@textrp/briij-js-sdk 43.2.1 → 44.1.0

package/CHANGELOG.md

@@ -1,7 +1,30 @@
-Changes in [43.2.1] (Unreleased - Briij JavaScript SDK)
+Changes in [44.1.0] (Unreleased - Briij JavaScript SDK)
+==================================================================================================
+## BREAKING CHANGES
+
+- **XRPL DID/Credential Flow**:
+  - Added client-signed DID/Credential binding helpers:
+    - `configureXrplClientSignedBinding`
+    - `runClientSignedDidCredentialBinding`
+  - These helpers target server endpoints:
+    - `/_matrix/client/v3/did/prepare`
+    - `/_matrix/client/v3/did/finalize`
+    - `/_matrix/client/v3/credential/prepare`
+    - `/_matrix/client/v3/credential/finalize`
+  - Wallet adapters used with this flow must return both transaction hash and signed blob (`txBlob` or `signedTxBlob`) so the SDK can finalize with `tx_blob + tx_hash`.
+
+---
+
+Changes in [44.0.0] (Unreleased - Briij JavaScript SDK)
 ==================================================================================================
 BREAKING CHANGES
 ----------------
+* **ZKP/DID Support**: Introduced experimental support for Zero-Knowledge Proof (ZKP) credential binding. Added a prototype Circom circuit for DID-bound wallet credentials (`circuits/e2ee_credential.circom`).
+* **Modular Circuits**: SDK repository now includes a minimal `E2EECredentialBinding` circuit as a basis for ZKP-based identity and credential workflows.
+* **DID Integration**: Laying groundwork for native Decentralized Identifier (DID) support, with initial code and constraints linking Matrix/Briij identities to XRPL wallet addresses.
+* **Developer Preview**: These additions are for developer experimentation and will evolve; APIs for full ZKP-protected flows and DID key management are *not* yet considered stable.
+---
+Changes in [43.2.1]
 * Added mCredits endpoints for native monetization
 * Added Admin mCredits emdpoints for package creation/update
 ---

package/README.md

@@ -135,6 +135,24 @@ For wallet-backed encryption recovery, the SDK exports:
 
 This is additive and does not alter core Olm/Megolm behavior.
 
+## XRPL DID + Credential + optional ZKP login
+
+The SDK now includes production-ready support for XRPL DID and credential login
+orchestration against TextRP-Briij:
+
+- DID-aware wallet login flow over `io.briij.login.xrpl`
+- Credential create/verify helper methods
+- Optional and free longevity mode (ZKP path) with fallback to baseline flow
+- DID/E2EE metadata persistence for continuity workflows
+
+The canonical architecture and rollout references are in TextRP-Briij docs:
+
+- `docs/did-zkp-e2ee-plan.md`
+- `docs/architecture/xrpl-sovereign-e2ee.md`
+
+Repository link:
+`https://github.com/xurgedigitallab/textrp-briij`
+
 ### Example: XRPL two-step login with wallet recovery envelope
 
 ```javascript
@@ -181,6 +199,54 @@ await client.completeXrplAuth({
 
 There is a full Node example at `examples/node/xrpl-login-recovery.js`.
 
+## XRPL client-signed DID/Credential binding
+
+For TextRP-Briij homeservers using the client-signed DID/Credential flow, use:
+
+- `configureXrplClientSignedBinding(...)`
+- `runClientSignedDidCredentialBinding(e2eePubkeyCommitment)`
+
+This sequence calls:
+
+1. `POST /_matrix/client/v3/did/prepare`
+2. wallet signs/submits the unsigned DIDSet payload
+3. `POST /_matrix/client/v3/did/finalize` with `tx_blob` + `tx_hash`
+4. `POST /_matrix/client/v3/credential/prepare`
+5. wallet signs/submits the unsigned CredentialCreate payload
+6. `POST /_matrix/client/v3/credential/finalize` with `tx_blob` + `tx_hash`
+
+Example:
+
+```typescript
+import {
+    configureXrplClientSignedBinding,
+    runClientSignedDidCredentialBinding,
+} from "@textrp/briij-js-sdk";
+
+configureXrplClientSignedBinding({
+    homeserverBaseUrl: "http://localhost:8008",
+    accessToken: "<matrix_access_token>",
+    network: "xrpl",
+    wallet: {
+        getAddress: async () => "r...",
+        signAndSubmit: async (tx) => {
+            // wallet implementation must return:
+            // - hash: transaction hash
+            // - txBlob or signedTxBlob: signed tx blob string
+            return { hash: "ABC...", txBlob: "{...signed tx json...}" };
+        },
+    },
+});
+
+await runClientSignedDidCredentialBinding("e2ee-commitment-value");
+```
+
+Important:
+
+- The SDK does not hold wallet seeds.
+- The wallet adapter must return the signed blob (`txBlob` or `signedTxBlob`) in addition to `hash`, otherwise finalize endpoints will fail.
+- The `homeserverBaseUrl` and `accessToken` should come from the active Matrix session after login.
+
 ## Authenticated media
 
 Servers supporting [MSC3916](https://github.com/matrix-org/matrix-spec-proposals/pull/3916) (spec 1.11) will require clients, like

package/lib/@types/auth.d.ts

@@ -218,6 +218,44 @@ export interface WalletIdentityAccountData {
     public_key?: string | null;
     network?: string | null;
     key_type?: string | null;
+    did_uri?: string | null;
+    credential_id?: string | null;
+    e2ee_pubkey_commitment?: string | null;
+}
+interface DidVerificationMethod {
+    id: string;
+    type: string;
+    controller: string;
+    publicKeyMultibase?: string;
+    blockchainAccountId?: string;
+}
+export interface DidResolutionResult {
+    did_uri: string;
+    resolution_type?: string;
+    did_document: {
+        id: string;
+        verificationMethod: DidVerificationMethod[];
+        authentication: string[];
+        service?: Array<Record<string, string>>;
+    };
+}
+export interface CredentialCreateResult {
+    credential_id: string;
+    status: string;
+}
+export interface CredentialVerifyResult {
+    credential_id: string;
+    valid: boolean;
+}
+export interface ZkpVerifyResult {
+    valid: boolean;
+    verified_at?: number;
+    reason?: string;
+}
+export interface DidCredentialMetadata {
+    didUri: string;
+    credentialId: string;
+    issuedAt: number;
 }
 export interface XrplWalletLoginRequest extends Omit<LoginRequest, "type"> {
     type: typeof XRPL_WALLET_LOGIN_TYPE;

package/lib/@types/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/@types/auth.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAKrD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACzB;AAID;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,KAAK,EAAE,SAAS,EAAE,CAAC;CACtB;AAED,eAAO,MAAM,sBAAsB,wBAAwB,CAAC;AAC5D,eAAO,MAAM,sCAAsC,uCAAuC,CAAC;AAC3F,eAAO,MAAM,iCAAiC,+BAA+B,CAAC;AAC9E,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,SAAS,CAAC;AACzD,MAAM,MAAM,aAAa,GAAG,kBAAkB,GAAG,CAAC,MAAM,GAAG;IAAE,OAAO,CAAC,EAAE,eAAe,CAAA;CAAE,CAAC,CAAC;AAE1F,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,aAAa,GAAG,oBAAoB,GAAG,UAAU,CAAC;AAErF,MAAM,WAAW,UAAU;IACvB,IAAI,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAc,SAAQ,UAAU;IAC7C,IAAI,EAAE,kBAAkB,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAqB,SAAQ,UAAU;IACpD,IAAI,EAAE,OAAO,sBAAsB,CAAC;CACvC;AAED,eAAO,MAAM,gCAAgC,2FAG5C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,4BAA4B,2FAAmC,CAAC;AAE7E;;GAEG;AACH,MAAM,WAAW,QAAS,SAAQ,UAAU;IACxC,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC;IAEpC,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACzC,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC;IAClD,CAAC,gCAAgC,CAAC,OAAO,CAAC,CAAC,EAAE,OAAO,CAAC;CACxD;AAED,oBAAY,qBAAqB;IAC7B,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,OAAO,YAAY;CACtB;AAED,MAAM,WAAW,iBAAiB;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,qBAAqB,GAAG,MAAM,CAAC;CAC1C;AAED,oBAAY,SAAS;IACjB,uDAAuD;IACvD,KAAK,UAAU;IAEf,qDAAqD;IACrD,QAAQ,aAAa;CACxB;AAED;;;;GAIG;AACH,KAAK,mBAAmB,GAAG;IACvB,IAAI,EAAE,WAAW,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;;;;GAKG;AACH,KAAK,yBAAyB,GAAG;IAC7B,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,KAAK,oBAAoB,GAAG;IACxB,IAAI,EAAE,YAAY,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,kBAAkB,GAAG,mBAAmB,GAAG,yBAAyB,GAAG,oBAAoB,CAAC;AAEjG;;;;GAIG;AACH,MAAM,MAAM,cAAc,GACpB,kBAAkB,GAClB;IAAE,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CAAE,CAAC;AAEhF;;;GAGG;AACH,MAAM,WAAW,YAAY;IACzB;;OAEG;IACH,IAAI,EAAE,kBAAkB,GAAG,eAAe,GAAG,MAAM,CAAC;IACpD;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B;;;OAGG;IACH,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC;;;;OAIG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAGD,MAAM,MAAM,YAAY,GAAG,YAAY,CAAC;AAExC,MAAM,WAAW,0BAA0B;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,aAAa,CAAC;CAC7B;AAED,MAAM,WAAW,wBAAyB,SAAQ,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;IACxE,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,yBAAyB;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAwB,SAAQ,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;IACvE,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,0BAA0B,CAAC;CACrD;AAED,MAAM,WAAW,kBAAkB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,0BAA2B,SAAQ,kBAAkB;CAAG;AAEzE,MAAM,WAAW,0BAA0B;IACvC,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,kBAAkB,CAAC;IAChC,aAAa,EAAE,0BAA0B,CAAC;CAC7C;AAED,MAAM,WAAW,yBAAyB;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC5B;AAED,MAAM,WAAW,sBAAuB,SAAQ,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;IACtE,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,GAAG,0BAA0B,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC1B;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACnC;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;CACzB"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/@types/auth.