@0xkey-io/gas-station 0.1.0

package/dist/policyUtils.d.ts

@@ -0,0 +1,271 @@
+import type { ZeroXKeyApiClient } from "@0xkey-io/sdk-server";
+import type { Hex } from "viem";
+/**
+ * Build a ZeroXKey policy to restrict what EIP-712 intents an EOA can sign
+ * This protects at the signing layer - EOA cannot create signatures outside policy
+ *
+ * @param config - Policy configuration
+ * @param config.organizationId - ZeroXKey organization ID
+ * @param config.eoaUserId - ZeroXKey user ID for the EOA (primary approver)
+ * @param config.additionalApprovers - Optional additional user IDs that must also approve (creates AND condition)
+ * @param config.customConsensus - Optional custom consensus expression (overrides eoaUserId and additionalApprovers)
+ * @param config.restrictions - Signing restrictions
+ * @param config.restrictions.allowedContracts - Whitelist of contract addresses EOA can sign intents for
+ * @param config.restrictions.disallowEthTransfer - Whether to disallow ETH transfers (if true, value must be 0)
+ * @param config.policyName - Optional policy name
+ * @returns Policy object ready to submit to ZeroXKey createPolicy API
+ *
+ * @example
+ * // Simple: single user approval, token-only transfers
+ * const policy = buildIntentSigningPolicy({
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
+ *   restrictions: {
+ *     allowedContracts: ["0x833...USDC", "0x6B1...DAI"],
+ *     disallowEthTransfer: true,
+ *   },
+ *   policyName: "Stablecoin Only",
+ * });
+ *
+ * // Resulting policy:
+ * {
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   policyName: "Stablecoin Only",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.eip_712.primary_type == 'Execution' && " +
+ *              "(eth.eip_712.message['to'] == '0x833...usdc' || " +
+ *              "eth.eip_712.message['to'] == '0x6b1...dai') && " +
+ *              "eth.eip_712.message['value'] == '0'",
+ *   notes: "Restricts which EIP-712 intents the EOA can sign for gas station execution"
+ * }
+ *
+ * @example
+ * // Multi-approval: EOA AND backup user must both approve
+ * const policy = buildIntentSigningPolicy({
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
+ *   additionalApprovers: ["9d4e2f5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b"],
+ *   restrictions: {
+ *     allowedContracts: ["0x833...USDC"],
+ *     disallowEthTransfer: true,
+ *   },
+ * });
+ *
+ * // Resulting policy:
+ * {
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   policyName: "Gas Station Intent Signing Policy",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a') && " +
+ *              "approvers.any(user, user.id == '9d4e2f5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.eip_712.primary_type == 'Execution' && " +
+ *              "(eth.eip_712.message['to'] == '0x833...usdc') && " +
+ *              "eth.eip_712.message['value'] == '0'",
+ *   notes: "Restricts which EIP-712 intents the EOA can sign for gas station execution"
+ * }
+ *
+ * @example
+ * // Advanced: custom consensus expression
+ * const policy = buildIntentSigningPolicy({
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
+ *   customConsensus: "approvers.count() >= 2",
+ *   restrictions: {
+ *     disallowEthTransfer: false,
+ *   },
+ * });
+ *
+ * await 0xkeyClient.apiClient().createPolicy(policy);
+ */
+export declare function buildIntentSigningPolicy(config: {
+    organizationId: string;
+    eoaUserId: string;
+    additionalApprovers?: string[];
+    customConsensus?: string;
+    restrictions?: {
+        allowedContracts?: Hex[];
+        disallowEthTransfer?: boolean;
+    };
+    policyName?: string;
+}): {
+    organizationId: string;
+    policyName: string;
+    effect: "EFFECT_ALLOW";
+    consensus: string;
+    condition: string;
+    notes: string;
+};
+/**
+ * Build a ZeroXKey policy to restrict what the paymaster can execute on-chain.
+ * This protects at the execution layer - paymaster cannot submit transactions outside policy.
+ *
+ * This function uses ZeroXKey's Smart Contract Interface feature to parse the
+ * execute(address _targetEoA, address _to, uint256 ethAmount, bytes _data) ABI.
+ * Before using this function, ensure the Gas Station ABI is uploaded via
+ * ensureGasStationInterface() - this is typically handled automatically.
