@azeth/sdk 0.2.0

package/dist/account/history.js

@@ -0,0 +1,144 @@
+import { withRetry } from '../utils/retry.js';
+/** Pad an address to a 32-byte hex topic for event log filtering */
+function addressToTopic(addr) {
+    return `0x000000000000000000000000${addr.slice(2).toLowerCase()}`;
+}
+/** Get transaction history for an account
+ *  Tries server API first, then falls back to on-chain TransferRecorded events
+ *  from the ReputationModule (last ~1000 blocks).
+ */
+export async function getHistory(publicClient, account, serverUrl, params, reputationModuleAddress, tokenAddresses) {
+    // If server URL is provided, try the indexed API (fall back gracefully if unreachable)
+    if (serverUrl) {
+        const queryParams = new URLSearchParams();
+        queryParams.set('address', account);
+        if (params?.limit)
+            queryParams.set('limit', params.limit.toString());
+        if (params?.offset)
+            queryParams.set('offset', params.offset.toString());
+        try {
+            const response = await withRetry(() => fetch(`${serverUrl}/api/v1/history?${queryParams}`));
+            if (response.ok) {
+                return await response.json();
+            }
+            // Non-OK response — fall through to on-chain fallback
+        }
+        catch {
+            // Server unreachable — fall through to on-chain fallback
+        }
+    }
+    // On-chain fallback: query TransferRecorded events from ReputationModule
+    if (!reputationModuleAddress)
+        return [];
+    try {
+        const currentBlock = await publicClient.getBlockNumber();
+        const fromBlock = params?.fromBlock ?? (currentBlock > 50000n ? currentBlock - 50000n : 0n);
+        const limit = params?.limit ?? 50;
+        const accountTopic = addressToTopic(account);
+        // Query outgoing (from=account) and incoming (to=account) in parallel
+        const [outgoing, incoming] = await Promise.all([
+            publicClient.getLogs({
+                address: reputationModuleAddress,
+                event: {
+                    type: 'event',
+                    name: 'TransferRecorded',
+                    inputs: [
+                        { name: 'from', type: 'address', indexed: true },
+                        { name: 'to', type: 'address', indexed: true },
+                        { name: 'token', type: 'address', indexed: true },
+                        { name: 'amount', type: 'uint256', indexed: false },
+                    ],
+                },
+                args: { from: account },
+                fromBlock,
+                toBlock: currentBlock,
+            }).catch(() => []),
+            publicClient.getLogs({
+                address: reputationModuleAddress,
+                event: {
+                    type: 'event',
+                    name: 'TransferRecorded',
+                    inputs: [
+                        { name: 'from', type: 'address', indexed: true },
+                        { name: 'to', type: 'address', indexed: true },
+                        { name: 'token', type: 'address', indexed: true },
+                        { name: 'amount', type: 'uint256', indexed: false },
+                    ],
+                },
+                args: { to: account },
+                fromBlock,
+                toBlock: currentBlock,
+            }).catch(() => []),
+        ]);
+        // Query standard ERC-20 Transfer events for incoming deposits.
+        // Deposits via direct ERC-20 transfer() bypass the ReputationModule Hook,
+        // so no TransferRecorded events are emitted — we must query Transfer events directly.
+        const validTokens = (tokenAddresses ?? []).filter(Boolean);
+        const depositLogs = validTokens.length > 0
+            ? (await Promise.all(validTokens.map(tokenAddr => publicClient.getLogs({
+                address: tokenAddr,
+                event: {
+                    type: 'event',
+                    name: 'Transfer',
+                    inputs: [
+                        { name: 'from', type: 'address', indexed: true },
+                        { name: 'to', type: 'address', indexed: true },
+                        { name: 'value', type: 'uint256', indexed: false },
+                    ],
+                },
+                args: { to: account },
+                fromBlock,
+                toBlock: currentBlock,
+            }).catch(() => [])))).flat()
+            : [];
+        // Merge, deduplicate by txHash, and sort by blockNumber descending
+        const allLogs = [...outgoing, ...incoming, ...depositLogs];
+        const seen = new Set();
+        const records = [];
+        for (const log of allLogs) {
+            const txHash = log.transactionHash;
+            if (!txHash || seen.has(txHash))
+                continue;
+            seen.add(txHash);
+            const args = log.args;
+            const from = args.from;
+            const to = args.to;
+            // TransferRecorded has 'token' and 'amount'; ERC-20 Transfer has 'value' and log.address is the token
+            const token = args.token ?? (args.value !== undefined ? log.address : null);
+            const amount = args.amount ?? args.value;
+            records.push({
+                hash: txHash,
+                from: from ?? account,
+                to: to ?? null,
+                value: amount ?? 0n,
+                token: token ?? null,
+                blockNumber: log.blockNumber ?? 0n,
+                timestamp: 0,
+            });
+        }
+        // Sort by blockNumber descending (most recent first) and apply limit
+        records.sort((a, b) => Number(b.blockNumber - a.blockNumber));
+        const sliced = records.slice(0, limit);
+        // Batch-fetch block timestamps for unique block numbers
+        const uniqueBlocks = [...new Set(sliced.map(r => r.blockNumber))];
+        const blockTimestamps = new Map();
+        await Promise.all(uniqueBlocks.map(async (blockNumber) => {
+            try {
+                const block = await publicClient.getBlock({ blockNumber });
+                blockTimestamps.set(blockNumber, Number(block.timestamp));
+            }
+            catch {
+                // If block fetch fails, leave timestamp as 0
+            }
+        }));
+        for (const record of sliced) {
+            record.timestamp = blockTimestamps.get(record.blockNumber) ?? 0;
+        }
+        return sliced;
+    }
+    catch {
+        // On-chain fallback failed — return empty
+        return [];
+    }
+}
+//# sourceMappingURL=history.js.map

