)};var Te,D,G,Ge=class{constructor(t){O(this,Te);O(this,D);O(this,G);if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");U(this,Te,t);}setProtectedHeader(t){if(y(this,D))throw new TypeError("setProtectedHeader can only be called once");return U(this,D,t),this}setUnprotectedHeader(t){if(y(this,G))throw new TypeError("setUnprotectedHeader can only be called once");return U(this,G,t),this}async sign(t,r){if(!y(this,D)&&!y(this,G))throw new ee("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Ft(y(this,D),y(this,G)))throw new ee("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...y(this,D),...y(this,G)},o=zt(ee,new Map([["b64",true]]),r?.crit,y(this,D),n),a=true;if(o.has("b64")&&(a=y(this,D).b64,typeof a!="boolean"))throw new ee('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new ee('JWS "alg" (Algorithm) Header Parameter missing or invalid');tr(i,t,"sign");let s=y(this,Te);a&&(s=Q.encode(Ne(s)));let c;y(this,D)?c=Q.encode(Ne(JSON.stringify(y(this,D)))):c=Q.encode("");let u=Ht(c,Q.encode("."),s),l=await er(t,i),f=await or(i,l,u),p={signature:Ne(f),payload:""};return a&&(p.payload=me.decode(s)),y(this,G)&&(p.header=y(this,G)),y(this,D)&&(p.protected=me.decode(c)),p}};Te=new WeakMap,D=new WeakMap,G=new WeakMap;var Se,qe=class{constructor(t){O(this,Se);U(this,Se,new Ge(t));}setProtectedHeader(t){return y(this,Se).setProtectedHeader(t),this}async sign(t,r){let n=await y(this,Se).sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return `${n.protected}.${n.payload}.${n.signature}`}};Se=new WeakMap;var oe,M,fe=class{constructor(t={}){O(this,oe);O(this,M);U(this,M,new Fe(t));}setIssuer(t){return y(this,M).iss=t,this}setSubject(t){return y(this,M).sub=t,this}setAudience(t){return y(this,M).aud=t,this}setJti(t){return y(this,M).jti=t,this}setNotBefore(t){return y(this,M).nbf=t,this}setExpirationTime(t){return y(this,M).exp=t,this}setIssuedAt(t){return y(this,M).iat=t,this}setProtectedHeader(t){return U(this,oe,t),this}async sign(t,r){let n=new qe(y(this,M).data());if(n.setProtectedHeader(y(this,oe)),Array.isArray(y(this,oe)?.crit)&&y(this,oe).crit.includes("b64")&&y(this,oe).b64===false)throw new xe("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};oe=new WeakMap,M=new WeakMap;var Rn=e=>btoa(String.fromCharCode(...new Uint8Array(e))).replaceAll("+","-").replaceAll("/","_").replaceAll("=",""),ze=async e=>{let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return Rn(r)},N=async e=>{let{method:t,url:r,nonce:n,ath:o,privateKey:a,publicJwk:i}=e,s={htm:t.toUpperCase(),htu:r,jti:crypto.randomUUID(),iat:Math.floor(Date.now()/1e3)};return n&&(s.nonce=n),o&&(s.ath=o),await new fe(s).setProtectedHeader({alg:"ES256",typ:"dpop+jwt",jwk:i}).sign(a)};var W=async e=>{let t={crv:e.crv,kty:"EC",x:e.x,y:e.y},r=JSON.stringify(t),n=new TextEncoder().encode(r),o=await crypto.subtle.digest("SHA-256",n);return btoa(String.fromCharCode(...new Uint8Array(o))).replaceAll("+","-").replaceAll("/","_").replaceAll("=","")};async function de(e){let{rootPrivateKey:t,rootPublicJwk:r,childJkt:n,clientId:o,sid:a,ttlSec:i=300}=e,s=Math.floor(Date.now()/1e3),c=s+Math.max(60,Math.min(i,3600)),u={child_jkt:n,client_id:o,aud:"issuer",iat:s,exp:c,jti:crypto.randomUUID()};return a&&(u.sid=a),await new fe(u).setProtectedHeader({alg:"ES256",typ:"pode+jwt",jwk:r}).sign(t)}function Je(e,t=300){return e.replace(/<[^>]*>/g,"").slice(0,t)}async function Ie(e){let t=e.status,r=Array.from(e.headers.keys()).some(s=>s.toLowerCase().startsWith("x-amzn-waf")),n,o,a=e.headers.get("content-type")||"";if(a.includes("application/json"))try{let s=await e.clone().json();n=typeof s?.error=="string"?s.error:void 0,o=typeof s?.detail=="string"?s.detail:void 0;}catch{}let i=t===403&&!r&&!a.includes("application/json");return {status:t,code:n,detail:o,waf:r,alb403:i}}function pe(e,t){let r=new Error(e);return r.status=t.status,r.code=t.code,r.detail=t.detail,r.waf=t.waf,r.alb403=t.alb403,r}var Re={boundWallet:null,clientId:null,jkt:null,refreshId:null,lastPolicyHash:null,lastPolicyProof:null,lastHost:null,rootJkt:null},bt=createContext(void 0);function ur(e){try{return JSON.parse(localStorage.getItem(e)||"null")??Re}catch{return Re}}function En(e,t){try{localStorage.setItem(e,JSON.stringify(t));}catch{}}var St=({children:e,clientId:t})=>{let[r,n]=useState(Re),o=useRef(false),[a,i]=useState(false),s=useMemo(()=>Ae(t),[t]);useEffect(()=>{let d=true;return (async()=>{let I=await C(s)??await C($e)??ur(s);d&&(n({...Re,...I}),o.current=true,i(true));})(),()=>{d=false;}},[s]),useEffect(()=>{o.current&&(async()=>(await g(s,r),En(s,r)))();},[r,s]);let c=useCallback(d=>n(w=>({...w,refreshId:d})),[]),u=useCallback(d=>n(w=>({...w,lastPolicyHash:d})),[]),l=useCallback(d=>n(w=>({...w,lastPolicyProof:d})),[]),f=useCallback(d=>n(w=>({...w,lastHost:d})),[]),p=useCallback(d=>n(w=>({...w,rootJkt:d})),[]),h=async()=>{try{let d=localStorage.getItem(s);if(d){let w=JSON.parse(d);if(typeof w?.refreshId=="string"&&w.refreshId)return w.refreshId}}catch{}try{let d=await C(s);if(typeof d?.refreshId=="string"&&d.refreshId)return d.refreshId}catch{}return null},m=useCallback(d=>n(w=>({...w,boundWallet:d})),[]),R=useCallback(d=>n(w=>({...w,clientId:d})),[]),k=useCallback(d=>n(w=>({...w,jkt:d})),[]),P=useCallback(()=>n(Re),[]),b=useCallback(async()=>{let w=await C(s)??ur(s);n({...Re,...w});},[]),S=useMemo(()=>({meta:r,setBoundWallet:m,setClientId:R,setJkt:k,resetMeta:P,reload:b,setRefreshId:c,getRefreshId:h,ready:a,setLastPolicyHash:u,setLastPolicyProof:l,setLastHost:f,setRootJkt:p}),[r,m,R,k,P,b,a,c,h,u,l,f,p]);return jsx(bt.Provider,{value:S,children:e})};function Rt(){let e=useContext(bt);if(!e)throw new Error("useMeta must be used within <MetaProvider>");return e}var fr=`${x}:wrap`;async function Ye(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!1,["sign","verify"]),t=`${x}:probe_safe`;await g(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await C(t);return await g(t,void 0),!!(r&&r.privKey)}catch{return  false}}async function Kn(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!0,["sign","verify"]),t=`${x}:probe`;await g(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await C(t);return await g(t,void 0),!!(r&&r.privKey)}catch{return  false}}function ke(e){let t={...e};return delete t.d,t.kty="EC",t.crv=E,t.alg=Ke,t.use="sig",t}async function dr(){let e=await C(fr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await g(fr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function gt(e){let t=await dr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function An(e,t){let r=await dr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var kt=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let c=await C(x);if(!c)return  false;if(c.fmt==="cryptokey"){let l=c;if(!l.privKey)return await g(x,void 0),false;let f=l.privKey;try{if(f.extractable&&await Ye()){let h=await crypto.subtle.exportKey("jwk",f),m=await crypto.subtle.importKey("jwk",h,{name:"ECDSA",namedCurve:E},!1,["sign"]),R={fmt:"cryptokey",privKey:m,pubJwk:ke(l.pubJwk)};await g(x,R),f=m;}}catch{}return e.current=f,t.current=ke(l.pubJwk),true}if(c.fmt==="encjwk"){let l=c;try{let f=await An(l.encPrivJwk,l.iv),p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},!1,["sign"]);return e.current=p,t.current=ke(l.pubJwk),!0}catch{return await g(x,void 0),false}}let u=c;if(u&&u.d){let{d:l,...f}=u,p=ke(f),h=await Ye(),m=h||await Kn();if(m&&h){let b=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);return await g(x,{fmt:"cryptokey",privKey:b,pubJwk:p}),e.current=b,t.current=p,true}if(m){let b=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},true,["sign"]);return await g(x,{fmt:"cryptokey",privKey:b,pubJwk:p}),e.current=b,t.current=p,true}let{encPrivJwk:R,iv:k}=await gt(u);await g(x,{fmt:"encjwk",encPrivJwk:R,iv:k,pubJwk:p});let P=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);return e.current=P,t.current=p,true}return await g(x,void 0),false},[]),n=useCallback(async(c,u)=>{await g(x,{fmt:"cryptokey",privKey:c,pubJwk:u});},[]),o=useCallback(async(c,u)=>{let{encPrivJwk:l,iv:f}=await gt(c);await g(x,{fmt:"encjwk",encPrivJwk:l,iv:f,pubJwk:u});},[]),a=useCallback(async()=>{if(e.current&&t.current||await r())return;let c=await Ye(),u=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",u.publicKey)),f=await crypto.subtle.exportKey("jwk",u.privateKey);if(c){let p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);await n(p,l),e.current=p,t.current=l;}else {await o(f,l);let p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=p,t.current=l;}},[r,n,o]),i=useCallback(async()=>{let c=await Ye(),u=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",u.publicKey)),f=await crypto.subtle.exportKey("jwk",u.privateKey);if(c){let p=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);await g(x,{fmt:"cryptokey",privKey:p,pubJwk:l}),e.current=p,t.current=l;}else {let{encPrivJwk:p,iv:h}=await gt(f);await g(x,{fmt:"encjwk",encPrivJwk:p,iv:h,pubJwk:l});let m=await crypto.subtle.importKey("jwk",f,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=m,t.current=l;}},[]),s=useCallback(async()=>{await g(x,void 0),e.current=null,t.current=null;},[]);return {ensureKeypair:a,rotate:i,clear:s,privRef:e,pubJwkRef:t}};var z="sunbreak_root_key_v1",yr=`${z}:wrap`;async function mr(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},!1,["sign","verify"]),t=`${z}:probe_safe`;await g(t,{fmt:"cryptokey",privKey:e.privateKey,createdAt:Date.now(),pubJwk:{}});let r=await C(t);return await g(t,void 0),!!(r&&r.privKey)}catch{return  false}}function Xe(e){let t={...e};return delete t.d,t.kty="EC",t.crv=E,t.alg=Ke,t.use="sig",t}async function wr(){let e=await C(yr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await g(yr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function xn(e){let t=await wr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function Cn(e,t){let r=await wr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var Pt=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let a=await C(z);if(!a)return  false;if(a.fmt==="cryptokey"){let i=a;if(!i.privKey)return await g(z,void 0),false;let s=i.privKey;try{if(s.extractable&&await mr()){let u=await crypto.subtle.exportKey("jwk",s),l=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},!1,["sign"]),f={fmt:"cryptokey",privKey:l,pubJwk:Xe(i.pubJwk),createdAt:i.createdAt};await g(z,f),s=l;}}catch{}return e.current=s,t.current=Xe(i.pubJwk),true}if(a.fmt==="encjwk"){let i=a;try{let s=await Cn(i.encPrivJwk,i.iv),c=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:E},!1,["sign"]);return e.current=c,t.current=Xe(i.pubJwk),!0}catch{return await g(z,void 0),false}}return await g(z,void 0),false},[]),n=useCallback(async()=>{if(e.current&&t.current||await r())return;let a=await mr(),i=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:E},true,["sign","verify"]),s=Xe(await crypto.subtle.exportKey("jwk",i.publicKey)),c=Date.now(),u=await crypto.subtle.exportKey("jwk",i.privateKey);if(a){let l=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);await g(z,{fmt:"cryptokey",privKey:l,pubJwk:s,createdAt:c}),e.current=l,t.current=s;}else {let{encPrivJwk:l,iv:f}=await xn(u);await g(z,{fmt:"encjwk",encPrivJwk:l,iv:f,pubJwk:s,createdAt:c});let h=await crypto.subtle.importKey("jwk",u,{name:"ECDSA",namedCurve:E},false,["sign"]);e.current=h,t.current=s;}},[r]),o=useCallback(async()=>{await g(z,void 0),e.current=null,t.current=null;},[]);return {ensureRootKeypair:n,clear:o,rootPrivRef:e,rootPubJwkRef:t}};var Tn=()=>crypto.randomUUID(),hr=e=>{let{clientId:t,wallet:r,base:n="https://api.tdfc.com",fetchImpl:o,timeoutMs:a=15e3,proof:i=null,providerAdapter:s,refreshDeps:c=[]}=e,u=st(n),l=typeof window<"u"?