@babylonlabs-io/ts-sdk 0.33.3 → 0.33.4

package/dist/types-SYvSQWnc.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"types-SYvSQWnc.js","sources":["../src/tbv/core/contracts/abis/BTCVaultRegistry.abi.ts","../src/tbv/core/clients/vault-provider/json-rpc-client.ts","../src/tbv/core/clients/vault-provider/types.ts"],"sourcesContent":["/**\n * BTCVaultRegistry Contract ABI\n *\n * Minimal ABI containing only the functions needed by the SDK.\n * Full ABI is available in the vault service package.\n *\n * @module contracts/abis/BTCVaultRegistry\n */\n\n/**\n * Minimal ABI for BTCVaultRegistry contract.\n * Contains submitPeginRequest, submitPeginRequestBatch, activateVaultWithSecret, getPegInFee, and getBtcVaultBasicInfo.\n */\nexport const BTCVaultRegistryABI = [\n  {\n    type: \"function\",\n    name: \"submitPeginRequest\",\n    inputs: [\n      {\n        name: \"depositor\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n      {\n        name: \"depositorBtcPubKey\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n      {\n        name: \"btcPopSignature\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"unsignedPrePeginTx\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"depositorSignedPeginTx\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"vaultProvider\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n      {\n        name: \"hashlock\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n      {\n        name: \"htlcVout\",\n        type: \"uint8\",\n        internalType: \"uint8\",\n      },\n      {\n        name: \"depositorPayoutBtcAddress\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"depositorWotsPkHash\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n    ],\n    stateMutability: \"payable\",\n  },\n  {\n    type: \"function\",\n    name: \"submitPeginRequest\",\n    inputs: [\n      {\n        name: \"depositor\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n      {\n        name: \"depositorBtcPubKey\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n      {\n        name: \"btcPopSignature\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"unsignedPrePeginTx\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"depositorSignedPeginTx\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"vaultProvider\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n      {\n        name: \"hashlock\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n      {\n        name: \"htlcVout\",\n        type: \"uint8\",\n        internalType: \"uint8\",\n      },\n      {\n        name: \"referralCode\",\n        type: \"uint32\",\n        internalType: \"uint32\",\n      },\n      {\n        name: \"depositorPayoutBtcAddress\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n      {\n        name: \"depositorWotsPkHash\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n    ],\n    stateMutability: \"payable\",\n  },\n  {\n    type: \"function\",\n    name: \"submitPeginRequestBatch\",\n    inputs: [\n      { name: \"depositor\", type: \"address\", internalType: \"address\" },\n      { name: \"vaultProvider\", type: \"address\", internalType: \"address\" },\n      {\n        name: \"requests\",\n        type: \"tuple[]\",\n        internalType: \"struct IBTCVaultRegistry.BatchPeginRequest[]\",\n        components: [\n          { name: \"depositorBtcPubKey\", type: \"bytes32\", internalType: \"bytes32\" },\n          { name: \"btcPopSignature\", type: \"bytes\", internalType: \"bytes\" },\n          { name: \"unsignedPrePeginTx\", type: \"bytes\", internalType: \"bytes\" },\n          { name: \"depositorSignedPeginTx\", type: \"bytes\", internalType: \"bytes\" },\n          { name: \"hashlock\", type: \"bytes32\", internalType: \"bytes32\" },\n          { name: \"htlcVout\", type: \"uint8\", internalType: \"uint8\" },\n          { name: \"referralCode\", type: \"uint32\", internalType: \"uint32\" },\n          { name: \"depositorPayoutBtcAddress\", type: \"bytes\", internalType: \"bytes\" },\n          { name: \"depositorWotsPkHash\", type: \"bytes32\", internalType: \"bytes32\" },\n        ],\n      },\n    ],\n    outputs: [\n      { name: \"vaultIds\", type: \"bytes32[]\", internalType: \"bytes32[]\" },\n    ],\n    stateMutability: \"payable\",\n  },\n  {\n    type: \"function\",\n    name: \"activateVaultWithSecret\",\n    inputs: [\n      {\n        name: \"vaultId\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n      {\n        name: \"s\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n      {\n        name: \"activationMetadata\",\n        type: \"bytes\",\n        internalType: \"bytes\",\n      },\n    ],\n    outputs: [],\n    stateMutability: \"nonpayable\",\n  },\n  {\n    type: \"function\",\n    name: \"getPegInFee\",\n    inputs: [\n      {\n        name: \"vaultProvider\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"totalFee\",\n        type: \"uint256\",\n        internalType: \"uint256\",\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getVaultProviderBTCKey\",\n    inputs: [\n      { name: \"vpAddr\", type: \"address\", internalType: \"address\" },\n    ],\n    outputs: [\n      { name: \"\", type: \"bytes32\", internalType: \"bytes32\" },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getBtcVaultBasicInfo\",\n    inputs: [\n      {\n        name: \"vaultId\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"vBasic\",\n        type: \"tuple\",\n        internalType: \"struct BTCVaultTypes.BTCVaultBasicInfo\",\n        components: [\n          { name: \"depositor\", type: \"address\", internalType: \"address\" },\n          {\n            name: \"depositorBtcPubKey\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n          { name: \"amount\", type: \"uint256\", internalType: \"uint256\" },\n          {\n            name: \"vaultProvider\",\n            type: \"address\",\n            internalType: \"address\",\n          },\n          {\n            name: \"status\",\n            type: \"uint8\",\n            internalType: \"enum IBTCVaultRegistry.BTCVaultStatus\",\n          },\n          {\n            name: \"applicationEntryPoint\",\n            type: \"address\",\n            internalType: \"address\",\n          },\n          { name: \"createdAt\", type: \"uint256\", internalType: \"uint256\" },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"error\",\n    name: \"InvalidPeginFee\",\n    inputs: [\n      {\n        name: \"provided\",\n        type: \"uint256\",\n        internalType: \"uint256\",\n      },\n      {\n        name: \"required\",\n        type: \"uint256\",\n        internalType: \"uint256\",\n      },\n    ],\n  },\n  {\n    type: \"error\",\n    name: \"InvalidSecret\",\n    inputs: [],\n  },\n  {\n    type: \"error\",\n    name: \"ActivationDeadlineExpired\",\n    inputs: [],\n  },\n  {\n    type: \"error\",\n    name: \"InvalidHashlock\",\n    inputs: [],\n  },\n  {\n    type: \"error\",\n    name: \"DuplicateHashlock\",\n    inputs: [],\n  },\n  {\n    type: \"error\",\n    name: \"CapExceeded\",\n    inputs: [],\n  },\n  {\n    type: \"error\",\n    name: \"InvalidOutputIndex\",\n    inputs: [],\n  },\n  {\n    type: \"error\",\n    name: \"PeginSignaturesIncomplete\",\n    inputs: [],\n  },\n  {\n    type: \"function\",\n    name: \"getBtcVaultProtocolInfo\",\n    inputs: [\n      {\n        name: \"vaultId\",\n        type: \"bytes32\",\n        internalType: \"bytes32\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"vProtocol\",\n        type: \"tuple\",\n        internalType:\n          \"struct BTCVaultRegistryTypes.BTCVaultProtocolInfo\",\n        components: [\n          {\n            name: \"depositorSignedPeginTx\",\n            type: \"bytes\",\n            internalType: \"bytes\",\n          },\n          {\n            name: \"universalChallengersVersion\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"appVaultKeepersVersion\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"offchainParamsVersion\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"verifiedAt\",\n            type: \"uint256\",\n            internalType: \"uint256\",\n          },\n          {\n            name: \"depositorWotsPkHash\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n          {\n            name: \"hashlock\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n          {\n            name: \"htlcVout\",\n            type: \"uint8\",\n            internalType: \"uint8\",\n          },\n          {\n            name: \"depositorPopSignature\",\n            type: \"bytes\",\n            internalType: \"bytes\",\n          },\n          {\n            name: \"prePeginTxHash\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n          {\n            name: \"vaultProviderCommissionBps\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"protocolParams\",\n    inputs: [],\n    outputs: [\n      {\n        name: \"\",\n        type: \"address\",\n        internalType: \"contract IProtocolParams\",\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"applicationRegistry\",\n    inputs: [],\n    outputs: [\n      {\n        name: \"\",\n        type: \"address\",\n        internalType: \"contract IApplicationRegistry\",\n      },\n    ],\n    stateMutability: \"view\",\n  },\n] as const;\n","/**\n * Generic JSON-RPC 2.0 HTTP Client\n *\n * Framework-agnostic client using `fetch()` — works in browsers and Node.js 18+.\n * Includes configurable retry policy and AbortSignal passthrough.\n */\n\nexport interface JsonRpcRequest<T = unknown> {\n  jsonrpc: \"2.0\";\n  method: string;\n  params: T;\n  id: number | string;\n}\n\nexport interface JsonRpcSuccessResponse<T = unknown> {\n  jsonrpc: \"2.0\";\n  result: T;\n  id: number | string;\n}\n\nexport interface JsonRpcErrorResponse {\n  jsonrpc: \"2.0\";\n  error: {\n    code: number;\n    message: string;\n    data?: unknown;\n  };\n  id: number | string;\n}\n\nexport type JsonRpcResponse<T = unknown> =\n  | JsonRpcSuccessResponse<T>\n  | JsonRpcErrorResponse;\n\n/**\n * Injects bearer tokens into requests for auth-gated methods, and is\n * notified on auth-expired responses so it can invalidate its cache.\n *\n * The `JsonRpcClient` is agnostic to which methods are auth-gated —\n * the provider's `getToken(method)` decides. Returning `null` means\n * \"no auth required for this method\"; the client then sends the\n * request with no `Authorization` header.\n */\nexport interface BearerTokenProvider {\n  /**\n   * Return the bearer token to inject for `method`, or `null` if the\n   * method does not require auth.\n   */\n  getToken(method: string): Promise<string | null>;\n  /**\n   * Drop the cached token. Next call to `getToken` must re-acquire.\n   * Called by the client on reactive-refresh-trigger responses.\n   */\n  invalidate(): void;\n}\n\nexport interface JsonRpcClientConfig {\n  /** Base URL of the RPC service */\n  baseUrl: string;\n  /** Timeout in milliseconds per request attempt */\n  timeout: number;\n  /** Optional custom headers */\n  headers?: Record<string, string>;\n  /** Number of retry attempts for transient errors (default: 3) */\n  retries?: number;\n  /** Initial retry delay in milliseconds (default: 1000) */\n  retryDelay?: number;\n  /**\n   * Maximum response body size, in bytes, for typed JSON-RPC calls.\n   * `callRaw` intentionally returns the unparsed Response and is not capped here.\n   * Default: 2 MiB.\n   */\n  maxResponseBytes?: number;\n  /**\n   * Predicate that decides which methods retry on transient errors.\n   * Default retries only `getPeginStatus`, `getPegoutStatus`, and\n   * `requestDepositorPresignTransactions`. Write methods are not\n   * retried by default.\n   */\n  retryableFor?: (method: string) => boolean;\n  /**\n   * Per-request bearer-token source. A non-null return attaches\n   * `Authorization: Bearer <token>`; `null` skips auth. `call`\n   * additionally retries once on wire `auth_expired` (invalidate +\n   * refetch + retry). `callRaw` skips reactive refresh.\n   */\n  tokenProvider?: BearerTokenProvider;\n}\n\n/**\n * Identifies whether an error was produced locally (timeout, network\n * failure, malformed response) or parsed from a wire-format JSON-RPC\n * error envelope returned by the server.\n *\n * This matters for anyone inspecting the shared `-32001` code: the SDK\n * uses it internally for network failures AND the server uses it for\n * auth-middleware rejections. The `source` field disambiguates.\n */\nexport type JsonRpcErrorSource = \"wire\" | \"local\";\n\nexport class JsonRpcError extends Error {\n  constructor(\n    public code: number,\n    message: string,\n    /** \"wire\" for server-returned envelopes; \"local\" for SDK-side failures. */\n    public source: JsonRpcErrorSource = \"local\",\n    /** Structured data from the server `error.data` field, if any. */\n    public data?: unknown,\n  ) {\n    super(message);\n    this.name = \"JsonRpcError\";\n  }\n}\n\nexport const JSON_RPC_ERROR_CODES = {\n  TIMEOUT: -32000,\n  NETWORK: -32001,\n  /** VP proxy: request timed out at proxy level */\n  PROXY_TIMEOUT: -32002,\n  /** VP proxy: VP unreachable / DNS failure / response too large */\n  PROXY_UNAVAILABLE: -32003,\n  /** SDK client: response missing \"result\" field (malformed JSON-RPC) */\n  INVALID_RESPONSE: -32700,\n  /** SDK client: response body exceeded the configured byte limit */\n  RESPONSE_TOO_LARGE: -32701,\n} as const;\n\n/** JSON-RPC protocol version */\nconst JSON_RPC_VERSION = \"2.0\" as const;\n\n/** Default number of retry attempts for transient errors */\nconst DEFAULT_RETRY_ATTEMPTS = 3;\n\n/** Default initial retry delay in milliseconds */\nconst DEFAULT_RETRY_DELAY_MS = 1000;\n\n/** Default maximum JSON-RPC response size for typed calls (2 MiB) */\nconst DEFAULT_MAX_RESPONSE_BYTES = 2 * 1024 * 1024;\n\n/**\n * TODO: Temporary typed-call exceptions for methods that currently return large\n * artifact payloads as JSON-RPC results.\n */\nconst UNCAPPED_TYPED_RESPONSE_METHODS: ReadonlySet<string> = new Set([\n  \"vaultProvider_requestDepositorClaimerArtifacts\",\n]);\n\n/** HTTP status codes that indicate transient server errors and are safe to retry */\nconst RETRYABLE_HTTP_STATUS_CODES: ReadonlySet<number> = new Set([\n  408, // Request Timeout\n  429, // Too Many Requests\n  500, // Internal Server Error\n  502, // Bad Gateway\n  503, // Service Unavailable\n  504, // Gateway Timeout\n]);\n\n/** Default retry predicate: only retry read-only / idempotent methods */\nconst DEFAULT_RETRYABLE_METHODS: ReadonlySet<string> = new Set([\n  \"vaultProvider_getPeginStatus\",\n  \"vaultProvider_getPegoutStatus\",\n  \"vaultProvider_requestDepositorPresignTransactions\",\n]);\n\nfunction defaultRetryableFor(method: string): boolean {\n  return DEFAULT_RETRYABLE_METHODS.has(method);\n}\n\n/**\n * Token-expired marker the server emits in `error.data.kind`. When\n * present on a wire-origin error, the client invalidates its cached\n * token and retries the request once with a freshly-acquired bearer.\n *\n * Kept in sync with btc-vault's auth middleware. Absence of the marker\n * means the server does not support reactive refresh yet; we fall back\n * to proactive-only refresh via `BearerTokenProvider.getToken()` TTL\n * checks.\n */\nconst AUTH_EXPIRED_DATA_KIND = \"auth_expired\";\n\nfunction isAuthExpiredError(error: unknown): boolean {\n  if (!(error instanceof JsonRpcError)) return false;\n  if (error.source !== \"wire\") return false;\n  const data = error.data;\n  if (data === null || typeof data !== \"object\") return false;\n  const kind = (data as { kind?: unknown }).kind;\n  return kind === AUTH_EXPIRED_DATA_KIND;\n}\n\n/**\n * Generic JSON-RPC 2.0 HTTP client with safe retry policy.\n */\nexport class JsonRpcClient {\n  private baseUrl: string;\n  private timeout: number;\n  private headers: Record<string, string>;\n  private requestId = 0;\n  private retries: number;\n  private retryDelay: number;\n  private maxResponseBytes: number;\n  private retryableFor: (method: string) => boolean;\n  private tokenProvider?: BearerTokenProvider;\n\n  constructor(config: JsonRpcClientConfig) {\n    this.baseUrl = config.baseUrl.replace(/\\/$/, \"\");\n    this.timeout = config.timeout;\n    this.headers = {\n      \"Content-Type\": \"application/json\",\n      ...config.headers,\n    };\n    this.retries = config.retries ?? DEFAULT_RETRY_ATTEMPTS;\n    this.retryDelay = config.retryDelay ?? DEFAULT_RETRY_DELAY_MS;\n    this.maxResponseBytes =\n      config.maxResponseBytes ?? DEFAULT_MAX_RESPONSE_BYTES;\n    if (!Number.isFinite(this.maxResponseBytes) || this.maxResponseBytes <= 0) {\n      throw new Error(\"maxResponseBytes must be a positive finite number\");\n    }\n    this.retryableFor = config.retryableFor ?? defaultRetryableFor;\n    this.tokenProvider = config.tokenProvider;\n  }\n\n  private async buildHeaders(method: string): Promise<Record<string, string>> {\n    const headers: Record<string, string> = { ...this.headers };\n    if (this.tokenProvider) {\n      const token = await this.tokenProvider.getToken(method);\n      if (token) {\n        headers.Authorization = `Bearer ${token}`;\n      }\n    }\n    return headers;\n  }\n\n  /**\n   * Make a JSON-RPC request with optional retry for safe methods.\n   *\n   * If the request fails with a wire-origin `auth_expired` error and a\n   * `tokenProvider` is configured, the client invalidates its cached\n   * token and retries the request once with a freshly-acquired bearer.\n   *\n   * @param method - The RPC method name\n   * @param params - The method parameters\n   * @param signal - Optional AbortSignal for caller-controlled cancellation\n   * @returns The result from the RPC method\n   * @throws JsonRpcError if the RPC call fails\n   */\n  async call<TParams, TResult>(\n    method: string,\n    params: TParams,\n    signal?: AbortSignal,\n  ): Promise<TResult> {\n    try {\n      return await this.callOnce<TParams, TResult>(method, params, signal);\n    } catch (error) {\n      // The auth-expired retry fires for ALL methods, including mutating\n      // ones. This is intentional and safe: the server's auth middleware\n      // validates the bearer token BEFORE dispatching to the method\n      // handler, so an `auth_expired` error means the handler never ran\n      // and no state was mutated. Confirmed against btc-vault at\n      // `crates/btc-auth/src/middleware/jsonrpc.rs` — token validation\n      // is pre-handler only. The `retryableFor` guard on\n      // HTTP-transient-error retries doesn't apply here because that\n      // guard is about retrying after a request the server may have\n      // started processing; auth_expired is categorically different.\n      if (this.tokenProvider && isAuthExpiredError(error)) {\n        this.tokenProvider.invalidate();\n        return await this.callOnce<TParams, TResult>(method, params, signal);\n      }\n      throw error;\n    }\n  }\n\n  private async callOnce<TParams, TResult>(\n    method: string,\n    params: TParams,\n    signal: AbortSignal | undefined,\n  ): Promise<TResult> {\n    const response = await this.fetchWithRetry(method, params, signal);\n\n    let jsonResponse: unknown;\n    try {\n      const responseText = UNCAPPED_TYPED_RESPONSE_METHODS.has(method)\n        ? await response.text()\n        : await readResponseTextWithLimit(response, this.maxResponseBytes);\n      jsonResponse = JSON.parse(responseText);\n    } catch (error) {\n      if (error instanceof JsonRpcError) {\n        throw error;\n      }\n      throw new JsonRpcError(\n        JSON_RPC_ERROR_CODES.INVALID_RESPONSE,\n        \"Invalid JSON-RPC response: body is not valid JSON\",\n        \"local\",\n      );\n    }\n\n    if (\n      jsonResponse === null ||\n      typeof jsonResponse !== \"object\" ||\n      Array.isArray(jsonResponse)\n    ) {\n      throw new JsonRpcError(\n        JSON_RPC_ERROR_CODES.INVALID_RESPONSE,\n        `Invalid JSON-RPC response: expected an object, got ${typeof jsonResponse}`,\n        \"local\",\n      );\n    }\n\n    const rpcResponse = jsonResponse as Record<string, unknown>;\n\n    if (\"error\" in rpcResponse && rpcResponse.error != null) {\n      const err = rpcResponse.error as {\n        code?: number;\n        message?: string;\n        data?: unknown;\n      };\n      throw new JsonRpcError(\n        err.code ?? JSON_RPC_ERROR_CODES.INVALID_RESPONSE,\n        err.message ?? \"Unknown RPC error\",\n        \"wire\",\n        err.data,\n      );\n    }\n\n    if (!(\"result\" in rpcResponse)) {\n      throw new JsonRpcError(\n        JSON_RPC_ERROR_CODES.INVALID_RESPONSE,\n        `Invalid JSON-RPC response: missing \"result\" field`,\n        \"local\",\n      );\n    }\n\n    return rpcResponse.result as TResult;\n  }\n\n  /**\n   * Make a JSON-RPC request returning the raw Response (unparsed body).\n   *\n   * Bearer tokens are injected identically to `call`. **Reactive refresh\n   * is NOT performed here** — the response body may be unbounded (e.g.\n   * claimer-artifact downloads), so the client refuses to parse it to\n   * detect auth errors. Callers relying on token-expired retries for\n   * large downloads must read the body themselves and re-invoke\n   * `callRaw` after `tokenProvider.invalidate()`.\n   */\n  async callRaw<TParams>(\n    method: string,\n    params: TParams,\n    signal?: AbortSignal,\n  ): Promise<Response> {\n    return this.fetchWithRetry(method, params, signal);\n  }\n\n  private async fetchWithRetry<TParams>(\n    method: string,\n    params: TParams,\n    callerSignal?: AbortSignal,\n  ): Promise<Response> {\n    const requestId = ++this.requestId;\n    const maxRetries = this.retryableFor(method) ? this.retries : 0;\n\n    // jsonrpsee (Rust backend) expects params as an array (positional parameters)\n    const request: JsonRpcRequest<TParams[]> = {\n      jsonrpc: JSON_RPC_VERSION,\n      method,\n      params: [params],\n      id: requestId,\n    };\n\n    const body = JSON.stringify(request);\n    let lastError: Error | null = null;\n\n    for (let attempt = 0; attempt <= maxRetries; attempt++) {\n      // Merge caller signal with per-request timeout signal\n      const timeoutController = new AbortController();\n      const timeoutId = setTimeout(\n        () => timeoutController.abort(),\n        this.timeout,\n      );\n\n      const merged = callerSignal\n        ? mergeAbortSignals(callerSignal, timeoutController.signal)\n        : null;\n      const signal = merged ? merged.signal : timeoutController.signal;\n\n      try {\n        // Build headers per-attempt so the token provider can return a\n        // freshly-acquired bearer after a prior invalidate() on this\n        // request (retry loop path) without plumbing state through.