package/dist/account/history.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"history.js","sourceRoot":"","sources":["../../src/account/history.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAmB9C,oEAAoE;AACpE,SAAS,cAAc,CAAC,IAAmB;IACzC,OAAO,6BAA6B,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,EAAmB,CAAC;AACrF,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,YAA4C,EAC5C,OAAsB,EACtB,SAAkB,EAClB,MAAsB,EACtB,uBAAuC,EACvC,cAAgC;IAEhC,uFAAuF;IACvF,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,WAAW,GAAG,IAAI,eAAe,EAAE,CAAC;QAC1C,WAAW,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACpC,IAAI,MAAM,EAAE,KAAK;YAAE,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,IAAI,MAAM,EAAE,MAAM;YAAE,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAExE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,GAAG,SAAS,mBAAmB,WAAW,EAAE,CAAC,CAAC,CAAC;YAC5F,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAyB,CAAC;YACtD,CAAC;YACD,sDAAsD;QACxD,CAAC;QAAC,MAAM,CAAC;YACP,yDAAyD;QAC3D,CAAC;IACH,CAAC;IAED,yEAAyE;IACzE,IAAI,CAAC,uBAAuB;QAAE,OAAO,EAAE,CAAC;IAExC,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,cAAc,EAAE,CAAC;QACzD,MAAM,SAAS,GAAG,MAAM,EAAE,SAAS,IAAI,CAAC,YAAY,GAAG,MAAO,CAAC,CAAC,CAAC,YAAY,GAAG,MAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QAC9F,MAAM,KAAK,GAAG,MAAM,EAAE,KAAK,IAAI,EAAE,CAAC;QAClC,MAAM,YAAY,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;QAE7C,sEAAsE;QACtE,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;YAC7C,YAAY,CAAC,OAAO,CAAC;gBACnB,OAAO,EAAE,uBAAuB;gBAChC,KAAK,EAAE;oBACL,IAAI,EAAE,OAAgB;oBACtB,IAAI,EAAE,kBAAkB;oBACxB,MAAM,EAAE;wBACN,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBAChD,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBAC9C,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBACjD,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;qBACpD;iBACF;gBACD,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE;gBACvB,SAAS;gBACT,OAAO,EAAE,YAAY;aACtB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;YAClB,YAAY,CAAC,OAAO,CAAC;gBACnB,OAAO,EAAE,uBAAuB;gBAChC,KAAK,EAAE;oBACL,IAAI,EAAE,OAAgB;oBACtB,IAAI,EAAE,kBAAkB;oBACxB,MAAM,EAAE;wBACN,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBAChD,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBAC9C,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBACjD,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;qBACpD;iBACF;gBACD,IAAI,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;gBACrB,SAAS;gBACT,OAAO,EAAE,YAAY;aACtB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC;SACnB,CAAC,CAAC;QAEH,+DAA+D;QAC/D,0EAA0E;QAC1E,sFAAsF;QACtF,MAAM,WAAW,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC3D,MAAM,WAAW,GAAG,WAAW,CAAC,MAAM,GAAG,CAAC;YACxC,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,GAAG,CAChB,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAC1B,YAAY,CAAC,OAAO,CAAC;gBACnB,OAAO,EAAE,SAAS;gBAClB,KAAK,EAAE;oBACL,IAAI,EAAE,OAAgB;oBACtB,IAAI,EAAE,UAAU;oBAChB,MAAM,EAAE;wBACN,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBAChD,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE;wBAC9C,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,EAAE;qBACnD;iBACF;gBACD,IAAI,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE;gBACrB,SAAS;gBACT,OAAO,EAAE,YAAY;aACtB,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CACnB,CACF,CAAC,CAAC,IAAI,EAAE;YACX,CAAC,CAAC,EAAE,CAAC;QAEP,mEAAmE;QACnE,MAAM,OAAO,GAAG,CAAC,GAAG,QAAQ,EAAE,GAAG,QAAQ,EAAE,GAAG,WAAW,CAAC,CAAC;QAC3D,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;QAC/B,MAAM,OAAO,GAAwB,EAAE,CAAC;QAExC,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;YACnC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC;gBAAE,SAAS;YAC1C,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAEjB,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;YACjD,MAAM,IAAI,GAAI,IAAI,CAAC,IAAkC,CAAC;YACtD,MAAM,EAAE,GAAI,IAAI,CAAC,EAAgC,CAAC;YAClD,sGAAsG;YACtG,MAAM,KAAK,GAAI,IAAI,CAAC,KAAmC,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC3G,MAAM,MAAM,GAAI,IAAI,CAAC,MAA6B,IAAK,IAAI,CAAC,KAA4B,CAAC;YAEzF,OAAO,CAAC,IAAI,CAAC;gBACX,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,IAAI,OAAO;gBACrB,EAAE,EAAE,EAAE,IAAI,IAAI;gBACd,KAAK,EAAE,MAAM,IAAI,EAAE;gBACnB,KAAK,EAAE,KAAK,IAAI,IAAI;gBACpB,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;gBAClC,SAAS,EAAE,CAAC;aACb,CAAC,CAAC;QACL,CAAC;QAED,qEAAqE;QACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;QAC9D,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAEvC,wDAAwD;QACxD,MAAM,YAAY,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QAClE,MAAM,eAAe,GAAG,IAAI,GAAG,EAAkB,CAAC;QAClD,MAAM,OAAO,CAAC,GAAG,CACf,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,WAAW,EAAE,EAAE;YACrC,IAAI,CAAC;gBACH,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,EAAE,WAAW,EAAE,CAAC,CAAC;gBAC3D,eAAe,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC;YAC5D,CAAC;YAAC,MAAM,CAAC;gBACP,6CAA6C;YAC/C,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QAEF,KAAK,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;YAC5B,MAAM,CAAC,SAAS,GAAG,eAAe,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAClE,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,MAAM,CAAC;QACP,0CAA0C;QAC1C,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC"}