+ *
+ * @param config - Policy configuration
+ * @param config.organizationId - ZeroXKey organization ID
+ * @param config.paymasterUserId - ZeroXKey user ID for the paymaster (primary approver)
+ * @param config.additionalApprovers - Optional additional user IDs that can approve (creates OR condition)
+ * @param config.customConsensus - Optional custom consensus expression (overrides paymasterUserId and additionalApprovers)
+ * @param config.executionContractAddress - Gas station execution contract address
+ * @param config.restrictions - Execution restrictions
+ * @param config.restrictions.allowedEOAs - Whitelist of EOA addresses paymaster can execute for
+ * @param config.restrictions.allowedContracts - Whitelist of output contract addresses (target contracts)
+ * @param config.restrictions.maxEthAmount - Maximum ETH amount in wei that can be transferred
+ * @param config.restrictions.maxGasPrice - Maximum gas price in wei
+ * @param config.restrictions.maxGasLimit - Maximum gas limit
+ * @param config.policyName - Optional policy name
+ * @returns Policy object ready to submit to ZeroXKey createPolicy API
+ *
+ * @example
+ * // Simple: single paymaster approval with ETH amount limit
+ * const policy = buildPaymasterExecutionPolicy({
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
+ *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   restrictions: {
+ *     allowedEOAs: ["0xAli...ce", "0xBob...by"],
+ *     allowedContracts: ["0x833...USDC", "0x6B1...DAI"],
+ *     maxEthAmount: parseEther("0.1"), // Max 0.1 ETH per transaction
+ *     maxGasPrice: parseGwei("50"),
+ *     maxGasLimit: 500000n,
+ *   },
+ *   policyName: "Paymaster Protection",
+ * });
+ *
+ * // Resulting policy (uses ABI parsing):
+ * {
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   policyName: "Paymaster Protection",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.tx.to == '0x00000000008c57a1ce37836a5e9d36759d070d8c' && " +
+ *              "(eth.tx.contract_call_args['_to'] == '0x833...usdc' || " +
+ *              "eth.tx.contract_call_args['_to'] == '0x6b1...dai') && " +
+ *              "(eth.tx.contract_call_args['_target'] == '0xali...ce' || " +
+ *              "eth.tx.contract_call_args['_target'] == '0xbob...by') && " +
+ *              "eth.tx.contract_call_args['_ethAmount'] <= 100000000000000000 && " +
+ *              "eth.tx.gasPrice <= 50000000000 && eth.tx.gas <= 500000",
+ *   notes: "Restricts which execute() transactions the paymaster can submit on-chain"
+ * }
+ *
+ * @example
+ * // Multi-user: primary paymaster OR backup can approve
+ * const policy = buildPaymasterExecutionPolicy({
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
+ *   additionalApprovers: ["2e4f6a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0b"],
+ *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   restrictions: {
+ *     allowedEOAs: ["0xAli...ce"],
+ *     maxEthAmount: parseEther("1"), // Max 1 ETH
+ *     maxGasPrice: parseGwei("100"),
+ *   },
+ * });
+ *
+ * // Resulting policy (uses ABI parsing):
+ * {
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   policyName: "Gas Station Paymaster Execution Policy",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c' || " +
+ *              "user.id == '2e4f6a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0b')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.tx.to == '0x00000000008c57a1ce37836a5e9d36759d070d8c' && " +
+ *              "(eth.tx.contract_call_args['_target'] == '0xali...ce') && " +
+ *              "eth.tx.contract_call_args['_ethAmount'] <= 1000000000000000000 && " +
+ *              "eth.tx.gasPrice <= 100000000000",
+ *   notes: "Restricts which execute() transactions the paymaster can submit on-chain"
+ * }
+ *
+ * @example
+ * // Advanced: require multiple approvals
+ * const policy = buildPaymasterExecutionPolicy({
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
+ *   customConsensus: "approvers.count() >= 2",
+ *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   restrictions: { ... },
+ * });
+ *
+ * await 0xkeyClient.apiClient().createPolicy(policy);
+ */
+export declare function buildPaymasterExecutionPolicy(config: {
+    organizationId: string;
+    paymasterUserId: string;
+    additionalApprovers?: string[];
+    customConsensus?: string;
+    executionContractAddress: Hex;
+    restrictions?: {
+        allowedEOAs?: Hex[];
+        allowedContracts?: Hex[];
+        maxEthAmount?: bigint;
+        maxGasPrice?: bigint;
+        maxGasLimit?: bigint;
+    };
+    policyName?: string;
+}): {
+    organizationId: string;
+    policyName: string;
+    effect: "EFFECT_ALLOW";
+    consensus: string;
+    condition: string;
+    notes: string;
+};
+/**
+ * Retrieves an existing smart contract interface for the given contract address.
+ * Returns the interface ID if found, undefined otherwise.
+ */
+export declare function getSmartContractInterface({ client, organizationId, contractAddress, }: {
+    client: ZeroXKeyApiClient;
+    organizationId: string;
+    contractAddress: Hex;
+}): Promise<string | undefined>;
+/**
+ * Uploads the Gas Station ABI to ZeroXKey as a Smart Contract Interface.
+ * Returns the newly created interface ID.
+ */
+export declare function uploadGasStationInterface({ client, organizationId, contractAddress, label, chainName, }: {
+    client: ZeroXKeyApiClient;
+    organizationId: string;
+    contractAddress: Hex;
+    label?: string;
+    chainName?: string;
+}): Promise<string>;
+/**
+ * Ensures that a Gas Station ABI is registered with ZeroXKey for the given contract.
+ * Checks if an interface already exists; if not, uploads it automatically.
+ * Returns the interface ID (existing or newly created).
