npm - @zerobase-labs/passport-sdk - Versions diffs - 0.1.0 - Mend

@zerobase-labs/passport-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,147 @@
+# @zerobase-labs/passport-sdk
+> SDK for **Agent Passport** — OAuth-like identity verification for AI agents.
+Verify agent identities in 3 lines. Authenticate agents in 5.
+## Installation
+```bash
+npm install @zerobase-labs/passport-sdk
+```
+```bash
+pnpm add @zerobase-labs/passport-sdk
+```
+```bash
+yarn add @zerobase-labs/passport-sdk
+```
+## Quick Start — For Apps (Verify Agents)
+```typescript
+import { AgentPassportClient } from '@zerobase-labs/passport-sdk';
+const passport = new AgentPassportClient({
+  baseUrl: 'https://passport-api.onrender.com',
+  appId: 'your-app-id',
+  appKey: 'ap_live_...',
+});
+const result = await passport.verify(agentToken);
+if (result.valid && result.risk?.recommendedAction === 'allow') {
+  console.log(`Verified agent: ${result.handle}`);
+}
+```
+## Quick Start — For Agents (Authenticate)
+```typescript
+import { AgentClient } from '@zerobase-labs/passport-sdk';
+const agent = new AgentClient({
+  baseUrl: 'https://passport-api.onrender.com',
+});
+// Register once
+const { agentId } = await agent.register({
+  handle: 'my-agent',
+  publicKeyB64: '<your-ed25519-public-key-base64>',
+});
+// Authenticate (challenge → sign → token)
+const { token, expiresAt } = await agent.authenticate({
+  agentId,
+  sign: async (nonce) => {
+    // Sign with YOUR private key — it never enters the SDK
+    return signWithEd25519(nonce, privateKey);
+  },
+});
+```
+**Security**: Private keys never enter this SDK. The `sign` callback keeps signing in your code.
+## API Reference
+### `AgentPassportClient` (for apps)
+```typescript
+new AgentPassportClient({
+  baseUrl: string;    // Agent Passport API URL
+  appId: string;      // Your App ID (from portal)
+  appKey: string;     // Your API key (ap_live_...)
+  timeoutMs?: number; // Request timeout (default: 10000)
+  maxRetries?: number; // Max retries on 429 (default: 3)
+})
+```
+| Method | Description |
+|--------|-------------|
+| `verify(token)` | Verify an agent's identity token |
+| `introspect(token)` | Introspect a token (RFC 7662) |
+| `revoke(token)` | Revoke a token before expiry |
+### `AgentClient` (for agents)
+```typescript
+new AgentClient({
+  baseUrl: string;    // Agent Passport API URL
+  timeoutMs?: number; // Request timeout (default: 10000)
+  maxRetries?: number; // Max retries on 429 (default: 3)
+})
+```
+| Method | Description |
+|--------|-------------|
+| `register({ handle, publicKeyB64 })` | Register a new agent |
+| `authenticate({ agentId, sign })` | Full auth flow (challenge → sign → token) |
+| `getChallenge(agentId)` | Request a challenge nonce |
+| `exchangeToken({ agentId, challengeId, signatureB64 })` | Exchange signature for JWT |
+## Error Handling
+```typescript
+import {
+  PassportError,
+  PassportAuthError,
+  PassportRateLimitError,
+  PassportNetworkError,
+  PassportValidationError,
+} from '@zerobase-labs/passport-sdk';
+try {
+  const result = await passport.verify(token);
+} catch (err) {
+  if (err instanceof PassportRateLimitError) {
+    console.log(`Rate limited. Retry after ${err.retryAfter}s`);
+  } else if (err instanceof PassportAuthError) {
+    console.log('Invalid credentials:', err.message);
+  } else if (err instanceof PassportNetworkError) {
+    console.log('Cannot reach API:', err.message);
+  } else if (err instanceof PassportValidationError) {
+    console.log('Bad request:', err.message);
+  }
+}
+```
+The SDK automatically retries 429 responses with exponential backoff (configurable via `maxRetries`).
+## Compatibility
+- Node.js 18+
+- Bun
+- Deno
+- Any runtime with `globalThis.fetch`
+Zero runtime dependencies other than `zod`.