\n        const headers = await this.buildHeaders(method);\n\n        const response = await fetch(this.baseUrl, {\n          method: \"POST\",\n          headers,\n          body,\n          signal,\n        });\n\n        clearTimeout(timeoutId);\n        merged?.cleanup();\n\n        if (!response.ok) {\n          const shouldRetry =\n            attempt < maxRetries &&\n            RETRYABLE_HTTP_STATUS_CODES.has(response.status);\n\n          if (shouldRetry) {\n            const delay = this.retryDelay * Math.pow(2, attempt);\n            await this.sleep(delay, callerSignal);\n            continue;\n          }\n\n          throw new Error(\n            `HTTP error: ${response.status} ${response.statusText}`,\n          );\n        }\n\n        return response;\n      } catch (error) {\n        clearTimeout(timeoutId);\n        merged?.cleanup();\n        lastError = error instanceof Error ? error : new Error(String(error));\n\n        // Check if caller aborted (not our timeout)\n        if (callerSignal?.aborted) {\n          throw new Error(\"Request aborted\");\n        }\n\n        if (error instanceof Error && error.name === \"AbortError\") {\n          if (attempt < maxRetries) {\n            const delay = this.retryDelay * Math.pow(2, attempt);\n            await this.sleep(delay, callerSignal);\n            continue;\n          }\n          throw new JsonRpcError(\n            JSON_RPC_ERROR_CODES.TIMEOUT,\n            `Request timeout after ${this.timeout}ms (${maxRetries + 1} attempts)`,\n            \"local\",\n          );\n        }\n\n        // Handle network errors (CORS, connection refused, etc.)\n        if (error instanceof TypeError) {\n          if (attempt < maxRetries) {\n            const delay = this.retryDelay * Math.pow(2, attempt);\n            await this.sleep(delay, callerSignal);\n            continue;\n          }\n          throw new JsonRpcError(\n            JSON_RPC_ERROR_CODES.NETWORK,\n            `Network error: ${error.message} (${maxRetries + 1} attempts)`,\n            \"local\",\n          );\n        }\n\n        // Don't retry JSON-RPC errors (business logic errors)\n        throw error;\n      }\n    }\n\n    throw lastError || new Error(\"Unknown error after retries\");\n  }\n\n  private sleep(ms: number, signal?: AbortSignal): Promise<void> {\n    return new Promise((resolve, reject) => {\n      if (signal?.aborted) {\n        reject(new Error(\"Request aborted\"));\n        return;\n      }\n      const timeoutId = setTimeout(() => {\n        signal?.removeEventListener(\"abort\", onAbort);\n        resolve();\n      }, ms);\n      const onAbort = () => {\n        clearTimeout(timeoutId);\n        reject(new Error(\"Request aborted\"));\n      };\n      signal?.addEventListener(\"abort\", onAbort, { once: true });\n    });\n  }\n\n  getBaseUrl(): string {\n    return this.baseUrl;\n  }\n}\n\ninterface MergedSignal {\n  signal: AbortSignal;\n  /** Remove listeners from the source signals. Call after the request completes. */\n  cleanup: () => void;\n}\n\n/**\n * Merge two AbortSignals — the returned signal aborts if either input aborts.\n * Returns a cleanup function to remove listeners when the request completes\n * normally, preventing listener accumulation in long-lived polling flows.\n */\nfunction mergeAbortSignals(a: AbortSignal, b: AbortSignal): MergedSignal {\n  if (a.aborted) return { signal: a, cleanup: () => {} };\n  if (b.aborted) return { signal: b, cleanup: () => {} };\n\n  const controller = new AbortController();\n  const onAbortA = () => {\n    b.removeEventListener(\"abort\", onAbortB);\n    controller.abort();\n  };\n  const onAbortB = () => {\n    a.removeEventListener(\"abort\", onAbortA);\n    controller.abort();\n  };\n  a.addEventListener(\"abort\", onAbortA, { once: true });\n  b.addEventListener(\"abort\", onAbortB, { once: true });\n\n  const cleanup = () => {\n    a.removeEventListener(\"abort\", onAbortA);\n    b.removeEventListener(\"abort\", onAbortB);\n  };\n\n  return { signal: controller.signal, cleanup };\n}\n\nasync function readResponseTextWithLimit(\n  response: Response,\n  maxBytes: number,\n): Promise<string> {\n  const contentLength = response.headers.get(\"content-length\");\n  if (contentLength !== null) {\n    const parsedContentLength = Number(contentLength);\n    if (\n      Number.isFinite(parsedContentLength) &&\n      parsedContentLength > maxBytes\n    ) {\n      throw responseTooLargeError(maxBytes);\n    }\n  }\n\n  if (!response.body) {\n    return \"\";\n  }\n\n  const reader = response.body.getReader();\n  const decoder = new TextDecoder();\n  let totalBytes = 0;\n  let responseText = \"\";\n\n  try {\n    for (;;) {\n      const { done, value } = await reader.read();\n      if (done) break;\n      if (!value) continue;\n\n      totalBytes += value.byteLength;\n      if (totalBytes > maxBytes) {\n        await reader.cancel();\n        throw responseTooLargeError(maxBytes);\n      }\n      responseText += decoder.decode(value, { stream: true });\n    }\n  } finally {\n    reader.releaseLock();\n  }\n\n  return responseText + decoder.decode();\n}\n\nfunction responseTooLargeError(maxBytes: number): JsonRpcError {\n  return new JsonRpcError(\n    JSON_RPC_ERROR_CODES.RESPONSE_TOO_LARGE,\n    `JSON-RPC response exceeds maximum size of ${maxBytes} bytes`,\n    \"local\",\n  );\n}\n","/**\n * Type definitions for Vault Provider JSON-RPC API.\n *\n * These types match the `vaultProvider_*` RPC namespace defined by the\n * btc-vault daemon. They are the SDK's canonical copy of the VP protocol\n * contract, independent of any frontend framework.\n *\n * @see https://github.com/babylonlabs-io/btc-vault/blob/main/docs/pegin.md\n */\n\n// ============================================================================\n// Daemon Status\n// ============================================================================\n\n/**\n * Backend daemon status (vault provider database).\n * Source: btc-vault crates/vaultd/src/workers/claimer/mod.rs PegInStatus enum\n *\n * State flow (happy path):\n * PendingIngestion -> PendingDepositorWotsPK -> PendingBabeSetup -> PendingChallengerPresigning\n *   -> PendingPeginSigsAvailability -> PendingPrePegInConfirmations\n *   -> PendingDepositorSignatures -> PendingACKs -> PendingActivation -> Activated\n *\n * Terminal / branching states:\n * - Expired: vault timed out before activation\n * - ClaimPosted: claim transaction posted on-chain\n * - PeggedOut: BTC has been returned to the depositor\n */\nexport enum DaemonStatus {\n  PENDING_INGESTION = \"PendingIngestion\",\n  PENDING_DEPOSITOR_WOTS_PK = \"PendingDepositorWotsPK\",\n  PENDING_BABE_SETUP = \"PendingBabeSetup\",\n  PENDING_CHALLENGER_PRESIGNING = \"PendingChallengerPresigning\",\n  PENDING_PEGIN_SIGS_AVAILABILITY = \"PendingPeginSigsAvailability\",\n  PENDING_PRE_PEGIN_CONFIRMATIONS = \"PendingPrePegInConfirmations\",\n  PENDING_DEPOSITOR_SIGNATURES = \"PendingDepositorSignatures\",\n  PENDING_ACKS = \"PendingACKs\",\n  PENDING_ACTIVATION = \"PendingActivation\",\n  ACTIVATED = \"Activated\",\n  EXPIRED = \"Expired\",\n  CLAIM_POSTED = \"ClaimPosted\",\n  PEGGED_OUT = \"PeggedOut\",\n}\n\n// ============================================================================\n// Status Groups\n// ============================================================================\n\n/**\n * States where the VP is still processing (no depositor action needed).\n * Excludes PENDING_DEPOSITOR_WOTS_PK (requires depositor action).\n */\nexport const PRE_DEPOSITOR_SIGNATURES_STATES: readonly DaemonStatus[] = [\n  DaemonStatus.PENDING_INGESTION,\n  DaemonStatus.PENDING_BABE_SETUP,\n  DaemonStatus.PENDING_CHALLENGER_PRESIGNING,\n  DaemonStatus.PENDING_PEGIN_SIGS_AVAILABILITY,\n  DaemonStatus.PENDING_PRE_PEGIN_CONFIRMATIONS,\n];\n\n/** States after PendingDepositorSignatures where the depositor has no action. */\nconst POST_PAYOUT_SIGNATURE_STATUSES: readonly DaemonStatus[] = [\n  DaemonStatus.PENDING_ACKS,\n  DaemonStatus.PENDING_ACTIVATION,\n  DaemonStatus.ACTIVATED,\n];\n\n/**\n * Statuses where no depositor action is needed (VP processing or already past\n * depositor interaction). Excludes PENDING_INGESTION and PENDING_DEPOSITOR_WOTS_PK.\n */\nexport const VP_TRANSIENT_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.PENDING_BABE_SETUP,\n  DaemonStatus.PENDING_CHALLENGER_PRESIGNING,\n  DaemonStatus.PENDING_PEGIN_SIGS_AVAILABILITY,\n  DaemonStatus.PENDING_PRE_PEGIN_CONFIRMATIONS,\n  ...POST_PAYOUT_SIGNATURE_STATUSES,\n]);\n\n/**\n * Terminal VP statuses where no further progress is possible.\n * If the VP reaches one of these states while polling, polling should\n * stop immediately with an error rather than waiting for timeout.\n */\nexport const VP_TERMINAL_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  DaemonStatus.EXPIRED,\n  DaemonStatus.CLAIM_POSTED,\n  DaemonStatus.PEGGED_OUT,\n]);\n\n/**\n * Statuses that come after WOTS key submission.\n * If the VP is already in one of these states, the WOTS key was already\n * submitted and we can skip.\n */\nexport const POST_WOTS_STATUSES: ReadonlySet<DaemonStatus> = new Set([\n  ...VP_TRANSIENT_STATUSES,\n  DaemonStatus.PENDING_DEPOSITOR_SIGNATURES,\n]);\n\n// ============================================================================\n// WOTS Types (needed by SubmitDepositorWotsKeyParams)\n// ============================================================================\n\n/**\n * WOTS configuration for a single block.\n * Matches Rust `babe::wots::Config` serde format.\n */\nexport interface WotsConfig {\n  /** Digit bit-width (e.g. 4 → base-16 digits). */\n  d: number;\n  /** Number of message digits in this block. */\n  n: number;\n  /** Radix used for the checksum computation. */\n  checksum_radix: number;\n}\n\n/**\n * A single block of WOTS public keys.\n * Chain values are arrays of byte values (matching Rust `[u8; 20]`).\n */\nexport interface WotsBlockPublicKey {\n  config: WotsConfig;\n  message_terminals: number[][];\n  checksum_major_terminal: number[];\n  checksum_minor_terminal: number[];\n}\n\n// ============================================================================\n// Request Parameter Types\n// ============================================================================\n\n/** Params for requesting the payout/claim/assert transactions to pre-sign. */\nexport interface RequestDepositorPresignTransactionsParams {\n  pegin_txid: string;\n  depositor_pk: string;\n}\n\n/** Params for submitting the depositor's WOTS public key to the VP. */\nexport interface SubmitDepositorWotsKeyParams {\n  pegin_txid: string;\n  depositor_pk: string;\n  wots_public_keys: WotsBlockPublicKey[];\n}\n\n/** Per-challenger signatures for the depositor-as-claimer flow. */\nexport interface DepositorPreSigsPerChallenger {\n  nopayout_signature: string;\n}\n\n/** Depositor-as-claimer pre-signatures (payout + per-challenger). */\nexport interface DepositorAsClaimerPresignatures {\n  payout_signatures: ClaimerSignatures;\n  per_challenger: Record<string, DepositorPreSigsPerChallenger>;\n}\n\n/** Params for submitting depositor pre-signatures including claimer presignatures. */\nexport interface SubmitDepositorPresignaturesParams {\n  pegin_txid: string;\n  depositor_pk: string;\n  signatures: Record<string, ClaimerSignatures>;\n  depositor_claimer_presignatures: DepositorAsClaimerPresignatures;\n}\n\n/** Payout signatures per claimer. */\nexport interface ClaimerSignatures {\n  payout_signature: string;\n}\n\n/** Params for requesting BaBe DecryptorArtifacts from the VP. */\nexport interface RequestDepositorClaimerArtifactsParams {\n  pegin_txid: string;\n  depositor_pk: string;\n}\n\n/** Params for querying pegin status. Either pegin_txid or vault_id must be provided. */\nexport type GetPeginStatusParams =\n  | { pegin_txid: string; vault_id?: never }\n  | { vault_id: string; pegin_txid?: never };\n\n// ============================================================================\n// Response Types\n// ============================================================================\n\n/** A raw Bitcoin transaction with its hex encoding. */\nexport interface TransactionData {\n  tx_hex: string;\n}\n\n/** Set of transactions the depositor must pre-sign for a single claimer. */\nexport interface ClaimerTransactions {\n  claimer_pubkey: string;\n  claim_tx: TransactionData;\n  assert_tx: TransactionData;\n  payout_tx: TransactionData;\n  payout_psbt: string;\n}\n\n/** Per-segment connector data for ChallengeAssert inputs. */\nexport interface ChallengeAssertConnectorData {\n  wots_pks_json: string;\n  gc_wots_keys_json: string;\n}\n\n/** Challenger-specific transactions and signing data for the depositor graph. */\nexport interface PresignDataPerChallenger {\n  challenger_pubkey: string;\n  challenge_assert_x_tx: TransactionData;\n  challenge_assert_y_tx: TransactionData;\n  nopayout_tx: TransactionData;\n  nopayout_psbt: string;\n  challenge_assert_connectors: ChallengeAssertConnectorData[];\n  output_label_hashes: string[];\n}\n\n/** Depositor-as-claimer TxGraph transactions. */\nexport interface DepositorGraphTransactions {\n  claim_tx: TransactionData;\n  assert_tx: TransactionData;\n  payout_tx: TransactionData;\n  payout_psbt: string;\n  challenger_presign_data: PresignDataPerChallenger[];\n  offchain_params_version: number;\n}\n\n/** Response from `requestDepositorPresignTransactions`. */\nexport interface RequestDepositorPresignTransactionsResponse {\n  txs: ClaimerTransactions[];\n  depositor_graph: DepositorGraphTransactions;\n}\n\n/** BaBe garbled-circuit session data for a single challenger. */\nexport interface BaBeSessionData {\n  decryptor_artifacts_hex: string;\n}\n\n/** Response from `requestDepositorClaimerArtifacts`. */\nexport interface RequestDepositorClaimerArtifactsResponse {\n  tx_graph_json: string;\n  verifying_key_hex: string;\n  babe_sessions: Record<string, BaBeSessionData>;\n}\n\n/** Progress tracker for a multi-challenger operation. */\nexport interface ChallengerProgress {\n  total_challengers: number;\n  completed_challengers: number;\n  completed_challenger_pubkeys: string[];\n  pending_challenger_pubkeys: string[];\n}\n\nexport type GcDataProgress = ChallengerProgress;\nexport type AckCollectionProgress = ChallengerProgress;\n\n/** Extended presigning progress with all 3 concurrent phases. */\nexport interface PresigningProgress extends ChallengerProgress {\n  depositor_graph_created?: boolean;\n  vk_challenger_presigning_completed?: number;\n  vk_challenger_presigning_total?: number;\n}\n\n/** Detailed progress breakdown for an in-progress pegin. */\nexport interface PeginProgressDetails {\n  gc_data?: GcDataProgress;\n  presigning?: PresigningProgress;\n  ack_collection?: AckCollectionProgress;\n  claimer_graphs?: ClaimerGraphStatus[];\n}\n\n/** Per-claimer graph status (challenger perspective). */\nexport interface ClaimerGraphStatus {\n  claimer_pubkey: string;\n  presigned: boolean;\n}\n\n/** Response from `getPeginStatus`. */\nexport interface GetPeginStatusResponse {\n  pegin_txid: string;\n  status: string;\n  progress: PeginProgressDetails;\n  health_info: string;\n  last_error?: string;\n}\n\n// ============================================================================\n// Pegout Types\n// ============================================================================\n\n/** Params for querying pegout status from the VP daemon. */\nexport interface GetPegoutStatusParams {\n  pegin_txid: string;\n}\n\n/** Claimer-side pegout progress. */\nexport interface ClaimerPegoutStatus {\n  status: string;\n  failed: boolean;\n  claim_txid?: string;\n  claimer_pubkey?: string;\n  challenger_pubkey?: string;\n  created_at?: string;\n  updated_at?: string;\n}\n\n/** Challenger-side pegout progress. */\nexport interface ChallengerPegoutStatus {\n  status: string;\n  claim_txid?: string;\n  claimer_pubkey?: string;\n  assert_txid?: string;\n  challenge_assert_txid?: string;\n  nopayout_txid?: string;\n  created_at?: string;\n  updated_at?: string;\n}\n\n/** Response from `getPegoutStatus`. */\nexport interface GetPegoutStatusResponse {\n  pegin_txid: string;\n  found: boolean;\n  claimer?: ClaimerPegoutStatus;\n  challenger?: ChallengerPegoutStatus;\n}\n\n// ============================================================================\n// Error Codes\n// ============================================================================\n\n/** JSON-RPC error codes returned by the vault provider. */\nexport enum RpcErrorCode {\n  DATABASE_ERROR = -32005,\n  PRESIGN_ERROR = -32006,\n  JSON_SERIALIZATION_ERROR = -32007,\n  TX_GRAPH_ERROR = -32008,\n  INVALID_GRAPH = -32009,\n  VALIDATION_ERROR = -32010,\n  NOT_FOUND = -32011,\n  INTERNAL_ERROR = -32603,\n}\n"],"names":["BTCVaultRegistryABI","JsonRpcError","code","message","source","data","JSON_RPC_ERROR_CODES","JSON_RPC_VERSION","DEFAULT_RETRY_ATTEMPTS","DEFAULT_RETRY_DELAY_MS","DEFAULT_MAX_RESPONSE_BYTES","UNCAPPED_TYPED_RESPONSE_METHODS","RETRYABLE_HTTP_STATUS_CODES","DEFAULT_RETRYABLE_METHODS","defaultRetryableFor","method","AUTH_EXPIRED_DATA_KIND","isAuthExpiredError","error","JsonRpcClient","config","__publicField","headers","token","params","signal","response","jsonResponse","responseText","readResponseTextWithLimit","rpcResponse","err","callerSignal","requestId","maxRetries","body","lastError","attempt","timeoutController","timeoutId","merged","mergeAbortSignals","delay","ms","resolve","reject","onAbort","a","b","controller","onAbortA","onAbortB","cleanup","maxBytes","contentLength","parsedContentLength","responseTooLargeError","reader","decoder","totalBytes","done","value","DaemonStatus","PRE_DEPOSITOR_SIGNATURES_STATES","POST_PAYOUT_SIGNATURE_STATUSES","VP_TRANSIENT_STATUSES","VP_TERMINAL_STATUSES","POST_WOTS_STATUSES","RpcErrorCode"],"mappings":";;;AAaO,MAAMA,IAAsB;AAAA,EACjC;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN,EAAE,MAAM,aAAa,MAAM,WAAW,cAAc,UAAA;AAAA,MACpD,EAAE,MAAM,iBAAiB,MAAM,WAAW,cAAc,UAAA;AAAA,MACxD;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV,EAAE,MAAM,sBAAsB,MAAM,WAAW,cAAc,UAAA;AAAA,UAC7D,EAAE,MAAM,mBAAmB,MAAM,SAAS,cAAc,QAAA;AAAA,UACxD,EAAE,MAAM,sBAAsB,MAAM,SAAS,cAAc,QAAA;AAAA,UAC3D,EAAE,MAAM,0BAA0B,MAAM,SAAS,cAAc,QAAA;AAAA,UAC/D,EAAE,MAAM,YAAY,MAAM,WAAW,cAAc,UAAA;AAAA,UACnD,EAAE,MAAM,YAAY,MAAM,SAAS,cAAc,QAAA;AAAA,UACjD,EAAE,MAAM,gBAAgB,MAAM,UAAU,cAAc,SAAA;AAAA,UACtD,EAAE,MAAM,6BAA6B,MAAM,SAAS,cAAc,QAAA;AAAA,UAClE,EAAE,MAAM,uBAAuB,MAAM,WAAW,cAAc,UAAA;AAAA,QAAU;AAAA,MAC1E;AAAA,IACF;AAAA,IAEF,SAAS;AAAA,MACP,EAAE,MAAM,YAAY,MAAM,aAAa,cAAc,YAAA;AAAA,IAAY;AAAA,IAEnE,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS,CAAA;AAAA,IACT,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN,EAAE,MAAM,UAAU,MAAM,WAAW,cAAc,UAAA;AAAA,IAAU;AAAA,IAE7D,SAAS;AAAA,MACP,EAAE,MAAM,IAAI,MAAM,WAAW,cAAc,UAAA;AAAA,IAAU;AAAA,IAEvD,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,QACd,YAAY;AAAA,UACV,EAAE,MAAM,aAAa,MAAM,WAAW,cAAc,UAAA;AAAA,UACpD;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB,EAAE,MAAM,UAAU,MAAM,WAAW,cAAc,UAAA;AAAA,UACjD;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB,EAAE,MAAM,aAAa,MAAM,WAAW,cAAc,UAAA;AAAA,QAAU;AAAA,MAChE;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,MAEhB;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,EACF;AAAA,EAEF;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,EAAC;AAAA,EAEX;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,EAAC;AAAA,EAEX;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,EAAC;AAAA,EAEX;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,EAAC;AAAA,EAEX;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,EAAC;AAAA,EAEX;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,EAAC;AAAA,EAEX;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,EAAC;AAAA,EAEX;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ;AAAA,MACN;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cACE;AAAA,QACF,YAAY;AAAA,UACV;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,UAEhB;AAAA,YACE,MAAM;AAAA,YACN,MAAM;AAAA,YACN,cAAc;AAAA,UAAA;AAAA,QAChB;AAAA,MACF;AAAA,IACF;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAAA,EAEnB;AAAA,IACE,MAAM;AAAA,IACN,MAAM;AAAA,IACN,QAAQ,CAAA;AAAA,IACR,SAAS;AAAA,MACP;AAAA,QACE,MAAM;AAAA,QACN,MAAM;AAAA,QACN,cAAc;AAAA,MAAA;AAAA,IAChB;AAAA,IAEF,iBAAiB;AAAA,EAAA;AAErB;ACtUO,MAAMC,UAAqB,MAAM;AAAA,EACtC,YACSC,GACPC,GAEOC,IAA6B,SAE7BC,GACP;AACA,UAAMF,CAAO,GAPN,KAAA,OAAAD,GAGA,KAAA,SAAAE,GAEA,KAAA,OAAAC,GAGP,KAAK,OAAO;AAAA,EACd;AACF;AAEO,MAAMC,IAAuB;AAAA,EAClC,SAAS;AAAA,EACT,SAAS;AAAA;AAAA,EAET,eAAe;AAAA;AAAA,EAEf,mBAAmB;AAAA;AAAA,EAEnB,kBAAkB;AAAA;AAAA,EAElB,oBAAoB;AACtB,GAGMC,IAAmB,OAGnBC,IAAyB,GAGzBC,IAAyB,KAGzBC,IAA6B,IAAI,OAAO,MAMxCC,wBAA2D,IAAI;AAAA,EACnE;AACF,CAAC,GAGKC,wBAAuD,IAAI;AAAA,EAC/D;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AAAA,EACA;AAAA;AACF,CAAC,GAGKC,wBAAqD,IAAI;AAAA,EAC7D;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,SAASC,EAAoBC,GAAyB;AACpD,SAAOF,EAA0B,IAAIE,CAAM;AAC7C;AAYA,MAAMC,IAAyB;AAE/B,SAASC,EAAmBC,GAAyB;AAEnD,MADI,EAAEA,aAAiBjB,MACnBiB,EAAM,WAAW,OAAQ,QAAO;AACpC,QAAMb,IAAOa,EAAM;AACnB,SAAIb,MAAS,QAAQ,OAAOA,KAAS,WAAiB,KACxCA,EAA4B,SAC1BW;AAClB;AAKO,MAAMG,EAAc;AAAA,EAWzB,YAAYC,GAA6B;AAVjC,IAAAC,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA,mBAAY;AACZ,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AACA,IAAAA,EAAA;AAaN,QAVA,KAAK,UAAUD,EAAO,QAAQ,QAAQ,OAAO,EAAE,GAC/C,KAAK,UAAUA,EAAO,SACtB,KAAK,UAAU;AAAA,MACb,gBAAgB;AAAA,MAChB,GAAGA,EAAO;AAAA,IAAA,GAEZ,KAAK,UAAUA,EAAO,WAAWZ,GACjC,KAAK,aAAaY,EAAO,cAAcX,GACvC,KAAK,mBACHW,EAAO,oBAAoBV,GACzB,CAAC,OAAO,SAAS,KAAK,gBAAgB,KAAK,KAAK,oBAAoB;AACtE,YAAM,IAAI,MAAM,mDAAmD;AAErE,SAAK,eAAeU,EAAO,gBAAgBN,GAC3C,KAAK,gBAAgBM,EAAO;AAAA,EAC9B;AAAA,EAEA,MAAc,aAAaL,GAAiD;AAC1E,UAAMO,IAAkC,EAAE,GAAG,KAAK,QAAA;AAClD,QAAI,KAAK,eAAe;AACtB,YAAMC,IAAQ,MAAM,KAAK,cAAc,SAASR,CAAM;AACtD,MAAIQ,MACFD,EAAQ,gBAAgB,UAAUC,CAAK;AAAA,IAE3C;AACA,WAAOD;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,KACJP,GACAS,GACAC,GACkB;AAClB,QAAI;AACF,aAAO,MAAM,KAAK,SAA2BV,GAAQS,GAAQC,CAAM;AAAA,IACrE,SAASP,GAAO;AAWd,UAAI,KAAK,iBAAiBD,EAAmBC,CAAK;AAChD,oBAAK,cAAc,WAAA,GACZ,MAAM,KAAK,SAA2BH,GAAQS,GAAQC,CAAM;AAErE,YAAMP;AAAA,IACR;AAAA,EACF;AAAA,EAEA,MAAc,SACZH,GACAS,GACAC,GACkB;AAClB,UAAMC,IAAW,MAAM,KAAK,eAAeX,GAAQS,GAAQC,CAAM;AAEjE,QAAIE;AACJ,QAAI;AACF,YAAMC,IAAejB,EAAgC,IAAII,CAAM,IAC3D,MAAMW,EAAS,KAAA,IACf,MAAMG,EAA0BH,GAAU,KAAK,gBAAgB;AACnE,MAAAC,IAAe,KAAK,MAAMC,CAAY;AAAA,IACxC,SAASV,GAAO;AACd,YAAIA,aAAiBjB,IACbiB,IAEF,IAAIjB;AAAA,QACRK,EAAqB;AAAA,QACrB;AAAA,QACA;AAAA,MAAA;AAAA,IAEJ;AAEA,QACEqB,MAAiB,QACjB,OAAOA,KAAiB,YACxB,MAAM,QAAQA,CAAY;AAE1B,YAAM,IAAI1B;AAAA,QACRK,EAAqB;AAAA,QACrB,sDAAsD,OAAOqB,CAAY;AAAA,QACzE;AAAA,MAAA;AAIJ,UAAMG,IAAcH;AAEpB,QAAI,WAAWG,KAAeA,EAAY,SAAS,MAAM;AACvD,YAAMC,IAAMD,EAAY;AAKxB,YAAM,IAAI7B;AAAA,QACR8B,EAAI,QAAQzB,EAAqB;AAAA,QACjCyB,EAAI,WAAW;AAAA,QACf;AAAA,QACAA,EAAI;AAAA,MAAA;AAAA,IAER;AAEA,QAAI,EAAE,YAAYD;AAChB,YAAM,IAAI7B;AAAA,QACRK,EAAqB;AAAA,QACrB;AAAA,QACA;AAAA,MAAA;AAIJ,WAAOwB,EAAY;AAAA,EACrB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,QACJf,GACAS,GACAC,GACmB;AACnB,WAAO,KAAK,eAAeV,GAAQS,GAAQC,CAAM;AAAA,EACnD;AAAA,EAEA,MAAc,eACZV,GACAS,GACAQ,GACmB;AACnB,UAAMC,IAAY,EAAE,KAAK,WACnBC,IAAa,KAAK,aAAanB,CAAM,IAAI,KAAK,UAAU,GAUxDoB,IAAO,KAAK,UAPyB;AAAA,MACzC,SAAS5B;AAAA,MACT,QAAAQ;AAAA,MACA,QAAQ,CAACS,CAAM;AAAA,MACf,IAAIS;AAAA,IAAA,CAG6B;AACnC,QAAIG,IAA0B;AAE9B,aAASC,IAAU,GAAGA,KAAWH,GAAYG,KAAW;AAEtD,YAAMC,IAAoB,IAAI,gBAAA,GACxBC,IAAY;AAAA,QAChB,MAAMD,EAAkB,MAAA;AAAA,QACxB,KAAK;AAAA,MAAA,GAGDE,IAASR,IACXS,EAAkBT,GAAcM,EAAkB,MAAM,IACxD,MACEb,IAASe,IAASA,EAAO,SAASF,EAAkB;AAE1D,UAAI;AAIF,cAAMhB,IAAU,MAAM,KAAK,aAAaP,CAAM,GAExCW,IAAW,MAAM,MAAM,KAAK,SAAS;AAAA,UACzC,QAAQ;AAAA,UACR,SAAAJ;AAAA,UACA,MAAAa;AAAA,UACA,QAAAV;AAAA,QAAA,CACD;AAKD,YAHA,aAAac,CAAS,GACtBC,KAAA,QAAAA,EAAQ,WAEJ,CAACd,EAAS,IAAI;AAKhB,cAHEW,IAAUH,KACVtB,EAA4B,IAAIc,EAAS,MAAM,GAEhC;AACf,kBAAMgB,IAAQ,KAAK,aAAa,KAAK,IAAI,GAAGL,CAAO;AACnD,kBAAM,KAAK,MAAMK,GAAOV,CAAY;AACpC;AAAA,UACF;AAEA,gBAAM,IAAI;AAAA,YACR,eAAeN,EAAS,MAAM,IAAIA,EAAS,UAAU;AAAA,UAAA;AAAA,QAEzD;AAEA,eAAOA;AAAA,MACT,SAASR,GAAO;AAMd,YALA,aAAaqB,CAAS,GACtBC,KAAA,QAAAA,EAAQ,WACRJ,IAAYlB,aAAiB,QAAQA,IAAQ,IAAI,MAAM,OAAOA,CAAK,CAAC,GAGhEc,KAAA,QAAAA,EAAc;AAChB,gBAAM,IAAI,MAAM,iBAAiB;AAGnC,YAAId,aAAiB,SAASA,EAAM,SAAS,cAAc;AACzD,cAAImB,IAAUH,GAAY;AACxB,kBAAMQ,IAAQ,KAAK,aAAa,KAAK,IAAI,GAAGL,CAAO;AACnD,kBAAM,KAAK,MAAMK,GAAOV,CAAY;AACpC;AAAA,UACF;AACA,gBAAM,IAAI/B;AAAA,YACRK,EAAqB;AAAA,YACrB,yBAAyB,KAAK,OAAO,OAAO4B,IAAa,CAAC;AAAA,YAC1D;AAAA,UAAA;AAAA,QAEJ;AAGA,YAAIhB,aAAiB,WAAW;AAC9B,cAAImB,IAAUH,GAAY;AACxB,kBAAMQ,IAAQ,KAAK,aAAa,KAAK,IAAI,GAAGL,CAAO;AACnD,kBAAM,KAAK,MAAMK,GAAOV,CAAY;AACpC;AAAA,UACF;AACA,gBAAM,IAAI/B;AAAA,YACRK,EAAqB;AAAA,YACrB,kBAAkBY,EAAM,OAAO,KAAKgB,IAAa,CAAC;AAAA,YAClD;AAAA,UAAA;AAAA,QAEJ;AAGA,cAAMhB;AAAA,MACR;AAAA,IACF;AAEA,UAAMkB,KAAa,IAAI,MAAM,6BAA6B;AAAA,EAC5D;AAAA,EAEQ,MAAMO,GAAYlB,GAAqC;AAC7D,WAAO,IAAI,QAAQ,CAACmB,GAASC,MAAW;AACtC,UAAIpB,KAAA,QAAAA,EAAQ,SAAS;AACnB,QAAAoB,EAAO,IAAI,MAAM,iBAAiB,CAAC;AACnC;AAAA,MACF;AACA,YAAMN,IAAY,WAAW,MAAM;AACjC,QAAAd,KAAA,QAAAA,EAAQ,oBAAoB,SAASqB,IACrCF,EAAA;AAAA,MACF,GAAGD,CAAE,GACCG,IAAU,MAAM;AACpB,qBAAaP,CAAS,GACtBM,EAAO,IAAI,MAAM,iBAAiB,CAAC;AAAA,MACrC;AACA,MAAApB,KAAA,QAAAA,EAAQ,iBAAiB,SAASqB,GAAS,EAAE,MAAM;IACrD,CAAC;AAAA,EACH;AAAA,EAEA,aAAqB;AACnB,WAAO,KAAK;AAAA,EACd;AACF;AAaA,SAASL,EAAkBM,GAAgBC,GAA8B;AACvE,MAAID,EAAE,QAAS,QAAO,EAAE,QAAQA,GAAG,SAAS,MAAM;AAAA,EAAC,EAAA;AACnD,MAAIC,EAAE,QAAS,QAAO,EAAE,QAAQA,GAAG,SAAS,MAAM;AAAA,EAAC,EAAA;AAEnD,QAAMC,IAAa,IAAI,gBAAA,GACjBC,IAAW,MAAM;AACrB,IAAAF,EAAE,oBAAoB,SAASG,CAAQ,GACvCF,EAAW,MAAA;AAAA,EACb,GACME,IAAW,MAAM;AACrB,IAAAJ,EAAE,oBAAoB,SAASG,CAAQ,GACvCD,EAAW,MAAA;AAAA,EACb;AACA,EAAAF,EAAE,iBAAiB,SAASG,GAAU,EAAE,MAAM,IAAM,GACpDF,EAAE,iBAAiB,SAASG,GAAU,EAAE,MAAM,IAAM;AAEpD,QAAMC,IAAU,MAAM;AACpB,IAAAL,EAAE,oBAAoB,SAASG,CAAQ,GACvCF,EAAE,oBAAoB,SAASG,CAAQ;AAAA,EACzC;AAEA,SAAO,EAAE,QAAQF,EAAW,QAAQ,SAAAG,EAAA;AACtC;AAEA,eAAevB,EACbH,GACA2B,GACiB;AACjB,QAAMC,IAAgB5B,EAAS,QAAQ,IAAI,gBAAgB;AAC3D,MAAI4B,MAAkB,MAAM;AAC1B,UAAMC,IAAsB,OAAOD,CAAa;AAChD,QACE,OAAO,SAASC,CAAmB,KACnCA,IAAsBF;AAEtB,YAAMG,EAAsBH,CAAQ;AAAA,EAExC;AAEA,MAAI,CAAC3B,EAAS;AACZ,WAAO;AAGT,QAAM+B,IAAS/B,EAAS,KAAK,UAAA,GACvBgC,IAAU,IAAI,YAAA;AACpB,MAAIC,IAAa,GACb/B,IAAe;AAEnB,MAAI;AACF,eAAS;AACP,YAAM,EAAE,MAAAgC,GAAM,OAAAC,EAAA,IAAU,MAAMJ,EAAO,KAAA;AACrC,UAAIG,EAAM;AACV,UAAKC,GAGL;AAAA,YADAF,KAAcE,EAAM,YAChBF,IAAaN;AACf,sBAAMI,EAAO,OAAA,GACPD,EAAsBH,CAAQ;AAEtC,QAAAzB,KAAgB8B,EAAQ,OAAOG,GAAO,EAAE,QAAQ,IAAM;AAAA;AAAA,IACxD;AAAA,EACF,UAAA;AACE,IAAAJ,EAAO,YAAA;AAAA,EACT;AAEA,SAAO7B,IAAe8B,EAAQ,OAAA;AAChC;AAEA,SAASF,EAAsBH,GAAgC;AAC7D,SAAO,IAAIpD;AAAA,IACTK,EAAqB;AAAA,IACrB,6CAA6C+C,CAAQ;AAAA,IACrD;AAAA,EAAA;AAEJ;AC9hBO,IAAKS,sBAAAA,OACVA,EAAA,oBAAoB,oBACpBA,EAAA,4BAA4B,0BAC5BA,EAAA,qBAAqB,oBACrBA,EAAA,gCAAgC,+BAChCA,EAAA,kCAAkC,gCAClCA,EAAA,kCAAkC,gCAClCA,EAAA,+BAA+B,8BAC/BA,EAAA,eAAe,eACfA,EAAA,qBAAqB,qBACrBA,EAAA,YAAY,aACZA,EAAA,UAAU,WACVA,EAAA,eAAe,eACfA,EAAA,aAAa,aAbHA,IAAAA,KAAA,CAAA,CAAA;AAwBL,MAAMC,IAA2D;AAAA,EACtE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AACF,GAGMC,IAA0D;AAAA,EAC9D;AAAA,EACA;AAAA,EACA;AAAA;AACF,GAMaC,wBAAuD,IAAI;AAAA,EACtE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,GAAGD;AACL,CAAC,GAOYE,wBAAsD,IAAI;AAAA,EACrE;AAAA,EACA;AAAA,EACA;AAAA;AACF,CAAC,GAOYC,wBAAoD,IAAI;AAAA,EACnE,GAAGF;AAAA,EACH;AAAA;AACF,CAAC;AAuOM,IAAKG,sBAAAA,OACVA,EAAAA,EAAA,iBAAiB,MAAA,IAAjB,kBACAA,EAAAA,EAAA,gBAAgB,MAAA,IAAhB,iBACAA,EAAAA,EAAA,2BAA2B,MAAA,IAA3B,4BACAA,EAAAA,EAAA,iBAAiB,MAAA,IAAjB,kBACAA,EAAAA,EAAA,gBAAgB,MAAA,IAAhB,iBACAA,EAAAA,EAAA,mBAAmB,MAAA,IAAnB,oBACAA,EAAAA,EAAA,YAAY,MAAA,IAAZ,aACAA,EAAAA,EAAA,iBAAiB,MAAA,IAAjB,kBARUA,IAAAA,KAAA,CAAA,CAAA;"}

package/dist/vault-registry-reader-CKe9TbX6.cjs

@@ -1,2 +0,0 @@
-"use strict";var ue=Object.defineProperty;var pe=(n,e,t)=>e in n?ue(n,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):n[e]=t;var l=(n,e,t)=>pe(n,typeof e!="symbol"?e+"":e,t);const g=require("./validation-u8W7Lp2x.cjs"),f=require("./types-PthVHz5q.cjs"),u=require("./bitcoin-B3aqjuMP.cjs"),de=require("@bitcoin-js/tiny-secp256k1-asmjs"),P=require("bitcoinjs-lib"),b=require("buffer"),F=require("./sha2-CsTynrfJ.cjs");function he(n){const e=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(n){for(const t in n)if(t!=="default"){const r=Object.getOwnPropertyDescriptor(n,t);Object.defineProperty(e,t,r.get?r:{enumerable:!0,get:()=>n[t]})}}return e.default=n,Object.freeze(e)}const $=he(de),ye=21e6*1e8,U=3e4;async function k(n,e){const t=new AbortController,r=setTimeout(()=>t.abort(),U),s=[t.signal,e==null?void 0:e.signal].filter(Boolean);try{return await fetch(n,{...e,signal:AbortSignal.any(s)})}catch(i){throw clearTimeout(r),i!=null&&typeof i=="object"&&"name"in i&&i.name==="AbortError"?new Error(`Mempool API request timed out after ${U}ms: ${n}`):i}}const q=1e4;function G(n){return Number.isInteger(n)&&n>0&&n<=ye}function ge(n){return Number.isInteger(n)&&n>0&&n<=q}function Y(n,e){return!Number.isInteger(n)||n<0?!1:e===void 0||n<e}function C(n){if(!g.TXID_RE.test(n))throw new Error(`Invalid transaction ID format: ${n}`)}function W(n){if(!g.BITCOIN_ADDRESS_RE.test(n))throw new Error(`Invalid Bitcoin address format: ${n}`)}function z(n,e){if(!g.HEX_RE.test(n))throw new Error(`Invalid scriptPubKey: not valid hex for ${e}`);if(!g.KNOWN_SCRIPT_PREFIXES.some(r=>n.toLowerCase().startsWith(r)))throw new Error(`Unrecognized scriptPubKey type for ${e}: prefix ${n.slice(0,6)} does not match any known Bitcoin script type`)}const J={mainnet:"https://mempool.space/api",testnet:"https://mempool.space/testnet/api",signet:"https://mempool.space/signet/api"};async function x(n,e){try{const t=await k(n,e);if(!t.ok){const s=await t.text();throw new Error(`Mempool API error (${t.status}): ${s||t.statusText}`)}const r=t.headers.get("content-type");return r!=null&&r.includes("application/json")?await t.json():await t.text()}catch(t){throw t instanceof Error?new Error(`Failed to fetch from mempool API: ${t.message}`):new Error("Failed to fetch from mempool API: Unknown error")}}async function me(n,e){try{const t=await k(`${e}/tx`,{method:"POST",body:n,headers:{"Content-Type":"text/plain"}});if(!t.ok){const s=await t.text();let i;try{i=JSON.parse(s).message}catch{i=s}throw new Error(i||`Failed to broadcast transaction: ${t.statusText}`)}return await t.text()}catch(t){throw t instanceof Error?new Error(`Failed to broadcast BTC transaction: ${t.message}`):new Error("Failed to broadcast BTC transaction: Unknown error")}}async function Q(n,e){return C(n),x(`${e}/tx/${n}`)}async function fe(n,e){C(n);try{const t=await k(`${e}/tx/${n}/hex`);if(!t.ok){const r=await t.text();throw new Error(`Mempool API error (${t.status}): ${r||t.statusText}`)}return await t.text()}catch(t){throw t instanceof Error?new Error(`Failed to get transaction hex for ${n}: ${t.message}`):new Error(`Failed to get transaction hex for ${n}: Unknown error`)}}async function be(n,e,t){C(n);const r=await Q(n,t);if(!Y(e,r.vout.length))throw new Error(`Invalid vout ${e} for transaction ${n} (has ${r.vout.length} outputs)`);const s=r.vout[e];if(!G(s.value))throw new Error(`Invalid UTXO value ${s.value} for ${n}:${e}`);return z(s.scriptpubkey,`${n}:${e}`),{txid:n,vout:e,value:s.value,scriptPubKey:s.scriptpubkey}}async function _e(n,e){W(n);try{const t=await x(`${e}/address/${n}/utxo`),r=await x(`${e}/v1/validate-address/${n}`);if(!r.isvalid)throw new Error(`Invalid Bitcoin address: ${n}. Mempool API validation failed.`);z(r.scriptPubKey,n);for(const i of t){if(C(i.txid),!Y(i.vout))throw new Error(`Invalid vout ${i.vout} for ${i.txid}`);if(!G(i.value))throw new Error(`Invalid UTXO value ${i.value} for ${i.txid}:${i.vout}`)}return t.sort((i,c)=>c.value-i.value).map(i=>({txid:i.txid,vout:i.vout,value:i.value,scriptPubKey:r.scriptPubKey,confirmed:i.status.confirmed}))}catch(t){throw t instanceof Error?new Error(`Failed to get UTXOs for address ${n}: ${t.message}`):new Error(`Failed to get UTXOs for address ${n}: Unknown error`)}}function we(n){return J[n]}async function Pe(n,e){return W(n),x(`${e}/address/${n}/txs`)}async function ve(n){const e=await k(`${n}/v1/fees/recommended`);if(!e.ok)throw new Error(`Failed to fetch network fees: ${e.status} ${e.statusText}`);const t=await e.json(),r=["fastestFee","halfHourFee","hourFee","economyFee","minimumFee"];for(const s of r)if(!ge(t[s]))throw new Error(`Invalid fee rate ${s}=${t[s]} from mempool API: expected a positive number ≤ ${q}`);if(t.minimumFee>t.economyFee||t.economyFee>t.hourFee||t.hourFee>t.halfHourFee||t.halfHourFee>t.fastestFee)throw new Error(`Fee rate ordering violation from mempool API: expected minimumFee (${t.minimumFee}) <= economyFee (${t.economyFee}) <= hourFee (${t.hourFee}) <= halfHourFee (${t.halfHourFee}) <= fastestFee (${t.fastestFee}).`);return t}const T=[{type:"function",name:"getVaultKeepersByVersion",inputs:[{name:"appEntryPoint",type:"address",internalType:"address"},{name:"versionNumber",type:"uint16",internalType:"uint16"}],outputs:[{name:"",type:"tuple[]",internalType:"struct BTCVaultTypes.AddressBTCKeyPair[]",components:[{name:"ethAddress",type:"address",internalType:"address"},{name:"btcPubKey",type:"bytes32",internalType:"bytes32"}]}],stateMutability:"view"},{type:"function",name:"getCurrentVaultKeepers",inputs:[{name:"appEntryPoint",type:"address",internalType:"address"}],outputs:[{name:"",type:"tuple[]",internalType:"struct BTCVaultTypes.AddressBTCKeyPair[]",components:[{name:"ethAddress",type:"address",internalType:"address"},{name:"btcPubKey",type:"bytes32",internalType:"bytes32"}]}],stateMutability:"view"},{type:"function",name:"getCurrentVaultKeepersVersion",inputs:[{name:"appEntryPoint",type:"address",internalType:"address"}],outputs:[{name:"",type:"uint16",internalType:"uint16"}],stateMutability:"view"}],h=[{type:"function",name:"getTBVProtocolParams",inputs:[],outputs:[{name:"",type:"tuple",internalType:"struct IProtocolParams.TBVProtocolParams",components:[{name:"minimumPegInAmount",type:"uint64",internalType:"uint64"},{name:"maxPegInAmount",type:"uint64",internalType:"uint64"},{name:"pegInAckTimeout",type:"uint64",internalType:"uint64"},{name:"pegInActivationTimeout",type:"uint64",internalType:"uint64"},{name:"maxHtlcOutputCount",type:"uint8",internalType:"uint8"}]}],stateMutability:"view"},{type:"function",name:"getLatestOffchainParams",inputs:[],outputs:[{name:"",type:"tuple",internalType:"struct IProtocolParams.VersionedOffchainParams",components:[{name:"timelockAssert",type:"uint256",internalType:"uint256"},{name:"timelockChallengeAssert",type:"uint256",internalType:"uint256"},{name:"securityCouncilKeys",type:"bytes32[]",internalType:"bytes32[]"},{name:"councilQuorum",type:"uint8",internalType:"uint8"},{name:"feeRate",type:"uint64",internalType:"uint64"},{name:"babeTotalInstances",type:"uint16",internalType:"uint16"},{name:"babeInstancesToFinalize",type:"uint8",internalType:"uint8"},{name:"minVpCommissionBps",type:"uint16",internalType:"uint16"},{name:"tRefund",type:"uint32",internalType:"uint32"},{name:"tStale",type:"uint32",internalType:"uint32"},{name:"minPeginFeeRate",type:"uint64",internalType:"uint64"},{name:"proverProgramVersion",type:"uint16",internalType:"uint16"},{name:"minPrepeginDepth",type:"uint32",internalType:"uint32"}]}],stateMutability:"view"},{type:"function",name:"getOffchainParamsByVersion",inputs:[{name:"versionNumber",type:"uint16",internalType:"uint16"}],outputs:[{name:"",type:"tuple",internalType:"struct IProtocolParams.VersionedOffchainParams",components:[{name:"timelockAssert",type:"uint256",internalType:"uint256"},{name:"timelockChallengeAssert",type:"uint256",internalType:"uint256"},{name:"securityCouncilKeys",type:"bytes32[]",internalType:"bytes32[]"},{name:"councilQuorum",type:"uint8",internalType:"uint8"},{name:"feeRate",type:"uint64",internalType:"uint64"},{name:"babeTotalInstances",type:"uint16",internalType:"uint16"},{name:"babeInstancesToFinalize",type:"uint8",internalType:"uint8"},{name:"minVpCommissionBps",type:"uint16",internalType:"uint16"},{name:"tRefund",type:"uint32",internalType:"uint32"},{name:"tStale",type:"uint32",internalType:"uint32"},{name:"minPeginFeeRate",type:"uint64",internalType:"uint64"},{name:"proverProgramVersion",type:"uint16",internalType:"uint16"},{name:"minPrepeginDepth",type:"uint32",internalType:"uint32"}]}],stateMutability:"view"},{type:"function",name:"latestOffchainParamsVersion",inputs:[],outputs:[{name:"",type:"uint16",internalType:"uint16"}],stateMutability:"view"},{type:"function",name:"getUniversalChallengersByVersion",inputs:[{name:"versionNumber",type:"uint16",internalType:"uint16"}],outputs:[{name:"",type:"tuple[]",internalType:"struct BTCVaultTypes.AddressBTCKeyPair[]",components:[{name:"ethAddress",type:"address",internalType:"address"},{name:"btcPubKey",type:"bytes32",internalType:"bytes32"}]}],stateMutability:"view"},{type:"function",name:"getCurrentUniversalChallengers",inputs:[],outputs:[{name:"",type:"tuple[]",internalType:"struct BTCVaultTypes.AddressBTCKeyPair[]",components:[{name:"ethAddress",type:"address",internalType:"address"},{name:"btcPubKey",type:"bytes32",internalType:"bytes32"}]}],stateMutability:"view"},{type:"function",name:"latestUniversalChallengersVersion",inputs:[],outputs:[{name:"",type:"uint16",internalType:"uint16"}],stateMutability:"view"}],K=new Set(Object.values(f.DaemonStatus)),Te=200;function o(n){var e;return((e=JSON.stringify(n))==null?void 0:e.slice(0,Te))??"undefined"}const xe="The vault provider returned an unexpected response. Please try again or contact support.";class a extends Error{constructor(t){super(xe);l(this,"detail");this.name="VpResponseValidationError",this.detail=t}}const A=64;function _(n){return typeof n=="string"&&n.length>0&&g.HEX_RE.test(n)}function Z(n){return typeof n=="string"&&n.length>0}function ee(n,e){if(!_(n))throw new a(`VP response validation failed: "${e}" must be a non-empty hex string, got ${o(n)}`)}function w(n,e){if(!Z(n))throw new a(`VP response validation failed: "${e}" must be a non-empty string, got ${o(n)}`)}function te(n,e){if(!_(n)||n.length!==u.X_ONLY_PUBKEY_HEX_LEN&&n.length!==u.COMPRESSED_PUBKEY_HEX_LEN)throw new a(`VP response validation failed: "${e}" must be a ${u.X_ONLY_PUBKEY_HEX_LEN} or ${u.COMPRESSED_PUBKEY_HEX_LEN}-char hex string (BTC pubkey), got ${o(n)}`)}function Ae(n){const e=n.presigning;if(e==null)return;if(typeof e!="object"||Array.isArray(e))throw new a('VP response validation failed: "progress.presigning" must be an object if present');const t=e;if(t.depositor_graph_created!==void 0&&typeof t.depositor_graph_created!="boolean")throw new a(`VP response validation failed: "progress.presigning.depositor_graph_created" must be a boolean if present, got ${o(t.depositor_graph_created)}`);if(t.vk_challenger_presigning_completed!==void 0&&typeof t.vk_challenger_presigning_completed!="number")throw new a(`VP response validation failed: "progress.presigning.vk_challenger_presigning_completed" must be a number if present, got ${o(t.vk_challenger_presigning_completed)}`);if(t.vk_challenger_presigning_total!==void 0&&typeof t.vk_challenger_presigning_total!="number")throw new a(`VP response validation failed: "progress.presigning.vk_challenger_presigning_total" must be a number if present, got ${o(t.vk_challenger_presigning_total)}`)}function Ve(n){if(n===null||typeof n!="object")throw new a("VP response validation failed: getPeginStatus response is not an object");const e=n;if(!_(e.pegin_txid)||e.pegin_txid.length!==A)throw new a(`VP response validation failed: "pegin_txid" must be a ${A}-char hex string (txid), got ${o(e.pegin_txid)}`);if(typeof e.status!="string")throw new a('VP response validation failed: "status" must be a string');if(!K.has(e.status))throw new a(`VP response validation failed: unrecognized status "${e.status}". Expected one of: ${[...K].join(", ")}`);if(e.progress===null||typeof e.progress!="object"||Array.isArray(e.progress))throw new a('VP response validation failed: "progress" must be an object');if(Ae(e.progress),typeof e.health_info!="string")throw new a('VP response validation failed: "health_info" must be a string');if(e.last_error!==void 0&&typeof e.last_error!="string")throw new a(`VP response validation failed: "last_error" must be a string if present, got ${o(e.last_error)}`)}function Ee(n){if(n===null||typeof n!="object")throw new a("VP response validation failed: requestDepositorPresignTransactions response is not an object");const e=n;if(!Array.isArray(e.txs))throw new a('VP response validation failed: "txs" must be an array');for(let t=0;t<e.txs.length;t++)$e(e.txs[t],`txs[${t}]`);if(e.depositor_graph===null||typeof e.depositor_graph!="object")throw new a('VP response validation failed: "depositor_graph" must be an object');Ie(e.depositor_graph)}function m(n,e){if(n===null||typeof n!="object")throw new a(`VP response validation failed: "${e}" must be an object`);ee(n.tx_hex,`${e}.tx_hex`)}function $e(n,e){if(n===null||typeof n!="object")throw new a(`VP response validation failed: "${e}" must be an object`);const t=n;te(t.claimer_pubkey,`${e}.claimer_pubkey`),m(t.claim_tx,`${e}.claim_tx`),m(t.assert_tx,`${e}.assert_tx`),m(t.payout_tx,`${e}.payout_tx`),w(t.payout_psbt,`${e}.payout_psbt`)}function ke(n,e){if(n===null||typeof n!="object")throw new a(`VP response validation failed: "${e}" must be an object`);const t=n;w(t.wots_pks_json,`${e}.wots_pks_json`),w(t.gc_wots_keys_json,`${e}.gc_wots_keys_json`)}function Ce(n,e){if(n===null||typeof n!="object")throw new a(`VP response validation failed: "${e}" must be an object`);const t=n;if(te(t.challenger_pubkey,`${e}.challenger_pubkey`),m(t.challenge_assert_x_tx,`${e}.challenge_assert_x_tx`),m(t.challenge_assert_y_tx,`${e}.challenge_assert_y_tx`),m(t.nopayout_tx,`${e}.nopayout_tx`),w(t.nopayout_psbt,`${e}.nopayout_psbt`),!Array.isArray(t.challenge_assert_connectors))throw new a(`VP response validation failed: "${e}.challenge_assert_connectors" must be an array`);for(let r=0;r<t.challenge_assert_connectors.length;r++)ke(t.challenge_assert_connectors[r],`${e}.challenge_assert_connectors[${r}]`);if(!Array.isArray(t.output_label_hashes))throw new a(`VP response validation failed: "${e}.output_label_hashes" must be an array`);for(let r=0;r<t.output_label_hashes.length;r++)ee(t.output_label_hashes[r],`${e}.output_label_hashes[${r}]`)}function ne(n){if(n===null||typeof n!="object")throw new a("VP response validation failed: requestDepositorClaimerArtifacts response is not an object");const e=n;if(!Z(e.tx_graph_json))throw new a(`VP response validation failed: "tx_graph_json" must be a non-empty string, got ${o(e.tx_graph_json)}`);if(!_(e.verifying_key_hex))throw new a(`VP response validation failed: "verifying_key_hex" must be a non-empty hex string, got ${o(e.verifying_key_hex)}`);if(e.babe_sessions===null||typeof e.babe_sessions!="object")throw new a('VP response validation failed: "babe_sessions" must be an object');for(const[t,r]of Object.entries(e.babe_sessions)){if(r===null||typeof r!="object")throw new a(`VP response validation failed: "babe_sessions.${t}" must be an object`);const s=r;if(!_(s.decryptor_artifacts_hex))throw new a(`VP response validation failed: "babe_sessions.${t}.decryptor_artifacts_hex" must be a non-empty hex string, got ${o(s.decryptor_artifacts_hex)}`)}}function Se(n){if(n===null||typeof n!="object")throw new a("VP response validation failed: getPegoutStatus response is not an object");const e=n;if(!_(e.pegin_txid)||e.pegin_txid.length!==A)throw new a(`VP response validation failed: "pegin_txid" must be a ${A}-char hex string (txid), got ${o(e.pegin_txid)}`);if(typeof e.found!="boolean")throw new a(`VP response validation failed: "found" must be a boolean, got ${o(e.found)}`);if(e.claimer!==void 0){if(e.claimer===null||typeof e.claimer!="object")throw new a('VP response validation failed: "claimer" must be an object if present');const t=e.claimer;if(typeof t.status!="string")throw new a(`VP response validation failed: "claimer.status" must be a string, got ${o(t.status)}`);if(typeof t.failed!="boolean")throw new a(`VP response validation failed: "claimer.failed" must be a boolean, got ${o(t.failed)}`)}if(e.challenger!==void 0){if(e.challenger===null||typeof e.challenger!="object")throw new a('VP response validation failed: "challenger" must be an object if present');const t=e.challenger;if(typeof t.status!="string")throw new a(`VP response validation failed: "challenger.status" must be a string, got ${o(t.status)}`)}}function Ie(n){if(m(n.claim_tx,"depositor_graph.claim_tx"),m(n.assert_tx,"depositor_graph.assert_tx"),m(n.payout_tx,"depositor_graph.payout_tx"),w(n.payout_psbt,"depositor_graph.payout_psbt"),!Array.isArray(n.challenger_presign_data))throw new a('VP response validation failed: "depositor_graph.challenger_presign_data" must be an array');for(let e=0;e<n.challenger_presign_data.length;e++)Ce(n.challenger_presign_data[e],`depositor_graph.challenger_presign_data[${e}]`);if(typeof n.offchain_params_version!