dcql 0.2.17 → 0.2.19

package/dist/index.mjs

@@ -0,0 +1,951 @@
+// src/dcql-error/e-base.ts
+function isObject(value) {
+  return !!value && !Array.isArray(value) && typeof value === "object";
+}
+var UnknownCauseError = class extends Error {
+};
+function getCauseFromUnknown(cause) {
+  if (cause instanceof Error) {
+    return cause;
+  }
+  const type = typeof cause;
+  if (type === "undefined" || type === "function" || cause === null) {
+    return void 0;
+  }
+  if (type !== "object") {
+    return new Error(String(cause));
+  }
+  if (isObject(cause)) {
+    const err = new UnknownCauseError();
+    for (const key in cause) {
+      err[key] = cause[key];
+    }
+    return err;
+  }
+  return void 0;
+}
+var isDcqlError = (cause) => {
+  if (cause instanceof DcqlError) {
+    return true;
+  }
+  if (cause instanceof Error && cause.name === "DcqlError") {
+    return true;
+  }
+  return false;
+};
+function getDcqlErrorFromUnknown(cause) {
+  if (isDcqlError(cause)) {
+    return cause;
+  }
+  const dcqlError = new DcqlError({
+    code: "INTERNAL_SERVER_ERROR",
+    cause
+  });
+  if (cause instanceof Error && cause.stack) {
+    dcqlError.stack = cause.stack;
+  }
+  return dcqlError;
+}
+var DcqlError = class extends Error {
+  constructor(opts) {
+    const cause = getCauseFromUnknown(opts.cause);
+    const message = opts.message ?? cause?.message ?? opts.code;
+    super(message, { cause });
+    this.code = opts.code;
+    this.name = "DcqlError";
+    if (!this.cause) {
+      this.cause = cause;
+    }
+  }
+};
+
+// src/dcql-error/e-dcql.ts
+var DcqlCredentialSetError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "BAD_REQUEST", ...opts });
+  }
+};
+var DcqlUndefinedClaimSetIdError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "BAD_REQUEST", ...opts });
+  }
+};
+var DcqlNonUniqueCredentialQueryIdsError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "BAD_REQUEST", ...opts });
+  }
+};
+var DcqlParseError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "PARSE_ERROR", ...opts });
+  }
+};
+var DcqlInvalidClaimsQueryIdError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "BAD_REQUEST", ...opts });
+  }
+};
+var DcqlMissingClaimSetParseError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "PARSE_ERROR", ...opts });
+  }
+};
+var DcqlInvalidPresentationRecordError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "BAD_REQUEST", ...opts });
+  }
+};
+var DcqlPresentationResultError = class extends DcqlError {
+  constructor(opts) {
+    super({ code: "BAD_REQUEST", ...opts });
+  }
+};
+
+// src/dcql-presentation/m-dcql-credential-presentation.ts
+import * as v4 from "valibot";
+
+// src/u-dcql-credential.ts
+import * as v3 from "valibot";
+
+// src/u-dcql.ts
+import * as v from "valibot";
+var idRegex = /^[a-zA-Z0-9_-]+$/;
+var vNonEmptyArray = () => {
+  return v.custom((input) => input.length > 0);
+};
+var vIdString = v.pipe(v.string(), v.regex(idRegex));
+function isToJsonable(value) {
+  if (value === null || typeof value !== "object") return false;
+  const toJsonFn = value.toJson;
+  return typeof toJsonFn === "function";
+}
+var vWithJT = (schema) => v.pipe(
+  v.custom(() => true),
+  v.rawTransform(({ dataset, addIssue, NEVER }) => {
+    const result = v.safeParse(schema, dataset.value);
+    if (result.success) return dataset.value;
+    if (!isToJsonable(dataset.value)) {
+      for (const safeParseIssue of result.issues) {
+        addIssue({
+          ...safeParseIssue,
+          expected: safeParseIssue.expected ?? void 0
+        });
+      }
+      return NEVER;
+    }
+    let json;
+    try {
+      json = dataset.value.toJson();
+    } catch (error) {
+      for (const safeParseIssue of result.issues) {
+        addIssue({
+          ...safeParseIssue,
+          expected: safeParseIssue.expected ?? void 0
+        });
+      }
+      addIssue({ message: "Json Transformation failed" });
+      return NEVER;
+    }
+    const safeParseResult = v.safeParse(schema, json);
+    if (safeParseResult.success) return dataset.value;
+    for (const safeParseIssue of safeParseResult.issues) {
+      addIssue({
+        ...safeParseIssue,
+        expected: safeParseIssue.expected ?? void 0
+      });
+    }
+    return NEVER;
+  })
+);