+## Links
+- [Main Repository](https://github.com/zerobase-labs/agent-passport)
+- [API Documentation](https://github.com/zerobase-labs/agent-passport/blob/main/docs/openapi.yaml)
+- [Integration Guide](https://github.com/zerobase-labs/agent-passport/blob/main/docs/INTEGRATION.md)
+## License
+MIT

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,428 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AgentClient: () => AgentClient,
+  AgentPassportClient: () => AgentPassportClient,
+  PassportAuthError: () => PassportAuthError,
+  PassportError: () => PassportError,
+  PassportNetworkError: () => PassportNetworkError,
+  PassportRateLimitError: () => PassportRateLimitError,
+  PassportValidationError: () => PassportValidationError
+});
+module.exports = __toCommonJS(index_exports);
+// src/errors.ts
+var PassportError = class extends Error {
+  /** Machine-readable error code (e.g. INVALID_TOKEN, RATE_LIMITED) */
+  code;
+  /** HTTP status code returned by the API */
+  statusCode;
+  /** Seconds to wait before retrying (present on 429 responses) */
+  retryAfter;
+  /** Server-assigned request ID for debugging */
+  requestId;
+  /** Additional error details from the API */
+  details;
+  constructor(code, message, statusCode, options) {
+    super(message);
+    this.name = "PassportError";
+    this.code = code;
+    this.statusCode = statusCode;
+    this.retryAfter = options?.retryAfter;
+    this.requestId = options?.requestId;
+    this.details = options?.details;
+  }
+};
+var PassportNetworkError = class extends PassportError {
+  constructor(message, options) {
+    super("NETWORK_ERROR", message, 0, {});
+    this.name = "PassportNetworkError";
+    if (options?.cause) {
+      this.cause = options.cause;
+    }
+  }
+};
+var PassportAuthError = class extends PassportError {
+  constructor(code, message, statusCode, options) {
+    super(code, message, statusCode, options);
+    this.name = "PassportAuthError";
+  }
+};
+var PassportRateLimitError = class extends PassportError {
+  constructor(message, retryAfter, options) {
+    super("RATE_LIMITED", message, 429, {
+      retryAfter,
+      requestId: options?.requestId
+    });
+    this.name = "PassportRateLimitError";
+  }
+};
+var PassportValidationError = class extends PassportError {
+  constructor(message, options) {
+    super("VALIDATION_ERROR", message, 400, options);
+    this.name = "PassportValidationError";
+  }
+};
+// src/client.ts
+var DEFAULT_TIMEOUT_MS = 1e4;
+var DEFAULT_MAX_RETRIES = 3;
+var BASE_BACKOFF_MS = 1e3;
+var AgentPassportClient = class {
+  baseUrl;
+  appId;
+  appKey;
+  timeoutMs;
+  maxRetries;
+  fetchImpl;
+  constructor(options) {
+    if (!options.baseUrl) throw new Error("baseUrl is required");
+    if (!options.appId) throw new Error("appId is required");
+    if (!options.appKey) throw new Error("appKey is required");
+    this.baseUrl = options.baseUrl.replace(/\/$/, "");
+    this.appId = options.appId;
+    this.appKey = options.appKey;
+    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;
+    this.fetchImpl = options.fetch ?? globalThis.fetch;
+  }
+  // =========================================================================
+  // Public API
+  // =========================================================================
+  /**
+   * Verify an agent's identity token.
+   *
+   * @param token - The JWT identity token presented by the agent
+   * @returns Verification result including agent info and risk assessment
+   *
+   * @example
+   * ```ts
+   * const result = await passport.verify(token);
+   * if (result.valid) {
+   *   console.log(`Agent ${result.handle} verified, risk: ${result.risk?.score}`);
+   * }
+   * ```
+   */
+  async verify(token) {
+    const raw = await this.requestWithRetry("POST", "/v1/tokens/verify", {
+      token
+    });
+    if (raw.risk) {
+      const ra = raw.risk.recommendedAction ?? raw.risk.action;
+      raw.risk.action = ra;
+      raw.risk.recommendedAction = ra;
+    }
+    return raw;
+  }
+  /**
+   * Introspect an agent's identity token (RFC 7662).
+   *
+   * @param token - The JWT identity token to introspect
+   * @returns Token introspection result
+   */
+  async introspect(token) {
+    return this.requestWithRetry(
+      "POST",
+      "/v1/tokens/introspect",
+      { token }
+    );
+  }
+  /**
+   * Revoke an agent's identity token before it expires.
+   *
+   * @param token - The JWT identity token to revoke
+   * @returns Revocation result with the token's JTI
+   */
+  async revoke(token) {
+    return this.requestWithRetry("POST", "/v1/tokens/revoke", {
+      token
+    });
+  }
+  // =========================================================================
+  // Internal HTTP
+  // =========================================================================
+  async requestWithRetry(method, path, body) {
+    let lastError;
+    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {
+      try {
+        return await this.request(method, path, body);
+      } catch (err) {
+        lastError = err;
+        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {
+          const backoffMs = err.retryAfter ? err.retryAfter * 1e3 : BASE_BACKOFF_MS * Math.pow(2, attempt);
+          await sleep(backoffMs);
+          continue;
+        }
+        throw err;
+      }
+    }
+    throw lastError ?? new Error("Request failed after retries");
+  }
+  async request(method, path, body) {
+    const url = `${this.baseUrl}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
+    try {
+      const response = await this.fetchImpl(url, {
+        method,
+        headers: {
+          "Content-Type": "application/json",
+          "X-App-Id": this.appId,
+          "X-App-Key": this.appKey
+        },
+        body: JSON.stringify(body),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (response.ok) {
+        return await response.json();
+      }
+      let errorBody = {};
+      try {
+        errorBody = await response.json();
+      } catch {
+      }
+      const code = errorBody.error ?? `HTTP_${response.status}`;
+      const message = errorBody.reason ?? errorBody.error ?? response.statusText;
+      const requestId = errorBody.request_id;
+      if (response.status === 429) {
+        const retryAfter = Number(response.headers.get("Retry-After")) || 1;
+        throw new PassportRateLimitError(message, retryAfter, { requestId });
+      }
+      if (response.status === 401 || response.status === 403) {
+        throw new PassportAuthError(code, message, response.status, {
+          requestId,
+          details: errorBody.details
+        });
+      }
+      if (response.status === 400) {
+        throw new PassportValidationError(message, {
+          requestId,
+          details: errorBody.details
+        });
+      }
+      throw new PassportError(code, message, response.status, {
+        requestId,
+        details: errorBody.details
+      });
+    } catch (err) {
+      clearTimeout(timeoutId);
+      if (err instanceof PassportError) {
+        throw err;
+      }
+      if (err instanceof DOMException && err.name === "AbortError") {
+        throw new PassportNetworkError(
+          `Request to ${url} timed out after ${this.timeoutMs}ms`,
+          { cause: err }
+        );
+      }
+      throw new PassportNetworkError(
+        `Failed to connect to ${url}: ${err.message}`,
+        { cause: err }
+      );
+    }
+  }
+};
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+// src/agent.ts
+var DEFAULT_TIMEOUT_MS2 = 1e4;
+var DEFAULT_MAX_RETRIES2 = 3;
+var BASE_BACKOFF_MS2 = 1e3;
+var AgentClient = class {
+  baseUrl;
+  timeoutMs;
+  maxRetries;
+  fetchImpl;
+  constructor(options) {
+    if (!options.baseUrl) throw new Error("baseUrl is required");
+    this.baseUrl = options.baseUrl.replace(/\/$/, "");
+    this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
+    this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES2;
+    this.fetchImpl = options.fetch ?? globalThis.fetch;
+  }
+  // =========================================================================
+  // Public API
+  // =========================================================================
+  /**
+   * Register a new agent with Agent Passport.
