@aztec/wallet-sdk 0.0.1-commit.d1f2d6c → 0.0.1-commit.d431d1c

package/README.md

@@ -10,8 +10,6 @@ All types and utilities needed for wallet integration are exported from `@aztec/
 import type {
   DiscoveryRequest,
   DiscoveryResponse,
-  KeyExchangeRequest,
-  KeyExchangeResponse,
   WalletInfo,
   WalletMessage,
   WalletResponse,
@@ -24,298 +22,377 @@ Cryptographic utilities for secure channel establishment are exported from `@azt
 import type { EncryptedPayload, ExportedPublicKey } from '@aztec/wallet-sdk/crypto';
 import {
   decrypt,
-  deriveSessionKeys,
+  deriveSharedKey,
   encrypt,
   exportPublicKey,
   generateKeyPair,
+  hashSharedSecret,
   hashToEmoji,
   importPublicKey,
 } from '@aztec/wallet-sdk/crypto';
 ```
 
-**For extension wallets**, pre-built connection handlers are available:
+## Overview
+
+The Wallet SDK uses a **unified discovery and connection** model with **end-to-end encryption**:
+
+1. **dApp requests wallets** for a specific chain/version via `WalletManager.getAvailableWallets({ chainInfo })`
+2. **SDK broadcasts** a discovery message with chain information and the dApp's ECDH public key
+3. **Your wallet responds** with its ECDH public key and a MessagePort ONLY if it supports that network
+4. **Both parties derive** the same shared secret via ECDH key exchange
+5. **SDK receives** discovered wallets with secure channel already established (port + sharedKey)
+6. **All subsequent communication** is encrypted using AES-256-GCM over the private MessagePort
+
+### Key Features
+
+- **No separate connection step**: The secure channel is established during discovery
+- **MessagePort transferred immediately**: The discovery response includes a MessagePort for private communication
+- **Anti-MITM verification**: Both parties can display emoji verification codes derived from the shared secret
+
+### Transport Mechanisms
+
+This guide uses **browser extension wallets** as the primary example, which communicate via `window.postMessage` for discovery and MessageChannel for secure communication. The same message protocol can be adapted for other transport mechanisms.
+
+## Discovery Protocol
+
+### 1. Listen for Discovery Requests
+
+**Extension wallet (content script):**
+
+```typescript
+window.addEventListener('message', async (event) => {
+  if (event.source !== window) return;
+
+  let data: DiscoveryRequest;
+  try {
+    data = JSON.parse(event.data);
+  } catch {
+    return;
+  }
+
+  if (data.type === 'aztec-wallet-discovery') {
+    await handleDiscoveryRequest(data);
+  }
+});
+```
+
+### 2. Discovery Message Format
+
+Discovery messages have this structure:
+
+```typescript
+interface DiscoveryRequest {
+  type: 'aztec-wallet-discovery';
+  requestId: string;              // UUID for tracking this request
+  chainInfo: ChainInfo;           // Chain ID and protocol version
+  publicKey: ExportedPublicKey;   // dApp's ECDH public key for key exchange
+}
+```
+
+### 3. Handle Discovery and Establish Secure Channel
+
+When your wallet receives a discovery request:
+
+1. Check if you support the requested network
+2. Derive the shared secret from the dApp's public key
+3. Create a MessageChannel for secure communication
+4. Respond with your wallet info and transfer one end of the channel
+
+**Extension wallet (background script):**
 