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,KAAK,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAKrD;;GAEG;AACH,MAAM,WAAW,qBAAqB;IAClC,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACzB;AAID;;GAEG;AACH,MAAM,WAAW,mBAAmB;IAChC,KAAK,EAAE,SAAS,EAAE,CAAC;CACtB;AAED,eAAO,MAAM,sBAAsB,wBAAwB,CAAC;AAC5D,eAAO,MAAM,sCAAsC,uCAAuC,CAAC;AAC3F,eAAO,MAAM,iCAAiC,+BAA+B,CAAC;AAC9E,MAAM,MAAM,kBAAkB,GAAG,WAAW,GAAG,SAAS,CAAC;AACzD,MAAM,MAAM,aAAa,GAAG,kBAAkB,GAAG,CAAC,MAAM,GAAG;IAAE,OAAO,CAAC,EAAE,eAAe,CAAA;CAAE,CAAC,CAAC;AAE1F,MAAM,MAAM,SAAS,GAAG,QAAQ,GAAG,aAAa,GAAG,oBAAoB,GAAG,UAAU,CAAC;AAErF,MAAM,WAAW,UAAU;IACvB,IAAI,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,aAAc,SAAQ,UAAU;IAC7C,IAAI,EAAE,kBAAkB,CAAC;CAC5B;AAED,MAAM,WAAW,oBAAqB,SAAQ,UAAU;IACpD,IAAI,EAAE,OAAO,sBAAsB,CAAC;CACvC;AAED,eAAO,MAAM,gCAAgC,2FAG5C,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,4BAA4B,2FAAmC,CAAC;AAE7E;;GAEG;AACH,MAAM,WAAW,QAAS,SAAQ,UAAU;IACxC,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC;IAEpC,kBAAkB,CAAC,EAAE,iBAAiB,EAAE,CAAC;IACzC,CAAC,gCAAgC,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,CAAC;IAClD,CAAC,gCAAgC,CAAC,OAAO,CAAC,CAAC,EAAE,OAAO,CAAC;CACxD;AAED,oBAAY,qBAAqB;IAC7B,MAAM,WAAW;IACjB,MAAM,WAAW;IACjB,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,OAAO,YAAY;CACtB;AAED,MAAM,WAAW,iBAAiB;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE,qBAAqB,GAAG,MAAM,CAAC;CAC1C;AAED,oBAAY,SAAS;IACjB,uDAAuD;IACvD,KAAK,UAAU;IAEf,qDAAqD;IACrD,QAAQ,aAAa;CACxB;AAED;;;;GAIG;AACH,KAAK,mBAAmB,GAAG;IACvB,IAAI,EAAE,WAAW,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;;;;GAKG;AACH,KAAK,yBAAyB,GAAG;IAC7B,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,KAAK,oBAAoB,GAAG;IACxB,IAAI,EAAE,YAAY,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,KAAK,kBAAkB,GAAG,mBAAmB,GAAG,yBAAyB,GAAG,oBAAoB,CAAC;AAEjG;;;;GAIG;AACH,MAAM,MAAM,cAAc,GACpB,kBAAkB,GAClB;IAAE,IAAI,EAAE,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;IAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CAAE,CAAC;AAEhF;;;GAGG;AACH,MAAM,WAAW,YAAY;IACzB;;OAEG;IACH,IAAI,EAAE,kBAAkB,GAAG,eAAe,GAAG,MAAM,CAAC;IACpD;;;;;OAKG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;OAEG;IACH,UAAU,CAAC,EAAE,cAAc,CAAC;IAC5B;;;OAGG;IACH,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC;;;;OAIG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACtB;AAGD,MAAM,MAAM,YAAY,GAAG,YAAY,CAAC;AAExC,MAAM,WAAW,0BAA0B;IACvC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,aAAa,CAAC;CAC7B;AAED,MAAM,WAAW,wBAAyB,SAAQ,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;IACxE,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,yBAAyB;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,uBAAwB,SAAQ,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;IACvE,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oBAAoB,CAAC,EAAE,0BAA0B,CAAC;CACrD;AAED,MAAM,WAAW,kBAAkB;IAC/B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,0BAA2B,SAAQ,kBAAkB;CAAG;AAEzE,MAAM,WAAW,0BAA0B;IACvC,gBAAgB,EAAE,MAAM,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,kBAAkB,CAAC;IAChC,aAAa,EAAE,0BAA0B,CAAC;CAC7C;AAED,MAAM,WAAW,yBAAyB;IACtC,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1C;AAED,UAAU,qBAAqB;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE;QACV,EAAE,EAAE,MAAM,CAAC;QACX,kBAAkB,EAAE,qBAAqB,EAAE,CAAC;QAC5C,cAAc,EAAE,MAAM,EAAE,CAAC;QACzB,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;KAC3C,CAAC;CACL;AAED,MAAM,WAAW,sBAAsB;IACnC,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,sBAAsB;IACnC,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC5B,KAAK,EAAE,OAAO,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,qBAAqB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,sBAAuB,SAAQ,IAAI,CAAC,YAAY,EAAE,MAAM,CAAC;IACtE,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,GAAG,0BAA0B,CAAC;IAC/C,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,WAAW,aAAa;IAC1B;;;OAGG;IACH,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAClB;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;OAKG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;OAIG;IACH,UAAU,CAAC,EAAE,gBAAgB,CAAC;IAC9B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACnC;;OAEG;IACH,WAAW,EAAE,MAAM,CAAC;IACpB;;OAEG;IACH,aAAa,EAAE,MAAM,CAAC;CACzB"}

package/lib/@types/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","names":["UnstableValue","XRPL_WALLET_LOGIN_TYPE","WALLET_E2EE_RECOVERY_ACCOUNT_DATA_TYPE","WALLET_IDENTITY_ACCOUNT_DATA_TYPE","OAUTH_AWARE_PREFERRED_FLOW_FIELD","DELEGATED_OIDC_COMPATIBILITY","IdentityProviderBrand","SSOAction"],"sources":["../../src/@types/auth.ts"],"sourcesContent":["/*\nCopyright 2022 The Matrix.org Foundation C.I.C.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n*/\n\nimport { UnstableValue } from \"../NamespacedValue.ts\";\nimport { type IClientWellKnown } from \"../client.ts\";\n\n// disable lint because these are wire responses\n/* eslint-disable camelcase */\n\n/**\n * Represents a response to the CSAPI `/refresh` endpoint.\n */\nexport interface IRefreshTokenResponse {\n    access_token: string;\n    expires_in_ms: number;\n    refresh_token: string;\n}\n\n/* eslint-enable camelcase */\n\n/**\n * Response to GET login flows as per https://spec.matrix.org/v1.3/client-server-api/#get_matrixclientv3login\n */\nexport interface ILoginFlowsResponse {\n    flows: LoginFlow[];\n}\n\nexport const XRPL_WALLET_LOGIN_TYPE = \"io.briij.login.xrpl\";\nexport const WALLET_E2EE_RECOVERY_ACCOUNT_DATA_TYPE = \"org.textrp.wallet.e2ee_recovery.v1\";\nexport const WALLET_IDENTITY_ACCOUNT_DATA_TYPE = \"org.textrp.wallet.identity\";\nexport type KnownXrplAlgorithm = \"secp256k1\" | \"ed25519\";\nexport type XrplAlgorithm = KnownXrplAlgorithm | (string & { __brand?: \"XrplAlgorithm\" });\n\nexport type LoginFlow = ISSOFlow | IPasswordFlow | IXrplWalletLoginFlow | ILoginFlow;\n\nexport interface ILoginFlow {\n    type: string;\n}\n\nexport interface IPasswordFlow extends ILoginFlow {\n    type: \"m.login.password\";\n}\n\nexport interface IXrplWalletLoginFlow extends ILoginFlow {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n}\n\nexport const OAUTH_AWARE_PREFERRED_FLOW_FIELD = new UnstableValue(\n    \"oauth_aware_preferred\",\n    \"org.matrix.msc3824.delegated_oidc_compatibility\",\n);\n\n/**\n * @alias\n * @deprecated use `OAUTH_AWARE_PREFERRED_FLOW_FIELD` instead.\n */\nexport const DELEGATED_OIDC_COMPATIBILITY = OAUTH_AWARE_PREFERRED_FLOW_FIELD;\n\n/**\n * Representation of SSO flow as per https://spec.matrix.org/v1.3/client-server-api/#client-login-via-sso\n */\nexport interface ISSOFlow extends ILoginFlow {\n    type: \"m.login.sso\" | \"m.login.cas\";\n    // eslint-disable-next-line camelcase\n    identity_providers?: IIdentityProvider[];\n    [OAUTH_AWARE_PREFERRED_FLOW_FIELD.name]?: boolean;\n    [OAUTH_AWARE_PREFERRED_FLOW_FIELD.altName]?: boolean;\n}\n\nexport enum IdentityProviderBrand {\n    Gitlab = \"gitlab\",\n    Github = \"github\",\n    Apple = \"apple\",\n    Google = \"google\",\n    Facebook = \"facebook\",\n    Twitter = \"twitter\",\n}\n\nexport interface IIdentityProvider {\n    id: string;\n    name: string;\n    icon?: string;\n    brand?: IdentityProviderBrand | string;\n}\n\nexport enum SSOAction {\n    /** The user intends to login to an existing account */\n    LOGIN = \"login\",\n\n    /** The user intends to register for a new account */\n    REGISTER = \"register\",\n}\n\n/**\n * A client can identify a user using their Matrix ID.\n * This can either be the fully qualified Matrix user ID, or just the localpart of the user ID.\n * @see https://spec.matrix.org/v1.7/client-server-api/#matrix-user-id\n */\ntype UserLoginIdentifier = {\n    type: \"m.id.user\";\n    user: string;\n};\n\n/**\n * A client can identify a user using a 3PID associated with the user’s account on the homeserver,\n * where the 3PID was previously associated using the /account/3pid API.\n * See the 3PID Types Appendix for a list of Third-party ID media.\n * @see https://spec.matrix.org/v1.7/client-server-api/#third-party-id\n */\ntype ThirdPartyLoginIdentifier = {\n    type: \"m.id.thirdparty\";\n    medium: string;\n    address: string;\n};\n\n/**\n * A client can identify a user using a phone number associated with the user’s account,\n * where the phone number was previously associated using the /account/3pid API.\n * The phone number can be passed in as entered by the user; the homeserver will be responsible for canonicalising it.\n * If the client wishes to canonicalise the phone number,\n * then it can use the m.id.thirdparty identifier type with a medium of msisdn instead.\n *\n * The country is the two-letter uppercase ISO-3166-1 alpha-2 country code that the number in phone should be parsed as if it were dialled from.\n *\n * @see https://spec.matrix.org/v1.7/client-server-api/#phone-number\n */\ntype PhoneLoginIdentifier = {\n    type: \"m.id.phone\";\n    country: string;\n    phone: string;\n};\n\ntype SpecUserIdentifier = UserLoginIdentifier | ThirdPartyLoginIdentifier | PhoneLoginIdentifier;\n\n/**\n * User Identifiers usable for login & user-interactive authentication.\n *\n * Extensibly allows more than Matrix specified identifiers.