+ *
+ * This function is called automatically by policy builders to enable ABI-based
+ * policy conditions that can directly access and compare function arguments.
+ *
+ * @param client - ZeroXKey API client (from 0xkeySDK.apiClient())
+ * @param organizationId - ZeroXKey organization ID
+ * @param contractAddress - Gas station contract address
+ * @param label - Optional custom label for the interface
+ * @param chainName - Optional chain name for labeling (e.g., "Base Mainnet")
+ * @returns The smart contract interface ID
+ *
+ * @example
+ * const interfaceId = await ensureGasStationInterface({
+ *   client: 0xkeyClient.apiClient(),
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   contractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   chainName: "Base Sepolia"
+ * });
+ */
+export declare function ensureGasStationInterface({ client, organizationId, contractAddress, label, chainName, }: {
+    client: ZeroXKeyApiClient;
+    organizationId: string;
+    contractAddress: Hex;
+    label?: string;
+    chainName?: string;
+}): Promise<string>;
+//# sourceMappingURL=policyUtils.d.ts.map

package/dist/policyUtils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyUtils.d.ts","sourceRoot":"","sources":["../src/policyUtils.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAE9D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAEhC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+EG;AACH,wBAAgB,wBAAwB,CAAC,MAAM,EAAE;IAC/C,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE;QACb,gBAAgB,CAAC,EAAE,GAAG,EAAE,CAAC;QACzB,mBAAmB,CAAC,EAAE,OAAO,CAAC;KAC/B,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;;;;;;;EAsDA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiGG;AACH,wBAAgB,6BAA6B,CAAC,MAAM,EAAE;IACpD,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,wBAAwB,EAAE,GAAG,CAAC;IAC9B,YAAY,CAAC,EAAE;QACb,WAAW,CAAC,EAAE,GAAG,EAAE,CAAC;QACpB,gBAAgB,CAAC,EAAE,GAAG,EAAE,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;;;;;;;EAmFA;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,CAAC,EAC9C,MAAM,EACN,cAAc,EACd,eAAe,GAChB,EAAE;IACD,MAAM,EAAE,iBAAiB,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,GAAG,CAAC;CACtB,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAoB9B;AAED;;;GAGG;AACH,wBAAsB,yBAAyB,CAAC,EAC9C,MAAM,EACN,cAAc,EACd,eAAe,EACf,KAAK,EACL,SAAS,GACV,EAAE;IACD,MAAM,EAAE,iBAAiB,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,GAAG,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,MAAM,CAAC,CAyBlB;AAED;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,wBAAsB,yBAAyB,CAAC,EAC9C,MAAM,EACN,cAAc,EACd,eAAe,EACf,KAAK,EACL,SAAS,GACV,EAAE;IACD,MAAM,EAAE,iBAAiB,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,EAAE,GAAG,CAAC;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,MAAM,CAAC,CAoBlB"}

package/dist/policyUtils.js

@@ -0,0 +1,386 @@
+'use strict';
+
+var gasStation = require('./abi/gas-station.js');
+
+// Policy utilities for ZeroXKey gas station restrictions
+/**
+ * Build a ZeroXKey policy to restrict what EIP-712 intents an EOA can sign
+ * This protects at the signing layer - EOA cannot create signatures outside policy
+ *
+ * @param config - Policy configuration
+ * @param config.organizationId - ZeroXKey organization ID
+ * @param config.eoaUserId - ZeroXKey user ID for the EOA (primary approver)
+ * @param config.additionalApprovers - Optional additional user IDs that must also approve (creates AND condition)
+ * @param config.customConsensus - Optional custom consensus expression (overrides eoaUserId and additionalApprovers)
+ * @param config.restrictions - Signing restrictions
+ * @param config.restrictions.allowedContracts - Whitelist of contract addresses EOA can sign intents for
+ * @param config.restrictions.disallowEthTransfer - Whether to disallow ETH transfers (if true, value must be 0)
+ * @param config.policyName - Optional policy name
+ * @returns Policy object ready to submit to ZeroXKey createPolicy API
+ *
+ * @example
+ * // Simple: single user approval, token-only transfers
+ * const policy = buildIntentSigningPolicy({
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
+ *   restrictions: {
+ *     allowedContracts: ["0x833...USDC", "0x6B1...DAI"],
+ *     disallowEthTransfer: true,
+ *   },
+ *   policyName: "Stablecoin Only",
+ * });
+ *
+ * // Resulting policy:
+ * {
