@account-kit/signer 4.27.0 → 4.28.0

package/dist/esm/client/base.js

@@ -9,6 +9,13 @@ import { base64UrlEncode } from "../utils/base64UrlEncode.js";
 import { resolveRelativeUrl } from "../utils/resolveRelativeUrl.js";
 import { assertNever } from "../utils/typeAssertions.js";
 import { VERSION } from "../version.js";
+const MFA_PAYLOAD = {
+    GET: "get_mfa",
+    ADD: "add_mfa",
+    DELETE: "delete_mfas",
+    VERIFY: "verify_mfa",
+    LIST: "list_mfas",
+};
 /**
  * Base class for all Alchemy Signer clients
  */
@@ -376,6 +383,165 @@ export class BaseSignerClient {
                 return json;
             }
         });
+        /**
+         * Retrieves the list of MFA factors configured for the current user.
+         *
+         * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors
+         * @throws {NotAuthenticatedError} If no user is authenticated
+         */
+        Object.defineProperty(this, "getMfaFactors", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async () => {
+                if (!this.user) {
+                    throw new NotAuthenticatedError();
+                }
+                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
+                    organizationId: this.user.orgId,
+                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
+                    timestampMs: Date.now().toString(),
+                    parameters: {
+                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
+                        hashFunction: "HASH_FUNCTION_NO_OP",
+                        payload: MFA_PAYLOAD.LIST,
+                        signWith: this.user.address,
+                    },
+                });
+                return this.request("/v1/auth-list-multi-factors", {
+                    stampedRequest,
+                });
+            }
+        });
+        /**
+         * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.
+         *
+         * @param {AddMfaParams} params The parameters required to enable a new MFA factor
+         * @returns {Promise<AddMfaResult>} A promise that resolves to the factor setup information
+         * @throws {NotAuthenticatedError} If no user is authenticated
+         * @throws {Error} If an unsupported factor type is provided
+         */
+        Object.defineProperty(this, "addMfa", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (params) => {
+                if (!this.user) {
+                    throw new NotAuthenticatedError();
+                }
+                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
+                    organizationId: this.user.orgId,
+                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
+                    timestampMs: Date.now().toString(),
+                    parameters: {
+                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
+                        hashFunction: "HASH_FUNCTION_NO_OP",
+                        payload: MFA_PAYLOAD.ADD,
+                        signWith: this.user.address,
+                    },
+                });
+                switch (params.multiFactorType) {
+                    case "totp":
+                        return this.request("/v1/auth-request-multi-factor", {
+                            stampedRequest,
+                            multiFactorType: params.multiFactorType,
+                        });
+                    default:
+                        throw new Error(`Unsupported MFA factor type: ${params.multiFactorType}`);
+                }
+            }
+        });
+        /**
+         * Verifies a newly created MFA factor to complete the setup process.
+         *
+         * @param {VerifyMfaParams} params The parameters required to verify the MFA factor
+         * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
+         * @throws {NotAuthenticatedError} If no user is authenticated
+         */
+        Object.defineProperty(this, "verifyMfa", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (params) => {
+                if (!this.user) {
+                    throw new NotAuthenticatedError();
+                }
+                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
+                    organizationId: this.user.orgId,
+                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
+                    timestampMs: Date.now().toString(),
+                    parameters: {
+                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
+                        hashFunction: "HASH_FUNCTION_NO_OP",
+                        payload: MFA_PAYLOAD.VERIFY,
+                        signWith: this.user.address,
+                    },
+                });
+                return this.request("/v1/auth-verify-multi-factor", {
+                    stampedRequest,
+                    multiFactorId: params.multiFactorId,
+                    multiFactorCode: params.multiFactorCode,
+                });
+            }
+        });
+        /**
+         * Removes existing MFA factors by ID.
+         *
+         * @param {RemoveMfaParams} params The parameters specifying which factors to disable
+         * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
+         * @throws {NotAuthenticatedError} If no user is authenticated
+         */
+        Object.defineProperty(this, "removeMfa", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (params) => {
+                if (!this.user) {
+                    throw new NotAuthenticatedError();
+                }
+                const stampedRequest = await this.turnkeyClient.stampSignRawPayload({
+                    organizationId: this.user.orgId,
+                    type: "ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2",
+                    timestampMs: Date.now().toString(),
+                    parameters: {
+                        encoding: "PAYLOAD_ENCODING_HEXADECIMAL",
+                        hashFunction: "HASH_FUNCTION_NO_OP",
+                        payload: MFA_PAYLOAD.DELETE,
+                        signWith: this.user.address,
+                    },
+                });
+                return this.request("/v1/auth-delete-multi-factors", {
+                    stampedRequest,
+                    multiFactorIds: params.multiFactorIds,
+                });
+            }
+        });
+        /**
+         * Validates multiple MFA factors using the provided encrypted payload and MFA codes.
+         *
+         * @param {ValidateMultiFactorsParams} params The validation parameters
+         * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle
+         * @throws {Error} If no credential bundle is returned from the server
+         */
+        Object.defineProperty(this, "validateMultiFactors", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: async (params) => {
+                // Send the encryptedPayload plus TOTP codes, etc:
+                const response = await this.request("/v1/auth-validate-multi-factors", {
+                    encryptedPayload: params.encryptedPayload,
+                    multiFactors: params.multiFactors,
+                });
+                // The server is expected to return the *decrypted* payload in `response.payload.credentialBundle`
+                if (!response.payload || !response.payload.credentialBundle) {
+                    throw new Error("Request to validateMultiFactors did not return a credential bundle");
+                }
+                return {
+                    bundle: response.payload.credentialBundle,
+                };
+            }
+        });
         // #endregion
         // #region PRIVATE METHODS
         Object.defineProperty(this, "exportAsSeedPhrase", {

package/dist/esm/client/base.js.map

@@ -1 +1 @@
-{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../src/client/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAyB,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAuB,MAAM,eAAe,CAAC;AACnE,OAAO,YAAY,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,MAAM,EAAY,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,+BAA+B,EAAE,MAAM,aAAa,CAAC;AAE9D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AA2BzD,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAexC;;GAEG;AACH,MAAM,OAAgB,gBAAgB;IAOpC;;;;OAIG;IACH,YAAY,MAA8B;QAXlC;;;;;WAAwB;QACxB;;;;;WAAmC;QACjC;;;;;WAA6B;QAC7B;;;;;WAAgB;QAChB;;;;;WAAsD;QACtD;;;;;WAAqC;QAiB/C;;;;WAIG;QACI;;;;mBAAY,KAAK,IAA0B,EAAE;gBAClD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC;WAAC;QA4IF,aAAa;QAEb,yBAAyB;QAEzB;;;;;;WAMG;QACI;;;;mBAAK,CACV,KAAQ,EACR,QAAsC,EACtC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;gBAE7C,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;YACxE,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAa,KAAK,EAAE,OAAkC,EAAE,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,OAAO,CACR,CAAC;gBAEF,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACjE,IAAI,EAAE,wCAAwC;oBAC9C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE;4BACd;gCACE,WAAW;gCACX,iBAAiB,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;gCACrD,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;6BACtC;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC5D,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,4BAA4B,CAC7B,CAAC;gBAEF,OAAO,gBAAgB,CAAC;YAC1B,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAmB,KAAK,IAAI,EAAE;gBACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;iBACzB,CAAC,CAAC;gBACH,OAAO;oBACL,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAC9C,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAC5C;iBACF,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAS,KAAK,EACnB,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EACxB,OAAgB,EACD,EAAE;gBACjB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,IAAI,CAAC,IAAI,CAAC;gBACnB,CAAC;gBAED,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7D,cAAc,EAAE,KAAK;iBACtB,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,MAAM,GAA4B,SAAS,CAAC,OAAO,CAAC,CAAC;oBAC3D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;oBACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;oBACrB,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;oBACzB,IAAI,CAAC;wBACH,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC;6BACtD,YAAsB,CAAC;oBAC5B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,SAAS,CAAC;oBACnB,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;gBAEL,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI;oBACP,YAAY;iBACb,CAAC;gBAEF,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAc,KAAK,IAA6B,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;gBAC1E,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAuB,KAAK,IAA6B,EAAE;gBAChE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;gBACJ,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACnD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;WASG;QACI;;;;mBAA4B,KAAK,EACtC,MAAuC,EACxB,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBAClE,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC;oBAClD,IAAI,EAAE,+BAA+B;oBACrC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;oBAC5C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,OAAO,EAAE;4BACP;gCACE,UAAU,EAAE,MAAM,CAAC,IAAI;gCACvB,SAAS,EAAE,MAAM,CAAC,SAAS;gCAC3B,iBAAiB,EAAE,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE;6BACnD;yBACF;wBACD,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;qBACzB;iBACF,CAAC,CAAC;gBACH,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACzD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAiB,KAAK,EAC3B,GAAQ,EACR,OAA8B,UAAU,EAC1B,EAAE;gBAChB