\n */\nexport type UserIdentifier =\n    | SpecUserIdentifier\n    | { type: Exclude<string, SpecUserIdentifier[\"type\"]>; [key: string]: any };\n\n/**\n * Request body for POST /login request\n * @see https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3login\n */\nexport interface LoginRequest {\n    /**\n     * The login type being used.\n     */\n    type: \"m.login.password\" | \"m.login.token\" | string;\n    /**\n     * ID of the client device.\n     * If this does not correspond to a known client device, a new device will be created.\n     * The given device ID must not be the same as a cross-signing key ID.\n     * The server will auto-generate a device_id if this is not specified.\n     */\n    device_id?: string;\n    /**\n     * Identification information for a user\n     */\n    identifier?: UserIdentifier;\n    /**\n     * A display name to assign to the newly-created device.\n     * Ignored if device_id corresponds to a known device.\n     */\n    initial_device_display_name?: string;\n    /**\n     * When logging in using a third-party identifier, the medium of the identifier.\n     * Must be `email`.\n     * @deprecated in favour of `identifier`.\n     */\n    medium?: \"email\";\n    /**\n     * Required when type is `m.login.password`. The user’s password.\n     */\n    password?: string;\n    /**\n     * If true, the client supports refresh tokens.\n     */\n    refresh_token?: boolean;\n    /**\n     * Required when type is `m.login.token`. Part of Token-based login.\n     */\n    token?: string;\n    /**\n     * The fully qualified user ID or just local part of the user ID, to log in.\n     * @deprecated in favour of identifier.\n     */\n    user?: string;\n    // Extensible\n    [key: string]: any;\n}\n\n// Export for backwards compatibility\nexport type ILoginParams = LoginRequest;\n\nexport interface XrplWalletChallengePayload {\n    session?: string;\n    nonce: string;\n    timestamp: number | string;\n    message: string;\n    public_key: string;\n    algorithm?: XrplAlgorithm;\n}\n\nexport interface XrplAuthChallengeRequest extends Omit<LoginRequest, \"type\"> {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n    address: string;\n    network: string;\n    preferred_localpart?: string;\n    username?: string;\n    display_name?: string;\n}\n\nexport interface XrplAuthChallengeResponse {\n    session: string;\n    challenge: string;\n}\n\nexport interface XrplAuthCompleteRequest extends Omit<LoginRequest, \"type\"> {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n    session: string;\n    address: string;\n    signature: string;\n    public_key?: string;\n    network?: string;\n    wallet_e2ee_recovery?: WalletE2eeRecoveryEnvelope;\n}\n\nexport interface WalletRecoveryWrap {\n    alg: string;\n    kdf: string;\n    salt: string;\n    nonce: string;\n    ciphertext: string;\n    aad?: string;\n    params?: Record<string, unknown>;\n}\n\nexport interface WalletRecoveryPasswordWrap extends WalletRecoveryWrap {}\n\nexport interface WalletE2eeRecoveryEnvelope {\n    envelope_version: number;\n    chain_id: string;\n    account_id: string;\n    created_at_ms: number;\n    key_id: string;\n    wallet_wrap: WalletRecoveryWrap;\n    password_wrap: WalletRecoveryPasswordWrap;\n}\n\nexport interface WalletIdentityAccountData {\n    chain_id: string;\n    account_id: string;\n    public_key?: string | null;\n    network?: string | null;\n    key_type?: string | null;\n}\n\nexport interface XrplWalletLoginRequest extends Omit<LoginRequest, \"type\"> {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n    address: string;\n    signature: string;\n    challenge: string | XrplWalletChallengePayload;\n    network?: string;\n}\n\n/**\n * Response body for POST /login request\n * @see https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3login\n */\nexport interface LoginResponse {\n    /**\n     * An access token for the account.\n     * This access token can then be used to authorize other requests.\n     */\n    access_token: string;\n    /**\n     * ID of the logged-in device.\n     * Will be the same as the corresponding parameter in the request, if one was specified.\n     */\n    device_id: string;\n    /**\n     * The fully-qualified Matrix ID for the account.\n     */\n    user_id: string;\n    /**\n     * The lifetime of the access token, in milliseconds.\n     * Once the access token has expired a new access token can be obtained by using the provided refresh token.\n     * If no refresh token is provided, the client will need to re-log in to obtain a new access token.\n     * If not given, the client can assume that the access token will not expire.\n     */\n    expires_in_ms?: number;\n    /**\n     * A refresh token for the account.\n     * This token can be used to obtain a new access token when it expires by calling the /refresh endpoint.\n     */\n    refresh_token?: string;\n    /**\n     * Optional client configuration provided by the server.\n     * If present, clients SHOULD use the provided object to reconfigure themselves, optionally validating the URLs within.\n     * This object takes the same form as the one returned from .well-known autodiscovery.\n     */\n    well_known?: IClientWellKnown;\n    /**\n     * The server_name of the homeserver on which the account has been registered.\n     * @deprecated Clients should extract the server_name from user_id (by splitting at the first colon) if they require it.\n     */\n    home_server?: string;\n}\n\n/**\n * The result of a successful `m.login.token` issuance request as per https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv1loginget_token\n */\nexport interface LoginTokenPostResponse {\n    /**\n     * The token to use with `m.login.token` to authenticate.\n     */\n    login_token: string;\n    /**\n     * Expiration in milliseconds.\n     */\n    expires_in_ms: number;\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,aAAa,QAAQ,uBAAuB;;AAGrD;AACA;;AAEA;AACA;AACA;;AAOA;;AAEA;AACA;AACA;;AAKA,OAAO,IAAMC,sBAAsB,GAAG,qBAAqB;AAC3D,OAAO,IAAMC,sCAAsC,GAAG,oCAAoC;AAC1F,OAAO,IAAMC,iCAAiC,GAAG,4BAA4B;AAkB7E,OAAO,IAAMC,gCAAgC,GAAG,IAAIJ,aAAa,CAC7D,uBAAuB,EACvB,iDACJ,CAAC;;AAED;AACA;AACA;AACA;AACA,OAAO,IAAMK,4BAA4B,GAAGD,gCAAgC;;AAE5E;AACA;AACA;;AASA,WAAYE,qBAAqB,0BAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAAA,OAArBA,qBAAqB;AAAA;AAgBjC,WAAYC,SAAS,0BAATA,SAAS;EACjB;EADQA,SAAS;EAIjB;EAJQA,SAAS;EAAA,OAATA,SAAS;AAAA;;AAQrB;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;;AAiDA;;AA0EA;AACA;AACA;AACA;;AAyCA;AACA;AACA","ignoreList":[]}
+{"version":3,"file":"auth.js","names":["UnstableValue","XRPL_WALLET_LOGIN_TYPE","WALLET_E2EE_RECOVERY_ACCOUNT_DATA_TYPE","WALLET_IDENTITY_ACCOUNT_DATA_TYPE","OAUTH_AWARE_PREFERRED_FLOW_FIELD","DELEGATED_OIDC_COMPATIBILITY","IdentityProviderBrand","SSOAction"],"sources":["../../src/@types/auth.ts"],"sourcesContent":["/*\nCopyright 2022 The Matrix.org Foundation C.I.C.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n*/\n\nimport { UnstableValue } from \"../NamespacedValue.ts\";\nimport { type IClientWellKnown } from \"../client.ts\";\n\n// disable lint because these are wire responses\n/* eslint-disable camelcase */\n\n/**\n * Represents a response to the CSAPI `/refresh` endpoint.\n */\nexport interface IRefreshTokenResponse {\n    access_token: string;\n    expires_in_ms: number;\n    refresh_token: string;\n}\n\n/* eslint-enable camelcase */\n\n/**\n * Response to GET login flows as per https://spec.matrix.org/v1.3/client-server-api/#get_matrixclientv3login\n */\nexport interface ILoginFlowsResponse {\n    flows: LoginFlow[];\n}\n\nexport const XRPL_WALLET_LOGIN_TYPE = \"io.briij.login.xrpl\";\nexport const WALLET_E2EE_RECOVERY_ACCOUNT_DATA_TYPE = \"org.textrp.wallet.e2ee_recovery.v1\";\nexport const WALLET_IDENTITY_ACCOUNT_DATA_TYPE = \"org.textrp.wallet.identity\";\nexport type KnownXrplAlgorithm = \"secp256k1\" | \"ed25519\";\nexport type XrplAlgorithm = KnownXrplAlgorithm | (string & { __brand?: \"XrplAlgorithm\" });\n\nexport type LoginFlow = ISSOFlow | IPasswordFlow | IXrplWalletLoginFlow | ILoginFlow;\n\nexport interface ILoginFlow {\n    type: string;\n}\n\nexport interface IPasswordFlow extends ILoginFlow {\n    type: \"m.login.password\";\n}\n\nexport interface IXrplWalletLoginFlow extends ILoginFlow {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n}\n\nexport const OAUTH_AWARE_PREFERRED_FLOW_FIELD = new UnstableValue(\n    \"oauth_aware_preferred\",\n    \"org.matrix.msc3824.delegated_oidc_compatibility\",\n);\n\n/**\n * @alias\n * @deprecated use `OAUTH_AWARE_PREFERRED_FLOW_FIELD` instead.\n */\nexport const DELEGATED_OIDC_COMPATIBILITY = OAUTH_AWARE_PREFERRED_FLOW_FIELD;\n\n/**\n * Representation of SSO flow as per https://spec.matrix.org/v1.3/client-server-api/#client-login-via-sso\n */\nexport interface ISSOFlow extends ILoginFlow {\n    type: \"m.login.sso\" | \"m.login.cas\";\n    // eslint-disable-next-line camelcase\n    identity_providers?: IIdentityProvider[];\n    [OAUTH_AWARE_PREFERRED_FLOW_FIELD.name]?: boolean;\n    [OAUTH_AWARE_PREFERRED_FLOW_FIELD.altName]?: boolean;\n}\n\nexport enum IdentityProviderBrand {\n    Gitlab = \"gitlab\",\n    Github = \"github\",\n    Apple = \"apple\",\n    Google = \"google\",\n    Facebook = \"facebook\",\n    Twitter = \"twitter\",\n}\n\nexport interface IIdentityProvider {\n    id: string;\n    name: string;\n    icon?: string;\n    brand?: IdentityProviderBrand | string;\n}\n\nexport enum SSOAction {\n    /** The user intends to login to an existing account */\n    LOGIN = \"login\",\n\n    /** The user intends to register for a new account */\n    REGISTER = \"register\",\n}\n\n/**\n * A client can identify a user using their Matrix ID.