package/dist/account/transfer.d.ts

@@ -0,0 +1,28 @@
+import { type PublicClient, type Chain, type Transport } from 'viem';
+import { type AzethContractAddresses } from '@azeth/common';
+import type { AzethSmartAccountClient } from '../utils/userop.js';
+export interface TransferParams {
+    to: `0x${string}`;
+    token?: `0x${string}`;
+    amount: bigint;
+}
+export interface TransferResult {
+    txHash: `0x${string}`;
+    from: `0x${string}`;
+    to: `0x${string}`;
+    amount: bigint;
+    token: `0x${string}` | 'ETH';
+}
+/** Transfer ETH or ERC-20 tokens via the smart account using ERC-4337 UserOperations.
+ *
+ *  The SmartAccountClient builds a UserOperation that routes through EntryPoint v0.7,
+ *  which calls executeUserOp() on the AzethAccount. This is the ONLY authorized path
+ *  for state-changing operations on AzethAccount v12.
+ *
+ *  When publicClient and addresses are provided, a pre-flight guardrail check is
+ *  performed via GuardianModule.checkOperation() to catch spending limit / whitelist
+ *  failures with descriptive errors instead of the opaque "AA24 signature error".
+ *
+ *  M-12 fix (Audit #8): Rejects zero-amount transfers at the raw function level. */
+export declare function transfer(smartAccountClient: AzethSmartAccountClient, smartAccount: `0x${string}`, params: TransferParams, publicClient?: PublicClient<Transport, Chain>, addresses?: AzethContractAddresses): Promise<TransferResult>;
+//# sourceMappingURL=transfer.d.ts.map

package/dist/account/transfer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transfer.d.ts","sourceRoot":"","sources":["../../src/account/transfer.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,SAAS,EACf,MAAM,MAAM,CAAC;AACd,OAAO,EAAiC,KAAK,sBAAsB,EAAE,MAAM,eAAe,CAAC;AAG3F,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAElE,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,KAAK,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,KAAK,MAAM,EAAE,CAAC;IACtB,IAAI,EAAE,KAAK,MAAM,EAAE,CAAC;IACpB,EAAE,EAAE,KAAK,MAAM,EAAE,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,KAAK,MAAM,EAAE,GAAG,KAAK,CAAC;CAC9B;AAoFD;;;;;;;;;;oFAUoF;AACpF,wBAAsB,QAAQ,CAC5B,kBAAkB,EAAE,uBAAuB,EAC3C,YAAY,EAAE,KAAK,MAAM,EAAE,EAC3B,MAAM,EAAE,cAAc,EACtB,YAAY,CAAC,EAAE,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,EAC7C,SAAS,CAAC,EAAE,sBAAsB,GACjC,OAAO,CAAC,cAAc,CAAC,CAyDzB"}