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   policyName: "Stablecoin Only",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.eip_712.primary_type == 'Execution' && " +
+ *              "(eth.eip_712.message['to'] == '0x833...usdc' || " +
+ *              "eth.eip_712.message['to'] == '0x6b1...dai') && " +
+ *              "eth.eip_712.message['value'] == '0'",
+ *   notes: "Restricts which EIP-712 intents the EOA can sign for gas station execution"
+ * }
+ *
+ * @example
+ * // Multi-approval: EOA AND backup user must both approve
+ * const policy = buildIntentSigningPolicy({
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
+ *   additionalApprovers: ["9d4e2f5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b"],
+ *   restrictions: {
+ *     allowedContracts: ["0x833...USDC"],
+ *     disallowEthTransfer: true,
+ *   },
+ * });
+ *
+ * // Resulting policy:
+ * {
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   policyName: "Gas Station Intent Signing Policy",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a') && " +
+ *              "approvers.any(user, user.id == '9d4e2f5b-6c7d-8e9f-0a1b-2c3d4e5f6a7b')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.eip_712.primary_type == 'Execution' && " +
+ *              "(eth.eip_712.message['to'] == '0x833...usdc') && " +
+ *              "eth.eip_712.message['value'] == '0'",
+ *   notes: "Restricts which EIP-712 intents the EOA can sign for gas station execution"
+ * }
+ *
+ * @example
+ * // Advanced: custom consensus expression
+ * const policy = buildIntentSigningPolicy({
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   eoaUserId: "3c7d6e8a-4b5c-6d7e-8f9a-0b1c2d3e4f5a",
+ *   customConsensus: "approvers.count() >= 2",
+ *   restrictions: {
+ *     disallowEthTransfer: false,
+ *   },
+ * });
+ *
+ * await 0xkeyClient.apiClient().createPolicy(policy);
+ */
+function buildIntentSigningPolicy(config) {
+    const conditions = [
+        "activity.resource == 'PRIVATE_KEY'",
+        "activity.action == 'SIGN'",
+        "eth.eip_712.primary_type == 'Execution'",
+    ];
+    if (config.restrictions?.allowedContracts &&
+        config.restrictions.allowedContracts.length > 0) {
+        // Build OR conditions for each allowed contract
+        // Convert to lowercase for case-insensitive comparison
+        const contractConditions = config.restrictions.allowedContracts
+            .map((c) => `eth.eip_712.message['to'] == '${c.toLowerCase()}'`)
+            .join(" || ");
+        conditions.push(`(${contractConditions})`);
+    }
+    if (!!config.restrictions?.disallowEthTransfer) {
+        conditions.push(`eth.eip_712.message['value'] == '0'`);
+    }
+    // Build consensus expression
+    let consensus;
+    if (config.customConsensus) {
+        // Use custom consensus if provided
+        consensus = config.customConsensus;
+    }
+    else if (config.additionalApprovers &&
+        config.additionalApprovers.length > 0) {
+        // Build multi-user AND condition: eoaUserId AND all additionalApprovers must approve
+        const approverConditions = [
+            `approvers.any(user, user.id == '${config.eoaUserId}')`,
+            ...config.additionalApprovers.map((id) => `approvers.any(user, user.id == '${id}')`),
+        ];
+        consensus = approverConditions.join(" && ");
+    }
+    else {
+        // Default: only eoaUserId can approve
+        consensus = `approvers.any(user, user.id == '${config.eoaUserId}')`;
+    }
+    return {
+        organizationId: config.organizationId,
+        policyName: config.policyName || "Gas Station Intent Signing Policy",
+        effect: "EFFECT_ALLOW",
+        consensus,
+        condition: conditions.join(" && "),
+        notes: "Restricts which EIP-712 intents the EOA can sign for gas station execution",
+    };
+}
+/**
+ * Build a ZeroXKey policy to restrict what the paymaster can execute on-chain.
+ * This protects at the execution layer - paymaster cannot submit transactions outside policy.
+ *
+ * This function uses ZeroXKey's Smart Contract Interface feature to parse the
+ * execute(address _targetEoA, address _to, uint256 ethAmount, bytes _data) ABI.
+ * Before using this function, ensure the Gas Station ABI is uploaded via
+ * ensureGasStationInterface() - this is typically handled automatically.