+var vJsonLiteral = v.union([v.string(), v.number(), v.boolean(), v.null()]);
+var vJson = v.lazy(
+  () => v.union([vJsonLiteral, v.array(vJson), v.record(v.string(), vJson)])
+);
+var vJsonWithJT = v.lazy(
+  () => vWithJT(v.union([vJsonLiteral, v.array(vJson), v.record(v.string(), vJson)]))
+);
+var vJsonRecord = v.record(v.string(), vJson);
+var vStringToJson = v.rawTransform(({ dataset, addIssue, NEVER }) => {
+  try {
+    return JSON.parse(dataset.value);
+  } catch (error) {
+    addIssue({ message: "Invalid JSON" });
+    return NEVER;
+  }
+});
+
+// src/u-model.ts
+import * as v2 from "valibot";
+var Model = class {
+  constructor(input) {
+    this.input = input;
+  }
+  get v() {
+    return this.input.vModel;
+  }
+  parse(input) {
+    const result = this.safeParse(input);
+    if (result.success) {
+      return result.output;
+    }
+    return new DcqlParseError({
+      message: JSON.stringify(result.flattened),
+      cause: result.error
+    });
+  }
+  safeParse(input) {
+    const res = v2.safeParse(this.input.vModel, input);
+    if (res.success) {
+      return { success: true, output: res.output };
+    }
+    return {
+      success: false,
+      error: new v2.ValiError(res.issues),
+      flattened: v2.flatten(res.issues)
+    };
+  }
+  is(input) {
+    return v2.is(this.v, input);
+  }
+};
+
+// src/u-dcql-credential.ts
+var DcqlMdocCredential;
+((DcqlMdocCredential2) => {
+  DcqlMdocCredential2.vNamespaces = v3.record(v3.string(), v3.record(v3.string(), v3.unknown()));
+  DcqlMdocCredential2.vModel = v3.object({
+    credential_format: v3.literal("mso_mdoc"),
+    doctype: v3.string(),
+    namespaces: DcqlMdocCredential2.vNamespaces
+  });
+  DcqlMdocCredential2.model = new Model({ vModel: DcqlMdocCredential2.vModel });
+})(DcqlMdocCredential || (DcqlMdocCredential = {}));
+var DcqlSdJwtVcCredential;
+((DcqlSdJwtVcCredential2) => {
+  DcqlSdJwtVcCredential2.vClaims = vJsonRecord;
+  DcqlSdJwtVcCredential2.vModel = v3.object({
+    credential_format: v3.picklist(["vc+sd-jwt", "dc+sd-jwt"]),
+    vct: v3.string(),
+    claims: DcqlSdJwtVcCredential2.vClaims
+  });
+  DcqlSdJwtVcCredential2.model = new Model({ vModel: DcqlSdJwtVcCredential2.vModel });
+})(DcqlSdJwtVcCredential || (DcqlSdJwtVcCredential = {}));
+var DcqlW3cVcCredential;
+((DcqlW3cVcCredential2) => {
+  DcqlW3cVcCredential2.vClaims = vJsonRecord;
+  DcqlW3cVcCredential2.vModel = v3.object({
+    credential_format: v3.picklist(["jwt_vc_json-ld", "jwt_vc_json"]),
+    claims: DcqlW3cVcCredential2.vClaims
+  });
+  DcqlW3cVcCredential2.model = new Model({ vModel: DcqlW3cVcCredential2.vModel });
+})(DcqlW3cVcCredential || (DcqlW3cVcCredential = {}));
+var DcqlCredential;
+((DcqlCredential2) => {
+  DcqlCredential2.vModel = v3.variant("credential_format", [
+    DcqlMdocCredential.vModel,
+    DcqlSdJwtVcCredential.vModel,
+    DcqlW3cVcCredential.vModel
+  ]);
+  DcqlCredential2.vParseSuccess = v3.object({
+    success: v3.literal(true),
+    typed: v3.literal(true),
+    issues: v3.optional(v3.undefined()),
+    input_credential_index: v3.number(),
+    claim_set_index: v3.union([v3.number(), v3.undefined()]),
+    output: DcqlCredential2.vModel
+  });
+  DcqlCredential2.vParseFailure = v3.object({
+    success: v3.literal(false),
+    typed: v3.boolean(),
+    output: v3.unknown(),
+    issues: v3.pipe(v3.array(v3.unknown()), vNonEmptyArray()),
+    input_credential_index: v3.number(),
+    claim_set_index: v3.union([v3.number(), v3.undefined()])
+  });
+  DcqlCredential2.model = new Model({ vModel: DcqlCredential2.vModel });
+})(DcqlCredential || (DcqlCredential = {}));
+
+// src/dcql-presentation/m-dcql-credential-presentation.ts
+var DcqlMdocPresentation;
+((DcqlMdocPresentation2) => {
+  DcqlMdocPresentation2.vModel = DcqlMdocCredential.vModel;
+  DcqlMdocPresentation2.model = new Model({ vModel: DcqlMdocPresentation2.vModel });
+})(DcqlMdocPresentation || (DcqlMdocPresentation = {}));
+var DcqlSdJwtVcPresentation;
+((DcqlSdJwtVcPresentation2) => {
+  DcqlSdJwtVcPresentation2.vModel = DcqlSdJwtVcCredential.vModel;
+  DcqlSdJwtVcPresentation2.model = new Model({ vModel: DcqlSdJwtVcPresentation2.vModel });
+})(DcqlSdJwtVcPresentation || (DcqlSdJwtVcPresentation = {}));
+var DcqlW3cVcPresentation;
+((DcqlW3cVcPresentation2) => {