package/dist/account/transfer.js

@@ -0,0 +1,137 @@
+import { erc20Abi, encodeFunctionData, } from 'viem';
+import { AzethError, formatTokenAmount } from '@azeth/common';
+import { GuardianModuleAbi } from '@azeth/common/abis';
+import { requireAddress } from '../utils/addresses.js';
+/** Reason enum values matching GuardianModule.ValidationReason order */
+const VALIDATION_REASON_NAMES = [
+    'OK',
+    'ACCOUNT_NOT_INITIALIZED',
+    'EXCEEDS_TX_LIMIT',
+    'EXCEEDS_DAILY_LIMIT',
+    'TARGET_NOT_WHITELISTED',
+    'ORACLE_STALE',
+    'GUARDIAN_REQUIRED',
+];
+/** Format a bigint 18-decimal USD value for human-readable error messages */
+function formatUSD(value18) {
+    return `$${formatTokenAmount(value18, 18, 2)}`;
+}
+/** Pre-flight guardrail check via GuardianModule.checkOperation().
+ *
+ *  Calls the on-chain view function to get structured validation reasons before
+ *  submitting a UserOp that would fail with the opaque "AA24 signature error".
+ *
+ *  @throws AzethError('GUARDIAN_REJECTED') with human-readable details */
+async function preflightCheck(publicClient, addresses, smartAccount, params) {
+    const guardianAddress = requireAddress(addresses, 'guardianModule');
+    // Map transfer params to checkOperation params:
+    // ETH: target=recipient, value=amount, token=address(0)
+    // ERC-20: target=tokenContract, value=amount, token=tokenContract
+    const target = params.token ?? params.to;
+    const token = params.token ?? '0x0000000000000000000000000000000000000000';
+    const [reason, details] = await publicClient.readContract({
+        address: guardianAddress,
+        abi: GuardianModuleAbi,
+        functionName: 'checkOperation',
+        args: [smartAccount, target, params.amount, token],
+    });
+    if (reason === 0)
+        return; // OK
+    const reasonName = VALIDATION_REASON_NAMES[reason] ?? 'UNKNOWN';
+    const errorDetails = {
+        reason: reasonName,
+        usdValue: formatUSD(details.usdValue),
+        dailySpentUSD: formatUSD(details.dailySpentUSD),
+        maxTxAmountUSD: formatUSD(details.maxTxAmountUSD),
+        dailySpendLimitUSD: formatUSD(details.dailySpendLimitUSD),
+    };
+    let message;
+    switch (reason) {
+        case 1: // ACCOUNT_NOT_INITIALIZED
+            message = `Smart account ${smartAccount} is not initialized with GuardianModule`;
+            break;
+        case 2: // EXCEEDS_TX_LIMIT
+            message = `Transfer of ${formatUSD(details.usdValue)} exceeds per-transaction limit of ${formatUSD(details.maxTxAmountUSD)}`;
+            break;
+        case 3: // EXCEEDS_DAILY_LIMIT
+            message = `Transfer of ${formatUSD(details.usdValue)} would push daily spend to ${formatUSD(details.dailySpentUSD + details.usdValue)}, exceeding daily limit of ${formatUSD(details.dailySpendLimitUSD)}`;
+            break;
+        case 4: // TARGET_NOT_WHITELISTED
+            message = `Target ${target} is not in the token or protocol whitelist. Add it via setTokenWhitelist() or setProtocolWhitelist()`;
+            break;
+        case 5: // ORACLE_STALE
+            message = `Price oracle is stale — guardian co-signature required for this transfer`;
+            break;
+        case 6: // GUARDIAN_REQUIRED