+ *
+ * @param config - Policy configuration
+ * @param config.organizationId - ZeroXKey organization ID
+ * @param config.paymasterUserId - ZeroXKey user ID for the paymaster (primary approver)
+ * @param config.additionalApprovers - Optional additional user IDs that can approve (creates OR condition)
+ * @param config.customConsensus - Optional custom consensus expression (overrides paymasterUserId and additionalApprovers)
+ * @param config.executionContractAddress - Gas station execution contract address
+ * @param config.restrictions - Execution restrictions
+ * @param config.restrictions.allowedEOAs - Whitelist of EOA addresses paymaster can execute for
+ * @param config.restrictions.allowedContracts - Whitelist of output contract addresses (target contracts)
+ * @param config.restrictions.maxEthAmount - Maximum ETH amount in wei that can be transferred
+ * @param config.restrictions.maxGasPrice - Maximum gas price in wei
+ * @param config.restrictions.maxGasLimit - Maximum gas limit
+ * @param config.policyName - Optional policy name
+ * @returns Policy object ready to submit to ZeroXKey createPolicy API
+ *
+ * @example
+ * // Simple: single paymaster approval with ETH amount limit
+ * const policy = buildPaymasterExecutionPolicy({
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
+ *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   restrictions: {
+ *     allowedEOAs: ["0xAli...ce", "0xBob...by"],
+ *     allowedContracts: ["0x833...USDC", "0x6B1...DAI"],
+ *     maxEthAmount: parseEther("0.1"), // Max 0.1 ETH per transaction
+ *     maxGasPrice: parseGwei("50"),
+ *     maxGasLimit: 500000n,
+ *   },
+ *   policyName: "Paymaster Protection",
+ * });
+ *
+ * // Resulting policy (uses ABI parsing):
+ * {
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   policyName: "Paymaster Protection",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.tx.to == '0x00000000008c57a1ce37836a5e9d36759d070d8c' && " +
+ *              "(eth.tx.contract_call_args['_to'] == '0x833...usdc' || " +
+ *              "eth.tx.contract_call_args['_to'] == '0x6b1...dai') && " +
+ *              "(eth.tx.contract_call_args['_target'] == '0xali...ce' || " +
+ *              "eth.tx.contract_call_args['_target'] == '0xbob...by') && " +
+ *              "eth.tx.contract_call_args['_ethAmount'] <= 100000000000000000 && " +
+ *              "eth.tx.gasPrice <= 50000000000 && eth.tx.gas <= 500000",
+ *   notes: "Restricts which execute() transactions the paymaster can submit on-chain"
+ * }
+ *
+ * @example
+ * // Multi-user: primary paymaster OR backup can approve
+ * const policy = buildPaymasterExecutionPolicy({
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
+ *   additionalApprovers: ["2e4f6a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0b"],
+ *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   restrictions: {
+ *     allowedEOAs: ["0xAli...ce"],
+ *     maxEthAmount: parseEther("1"), // Max 1 ETH
+ *     maxGasPrice: parseGwei("100"),
+ *   },
+ * });
+ *
+ * // Resulting policy (uses ABI parsing):
+ * {
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   policyName: "Gas Station Paymaster Execution Policy",
+ *   effect: "EFFECT_ALLOW",
+ *   consensus: "approvers.any(user, user.id == '8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c' || " +
+ *              "user.id == '2e4f6a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0b')",
+ *   condition: "activity.resource == 'PRIVATE_KEY' && activity.action == 'SIGN' && " +
+ *              "eth.tx.to == '0x00000000008c57a1ce37836a5e9d36759d070d8c' && " +
+ *              "(eth.tx.contract_call_args['_target'] == '0xali...ce') && " +
+ *              "eth.tx.contract_call_args['_ethAmount'] <= 1000000000000000000 && " +
+ *              "eth.tx.gasPrice <= 100000000000",
+ *   notes: "Restricts which execute() transactions the paymaster can submit on-chain"
+ * }
+ *
+ * @example
+ * // Advanced: require multiple approvals
+ * const policy = buildPaymasterExecutionPolicy({
+ *   organizationId: "f8c3a5e7-9876-5432-1abc-def098765432",
+ *   paymasterUserId: "8f2a1b4c-5d6e-7f8a-9b0c-1d2e3f4a5b6c",
+ *   customConsensus: "approvers.count() >= 2",
+ *   executionContractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   restrictions: { ... },
+ * });
+ *
+ * await 0xkeyClient.apiClient().createPolicy(policy);
+ */
+function buildPaymasterExecutionPolicy(config) {
+    const conditions = [
+        "activity.resource == 'PRIVATE_KEY'",
+        "activity.action == 'SIGN'",
+        `eth.tx.to == '${config.executionContractAddress.toLowerCase()}'`,
+    ];
+    // Check output contract address using ABI parsing
+    // ZeroXKey parses execute(address _target, address _to, uint256 _ethAmount, bytes _data)
+    // and exposes arguments via eth.tx.contract_call_args
+    if (config.restrictions?.allowedContracts &&
+        config.restrictions.allowedContracts.length > 0) {
+        const contracts = config.restrictions.allowedContracts
+            .map((addr) => {
+            const cleanAddr = addr.toLowerCase();
+            return `eth.tx.contract_call_args['_to'] == '${cleanAddr}'`;
+        })
+            .join(" || ");
+        conditions.push(`(${contracts})`);
+    }
+    // Check EOA address using ABI parsing
+    if (config.restrictions?.allowedEOAs &&
+        config.restrictions.allowedEOAs.length > 0) {
+        const eoas = config.restrictions.allowedEOAs
+            .map((addr) => {
+            const cleanAddr = addr.toLowerCase();
+            return `eth.tx.contract_call_args['_target'] == '${cleanAddr}'`;
+        })
+            .join(" || ");
+        conditions.push(`(${eoas})`);
+    }
+    // Check ETH amount using ABI parsing (direct uint256 comparison)
+    if (config.restrictions?.maxEthAmount !== undefined) {
+        conditions.push(`eth.tx.contract_call_args['_ethAmount'] <= ${config.restrictions.maxEthAmount}`);
+    }
+    if (config.restrictions?.maxGasPrice !== undefined) {
+        conditions.push(`eth.tx.gasPrice <= ${config.restrictions.maxGasPrice}`);
+    }
+    if (config.restrictions?.maxGasLimit !== undefined) {
+        conditions.push(`eth.tx.gas <= ${config.restrictions.maxGasLimit}`);
+    }
+    // Build consensus expression
+    let consensus;
+    if (config.customConsensus) {
+        // Use custom consensus if provided
+        consensus = config.customConsensus;
+    }
+    else if (config.additionalApprovers &&
+        config.additionalApprovers.length > 0) {
+        // Build multi-user AND condition: paymasterUserId AND all additionalApprovers must approve
+        const approverConditions = [
+            `approvers.any(user, user.id == '${config.paymasterUserId}')`,
+            ...config.additionalApprovers.map((id) => `approvers.any(user, user.id == '${id}')`),
+        ];
+        consensus = approverConditions.join(" && ");
+    }
+    else {
+        // Default: only paymasterUserId can approve
+        consensus = `approvers.any(user, user.id == '${config.paymasterUserId}')`;
+    }
+    return {
+        organizationId: config.organizationId,
+        policyName: config.policyName || "Gas Station Paymaster Execution Policy",
+        effect: "EFFECT_ALLOW",
+        consensus,
+        condition: conditions.join(" && "),
+        notes: "Restricts which execute() transactions the paymaster can submit on-chain",
+    };
+}
+/**
+ * Retrieves an existing smart contract interface for the given contract address.