(o??fetch).bind(window):o??fetch,{meta:f,setBoundWallet:p,setJkt:h,setRefreshId:m,getRefreshId:R,setLastPolicyHash:k,setLastPolicyProof:P,setLastHost:b,setRootJkt:S,ready:d}=Rt(),{ensureRootKeypair:w,rootPrivRef:I,rootPubJwkRef:L}=Pt(),We=useCallback(async()=>{await w();try{if(!f.rootJkt&&L.current){let ce=await W(L.current);S(ce);}}catch{}},[w,f.rootJkt,L]),{ensureKeypair:te,rotate:Ee,privRef:A,pubJwkRef:Le}=kt(),[He,xt]=useState(false),[J,V]=useState(0),[j,Z]=useState(null),[ie,re]=useState(null),[et,tt]=useState(null),[rt,Ar]=useState(null),[xr,Cr]=useState(null),[Tr,Jr]=useState(null),Ir=useRef(null),_r=useRef(null),Dr=useRef(null),Wr=useRef(null),Lr=useRef(null),Hr=useRef(null),Mr=useRef(null),jr=useRef(false),Or=useRef(false),Ur=useRef(void 0),Me=useRef(false),nt=useRef(false),Ct=useRef(null),se=useRef(null);se.current||(se.current=new Promise(ce=>{Ct.current=ce;}));let ot=useRef(null),$r=useRef(i),Nr=useRef(null),je=useRef(null),Tt=useRef(null),Oe=useRef(null),Jt=()=>Date.now(),Br=()=>(Oe.current??0)>0&&Oe.current<Jt(),at=useCallback((ce,Yr=15e3)=>{let It=Tn();return je.current=It,Tt.current=ce,Oe.current=Jt()+Math.max(1e3,Yr),It},[]),Vr=useCallback(()=>((!je.current||Br())&&at("adhoc",1e4),je.current),[at]),it=useRef(null),Ue=useRef(null);Ue.current||(Ue.current=new Promise(ce=>{it.current=ce;}));let Fr=useCallback(async()=>{!Me.current&&Ue.current&&await Ue.current;},[]),Gr=useCallback(()=>{Me.current||(Me.current=true,it.current?.(),it.current=null);},[]),qr=useCallback(async()=>{!nt.current&&se.current&&await se.current;},[]),zr=useCallback(async()=>{!nt.current&&se.current&&await se.current,ot.current&&await ot.current;},[]);return {clientId:t,wallet:r,baseUrl:u,fetchImpl:l,timeoutMs:a,providerAdapter:s,refreshDeps:c,ensureKeypair:te,rotate:Ee,ensureRootKeypair:We,rootPrivRef:I,rootPubJwkRef:L,privRef:A,pubJwkRef:Le,meta:f,setBoundWallet:p,setJkt:h,setRefreshId:m,accessTokenRef:Dr,tokenExpRef:Wr,authenticated:He,setAuthenticated:xt,loadingCount:J,setLoadingCount:V,error:j,setError:Z,allowed:ie,setAllowed:re,denyReason:et,setDenyReason:tt,sessionExpiry:rt,setSessionExpiry:Ar,sessionData:xr,setSessionData:Cr,verifyData:Tr,setVerifyData:Jr,authWalletRef:_r,refreshLock:Lr,registerLock:Hr,sessionLock:Mr,didInitialRefresh:jr,didInitialSession:Or,prevWalletRef:Ur,initResolvedRef:nt,initReady:se,initResolveRef:Ct,rotateLock:ot,waitReady:qr,awaitKeyStable:zr,proofRef:$r,registerCooldownUntilRef:Ir,reqIdRef:je,flowLabelRef:Tt,flowExpireRef:Oe,beginFlow:at,currentReqId:Vr,awaitProbe:Fr,markProbed:Gr,hasProbedRef:Me,getRefreshId:R,setLastPolicyHash:k,setLastPolicyProof:P,setLastHost:b,setRootJkt:S,metaReady:d,probeLock:Nr}};var B=e=>e.accessTokenRef.current??null,Y=e=>{let t=e.privRef.current;if(!t)throw new Error("Sunbreak: private key not initialized");return t},T=e=>{let t=e.pubJwkRef.current;if(!t)throw new Error("Sunbreak: public JWK not initialized");return t};var Jn=(e,t)=>`${e.toUpperCase()} ${t}`;async function _e(e,t,r){if(!t)return  false;let n=_e._nonceCacheRef||(_e._nonceCacheRef={map:new Map});try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair(),e.setError(null),e.beginFlow("register",2e4);let o;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let d=await W(e.rootPubJwkRef.current);e.setRootJkt?.(d);}catch{}let b=await W(T(e)),S=await e.getRefreshId();o=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:b,clientId:e.clientId,sid:S||void 0,ttlSec:300});}}catch{}let a=e.currentReqId(),i="/auth/register",s=`${e.baseUrl}${i}`,c=new URL(e.baseUrl).origin,u="POST",l=`${c}${i}`,f=Jn(u,l),p=n.map.get(f),h=await N({method:u,url:l,nonce:p,privateKey:Y(e),publicJwk:T(e)}),m=async b=>e.fetchImpl(s,{method:u,headers:{"content-type":"application/json","x-sunbreak-meta":$(e,{reqId:a,pode:o||void 0}),...b},credentials:"include",body:JSON.stringify({wallet:t,proof:r})}),R=await m({DPoP:h}),k=b=>{let S=b.headers.get("dpop-nonce");S&&n.map.set(f,S);};if(R.status===401){let b=R.headers.get("www-authenticate"),d=(b&&b.match(/dpop-nonce="([^"]+)"/i))?.[1];if(d){n.map.set(f,d);let w=await N({method:u,url:l,nonce:d,privateKey:Y(e),publicJwk:T(e)});R=await m({DPoP:w});}}if(k(R),!R.ok){let b=await Ie(R);if((R.headers.get("content-type")||"").includes("application/json")){let d;try{d=await R.clone().json();}catch{}let w=Je(d&&(d.error||d.message||d.detail)||`HTTP ${R.status}`);throw pe(w,b)}else {let d=b.waf?"Blocked by WAF (403)":b.alb403?"Blocked at origin (ALB 403)":`HTTP ${R.status}`;throw pe(d,b)}}let P=await R.json();e.accessTokenRef.current=P.access,e.authWalletRef.current=t.toLowerCase(),e.setAuthenticated(!0);try{let b=Math.floor(Date.now()/1e3);e.tokenExpRef.current=b+(P.expiresIn??0);}catch{}e.didInitialRefresh.current=!0,e.setBoundWallet(t),e.setLastPolicyHash(null),e.setLastPolicyProof(null);try{e.setJkt(await W(T(e)));}catch{}try{let b={...e.meta,boundWallet:t,clientId:e.meta.clientId??e.clientId,jkt:e.meta.jkt??null,refreshId:P.refreshId??null};e.setRefreshId(P.refreshId??null);let S=Ae(e.clientId);await g(S,b);try{localStorage.setItem(S,JSON.stringify(b));}catch{}}catch{}return !0}catch(o){let a=Number(o?.status||0),i=String(o?.code||""),s=String(o?.message||""),c=Math.floor(Math.random()*1e3);if((a===401||a===403)&&i.toLowerCase()==="replay"){if(e.providerAdapter)try{let u=await e.providerAdapter.getToken()??null;if(u)return await e.awaitKeyStable(),await e.ensureKeypair(),await e.rotate(),e.proofRef.current=await Pe(e.providerAdapter,u),e.registerCooldownUntilRef.current=Date.now()+5e3+c,!1}catch{}else return e.proofRef.current=null,e.setError("Proof replayed; please sign a fresh proof."),e.registerCooldownUntilRef.current=Date.now()+1e4+c,false;return e.registerCooldownUntilRef.current=Date.now()+8e3+c,false}if(a===403&&(o?.waf||o?.alb403))return e.setError(s||"Forbidden at edge/origin"),e.registerCooldownUntilRef.current=Date.now()+3e4+c,false;if(a===403)return e.setError(i||s||"Forbidden"),e.registerCooldownUntilRef.current=Date.now()+15e3+c,false;if(a===429||a===503){e.setError(i||s||"Rate limited / unavailable");let u=a===429?5e3:8e3;return e.registerCooldownUntilRef.current=Date.now()+u+c,false}return e.setError(i||s||"Register failed"),e.registerCooldownUntilRef.current=Date.now()+5e3+c,false}}var In=(e,t)=>`${e.toUpperCase()} ${t}`;function Ze(e){if(e.refreshLock.current)return e.refreshLock.current;if(e.registerLock.current){let t=e.registerLock.current.then(()=>{if(e.authenticated&&B(e))return  true;if(B(e)){let n=e.tokenExpRef.current,o=Math.floor(Date.now()/1e3);if(!!n&&n-o>5)return  true}return  false});return e.refreshLock.current=t.finally(()=>{e.refreshLock.current=null;}),e.refreshLock.current}return e.refreshLock.current=(async()=>{try{if(await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),e.wallet&&e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return e.accessTokenRef.current=null,e.setAuthenticated(!1),!1;let t=B(e);if(t){let S=e.tokenExpRef.current,d=Math.floor(Date.now()/1e3);if(!!t&&!!S&&S-d>5)return !0}e.beginFlow("refresh",15e3);let r=e.currentReqId();await e.ensureKeypair();let n;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let w=await W(e.rootPubJwkRef.current);e.setRootJkt?.(w);}catch{}let S=await W(T(e)),d=await e.getRefreshId();n=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:S,clientId:e.clientId,sid:d||void 0,ttlSec:300});}}catch{}let o="/auth/refresh",a=`${e.baseUrl}${o}`,i=new URL(e.baseUrl).origin,s="POST",c=`${i}${o}`,u=In(s,c),l=Ze._nonceCacheRef||(Ze._nonceCacheRef={map:new Map}),f=async S=>await N({method:s,url:c,nonce:S,privateKey:Y(e),publicJwk:T(e)}),p=await e.getRefreshId(),h={"x-sunbreak-meta":$(e,{reqId:r,refreshId:p||void 0,pode:n||void 0}),"content-type":"application/json"},m=async S=>e.fetchImpl(a,{method:s,headers:{DPoP:S,...h},credentials:"include",body:"{}"}),R=S=>{let d=S.headers.get("dpop-nonce");d&&l.map.set(u,d);},k=await m(await f(l.map.get(u)));if(k.status===401){let S=k.headers.get("www-authenticate"),w=(S&&S.match(/dpop-nonce="([^"]+)"/i))?.[1];w&&(l.map.set(u,w),k=await m(await f(w)));}if(R(k),!k.ok){try{if((k.headers.get("content-type")||"").includes("application/json")){let d=await k.clone().json().catch(()=>{}),w=d&&(d.error||d.code||d.message)||"",I=String(w).toLowerCase();if(I.includes("missing")&&I.includes("refresh")){try{e.setRefreshId?.(null);}catch{}try{e.setBoundWallet?.(null);}catch{}e.accessTokenRef.current=null,e.setAuthenticated(!1);}}}catch{}return !1}let P=await k.json();e.accessTokenRef.current=P.access,e.setAuthenticated(!0);let b=(e.wallet&&(!e.meta.boundWallet||e.meta.boundWallet===e.wallet)?e.wallet:e.meta.boundWallet)||null;e.authWalletRef.current=b?b.toLowerCase():null;try{let S=Math.floor(Date.now()/1e3);e.tokenExpRef.current=S+(P.expiresIn??0);}catch{}try{e.setJkt(await W(T(e)));}catch{}return P.refreshId&&e.setRefreshId(P.refreshId),!0}finally{e.refreshLock.current=null;}})(),e.refreshLock.current}var _n=(e,t)=>`${e.toUpperCase()} ${t}`,vt=new Map,De;try{let e=globalThis;De=e.__sunbreak_page_probe_guard??(e.__sunbreak_page_probe_guard=new Set);}catch{De=new Set;}var Dn=e=>{try{let t=new URL(e.baseUrl).origin;return `${e.clientId}::${t}`}catch{return `${e.clientId}::${e.baseUrl}`}};async function br(e){let t=Dn(e);if(e.probeLock.current){await e.probeLock.current,e.markProbed();return}if(e.hasProbedRef.current){e.markProbed();return}if(De.has(t)){e.markProbed();return}De.add(t);let r=(async()=>{let n=new URL(e.baseUrl).origin;try{if(await e.awaitKeyStable(),await e.ensureKeypair(),!e.rootPrivRef.current)try{await e.ensureRootKeypair();}catch{}let o;if(e.rootPrivRef.current&&e.rootPubJwkRef.current)try{let m=await W(T(e));o=await de({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:m,clientId:e.clientId,ttlSec:300});}catch{}let a="POST",i="/auth/probe",s=`${e.baseUrl}${i}`,c=`${n}${i}`,u=_n(a,c),l=async m=>N({method:a,url:c,nonce:m,privateKey:Y(e),publicJwk:T(e)}),f=async m=>e.fetchImpl(s,{method:a,headers:{DPoP:m,"x-sunbreak-meta":$(e,{pode:o}),"content-type":"application/json"},credentials:"include",body:"{}"}),p=m=>{let R=m.headers.get("dpop-nonce");R&&vt.set(u,R);},h=await f(await l(vt.get(u)));if(p(h),h.status===401){let m=h.headers.get("www-authenticate"),k=(m&&m.match(/dpop-nonce="([^"]+)"/i))?.[1];k&&(vt.set(u,k),h=await f(await l(k)),p(h));}}catch{try{De.delete(t);}catch{}}finally{e.markProbed();}})();e.probeLock.current=r;try{await r;}finally{e.probeLock.current=null;}}var Sr=e=>{let t=useCallback(()=>Ze(e),[e]),r=useCallback(async()=>{let o=Date.now(),a=e.registerCooldownUntilRef.current??0;if(o<a||!e.wallet||!e.initResolvedRef.current||e.refreshLock.current||e.registerLock.current)return;let i=e.wallet,s=e.meta.boundWallet;if(i&&s&&i.toLowerCase()===s.toLowerCase()&&!e.didInitialRefresh.current)return;let u=e.proofRef.current;!u||!(!B(e)||e.meta.boundWallet!==e.wallet)||(await e.awaitKeyStable(),e.registerLock.current=(async()=>{try{await _e(e,e.wallet,u)&&(e.didInitialSession.current=!0);}catch(p){e.setError(p?.message||String(p)||"Register failed");}finally{e.registerLock.current=null;}})());},[e]),n=useCallback(async o=>{let a=()=>(e.registerCooldownUntilRef.current??0)>Date.now();if(!e.providerAdapter||a())return;let i=await Pe(e.providerAdapter,o);e.proofRef.current=i;},[e]);return {refresh:t,register:(o,a)=>_e(e,o,a),attemptRegister:r,setProofFromAdapterToken:n}};var Wn=(e,t)=>`${e.toUpperCase()} ${t}`,Ln=(e,t)=>!!e&&!!t&&e.toLowerCase()===t.toLowerCase();async function Qe(e,t,r,n,o,a={}){e.setLoadingCount(u=>u+1),e.setError(null);let i=n.startsWith("/api/session"),s=new AbortController,c=setTimeout(()=>s.abort(),e.timeoutMs);try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair();let l=`${i?ut(e):e.baseUrl}${n.startsWith("/")?"":"/"}${n}`,p=`${new URL(e.baseUrl).origin}${n.startsWith("/")?"":"/"}${n}`,h=Wn(r,p),m=n.startsWith("/auth/"),R=!1,k=!1,P=e.currentReqId(),b=Qe._nonceCacheRef||(Qe._nonceCacheRef={map:new Map}),S=J=>{let V=J.headers.get("dpop-nonce");V&&b.map.set(h,V);},d=!!e.wallet&&!!e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase(),w=()=>m||!e.wallet?!1:!!(e.authenticated||Ln(e.wallet,e.meta.boundWallet)||typeof e.meta.refreshId=="string"&&e.meta.refreshId),I,L,We=async()=>{if(m||d)return;try{let ie=B(e),re=e.tokenExpRef.current,et=Math.floor(Date.now()/1e3),tt=!!re&&re-et<=60;if(ie){if(tt&&!await t().catch(()=>!1))return}else if(!w()||!await t().catch(()=>!1))return}catch{}let J=B(e);if(!J)return;let V=await ze(J),j=b.map.get(h),Z=await N({method:r,url:p,nonce:j,ath:V,privateKey:Y(e),publicJwk:T(e)});I=`Bearer ${e.accessTokenRef.current}`,L=Z;};await We();let te={"content-type":"application/json","x-sunbreak-auth":I||"","x-sunbreak-meta":$(e,{reqId:P,auth:I,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0}),...lt(a.headers)};L&&(te.DPoP=L);let Ee=async()=>e.fetchImpl(l,{...a,method:r,headers:te,body:o!