+  DcqlW3cVcPresentation2.vModel = DcqlW3cVcCredential.vModel;
+  DcqlW3cVcPresentation2.model = new Model({ vModel: DcqlW3cVcPresentation2.vModel });
+})(DcqlW3cVcPresentation || (DcqlW3cVcPresentation = {}));
+var DcqlCredentialPresentation;
+((DcqlCredentialPresentation2) => {
+  DcqlCredentialPresentation2.model = new Model({
+    vModel: v4.variant("credential_format", [
+      DcqlMdocPresentation.vModel,
+      DcqlSdJwtVcPresentation.vModel,
+      DcqlW3cVcPresentation.vModel
+    ])
+  });
+})(DcqlCredentialPresentation || (DcqlCredentialPresentation = {}));
+
+// src/dcql-presentation/m-dcql-presentation-result.ts
+import * as v11 from "valibot";
+
+// src/dcql-parser/dcql-credential-query-result.ts
+import * as v6 from "valibot";
+
+// src/dcql-parser/dcql-claims-query-result.ts
+import * as v5 from "valibot";
+var getClaimParser = (input) => {
+  const { value, values } = input;
+  if (value) {
+    return vWithJT(v5.literal(value));
+  }
+  if (values) {
+    return vWithJT(v5.union(values.map((val) => v5.literal(val))));
+  }
+  return v5.nonNullish(v5.any());
+};
+var getNamespacesParser = (claimsQueries) => {
+  const claimsForNamespace = {};
+  for (const claimQuery of claimsQueries) {
+    if (claimsForNamespace[claimQuery.namespace]) {
+      claimsForNamespace[claimQuery.namespace]?.push({ ...claimQuery });
+    } else {
+      claimsForNamespace[claimQuery.namespace] = [{ ...claimQuery }];
+    }
+  }
+  const parsersForNamespaces = Object.entries(claimsForNamespace).map(([namespace, claims]) => {
+    const claimParsers = Object.fromEntries(claims.map((claim) => [claim.claim_name, getClaimParser(claim)]));
+    return [namespace, v5.object(claimParsers)];
+  });
+  return v5.object(Object.fromEntries(parsersForNamespaces));
+};
+var getClaimQueryParser = (claimQuery, ctx) => {
+  const { index, presentation } = ctx;
+  const pathElement = claimQuery.path[index];
+  const isLast = index === claimQuery.path.length - 1;
+  const vClaimParser = getClaimParser(claimQuery);
+  if (typeof pathElement === "number") {
+    const elementParser = isLast ? vClaimParser : getClaimQueryParser(claimQuery, { ...ctx, index: index + 1 });
+    if (presentation) {
+      return v5.union([
+        v5.pipe(
+          v5.array(vJson),
+          v5.length(1),
+          v5.transform((input) => input[0]),
+          elementParser
+        ),
+        elementParser
+      ]);
+    }
+    return v5.pipe(
+      v5.array(vJson),
+      v5.transform((input) => input[pathElement]),
+      elementParser
+    );
+  }
+  if (typeof pathElement === "string") {
+    return v5.object({
+      [pathElement]: isLast ? vClaimParser : getClaimQueryParser(claimQuery, { ...ctx, index: index + 1 })
+    });
+  }
+  return isLast ? v5.array(vClaimParser) : v5.array(getClaimQueryParser(claimQuery, { ...ctx, index: index + 1 }));
+};
+var getJsonClaimsParser = (claimsQueries, ctx) => {
+  const claimParser = v5.intersect(
+    claimsQueries.map(
+      (claimQuery) => getClaimQueryParser(claimQuery, {
+        ...ctx,
+        index: 0
+      })
+    )
+  );
+  return claimParser;
+};
+var getMdocClaimsQueriesForClaimSet = (claimsQueries, claimSet) => {
+  return claimSet.map((credential_id) => {
+    const query = claimsQueries.find((query2) => query2.id === credential_id);
+    if (!query) {
+      throw new DcqlInvalidClaimsQueryIdError({
+        message: `Claims-query with id '${credential_id}' not found.`
+      });
+    }
+    return query;
+  });
+};
+var getJsonClaimsQueriesForClaimSet = (claimsQueries, claimSet) => {
+  return claimSet.map((credential_id) => {
+    const query = claimsQueries.find((query2) => query2.id === credential_id);
+    if (!query) {
+      throw new DcqlInvalidClaimsQueryIdError({
+        message: `Claims-query with id '${credential_id}' not found.`
+      });
+    }
+    return query;
+  });
+};
+var getMdocParser = (credentialQuery, ctx) => {
+  const { claimSet } = ctx;
+  const vDoctype = credentialQuery.meta?.doctype_value ? v5.literal(credentialQuery.meta.doctype_value) : v5.string();
+  const claimSetQueries = credentialQuery.claims && claimSet ? getMdocClaimsQueriesForClaimSet(credentialQuery.claims, claimSet) : credentialQuery.claims;
+  const credentialParser = v5.object({
+    credential_format: v5.literal("mso_mdoc"),