+ * Returns the interface ID if found, undefined otherwise.
+ */
+async function getSmartContractInterface({ client, organizationId, contractAddress, }) {
+    // Query ZeroXKey for existing interfaces
+    const response = await client.getSmartContractInterfaces({
+        organizationId,
+    });
+    // Find interface matching the contract address (case-insensitive)
+    const normalizedAddress = contractAddress.toLowerCase();
+    const existingInterface = response.smartContractInterfaces.find((iface) => iface.smartContractAddress.toLowerCase() === normalizedAddress);
+    if (existingInterface) {
+        return existingInterface.smartContractInterfaceId;
+    }
+    return undefined;
+}
+/**
+ * Uploads the Gas Station ABI to ZeroXKey as a Smart Contract Interface.
+ * Returns the newly created interface ID.
+ */
+async function uploadGasStationInterface({ client, organizationId, contractAddress, label, chainName, }) {
+    const defaultLabel = chainName
+        ? `Gas Station - ${chainName}`
+        : `Gas Station - ${contractAddress}`;
+    const result = await client.createSmartContractInterface({
+        organizationId,
+        type: "SMART_CONTRACT_INTERFACE_TYPE_ETHEREUM",
+        label: label || defaultLabel,
+        notes: `EIP-7702 Gas Station execution contract ABI. Automatically uploaded by @0xkey-io/gas-station SDK.`,
+        smartContractAddress: contractAddress,
+        smartContractInterface: JSON.stringify(gasStation.gasStationAbi),
+    });
+    const interfaceId = result.activity.result.createSmartContractInterfaceResult
+        ?.smartContractInterfaceId;
+    if (!interfaceId) {
+        throw new Error("Failed to create smart contract interface: no interface ID returned");
+    }
+    return interfaceId;
+}
+/**
+ * Ensures that a Gas Station ABI is registered with ZeroXKey for the given contract.
+ * Checks if an interface already exists; if not, uploads it automatically.
+ * Returns the interface ID (existing or newly created).
+ *
+ * This function is called automatically by policy builders to enable ABI-based
+ * policy conditions that can directly access and compare function arguments.
+ *
+ * @param client - ZeroXKey API client (from 0xkeySDK.apiClient())
+ * @param organizationId - ZeroXKey organization ID
+ * @param contractAddress - Gas station contract address
+ * @param label - Optional custom label for the interface
+ * @param chainName - Optional chain name for labeling (e.g., "Base Mainnet")
+ * @returns The smart contract interface ID
+ *
+ * @example
+ * const interfaceId = await ensureGasStationInterface({
+ *   client: 0xkeyClient.apiClient(),
+ *   organizationId: "a5b89e4f-1234-5678-9abc-def012345678",
+ *   contractAddress: "0x00000000008c57a1CE37836a5e9d36759D070d8c",
+ *   chainName: "Base Sepolia"
+ * });
+ */
+async function ensureGasStationInterface({ client, organizationId, contractAddress, label, chainName, }) {
+    // Check if interface already exists
+    const existingId = await getSmartContractInterface({
+        client,
+        organizationId,
+        contractAddress,