\n * This can either be the fully qualified Matrix user ID, or just the localpart of the user ID.\n * @see https://spec.matrix.org/v1.7/client-server-api/#matrix-user-id\n */\ntype UserLoginIdentifier = {\n    type: \"m.id.user\";\n    user: string;\n};\n\n/**\n * A client can identify a user using a 3PID associated with the user’s account on the homeserver,\n * where the 3PID was previously associated using the /account/3pid API.\n * See the 3PID Types Appendix for a list of Third-party ID media.\n * @see https://spec.matrix.org/v1.7/client-server-api/#third-party-id\n */\ntype ThirdPartyLoginIdentifier = {\n    type: \"m.id.thirdparty\";\n    medium: string;\n    address: string;\n};\n\n/**\n * A client can identify a user using a phone number associated with the user’s account,\n * where the phone number was previously associated using the /account/3pid API.\n * The phone number can be passed in as entered by the user; the homeserver will be responsible for canonicalising it.\n * If the client wishes to canonicalise the phone number,\n * then it can use the m.id.thirdparty identifier type with a medium of msisdn instead.\n *\n * The country is the two-letter uppercase ISO-3166-1 alpha-2 country code that the number in phone should be parsed as if it were dialled from.\n *\n * @see https://spec.matrix.org/v1.7/client-server-api/#phone-number\n */\ntype PhoneLoginIdentifier = {\n    type: \"m.id.phone\";\n    country: string;\n    phone: string;\n};\n\ntype SpecUserIdentifier = UserLoginIdentifier | ThirdPartyLoginIdentifier | PhoneLoginIdentifier;\n\n/**\n * User Identifiers usable for login & user-interactive authentication.\n *\n * Extensibly allows more than Matrix specified identifiers.\n */\nexport type UserIdentifier =\n    | SpecUserIdentifier\n    | { type: Exclude<string, SpecUserIdentifier[\"type\"]>; [key: string]: any };\n\n/**\n * Request body for POST /login request\n * @see https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3login\n */\nexport interface LoginRequest {\n    /**\n     * The login type being used.\n     */\n    type: \"m.login.password\" | \"m.login.token\" | string;\n    /**\n     * ID of the client device.\n     * If this does not correspond to a known client device, a new device will be created.\n     * The given device ID must not be the same as a cross-signing key ID.\n     * The server will auto-generate a device_id if this is not specified.\n     */\n    device_id?: string;\n    /**\n     * Identification information for a user\n     */\n    identifier?: UserIdentifier;\n    /**\n     * A display name to assign to the newly-created device.\n     * Ignored if device_id corresponds to a known device.\n     */\n    initial_device_display_name?: string;\n    /**\n     * When logging in using a third-party identifier, the medium of the identifier.\n     * Must be `email`.\n     * @deprecated in favour of `identifier`.\n     */\n    medium?: \"email\";\n    /**\n     * Required when type is `m.login.password`. The user’s password.\n     */\n    password?: string;\n    /**\n     * If true, the client supports refresh tokens.\n     */\n    refresh_token?: boolean;\n    /**\n     * Required when type is `m.login.token`. Part of Token-based login.\n     */\n    token?: string;\n    /**\n     * The fully qualified user ID or just local part of the user ID, to log in.\n     * @deprecated in favour of identifier.\n     */\n    user?: string;\n    // Extensible\n    [key: string]: any;\n}\n\n// Export for backwards compatibility\nexport type ILoginParams = LoginRequest;\n\nexport interface XrplWalletChallengePayload {\n    session?: string;\n    nonce: string;\n    timestamp: number | string;\n    message: string;\n    public_key: string;\n    algorithm?: XrplAlgorithm;\n}\n\nexport interface XrplAuthChallengeRequest extends Omit<LoginRequest, \"type\"> {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n    address: string;\n    network: string;\n    preferred_localpart?: string;\n    username?: string;\n    display_name?: string;\n}\n\nexport interface XrplAuthChallengeResponse {\n    session: string;\n    challenge: string;\n}\n\nexport interface XrplAuthCompleteRequest extends Omit<LoginRequest, \"type\"> {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n    session: string;\n    address: string;\n    signature: string;\n    public_key?: string;\n    network?: string;\n    wallet_e2ee_recovery?: WalletE2eeRecoveryEnvelope;\n}\n\nexport interface WalletRecoveryWrap {\n    alg: string;\n    kdf: string;\n    salt: string;\n    nonce: string;\n    ciphertext: string;\n    aad?: string;\n    params?: Record<string, unknown>;\n}\n\nexport interface WalletRecoveryPasswordWrap extends WalletRecoveryWrap {}\n\nexport interface WalletE2eeRecoveryEnvelope {\n    envelope_version: number;\n    chain_id: string;\n    account_id: string;\n    created_at_ms: number;\n    key_id: string;\n    wallet_wrap: WalletRecoveryWrap;\n    password_wrap: WalletRecoveryPasswordWrap;\n}\n\nexport interface WalletIdentityAccountData {\n    chain_id: string;\n    account_id: string;\n    public_key?: string | null;\n    network?: string | null;\n    key_type?: string | null;\n    did_uri?: string | null;\n    credential_id?: string | null;\n    e2ee_pubkey_commitment?: string | null;\n}\n\ninterface DidVerificationMethod {\n    id: string;\n    type: string;\n    controller: string;\n    publicKeyMultibase?: string;\n    blockchainAccountId?: string;\n}\n\nexport interface DidResolutionResult {\n    did_uri: string;\n    resolution_type?: string;\n    did_document: {\n        id: string;\n        verificationMethod: DidVerificationMethod[];\n        authentication: string[];\n        service?: Array<Record<string, string>>;\n    };\n}\n\nexport interface CredentialCreateResult {\n    credential_id: string;\n    status: string;\n}\n\nexport interface CredentialVerifyResult {\n    credential_id: string;\n    valid: boolean;\n}\n\nexport interface ZkpVerifyResult {\n    valid: boolean;\n    verified_at?: number;\n    reason?: string;\n}\n\nexport interface DidCredentialMetadata {\n    didUri: string;\n    credentialId: string;\n    issuedAt: number;\n}\n\nexport interface XrplWalletLoginRequest extends Omit<LoginRequest, \"type\"> {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n    address: string;\n    signature: string;\n    challenge: string | XrplWalletChallengePayload;\n    network?: string;\n}\n\n/**\n * Response body for POST /login request\n * @see https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv3login\n */\nexport interface LoginResponse {\n    /**\n     * An access token for the account.\n     * This access token can then be used to authorize other requests.\n     */\n    access_token: string;\n    /**\n     * ID of the logged-in device.\n     * Will be the same as the corresponding parameter in the request, if one was specified.\n     */\n    device_id: string;\n    /**\n     * The fully-qualified Matrix ID for the account.\n     */\n    user_id: string;\n    /**\n     * The lifetime of the access token, in milliseconds.\n     * Once the access token has expired a new access token can be obtained by using the provided refresh token.\n     * If no refresh token is provided, the client will need to re-log in to obtain a new access token.\n     * If not given, the client can assume that the access token will not expire.\n     */\n    expires_in_ms?: number;\n    /**\n     * A refresh token for the account.\n     * This token can be used to obtain a new access token when it expires by calling the /refresh endpoint.\n     */\n    refresh_token?: string;\n    /**\n     * Optional client configuration provided by the server.\n     * If present, clients SHOULD use the provided object to reconfigure themselves, optionally validating the URLs within.\n     * This object takes the same form as the one returned from .well-known autodiscovery.\n     */\n    well_known?: IClientWellKnown;\n    /**\n     * The server_name of the homeserver on which the account has been registered.\n     * @deprecated Clients should extract the server_name from user_id (by splitting at the first colon) if they require it.\n     */\n    home_server?: string;\n}\n\n/**\n * The result of a successful `m.login.token` issuance request as per https://spec.matrix.org/v1.7/client-server-api/#post_matrixclientv1loginget_token\n */\nexport interface LoginTokenPostResponse {\n    /**\n     * The token to use with `m.login.token` to authenticate.\n     */\n    login_token: string;\n    /**\n     * Expiration in milliseconds.\n     */\n    expires_in_ms: number;\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,aAAa,QAAQ,uBAAuB;;AAGrD;AACA;;AAEA;AACA;AACA;;AAOA;;AAEA;AACA;AACA;;AAKA,OAAO,IAAMC,sBAAsB,GAAG,qBAAqB;AAC3D,OAAO,IAAMC,sCAAsC,GAAG,oCAAoC;AAC1F,OAAO,IAAMC,iCAAiC,GAAG,4BAA4B;AAkB7E,OAAO,IAAMC,gCAAgC,GAAG,IAAIJ,aAAa,CAC7D,uBAAuB,EACvB,iDACJ,CAAC;;AAED;AACA;AACA;AACA;AACA,OAAO,IAAMK,4BAA4B,GAAGD,gCAAgC;;AAE5E;AACA;AACA;;AASA,WAAYE,qBAAqB,0BAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAArBA,qBAAqB;EAAA,OAArBA,qBAAqB;AAAA;AAgBjC,WAAYC,SAAS,0BAATA,SAAS;EACjB;EADQA,SAAS;EAIjB;EAJQA,SAAS;EAAA,OAATA,SAAS;AAAA;;AAQrB;AACA;AACA;AACA;AACA;;AAMA;AACA;AACA;AACA;AACA;AACA;;AAOA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AASA;AACA;AACA;AACA;AACA;;AAKA;AACA;AACA;AACA;;AAiDA;;AAsHA;AACA;AACA;AACA;;AAyCA;AACA;AACA","ignoreList":[]}