+    doctype: vDoctype,
+    namespaces: claimSetQueries ? getNamespacesParser(claimSetQueries) : v5.record(v5.string(), v5.record(v5.string(), v5.unknown()))
+  });
+  return credentialParser;
+};
+var getW3cVcSdJwtVcParser = (credentialQuery, ctx) => {
+  const { claimSet } = ctx;
+  const claimSetQueries = credentialQuery.claims && claimSet ? getJsonClaimsQueriesForClaimSet(credentialQuery.claims, claimSet) : credentialQuery.claims;
+  if (credentialQuery.format === "vc+sd-jwt" || credentialQuery.format === "dc+sd-jwt") {
+    return v5.object({
+      credential_format: v5.literal(credentialQuery.format),
+      vct: credentialQuery.meta?.vct_values ? v5.picklist(credentialQuery.meta.vct_values) : v5.string(),
+      claims: claimSetQueries ? getJsonClaimsParser(claimSetQueries, ctx) : vJsonRecord
+    });
+  }
+  const credentialParser = v5.object({
+    credential_format: v5.picklist(["jwt_vc_json", "jwt_vc_json-ld"]),
+    claims: claimSetQueries ? getJsonClaimsParser(claimSetQueries, ctx) : vJsonRecord
+  });
+  return credentialParser;
+};
+var getCredentialQueryParser = (credentialQuery, ctx) => {
+  if (credentialQuery.claim_sets && !ctx.claimSet) {
+    throw new DcqlMissingClaimSetParseError({
+      message: "credentialQuery specifies claim_sets but no claim_set for parsing is provided."
+    });
+  }
+  if (credentialQuery.format === "mso_mdoc") {
+    return getMdocParser(credentialQuery, ctx);
+  }
+  return getW3cVcSdJwtVcParser(credentialQuery, ctx);
+};
+
+// src/dcql-parser/dcql-credential-query-result.ts
+var runCredentialQuery = (credentialQuery, ctx) => {
+  const { credentials, presentation } = ctx;
+  const claimSets = credentialQuery.claim_sets ?? [void 0];
+  const credentialQueryResult = new Array(
+    claimSets.length
+  ).fill([]);
+  for (const [claimSetIndex, claim_set] of claimSets.entries()) {
+    const credentialParser = getCredentialQueryParser(credentialQuery, {
+      claimSet: claim_set,
+      presentation
+    });
+    for (const [credentialIndex, credential] of credentials.entries()) {
+      if (claimSetIndex > 0) {
+        const previous = credentialQueryResult[claimSetIndex - 1]?.[credentialIndex];
+        if (previous?.success || !previous) {
+          credentialQueryResult[claimSetIndex][credentialIndex] = void 0;
+          continue;
+        }
+      }
+      const parseResult = v6.safeParse(credentialParser, credential);
+      credentialQueryResult[claimSetIndex]?.push({
+        ...parseResult,
+        ...parseResult.issues && {
+          flattened: v6.flatten(parseResult.issues)
+        },
+        input_credential_index: credentialIndex,
+        claim_set_index: credentialQuery.claim_sets ? claimSetIndex : void 0
+      });
+    }
+  }
+  return credentialQueryResult;
+};
+
+// src/dcql-query-result/m-dcql-query-result.ts
+import * as v10 from "valibot";
+
+// src/dcql-query/m-dcql-credential-query.ts
+import * as v8 from "valibot";
+
+// src/dcql-query/m-dcql-claims-query.ts
+import * as v7 from "valibot";
+var DcqlClaimsQuery;
+((DcqlClaimsQuery2) => {
+  DcqlClaimsQuery2.vValue = v7.union([v7.string(), v7.pipe(v7.number(), v7.integer()), v7.boolean()]);
+  DcqlClaimsQuery2.vPath = v7.union([v7.string(), v7.pipe(v7.number(), v7.integer(), v7.minValue(0)), v7.null()]);
+  DcqlClaimsQuery2.vW3cSdJwtVc = v7.object({
+    id: v7.pipe(
+      v7.optional(v7.pipe(v7.string(), v7.regex(idRegex))),
+      v7.description(
+        "A string identifying the particular claim. The value MUST be a non-empty string consisting of alphanumeric, underscore (_) or hyphen (-) characters. Within the particular claims array, the same id MUST NOT be present more than once."
+      )
+    ),
+    path: v7.pipe(
+      v7.array(DcqlClaimsQuery2.vPath),
+      v7.description(
+        "A non-empty array representing a claims path pointer that specifies the path to a claim within the Verifiable Credential."
+      )
+    ),
+    values: v7.pipe(
+      v7.optional(v7.array(DcqlClaimsQuery2.vValue)),
+      v7.description(
+        "An array of strings, integers or boolean values that specifies the expected values of the claim. If the values property is present, the Wallet SHOULD return the claim only if the type and value of the claim both match for at least one of the elements in the array."