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAClD,sGAAsG;oBACtG,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EACV,IAAI,KAAK,UAAU;4BACjB,CAAC,CAAC,qBAAqB;4BACvB,CAAC,CAAC,8BAA8B;wBACpC,OAAO,EAAE,GAAG;wBACZ,QAAQ,EACN,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAc;qBACrE;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBAC3D,cAAc;iBACf,CAAC,CAAC;gBAEH,OAAO,SAAS,CAAC;YACnB,CAAC;WAAC;QAEF;;;;WAIG;QACI;;;;mBAAU,GAAgB,EAAE;gBACjC,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;YAC3B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAU,KAAK,EACpB,KAAQ,EACR,IAAmB,EACS,EAAE;gBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CAAC;gBAExE,MAAM,QAAQ,GAAG,SAAS,CAAC;gBAE3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;gBACnD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC;oBACrC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC;gBACzE,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,GAAG,QAAQ,GAAG,KAAK,EAAE,EAAE;oBACxD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBAC1B,OAAO;iBACR,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBACzC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEnC,OAAO,IAAyB,CAAC;YACnC,CAAC;WAAC;QAEF,aAAa;QAEb,0BAA0B;QAClB;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC3B,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACnC,cAAc,EAAE,IAAI,CAAC,IAAK,CAAC,KAAK;oBAChC,QAAQ;iBACT,CAAC,CACH,CACF,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAE5C,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,IAAK,CAAC,OAAO,CACxC,CAAC;gBAEF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAC7D,CAAC;gBACJ,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;oBACzD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,6BAA6B;oBACnC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,aAAc,CAAC,QAAQ;wBACjC,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,oBAAoB,CACrB,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC;gBAEpE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEM;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAChE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,qCAAqC;oBAC3C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;wBAC1B,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,2BAA2B,CAC5B,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;gBAEjE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAgCG;QACO;;;;mBAAsB,KAAK,EACnC,IAA6B,EACZ,EAAE;gBACnB,MAAM,EACJ,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,eAAe,GAAG,IAAI,GACvB,GAAG,IAAI,CAAC;gBAET,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,eAAe,EAAE,uBAAuB,EACxC,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,WAAW,CAAC;gBAEhB,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAE1D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,mBAAmB,EAAE,CAAC;gBAClC,CAAC;gBAED,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBAEF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBAED,IAAI,KAAK,GAAuB,aAAa,CAAC;gBAC9C,IAAI,MAAM,GAAuB,cAAc,CAAC;gBAChD,IAAI,eAAe,GACjB,uBAAuB,CAAC;gBAE1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,MAAM,oBAAoB,GACxB,+BAA+B,CAAC,cAAc,CAAC,CAAC;oBAClD,KAAK,KAAL,KAAK,GAAK,oBAAoB,EAAE,KAAK,EAAC;oBACtC,MAAM,KAAN,MAAM,GAAK,oBAAoB,EAAE,MAAM,EAAC;oBACxC,eAAe,KAAf,eAAe,GAAK,oBAAoB,EAAE,eAAe,EAAC;gBAC5D,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,wCAAwC,cAAc,EAAE,CAAC,CAAC;gBAC5E,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAEhD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU;wBACjB,CAAC,CAAC,eAAe;4BACf,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC;4BACjC,CAAC,CAAC,WAAW;wBACf,CAAC,CAAC,SAAS;oBACf,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;iBACpE,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,gBAAgB;oBAC9B,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;oBACL,GAAG,eAAe;iBACnB,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;gBACtC,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBACpC,MAAM,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrE,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAExD,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YAC1D,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEF,8EAA8E;QACpE;;;;mBAAyB,KAAK,EAKtC,QAEa,EACb,cAAsB,EACtB,SAAY,EAOZ,EAAE;gBACF,IAAI,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACpD,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;gBACrC,CAAC;gBAED,MAAM,EACJ,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GACjC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC;oBACvC,UAAU,EAAE,QAAQ,CAAC,EAAE;oBACvB,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBAC3C,OAAO,MAAM,CAAC,SAAS,CAAE,CAAC;gBAC5B,CAAC;gBAED,IACE,MAAM,KAAK,wBAAwB;oBACnC,MAAM,KAAK,0BAA0B;oBACrC,MAAM,KAAK,kCAAkC,EAC7C,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,uCAAuC,EAAE,aAAa,MAAM,GAAG,CAChE,CAAC;gBACJ,CAAC;gBAED,gEAAgE;gBAChE,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;YAC1E,CAAC;WAAC;QACF,aAAa;QAEb;;;;;WAKG;QACO;;;;mBAAgB,CAAC,gBAAwB,EAAU,EAAE;gBAC7D,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrE,CAAC;WAAC;QA7vBA,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,SAAS,IAAI,sCAAsC,CAAC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAA6B,CAAC;QAClE,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CACpC,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,OAAO,CACR,CAAC;IACJ,CAAC;IAYD,IAAc,IAAI;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAc,IAAI,CAAC,IAAsB;QACvC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACO,UAAU,CAAC,OAAiC;QACpD,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACO,iBAAiB,CAAC,MAG3B;QACC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAC5B,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD;gBACE,WAAW,CAAC,QAAQ,EAAE,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;CA8rBF","sourcesContent":["import { ConnectionConfigSchema, type ConnectionConfig } from \"@aa-sdk/core\";\nimport { TurnkeyClient, type TSignedRequest } from \"@turnkey/http\";\nimport EventEmitter from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { sha256, type Hex } from \"viem\";\nimport { NotAuthenticatedError, OAuthProvidersError } from \"../errors.js\";\nimport { getDefaultProviderCustomization } from \"../oauth.js\";\nimport type { OauthMode } from \"../signer.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { resolveRelativeUrl } from \"../utils/resolveRelativeUrl.js\";\nimport { assertNever } from \"../utils/typeAssertions.js\";\nimport type {\n  AlchemySignerClientEvent,\n  AlchemySignerClientEvents,\n  AuthenticatingEventMetadata,\n  CreateAccountParams,\n  RemoveMfaParams,\n  EmailAuthParams,\n  EnableMfaParams,\n  EnableMfaResult,\n  experimental_CreateApiKeyParams,\n  GetOauthProviderUrlArgs,\n  GetWebAuthnAttestationResult,\n  MfaFactor,\n  OauthConfig,\n  OauthParams,\n  OauthState,\n  OtpParams,\n  SignerBody,\n  SignerResponse,\n  SignerRoutes,\n  SignupResponse,\n  User,\n  VerifyMfaParams,\n  SubmitOtpCodeResponse,\n  ValidateMultiFactorsParams,\n} from \"./types.js\";\nimport { VERSION } from \"../version.js\";\n\nexport interface BaseSignerClientParams {\n  stamper: TurnkeyClient[\"stamper\"];\n  connection: ConnectionConfig;\n  rootOrgId?: string;\n  rpId?: string;\n}\n\nexport type ExportWalletStamper = TurnkeyClient[\"stamper\"] & {\n  injectWalletExportBundle(bundle: string): Promise<boolean>;\n  injectKeyExportBundle(bundle: string): Promise<boolean>;\n  publicKey(): string | null;\n};\n\n/**\n * Base class for all Alchemy Signer clients\n */\nexport abstract class BaseSignerClient<TExportWalletParams = unknown> {\n  private _user: User | undefined;\n  private connectionConfig: ConnectionConfig;\n  protected turnkeyClient: TurnkeyClient;\n  protected rootOrg: string;\n  protected eventEmitter: EventEmitter<AlchemySignerClientEvents>;\n  protected oauthConfig: OauthConfig | undefined;\n  /**\n   * Create a new instance of the Alchemy Signer client\n   *\n   * @param {BaseSignerClientParams} params the parameters required to create the client\n   */\n  constructor(params: BaseSignerClientParams) {\n    const { stamper, connection, rootOrgId } = params;\n    this.rootOrg = rootOrgId ?? \"24c1acf5-810f-41e0-a503-d5d13fa8e830\";\n    this.eventEmitter = new EventEmitter<AlchemySignerClientEvents>();\n    this.connectionConfig = ConnectionConfigSchema.parse(connection);\n    this.turnkeyClient = new TurnkeyClient(\n      { baseUrl: \"https://api.turnkey.com\" },\n      stamper\n    );\n  }\n\n  /**\n   * Asynchronously fetches and sets the OAuth configuration.\n   *\n   * @returns {Promise<OauthConfig>} A promise that resolves to the OAuth configuration\n   */\n  public initOauth = async (): Promise<OauthConfig> => {\n    this.oauthConfig = await this.getOauthConfig();\n    return this.oauthConfig;\n  };\n\n  protected get user() {\n    return this._user;\n  }\n\n  protected set user(user: User | undefined) {\n    if (user && !this._user) {\n      this.eventEmitter.emit(\"connected\", user);\n    } else if (!user && this._user) {\n      this.eventEmitter.emit(\"disconnected\");\n    }\n\n    this._user = user;\n  }\n\n  /**\n   * Sets the stamper of the TurnkeyClient.\n   *\n   * @param {TurnkeyClient[\"stamper\"]} stamper the stamper function to set for the TurnkeyClient\n   */\n  protected setStamper(stamper: TurnkeyClient[\"stamper\"]) {\n    this.turnkeyClient.stamper = stamper;\n  }\n\n  /**\n   * Exports wallet credentials based on the specified type, either as a SEED_PHRASE or PRIVATE_KEY.\n   *\n   * @param {object} params The parameters for exporting the wallet\n   * @param {ExportWalletStamper} params.exportStamper The stamper used for exporting the wallet\n   * @param {\"SEED_PHRASE\" | \"PRIVATE_KEY\"} params.exportAs Specifies the format for exporting the wallet, either as a SEED_PHRASE or PRIVATE_KEY\n   * @returns {Promise<boolean>} A promise that resolves to true if the export is successful\n   */\n  protected exportWalletInner(params: {\n    exportStamper: ExportWalletStamper;\n    exportAs: \"SEED_PHRASE\" | \"PRIVATE_KEY\";\n  }): Promise<boolean> {\n    const { exportAs } = params;\n    switch (exportAs) {\n      case \"PRIVATE_KEY\":\n        return this.exportAsPrivateKey(params.exportStamper);\n      case \"SEED_PHRASE\":\n        return this.exportAsSeedPhrase(params.exportStamper);\n      default:\n        assertNever(exportAs, `Unknown export mode: ${exportAs}`);\n    }\n  }\n\n  // #region ABSTRACT METHODS\n\n  public abstract createAccount(\n    params: CreateAccountParams\n  ): Promise<SignupResponse>;\n\n  public abstract initEmailAuth(\n    params: Omit<EmailAuthParams, \"targetPublicKey\">\n  ): Promise<{ orgId: string; otpId?: string; multiFactors?: MfaFactor[] }>;\n\n  /**\n   * Retrieves the list of MFA factors configured for the current user.\n   *\n   * @returns {Promise<{ multiFactors: Array<MfaFactor> }>} A promise that resolves to an array of configured MFA factors\n   */\n  public abstract getMfaFactors(): Promise<{\n    multiFactors: MfaFactor[];\n  }>;\n\n  /**\n   * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.\n   *\n   * @param {EnableMfaParams} params The parameters required to enable a new MFA factor\n   * @returns {Promise<EnableMfaResult>} A promise that resolves to the factor setup information\n   */\n  public abstract addMfa(params: EnableMfaParams): Promise<EnableMfaResult>;\n\n  /**\n   * Verifies a newly created MFA factor to complete the setup process.\n   *\n   * @param {VerifyMfaParams} params The parameters required to verify the MFA factor\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n   */\n  public abstract verifyMfa(params: VerifyMfaParams): Promise<{\n    multiFactors: MfaFactor[];\n  }>;\n\n  /**\n   * Removes existing MFA factors by ID or factor type.