package/lib/@types/snarkjs.d.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"snarkjs.d.js","names":[],"sources":["../../src/@types/snarkjs.d.ts"],"sourcesContent":["declare module \"snarkjs\" {\n    export const groth16: {\n        fullProve: (\n            input: Record<string, string>,\n            wasmPath: string,\n            zkeyPath: string,\n        ) => Promise<{\n            proof: Record<string, unknown>;\n            publicSignals: string[] | Record<string, string>;\n        }>;\n        verify: (\n            verificationKey: Record<string, unknown>,\n            publicSignals: string[] | Record<string, string>,\n            proof: Record<string, unknown>,\n        ) => Promise<boolean>;\n    };\n}\n"],"mappings":"","ignoreList":[]}

package/lib/auth/credential.d.ts

@@ -0,0 +1,25 @@
+export interface CredentialCreateRequest {
+    did_uri: string;
+    subject: string;
+    e2ee_pubkey_commitment: string;
+}
+export interface CredentialCreateResponse {
+    credential_id: string;
+    status: string;
+}
+export interface CredentialVerifyResponse {
+    credential_id: string;
+    valid: boolean;
+}
+export interface DidCredentialMetadata {
+    didUri: string;
+    credentialId: string;
+    issuedAt: number;
+}
+export declare function requestCredentialCreate(requester: (path: string, method: "POST", body: CredentialCreateRequest) => Promise<CredentialCreateResponse>, payload: CredentialCreateRequest): Promise<CredentialCreateResponse>;
+export declare function verifyCredential(requester: (path: string, method: "POST", body: {
+    credential_id: string;
+}) => Promise<CredentialVerifyResponse>, credentialId: string): Promise<CredentialVerifyResponse>;
+export declare function storeDidCredentialMetadata(userId: string, metadata: DidCredentialMetadata): void;
+export declare function loadDidCredentialMetadata(userId: string): DidCredentialMetadata | null;
+//# sourceMappingURL=credential.d.ts.map

package/lib/auth/credential.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential.d.ts","sourceRoot":"","sources":["../../src/auth/credential.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,uBAAuB;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,sBAAsB,EAAE,MAAM,CAAC;CAClC;AAED,MAAM,WAAW,wBAAwB;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,wBAAwB;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,qBAAqB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CACpB;AAKD,wBAAsB,uBAAuB,CACzC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,uBAAuB,KAAK,OAAO,CAAC,wBAAwB,CAAC,EAC7G,OAAO,EAAE,uBAAuB,GACjC,OAAO,CAAC,wBAAwB,CAAC,CAEnC;AAED,wBAAsB,gBAAgB,CAClC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE;IAAE,aAAa,EAAE,MAAM,CAAA;CAAE,KAAK,OAAO,CAAC,wBAAwB,CAAC,EAC/G,YAAY,EAAE,MAAM,GACrB,OAAO,CAAC,wBAAwB,CAAC,CAEnC;AAED,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,qBAAqB,GAAG,IAAI,CAKhG;AAED,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,qBAAqB,GAAG,IAAI,CAMtF"}

package/lib/auth/credential.js

@@ -0,0 +1,48 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+var METADATA_KEY = "briij.did_credential_metadata";
+var memoryMetadata = new Map();
+export function requestCredentialCreate(_x, _x2) {
+  return _requestCredentialCreate.apply(this, arguments);
+}
+function _requestCredentialCreate() {
+  _requestCredentialCreate = _asyncToGenerator(function* (requester, payload) {
+    return requester("/credential/create", "POST", payload);
+  });
+  return _requestCredentialCreate.apply(this, arguments);
+}
+export function verifyCredential(_x3, _x4) {
+  return _verifyCredential.apply(this, arguments);
+}
+function _verifyCredential() {
+  _verifyCredential = _asyncToGenerator(function* (requester, credentialId) {
+    return requester("/credential/verify", "POST", {
+      credential_id: credentialId
+    });
+  });
+  return _verifyCredential.apply(this, arguments);
+}
+export function storeDidCredentialMetadata(userId, metadata) {
+  memoryMetadata.set(userId, metadata);
+  if (globalThis.localStorage) {
+    globalThis.localStorage.setItem("".concat(METADATA_KEY, ":").concat(userId), JSON.stringify(metadata));
+  }
+}
+export function loadDidCredentialMetadata(userId) {
+  var _globalThis$localStor;
+  var fromMemory = memoryMetadata.get(userId);
+  if (fromMemory) return fromMemory;
+  var raw = (_globalThis$localStor = globalThis.localStorage) === null || _globalThis$localStor === void 0 ? void 0 : _globalThis$localStor.getItem("".concat(METADATA_KEY, ":").concat(userId));
+  if (!raw) return null;
+  return JSON.parse(raw);
+}
+//# sourceMappingURL=credential.js.map

package/lib/auth/credential.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential.js","names":["METADATA_KEY","memoryMetadata","Map","requestCredentialCreate","_x","_x2","_requestCredentialCreate","apply","arguments","_asyncToGenerator","requester","payload","verifyCredential","_x3","_x4","_verifyCredential","credentialId","credential_id","storeDidCredentialMetadata","userId","metadata","set","globalThis","localStorage","setItem","concat","JSON","stringify","loadDidCredentialMetadata","_globalThis$localStor","fromMemory","get","raw","getItem","parse"],"sources":["../../src/auth/credential.ts"],"sourcesContent":["/*\nCopyright 2026 Xurge Digital Lab\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n*/\n\nexport interface CredentialCreateRequest {\n    did_uri: string;\n    subject: string;\n    e2ee_pubkey_commitment: string;\n}\n\nexport interface CredentialCreateResponse {\n    credential_id: string;\n    status: string;\n}\n\nexport interface CredentialVerifyResponse {\n    credential_id: string;\n    valid: boolean;\n}\n\nexport interface DidCredentialMetadata {\n    didUri: string;\n    credentialId: string;\n    issuedAt: number;\n}\n\nconst METADATA_KEY = \"briij.did_credential_metadata\";\nconst memoryMetadata = new Map<string, DidCredentialMetadata>();\n\nexport async function requestCredentialCreate(\n    requester: (path: string, method: \"POST\", body: CredentialCreateRequest) => Promise<CredentialCreateResponse>,\n    payload: CredentialCreateRequest,\n): Promise<CredentialCreateResponse> {\n    return requester(\"/credential/create\", \"POST\", payload);\n}\n\nexport async function verifyCredential(\n    requester: (path: string, method: \"POST\", body: { credential_id: string }) => Promise<CredentialVerifyResponse>,\n    credentialId: string,\n): Promise<CredentialVerifyResponse> {\n    return requester(\"/credential/verify\", \"POST\", { credential_id: credentialId });\n}\n\nexport function storeDidCredentialMetadata(userId: string, metadata: DidCredentialMetadata): void {\n    memoryMetadata.set(userId, metadata);\n    if (globalThis.localStorage) {\n        globalThis.localStorage.setItem(`${METADATA_KEY}:${userId}`, JSON.stringify(metadata));\n    }\n}\n\nexport function loadDidCredentialMetadata(userId: string): DidCredentialMetadata | null {\n    const fromMemory = memoryMetadata.get(userId);\n    if (fromMemory) return fromMemory;\n    const raw = globalThis.localStorage?.getItem(`${METADATA_KEY}:${userId}`);\n    if (!raw) return null;\n    return JSON.parse(raw) as DidCredentialMetadata;\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAwBA,IAAMA,YAAY,GAAG,+BAA+B;AACpD,IAAMC,cAAc,GAAG,IAAIC,GAAG,CAAgC,CAAC;AAE/D,gBAAsBC,uBAAuBA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAK5C,SAAAF,yBAAA;EAAAA,wBAAA,GAAAG,iBAAA,CALM,WACHC,SAA6G,EAC7GC,OAAgC,EACC;IACjC,OAAOD,SAAS,CAAC,oBAAoB,EAAE,MAAM,EAAEC,OAAO,CAAC;EAC3D,CAAC;EAAA,OAAAL,wBAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,gBAAsBI,gBAAgBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,iBAAA,CAAAR,KAAA,OAAAC,SAAA;AAAA;AAKrC,SAAAO,kBAAA;EAAAA,iBAAA,GAAAN,iBAAA,CALM,WACHC,SAA+G,EAC/GM,YAAoB,EACa;IACjC,OAAON,SAAS,CAAC,oBAAoB,EAAE,MAAM,EAAE;MAAEO,aAAa,EAAED;IAAa,CAAC,CAAC;EACnF,CAAC;EAAA,OAAAD,iBAAA,CAAAR,KAAA,OAAAC,SAAA;AAAA;AAED,OAAO,SAASU,0BAA0BA,CAACC,MAAc,EAAEC,QAA+B,EAAQ;EAC9FnB,cAAc,CAACoB,GAAG,CAACF,MAAM,EAAEC,QAAQ,CAAC;EACpC,IAAIE,UAAU,CAACC,YAAY,EAAE;IACzBD,UAAU,CAACC,YAAY,CAACC,OAAO,IAAAC,MAAA,CAAIzB,YAAY,OAAAyB,MAAA,CAAIN,MAAM,GAAIO,IAAI,CAACC,SAAS,CAACP,QAAQ,CAAC,CAAC;EAC1F;AACJ;AAEA,OAAO,SAASQ,yBAAyBA,CAACT,MAAc,EAAgC;EAAA,IAAAU,qBAAA;EACpF,IAAMC,UAAU,GAAG7B,cAAc,CAAC8B,GAAG,CAACZ,MAAM,CAAC;EAC7C,IAAIW,UAAU,EAAE,OAAOA,UAAU;EACjC,IAAME,GAAG,IAAAH,qBAAA,GAAGP,UAAU,CAACC,YAAY,cAAAM,qBAAA,uBAAvBA,qBAAA,CAAyBI,OAAO,IAAAR,MAAA,CAAIzB,YAAY,OAAAyB,MAAA,CAAIN,MAAM,CAAE,CAAC;EACzE,IAAI,CAACa,GAAG,EAAE,OAAO,IAAI;EACrB,OAAON,IAAI,CAACQ,KAAK,CAACF,GAAG,CAAC;AAC1B","ignoreList":[]}

package/lib/auth/did.d.ts

@@ -0,0 +1,22 @@
+export interface DidVerificationMethod {
+    id: string;
+    type: string;
+    controller: string;
+    publicKeyMultibase?: string;
+    blockchainAccountId?: string;
+}
+export interface DidDocumentShape {
+    id: string;
+    verificationMethod: DidVerificationMethod[];
+    authentication: string[];