+      )
+    )
+  });
+  DcqlClaimsQuery2.vMdoc = v7.object({
+    id: v7.pipe(
+      v7.optional(v7.pipe(v7.string(), v7.regex(idRegex))),
+      v7.description(
+        "A string identifying the particular claim. The value MUST be a non-empty string consisting of alphanumeric, underscore (_) or hyphen (-) characters. Within the particular claims array, the same id MUST NOT be present more than once."
+      )
+    ),
+    namespace: v7.pipe(
+      v7.string(),
+      v7.description(
+        "A string that specifies the namespace of the data element within the mdoc, e.g., org.iso.18013.5.1."
+      )
+    ),
+    claim_name: v7.pipe(
+      v7.string(),
+      v7.description(
+        "A string that specifies the data element identifier of the data element within the provided namespace in the mdoc, e.g., first_name."
+      )
+    ),
+    values: v7.pipe(
+      v7.optional(v7.array(DcqlClaimsQuery2.vValue)),
+      v7.description(
+        "An array of strings, integers or boolean values that specifies the expected values of the claim. If the values property is present, the Wallet SHOULD return the claim only if the type and value of the claim both match for at least one of the elements in the array."
+      )
+    )
+  });
+  DcqlClaimsQuery2.vModel = v7.union([DcqlClaimsQuery2.vMdoc, DcqlClaimsQuery2.vW3cSdJwtVc]);
+})(DcqlClaimsQuery || (DcqlClaimsQuery = {}));
+
+// src/dcql-query/m-dcql-credential-query.ts
+var DcqlCredentialQuery;
+((DcqlCredentialQuery2) => {
+  const vBase = v8.object({
+    id: v8.pipe(
+      v8.string(),
+      v8.regex(idRegex),
+      v8.description(
+        `REQUIRED. A string identifying the Credential in the response and, if provided, the constraints in 'credential_sets'.`
+      )
+    ),
+    claim_sets: v8.pipe(
+      v8.optional(v8.pipe(v8.array(v8.array(v8.pipe(v8.string(), v8.regex(idRegex)))), vNonEmptyArray())),
+      v8.description(
+        `OPTIONAL. A non-empty array containing arrays of identifiers for elements in 'claims' that specifies which combinations of 'claims' for the Credential are requested.`
+      )
+    )
+  });
+  DcqlCredentialQuery2.vMdoc = v8.object({
+    ...vBase.entries,
+    format: v8.pipe(
+      v8.literal("mso_mdoc"),
+      v8.description("REQUIRED. A string that specifies the format of the requested Verifiable Credential.")
+    ),
+    claims: v8.pipe(
+      v8.optional(v8.pipe(v8.array(DcqlClaimsQuery.vMdoc), vNonEmptyArray())),
+      v8.description("OPTIONAL. A non-empty array of objects as that specifies claims in the requested Credential.")
+    ),
+    meta: v8.pipe(
+      v8.optional(
+        v8.object({
+          doctype_value: v8.pipe(
+            v8.optional(v8.string()),
+            v8.description(
+              "OPTIONAL. String that specifies an allowed value for the doctype of the requested Verifiable Credential."
+            )
+          )
+        })
+      ),
+      v8.description(
+        "OPTIONAL. An object defining additional properties requested by the Verifier that apply to the metadata and validity data of the Credential."
+      )
+    )
+  });
+  DcqlCredentialQuery2.vSdJwtVc = v8.object({
+    ...vBase.entries,
+    format: v8.pipe(
+      v8.picklist(["vc+sd-jwt", "dc+sd-jwt"]),
+      v8.description("REQUIRED. A string that specifies the format of the requested Verifiable Credential.")
+    ),
+    claims: v8.pipe(
+      v8.optional(v8.pipe(v8.array(DcqlClaimsQuery.vW3cSdJwtVc), vNonEmptyArray())),
+      v8.description("OPTIONAL. A non-empty array of objects as that specifies claims in the requested Credential.")
+    ),
+    meta: v8.pipe(
+      v8.optional(
+        v8.pipe(
+          v8.object({
+            vct_values: v8.optional(v8.array(v8.string()))
+          }),
+          v8.description(
+            "OPTIONAL. An array of strings that specifies allowed values for the type of the requested Verifiable Credential."
+          )
+        )
+      ),
+      v8.description(
+        "OPTIONAL. An object defining additional properties requested by the Verifier that apply to the metadata and validity data of the Credential."