 ```typescript
 import {
-  BackgroundConnectionHandler,
-  ContentScriptConnectionHandler,
-} from '@aztec/wallet-sdk/extension/handlers';
+  deriveSharedKey,
+  exportPublicKey,
+  generateKeyPair,
+  hashSharedSecret,
+  importPublicKey,
+} from '@aztec/wallet-sdk/crypto';
+
+// Generate key pair on wallet initialization (per session)
+let walletKeyPair = await generateKeyPair();
+let walletPublicKey = await exportPublicKey(walletKeyPair.publicKey);
+
+// Store sessions by requestId
+const sessions = new Map<string, { sharedKey: CryptoKey; verificationHash: string; tabId: number }>();
+
+async function handleDiscovery(
+  request: DiscoveryRequest,
+  tabId: number
+): Promise<{ success: true; response: DiscoveryResponse }> {
+  // Check network support
+  if (!supportsNetwork(request.chainInfo)) {
+    throw new Error('Network not supported');
+  }
+
+  // Import dApp's public key and derive shared secret
+  const dAppPublicKey = await importPublicKey(request.publicKey);
+  const sharedKey = await deriveSharedKey(walletKeyPair.privateKey, dAppPublicKey);
+
+  // Compute verification hash for anti-MITM verification
+  const verificationHash = await hashSharedSecret(sharedKey);
+
+  // Store the session with verificationHash (emoji computed lazily for display)
+  sessions.set(request.requestId, { sharedKey, verificationHash, tabId });
+
+  const response: DiscoveryResponse = {
+    type: 'aztec-wallet-discovery-response',
+    requestId: request.requestId,
+    walletInfo: {
+      id: 'my-aztec-wallet',
+      name: 'My Aztec Wallet',
+      version: '1.0.0',
+      publicKey: walletPublicKey,
+    },
+  };
+
+  return { success: true, response };
+}
 ```
 
-## Overview
+**Content script (creates MessageChannel and sends response):**
 
-The Wallet SDK uses a **two-phase connection model** with **end-to-end encryption**:
+```typescript
+async function handleDiscoveryRequest(request: DiscoveryRequest) {
+  // Forward to background script for key derivation
+  const result = await browser.runtime.sendMessage({
+    type: 'aztec-wallet-discovery',
+    content: request,
+  });
+
+  if (!result?.success) return;
+
+  // Create MessageChannel for secure communication
+  const channel = new MessageChannel();
+
+  // Set up relay from page to background
+  channel.port1.onmessage = (event) => {
+    browser.runtime.sendMessage({
+      type: 'secure-message',
+      requestId: request.requestId,
+      content: event.data,  // Encrypted payload
+    });
+  };
+  channel.port1.start();
 
-### Phase 1: Discovery
+  // Send response with port2 to the page
+  window.postMessage(JSON.stringify(result.response), '*', [channel.port2]);
+}
+```
 
-1. **dApp broadcasts** a discovery request with chain information (NO public keys)
-2. **Your wallet shows** a pending connection request to the user
-3. **User approves** the connection request
-4. **Your wallet responds** with basic wallet info and a MessagePort
+### 4. Discovery Response Format
 
-### Phase 2: Secure Channel Establishment
+```typescript
+interface DiscoveryResponse {
+  type: 'aztec-wallet-discovery-response';
+  requestId: string;              // Must match the request
+  walletInfo: WalletInfo;         // Wallet info including public key
+}
 
-5. **dApp initiates key exchange** by sending its ECDH public key over the MessagePort
-6. **Wallet generates** ephemeral key pair and derives session keys using HKDF
-7. **Both parties compute** the same verification hash independently
-8. **User verifies** the has matches on both sides. A util for conversion to an emoji grid is provided
-9. **User confirms** the connection in the dApp
-10. **All subsequent communication** is encrypted using AES-256-GCM
+interface WalletInfo {
+  id: string;                     // Unique wallet identifier
+  name: string;                   // Display name
+  icon?: string;                  // Optional icon URL
+  version: string;                // Wallet version
+  publicKey: ExportedPublicKey;   // ECDH public key for key exchange
+}
+```
 
-### Key Security Features
+**Important:** The response is sent via `window.postMessage` with a MessagePort transferred as the third argument. The SDK receives the port and uses it for all subsequent encrypted communication.
 
-- **User approval required**: Wallet never reveals itself without explicit user consent
-- **Ephemeral keys**: New key pairs generated for each session
-- **Anti-MITM verification**: 3x3 emoji grid (72 bits of security) for visual confirmation
+## Secure Communication
 
-## Architecture for Extension Wallets
+### Architecture for Extension Wallets
 
 ```
 ┌─────────────┐    window.postMessage    ┌─────────────────┐    browser.runtime   ┌──────────────────┐
-│   dApp      │◄──(discovery + port)────►│  Content Script │◄────────────────────►│ Background Script│
-│ (web page)  │                          │  (message relay)│                      │ (crypto+state)   │
+│   dApp      │◄───(discovery only)─────►│  Content Script │◄────────────────────►│ Background Script│
+│ (web page)  │                          │  (message relay)│                      │ (decrypt+process)│
 └─────────────┘                          └─────────────────┘                      └──────────────────┘
        │                                          │
-       │              MessagePort                 │
-       └──────────(key exchange + encrypted)──────┘
+       │         MessagePort (private channel)    │
+       └──────────(encrypted messages)────────────┘
 ```
 
-**Security model:**
+**Security benefits:**
 
-- The MessagePort is transferred via `window.postMessage` - other scripts on the page could intercept it
-- **Security comes from encryption**: After key exchange, all communication is AES-256-GCM encrypted
-- Content script never has access to private keys or session secrets
+- Content script never has access to private keys or shared secrets
 - All cryptographic operations happen in the background script (service worker)
-- Anti-MITM verification (emoji grid) ensures both parties derived the same keys
+- MessagePort provides a private channel not visible to other page scripts
+- Only discovery uses `window.postMessage`; all wallet calls are encrypted on the MessagePort
 
-## Using Pre-built Connection Handlers
+### Handle Encrypted Messages
 
-The SDK provides `BackgroundConnectionHandler` and `ContentScriptConnectionHandler` to handle the connection flow. These are the recommended way to build extension wallets.
-
-### Background Script Setup
+All wallet method calls arrive as encrypted payloads on the MessagePort:
 