\n   *\n   * @param {RemoveMfaParams} params The parameters specifying which factors to disable\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n   */\n  public abstract removeMfa(params: RemoveMfaParams): Promise<{\n    multiFactors: MfaFactor[];\n  }>;\n\n  /**\n   * Validates multiple MFA factors using the provided encrypted payload and MFA codes.\n   *\n   * @param {ValidateMultiFactorsParams} params The validation parameters\n   * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle\n   */\n  public abstract validateMultiFactors(\n    params: ValidateMultiFactorsParams\n  ): Promise<{ bundle: string }>;\n\n  public abstract completeAuthWithBundle(params: {\n    bundle: string;\n    orgId: string;\n    connectedEventName: keyof AlchemySignerClientEvents;\n    authenticatingType: AuthenticatingEventMetadata[\"type\"];\n    idToken?: string;\n  }): Promise<User>;\n\n  public abstract oauthWithRedirect(\n    args: Extract<OauthParams, { mode: \"redirect\" }>\n  ): Promise<User | never>;\n\n  public abstract oauthWithPopup(\n    args: Extract<OauthParams, { mode: \"popup\" }>\n  ): Promise<User>;\n\n  public abstract submitOtpCode(\n    args: Omit<OtpParams, \"targetPublicKey\">\n  ): Promise<SubmitOtpCodeResponse>;\n\n  public abstract disconnect(): Promise<void>;\n\n  public abstract exportWallet(params: TExportWalletParams): Promise<boolean>;\n\n  public abstract lookupUserWithPasskey(user?: User): Promise<User>;\n\n  public abstract targetPublicKey(): Promise<string>;\n\n  protected abstract getOauthConfig(): Promise<OauthConfig>;\n\n  protected abstract getWebAuthnAttestation(\n    options: CredentialCreationOptions,\n    userDetails?: { username: string }\n  ): Promise<GetWebAuthnAttestationResult>;\n\n  // #endregion\n\n  // #region PUBLIC METHODS\n\n  /**\n   * Listen to events emitted by the client\n   *\n   * @param {AlchemySignerClientEvent} event the event you want to listen to\n   * @param {AlchemySignerClientEvents[AlchemySignerClientEvent]} listener the callback function to execute when an event is fired\n   * @returns {() => void} a function that will remove the listener when called\n   */\n  public on = <E extends AlchemySignerClientEvent>(\n    event: E,\n    listener: AlchemySignerClientEvents[E]\n  ) => {\n    this.eventEmitter.on(event, listener as any);\n\n    return () => this.eventEmitter.removeListener(event, listener as any);\n  };\n\n  /**\n   * Handles the creation of authenticators using WebAuthn attestation and the provided options. Requires the user to be authenticated.\n   *\n   * @param {CredentialCreationOptions} options The options used to create the WebAuthn attestation\n   * @returns {Promise<string[]>} A promise that resolves to an array of authenticator IDs\n   * @throws {NotAuthenticatedError} If the user is not authenticated\n   */\n  public addPasskey = async (options: CredentialCreationOptions) => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n    const { attestation, challenge } = await this.getWebAuthnAttestation(\n      options\n    );\n\n    const { activity } = await this.turnkeyClient.createAuthenticators({\n      type: \"ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2\",\n      timestampMs: Date.now().toString(),\n      organizationId: this.user.orgId,\n      parameters: {\n        userId: this.user.userId,\n        authenticators: [\n          {\n            attestation,\n            authenticatorName: `passkey-${Date.now().toString()}`,\n            challenge: base64UrlEncode(challenge),\n          },\n        ],\n      },\n    });\n\n    const { authenticatorIds } = await this.pollActivityCompletion(\n      activity,\n      this.user.orgId,\n      \"createAuthenticatorsResult\"\n    );\n\n    return authenticatorIds;\n  };\n\n  /**\n   * Retrieves the status of the passkey for the current user. Requires the user to be authenticated.\n   *\n   * @returns {Promise<{ isPasskeyAdded: boolean }>} A promise that resolves to an object containing the passkey status\n   * @throws {NotAuthenticatedError} If the user is not authenticated\n   */\n  public getPasskeyStatus = async () => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n    const resp = await this.turnkeyClient.getAuthenticators({\n      organizationId: this.user.orgId,\n      userId: this.user.userId,\n    });\n    return {\n      isPasskeyAdded: resp.authenticators.some((it) =>\n        it.authenticatorName.startsWith(\"passkey-\")\n      ),\n    };\n  };\n\n  /**\n   * Retrieves the current user or fetches the user information if not already available.\n   *\n   * @param {string} [orgId] optional organization ID, defaults to the user's organization ID\n   * @param {string} idToken an OIDC ID token containing additional user information\n   * @returns {Promise<User>} A promise that resolves to the user object\n   * @throws {Error} if no organization ID is provided when there is no current user\n   */\n  public whoami = async (\n    orgId = this.user?.orgId,\n    idToken?: string\n  ): Promise<User> => {\n    if (this.user) {\n      return this.user;\n    }\n\n    if (!orgId) {\n      throw new Error(\"No orgId provided\");\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampGetWhoami({\n      organizationId: orgId,\n    });\n\n    const user = await this.request(\"/v1/whoami\", {\n      stampedRequest,\n    });\n\n    if (idToken) {\n      const claims: Record<string, unknown> = jwtDecode(idToken);\n      user.idToken = idToken;\n      user.claims = claims;\n      if (typeof claims.email === \"string\") {\n        user.email = claims.email;\n      }\n    }\n\n    const credentialId = (() => {\n      try {\n        return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n          .credentialId as string;\n      } catch (e) {\n        return undefined;\n      }\n    })();\n\n    this.user = {\n      ...user,\n      credentialId,\n    };\n\n    return this.user;\n  };\n\n  /**\n   * Generates a stamped whoami request for the current user. This request can then be used to call /signer/v1/whoami to get the user information.\n   * This is useful if you want to get the user information in a different context like a server. You can pass the stamped request to the server\n   * and then call our API to get the user information. Using this stamp is the most trusted way to get the user information since a stamp can only\n   * belong to the user who created it.\n   *\n   * @returns {Promise<TSignedRequest>} a promise that resolves to the \"whoami\" information for the logged in user\n   * @throws {Error} if no organization ID is provided\n   */\n  public stampWhoami = async (): Promise<TSignedRequest> => {\n    if (!this.user) {\n      throw new Error(\"User must be authenticated to stamp a whoami request\");\n    }\n\n    return await this.turnkeyClient.stampGetWhoami({\n      organizationId: this.user.orgId,\n    });\n  };\n\n  /**\n   * Generates a stamped getOrganization request for the current user.\n   *\n   * @returns {Promise<TSignedRequest>} a promise that resolves to the \"getOrganization\" information for the logged in user\n   * @throws {Error} if no user is authenticated\n   */\n  public stampGetOrganization = async (): Promise<TSignedRequest> => {\n    if (!this.user) {\n      throw new Error(\n        \"User must be authenticated to stamp a get organization request\"\n      );\n    }\n\n    return await this.turnkeyClient.stampGetOrganization({\n      organizationId: this.user.orgId,\n    });\n  };\n\n  /**\n   * Creates an API key that can take any action on behalf of the current user.\n   * (Note that this method is currently experimental and is subject to change.)\n   *\n   * @param {CreateApiKeyParams} params Parameters for creating the API key.\n   * @param {string} params.name Name of the API key.\n   * @param {string} params.publicKey Public key to be used for the API key.\n   * @param {number} params.expirationSec Number of seconds until the API key expires.\n   * @throws {Error} If there is no authenticated user or the API key creation fails.\n   */\n  public experimental_createApiKey = async (\n    params: experimental_CreateApiKeyParams\n  ): Promise<void> => {\n    if (!this.user) {\n      throw new Error(\"User must be authenticated to create api key\");\n    }\n    const resp = await this.turnkeyClient.createApiKeys({\n      type: \"ACTIVITY_TYPE_CREATE_API_KEYS\",\n      timestampMs: new Date().getTime().toString(),\n      organizationId: this.user.orgId,\n      parameters: {\n        apiKeys: [\n          {\n            apiKeyName: params.name,\n            publicKey: params.publicKey,\n            expirationSeconds: params.expirationSec.toString(),\n          },\n        ],\n        userId: this.user.userId,\n      },\n    });\n    if (resp.activity.status !== \"ACTIVITY_STATUS_COMPLETED\") {\n      throw new Error(\"Failed to create api key\");\n    }\n  };\n\n  /**\n   * Looks up information based on an email address.\n   *\n   * @param {string} email the email address to look up\n   * @returns {Promise<any>} the result of the lookup request\n   */\n  public lookupUserByEmail = async (email: string) => {\n    return this.request(\"/v1/lookup\", { email });\n  };\n\n  /**\n   * This will sign a message with the user's private key, without doing any transformations on the message.\n   * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n   * that result here.\n   *\n   * @param {Hex} msg the hex representation of the bytes to sign\n   * @param {string} mode specify if signing should happen for solana or ethereum\n   * @returns {Promise<Hex>} the signature over the raw hex\n   */\n  public signRawMessage = async (\n    msg: Hex,\n    mode: \"SOLANA\" | \"ETHEREUM\" = \"ETHEREUM\"\n  ): Promise<Hex> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    if (!this.user.solanaAddress && mode === \"SOLANA\") {\n      // TODO: we need to add backwards compatibility for users who signed up before we added Solana support\n      throw new Error(\"No Solana address available for the user\");\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction:\n          mode === \"ETHEREUM\"\n            ? \"HASH_FUNCTION_NO_OP\"\n            : \"HASH_FUNCTION_NOT_APPLICABLE\",\n        payload: msg,\n        signWith:\n          mode === \"ETHEREUM\" ? this.user.address : this.user.solanaAddress!,\n      },\n    });\n\n    const { signature } = await this.request(\"/v1/sign-payload\", {\n      stampedRequest,\n    });\n\n    return signature;\n  };\n\n  /**\n   * Returns the current user or null if no user is set.\n   *\n   * @returns {User | null} the current user object or null if no user is available\n   */\n  public getUser = (): User | null => {\n    return this.user ?? null;\n  };\n\n  /**\n   * Sends a POST request to the given signer route with the specified body and returns the response.\n   * Not intended to be used directly, use the specific methods instead on the client instead.