+      )
+    )
+  });
+  DcqlCredentialQuery2.vW3cVc = v8.object({
+    ...vBase.entries,
+    format: v8.picklist(["jwt_vc_json", "jwt_vc_json-ld"]),
+    claims: v8.optional(v8.pipe(v8.array(DcqlClaimsQuery.vW3cSdJwtVc), vNonEmptyArray()))
+  });
+  DcqlCredentialQuery2.vModel = v8.variant("format", [DcqlCredentialQuery2.vMdoc, DcqlCredentialQuery2.vSdJwtVc, DcqlCredentialQuery2.vW3cVc]);
+  DcqlCredentialQuery2.validate = (credentialQuery) => {
+    claimSetIdsAreDefined(credentialQuery);
+  };
+})(DcqlCredentialQuery || (DcqlCredentialQuery = {}));
+var claimSetIdsAreDefined = (credentialQuery) => {
+  if (!credentialQuery.claim_sets) return;
+  const claimIds = new Set(credentialQuery.claims?.map((claim) => claim.id));
+  const undefinedClaims = [];
+  for (const claim_set of credentialQuery.claim_sets) {
+    for (const claim_id of claim_set) {
+      if (!claimIds.has(claim_id)) {
+        undefinedClaims.push(claim_id);
+      }
+    }
+  }
+  if (undefinedClaims.length > 0) {
+    throw new DcqlUndefinedClaimSetIdError({
+      message: `Credential set contains undefined credential id${undefinedClaims.length === 0 ? "" : "`s"} '${undefinedClaims.join(", ")}'`
+    });
+  }
+};
+
+// src/dcql-query/m-dcql-credential-set-query.ts
+import * as v9 from "valibot";
+var CredentialSetQuery;
+((CredentialSetQuery2) => {
+  CredentialSetQuery2.vModel = v9.object({
+    options: v9.pipe(
+      v9.array(v9.array(vIdString)),
+      vNonEmptyArray(),
+      v9.description(
+        "REQUIRED. A non-empty array, where each value in the array is a list of Credential Query identifiers representing one set of Credentials that satisfies the use case."
+      )
+    ),
+    required: v9.pipe(
+      v9.optional(v9.boolean(), true),
+      v9.description(
+        `OPTIONAL. Boolean which indicates whether this set of Credentials is required to satisfy the particular use case at the Verifier. If omitted, the default value is 'true'.`
+      )
+    ),
+    purpose: v9.pipe(
+      v9.optional(v9.union([v9.string(), v9.number(), v9.record(v9.string(), v9.unknown())])),
+      v9.description("OPTIONAL. A string, number or object specifying the purpose of the query.")
+    )
+  });
+})(CredentialSetQuery || (CredentialSetQuery = {}));
+
+// src/dcql-query-result/m-dcql-query-result.ts
+var DcqlQueryResult;
+((DcqlQueryResult2) => {
+  DcqlQueryResult2.vCredentialQueryResult = v10.pipe(
+    v10.array(v10.array(v10.union([v10.undefined(), DcqlCredential.vParseSuccess, DcqlCredential.vParseFailure]))),
+    vNonEmptyArray()
+  );
+  DcqlQueryResult2.vModel = v10.object({
+    credentials: v10.pipe(
+      v10.array(DcqlCredentialQuery.vModel),
+      vNonEmptyArray(),
+      v10.description(
+        "REQUIRED. A non-empty array of Credential Queries that specify the requested Verifiable Credentials."
+      )
+    ),
+    credential_matches: v10.record(
+      v10.pipe(v10.string(), v10.regex(idRegex)),
+      v10.union([
+        v10.object({
+          ...DcqlCredential.vParseSuccess.entries,
+          all: v10.pipe(
+            v10.array(
+              v10.pipe(
+                v10.array(v10.union([v10.undefined(), DcqlCredential.vParseSuccess, DcqlCredential.vParseFailure])),
+                vNonEmptyArray()
+              )
+            ),
+            vNonEmptyArray()
+          )
+        }),
+        v10.object({
+          success: DcqlCredential.vParseFailure.entries.success,
+          all: v10.pipe(
+            v10.array(
+              v10.pipe(
+                v10.array(v10.union([v10.undefined(), DcqlCredential.vParseSuccess, DcqlCredential.vParseFailure])),
+                vNonEmptyArray()
+              )
+            ),
+            vNonEmptyArray()
+          )
+        })
+      ])
+    ),
+    credential_sets: v10.optional(
+      v10.pipe(
+        v10.array(
+          v10.object({
+            ...CredentialSetQuery.vModel.entries,
+            matching_options: v10.union([v10.undefined(), v10.pipe(v10.array(v10.array(v10.string())), vNonEmptyArray())])
+          })
+        ),
+        vNonEmptyArray(),
+        v10.description(
+          "OPTIONAL. A non-empty array of credential set queries that specifies additional constraints on which of the requested Verifiable Credentials to return."
