@azeth/sdk 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +139 -0
- package/dist/account/balance.d.ts +41 -0
- package/dist/account/balance.d.ts.map +1 -0
- package/dist/account/balance.js +264 -0
- package/dist/account/balance.js.map +1 -0
- package/dist/account/create.d.ts +27 -0
- package/dist/account/create.d.ts.map +1 -0
- package/dist/account/create.js +116 -0
- package/dist/account/create.js.map +1 -0
- package/dist/account/deposit.d.ts +34 -0
- package/dist/account/deposit.d.ts.map +1 -0
- package/dist/account/deposit.js +88 -0
- package/dist/account/deposit.js.map +1 -0
- package/dist/account/guardian-approval.d.ts +111 -0
- package/dist/account/guardian-approval.d.ts.map +1 -0
- package/dist/account/guardian-approval.js +223 -0
- package/dist/account/guardian-approval.js.map +1 -0
- package/dist/account/guardian.d.ts +27 -0
- package/dist/account/guardian.d.ts.map +1 -0
- package/dist/account/guardian.js +67 -0
- package/dist/account/guardian.js.map +1 -0
- package/dist/account/history.d.ts +22 -0
- package/dist/account/history.d.ts.map +1 -0
- package/dist/account/history.js +144 -0
- package/dist/account/history.js.map +1 -0
- package/dist/account/transfer.d.ts +28 -0
- package/dist/account/transfer.d.ts.map +1 -0
- package/dist/account/transfer.js +137 -0
- package/dist/account/transfer.js.map +1 -0
- package/dist/auth/erc8128.d.ts +14 -0
- package/dist/auth/erc8128.d.ts.map +1 -0
- package/dist/auth/erc8128.js +92 -0
- package/dist/auth/erc8128.js.map +1 -0
- package/dist/client.d.ts +394 -0
- package/dist/client.d.ts.map +1 -0
- package/dist/client.js +970 -0
- package/dist/client.js.map +1 -0
- package/dist/events/emitter.d.ts +96 -0
- package/dist/events/emitter.d.ts.map +1 -0
- package/dist/events/emitter.js +90 -0
- package/dist/events/emitter.js.map +1 -0
- package/dist/index.d.ts +29 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +33 -0
- package/dist/index.js.map +1 -0
- package/dist/messaging/message-router.d.ts +69 -0
- package/dist/messaging/message-router.d.ts.map +1 -0
- package/dist/messaging/message-router.js +307 -0
- package/dist/messaging/message-router.js.map +1 -0
- package/dist/messaging/rate-limiter.d.ts +31 -0
- package/dist/messaging/rate-limiter.d.ts.map +1 -0
- package/dist/messaging/rate-limiter.js +74 -0
- package/dist/messaging/rate-limiter.js.map +1 -0
- package/dist/messaging/xmtp.d.ts +144 -0
- package/dist/messaging/xmtp.d.ts.map +1 -0
- package/dist/messaging/xmtp.js +473 -0
- package/dist/messaging/xmtp.js.map +1 -0
- package/dist/payments/agreements.d.ts +87 -0
- package/dist/payments/agreements.d.ts.map +1 -0
- package/dist/payments/agreements.js +337 -0
- package/dist/payments/agreements.js.map +1 -0
- package/dist/payments/budget.d.ts +118 -0
- package/dist/payments/budget.d.ts.map +1 -0
- package/dist/payments/budget.js +176 -0
- package/dist/payments/budget.js.map +1 -0
- package/dist/payments/smart-fetch.d.ts +65 -0
- package/dist/payments/smart-fetch.d.ts.map +1 -0
- package/dist/payments/smart-fetch.js +115 -0
- package/dist/payments/smart-fetch.js.map +1 -0
- package/dist/payments/x402.d.ts +89 -0
- package/dist/payments/x402.d.ts.map +1 -0
- package/dist/payments/x402.js +620 -0
- package/dist/payments/x402.js.map +1 -0
- package/dist/registry/discover.d.ts +43 -0
- package/dist/registry/discover.d.ts.map +1 -0
- package/dist/registry/discover.js +272 -0
- package/dist/registry/discover.js.map +1 -0
- package/dist/registry/register.d.ts +44 -0
- package/dist/registry/register.d.ts.map +1 -0
- package/dist/registry/register.js +126 -0
- package/dist/registry/register.js.map +1 -0
- package/dist/reputation/opinion.d.ts +52 -0
- package/dist/reputation/opinion.d.ts.map +1 -0
- package/dist/reputation/opinion.js +198 -0
- package/dist/reputation/opinion.js.map +1 -0
- package/dist/utils/addresses.d.ts +6 -0
- package/dist/utils/addresses.d.ts.map +1 -0
- package/dist/utils/addresses.js +53 -0
- package/dist/utils/addresses.js.map +1 -0
- package/dist/utils/errors.d.ts +23 -0
- package/dist/utils/errors.d.ts.map +1 -0
- package/dist/utils/errors.js +188 -0
- package/dist/utils/errors.js.map +1 -0
- package/dist/utils/execution.d.ts +20 -0
- package/dist/utils/execution.d.ts.map +1 -0
- package/dist/utils/execution.js +28 -0
- package/dist/utils/execution.js.map +1 -0
- package/dist/utils/paymaster.d.ts +35 -0
- package/dist/utils/paymaster.d.ts.map +1 -0
- package/dist/utils/paymaster.js +115 -0
- package/dist/utils/paymaster.js.map +1 -0
- package/dist/utils/retry.d.ts +19 -0
- package/dist/utils/retry.d.ts.map +1 -0
- package/dist/utils/retry.js +68 -0
- package/dist/utils/retry.js.map +1 -0
- package/dist/utils/userop.d.ts +55 -0
- package/dist/utils/userop.d.ts.map +1 -0
- package/dist/utils/userop.js +201 -0
- package/dist/utils/userop.js.map +1 -0
- package/dist/utils/validation.d.ts +8 -0
- package/dist/utils/validation.d.ts.map +1 -0
- package/dist/utils/validation.js +35 -0
- package/dist/utils/validation.js.map +1 -0
- package/package.json +63 -0
|
@@ -0,0 +1,620 @@
|
|
|
1
|
+
import { getAddress, toHex, encodeAbiParameters, } from 'viem';
|
|
2
|
+
import { AzethError, formatTokenAmount, TOKENS } from '@azeth/common';
|
|
3
|
+
import { withRetry } from '../utils/retry.js';
|
|
4
|
+
import { createSIWxPayload, encodeSIWxHeader, } from '@x402/extensions/sign-in-with-x';
|
|
5
|
+
/** USDC Transfer(address,address,uint256) event signature — keccak256('Transfer(address,address,uint256)') */
|
|
6
|
+
const TRANSFER_EVENT_TOPIC = '0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef';
|
|
7
|
+
/** Verify that a settlement receipt contains a USDC Transfer event matching expectations.
|
|
8
|
+
*
|
|
9
|
+
* Decodes Transfer event logs from the receipt and checks:
|
|
10
|
+
* - Transfer emitted from the expected USDC contract address
|
|
11
|
+
* - Recipient (`to`) matches the expected payTo address
|
|
12
|
+
* - Amount (`value`) >= the expected payment amount
|
|
13
|
+
*
|
|
14
|
+
* @returns true if a matching Transfer event was found, false otherwise
|
|
15
|
+
*/
|
|
16
|
+
export function verifySettlementReceipt(receipt, expectedPayTo, expectedAsset, expectedAmount) {
|
|
17
|
+
const payToLower = expectedPayTo.toLowerCase();
|
|
18
|
+
const assetLower = expectedAsset.toLowerCase();
|
|
19
|
+
for (const log of receipt.logs) {
|
|
20
|
+
// Must be from the expected USDC contract
|
|
21
|
+
if (log.address.toLowerCase() !== assetLower)
|
|
22
|
+
continue;
|
|
23
|
+
if (log.topics.length < 3)
|
|
24
|
+
continue;
|
|
25
|
+
// topics[0] = Transfer event signature
|
|
26
|
+
if (log.topics[0] !== TRANSFER_EVENT_TOPIC)
|
|
27
|
+
continue;
|
|
28
|
+
// topics[2] = indexed `to` address (left-padded to 32 bytes)
|
|
29
|
+
const toAddress = `0x${log.topics[2].slice(26)}`.toLowerCase();
|
|
30
|
+
if (toAddress !== payToLower)
|
|
31
|
+
continue;
|
|
32
|
+
// data = uint256 value
|
|
33
|
+
const value = BigInt(log.data);
|
|
34
|
+
if (value >= expectedAmount)
|
|
35
|
+
return true;
|
|
36
|
+
}
|
|
37
|
+
return false;
|
|
38
|
+
}
|
|
39
|
+
/** Known USDC contract addresses per chain ID, used to validate x402 payment assets.