="number")throw new a('VP response validation failed: "depositor_graph.offchain_params_version" must be a number')}const Be=6e4;class re{constructor(e,t){l(this,"client");const r={baseUrl:e,timeout:(t==null?void 0:t.timeout)??Be,retries:t==null?void 0:t.retries,retryDelay:t==null?void 0:t.retryDelay,retryableFor:t==null?void 0:t.retryableFor,headers:t==null?void 0:t.headers,tokenProvider:t==null?void 0:t.tokenProvider,maxResponseBytes:t==null?void 0:t.maxResponseBytes};this.client=new f.JsonRpcClient(r)}async requestDepositorPresignTransactions(e,t){const r=await this.client.call("vaultProvider_requestDepositorPresignTransactions",e,t);return Ee(r),r}async submitDepositorPresignatures(e,t){return this.client.call("vaultProvider_submitDepositorPresignatures",e,t)}async submitDepositorWotsKey(e,t){return this.client.call("vaultProvider_submitDepositorWotsKey",e,t)}async requestDepositorClaimerArtifacts(e,t){const r=await this.client.call("vaultProvider_requestDepositorClaimerArtifacts",e,t);return ne(r),r}async getPeginStatus(e,t){const r=await this.client.call("vaultProvider_getPeginStatus",e,t);return Ve(r),r}async getPegoutStatus(e,t){const r=await this.client.call("vaultProvider_getPegoutStatus",e,t);return Se(r),r}}const Re="BIP0322-signed-message",Oe="TapTweak",ie=32,Ne=64;function se(n,e){const t=new TextEncoder().encode(n),r=F.sha256(t),s=new Uint8Array(r.length*2+e.length);return s.set(r,0),s.set(r,r.length),s.set(e,r.length*2),F.sha256(s)}function He(n){if(n.length!==ie)return null;const e=se(Oe,n),t=$.xOnlyPointAddTweak(n,e);return t?t.xOnlyPubkey:null}function Fe(n,e,t){if(e.length!==ie||t.length!==Ne)return!1;try{const r=se(Re,n),s=P.payments.p2tr({internalPubkey:b.Buffer.from(e)});if(!s.output)return!1;const i=s.output,c=0,y=new P.Transaction;y.version=0,y.locktime=0;const S=b.Buffer.concat([b.Buffer.from([0,32]),b.Buffer.from(r)]);y.addInput(b.Buffer.alloc(32,0),4294967295,0,S),y.addOutput(i,c);const d=new P.Transaction;d.version=0,d.locktime=0;const I=y.getHash();d.addInput(I,0,0),d.addOutput(b.Buffer.from([106]),c);const N=d.hashForWitnessV1(0,[i],[c],P.Transaction.SIGHASH_DEFAULT),H=He(e);return H?$.verifySchnorr(N,H,t):!1}catch{return!1}}function V(n,e){const t=(n&7)<<5,r=typeof e=="bigint"?e:BigInt(e);if(r<0n)throw new Error("cborHead: negative argument");if(r<24n)return new Uint8Array([t|Number(r)]);if(r<0x100n)return new Uint8Array([t|24,Number(r)]);if(r<0x10000n){const i=Number(r);return new Uint8Array([t|25,i>>>8&255,i&255])}if(r<0x100000000n){const i=Number(r);return new Uint8Array([t|26,i>>>24&255,i>>>16&255,i>>>8&255,i&255])}const s=new Uint8Array(9);s[0]=t|27;for(let i=7;i>=0;i--)s[1+i]=Number(r>>BigInt((7-i)*8))&255;return s}function ae(...n){const e=n.reduce((s,i)=>s+i.length,0),t=new Uint8Array(e);let r=0;for(const s of n)t.set(s,r),r+=s.length;return t}function D(n){const t=[V(4,n.length)];for(const r of n)t.push(V(0,r));return ae(...t)}function Ue(n,e,t){if(!Number.isSafeInteger(t)||t<0)throw new Error(`encodeServerIdentityPayload: expires_at must be a non-negative safe integer, got ${t}`);const r=V(4,3),s=D(n),i=D(e),c=V(0,t);return ae(r,s,i,c)}const Ke=new TextEncoder().encode("btc-auth.server-identity.v1");class p extends Error{constructor(e,t){super(e),this.reason=t,this.name="ServerIdentityError"}}function v(n){const e=new Uint8Array(n.length/2);for(let t=0;t<e.length;t++)e[t]=parseInt(n.slice(t*2,t*2+2),16);return e}function oe(n){const{proof:e,pinnedServerPubkey:t,now:r}=n,s=u.stripHexPrefix(t).toLowerCase();if(s.length!==u.X_ONLY_PUBKEY_HEX_LEN||!g.HEX_RE.test(s))throw new p(`pinnedServerPubkey must be 32-byte hex; got ${s.length} chars`,"invalid_pubkey_encoding");const i=u.stripHexPrefix(e.server_pubkey).toLowerCase();if(i.length!==u.X_ONLY_PUBKEY_HEX_LEN||!g.HEX_RE.test(i))throw new p(`server_pubkey must be 32-byte hex; got ${i.length} chars`,"invalid_pubkey_encoding");if(i!==s)throw new p(`server_pubkey does not match pinned value: expected ${s}, got ${i}`,"pinned_pubkey_mismatch");if(!Number.isSafeInteger(e.expires_at))throw new p(`expires_at must be a finite integer; got ${JSON.stringify(e.expires_at)}`,"invalid_expires_at");if(!Number.isSafeInteger(r))throw new p(`now must be a finite integer; got ${JSON.stringify(r)}`,"invalid_expires_at");if(e.expires_at<=r)throw new p(`server identity proof expired at ${e.expires_at}, now ${r}`,"expired");const c=u.stripHexPrefix(e.ephemeral_pubkey).toLowerCase();if(c.length!==u.COMPRESSED_PUBKEY_HEX_LEN||!g.HEX_RE.test(c))throw new p(`ephemeral_pubkey must be 33-byte compressed hex; got ${c.length} chars`,"invalid_ephemeral_pubkey");const y=c.slice(0,2);if(y!=="02"&&y!=="03")throw new p(`ephemeral_pubkey must be compressed (prefix 02/03); got ${y}`,"invalid_ephemeral_pubkey");const S=v(c);if(!$.isPoint(S))throw new p("ephemeral_pubkey is not a valid secp256k1 point","invalid_ephemeral_pubkey");const d=u.stripHexPrefix(e.signature).toLowerCase();if(d.length!==u.SCHNORR_SIG_HEX_LEN||!g.HEX_RE.test(d))throw new p(`signature must be 64-byte Schnorr hex; got ${d.length} chars`,"invalid_signature_encoding");const I=Ue(Ke,v(c),e.expires_at);if(!Fe(I,v(i),v(d)))throw new p("BIP-322 signature verification failed — ephemeral key is not attested by pinned server pubkey","signature_verification_failed")}const De=new Set(["vaultProvider_submitDepositorWotsKey","vaultProvider_submitDepositorPresignatures","vaultProvider_requestDepositorPresignTransactions"]),Me=6e4,R="auth_createDepositorToken";function ce(n,e){return new f.JsonRpcClient({baseUrl:n,timeout:Me,headers:e,retryableFor:t=>t===R})}const M=4102444800,je=30;class Xe{constructor(e){l(this,"client");l(this,"peginTxid");l(this,"authAnchorHex");l(this,"pinnedServerPubkey");l(this,"authGatedMethods");l(this,"refreshSkewSecs");l(this,"now");l(this,"cached",null);l(this,"inFlight",null);this.client=e.client,this.peginTxid=e.peginTxid,this.authAnchorHex=e.authAnchorHex,this.pinnedServerPubkey=e.pinnedServerPubkey,this.authGatedMethods=e.authGatedMethods,this.refreshSkewSecs=e.refreshSkewSecs??je,this.now=e.now??(()=>Math.floor(Date.now()/1e3))}async getToken(e){if(e===R||!this.authGatedMethods.has(e))return null;const t=this.cached;return t&&this.now()+this.refreshSkewSecs<t.expiresAt?t.token:(await this.acquireSingleFlight()).token}invalidate(){this.cached=null}setClient(e){this.client=e}acquireSingleFlight(){const e=this.inFlight;if(e)return e;const t=(async()=>{try{const r=await this.client.call(R,{pegin_txid:this.peginTxid,auth_anchor:this.authAnchorHex});if(oe({proof:r.server_identity,pinnedServerPubkey:this.pinnedServerPubkey,now:this.now()}),typeof r.token!="string"||r.token.length===0)throw new Error(`VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof r.token})`);const s=this.now();if(!Number.isSafeInteger(r.expires_at)||r.expires_at<=s||r.expires_at>M)throw new Error(`VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(r.expires_at)}; must be a safe integer in (${s}, ${M}])`);const i={token:r.token,expiresAt:r.expires_at};return this.cached=i,i}finally{this.inFlight=null}})();return this.inFlight=t,t}}class le{constructor(){l(this,"entries",new Map)}getOrCreate(e){const t=this.entries.get(e.peginTxid);if(t){if(t.authAnchorHex!==e.authAnchorHex)throw new Error(`VpTokenRegistry: peginTxid ${e.peginTxid} already bound to authAnchorHex ${t.authAnchorHex.slice(0,8)}…; got ${e.authAnchorHex.slice(0,8)}…`);if(t.pinnedServerPubkey!==e.pinnedServerPubkey)throw new Error(`VpTokenRegistry: peginTxid ${e.peginTxid} already bound to pinnedServerPubkey ${t.pinnedServerPubkey.slice(0,8)}…; got ${e.pinnedServerPubkey.slice(0,8)}…`);return t.provider.setClient(e.client),t.provider}const r=new Xe({client:e.client,peginTxid:e.peginTxid,authAnchorHex:e.authAnchorHex,pinnedServerPubkey:e.pinnedServerPubkey,authGatedMethods:De});return this.entries.set(e.peginTxid,{provider:r,authAnchorHex:e.authAnchorHex,pinnedServerPubkey:e.pinnedServerPubkey}),r}peek(e){var t;return(t=this.entries.get(e))==null?void 0:t.provider}release(e){this.entries.delete(e)}clear(){this.entries.clear()}get size(){return this.entries.size}}const O=new le;function Le(n){var r;const e=ce(n.baseUrl,(r=n.options)==null?void 0:r.headers),t=O.getOrCreate({client:e,peginTxid:n.peginTxid,authAnchorHex:n.authAnchorHex,pinnedServerPubkey:n.pinnedServerPubkey});return new re(n.baseUrl,{...n.options,tokenProvider:t})}function qe(n){O.getOrCreate({client:ce(n.baseUrl,n.headers),peginTxid:n.peginTxid,authAnchorHex:n.authAnchorHex,pinnedServerPubkey:n.pinnedServerPubkey})}async function Ge(n,e){const[t,r]=await n.multicall({contracts:[{address:e,abi:f.BTCVaultRegistryABI,functionName:"protocolParams"},{address:e,abi:f.BTCVaultRegistryABI,functionName:"applicationRegistry"}],allowFailure:!1});return{protocolParams:t,applicationRegistry:r}}const j=65535;function B(n){return{timelockAssert:n.timelockAssert,timelockChallengeAssert:n.timelockChallengeAssert,securityCouncilKeys:[...n.securityCouncilKeys],councilQuorum:n.councilQuorum,feeRate:n.feeRate,babeTotalInstances:n.babeTotalInstances,babeInstancesToFinalize:n.babeInstancesToFinalize,minVpCommissionBps:n.minVpCommissionBps,tRefund:n.tRefund,tStale:n.tStale,minPeginFeeRate:n.minPeginFeeRate,proverProgramVersion:n.proverProgramVersion,minPrepeginDepth:n.minPrepeginDepth}}function X(n){return{minimumPegInAmount:n.minimumPegInAmount,maxPegInAmount:n.maxPegInAmount,pegInAckTimeout:n.pegInAckTimeout,pegInActivationTimeout:n.pegInActivationTimeout,maxHtlcOutputCount:n.maxHtlcOutputCount}}function L(n){if(n>BigInt(j))throw new Error(`timelockAssert value ${n} exceeds uint16 max (${j})`);return Number(n)}class Ye{constructor(e,t){this.publicClient=e,this.contractAddress=t}async getTBVProtocolParams(){const e=await this.publicClient.readContract({address:this.contractAddress,abi:h,functionName:"getTBVProtocolParams"});return X(e)}async getLatestOffchainParams(){const e=await this.publicClient.readContract({address:this.contractAddress,abi:h,functionName:"getLatestOffchainParams"});return B(e)}async getOffchainParamsByVersion(e){const t=await this.publicClient.readContract({address:this.contractAddress,abi:h,functionName:"getOffchainParamsByVersion",args:[e]});return B(t)}async getLatestOffchainParamsVersion(){return await this.publicClient.readContract({address:this.contractAddress,abi:h,functionName:"latestOffchainParamsVersion"})}async getTimelockPeginByVersion(e){const t=await this.getOffchainParamsByVersion(e);return L(t.timelockAssert)}async getPegInConfiguration(){const e=await this.publicClient.multicall({contracts:[{address:this.contractAddress,abi:h,functionName:"getTBVProtocolParams"},{address:this.contractAddress,abi:h,functionName:"getLatestOffchainParams"}],allowFailure:!1}),t=X(e[0]),r=B(e[1]);return{minimumPegInAmount:t.minimumPegInAmount,maxPegInAmount:t.maxPegInAmount,pegInAckTimeout:t.pegInAckTimeout,pegInActivationTimeout:t.pegInActivationTimeout,maxHtlcOutputCount:t.maxHtlcOutputCount,timelockPegin:L(r.timelockAssert),timelockRefund:r.tRefund,minVpCommissionBps:r.minVpCommissionBps,offchainParams:r}}}function E(n){return n.map(e=>({ethAddress:e.ethAddress,btcPubKey:e.btcPubKey}))}class We{constructor(e,t){this.publicClient=e,this.contractAddress=t}async getVaultKeepersByVersion(e,t){const r=await this.publicClient.readContract({address:this.contractAddress,abi:T,functionName:"getVaultKeepersByVersion",args:[e,t]});return E(r)}async getCurrentVaultKeepers(e){const t=await this.publicClient.readContract({address:this.contractAddress,abi:T,functionName:"getCurrentVaultKeepers",args:[e]});return E(t)}async getCurrentVaultKeepersVersion(e){return await this.publicClient.readContract({address:this.contractAddress,abi:T,functionName:"getCurrentVaultKeepersVersion",args:[e]})}}class ze{constructor(e,t){this.publicClient=e,this.contractAddress=t}async getUniversalChallengersByVersion(e){const t=await this.publicClient.readContract({address:this.contractAddress,abi:h,functionName:"getUniversalChallengersByVersion",args:[e]});return E(t)}async getCurrentUniversalChallengers(){const e=await this.publicClient.readContract({address:this.contractAddress,abi:h,functionName:"getCurrentUniversalChallengers"});return E(e)}async getLatestUniversalChallengersVersion(){return await this.publicClient.readContract({address:this.contractAddress,abi:h,functionName:"latestUniversalChallengersVersion"})}}class Je{constructor(e,t){this.publicClient=e,this.contractAddress=t}async getVaultProviderBtcPubKey(e){const r=(await this.publicClient.readContract({address:this.contractAddress,abi:f.BTCVaultRegistryABI,functionName:"getVaultProviderBTCKey",args:[e]})).toLowerCase();if(!/^0x[0-9a-f]{64}$/.test(r))throw new Error(`getVaultProviderBTCKey returned an unexpected value (vp=${e}, length ${r.length}, prefix "${r.slice(0,2)}")`);const s=r.slice(2);if(!$.isXOnlyPoint(u.hexToUint8Array(s)))throw new Error(`getVaultProviderBTCKey returned a value that is not on the secp256k1 curve (vp=${e})`);return s}async getVaultBasicInfo(e){const t=await this.publicClient.readContract({address:this.contractAddress,abi:f.BTCVaultRegistryABI,functionName:"getBtcVaultBasicInfo",args:[e]});return{depositor:t.depositor,depositorBtcPubKey:t.depositorBtcPubKey,amount:t.amount,vaultProvider:t.vaultProvider,status:t.status,applicationEntryPoint:t.applicationEntryPoint,createdAt:t.createdAt}}async getVaultProtocolInfo(e){const t=await this.publicClient.readContract({address:this.contractAddress,abi:f.BTCVaultRegistryABI,functionName:"getBtcVaultProtocolInfo",args:[e]});return{depositorSignedPeginTx:t.depositorSignedPeginTx,universalChallengersVersion:t.universalChallengersVersion,appVaultKeepersVersion:t.appVaultKeepersVersion,offchainParamsVersion:t.offchainParamsVersion,verifiedAt:t.verifiedAt,depositorWotsPkHash:t.depositorWotsPkHash,hashlock:t.hashlock,htlcVout:t.htlcVout,depositorPopSignature:t.depositorPopSignature,prePeginTxHash:t.prePeginTxHash,vaultProviderCommissionBps:t.vaultProviderCommissionBps}}async getVaultData(e){const[t,r]=await Promise.all([this.getVaultBasicInfo(e),this.getVaultProtocolInfo(e)]);if(!r.depositorSignedPeginTx||r.depositorSignedPeginTx==="0x")throw new Error(`Vault ${e} not found on-chain or has no pegin transaction`);return{basic:t,protocol:r}}}exports.ApplicationRegistryABI=T;exports.MEMPOOL_API_URLS=J;exports.ProtocolParamsABI=h;exports.ServerIdentityError=p;exports.VaultProviderRpcClient=re;exports.ViemProtocolParamsReader=Ye;exports.ViemUniversalChallengerReader=ze;exports.ViemVaultKeeperReader=We;exports.ViemVaultRegistryReader=Je;exports.VpResponseValidationError=a;exports.VpTokenRegistry=le;exports.createAuthenticatedVpClient=Le;exports.getAddressTxs=Pe;exports.getAddressUtxos=_e;exports.getMempoolApiUrl=we;exports.getNetworkFees=ve;exports.getTxHex=fe;exports.getTxInfo=Q;exports.getUtxoInfo=be;exports.primeVpTokenRegistry=qe;exports.pushTx=me;exports.resolveProtocolAddresses=Ge;exports.validateRequestDepositorClaimerArtifactsResponse=ne;exports.verifyServerIdentity=oe;exports.vpTokenRegistry=O;
-//# sourceMappingURL=vault-registry-reader-CKe9TbX6.cjs.map

package/dist/vault-registry-reader-CKe9TbX6.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"vault-registry-reader-CKe9TbX6.cjs","sources":["../src/tbv/core/clients/mempool/mempoolApi.ts","../src/tbv/core/contracts/abis/ApplicationRegistry.abi.ts","../src/tbv/core/contracts/abis/ProtocolParams.abi.ts","../src/tbv/core/clients/vault-provider/validators.ts","../src/tbv/core/clients/vault-provider/api.ts","../src/tbv/core/clients/vault-provider/auth/bip322Verify.ts","../src/tbv/core/clients/vault-provider/auth/cbor.ts","../src/tbv/core/clients/vault-provider/auth/serverIdentity.ts","../src/tbv/core/clients/vault-provider/auth/gatedMethods.ts","../src/tbv/core/clients/vault-provider/auth/innerTokenClient.ts","../src/tbv/core/clients/vault-provider/auth/tokenProvider.ts","../src/tbv/core/clients/vault-provider/auth/tokenRegistry.ts","../src/tbv/core/clients/vault-provider/auth/createAuthenticatedVpClient.ts","../src/tbv/core/clients/vault-provider/auth/primeVpAuth.ts","../src/tbv/core/clients/eth/contract-address-resolver.ts","../src/tbv/core/clients/eth/protocol-params-reader.ts","../src/tbv/core/clients/eth/signer-set-reader.ts","../src/tbv/core/clients/eth/vault-registry-reader.ts"],"sourcesContent":["/**\n * Mempool API Client\n *\n * Client for interacting with mempool.space API for Bitcoin network operations.\n * Used for broadcasting transactions and fetching UTXO data.\n *\n * @module clients/mempool/mempoolApi\n */\n\nimport {\n  BITCOIN_ADDRESS_RE,\n  HEX_RE,\n  KNOWN_SCRIPT_PREFIXES,\n  TXID_RE,\n} from \"../../utils/validation\";\n\nimport type { MempoolUTXO, NetworkFees, TxInfo, UtxoInfo } from \"./types\";\n\n/** Maximum valid satoshi value: 21 million BTC × 10^8 sats/BTC */\nconst MAX_SATOSHIS = 21_000_000 * 1e8;\n\n/** Timeout for mempool API requests — prevents indefinite hangs from stalled endpoints */\nconst MEMPOOL_REQUEST_TIMEOUT_MS = 30_000;\n\n/**\n * Fetch wrapper with AbortController-based timeout.\n * Ensures all mempool API requests fail bounded rather than hanging indefinitely.\n */\nasync function fetchWithTimeout(\n  url: string,\n  options?: RequestInit,\n): Promise<Response> {\n  const controller = new AbortController();\n  const timeoutId = setTimeout(\n    () => controller.abort(),\n    MEMPOOL_REQUEST_TIMEOUT_MS,\n  );\n\n  // Compose timeout signal with any caller-supplied signal so both can cancel\n  const signals = [controller.signal, options?.signal].filter(\n    Boolean,\n  ) as AbortSignal[];\n\n  try {\n    // Don't clear timeout here — let it cover body consumption by callers\n    return await fetch(url, {\n      ...options,\n      signal: AbortSignal.any(signals),\n    });\n  } catch (error) {\n    clearTimeout(timeoutId);\n    if (\n      error != null &&\n      typeof error === \"object\" &&\n      \"name\" in error &&\n      error.name === \"AbortError\"\n    ) {\n      throw new Error(\n        `Mempool API request timed out after ${MEMPOOL_REQUEST_TIMEOUT_MS}ms: ${url}`,\n      );\n    }\n    throw error;\n  }\n}\n\n/**\n * Maximum sane fee rate in sat/vByte.\n * The April 2024 Runes spike peaked around 1,805 sat/vB — 10,000 provides ample headroom.\n */\nconst MAX_FEE_RATE = 10_000;\n\nfunction isValidSatoshiValue(value: number): boolean {\n  return Number.isInteger(value) && value > 0 && value <= MAX_SATOSHIS;\n}\n\nfunction isValidFeeRate(value: number): boolean {\n  return Number.isInteger(value) && value > 0 && value <= MAX_FEE_RATE;\n}\n\nfunction isValidVout(vout: number, outputCount?: number): boolean {\n  if (!Number.isInteger(vout) || vout < 0) return false;\n  return outputCount === undefined || vout < outputCount;\n}\n\n\nfunction assertValidTxid(txid: string): void {\n  if (!TXID_RE.test(txid)) {\n    throw new Error(`Invalid transaction ID format: ${txid}`);\n  }\n}\n\nfunction assertValidAddress(address: string): void {\n  if (!BITCOIN_ADDRESS_RE.test(address)) {\n    throw new Error(`Invalid Bitcoin address format: ${address}`);\n  }\n}\n\nfunction assertValidScriptPubKey(scriptPubKey: string, context: string): void {\n  if (!HEX_RE.test(scriptPubKey)) {\n    throw new Error(\n      `Invalid scriptPubKey: not valid hex for ${context}`,\n    );\n  }\n  const matchesKnownType = KNOWN_SCRIPT_PREFIXES.some((prefix) =>\n    scriptPubKey.toLowerCase().startsWith(prefix),\n  );\n  if (!matchesKnownType) {\n    throw new Error(\n      `Unrecognized scriptPubKey type for ${context}: ` +\n        `prefix ${scriptPubKey.slice(0, 6)} does not match any known Bitcoin script type`,\n    );\n  }\n}\n\n/**\n * Default mempool API URLs by network.\n */\nexport const MEMPOOL_API_URLS = {\n  mainnet: \"https://mempool.space/api\",\n  testnet: \"https://mempool.space/testnet/api\",\n  signet: \"https://mempool.space/signet/api\",\n} as const;\n\n/**\n * Fetch wrapper with error handling.\n */\nasync function fetchApi<T>(\n  url: string,\n  options?: RequestInit,\n): Promise<T> {\n  try {\n    const response = await fetchWithTimeout(url, options);\n\n    if (!response.ok) {\n      const errorText = await response.text();\n      throw new Error(\n        `Mempool API error (${response.status}): ${errorText || response.statusText}`,\n      );\n    }\n\n    const contentType = response.headers.get(\"content-type\");\n    if (contentType?.includes(\"application/json\")) {\n      return (await response.json()) as T;\n    } else {\n      return (await response.text()) as T;\n    }\n  } catch (error) {\n    if (error instanceof Error) {\n      throw new Error(`Failed to fetch from mempool API: ${error.message}`);\n    }\n    throw new Error(\"Failed to fetch from mempool API: Unknown error\");\n  }\n}\n\n/**\n * Push a signed transaction to the Bitcoin network.\n *\n * @param txHex - The signed transaction hex string\n * @param apiUrl - Mempool API base URL\n * @returns The transaction ID\n * @throws Error if broadcasting fails\n */\nexport async function pushTx(txHex: string, apiUrl: string): Promise<string> {\n  try {\n    const response = await fetchWithTimeout(`${apiUrl}/tx`, {\n      method: \"POST\",\n      body: txHex,\n      headers: {\n        \"Content-Type\": \"text/plain\",\n      },\n    });\n\n    if (!response.ok) {\n      const errorText = await response.text();\n      // Try to extract error message from response using robust JSON parsing\n      let message: string | undefined;\n      try {\n        const errorJson = JSON.parse(errorText);\n        message = errorJson.message;\n      } catch {\n        // Not JSON, use raw text\n        message = errorText;\n      }\n      throw new Error(\n        message || `Failed to broadcast transaction: ${response.statusText}`,\n      );\n    }\n\n    // Response is the transaction ID (plain text)\n    const txId = await response.text();\n    return txId;\n  } catch (error) {\n    if (error instanceof Error) {\n      throw new Error(`Failed to broadcast BTC transaction: ${error.message}`);\n    }\n    throw new Error(\"Failed to broadcast BTC transaction: Unknown error\");\n  }\n}\n\n/**\n * Get transaction information from mempool.\n *\n * @param txid - The transaction ID\n * @param apiUrl - Mempool API base URL\n * @returns Transaction information\n */\nexport async function getTxInfo(txid: string, apiUrl: string): Promise<TxInfo> {\n  assertValidTxid(txid);\n  return fetchApi<TxInfo>(`${apiUrl}/tx/${txid}`);\n}\n\n/**\n * Get the hex representation of a transaction.