 ```typescript
-import {
-  BackgroundConnectionHandler,
-  type BackgroundConnectionConfig,
-  type BackgroundConnectionCallbacks,
-  type BackgroundTransport,
-} from '@aztec/wallet-sdk/extension/handlers';
-import { hashToEmoji } from '@aztec/wallet-sdk/crypto';
-
-// Configuration for your wallet
-const config: BackgroundConnectionConfig = {
-  walletId: 'my-aztec-wallet',
-  walletName: 'My Aztec Wallet',
-  walletVersion: '1.0.0',
-  walletIcon: 'https://example.com/icon.png',
-};
-
-// Transport for browser extension APIs
-const transport: BackgroundTransport = {
-  sendToTab: (tabId, message) => browser.tabs.sendMessage(tabId, message),
-  addContentListener: (handler) => browser.runtime.onMessage.addListener(handler),
-};
-
-// Event callbacks (all optional)
-const callbacks: BackgroundConnectionCallbacks = {
-  // Called when a new discovery request is received
-  onPendingDiscovery: (discovery) => {
-    // Show pending connection in wallet UI
-    // Check if wallet supports this network (chainId AND version)
-    const supported = supportedNetworks.some(
-      n => n.chainId === discovery.chainInfo.chainId.toString() &&
-           n.version === discovery.chainInfo.version.toString()
-    );
-    if (supported) {
-      // Show the user so they can approve or reject
-    }
-  },
-
-  // Called when key exchange completes and session is ready
-  onSessionEstablished: (session) => {
-    // Display verification emojis for user reference
-    console.log('Session emojis:', hashToEmoji(session.verificationHash));
-  },
+interface EncryptedPayload {
+  iv: string;         // Base64-encoded initialization vector
+  ciphertext: string; // Base64-encoded encrypted data
+}
+```
 
-  // Called when a session is terminated
-  onSessionTerminated: (requestId) => {
-    console.log('Session terminated:', requestId);
-  },
+**Background script:**
 
-  // Called when a decrypted wallet message is received
-  onWalletMessage: (session, message) => {
-    // Forward to your wallet backend
-    wallet.postMessage(message);
-  },
-};
+```typescript
+import { decrypt, encrypt } from '@aztec/wallet-sdk/crypto';
+
+async function handleSecureMessage(requestId: string, encrypted: EncryptedPayload) {
+  const session = sessions.get(requestId);
+  if (!session) return;
+
+  try {
+    // Decrypt the incoming message
+    const message = await decrypt<WalletMessage>(session.sharedKey, encrypted);
+    const { type, messageId, args, chainInfo, walletId } = message;
+
+    // Process the wallet method call
+    const wallet = await getWalletForChain(chainInfo);
+    const result = await wallet[type](...args);
+
+    // Create and encrypt response
+    const response: WalletResponse = { messageId, result, walletId };
+    const encryptedResponse = await encrypt(session.sharedKey, response);
+
+    // Send back through content script
+    browser.tabs.sendMessage(session.tabId, {
+      type: 'secure-response',
+      requestId,
+      content: encryptedResponse,
+    });
+  } catch (error) {
+    // Send encrypted error response
+    const errorResponse: WalletResponse = {
+      messageId: message?.messageId ?? '',
+      error: { message: error.message },
+      walletId: message?.walletId ?? '',
+    };
+    const encryptedError = await encrypt(session.sharedKey, errorResponse);
+    // ... send error response
+  }
+}
+```
 
-const handler = new BackgroundConnectionHandler(config, transport, callbacks);
+## Message Formats
 
-// Initialize the handler to start listening
-handler.initialize();
+### Wallet Method Request (Decrypted)
 
-// User approves connection from wallet UI
-function approveConnection(requestId: string) {
-  handler.approveDiscovery(requestId);
+```typescript
+interface WalletMessage {
+  type: string;        // Wallet method name (e.g., 'getAccounts', 'sendTx')
+  messageId: string;   // UUID for tracking this request
+  args: unknown[];     // Method arguments
+  chainInfo: ChainInfo;
+  appId: string;       // Application identifier
+  walletId: string;    // Your wallet's ID
 }
+```
 
-// User denies connection
-function denyConnection(requestId: string) {
-  handler.rejectDiscovery(requestId);
-}
+### Wallet Method Response
 
-// Send response back to dApp
-async function sendWalletResponse(requestId: string, response: WalletResponse) {
-  await handler.sendResponse(requestId, response);
+```typescript
+interface WalletResponse {
+  messageId: string;   // Must match the request
+  result?: unknown;    // Method result (if successful)
+  error?: unknown;     // Error (if failed)
+  walletId: string;    // Your wallet's ID
 }
-
-// Clean up on tab close/navigate
-browser.tabs.onRemoved.addListener((tabId) => {
-  handler.terminateForTab(tabId);
-});
 ```
 
-### Content Script Setup
+## Anti-MITM Verification
 
-```typescript
-import {
-  ContentScriptConnectionHandler,
-  type ContentScriptTransport,
-} from '@aztec/wallet-sdk/extension/handlers';
+Both the dApp and wallet independently compute a `verificationHash` from the shared secret. If both parties compute the same hash, they know there's no man-in-the-middle attack.
 
-const transport: ContentScriptTransport = {
-  sendToBackground: (message) => browser.runtime.sendMessage(message),
-  addBackgroundListener: (handler) => browser.runtime.onMessage.addListener(handler),
-};
+```typescript
+import { hashSharedSecret } from '@aztec/wallet-sdk/crypto';
 
-const handler = new ContentScriptConnectionHandler(transport);
+// Compute verification hash from shared key
+const verificationHash = await hashSharedSecret(sharedKey);
 
-// Start listening for discovery requests and background messages
-handler.start();
+// Store verificationHash in session - this is the cryptographic proof
+sessions.set(requestId, { sharedKey, verificationHash, tabId });
 ```
 
