humankey 0.3.0 → 0.3.1

package/dist/chunk-SZPXOH7Z.cjs

@@ -0,0 +1,75 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+var _chunk2KMBF2THcjs = require('./chunk-2KMBF2TH.cjs');
+
+
+
+
+
+
+var _chunkJI6NIMGKcjs = require('./chunk-JI6NIMGK.cjs');
+
+// src/tap.ts
+var _browser = require('@simplewebauthn/browser');
+async function requestTap(request) {
+  const {
+    challenge,
+    action,
+    confirmation,
+    userInput,
+    allowCredentials,
+    rpID,
+    userVerification = "required",
+    timeout = 6e4
+  } = request;
+  _chunk2KMBF2THcjs.validateConfirmation.call(void 0, confirmation, userInput);
+  const actionHashBuffer = await _chunkJI6NIMGKcjs.hashAction.call(void 0, action);
+  const confirmationInput = `${confirmation.code}:${userInput.toUpperCase().trim()}`;
+  const confirmationHashBuffer = await crypto.subtle.digest(
+    "SHA-256",
+    new TextEncoder().encode(confirmationInput)
+  );
+  const challengeBuffer = _chunkJI6NIMGKcjs.base64urlToBuffer.call(void 0, challenge);
+  const finalChallenge = await _chunkJI6NIMGKcjs.combineAndHash.call(void 0, 
+    challengeBuffer,
+    actionHashBuffer,
+    confirmationHashBuffer
+  );
+  const actionHash = _chunkJI6NIMGKcjs.bufferToBase64url.call(void 0, actionHashBuffer);
+  const confirmationHash = _chunkJI6NIMGKcjs.bufferToBase64url.call(void 0, confirmationHashBuffer);
+  try {
+    const response = await _browser.startAuthentication.call(void 0, {
+      optionsJSON: {
+        challenge: _chunkJI6NIMGKcjs.bufferToBase64url.call(void 0, finalChallenge),
+        rpId: rpID,
+        allowCredentials: allowCredentials.map((cred) => ({
+          id: cred.id,
+          type: "public-key",
+          transports: cred.transports
+        })),
+        userVerification,
+        timeout
+      }
+    });
+    return {
+      response,
+      action,
+      actionHash,
+      confirmationHash,
+      userInput: userInput.toUpperCase().trim()
+    };
+  } catch (error) {
+    if (error instanceof Error && error.name === "NotAllowedError") {
+      throw new (0, _chunkJI6NIMGKcjs.HumanKeyError)(
+        "User cancelled the hardware key tap",
+        "USER_CANCELLED",
+        error
+      );
+    }
+    throw error;
+  }
+}
+
+
+
+exports.requestTap = requestTap;

package/dist/chunk-U2AGXRNW.mjs

@@ -0,0 +1,76 @@
+import {
+  HumanKeyError,
+  bufferToBase64url
+} from "./chunk-CLQSCDXC.mjs";
+
+// src/register.ts
+import { startRegistration } from "@simplewebauthn/browser";
+async function registerKey(request) {
+  const {
+    challenge,
+    rpID,
+    rpName,
+    userName,
+    userDisplayName = userName,
+    excludeCredentials = [],
+    attestation = "direct",
+    userVerification = "required",
+    timeout = 6e4
+  } = request;
+  const userIdBytes = new TextEncoder().encode(userName);
+  const userIdHash = await crypto.subtle.digest("SHA-256", userIdBytes);
+  const userId = bufferToBase64url(userIdHash);
+  try {
+    const response = await startRegistration({
+      optionsJSON: {
+        rp: { name: rpName, id: rpID },
+        user: {
+          id: userId,
+          name: userName,
+          displayName: userDisplayName
+        },
+        challenge,
+        pubKeyCredParams: [
+          { alg: -7, type: "public-key" },
+          // ES256
+          { alg: -257, type: "public-key" }
+          // RS256
+        ],
+        timeout,
+        attestation,
+        excludeCredentials: excludeCredentials.map((cred) => ({
+          id: cred.id,
+          type: "public-key",
+          transports: cred.transports
+        })),
+        authenticatorSelection: {
+          authenticatorAttachment: "cross-platform",
+          residentKey: "preferred",
+          userVerification
+        }
+      }
+    });
+    return {
+      credentialId: response.id,
+      response,
+      transports: response.response.transports
+    };
+  } catch (error) {
+    if (error instanceof Error && error.name === "NotAllowedError") {
+      throw new HumanKeyError(
+        "User cancelled hardware key registration",
+        "USER_CANCELLED",
+        error
+      );
+    }
+    throw new HumanKeyError(
+      `Registration failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+      "REGISTRATION_FAILED",
+      error
+    );
+  }
+}
+
+export {
+  registerKey
+};