+            message = `Guardian co-signature required for this operation`;
+            break;
+        default:
+            message = `Guardian validation failed (reason ${reason})`;
+    }
+    throw new AzethError(message, 'GUARDIAN_REJECTED', errorDetails);
+}
+/** Transfer ETH or ERC-20 tokens via the smart account using ERC-4337 UserOperations.
+ *
+ *  The SmartAccountClient builds a UserOperation that routes through EntryPoint v0.7,
+ *  which calls executeUserOp() on the AzethAccount. This is the ONLY authorized path
+ *  for state-changing operations on AzethAccount v12.
+ *
+ *  When publicClient and addresses are provided, a pre-flight guardrail check is
+ *  performed via GuardianModule.checkOperation() to catch spending limit / whitelist
+ *  failures with descriptive errors instead of the opaque "AA24 signature error".
+ *
+ *  M-12 fix (Audit #8): Rejects zero-amount transfers at the raw function level. */
+export async function transfer(smartAccountClient, smartAccount, params, publicClient, addresses) {
+    // M-12 fix (Audit #8): Block negative amounts (bigint can go negative).
+    // AUDIT-FIX: Also reject zero-amount transfers — they waste gas on a no-op.
+    if (params.amount <= 0n) {
+        throw new AzethError('Transfer amount must be greater than zero', 'INVALID_INPUT', { field: 'amount' });
+    }
+    // Pre-flight guardrail check: catch spending limit / whitelist failures early
+    // with descriptive errors instead of opaque "AA24 signature error".
+    if (publicClient && addresses) {
+        await preflightCheck(publicClient, addresses, smartAccount, params);
+    }
+    let txHash;
+    try {
+        if (!params.token) {
+            // ETH transfer via UserOp: sendTransaction encodes via account.encodeCalls()
+            // which wraps in AzethAccount.execute(mode, encodeSingle(to, amount, "0x"))
+            txHash = await smartAccountClient.sendTransaction({
+                to: params.to,
+                value: params.amount,
+                data: '0x',
+            });
+        }
+        else {
+            // ERC-20 transfer via UserOp: encode the ERC-20 transfer call,
+            // then sendTransaction wraps in execute(mode, encodeSingle(token, 0, data))
+            const data = encodeFunctionData({
+                abi: erc20Abi,
+                functionName: 'transfer',
+                args: [params.to, params.amount],
+            });
+            txHash = await smartAccountClient.sendTransaction({
+                to: params.token,
+                value: 0n,
+                data,
+            });
+        }
+    }
+    catch (err) {
+        if (err instanceof AzethError)
+            throw err;
+        const message = err instanceof Error ? err.message : 'Transfer failed';
+        const isInsufficientFunds = message.toLowerCase().includes('insufficient') ||
+            message.toLowerCase().includes('exceeds balance');
+        throw new AzethError(message, isInsufficientFunds ? 'INSUFFICIENT_BALANCE' : 'CONTRACT_ERROR', { originalError: err instanceof Error ? err.name : undefined });
+    }
+    return {
+        txHash,
+        from: smartAccount,
+        to: params.to,
+        amount: params.amount,
+        token: params.token ?? 'ETH',
+    };
+}
+//# sourceMappingURL=transfer.js.map