\n *\n * @param txid - The transaction ID\n * @param apiUrl - Mempool API base URL\n * @returns The transaction hex string\n * @throws Error if the request fails or transaction is not found\n */\nexport async function getTxHex(txid: string, apiUrl: string): Promise<string> {\n  assertValidTxid(txid);\n  try {\n    const response = await fetchWithTimeout(`${apiUrl}/tx/${txid}/hex`);\n\n    if (!response.ok) {\n      const errorText = await response.text();\n      throw new Error(\n        `Mempool API error (${response.status}): ${errorText || response.statusText}`,\n      );\n    }\n\n    return await response.text();\n  } catch (error) {\n    if (error instanceof Error) {\n      throw new Error(`Failed to get transaction hex for ${txid}: ${error.message}`);\n    }\n    throw new Error(`Failed to get transaction hex for ${txid}: Unknown error`);\n  }\n}\n\n/**\n * Get UTXO information for a specific transaction output.\n *\n * This is used for constructing PSBTs where we need the witnessUtxo data.\n * Only supports Taproot (P2TR) and native SegWit (P2WPKH, P2WSH) script types.\n *\n * @param txid - The transaction ID containing the UTXO\n * @param vout - The output index\n * @param apiUrl - Mempool API base URL\n * @returns UTXO information with value and scriptPubKey\n */\nexport async function getUtxoInfo(\n  txid: string,\n  vout: number,\n  apiUrl: string,\n): Promise<UtxoInfo> {\n  assertValidTxid(txid);\n  const txInfo = await getTxInfo(txid, apiUrl);\n\n  if (!isValidVout(vout, txInfo.vout.length)) {\n    throw new Error(\n      `Invalid vout ${vout} for transaction ${txid} (has ${txInfo.vout.length} outputs)`,\n    );\n  }\n\n  const output = txInfo.vout[vout];\n  if (!isValidSatoshiValue(output.value)) {\n    throw new Error(`Invalid UTXO value ${output.value} for ${txid}:${vout}`);\n  }\n  assertValidScriptPubKey(output.scriptpubkey, `${txid}:${vout}`);\n\n  return {\n    txid,\n    vout,\n    value: output.value,\n    scriptPubKey: output.scriptpubkey,\n  };\n}\n\n/**\n * Get all UTXOs for a Bitcoin address.\n *\n * @param address - The Bitcoin address\n * @param apiUrl - Mempool API base URL\n * @returns Array of UTXOs sorted by value (largest first)\n */\nexport async function getAddressUtxos(\n  address: string,\n  apiUrl: string,\n): Promise<MempoolUTXO[]> {\n  assertValidAddress(address);\n  try {\n    // Fetch UTXOs for the address\n    const utxos = await fetchApi<\n      {\n        txid: string;\n        vout: number;\n        value: number;\n        status: {\n          confirmed: boolean;\n        };\n      }[]\n    >(`${apiUrl}/address/${address}/utxo`);\n\n    // Fetch scriptPubKey for the address\n    const addressInfo = await fetchApi<{\n      isvalid: boolean;\n      scriptPubKey: string;\n    }>(`${apiUrl}/v1/validate-address/${address}`);\n\n    if (!addressInfo.isvalid) {\n      throw new Error(\n        `Invalid Bitcoin address: ${address}. Mempool API validation failed.`,\n      );\n    }\n    assertValidScriptPubKey(addressInfo.scriptPubKey, address);\n\n    // Validate UTXO fields from the listing endpoint.\n    // Per-UTXO cross-verification against /tx/{txid} is intentionally NOT done\n    // here — it would be expensive (N API calls) and redundant: the broadcast\n    // path already verifies each selected input via getUtxoInfo before signing.\n    // Both endpoints come from the same mempool API, so cross-checking one\n    // against the other on the same server does not add real security.\n    for (const utxo of utxos) {\n      assertValidTxid(utxo.txid);\n      if (!isValidVout(utxo.vout)) {\n        throw new Error(`Invalid vout ${utxo.vout} for ${utxo.txid}`);\n      }\n      if (!isValidSatoshiValue(utxo.value)) {\n        throw new Error(\n          `Invalid UTXO value ${utxo.value} for ${utxo.txid}:${utxo.vout}`,\n        );\n      }\n    }\n\n    // Sort by value (largest first) and map to our UTXO format\n    const sortedUTXOs = utxos.sort((a, b) => b.value - a.value);\n\n    return sortedUTXOs.map((utxo) => ({\n      txid: utxo.txid,\n      vout: utxo.vout,\n      value: utxo.value,\n      scriptPubKey: addressInfo.scriptPubKey,\n      confirmed: utxo.status.confirmed,\n    }));\n  } catch (error) {\n    if (error instanceof Error) {\n      throw new Error(\n        `Failed to get UTXOs for address ${address}: ${error.message}`,\n      );\n    }\n    throw new Error(\n      `Failed to get UTXOs for address ${address}: Unknown error`,\n    );\n  }\n}\n\n/**\n * Get the mempool API URL for a given network.\n *\n * @param network - Bitcoin network (mainnet, testnet, signet)\n * @returns The mempool API URL\n */\nexport function getMempoolApiUrl(\n  network: \"mainnet\" | \"testnet\" | \"signet\",\n): string {\n  return MEMPOOL_API_URLS[network];\n}\n\n/**\n * Transaction summary from address transactions endpoint.\n */\nexport interface AddressTx {\n  txid: string;\n  status: {\n    confirmed: boolean;\n    block_height?: number;\n  };\n}\n\n/**\n * Get recent transactions for a Bitcoin address.\n *\n * Returns the last 25 confirmed transactions plus any unconfirmed (mempool) transactions.\n * This is useful for checking if a specific transaction has been broadcast.\n *\n * @param address - The Bitcoin address\n * @param apiUrl - Mempool API base URL\n * @returns Array of recent transactions\n */\nexport async function getAddressTxs(\n  address: string,\n  apiUrl: string,\n): Promise<AddressTx[]> {\n  assertValidAddress(address);\n  return fetchApi<AddressTx[]>(`${apiUrl}/address/${address}/txs`);\n}\n\n/**\n * Fetches Bitcoin network fee recommendations from mempool.space API.\n *\n * @param apiUrl - Mempool API base URL\n * @returns Fee rates in sat/vbyte for different confirmation times\n * @throws Error if request fails or returns invalid data\n *\n * @see https://mempool.space/docs/api/rest#get-recommended-fees\n */\nexport async function getNetworkFees(apiUrl: string): Promise<NetworkFees> {\n  const response = await fetchWithTimeout(`${apiUrl}/v1/fees/recommended`);\n\n  if (!response.ok) {\n    throw new Error(\n      `Failed to fetch network fees: ${response.status} ${response.statusText}`,\n    );\n  }\n\n  const data = await response.json();\n\n  const feeFields = [\n    \"fastestFee\",\n    \"halfHourFee\",\n    \"hourFee\",\n    \"economyFee\",\n    \"minimumFee\",\n  ] as const;\n\n  for (const field of feeFields) {\n    if (!isValidFeeRate(data[field])) {\n      throw new Error(\n        `Invalid fee rate ${field}=${data[field]} from mempool API: expected a positive number ≤ ${MAX_FEE_RATE}`,\n      );\n    }\n  }\n\n  if (\n    data.minimumFee > data.economyFee ||\n    data.economyFee > data.hourFee ||\n    data.hourFee > data.halfHourFee ||\n    data.halfHourFee > data.fastestFee\n  ) {\n    throw new Error(\n      `Fee rate ordering violation from mempool API: expected ` +\n        `minimumFee (${data.minimumFee}) <= economyFee (${data.economyFee}) <= ` +\n        `hourFee (${data.hourFee}) <= halfHourFee (${data.halfHourFee}) <= ` +\n        `fastestFee (${data.fastestFee}).`,\n    );\n  }\n\n  return data as NetworkFees;\n}\n\n","/**\n * ApplicationRegistry Contract ABI\n *\n * Minimal ABI containing only the vault keeper read functions needed by the SDK.\n * Generated from vault-contracts-aave-v4 IApplicationRegistry.sol interface.\n *\n * @module contracts/abis/ApplicationRegistry\n */\n\nexport const ApplicationRegistryABI = [\n  {\n    type: \"function\",\n    name: \"getVaultKeepersByVersion\",\n    inputs: [\n      {\n        name: \"appEntryPoint\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n      {\n        name: \"versionNumber\",\n        type: \"uint16\",\n        internalType: \"uint16\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"\",\n        type: \"tuple[]\",\n        internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n        components: [\n          {\n            name: \"ethAddress\",\n            type: \"address\",\n            internalType: \"address\",\n          },\n          {\n            name: \"btcPubKey\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getCurrentVaultKeepers\",\n    inputs: [\n      {\n        name: \"appEntryPoint\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"\",\n        type: \"tuple[]\",\n        internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n        components: [\n          {\n            name: \"ethAddress\",\n            type: \"address\",\n            internalType: \"address\",\n          },\n          {\n            name: \"btcPubKey\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getCurrentVaultKeepersVersion\",\n    inputs: [\n      {\n        name: \"appEntryPoint\",\n        type: \"address\",\n        internalType: \"address\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"\",\n        type: \"uint16\",\n        internalType: \"uint16\",\n      },\n    ],\n    stateMutability: \"view\",\n  },\n] as const;\n","/**\n * ProtocolParams Contract ABI\n *\n * Minimal ABI containing only the read functions needed by the SDK.\n * Generated from vault-contracts-aave-v4 IProtocolParams.sol interface.\n *\n * @module contracts/abis/ProtocolParams\n */\n\nexport const ProtocolParamsABI = [\n  {\n    type: \"function\",\n    name: \"getTBVProtocolParams\",\n    inputs: [],\n    outputs: [\n      {\n        name: \"\",\n        type: \"tuple\",\n        internalType: \"struct IProtocolParams.TBVProtocolParams\",\n        components: [\n          {\n            name: \"minimumPegInAmount\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"maxPegInAmount\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"pegInAckTimeout\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"pegInActivationTimeout\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"maxHtlcOutputCount\",\n            type: \"uint8\",\n            internalType: \"uint8\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getLatestOffchainParams\",\n    inputs: [],\n    outputs: [\n      {\n        name: \"\",\n        type: \"tuple\",\n        internalType: \"struct IProtocolParams.VersionedOffchainParams\",\n        components: [\n          {\n            name: \"timelockAssert\",\n            type: \"uint256\",\n            internalType: \"uint256\",\n          },\n          {\n            name: \"timelockChallengeAssert\",\n            type: \"uint256\",\n            internalType: \"uint256\",\n          },\n          {\n            name: \"securityCouncilKeys\",\n            type: \"bytes32[]\",\n            internalType: \"bytes32[]\",\n          },\n          {\n            name: \"councilQuorum\",\n            type: \"uint8\",\n            internalType: \"uint8\",\n          },\n          {\n            name: \"feeRate\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"babeTotalInstances\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"babeInstancesToFinalize\",\n            type: \"uint8\",\n            internalType: \"uint8\",\n          },\n          {\n            name: \"minVpCommissionBps\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"tRefund\",\n            type: \"uint32\",\n            internalType: \"uint32\",\n          },\n          {\n            name: \"tStale\",\n            type: \"uint32\",\n            internalType: \"uint32\",\n          },\n          {\n            name: \"minPeginFeeRate\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"proverProgramVersion\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"minPrepeginDepth\",\n            type: \"uint32\",\n            internalType: \"uint32\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getOffchainParamsByVersion\",\n    inputs: [\n      {\n        name: \"versionNumber\",\n        type: \"uint16\",\n        internalType: \"uint16\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"\",\n        type: \"tuple\",\n        internalType: \"struct IProtocolParams.VersionedOffchainParams\",\n        components: [\n          {\n            name: \"timelockAssert\",\n            type: \"uint256\",\n            internalType: \"uint256\",\n          },\n          {\n            name: \"timelockChallengeAssert\",\n            type: \"uint256\",\n            internalType: \"uint256\",\n          },\n          {\n            name: \"securityCouncilKeys\",\n            type: \"bytes32[]\",\n            internalType: \"bytes32[]\",\n          },\n          {\n            name: \"councilQuorum\",\n            type: \"uint8\",\n            internalType: \"uint8\",\n          },\n          {\n            name: \"feeRate\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"babeTotalInstances\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"babeInstancesToFinalize\",\n            type: \"uint8\",\n            internalType: \"uint8\",\n          },\n          {\n            name: \"minVpCommissionBps\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"tRefund\",\n            type: \"uint32\",\n            internalType: \"uint32\",\n          },\n          {\n            name: \"tStale\",\n            type: \"uint32\",\n            internalType: \"uint32\",\n          },\n          {\n            name: \"minPeginFeeRate\",\n            type: \"uint64\",\n            internalType: \"uint64\",\n          },\n          {\n            name: \"proverProgramVersion\",\n            type: \"uint16\",\n            internalType: \"uint16\",\n          },\n          {\n            name: \"minPrepeginDepth\",\n            type: \"uint32\",\n            internalType: \"uint32\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"latestOffchainParamsVersion\",\n    inputs: [],\n    outputs: [\n      {\n        name: \"\",\n        type: \"uint16\",\n        internalType: \"uint16\",\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getUniversalChallengersByVersion\",\n    inputs: [\n      {\n        name: \"versionNumber\",\n        type: \"uint16\",\n        internalType: \"uint16\",\n      },\n    ],\n    outputs: [\n      {\n        name: \"\",\n        type: \"tuple[]\",\n        internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n        components: [\n          {\n            name: \"ethAddress\",\n            type: \"address\",\n            internalType: \"address\",\n          },\n          {\n            name: \"btcPubKey\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"getCurrentUniversalChallengers\",\n    inputs: [],\n    outputs: [\n      {\n        name: \"\",\n        type: \"tuple[]\",\n        internalType: \"struct BTCVaultTypes.AddressBTCKeyPair[]\",\n        components: [\n          {\n            name: \"ethAddress\",\n            type: \"address\",\n            internalType: \"address\",\n          },\n          {\n            name: \"btcPubKey\",\n            type: \"bytes32\",\n            internalType: \"bytes32\",\n          },\n        ],\n      },\n    ],\n    stateMutability: \"view\",\n  },\n  {\n    type: \"function\",\n    name: \"latestUniversalChallengersVersion\",\n    inputs: [],\n    outputs: [\n      {\n        name: \"\",\n        type: \"uint16\",\n        internalType: \"uint16\",\n      },\n    ],\n    stateMutability: \"view\",\n  },\n] as const;\n","/**\n * Runtime validation for vault provider RPC responses.\n *\n * All VP RPC methods return untyped JSON that TypeScript generics cast without\n * inspection. These validators check the critical top-level fields and\n * security-relevant values (status, txids, pubkeys). Optional progress\n * sub-fields (gc_data, ack_collection, claimer_graphs) are NOT validated\n * since they are informational and not used for signing or transaction\n * construction. Only `progress.presigning` sub-fields are checked.\n */\n\nimport {\n  COMPRESSED_PUBKEY_HEX_LEN,\n  X_ONLY_PUBKEY_HEX_LEN,\n} from \"../../primitives/utils/bitcoin\";\nimport { HEX_RE } from \"../../utils/validation\";\n\nimport { DaemonStatus } from \"./types\";\nimport type {\n  GetPeginStatusResponse,\n  GetPegoutStatusResponse,\n  RequestDepositorClaimerArtifactsResponse,\n  RequestDepositorPresignTransactionsResponse,\n} from \"./types\";\n\nconst DAEMON_STATUS_VALUES = new Set<string>(Object.values(DaemonStatus));\n\nconst VP_ERROR_PREVIEW_MAX_LEN = 200;\n\nfunction preview(value: unknown): string {\n  return (\n    JSON.stringify(value)?.slice(0, VP_ERROR_PREVIEW_MAX_LEN) ?? \"undefined\"\n  );\n}\n\nconst VP_VALIDATION_USER_MESSAGE =\n  \"The vault provider returned an unexpected response. Please try again or contact support.\";\n\n/**\n * Thrown when a VP RPC response fails runtime validation.\n *\n * `.message` is a user-facing string safe to display in the UI.\n * `.detail` contains the technical reason, suitable for logging.\n */\nexport class VpResponseValidationError extends Error {\n  readonly detail: string;\n\n  constructor(detail: string) {\n    super(VP_VALIDATION_USER_MESSAGE);\n    this.name = \"VpResponseValidationError\";\n    this.detail = detail;\n  }\n}\n\n/** Expected length (in hex chars) of a Bitcoin transaction ID (32 bytes). */\nconst TXID_HEX_LEN = 64;\n\nfunction isNonEmptyHex(value: unknown): value is string {\n  return typeof value === \"string\" && value.length > 0 && HEX_RE.test(value);\n}\n\nfunction isNonEmptyString(value: unknown): value is string {\n  return typeof value === \"string\" && value.length > 0;\n}\n\nfunction assertNonEmptyHex(value: unknown, field: string): void {\n  if (!isNonEmptyHex(value)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}\" must be a non-empty hex string, got ${preview(value)}`,\n    );\n  }\n}\n\nfunction assertNonEmptyString(value: unknown, field: string): void {\n  if (!isNonEmptyString(value)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}\" must be a non-empty string, got ${preview(value)}`,\n    );\n  }\n}\n\n/**\n * Accept both x-only (64-char) and compressed (66-char) pubkeys from VP responses.\n * The signing code normalizes to x-only via processPublicKeyToXOnly().\n */\nfunction assertBtcPubkey(value: unknown, field: string): void {\n  if (\n    !isNonEmptyHex(value) ||\n    (value.length !== X_ONLY_PUBKEY_HEX_LEN &&\n      value.length !== COMPRESSED_PUBKEY_HEX_LEN)\n  ) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}\" must be a ${X_ONLY_PUBKEY_HEX_LEN} or ${COMPRESSED_PUBKEY_HEX_LEN}-char hex string (BTC pubkey), got ${preview(value)}`,\n    );\n  }\n}\n\n/**\n * Validate the optional presigning progress fields returned inside PeginProgressDetails.\n */\nfunction validatePresigningProgressFields(\n  progress: Record<string, unknown>,\n): void {\n  const presigning = progress.presigning;\n  if (presigning === undefined || presigning === null) return;\n  if (typeof presigning !== \"object\" || Array.isArray(presigning)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"progress.presigning\" must be an object if present`,\n    );\n  }\n\n  const p = presigning as Record<string, unknown>;\n\n  if (\n    p.depositor_graph_created !== undefined &&\n    typeof p.depositor_graph_created !== \"boolean\"\n  ) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"progress.presigning.depositor_graph_created\" must be a boolean if present, got ${preview(p.depositor_graph_created)}`,\n    );\n  }\n\n  if (\n    p.vk_challenger_presigning_completed !== undefined &&\n    typeof p.vk_challenger_presigning_completed !== \"number\"\n  ) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"progress.presigning.vk_challenger_presigning_completed\" must be a number if present, got ${preview(p.vk_challenger_presigning_completed)}`,\n    );\n  }\n\n  if (\n    p.vk_challenger_presigning_total !== undefined &&\n    typeof p.vk_challenger_presigning_total !== \"number\"\n  ) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"progress.presigning.vk_challenger_presigning_total\" must be a number if present, got ${preview(p.vk_challenger_presigning_total)}`,\n    );\n  }\n}\n\n/**\n * Validate a getPeginStatus response.\n *\n * Throws if the status field is not a recognized DaemonStatus value.\n */\nexport function validateGetPeginStatusResponse(\n  response: unknown,\n): asserts response is GetPeginStatusResponse {\n  if (response === null || typeof response !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: getPeginStatus response is not an object`,\n    );\n  }\n\n  const r = response as Record<string, unknown>;\n\n  if (!isNonEmptyHex(r.pegin_txid) || r.pegin_txid.length !== TXID_HEX_LEN) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"pegin_txid\" must be a ${TXID_HEX_LEN}-char hex string (txid), got ${preview(r.pegin_txid)}`,\n    );\n  }\n\n  if (typeof r.status !== \"string\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"status\" must be a string`,\n    );\n  }\n\n  if (!DAEMON_STATUS_VALUES.has(r.status)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: unrecognized status \"${r.status}\". Expected one of: ${[...DAEMON_STATUS_VALUES].join(\", \")}`,\n    );\n  }\n\n  if (\n    r.progress === null ||\n    typeof r.progress !== \"object\" ||\n    Array.isArray(r.progress)\n  ) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"progress\" must be an object`,\n    );\n  }\n\n  validatePresigningProgressFields(r.progress as Record<string, unknown>);\n\n  if (typeof r.health_info !== \"string\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"health_info\" must be a string`,\n    );\n  }\n\n  if (r.last_error !== undefined && typeof r.last_error !== \"string\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"last_error\" must be a string if present, got ${preview(r.last_error)}`,\n    );\n  }\n}\n\n/**\n * Validate a requestDepositorPresignTransactions response.\n */\nexport function validateRequestDepositorPresignTransactionsResponse(\n  response: unknown,\n): asserts response is RequestDepositorPresignTransactionsResponse {\n  if (response === null || typeof response !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: requestDepositorPresignTransactions response is not an object`,\n    );\n  }\n\n  const r = response as Record<string, unknown>;\n\n  if (!Array.isArray(r.txs)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"txs\" must be an array`,\n    );\n  }\n\n  for (let i = 0; i < r.txs.length; i++) {\n    validateClaimerTransactions(r.txs[i], `txs[${i}]`);\n  }\n\n  if (r.depositor_graph === null || typeof r.depositor_graph !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"depositor_graph\" must be an object`,\n    );\n  }\n\n  validateDepositorGraphTransactions(\n    r.depositor_graph as Record<string, unknown>,\n  );\n}\n\nfunction validateTransactionData(value: unknown, field: string): void {\n  if (value === null || typeof value !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}\" must be an object`,\n    );\n  }\n  const tx = value as Record<string, unknown>;\n  assertNonEmptyHex(tx.tx_hex, `${field}.tx_hex`);\n}\n\nfunction validateClaimerTransactions(value: unknown, field: string): void {\n  if (value === null || typeof value !