package/dist/chunk-Y6KQC7WK.mjs

@@ -0,0 +1,124 @@
+import {
+  createChallenge,
+  verifyRegistration,
+  verifyTapProof
+} from "./chunk-XXJAJHNP.mjs";
+import {
+  HumanKeyError
+} from "./chunk-CLQSCDXC.mjs";
+
+// src/adapter-core.ts
+var MemoryChallengeStore = class {
+  store = /* @__PURE__ */ new Map();
+  async set(id, challenge, ttlMs) {
+    this.store.set(id, { challenge, expiresAt: Date.now() + ttlMs });
+    this.cleanup();
+  }
+  async get(id) {
+    const entry = this.store.get(id);
+    if (!entry) return null;
+    this.store.delete(id);
+    if (Date.now() > entry.expiresAt) return null;
+    return entry.challenge;
+  }
+  cleanup() {
+    const now = Date.now();
+    for (const [id, entry] of this.store) {
+      if (now > entry.expiresAt) this.store.delete(id);
+    }
+  }
+};
+function resolveConfig(config) {
+  return {
+    rpID: config.rpID,
+    rpName: config.rpName,
+    origin: config.origin,
+    challengeTTL: config.challengeTTL ?? 6e4,
+    challengeStore: config.challengeStore ?? new MemoryChallengeStore(),
+    getCredential: config.getCredential,
+    onRegister: config.onRegister,
+    onVerify: config.onVerify,
+    requireUserVerification: config.requireUserVerification ?? true,
+    allowedAAGUIDs: config.allowedAAGUIDs
+  };
+}
+async function handleChallenge(config) {
+  try {
+    const challenge = createChallenge();
+    const challengeId = crypto.randomUUID();
+    await config.challengeStore.set(challengeId, challenge, config.challengeTTL);
+    return { status: 200, body: { challengeId, challenge } };
+  } catch {
+    return { status: 500, body: { error: "Internal server error" } };
+  }
+}
+async function handleRegister(config, body) {
+  try {
+    const challenge = await config.challengeStore.get(body.challengeId);
+    if (!challenge) {
+      return { status: 400, body: { error: "Challenge not found or expired" } };
+    }
+    const result = await verifyRegistration({
+      response: body.response,
+      expectedChallenge: challenge,
+      expectedOrigin: config.origin,
+      expectedRPID: config.rpID,
+      requireUserVerification: config.requireUserVerification,
+      allowedAAGUIDs: config.allowedAAGUIDs
+    });
+    await config.onRegister(result.credential);
+    return { status: 200, body: { ok: true, credentialId: result.credential.id } };
+  } catch (error) {
+    return errorResult(error);
+  }
+}
+async function handleVerify(config, body) {
+  try {
+    const challenge = await config.challengeStore.get(body.challengeId);
+    if (!challenge) {
+      return { status: 400, body: { error: "Challenge not found or expired" } };
+    }
+    const proof = body.proof;
+    const credential = await config.getCredential(proof.response?.id);
+    if (!credential) {
+      return { status: 400, body: { error: "Credential not found" } };
+    }
+    const result = await verifyTapProof({
+      proof,
+      credential,
+      expectedChallenge: challenge,
+      expectedAction: body.action,
+      expectedOrigin: config.origin,
+      expectedRPID: config.rpID,
+      requireUserVerification: config.requireUserVerification
+    });
+    credential.counter = result.newCounter;
+    if (config.onVerify) {
+      await config.onVerify(result, body.action);
+    }
+    return {
+      status: 200,
+      body: {
+        verified: result.verified,
+        confirmationValid: result.confirmationValid,
+        userVerified: result.userVerified
+      }
+    };
+  } catch (error) {
+    return errorResult(error);
+  }
+}
+function errorResult(error) {
+  if (error instanceof HumanKeyError) {
+    return { status: 400, body: { error: error.message, code: error.code } };
+  }
+  return { status: 500, body: { error: "Internal server error" } };
+}
+
+export {
+  MemoryChallengeStore,
+  resolveConfig,
+  handleChallenge,
+  handleRegister,
+  handleVerify
+};