\n   *\n   * @param {SignerRoutes} route The route to which the request should be sent\n   * @param {SignerBody<R>} body The request body containing the data to be sent\n   * @returns {Promise<SignerResponse<R>>} A promise that resolves to the response from the signer\n   */\n  public request = async <R extends SignerRoutes>(\n    route: R,\n    body: SignerBody<R>\n  ): Promise<SignerResponse<R>> => {\n    const url = this.connectionConfig.rpcUrl ?? \"https://api.g.alchemy.com\";\n\n    const basePath = \"/signer\";\n\n    const headers = new Headers();\n    headers.append(\"Alchemy-AA-Sdk-Version\", VERSION);\n    headers.append(\"Content-Type\", \"application/json\");\n    if (this.connectionConfig.apiKey) {\n      headers.append(\"Authorization\", `Bearer ${this.connectionConfig.apiKey}`);\n    } else if (this.connectionConfig.jwt) {\n      headers.append(\"Authorization\", `Bearer ${this.connectionConfig.jwt}`);\n    }\n\n    const response = await fetch(`${url}${basePath}${route}`, {\n      method: \"POST\",\n      body: JSON.stringify(body),\n      headers,\n    });\n\n    if (!response.ok) {\n      throw new Error(await response.text());\n    }\n\n    const json = await response.json();\n\n    return json as SignerResponse<R>;\n  };\n\n  // #endregion\n\n  // #region PRIVATE METHODS\n  private exportAsSeedPhrase = async (stamper: ExportWalletStamper) => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const { wallets } = await this.turnkeyClient.getWallets({\n      organizationId: this.user.orgId,\n    });\n\n    const walletAccounts = await Promise.all(\n      wallets.map(({ walletId }) =>\n        this.turnkeyClient.getWalletAccounts({\n          organizationId: this.user!.orgId,\n          walletId,\n        })\n      )\n    ).then((x) => x.flatMap((x) => x.accounts));\n\n    const walletAccount = walletAccounts.find(\n      (x) => x.address === this.user!.address\n    );\n\n    if (!walletAccount) {\n      throw new Error(\n        `Could not find wallet associated with ${this.user.address}`\n      );\n    }\n\n    const { activity } = await this.turnkeyClient.exportWallet({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_EXPORT_WALLET\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        walletId: walletAccount!.walletId,\n        targetPublicKey: stamper.publicKey()!,\n      },\n    });\n\n    const { exportBundle } = await this.pollActivityCompletion(\n      activity,\n      this.user.orgId,\n      \"exportWalletResult\"\n    );\n\n    const result = await stamper.injectWalletExportBundle(exportBundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject wallet export bundle\");\n    }\n\n    return result;\n  };\n\n  private exportAsPrivateKey = async (stamper: ExportWalletStamper) => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const { activity } = await this.turnkeyClient.exportWalletAccount({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        address: this.user.address,\n        targetPublicKey: stamper.publicKey()!,\n      },\n    });\n\n    const { exportBundle } = await this.pollActivityCompletion(\n      activity,\n      this.user.orgId,\n      \"exportWalletAccountResult\"\n    );\n\n    const result = await stamper.injectKeyExportBundle(exportBundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject wallet export bundle\");\n    }\n\n    return result;\n  };\n\n  /**\n   * Returns the authentication url for the selected OAuth Proivder\n   *\n   * @example\n   * ```ts\n   *\n   * cosnt oauthParams = {\n   *  authProviderId: \"google\",\n   *  isCustomProvider: false,\n   *  auth0Connection: undefined,\n   *  scope: undefined,\n   *  claims: undefined,\n   *  mode: \"redirect\",\n   *  redirectUrl: \"https://your-url-path/oauth-return\",\n   *  expirationSeconds: 3000\n   * };\n   *\n   * const turnkeyPublicKey = await this.initIframeStamper();\n   * const oauthCallbackUrl = this.oauthCallbackUrl;\n   * const oauthConfig = this.getOauthConfig() // Optional value for OauthConfig()\n   * const usesRelativeUrl = true // Optional value to determine if we use a relative (or absolute) url for the `redirect_url`\n   *\n   * const oauthProviderUrl = getOauthProviderUrl({\n   *  oauthParams,\n   *  turnkeyPublicKey,\n   *  oauthCallbackUrl\n   * })\n   *\n   * ```\n   * @param {GetOauthProviderUrlArgs} args Required. The Oauth provider's auth parameters\n   *\n   * @returns {Promise<string>} returns the Oauth provider's url\n   */\n  protected getOauthProviderUrl = async (\n    args: GetOauthProviderUrlArgs\n  ): Promise<string> => {\n    const {\n      oauthParams,\n      turnkeyPublicKey,\n      oauthCallbackUrl,\n      oauthConfig,\n      usesRelativeUrl = true,\n    } = args;\n\n    const {\n      authProviderId,\n      isCustomProvider,\n      auth0Connection,\n      scope: providedScope,\n      claims: providedClaims,\n      otherParameters: providedOtherParameters,\n      mode,\n      redirectUrl,\n      expirationSeconds,\n    } = oauthParams;\n\n    const { codeChallenge, requestKey, authProviders } =\n      oauthConfig ?? (await this.getOauthConfigForMode(mode));\n\n    if (!authProviders) {\n      throw new OAuthProvidersError();\n    }\n\n    const authProvider = authProviders.find(\n      (provider) =>\n        provider.id === authProviderId &&\n        !!provider.isCustomProvider === !!isCustomProvider\n    );\n\n    if (!authProvider) {\n      throw new Error(`No auth provider found with id ${authProviderId}`);\n    }\n\n    let scope: string | undefined = providedScope;\n    let claims: string | undefined = providedClaims;\n    let otherParameters: Record<string, string> | undefined =\n      providedOtherParameters;\n\n    if (!isCustomProvider) {\n      const defaultCustomization =\n        getDefaultProviderCustomization(authProviderId);\n      scope ??= defaultCustomization?.scope;\n      claims ??= defaultCustomization?.claims;\n      otherParameters ??= defaultCustomization?.otherParameters;\n    }\n    if (!scope) {\n      throw new Error(`Default scope not known for provider ${authProviderId}`);\n    }\n    const { authEndpoint, clientId } = authProvider;\n\n    const nonce = this.getOauthNonce(turnkeyPublicKey);\n    const stateObject: OauthState = {\n      authProviderId,\n      isCustomProvider,\n      requestKey,\n      turnkeyPublicKey,\n      expirationSeconds,\n      redirectUrl:\n        mode === \"redirect\"\n          ? usesRelativeUrl\n            ? resolveRelativeUrl(redirectUrl)\n            : redirectUrl\n          : undefined,\n      openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n    };\n    const state = base64UrlEncode(\n      new TextEncoder().encode(JSON.stringify(stateObject))\n    );\n    const authUrl = new URL(authEndpoint);\n    const params: Record<string, string> = {\n      redirect_uri: oauthCallbackUrl,\n      response_type: \"code\",\n      scope,\n      state,\n      code_challenge: codeChallenge,\n      code_challenge_method: \"S256\",\n      prompt: \"select_account\",\n      client_id: clientId,\n      nonce,\n      ...otherParameters,\n    };\n    if (claims) {\n      params.claims = claims;\n    }\n    if (auth0Connection) {\n      params.connection = auth0Connection;\n    }\n\n    Object.keys(params).forEach((param) => {\n      params[param] && authUrl.searchParams.append(param, params[param]);\n    });\n\n    const [urlPath, searchParams] = authUrl.href.split(\"?\");\n\n    return `${urlPath?.replace(/\\/$/, \"\")}?${searchParams}`;\n  };\n\n  private getOauthConfigForMode = async (\n    mode: OauthMode\n  ): Promise<OauthConfig> => {\n    if (this.oauthConfig) {\n      return this.oauthConfig;\n    } else if (mode === \"redirect\") {\n      return this.initOauth();\n    } else {\n      throw new Error(\n        \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\"\n      );\n    }\n  };\n\n  // eslint-disable-next-line eslint-rules/require-jsdoc-on-reexported-functions\n  protected pollActivityCompletion = async <\n    T extends keyof Awaited<\n      ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n    >[\"activity\"][\"result\"]\n  >(\n    activity: Awaited<\n      ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n    >[\"activity\"],\n    organizationId: string,\n    resultKey: T\n  ): Promise<\n    NonNullable<\n      Awaited<\n        ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n      >[\"activity\"][\"result\"][T]\n    >\n  > => {\n    if (activity.status === \"ACTIVITY_STATUS_COMPLETED\") {\n      return activity.result[resultKey]!;\n    }\n\n    const {\n      activity: { status, id, result },\n    } = await this.turnkeyClient.getActivity({\n      activityId: activity.id,\n      organizationId,\n    });\n\n    if (status === \"ACTIVITY_STATUS_COMPLETED\") {\n      return result[resultKey]!;\n    }\n\n    if (\n      status === \"ACTIVITY_STATUS_FAILED\" ||\n      status === \"ACTIVITY_STATUS_REJECTED\" ||\n      status === \"ACTIVITY_STATUS_CONSENSUS_NEEDED\"\n    ) {\n      throw new Error(\n        `Failed to get activity with with id ${id} (status: ${status})`\n      );\n    }\n\n    // TODO: add ability to configure this + add exponential backoff\n    await new Promise((resolve) => setTimeout(resolve, 500));\n\n    return this.pollActivityCompletion(activity, organizationId, resultKey);\n  };\n  // #endregion\n\n  /**\n   * Turnkey requires the nonce in the id token to be in this format.\n   *\n   * @param {string} turnkeyPublicKey key from a Turnkey iframe\n   * @returns {string} nonce to be used in OIDC\n   */\n  protected getOauthNonce = (turnkeyPublicKey: string): string => {\n    return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n  };\n}\n"]}
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../../src/client/base.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAyB,MAAM,cAAc,CAAC;AAC7E,OAAO,EAAE,aAAa,EAAuB,MAAM,eAAe,CAAC;AACnE,OAAO,YAAY,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,MAAM,EAAY,MAAM,MAAM,CAAC;AACxC,OAAO,EAAE,qBAAqB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAC1E,OAAO,EAAE,+BAA+B,EAAE,MAAM,aAAa,CAAC;AAE9D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AACpE,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AA2BzD,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAexC,MAAM,WAAW,GAAG;IAClB,GAAG,EAAE,SAAS;IACd,GAAG,EAAE,SAAS;IACd,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,YAAY;IACpB,IAAI,EAAE,WAAW;CACT,CAAC;AAEX;;GAEG;AACH,MAAM,OAAgB,gBAAgB;IAOpC;;;;OAIG;IACH,YAAY,MAA8B;QAXlC;;;;;WAAwB;QACxB;;;;;WAAmC;QACjC;;;;;WAA6B;QAC7B;;;;;WAAgB;QAChB;;;;;WAAsD;QACtD;;;;;WAAqC;QAiB/C;;;;WAIG;QACI;;;;mBAAY,KAAK,IAA0B,EAAE;gBAClD,IAAI,CAAC,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;gBAC/C,OAAO,IAAI,CAAC,WAAW,CAAC;YAC1B,CAAC;WAAC;QA6FF,aAAa;QAEb,yBAAyB;QAEzB;;;;;;WAMG;QACI;;;;mBAAK,CACV,KAAQ,EACR,QAAsC,EACtC,EAAE;gBACF,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;gBAE7C,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC,cAAc,CAAC,KAAK,EAAE,QAAe,CAAC,CAAC;YACxE,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAa,KAAK,EAAE,OAAkC,EAAE,EAAE;gBAC/D,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAClE,OAAO,CACR,CAAC;gBAEF,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACjE,IAAI,EAAE,wCAAwC;oBAC9C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;wBACxB,cAAc,EAAE;4BACd;gCACE,WAAW;gCACX,iBAAiB,EAAE,WAAW,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,EAAE;gCACrD,SAAS,EAAE,eAAe,CAAC,SAAS,CAAC;6BACtC;yBACF;qBACF;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,gBAAgB,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAC5D,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,4BAA4B,CAC7B,CAAC;gBAEF,OAAO,gBAAgB,CAAC;YAC1B,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAmB,KAAK,IAAI,EAAE;gBACnC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;iBACzB,CAAC,CAAC;gBACH,OAAO;oBACL,cAAc,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAC9C,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC,UAAU,CAAC,CAC5C;iBACF,CAAC;YACJ,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAS,KAAK,EACnB,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,EACxB,OAAgB,EACD,EAAE;gBACjB