+    service?: Array<Record<string, string>>;
+}
+export interface DidResolutionResponse {
+    did_uri: string;
+    resolution_type?: string;
+    did_document: DidDocumentShape;
+}
+export declare function deriveXrplDid(address: string, network?: "testnet" | "mainnet"): string;
+export declare function createMinimalDidDocument(didUri: string, e2eePubkeyCommitment: string): DidDocumentShape;
+export declare function resolveDidViaHomeserver(requester: (path: string, method: "GET") => Promise<DidResolutionResponse>, account: string): Promise<DidResolutionResponse>;
+//# sourceMappingURL=did.d.ts.map

package/lib/auth/did.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"did.d.ts","sourceRoot":"","sources":["../../src/auth/did.ts"],"names":[],"mappings":"AAYA,MAAM,WAAW,qBAAqB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,MAAM,WAAW,gBAAgB;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,kBAAkB,EAAE,qBAAqB,EAAE,CAAC;IAC5C,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,OAAO,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC3C;AAED,MAAM,WAAW,qBAAqB;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,EAAE,gBAAgB,CAAC;CAClC;AAID,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,SAAS,GAAG,SAAqB,GAAG,MAAM,CAKjG;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,EAAE,oBAAoB,EAAE,MAAM,GAAG,gBAAgB,CAyBvG;AAED,wBAAsB,uBAAuB,CACzC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,KAAK,OAAO,CAAC,qBAAqB,CAAC,EAC1E,OAAO,EAAE,MAAM,GAChB,OAAO,CAAC,qBAAqB,CAAC,CAgBhC"}

package/lib/auth/did.js

@@ -0,0 +1,66 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+import { Resolver } from "did-resolver";
+var fallbackResolver = new Resolver({});
+export function deriveXrplDid(address) {
+  var network = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : "testnet";
+  if (!address || !address.startsWith("r")) {
+    throw new Error("Invalid XRPL address");
+  }
+  return "did:xrpl:".concat(network, ":").concat(address);
+}
+export function createMinimalDidDocument(didUri, e2eePubkeyCommitment) {
+  return {
+    id: didUri,
+    verificationMethod: [{
+      id: "".concat(didUri, "#owner"),
+      type: "EcdsaSecp256k1RecoveryMethod2020",
+      controller: didUri
+    }, {
+      id: "".concat(didUri, "#e2ee"),
+      type: "E2EEPublicKeyCommitment",
+      controller: didUri,
+      publicKeyMultibase: e2eePubkeyCommitment
+    }],
+    authentication: ["".concat(didUri, "#owner")],
+    service: [{
+      id: "".concat(didUri, "#did-resolution"),
+      type: "BriijDidResolution",
+      serviceEndpoint: "/_matrix/client/v3/did/resolve"
+    }]
+  };
+}
+export function resolveDidViaHomeserver(_x, _x2) {
+  return _resolveDidViaHomeserver.apply(this, arguments);
+}
+function _resolveDidViaHomeserver() {
+  _resolveDidViaHomeserver = _asyncToGenerator(function* (requester, account) {
+    var _direct$did_document;
+    var direct = yield requester("/did/resolve?account=".concat(encodeURIComponent(account)), "GET");
+    if (direct !== null && direct !== void 0 && (_direct$did_document = direct.did_document) !== null && _direct$did_document !== void 0 && _direct$did_document.id) {
+      return direct;
+    }
+
+    // Keep a resolver instance available for future DID-method plugins.
+    var fallback = yield fallbackResolver.resolve("did:xrpl:testnet:".concat(account));
+    if (fallback.didDocument) {
+      return {
+        did_uri: fallback.didDocument.id,
+        did_document: fallback.didDocument,
+        resolution_type: "resolver-fallback"
+      };
+    }
+    throw new Error("Failed to resolve DID document");
+  });
+  return _resolveDidViaHomeserver.apply(this, arguments);
+}
+//# sourceMappingURL=did.js.map

package/lib/auth/did.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did.js","names":["Resolver","fallbackResolver","deriveXrplDid","address","network","arguments","length","undefined","startsWith","Error","concat","createMinimalDidDocument","didUri","e2eePubkeyCommitment","id","verificationMethod","type","controller","publicKeyMultibase","authentication","service","serviceEndpoint","resolveDidViaHomeserver","_x","_x2","_resolveDidViaHomeserver","apply","_asyncToGenerator","requester","account","_direct$did_document","direct","encodeURIComponent","did_document","fallback","resolve","didDocument","did_uri","resolution_type"],"sources":["../../src/auth/did.ts"],"sourcesContent":["/*\nCopyright 2026 Xurge Digital Lab\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n*/\n\nimport { Resolver } from \"did-resolver\";\n\nexport interface DidVerificationMethod {\n    id: string;\n    type: string;\n    controller: string;\n    publicKeyMultibase?: string;\n    blockchainAccountId?: string;\n}\n\nexport interface DidDocumentShape {\n    id: string;\n    verificationMethod: DidVerificationMethod[];\n    authentication: string[];\n    service?: Array<Record<string, string>>;\n}\n\nexport interface DidResolutionResponse {\n    did_uri: string;\n    resolution_type?: string;\n    did_document: DidDocumentShape;\n}\n\nconst fallbackResolver = new Resolver({});\n\nexport function deriveXrplDid(address: string, network: \"testnet\" | \"mainnet\" = \"testnet\"): string {\n    if (!address || !address.startsWith(\"r\")) {\n        throw new Error(\"Invalid XRPL address\");\n    }\n    return `did:xrpl:${network}:${address}`;\n}\n\nexport function createMinimalDidDocument(didUri: string, e2eePubkeyCommitment: string): DidDocumentShape {\n    return {\n        id: didUri,\n        verificationMethod: [\n            {\n                id: `${didUri}#owner`,\n                type: \"EcdsaSecp256k1RecoveryMethod2020\",\n                controller: didUri,\n            },\n            {\n                id: `${didUri}#e2ee`,\n                type: \"E2EEPublicKeyCommitment\",\n                controller: didUri,\n                publicKeyMultibase: e2eePubkeyCommitment,\n            },\n        ],\n        authentication: [`${didUri}#owner`],\n        service: [\n            {\n                id: `${didUri}#did-resolution`,\n                type: \"BriijDidResolution\",\n                serviceEndpoint: \"/_matrix/client/v3/did/resolve\",\n            },\n        ],\n    };\n}\n\nexport async function resolveDidViaHomeserver(\n    requester: (path: string, method: \"GET\") => Promise<DidResolutionResponse>,\n    account: string,\n): Promise<DidResolutionResponse> {\n    const direct = await requester(`/did/resolve?account=${encodeURIComponent(account)}`, \"GET\");\n    if (direct?.did_document?.id) {\n        return direct;\n    }\n\n    // Keep a resolver instance available for future DID-method plugins.\n    const fallback = await fallbackResolver.resolve(`did:xrpl:testnet:${account}`);\n    if (fallback.didDocument) {\n        return {\n            did_uri: fallback.didDocument.id,\n            did_document: fallback.didDocument as DidDocumentShape,\n            resolution_type: \"resolver-fallback\",\n        };\n    }\n    throw new Error(\"Failed to resolve DID document\");\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,QAAQ,QAAQ,cAAc;AAuBvC,IAAMC,gBAAgB,GAAG,IAAID,QAAQ,CAAC,CAAC,CAAC,CAAC;AAEzC,OAAO,SAASE,aAAaA,CAACC,OAAe,EAAsD;EAAA,IAApDC,OAA8B,GAAAC,SAAA,CAAAC,MAAA,QAAAD,SAAA,QAAAE,SAAA,GAAAF,SAAA,MAAG,SAAS;EACrF,IAAI,CAACF,OAAO,IAAI,CAACA,OAAO,CAACK,UAAU,CAAC,GAAG,CAAC,EAAE;IACtC,MAAM,IAAIC,KAAK,CAAC,sBAAsB,CAAC;EAC3C;EACA,mBAAAC,MAAA,CAAmBN,OAAO,OAAAM,MAAA,CAAIP,OAAO;AACzC;AAEA,OAAO,SAASQ,wBAAwBA,CAACC,MAAc,EAAEC,oBAA4B,EAAoB;EACrG,OAAO;IACHC,EAAE,EAAEF,MAAM;IACVG,kBAAkB,EAAE,CAChB;MACID,EAAE,KAAAJ,MAAA,CAAKE,MAAM,WAAQ;MACrBI,IAAI,EAAE,kCAAkC;MACxCC,UAAU,EAAEL;IAChB,CAAC,EACD;MACIE,EAAE,KAAAJ,MAAA,CAAKE,MAAM,UAAO;MACpBI,IAAI,EAAE,yBAAyB;MAC/BC,UAAU,EAAEL,MAAM;MAClBM,kBAAkB,EAAEL;IACxB,CAAC,CACJ;IACDM,cAAc,EAAE,IAAAT,MAAA,CAAIE,MAAM,YAAS;IACnCQ,OAAO,EAAE,CACL;MACIN,EAAE,KAAAJ,MAAA,CAAKE,MAAM,oBAAiB;MAC9BI,IAAI,EAAE,oBAAoB;MAC1BK,eAAe,EAAE;IACrB,CAAC;EAET,CAAC;AACL;AAEA,gBAAsBC,uBAAuBA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAAC,KAAA,OAAArB,SAAA;AAAA;AAmB5C,SAAAoB,yBAAA;EAAAA,wBAAA,GAAAE,iBAAA,CAnBM,WACHC,SAA0E,EAC1EC,OAAe,EACe;IAAA,IAAAC,oBAAA;IAC9B,IAAMC,MAAM,SAASH,SAAS,yBAAAlB,MAAA,CAAyBsB,kBAAkB,CAACH,OAAO,CAAC,GAAI,KAAK,CAAC;IAC5F,IAAIE,MAAM,aAANA,MAAM,gBAAAD,oBAAA,GAANC,MAAM,CAAEE,YAAY,cAAAH,oBAAA,eAApBA,oBAAA,CAAsBhB,EAAE,EAAE;MAC1B,OAAOiB,MAAM;IACjB;;IAEA;IACA,IAAMG,QAAQ,SAASjC,gBAAgB,CAACkC,OAAO,qBAAAzB,MAAA,CAAqBmB,OAAO,CAAE,CAAC;IAC9E,IAAIK,QAAQ,CAACE,WAAW,EAAE;MACtB,OAAO;QACHC,OAAO,EAAEH,QAAQ,CAACE,WAAW,CAACtB,EAAE;QAChCmB,YAAY,EAAEC,QAAQ,CAACE,WAA+B;QACtDE,eAAe,EAAE;MACrB,CAAC;IACL;IACA,MAAM,IAAI7B,KAAK,CAAC,gCAAgC,CAAC;EACrD,CAAC;EAAA,OAAAgB,wBAAA,CAAAC,KAAA,OAAArB,SAAA;AAAA","ignoreList":[]}

package/lib/auth/wallet.d.ts

@@ -0,0 +1,22 @@
+import { XRPL_WALLET_LOGIN_TYPE } from "../@types/auth.ts";
+export interface WalletProofResult {
+    address: string;
+    signature: string;
+    publicKey?: string;
+    network?: string;
+}
+export interface WalletLoginSubmission {
+    type: typeof XRPL_WALLET_LOGIN_TYPE;
+    address: string;
+    signature: string;
+    public_key?: string;
+    network: string;
+    session: string;
+    username?: string;
+}
+export type WalletProofProvider = (challenge: string, network: string) => Promise<WalletProofResult>;
+/**
+ * Normalizes wallet proof payload to the login body used by the homeserver.