package/dist/confirm-6RXLI2SS.cjs

@@ -0,0 +1,9 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
+
+
+var _chunk2KMBF2THcjs = require('./chunk-2KMBF2TH.cjs');
+require('./chunk-JI6NIMGK.cjs');
+
+
+
+exports.createConfirmation = _chunk2KMBF2THcjs.createConfirmation; exports.validateConfirmation = _chunk2KMBF2THcjs.validateConfirmation;

package/dist/confirm-TSVTFC4N.mjs

@@ -0,0 +1,9 @@
+import {
+  createConfirmation,
+  validateConfirmation
+} from "./chunk-G2X46ZRM.mjs";
+import "./chunk-CLQSCDXC.mjs";
+export {
+  createConfirmation,
+  validateConfirmation
+};

package/dist/express.cjs

@@ -1,124 +1,36 @@
-"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; } var _class;
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});
 
 
 
-var _chunkFW3YUVJCcjs = require('./chunk-FW3YUVJC.cjs');
 
 
-var _chunkJI6NIMGKcjs = require('./chunk-JI6NIMGK.cjs');
+var _chunkG2IT2ZP5cjs = require('./chunk-G2IT2ZP5.cjs');
+require('./chunk-FW3YUVJC.cjs');
+require('./chunk-JI6NIMGK.cjs');
 
 // src/express.ts
 var _express = require('express');
-var MemoryChallengeStore = (_class = class {constructor() { _class.prototype.__init.call(this); }
-  __init() {this.store = /* @__PURE__ */ new Map()}
-  async set(id, challenge, ttlMs) {
-    this.store.set(id, { challenge, expiresAt: Date.now() + ttlMs });
-    this.cleanup();
-  }
-  async get(id) {
-    const entry = this.store.get(id);
-    if (!entry) return null;
-    this.store.delete(id);
-    if (Date.now() > entry.expiresAt) return null;
-    return entry.challenge;
-  }
-  cleanup() {
-    const now = Date.now();
-    for (const [id, entry] of this.store) {
-      if (now > entry.expiresAt) this.store.delete(id);
-    }
-  }
-}, _class);
 function createHumanKeyRouter(config) {
-  const {
-    rpID,
-    origin,
-    challengeTTL = 6e4,
-    challengeStore = new MemoryChallengeStore(),
-    getCredential,
-    onRegister,
-    onVerify,
-    requireUserVerification = true,
-    allowedAAGUIDs
-  } = config;
+  const resolved = _chunkG2IT2ZP5cjs.resolveConfig.call(void 0, config);
   const router = _express.Router.call(void 0, );
   router.post("/challenge", async (_req, res) => {
-    try {
-      const challenge = _chunkFW3YUVJCcjs.createChallenge.call(void 0, );
-      const challengeId = crypto.randomUUID();
-      await challengeStore.set(challengeId, challenge, challengeTTL);
-      res.json({ challengeId, challenge });
-    } catch (error) {
-      handleError(res, error);
-    }
+    const result = await _chunkG2IT2ZP5cjs.handleChallenge.call(void 0, resolved);
+    sendResult(res, result);
   });
   router.post("/register", async (req, res) => {
-    try {
-      const { response, challengeId } = req.body;
-      const challenge = await challengeStore.get(challengeId);
-      if (!challenge) {
-        res.status(400).json({ error: "Challenge not found or expired" });
-        return;
-      }
-      const result = await _chunkFW3YUVJCcjs.verifyRegistration.call(void 0, {
-        response,
-        expectedChallenge: challenge,
-        expectedOrigin: origin,
-        expectedRPID: rpID,
-        requireUserVerification,
-        allowedAAGUIDs
-      });
-      await onRegister(result.credential);
-      res.json({ ok: true, credentialId: result.credential.id });
-    } catch (error) {
-      handleError(res, error);
-    }
+    const result = await _chunkG2IT2ZP5cjs.handleRegister.call(void 0, resolved, req.body);
+    sendResult(res, result);
   });
   router.post("/verify", async (req, res) => {
-    try {
-      const { proof, challengeId, action } = req.body;
-      const challenge = await challengeStore.get(challengeId);
-      if (!challenge) {
-        res.status(400).json({ error: "Challenge not found or expired" });
-        return;
-      }
-      const credential = await getCredential(_optionalChain([proof, 'access', _ => _.response, 'optionalAccess', _2 => _2.id]));
-      if (!credential) {
-        res.status(400).json({ error: "Credential not found" });
-        return;
-      }
-      const result = await _chunkFW3YUVJCcjs.verifyTapProof.call(void 0, {
-        proof,
-        credential,
-        expectedChallenge: challenge,
-        expectedAction: action,
-        expectedOrigin: origin,
-        expectedRPID: rpID,
-        requireUserVerification
-      });
-      credential.counter = result.newCounter;
-      if (onVerify) {
-        await onVerify(result, action);
-      }
-      res.json({
-        verified: result.verified,
-        confirmationValid: result.confirmationValid,
-        userVerified: result.userVerified
-      });
-    } catch (error) {
-      handleError(res, error);
-    }
+    const result = await _chunkG2IT2ZP5cjs.handleVerify.call(void 0, resolved, req.body);
+    sendResult(res, result);
   });
   return router;
 }
-function handleError(res, error) {
-  if (error instanceof _chunkJI6NIMGKcjs.HumanKeyError) {
-    res.status(400).json({ error: error.message, code: error.code });
-  } else {
-    res.status(500).json({ error: "Internal server error" });
-  }
+function sendResult(res, result) {
+  res.status(result.status).json(result.body);
 }
 