+   *
+   * @param params - Agent handle and Ed25519 public key (base64)
+   * @returns Object containing the new agent's ID
+   */
+  async register(params) {
+    return this.requestWithRetry(
+      "POST",
+      "/v1/agents/register",
+      {
+        handle: params.handle,
+        publicKeyB64: params.publicKeyB64
+      }
+    );
+  }
+  /**
+   * Full authentication flow: request challenge → sign nonce → exchange for token.
+   *
+   * **SECURITY**: The `sign` callback keeps private keys out of the SDK.
+   * You provide the signing logic; the SDK handles the protocol.
+   *
+   * @param params - Agent ID + async sign callback
+   * @returns JWT identity token and its expiration time
+   */
+  async authenticate(params) {
+    const challenge = await this.getChallenge(params.agentId);
+    const signatureB64 = await params.sign(challenge.nonce);
+    return this.exchangeToken({
+      agentId: params.agentId,
+      challengeId: challenge.challengeId,
+      signatureB64
+    });
+  }
+  /**
+   * Request a challenge nonce for a specific agent.
+   *
+   * @param agentId - The agent's UUID
+   * @returns Challenge ID, nonce, and expiration time
+   */
+  async getChallenge(agentId) {
+    return this.requestWithRetry(
+      "POST",
+      `/v1/agents/${agentId}/challenge`
+    );
+  }
+  /**
+   * Exchange a signed challenge for an identity token.
+   *
+   * @param params - Agent ID, challenge ID, and base64-encoded signature
+   * @returns JWT identity token and its expiration time
+   */
+  async exchangeToken(params) {
+    return this.requestWithRetry(
+      "POST",
+      `/v1/agents/${params.agentId}/identity-token`,
+      {
+        challengeId: params.challengeId,
+        signatureB64: params.signatureB64,
+        scopes: params.scopes ?? []
+      }
+    );
+  }
+  // =========================================================================
+  // Internal HTTP
+  // =========================================================================
+  async requestWithRetry(method, path, body) {
+    let lastError;
+    for (let attempt = 0; attempt <= this.maxRetries; attempt++) {
+      try {
+        return await this.request(method, path, body);
+      } catch (err) {
+        lastError = err;
+        if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {
+          const backoffMs = err.retryAfter ? err.retryAfter * 1e3 : BASE_BACKOFF_MS2 * Math.pow(2, attempt);
+          await sleep2(backoffMs);
+          continue;
+        }
+        throw err;
+      }
+    }
+    throw lastError ?? new Error("Request failed after retries");
+  }
+  async request(method, path, body) {
+    const url = `${this.baseUrl}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
+    try {
+      const init = {
+        method,
+        headers: { "Content-Type": "application/json" },
+        signal: controller.signal
+      };
+      if (body !== void 0) {
+        init.body = JSON.stringify(body);
+      }
+      const response = await this.fetchImpl(url, init);
+      clearTimeout(timeoutId);
+      if (response.ok) {
+        return await response.json();
+      }
+      let errorBody = {};
+      try {
+        errorBody = await response.json();
+      } catch {
+      }
+      const code = errorBody.error ?? `HTTP_${response.status}`;
+      const message = errorBody.reason ?? errorBody.error ?? response.statusText;
+      const requestId = errorBody.request_id;
+      if (response.status === 429) {
+        const retryAfter = Number(response.headers.get("Retry-After")) || 1;
+        throw new PassportRateLimitError(message, retryAfter, { requestId });
+      }
+      if (response.status === 401 || response.status === 403) {
+        throw new PassportAuthError(code, message, response.status, {
+          requestId,
+          details: errorBody.details
+        });
+      }
+      if (response.status === 400) {
+        throw new PassportValidationError(message, {
+          requestId,
+          details: errorBody.details
+        });
+      }
+      throw new PassportError(code, message, response.status, {
+        requestId,
+        details: errorBody.details
+      });
+    } catch (err) {
+      clearTimeout(timeoutId);
+      if (err instanceof PassportError) {
+        throw err;
+      }
+      if (err instanceof DOMException && err.name === "AbortError") {
+        throw new PassportNetworkError(
+          `Request to ${url} timed out after ${this.timeoutMs}ms`,
+          { cause: err }
+        );
+      }
+      throw new PassportNetworkError(
+        `Failed to connect to ${url}: ${err.message}`,
+        { cause: err }
+      );
+    }
+  }
+};
+function sleep2(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AgentClient,
+  AgentPassportClient,
+  PassportAuthError,
+  PassportError,
+  PassportNetworkError,
+  PassportRateLimitError,
+  PassportValidationError