==void 0?JSON.stringify(o):void 0,credentials:"include",signal:s.signal}),A=await Ee(),Le=A.headers.get("x-sunbreak-policy-hash"),He=A.headers.get("x-sunbreak-policy-proof");if(Le&&e.setLastPolicyHash(Le),He&&e.setLastPolicyProof(He),S(A),A.status===401&&!m){let J=B(e),V=A.headers.get("www-authenticate"),Z=(V&&V.match(/dpop-nonce="([^"]+)"/i))?.[1];if(!d&&Z&&J&&!k){k=!0,b.map.set(h,Z);let ie=await ze(J),re=await N({method:r,url:p,nonce:Z,ath:ie,privateKey:Y(e),publicJwk:T(e)});I=`Bearer ${e.accessTokenRef.current}`,L=re,te["x-sunbreak-meta"]=$(e,{reqId:P,auth:I}),te.DPoP=L,A=await Ee(),S(A);}if(A.status===401&&!R&&(R=!0,!d&&w())){let ie=await t(),re=B(e);ie&&re&&!d&&(await We(),te["x-sunbreak-meta"]=$(e,{reqId:P,auth:I}),L&&(te.DPoP=L),A=await Ee(),S(A));}if(A.status===401)throw new Error("Unauthorized")}if(!A.ok){let J=await Ie(A);if((A.headers.get("content-type")||"").includes("application/json")){let j=await A.json().catch(()=>{}),Z=Je(j&&(j.error||j.message||j.detail)||`HTTP ${A.status}`);throw pe(Z,J)}else {let j=J.waf?"Blocked by WAF (403)":J.alb403?"Blocked at origin (ALB 403)":`HTTP ${A.status}`;throw pe(j,J)}}return (A.headers.get("content-type")||"").includes("application/json")?await A.json():void 0}finally{clearTimeout(c),e.setLoadingCount(u=>Math.max(0,u-1));}}var Rr=(e,t)=>useCallback(async(r,n,o,a={})=>Qe(e,t,r,n,o,a),[e,t]);async function gr(e,t){let r=await t("GET","/api/session");if(r){e.setAllowed(!!r.allowed),e.setDenyReason(r.reason??null),e.setSessionData(r),e.setSessionExpiry(r.expiry??null);let n=r?.wallet;typeof n=="string"&&n&&e.setBoundWallet(n.toLowerCase());}return r}async function kr(e,t){let r=await t("GET","/api/verify");return r&&(e.setSessionExpiry(r.expiry??null),e.setVerifyData(r)),r}var Pr=(e,t)=>{let r=useCallback(async()=>{if(e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet))return e.sessionLock.current||(e.sessionLock.current=(async()=>{try{return await gr(e,t)}finally{e.sessionLock.current=null;}})()),e.sessionLock.current},[e,t]),n=useCallback(async()=>{if(e.wallet)return await kr(e,t)},[e,t]);return {session:r,verify:n}};var vr=(e,t)=>{let{refresh:r,session:n,attemptRegister:o,setProofFromAdapterToken:a,proofProp:i}=t;useEffect(()=>{return (async()=>{try{await e.waitReady(),await e.awaitKeyStable(),await e.ensureRootKeypair(),await br(e);}catch{}})(),()=>{}},[]);let s=()=>(e.registerCooldownUntilRef.current??0)>Date.now();useEffect(()=>{let c=e.prevWalletRef.current;if(e.prevWalletRef.current=e.wallet,e.wallet!==c&&(e.didInitialRefresh.current=false),!e.wallet){e.setAllowed(null),e.setDenyReason(null),e.setSessionExpiry(null),e.setSessionData(null),e.setAuthenticated(false),e.accessTokenRef.current=null,e.proofRef.current=null,e.setError(null),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.didInitialRefresh.current=false;return}c&&e.wallet&&c!==e.wallet&&(e.rotateLock.current=(async()=>{await e.rotate(),e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}));},[e.wallet]),useEffect(()=>{if(!e.providerAdapter||s()||!e.metaReady)return;let c=e.wallet,u=e.meta.boundWallet;if(c&&u&&c.toLowerCase()===u.toLowerCase()&&!e.didInitialRefresh.current)return;let l=false;return (async()=>{try{let f=await e.providerAdapter.getToken()??null;if(await e.awaitKeyStable(),l||!f)return;await a(f),await o();}catch{}})(),()=>{l=true;}},[e.providerAdapter,e.wallet,e.meta.boundWallet,e.metaReady,e.registerCooldownUntilRef,e.didInitialRefresh,...e.refreshDeps]),useEffect(()=>{if(typeof i<"u"&&(e.proofRef.current=i??null),!e.metaReady)return;let c=e.wallet,u=e.meta.boundWallet;if(c&&u&&c.toLowerCase()===u.toLowerCase()&&!e.didInitialRefresh.current)return;let f=!!c,p=!!e.proofRef.current,h=!!c&&!!e.authWalletRef.current&&c.toLowerCase()!==e.authWalletRef.current.toLowerCase();f&&p&&!e.authenticated&&!h&&e.initResolvedRef.current&&!s()&&o();},[i,e.wallet,e.authenticated,e.meta.boundWallet,e.metaReady,e.providerAdapter,e.initResolvedRef,e.didInitialRefresh,o]),useEffect(()=>{let c=e.wallet,u=e.meta.boundWallet,l=!!(u||e.meta.refreshId);if(!e.metaReady||e.didInitialRefresh.current)return;let f=true;return (async()=>{try{if(await e.waitReady(),e.accessTokenRef.current||e.authenticated){e.didInitialRefresh.current=!0,c&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());return}let p=!!c&&!l,h=!c&&!l;if(l&&!c){e.didInitialRefresh.current=!0;return}if(p||h){e.didInitialRefresh.current=!0;return}if(c&&u&&c.toLowerCase()!==u.toLowerCase()){e.didInitialRefresh.current=!0;return}e.didInitialRefresh.current=!0;let m=await r();if(!f)return;e.setAuthenticated(m),m&&c&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());}catch(p){if(!f)return;e.didInitialRefresh.current=true,e.setAuthenticated(false),e.setError(p?.message||String(p)||"Unknown error");}})(),()=>{f=false;}},[e.wallet,e.meta.boundWallet,e.meta.refreshId,e.metaReady,e.didInitialRefresh,r,n]),useEffect(()=>{e.initResolvedRef.current||(async()=>{if(await e.ensureKeypair(),!e.wallet){e.initResolvedRef.current=true,e.initResolveRef.current?.();return}e.meta.boundWallet&&e.meta.boundWallet!==e.wallet&&(e.rotateLock.current=(async()=>{e.accessTokenRef.current=null,e.setAuthenticated(false);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}),e.rotateLock.current&&await e.rotateLock.current),e.initResolvedRef.current=true,e.initResolveRef.current?.();})();},[e]),useEffect(()=>{(async()=>{if(e.authenticated&&e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)&&!e.didInitialSession.current){e.didInitialSession.current=true;try{await n();}catch(c){e.setError(c?.message||String(c));}}})();},[e.authenticated,e.wallet,e.meta.boundWallet,n]),useEffect(()=>{e.wallet&&e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase()&&(e.accessTokenRef.current=null,e.setAuthenticated(false));},[e.wallet,e.authWalletRef.current]),useEffect(()=>{let u=()=>{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return  false;let p=e.tokenExpRef.current;if(!p)return  false;let h=Math.floor(Date.now()/1e3);return p-h<=30},l=async()=>{try{u()&&await r();}catch{}},f=async()=>{document.visibilityState==="visible"&&await l();};return window.addEventListener("focus",l),document.addEventListener("visibilitychange",f),()=>{window.removeEventListener("focus",l),document.removeEventListener("visibilitychange",f);}},[e,r]),useEffect(()=>{let l=()=>{let h=Math.floor(Date.now()/1e3),m=e.tokenExpRef.current,R=e.sessionExpiry,k=!!m&&m-h<=30&&m-h>0,P=!!R&&R-h<=3600&&R-h>0;return {tokenSoon:k,sessionSoon:P}},f=async()=>{try{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return;let{tokenSoon:h,sessionSoon:m}=l();(h||m)&&await r()&&m&&await n();}catch{}},p=async()=>{document.visibilityState==="visible"&&await f();};return window.addEventListener("focus",f),document.addEventListener("visibilitychange",p),()=>{window.removeEventListener("focus",f),document.removeEventListener("visibilitychange",p);}},[e,e.sessionExpiry,r,n]);};var Kr=createContext(void 0),Un=e=>{let t=hr(e),{refresh:r,attemptRegister:n,setProofFromAdapterToken:o}=Sr(t),a=Rr(t,r),{session:i,verify:s}=Pr(t,a);vr(t,{refresh:r,session:i,attemptRegister:n,setProofFromAdapterToken:o,proofProp:e.proof});let c=useMemo(()=>({get:(u,l)=>a("GET",u,void 0,l),post:(u,l,f)=>a("POST",u,l,f),verify:s,session:i,refresh:r,authenticated:t.authenticated,loading:t.loadingCount>0,error:t.error,allowed:t.allowed,denyReason:t.denyReason,sessionExpiry:t.sessionExpiry,sessionData:t.sessionData,verifyData:t.verifyData,wallet:t.wallet}),[a,s,i,r,t.authenticated,t.loadingCount,t.error,t.allowed,t.denyReason,t.sessionExpiry,t.sessionData,t.verifyData,t.wallet]);return jsx(Kr.Provider,{value:c,children:e.children})},$n=e=>jsx(St,{clientId:e.clientId,children:jsx(Un,{...e})}),Nn=()=>{let e=useContext(Kr);if(!e)throw new Error("useSunbreak must be used within a SunbreakProvider");return e};
+var on=Object.defineProperty;var Mt=e=>{throw TypeError(e)};var an=(e,t,r)=>t in e?on(e,t,{enumerable:true,configurable:true,writable:true,value:r}):e[t]=r;var M=(e,t,r)=>an(e,typeof t!="symbol"?t+"":t,r),$t=(e,t,r)=>t.has(e)||Mt("Cannot "+r);var h=(e,t,r)=>($t(e,t,"read from private field"),r?r.call(e):t.get(e)),j=(e,t,r)=>t.has(e)?Mt("Cannot add the same private member more than once"):t instanceof WeakSet?t.add(e):t.set(e,r),N=(e,t,r,n)=>($t(e,t,"write to private field"),t.set(e,r),r);var ve=async(e,t,r)=>{switch(e.name){case "custom":return {method:"provider_jwt",issuer:"custom",token:t,meta:r||{}};case "privy":return {method:"provider_jwt",issuer:"privy",token:t,meta:{app_id:e.appId}};case "dynamic":return e.expectedAud?{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId,expected_aud:e.expectedAud}}:{method:"provider_jwt",issuer:"dynamic",token:t,meta:{env_id:e.envId}};default:throw new Error(`Unknown adapter: ${e}`)}};var sn="sunbreak-kv",Ae="kv",Fe="sunbreak_dpop_meta_v1",T="sunbreak_dpop_key_v1",xe="ES256",v="P-256",Ke=e=>`${Fe}:${e}`,Ot=()=>new Promise((e,t)=>{let r=indexedDB.open(sn,1);r.onupgradeneeded=()=>r.result.createObjectStore(Ae),r.onsuccess=()=>e(r.result),r.onerror=()=>t(r.error);}),I=async e=>{try{let t=await Ot();return await new Promise((r,n)=>{let a=t.transaction(Ae,"readonly").objectStore(Ae).get(e);a.onsuccess=()=>r(a.result),a.onerror=()=>n(a.error);})}catch{return}},R=async(e,t)=>{let r=await Ot();await new Promise((n,o)=>{let i=r.transaction(Ae,"readwrite").objectStore(Ae).put(t,e);i.onsuccess=()=>n(),i.onerror=()=>o(i.error);});};var cn=e=>{let t=new URL(e);if(t.protocol!=="https:"&&t.hostname!=="localhost"&&t.hostname!=="127.0.0.1")throw new Error("Sunbreak: insecure base URL");return t.hash="",t.origin},ln=e=>e.replace(/\/+$/,""),ft=e=>{let t=ln(e);return cn(t)};function pt(e){let t=new URL(e.baseUrl),r=t.host,n=e.meta.lastHost??null,o=un(n);return e.setLastHost(o),t.host=`${o}.${r}`,t.origin}var un=e=>{for(let t=0;t<dt.length;t++){let r=dt[Math.floor(Math.random()*dt.length)].toLowerCase();if(r!==e)return r}return "alpha"},dt=["Alpha","Bravo","Charlie","Delta","Echo","Foxtrot","Golf","Hotel","India","Juliett","Kilo","Lima","Mike","November","Oscar","Papa","Quebec","Romeo","Sierra","Tango","Uniform","Victor","Whiskey","X-ray","Yankee","Zulu"];var F=(e,t)=>{let r={clientId:e.clientId,wallet:e.wallet,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0,...t};Object.keys(r).forEach(o=>r[o]===void 0&&delete r[o]);let n=JSON.stringify(r);return btoa(n)};var fn=new Set(["connection","keep-alive","proxy-authenticate","proxy-authorization","te","trailer","transfer-encoding","upgrade","via"]),dn=new Set(["user-agent","referer","origin","host","content-length","sec-fetch-site","sec-fetch-mode","sec-fetch-dest","sec-fetch-user","sec-ch-ua","sec-ch-ua-mobile","sec-ch-ua-platform","sec-ch-ua-platform-version","sec-ch-ua-full-version","sec-ch-ua-arch","sec-ch-ua-model","sec-ch-ua-bitness","cookie","set-cookie"]),pn=new Set(["dpop","x-sunbreak-meta"]),hn=64,Ut=2048,yn=64;function ht(e){let t={};if(!e)return t;let r=e instanceof Headers?Array.from(e.entries()):Object.entries(e),n=0;for(let[o,a]of r){if(n>=yn)break;if(o==null||a==null)continue;let i=String(o).toLowerCase().trim();if(!i||i.length>hn||fn.has(i)||dn.has(i)||pn.has(i))continue;let c=String(a);c.length>Ut&&(c=c.slice(0,Ut)),t[i]=c,n++;}return t}var re=new TextEncoder,me=new TextDecoder;function jt(...e){let t=e.reduce((o,{length:a})=>o+a,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Nt(e){if(Uint8Array.prototype.toBase64)return e.toBase64();let t=32768,r=[];for(let n=0;n<e.length;n+=t)r.push(String.fromCharCode.apply(null,e.subarray(n,n+t)));return btoa(r.join(""))}function Ft(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(e);let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r}function Bt(e){if(Uint8Array.fromBase64)return Uint8Array.fromBase64(typeof e=="string"?e:me.decode(e),{alphabet:"base64url"});let t=e;t instanceof Uint8Array&&(t=me.