+ */
+export declare function buildWalletLoginSubmission(proof: WalletProofResult, session: string, network: string, username?: string): WalletLoginSubmission;
+//# sourceMappingURL=wallet.d.ts.map

package/lib/auth/wallet.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../src/auth/wallet.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,MAAM,WAAW,iBAAiB;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,qBAAqB;IAClC,IAAI,EAAE,OAAO,sBAAsB,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,MAAM,mBAAmB,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAErG;;GAEG;AACH,wBAAgB,0BAA0B,CACtC,KAAK,EAAE,iBAAiB,EACxB,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,GAClB,qBAAqB,CAUvB"}

package/lib/auth/wallet.js

@@ -0,0 +1,27 @@
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+import { XRPL_WALLET_LOGIN_TYPE } from "../@types/auth.js";
+/**
+ * Normalizes wallet proof payload to the login body used by the homeserver.
+ */
+export function buildWalletLoginSubmission(proof, session, network, username) {
+  var _proof$network;
+  return {
+    type: XRPL_WALLET_LOGIN_TYPE,
+    session,
+    address: proof.address,
+    signature: proof.signature,
+    public_key: proof.publicKey,
+    network: (_proof$network = proof.network) !== null && _proof$network !== void 0 ? _proof$network : network,
+    username
+  };
+}
+//# sourceMappingURL=wallet.js.map

package/lib/auth/wallet.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet.js","names":["XRPL_WALLET_LOGIN_TYPE","buildWalletLoginSubmission","proof","session","network","username","_proof$network","type","address","signature","public_key","publicKey"],"sources":["../../src/auth/wallet.ts"],"sourcesContent":["/*\nCopyright 2026 Xurge Digital Lab\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n*/\n\nimport { XRPL_WALLET_LOGIN_TYPE } from \"../@types/auth.ts\";\n\nexport interface WalletProofResult {\n    address: string;\n    signature: string;\n    publicKey?: string;\n    network?: string;\n}\n\nexport interface WalletLoginSubmission {\n    type: typeof XRPL_WALLET_LOGIN_TYPE;\n    address: string;\n    signature: string;\n    public_key?: string;\n    network: string;\n    session: string;\n    username?: string;\n}\n\nexport type WalletProofProvider = (challenge: string, network: string) => Promise<WalletProofResult>;\n\n/**\n * Normalizes wallet proof payload to the login body used by the homeserver.\n */\nexport function buildWalletLoginSubmission(\n    proof: WalletProofResult,\n    session: string,\n    network: string,\n    username?: string,\n): WalletLoginSubmission {\n    return {\n        type: XRPL_WALLET_LOGIN_TYPE,\n        session,\n        address: proof.address,\n        signature: proof.signature,\n        public_key: proof.publicKey,\n        network: proof.network ?? network,\n        username,\n    };\n}\n"],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,sBAAsB,QAAQ,mBAAmB;AAqB1D;AACA;AACA;AACA,OAAO,SAASC,0BAA0BA,CACtCC,KAAwB,EACxBC,OAAe,EACfC,OAAe,EACfC,QAAiB,EACI;EAAA,IAAAC,cAAA;EACrB,OAAO;IACHC,IAAI,EAAEP,sBAAsB;IAC5BG,OAAO;IACPK,OAAO,EAAEN,KAAK,CAACM,OAAO;IACtBC,SAAS,EAAEP,KAAK,CAACO,SAAS;IAC1BC,UAAU,EAAER,KAAK,CAACS,SAAS;IAC3BP,OAAO,GAAAE,cAAA,GAAEJ,KAAK,CAACE,OAAO,cAAAE,cAAA,cAAAA,cAAA,GAAIF,OAAO;IACjCC;EACJ,CAAC;AACL","ignoreList":[]}

package/lib/auth/zkpE2EE.d.ts

@@ -0,0 +1,22 @@
+export interface E2eeZkInput {
+    didUri: string;
+    xrplAddress: string;
+    e2eePrivateKey: string;
+    credentialId: string;
+}
+export interface E2eeZkProofPayload {
+    proof: Record<string, unknown>;
+    publicSignals: string[] | Record<string, string>;
+}
+export interface E2eeZkGenerateOptions {
+    wasmPath: string;
+    zkeyPath: string;
+    fullProve?: (input: Record<string, string>, wasmPath: string, zkeyPath: string) => Promise<E2eeZkProofPayload>;
+}
+export interface E2eeZkVerifyOptions {
+    verificationKey: Record<string, unknown>;
+    verify?: (verificationKey: Record<string, unknown>, publicSignals: E2eeZkProofPayload["publicSignals"], proof: E2eeZkProofPayload["proof"]) => Promise<boolean>;
+}
+export declare function generateE2eeZkProof(input: E2eeZkInput, options: E2eeZkGenerateOptions): Promise<E2eeZkProofPayload>;
+export declare function verifyE2eeZkProof(payload: E2eeZkProofPayload, options: E2eeZkVerifyOptions): Promise<boolean>;
+//# sourceMappingURL=zkpE2EE.d.ts.map

package/lib/auth/zkpE2EE.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"zkpE2EE.d.ts","sourceRoot":"","sources":["../../src/auth/zkpE2EE.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,WAAW;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,kBAAkB;IAC/B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,aAAa,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACpD;AAED,MAAM,WAAW,qBAAqB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,CACR,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC7B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,KACf,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,mBAAmB;IAChC,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,MAAM,CAAC,EAAE,CACL,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACxC,aAAa,EAAE,kBAAkB,CAAC,eAAe,CAAC,EAClD,KAAK,EAAE,kBAAkB,CAAC,OAAO,CAAC,KACjC,OAAO,CAAC,OAAO,CAAC,CAAC;CACzB;AAYD,wBAAsB,mBAAmB,CACrC,KAAK,EAAE,WAAW,EAClB,OAAO,EAAE,qBAAqB,GAC/B,OAAO,CAAC,kBAAkB,CAAC,CAmB7B;AAED,wBAAsB,iBAAiB,CACnC,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,mBAAmB,GAC7B,OAAO,CAAC,OAAO,CAAC,CASlB"}

package/lib/auth/zkpE2EE.js

@@ -0,0 +1,69 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+function sha256Hex(_x) {
+  return _sha256Hex.apply(this, arguments);
+}
+function _sha256Hex() {
+  _sha256Hex = _asyncToGenerator(function* (input) {
+    var _globalThis$crypto;
+    if (!((_globalThis$crypto = globalThis.crypto) !== null && _globalThis$crypto !== void 0 && _globalThis$crypto.subtle)) {
+      return input;
+    }
+    var digest = yield globalThis.crypto.subtle.digest("SHA-256", new TextEncoder().encode(input));
+    return Array.from(new Uint8Array(digest)).map(b => b.toString(16).padStart(2, "0")).join("");
+  });
+  return _sha256Hex.apply(this, arguments);
+}
+export function generateE2eeZkProof(_x2, _x3) {
+  return _generateE2eeZkProof.apply(this, arguments);
+}
+function _generateE2eeZkProof() {
+  _generateE2eeZkProof = _asyncToGenerator(function* (input, options) {
+    var _options$fullProve;
+    var fullProve = (_options$fullProve = options.fullProve) !== null && _options$fullProve !== void 0 ? _options$fullProve : (/*#__PURE__*/function () {
+      var _ref = _asyncToGenerator(function* (signals, wasmPath, zkeyPath) {
+        var snarkjs = yield import("snarkjs");
+        return snarkjs.groth16.fullProve(signals, wasmPath, zkeyPath);
+      });
+      return function (_x6, _x7, _x8) {
+        return _ref.apply(this, arguments);
+      };
+    }());
+    var e2eePrivateKeyHash = yield sha256Hex(input.e2eePrivateKey);