,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;oBACd,OAAO,IAAI,CAAC,IAAI,CAAC;gBACnB,CAAC;gBAED,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBACvC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7D,cAAc,EAAE,KAAK;iBACtB,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;oBAC5C,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,OAAO,EAAE,CAAC;oBACZ,MAAM,MAAM,GAA4B,SAAS,CAAC,OAAO,CAAC,CAAC;oBAC3D,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;oBACvB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;oBACrB,IAAI,OAAO,MAAM,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;wBACrC,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;oBAC5B,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE;oBACzB,IAAI,CAAC;wBACH,OAAO,IAAI,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,gBAAgB,CAAC;6BACtD,YAAsB,CAAC;oBAC5B,CAAC;oBAAC,OAAO,CAAC,EAAE,CAAC;wBACX,OAAO,SAAS,CAAC;oBACnB,CAAC;gBACH,CAAC,CAAC,EAAE,CAAC;gBAEL,IAAI,CAAC,IAAI,GAAG;oBACV,GAAG,IAAI;oBACP,YAAY;iBACb,CAAC;gBAEF,OAAO,IAAI,CAAC,IAAI,CAAC;YACnB,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAc,KAAK,IAA6B,EAAE;gBACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;gBAC1E,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,cAAc,CAAC;oBAC7C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAuB,KAAK,IAA6B,EAAE;gBAChE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CACb,gEAAgE,CACjE,CAAC;gBACJ,CAAC;gBAED,OAAO,MAAM,IAAI,CAAC,aAAa,CAAC,oBAAoB,CAAC;oBACnD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;;;WASG;QACI;;;;mBAA4B,KAAK,EACtC,MAAuC,EACxB,EAAE;gBACjB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;gBAClE,CAAC;gBACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC;oBAClD,IAAI,EAAE,+BAA+B;oBACrC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;oBAC5C,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,UAAU,EAAE;wBACV,OAAO,EAAE;4BACP;gCACE,UAAU,EAAE,MAAM,CAAC,IAAI;gCACvB,SAAS,EAAE,MAAM,CAAC,SAAS;gCAC3B,iBAAiB,EAAE,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE;6BACnD;yBACF;wBACD,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;qBACzB;iBACF,CAAC,CAAC;gBACH,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACzD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;gBAC9C,CAAC;YACH,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAoB,KAAK,EAAE,KAAa,EAAE,EAAE;gBACjD,OAAO,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;WAAC;QAEF;;;;;;;;WAQG;QACI;;;;mBAAiB,KAAK,EAC3B,GAAQ,EACR,OAA8B,UAAU,EAC1B,EAAE;gBAChB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;oBAClD,sGAAsG;oBACtG,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;gBAC9D,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EACV,IAAI,KAAK,UAAU;4BACjB,CAAC,CAAC,qBAAqB;4BACvB,CAAC,CAAC,8BAA8B;wBACpC,OAAO,EAAE,GAAG;wBACZ,QAAQ,EACN,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAc;qBACrE;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;oBAC3D,cAAc;iBACf,CAAC,CAAC;gBAEH,OAAO,SAAS,CAAC;YACnB,CAAC;WAAC;QAEF;;;;WAIG;QACI;;;;mBAAU,GAAgB,EAAE;gBACjC,OAAO,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC;YAC3B,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAU,KAAK,EACpB,KAAQ,EACR,IAAmB,EACS,EAAE;gBAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,2BAA2B,CAAC;gBAExE,MAAM,QAAQ,GAAG,SAAS,CAAC;gBAE3B,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;gBAC9B,OAAO,CAAC,MAAM,CAAC,wBAAwB,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO,CAAC,MAAM,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;gBACnD,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC;oBACjC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC5E,CAAC;qBAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC;oBACrC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,CAAC,CAAC;gBACzE,CAAC;gBAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,GAAG,GAAG,QAAQ,GAAG,KAAK,EAAE,EAAE;oBACxD,MAAM,EAAE,MAAM;oBACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;oBAC1B,OAAO;iBACR,CAAC,CAAC;gBAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,IAAI,KAAK,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;gBACzC,CAAC;gBAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAEnC,OAAO,IAAyB,CAAC;YACnC,CAAC;WAAC;QAEF;;;;;WAKG;QACI;;;;mBAAgB,KAAK,IAEzB,EAAE;gBACH,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,IAAI;wBACzB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE;oBACjD,cAAc;iBACf,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;;WAOG;QACI;;;;mBAAS,KAAK,EAAE,MAAoB,EAAyB,EAAE;gBACpE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,GAAG;wBACxB,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,QAAQ,MAAM,CAAC,eAAe,EAAE,CAAC;oBAC/B,KAAK,MAAM;wBACT,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;4BACnD,cAAc;4BACd,eAAe,EAAE,MAAM,CAAC,eAAe;yBACxC,CAAC,CAAC;oBACL;wBACE,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,CAAC,eAAe,EAAE,CACzD,CAAC;gBACN,CAAC;YACH,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAY,KAAK,EACtB,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,8BAA8B,EAAE;oBAClD,cAAc;oBACd,aAAa,EAAE,MAAM,CAAC,aAAa;oBACnC,eAAe,EAAE,MAAM,CAAC,eAAe;iBACxC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAY,KAAK,EACtB,MAAuB,EACiB,EAAE;gBAC1C,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAClE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,mCAAmC;oBACzC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,8BAA8B;wBACxC,YAAY,EAAE,qBAAqB;wBACnC,OAAO,EAAE,WAAW,CAAC,MAAM;wBAC3B,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;qBAC5B;iBACF,CAAC,CAAC;gBAEH,OAAO,IAAI,CAAC,OAAO,CAAC,+BAA+B,EAAE;oBACnD,cAAc;oBACd,cAAc,EAAE,MAAM,CAAC,cAAc;iBACtC,CAAC,CAAC;YACL,CAAC;WAAC;QAEF;;;;;;WAMG;QACI;;;;mBAAuB,KAAK,EACjC,MAAkC,EACL,EAAE;gBAC/B,kDAAkD;gBAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,iCAAiC,EAAE;oBACrE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;oBACzC,YAAY,EAAE,MAAM,CAAC,YAAY;iBAClC,CAAC,CAAC;gBAEH,kGAAkG;gBAClG,IAAI,CAAC,QAAQ,CAAC,OAAO,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;oBAC5D,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;gBACJ,CAAC;gBAED,OAAO;oBACL,MAAM,EAAE,QAAQ,CAAC,OAAO,CAAC,gBAAgB;iBAC1C,CAAC;YACJ,CAAC;WAAC;QAEF,aAAa;QAEb,0BAA0B;QAClB;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CAAC;oBACtD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;iBAChC,CAAC,CAAC;gBAEH,MAAM,cAAc,GAAG,MAAM,OAAO,CAAC,GAAG,CACtC,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAC3B,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC;oBACnC,cAAc,EAAE,IAAI,CAAC,IAAK,CAAC,KAAK;oBAChC,QAAQ;iBACT,CAAC,CACH,CACF,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAE5C,MAAM,aAAa,GAAG,cAAc,CAAC,IAAI,CACvC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,IAAI,CAAC,IAAK,CAAC,OAAO,CACxC,CAAC;gBAEF,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,KAAK,CACb,yCAAyC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAC7D,CAAC;gBACJ,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC;oBACzD,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,6BAA6B;oBACnC,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,QAAQ,EAAE,aAAc,CAAC,QAAQ;wBACjC,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,oBAAoB,CACrB,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,wBAAwB,CAAC,YAAY,CAAC,CAAC;gBAEpE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEM;;;;mBAAqB,KAAK,EAAE,OAA4B,EAAE,EAAE;gBAClE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;oBACf,MAAM,IAAI,qBAAqB,EAAE,CAAC;gBACpC,CAAC;gBAED,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC;oBAChE,cAAc,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;oBAC/B,IAAI,EAAE,qCAAqC;oBAC3C,WAAW,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;oBAClC,UAAU,EAAE;wBACV,OAAO,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO;wBAC1B,eAAe,EAAE,OAAO,CAAC,SAAS,EAAG;qBACtC;iBACF,CAAC,CAAC;gBAEH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,IAAI,CAAC,IAAI,CAAC,KAAK,EACf,2BAA2B,CAC5B,CAAC;gBAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,qBAAqB,CAAC,YAAY,CAAC,CAAC;gBAEjE,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBAC3D,CAAC;gBAED,OAAO,MAAM,CAAC;YAChB,CAAC;WAAC;QAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAgCG;QACO;;;;mBAAsB,KAAK,EACnC,IAA6B,EACZ,EAAE;gBACnB,MAAM,EACJ,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,WAAW,EACX,eAAe,GAAG,IAAI,GACvB,GAAG,IAAI,CAAC;gBAET,MAAM,EACJ,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,KAAK,EAAE,aAAa,EACpB,MAAM,EAAE,cAAc,EACtB,eAAe,EAAE,uBAAuB,EACxC,IAAI,EACJ,WAAW,EACX,iBAAiB,GAClB,GAAG,WAAW,CAAC;gBAEhB,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,GAChD,WAAW,IAAI,CAAC,MAAM,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC;gBAE1D,IAAI,CAAC,aAAa,EAAE,CAAC;oBACnB,MAAM,IAAI,mBAAmB,EAAE,CAAC;gBAClC,CAAC;gBAED,MAAM,YAAY,GAAG,aAAa,CAAC,IAAI,CACrC,CAAC,QAAQ,EAAE,EAAE,CACX,QAAQ,CAAC,EAAE,KAAK,cAAc;oBAC9B,CAAC,CAAC,QAAQ,CAAC,gBAAgB,KAAK,CAAC,CAAC,gBAAgB,CACrD,CAAC;gBAEF,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,kCAAkC,cAAc,EAAE,CAAC,CAAC;gBACtE,CAAC;gBAED,IAAI,KAAK,GAAuB,aAAa,CAAC;gBAC9C,IAAI,MAAM,GAAuB,cAAc,CAAC;gBAChD,IAAI,eAAe,GACjB,uBAAuB,CAAC;gBAE1B,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,MAAM,oBAAoB,GACxB,+BAA+B,CAAC,cAAc,CAAC,CAAC;oBAClD,KAAK,KAAL,KAAK,GAAK,oBAAoB,EAAE,KAAK,EAAC;oBACtC,MAAM,KAAN,MAAM,GAAK,oBAAoB,EAAE,MAAM,EAAC;oBACxC,eAAe,KAAf,eAAe,GAAK,oBAAoB,EAAE,eAAe,EAAC;gBAC5D,CAAC;gBACD,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,MAAM,IAAI,KAAK,CAAC,wCAAwC,cAAc,EAAE,CAAC,CAAC;gBAC5E,CAAC;gBACD,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,YAAY,CAAC;gBAEhD,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,CAAC;gBACnD,MAAM,WAAW,GAAe;oBAC9B,cAAc;oBACd,gBAAgB;oBAChB,UAAU;oBACV,gBAAgB;oBAChB,iBAAiB;oBACjB,WAAW,EACT,IAAI,KAAK,UAAU;wBACjB,CAAC,CAAC,eAAe;4BACf,CAAC,CAAC,kBAAkB,CAAC,WAAW,CAAC;4BACjC,CAAC,CAAC,WAAW;wBACf,CAAC,CAAC,SAAS;oBACf,YAAY,EAAE,IAAI,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;iBACpE,CAAC;gBACF,MAAM,KAAK,GAAG,eAAe,CAC3B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CACtD,CAAC;gBACF,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;gBACtC,MAAM,MAAM,GAA2B;oBACrC,YAAY,EAAE,gBAAgB;oBAC9B,aAAa,EAAE,MAAM;oBACrB,KAAK;oBACL,KAAK;oBACL,cAAc,EAAE,aAAa;oBAC7B,qBAAqB,EAAE,MAAM;oBAC7B,MAAM,EAAE,gBAAgB;oBACxB,SAAS,EAAE,QAAQ;oBACnB,KAAK;oBACL,GAAG,eAAe;iBACnB,CAAC;gBACF,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;gBACzB,CAAC;gBACD,IAAI,eAAe,EAAE,CAAC;oBACpB,MAAM,CAAC,UAAU,GAAG,eAAe,CAAC;gBACtC,CAAC;gBAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,EAAE;oBACpC,MAAM,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACrE,CAAC,CAAC,CAAC;gBAEH,MAAM,CAAC,OAAO,EAAE,YAAY,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAExD,OAAO,GAAG,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,YAAY,EAAE,CAAC;YAC1D,CAAC;WAAC;QAEM;;;;mBAAwB,KAAK,EACnC,IAAe,EACO,EAAE;gBACxB,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;oBACrB,OAAO,IAAI,CAAC,WAAW,CAAC;gBAC1B,CAAC;qBAAM,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;oBAC/B,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC;gBAC1B,CAAC;qBAAM,CAAC;oBACN,MAAM,IAAI,KAAK,CACb,+HAA+H,CAChI,CAAC;gBACJ,CAAC;YACH,CAAC;WAAC;QAEF,8EAA8E;QACpE;;;;mBAAyB,KAAK,EAKtC,QAEa,EACb,cAAsB,EACtB,SAAY,EAOZ,EAAE;gBACF,IAAI,QAAQ,CAAC,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBACpD,OAAO,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAE,CAAC;gBACrC,CAAC;gBAED,MAAM,EACJ,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,EAAE,GACjC,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC;oBACvC,UAAU,EAAE,QAAQ,CAAC,EAAE;oBACvB,cAAc;iBACf,CAAC,CAAC;gBAEH,IAAI,MAAM,KAAK,2BAA2B,EAAE,CAAC;oBAC3C,OAAO,MAAM,CAAC,SAAS,CAAE,CAAC;gBAC5B,CAAC;gBAED,IACE,MAAM,KAAK,wBAAwB;oBACnC,MAAM,KAAK,0BAA0B;oBACrC,MAAM,KAAK,kCAAkC,EAC7C,CAAC;oBACD,MAAM,IAAI,KAAK,CACb,uCAAuC,EAAE,aAAa,MAAM,GAAG,CAChE,CAAC;gBACJ,CAAC;gBAED,gEAAgE;gBAChE,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC;gBAEzD,OAAO,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,cAAc,EAAE,SAAS,CAAC,CAAC;YAC1E,CAAC;WAAC;QACF,aAAa;QAEb;;;;;WAKG;QACO;;;;mBAAgB,CAAC,gBAAwB,EAAU,EAAE;gBAC7D,OAAO,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrE,CAAC;WAAC;QA/2BA,MAAM,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;QAClD,IAAI,CAAC,OAAO,GAAG,SAAS,IAAI,sCAAsC,CAAC;QACnE,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,EAA6B,CAAC;QAClE,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CACpC,EAAE,OAAO,EAAE,yBAAyB,EAAE,EACtC,OAAO,CACR,CAAC;IACJ,CAAC;IAYD,IAAc,IAAI;QAChB,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAc,IAAI,CAAC,IAAsB;QACvC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACxB,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAC5C,CAAC;aAAM,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YAC/B,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACzC,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACO,UAAU,CAAC,OAAiC;QACpD,IAAI,CAAC,aAAa,CAAC,OAAO,GAAG,OAAO,CAAC;IACvC,CAAC;IAED;;;;;;;OAOG;IACO,iBAAiB,CAAC,MAG3B;QACC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAC5B,QAAQ,QAAQ,EAAE,CAAC;YACjB,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD,KAAK,aAAa;gBAChB,OAAO,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACvD;gBACE,WAAW,CAAC,QAAQ,EAAE,wBAAwB,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;CAgzBF","sourcesContent":["import { ConnectionConfigSchema, type ConnectionConfig } from \"@aa-sdk/core\";\nimport { TurnkeyClient, type TSignedRequest } from \"@turnkey/http\";\nimport EventEmitter from \"eventemitter3\";\nimport { jwtDecode } from \"jwt-decode\";\nimport { sha256, type Hex } from \"viem\";\nimport { NotAuthenticatedError, OAuthProvidersError } from \"../errors.js\";\nimport { getDefaultProviderCustomization } from \"../oauth.js\";\nimport type { OauthMode } from \"../signer.js\";\nimport { base64UrlEncode } from \"../utils/base64UrlEncode.js\";\nimport { resolveRelativeUrl } from \"../utils/resolveRelativeUrl.js\";\nimport { assertNever } from \"../utils/typeAssertions.js\";\nimport type {\n  AlchemySignerClientEvent,\n  AlchemySignerClientEvents,\n  AuthenticatingEventMetadata,\n  CreateAccountParams,\n  RemoveMfaParams,\n  EmailAuthParams,\n  AddMfaParams,\n  AddMfaResult,\n  experimental_CreateApiKeyParams,\n  GetOauthProviderUrlArgs,\n  GetWebAuthnAttestationResult,\n  MfaFactor,\n  OauthConfig,\n  OauthParams,\n  OauthState,\n  OtpParams,\n  SignerBody,\n  SignerResponse,\n  SignerRoutes,\n  SignupResponse,\n  User,\n  VerifyMfaParams,\n  SubmitOtpCodeResponse,\n  ValidateMultiFactorsParams,\n} from \"./types.js\";\nimport { VERSION } from \"../version.js\";\n\nexport interface BaseSignerClientParams {\n  stamper: TurnkeyClient[\"stamper\"];\n  connection: ConnectionConfig;\n  rootOrgId?: string;\n  rpId?: string;\n}\n\nexport type ExportWalletStamper = TurnkeyClient[\"stamper\"] & {\n  injectWalletExportBundle(bundle: string): Promise<boolean>;\n  injectKeyExportBundle(bundle: string): Promise<boolean>;\n  publicKey(): string | null;\n};\n\nconst MFA_PAYLOAD = {\n  GET: \"get_mfa\",\n  ADD: \"add_mfa\",\n  DELETE: \"delete_mfas\",\n  VERIFY: \"verify_mfa\",\n  LIST: \"list_mfas\",\n} as const;\n\n/**\n * Base class for all Alchemy Signer clients\n */\nexport abstract class BaseSignerClient<TExportWalletParams = unknown> {\n  private _user: User | undefined;\n  private connectionConfig: ConnectionConfig;\n  protected turnkeyClient: TurnkeyClient;\n  protected rootOrg: string;\n  protected eventEmitter: EventEmitter<AlchemySignerClientEvents>;\n  protected oauthConfig: OauthConfig | undefined;\n  /**\n   * Create a new instance of the Alchemy Signer client\n   *\n   * @param {BaseSignerClientParams} params the parameters required to create the client\n   */\n  constructor(params: BaseSignerClientParams) {\n    const { stamper, connection, rootOrgId } = params;\n    this.rootOrg = rootOrgId ?? \"24c1acf5-810f-41e0-a503-d5d13fa8e830\";\n    this.eventEmitter = new EventEmitter<AlchemySignerClientEvents>();\n    this.connectionConfig = ConnectionConfigSchema.parse(connection);\n    this.turnkeyClient = new TurnkeyClient(\n      { baseUrl: \"https://api.turnkey.com\" },\n      stamper\n    );\n  }\n\n  /**\n   * Asynchronously fetches and sets the OAuth configuration.\n   *\n   * @returns {Promise<OauthConfig>} A promise that resolves to the OAuth configuration\n   */\n  public initOauth = async (): Promise<OauthConfig> => {\n    this.oauthConfig = await this.getOauthConfig();\n    return this.oauthConfig;\n  };\n\n  protected get user() {\n    return this._user;\n  }\n\n  protected set user(user: User | undefined) {\n    if (user && !this._user) {\n      this.eventEmitter.emit(\"connected\", user);\n    } else if (!user && this._user) {\n      this.eventEmitter.emit(\"disconnected\");\n    }\n\n    this._user = user;\n  }\n\n  /**\n   * Sets the stamper of the TurnkeyClient.\n   *\n   * @param {TurnkeyClient[\"stamper\"]} stamper the stamper function to set for the TurnkeyClient\n   */\n  protected setStamper(stamper: TurnkeyClient[\"stamper\"]) {\n    this.turnkeyClient.stamper = stamper;\n  }\n\n  /**\n   * Exports wallet credentials based on the specified type, either as a SEED_PHRASE or PRIVATE_KEY.\n   *\n   * @param {object} params The parameters for exporting the wallet\n   * @param {ExportWalletStamper} params.exportStamper The stamper used for exporting the wallet\n   * @param {\"SEED_PHRASE\" | \"PRIVATE_KEY\"} params.exportAs Specifies the format for exporting the wallet, either as a SEED_PHRASE or PRIVATE_KEY\n   * @returns {Promise<boolean>} A promise that resolves to true if the export is successful\n   */\n  protected exportWalletInner(params: {\n    exportStamper: ExportWalletStamper;\n    exportAs: \"SEED_PHRASE\" | \"PRIVATE_KEY\";\n  }): Promise<boolean> {\n    const { exportAs } = params;\n    switch (exportAs) {\n      case \"PRIVATE_KEY\":\n        return this.exportAsPrivateKey(params.exportStamper);\n      case \"SEED_PHRASE\":\n        return this.exportAsSeedPhrase(params.exportStamper);\n      default:\n        assertNever(exportAs, `Unknown export mode: ${exportAs}`);\n    }\n  }\n\n  // #region ABSTRACT METHODS\n\n  public abstract createAccount(\n    params: CreateAccountParams\n  ): Promise<SignupResponse>;\n\n  public abstract initEmailAuth(\n    params: Omit<EmailAuthParams, \"targetPublicKey\">\n  ): Promise<{ orgId: string; otpId?: string; multiFactors?: MfaFactor[] }>;\n\n  public abstract completeAuthWithBundle(params: {\n    bundle: string;\n    orgId: string;\n    connectedEventName: keyof AlchemySignerClientEvents;\n    authenticatingType: AuthenticatingEventMetadata[\"type\"];\n    idToken?: string;\n  }): Promise<User>;\n\n  public abstract oauthWithRedirect(\n    args: Extract<OauthParams, { mode: \"redirect\" }>\n  ): Promise<User | never>;\n\n  public abstract oauthWithPopup(\n    args: Extract<OauthParams, { mode: \"popup\" }>\n  ): Promise<User>;\n\n  public abstract submitOtpCode(\n    args: Omit<OtpParams, \"targetPublicKey\">\n  ): Promise<SubmitOtpCodeResponse>;\n\n  public abstract disconnect(): Promise<void>;\n\n  public abstract exportWallet(params: TExportWalletParams): Promise<boolean>;\n\n  public abstract lookupUserWithPasskey(user?: User): Promise<User>;\n\n  public abstract targetPublicKey(): Promise<string>;\n\n  protected abstract getOauthConfig(): Promise<OauthConfig>;\n\n  protected abstract getWebAuthnAttestation(\n    options: CredentialCreationOptions,\n    userDetails?: { username: string }\n  ): Promise<GetWebAuthnAttestationResult>;\n\n  // #endregion\n\n  // #region PUBLIC METHODS\n\n  /**\n   * Listen to events emitted by the client\n   *\n   * @param {AlchemySignerClientEvent} event the event you want to listen to\n   * @param {AlchemySignerClientEvents[AlchemySignerClientEvent]} listener the callback function to execute when an event is fired\n   * @returns {() => void} a function that will remove the listener when called\n   */\n  public on = <E extends AlchemySignerClientEvent>(\n    event: E,\n    listener: AlchemySignerClientEvents[E]\n  ) => {\n    this.eventEmitter.on(event, listener as any);\n\n    return () => this.eventEmitter.removeListener(event, listener as any);\n  };\n\n  /**\n   * Handles the creation of authenticators using WebAuthn attestation and the provided options. Requires the user to be authenticated.\n   *\n   * @param {CredentialCreationOptions} options The options used to create the WebAuthn attestation\n   * @returns {Promise<string[]>} A promise that resolves to an array of authenticator IDs\n   * @throws {NotAuthenticatedError} If the user is not authenticated\n   */\n  public addPasskey = async (options: CredentialCreationOptions) => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n    const { attestation, challenge } = await this.getWebAuthnAttestation(\n      options\n    );\n\n    const { activity } = await this.turnkeyClient.createAuthenticators({\n      type: \"ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2\",\n      timestampMs: Date.now().toString(),\n      organizationId: this.user.orgId,\n      parameters: {\n        userId: this.user.userId,\n        authenticators: [\n          {\n            attestation,\n            authenticatorName: `passkey-${Date.now().toString()}`,\n            challenge: base64UrlEncode(challenge),\n          },\n        ],\n      },\n    });\n\n    const { authenticatorIds } = await this.pollActivityCompletion(\n      activity,\n      this.user.orgId,\n      \"createAuthenticatorsResult\"\n    );\n\n    return authenticatorIds;\n  };\n\n  /**\n   * Retrieves the status of the passkey for the current user. Requires the user to be authenticated.\n   *\n   * @returns {Promise<{ isPasskeyAdded: boolean }>} A promise that resolves to an object containing the passkey status\n   * @throws {NotAuthenticatedError} If the user is not authenticated\n   */\n  public getPasskeyStatus = async () => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n    const resp = await this.turnkeyClient.getAuthenticators({\n      organizationId: this.user.orgId,\n      userId: this.user.userId,\n    });\n    return {\n      isPasskeyAdded: resp.authenticators.some((it) =>\n        it.authenticatorName.startsWith(\"passkey-\")\n      ),\n    };\n  };\n\n  /**\n   * Retrieves the current user or fetches the user information if not already available.\n   *\n   * @param {string} [orgId] optional organization ID, defaults to the user's organization ID\n   * @param {string} idToken an OIDC ID token containing additional user information\n   * @returns {Promise<User>} A promise that resolves to the user object\n   * @throws {Error} if no organization ID is provided when there is no current user\n   */\n  public whoami = async (\n    orgId = this.user?.orgId,\n    idToken?: string\n  ): Promise<User> => {\n    if (this.user) {\n      return this.user;\n    }\n\n    if (!orgId) {\n      throw new Error(\"No orgId provided\");\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampGetWhoami({\n      organizationId: orgId,\n    });\n\n    const user = await this.request(\"/v1/whoami\", {\n      stampedRequest,\n    });\n\n    if (idToken) {\n      const claims: Record<string, unknown> = jwtDecode(idToken);\n      user.idToken = idToken;\n      user.claims = claims;\n      if (typeof claims.email === \"string\") {\n        user.email = claims.email;\n      }\n    }\n\n    const credentialId = (() => {\n      try {\n        return JSON.parse(stampedRequest?.stamp.stampHeaderValue)\n          .credentialId as string;\n      } catch (e) {\n        return undefined;\n      }\n    })();\n\n    this.user = {\n      ...user,\n      credentialId,\n    };\n\n    return this.user;\n  };\n\n  /**\n   * Generates a stamped whoami request for the current user. This request can then be used to call /signer/v1/whoami to get the user information.