|
|
40
|
+
* EIP-712 domain name differs between chains: mainnet uses "USD Coin", Sepolia uses "USDC". */
|
|
41
|
+
const KNOWN_USDC = {
|
|
42
|
+
8453: { address: TOKENS.base.USDC.toLowerCase(), name: 'USD Coin', version: '2' },
|
|
43
|
+
84532: { address: TOKENS.baseSepolia.USDC.toLowerCase(), name: 'USDC', version: '2' },
|
|
44
|
+
};
|
|
45
|
+
/** Default maximum payment amount: 10 USDC (6 decimals) */
|
|
46
|
+
const DEFAULT_MAX_AMOUNT = 10000000n;
|
|
47
|
+
/** Maximum allowed validBefore window in seconds.
|
|
48
|
+
* HIGH-6 fix: Increased from 60 to 300 seconds. The 60s cap was too aggressive —
|
|
49
|
+
* during chain congestion, the server may need >60s to settle the ERC-3009 authorization.
|
|
50
|
+
* If settlement fails due to expiry, the client gets free service. 300s matches the x402
|
|
51
|
+
* spec default and is safe because each authorization is amount-locked and nonce-unique.
|
|
52
|
+
*
|
|
53
|
+
* MEDIUM-3 (Audit): Trade-off — a 300s window means a captured (but unsettled) authorization
|
|
54
|
+
* remains valid for up to 5 minutes. This is acceptable because: (1) each authorization is
|
|
55
|
+
* nonce-unique so it can only be settled once, (2) the amount is exact (no over-authorization),
|
|
56
|
+
* and (3) reducing the window increases settlement failures during congestion, which gives
|
|
57
|
+
* the client free service (worse outcome for the server). */
|
|
58
|
+
const MAX_VALID_BEFORE_SECONDS = 300;
|
|
59
|
+
/** Fetch a URL, automatically paying x402 requirements
|
|
60
|
+
*
|
|
61
|
+
* Flow:
|
|
62
|
+
* 1. Make initial request
|
|
63
|
+
* 2. If 402 returned, parse payment requirements from X-Payment-Required header
|
|
64
|
+
* 3. If SIWx extension present and smartAccount provided, attempt identity proof
|
|
65
|
+
* 4. If SIWx grants access, return (no payment needed)
|
|
66
|
+
* 5. If smartAccountTransfer callback provided, pay via smart account UserOp
|
|
67
|
+
* (guardian guardrails enforced on-chain). Throws on failure — NO EOA fallback.
|
|
68
|
+
* 6. Otherwise (no smart account), sign ERC-3009 transferWithAuthorization from EOA
|
|
69
|
+
* 7. Retry with payment proof header
|
|
70
|
+
*
|
|
71
|
+
* SECURITY: When a smart account is configured (smartAccountTransfer + smartAccount),
|
|
72
|
+
* the EOA payment path is unreachable. This prevents guardian guardrail bypass.
|
|
73
|
+
*/
|
|
74
|
+
export async function fetch402(publicClient, walletClient, account, url, options) {
|
|
75
|
+
const method = options?.method ?? 'GET';
|
|
76
|
+
const headers = new Headers(options?.headers);
|
|
77
|
+
// MEDIUM-8 fix: Add 30-second timeout to prevent indefinite hangs from slow/malicious servers
|
|
78
|
+
const fetchTimeout = 30_000;
|
|
79
|
+
// Initial request (retryable -- idempotent read)
|
|
80
|
+
let response;
|
|
81
|
+
try {
|
|
82
|
+
response = await withRetry(() => fetch(url, {
|
|
83
|
+
method,
|
|
84
|
+
headers,
|
|
85
|
+
body: options?.body,
|
|
86
|
+
signal: AbortSignal.timeout(fetchTimeout),
|
|
87
|
+
}));
|
|
88
|
+
}
|
|
89
|
+
catch (err) {
|
|
90
|
+
if (err instanceof AzethError)
|
|
91
|
+
throw err;
|
|
92
|
+
throw new AzethError(err instanceof Error ? err.message : 'Failed to reach service', 'NETWORK_ERROR', { originalError: err instanceof Error ? err.name : undefined, url });
|
|
93
|
+
}
|
|
94
|
+
if (response.status !== 402) {
|
|
95
|
+
return { response, paymentMade: false, settlementVerified: false, paymentMethod: 'none' };
|
|
96
|
+
}
|
|
97
|
+
// Parse 402 payment requirement — v2 header first, fall back to v1
|
|
98
|
+
const requirementHeader = response.headers.get('PAYMENT-REQUIRED') ?? response.headers.get('X-Payment-Required');
|
|
99
|
+
if (!requirementHeader) {
|
|
100
|
+
return { response, paymentMade: false, settlementVerified: false, paymentMethod: 'none' };
|
|
101
|
+
}
|
|
102
|
+
let requirement;
|
|
103
|
+
// v2: preserve the original accept object and resource for echo-back in payment proof
|
|
104
|
+
let v2Accept;
|
|
105
|
+
try {
|
|
106
|
+
// x402v2 base64-encodes the PAYMENT-REQUIRED header; v1 sends raw JSON.
|
|
107
|
+
// Try base64 decode first, fall back to raw JSON for v1 compatibility.
|
|
108
|
+
let jsonStr;
|
|
109
|
+
try {
|
|
110
|
+
jsonStr = atob(requirementHeader);
|
|
111
|
+
if (!jsonStr.startsWith('{') && !jsonStr.startsWith('['))
|
|
112
|
+
throw new Error('not base64 JSON');
|
|
113
|
+
}
|
|
114
|
+
catch {
|
|
115
|
+
jsonStr = requirementHeader;
|
|
116
|
+
}
|
|
117
|
+
const parsed = JSON.parse(jsonStr);
|
|
118
|
+
// Normalize x402 v2 envelope to flat v1 requirement shape.
|
|
119
|
+
// v2 wraps payment options in an `accepts` array; v1 uses flat fields.
|
|
120
|
+
if (parsed.accepts && Array.isArray(parsed.accepts) && parsed.accepts.length > 0) {
|
|
121
|
+
const accept = parsed.accepts[0];
|
|
122
|
+
const resource = parsed.resource ?? {};
|
|
123
|
+
// Preserve the EXACT original accept object for v2 echo-back.
|
|
124
|
+
// The server uses deepEqual to match accepted against its requirements.
|
|
125
|
+
v2Accept = accept;
|
|
126
|
+
requirement = {
|
|
127
|
+
scheme: accept.scheme ?? 'exact',
|
|
128
|
+
network: accept.network ?? '',
|
|
129
|
+
maxAmountRequired: accept.amount ?? '0',
|
|
130
|
+
resource: resource.url ?? '',
|
|
131
|
+
description: resource.description ?? '',
|
|
132
|
+
mimeType: resource.mimeType ?? 'application/json',
|
|
133
|
+
payTo: accept.payTo,
|
|
134
|
+
maxTimeoutSeconds: accept.maxTimeoutSeconds ?? 300,
|
|
135
|
+
asset: accept.asset,
|
|
136
|
+
extra: accept.extra,
|
|
137
|
+
};
|
|
138
|
+
// Preserve extensions and resource on the requirement for downstream use
|
|
139
|
+
requirement.extensions = parsed.extensions;
|
|
140
|
+
requirement.__resource = resource;
|
|
141
|
+
}
|
|
142
|
+
else {
|
|
143
|
+
requirement = parsed;
|
|
144
|
+
}
|
|
145
|
+
}
|
|
146
|
+
catch {
|
|
147
|
+
throw new AzethError('Failed to parse X-Payment-Required header', 'PAYMENT_FAILED', { header: requirementHeader });
|
|
148
|
+
}
|
|
149
|
+
// ── SIWx identity attempt ──────────────────────────────────────────
|
|
150
|
+
// Before paying, check if the server supports SIWx and we have a smart account.
|
|
151
|
+
// If the server recognizes our wallet (via agreement or prior payment session),
|
|
152
|
+
// access is granted without payment.
|
|
153
|
+
const extensions = requirement.extensions;
|
|
154
|
+
const siwxExt = extensions?.['sign-in-with-x'];
|
|
155
|
+
if (siwxExt?.info && siwxExt?.supportedChains?.length && options?.smartAccount) {
|
|
156
|
+
const siwxResult = await attemptSIWx(walletClient, options.smartAccount, url, method, options, siwxExt, fetchTimeout);
|
|
157
|
+
if (siwxResult)
|
|
158
|
+
return siwxResult;
|
|
159
|
+
// SIWx didn't grant access — fall through to ERC-3009 payment
|
|
160
|
+
}
|
|
161
|
+
// ── Smart account payment path ────────────────────────────────────
|
|
162
|
+
// When smartAccountTransfer callback is provided, the payment goes through the
|
|
163
|
+
// smart account via UserOp with transferWithAuthorization. This enforces guardian
|
|
164
|
+
// guardrails (spending limits, token whitelist) on-chain.
|
|
165
|
+
//
|
|
166
|
+
// SECURITY: When a smart account is configured, we MUST NOT fall back to the
|
|
167
|
+
// EOA ERC-3009 path. Doing so would bypass guardian guardrails entirely.
|
|
168
|
+
// If the smart account payment fails, the error must propagate.