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return Ft(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}}function Be(e){let t=e;return typeof t=="string"&&(t=re.encode(t)),Uint8Array.prototype.toBase64?t.toBase64({alphabet:"base64url",omitPadding:true}):Nt(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}var ue=class extends Error{constructor(r,n){super(r,n);M(this,"code","ERR_JOSE_GENERIC");this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor);}};M(ue,"code","ERR_JOSE_GENERIC");var D=class extends ue{constructor(){super(...arguments);M(this,"code","ERR_JOSE_NOT_SUPPORTED");}};M(D,"code","ERR_JOSE_NOT_SUPPORTED");var ne=class extends ue{constructor(){super(...arguments);M(this,"code","ERR_JWS_INVALID");}};M(ne,"code","ERR_JWS_INVALID");var Ce=class extends ue{constructor(){super(...arguments);M(this,"code","ERR_JWT_INVALID");}};M(Ce,"code","ERR_JWT_INVALID");var Vt,Gt,yt=class extends(Gt=ue,Vt=Symbol.asyncIterator,Gt){constructor(r="multiple matching keys found in the JSON Web Key Set",n){super(r,n);M(this,Vt);M(this,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");}};M(yt,"code","ERR_JWKS_MULTIPLE_MATCHING_KEYS");function q(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function we(e,t){return e.name===t}function mt(e){return parseInt(e.name.slice(4),10)}function gn(e){switch(e){case "ES256":return "P-256";case "ES384":return "P-384";case "ES512":return "P-521";default:throw new Error("unreachable")}}function bn(e,t){if(!e.usages.includes(t))throw new TypeError(`CryptoKey does not support this operation, its usages must include ${t}.`)}function qt(e,t,r){switch(t){case "HS256":case "HS384":case "HS512":{if(!we(e.algorithm,"HMAC"))throw q("HMAC");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "RS256":case "RS384":case "RS512":{if(!we(e.algorithm,"RSASSA-PKCS1-v1_5"))throw q("RSASSA-PKCS1-v1_5");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "PS256":case "PS384":case "PS512":{if(!we(e.algorithm,"RSA-PSS"))throw q("RSA-PSS");let n=parseInt(t.slice(2),10);if(mt(e.algorithm.hash)!==n)throw q(`SHA-${n}`,"algorithm.hash");break}case "Ed25519":case "EdDSA":{if(!we(e.algorithm,"Ed25519"))throw q("Ed25519");break}case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":{if(!we(e.algorithm,t))throw q(t);break}case "ES256":case "ES384":case "ES512":{if(!we(e.algorithm,"ECDSA"))throw q("ECDSA");let n=gn(t);if(e.algorithm.namedCurve!==n)throw q(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}bn(e,r);}function zt(e,t,...r){if(r=r.filter(Boolean),r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`;}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor?.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var Xt=(e,...t)=>zt("Key must be ",e,...t);function wt(e,t,...r){return zt(`Key for the ${e} algorithm must be `,t,...r)}function gt(e){return e?.[Symbol.toStringTag]==="CryptoKey"}function bt(e){return e?.[Symbol.toStringTag]==="KeyObject"}var St=e=>gt(e)||bt(e);var Yt=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return  true;let r;for(let n of t){let o=Object.keys(n);if(!r||r.size===0){r=new Set(o);continue}for(let a of o){if(r.has(a))return  false;r.add(a);}}return  true};function Sn(e){return typeof e=="object"&&e!==null}var Ve=e=>{if(!Sn(e)||Object.prototype.toString.call(e)!=="[object Object]")return  false;if(Object.getPrototypeOf(e)===null)return  true;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t};var Zt=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};function Rn(e){let t,r;switch(e.kty){case "AKP":{switch(e.alg){case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":t={name:e.alg},r=e.priv?["sign"]:["verify"];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "RSA":{switch(e.alg){case "PS256":case "PS384":case "PS512":t={name:"RSA-PSS",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RS256":case "RS384":case "RS512":t={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${e.alg.slice(-3)}`},r=e.d?["sign"]:["verify"];break;case "RSA-OAEP":case "RSA-OAEP-256":case "RSA-OAEP-384":case "RSA-OAEP-512":t={name:"RSA-OAEP",hash:`SHA-${parseInt(e.alg.slice(-3),10)||1}`},r=e.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "EC":{switch(e.alg){case "ES256":t={name:"ECDSA",namedCurve:"P-256"},r=e.d?["sign"]:["verify"];break;case "ES384":t={name:"ECDSA",namedCurve:"P-384"},r=e.d?["sign"]:["verify"];break;case "ES512":t={name:"ECDSA",namedCurve:"P-521"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:"ECDH",namedCurve:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case "OKP":{switch(e.alg){case "Ed25519":case "EdDSA":t={name:"Ed25519"},r=e.d?["sign"]:["verify"];break;case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":t={name:e.crv},r=e.d?["deriveBits"]:[];break;default:throw new D('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new D('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return {algorithm:t,keyUsages:r}}var Qt=async e=>{if(!e.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');let{algorithm:t,keyUsages:r}=Rn(e),n={...e};return n.kty!=="AKP"&&delete n.alg,delete n.use,crypto.subtle.importKey("jwk",n,t,e.ext??!(e.d||e.priv),e.key_ops??r)};var er=(e,t,r,n,o)=>{if(o.crit!==void 0&&n?.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let i of n.crit){if(!a.has(i))throw new D(`Extension Header Parameter "${i}" is not recognized`);if(o[i]===void 0)throw new e(`Extension Header Parameter "${i}" is missing`);if(a.get(i)&&n[i]===void 0)throw new e(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)};function Te(e){return Ve(e)&&typeof e.kty=="string"}function tr(e){return e.kty!=="oct"&&(e.kty==="AKP"&&typeof e.priv=="string"||typeof e.d=="string")}function rr(e){return e.kty!=="oct"&&typeof e.d>"u"&&typeof e.priv>"u"}function nr(e){return e.kty==="oct"&&typeof e.k=="string"}var ge,or=async(e,t,r,n=false)=>{ge||(ge=new WeakMap);let o=ge.get(e);if(o?.[r])return o[r];let a=await Qt({...t,alg:r});return n&&Object.freeze(e),o?o[r]=a:ge.set(e,{[r]:a}),a},kn=(e,t)=>{ge||(ge=new WeakMap);let r=ge.get(e);if(r?.[t])return r[t];let n=e.type==="public",o=!!n,a;if(e.asymmetricKeyType==="x25519"){switch(t){case "ECDH-ES":case "ECDH-ES+A128KW":case "ECDH-ES+A192KW":case "ECDH-ES+A256KW":break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}a=e.toCryptoKey(e.asymmetricKeyType,o,n?[]:["deriveBits"]);}if(e.asymmetricKeyType==="ed25519"){if(t!=="EdDSA"&&t!=="Ed25519")throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}switch(e.asymmetricKeyType){case "ml-dsa-44":case "ml-dsa-65":case "ml-dsa-87":{if(t!==e.asymmetricKeyType.toUpperCase())throw new TypeError("given KeyObject instance cannot be used for this algorithm");a=e.toCryptoKey(e.asymmetricKeyType,o,[n?"verify":"sign"]);}}if(e.asymmetricKeyType==="rsa"){let i;switch(t){case "RSA-OAEP":i="SHA-1";break;case "RS256":case "PS256":case "RSA-OAEP-256":i="SHA-256";break;case "RS384":case "PS384":case "RSA-OAEP-384":i="SHA-384";break;case "RS512":case "PS512":case "RSA-OAEP-512":i="SHA-512";break;default:throw new TypeError("given KeyObject instance cannot be used for this algorithm")}if(t.startsWith("RSA-OAEP"))return e.toCryptoKey({name:"RSA-OAEP",hash:i},o,n?["encrypt"]:["decrypt"]);a=e.toCryptoKey({name:t.startsWith("PS")?"RSA-PSS":"RSASSA-PKCS1-v1_5",hash:i},o,[n?"verify":"sign"]);}if(e.asymmetricKeyType==="ec"){let c=new Map([["prime256v1","P-256"],["secp384r1","P-384"],["secp521r1","P-521"]]).get(e.asymmetricKeyDetails?.namedCurve);if(!c)throw new TypeError("given KeyObject instance cannot be used for this algorithm");t==="ES256"&&c==="P-256"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t==="ES384"&&c==="P-384"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t==="ES512"&&c==="P-521"&&(a=e.toCryptoKey({name:"ECDSA",namedCurve:c},o,[n?"verify":"sign"])),t.startsWith("ECDH-ES")&&(a=e.toCryptoKey({name:"ECDH",namedCurve:c},o,n?[]:["deriveBits"]));}if(!a)throw new TypeError("given KeyObject instance cannot be used for this algorithm");return r?r[t]=a:ge.set(e,{[t]:a}),a},ar=async(e,t)=>{if(e instanceof Uint8Array||gt(e))return e;if(bt(e)){if(e.type==="secret")return e.export();if("toCryptoKey"in e&&typeof e.toCryptoKey=="function")try{return kn(e,t)}catch(n){if(n instanceof TypeError)throw n}let r=e.export({format:"jwk"});return or(e,r,t)}if(Te(e))return e.k?Bt(e.k):or(e,e,t,true);throw new Error("unreachable")};var be=e=>e?.[Symbol.toStringTag],Rt=(e,t,r)=>{if(t.use!==void 0){let n;switch(r){case "sign":case "verify":n="sig";break;case "encrypt":case "decrypt":n="enc";break}if(t.use!==n)throw new TypeError(`Invalid key for this operation, its "use" must be "${n}" when present`)}if(t.alg!==void 0&&t.alg!==e)throw new TypeError(`Invalid key for this operation, its "alg" must be "${e}" when present`);if(Array.isArray(t.key_ops)){let n;switch(true){case(r==="sign"):case e==="dir":case e.includes("CBC-HS"):n=r;break;case e.startsWith("PBES2"):n="deriveBits";break;case /^A\d{3}(?:GCM)?(?:KW)?$/.test(e):!e.includes("GCM")&&e.endsWith("KW")?n="unwrapKey":n=r;break;case(r==="encrypt"):n="wrapKey";break;case r==="decrypt":n=e.startsWith("RSA")?"unwrapKey":"deriveBits";break}if(n&&t.key_ops?.includes?.(n)===false)throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${n}" when present`)}return  true},Pn=(e,t,r)=>{if(!(t instanceof Uint8Array)){if(Te(t)){if(nr(t)&&Rt(e,t,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!St(t))throw new TypeError(wt(e,t,"CryptoKey","KeyObject","JSON Web Key","Uint8Array"));if(t.type!=="secret")throw new TypeError(`${be(t)} instances for symmetric algorithms must be of type "secret"`)}},vn=(e,t,r)=>{if(Te(t))switch(r){case "decrypt":case "sign":if(tr(t)&&Rt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case "encrypt":case "verify":if(rr(t)&&Rt(e,t,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!St(t))throw new TypeError(wt(e,t,"CryptoKey","KeyObject","JSON Web Key"));if(t.type==="secret")throw new TypeError(`${be(t)} instances for asymmetric algorithms must not be of type "secret"`);if(t.type==="public")switch(r){case "sign":throw new TypeError(`${be(t)} instances for asymmetric algorithm signing must be of type "private"`);case "decrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm decryption must be of type "private"`);}if(t.type==="private")switch(r){case "verify":throw new TypeError(`${be(t)} instances for asymmetric algorithm verifying must be of type "public"`);case "encrypt":throw new TypeError(`${be(t)} instances for asymmetric algorithm encryption must be of type "public"`);}},ir=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(e)||/^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(e)?Pn(e,t,r):vn(e,t,r);};var sr=(e,t)=>{let r=`SHA-${e.slice(-3)}`;switch(e){case "HS256":case "HS384":case "HS512":return {hash:r,name:"HMAC"};case "PS256":case "PS384":case "PS512":return {hash:r,name:"RSA-PSS",saltLength:parseInt(e.slice(-3),10)>>3};case "RS256":case "RS384":case "RS512":return {hash:r,name:"RSASSA-PKCS1-v1_5"};case "ES256":case "ES384":case "ES512":return {hash:r,name:"ECDSA",namedCurve:t.namedCurve};case "Ed25519":case "EdDSA":return {name:"Ed25519"};case "ML-DSA-44":case "ML-DSA-65":case "ML-DSA-87":return {name:e};default:throw new D(`alg ${e} is not supported either by JOSE or your javascript runtime`)}};var cr=async(e,t,r)=>{if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(Xt(t,"CryptoKey","KeyObject","JSON Web Key"));return crypto.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},false,[r])}return qt(t,e,r),t};var ae=e=>Math.floor(e.getTime()/1e3);var An=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,Ge=e=>{let t=An.exec(e);if(!t||t[4]&&t[1])throw new TypeError("Invalid time period format");let r=parseFloat(t[2]),n=t[3].toLowerCase(),o;switch(n){case "sec":case "secs":case "second":case "seconds":case "s":o=Math.round(r);break;case "minute":case "minutes":case "min":case "mins":case "m":o=Math.round(r*60);break;case "hour":case "hours":case "hr":case "hrs":case "h":o=Math.round(r*3600);break;case "day":case "days":case "d":o=Math.round(r*86400);break;case "week":case "weeks":case "w":o=Math.round(r*604800);break;default:o=Math.round(r*31557600);break}return t[1]==="-"||t[4]==="ago"?