package/dist/account/transfer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"transfer.js","sourceRoot":"","sources":["../../src/account/transfer.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,QAAQ,EACR,kBAAkB,GAKnB,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAA+B,MAAM,eAAe,CAAC;AAC3F,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAiBvD,wEAAwE;AACxE,MAAM,uBAAuB,GAAG;IAC9B,IAAI;IACJ,yBAAyB;IACzB,kBAAkB;IAClB,qBAAqB;IACrB,wBAAwB;IACxB,cAAc;IACd,mBAAmB;CACX,CAAC;AAEX,6EAA6E;AAC7E,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO,IAAI,iBAAiB,CAAC,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;AACjD,CAAC;AAED;;;;;0EAK0E;AAC1E,KAAK,UAAU,cAAc,CAC3B,YAA4C,EAC5C,SAAiC,EACjC,YAA2B,EAC3B,MAAsB;IAEtB,MAAM,eAAe,GAAG,cAAc,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC;IAEpE,gDAAgD;IAChD,wDAAwD;IACxD,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,IAAI,MAAM,CAAC,EAAE,CAAC;IACzC,MAAM,KAAK,GAAkB,MAAM,CAAC,KAAK,IAAI,4CAA4C,CAAC;IAE1F,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,YAAY,CAAC,YAAY,CAAC;QACxD,OAAO,EAAE,eAAe;QACxB,GAAG,EAAE,iBAAiB;QACtB,YAAY,EAAE,gBAAgB;QAC9B,IAAI,EAAE,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;KACnD,CAAC,CAAC;IAEH,IAAI,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,KAAK;IAE/B,MAAM,UAAU,GAAG,uBAAuB,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC;IAEhE,MAAM,YAAY,GAA4B;QAC5C,MAAM,EAAE,UAAU;QAClB,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC;QACrC,aAAa,EAAE,SAAS,CAAC,OAAO,CAAC,aAAa,CAAC;QAC/C,cAAc,EAAE,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC;QACjD,kBAAkB,EAAE,SAAS,CAAC,OAAO,CAAC,kBAAkB,CAAC;KAC1D,CAAC;IAEF,IAAI,OAAe,CAAC;IACpB,QAAQ,MAAM,EAAE,CAAC;QACf,KAAK,CAAC,EAAE,0BAA0B;YAChC,OAAO,GAAG,iBAAiB,YAAY,yCAAyC,CAAC;YACjF,MAAM;QACR,KAAK,CAAC,EAAE,mBAAmB;YACzB,OAAO,GAAG,eAAe,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,qCAAqC,SAAS,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7H,MAAM;QACR,KAAK,CAAC,EAAE,sBAAsB;YAC5B,OAAO,GAAG,eAAe,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,8BAA8B,SAAS,CAAC,OAAO,CAAC,aAAa,GAAG,OAAO,CAAC,QAAQ,CAAC,8BAA8B,SAAS,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,CAAC;YAC3M,MAAM;QACR,KAAK,CAAC,EAAE,yBAAyB;YAC/B,OAAO,GAAG,UAAU,MAAM,sGAAsG,CAAC;YACjI,MAAM;QACR,KAAK,CAAC,EAAE,eAAe;YACrB,OAAO,GAAG,0EAA0E,CAAC;YACrF,MAAM;QACR,KAAK,CAAC,EAAE,oBAAoB;YAC1B,OAAO,GAAG,mDAAmD,CAAC;YAC9D,MAAM;QACR;YACE,OAAO,GAAG,sCAAsC,MAAM,GAAG,CAAC;IAC9D,CAAC;IAED,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE,mBAAmB,EAAE,YAAY,CAAC,CAAC;AACnE,CAAC;AAED;;;;;;;;;;oFAUoF;AACpF,MAAM,CAAC,KAAK,UAAU,QAAQ,CAC5B,kBAA2C,EAC3C,YAA2B,EAC3B,MAAsB,EACtB,YAA6C,EAC7C,SAAkC;IAElC,wEAAwE;IACxE,4EAA4E;IAC5E,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,UAAU,CAAC,2CAA2C,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;IAC1G,CAAC;IAED,8EAA8E;IAC9E,oEAAoE;IACpE,IAAI,YAAY,IAAI,SAAS,EAAE,CAAC;QAC9B,MAAM,cAAc,CAAC,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;IACtE,CAAC;IAED,IAAI,MAAqB,CAAC;IAE1B,IAAI,CAAC;QACH,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YAClB,6EAA6E;YAC7E,4EAA4E;YAC5E,MAAM,GAAG,MAAM,kBAAkB,CAAC,eAAe,CAAC;gBAChD,EAAE,EAAE,MAAM,CAAC,EAAE;gBACb,KAAK,EAAE,MAAM,CAAC,MAAM;gBACpB,IAAI,EAAE,IAAW;aAClB,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,+DAA+D;YAC/D,4EAA4E;YAC5E,MAAM,IAAI,GAAG,kBAAkB,CAAC;gBAC9B,GAAG,EAAE,QAAQ;gBACb,YAAY,EAAE,UAAU;gBACxB,IAAI,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC;aACjC,CAAC,CAAC;YACH,MAAM,GAAG,MAAM,kBAAkB,CAAC,eAAe,CAAC;gBAChD,EAAE,EAAE,MAAM,CAAC,KAAK;gBAChB,KAAK,EAAE,EAAE;gBACT,IAAI;aACL,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,GAAG,YAAY,UAAU;YAAE,MAAM,GAAG,CAAC;QACzC,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC;QACvE,MAAM,mBAAmB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC;YACxE,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QACpD,MAAM,IAAI,UAAU,CAClB,OAAO,EACP,mBAAmB,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,gBAAgB,EAC/D,EAAE,aAAa,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,EAAE,CAC/D,CAAC;IACJ,CAAC;IAED,OAAO;QACL,MAAM;QACN,IAAI,EAAE,YAAY;QAClB,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,KAAK,EAAE,MAAM,CAAC,KAAK,IAAI,KAAK;KAC7B,CAAC;AACJ,CAAC"}