-## Testing Your Integration (dApp Side)
-
-The `WalletManager` supports two patterns for consuming discovered wallets.
-
-### Async Iterator Pattern
+For user-friendly display, convert the hash to an emoji sequence:
 
 ```typescript
-import { Fr } from '@aztec/foundation/fields';
-import { WalletManager } from '@aztec/wallet-sdk/manager';
 import { hashToEmoji } from '@aztec/wallet-sdk/crypto';
 
-const discovery = WalletManager.configure({
-  extensions: { enabled: true },
-}).getAvailableWallets({
-  chainInfo: {
-    chainId: new Fr(31337),
-    version: new Fr(1),
-  },
-  appId: 'my-dapp',
-  timeout: 60000,
-});
+// Convert to emoji only when displaying to the user
+const emoji = hashToEmoji(verificationHash);  // e.g., "🔵🦋🎯🐼"
+```
 
-// Iterate over discovered wallets as they're approved
-for await (const provider of discovery.wallets) {
-  console.log(`Found: ${provider.name}`);
+The dApp displays the same emoji sequence. If they match, the connection is secure.
 
-  // Establish secure channel (key exchange)
-  const pending = await provider.establishSecureChannel('my-dapp');
+## Session Management
 
-  // Display verification emojis to user
-  const emojis = hashToEmoji(pending.verificationHash);
-  console.log('Verify this matches your wallet:', emojis);
+Sessions should be cleaned up when:
 
-  // User confirms emojis match
-  const wallet = await pending.confirm();
+- **Tab closes**: Browser tabs API `onRemoved` event
+- **Tab navigates**: Browser tabs API `onUpdated` event with `status === 'loading'`
 
-  // All calls are now encrypted
-  const accounts = await wallet.getAccounts();
-  console.log('Accounts:', accounts);
-}
+```typescript
+// Clean up when tab closes
+browser.tabs.onRemoved.addListener((tabId) => {
+  for (const [requestId, session] of sessions) {
+    if (session.tabId === tabId) {
+      sessions.delete(requestId);
+    }
+  }
+});
 
-// Cancel discovery when done or on cleanup
-discovery.cancel();
+// Clean up when tab navigates
+browser.tabs.onUpdated.addListener((tabId, changeInfo) => {
+  if (changeInfo.status === 'loading') {
+    for (const [requestId, session] of sessions) {
+      if (session.tabId === tabId) {
+        sessions.delete(requestId);
+      }
+    }
+  }
+});
 ```
 
-### Callback Pattern
+## Testing Your Integration
+
+### Using WalletManager
 
 ```typescript
 import { Fr } from '@aztec/foundation/fields';
-import { WalletManager, type WalletProvider } from '@aztec/wallet-sdk/manager';
-import { hashToEmoji } from '@aztec/wallet-sdk/crypto';
-
-const discoveredProviders: WalletProvider[] = [];
+import { WalletManager, hashToEmoji } from '@aztec/wallet-sdk/manager';
 
-const discovery = WalletManager.configure({
+const manager = WalletManager.configure({
   extensions: { enabled: true },
-}).getAvailableWallets({
+});
+
+// Discover wallets (secure channel established automatically)
+const wallets = await manager.getAvailableWallets({
   chainInfo: {
     chainId: new Fr(31337),
-    version: new Fr(1),
-  },
-  appId: 'my-dapp',
-  timeout: 60000,
-  // Callback fires as each wallet is discovered
-  onWalletDiscovered: (provider) => {
-    discoveredProviders.push(provider);
-    updateUI(); // Your UI update function
+    version: new Fr(0),
   },
+  timeout: 2000,
 });
 
-// Wait for discovery to complete (or cancel early with discovery.cancel())
-await discovery.done;
-console.log('Discovery complete, found:', discoveredProviders.length);
-
-// Connect to a selected provider
-async function connectToWallet(provider: WalletProvider) {
-  const pending = await provider.establishSecureChannel('my-dapp');
+// Each wallet provider has verification info
+for (const provider of wallets) {
+  const emoji = hashToEmoji(provider.metadata.verificationHash);
+  console.log(`${provider.name}: ${emoji}`);
+}
 
-  // Show verification UI
-  const emojis = hashToEmoji(pending.verificationHash);
-  showVerificationDialog(emojis);
+// Connect and use
+const walletProvider = wallets.find(w => w.id === 'my-aztec-wallet');
+if (walletProvider) {
+  const wallet = await walletProvider.connect('my-app-id');
 
-  // User confirms
-  const wallet = await pending.confirm();
-  return wallet;
+  // All calls are automatically encrypted
+  const accounts = await wallet.getAccounts();
+  console.log('Accounts:', accounts);
 }
 ```
 