-o:o};function fe(e,t){if(!Number.isFinite(t))throw new TypeError(`Invalid ${e} input`);return t}var x,qe=class{constructor(t){j(this,x);if(!Ve(t))throw new TypeError("JWT Claims Set MUST be an object");N(this,x,structuredClone(t));}data(){return re.encode(JSON.stringify(h(this,x)))}get iss(){return h(this,x).iss}set iss(t){h(this,x).iss=t;}get sub(){return h(this,x).sub}set sub(t){h(this,x).sub=t;}get aud(){return h(this,x).aud}set aud(t){h(this,x).aud=t;}set jti(t){h(this,x).jti=t;}set nbf(t){typeof t=="number"?h(this,x).nbf=fe("setNotBefore",t):t instanceof Date?h(this,x).nbf=fe("setNotBefore",ae(t)):h(this,x).nbf=ae(new Date)+Ge(t);}set exp(t){typeof t=="number"?h(this,x).exp=fe("setExpirationTime",t):t instanceof Date?h(this,x).exp=fe("setExpirationTime",ae(t)):h(this,x).exp=ae(new Date)+Ge(t);}set iat(t){typeof t>"u"?h(this,x).iat=ae(new Date):t instanceof Date?h(this,x).iat=fe("setIssuedAt",ae(t)):typeof t=="string"?h(this,x).iat=fe("setIssuedAt",ae(new Date)+Ge(t)):h(this,x).iat=fe("setIssuedAt",t);}};x=new WeakMap;var lr=async(e,t,r)=>{let n=await cr(e,t,"sign");Zt(e,n);let o=await crypto.subtle.sign(sr(e,n.algorithm),n,r);return new Uint8Array(o)};var Ie,L,z,ze=class{constructor(t){j(this,Ie);j(this,L);j(this,z);if(!(t instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");N(this,Ie,t);}setProtectedHeader(t){if(h(this,L))throw new TypeError("setProtectedHeader can only be called once");return N(this,L,t),this}setUnprotectedHeader(t){if(h(this,z))throw new TypeError("setUnprotectedHeader can only be called once");return N(this,z,t),this}async sign(t,r){if(!h(this,L)&&!h(this,z))throw new ne("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Yt(h(this,L),h(this,z)))throw new ne("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let n={...h(this,L),...h(this,z)},o=er(ne,new Map([["b64",true]]),r?.crit,h(this,L),n),a=true;if(o.has("b64")&&(a=h(this,L).b64,typeof a!="boolean"))throw new ne('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=n;if(typeof i!="string"||!i)throw new ne('JWS "alg" (Algorithm) Header Parameter missing or invalid');ir(i,t,"sign");let c=h(this,Ie);a&&(c=re.encode(Be(c)));let u;h(this,L)?u=re.encode(Be(JSON.stringify(h(this,L)))):u=re.encode("");let s=jt(u,re.encode("."),c),l=await ar(t,i),d=await lr(i,l,s),f={signature:Be(d),payload:""};return a&&(f.payload=me.decode(c)),h(this,z)&&(f.header=h(this,z)),h(this,L)&&(f.protected=me.decode(u)),f}};Ie=new WeakMap,L=new WeakMap,z=new WeakMap;var Se,Xe=class{constructor(t){j(this,Se);N(this,Se,new ze(t));}setProtectedHeader(t){return h(this,Se).setProtectedHeader(t),this}async sign(t,r){let n=await h(this,Se).sign(t,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return `${n.protected}.${n.payload}.${n.signature}`}};Se=new WeakMap;var ie,$,de=class{constructor(t={}){j(this,ie);j(this,$);N(this,$,new qe(t));}setIssuer(t){return h(this,$).iss=t,this}setSubject(t){return h(this,$).sub=t,this}setAudience(t){return h(this,$).aud=t,this}setJti(t){return h(this,$).jti=t,this}setNotBefore(t){return h(this,$).nbf=t,this}setExpirationTime(t){return h(this,$).exp=t,this}setIssuedAt(t){return h(this,$).iat=t,this}setProtectedHeader(t){return N(this,ie,t),this}async sign(t,r){let n=new Xe(h(this,$).data());if(n.setProtectedHeader(h(this,ie)),Array.isArray(h(this,ie)?.crit)&&h(this,ie).crit.includes("b64")&&h(this,ie).b64===false)throw new Ce("JWTs MUST NOT use unencoded payload");return n.sign(t,r)}};ie=new WeakMap,$=new WeakMap;var xn=e=>btoa(String.fromCharCode(...new Uint8Array(e))).replaceAll("+","-").replaceAll("/","_").replaceAll("=",""),Ye=async e=>{let t=new TextEncoder().encode(e),r=await crypto.subtle.digest("SHA-256",t);return xn(r)},B=async e=>{let{method:t,url:r,nonce:n,ath:o,privateKey:a,publicJwk:i}=e,c={htm:t.toUpperCase(),htu:r,jti:crypto.randomUUID(),iat:Math.floor(Date.now()/1e3)};return n&&(c.nonce=n),o&&(c.ath=o),await new de(c).setProtectedHeader({alg:"ES256",typ:"dpop+jwt",jwk:i}).sign(a)};var _=async e=>{let t={crv:e.crv,kty:"EC",x:e.x,y:e.y},r=JSON.stringify(t),n=new TextEncoder().encode(r),o=await crypto.subtle.digest("SHA-256",n);return btoa(String.fromCharCode(...new Uint8Array(o))).replaceAll("+","-").replaceAll("/","_").replaceAll("=","")};async function pe(e){let{rootPrivateKey:t,rootPublicJwk:r,childJkt:n,clientId:o,sid:a,ttlSec:i=300}=e,c=Math.floor(Date.now()/1e3),u=c+Math.max(60,Math.min(i,3600)),s={child_jkt:n,client_id:o,aud:"issuer",iat:c,exp:u,jti:crypto.randomUUID()};return a&&(s.sid=a),await new de(s).setProtectedHeader({alg:"ES256",typ:"pode+jwt",jwk:r}).sign(t)}function We(e,t=300){return e.replace(/<[^>]*>/g,"").slice(0,t)}async function Je(e){let t=e.status,r=Array.from(e.headers.keys()).some(c=>c.toLowerCase().startsWith("x-amzn-waf")),n,o,a=e.headers.get("content-type")||"";if(a.includes("application/json"))try{let c=await e.clone().json();n=typeof c?.error=="string"?c.error:void 0,o=typeof c?.detail=="string"?c.detail:void 0;}catch{}let i=t===403&&!r&&!a.includes("application/json");return {status:t,code:n,detail:o,waf:r,alb403:i}}function he(e,t){let r=new Error(e);return r.status=t.status,r.code=t.code,r.detail=t.detail,r.waf=t.waf,r.alb403=t.alb403,r}var Re={boundWallet:null,clientId:null,jkt:null,refreshId:null,lastPolicyHash:null,lastPolicyProof:null,lastHost:null,rootJkt:null},Et=createContext(void 0);function hr(e){try{return JSON.parse(localStorage.getItem(e)||"null")??Re}catch{return Re}}function Tn(e,t){try{localStorage.setItem(e,JSON.stringify(t));}catch{}}var kt=({children:e,clientId:t})=>{let[r,n]=useState(Re),o=useRef(false),[a,i]=useState(false),c=useMemo(()=>Ke(t),[t]);useEffect(()=>{let p=true;return (async()=>{let y=await I(c)??await I(Fe)??hr(c);p&&(n({...Re,...y}),o.current=true,i(true));})(),()=>{p=false;}},[c]),useEffect(()=>{o.current&&(async()=>(await R(c,r),Tn(c,r)))();},[r,c]);let u=useCallback(p=>n(g=>({...g,refreshId:p})),[]),s=useCallback(p=>n(g=>({...g,lastPolicyHash:p})),[]),l=useCallback(p=>n(g=>({...g,lastPolicyProof:p})),[]),d=useCallback(p=>n(g=>({...g,lastHost:p})),[]),f=useCallback(p=>n(g=>({...g,rootJkt:p})),[]),w=async()=>{try{let p=localStorage.getItem(c);if(p){let g=JSON.parse(p);if(typeof g?.refreshId=="string"&&g.refreshId)return g.refreshId}}catch{}try{let p=await I(c);if(typeof p?.refreshId=="string"&&p.refreshId)return p.refreshId}catch{}return null},S=useCallback(p=>n(g=>({...g,boundWallet:p})),[]),E=useCallback(p=>n(g=>({...g,clientId:p})),[]),m=useCallback(p=>n(g=>({...g,jkt:p})),[]),k=useCallback(()=>n(Re),[]),b=useCallback(async()=>{let g=await I(c)??hr(c);n({...Re,...g});},[]),H=useMemo(()=>({meta:r,setBoundWallet:S,setClientId:E,setJkt:m,resetMeta:k,reload:b,setRefreshId:u,getRefreshId:w,ready:a,setLastPolicyHash:s,setLastPolicyProof:l,setLastHost:d,setRootJkt:f}),[r,S,E,m,k,b,a,u,w,s,l,d,f]);return jsx(Et.Provider,{value:H,children:e})};function Pt(){let e=useContext(Et);if(!e)throw new Error("useMeta must be used within <MetaProvider>");return e}var mr=`${T}:wrap`;async function Ze(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!1,["sign","verify"]),t=`${T}:probe_safe`;await R(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await R(t,void 0),!!(r&&r.privKey)}catch{return  false}}async function Jn(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!0,["sign","verify"]),t=`${T}:probe`;await R(t,{fmt:"cryptokey",privKey:e.privateKey});let r=await I(t);return await R(t,void 0),!!(r&&r.privKey)}catch{return  false}}function ke(e){let t={...e};return delete t.d,t.kty="EC",t.crv=v,t.alg=xe,t.use="sig",t}async function wr(){let e=await I(mr);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await R(mr,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function vt(e){let t=await wr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function Dn(e,t){let r=await wr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var At=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let u=await I(T);if(!u)return  false;if(u.fmt==="cryptokey"){let l=u;if(!l.privKey)return await R(T,void 0),false;let d=l.privKey;try{if(d.extractable&&await Ze()){let w=await crypto.subtle.exportKey("jwk",d),S=await crypto.subtle.importKey("jwk",w,{name:"ECDSA",namedCurve:v},!1,["sign"]),E={fmt:"cryptokey",privKey:S,pubJwk:ke(l.pubJwk)};await R(T,E),d=S;}}catch{}return e.current=d,t.current=ke(l.pubJwk),true}if(u.fmt==="encjwk"){let l=u;try{let d=await Dn(l.encPrivJwk,l.iv),f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},!1,["sign"]);return e.current=f,t.current=ke(l.pubJwk),!0}catch{return await R(T,void 0),false}}let s=u;if(s&&s.d){let{d:l,...d}=s,f=ke(d),w=await Ze(),S=w||await Jn();if(S&&w){let b=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);return await R(T,{fmt:"cryptokey",privKey:b,pubJwk:f}),e.current=b,t.current=f,true}if(S){let b=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},true,["sign"]);return await R(T,{fmt:"cryptokey",privKey:b,pubJwk:f}),e.current=b,t.current=f,true}let{encPrivJwk:E,iv:m}=await vt(s);await R(T,{fmt:"encjwk",encPrivJwk:E,iv:m,pubJwk:f});let k=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);return e.current=k,t.current=f,true}return await R(T,void 0),false},[]),n=useCallback(async(u,s)=>{await R(T,{fmt:"cryptokey",privKey:u,pubJwk:s});},[]),o=useCallback(async(u,s)=>{let{encPrivJwk:l,iv:d}=await vt(u);await R(T,{fmt:"encjwk",encPrivJwk:l,iv:d,pubJwk:s});},[]),a=useCallback(async()=>{if(e.current&&t.current||await r())return;let u=await Ze(),s=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",s.publicKey)),d=await crypto.subtle.exportKey("jwk",s.privateKey);if(u){let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);await n(f,l),e.current=f,t.current=l;}else {await o(d,l);let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=f,t.current=l;}},[r,n,o]),i=useCallback(async()=>{let u=await Ze(),s=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),l=ke(await crypto.subtle.exportKey("jwk",s.publicKey)),d=await crypto.subtle.exportKey("jwk",s.privateKey);if(u){let f=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);await R(T,{fmt:"cryptokey",privKey:f,pubJwk:l}),e.current=f,t.current=l;}else {let{encPrivJwk:f,iv:w}=await vt(d);await R(T,{fmt:"encjwk",encPrivJwk:f,iv:w,pubJwk:l});let S=await crypto.subtle.importKey("jwk",d,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=S,t.current=l;}},[]),c=useCallback(async()=>{await R(T,void 0),e.current=null,t.current=null;},[]);return {ensureKeypair:a,rotate:i,clear:c,privRef:e,pubJwkRef:t}};var Y="sunbreak_root_key_v1",br=`${Y}:wrap`;async function Sr(){try{let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},!1,["sign","verify"]),t=`${Y}:probe_safe`;await R(t,{fmt:"cryptokey",privKey:e.privateKey,createdAt:Date.now(),pubJwk:{}});let r=await I(t);return await R(t,void 0),!!(r&&r.privKey)}catch{return  false}}function Qe(e){let t={...e};return delete t.d,t.kty="EC",t.crv=v,t.alg=xe,t.use="sig",t}async function Rr(){let e=await I(br);if(!e){let t=new Uint8Array(32);crypto.getRandomValues(t),e=t.buffer,await R(br,e);}return crypto.subtle.importKey("raw",e,{name:"AES-GCM",length:256},false,["encrypt","decrypt"])}async function Ln(e){let t=await Rr(),r=new Uint8Array(12);crypto.getRandomValues(r);let n=new TextEncoder().encode(JSON.stringify(e));return {encPrivJwk:await crypto.subtle.encrypt({name:"AES-GCM",iv:r},t,n),iv:r.buffer}}async function _n(e,t){let r=await Rr(),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:t},r,e);return JSON.parse(new TextDecoder().decode(new Uint8Array(n)))}var Kt=()=>{let e=useRef(null),t=useRef(null),r=useCallback(async()=>{let a=await I(Y);if(!a)return  false;if(a.fmt==="cryptokey"){let i=a;if(!i.privKey)return await R(Y,void 0),false;let c=i.privKey;try{if(c.extractable&&await Sr()){let s=await crypto.subtle.exportKey("jwk",c),l=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},!1,["sign"]),d={fmt:"cryptokey",privKey:l,pubJwk:Qe(i.pubJwk),createdAt:i.createdAt};await R(Y,d),c=l;}}catch{}return e.current=c,t.current=Qe(i.pubJwk),true}if(a.fmt==="encjwk"){let i=a;try{let c=await _n(i.encPrivJwk,i.iv),u=await crypto.subtle.importKey("jwk",c,{name:"ECDSA",namedCurve:v},!1,["sign"]);return e.current=u,t.current=Qe(i.pubJwk),!0}catch{return await R(Y,void 0),false}}return await R(Y,void 0),false},[]),n=useCallback(async()=>{if(e.current&&t.current||await r())return;let a=await Sr(),i=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:v},true,["sign","verify"]),c=Qe(await crypto.subtle.exportKey("jwk",i.publicKey)),u=Date.now(),s=await crypto.subtle.exportKey("jwk",i.privateKey);if(a){let l=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);await R(Y,{fmt:"cryptokey",privKey:l,pubJwk:c,createdAt:u}),e.current=l,t.current=c;}else {let{encPrivJwk:l,iv:d}=await Ln(s);await R(Y,{fmt:"encjwk",encPrivJwk:l,iv:d,pubJwk:c,createdAt:u});let w=await crypto.subtle.importKey("jwk",s,{name:"ECDSA",namedCurve:v},false,["sign"]);e.current=w,t.current=c;}},[r]),o=useCallback(async()=>{await R(Y,void 0),e.current=null,t.current=null;},[]);return {ensureRootKeypair:n,clear:o,rootPrivRef:e,rootPubJwkRef:t}};var De=class e{constructor(t,r=false){this.colors={flow:"#00D9FF",state:"#00FF88",decision:"#FFB800",api:"#B388FF",guard:"#FFEA00",error:"#FF5252",warn:"#FF9100",info:"#90CAF9"};this.enabled=r,this.prefix=t?