package/dist/auth/erc8128.d.ts

@@ -0,0 +1,14 @@
+import { type WalletClient, type Chain, type Transport, type Account } from 'viem';
+export interface SignedRequest {
+    signature: `0x${string}`;
+    nonce: string;
+    created: number;
+    keyid: `0x${string}`;
+}
+/** Sign an HTTP request with ERC-8128 */
+export declare function signRequest(walletClient: WalletClient<Transport, Chain, Account>, signer: `0x${string}`, method: string, url: string, body?: string): Promise<SignedRequest>;
+/** Build the ERC-8128 Authorization header value */
+export declare function buildAuthHeader(signed: SignedRequest): string;
+/** Create a fetch wrapper that automatically adds ERC-8128 auth headers */
+export declare function createSignedFetch(walletClient: WalletClient<Transport, Chain, Account>, signer: `0x${string}`): typeof fetch;
+//# sourceMappingURL=erc8128.d.ts.map

package/dist/auth/erc8128.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"erc8128.d.ts","sourceRoot":"","sources":["../../src/auth/erc8128.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,SAAS,EACd,KAAK,OAAO,EACb,MAAM,MAAM,CAAC;AAGd,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,KAAK,MAAM,EAAE,CAAC;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,KAAK,MAAM,EAAE,CAAC;CACtB;AAyDD,yCAAyC;AACzC,wBAAsB,WAAW,CAC/B,YAAY,EAAE,YAAY,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,EACrD,MAAM,EAAE,KAAK,MAAM,EAAE,EACrB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,IAAI,CAAC,EAAE,MAAM,GACZ,OAAO,CAAC,aAAa,CAAC,CAWxB;AAED,oDAAoD;AACpD,wBAAgB,eAAe,CAAC,MAAM,EAAE,aAAa,GAAG,MAAM,CAgB7D;AAED,2EAA2E;AAC3E,wBAAgB,iBAAiB,CAC/B,YAAY,EAAE,YAAY,CAAC,SAAS,EAAE,KAAK,EAAE,OAAO,CAAC,EACrD,MAAM,EAAE,KAAK,MAAM,EAAE,GACpB,OAAO,KAAK,CAwBd"}

package/dist/auth/erc8128.js

@@ -0,0 +1,92 @@
+import { AzethError } from '@azeth/common';
+/** Generate a nonce for ERC-8128 authentication */
+function generateNonce() {
+    const bytes = new Uint8Array(32); // H-8 fix: Increased from 16 to 32 bytes (256-bit entropy)
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
+}
+/** Compute SHA-256 content digest for HTTP message signatures */
+async function computeContentDigest(body) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(body);
+    const hashBuffer = await crypto.subtle.digest('SHA-256', data);
+    const hashArray = new Uint8Array(hashBuffer);
+    let binary = '';
+    for (const byte of hashArray) {
+        binary += String.fromCharCode(byte);
+    }
+    const hashBase64 = btoa(binary);
+    return `sha-256=:${hashBase64}:`;
+}
+/** Build the ERC-8128 signature base string
+ *  Follows the HTTP Signature specification for machine-native auth
+ */
+async function buildSignatureBase(method, url, body, nonce, created) {
+    const parsed = new URL(url);
+    const parts = [
+        `"@method": ${method.toUpperCase()}`,
+        `"@path": ${parsed.pathname}`,
+        `"@query": ${parsed.search || '?'}`,
+        `"@authority": ${parsed.host}`,
+    ];
+    if (nonce) {
+        parts.push(`"nonce": "${nonce}"`);
+    }
+    if (created !== undefined) {
+        parts.push(`"created": ${created}`);
+    }
+    if (body) {
+        const digest = await computeContentDigest(body);
+        parts.push(`"content-digest": ${digest}`);
+    }
+    return parts.join('\n');
+}
+/** Sign an HTTP request with ERC-8128 */
+export async function signRequest(walletClient, signer, method, url, body) {
+    const nonce = generateNonce();
+    const created = Math.floor(Date.now() / 1000);
+    const signatureBase = await buildSignatureBase(method, url, body, nonce, created);
+    const signature = await walletClient.signMessage({
+        account: signer,
+        message: signatureBase,
+    });
+    return { signature, nonce, created, keyid: signer };
+}
+/** Build the ERC-8128 Authorization header value */
+export function buildAuthHeader(signed) {
+    // CRITICAL-2 fix: Use cross-platform Uint8Array instead of Node.js Buffer
+    // so this works in browsers, Deno, Cloudflare Workers, and edge runtimes.
+    const hexStr = signed.signature.slice(2); // remove 0x prefix
+    // H-3 fix: Validate signature is exactly 65 bytes (130 hex chars)
+    if (hexStr.length !== 130) {
+        throw new AzethError('Invalid signature length — expected 65 bytes', 'INVALID_INPUT', { field: 'signature' });
+    }
+    const sigBytes = new Uint8Array(hexStr.match(/.{2}/g).map(b => parseInt(b, 16)));
+    // H-3 fix: Validate v value is canonical (27, 28, 0, or 1)
+    const v = sigBytes[64];
+    if (v !== 27 && v !== 28 && v !== 0 && v !== 1) {
+        throw new AzethError('Invalid signature recovery value', 'INVALID_INPUT', { field: 'signature' });
+    }
+    const sigBase64 = btoa(String.fromCharCode(...sigBytes));
+    return `ERC8128 sig=:${sigBase64}:; keyid="${signed.keyid}"; nonce="${signed.nonce}"; created=${signed.created}`;
+}
+/** Create a fetch wrapper that automatically adds ERC-8128 auth headers */
+export function createSignedFetch(walletClient, signer) {
+    return async (input, init) => {
+        const url = typeof input === 'string' ? input : input instanceof URL ? input.toString() : input.url;
+        const method = init?.method ?? 'GET';
+        // MEDIUM-12 fix: Reject non-string body types that can't be included in the signature base.
+        // Without this, a ReadableStream/Blob/ArrayBuffer body would be silently excluded from the
+        // content digest, causing the server to verify a signature over a request without the body hash.
+        if (init?.body !== undefined && init.body !== null && typeof init.body !== 'string') {
+            throw new AzethError('ERC-8128 signed fetch requires a string body for content digest. Convert your body to a string first.', 'INVALID_INPUT', { field: 'body', bodyType: typeof init.body });
+        }
+        const body = typeof init?.body === 'string' ? init.body : undefined;
+        const signed = await signRequest(walletClient, signer, method, url, body);
+        const authHeader = buildAuthHeader(signed);
+        const headers = new Headers(init?.headers);
+        headers.set('Authorization', authHeader);
+        return fetch(input, { ...init, headers });
+    };
+}
+//# sourceMappingURL=erc8128.js.map