 
 
-exports.MemoryChallengeStore = MemoryChallengeStore; exports.createHumanKeyRouter = createHumanKeyRouter;
+exports.MemoryChallengeStore = _chunkG2IT2ZP5cjs.MemoryChallengeStore; exports.createHumanKeyRouter = createHumanKeyRouter;

package/dist/express.d.cts

@@ -1,44 +1,11 @@
 import { Router } from 'express';
-import { c as TapCredential, V as VerifyResult, A as ActionPayload } from './types-By44RNIt.cjs';
+import { H as HumanKeyAdapterConfig } from './adapter-core-CoBcSqdG.cjs';
+export { C as ChallengeStore, M as MemoryChallengeStore } from './adapter-core-CoBcSqdG.cjs';
+export { A as ActionPayload, c as TapCredential, V as VerifyResult } from './types-By44RNIt.cjs';
 import '@simplewebauthn/server';
 
-/** Abstraction for challenge storage with TTL and single-use semantics. */
-interface ChallengeStore {
-    /** Store a challenge with a TTL. */
-    set(id: string, challenge: string, ttlMs: number): Promise<void>;
-    /** Retrieve and delete a challenge (single-use). Returns null if expired or not found. */
-    get(id: string): Promise<string | null>;
-}
-/** In-memory challenge store with TTL enforcement. Use a database or Redis in production. */
-declare class MemoryChallengeStore implements ChallengeStore {
-    private store;
-    set(id: string, challenge: string, ttlMs: number): Promise<void>;
-    get(id: string): Promise<string | null>;
-    private cleanup;
-}
 /** Configuration for the humankey Express router. */
-interface HumanKeyExpressConfig {
-    /** Relying party ID, e.g. "example.com" */
-    rpID: string;
-    /** Relying party display name */
-    rpName: string;
-    /** Expected origin(s), e.g. "https://example.com" */
-    origin: string | string[];
-    /** Challenge TTL in ms (default: 60000) */
-    challengeTTL?: number;
-    /** Custom challenge store (default: MemoryChallengeStore) */
-    challengeStore?: ChallengeStore;
-    /** Look up a stored credential by ID */
-    getCredential: (credentialId: string) => Promise<TapCredential | null>;
-    /** Called after successful registration — store the credential */
-    onRegister: (credential: TapCredential) => Promise<void>;
-    /** Called after successful tap verification */
-    onVerify?: (result: VerifyResult, action: ActionPayload) => Promise<void>;
-    /** Require user verification (default: true) */
-    requireUserVerification?: boolean;
-    /** Restrict to specific authenticator models by AAGUID */
-    allowedAAGUIDs?: string[];
-}
+type HumanKeyExpressConfig = HumanKeyAdapterConfig;
 /**
  * Create an Express Router with pre-built humankey routes.
  *
@@ -49,4 +16,4 @@ interface HumanKeyExpressConfig {
  */
 declare function createHumanKeyRouter(config: HumanKeyExpressConfig): Router;
 