|
|
169
|
+
if (options?.smartAccountTransfer && options?.smartAccount) {
|
|
170
|
+
const saResult = await attemptSmartAccountPayment(publicClient, walletClient, account, url, method, options, requirement, v2Accept, fetchTimeout);
|
|
171
|
+
if (saResult)
|
|
172
|
+
return saResult;
|
|
173
|
+
// attemptSmartAccountPayment returned null without throwing — this means a
|
|
174
|
+
// non-critical validation issue (e.g., missing EIP-712 domain params in the
|
|
175
|
+
// 402 response). Throw rather than silently falling back to EOA.
|
|
176
|
+
throw new AzethError('Smart account payment failed: the x402 server response is missing required fields for smart account settlement. '
|
|
177
|
+
+ 'Refusing to fall back to EOA payment (would bypass guardian guardrails).', 'PAYMENT_FAILED', { smartAccount: options.smartAccount, url });
|
|
178
|
+
}
|
|
179
|
+
// ── ERC-3009 payment flow ──────────────────────────────────────────
|
|
180
|
+
// Follows the official @x402/evm exact scheme approach for v2 payments.
|
|
181
|
+
// Resolve amount from the v2 `amount` field (v1 used `maxAmountRequired`)
|
|
182
|
+
const amountStr = requirement.amount ?? requirement.maxAmountRequired;
|
|
183
|
+
let amount;
|
|
184
|
+
try {
|
|
185
|
+
amount = BigInt(amountStr);
|
|
186
|
+
}
|
|
187
|
+
catch {
|
|
188
|
+
throw new AzethError('Invalid payment amount in X-Payment-Required header', 'PAYMENT_FAILED', { field: 'amount' });
|
|
189
|
+
}
|
|
190
|
+
// H-1 fix: Reject negative or zero payment amounts
|
|
191
|
+
if (amount <= 0n) {
|
|
192
|
+
throw new AzethError('Payment amount must be positive', 'PAYMENT_FAILED', { field: 'amount' });
|
|
193
|
+
}
|
|
194
|
+
// Check budget (default cap: 10 USDC if not specified)
|
|
195
|
+
const effectiveMaxAmount = options?.maxAmount ?? DEFAULT_MAX_AMOUNT;
|
|
196
|
+
if (amount > effectiveMaxAmount) {
|
|
197
|
+
const requiredFmt = formatTokenAmount(amount, 6, 2);
|
|
198
|
+
const maxFmt = formatTokenAmount(effectiveMaxAmount, 6, 2);
|
|
199
|
+
throw new AzethError(`Payment of ${requiredFmt} USDC exceeds maximum of ${maxFmt} USDC`, 'BUDGET_EXCEEDED', { required: `${requiredFmt} USDC`, max: `${maxFmt} USDC` });
|
|
200
|
+
}
|
|
201
|
+
// Validate payTo is a valid Ethereum address
|
|
202
|
+
const payTo = requirement.payTo;
|
|
203
|
+
if (!/^0x[0-9a-fA-F]{40}$/.test(payTo)) {
|
|
204
|
+
throw new AzethError('Invalid payment recipient address', 'INVALID_INPUT', { field: 'payTo' });
|
|
205
|
+
}
|
|
206
|
+
// Validate asset is a known USDC address for this chain (H-3: prevent arbitrary asset injection)
|
|
207
|
+
const chainId = publicClient.chain?.id ?? 8453;
|
|
208
|
+
const knownToken = KNOWN_USDC[chainId];
|
|
209
|
+
if (!knownToken) {
|
|
210
|
+
throw new AzethError(`Unsupported chain ID ${chainId} for x402 payments`, 'PAYMENT_FAILED', { chainId });
|
|
211
|
+
}
|
|
212
|
+
const assetAddress = requirement.asset.toLowerCase();
|
|
213
|
+
if (assetAddress !== knownToken.address) {
|
|
214
|
+
throw new AzethError('Payment asset is not a recognized USDC address for this chain', 'PAYMENT_FAILED', { asset: requirement.asset, expectedAsset: knownToken.address, chainId });
|
|
215
|
+
}
|
|
216
|
+
// Validate server provides EIP-712 domain params in requirements.extra
|
|
217
|
+
const extra = requirement.extra;
|
|
218
|
+
if (!extra?.name || !extra?.version) {
|
|
219
|
+
throw new AzethError('Server did not provide EIP-712 domain parameters (name, version) in payment requirements', 'PAYMENT_FAILED', { field: 'extra' });
|
|
220
|
+
}
|
|
221
|
+
// Build ERC-3009 authorization following the official @x402/evm exact scheme.
|
|
222
|
+
// Uses viem's toHex for nonce (matches official createNonce()),
|
|
223
|
+
// getAddress for EIP-55 checksumming, and (now-600) for validAfter.
|
|
224
|
+
const nonce = toHex(crypto.getRandomValues(new Uint8Array(32)));
|
|
225
|
+
const now = Math.floor(Date.now() / 1000);
|
|
226
|
+
const maxValidBefore = now + MAX_VALID_BEFORE_SECONDS;
|
|
227
|
+
const requestedValidBefore = now + (requirement.maxTimeoutSeconds || 300);
|
|
228
|
+
const authorization = {
|
|
229
|
+
from: getAddress(account),
|
|
230
|
+
to: getAddress(payTo),
|
|
231
|
+
value: amountStr,
|
|
232
|
+
validAfter: (now - 600).toString(),
|
|
233
|
+
validBefore: Math.min(requestedValidBefore, maxValidBefore).toString(),
|
|
234
|
+
nonce,
|
|
235
|
+
};
|
|
236
|
+
// EIP-712 domain — use server-provided name/version from requirements.extra,
|
|
237
|
+
// with caller override as escape hatch (M-7).
|
|
238
|
+
const domainOverride = options?.usdcDomain;
|
|
239
|
+
const domain = {
|
|
240
|
+
name: domainOverride?.name ?? extra.name,
|
|
241
|
+
version: domainOverride?.version ?? extra.version,
|
|
242
|
+
chainId,
|
|
243
|
+
verifyingContract: getAddress(requirement.asset),
|
|
244
|
+
};
|
|
245
|
+
const types = {
|
|
246
|
+
TransferWithAuthorization: [
|
|
247
|
+
{ name: 'from', type: 'address' },
|
|
248
|
+
{ name: 'to', type: 'address' },
|
|
249
|
+
{ name: 'value', type: 'uint256' },
|
|
250
|
+
{ name: 'validAfter', type: 'uint256' },
|
|
251
|
+
{ name: 'validBefore', type: 'uint256' },
|
|
252
|
+
{ name: 'nonce', type: 'bytes32' },
|
|
253
|
+
],
|
|
254
|
+
};
|
|
255
|
+
// Sign the typed data using the SAME values as the authorization payload.
|
|
256
|
+
// The facilitator verifies by reconstructing the hash from the payload,
|
|
257
|
+
// so the message must be derived from the authorization fields.
|
|
258
|
+
let signature;
|
|
259
|
+
try {
|
|
260
|
+
signature = await walletClient.signTypedData({
|
|
261
|
+
domain,
|
|
262
|
+
types,
|
|
263
|
+
primaryType: 'TransferWithAuthorization',
|
|
264
|
+
message: {
|
|
265
|
+
from: getAddress(authorization.from),
|
|
266
|
+
to: getAddress(authorization.to),
|
|
267
|
+
value: BigInt(authorization.value),
|
|
268
|
+
validAfter: BigInt(authorization.validAfter),
|
|
269
|
+
validBefore: BigInt(authorization.validBefore),
|
|
270
|
+
nonce: authorization.nonce,
|
|
271
|
+
},
|
|
272
|
+
});
|
|
273
|
+
}
|
|
274
|
+
catch (err) {
|
|
275
|
+
if (err instanceof AzethError)
|
|
276
|
+
throw err;
|
|
277
|
+
throw new AzethError(err instanceof Error ? err.message : 'Failed to sign payment authorization', 'PAYMENT_FAILED', { originalError: err instanceof Error ? err.name : undefined });
|
|
278
|
+
}
|
|
279
|
+
// Build v2 payment proof following the official @x402/core client pattern.
|
|
280
|
+
// - accepted: echoes back the EXACT server requirement object (deepEqual match required)
|
|
281
|
+
// - resource: echoed from the 402 response (optional but included for completeness)
|
|
282
|
+
// - payload: { authorization, signature } per the EVM exact scheme
|
|
283
|
+
const parsedResource = requirement.__resource;
|
|
284
|
+
const paymentProof = {
|
|
285
|
+
x402Version: 2,
|
|
286
|
+
accepted: v2Accept ?? requirement,
|
|
287
|
+
payload: {
|
|
288
|
+
authorization,
|
|
289
|
+
signature,
|
|
290
|
+
},
|
|
291
|
+
};
|
|
292
|
+
if (parsedResource) {
|
|
293
|
+
paymentProof.resource = parsedResource;
|
|
294
|
+
}
|
|
295
|
+
// Submit with payment proof — M-3: Do NOT use withRetry here.