+    });
+    if (existingId) {
+        return existingId;
+    }
+    // Upload new interface
+    return uploadGasStationInterface({
+        client,
+        organizationId,
+        contractAddress,
+        label: label || "",
+        chainName: chainName || "",
+    });
+}
+
+exports.buildIntentSigningPolicy = buildIntentSigningPolicy;
+exports.buildPaymasterExecutionPolicy = buildPaymasterExecutionPolicy;
+exports.ensureGasStationInterface = ensureGasStationInterface;
+exports.getSmartContractInterface = getSmartContractInterface;
+exports.uploadGasStationInterface = uploadGasStationInterface;
+//# sourceMappingURL=policyUtils.js.map

package/dist/policyUtils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"policyUtils.js","sources":["../src/policyUtils.ts"],"sourcesContent":[null],"names":["gasStationAbi"],"mappings":";;;;AAAA;AAMA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+EG;AACG,SAAU,wBAAwB,CAAC,MAUxC,EAAA;AACC,IAAA,MAAM,UAAU,GAAa;QAC3B,oCAAoC;QACpC,2BAA2B;QAC3B,yCAAyC;KAC1C;AAED,IAAA,IACE,MAAM,CAAC,YAAY,EAAE,gBAAgB;QACrC,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAC/C;;;AAGA,QAAA,MAAM,kBAAkB,GAAG,MAAM,CAAC,YAAY,CAAC;AAC5C,aAAA,GAAG,CAAC,CAAC,CAAC,KAAK,CAAA,8BAAA,EAAiC,CAAC,CAAC,WAAW,EAAE,CAAA,CAAA,CAAG;aAC9D,IAAI,CAAC,MAAM,CAAC;AACf,QAAA,UAAU,CAAC,IAAI,CAAC,IAAI,kBAAkB,CAAA,CAAA,CAAG,CAAC;IAC5C;IAEA,IAAI,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,mBAAmB,EAAE;AAC9C,QAAA,UAAU,CAAC,IAAI,CAAC,CAAA,mCAAA,CAAqC,CAAC;IACxD;;AAGA,IAAA,IAAI,SAAiB;AACrB,IAAA,IAAI,MAAM,CAAC,eAAe,EAAE;;AAE1B,QAAA,SAAS,GAAG,MAAM,CAAC,eAAe;IACpC;SAAO,IACL,MAAM,CAAC,mBAAmB;AAC1B,QAAA,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EACrC;;AAEA,QAAA,MAAM,kBAAkB,GAAG;YACzB,CAAA,gCAAA,EAAmC,MAAM,CAAC,SAAS,CAAA,EAAA,CAAI;AACvD,YAAA,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAC/B,CAAC,EAAE,KAAK,CAAA,gCAAA,EAAmC,EAAE,IAAI,CAClD;SACF;AACD,QAAA,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC;IAC7C;SAAO;;AAEL,QAAA,SAAS,GAAG,CAAA,gCAAA,EAAmC,MAAM,CAAC,SAAS,IAAI;IACrE;IAEA,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc;AACrC,QAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,mCAAmC;AACpE,QAAA,MAAM,EAAE,cAAuB;QAC/B,SAAS;AACT,QAAA,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;AAClC,QAAA,KAAK,EACH,4EAA4E;KAC/E;AACH;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiGG;AACG,SAAU,6BAA6B,CAAC,MAc7C,EAAA;AACC,IAAA,MAAM,UAAU,GAAa;QAC3B,oCAAoC;QACpC,2BAA2B;AAC3B,QAAA,CAAA,cAAA,EAAiB,MAAM,CAAC,wBAAwB,CAAC,WAAW,EAAE,CAAA,CAAA,CAAG;KAClE;;;;AAKD,IAAA,IACE,MAAM,CAAC,YAAY,EAAE,gBAAgB;QACrC,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAC/C;AACA,QAAA,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC;AACnC,aAAA,GAAG,CAAC,CAAC,IAAI,KAAI;AACZ,YAAA,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE;YACpC,OAAO,CAAA,qCAAA,EAAwC,SAAS,CAAA,CAAA,CAAG;AAC7D,QAAA,CAAC;aACA,IAAI,CAAC,MAAM,CAAC;AACf,QAAA,UAAU,CAAC,IAAI,CAAC,IAAI,SAAS,CAAA,CAAA,CAAG,CAAC;IACnC;;AAGA,IAAA,IACE,MAAM,CAAC,YAAY,EAAE,WAAW;QAChC,MAAM,CAAC,YAAY,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,EAC1C;AACA