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}\" must be an object`,\n    );\n  }\n\n  const tx = value as Record<string, unknown>;\n\n  assertBtcPubkey(tx.claimer_pubkey, `${field}.claimer_pubkey`);\n  validateTransactionData(tx.claim_tx, `${field}.claim_tx`);\n  validateTransactionData(tx.assert_tx, `${field}.assert_tx`);\n  validateTransactionData(tx.payout_tx, `${field}.payout_tx`);\n  assertNonEmptyString(tx.payout_psbt, `${field}.payout_psbt`);\n}\n\nfunction validateChallengeAssertConnectorData(\n  value: unknown,\n  field: string,\n): void {\n  if (value === null || typeof value !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}\" must be an object`,\n    );\n  }\n\n  const c = value as Record<string, unknown>;\n  assertNonEmptyString(c.wots_pks_json, `${field}.wots_pks_json`);\n  assertNonEmptyString(c.gc_wots_keys_json, `${field}.gc_wots_keys_json`);\n}\n\nfunction validatePresignDataPerChallenger(value: unknown, field: string): void {\n  if (value === null || typeof value !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}\" must be an object`,\n    );\n  }\n\n  const d = value as Record<string, unknown>;\n\n  assertBtcPubkey(d.challenger_pubkey, `${field}.challenger_pubkey`);\n  validateTransactionData(\n    d.challenge_assert_x_tx,\n    `${field}.challenge_assert_x_tx`,\n  );\n  validateTransactionData(\n    d.challenge_assert_y_tx,\n    `${field}.challenge_assert_y_tx`,\n  );\n  validateTransactionData(d.nopayout_tx, `${field}.nopayout_tx`);\n  assertNonEmptyString(d.nopayout_psbt, `${field}.nopayout_psbt`);\n\n  if (!Array.isArray(d.challenge_assert_connectors)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}.challenge_assert_connectors\" must be an array`,\n    );\n  }\n\n  for (let i = 0; i < d.challenge_assert_connectors.length; i++) {\n    validateChallengeAssertConnectorData(\n      d.challenge_assert_connectors[i],\n      `${field}.challenge_assert_connectors[${i}]`,\n    );\n  }\n\n  if (!Array.isArray(d.output_label_hashes)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"${field}.output_label_hashes\" must be an array`,\n    );\n  }\n\n  for (let i = 0; i < d.output_label_hashes.length; i++) {\n    assertNonEmptyHex(\n      d.output_label_hashes[i],\n      `${field}.output_label_hashes[${i}]`,\n    );\n  }\n}\n\n/**\n * Validate a requestDepositorClaimerArtifacts response.\n */\nexport function validateRequestDepositorClaimerArtifactsResponse(\n  response: unknown,\n): asserts response is RequestDepositorClaimerArtifactsResponse {\n  if (response === null || typeof response !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: requestDepositorClaimerArtifacts response is not an object`,\n    );\n  }\n\n  const r = response as Record<string, unknown>;\n\n  if (!isNonEmptyString(r.tx_graph_json)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"tx_graph_json\" must be a non-empty string, got ${preview(r.tx_graph_json)}`,\n    );\n  }\n\n  if (!isNonEmptyHex(r.verifying_key_hex)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"verifying_key_hex\" must be a non-empty hex string, got ${preview(r.verifying_key_hex)}`,\n    );\n  }\n\n  if (r.babe_sessions === null || typeof r.babe_sessions !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"babe_sessions\" must be an object`,\n    );\n  }\n\n  for (const [key, session] of Object.entries(\n    r.babe_sessions as Record<string, unknown>,\n  )) {\n    if (session === null || typeof session !== \"object\") {\n      throw new VpResponseValidationError(\n        `VP response validation failed: \"babe_sessions.${key}\" must be an object`,\n      );\n    }\n    const s = session as Record<string, unknown>;\n    if (!isNonEmptyHex(s.decryptor_artifacts_hex)) {\n      throw new VpResponseValidationError(\n        `VP response validation failed: \"babe_sessions.${key}.decryptor_artifacts_hex\" must be a non-empty hex string, got ${preview(s.decryptor_artifacts_hex)}`,\n      );\n    }\n  }\n}\n\n/**\n * Validate a getPegoutStatus response.\n */\nexport function validateGetPegoutStatusResponse(\n  response: unknown,\n): asserts response is GetPegoutStatusResponse {\n  if (response === null || typeof response !== \"object\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: getPegoutStatus response is not an object`,\n    );\n  }\n\n  const r = response as Record<string, unknown>;\n\n  if (!isNonEmptyHex(r.pegin_txid) || r.pegin_txid.length !== TXID_HEX_LEN) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"pegin_txid\" must be a ${TXID_HEX_LEN}-char hex string (txid), got ${preview(r.pegin_txid)}`,\n    );\n  }\n\n  if (typeof r.found !== \"boolean\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"found\" must be a boolean, got ${preview(r.found)}`,\n    );\n  }\n\n  if (r.claimer !== undefined) {\n    if (r.claimer === null || typeof r.claimer !== \"object\") {\n      throw new VpResponseValidationError(\n        `VP response validation failed: \"claimer\" must be an object if present`,\n      );\n    }\n    const claimer = r.claimer as Record<string, unknown>;\n    if (typeof claimer.status !== \"string\") {\n      throw new VpResponseValidationError(\n        `VP response validation failed: \"claimer.status\" must be a string, got ${preview(claimer.status)}`,\n      );\n    }\n    if (typeof claimer.failed !== \"boolean\") {\n      throw new VpResponseValidationError(\n        `VP response validation failed: \"claimer.failed\" must be a boolean, got ${preview(claimer.failed)}`,\n      );\n    }\n  }\n\n  if (r.challenger !== undefined) {\n    if (r.challenger === null || typeof r.challenger !== \"object\") {\n      throw new VpResponseValidationError(\n        `VP response validation failed: \"challenger\" must be an object if present`,\n      );\n    }\n    const challenger = r.challenger as Record<string, unknown>;\n    if (typeof challenger.status !== \"string\") {\n      throw new VpResponseValidationError(\n        `VP response validation failed: \"challenger.status\" must be a string, got ${preview(challenger.status)}`,\n      );\n    }\n  }\n}\n\nfunction validateDepositorGraphTransactions(\n  graph: Record<string, unknown>,\n): void {\n  validateTransactionData(graph.claim_tx, \"depositor_graph.claim_tx\");\n  validateTransactionData(graph.assert_tx, \"depositor_graph.assert_tx\");\n  validateTransactionData(graph.payout_tx, \"depositor_graph.payout_tx\");\n  assertNonEmptyString(graph.payout_psbt, \"depositor_graph.payout_psbt\");\n\n  if (!Array.isArray(graph.challenger_presign_data)) {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"depositor_graph.challenger_presign_data\" must be an array`,\n    );\n  }\n\n  for (let i = 0; i < graph.challenger_presign_data.length; i++) {\n    validatePresignDataPerChallenger(\n      graph.challenger_presign_data[i],\n      `depositor_graph.challenger_presign_data[${i}]`,\n    );\n  }\n\n  if (typeof graph.offchain_params_version !== \"number\") {\n    throw new VpResponseValidationError(\n      `VP response validation failed: \"depositor_graph.offchain_params_version\" must be a number`,\n    );\n  }\n}\n","/**\n * JSON-RPC client for the Vault Provider API.\n *\n * Wraps {@link JsonRpcClient} with typed methods matching the\n * `vaultProvider_*` RPC namespace defined in the btc-vault pegin spec.\n *\n * Implements the narrow service interfaces (PeginStatusReader, WotsKeySubmitter,\n * PresignClient, ClaimerArtifactsReader) so it can be passed directly to\n * any deposit protocol service function.\n *\n * @see https://github.com/babylonlabs-io/btc-vault/blob/main/docs/pegin.md\n */\n\nimport type { PeginStatusReader, WotsKeySubmitter, PresignClient, ClaimerArtifactsReader } from \"../../services/deposit/interfaces\";\n\nimport {\n  type BearerTokenProvider,\n  JsonRpcClient,\n  type JsonRpcClientConfig,\n} from \"./json-rpc-client\";\nimport type {\n  GetPeginStatusParams,\n  GetPeginStatusResponse,\n  GetPegoutStatusParams,\n  GetPegoutStatusResponse,\n  RequestDepositorClaimerArtifactsParams,\n  RequestDepositorClaimerArtifactsResponse,\n  RequestDepositorPresignTransactionsParams,\n  RequestDepositorPresignTransactionsResponse,\n  SubmitDepositorPresignaturesParams,\n  SubmitDepositorWotsKeyParams,\n} from \"./types\";\nimport {\n  validateGetPeginStatusResponse,\n  validateGetPegoutStatusResponse,\n  validateRequestDepositorClaimerArtifactsResponse,\n  validateRequestDepositorPresignTransactionsResponse,\n} from \"./validators\";\n\nexport interface VaultProviderRpcClientOptions {\n  /** Timeout in milliseconds per request (default: 60000) */\n  timeout?: number;\n  /** Number of retry attempts for safe methods (default: 3) */\n  retries?: number;\n  /** Initial retry delay in milliseconds (default: 1000) */\n  retryDelay?: number;\n  /**\n   * Custom retry predicate. Default retries only the idempotent read\n   * methods: `getPeginStatus`, `getPegoutStatus`,\n   * `requestDepositorPresignTransactions`.\n   */\n  retryableFor?: (method: string) => boolean;\n  /** Custom headers. */\n  headers?: Record<string, string>;\n  /**\n   * Per-request bearer-token source. A non-null return attaches\n   * `Authorization: Bearer <token>`; `null` skips auth. Wire a\n   * {@link VpTokenProvider} for depositor-gated methods.\n   */\n  tokenProvider?: BearerTokenProvider;\n  /** Maximum response body size, in bytes, for typed JSON-RPC calls */\n  maxResponseBytes?: number;\n}\n\nconst DEFAULT_TIMEOUT_MS = 60_000;\n\n/**\n * Concrete VP RPC client implementing all service interfaces.\n *\n * Usage:\n * ```ts\n * const client = new VaultProviderRpcClient(\"https://vp.example.com/rpc\");\n * const status = await client.getPeginStatus({ pegin_txid: \"abc...\" });\n * ```\n */\nexport class VaultProviderRpcClient\n  implements PeginStatusReader, WotsKeySubmitter, PresignClient, ClaimerArtifactsReader\n{\n  private client: JsonRpcClient;\n\n  constructor(baseUrl: string, options?: VaultProviderRpcClientOptions) {\n    const config: JsonRpcClientConfig = {\n      baseUrl,\n      timeout: options?.timeout ?? DEFAULT_TIMEOUT_MS,\n      retries: options?.retries,\n      retryDelay: options?.retryDelay,\n      retryableFor: options?.retryableFor,\n      headers: options?.headers,\n      tokenProvider: options?.tokenProvider,\n      maxResponseBytes: options?.maxResponseBytes,\n    };\n    this.client = new JsonRpcClient(config);\n  }\n\n  /**\n   * Request the payout/claim/assert transactions that the depositor\n   * needs to pre-sign before the vault can be activated on Bitcoin.\n   */\n  async requestDepositorPresignTransactions(\n    params: RequestDepositorPresignTransactionsParams,\n    signal?: AbortSignal,\n  ): Promise<RequestDepositorPresignTransactionsResponse> {\n    const response = await this.client.call<\n      RequestDepositorPresignTransactionsParams,\n      unknown\n    >(\"vaultProvider_requestDepositorPresignTransactions\", params, signal);\n    validateRequestDepositorPresignTransactionsResponse(response);\n    return response;\n  }\n\n  /**\n   * Submit the depositor's pre-signatures for the payout transactions\n   * and the depositor-as-claimer graph.\n   */\n  async submitDepositorPresignatures(\n    params: SubmitDepositorPresignaturesParams,\n    signal?: AbortSignal,\n  ): Promise<void> {\n    return this.client.call<SubmitDepositorPresignaturesParams, void>(\n      \"vaultProvider_submitDepositorPresignatures\",\n      params,\n      signal,\n    );\n  }\n\n  /**\n   * Submit the depositor's WOTS public key to the vault provider.\n   * Called after the pegin is finalized on Ethereum, when the VP is in\n   * `PendingDepositorWotsPK` status.\n   */\n  async submitDepositorWotsKey(\n    params: SubmitDepositorWotsKeyParams,\n    signal?: AbortSignal,\n  ): Promise<void> {\n    return this.client.call<SubmitDepositorWotsKeyParams, void>(\n      \"vaultProvider_submitDepositorWotsKey\",\n      params,\n      signal,\n    );\n  }\n\n  /**\n   * Request the BaBe DecryptorArtifacts needed for the depositor to\n   * independently evaluate garbled circuits during a challenge.\n   */\n  async requestDepositorClaimerArtifacts(\n    params: RequestDepositorClaimerArtifactsParams,\n    signal?: AbortSignal,\n  ): Promise<RequestDepositorClaimerArtifactsResponse> {\n    const response = await this.client.call<\n      RequestDepositorClaimerArtifactsParams,\n      unknown\n    >(\"vaultProvider_requestDepositorClaimerArtifacts\", params, signal);\n    validateRequestDepositorClaimerArtifactsResponse(response);\n    return response;\n  }\n\n  /** Get the current pegin status from the vault provider daemon. */\n  async getPeginStatus(\n    params: GetPeginStatusParams,\n    signal?: AbortSignal,\n  ): Promise<GetPeginStatusResponse> {\n    const response = await this.client.call<GetPeginStatusParams, unknown>(\n      \"vaultProvider_getPeginStatus\",\n      params,\n      signal,\n    );\n    validateGetPeginStatusResponse(response);\n    return response;\n  }\n\n  /** Get the current pegout status from the vault provider daemon. */\n  async getPegoutStatus(\n    params: GetPegoutStatusParams,\n    signal?: AbortSignal,\n  ): Promise<GetPegoutStatusResponse> {\n    const response = await this.client.call<GetPegoutStatusParams, unknown>(\n      \"vaultProvider_getPegoutStatus\",\n      params,\n      signal,\n    );\n    validateGetPegoutStatusResponse(response);\n    return response;\n  }\n}\n","/**\n * BIP-322 \"simple\" signature verification for P2TR key-path.\n *\n * Mirrors the Rust reference in\n * `btc-vault/crates/btc-signer/src/message.rs::verify_bip322_message`\n * (which delegates to `rust-bitcoin::bip322::verify_simple` for a\n * P2TR key-path-only address with no merkle root).\n *\n * The algorithm:\n *\n *   1. Compute the BIP-322 tagged-hash of the message:\n *        m_hash = SHA256( SHA256(tag) || SHA256(tag) || message )\n *      where tag = \"BIP0322-signed-message\".\n *\n *   2. Build a virtual \"to_spend\" transaction with one input (prevout\n *      all-zero txid + 0xFFFFFFFF vout, scriptSig = `OP_0 PUSH32 m_hash`,\n *      sequence = 0) and one output (value 0, scriptPubKey = P2TR for\n *      the signer's x-only pubkey).\n *\n *   3. Build a \"to_sign\" transaction that spends to_spend[0] and has a\n *      single `OP_RETURN` output (value 0).\n *\n *   4. Compute the BIP-341 taproot sighash of to_sign input 0 with\n *      SIGHASH_DEFAULT (0x00).\n *\n *   5. Verify the 64-byte Schnorr signature against the **tweaked**\n *      output key `Q = P + tap_tweak(P) * G`, where `tap_tweak(P) =\n *      hash_TapTweak(serialize_x_only(P))` (no merkle root — key-path\n *      only).\n *\n * `bitcoinjs-lib` handles (2)–(4); `tiny-secp256k1-asmjs` provides\n * the tweak and Schnorr verify. Pulling in a full BIP-322 library\n * would add a peer dep for what amounts to ~40 lines of glue.\n *\n * @module tbv/core/clients/vault-provider/auth/bip322Verify\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport { payments, Transaction } from \"bitcoinjs-lib\";\n\nimport { Buffer } from \"buffer\";\nimport { sha256 } from \"@noble/hashes/sha2.js\";\n\n/** BIP-322 message tag (BIP-340 tagged-hash style). */\nconst BIP322_TAG = \"BIP0322-signed-message\";\n\n/** BIP-341 taproot-tweak tag. */\nconst TAPTWEAK_TAG = \"TapTweak\";\n\nconst X_ONLY_PUBKEY_SIZE = 32;\nconst SCHNORR_SIG_SIZE = 64;\n\n/**\n * BIP-340 tagged hash: `SHA256( SHA256(tag) || SHA256(tag) || data )`.\n * Used for both BIP-322 message hashing and BIP-341 tap-tweak.\n */\nfunction taggedHash(tag: string, data: Uint8Array): Uint8Array {\n  const tagBytes = new TextEncoder().encode(tag);\n  const tagHash = sha256(tagBytes);\n  const preimage = new Uint8Array(tagHash.length * 2 + data.length);\n  preimage.set(tagHash, 0);\n  preimage.set(tagHash, tagHash.length);\n  preimage.set(data, tagHash.length * 2);\n  return sha256(preimage);\n}\n\n/**\n * Apply BIP-341 taproot tweak to an x-only pubkey with no merkle\n * root (key-path-only address).\n *\n * `tap_tweak = hash_TapTweak(P)`\n * `Q = P + tap_tweak * G` (x-only, even-Y parity)\n *\n * Returns the tweaked 32-byte x-only pubkey, or null if the tweak\n * produces a point-at-infinity or invalid result.\n */\nfunction tweakXOnlyKey(xOnly: Uint8Array): Uint8Array | null {\n  if (xOnly.length !== X_ONLY_PUBKEY_SIZE) return null;\n  const tweak = taggedHash(TAPTWEAK_TAG, xOnly);\n  const tweaked = ecc.xOnlyPointAddTweak(xOnly, tweak);\n  return tweaked ? tweaked.xOnlyPubkey : null;\n}\n\n/**\n * Verify a BIP-322 \"simple\" P2TR key-path signature over an arbitrary\n * byte message.\n *\n * @internal Exposed only so the golden-vector test suite can pin the\n * verifier independently of `verifyServerIdentity`. Production callers\n * should use `verifyServerIdentity` from `./serverIdentity` instead.\n *\n * @param messageBytes - The bytes that were signed (e.g. a CBOR-encoded\n *                       payload). Not pre-hashed; this function applies\n *                       the BIP-322 tagged hash internally.\n * @param xOnlyPubkey  - 32-byte x-only pubkey of the signer (pre-tweak).\n * @param signature    - 64-byte raw Schnorr signature (BIP-340), as\n *                       emitted by a key-path witness with\n *                       SIGHASH_DEFAULT.\n * @returns `true` if the signature verifies against the address\n *          derived from `xOnlyPubkey`; `false` otherwise.\n */\nexport function verifyBip322Simple(\n  messageBytes: Uint8Array,\n  xOnlyPubkey: Uint8Array,\n  signature: Uint8Array,\n): boolean {\n  if (xOnlyPubkey.length !== X_ONLY_PUBKEY_SIZE) return false;\n  if (signature.length !== SCHNORR_SIG_SIZE) return false;\n\n  // Any exception from the underlying crypto libraries (e.g. the\n  // `Expected Point` error `tiny-secp256k1` throws when the supplied\n  // 32 bytes don't represent a valid x-coordinate on secp256k1) is\n  // treated as a verification failure rather than propagated — a\n  // verifier MUST return a boolean, not raise.\n  try {\n    // Step 1: BIP-322 tagged hash of the message.\n    const messageHash = taggedHash(BIP322_TAG, messageBytes);\n\n    // Step 2: scriptPubKey for the signer's P2TR key-path-only address.\n    // bitcoinjs-lib's `payments.p2tr({ internalPubkey })` computes the\n    // tweak and produces the `OP_1 <tweaked_xonly>` output script.\n    const p2tr = payments.p2tr({\n      internalPubkey: Buffer.from(xOnlyPubkey),\n    });\n    if (!p2tr.output) return false;\n    const scriptPubKey = p2tr.output;\n\n    // Step 3: build to_spend virtual tx.\n    //\n    // NOTE: bitcoinjs-lib v6.x's `Transaction.addOutput` and\n    // `hashForWitnessV1` are typed for `Satoshi` (a UInt53 number),\n    // not `bigint`. Passing `BigInt(0)` triggers a typeforce\n    // assertion in `addOutput` (\"Expected property '1' of type\n    // Satoshi, got BigInt 0\") which our outer try/catch silently\n    // turns into `verify -> false`. Use plain `0` everywhere.\n    const ZERO_SATS = 0;\n    const toSpend = new Transaction();\n    toSpend.version = 0;\n    toSpend.locktime = 0;\n    // scriptSig: OP_0 (0x00) + OP_PUSHBYTES_32 (0x20) + message_hash (32B)\n    const scriptSig = Buffer.concat([\n      Buffer.from([0x00, 0x20]),\n      Buffer.from(messageHash),\n    ]);\n    toSpend.addInput(\n      Buffer.alloc(32, 0), // prev_txid = 0x0000...0000\n      0xffffffff,          // prev_vout = 0xFFFFFFFF\n      0,                   // sequence = 0\n      scriptSig,\n    );\n    toSpend.addOutput(scriptPubKey, ZERO_SATS);\n\n    // Step 4: build to_sign virtual tx spending to_spend[0].\n    const toSign = new Transaction();\n    toSign.version = 0;\n    toSign.locktime = 0;\n    // Bitcoin txid in natural-byte (little-endian) form.\n    const toSpendTxid = toSpend.getHash();\n    toSign.addInput(toSpendTxid, 0, 0);\n    toSign.addOutput(Buffer.from([0x6a]), ZERO_SATS); // OP_RETURN\n\n    // Step 5: taproot sighash for to_sign input 0 (SIGHASH_DEFAULT).\n    const sighash = toSign.hashForWitnessV1(\n      0,\n      [scriptPubKey],\n      [ZERO_SATS],\n      Transaction.SIGHASH_DEFAULT,\n    );\n\n    // Step 6: tweak the x-only pubkey (no merkle root) and verify Schnorr.\n    const tweakedXOnly = tweakXOnlyKey(xOnlyPubkey);\n    if (!tweakedXOnly) return false;\n\n    return ecc.verifySchnorr(sighash, tweakedXOnly, signature);\n  } catch {\n    return false;\n  }\n}\n","/**\n * Minimal CBOR encoder for the server-identity payload shape.\n *\n * We only need to encode one specific CBOR structure — the 3-tuple\n * `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey_bytes, expires_at_u64)` —\n * byte-for-byte identical to what the Rust `ciborium` crate produces\n * for the corresponding tuple, because that's the exact message the\n * VP signs with BIP-322.\n *\n * IMPORTANT encoding quirk: the Rust side passes the domain and\n * pubkey as `&[u8]` / `Vec<u8>` without a `#[serde(with = \"serde_bytes\")]`\n * attribute, so serde/ciborium encodes them as **CBOR arrays of u8**\n * (major type 4, one item per byte) — NOT as CBOR byte strings (major\n * type 2). A naive byte-string encoding would produce the wrong bytes\n * and signature verification would fail.\n *\n * Rather than pull in a full CBOR dependency for this one shape, we\n * implement the exact subset inline (~40 LOC) and pin it with golden\n * vectors against the Rust reference output.\n *\n * @module tbv/core/clients/vault-provider/auth/cbor\n */\n\n/**\n * Encode a small CBOR unsigned-integer \"head\" byte for major type\n * `major` (0..7) with argument `arg` (0..2^64-1).\n *\n * Returns the header bytes; the caller concatenates any trailing data\n * (e.g. array elements). Encoding rules:\n *   arg < 24         → single byte `(major << 5) | arg`\n *   arg < 256        → `(major << 5) | 24` + 1-byte arg\n *   arg < 65536      → `(major << 5) | 25` + 2-byte BE arg\n *   arg < 2^32       → `(major << 5) | 26` + 4-byte BE arg\n *   arg < 2^64       → `(major << 5) | 27` + 8-byte BE arg\n */\nfunction cborHead(major: number, arg: number | bigint): Uint8Array {\n  const tag = (major & 0x07) << 5;\n  const n = typeof arg === \"bigint\" ? arg : BigInt(arg);\n  if (n < 0n) throw new Error(\"cborHead: negative argument\");\n\n  if (n < 24n) return new Uint8Array([tag | Number(n)]);\n  if (n < 0x100n) return new Uint8Array([tag | 24, Number(n)]);\n  if (n < 0x10000n) {\n    const v = Number(n);\n    return new Uint8Array([tag | 25, (v >>> 8) & 0xff, v & 0xff]);\n  }\n  if (n < 0x1_0000_0000n) {\n    const v = Number(n);\n    return new Uint8Array([\n      tag | 26,\n      (v >>> 24) & 0xff,\n      (v >>> 16) & 0xff,\n      (v >>> 8) & 0xff,\n      v & 0xff,\n    ]);\n  }\n  // 8-byte BE for u64 range\n  const out = new Uint8Array(9);\n  out[0] = tag | 27;\n  for (let i = 7; i >= 0; i--) {\n    out[1 + i] = Number(n >> BigInt((7 - i) * 8)) & 0xff;\n  }\n  return out;\n}\n\nfunction concat(...parts: Uint8Array[]): Uint8Array {\n  const total = parts.reduce((s, p) => s + p.length, 0);\n  const out = new Uint8Array(total);\n  let offset = 0;\n  for (const p of parts) {\n    out.set(p, offset);\n    offset += p.length;\n  }\n  return out;\n}\n\n/**\n * Encode a `Vec<u8>` / `&[u8]` the way ciborium does by default — as a\n * CBOR array of u8 (major type 4), one element per byte.