|
|
296
|
+
// The paid request carries a signed ERC-3009 authorization that the server will settle on-chain.
|
|
297
|
+
// Retrying could cause duplicate settlement attempts, wasting gas or confusing error reporting.
|
|
298
|
+
const retryHeaders = new Headers(options?.headers);
|
|
299
|
+
// CRITICAL-2 fix: Use cross-platform btoa() instead of Node.js Buffer
|
|
300
|
+
const encodedProof = btoa(JSON.stringify(paymentProof));
|
|
301
|
+
retryHeaders.set('PAYMENT-SIGNATURE', encodedProof);
|
|
302
|
+
const startTime = Date.now();
|
|
303
|
+
try {
|
|
304
|
+
response = await fetch(url, {
|
|
305
|
+
method,
|
|
306
|
+
headers: retryHeaders,
|
|
307
|
+
body: options?.body,
|
|
308
|
+
signal: AbortSignal.timeout(fetchTimeout),
|
|
309
|
+
});
|
|
310
|
+
}
|
|
311
|
+
catch (err) {
|
|
312
|
+
if (err instanceof AzethError)
|
|
313
|
+
throw err;
|
|
314
|
+
throw new AzethError(err instanceof Error ? err.message : 'Failed to submit payment to service', 'NETWORK_ERROR', { originalError: err instanceof Error ? err.name : undefined, url });
|
|
315
|
+
}
|
|
316
|
+
const responseTimeMs = Date.now() - startTime;
|
|
317
|
+
// If response is still 402 after payment, the payment was not accepted.
|
|
318
|
+
// Decode the rejection reason from PAYMENT-REQUIRED header for diagnostics.
|
|
319
|
+
if (response.status === 402) {
|
|
320
|
+
let rejectionReason;
|
|
321
|
+
const rejectionHeader = response.headers.get('PAYMENT-REQUIRED') ?? response.headers.get('payment-required');
|
|
322
|
+
if (rejectionHeader) {
|
|
323
|
+
try {
|
|
324
|
+
let rejJson;
|
|
325
|
+
try {
|
|
326
|
+
rejJson = atob(rejectionHeader);
|
|
327
|
+
}
|
|
328
|
+
catch {
|
|
329
|
+
rejJson = rejectionHeader;
|
|
330
|
+
}
|
|
331
|
+
const rejParsed = JSON.parse(rejJson);
|
|
332
|
+
rejectionReason = rejParsed.error;
|
|
333
|
+
}
|
|
334
|
+
catch { /* ignore parse failures */ }
|
|
335
|
+
}
|
|
336
|
+
throw new AzethError(rejectionReason
|
|
337
|
+
? `Payment rejected: ${rejectionReason}`
|
|
338
|
+
: 'Payment was not accepted by service', 'PAYMENT_FAILED', { url, amount: amount.toString(), responseTimeMs, rejectionReason });
|
|
339
|
+
}
|
|
340
|
+
// H-4: Verify on-chain settlement if server provides tx hash
|
|
341
|
+
// V2: Parse PAYMENT-RESPONSE header first, fall back to X-Payment-Tx
|
|
342
|
+
let settlementVerified = false;
|
|
343
|
+
let txHash;
|
|
344
|
+
const paymentResponseHeader = response.headers.get('PAYMENT-RESPONSE');
|
|
345
|
+
let txHashHeader = null;
|
|
346
|
+
if (paymentResponseHeader) {
|
|
347
|
+
try {
|
|
348
|
+
// x402v2 base64-encodes the PAYMENT-RESPONSE header; v1 sends raw JSON.
|
|
349
|
+
let responseJsonStr;
|
|
350
|
+
try {
|
|
351
|
+
responseJsonStr = atob(paymentResponseHeader);
|
|
352
|
+
if (!responseJsonStr.startsWith('{'))
|
|
353
|
+
throw new Error('not base64 JSON');
|
|
354
|
+
}
|
|
355
|
+
catch {
|
|
356
|
+
responseJsonStr = paymentResponseHeader;
|
|
357
|
+
}
|
|
358
|
+
const paymentResponse = JSON.parse(responseJsonStr);
|
|
359
|
+
if (paymentResponse.transaction && /^0x[0-9a-fA-F]{64}$/.test(paymentResponse.transaction)) {
|
|
360
|
+
txHashHeader = paymentResponse.transaction;
|
|
361
|
+
}
|
|
362
|
+
}
|
|
363
|
+
catch {
|
|
364
|
+
// Fall through to X-Payment-Tx
|
|
365
|
+
}
|
|
366
|
+
}
|
|
367
|
+
if (!txHashHeader) {
|
|
368
|
+
txHashHeader = response.headers.get('X-Payment-Tx');
|
|
369
|
+
}
|
|
370
|
+
const strict = options?.strictSettlement === true;
|
|
371
|
+
if (txHashHeader && /^0x[0-9a-fA-F]{64}$/.test(txHashHeader)) {
|
|
372
|
+
txHash = txHashHeader;
|
|
373
|
+
try {
|
|
374
|
+
const receipt = await publicClient.getTransactionReceipt({ hash: txHash });
|
|
375
|
+
if (receipt.status === 'success') {
|
|
376
|
+
// Verify Transfer event matches expected payment parameters
|
|
377
|
+
if (verifySettlementReceipt(receipt, payTo, requirement.asset, amount)) {
|
|
378
|
+
settlementVerified = true;
|
|
379
|
+
}
|
|
380
|
+
else if (strict) {
|
|
381
|
+
throw new AzethError('Settlement receipt missing matching USDC Transfer event', 'PAYMENT_FAILED', { txHash, expectedPayTo: payTo, expectedAsset: requirement.asset, expectedAmount: amount.toString() });
|
|
382
|
+
}
|
|
383
|
+
// Non-strict: receipt succeeded but no matching Transfer — advisory only
|
|
384
|
+
}
|
|
385
|
+
else if (strict) {
|
|
386
|
+
throw new AzethError('Settlement transaction reverted', 'PAYMENT_FAILED', { txHash, receiptStatus: receipt.status });
|
|
387
|
+
}
|
|
388
|
+
}
|
|
389
|
+
catch (err) {
|
|
390
|
+
if (err instanceof AzethError)
|
|
391
|
+
throw err;
|
|
392
|
+
// Receipt fetch failed (RPC timeout, tx not mined, etc.)
|
|
393
|
+
if (strict) {
|
|
394
|
+
throw new AzethError('Failed to verify settlement transaction', 'PAYMENT_FAILED', { txHash, detail: err instanceof Error ? err.message : 'Receipt fetch failed' });
|
|
395
|
+
}
|
|
396
|
+
// Non-strict: advisory only — don't fail the request
|
|
397
|
+
}
|
|
398
|
+
}
|
|
399
|
+
else if (strict) {
|
|
400
|
+
throw new AzethError('Server did not return X-Payment-Tx settlement header', 'PAYMENT_FAILED', { detail: 'strictSettlement requires the server to return a valid X-Payment-Tx header' });
|
|
401
|
+
}
|
|
402
|
+
return {
|
|
403
|
+
response,
|
|
404
|
+
paymentMade: true,
|
|
405
|
+
settlementVerified,
|
|
406
|
+
amount,
|
|
407
|
+
txHash,
|
|
408
|
+
responseTimeMs,
|
|
409
|
+
paymentMethod: 'x402',
|
|
410
|
+
};
|
|
411
|
+
}
|
|
412
|
+
/** Attempt SIWx identity proof to get access without payment.
|
|
413
|
+
*
|
|
414
|
+
* Creates a SIWE message signed by the EOA but with the smart account as the address,
|
|
415
|
+
* so the server can look up agreements/sessions by smart account address.
|
|
416
|
+
* The server verifies via EIP-1271 (smart account's isValidSignature recognizes EOA owner).
|
|
417
|
+
*
|
|
418
|
+
* @returns Fetch402Result if access was granted, null if SIWx failed (fall through to payment)
|
|
419
|
+
*/
|
|
420
|
+
async function attemptSIWx(walletClient, smartAccount, url, method, options, siwxExt, fetchTimeout) {
|
|
421
|
+
try {
|
|
422
|
+
// Select the first EVM chain from supportedChains
|
|
423
|
+
const evmChain = siwxExt.supportedChains.find(c => c.chainId.startsWith('eip155:'));
|
|
424
|
+
if (!evmChain)
|
|
425
|
+
return null;
|
|
426
|
+
// Build CompleteSIWxInfo: merge server info with selected chain
|
|
427
|
+
const completeSIWxInfo = {
|
|
428
|
+
...siwxExt.info,
|
|
429
|
+
chainId: evmChain.chainId,
|
|
430
|
+
type: evmChain.type,
|
|
431
|
+
signatureScheme: evmChain.signatureScheme,
|
|
432
|
+
};
|
|
433
|
+
// Create EVMSigner adapter: EOA signs but smart account address is used in SIWE message.
|
|
434
|
+
// The server verifies via EIP-1271: smart account's isValidSignature() recognizes the EOA owner.