-### React Hook Example
-
-```typescript
-function useWalletDiscovery(chainInfo: ChainInfo, appId: string) {
-  const [providers, setProviders] = useState<WalletProvider[]>([]);
-  const [isDiscovering, setIsDiscovering] = useState(true);
-  const discoveryRef = useRef<DiscoverySession | null>(null);
-
-  useEffect(() => {
-    setProviders([]);
-    setIsDiscovering(true);
-
-    const discovery = WalletManager.configure({
-      extensions: { enabled: true },
-    }).getAvailableWallets({
-      chainInfo,
-      appId,
-      timeout: 60000,
-      onWalletDiscovered: (provider) => {
-        setProviders(prev => [...prev, provider]);
-      },
-    });
-
-    discoveryRef.current = discovery;
-
-    discovery.done.then(() => setIsDiscovering(false));
+## Reference Implementation
 
-    return () => {
-      discovery.cancel();
-      discoveryRef.current = null;
-    };
-  }, [chainInfo.chainId.toString(), chainInfo.version.toString(), appId]);
+For a complete reference implementation, see the demo wallet at:
 
-  return { providers, isDiscovering, cancel: () => discoveryRef.current?.cancel() };
-}
-```
+- Repository: `~/repos/demo-wallet`

package/dest/base-wallet/base_wallet.d.ts

@@ -1,6 +1,5 @@
 import type { Account } from '@aztec/aztec.js/account';
 import type { CallIntent, IntentInnerHash } from '@aztec/aztec.js/authorization';
-import { type InteractionWaitOptions, type SendReturn } from '@aztec/aztec.js/contracts';
 import type { FeePaymentMethod } from '@aztec/aztec.js/fee';
 import type { Aliased, BatchResults, BatchedMethod, PrivateEvent, PrivateEventFilter, ProfileOptions, SendOptions, SimulateOptions, Wallet } from '@aztec/aztec.js/wallet';
 import { AccountFeePaymentMethodOptions } from '@aztec/entrypoints/account';
@@ -14,7 +13,7 @@ import type { AztecAddress } from '@aztec/stdlib/aztec-address';
 import { type ContractInstanceWithAddress } from '@aztec/stdlib/contract';
 import { GasSettings } from '@aztec/stdlib/gas';
 import type { AztecNode } from '@aztec/stdlib/interfaces/client';
-import type { TxExecutionRequest, TxProfileResult, TxSimulationResult, UtilitySimulationResult } from '@aztec/stdlib/tx';
+import type { TxExecutionRequest, TxHash, TxProfileResult, TxReceipt, TxSimulationResult, UtilitySimulationResult } from '@aztec/stdlib/tx';
 import { ExecutionPayload } from '@aztec/stdlib/tx';
 /**
  * Options to configure fee payment for a transaction
@@ -84,9 +83,10 @@ export declare abstract class BaseWallet implements Wallet {
     registerContract(instance: ContractInstanceWithAddress, artifact?: ContractArtifact, secretKey?: Fr): Promise<ContractInstanceWithAddress>;
     simulateTx(executionPayload: ExecutionPayload, opts: SimulateOptions): Promise<TxSimulationResult>;
     profileTx(executionPayload: ExecutionPayload, opts: ProfileOptions): Promise<TxProfileResult>;
-    sendTx<W extends InteractionWaitOptions = undefined>(executionPayload: ExecutionPayload, opts: SendOptions<W>): Promise<SendReturn<W>>;
+    sendTx(executionPayload: ExecutionPayload, opts: SendOptions): Promise<TxHash>;
     protected contextualizeError(err: Error, ...context: string[]): Error;
     simulateUtility(call: FunctionCall, authwits?: AuthWitness[]): Promise<UtilitySimulationResult>;
+    getTxReceipt(txHash: TxHash): Promise<TxReceipt>;
     getPrivateEvents<T>(eventDef: EventMetadataDefinition, eventFilter: PrivateEventFilter): Promise<PrivateEvent<T>[]>;