package/dist/auth/erc8128.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"erc8128.js","sourceRoot":"","sources":["../../src/auth/erc8128.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAS3C,mDAAmD;AACnD,SAAS,aAAa;IACpB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,2DAA2D;IAC7F,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,iEAAiE;AACjE,KAAK,UAAU,oBAAoB,CAAC,IAAY;IAC9C,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IAC7C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;QAC7B,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAChC,OAAO,YAAY,UAAU,GAAG,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAC/B,MAAc,EACd,GAAW,EACX,IAAa,EACb,KAAc,EACd,OAAgB;IAEhB,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,KAAK,GAAG;QACZ,cAAc,MAAM,CAAC,WAAW,EAAE,EAAE;QACpC,YAAY,MAAM,CAAC,QAAQ,EAAE;QAC7B,aAAa,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE;QACnC,iBAAiB,MAAM,CAAC,IAAI,EAAE;KAC/B,CAAC;IAEF,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,CAAC,IAAI,CAAC,aAAa,KAAK,GAAG,CAAC,CAAC;IACpC,CAAC;IAED,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,KAAK,CAAC,IAAI,CAAC,cAAc,OAAO,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,MAAM,GAAG,MAAM,oBAAoB,CAAC,IAAI,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,qBAAqB,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,yCAAyC;AACzC,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,YAAqD,EACrD,MAAqB,EACrB,MAAc,EACd,GAAW,EACX,IAAa;IAEb,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC9C,MAAM,aAAa,GAAG,MAAM,kBAAkB,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IAElF,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,WAAW,CAAC;QAC/C,OAAO,EAAE,MAAM;QACf,OAAO,EAAE,aAAa;KACvB,CAAC,CAAC;IAEH,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AACtD,CAAC;AAED,oDAAoD;AACpD,MAAM,UAAU,eAAe,CAAC,MAAqB;IACnD,0EAA0E;IAC1E,0EAA0E;IAC1E,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,mBAAmB;IAC7D,kEAAkE;IAClE,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC1B,MAAM,IAAI,UAAU,CAAC,8CAA8C,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IAChH,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAClF,2DAA2D;IAC3D,MAAM,CAAC,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC;IACvB,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,UAAU,CAAC,kCAAkC,EAAE,eAAe,EAAE,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IACpG,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC;IACzD,OAAO,gBAAgB,SAAS,aAAa,MAAM,CAAC,KAAK,aAAa,MAAM,CAAC,KAAK,cAAc,MAAM,CAAC,OAAO,EAAE,CAAC;AACnH,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,iBAAiB,CAC/B,YAAqD,EACrD,MAAqB;IAErB,OAAO,KAAK,EAAE,KAAwB,EAAE,IAAkB,EAAqB,EAAE;QAC/E,MAAM,GAAG,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,YAAY,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;QACpG,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC;QACrC,4FAA4F;QAC5F,2FAA2F;QAC3F,iGAAiG;QACjG,IAAI,IAAI,EAAE,IAAI,KAAK,SAAS,IAAI,IAAI,CAAC,IAAI,KAAK,IAAI,IAAI,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACpF,MAAM,IAAI,UAAU,CAClB,uGAAuG,EACvG,eAAe,EACf,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,IAAI,CAAC,IAAI,EAAE,CAC9C,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,OAAO,IAAI,EAAE,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAEpE,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1E,MAAM,UAAU,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;QAE3C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QAEzC,OAAO,KAAK,CAAC,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAC5C,CAAC,CAAC;AACJ,CAAC"}