|
|
435
|
+
const siwxSigner = {
|
|
436
|
+
signMessage: (args) => walletClient.signMessage({ message: args.message }),
|
|
437
|
+
account: { address: smartAccount },
|
|
438
|
+
};
|
|
439
|
+
// Create signed payload and encode header
|
|
440
|
+
const payload = await createSIWxPayload(completeSIWxInfo, siwxSigner);
|
|
441
|
+
const headerValue = encodeSIWxHeader(payload);
|
|
442
|
+
// Retry request with SIWx identity header
|
|
443
|
+
const siwxHeaders = new Headers(options?.headers);
|
|
444
|
+
siwxHeaders.set('SIGN-IN-WITH-X', headerValue);
|
|
445
|
+
const siwxResponse = await fetch(url, {
|
|
446
|
+
method,
|
|
447
|
+
headers: siwxHeaders,
|
|
448
|
+
body: options?.body,
|
|
449
|
+
signal: AbortSignal.timeout(fetchTimeout),
|
|
450
|
+
});
|
|
451
|
+
// If NOT 402, SIWx succeeded — access granted without payment
|
|
452
|
+
if (siwxResponse.status !== 402) {
|
|
453
|
+
return {
|
|
454
|
+
response: siwxResponse,
|
|
455
|
+
paymentMade: false,
|
|
456
|
+
settlementVerified: false,
|
|
457
|
+
paymentMethod: 'session',
|
|
458
|
+
};
|
|
459
|
+
}
|
|
460
|
+
// Still 402 — server didn't recognize us, fall through to payment
|
|
461
|
+
return null;
|
|
462
|
+
}
|
|
463
|
+
catch {
|
|
464
|
+
// SIWx attempt failed (signing error, network error, etc.) — non-fatal
|
|
465
|
+
return null;
|
|
466
|
+
}
|
|
467
|
+
}
|
|
468
|
+
/** Attempt payment via smart account UserOp with transferWithAuthorization.
|
|
469
|
+
*
|
|
470
|
+
* Signs ERC-3009 typed data with `from` = smartAccount (not EOA), then ABI-encodes
|
|
471
|
+
* transferWithAuthorization(bytes variant, 0xcf092995) and calls the smartAccountTransfer
|
|
472
|
+
* callback to submit it as a UserOp. The smart account's GuardianModule validates the
|
|
473
|
+
* UserOp against spending limits, and USDC verifies the EOA signature via ERC-1271.
|
|
474
|
+
*
|
|
475
|
+
* SECURITY: Errors are propagated, NOT swallowed. The caller must not fall back to
|
|
476
|
+
* EOA payment when this function throws — doing so would bypass guardian guardrails.
|
|
477
|
+
*
|
|
478
|
+
* @returns Fetch402Result if payment succeeded, null only for non-critical validation
|
|
479
|
+
* issues (e.g., missing EIP-712 domain params in the 402 response)
|
|
480
|
+
* @throws AzethError for all operational failures (bundler rejection, UserOp failure, etc.)
|
|
481
|
+
*/
|
|
482
|
+
async function attemptSmartAccountPayment(publicClient, walletClient, eoaAccount, url, method, options, requirement, v2Accept, fetchTimeout) {
|
|
483
|
+
try {
|
|
484
|
+
const smartAccount = options.smartAccount;
|
|
485
|
+
const smartAccountTransfer = options.smartAccountTransfer;
|
|
486
|
+
// Resolve amount
|
|
487
|
+
const amountStr = requirement.amount ?? requirement.maxAmountRequired;
|
|
488
|
+
let amount;
|
|
489
|
+
try {
|
|
490
|
+
amount = BigInt(amountStr);
|
|
491
|
+
}
|
|
492
|
+
catch {
|
|
493
|
+
return null; // Let standard flow handle the error
|
|
494
|
+
}
|
|
495
|
+
if (amount <= 0n)
|
|
496
|
+
return null;
|
|
497
|
+
// Budget check
|
|
498
|
+
const effectiveMaxAmount = options.maxAmount ?? DEFAULT_MAX_AMOUNT;
|
|
499
|
+
if (amount > effectiveMaxAmount) {
|
|
500
|
+
const requiredFmt = formatTokenAmount(amount, 6, 2);
|
|
501
|
+
const maxFmt = formatTokenAmount(effectiveMaxAmount, 6, 2);
|
|
502
|
+
throw new AzethError(`Payment of ${requiredFmt} USDC exceeds maximum of ${maxFmt} USDC`, 'BUDGET_EXCEEDED', { required: `${requiredFmt} USDC`, max: `${maxFmt} USDC` });
|
|
503
|
+
}
|
|
504
|
+
// Validate payTo
|
|
505
|
+
const payTo = requirement.payTo;
|
|
506
|
+
if (!/^0x[0-9a-fA-F]{40}$/.test(payTo))
|
|
507
|
+
return null;
|
|
508
|
+
// Validate asset
|
|
509
|
+
const chainId = publicClient.chain?.id ?? 8453;
|
|
510
|
+
const knownToken = KNOWN_USDC[chainId];
|
|
511
|
+
if (!knownToken)
|
|
512
|
+
return null;
|
|
513
|
+
const assetAddress = requirement.asset.toLowerCase();
|
|
514
|
+
if (assetAddress !== knownToken.address)
|
|
515
|
+
return null;
|
|
516
|
+
// Validate EIP-712 domain params
|
|
517
|
+
const extra = requirement.extra;
|
|
518
|
+
if (!extra?.name || !extra?.version)
|
|
519
|
+
return null;
|
|
520
|
+
// Build ERC-3009 authorization with from = smartAccount
|
|
521
|
+
const nonce = toHex(crypto.getRandomValues(new Uint8Array(32)));
|
|
522
|
+
const now = Math.floor(Date.now() / 1000);
|
|
523
|
+
const maxValidBefore = now + MAX_VALID_BEFORE_SECONDS;
|
|
524
|
+
const requestedValidBefore = now + (requirement.maxTimeoutSeconds || 300);
|
|
525
|
+
const validAfter = BigInt(now - 600);
|
|
526
|
+
const validBefore = BigInt(Math.min(requestedValidBefore, maxValidBefore));
|
|
527
|
+
const domainOverride = options.usdcDomain;
|
|
528
|
+
const domain = {
|
|
529
|
+
name: domainOverride?.name ?? extra.name,
|
|
530
|
+
version: domainOverride?.version ?? extra.version,
|
|
531
|
+
chainId,
|
|
532
|
+
verifyingContract: getAddress(requirement.asset),
|
|
533
|
+
};
|
|
534
|
+
const types = {
|
|
535
|
+
TransferWithAuthorization: [
|
|
536
|
+
{ name: 'from', type: 'address' },
|
|
537
|
+
{ name: 'to', type: 'address' },
|
|
538
|
+
{ name: 'value', type: 'uint256' },
|
|
539
|
+
{ name: 'validAfter', type: 'uint256' },
|
|
540
|
+
{ name: 'validBefore', type: 'uint256' },
|
|
541
|
+
{ name: 'nonce', type: 'bytes32' },
|
|
542
|
+
],
|
|
543
|
+
};
|
|
544
|
+
// EOA signs ERC-3009 typed data with from = smartAccount
|
|
545
|
+
const signature = await walletClient.signTypedData({
|
|
546
|
+
domain,
|
|
547
|
+
types,
|
|
548
|
+
primaryType: 'TransferWithAuthorization',
|
|
549
|
+
message: {
|
|
550
|
+
from: getAddress(smartAccount),
|
|
551
|
+
to: getAddress(payTo),
|
|
552
|
+
value: amount,
|
|
553
|
+
validAfter,
|
|
554
|
+
validBefore,
|
|
555
|
+
nonce: nonce,
|
|
556
|
+
},
|
|
557
|
+
});
|
|
558
|
+
// ABI-encode transferWithAuthorization(address,address,uint256,uint256,uint256,bytes32,bytes)
|
|
559
|
+
// Selector 0xcf092995 — the `bytes` signature variant that supports ERC-1271
|
|
560
|
+
const encodedArgs = encodeAbiParameters([
|
|
561
|
+
{ type: 'address' }, // from
|
|
562
|
+
{ type: 'address' }, // to
|
|
563
|
+
{ type: 'uint256' }, // value
|
|
564
|
+
{ type: 'uint256' }, // validAfter
|
|
565
|
+
{ type: 'uint256' }, // validBefore
|
|
566
|
+
{ type: 'bytes32' }, // nonce
|
|
567
|
+
{ type: 'bytes' }, // signature
|
|
568
|
+
], [
|
|
569
|
+
getAddress(smartAccount),
|
|
570
|
+
getAddress(payTo),
|
|
571
|
+
amount,
|
|
572
|
+
validAfter,
|
|
573
|
+
validBefore,
|
|
574
|
+
nonce,
|
|
575
|
+
signature,
|
|
576
|
+
]);
|
|
577
|
+
const calldata = `0xcf092995${encodedArgs.slice(2)}`;
|
|
578
|
+
// Submit via UserOp — the SmartAccountClient builds and signs the UserOp,
|
|
579
|
+
// the bundler submits it, and the GuardianModule enforces spending limits.