     getContractMetadata(address: AztecAddress): Promise<{
         instance: ContractInstanceWithAddress | undefined;
@@ -101,4 +101,4 @@ export declare abstract class BaseWallet implements Wallet {
         isContractClassPubliclyRegistered: boolean;
     }>;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzZV93YWxsZXQuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9iYXNlLXdhbGxldC9iYXNlX3dhbGxldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxPQUFPLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN2RCxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsZUFBZSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDakYsT0FBTyxFQUFFLEtBQUssc0JBQXNCLEVBQVcsS0FBSyxVQUFVLEVBQUUsTUFBTSwyQkFBMkIsQ0FBQztBQUNsRyxPQUFPLEtBQUssRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBRTVELE9BQU8sS0FBSyxFQUNWLE9BQU8sRUFDUCxZQUFZLEVBQ1osYUFBYSxFQUNiLFlBQVksRUFDWixrQkFBa0IsRUFDbEIsY0FBYyxFQUNkLFdBQVcsRUFDWCxlQUFlLEVBQ2YsTUFBTSxFQUNQLE1BQU0sd0JBQXdCLENBQUM7QUFPaEMsT0FBTyxFQUFFLDhCQUE4QixFQUF3QyxNQUFNLDRCQUE0QixDQUFDO0FBQ2xILE9BQU8sS0FBSyxFQUFFLFNBQVMsRUFBRSxNQUFNLCtCQUErQixDQUFDO0FBQy9ELE9BQU8sRUFBRSxFQUFFLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUVwRCxPQUFPLEtBQUssRUFBRSxRQUFRLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN4RCxPQUFPLEtBQUssRUFBRSxHQUFHLEVBQXNCLE1BQU0sbUJBQW1CLENBQUM7QUFDakUsT0FBTyxFQUNMLEtBQUssZ0JBQWdCLEVBQ3JCLEtBQUssdUJBQXVCLEVBQzVCLEtBQUssWUFBWSxFQUVsQixNQUFNLG1CQUFtQixDQUFDO0FBQzNCLE9BQU8sS0FBSyxFQUFFLFdBQVcsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQzlELE9BQU8sS0FBSyxFQUFFLFlBQVksRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ2hFLE9BQU8sRUFDTCxLQUFLLDJCQUEyQixFQUdqQyxNQUFNLHdCQUF3QixDQUFDO0FBRWhDLE9BQU8sRUFBTyxXQUFXLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUVyRCxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSxpQ0FBaUMsQ0FBQztBQUNqRSxPQUFPLEtBQUssRUFDVixrQkFBa0IsRUFDbEIsZUFBZSxFQUNmLGtCQUFrQixFQUNsQix1QkFBdUIsRUFDeEIsTUFBTSxrQkFBa0IsQ0FBQztBQUMxQixPQUFPLEVBQUUsZ0JBQWdCLEVBQTBCLE1BQU0sa0JBQWtCLENBQUM7QUFJNUU7O0dBRUc7QUFDSCxNQUFNLE1BQU0sVUFBVSxHQUFHO0lBQ3ZCOzs7T0FHRztJQUNILHNCQUFzQixDQUFDLEVBQUUsZ0JBQWdCLENBQUM7SUFDMUMsK0ZBQStGO0lBQy9GLDhCQUE4QixFQUFFLDhCQUE4QixDQUFDO0lBQy9ELGtEQUFrRDtJQUNsRCxXQUFXLEVBQUUsV0FBVyxDQUFDO0NBQzFCLENBQUM7QUFFRjs7R0FFRztBQUNILDhCQUFzQixVQUFXLFlBQVcsTUFBTTtJQVE5QyxTQUFTLENBQUMsUUFBUSxDQUFDLEdBQUcsRUFBRSxHQUFHO0lBQzNCLFNBQVMsQ0FBQyxRQUFRLENBQUMsU0FBUyxFQUFFLFNBQVM7SUFSekMsU0FBUyxDQUFDLEdBQUcseUNBQTBDO0lBRXZELFNBQVMsQ0FBQyxhQUFhLFNBQU87SUFDOUIsU0FBUyxDQUFDLHVCQUF1QixVQUFTO0lBRzFDLFNBQVMsYUFDWSxHQUFHLEVBQUUsR0FBRyxFQUNSLFNBQVMsRUFBRSxTQUFTLEVBQ3JDO0lBRUosU0FBUyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxPQUFPLEVBQUUsWUFBWSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUVsRixRQUFRLENBQUMsV0FBVyxJQUFJLE9BQU8sQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBRXpEOzs7Ozs7T0FNRztJQUNHLGNBQWMsSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMsQ0FHdkQ7SUFFSyxZQUFZLElBQUksT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUd2QztJQUVELFVBQWdCLHlDQUF5QyxDQUN2RCxnQkFBZ0IsRUFBRSxnQkFBZ0IsRUFDbEMsSUFBSSxFQUFFLFlBQVksRUFDbEIsVUFBVSxFQUFFLFVBQVUsR0FDckIsT0FBTyxDQUFDLGtCQUFrQixDQUFDLENBa0I3QjtJQUVZLGFBQWEsQ0FDeEIsSUFBSSxFQUFFLFlBQVksRUFDbEIsbUJBQW1CLEVBQUUsZUFBZSxHQUFHLFVBQVUsR0FDaEQsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUl0QjtJQUVZLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxTQUFTLFNBQVMsYUFBYSxFQUFFLEVBQUUsT0FBTyxFQUFFLENBQUMsR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBZ0JqRztJQUVEOzs7Ozs7T0FNRztJQUNILFVBQWdCLGtCQUFrQixDQUNoQyxJQUFJLEVBQUUsWUFBWSxFQUNsQixRQUFRLENBQUMsRUFBRSxZQUFZLEVBQ3ZCLFdBQVcsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLENBQUMsR0FDM0MsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQXNCckI7SUFFRDs7Ozs7OztPQU9HO0lBQ0gsVUFBZ0IsK0JBQStCLENBQzdDLElBQUksRUFBRSxZQUFZLEVBQ2xCLFFBQVEsQ0FBQyxFQUFFLFlBQVksRUFDdkIsV0FBVyxDQUFDLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQWhKOUM7OztXQUdHOztRQUVILCtGQUErRjs7O09BNko5RjtJQUVELGNBQWMsQ0FBQyxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sR0FBRSxNQUFXLEdBQUcsT0FBTyxDQUFDLFlBQVksQ0FBQyxDQUVoRjtJQUVLLGdCQUFnQixDQUNwQixRQUFRLEVBQUUsMkJBQTJCLEVBQ3JDLFFBQVEsQ0FBQyxFQUFFLGdCQUFnQixFQUMzQixTQUFTLENBQUMsRUFBRSxFQUFFLEdBQ2IsT0FBTyxDQUFDLDJCQUEyQixDQUFDLENBZ0N0QztJQUVLLFVBQVUsQ0FBQyxnQkFBZ0IsRUFBRSxnQkFBZ0IsRUFBRSxJQUFJLEVBQUUsZUFBZSxHQUFHLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxDQVd2RztJQUVLLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxnQkFBZ0IsRUFBRSxJQUFJLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxlQUFlLENBQUMsQ0FJbEc7SUFFWSxNQUFNLENBQUMsQ0FBQyxTQUFTLHNCQUFzQixHQUFHLFNBQVMsRUFDOUQsZ0JBQWdCLEVBQUUsZ0JBQWdCLEVBQ2xDLElBQUksRUFBRSxXQUFXLENBQUMsQ0FBQyxDQUFDLEdBQ25CLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0F1QnhCO0lBRUQsU0FBUyxDQUFDLGtCQUFrQixDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsR0FBRyxPQUFPLEVBQUUsTUFBTSxFQUFFLEdBQUcsS0FBSyxDQVlwRTtJQUVELGVBQWUsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFLFFBQVEsQ0FBQyxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQyx1QkFBdUIsQ0FBQyxDQUU5RjtJQUVLLGdCQUFnQixDQUFDLENBQUMsRUFDdEIsUUFBUSxFQUFFLHVCQUF1QixFQUNqQyxXQUFXLEVBQUUsa0JBQWtCLEdBQzlCLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQWU1QjtJQUVLLG1CQUFtQixDQUFDLE9BQU8sRUFBRSxZQUFZOzs7Ozs7O09BdUI5QztJQUVLLHdCQUF3QixDQUFDLEVBQUUsRUFBRSxFQUFFOzs7T0FNcEM7Q0FDRiJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzZV93YWxsZXQuZC50cyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9iYXNlLXdhbGxldC9iYXNlX3dhbGxldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssRUFBRSxPQUFPLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUN2RCxPQUFPLEtBQUssRUFBRSxVQUFVLEVBQUUsZUFBZSxFQUFFLE1BQU0sK0JBQStCLENBQUM7QUFDakYsT0FBTyxLQUFLLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUM1RCxPQUFPLEtBQUssRUFDVixPQUFPLEVBQ1AsWUFBWSxFQUNaLGFBQWEsRUFDYixZQUFZLEVBQ1osa0JBQWtCLEVBQ2xCLGNBQWMsRUFDZCxXQUFXLEVBQ1gsZUFBZSxFQUNmLE1BQU0sRUFDUCxNQUFNLHdCQUF3QixDQUFDO0FBT2hDLE9BQU8sRUFBRSw4QkFBOEIsRUFBd0MsTUFBTSw0QkFBNEIsQ0FBQztBQUNsSCxPQUFPLEtBQUssRUFBRSxTQUFTLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUMvRCxPQUFPLEVBQUUsRUFBRSxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFFcEQsT0FBTyxLQUFLLEVBQUUsUUFBUSxFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDeEQsT0FBTyxLQUFLLEVBQUUsR0FBRyxFQUFzQixNQUFNLG1CQUFtQixDQUFDO0FBQ2pFLE9BQU8sRUFDTCxLQUFLLGdCQUFnQixFQUNyQixLQUFLLHVCQUF1QixFQUM1QixLQUFLLFlBQVksRUFFbEIsTUFBTSxtQkFBbUIsQ0FBQztBQUMzQixPQUFPLEtBQUssRUFBRSxXQUFXLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUM5RCxPQUFPLEtBQUssRUFBRSxZQUFZLEVBQUUsTUFBTSw2QkFBNkIsQ0FBQztBQUNoRSxPQUFPLEVBQ0wsS0FBSywyQkFBMkIsRUFHakMsTUFBTSx3QkFBd0IsQ0FBQztBQUVoQyxPQUFPLEVBQU8sV0FBVyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFFckQsT0FBTyxLQUFLLEVBQUUsU0FBUyxFQUFFLE1BQU0saUNBQWlDLENBQUM7QUFDakUsT0FBTyxLQUFLLEVBQ1Ysa0JBQWtCLEVBQ2xCLE1BQU0sRUFDTixlQUFlLEVBQ2YsU0FBUyxFQUNULGtCQUFrQixFQUNsQix1QkFBdUIsRUFDeEIsTUFBTSxrQkFBa0IsQ0FBQztBQUMxQixPQUFPLEVBQUUsZ0JBQWdCLEVBQTBCLE1BQU0sa0JBQWtCLENBQUM7QUFJNUU7O0dBRUc7QUFDSCxNQUFNLE1BQU0sVUFBVSxHQUFHO0lBQ3ZCOzs7T0FHRztJQUNILHNCQUFzQixDQUFDLEVBQUUsZ0JBQWdCLENBQUM7SUFDMUMsK0ZBQStGO0lBQy9GLDhCQUE4QixFQUFFLDhCQUE4QixDQUFDO0lBQy9ELGtEQUFrRDtJQUNsRCxXQUFXLEVBQUUsV0FBVyxDQUFDO0NBQzFCLENBQUM7QUFFRjs7R0FFRztBQUNILDhCQUFzQixVQUFXLFlBQVcsTUFBTTtJQVE5QyxTQUFTLENBQUMsUUFBUSxDQUFDLEdBQUcsRUFBRSxHQUFHO0lBQzNCLFNBQVMsQ0FBQyxRQUFRLENBQUMsU0FBUyxFQUFFLFNBQVM7SUFSekMsU0FBUyxDQUFDLEdBQUcseUNBQTBDO0lBRXZELFNBQVMsQ0FBQyxhQUFhLFNBQU87SUFDOUIsU0FBUyxDQUFDLHVCQUF1QixVQUFTO0lBRzFDLFNBQVMsYUFDWSxHQUFHLEVBQUUsR0FBRyxFQUNSLFNBQVMsRUFBRSxTQUFTLEVBQ3JDO0lBRUosU0FBUyxDQUFDLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxPQUFPLEVBQUUsWUFBWSxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUVsRixRQUFRLENBQUMsV0FBVyxJQUFJLE9BQU8sQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBRXpEOzs7Ozs7T0FNRztJQUNHLGNBQWMsSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMsQ0FHdkQ7SUFFSyxZQUFZLElBQUksT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUd2QztJQUVELFVBQWdCLHlDQUF5QyxDQUN2RCxnQkFBZ0IsRUFBRSxnQkFBZ0IsRUFDbEMsSUFBSSxFQUFFLFlBQVksRUFDbEIsVUFBVSxFQUFFLFVBQVUsR0FDckIsT0FBTyxDQUFDLGtCQUFrQixDQUFDLENBa0I3QjtJQUVZLGFBQWEsQ0FDeEIsSUFBSSxFQUFFLFlBQVksRUFDbEIsbUJBQW1CLEVBQUUsZUFBZSxHQUFHLFVBQVUsR0FDaEQsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUl0QjtJQUVZLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxTQUFTLFNBQVMsYUFBYSxFQUFFLEVBQUUsT0FBTyxFQUFFLENBQUMsR0FBRyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBZ0JqRztJQUVEOzs7Ozs7T0FNRztJQUNILFVBQWdCLGtCQUFrQixDQUNoQyxJQUFJLEVBQUUsWUFBWSxFQUNsQixRQUFRLENBQUMsRUFBRSxZQUFZLEVBQ3ZCLFdBQVcsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLENBQUMsR0FDM0MsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQXNCckI7SUFFRDs7Ozs7OztPQU9HO0lBQ0gsVUFBZ0IsK0JBQStCLENBQzdDLElBQUksRUFBRSxZQUFZLEVBQ2xCLFFBQVEsQ0FBQyxFQUFFLFlBQVksRUFDdkIsV0FBVyxDQUFDLEVBQUUsT0FBTyxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQWhKOUM7OztXQUdHOztRQUVILCtGQUErRjs7O09BNko5RjtJQUVELGNBQWMsQ0FBQyxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sR0FBRSxNQUFXLEdBQUcsT0FBTyxDQUFDLFlBQVksQ0FBQyxDQUVoRjtJQUVLLGdCQUFnQixDQUNwQixRQUFRLEVBQUUsMkJBQTJCLEVBQ3JDLFFBQVEsQ0FBQyxFQUFFLGdCQUFnQixFQUMzQixTQUFTLENBQUMsRUFBRSxFQUFFLEdBQ2IsT0FBTyxDQUFDLDJCQUEyQixDQUFDLENBZ0N0QztJQUVLLFVBQVUsQ0FBQyxnQkFBZ0IsRUFBRSxnQkFBZ0IsRUFBRSxJQUFJLEVBQUUsZUFBZSxHQUFHLE9BQU8sQ0FBQyxrQkFBa0IsQ0FBQyxDQVd2RztJQUVLLFNBQVMsQ0FBQyxnQkFBZ0IsRUFBRSxnQkFBZ0IsRUFBRSxJQUFJLEVBQUUsY0FBYyxHQUFHLE9BQU8sQ0FBQyxlQUFlLENBQUMsQ0FJbEc7SUFFSyxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsZ0JBQWdCLEVBQUUsSUFBSSxFQUFFLFdBQVcsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLENBZW5GO0lBRUQsU0FBUyxDQUFDLGtCQUFrQixDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsR0FBRyxPQUFPLEVBQUUsTUFBTSxFQUFFLEdBQUcsS0FBSyxDQVlwRTtJQUVELGVBQWUsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFLFFBQVEsQ0FBQyxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQyx1QkFBdUIsQ0FBQyxDQUU5RjtJQUVELFlBQVksQ0FBQyxNQUFNLEVBQUUsTUFBTSxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FFL0M7SUFFSyxnQkFBZ0IsQ0FBQyxDQUFDLEVBQ3RCLFFBQVEsRUFBRSx1QkFBdUIsRUFDakMsV0FBVyxFQUFFLGtCQUFrQixHQUM5QixPQUFPLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FlNUI7SUFFSyxtQkFBbUIsQ0FBQyxPQUFPLEVBQUUsWUFBWTs7Ozs7OztPQXVCOUM7SUFFSyx3QkFBd0IsQ0FBQyxFQUFFLEVBQUUsRUFBRTs7O09BTXBDO0NBQ0YifQ==