`[Sunbreak:${t.slice(0,8)}]`:"[Sunbreak]";}log(t,r,n){if(!this.enabled)return;let o=this.colors[t],a=new Date().toISOString().slice(11,23),i=this.getEmoji(t);console.log(`%c${i} ${this.prefix} [${a}] [${t.toUpperCase()}]%c ${r}`,`color: ${o}; font-weight: bold`,"color: inherit; font-weight: normal",n!==void 0?n:"");}getEmoji(t){switch(t){case "flow":return "\u{1F504}";case "state":return "\u{1F500}";case "decision":return "\u{1F914}";case "api":return "\u{1F4E1}";case "guard":return "\u{1F6E1}\uFE0F";case "error":return "\u274C";case "warn":return "\u26A0\uFE0F";case "info":return "\u2139\uFE0F";default:return "\u2022"}}flow(t,r,n){this.log("flow",`[${t.toUpperCase()}] ${r}`,n);}state(t,r,n,o){this.log("state",`${t} \u2192 ${r}: ${n}`,o);}decision(t,r,n,o){this.log("decision",`${t} = ${r?"\u2713 YES":"\u2717 NO"} (${n})`,o);}api(t,r,n){let o=n.status,i=o>=200&&o<300?"\u2713":"\u2717";this.log("api",`${i} ${t} ${r} \u2192 ${o}${n.error?` (${n.error})`:""}`,n.data);}guard(t,r,n,o){this.log("guard",`${t}: ${r?"\u2713 PASS":"\u2717 BLOCK"} (${n})`,o);}error(t,r){this.log("error",t,r);}warn(t,r){this.log("warn",t,r);}info(t,r){this.log("info",t,r);}group(t){this.enabled&&console.group(`${this.prefix} ${t}`);}groupEnd(){this.enabled&&console.groupEnd();}child(t){let r=new e(void 0,this.enabled);return r.prefix=`${this.prefix}[${t}]`,r}},Ct=null;function Er(){return Ct||(Ct=new De(void 0,true)),Ct}var et=class{constructor(t){this.currentState="unknown";this.previousState="unknown";this.logger=Er();this.hadSessionHistory=false;this.inActiveSession=false;t&&this.initialize(t);}initialize(t){this.logger.group("\u{1F527} Initializing Session State Machine");let r=!!(t.boundWallet||t.refreshId);this.hadSessionHistory=r,this.logger.info("Initial context",{wallet:t.wallet,boundWallet:t.boundWallet,refreshId:t.refreshId?"present":"null",hasToken:t.hasToken,authenticated:t.authenticated,hasHistory:r}),t.authenticated&&t.hasToken?(this.transition("authenticated","Has valid token"),this.inActiveSession=true):r?this.transition("refreshable","Has session history"):this.transition("unregistered","No session history"),this.logger.groupEnd();}transition(t,r){if(this.currentState===t){this.logger.info(`State unchanged: ${t} (${r})`);return}this.previousState=this.currentState,this.currentState=t,this.logger.state(this.previousState,t,r);}getState(){return this.currentState}isInActiveSession(){return this.inActiveSession}markHadSession(){this.hadSessionHistory||(this.logger.info("Marked hadSessionHistory = true"),this.hadSessionHistory=true);}clearSessionHistory(){this.logger.info("Cleared session history"),this.hadSessionHistory=false,this.inActiveSession=false;}onProbeComplete(t){if(this.logger.flow("probe","Probe completed, determining initial state"),this.currentState!=="unknown"){this.logger.warn("Probe called but state is not UNKNOWN",{currentState:this.currentState});return}!!(t.boundWallet||t.refreshId)||this.hadSessionHistory?this.transition("refreshable","Session history found"):this.transition("unregistered","No session history");}onRegisterSuccess(t){this.logger.flow("register","Register succeeded"),this.transition("authenticated","Register succeeded"),this.inActiveSession=true,this.hadSessionHistory=true;}onRegisterFailure(t){this.logger.flow("register",`Register failed: ${t}`);}onRefreshSuccess(t){this.logger.flow("refresh","Refresh succeeded"),this.transition("authenticated","Refresh succeeded"),this.inActiveSession=true;}onRefreshExpired(){this.logger.flow("refresh","Refresh failed: session expired (missing refresh identifier)"),this.transition("expired","Session expired"),this.inActiveSession=false;}onRefreshFailure(t){this.logger.flow("refresh",`Refresh failed: ${t}`);}onTokenExpired(){this.logger.flow("token","Token expired"),this.currentState==="authenticated"&&this.transition("refreshable","Token expired");}onWalletChange(t,r,n){if(this.logger.flow("wallet",`Wallet changed: ${t||"null"} \u2192 ${r||"null"}`),!r){this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;return}r.toLowerCase()===n.boundWallet?.toLowerCase()?this.hadSessionHistory&&this.transition("refreshable","Wallet reconnected with history"):(this.transition("unregistered","Wallet changed to different address"),this.inActiveSession=false);}onWalletDisconnect(){this.logger.flow("wallet","Wallet disconnected"),this.transition("unknown","Wallet disconnected"),this.inActiveSession=false;}shouldAttemptProbe(){let t=this.currentState==="unknown";return this.logger.decision("Should attempt probe?",t,`State is ${this.currentState}`),t}shouldAttemptRefresh(t){if(this.currentState!=="refreshable"&&this.currentState!=="authenticated")return this.logger.decision("Should attempt refresh?",false,`State is ${this.currentState}, not REFRESHABLE or AUTHENTICATED`),false;if(!(t.boundWallet||t.wallet))return this.logger.decision("Should attempt refresh?",false,"No wallet available (neither boundWallet nor current wallet)"),false;if(t.wallet&&t.boundWallet&&t.wallet.toLowerCase()!==t.boundWallet.toLowerCase())return this.logger.decision("Should attempt refresh?",false,"Wallet mismatch"),false;if(t.hasToken&&t.tokenExpiry){let n=Math.floor(Date.now()/1e3);if(t.tokenExpiry-n>5&&this.currentState==="authenticated")return this.logger.decision("Should attempt refresh?",false,"Token still valid"),false}return this.logger.decision("Should attempt refresh?",true,`State is ${this.currentState}, token ${t.hasToken?"present":"missing"}`),true}shouldAttemptRegister(t){return this.inActiveSession?(this.logger.decision("Should attempt register?",false,"Already in active session - proof changes ignored"),false):this.currentState!=="unregistered"&&this.currentState!=="expired"?(this.logger.decision("Should attempt register?",false,`State is ${this.currentState}, not UNREGISTERED or EXPIRED`),false):t.wallet?t.hasProof?t.authenticated&&t.hasToken?(this.logger.decision("Should attempt register?",false,"Already authenticated"),false):(this.logger.decision("Should attempt register?",true,`State is ${this.currentState}, have wallet + proof`),true):(this.logger.decision("Should attempt register?",false,"No proof available"),false):(this.logger.decision("Should attempt register?",false,"No wallet connected"),false)}shouldWaitForInitialRefresh(t,r){return this.currentState!=="refreshable"||t?false:r.wallet&&r.boundWallet&&r.wallet.toLowerCase()===r.boundWallet.toLowerCase()?(this.logger.decision("Should wait for initial refresh?",true,"Returning user - let refresh attempt first"),true):false}getStateReport(t){return `
+\u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
+\u2502  Session State Machine Report          \u2502
+\u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
+\u2502 Current State:    ${this.currentState.padEnd(20)} \u2502
+\u2502 Previous State:   ${this.previousState.padEnd(20)} \u2502
+\u2502 Active Session:   ${String(this.inActiveSession).padEnd(20)} \u2502
+\u2502 Had History:      ${String(this.hadSessionHistory).padEnd(20)} \u2502
+\u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524
+\u2502 Wallet:           ${(t.wallet||"null").padEnd(20)} \u2502
+\u2502 Bound Wallet:     ${(t.boundWallet||"null").padEnd(20)} \u2502
+\u2502 Refresh ID:       ${(t.refreshId?"present":"null").padEnd(20)} \u2502
+\u2502 Has Token:        ${String(t.hasToken).padEnd(20)} \u2502
+\u2502 Authenticated:    ${String(t.authenticated).padEnd(20)} \u2502
+\u2502 Has Proof:        ${String(t.hasProof).padEnd(20)} \u2502
+\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518
+    `.trim()}};var Hn=()=>crypto.randomUUID(),kr=e=>{let{clientId:t,wallet:r,base:n="https://api.tdfc.com",fetchImpl:o,timeoutMs:a=15e3,proof:i=null,providerAdapter:c,refreshDeps:u=[],debug:s}=e,l=ft(n),d=typeof window<"u"?(o??fetch).bind(window):o??fetch,{meta:f,setBoundWallet:w,setJkt:S,setRefreshId:E,getRefreshId:m,setLastPolicyHash:k,setLastPolicyProof:b,setLastHost:H,setRootJkt:p,ready:g}=Pt(),{ensureRootKeypair:y,rootPrivRef:P,rootPubJwkRef:C}=Kt(),O=useCallback(async()=>{await y();try{if(!f.rootJkt&&C.current){let te=await _(C.current);p(te);}}catch{}},[y,f.rootJkt,C]),{ensureKeypair:Pe,rotate:K,privRef:Me,pubJwkRef:$e}=At(),[Jt,J]=useState(false),[G,U]=useState(0),[ee,ce]=useState(null),[oe,rt]=useState(null),[nt,ot]=useState(null),[Jr,Dr]=useState(null),[Lr,_r]=useState(null),[Hr,Mr]=useState(null),$r=useRef(null),Or=useRef(null),Ur=useRef(null),jr=useRef(null),Nr=useRef(null),Fr=useRef(null),Br=useRef(null),Vr=useRef(false),Gr=useRef(false),qr=useRef(void 0),Oe=useRef(false),at=useRef(false),Dt=useRef(null),le=useRef(null);le.current||(le.current=new Promise(te=>{Dt.current=te;}));let it=useRef(null),zr=useRef(i),Xr=useRef(null),st=useRef(null);if(!st.current){let te=s??false;st.current=new De(t,te);}let ct=useRef(null);ct.current||(ct.current=new et);let Ue=useRef(null),Lt=useRef(null),je=useRef(null),_t=()=>Date.now(),Yr=()=>(je.current??0)>0&&je.current<_t(),lt=useCallback((te,nn=15e3)=>{let Ht=Hn();return Ue.current=Ht,Lt.current=te,je.current=_t()+Math.max(1e3,nn),Ht},[]),Zr=useCallback(()=>((!Ue.current||Yr())&&lt("adhoc",1e4),Ue.current),[lt]),ut=useRef(null),Ne=useRef(null);Ne.current||(Ne.current=new Promise(te=>{ut.current=te;}));let Qr=useCallback(async()=>{!Oe.current&&Ne.current&&await Ne.current;},[]),en=useCallback(()=>{Oe.current||(Oe.current=true,ut.current?.(),ut.current=null);},[]),tn=useCallback(async()=>{!at.current&&le.current&&await le.current;},[]),rn=useCallback(async()=>{!at.current&&le.current&&await le.current,it.current&&await it.current;},[]);return {clientId:t,wallet:r,baseUrl:l,fetchImpl:d,timeoutMs:a,providerAdapter:c,refreshDeps:u,ensureKeypair:Pe,rotate:K,ensureRootKeypair:O,rootPrivRef:P,rootPubJwkRef:C,privRef:Me,pubJwkRef:$e,meta:f,setBoundWallet:w,setJkt:S,setRefreshId:E,accessTokenRef:Ur,tokenExpRef:jr,authenticated:Jt,setAuthenticated:J,loadingCount:G,setLoadingCount:U,error:ee,setError:ce,allowed:oe,setAllowed:rt,denyReason:nt,setDenyReason:ot,sessionExpiry:Jr,setSessionExpiry:Dr,sessionData:Lr,setSessionData:_r,verifyData:Hr,setVerifyData:Mr,authWalletRef:Or,refreshLock:Nr,registerLock:Fr,sessionLock:Br,didInitialRefresh:Vr,didInitialSession:Gr,prevWalletRef:qr,initResolvedRef:at,initReady:le,initResolveRef:Dt,rotateLock:it,waitReady:tn,awaitKeyStable:rn,proofRef:zr,registerCooldownUntilRef:$r,reqIdRef:Ue,flowLabelRef:Lt,flowExpireRef:je,beginFlow:lt,currentReqId:Zr,awaitProbe:Qr,markProbed:en,hasProbedRef:Oe,getRefreshId:m,setLastPolicyHash:k,setLastPolicyProof:b,setLastHost:H,setRootJkt:p,metaReady:g,probeLock:Xr,stateMachine:ct.current,logger:st.current}};var V=e=>e.accessTokenRef.current??null,Z=e=>{let t=e.privRef.current;if(!t)throw new Error("Sunbreak: private key not initialized");return t},W=e=>{let t=e.pubJwkRef.current;if(!t)throw new Error("Sunbreak: public JWK not initialized");return t};var Mn=(e,t)=>`${e.toUpperCase()} ${t}`;async function Le(e,t,r,n){if(!t)return e.logger.guard("register",false,"No wallet provided"),false;e.logger.flow("register","Starting register flow",{wallet:t});let o=Le._nonceCacheRef||(Le._nonceCacheRef={map:new Map});try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair(),e.setError(null),e.beginFlow("register",2e4);let a;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let y=await _(e.rootPubJwkRef.current);e.setRootJkt?.