|
|
580
|
+
const txHash = await smartAccountTransfer({
|
|
581
|
+
usdcAddress: getAddress(requirement.asset),
|
|
582
|
+
payTo: getAddress(payTo),
|
|
583
|
+
amount,
|
|
584
|
+
calldata,
|
|
585
|
+
});
|
|
586
|
+
// Retry request with pre-settled proof headers
|
|
587
|
+
const retryHeaders = new Headers(options.headers);
|
|
588
|
+
retryHeaders.set('X-Payment-Tx', txHash);
|
|
589
|
+
retryHeaders.set('X-Payment-From', smartAccount);
|
|
590
|
+
const startTime = Date.now();
|
|
591
|
+
const response = await fetch(url, {
|
|
592
|
+
method,
|
|
593
|
+
headers: retryHeaders,
|
|
594
|
+
body: options.body,
|
|
595
|
+
signal: AbortSignal.timeout(fetchTimeout),
|
|
596
|
+
});
|
|
597
|
+
const responseTimeMs = Date.now() - startTime;
|
|
598
|
+
return {
|
|
599
|
+
response,
|
|
600
|
+
paymentMade: true,
|
|
601
|
+
settlementVerified: true, // We settled it ourselves via UserOp
|
|
602
|
+
amount,
|
|
603
|
+
txHash,
|
|
604
|
+
responseTimeMs,
|
|
605
|
+
paymentMethod: 'smart-account',
|
|
606
|
+
};
|
|
607
|
+
}
|
|
608
|
+
catch (err) {
|
|
609
|
+
// SECURITY: All errors must propagate — falling back to EOA would bypass
|
|
610
|
+
// guardian guardrails. The caller (fetch402) should never silently degrade
|
|
611
|
+
// from smart account to EOA payment.
|
|
612
|
+
if (err instanceof AzethError)
|
|
613
|
+
throw err;
|
|
614
|
+
// Include full error for debugging (truncate at 2000 chars to avoid overflow)
|
|
615
|
+
const rawMsg = err instanceof Error ? err.message : String(err);
|
|
616
|
+
const fullMsg = rawMsg.slice(0, 2000);
|
|
617
|
+
throw new AzethError(`Smart account x402 payment failed: ${fullMsg}`, 'PAYMENT_FAILED', { smartAccount: options.smartAccount, operation: 'smart_account_x402' });
|
|
618
|
+
}
|
|
619
|
+
}
|
|
620
|
+
//# sourceMappingURL=x402.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"x402.js","sourceRoot":"","sources":["../../src/payments/x402.ts"],"names":[],"mappings":"AAAA,OAAO,EAML,UAAU,EACV,KAAK,EACL,mBAAmB,GACpB,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAA+B,MAAM,EAAE,MAAM,eAAe,CAAC;AACnG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EACL,iBAAiB,EACjB,gBAAgB,GAIjB,MAAM,iCAAiC,CAAC;AAEzC,8GAA8G;AAC9G,MAAM,oBAAoB,GAAG,oEAAoE,CAAC;AAElG;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,OAAkG,EAClG,aAAqB,EACrB,aAAqB,EACrB,cAAsB;IAEtB,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC;IAC/C,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,EAAE,CAAC;IAE/C,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAC/B,0CAA0C;QAC1C,IAAI,GAAG,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,UAAU;YAAE,SAAS;QACvD,IAAI,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS;QAEpC,uCAAuC;QACvC,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,oBAAoB;YAAE,SAAS;QAErD,6DAA6D;QAC7D,MAAM,SAAS,GAAG,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;QAChE,IAAI,SAAS,KAAK,UAAU;YAAE,SAAS;QAEvC,uBAAuB;QACvB,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC/B,IAAI,KAAK,IAAI,cAAc;YAAE,OAAO,IAAI,CAAC;IAC3C,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;gGACgG;AAChG,MAAM,UAAU,GAAuE;IACrF,IAAI,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE;IACjF,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE;CACtF,CAAC;AAEF,2DAA2D;AAC3D,MAAM,kBAAkB,GAAG,SAAW,CAAC;AAEvC;;;;;;;;;;8DAU8D;AAC9D,MAAM,wBAAwB,GAAG,GAAG,CAAC;AA0DrC;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,YAA4C,EAC5C,YAAqD,EACrD,OAAsB,EACtB,GAAW,EACX,OAAyB;IAEzB,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,KAAK,CAAC;IACxC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAE9C,8FAA8F;IAC9F,MAAM,YAAY,GAAG,MAAM,CAAC;IAE5B,iDAAiD;IACjD,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;YAC1C,MAAM;YACN,OAAO;YACP,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC;SAC1C,CAAC,CAAC,CAAC;IACN,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,GAAG,YAAY,UAAU;YAAE,MAAM,GAAG,CAAC;QACzC,MAAM,IAAI,UAAU,CAClB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,yBAAyB,EAC9D,eAAe,EACf,EAAE,aAAa,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,GAAG,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;IAC5F,CAAC;IAED,mEAAmE;IACnE,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IACjH,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC;IAC5F,CAAC;IAED,IAAI,WAAmC,CAAC;IACxC,sFAAsF;IACtF,IAAI,QAA6C,CAAC;IAClD,IAAI,CAAC;QACH,wEAAwE;QACxE,uEAAuE;QACvE,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAClC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QAC/F,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,iBAAiB,CAAC;QAC9B,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,2DAA2D;QAC3D,uEAAuE;QACvE,IAAI,MAAM,CAAC,OAAO,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjF,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;YACvC,8DAA8D;YAC9D,wEAAwE;YACxE,QAAQ,GAAG,MAAM,CAAC;YAClB,WAAW,GAAG;gBACZ,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,OAAO;gBAChC,OAAO,EAAE,MAAM,CAAC,OAAO,IAAI,EAAE;gBAC7B,iBAAiB,EAAE,MAAM,CAAC,MAAM,IAAI,GAAG;gBACvC,QAAQ,EAAE,QAAQ,CAAC,GAAG,IAAI,EAAE;gBAC5B,WAAW,EAAE,QAAQ,CAAC,WAAW,IAAI,EAAE;gBACvC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,IAAI,kBAAkB;gBACjD,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,iBAAiB,EAAE,MAAM,CAAC,iBAAiB,IAAI,GAAG;gBAClD,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,KAAK,EAAE,MAAM,CAAC,KAAK;aACM,CAAC;YAC5B,yEAAyE;YACxE,WAAkD,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;YAClF,WAAkD,CAAC,UAAU,GAAG,QAAQ,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,WAAW,GAAG,MAAM,CAAC;QACvB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,UAAU,CAClB,2CAA2C,EAC3C,gBAAgB,EAChB,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAC9B,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,gFAAgF;IAChF,gFAAgF;IAChF,qCAAqC;IACrC,MAAM,UAAU,GAAI,WAAkD,CAAC,UAC5B,CAAC;IAC5C,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC;IAE/C,IAAI,OAAO,EAAE,IAAI,IAAI,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;QAC/E,MAAM,UAAU,GAAG,MAAM,WAAW,CAClC,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAChF,CAAC;QACF,IAAI,UAAU;YAAE,OAAO,UAAU,CAAC;QAClC,8DAA8D;IAChE,CAAC;IAED,qEAAqE;IACrE,+EAA+E;IAC/E,kFAAkF;IAClF,0DAA0D;IAC1D,EAAE;IACF,6EAA6E;IAC7E,yEAAyE;IACzE,gEAAgE;IAChE,IAAI,OAAO,EAAE,oBAAoB,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;QAC3D,MAAM,QAAQ,GAAG,MAAM,0BAA0B,CAC/C,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,YAAY,CAC/F,CAAC;QACF,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAC9B,2EAA2E;QAC3E,4EAA4E;QAC5E,iEAAiE;QACjE,MAAM,IAAI,UAAU,CAClB,kHAAkH;cAChH,0EAA0E,EAC5E,gBAAgB,EAChB,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,GAAG,EAAE,CAC5C,CAAC;IACJ,CAAC;IAED,sEAAsE;IACtE,wEAAwE;IAExE,0EAA0E;IAC1E,MAAM,SAAS,GAAI,WAAiD,CAAC,MAAM,IAAI,WAAW,CAAC,iBAAiB,CAAC;IAC7G,IAAI,MAAc,CAAC;IACnB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