\n   * This is useful if you want to get the user information in a different context like a server. You can pass the stamped request to the server\n   * and then call our API to get the user information. Using this stamp is the most trusted way to get the user information since a stamp can only\n   * belong to the user who created it.\n   *\n   * @returns {Promise<TSignedRequest>} a promise that resolves to the \"whoami\" information for the logged in user\n   * @throws {Error} if no organization ID is provided\n   */\n  public stampWhoami = async (): Promise<TSignedRequest> => {\n    if (!this.user) {\n      throw new Error(\"User must be authenticated to stamp a whoami request\");\n    }\n\n    return await this.turnkeyClient.stampGetWhoami({\n      organizationId: this.user.orgId,\n    });\n  };\n\n  /**\n   * Generates a stamped getOrganization request for the current user.\n   *\n   * @returns {Promise<TSignedRequest>} a promise that resolves to the \"getOrganization\" information for the logged in user\n   * @throws {Error} if no user is authenticated\n   */\n  public stampGetOrganization = async (): Promise<TSignedRequest> => {\n    if (!this.user) {\n      throw new Error(\n        \"User must be authenticated to stamp a get organization request\"\n      );\n    }\n\n    return await this.turnkeyClient.stampGetOrganization({\n      organizationId: this.user.orgId,\n    });\n  };\n\n  /**\n   * Creates an API key that can take any action on behalf of the current user.\n   * (Note that this method is currently experimental and is subject to change.)\n   *\n   * @param {CreateApiKeyParams} params Parameters for creating the API key.\n   * @param {string} params.name Name of the API key.\n   * @param {string} params.publicKey Public key to be used for the API key.\n   * @param {number} params.expirationSec Number of seconds until the API key expires.\n   * @throws {Error} If there is no authenticated user or the API key creation fails.\n   */\n  public experimental_createApiKey = async (\n    params: experimental_CreateApiKeyParams\n  ): Promise<void> => {\n    if (!this.user) {\n      throw new Error(\"User must be authenticated to create api key\");\n    }\n    const resp = await this.turnkeyClient.createApiKeys({\n      type: \"ACTIVITY_TYPE_CREATE_API_KEYS\",\n      timestampMs: new Date().getTime().toString(),\n      organizationId: this.user.orgId,\n      parameters: {\n        apiKeys: [\n          {\n            apiKeyName: params.name,\n            publicKey: params.publicKey,\n            expirationSeconds: params.expirationSec.toString(),\n          },\n        ],\n        userId: this.user.userId,\n      },\n    });\n    if (resp.activity.status !== \"ACTIVITY_STATUS_COMPLETED\") {\n      throw new Error(\"Failed to create api key\");\n    }\n  };\n\n  /**\n   * Looks up information based on an email address.\n   *\n   * @param {string} email the email address to look up\n   * @returns {Promise<any>} the result of the lookup request\n   */\n  public lookupUserByEmail = async (email: string) => {\n    return this.request(\"/v1/lookup\", { email });\n  };\n\n  /**\n   * This will sign a message with the user's private key, without doing any transformations on the message.\n   * For SignMessage or SignTypedData, the caller should hash the message before calling this method and pass\n   * that result here.\n   *\n   * @param {Hex} msg the hex representation of the bytes to sign\n   * @param {string} mode specify if signing should happen for solana or ethereum\n   * @returns {Promise<Hex>} the signature over the raw hex\n   */\n  public signRawMessage = async (\n    msg: Hex,\n    mode: \"SOLANA\" | \"ETHEREUM\" = \"ETHEREUM\"\n  ): Promise<Hex> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    if (!this.user.solanaAddress && mode === \"SOLANA\") {\n      // TODO: we need to add backwards compatibility for users who signed up before we added Solana support\n      throw new Error(\"No Solana address available for the user\");\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction:\n          mode === \"ETHEREUM\"\n            ? \"HASH_FUNCTION_NO_OP\"\n            : \"HASH_FUNCTION_NOT_APPLICABLE\",\n        payload: msg,\n        signWith:\n          mode === \"ETHEREUM\" ? this.user.address : this.user.solanaAddress!,\n      },\n    });\n\n    const { signature } = await this.request(\"/v1/sign-payload\", {\n      stampedRequest,\n    });\n\n    return signature;\n  };\n\n  /**\n   * Returns the current user or null if no user is set.\n   *\n   * @returns {User | null} the current user object or null if no user is available\n   */\n  public getUser = (): User | null => {\n    return this.user ?? null;\n  };\n\n  /**\n   * Sends a POST request to the given signer route with the specified body and returns the response.\n   * Not intended to be used directly, use the specific methods instead on the client instead.\n   *\n   * @param {SignerRoutes} route The route to which the request should be sent\n   * @param {SignerBody<R>} body The request body containing the data to be sent\n   * @returns {Promise<SignerResponse<R>>} A promise that resolves to the response from the signer\n   */\n  public request = async <R extends SignerRoutes>(\n    route: R,\n    body: SignerBody<R>\n  ): Promise<SignerResponse<R>> => {\n    const url = this.connectionConfig.rpcUrl ?? \"https://api.g.alchemy.com\";\n\n    const basePath = \"/signer\";\n\n    const headers = new Headers();\n    headers.append(\"Alchemy-AA-Sdk-Version\", VERSION);\n    headers.append(\"Content-Type\", \"application/json\");\n    if (this.connectionConfig.apiKey) {\n      headers.append(\"Authorization\", `Bearer ${this.connectionConfig.apiKey}`);\n    } else if (this.connectionConfig.jwt) {\n      headers.append(\"Authorization\", `Bearer ${this.connectionConfig.jwt}`);\n    }\n\n    const response = await fetch(`${url}${basePath}${route}`, {\n      method: \"POST\",\n      body: JSON.stringify(body),\n      headers,\n    });\n\n    if (!response.ok) {\n      throw new Error(await response.text());\n    }\n\n    const json = await response.json();\n\n    return json as SignerResponse<R>;\n  };\n\n  /**\n   * Retrieves the list of MFA factors configured for the current user.\n   *\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   */\n  public getMfaFactors = async (): Promise<{\n    multiFactors: MfaFactor[];\n  }> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.LIST,\n        signWith: this.user.address,\n      },\n    });\n\n    return this.request(\"/v1/auth-list-multi-factors\", {\n      stampedRequest,\n    });\n  };\n\n  /**\n   * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.\n   *\n   * @param {AddMfaParams} params The parameters required to enable a new MFA factor\n   * @returns {Promise<AddMfaResult>} A promise that resolves to the factor setup information\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   * @throws {Error} If an unsupported factor type is provided\n   */\n  public addMfa = async (params: AddMfaParams): Promise<AddMfaResult> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.ADD,\n        signWith: this.user.address,\n      },\n    });\n\n    switch (params.multiFactorType) {\n      case \"totp\":\n        return this.request(\"/v1/auth-request-multi-factor\", {\n          stampedRequest,\n          multiFactorType: params.multiFactorType,\n        });\n      default:\n        throw new Error(\n          `Unsupported MFA factor type: ${params.multiFactorType}`\n        );\n    }\n  };\n\n  /**\n   * Verifies a newly created MFA factor to complete the setup process.\n   *\n   * @param {VerifyMfaParams} params The parameters required to verify the MFA factor\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   */\n  public verifyMfa = async (\n    params: VerifyMfaParams\n  ): Promise<{ multiFactors: MfaFactor[] }> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.VERIFY,\n        signWith: this.user.address,\n      },\n    });\n\n    return this.request(\"/v1/auth-verify-multi-factor\", {\n      stampedRequest,\n      multiFactorId: params.multiFactorId,\n      multiFactorCode: params.multiFactorCode,\n    });\n  };\n\n  /**\n   * Removes existing MFA factors by ID.\n   *\n   * @param {RemoveMfaParams} params The parameters specifying which factors to disable\n   * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors\n   * @throws {NotAuthenticatedError} If no user is authenticated\n   */\n  public removeMfa = async (\n    params: RemoveMfaParams\n  ): Promise<{ multiFactors: MfaFactor[] }> => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const stampedRequest = await this.turnkeyClient.stampSignRawPayload({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_SIGN_RAW_PAYLOAD_V2\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        encoding: \"PAYLOAD_ENCODING_HEXADECIMAL\",\n        hashFunction: \"HASH_FUNCTION_NO_OP\",\n        payload: MFA_PAYLOAD.DELETE,\n        signWith: this.user.address,\n      },\n    });\n\n    return this.request(\"/v1/auth-delete-multi-factors\", {\n      stampedRequest,\n      multiFactorIds: params.multiFactorIds,\n    });\n  };\n\n  /**\n   * Validates multiple MFA factors using the provided encrypted payload and MFA codes.\n   *\n   * @param {ValidateMultiFactorsParams} params The validation parameters\n   * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle\n   * @throws {Error} If no credential bundle is returned from the server\n   */\n  public validateMultiFactors = async (\n    params: ValidateMultiFactorsParams\n  ): Promise<{ bundle: string }> => {\n    // Send the encryptedPayload plus TOTP codes, etc:\n    const response = await this.request(\"/v1/auth-validate-multi-factors\", {\n      encryptedPayload: params.encryptedPayload,\n      multiFactors: params.multiFactors,\n    });\n\n    // The server is expected to return the *decrypted* payload in `response.payload.credentialBundle`\n    if (!response.payload || !response.payload.credentialBundle) {\n      throw new Error(\n        \"Request to validateMultiFactors did not return a credential bundle\"\n      );\n    }\n\n    return {\n      bundle: response.payload.credentialBundle,\n    };\n  };\n\n  // #endregion\n\n  // #region PRIVATE METHODS\n  private exportAsSeedPhrase = async (stamper: ExportWalletStamper) => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const { wallets } = await this.turnkeyClient.getWallets({\n      organizationId: this.user.orgId,\n    });\n\n    const walletAccounts = await Promise.all(\n      wallets.map(({ walletId }) =>\n        this.turnkeyClient.getWalletAccounts({\n          organizationId: this.user!.orgId,\n          walletId,\n        })\n      )\n    ).then((x) => x.flatMap((x) => x.accounts));\n\n    const walletAccount = walletAccounts.find(\n      (x) => x.address === this.user!.address\n    );\n\n    if (!walletAccount) {\n      throw new Error(\n        `Could not find wallet associated with ${this.user.address}`\n      );\n    }\n\n    const { activity } = await