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/client.ts","../src/agent.ts"],"sourcesContent":["// ============================================================================\r\n// Agent Passport SDK — Main entry point\r\n// ============================================================================\r\n\r\n// Clients\r\nexport { AgentPassportClient } from './client.js';\r\nexport { AgentClient } from './agent.js';\r\n\r\n// Error classes\r\nexport {\r\n PassportError,\r\n PassportNetworkError,\r\n PassportAuthError,\r\n PassportRateLimitError,\r\n PassportValidationError,\r\n} from './errors.js';\r\n\r\n// Types\r\nexport type {\r\n AgentPassportClientOptions,\r\n AgentClientOptions,\r\n VerifyResult,\r\n IntrospectResult,\r\n RevokeResult,\r\n RiskAction,\r\n RiskAssessment,\r\n RegisterAgentParams,\r\n RegisterAgentResult,\r\n ChallengeResult,\r\n AuthenticateParams,\r\n AuthenticateResult,\r\n ExchangeTokenParams,\r\n} from './types.js';\r\n","// ============================================================================\r\n// Agent Passport SDK — Error Classes\r\n// ============================================================================\r\n\r\n/**\r\n * Base error class for all Agent Passport SDK errors.\r\n * Extends the native Error with HTTP status code and structured error info.\r\n */\r\nexport class PassportError extends Error {\r\n /** Machine-readable error code (e.g. INVALID_TOKEN, RATE_LIMITED) */\r\n public readonly code: string;\r\n /** HTTP status code returned by the API */\r\n public readonly statusCode: number;\r\n /** Seconds to wait before retrying (present on 429 responses) */\r\n public readonly retryAfter?: number;\r\n /** Server-assigned request ID for debugging */\r\n public readonly requestId?: string;\r\n /** Additional error details from the API */\r\n public readonly details?: Record<string, unknown>;\r\n\r\n constructor(\r\n code: string,\r\n message: string,\r\n statusCode: number,\r\n options?: {\r\n retryAfter?: number;\r\n requestId?: string;\r\n details?: Record<string, unknown>;\r\n },\r\n ) {\r\n super(message);\r\n this.name = 'PassportError';\r\n this.code = code;\r\n this.statusCode = statusCode;\r\n this.retryAfter = options?.retryAfter;\r\n this.requestId = options?.requestId;\r\n this.details = options?.details;\r\n }\r\n}\r\n\r\n/**\r\n * Thrown when the SDK cannot reach the Agent Passport API\r\n * (DNS failure, connection refused, timeout, etc.)\r\n */\r\nexport class PassportNetworkError extends PassportError {\r\n constructor(message: string, options?: { cause?: Error }) {\r\n super('NETWORK_ERROR', message, 0, {});\r\n this.name = 'PassportNetworkError';\r\n if (options?.cause) {\r\n this.cause = options.cause;\r\n }\r\n }\r\n}\r\n\r\n/**\r\n * Thrown on 401 or 403 responses — invalid or missing credentials.\r\n */\r\nexport class PassportAuthError extends PassportError {\r\n constructor(\r\n code: string,\r\n message: string,\r\n statusCode: number,\r\n options?: { requestId?: string; details?: Record<string, unknown> },\r\n ) {\r\n super(code, message, statusCode, options);\r\n this.name = 'PassportAuthError';\r\n }\r\n}\r\n\r\n/**\r\n * Thrown on 429 responses — too many requests.\r\n * Check `retryAfter` for the number of seconds to wait.\r\n */\r\nexport class PassportRateLimitError extends PassportError {\r\n constructor(\r\n message: string,\r\n retryAfter: number,\r\n options?: { requestId?: string },\r\n ) {\r\n super('RATE_LIMITED', message, 429, {\r\n retryAfter,\r\n requestId: options?.requestId,\r\n });\r\n this.name = 'PassportRateLimitError';\r\n }\r\n}\r\n\r\n/**\r\n * Thrown on 400 responses — request validation failed.\r\n */\r\nexport class PassportValidationError extends PassportError {\r\n constructor(\r\n message: string,\r\n options?: {\r\n requestId?: string;\r\n details?: Record<string, unknown>;\r\n },\r\n ) {\r\n super('VALIDATION_ERROR', message, 400, options);\r\n this.name = 'PassportValidationError';\r\n }\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentPassportClient (for apps verifying agents)\r\n// ============================================================================\r\n\r\nimport {\r\n PassportError,\r\n PassportNetworkError,\r\n PassportAuthError,\r\n PassportRateLimitError,\r\n PassportValidationError,\r\n} from './errors.js';\r\nimport type {\r\n AgentPassportClientOptions,\r\n VerifyResult,\r\n IntrospectResult,\r\n RevokeResult,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **apps** that want to verify agent identity tokens.