\n *\n * Each byte becomes a CBOR unsigned integer (major type 0): bytes\n * < 24 are encoded as single bytes, bytes 24..255 as `0x18 XX`.\n */\nfunction encodeBytesAsArrayOfU8(bytes: Uint8Array): Uint8Array {\n  const header = cborHead(4, bytes.length);\n  const items: Uint8Array[] = [header];\n  for (const b of bytes) {\n    items.push(cborHead(0, b));\n  }\n  return concat(...items);\n}\n\n/**\n * Encode the server-identity payload the Rust side signs:\n *\n *     ciborium::into_writer(\n *       &(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey.serialize().to_vec(), expires_at),\n *       buf\n *     )\n *\n * Output bytes are byte-for-byte identical to the Rust reference,\n * pinned by the golden vector in the corresponding test file.\n *\n * @internal Exposed only for the golden-vector test that pins this\n * encoding against ciborium's output. Production callers reach this\n * via `verifyServerIdentity` from `./serverIdentity`.\n *\n * @param domain - Must be `\"btc-auth.server-identity.v1\"` (27 bytes)\n *                 — the constant from btc-vault's `server_identity.rs`.\n * @param ephemeralPubkeyCompressed - 33-byte SEC1-compressed pubkey.\n * @param expiresAt - Unix timestamp (seconds). Must be a safe integer.\n */\nexport function encodeServerIdentityPayload(\n  domain: Uint8Array,\n  ephemeralPubkeyCompressed: Uint8Array,\n  expiresAt: number,\n): Uint8Array {\n  if (!Number.isSafeInteger(expiresAt) || expiresAt < 0) {\n    throw new Error(\n      `encodeServerIdentityPayload: expires_at must be a non-negative safe integer, got ${expiresAt}`,\n    );\n  }\n  const arrayHeader = cborHead(4, 3); // 3-tuple encoded as array of 3\n  const domainBytes = encodeBytesAsArrayOfU8(domain);\n  const pubkeyBytes = encodeBytesAsArrayOfU8(ephemeralPubkeyCompressed);\n  const expiresAtBytes = cborHead(0, expiresAt);\n  return concat(arrayHeader, domainBytes, pubkeyBytes, expiresAtBytes);\n}\n","/**\n * Server-identity verification for the vault provider's\n * `auth_createDepositorToken` response.\n *\n * The VP returns a `ServerIdentityResponse` bundled with every issued\n * token:\n *\n *   - `server_pubkey`:    VP's persistent x-only pubkey (HEX, 32B)\n *   - `ephemeral_pubkey`: VP's ephemeral token-signing key (HEX, 33B compressed)\n *   - `expires_at`:       Unix timestamp when the ephemeral key expires\n *   - `signature`:        BIP-322 signature by the persistent key over\n *                         `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey, expires_at)`\n *\n * The FE pins `server_pubkey` against the on-chain `VaultProvider.btcPubKey`\n * it reads from the registry contract. A mismatch rejects the token.\n *\n * @module tbv/core/clients/vault-provider/auth/serverIdentity\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\n\nimport {\n  COMPRESSED_PUBKEY_HEX_LEN,\n  SCHNORR_SIG_HEX_LEN,\n  stripHexPrefix,\n  X_ONLY_PUBKEY_HEX_LEN,\n} from \"../../../primitives/utils/bitcoin\";\nimport { HEX_RE } from \"../../../utils/validation\";\n\nimport { verifyBip322Simple } from \"./bip322Verify\";\nimport { encodeServerIdentityPayload } from \"./cbor\";\n\n/**\n * Byte-string domain the btc-vault Rust reference passes as the first\n * element of the CBOR tuple signed over for server-identity proofs.\n * Must match `SERVER_IDENTITY_DOMAIN` in\n * `btc-vault/crates/btc-auth/src/server_identity.rs`.\n */\nconst SERVER_IDENTITY_DOMAIN = new TextEncoder().encode(\n  \"btc-auth.server-identity.v1\",\n);\n\n/**\n * Wire representation from btc-vault's `ServerIdentityResponse`.\n */\nexport interface ServerIdentityResponse {\n  /** Hex-encoded x-only (32-byte) persistent server pubkey. */\n  server_pubkey: string;\n  /** Hex-encoded compressed (33-byte) ephemeral token-signing pubkey. */\n  ephemeral_pubkey: string;\n  /** Unix timestamp at which the ephemeral key expires. */\n  expires_at: number;\n  /** Hex-encoded 64-byte BIP-322 Schnorr signature. */\n  signature: string;\n}\n\nexport interface VerifyServerIdentityInput {\n  /** The proof returned by `auth_createDepositorToken`. */\n  proof: ServerIdentityResponse;\n  /**\n   * The x-only persistent server pubkey the FE expects (sourced from\n   * the on-chain `VaultProvider.btcPubKey` via the vault registry\n   * reader). 64-char lowercase hex, no `0x` prefix.\n   */\n  pinnedServerPubkey: string;\n  /** Current Unix timestamp in seconds. Injected for testability. */\n  now: number;\n}\n\nexport class ServerIdentityError extends Error {\n  constructor(\n    message: string,\n    public readonly reason:\n      | \"pinned_pubkey_mismatch\"\n      | \"expired\"\n      | \"invalid_expires_at\"\n      | \"invalid_pubkey_encoding\"\n      | \"invalid_ephemeral_pubkey\"\n      | \"invalid_signature_encoding\"\n      | \"signature_verification_failed\",\n  ) {\n    super(message);\n    this.name = \"ServerIdentityError\";\n  }\n}\n\n/** Parse a lowercase-hex string to bytes. Expects even length, already validated. */\nfunction hexToBytes(hex: string): Uint8Array {\n  const out = new Uint8Array(hex.length / 2);\n  for (let i = 0; i < out.length; i++) {\n    out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);\n  }\n  return out;\n}\n\n\n/**\n * Verify a server identity proof against a pinned server pubkey.\n *\n * Checks:\n *   1. `server_pubkey` matches the pin.\n *   2. `expires_at > now` (with integer guards).\n *   3. `ephemeral_pubkey` is a well-formed 33-byte compressed pubkey.\n *   4. `signature` is a well-formed 64-byte Schnorr hex string.\n *   5. The BIP-322 Schnorr signature cryptographically verifies\n *      against `server_pubkey` over the CBOR-encoded tuple\n *      `(SERVER_IDENTITY_DOMAIN, ephemeral_pubkey, expires_at)`.\n *\n * Step 5 is what actually binds the ephemeral key to the persistent\n * pubkey — without it, a TLS-MITM attacker who reads the pinned\n * pubkey from the on-chain registry could substitute an arbitrary\n * ephemeral pubkey paired with any lexically-valid signature.\n *\n * @throws ServerIdentityError on any validation failure.\n */\nexport function verifyServerIdentity(input: VerifyServerIdentityInput): void {\n  const { proof, pinnedServerPubkey, now } = input;\n\n  const pinned = stripHexPrefix(pinnedServerPubkey).toLowerCase();\n  if (pinned.length !== X_ONLY_PUBKEY_HEX_LEN || !HEX_RE.test(pinned)) {\n    throw new ServerIdentityError(\n      `pinnedServerPubkey must be 32-byte hex; got ${pinned.length} chars`,\n      \"invalid_pubkey_encoding\",\n    );\n  }\n\n  const actual = stripHexPrefix(proof.server_pubkey).toLowerCase();\n  if (actual.length !== X_ONLY_PUBKEY_HEX_LEN || !HEX_RE.test(actual)) {\n    throw new ServerIdentityError(\n      `server_pubkey must be 32-byte hex; got ${actual.length} chars`,\n      \"invalid_pubkey_encoding\",\n    );\n  }\n\n  if (actual !== pinned) {\n    throw new ServerIdentityError(\n      `server_pubkey does not match pinned value: expected ${pinned}, got ${actual}`,\n      \"pinned_pubkey_mismatch\",\n    );\n  }\n\n  // Validate both sides of the comparison are well-formed integers\n  // BEFORE comparing — untrusted JSON-RPC input can supply\n  // undefined/NaN/string values for `expires_at`, and relational\n  // comparisons with those silently evaluate to `false` (accepting the\n  // proof). Caller's `now` is injected but we still sanity-check it.\n  // Garbage data and \"valid but past\" both render the proof unusable\n  // but mean different things to a caller — keep the reasons distinct.\n  if (!Number.isSafeInteger(proof.expires_at)) {\n    throw new ServerIdentityError(\n      `expires_at must be a finite integer; got ${JSON.stringify(proof.expires_at)}`,\n      \"invalid_expires_at\",\n    );\n  }\n  if (!Number.isSafeInteger(now)) {\n    throw new ServerIdentityError(\n      `now must be a finite integer; got ${JSON.stringify(now)}`,\n      \"invalid_expires_at\",\n    );\n  }\n  if (proof.expires_at <= now) {\n    throw new ServerIdentityError(\n      `server identity proof expired at ${proof.expires_at}, now ${now}`,\n      \"expired\",\n    );\n  }\n\n  const eph = stripHexPrefix(proof.ephemeral_pubkey).toLowerCase();\n  if (eph.length !== COMPRESSED_PUBKEY_HEX_LEN || !HEX_RE.test(eph)) {\n    throw new ServerIdentityError(\n      `ephemeral_pubkey must be 33-byte compressed hex; got ${eph.length} chars`,\n      \"invalid_ephemeral_pubkey\",\n    );\n  }\n  const prefix = eph.slice(0, 2);\n  if (prefix !== \"02\" && prefix !== \"03\") {\n    throw new ServerIdentityError(\n      `ephemeral_pubkey must be compressed (prefix 02/03); got ${prefix}`,\n      \"invalid_ephemeral_pubkey\",\n    );\n  }\n  // Curve validation. The BIP-322 signature attests to the byte string\n  // of `ephemeral_pubkey` only, not to its curve validity. Without\n  // this check, a server could sign a structurally-valid byte string\n  // that doesn't decode to a secp256k1 point — passing verification\n  // here and surfacing as an obscure crypto error later when the\n  // depositor tries to use the key. Reject up front.\n  const ephBytes = hexToBytes(eph);\n  if (!ecc.isPoint(ephBytes)) {\n    throw new ServerIdentityError(\n      \"ephemeral_pubkey is not a valid secp256k1 point\",\n      \"invalid_ephemeral_pubkey\",\n    );\n  }\n\n  const sig = stripHexPrefix(proof.signature).toLowerCase();\n  if (sig.length !== SCHNORR_SIG_HEX_LEN || !HEX_RE.test(sig)) {\n    throw new ServerIdentityError(\n      `signature must be 64-byte Schnorr hex; got ${sig.length} chars`,\n      \"invalid_signature_encoding\",\n    );\n  }\n\n  // Cryptographic verification of the BIP-322 signature over the\n  // CBOR-encoded payload. Without this, the ephemeral-key binding is\n  // unenforced and a TLS-MITM could substitute a fake ephemeral key\n  // alongside the real (publicly-readable) pinned pubkey.\n  const payload = encodeServerIdentityPayload(\n    SERVER_IDENTITY_DOMAIN,\n    hexToBytes(eph),\n    proof.expires_at,\n  );\n  const verified = verifyBip322Simple(payload, hexToBytes(actual), hexToBytes(sig));\n  if (!verified) {\n    throw new ServerIdentityError(\n      \"BIP-322 signature verification failed — ephemeral key is not attested by pinned server pubkey\",\n      \"signature_verification_failed\",\n    );\n  }\n}\n","/**\n * VP RPC methods that require `Authorization: Bearer <token>`.\n * Protocol invariant — must be kept in sync with the VP server.\n *\n * @stability frozen\n *\n * @module tbv/core/clients/vault-provider/auth/gatedMethods\n */\n\nexport const AUTH_GATED_METHODS: ReadonlySet<string> = new Set([\n  \"vaultProvider_submitDepositorWotsKey\",\n  \"vaultProvider_submitDepositorPresignatures\",\n  \"vaultProvider_requestDepositorPresignTransactions\",\n]);\n","/**\n * Shared internals for the unauthenticated token-issuing JSON-RPC\n * client. The \"inner\" client is dedicated to `auth_createDepositorToken`\n * — it MUST NOT carry a `tokenProvider`, else the JSON-RPC header\n * builder would recurse into token acquisition.\n *\n * @module tbv/core/clients/vault-provider/auth/innerTokenClient\n */\n\nimport { JsonRpcClient } from \"../json-rpc-client\";\n\nconst TOKEN_RPC_TIMEOUT_MS = 60_000;\n\nexport const TOKEN_ISSUE_METHOD = \"auth_createDepositorToken\";\n\nexport function buildInnerTokenClient(\n  baseUrl: string,\n  headers?: Record<string, string>,\n): JsonRpcClient {\n  return new JsonRpcClient({\n    baseUrl,\n    timeout: TOKEN_RPC_TIMEOUT_MS,\n    headers,\n    retryableFor: (method) => method === TOKEN_ISSUE_METHOD,\n  });\n}\n","/**\n * `VpTokenProvider` — caches CWT bearer tokens issued by the vault\n * provider's `auth_createDepositorToken` RPC, with lazy expiry check\n * and single-flight concurrent acquire.\n *\n * Usage:\n *\n * ```ts\n * const provider = new VpTokenProvider({\n *   client,\n *   peginTxid,\n *   authAnchorHex,\n *   pinnedServerPubkey,\n *   authGatedMethods,\n * });\n * const bearer = await provider.getToken(method); // null if not gated\n * ```\n *\n * The provider implements the `BearerTokenProvider` interface expected\n * by `JsonRpcClient`. Plug directly:\n *\n * ```ts\n * const client = new JsonRpcClient({ ..., tokenProvider: provider });\n * ```\n *\n * @module tbv/core/clients/vault-provider/auth/tokenProvider\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport type { BearerTokenProvider, JsonRpcClient } from \"../json-rpc-client\";\nimport { TOKEN_ISSUE_METHOD } from \"./innerTokenClient\";\nimport {\n  type ServerIdentityResponse,\n  verifyServerIdentity,\n} from \"./serverIdentity\";\n\n/**\n * Maximum reasonable `expires_at` value (seconds since epoch). Guards\n * against a bogus far-future timestamp that would lock the cache on a\n * bad token forever. Jan 1, 2100 in Unix seconds.\n */\nconst MAX_EXPIRES_AT_SECS = 4_102_444_800;\n\n/**\n * Default safety margin before `expires_at` — we treat a token as\n * expired this many seconds before its stated expiry so that in-flight\n * requests don't race the expiry boundary.\n */\nconst DEFAULT_REFRESH_SKEW_SECS = 30;\n\n/**\n * Wire response shape of `auth_createDepositorToken`.\n */\nexport interface CreateDepositorTokenResponse {\n  /** Base64url-encoded COSE Sign1 CWT bearer token. */\n  token: string;\n  /** Unix timestamp at which the token expires. */\n  expires_at: number;\n  /** Server identity proof bundled with every token response. */\n  server_identity: ServerIdentityResponse;\n}\n\nexport interface VpTokenProviderConfig {\n  client: JsonRpcClient;\n  /** Per-vault depositor-signed PegIn tx id. NOT shared across sibling vaults in a batch. */\n  peginTxid: string;\n  /** 64-char hex of the 32-byte OP_RETURN auth-anchor preimage. */\n  authAnchorHex: string;\n  /** Pinned VP pubkey from the on-chain registry; branded so indexer mirrors can't substitute. */\n  pinnedServerPubkey: OnChainBtcPubkey;\n  /** Methods that require a bearer; `getToken` returns `null` for anything outside this set. */\n  authGatedMethods: ReadonlySet<string>;\n  /** Default {@link DEFAULT_REFRESH_SKEW_SECS}. */\n  refreshSkewSecs?: number;\n  /** Clock source for testability. */\n  now?: () => number;\n}\n\ninterface CachedToken {\n  token: string;\n  expiresAt: number;\n}\n\n/**\n * Acquire, cache, and refresh VP bearer tokens.\n *\n * Implements {@link BearerTokenProvider}. Safe to pass directly into\n * `JsonRpcClient` as `tokenProvider`.\n */\nexport class VpTokenProvider implements BearerTokenProvider {\n  // `client` is the only mutable field — see `setClient`. The\n  // identity-bearing fields (peginTxid/authAnchorHex/pinnedServerPubkey)\n  // remain readonly and are checked against re-registration in the\n  // registry's `getOrCreate`.\n  private client: JsonRpcClient;\n  private readonly peginTxid: string;\n  private readonly authAnchorHex: string;\n  private readonly pinnedServerPubkey: OnChainBtcPubkey;\n  private readonly authGatedMethods: ReadonlySet<string>;\n  private readonly refreshSkewSecs: number;\n  private readonly now: () => number;\n\n  private cached: CachedToken | null = null;\n  private inFlight: Promise<CachedToken> | null = null;\n\n  constructor(config: VpTokenProviderConfig) {\n    this.client = config.client;\n    this.peginTxid = config.peginTxid;\n    this.authAnchorHex = config.authAnchorHex;\n    this.pinnedServerPubkey = config.pinnedServerPubkey;\n    this.authGatedMethods = config.authGatedMethods;\n    this.refreshSkewSecs = config.refreshSkewSecs ?? DEFAULT_REFRESH_SKEW_SECS;\n    this.now = config.now ?? (() => Math.floor(Date.now() / 1000));\n  }\n\n  /**\n   * Return a bearer token for `method`, or `null` if `method` is not\n   * auth-gated. Triggers a token acquisition if no token is cached or\n   * the cached token is within {@link refreshSkewSecs} of expiry.\n   *\n   * The token-issuing method itself is hard-exempted from the gate —\n   * if `auth_createDepositorToken` were ever included in\n   * `authGatedMethods` (caller misconfiguration) the provider would\n   * recurse into `acquireSingleFlight` from inside the JSON-RPC header\n   * builder before `inFlight` is assigned, defeating the single-flight\n   * guard. Returning `null` here breaks that recursion deterministically.\n   */\n  async getToken(method: string): Promise<string | null> {\n    if (method === TOKEN_ISSUE_METHOD) return null;\n    if (!this.authGatedMethods.has(method)) return null;\n\n    const cached = this.cached;\n    if (cached && this.now() + this.refreshSkewSecs < cached.expiresAt) {\n      return cached.token;\n    }\n\n    const fresh = await this.acquireSingleFlight();\n    return fresh.token;\n  }\n\n  /**\n   * Drop the cached token. Next `getToken` call re-acquires.\n   * Called by `JsonRpcClient` on wire `auth_expired` responses.\n   */\n  invalidate(): void {\n    this.cached = null;\n    // Do NOT clear `inFlight` — a concurrent acquire is still valid;\n    // the invalidator is saying \"the cached token is bad\", not \"any\n    // in-flight acquire is bad\". The in-flight acquire will populate\n    // a fresh `cached` on completion.\n  }\n\n  /**\n   * Swap in a different transport for subsequent token-issuing calls.\n   * Used by the registry when a later caller registers the same\n   * `peginTxid` against a different `baseUrl` — the cached token\n   * (bound to identity, not transport) stays valid, but future\n   * refreshes hit the new URL. An in-flight acquire keeps using the\n   * old client (it captured the reference); next call uses the new.\n   */\n  setClient(client: JsonRpcClient): void {\n    this.client = client;\n  }\n\n  private acquireSingleFlight(): Promise<CachedToken> {\n    const existing = this.inFlight;\n    if (existing) return existing;\n\n    const p = (async () => {\n      try {\n        const response = await this.client.call<\n          { pegin_txid: string; auth_anchor: string },\n          CreateDepositorTokenResponse\n        >(TOKEN_ISSUE_METHOD, {\n          pegin_txid: this.peginTxid,\n          auth_anchor: this.authAnchorHex,\n        });\n\n        verifyServerIdentity({\n          proof: response.server_identity,\n          pinnedServerPubkey: this.pinnedServerPubkey,\n          now: this.now(),\n        });\n\n        // Validate wire payload before caching so a malformed response\n        // from a compromised VP or proxy can't poison the cache with\n        // unusable values (non-string token, non-integer expiry, etc.).\n        if (typeof response.token !== \"string\" || response.token.length === 0) {\n          throw new Error(\n            `VpTokenProvider: invalid token in acquire response (expected non-empty string, got ${typeof response.token})`,\n          );\n        }\n        const now = this.now();\n        if (\n          !Number.isSafeInteger(response.expires_at) ||\n          response.expires_at <= now ||\n          response.expires_at > MAX_EXPIRES_AT_SECS\n        ) {\n          throw new Error(\n            `VpTokenProvider: invalid expires_at in acquire response (got ${JSON.stringify(response.expires_at)}; must be a safe integer in (${now}, ${MAX_EXPIRES_AT_SECS}])`,\n          );\n        }\n\n        const fresh: CachedToken = {\n          token: response.token,\n          expiresAt: response.expires_at,\n        };\n        this.cached = fresh;\n        return fresh;\n      } finally {\n        this.inFlight = null;\n      }\n    })();\n\n    this.inFlight = p;\n    return p;\n  }\n}\n","/**\n * In-memory registry of {@link VpTokenProvider} instances keyed by\n * the per-vault depositor-signed PegIn tx hash. Module-level\n * singleton, per-tab, never persisted.\n *\n * @module tbv/core/clients/vault-provider/auth/tokenRegistry\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport type { JsonRpcClient } from \"../json-rpc-client\";\n\nimport { AUTH_GATED_METHODS } from \"./gatedMethods\";\nimport { VpTokenProvider } from \"./tokenProvider\";\n\nexport interface VpTokenRegistryInput {\n  client: JsonRpcClient;\n  peginTxid: string;\n  authAnchorHex: string;\n  pinnedServerPubkey: OnChainBtcPubkey;\n}\n\ninterface RegistryEntry {\n  provider: VpTokenProvider;\n  authAnchorHex: string;\n  pinnedServerPubkey: OnChainBtcPubkey;\n}\n\nexport class VpTokenRegistry {\n  private readonly entries = new Map<string, RegistryEntry>();\n\n  /**\n   * Return the cached `VpTokenProvider` for `peginTxid` if one exists\n   * with matching `authAnchorHex` and `pinnedServerPubkey`, otherwise\n   * construct and cache a fresh provider. A mismatch on either field\n   * throws — silent overwrite would mask derivation drift or VP\n   * pubkey rotation.\n   */\n  getOrCreate(input: VpTokenRegistryInput): VpTokenProvider {\n    const existing = this.entries.get(input.peginTxid);\n    if (existing) {\n      if (existing.authAnchorHex !== input.authAnchorHex) {\n        throw new Error(\n          `VpTokenRegistry: peginTxid ${input.peginTxid} already bound to authAnchorHex ${existing.authAnchorHex.slice(0, 8)}…; got ${input.authAnchorHex.slice(0, 8)}…`,\n        );\n      }\n      if (existing.pinnedServerPubkey !== input.pinnedServerPubkey) {\n        throw new Error(\n          `VpTokenRegistry: peginTxid ${input.peginTxid} already bound to pinnedServerPubkey ${existing.pinnedServerPubkey.slice(0, 8)}…; got ${input.pinnedServerPubkey.slice(0, 8)}…`,\n        );\n      }\n      // Refresh the inner transport on every reuse so a VP URL\n      // change between calls doesn't leave the cached provider\n      // pinned to a dead URL for token refresh.\n      existing.provider.setClient(input.client);\n      return existing.provider;\n    }\n\n    const provider = new VpTokenProvider({\n      client: input.client,\n      peginTxid: input.peginTxid,\n      authAnchorHex: input.authAnchorHex,\n      pinnedServerPubkey: input.pinnedServerPubkey,\n      authGatedMethods: AUTH_GATED_METHODS,\n    });\n    this.entries.set(input.peginTxid, {\n      provider,\n      authAnchorHex: input.authAnchorHex,\n      pinnedServerPubkey: input.pinnedServerPubkey,\n    });\n    return provider;\n  }\n\n  /** Return the cached provider, or `undefined` if none. */\n  peek(peginTxid: string): VpTokenProvider | undefined {\n    return this.entries.get(peginTxid)?.provider;\n  }\n\n  /**\n   * Evict the entry for `peginTxid`. Idempotent. Called on terminal\n   * paths — activation success, user-cancel, or component unmount —\n   * so `authAnchorHex` doesn't outlive the deposit session.