,QAAA,MAAM,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC;AAC9B,aAAA,GAAG,CAAC,CAAC,IAAI,KAAI;AACZ,YAAA,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE;YACpC,OAAO,CAAA,yCAAA,EAA4C,SAAS,CAAA,CAAA,CAAG;AACjE,QAAA,CAAC;aACA,IAAI,CAAC,MAAM,CAAC;AACf,QAAA,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAA,CAAA,CAAG,CAAC;IAC9B;;IAGA,IAAI,MAAM,CAAC,YAAY,EAAE,YAAY,KAAK,SAAS,EAAE;QACnD,UAAU,CAAC,IAAI,CACb,CAAA,2CAAA,EAA8C,MAAM,CAAC,YAAY,CAAC,YAAY,CAAA,CAAE,CACjF;IACH;IAEA,IAAI,MAAM,CAAC,YAAY,EAAE,WAAW,KAAK,SAAS,EAAE;QAClD,UAAU,CAAC,IAAI,CAAC,CAAA,mBAAA,EAAsB,MAAM,CAAC,YAAY,CAAC,WAAW,CAAA,CAAE,CAAC;IAC1E;IAEA,IAAI,MAAM,CAAC,YAAY,EAAE,WAAW,KAAK,SAAS,EAAE;QAClD,UAAU,CAAC,IAAI,CAAC,CAAA,cAAA,EAAiB,MAAM,CAAC,YAAY,CAAC,WAAW,CAAA,CAAE,CAAC;IACrE;;AAGA,IAAA,IAAI,SAAiB;AACrB,IAAA,IAAI,MAAM,CAAC,eAAe,EAAE;;AAE1B,QAAA,SAAS,GAAG,MAAM,CAAC,eAAe;IACpC;SAAO,IACL,MAAM,CAAC,mBAAmB;AAC1B,QAAA,MAAM,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EACrC;;AAEA,QAAA,MAAM,kBAAkB,GAAG;YACzB,CAAA,gCAAA,EAAmC,MAAM,CAAC,eAAe,CAAA,EAAA,CAAI;AAC7D,YAAA,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAC/B,CAAC,EAAE,KAAK,CAAA,gCAAA,EAAmC,EAAE,IAAI,CAClD;SACF;AACD,QAAA,SAAS,GAAG,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC;IAC7C;SAAO;;AAEL,QAAA,SAAS,GAAG,CAAA,gCAAA,EAAmC,MAAM,CAAC,eAAe,IAAI;IAC3E;IAEA,OAAO;QACL,cAAc,EAAE,MAAM,CAAC,cAAc;AACrC,QAAA,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,wCAAwC;AACzE,QAAA,MAAM,EAAE,cAAuB;QAC/B,SAAS;AACT,QAAA,SAAS,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC;AAClC,QAAA,KAAK,EACH,0EAA0E;KAC7E;AACH;AAEA;;;AAGG;AACI,eAAe,yBAAyB,CAAC,EAC9C,MAAM,EACN,cAAc,EACd,eAAe,GAKhB,EAAA;;AAEC,IAAA,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC;QACvD,cAAc;AACf,KAAA,CAAC;;AAGF,IAAA,MAAM,iBAAiB,GAAG,eAAe,CAAC,WAAW,EAAE;IACvD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,uBAAuB,CAAC,IAAI,CAC7D,CAAC,KAGA,KAAK,KAAK,CAAC,oBAAoB,CAAC,WAAW,EAAE,KAAK,iBAAiB,CACrE;IAED,IAAI,iBAAiB,EAAE;QACrB,OAAO,iBAAiB,CAAC,wBAAwB;IACnD;AAEA,IAAA,OAAO,SAAS;AAClB;AAEA;;;AAGG;AACI,eAAe,yBAAyB,CAAC,EAC9C,MAAM,EACN,cAAc,EACd,eAAe,EACf,KAAK,EACL,SAAS,GAOV,EAAA;IACC,MAAM,YAAY,GAAG;UACjB,CAAA,cAAA,EAAiB,SAAS,CAAA;AAC5B,UAAE,CAAA,cAAA,EAAiB,eAAe,CAAA,CAAE;AAEtC,IAAA,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,4BAA4B,CAAC;QACvD,cAAc;AACd,QAAA,IAAI,EAAE,wCAAwC;QAC9C,KAAK,EAAE,KAAK,IAAI,YAAY;AAC5B,QAAA,KAAK,EAAE,CAAA,iGAAA,CAAmG;AAC1G,QAAA,oBAAoB,EAAE,eAAe;AACrC,QAAA,sBAAsB,EAAE,IAAI,CAAC,SAAS,CAACA,wBAAa,CAAC;AACtD,KAAA,CAAC;IAEF,MAAM,WAAW,GACf,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AACrB,UAAE,wBAAwB;IAE9B,IAAI,CAAC,WAAW,EAAE;AAChB,QAAA,MAAM,IAAI,KAAK,CACb,qEAAqE,CACtE;IACH;AAEA,IAAA,OAAO,WAAW;AACpB;AAEA;;;;;;;;;;;;;;;;;;;;;;AAsBG;AACI,eAAe,yBAAyB,CAAC,EAC9C,MAAM,EACN,cAAc,EACd,eAAe,EACf,KAAK,EACL,SAAS,GAOV,EAAA;;AAEC,IAAA,MAAM,UAAU,GAAG,MAAM,yBAAyB,CAAC;QACjD,MAAM;QACN,cAAc;QACd,eAAe;AAChB,KAAA,CAAC;IAEF,IAAI,UAAU,EAAE;AACd,QAAA,OAAO,UAAU;IACnB;;AAGA,IAAA,OAAO,yBAAyB,CAAC;QAC/B,MAAM;QACN,cAAc;QACd,eAAe;QACf,KAAK,EAAE,KAAK,IAAI,EAAE;QAClB,SAAS,EAAE,SAAS,IAAI,EAAE;AAC3B,KAAA,CAAC;AACJ;;;;;;;;"}