-export { ActionPayload, type ChallengeStore, type HumanKeyExpressConfig, MemoryChallengeStore, TapCredential, VerifyResult, createHumanKeyRouter };
+export { type HumanKeyExpressConfig, createHumanKeyRouter };

package/dist/express.d.ts

@@ -1,44 +1,11 @@
 import { Router } from 'express';
-import { c as TapCredential, V as VerifyResult, A as ActionPayload } from './types-By44RNIt.js';
+import { H as HumanKeyAdapterConfig } from './adapter-core-CFN3y3L0.js';
+export { C as ChallengeStore, M as MemoryChallengeStore } from './adapter-core-CFN3y3L0.js';
+export { A as ActionPayload, c as TapCredential, V as VerifyResult } from './types-By44RNIt.js';
 import '@simplewebauthn/server';
 
-/** Abstraction for challenge storage with TTL and single-use semantics. */
-interface ChallengeStore {
-    /** Store a challenge with a TTL. */
-    set(id: string, challenge: string, ttlMs: number): Promise<void>;
-    /** Retrieve and delete a challenge (single-use). Returns null if expired or not found. */
-    get(id: string): Promise<string | null>;
-}
-/** In-memory challenge store with TTL enforcement. Use a database or Redis in production. */
-declare class MemoryChallengeStore implements ChallengeStore {
-    private store;
-    set(id: string, challenge: string, ttlMs: number): Promise<void>;
-    get(id: string): Promise<string | null>;
-    private cleanup;
-}
 /** Configuration for the humankey Express router. */
-interface HumanKeyExpressConfig {
-    /** Relying party ID, e.g. "example.com" */
-    rpID: string;
-    /** Relying party display name */
-    rpName: string;
-    /** Expected origin(s), e.g. "https://example.com" */
-    origin: string | string[];
-    /** Challenge TTL in ms (default: 60000) */
-    challengeTTL?: number;
-    /** Custom challenge store (default: MemoryChallengeStore) */
-    challengeStore?: ChallengeStore;
-    /** Look up a stored credential by ID */
-    getCredential: (credentialId: string) => Promise<TapCredential | null>;
-    /** Called after successful registration — store the credential */
-    onRegister: (credential: TapCredential) => Promise<void>;
-    /** Called after successful tap verification */
-    onVerify?: (result: VerifyResult, action: ActionPayload) => Promise<void>;
-    /** Require user verification (default: true) */
-    requireUserVerification?: boolean;
-    /** Restrict to specific authenticator models by AAGUID */
-    allowedAAGUIDs?: string[];
-}
+type HumanKeyExpressConfig = HumanKeyAdapterConfig;
 /**
  * Create an Express Router with pre-built humankey routes.
  *
@@ -49,4 +16,4 @@ interface HumanKeyExpressConfig {
  */
 declare function createHumanKeyRouter(config: HumanKeyExpressConfig): Router;
 