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentPassportClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const passport = new AgentPassportClient({\r\n * baseUrl: 'https://passport-api.onrender.com',\r\n * appId: 'your-app-id',\r\n * appKey: 'ap_live_...',\r\n * });\r\n *\r\n * const result = await passport.verify(token);\r\n * if (result.valid && result.risk?.action === 'allow') {\r\n * // Agent is who they say they are ✓\r\n * }\r\n * ```\r\n */\r\nexport class AgentPassportClient {\r\n private readonly baseUrl: string;\r\n private readonly appId: string;\r\n private readonly appKey: string;\r\n private readonly timeoutMs: number;\r\n private readonly maxRetries: number;\r\n private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n constructor(options: AgentPassportClientOptions) {\r\n if (!options.baseUrl) throw new Error('baseUrl is required');\r\n if (!options.appId) throw new Error('appId is required');\r\n if (!options.appKey) throw new Error('appKey is required');\r\n\r\n this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n this.appId = options.appId;\r\n this.appKey = options.appKey;\r\n this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n }\r\n\r\n // =========================================================================\r\n // Public API\r\n // =========================================================================\r\n\r\n /**\r\n * Verify an agent's identity token.\r\n *\r\n * @param token - The JWT identity token presented by the agent\r\n * @returns Verification result including agent info and risk assessment\r\n *\r\n * @example\r\n * ```ts\r\n * const result = await passport.verify(token);\r\n * if (result.valid) {\r\n * console.log(`Agent ${result.handle} verified, risk: ${result.risk?.score}`);\r\n * }\r\n * ```\r\n */\r\n async verify(token: string): Promise<VerifyResult> {\r\n const raw = await this.requestWithRetry<VerifyResult>('POST', '/v1/tokens/verify', {\r\n token,\r\n });\r\n\r\n // The API returns `recommendedAction`; also expose it as `action` for convenience\r\n if (raw.risk) {\r\n const ra = raw.risk.recommendedAction ?? raw.risk.action;\r\n (raw.risk as { action: string; recommendedAction: string }).action = ra;\r\n (raw.risk as { action: string; recommendedAction: string }).recommendedAction = ra;\r\n }\r\n\r\n return raw;\r\n }\r\n\r\n /**\r\n * Introspect an agent's identity token (RFC 7662).\r\n *\r\n * @param token - The JWT identity token to introspect\r\n * @returns Token introspection result\r\n */\r\n async introspect(token: string): Promise<IntrospectResult> {\r\n return this.requestWithRetry<IntrospectResult>(\r\n 'POST',\r\n '/v1/tokens/introspect',\r\n { token },\r\n );\r\n }\r\n\r\n /**\r\n * Revoke an agent's identity token before it expires.\r\n *\r\n * @param token - The JWT identity token to revoke\r\n * @returns Revocation result with the token's JTI\r\n */\r\n async revoke(token: string): Promise<RevokeResult> {\r\n return this.requestWithRetry<RevokeResult>('POST', '/v1/tokens/revoke', {\r\n token,\r\n });\r\n }\r\n\r\n // =========================================================================\r\n // Internal HTTP\r\n // =========================================================================\r\n\r\n private async requestWithRetry<T>(\r\n method: string,\r\n path: string,\r\n body: unknown,\r\n ): Promise<T> {\r\n let lastError: Error | undefined;\r\n\r\n for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n try {\r\n return await this.request<T>(method, path, body);\r\n } catch (err) {\r\n lastError = err as Error;\r\n\r\n // Only retry on 429 (rate limit) responses\r\n if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n const backoffMs = err.retryAfter\r\n ? err.retryAfter * 1_000\r\n : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n await sleep(backoffMs);\r\n continue;\r\n }\r\n\r\n throw err;\r\n }\r\n }\r\n\r\n // Should not reach here, but just in case\r\n throw lastError ?? new Error('Request failed after retries');\r\n }\r\n\r\n private async request<T>(\r\n method: string,\r\n path: string,\r\n body: unknown,\r\n ): Promise<T> {\r\n const url = `${this.baseUrl}${path}`;\r\n const controller = new AbortController();\r\n const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n try {\r\n const response = await this.fetchImpl(url, {\r\n method,\r\n headers: {\r\n 'Content-Type': 'application/json',\r\n 'X-App-Id': this.appId,\r\n 'X-App-Key': this.appKey,\r\n },\r\n body: JSON.stringify(body),\r\n signal: controller.signal,\r\n });\r\n\r\n clearTimeout(timeoutId);\r\n\r\n if (response.ok) {\r\n return (await response.json()) as T;\r\n }\r\n\r\n // Parse error body\r\n let errorBody: { error?: string; reason?: string; details?: Record<string, unknown>; request_id?: string } = {};\r\n try {\r\n errorBody = (await response.json()) as typeof errorBody;\r\n } catch {\r\n // Non-JSON error response — use status text\r\n }\r\n\r\n const code = errorBody.error ?? `HTTP_${response.status}`;\r\n const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n const requestId = errorBody.request_id;\r\n\r\n if (response.status === 429) {\r\n const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n }\r\n\r\n if (response.status === 401 || response.status === 