(y);}catch{}let p=await _(W(e)),g=await e.getRefreshId();a=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:p,clientId:e.clientId,sid:g||void 0,ttlSec:300});}}catch(p){e.logger.warn("Failed to create PODE for register",p);}let i=e.currentReqId(),c="/auth/register",u=`${e.baseUrl}${c}`,s=new URL(e.baseUrl).origin,l="POST",d=`${s}${c}`,f=Mn(l,d),w=o.map.get(f),S=await B({method:l,url:d,nonce:w,privateKey:Z(e),publicJwk:W(e)}),E=async p=>e.fetchImpl(u,{method:l,headers:{"content-type":"application/json","x-sunbreak-meta":F(e,{reqId:i,pode:a||void 0}),...p},credentials:"include",body:JSON.stringify({wallet:t,proof:r})}),m=await E({DPoP:S}),k=p=>{let g=p.headers.get("dpop-nonce");g&&o.map.set(f,g);};if(m.status===401){e.logger.info("Register got 401, retrying with nonce");let p=m.headers.get("www-authenticate"),y=(p&&p.match(/dpop-nonce="([^"]+)"/i))?.[1];if(y){o.map.set(f,y);let P=await B({method:l,url:d,nonce:y,privateKey:Z(e),publicJwk:W(e)});m=await E({DPoP:P});}}if(k(m),e.logger.api(l,c,{status:m.status}),!m.ok){let p=await Je(m);if((m.headers.get("content-type")||"").includes("application/json")){let y;try{y=await m.clone().json();}catch{}let P=We(y&&(y.error||y.message||y.detail)||`HTTP ${m.status}`);throw he(P,p)}else {let y=p.waf?"Blocked by WAF (403)":p.alb403?"Blocked at origin (ALB 403)":`HTTP ${m.status}`;throw he(y,p)}}let b=await m.json();e.logger.info("Register succeeded",{expiresIn:b.expiresIn,hasRefreshId:!!b.refreshId}),e.accessTokenRef.current=b.access,e.authWalletRef.current=t.toLowerCase(),e.setAuthenticated(!0);try{let p=Math.floor(Date.now()/1e3);e.tokenExpRef.current=p+(b.expiresIn??0);}catch{}e.didInitialRefresh.current=!0,e.setBoundWallet(t),e.setLastPolicyHash(null),e.setLastPolicyProof(null);try{e.setJkt(await _(W(e)));}catch{}try{let p={...e.meta,boundWallet:t,clientId:e.meta.clientId??e.clientId,jkt:e.meta.jkt??null,refreshId:b.refreshId??null};e.setRefreshId(b.refreshId??null);let g=Ke(e.clientId);await R(g,p);try{localStorage.setItem(g,JSON.stringify(p));}catch{}}catch{}let H={wallet:t,boundWallet:t,refreshId:b.refreshId??null,hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!0,authenticated:!0};return e.stateMachine.onRegisterSuccess(H),!0}catch(a){let i=Number(a?.status||0),c=String(a?.code||"").toLowerCase(),u=String(a?.message||"").toLowerCase(),s=Math.floor(Math.random()*1e3);e.logger.error("Register failed",{status:i,code:c,msg:u}),e.stateMachine.onRegisterFailure(`${c||u||"Unknown error"}`);let l=c==="session_exists"||c==="already_authenticated"||u.includes("already")&&(u.includes("session")||u.includes("authenticated")),d=(i===401||i===403)&&c==="replay";if((l||d)&&n?.refreshFallback&&(!e.meta.boundWallet||e.meta.boundWallet.toLowerCase()===t.toLowerCase())){e.logger.info("Register failed with recoverable error, attempting refresh fallback",{code:c,isSessionExists:l,isReplay:d});try{if(await n.refreshFallback())return e.logger.info("Refresh fallback succeeded after register failure"),e.meta.boundWallet||e.setBoundWallet(t),!0}catch(w){e.logger.warn("Refresh fallback failed",w);}}if(d){if(e.providerAdapter)try{let f=await e.providerAdapter.getToken()??null;if(f)return await e.awaitKeyStable(),await e.ensureKeypair(),await e.rotate(),e.proofRef.current=await ve(e.providerAdapter,f),e.registerCooldownUntilRef.current=Date.now()+5e3+s,!1}catch{}else return e.proofRef.current=null,e.setError("Proof replayed; please sign a fresh proof."),e.registerCooldownUntilRef.current=Date.now()+1e4+s,false;return e.registerCooldownUntilRef.current=Date.now()+8e3+s,false}if(l)return e.setError("Session already exists. Try refreshing the page."),e.registerCooldownUntilRef.current=Date.now()+3e3+s,false;if(i===403&&(a?.waf||a?.alb403))return e.setError(u||"Forbidden at edge/origin"),e.registerCooldownUntilRef.current=Date.now()+3e4+s,false;if(i===403)return e.setError(c||u||"Forbidden"),e.registerCooldownUntilRef.current=Date.now()+15e3+s,false;if(i===429||i===503){e.setError(c||u||"Rate limited / unavailable");let f=i===429?5e3:8e3;return e.registerCooldownUntilRef.current=Date.now()+f+s,false}return e.setError(c||u||"Register failed"),e.registerCooldownUntilRef.current=Date.now()+5e3+s,false}}var $n=(e,t)=>`${e.toUpperCase()} ${t}`;function _e(e){if(e.refreshLock.current)return e.logger.guard("refreshLock",false,"Refresh already in progress"),e.refreshLock.current;if(e.registerLock.current){e.logger.guard("registerLock",false,"Registration in progress, waiting");let t=e.registerLock.current.then(()=>{if(e.authenticated&&V(e))return  true;if(V(e)){let n=e.tokenExpRef.current,o=Math.floor(Date.now()/1e3);if(!!n&&n-o>5)return  true}return  false});return e.refreshLock.current=t.finally(()=>{e.refreshLock.current=null;}),e.refreshLock.current}return e.logger.flow("refresh","Starting refresh flow"),e.refreshLock.current=(async()=>{try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe();let t=e.meta.boundWallet||e.wallet;if(!t)return e.logger.warn("No wallet available for refresh (neither boundWallet nor current wallet)"),!1;if(e.wallet&&e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return e.logger.warn("Wallet mismatch during refresh",{current:e.wallet,bound:e.meta.boundWallet}),e.accessTokenRef.current=null,e.setAuthenticated(!1),!1;let r=V(e);if(r){let y=e.tokenExpRef.current,P=Math.floor(Date.now()/1e3);if(!!r&&!!y&&y-P>5)return e.logger.info("Token still valid, skipping refresh"),!0}e.beginFlow("refresh",15e3);let n=e.currentReqId();await e.ensureKeypair();let o;try{if(await e.ensureRootKeypair(),e.rootPrivRef.current&&e.rootPubJwkRef.current){if(!e.meta.rootJkt)try{let C=await _(e.rootPubJwkRef.current);e.setRootJkt?.(C);}catch{}let y=await _(W(e)),P=await e.getRefreshId();o=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:y,clientId:e.clientId,sid:P||void 0,ttlSec:300});}}catch(y){e.logger.warn("Failed to create PODE for refresh",y);}let a="/auth/refresh",i=`${e.baseUrl}${a}`,c=new URL(e.baseUrl).origin,u="POST",s=`${c}${a}`,l=$n(u,s),d=_e._nonceCacheRef||(_e._nonceCacheRef={map:new Map}),f=async y=>await B({method:u,url:s,nonce:y,privateKey:Z(e),publicJwk:W(e)}),w=await e.getRefreshId(),S={"x-sunbreak-meta":F(e,{reqId:n,refreshId:w||void 0,pode:o||void 0,wallet:t}),"content-type":"application/json"},E=async y=>e.fetchImpl(i,{method:u,headers:{DPoP:y,...S},credentials:"include",body:"{}"}),m=y=>{let P=y.headers.get("dpop-nonce");P&&d.map.set(l,P);},k=await E(await f(d.map.get(l)));if(k.status===401){e.logger.info("Refresh got 401, retrying with nonce");let y=k.headers.get("www-authenticate"),C=(y&&y.match(/dpop-nonce="([^"]+)"/i))?.[1];C&&(d.map.set(l,C),k=await E(await f(C)));}if(m(k),e.logger.api(u,a,{status:k.status}),!k.ok){try{if((k.headers.get("content-type")||"").includes("application/json")){let P=await k.clone().json().catch(()=>{}),C=P&&(P.error||P.code||P.message)||"",O=String(C).toLowerCase();if(O.includes("missing")&&O.includes("refresh")){e.logger.warn("Refresh session expired (missing refresh identifier)"),e.stateMachine.onRefreshExpired();try{e.setRefreshId?.(null);}catch{}e.accessTokenRef.current=null,e.setAuthenticated(!1);}else e.logger.warn("Refresh failed",{error:C}),e.stateMachine.onRefreshFailure(String(C));}}catch{}return !1}let b=await k.json();e.logger.info("Refresh succeeded",{expiresIn:b.expiresIn,hasRefreshId:!!b.refreshId}),e.accessTokenRef.current=b.access,e.setAuthenticated(!0);let H=(e.wallet&&(!e.meta.boundWallet||e.meta.boundWallet===e.wallet)?e.wallet:e.meta.boundWallet)||null;e.authWalletRef.current=H?H.toLowerCase():null;try{let y=Math.floor(Date.now()/1e3);e.tokenExpRef.current=y+(b.expiresIn??0);}catch{}try{e.setJkt(await _(W(e)));}catch{}b.refreshId&&e.setRefreshId(b.refreshId);let p=y=>!y||y==="null"||y==="undefined"?null:y,g={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:p(b.refreshId??e.meta.refreshId??null),hasToken:!0,tokenExpiry:e.tokenExpRef.current,hasProof:!!e.proofRef.current,authenticated:!0};return e.stateMachine.onRefreshSuccess(g),!0}finally{e.refreshLock.current=null;}})(),e.refreshLock.current}var On=(e,t)=>`${e.toUpperCase()} ${t}`,Tt=new Map,He;try{let e=globalThis;He=e.__sunbreak_page_probe_guard??(e.__sunbreak_page_probe_guard=new Set);}catch{He=new Set;}var Un=e=>{try{let t=new URL(e.baseUrl).origin;return `${e.clientId}::${t}`}catch{return `${e.clientId}::${e.baseUrl}`}};async function Pr(e){let t=Un(e);if(e.probeLock.current){e.logger.guard("probeLock",false,"Probe already in progress, waiting"),await e.probeLock.current,e.markProbed();return}if(e.hasProbedRef.current){e.logger.guard("hasProbedRef",false,"Already probed in this session"),e.markProbed();return}if(He.has(t)){e.logger.guard("pageProbeGuard",false,"Already probed for this page load"),e.markProbed();return}He.add(t),e.logger.flow("probe","Starting probe flow",{clientId:e.clientId,pageKey:t});let r=(async()=>{let n=new URL(e.baseUrl).origin;try{if(await e.awaitKeyStable(),await e.ensureKeypair(),!e.rootPrivRef.current)try{await e.ensureRootKeypair();}catch{}let o;if(e.rootPrivRef.current&&e.rootPubJwkRef.current)try{let m=await _(W(e));o=await pe({rootPrivateKey:e.rootPrivRef.current,rootPublicJwk:e.rootPubJwkRef.current,childJkt:m,clientId:e.clientId,ttlSec:300});}catch(m){e.logger.warn("Failed to create PODE for probe",m);}let a="POST",i="/auth/probe",c=`${e.baseUrl}${i}`,u=`${n}${i}`,s=On(a,u),l=async m=>B({method:a,url:u,nonce:m,privateKey:Z(e),publicJwk:W(e)}),d=async m=>e.fetchImpl(c,{method:a,headers:{DPoP:m,"x-sunbreak-meta":F(e,{pode:o}),"content-type":"application/json"},credentials:"include",body:"{}"}),f=m=>{let k=m.headers.get("dpop-nonce");k&&Tt.set(s,k);},w=await d(await l(Tt.get(s)));if(f(w),w.status===401){e.logger.info("Probe got 401, retrying with nonce from www-authenticate");let m=w.headers.get("www-authenticate"),b=(m&&m.match(/dpop-nonce="([^"]+)"/i))?.[1];b&&(Tt.set(s,b),w=await d(await l(b)),f(w));}e.logger.api(a,i,{status:w.status});let S=m=>!m||m==="null"||m==="undefined"?null:m,E={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:S(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};e.stateMachine.onProbeComplete(E);}catch(o){e.logger.error("Probe failed",o);try{He.delete(t);}catch{}}finally{e.markProbed(),e.logger.flow("probe","Probe flow completed");}})();e.probeLock.current=r;try{await r;}finally{e.probeLock.current=null;}}var vr=e=>{let t=useCallback(()=>_e(e),[e]),r=useCallback(async()=>{let o=Date.now(),a=e.registerCooldownUntilRef.current??0;if(o<a){e.logger.guard("registerCooldown",false,"Cooldown active");return}if(!e.wallet){e.logger.guard("attemptRegister",false,"No wallet");return}if(!e.initResolvedRef.current){e.logger.guard("attemptRegister",false,"Not initialized");return}if(e.refreshLock.current){e.logger.guard("attemptRegister",false,"Refresh in progress");return}if(e.registerLock.current){e.logger.guard("attemptRegister",false,"Register already in progress");return}let i=s=>!s||s==="null"||s==="undefined"?null:s,c={wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:i(e.meta.refreshId),hasToken:!!V(e),tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated};if(!e.stateMachine.shouldAttemptRegister(c)){e.logger.guard("attemptRegister",false,`State machine blocked (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}let u=e.proofRef.current;if(!u){e.logger.guard("attemptRegister",false,"No proof available");return}e.logger.guard("attemptRegister",true,"All guards passed, proceeding"),await e.awaitKeyStable(),e.registerLock.current=(async()=>{try{await Le(e,e.wallet,u,{refreshFallback:async()=>{e.logger.info("Attempting refresh as fallback after register failure");let l=!!e.meta.boundWallet;!l&&e.wallet&&e.setBoundWallet(e.wallet);try{return await _e(e)}catch{return l||e.setBoundWallet(null),!1}}})&&(e.didInitialSession.current=!0);}catch(s){e.setError(s?.message||String(s)||"Register failed");}finally{e.registerLock.current=null;}})();},[e]),n=useCallback(async o=>{let a=()=>(e.registerCooldownUntilRef.current??0)>Date.now();if(!e.providerAdapter||a())return;let i=await ve(e.providerAdapter,o);e.proofRef.current=i;},[e]);return {refresh:t,register:(o,a,i)=>Le(e,o,a,i),attemptRegister:r,setProofFromAdapterToken:n}};var jn=(e,t)=>`${e.toUpperCase()} ${t}`,Nn=(e,t)=>!!e&&!!t&&e.toLowerCase()===t.toLowerCase();async function tt(e,t,r,n,o,a={}){e.setLoadingCount(s=>s+1),e.setError(null);let i=n.startsWith("/api/session"),c=new AbortController,u=setTimeout(()=>c.abort(),e.timeoutMs);try{await e.waitReady(),await e.awaitKeyStable(),await e.awaitProbe(),await e.ensureKeypair();let l=`${i?pt(e):e.baseUrl}${n.startsWith("/")?"":"/"}${n}`,f=`${new URL(e.baseUrl).origin}${n.startsWith("/")?"":"/"}${n}`,w=jn(r,f),S=n.startsWith("/auth/"),E=!1,m=!1,k=e.currentReqId(),b=tt._nonceCacheRef||(tt._nonceCacheRef={map:new Map}),H=J=>{let G=J.headers.get("dpop-nonce");G&&b.map.set(w,G);},p=!!e.wallet&&!!e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase(),g=()=>S||!e.wallet?!1:!!