+        )
+      )
+    ),
+    canBeSatisfied: v10.boolean()
+  });
+})(DcqlQueryResult || (DcqlQueryResult = {}));
+
+// src/dcql-presentation/m-dcql-presentation-result.ts
+var DcqlPresentationResult;
+((DcqlPresentationResult2) => {
+  DcqlPresentationResult2.vModel = v11.object({
+    ...v11.omit(DcqlQueryResult.vModel, ["credential_matches"]).entries,
+    invalid_matches: v11.union([
+      v11.record(
+        v11.pipe(v11.string(), v11.regex(idRegex)),
+        v11.object({
+          ...v11.omit(DcqlCredential.vParseFailure, ["input_credential_index"]).entries,
+          presentation_id: v11.pipe(v11.string(), v11.regex(idRegex))
+        })
+      ),
+      v11.undefined()
+    ]),
+    valid_matches: v11.record(
+      v11.pipe(v11.string(), v11.regex(idRegex)),
+      v11.object({
+        ...v11.omit(DcqlCredential.vParseSuccess, ["issues", "input_credential_index"]).entries,
+        presentation_id: v11.pipe(v11.string(), v11.regex(idRegex))
+      })
+    )
+  });
+  DcqlPresentationResult2.parse = (input) => {
+    return v11.parse(DcqlPresentationResult2.vModel, input);
+  };
+  DcqlPresentationResult2.fromDcqlPresentation = (dcqlPresentation, ctx) => {
+    const { dcqlQuery } = ctx;
+    const presentationQueriesResults = Object.fromEntries(
+      Object.entries(dcqlPresentation).map(([queryId, presentation]) => {
+        const credentialQuery = dcqlQuery.credentials.find((c) => c.id === queryId);
+        if (!credentialQuery) {
+          throw new DcqlPresentationResultError({
+            message: `Query ${queryId} not found in the dcql query. Cannot validate presentation.`
+          });
+        }
+        return [
+          queryId,
+          runCredentialQuery(credentialQuery, {
+            presentation: true,
+            credentials: [presentation]
+          })
+        ];
+      })
+    );
+    let invalidMatches = void 0;
+    const validMatches = {};
+    for (const [queryId, presentationQueryResult] of Object.entries(presentationQueriesResults)) {
+      for (const presentationQueryResultForClaimSet of presentationQueryResult) {
+        const result = presentationQueryResultForClaimSet[0];
+        if (result.success) {
+          const { issues, input_credential_index, ...rest } = result;
+          validMatches[queryId] = { ...rest, presentation_id: queryId };
+        } else {
+          if (!invalidMatches) invalidMatches = {};
+          const { input_credential_index, ...rest } = result;
+          invalidMatches[queryId] = {
+            ...rest,
+            presentation_id: queryId
+          };
+        }
+      }
+    }
+    const credentialSetResults = dcqlQuery.credential_sets?.map((set) => {
+      const matchingOptions = set.options.filter(
+        (option) => option.every((credentialQueryId) => validMatches[credentialQueryId]?.success)
+      );
+      return {
+        ...set,
+        matching_options: matchingOptions.length > 0 ? matchingOptions : void 0
+      };
+    });
+    const dqclQueryMatched = credentialSetResults ? credentialSetResults.every((set) => !set.required || set.matching_options) : !invalidMatches;
+    return {
+      ...dcqlQuery,
+      canBeSatisfied: dqclQueryMatched,
+      valid_matches: validMatches,
+      invalid_matches: invalidMatches,
+      credential_sets: credentialSetResults
+    };
+  };
+  DcqlPresentationResult2.validate = (dcqlQueryResult) => {
+    if (!dcqlQueryResult.canBeSatisfied) {
+      throw new DcqlInvalidPresentationRecordError({
+        message: "Invalid Presentation record",
+        cause: dcqlQueryResult
+      });
+    }
+    return dcqlQueryResult;
+  };
+})(DcqlPresentationResult || (DcqlPresentationResult = {}));
+
+// src/dcql-presentation/m-dcql-presentation.ts
+import * as v12 from "valibot";
+var DcqlPresentation;
+((DcqlPresentation2) => {
+  DcqlPresentation2.vModel = v12.record(v12.pipe(v12.string(), v12.regex(idRegex)), v12.union([v12.string(), vJsonRecord]));
+  DcqlPresentation2.parse = (input) => {
+    if (typeof input === "string") {
+      return v12.parse(v12.pipe(v12.string(), vStringToJson, DcqlPresentation2.vModel), input);
+    }
+    return v12.parse(DcqlPresentation2.vModel, input);
+  };
+  DcqlPresentation2.encode = (input) => {
+    return JSON.stringify(input);
+  };
+})(DcqlPresentation || (DcqlPresentation = {}));
+
+// src/dcql-query-result/run-dcql-query.ts
+var runDcqlQuery = (dcqlQuery, ctx) => {
+  const credentialQueriesResults = Object.fromEntries(
+    dcqlQuery.credentials.map((credentialQuery) => [credentialQuery.id, runCredentialQuery(credentialQuery, ctx)])
+  );
+  const credentialMatches = Object.fromEntries(