403) {\r\n throw new PassportAuthError(code, message, response.status, {\r\n requestId,\r\n details: errorBody.details,\r\n });\r\n }\r\n\r\n if (response.status === 400) {\r\n throw new PassportValidationError(message, {\r\n requestId,\r\n details: errorBody.details,\r\n });\r\n }\r\n\r\n throw new PassportError(code, message, response.status, {\r\n requestId,\r\n details: errorBody.details,\r\n });\r\n } catch (err) {\r\n clearTimeout(timeoutId);\r\n\r\n // Re-throw SDK errors as-is\r\n if (err instanceof PassportError) {\r\n throw err;\r\n }\r\n\r\n // Wrap native errors\r\n if (err instanceof DOMException && err.name === 'AbortError') {\r\n throw new PassportNetworkError(\r\n `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n { cause: err },\r\n );\r\n }\r\n\r\n throw new PassportNetworkError(\r\n `Failed to connect to ${url}: ${(err as Error).message}`,\r\n { cause: err as Error },\r\n );\r\n }\r\n }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n","// ============================================================================\r\n// Agent Passport SDK — AgentClient (for agents authenticating themselves)\r\n// ============================================================================\r\n\r\nimport {\r\n PassportError,\r\n PassportNetworkError,\r\n PassportRateLimitError,\r\n PassportValidationError,\r\n PassportAuthError,\r\n} from './errors.js';\r\nimport type {\r\n AgentClientOptions,\r\n RegisterAgentParams,\r\n RegisterAgentResult,\r\n ChallengeResult,\r\n AuthenticateParams,\r\n AuthenticateResult,\r\n ExchangeTokenParams,\r\n} from './types.js';\r\n\r\nconst DEFAULT_TIMEOUT_MS = 10_000;\r\nconst DEFAULT_MAX_RETRIES = 3;\r\nconst BASE_BACKOFF_MS = 1_000;\r\n\r\n/**\r\n * Client for **AI agents** that want to authenticate with Agent Passport.\r\n *\r\n * **SECURITY**: Private keys never enter this SDK. The `authenticate()` method\r\n * takes a `sign` callback — your code does the signing and only the signature\r\n * is sent to the API.\r\n *\r\n * @example\r\n * ```ts\r\n * import { AgentClient } from '@zerobase-labs/passport-sdk';\r\n *\r\n * const agent = new AgentClient({\r\n * baseUrl: 'https://passport-api.onrender.com',\r\n * });\r\n *\r\n * // Register a new agent\r\n * const { agentId } = await agent.register({\r\n * handle: 'my-cool-agent',\r\n * publicKeyB64: '...',\r\n * });\r\n *\r\n * // Authenticate (challenge → sign → token)\r\n * const { token, expiresAt } = await agent.authenticate({\r\n * agentId,\r\n * sign: async (nonce) => {\r\n * // Sign with your private key — it never leaves your code\r\n * return mySignFunction(nonce, privateKey);\r\n * },\r\n * });\r\n * ```\r\n */\r\nexport class AgentClient {\r\n private readonly baseUrl: string;\r\n private readonly timeoutMs: number;\r\n private readonly maxRetries: number;\r\n private readonly fetchImpl: typeof globalThis.fetch;\r\n\r\n constructor(options: AgentClientOptions) {\r\n if (!options.baseUrl) throw new Error('baseUrl is required');\r\n\r\n this.baseUrl = options.baseUrl.replace(/\\/$/, '');\r\n this.timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS;\r\n this.maxRetries = options.maxRetries ?? DEFAULT_MAX_RETRIES;\r\n this.fetchImpl = options.fetch ?? globalThis.fetch;\r\n }\r\n\r\n // =========================================================================\r\n // Public API\r\n // =========================================================================\r\n\r\n /**\r\n * Register a new agent with Agent Passport.\r\n *\r\n * @param params - Agent handle and Ed25519 public key (base64)\r\n * @returns Object containing the new agent's ID\r\n */\r\n async register(params: RegisterAgentParams): Promise<RegisterAgentResult> {\r\n return this.requestWithRetry<RegisterAgentResult>(\r\n 'POST',\r\n '/v1/agents/register',\r\n {\r\n handle: params.handle,\r\n publicKeyB64: params.publicKeyB64,\r\n },\r\n );\r\n }\r\n\r\n /**\r\n * Full authentication flow: request challenge → sign nonce → exchange for token.\r\n *\r\n * **SECURITY**: The `sign` callback keeps private keys out of the SDK.\r\n * You provide the signing logic; the SDK handles the protocol.\r\n *\r\n * @param params - Agent ID + async sign callback\r\n * @returns JWT identity token and its expiration time\r\n */\r\n async authenticate(params: AuthenticateParams): Promise<AuthenticateResult> {\r\n // Step 1: Request challenge\r\n const challenge = await this.getChallenge(params.agentId);\r\n\r\n // Step 2: Sign the nonce with the user-provided callback\r\n const signatureB64 = await params.sign(challenge.nonce);\r\n\r\n // Step 3: Exchange signature for token\r\n return this.exchangeToken({\r\n agentId: params.agentId,\r\n challengeId: challenge.challengeId,\r\n signatureB64,\r\n });\r\n }\r\n\r\n /**\r\n * Request a challenge nonce for a specific agent.