this.turnkeyClient.exportWallet({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_EXPORT_WALLET\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        walletId: walletAccount!.walletId,\n        targetPublicKey: stamper.publicKey()!,\n      },\n    });\n\n    const { exportBundle } = await this.pollActivityCompletion(\n      activity,\n      this.user.orgId,\n      \"exportWalletResult\"\n    );\n\n    const result = await stamper.injectWalletExportBundle(exportBundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject wallet export bundle\");\n    }\n\n    return result;\n  };\n\n  private exportAsPrivateKey = async (stamper: ExportWalletStamper) => {\n    if (!this.user) {\n      throw new NotAuthenticatedError();\n    }\n\n    const { activity } = await this.turnkeyClient.exportWalletAccount({\n      organizationId: this.user.orgId,\n      type: \"ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT\",\n      timestampMs: Date.now().toString(),\n      parameters: {\n        address: this.user.address,\n        targetPublicKey: stamper.publicKey()!,\n      },\n    });\n\n    const { exportBundle } = await this.pollActivityCompletion(\n      activity,\n      this.user.orgId,\n      \"exportWalletAccountResult\"\n    );\n\n    const result = await stamper.injectKeyExportBundle(exportBundle);\n\n    if (!result) {\n      throw new Error(\"Failed to inject wallet export bundle\");\n    }\n\n    return result;\n  };\n\n  /**\n   * Returns the authentication url for the selected OAuth Proivder\n   *\n   * @example\n   * ```ts\n   *\n   * cosnt oauthParams = {\n   *  authProviderId: \"google\",\n   *  isCustomProvider: false,\n   *  auth0Connection: undefined,\n   *  scope: undefined,\n   *  claims: undefined,\n   *  mode: \"redirect\",\n   *  redirectUrl: \"https://your-url-path/oauth-return\",\n   *  expirationSeconds: 3000\n   * };\n   *\n   * const turnkeyPublicKey = await this.initIframeStamper();\n   * const oauthCallbackUrl = this.oauthCallbackUrl;\n   * const oauthConfig = this.getOauthConfig() // Optional value for OauthConfig()\n   * const usesRelativeUrl = true // Optional value to determine if we use a relative (or absolute) url for the `redirect_url`\n   *\n   * const oauthProviderUrl = getOauthProviderUrl({\n   *  oauthParams,\n   *  turnkeyPublicKey,\n   *  oauthCallbackUrl\n   * })\n   *\n   * ```\n   * @param {GetOauthProviderUrlArgs} args Required. The Oauth provider's auth parameters\n   *\n   * @returns {Promise<string>} returns the Oauth provider's url\n   */\n  protected getOauthProviderUrl = async (\n    args: GetOauthProviderUrlArgs\n  ): Promise<string> => {\n    const {\n      oauthParams,\n      turnkeyPublicKey,\n      oauthCallbackUrl,\n      oauthConfig,\n      usesRelativeUrl = true,\n    } = args;\n\n    const {\n      authProviderId,\n      isCustomProvider,\n      auth0Connection,\n      scope: providedScope,\n      claims: providedClaims,\n      otherParameters: providedOtherParameters,\n      mode,\n      redirectUrl,\n      expirationSeconds,\n    } = oauthParams;\n\n    const { codeChallenge, requestKey, authProviders } =\n      oauthConfig ?? (await this.getOauthConfigForMode(mode));\n\n    if (!authProviders) {\n      throw new OAuthProvidersError();\n    }\n\n    const authProvider = authProviders.find(\n      (provider) =>\n        provider.id === authProviderId &&\n        !!provider.isCustomProvider === !!isCustomProvider\n    );\n\n    if (!authProvider) {\n      throw new Error(`No auth provider found with id ${authProviderId}`);\n    }\n\n    let scope: string | undefined = providedScope;\n    let claims: string | undefined = providedClaims;\n    let otherParameters: Record<string, string> | undefined =\n      providedOtherParameters;\n\n    if (!isCustomProvider) {\n      const defaultCustomization =\n        getDefaultProviderCustomization(authProviderId);\n      scope ??= defaultCustomization?.scope;\n      claims ??= defaultCustomization?.claims;\n      otherParameters ??= defaultCustomization?.otherParameters;\n    }\n    if (!scope) {\n      throw new Error(`Default scope not known for provider ${authProviderId}`);\n    }\n    const { authEndpoint, clientId } = authProvider;\n\n    const nonce = this.getOauthNonce(turnkeyPublicKey);\n    const stateObject: OauthState = {\n      authProviderId,\n      isCustomProvider,\n      requestKey,\n      turnkeyPublicKey,\n      expirationSeconds,\n      redirectUrl:\n        mode === \"redirect\"\n          ? usesRelativeUrl\n            ? resolveRelativeUrl(redirectUrl)\n            : redirectUrl\n          : undefined,\n      openerOrigin: mode === \"popup\" ? window.location.origin : undefined,\n    };\n    const state = base64UrlEncode(\n      new TextEncoder().encode(JSON.stringify(stateObject))\n    );\n    const authUrl = new URL(authEndpoint);\n    const params: Record<string, string> = {\n      redirect_uri: oauthCallbackUrl,\n      response_type: \"code\",\n      scope,\n      state,\n      code_challenge: codeChallenge,\n      code_challenge_method: \"S256\",\n      prompt: \"select_account\",\n      client_id: clientId,\n      nonce,\n      ...otherParameters,\n    };\n    if (claims) {\n      params.claims = claims;\n    }\n    if (auth0Connection) {\n      params.connection = auth0Connection;\n    }\n\n    Object.keys(params).forEach((param) => {\n      params[param] && authUrl.searchParams.append(param, params[param]);\n    });\n\n    const [urlPath, searchParams] = authUrl.href.split(\"?\");\n\n    return `${urlPath?.replace(/\\/$/, \"\")}?${searchParams}`;\n  };\n\n  private getOauthConfigForMode = async (\n    mode: OauthMode\n  ): Promise<OauthConfig> => {\n    if (this.oauthConfig) {\n      return this.oauthConfig;\n    } else if (mode === \"redirect\") {\n      return this.initOauth();\n    } else {\n      throw new Error(\n        \"enablePopupOauth must be set in configuration or signer.preparePopupOauth must be called before using popup-based OAuth login\"\n      );\n    }\n  };\n\n  // eslint-disable-next-line eslint-rules/require-jsdoc-on-reexported-functions\n  protected pollActivityCompletion = async <\n    T extends keyof Awaited<\n      ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n    >[\"activity\"][\"result\"]\n  >(\n    activity: Awaited<\n      ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n    >[\"activity\"],\n    organizationId: string,\n    resultKey: T\n  ): Promise<\n    NonNullable<\n      Awaited<\n        ReturnType<(typeof this.turnkeyClient)[\"getActivity\"]>\n      >[\"activity\"][\"result\"][T]\n    >\n  > => {\n    if (activity.status === \"ACTIVITY_STATUS_COMPLETED\") {\n      return activity.result[resultKey]!;\n    }\n\n    const {\n      activity: { status, id, result },\n    } = await this.turnkeyClient.getActivity({\n      activityId: activity.id,\n      organizationId,\n    });\n\n    if (status === \"ACTIVITY_STATUS_COMPLETED\") {\n      return result[resultKey]!;\n    }\n\n    if (\n      status === \"ACTIVITY_STATUS_FAILED\" ||\n      status === \"ACTIVITY_STATUS_REJECTED\" ||\n      status === \"ACTIVITY_STATUS_CONSENSUS_NEEDED\"\n    ) {\n      throw new Error(\n        `Failed to get activity with with id ${id} (status: ${status})`\n      );\n    }\n\n    // TODO: add ability to configure this + add exponential backoff\n    await new Promise((resolve) => setTimeout(resolve, 500));\n\n    return this.pollActivityCompletion(activity, organizationId, resultKey);\n  };\n  // #endregion\n\n  /**\n   * Turnkey requires the nonce in the id token to be in this format.\n   *\n   * @param {string} turnkeyPublicKey key from a Turnkey iframe\n   * @returns {string} nonce to be used in OIDC\n   */\n  protected getOauthNonce = (turnkeyPublicKey: string): string => {\n    return sha256(new TextEncoder().encode(turnkeyPublicKey)).slice(2);\n  };\n}\n"]}

package/dist/esm/client/index.d.ts

@@ -2,7 +2,7 @@ import { BaseError } from "@aa-sdk/core";
 import { z } from "zod";
 import type { AuthParams } from "../signer.js";
 import { BaseSignerClient } from "./base.js";
-import type { AlchemySignerClientEvents, AuthenticatingEventMetadata, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, OauthConfig, OtpParams, User, MfaFactor, EnableMfaParams, EnableMfaResult, VerifyMfaParams, RemoveMfaParams, SubmitOtpCodeResponse, ValidateMultiFactorsParams } from "./types.js";
+import type { AlchemySignerClientEvents, AuthenticatingEventMetadata, CreateAccountParams, CredentialCreationOptionOverrides, EmailAuthParams, ExportWalletParams, OauthConfig, OtpParams, User, SubmitOtpCodeResponse } from "./types.js";
 export declare const AlchemySignerClientParamsSchema: z.ZodObject<{
     connection: z.ZodUnion<[z.ZodObject<{
         rpcUrl: z.ZodOptional<z.ZodNever>;
@@ -203,7 +203,7 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
     initEmailAuth: (params: Omit<EmailAuthParams, "targetPublicKey">) => Promise<{
         orgId: string;
         otpId?: string | undefined;
-        multiFactors?: MfaFactor[] | undefined;
+        multiFactors?: import("./types.js").MfaFactor[] | undefined;
     }>;
     /**
      * Authenticates using an OTP code which was previously received via email.
@@ -437,54 +437,6 @@ export declare class AlchemySignerWebClient extends BaseSignerClient<ExportWalle
         };
     }>;
     protected getOauthConfig: () => Promise<OauthConfig>;
-    /**
-     * Retrieves the list of MFA factors configured for the current user.
-     *
-     * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to an array of configured MFA factors
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     */
-    getMfaFactors: () => Promise<{
-        multiFactors: MfaFactor[];
-    }>;
-    /**
-     * Initiates the setup of a new MFA factor for the current user. Mfa will need to be verified before it is active.
-     *
-     * @param {EnableMfaParams} params The parameters required to enable a new MFA factor
-     * @returns {Promise<EnableMfaResult>} A promise that resolves to the factor setup information
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     * @throws {Error} If an unsupported factor type is provided
-     */
-    addMfa: (params: EnableMfaParams) => Promise<EnableMfaResult>;
-    /**
-     * Verifies a newly created MFA factor to complete the setup process.
-     *
-     * @param {VerifyMfaParams} params The parameters required to verify the MFA factor
-     * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     */
-    verifyMfa: (params: VerifyMfaParams) => Promise<{
-        multiFactors: MfaFactor[];
-    }>;
-    /**
-     * Removes existing MFA factors by ID.
-     *
-     * @param {RemoveMfaParams} params The parameters specifying which factors to disable
-     * @returns {Promise<{ multiFactors: MfaFactor[] }>} A promise that resolves to the updated list of MFA factors
-     * @throws {NotAuthenticatedError} If no user is authenticated
-     */
-    removeMfa: (params: RemoveMfaParams) => Promise<{
-        multiFactors: MfaFactor[];
-    }>;
-    /**
-     * Validates multiple MFA factors using the provided encrypted payload and MFA codes.
-     *
-     * @param {ValidateMultiFactorsParams} params The validation parameters
-     * @returns {Promise<{ bundle: string }>} A promise that resolves to an object containing the credential bundle
-     * @throws {Error} If no credential bundle is returned from the server
-     */
-    validateMultiFactors(params: ValidateMultiFactorsParams): Promise<{
-        bundle: string;
-    }>;
 }
 /**
  * This error is thrown when the OAuth flow is cancelled because the auth popup