+    return fullProve({
+      did_uri: input.didUri,
+      xrpl_address: input.xrplAddress,
+      credential_id: input.credentialId,
+      e2ee_privkey_hash: e2eePrivateKeyHash
+    }, options.wasmPath, options.zkeyPath);
+  });
+  return _generateE2eeZkProof.apply(this, arguments);
+}
+export function verifyE2eeZkProof(_x4, _x5) {
+  return _verifyE2eeZkProof.apply(this, arguments);
+}
+function _verifyE2eeZkProof() {
+  _verifyE2eeZkProof = _asyncToGenerator(function* (payload, options) {
+    var _options$verify;
+    var verifier = (_options$verify = options.verify) !== null && _options$verify !== void 0 ? _options$verify : (/*#__PURE__*/function () {
+      var _ref2 = _asyncToGenerator(function* (verificationKey, publicSignals, proof) {
+        var snarkjs = yield import("snarkjs");
+        return snarkjs.groth16.verify(verificationKey, publicSignals, proof);
+      });
+      return function (_x9, _x0, _x1) {
+        return _ref2.apply(this, arguments);
+      };
+    }());
+    return verifier(options.verificationKey, payload.publicSignals, payload.proof);
+  });
+  return _verifyE2eeZkProof.apply(this, arguments);
+}
+//# sourceMappingURL=zkpE2EE.js.map

package/lib/auth/zkpE2EE.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"zkpE2EE.js","names":["sha256Hex","_x","_sha256Hex","apply","arguments","_asyncToGenerator","input","_globalThis$crypto","globalThis","crypto","subtle","digest","TextEncoder","encode","Array","from","Uint8Array","map","b","toString","padStart","join","generateE2eeZkProof","_x2","_x3","_generateE2eeZkProof","options","_options$fullProve","fullProve","_ref","signals","wasmPath","zkeyPath","snarkjs","groth16","_x6","_x7","_x8","e2eePrivateKeyHash","e2eePrivateKey","did_uri","didUri","xrpl_address","xrplAddress","credential_id","credentialId","e2ee_privkey_hash","verifyE2eeZkProof","_x4","_x5","_verifyE2eeZkProof","payload","_options$verify","verifier","verify","_ref2","verificationKey","publicSignals","proof","_x9","_x0","_x1"],"sources":["../../src/auth/zkpE2EE.ts"],"sourcesContent":["/*\nCopyright 2026 Xurge Digital Lab\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n*/\n\nexport interface E2eeZkInput {\n    didUri: string;\n    xrplAddress: string;\n    e2eePrivateKey: string;\n    credentialId: string;\n}\n\nexport interface E2eeZkProofPayload {\n    proof: Record<string, unknown>;\n    publicSignals: string[] | Record<string, string>;\n}\n\nexport interface E2eeZkGenerateOptions {\n    wasmPath: string;\n    zkeyPath: string;\n    fullProve?: (\n        input: Record<string, string>,\n        wasmPath: string,\n        zkeyPath: string,\n    ) => Promise<E2eeZkProofPayload>;\n}\n\nexport interface E2eeZkVerifyOptions {\n    verificationKey: Record<string, unknown>;\n    verify?: (\n        verificationKey: Record<string, unknown>,\n        publicSignals: E2eeZkProofPayload[\"publicSignals\"],\n        proof: E2eeZkProofPayload[\"proof\"],\n    ) => Promise<boolean>;\n}\n\nasync function sha256Hex(input: string): Promise<string> {\n    if (!globalThis.crypto?.subtle) {\n        return input;\n    }\n    const digest = await globalThis.crypto.subtle.digest(\"SHA-256\", new TextEncoder().encode(input));\n    return Array.from(new Uint8Array(digest))\n        .map((b) => b.toString(16).padStart(2, \"0\"))\n        .join(\"\");\n}\n\nexport async function generateE2eeZkProof(\n    input: E2eeZkInput,\n    options: E2eeZkGenerateOptions,\n): Promise<E2eeZkProofPayload> {\n    const fullProve =\n        options.fullProve ??\n        (async (signals, wasmPath, zkeyPath) => {\n            const snarkjs = await import(\"snarkjs\");\n            return snarkjs.groth16.fullProve(signals, wasmPath, zkeyPath);\n        });\n\n    const e2eePrivateKeyHash = await sha256Hex(input.e2eePrivateKey);\n    return fullProve(\n        {\n            did_uri: input.didUri,\n            xrpl_address: input.xrplAddress,\n            credential_id: input.credentialId,\n            e2ee_privkey_hash: e2eePrivateKeyHash,\n        },\n        options.wasmPath,\n        options.zkeyPath,\n    );\n}\n\nexport async function verifyE2eeZkProof(\n    payload: E2eeZkProofPayload,\n    options: E2eeZkVerifyOptions,\n): Promise<boolean> {\n    const verifier =\n        options.verify ??\n        (async (verificationKey, publicSignals, proof) => {\n            const snarkjs = await import(\"snarkjs\");\n            return snarkjs.groth16.verify(verificationKey, publicSignals, proof);\n        });\n\n    return verifier(options.verificationKey, payload.publicSignals, payload.proof);\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AARA,SAyCeA,SAASA,CAAAC,EAAA;EAAA,OAAAC,UAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAAA,SAAAF,WAAA;EAAAA,UAAA,GAAAG,iBAAA,CAAxB,WAAyBC,KAAa,EAAmB;IAAA,IAAAC,kBAAA;IACrD,IAAI,GAAAA,kBAAA,GAACC,UAAU,CAACC,MAAM,cAAAF,kBAAA,eAAjBA,kBAAA,CAAmBG,MAAM,GAAE;MAC5B,OAAOJ,KAAK;IAChB;IACA,IAAMK,MAAM,SAASH,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,MAAM,CAAC,SAAS,EAAE,IAAIC,WAAW,CAAC,CAAC,CAACC,MAAM,CAACP,KAAK,CAAC,CAAC;IAChG,OAAOQ,KAAK,CAACC,IAAI,CAAC,IAAIC,UAAU,CAACL,MAAM,CAAC,CAAC,CACpCM,GAAG,CAAEC,CAAC,IAAKA,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAC3CC,IAAI,CAAC,EAAE,CAAC;EACjB,CAAC;EAAA,OAAAnB,UAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,gBAAsBkB,mBAAmBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,oBAAA,CAAAtB,KAAA,OAAAC,SAAA;AAAA;AAsBxC,SAAAqB,qBAAA;EAAAA,oBAAA,GAAApB,iBAAA,CAtBM,WACHC,KAAkB,EAClBoB,OAA8B,EACH;IAAA,IAAAC,kBAAA;IAC3B,IAAMC,SAAS,IAAAD,kBAAA,GACXD,OAAO,CAACE,SAAS,cAAAD,kBAAA,cAAAA,kBAAA;MAAA,IAAAE,IAAA,GAAAxB,iBAAA,CAChB,WAAOyB,OAAO,EAAEC,QAAQ,EAAEC,QAAQ,EAAK;QACpC,IAAMC,OAAO,SAAS,MAAM,CAAC,SAAS,CAAC;QACvC,OAAOA,OAAO,CAACC,OAAO,CAACN,SAAS,CAACE,OAAO,EAAEC,QAAQ,EAAEC,QAAQ,CAAC;MACjE,CAAC;MAAA,iBAAAG,GAAA,EAAAC,GAAA,EAAAC,GAAA;QAAA,OAAAR,IAAA,CAAA1B,KAAA,OAAAC,SAAA;MAAA;IAAA,IAAC;IAEN,IAAMkC,kBAAkB,SAAStC,SAAS,CAACM,KAAK,CAACiC,cAAc,CAAC;IAChE,OAAOX,SAAS,CACZ;MACIY,OAAO,EAAElC,KAAK,CAACmC,MAAM;MACrBC,YAAY,EAAEpC,KAAK,CAACqC,WAAW;MAC/BC,aAAa,EAAEtC,KAAK,CAACuC,YAAY;MACjCC,iBAAiB,EAAER;IACvB,CAAC,EACDZ,OAAO,CAACK,QAAQ,EAChBL,OAAO,CAACM,QACZ,CAAC;EACL,CAAC;EAAA,OAAAP,oBAAA,CAAAtB,KAAA,OAAAC,SAAA;AAAA;AAED,gBAAsB2C,iBAAiBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,kBAAA,CAAA/C,KAAA,OAAAC,SAAA;AAAA;AAYtC,SAAA8C,mBAAA;EAAAA,kBAAA,GAAA7C,iBAAA,CAZM,WACH8C,OAA2B,EAC3BzB,OAA4B,EACZ;IAAA,IAAA0B,eAAA;IAChB,IAAMC,QAAQ,IAAAD,eAAA,GACV1B,OAAO,CAAC4B,MAAM,cAAAF,eAAA,cAAAA,eAAA;MAAA,IAAAG,KAAA,GAAAlD,iBAAA,CACb,WAAOmD,eAAe,EAAEC,aAAa,EAAEC,KAAK,EAAK;QAC9C,IAAMzB,OAAO,SAAS,MAAM,CAAC,SAAS,CAAC;QACvC,OAAOA,OAAO,CAACC,OAAO,CAACoB,MAAM,CAACE,eAAe,EAAEC,aAAa,EAAEC,KAAK,CAAC;MACxE,CAAC;MAAA,iBAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;QAAA,OAAAN,KAAA,CAAApD,KAAA,OAAAC,SAAA;MAAA;IAAA,IAAC;IAEN,OAAOiD,QAAQ,CAAC3B,OAAO,CAAC8B,eAAe,EAAEL,OAAO,CAACM,aAAa,EAAEN,OAAO,CAACO,KAAK,CAAC;EAClF,CAAC;EAAA,OAAAR,kBAAA,CAAA/C,KAAA,OAAAC,SAAA;AAAA","ignoreList":[]}