,UAAU,CAClB,qDAAqD,EACrD,gBAAgB,EAChB,EAAE,KAAK,EAAE,QAAQ,EAAE,CACpB,CAAC;IACJ,CAAC;IAED,mDAAmD;IACnD,IAAI,MAAM,IAAI,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,UAAU,CAClB,iCAAiC,EACjC,gBAAgB,EAChB,EAAE,KAAK,EAAE,QAAQ,EAAE,CACpB,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,MAAM,kBAAkB,GAAG,OAAO,EAAE,SAAS,IAAI,kBAAkB,CAAC;IACpE,IAAI,MAAM,GAAG,kBAAkB,EAAE,CAAC;QAChC,MAAM,WAAW,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,kBAAkB,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAC3D,MAAM,IAAI,UAAU,CAClB,cAAc,WAAW,4BAA4B,MAAM,OAAO,EAClE,iBAAiB,EACjB,EAAE,QAAQ,EAAE,GAAG,WAAW,OAAO,EAAE,GAAG,EAAE,GAAG,MAAM,OAAO,EAAE,CAC3D,CAAC;IACJ,CAAC;IAED,6CAA6C;IAC7C,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC;IAChC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,UAAU,CAAC,mCAAmC,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IACjG,CAAC;IAED,iGAAiG;IACjG,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,EAAE,IAAI,IAAI,CAAC;IAC/C,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,MAAM,IAAI,UAAU,CAClB,wBAAwB,OAAO,oBAAoB,EACnD,gBAAgB,EAChB,EAAE,OAAO,EAAE,CACZ,CAAC;IACJ,CAAC;IACD,MAAM,YAAY,GAAI,WAAW,CAAC,KAAgB,CAAC,WAAW,EAAE,CAAC;IACjE,IAAI,YAAY,KAAK,UAAU,CAAC,OAAO,EAAE,CAAC;QACxC,MAAM,IAAI,UAAU,CAClB,+DAA+D,EAC/D,gBAAgB,EAChB,EAAE,KAAK,EAAE,WAAW,CAAC,KAAK,EAAE,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,CACzE,CAAC;IACJ,CAAC;IAED,uEAAuE;IACvE,MAAM,KAAK,GAAG,WAAW,CAAC,KAA2C,CAAC;IACtE,IAAI,CAAC,KAAK,EAAE,IAAI,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,CAAC;QACpC,MAAM,IAAI,UAAU,CAClB,0FAA0F,EAC1F,gBAAgB,EAChB,EAAE,KAAK,EAAE,OAAO,EAAE,CACnB,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,gEAAgE;IAChE,oEAAoE;IACpE,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAChE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,cAAc,GAAG,GAAG,GAAG,wBAAwB,CAAC;IACtD,MAAM,oBAAoB,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,iBAAiB,IAAI,GAAG,CAAC,CAAC;IAE1E,MAAM,aAAa,GAAG;QACpB,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC;QACzB,EAAE,EAAE,UAAU,CAAC,KAAsB,CAAC;QACtC,KAAK,EAAE,SAAS;QAChB,UAAU,EAAE,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,QAAQ,EAAE;QAClC,WAAW,EAAE,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,CAAC,QAAQ,EAAE;QACtE,KAAK;KACN,CAAC;IAEF,6EAA6E;IAC7E,8CAA8C;IAC9C,MAAM,cAAc,GAAG,OAAO,EAAE,UAAU,CAAC;IAC3C,MAAM,MAAM,GAAG;QACb,IAAI,EAAE,cAAc,EAAE,IAAI,IAAI,KAAK,CAAC,IAAI;QACxC,OAAO,EAAE,cAAc,EAAE,OAAO,IAAI,KAAK,CAAC,OAAO;QACjD,OAAO;QACP,iBAAiB,EAAE,UAAU,CAAC,WAAW,CAAC,KAAsB,CAAC;KAClE,CAAC;IAEF,MAAM,KAAK,GAAG;QACZ,yBAAyB,EAAE;YACzB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;YACjC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE;YAC/B,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;YAClC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE;YACvC,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE;YACxC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;SACnC;KACO,CAAC;IAEX,0EAA0E;IAC1E,wEAAwE;IACxE,gEAAgE;IAChE,IAAI,SAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,SAAS,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC;YAC3C,MAAM;YACN,KAAK;YACL,WAAW,EAAE,2BAA2B;YACxC,OAAO,EAAE;gBACP,IAAI,EAAE,UAAU,CAAC,aAAa,CAAC,IAAqB,CAAC;gBACrD,EAAE,EAAE,UAAU,CAAC,aAAa,CAAC,EAAmB,CAAC;gBACjD,KAAK,EAAE,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC;gBAClC,UAAU,EAAE,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC;gBAC5C,WAAW,EAAE,MAAM,CAAC,aAAa,CAAC,WAAW,CAAC;gBAC9C,KAAK,EAAE,aAAa,CAAC,KAAsB;aAC5C;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,GAAG,YAAY,UAAU;YAAE,MAAM,GAAG,CAAC;QACzC,MAAM,IAAI,UAAU,CAClB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,sCAAsC,EAC3E,gBAAgB,EAChB,EAAE,aAAa,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,CAC/D,CAAC;IACJ,CAAC;IAED,2EAA2E;IAC3E,yFAAyF;IACzF,oFAAoF;IACpF,mEAAmE;IACnE,MAAM,cAAc,GAAI,WAAkD,CAAC,UAAU,CAAC;IACtF,MAAM,YAAY,GAA4B;QAC5C,WAAW,EAAE,CAAC;QACd,QAAQ,EAAE,QAAQ,IAAI,WAAW;QACjC,OAAO,EAAE;YACP,aAAa;YACb,SAAS;SACV;KACF,CAAC;IACF,IAAI,cAAc,EAAE,CAAC;QACnB,YAAY,CAAC,QAAQ,GAAG,cAAc,CAAC;IACzC,CAAC;IAED,8DAA8D;IAC9D,iGAAiG;IACjG,gGAAgG;IAChG,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACnD,sEAAsE;IACtE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;IACxD,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,YAAY,CAAC,CAAC;IAEpD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC1B,MAAM;YACN,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC;SAC1C,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,GAAG,YAAY,UAAU;YAAE,MAAM,GAAG,CAAC;QACzC,MAAM,IAAI,UAAU,CAClB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,qCAAqC,EAC1E,eAAe,EACf,EAAE,aAAa,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,GAAG,EAAE,CACpE,CAAC;IACJ,CAAC;IACD,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;IAE9C,wEAAwE;IACxE,4EAA4E;IAC5E,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,IAAI,eAAmC,CAAC;QACxC,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;QAC7G,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC;gBACH,IAAI,OAAe,CAAC;gBACpB,IAAI,CAAC;oBAAC,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,OAAO,GAAG,eAAe,CAAC;gBAAC,CAAC;gBAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;gBACtC,eAAe,GAAG,SAAS,CAAC,KAAK,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;QACzC,CAAC;QACD,MAAM,IAAI,UAAU,CAClB,eAAe;YACb,CAAC,CAAC,qBAAqB,eAAe,EAAE;YACxC,CAAC,CAAC,qCAAqC,EACzC,gBAAgB,EAChB,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE,CACpE,CAAC;IACJ,CAAC;IAED,6DAA6D;IAC7D,qEAAqE;IACrE,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAC/B,IAAI,MAAiC,CAAC;IAEtC,MAAM,qBAAqB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;IACvE,IAAI,YAAY,GAAkB,IAAI,CAAC;IACvC,IAAI,qBAAqB,EAAE,CAAC;QAC1B,IAAI,CAAC;YACH,wEAAwE;YACxE,IAAI,eAAuB,CAAC;YAC5B,IAAI,CAAC;gBACH,eAAe,GAAG,IAAI,CAAC,qBAAqB,CAAC,CAAC;gBAC9C,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;YAC3E,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe,GAAG,qBAAqB,CAAC;YAC1C,CAAC;YACD,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YACpD,IAAI,eAAe,CAAC,WAAW,IAAI,qBAAqB,CAAC,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC3F,YAAY,GAAG,eAAe,CAAC,WAAW,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;QACjC,CAAC;IACH,CAAC;IACD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,YAAY,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,EAAE,gBAAgB,KAAK,IAAI,CAAC;IAElD,IAAI,YAAY,IAAI,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QAC7D,MAAM,GAAG,YAA6B,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,qBAAqB,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBACjC,4DAA4D;gBAC5D,IAAI,uBAAuB,CAAC,OAAO,EAAE,KAAK,EAAE,WAAW,CAAC,KAAe,EAAE,MAAM,CAAC,EAAE,CAAC;oBACjF,kBAAkB,GAAG,IAAI,CAAC;gBAC5B,CAAC;qBAAM,IAAI,MAAM,EAAE,CAAC;oBAClB,MAAM,IAAI,UAAU,CAClB,yDAAyD,EACzD,gBAAgB,EAChB,EAAE,