\r\n *\r\n * @param agentId - The agent's UUID\r\n * @returns Challenge ID, nonce, and expiration time\r\n */\r\n async getChallenge(agentId: string): Promise<ChallengeResult> {\r\n return this.requestWithRetry<ChallengeResult>(\r\n 'POST',\r\n `/v1/agents/${agentId}/challenge`,\r\n );\r\n }\r\n\r\n /**\r\n * Exchange a signed challenge for an identity token.\r\n *\r\n * @param params - Agent ID, challenge ID, and base64-encoded signature\r\n * @returns JWT identity token and its expiration time\r\n */\r\n async exchangeToken(params: ExchangeTokenParams): Promise<AuthenticateResult> {\r\n return this.requestWithRetry<AuthenticateResult>(\r\n 'POST',\r\n `/v1/agents/${params.agentId}/identity-token`,\r\n {\r\n challengeId: params.challengeId,\r\n signatureB64: params.signatureB64,\r\n scopes: params.scopes ?? [],\r\n },\r\n );\r\n }\r\n\r\n // =========================================================================\r\n // Internal HTTP\r\n // =========================================================================\r\n\r\n private async requestWithRetry<T>(\r\n method: string,\r\n path: string,\r\n body?: unknown,\r\n ): Promise<T> {\r\n let lastError: Error | undefined;\r\n\r\n for (let attempt = 0; attempt <= this.maxRetries; attempt++) {\r\n try {\r\n return await this.request<T>(method, path, body);\r\n } catch (err) {\r\n lastError = err as Error;\r\n\r\n if (err instanceof PassportRateLimitError && attempt < this.maxRetries) {\r\n const backoffMs = err.retryAfter\r\n ? err.retryAfter * 1_000\r\n : BASE_BACKOFF_MS * Math.pow(2, attempt);\r\n await sleep(backoffMs);\r\n continue;\r\n }\r\n\r\n throw err;\r\n }\r\n }\r\n\r\n throw lastError ?? new Error('Request failed after retries');\r\n }\r\n\r\n private async request<T>(\r\n method: string,\r\n path: string,\r\n body?: unknown,\r\n ): Promise<T> {\r\n const url = `${this.baseUrl}${path}`;\r\n const controller = new AbortController();\r\n const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);\r\n\r\n try {\r\n const init: RequestInit = {\r\n method,\r\n headers: { 'Content-Type': 'application/json' },\r\n signal: controller.signal,\r\n };\r\n\r\n if (body !== undefined) {\r\n init.body = JSON.stringify(body);\r\n }\r\n\r\n const response = await this.fetchImpl(url, init);\r\n\r\n clearTimeout(timeoutId);\r\n\r\n if (response.ok) {\r\n return (await response.json()) as T;\r\n }\r\n\r\n let errorBody: {\r\n error?: string;\r\n reason?: string;\r\n details?: Record<string, unknown>;\r\n request_id?: string;\r\n } = {};\r\n try {\r\n errorBody = (await response.json()) as typeof errorBody;\r\n } catch {\r\n // Non-JSON response\r\n }\r\n\r\n const code = errorBody.error ?? `HTTP_${response.status}`;\r\n const message = errorBody.reason ?? errorBody.error ?? response.statusText;\r\n const requestId = errorBody.request_id;\r\n\r\n if (response.status === 429) {\r\n const retryAfter = Number(response.headers.get('Retry-After')) || 1;\r\n throw new PassportRateLimitError(message, retryAfter, { requestId });\r\n }\r\n\r\n if (response.status === 401 || response.status === 403) {\r\n throw new PassportAuthError(code, message, response.status, {\r\n requestId,\r\n details: errorBody.details,\r\n });\r\n }\r\n\r\n if (response.status === 400) {\r\n throw new PassportValidationError(message, {\r\n requestId,\r\n details: errorBody.details,\r\n });\r\n }\r\n\r\n throw new PassportError(code, message, response.status, {\r\n requestId,\r\n details: errorBody.details,\r\n });\r\n } catch (err) {\r\n clearTimeout(timeoutId);\r\n\r\n if (err instanceof PassportError) {\r\n throw err;\r\n }\r\n\r\n if (err instanceof DOMException && err.name === 'AbortError') {\r\n throw new PassportNetworkError(\r\n `Request to ${url} timed out after ${this.timeoutMs}ms`,\r\n { cause: err },\r\n );\r\n }\r\n\r\n throw new PassportNetworkError(\r\n `Failed to connect to ${url}: ${(err as Error).message}`,\r\n { cause: err as Error },\r\n );\r\n }\r\n }\r\n}\r\n\r\n// ---------------------------------------------------------------------------\r\n// Helpers\r\n// ---------------------------------------------------------------------------\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACQO,IAAM,gBAAN,cAA4B,MAAM;AAAA;AAAA,EAEvB;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA;AAAA,EAEA;AAAA,EAEhB,YACE,MACA,SACA,YACA,SAKA;AACA,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,aAAa,SAAS;AAC3B,SAAK,YAAY,SAAS;AAC1B,SAAK,UAAU,SAAS;AAAA,EAC1B;AACF;AAMO,IAAM,uBAAN,cAAmC,cAAc;AAAA,EACtD,YAAY,SAAiB,SAA6B;AACxD,UAAM,iBAAiB,SAAS,GAAG,CAAC,CAAC;AACrC,SAAK,OAAO;AACZ,QAAI,SAAS,OAAO;AAClB,WAAK,QAAQ,QAAQ;AAAA,IACvB;AAAA,EACF;AACF;AAKO,IAAM,oBAAN,cAAgC,cAAc;AAAA,EACnD,YACE,MACA,SACA,YACA,SACA;AACA,UAAM,MAAM,SAAS,YAAY,OAAO;AACxC,SAAK,OAAO;AAAA,EACd;AACF;AAMO,IAAM,yBAAN,cAAqC,cAAc;AAAA,EACxD,YACE,SACA,YACA,SACA;AACA,UAAM,gBAAgB,SAAS,KAAK;AAAA,MAClC;AAAA,MACA,WAAW,SAAS;AAAA,IACtB,CAAC;AACD,SAAK,OAAO;AAAA,EACd;AACF;AAKO,IAAM,0BAAN,cAAsC,cAAc;AAAA,EACzD,YACE,SACA,SAIA;AACA,UAAM,oBAAoB,SAAS,KAAK,OAAO;AAC/C,SAAK,OAAO;AAAA,EACd;AACF;;;ACnFA,IAAM,qBAAqB;AAC3B,IAAM,sBAAsB;AAC5B,IAAM,kBAAkB;AAqBjB,IAAM,sBAAN,MAA0B;AAAA,EACd;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAqC;AAC/C,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAC3D,QAAI,CAAC,QAAQ,MAAO,OAAM,IAAI,MAAM,mBAAmB;AACvD,QAAI,CAAC,QAAQ,OAAQ,OAAM,IAAI,MAAM,oBAAoB;AAEzD,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,QAAQ,QAAQ;AACrB,SAAK,SAAS,QAAQ;AACtB,SAAK,YAAY,QAAQ,aAAa;AACtC,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoBA,MAAM,OAAO,OAAsC;AACjD,UAAM,MAAM,MAAM,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACjF;AAAA,IACF,CAAC;AAGD,QAAI,IAAI,MAAM;AACZ,YAAM,KAAK,IAAI,KAAK,qBAAqB,IAAI,KAAK;AAClD,MAAC,IAAI,KAAuD,SAAS;AACrE,MAAC,IAAI,KAAuD,oBAAoB;AAAA,IAClF;AAEA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,OAA0C;AACzD,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA,EAAE,MAAM;AAAA,IACV;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,OAAsC;AACjD,WAAO,KAAK,iBAA+B,QAAQ,qBAAqB;AAAA,MACtE;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAGZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjB,kBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAM,MAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAGA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK;AAAA,QACzC;AAAA,QACA,SAAS;AAAA,UACP,gBAAgB;AAAA,UAChB,YAAY,KAAK;AAAA,UACjB,aAAa,KAAK;AAAA,QACpB;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,QAAQ,WAAW;AAAA,MACrB,CAAC;AAED,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAGA,UAAI,YAAyG,CAAC;AAC9G,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAGtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAGA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAAS,MAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;;;AClOA,IAAMA,sBAAqB;AAC3B,IAAMC,uBAAsB;AAC5B,IAAMC,mBAAkB;AAiCjB,IAAM,cAAN,MAAkB;AAAA,EACN;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAA6B;AACvC,QAAI,CAAC,QAAQ,QAAS,OAAM,IAAI,MAAM,qBAAqB;AAE3D,SAAK,UAAU,QAAQ,QAAQ,QAAQ,OAAO,EAAE;AAChD,SAAK,YAAY,QAAQ,aAAaF;AACtC,SAAK,aAAa,QAAQ,cAAcC;AACxC,SAAK,YAAY,QAAQ,SAAS,WAAW;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,SAAS,QAA2D;AACxE,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,QACE,QAAQ,OAAO;AAAA,QACf,cAAc,OAAO;AAAA,MACvB;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,aAAa,QAAyD;AAE1E,UAAM,YAAY,MAAM,KAAK,aAAa,OAAO,OAAO;AAGxD,UAAM,eAAe,MAAM,OAAO,KAAK,UAAU,KAAK;AAGtD,WAAO,KAAK,cAAc;AAAA,MACxB,SAAS,OAAO;AAAA,MAChB,aAAa,UAAU;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,SAA2C;AAC5D,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAAc,QAA0D;AAC5E,WAAO,KAAK;AAAA,MACV;AAAA,MACA,cAAc,OAAO,OAAO;AAAA,MAC5B;AAAA,QACE,aAAa,OAAO;AAAA,QACpB,cAAc,OAAO;AAAA,QACrB,QAAQ,OAAO,UAAU,CAAC;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAMA,MAAc,iBACZ,QACA,MACA,MACY;AACZ,QAAI;AAEJ,aAAS,UAAU,GAAG,WAAW,KAAK,YAAY,WAAW;AAC3D,UAAI;AACF,eAAO,MAAM,KAAK,QAAW,QAAQ,MAAM,IAAI;AAAA,MACjD,SAAS,KAAK;AACZ,oBAAY;AAEZ,YAAI,eAAe,0BAA0B,UAAU,KAAK,YAAY;AACtE,gBAAM,YAAY,IAAI,aAClB,IAAI,aAAa,MACjBC,mBAAkB,KAAK,IAAI,GAAG,OAAO;AACzC,gBAAMC,OAAM,SAAS;AACrB;AAAA,QACF;AAEA,cAAM;AAAA,MACR;AAAA,IACF;AAEA,UAAM,aAAa,IAAI,MAAM,8BAA8B;AAAA,EAC7D;AAAA,EAEA,MAAc,QACZ,QACA,MACA,MACY;AACZ,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAClC,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,SAAS;AAErE,QAAI;AACF,YAAM,OAAoB;AAAA,QACxB;AAAA,QACA,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,QAC9C,QAAQ,WAAW;AAAA,MACrB;AAEA,UAAI,SAAS,QAAW;AACtB,aAAK,OAAO,KAAK,UAAU,IAAI;AAAA,MACjC;AAEA,YAAM,WAAW,MAAM,KAAK,UAAU,KAAK,IAAI;AAE/C,mBAAa,SAAS;AAEtB,UAAI,SAAS,IAAI;AACf,eAAQ,MAAM,SAAS,KAAK;AAAA,MAC9B;AAEA,UAAI,YAKA,CAAC;AACL,UAAI;AACF,oBAAa,MAAM,SAAS,KAAK;AAAA,MACnC,QAAQ;AAAA,MAER;AAEA,YAAM,OAAO,UAAU,SAAS,QAAQ,SAAS,MAAM;AACvD,YAAM,UAAU,UAAU,UAAU,UAAU,SAAS,SAAS;AAChE,YAAM,YAAY,UAAU;AAE5B,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,aAAa,OAAO,SAAS,QAAQ,IAAI,aAAa,CAAC,KAAK;AAClE,cAAM,IAAI,uBAAuB,SAAS,YAAY,EAAE,UAAU,CAAC;AAAA,MACrE;AAEA,UAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,cAAM,IAAI,kBAAkB,MAAM,SAAS,SAAS,QAAQ;AAAA,UAC1D;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,UAAI,SAAS,WAAW,KAAK;AAC3B,cAAM,IAAI,wBAAwB,SAAS;AAAA,UACzC;AAAA,UACA,SAAS,UAAU;AAAA,QACrB,CAAC;AAAA,MACH;AAEA,YAAM,IAAI,cAAc,MAAM,SAAS,SAAS,QAAQ;AAAA,QACtD;AAAA,QACA,SAAS,UAAU;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,mBAAa,SAAS;AAEtB,UAAI,eAAe,eAAe;AAChC,cAAM;AAAA,MACR;AAEA,UAAI,eAAe,gBAAgB,IAAI,SAAS,cAAc;AAC5D,cAAM,IAAI;AAAA,UACR,cAAc,GAAG,oBAAoB,KAAK,SAAS;AAAA,UACnD,EAAE,OAAO,IAAI;AAAA,QACf;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,wBAAwB,GAAG,KAAM,IAAc,OAAO;AAAA,QACtD,EAAE,OAAO,IAAa;AAAA,MACxB;AAAA,IACF;AAAA,EACF;AACF;AAMA,SAASA,OAAM,IAA2B;AACxC,SAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AACzD;","names":["DEFAULT_TIMEOUT_MS","DEFAULT_MAX_RETRIES","BASE_BACKOFF_MS","sleep"]}