-export { ActionPayload, type ChallengeStore, type HumanKeyExpressConfig, MemoryChallengeStore, TapCredential, VerifyResult, createHumanKeyRouter };
+export { type HumanKeyExpressConfig, createHumanKeyRouter };

package/dist/express.mjs

@@ -1,122 +1,34 @@
 import {
-  createChallenge,
-  verifyRegistration,
-  verifyTapProof
-} from "./chunk-XXJAJHNP.mjs";
-import {
-  HumanKeyError
-} from "./chunk-CLQSCDXC.mjs";
+  MemoryChallengeStore,
+  handleChallenge,
+  handleRegister,
+  handleVerify,
+  resolveConfig
+} from "./chunk-Y6KQC7WK.mjs";
+import "./chunk-XXJAJHNP.mjs";
+import "./chunk-CLQSCDXC.mjs";
 
 // src/express.ts
 import { Router } from "express";
-var MemoryChallengeStore = class {
-  store = /* @__PURE__ */ new Map();
-  async set(id, challenge, ttlMs) {
-    this.store.set(id, { challenge, expiresAt: Date.now() + ttlMs });
-    this.cleanup();
-  }
-  async get(id) {
-    const entry = this.store.get(id);
-    if (!entry) return null;
-    this.store.delete(id);
-    if (Date.now() > entry.expiresAt) return null;
-    return entry.challenge;
-  }
-  cleanup() {
-    const now = Date.now();
-    for (const [id, entry] of this.store) {
-      if (now > entry.expiresAt) this.store.delete(id);
-    }
-  }
-};
 function createHumanKeyRouter(config) {
-  const {
-    rpID,
-    origin,
-    challengeTTL = 6e4,
-    challengeStore = new MemoryChallengeStore(),
-    getCredential,
-    onRegister,
-    onVerify,
-    requireUserVerification = true,
-    allowedAAGUIDs
-  } = config;
+  const resolved = resolveConfig(config);
   const router = Router();
   router.post("/challenge", async (_req, res) => {
-    try {
-      const challenge = createChallenge();
-      const challengeId = crypto.randomUUID();
-      await challengeStore.set(challengeId, challenge, challengeTTL);
-      res.json({ challengeId, challenge });
-    } catch (error) {
-      handleError(res, error);
-    }
+    const result = await handleChallenge(resolved);
+    sendResult(res, result);
   });
   router.post("/register", async (req, res) => {
-    try {
-      const { response, challengeId } = req.body;
-      const challenge = await challengeStore.get(challengeId);
-      if (!challenge) {
-        res.status(400).json({ error: "Challenge not found or expired" });
-        return;
-      }
-      const result = await verifyRegistration({
-        response,
-        expectedChallenge: challenge,
-        expectedOrigin: origin,
-        expectedRPID: rpID,
-        requireUserVerification,
-        allowedAAGUIDs
-      });
-      await onRegister(result.credential);
-      res.json({ ok: true, credentialId: result.credential.id });
-    } catch (error) {
-      handleError(res, error);
-    }
+    const result = await handleRegister(resolved, req.body);
+    sendResult(res, result);
   });
   router.post("/verify", async (req, res) => {
-    try {
-      const { proof, challengeId, action } = req.body;
-      const challenge = await challengeStore.get(challengeId);
-      if (!challenge) {
-        res.status(400).json({ error: "Challenge not found or expired" });
-        return;
-      }
-      const credential = await getCredential(proof.response?.id);
-      if (!credential) {
-        res.status(400).json({ error: "Credential not found" });
-        return;
-      }
-      const result = await verifyTapProof({
-        proof,
-        credential,
-        expectedChallenge: challenge,
-        expectedAction: action,
-        expectedOrigin: origin,
-        expectedRPID: rpID,
-        requireUserVerification
-      });
-      credential.counter = result.newCounter;
-      if (onVerify) {
-        await onVerify(result, action);
-      }
-      res.json({
-        verified: result.verified,
-        confirmationValid: result.confirmationValid,
-        userVerified: result.userVerified
-      });
-    } catch (error) {
-      handleError(res, error);
-    }
+    const result = await handleVerify(resolved, req.body);
+    sendResult(res, result);
   });
   return router;
 }
-function handleError(res, error) {
-  if (error instanceof HumanKeyError) {
-    res.status(400).json({ error: error.message, code: error.code });
-  } else {
-    res.status(500).json({ error: "Internal server error" });
-  }
+function sendResult(res, result) {
+  res.status(result.status).json(result.body);
 }
 export {
   MemoryChallengeStore,