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,WAAW,CAAC,KAAK,EAAE,cAAc,EAAE,MAAM,CAAC,QAAQ,EAAE,EAAE,CACtG,CAAC;gBACJ,CAAC;gBACD,yEAAyE;YAC3E,CAAC;iBAAM,IAAI,MAAM,EAAE,CAAC;gBAClB,MAAM,IAAI,UAAU,CAClB,iCAAiC,EACjC,gBAAgB,EAChB,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,CAAC,MAAM,EAAE,CAC1C,CAAC;YACJ,CAAC;QACH,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,GAAG,YAAY,UAAU;gBAAE,MAAM,GAAG,CAAC;YACzC,yDAAyD;YACzD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,UAAU,CAClB,yCAAyC,EACzC,gBAAgB,EAChB,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB,EAAE,CAChF,CAAC;YACJ,CAAC;YACD,qDAAqD;QACvD,CAAC;IACH,CAAC;SAAM,IAAI,MAAM,EAAE,CAAC;QAClB,MAAM,IAAI,UAAU,CAClB,sDAAsD,EACtD,gBAAgB,EAChB,EAAE,MAAM,EAAE,4EAA4E,EAAE,CACzF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,QAAQ;QACR,WAAW,EAAE,IAAI;QACjB,kBAAkB;QAClB,MAAM;QACN,MAAM;QACN,cAAc;QACd,aAAa,EAAE,MAAM;KACtB,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,WAAW,CACxB,YAAqD,EACrD,YAA2B,EAC3B,GAAW,EACX,MAAc,EACd,OAAoC,EACpC,OAAsB,EACtB,YAAoB;IAEpB,IAAI,CAAC;QACH,kDAAkD;QAClD,MAAM,QAAQ,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC;QAE3B,gEAAgE;QAChE,MAAM,gBAAgB,GAAqB;YACzC,GAAG,OAAO,CAAC,IAAI;YACf,OAAO,EAAE,QAAQ,CAAC,OAAO;YACzB,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,eAAe,EAAE,QAAQ,CAAC,eAAe;SAC1C,CAAC;QAEF,yFAAyF;QACzF,iGAAiG;QACjG,MAAM,UAAU,GAAc;YAC5B,WAAW,EAAE,CAAC,IAAyB,EAAE,EAAE,CACzC,YAAY,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;YACrD,OAAO,EAAE,EAAE,OAAO,EAAE,YAAY,EAAE;SACnC,CAAC;QAEF,0CAA0C;QAC1C,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAE9C,0CAA0C;QAC1C,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAClD,WAAW,CAAC,GAAG,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;QAE/C,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YACpC,MAAM;YACN,OAAO,EAAE,WAAW;YACpB,IAAI,EAAE,OAAO,EAAE,IAAI;YACnB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC;SAC1C,CAAC,CAAC;QAEH,8DAA8D;QAC9D,IAAI,YAAY,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAChC,OAAO;gBACL,QAAQ,EAAE,YAAY;gBACtB,WAAW,EAAE,KAAK;gBAClB,kBAAkB,EAAE,KAAK;gBACzB,aAAa,EAAE,SAAS;aACzB,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,uEAAuE;QACvE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,KAAK,UAAU,0BAA0B,CACvC,YAA4C,EAC5C,YAAqD,EACrD,UAAyB,EACzB,GAAW,EACX,MAAc,EACd,OAAwB,EACxB,WAAmC,EACnC,QAA6C,EAC7C,YAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,OAAO,CAAC,YAAa,CAAC;QAC3C,MAAM,oBAAoB,GAAG,OAAO,CAAC,oBAAqB,CAAC;QAE3D,iBAAiB;QACjB,MAAM,SAAS,GAAI,WAAiD,CAAC,MAAM,IAAI,WAAW,CAAC,iBAAiB,CAAC;QAC7G,IAAI,MAAc,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAC7B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,CAAC,qCAAqC;QACpD,CAAC;QAED,IAAI,MAAM,IAAI,EAAE;YAAE,OAAO,IAAI,CAAC;QAE9B,eAAe;QACf,MAAM,kBAAkB,GAAG,OAAO,CAAC,SAAS,IAAI,kBAAkB,CAAC;QACnE,IAAI,MAAM,GAAG,kBAAkB,EAAE,CAAC;YAChC,MAAM,WAAW,GAAG,iBAAiB,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,kBAAkB,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;YAC3D,MAAM,IAAI,UAAU,CAClB,cAAc,WAAW,4BAA4B,MAAM,OAAO,EAClE,iBAAiB,EACjB,EAAE,QAAQ,EAAE,GAAG,WAAW,OAAO,EAAE,GAAG,EAAE,GAAG,MAAM,OAAO,EAAE,CAC3D,CAAC;QACJ,CAAC;QAED,iBAAiB;QACjB,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC;QAChC,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEpD,iBAAiB;QACjB,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,EAAE,IAAI,IAAI,CAAC;QAC/C,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QACvC,IAAI,CAAC,UAAU;YAAE,OAAO,IAAI,CAAC;QAC7B,MAAM,YAAY,GAAI,WAAW,CAAC,KAAgB,CAAC,WAAW,EAAE,CAAC;QACjE,IAAI,YAAY,KAAK,UAAU,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAErD,iCAAiC;QACjC,MAAM,KAAK,GAAG,WAAW,CAAC,KAA2C,CAAC;QACtE,IAAI,CAAC,KAAK,EAAE,IAAI,IAAI,CAAC,KAAK,EAAE,OAAO;YAAE,OAAO,IAAI,CAAC;QAEjD,wDAAwD;QACxD,MAAM,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,cAAc,GAAG,GAAG,GAAG,wBAAwB,CAAC;QACtD,MAAM,oBAAoB,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC,iBAAiB,IAAI,GAAG,CAAC,CAAC;QAC1E,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;QACrC,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,cAAc,CAAC,CAAC,CAAC;QAE3E,MAAM,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC;QAC1C,MAAM,MAAM,GAAG;YACb,IAAI,EAAE,cAAc,EAAE,IAAI,IAAI,KAAK,CAAC,IAAI;YACxC,OAAO,EAAE,cAAc,EAAE,OAAO,IAAI,KAAK,CAAC,OAAO;YACjD,OAAO;YACP,iBAAiB,EAAE,UAAU,CAAC,WAAW,CAAC,KAAsB,CAAC;SAClE,CAAC;QAEF,MAAM,KAAK,GAAG;YACZ,yBAAyB,EAAE;gBACzB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;gBACjC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE;gBAC/B,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;gBAClC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE;gBACvC,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE;gBACxC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;aACnC;SACO,CAAC;QAEX,yDAAyD;QACzD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,aAAa,CAAC;YACjD,MAAM;YACN,KAAK;YACL,WAAW,EAAE,2BAA2B;YACxC,OAAO,EAAE;gBACP,IAAI,EAAE,UAAU,CAAC,YAAY,CAAC;gBAC9B,EAAE,EAAE,UAAU,CAAC,KAAsB,CAAC;gBACtC,KAAK,EAAE,MAAM;gBACb,UAAU;gBACV,WAAW;gBACX,KAAK,EAAE,KAAsB;aAC9B;SACF,CAAC,CAAC;QAEH,8FAA8F;QAC9F,6EAA6E;QAC7E,MAAM,WAAW,GAAG,mBAAmB,CACrC;YACE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAG,OAAO;YAC7B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAG,KAAK;YAC3B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAG,QAAQ;YAC9B,EAAE,IAAI,EAAE,SAAS,EAAE,EAAG,aAAa;YACnC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAG,cAAc;YACpC,EAAE,IAAI,EAAE,SAAS,EAAE,EAAG,QAAQ;YAC9B,EAAE,IAAI,EAAE,OAAO,EAAE,EAAK,YAAY;SACnC,EACD;YACE,UAAU,CAAC,YAAY,CAAC;YACxB,UAAU,CAAC,KAAsB,CAAC;YAClC,MAAM;YACN,UAAU;YACV,WAAW;YACX,KAAsB;YACtB,SAAS;SACV,CACF,CAAC;QACF,MAAM,QAAQ,GAAG,aAAa,WAAW,CAAC,KAAK,CAAC,CAAC,CAAC,EAAmB,CAAC;QAEtE,0EAA0E;QAC1E,2EAA2E;QAC3E,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC;YACxC,WAAW,EAAE,UAAU,CAAC,WAAW,CAAC,KAAsB,CAAC;YAC3D,KAAK,EAAE,UAAU,CAAC,KAAsB,CAAC;YACzC,MAAM;YACN,QAAQ;SACT,CAAC,CAAC;QAEH,+CAA+C;QAC/C,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAClD,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QACzC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;QAEjD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM;YACN,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,YAAY,CAAC;SAC1C,CAAC,CAAC;QACH,MAAM,cAAc,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;QAE9C,OAAO;YACL,QAAQ;YACR,WAAW,EAAE,IAAI;YACjB,kBAAkB,EAAE,IAAI,EAAE,qCAAqC;YAC/D,MAAM;YACN,MAAM;YACN,cAAc;YACd,aAAa,EAAE,eAAe;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,yEAAyE;QACzE,2EAA2E;QAC3E,qCAAqC;QACrC,IAAI,GAAG,YAAY,UAAU;YAAE,MAAM,GAAG,CAAC;QAEzC,8EAA8E;QAC9E,MAAM,MAAM,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAEtC,MAAM,IAAI,UAAU,CAClB,sCAAsC,OAAO,EAAE,EAC/C,gBAAgB,EAChB,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,SAAS,EAAE,oBAAoB,EAAE,CACxE,CAAC;IACJ,CAAC;AACH,CAAC"}
|