(e.authenticated||Nn(e.wallet,e.meta.boundWallet)||typeof e.meta.refreshId=="string"&&e.meta.refreshId),y,P,C=async()=>{if(S||p)return;try{let ce=V(e),oe=e.tokenExpRef.current,rt=Math.floor(Date.now()/1e3),nt=!!oe&&oe-rt<=60;if(ce){if(nt&&!await t().catch(()=>!1))return}else if(!g()||!await t().catch(()=>!1))return}catch{}let J=V(e);if(!J)return;let G=await Ye(J),U=b.map.get(w),ee=await B({method:r,url:f,nonce:U,ath:G,privateKey:Z(e),publicJwk:W(e)});y=`Bearer ${e.accessTokenRef.current}`,P=ee;};await C();let O={"content-type":"application/json","x-sunbreak-auth":y||"","x-sunbreak-meta":F(e,{reqId:k,auth:y,ifPolicyHash:e.meta.lastPolicyHash||void 0,ifPolicyProof:e.meta.lastPolicyProof||void 0}),...ht(a.headers)};P&&(O.DPoP=P);let Pe=async()=>e.fetchImpl(l,{...a,method:r,headers:O,body:o!==void 0?JSON.stringify(o):void 0,credentials:"include",signal:c.signal}),K=await Pe(),Me=K.headers.get("x-sunbreak-policy-hash"),$e=K.headers.get("x-sunbreak-policy-proof");if(Me&&e.setLastPolicyHash(Me),$e&&e.setLastPolicyProof($e),H(K),K.status===401&&!S){let J=V(e),G=K.headers.get("www-authenticate"),ee=(G&&G.match(/dpop-nonce="([^"]+)"/i))?.[1];if(!p&&ee&&J&&!m){m=!0,b.map.set(w,ee);let ce=await Ye(J),oe=await B({method:r,url:f,nonce:ee,ath:ce,privateKey:Z(e),publicJwk:W(e)});y=`Bearer ${e.accessTokenRef.current}`,P=oe,O["x-sunbreak-meta"]=F(e,{reqId:k,auth:y}),O.DPoP=P,K=await Pe(),H(K);}if(K.status===401&&!E&&(E=!0,!p&&g())){let ce=await t(),oe=V(e);ce&&oe&&!p&&(await C(),O["x-sunbreak-meta"]=F(e,{reqId:k,auth:y}),P&&(O.DPoP=P),K=await Pe(),H(K));}if(K.status===401)throw new Error("Unauthorized")}if(!K.ok){let J=await Je(K);if((K.headers.get("content-type")||"").includes("application/json")){let U=await K.json().catch(()=>{}),ee=We(U&&(U.error||U.message||U.detail)||`HTTP ${K.status}`);throw he(ee,J)}else {let U=J.waf?"Blocked by WAF (403)":J.alb403?"Blocked at origin (ALB 403)":`HTTP ${K.status}`;throw he(U,J)}}return (K.headers.get("content-type")||"").includes("application/json")?await K.json():void 0}finally{clearTimeout(u),e.setLoadingCount(s=>Math.max(0,s-1));}}var Ar=(e,t)=>useCallback(async(r,n,o,a={})=>tt(e,t,r,n,o,a),[e,t]);async function xr(e,t){let r=await t("GET","/api/session");if(r){e.setAllowed(!!r.allowed),e.setDenyReason(r.reason??null),e.setSessionData(r),e.setSessionExpiry(r.expiry??null);let n=r?.wallet;typeof n=="string"&&n&&e.setBoundWallet(n.toLowerCase());}return r}async function Kr(e,t){let r=await t("GET","/api/verify");return r&&(e.setSessionExpiry(r.expiry??null),e.setVerifyData(r)),r}var Tr=(e,t)=>{let r=useCallback(async()=>{if(e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet))return e.sessionLock.current||(e.sessionLock.current=(async()=>{try{return await xr(e,t)}catch(o){throw e.logger.error("Session request failed",o),o}finally{e.sessionLock.current=null;}})()),e.sessionLock.current},[e,t]),n=useCallback(async()=>{if(e.wallet)return await Kr(e,t)},[e,t]);return {session:r,verify:n}};var Ir=(e,t)=>{let{refresh:r,session:n,attemptRegister:o,setProofFromAdapterToken:a,proofProp:i}=t,c=()=>(e.registerCooldownUntilRef.current??0)>Date.now(),u=()=>{let s=l=>!l||l==="null"||l==="undefined"?null:l;return {wallet:e.wallet||null,boundWallet:e.meta.boundWallet||null,refreshId:s(e.meta.refreshId),hasToken:!!e.accessTokenRef.current,tokenExpiry:e.tokenExpRef.current||null,hasProof:!!e.proofRef.current,authenticated:e.authenticated}};useEffect(()=>{if(!e.metaReady)return;let s=true;return (async()=>{try{if(await e.waitReady(),!s||(await e.awaitKeyStable(),!s)||(await e.ensureRootKeypair(),!s))return;let l=u();e.stateMachine.initialize(l),await Pr(e);}catch(l){if(!s)return;e.logger.error("Probe initialization failed",l);}})(),()=>{s=false;}},[e.metaReady]),useEffect(()=>{let s=e.prevWalletRef.current;if(e.prevWalletRef.current=e.wallet,e.wallet!==s&&(e.didInitialRefresh.current=false),!e.wallet){e.logger.flow("wallet","Wallet disconnected"),e.stateMachine.onWalletDisconnect(),e.setAllowed(null),e.setDenyReason(null),e.setSessionExpiry(null),e.setSessionData(null),e.setAuthenticated(false),e.accessTokenRef.current=null,e.proofRef.current=null,e.setError(null),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null),e.didInitialRefresh.current=false;return}if(s&&e.wallet&&s!==e.wallet){e.logger.flow("wallet",`Wallet changed: ${s} \u2192 ${e.wallet}`);let l=u();e.stateMachine.onWalletChange(s,e.wallet,l),e.rotateLock.current=(async()=>{await e.rotate(),e.accessTokenRef.current=null,e.setAuthenticated(false),e.didInitialSession.current=false,e.authWalletRef.current=null,e.setLastPolicyHash(null),e.setLastPolicyProof(null);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;});}},[e.wallet]),useEffect(()=>{if(!e.providerAdapter||c()||!e.metaReady||!e.wallet)return;if(e.stateMachine.isInActiveSession()){e.logger.decision("Provider adapter should trigger register?",false,"Already in active session");return}if(e.authenticated){e.logger.decision("Provider adapter should trigger register?",false,"Already authenticated");return}let s=u();if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,s)){e.logger.decision("Provider adapter should wait for initial refresh?",true,"Returning user - refresh first");return}e.logger.decision("Provider adapter should trigger register?",true,`Fetching token (state: ${e.stateMachine.getState()})`);let l=false;return (async()=>{try{let d=e.providerAdapter.getToken(),f=new Promise((S,E)=>setTimeout(()=>E(new Error("Provider adapter timeout (30s)")),3e4)),w=await Promise.race([d,f]).catch(S=>(e.logger.warn("Provider adapter getToken failed",S),null))??null;if(await e.awaitKeyStable(),l||!w)return;e.logger.info("Provider adapter: got token, setting proof"),await a(w),await o();}catch(d){e.logger.error("Provider adapter flow failed",d);}})(),()=>{l=true;}},[e.providerAdapter,e.wallet,e.meta.boundWallet,e.metaReady,e.registerCooldownUntilRef,e.didInitialRefresh,e.authenticated,...e.refreshDeps]),useEffect(()=>{if(typeof i<"u"&&(e.proofRef.current=i??null,i&&e.logger.info("Proof prop updated",{hasProof:!!i})),!e.metaReady)return;let s=u();if(!e.stateMachine.shouldAttemptRegister(s)){e.logger.decision("Proof prop should trigger register?",false,`State machine says no (state: ${e.stateMachine.getState()}, inActiveSession: ${e.stateMachine.isInActiveSession()})`);return}if(e.stateMachine.shouldWaitForInitialRefresh(e.didInitialRefresh.current,s)){e.logger.decision("Proof prop should wait for initial refresh?",true,"Returning user - refresh first");return}let l=!!e.wallet,d=!!e.proofRef.current;l&&d&&e.initResolvedRef.current&&!c()&&(e.logger.info("Proof prop conditions met, attempting register"),o());},[i,e.wallet,e.authenticated,e.meta.boundWallet,e.metaReady,e.providerAdapter,e.initResolvedRef,e.didInitialRefresh,o]),useEffect(()=>{if(!e.metaReady||e.didInitialRefresh.current)return;let s=true;return (async()=>{try{await e.waitReady(),await e.awaitProbe();let l=u();if(e.accessTokenRef.current||e.authenticated){e.logger.info("Already authenticated, skipping initial refresh"),e.didInitialRefresh.current=!0,e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());return}if(!e.stateMachine.shouldAttemptRefresh(l)){e.logger.decision("Should attempt initial refresh?",!1,`State: ${e.stateMachine.getState()}`),e.didInitialRefresh.current=!0;return}e.logger.decision("Should attempt initial refresh?",!0,`State: ${e.stateMachine.getState()}`),e.didInitialRefresh.current=!0;let f=await r();if(!s)return;e.setAuthenticated(f),f&&e.wallet&&!e.didInitialSession.current&&(e.didInitialSession.current=!0,await n());}catch(l){if(!s)return;e.didInitialRefresh.current=true,e.setAuthenticated(false),e.setError(l?.message||String(l)||"Unknown error");}})(),()=>{s=false;}},[e.wallet,e.meta.boundWallet,e.meta.refreshId,e.metaReady,e.didInitialRefresh,r,n]),useEffect(()=>{e.initResolvedRef.current||(async()=>{if(await e.ensureKeypair(),!e.wallet){e.initResolvedRef.current=true,e.initResolveRef.current?.();return}e.meta.boundWallet&&e.meta.boundWallet!==e.wallet&&(e.rotateLock.current=(async()=>{e.accessTokenRef.current=null,e.setAuthenticated(false);})().catch(()=>{}).finally(()=>{e.rotateLock.current=null;}),e.rotateLock.current&&await e.rotateLock.current),e.initResolvedRef.current=true,e.initResolveRef.current?.();})();},[e]),useEffect(()=>{(async()=>{if(e.authenticated&&e.wallet&&!(e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)&&!e.didInitialSession.current){e.didInitialSession.current=true;try{e.logger.flow("session","Calling session after authentication"),await n();}catch(s){e.setError(s?.message||String(s));}}})();},[e.authenticated,e.wallet,e.meta.boundWallet,n]),useEffect(()=>{e.wallet&&e.authWalletRef.current&&e.wallet.toLowerCase()!==e.authWalletRef.current.toLowerCase()&&(e.logger.warn("Wallet mismatch detected, clearing auth",{current:e.wallet,authWallet:e.authWalletRef.current}),e.accessTokenRef.current=null,e.setAuthenticated(false));},[e.wallet,e.authWalletRef.current]),useEffect(()=>{let l=()=>{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return  false;let w=e.tokenExpRef.current;if(!w)return  false;let S=Math.floor(Date.now()/1e3);return w-S<=30},d=async()=>{try{l()&&(e.logger.info("Token expiring soon, refreshing on focus"),await r());}catch{}},f=async()=>{document.visibilityState==="visible"&&await d();};return window.addEventListener("focus",d),document.addEventListener("visibilitychange",f),()=>{window.removeEventListener("focus",d),document.removeEventListener("visibilitychange",f);}},[e,r]),useEffect(()=>{let d=()=>{let S=Math.floor(Date.now()/1e3),E=e.tokenExpRef.current,m=e.sessionExpiry,k=!!E&&E-S<=30&&E-S>0,b=!!m&&m-S<=3600&&m-S>0;return {tokenSoon:k,sessionSoon:b}},f=async()=>{try{if(!e.authenticated||!e.wallet||e.meta.boundWallet&&e.wallet!==e.meta.boundWallet)return;let{tokenSoon:S,sessionSoon:E}=d();(S||E)&&(e.logger.info("Refreshing on focus",{tokenSoon:S,sessionSoon:E}),await r()&&E&&await n());}catch{}},w=async()=>{document.visibilityState==="visible"&&await f();};return window.addEventListener("focus",f),document.addEventListener("visibilitychange",w),()=>{window.removeEventListener("focus",f),document.removeEventListener("visibilitychange",w);}},[e,e.sessionExpiry,r,n]);};var Wr=createContext(void 0),qn=e=>{let t=kr(e),{refresh:r,attemptRegister:n,setProofFromAdapterToken:o}=vr(t),a=Ar(t,r),{session:i,verify:c}=Tr(t,a);Ir(t,{refresh:r,session:i,attemptRegister:n,setProofFromAdapterToken:o,proofProp:e.proof});let u=useMemo(()=>({get:(s,l)=>a("GET",s,void 0,l),post:(s,l,d)=>a("POST",s,l,d),verify:c,session:i,refresh:r,authenticated:t.authenticated,loading:t.loadingCount>0,error:t.error,allowed:t.allowed,denyReason:t.denyReason,sessionExpiry:t.sessionExpiry,sessionData:t.sessionData,verifyData:t.verifyData,wallet:t.wallet}),[a,c,i,r,t.authenticated,t.loadingCount,t.error,t.allowed,t.denyReason,t.sessionExpiry,t.sessionData,t.verifyData,t.wallet]);return jsx(Wr.Provider,{value:u,children:e.children})},zn=e=>jsx(kt,{clientId:e.clientId,children:jsx(qn,{...e})}),Xn=()=>{let e=useContext(Wr);if(!e)throw new Error("useSunbreak must be used within a SunbreakProvider");return e};
-export { $n as SunbreakProvider, Nn as useSunbreak };
+export { zn as SunbreakProvider, Xn as useSunbreak };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tdfc/sunbreak-react",
-  "version": "0.1.7",
+  "version": "0.1.8",
   "description": "SDK for connecting to the Sunbreak API",
   "license": "UNLICENSED",
   "repository": "github:thedigitalfinancecompany/sunbreak-react",