+    Object.entries(credentialQueriesResults).map(([key, credentialQueryResult]) => {
+      let bestMatch = void 0;
+      for (const credentialParseResult of credentialQueryResult) {
+        const bestMatchForCredential = credentialParseResult.find((result) => result?.success === true);
+        if (!bestMatch && bestMatchForCredential) {
+          const { issues, ...matchWithoutIssues } = bestMatchForCredential;
+          bestMatch = matchWithoutIssues;
+          continue;
+        }
+        if (bestMatchForCredential && bestMatchForCredential.claim_set_index < bestMatch?.claim_set_index) {
+          const { issues, ...matchWithoutIssues } = bestMatchForCredential;
+          bestMatch = matchWithoutIssues;
+        }
+      }
+      return [
+        key,
+        bestMatch ? { ...bestMatch, all: credentialQueryResult } : { success: false, all: credentialQueryResult }
+      ];
+    })
+  );
+  const credentialSetResults = dcqlQuery.credential_sets?.map((set) => {
+    const matchingOptions = set.options.filter(
+      (option) => option.every((credentialQueryId) => credentialMatches[credentialQueryId]?.success)
+    );
+    return {
+      ...set,
+      matching_options: matchingOptions.length > 0 ? matchingOptions : void 0
+    };
+  });
+  const dqclQueryMatched = credentialSetResults ? credentialSetResults.every((set) => !set.required || set.matching_options) : Object.values(credentialMatches).every((query) => query.success);
+  return {
+    ...dcqlQuery,
+    canBeSatisfied: dqclQueryMatched,
+    credential_matches: credentialMatches,
+    credential_sets: credentialSetResults
+  };
+};
+
+// src/dcql-query/m-dcql-query.ts
+import * as v13 from "valibot";
+var DcqlQuery;
+((DcqlQuery2) => {
+  DcqlQuery2.vModel = v13.object({
+    credentials: v13.pipe(
+      v13.array(DcqlCredentialQuery.vModel),
+      vNonEmptyArray(),
+      v13.description(
+        "REQUIRED. A non-empty array of Credential Queries that specify the requested Verifiable Credentials."
+      )
+    ),
+    credential_sets: v13.pipe(
+      v13.optional(v13.pipe(v13.array(CredentialSetQuery.vModel), vNonEmptyArray())),
+      v13.description(
+        "OPTIONAL. A non-empty array of credential set queries that specifies additional constraints on which of the requested Verifiable Credentials to return."
+      )
+    )
+  });
+  DcqlQuery2.validate = (dcqlQuery) => {
+    validateUniqueCredentialQueryIds(dcqlQuery);
+    validateCredentialSets(dcqlQuery);
+    dcqlQuery.credentials.forEach(DcqlCredentialQuery.validate);
+  };
+  DcqlQuery2.query = (dcqlQuery, credentials) => {
+    return runDcqlQuery(dcqlQuery, { credentials, presentation: false });
+  };
+  DcqlQuery2.parse = (input) => {
+    return v13.parse(DcqlQuery2.vModel, input);
+  };
+})(DcqlQuery || (DcqlQuery = {}));
+var validateUniqueCredentialQueryIds = (query) => {
+  const ids = query.credentials.map((c) => c.id);
+  const duplicates = ids.filter((id, index) => ids.indexOf(id) !== index);
+  if (duplicates.length > 0) {
+    throw new DcqlNonUniqueCredentialQueryIdsError({
+      message: `Duplicate credential query ids found: ${duplicates.join(", ")}`
+    });
+  }
+};
+var validateCredentialSets = (query) => {
+  if (!query.credential_sets) return;
+  const credentialQueryIds = new Set(query.credentials.map((c) => c.id));
+  const undefinedCredentialQueryIds = [];
+  for (const credential_set of query.credential_sets) {
+    for (const credentialSetOption of credential_set.options) {
+      for (const credentialQueryId of credentialSetOption) {
+        if (!credentialQueryIds.has(credentialQueryId)) {
+          undefinedCredentialQueryIds.push(credentialQueryId);
+        }
+      }
+    }
+  }
+  if (undefinedCredentialQueryIds.length > 0) {
+    throw new DcqlCredentialSetError({
+      message: `Credential set contains undefined credential id${undefinedCredentialQueryIds.length === 1 ? "" : "`s"} '${undefinedCredentialQueryIds.join(", ")}'`
+    });
+  }
+};
+export {
+  CredentialSetQuery,
+  DcqlClaimsQuery,
+  DcqlCredential,
+  DcqlCredentialPresentation,
+  DcqlCredentialQuery,
+  DcqlCredentialSetError,
+  DcqlError,
+  DcqlInvalidClaimsQueryIdError,
+  DcqlInvalidPresentationRecordError,
+  DcqlMdocCredential,
+  DcqlMdocPresentation,
+  DcqlMissingClaimSetParseError,
+  DcqlNonUniqueCredentialQueryIdsError,
+  DcqlParseError,
+  DcqlPresentation,
+  DcqlPresentationResult,
+  DcqlPresentationResultError,
+  DcqlQuery,
+  DcqlQueryResult,
+  DcqlSdJwtVcCredential,
+  DcqlSdJwtVcPresentation,
+  DcqlUndefinedClaimSetIdError,
+  DcqlW3cVcCredential,
+  DcqlW3cVcPresentation,
+  getCauseFromUnknown,
+  getDcqlErrorFromUnknown,
+  runDcqlQuery
+};
+//# sourceMappingURL=index.mjs.map