\n   */\n  release(peginTxid: string): void {\n    this.entries.delete(peginTxid);\n  }\n\n  /**\n   * Wipe every cached entry. Test-only escape hatch — not exposed on\n   * the public {@link VpTokenRegistryPublic} singleton type.\n   *\n   * @internal\n   */\n  clear(): void {\n    this.entries.clear();\n  }\n\n  get size(): number {\n    return this.entries.size;\n  }\n}\n\n/**\n * Public surface of the singleton — excludes the test-only `clear`\n * method.\n */\nexport interface VpTokenRegistryPublic {\n  getOrCreate(input: VpTokenRegistryInput): VpTokenProvider;\n  peek(peginTxid: string): VpTokenProvider | undefined;\n  release(peginTxid: string): void;\n  readonly size: number;\n}\n\nexport const vpTokenRegistry: VpTokenRegistryPublic = new VpTokenRegistry();\n","/**\n * Build a {@link VaultProviderRpcClient} that auto-attaches CWT\n * bearer tokens on auth-gated methods. Caller pre-derives both the\n * `authAnchorHex` (from the wallet) and the `pinnedServerPubkey`\n * (from the on-chain registry) and hands them in — the SDK has no\n * notion of wallets here.\n *\n * @module tbv/core/clients/vault-provider/auth/createAuthenticatedVpClient\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\nimport {\n  VaultProviderRpcClient,\n  type VaultProviderRpcClientOptions,\n} from \"../api\";\n\nimport { buildInnerTokenClient } from \"./innerTokenClient\";\nimport { vpTokenRegistry } from \"./tokenRegistry\";\n\nexport interface AuthenticatedVpClientConfig {\n  /** Base URL of the VP RPC endpoint (already proxied if applicable). */\n  baseUrl: string;\n  /** Per-vault depositor-signed PegIn tx id (registry cache key). */\n  peginTxid: string;\n  /** Already-derived 32-byte auth-anchor preimage (64-char hex, no `0x`). */\n  authAnchorHex: string;\n  /** On-chain VP pubkey, branded so it can only come from the registry reader. */\n  pinnedServerPubkey: OnChainBtcPubkey;\n  /** Optional outer-client tunables (timeout, retries, headers, etc.). */\n  options?: VaultProviderRpcClientOptions;\n}\n\nexport function createAuthenticatedVpClient(\n  config: AuthenticatedVpClientConfig,\n): VaultProviderRpcClient {\n  const innerTokenClient = buildInnerTokenClient(\n    config.baseUrl,\n    config.options?.headers,\n  );\n\n  const tokenProvider = vpTokenRegistry.getOrCreate({\n    client: innerTokenClient,\n    peginTxid: config.peginTxid,\n    authAnchorHex: config.authAnchorHex,\n    pinnedServerPubkey: config.pinnedServerPubkey,\n  });\n\n  return new VaultProviderRpcClient(config.baseUrl, {\n    ...config.options,\n    tokenProvider,\n  });\n}\n","/**\n * Pre-populate {@link vpTokenRegistry} when the caller already has\n * both the auth-anchor preimage and the on-chain VP pubkey. Seeds\n * the cache for a `peginTxid` so a later `createAuthenticatedVpClient`\n * call reuses the cached `VpTokenProvider` instead of rebuilding it.\n *\n * @module tbv/core/clients/vault-provider/auth/primeVpAuth\n */\n\nimport type { OnChainBtcPubkey } from \"../../eth/types\";\n\nimport { buildInnerTokenClient } from \"./innerTokenClient\";\nimport { vpTokenRegistry } from \"./tokenRegistry\";\n\nexport interface PrimeVpAuthInput {\n  baseUrl: string;\n  peginTxid: string;\n  authAnchorHex: string;\n  pinnedServerPubkey: OnChainBtcPubkey;\n  /** Optional headers forwarded to the inner token client (e.g. gateway auth). */\n  headers?: Record<string, string>;\n}\n\nexport function primeVpTokenRegistry(input: PrimeVpAuthInput): void {\n  vpTokenRegistry.getOrCreate({\n    client: buildInnerTokenClient(input.baseUrl, input.headers),\n    peginTxid: input.peginTxid,\n    authAnchorHex: input.authAnchorHex,\n    pinnedServerPubkey: input.pinnedServerPubkey,\n  });\n}\n","/**\n * Contract Address Resolver\n *\n * Resolves ProtocolParams and ApplicationRegistry contract addresses\n * from the BTCVaultRegistry contract. These addresses are needed to\n * construct the SDK's contract readers.\n *\n * @module clients/eth/contract-address-resolver\n */\n\nimport type { Address, PublicClient } from \"viem\";\n\nimport { BTCVaultRegistryABI } from \"../../contracts/abis/BTCVaultRegistry.abi\";\n\nexport interface ProtocolAddresses {\n  /** Address of the ProtocolParams contract */\n  protocolParams: Address;\n  /** Address of the ApplicationRegistry contract */\n  applicationRegistry: Address;\n}\n\n/**\n * Resolve ProtocolParams and ApplicationRegistry addresses from BTCVaultRegistry.\n *\n * Uses a single multicall for atomicity and efficiency.\n *\n * @param publicClient - viem PublicClient instance\n * @param btcVaultRegistryAddress - Address of the BTCVaultRegistry contract\n * @returns Resolved contract addresses\n */\nexport async function resolveProtocolAddresses(\n  publicClient: PublicClient,\n  btcVaultRegistryAddress: Address,\n): Promise<ProtocolAddresses> {\n  const [protocolParams, applicationRegistry] = await publicClient.multicall({\n    contracts: [\n      {\n        address: btcVaultRegistryAddress,\n        abi: BTCVaultRegistryABI,\n        functionName: \"protocolParams\",\n      },\n      {\n        address: btcVaultRegistryAddress,\n        abi: BTCVaultRegistryABI,\n        functionName: \"applicationRegistry\",\n      },\n    ],\n    allowFailure: false,\n  });\n\n  return {\n    protocolParams: protocolParams as Address,\n    applicationRegistry: applicationRegistry as Address,\n  };\n}\n","/**\n * Concrete ProtocolParams reader using viem's readContract and multicall.\n *\n * This is an optional utility — callers can use their own implementation\n * of the ProtocolParamsReader interface.\n */\n\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { ProtocolParamsABI } from \"../../contracts/abis/ProtocolParams.abi\";\nimport type {\n  PegInConfiguration,\n  ProtocolParamsReader,\n  TBVProtocolParams,\n  VersionedOffchainParams,\n} from \"./types\";\n\n/**\n * Maximum value for a Solidity uint16.\n * PeginLogic.sol casts timelockAssert to uint16, so values above this are invalid.\n */\nconst UINT16_MAX = 65535;\n\n/**\n * Raw shape viem returns for VersionedOffchainParams struct.\n * viem resolves ABI struct outputs to named objects (not tuples).\n */\ninterface RawOffchainParams {\n  timelockAssert: bigint;\n  timelockChallengeAssert: bigint;\n  securityCouncilKeys: readonly Hex[];\n  councilQuorum: number;\n  feeRate: bigint;\n  babeTotalInstances: number;\n  babeInstancesToFinalize: number;\n  minVpCommissionBps: number;\n  tRefund: number;\n  tStale: number;\n  minPeginFeeRate: bigint;\n  proverProgramVersion: number;\n  minPrepeginDepth: number;\n}\n\n/** Raw shape viem returns for TBVProtocolParams struct. */\ninterface RawTBVParams {\n  minimumPegInAmount: bigint;\n  maxPegInAmount: bigint;\n  pegInAckTimeout: bigint;\n  pegInActivationTimeout: bigint;\n  maxHtlcOutputCount: number;\n}\n\n/** Map viem struct result to VersionedOffchainParams. */\nfunction mapOffchainParams(result: RawOffchainParams): VersionedOffchainParams {\n  return {\n    timelockAssert: result.timelockAssert,\n    timelockChallengeAssert: result.timelockChallengeAssert,\n    securityCouncilKeys: [...result.securityCouncilKeys],\n    councilQuorum: result.councilQuorum,\n    feeRate: result.feeRate,\n    babeTotalInstances: result.babeTotalInstances,\n    babeInstancesToFinalize: result.babeInstancesToFinalize,\n    minVpCommissionBps: result.minVpCommissionBps,\n    tRefund: result.tRefund,\n    tStale: result.tStale,\n    minPeginFeeRate: result.minPeginFeeRate,\n    proverProgramVersion: result.proverProgramVersion,\n    minPrepeginDepth: result.minPrepeginDepth,\n  };\n}\n\n/** Map viem struct result to TBVProtocolParams. */\nfunction mapTBVParams(result: RawTBVParams): TBVProtocolParams {\n  return {\n    minimumPegInAmount: result.minimumPegInAmount,\n    maxPegInAmount: result.maxPegInAmount,\n    pegInAckTimeout: result.pegInAckTimeout,\n    pegInActivationTimeout: result.pegInActivationTimeout,\n    maxHtlcOutputCount: result.maxHtlcOutputCount,\n  };\n}\n\n/**\n * Derive timelockPegin from timelockAssert.\n *\n * Matches PeginLogic.sol: `uint16(timelockAssert)`.\n * The contract validates `timelockAssert <= type(uint16).max` on write,\n * but we enforce the same bound here to reject invalid values early\n * rather than silently truncating.\n *\n * @throws if timelockAssert exceeds uint16 max (65535)\n */\nfunction deriveTimelockPegin(timelockAssert: bigint): number {\n  if (timelockAssert > BigInt(UINT16_MAX)) {\n    throw new Error(\n      `timelockAssert value ${timelockAssert} exceeds uint16 max (${UINT16_MAX})`,\n    );\n  }\n  return Number(timelockAssert);\n}\n\n/**\n * Concrete protocol params reader using viem.\n *\n * Usage:\n * ```ts\n * const reader = new ViemProtocolParamsReader(publicClient, protocolParamsAddress);\n * const config = await reader.getPegInConfiguration();\n * ```\n */\nexport class ViemProtocolParamsReader implements ProtocolParamsReader {\n  constructor(\n    private publicClient: PublicClient,\n    private contractAddress: Address,\n  ) {}\n\n  async getTBVProtocolParams(): Promise<TBVProtocolParams> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ProtocolParamsABI,\n      functionName: \"getTBVProtocolParams\",\n    })) as RawTBVParams;\n\n    return mapTBVParams(result);\n  }\n\n  async getLatestOffchainParams(): Promise<VersionedOffchainParams> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ProtocolParamsABI,\n      functionName: \"getLatestOffchainParams\",\n    })) as RawOffchainParams;\n\n    return mapOffchainParams(result);\n  }\n\n  async getOffchainParamsByVersion(\n    version: number,\n  ): Promise<VersionedOffchainParams> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ProtocolParamsABI,\n      functionName: \"getOffchainParamsByVersion\",\n      args: [version],\n    })) as RawOffchainParams;\n\n    return mapOffchainParams(result);\n  }\n\n  async getLatestOffchainParamsVersion(): Promise<number> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ProtocolParamsABI,\n      functionName: \"latestOffchainParamsVersion\",\n    })) as number;\n\n    return result;\n  }\n\n  async getTimelockPeginByVersion(version: number): Promise<number> {\n    const params = await this.getOffchainParamsByVersion(version);\n    return deriveTimelockPegin(params.timelockAssert);\n  }\n\n  /**\n   * Read TBV protocol params and latest offchain params atomically via multicall.\n   * Prevents TOCTOU inconsistency if governance updates params between reads.\n   */\n  async getPegInConfiguration(): Promise<PegInConfiguration> {\n    const results = await this.publicClient.multicall({\n      contracts: [\n        {\n          address: this.contractAddress,\n          abi: ProtocolParamsABI,\n          functionName: \"getTBVProtocolParams\",\n        },\n        {\n          address: this.contractAddress,\n          abi: ProtocolParamsABI,\n          functionName: \"getLatestOffchainParams\",\n        },\n      ],\n      allowFailure: false,\n    });\n\n    const tbvParams = mapTBVParams(results[0] as RawTBVParams);\n    const offchainParams = mapOffchainParams(results[1] as RawOffchainParams);\n\n    return {\n      minimumPegInAmount: tbvParams.minimumPegInAmount,\n      maxPegInAmount: tbvParams.maxPegInAmount,\n      pegInAckTimeout: tbvParams.pegInAckTimeout,\n      pegInActivationTimeout: tbvParams.pegInActivationTimeout,\n      maxHtlcOutputCount: tbvParams.maxHtlcOutputCount,\n      timelockPegin: deriveTimelockPegin(offchainParams.timelockAssert),\n      timelockRefund: offchainParams.tRefund,\n      minVpCommissionBps: offchainParams.minVpCommissionBps,\n      offchainParams,\n    };\n  }\n}\n","/**\n * Concrete signer-set readers for vault keepers and universal challengers.\n *\n * These are optional utilities — callers can use their own implementations\n * of the VaultKeeperReader and UniversalChallengerReader interfaces.\n */\n\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { ApplicationRegistryABI } from \"../../contracts/abis/ApplicationRegistry.abi\";\nimport { ProtocolParamsABI } from \"../../contracts/abis/ProtocolParams.abi\";\nimport type {\n  AddressBTCKeyPair,\n  UniversalChallengerReader,\n  VaultKeeperReader,\n} from \"./types\";\n\n/** Map viem tuple array to AddressBTCKeyPair[]. */\nfunction mapKeyPairs(\n  result: readonly { ethAddress: Address; btcPubKey: Hex }[],\n): AddressBTCKeyPair[] {\n  return result.map((pair) => ({\n    ethAddress: pair.ethAddress,\n    btcPubKey: pair.btcPubKey,\n  }));\n}\n\n/**\n * Reads vault keepers from the ApplicationRegistry contract.\n *\n * Usage:\n * ```ts\n * const reader = new ViemVaultKeeperReader(publicClient, applicationRegistryAddress);\n * const keepers = await reader.getCurrentVaultKeepers(appEntryPoint);\n * ```\n */\nexport class ViemVaultKeeperReader implements VaultKeeperReader {\n  constructor(\n    private publicClient: PublicClient,\n    private contractAddress: Address,\n  ) {}\n\n  async getVaultKeepersByVersion(\n    appEntryPoint: Address,\n    version: number,\n  ): Promise<AddressBTCKeyPair[]> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ApplicationRegistryABI,\n      functionName: \"getVaultKeepersByVersion\",\n      args: [appEntryPoint, version],\n    })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n    return mapKeyPairs(result);\n  }\n\n  async getCurrentVaultKeepers(\n    appEntryPoint: Address,\n  ): Promise<AddressBTCKeyPair[]> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ApplicationRegistryABI,\n      functionName: \"getCurrentVaultKeepers\",\n      args: [appEntryPoint],\n    })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n    return mapKeyPairs(result);\n  }\n\n  async getCurrentVaultKeepersVersion(\n    appEntryPoint: Address,\n  ): Promise<number> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ApplicationRegistryABI,\n      functionName: \"getCurrentVaultKeepersVersion\",\n      args: [appEntryPoint],\n    })) as number;\n\n    return result;\n  }\n}\n\n/**\n * Reads universal challengers from the ProtocolParams contract.\n *\n * Usage:\n * ```ts\n * const reader = new ViemUniversalChallengerReader(publicClient, protocolParamsAddress);\n * const challengers = await reader.getCurrentUniversalChallengers();\n * ```\n */\nexport class ViemUniversalChallengerReader implements UniversalChallengerReader {\n  constructor(\n    private publicClient: PublicClient,\n    private contractAddress: Address,\n  ) {}\n\n  async getUniversalChallengersByVersion(\n    version: number,\n  ): Promise<AddressBTCKeyPair[]> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ProtocolParamsABI,\n      functionName: \"getUniversalChallengersByVersion\",\n      args: [version],\n    })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n    return mapKeyPairs(result);\n  }\n\n  async getCurrentUniversalChallengers(): Promise<AddressBTCKeyPair[]> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ProtocolParamsABI,\n      functionName: \"getCurrentUniversalChallengers\",\n    })) as readonly { ethAddress: Address; btcPubKey: Hex }[];\n\n    return mapKeyPairs(result);\n  }\n\n  async getLatestUniversalChallengersVersion(): Promise<number> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: ProtocolParamsABI,\n      functionName: \"latestUniversalChallengersVersion\",\n    })) as number;\n\n    return result;\n  }\n}\n","/**\n * Concrete BTCVaultRegistry reader using viem's readContract.\n *\n * This is an optional utility — callers can use their own implementation\n * of the VaultRegistryReader interface.\n */\n\nimport * as ecc from \"@bitcoin-js/tiny-secp256k1-asmjs\";\nimport type { Address, Hex, PublicClient } from \"viem\";\n\nimport { hexToUint8Array } from \"../../primitives/utils/bitcoin\";\nimport { BTCVaultRegistryABI } from \"../../contracts/abis/BTCVaultRegistry.abi\";\nimport type {\n  OnChainBtcPubkey,\n  VaultBasicInfo,\n  VaultData,\n  VaultProtocolInfo,\n  VaultRegistryReader,\n} from \"./types\";\n\n/**\n * Concrete vault registry reader using viem.\n *\n * Usage:\n * ```ts\n * const reader = new ViemVaultRegistryReader(publicClient, registryAddress);\n * const data = await reader.getVaultData(vaultId);\n * ```\n */\nexport class ViemVaultRegistryReader implements VaultRegistryReader {\n  constructor(\n    private publicClient: PublicClient,\n    private contractAddress: Address,\n  ) {}\n\n  /**\n   * Read the VP's persistent x-only BTC pubkey from the on-chain\n   * registry. Validates length, hex form, and secp256k1 curve\n   * membership before minting the brand. Returns 64-char lowercase\n   * hex without the `0x` prefix.\n   */\n  async getVaultProviderBtcPubKey(\n    vpAddress: Address,\n  ): Promise<OnChainBtcPubkey> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: BTCVaultRegistryABI,\n      functionName: \"getVaultProviderBTCKey\",\n      args: [vpAddress],\n    })) as Hex;\n    const lowered = result.toLowerCase();\n    if (!/^0x[0-9a-f]{64}$/.test(lowered)) {\n      throw new Error(\n        `getVaultProviderBTCKey returned an unexpected value (vp=${vpAddress}, length ${lowered.length}, prefix \"${lowered.slice(0, 2)}\")`,\n      );\n    }\n    const stripped = lowered.slice(2);\n    if (!ecc.isXOnlyPoint(hexToUint8Array(stripped))) {\n      throw new Error(\n        `getVaultProviderBTCKey returned a value that is not on the secp256k1 curve (vp=${vpAddress})`,\n      );\n    }\n    return stripped as OnChainBtcPubkey;\n  }\n\n  async getVaultBasicInfo(vaultId: Hex): Promise<VaultBasicInfo> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: BTCVaultRegistryABI,\n      functionName: \"getBtcVaultBasicInfo\",\n      args: [vaultId],\n    })) as {\n      depositor: Address;\n      depositorBtcPubKey: Hex;\n      amount: bigint;\n      vaultProvider: Address;\n      status: number;\n      applicationEntryPoint: Address;\n      createdAt: bigint;\n    };\n\n    return {\n      depositor: result.depositor,\n      depositorBtcPubKey: result.depositorBtcPubKey,\n      amount: result.amount,\n      vaultProvider: result.vaultProvider,\n      status: result.status,\n      applicationEntryPoint: result.applicationEntryPoint,\n      createdAt: result.createdAt,\n    };\n  }\n\n  async getVaultProtocolInfo(vaultId: Hex): Promise<VaultProtocolInfo> {\n    const result = (await this.publicClient.readContract({\n      address: this.contractAddress,\n      abi: BTCVaultRegistryABI,\n      functionName: \"getBtcVaultProtocolInfo\",\n      args: [vaultId],\n    })) as {\n      depositorSignedPeginTx: Hex;\n      universalChallengersVersion: number;\n      appVaultKeepersVersion: number;\n      offchainParamsVersion: number;\n      verifiedAt: bigint;\n      depositorWotsPkHash: Hex;\n      hashlock: Hex;\n      htlcVout: number;\n      depositorPopSignature: Hex;\n      prePeginTxHash: Hex;\n      vaultProviderCommissionBps: number;\n    };\n\n    return {\n      depositorSignedPeginTx: result.depositorSignedPeginTx,\n      universalChallengersVersion: result.universalChallengersVersion,\n      appVaultKeepersVersion: result.appVaultKeepersVersion,\n      offchainParamsVersion: result.offchainParamsVersion,\n      verifiedAt: result.verifiedAt,\n      depositorWotsPkHash: result.depositorWotsPkHash,\n      hashlock: result.hashlock,\n      htlcVout: result.htlcVout,\n      depositorPopSignature: result.depositorPopSignature,\n      prePeginTxHash: result.prePeginTxHash,\n      vaultProviderCommissionBps: result.vaultProviderCommissionBps,\n    };\n  }\n\n  async getVaultData(vaultId: Hex): Promise<VaultData> {\n    const [basic, protocol] = await Promise.all([\n      this.getVaultBasicInfo(vaultId),\n      this.getVaultProtocolInfo(vaultId),\n    ]);\n\n    if (\n      !protocol.depositorSignedPeginTx ||\n      protocol.depositorSignedPeginTx === \"0x\"\n    ) {\n      throw new Error(\n        `Vault ${vaultId} not found on-chain or has no pegin transaction`,\n      );\n    }\n\n    return { basic, protocol };\n  }\n}\n"],"names":["MAX_SATOSHIS","MEMPOOL_REQUEST_TIMEOUT_MS","fetchWithTimeout","url","options","controller","timeoutId","signals","error","MAX_FEE_RATE","isValidSatoshiValue","value","isValidFeeRate","isValidVout","vout","outputCount","assertValidTxid","txid","TXID_RE","assertValidAddress","address","BITCOIN_ADDRESS_RE","assertValidScriptPubKey","scriptPubKey","context","HEX_RE","KNOWN_SCRIPT_PREFIXES","prefix","MEMPOOL_API_URLS","fetchApi","response","errorText","contentType","pushTx","txHex","apiUrl","message","getTxInfo","getTxHex","getUtxoInfo","txInfo","output","getAddressUtxos","utxos","addressInfo","utxo","a","b","getMempoolApiUrl","network","getAddressTxs","getNetworkFees","data","feeFields","field","ApplicationRegistryABI","ProtocolParamsABI","DAEMON_STATUS_VALUES","DaemonStatus","VP_ERROR_PREVIEW_MAX_LEN","preview","_a","VP_VALIDATION_USER_MESSAGE","VpResponseValidationError","detail","__publicField","TXID_HEX_LEN","isNonEmptyHex","isNonEmptyString","assertNonEmptyHex","assertNonEmptyString","assertBtcPubkey","X_ONLY_PUBKEY_HEX_LEN","COMPRESSED_PUBKEY_HEX_LEN","validatePresigningProgressFields","progress","presigning","p","validateGetPeginStatusResponse","r","validateRequestDepositorPresignTransactionsResponse","i","validateClaimerTransactions","validateDepositorGraphTransactions","validateTransactionData","tx","validateChallengeAssertConnectorData","c","validatePresignDataPerChallenger","d","validateRequestDepositorClaimerArtifactsResponse","key","session","validateGetPegoutStatusResponse","claimer","challenger","graph","DEFAULT_TIMEOUT_MS","VaultProviderRpcClient","baseUrl","config","JsonRpcClient","params","signal","BIP322_TAG","TAPTWEAK_TAG","X_ONLY_PUBKEY_SIZE","SCHNORR_SIG_SIZE","taggedHash","tag","tagBytes","tagHash","sha256","preimage","tweakXOnlyKey","xOnly","tweak","tweaked","ecc","verifyBip322Simple","messageBytes","xOnlyPubkey","signature","messageHash","p2tr","payments","Buffer","ZERO_SATS","toSpend","Transaction","scriptSig","toSign","toSpendTxid","sighash","tweakedXOnly","cborHead","major","arg","n","v","out","concat","parts","total","offset","encodeBytesAsArrayOfU8","bytes","items","encodeServerIdentityPayload","domain","ephemeralPubkeyCompressed","expiresAt","arrayHeader","domainBytes","pubkeyBytes","expiresAtBytes","SERVER_IDENTITY_DOMAIN","ServerIdentityError","reason","hexToBytes","hex","verifyServerIdentity","input","proof","pinnedServerPubkey","now","pinned","stripHexPrefix","actual","eph","ephBytes","sig","SCHNORR_SIG_HEX_LEN","payload","AUTH_GATED_METHODS","TOKEN_RPC_TIMEOUT_MS","TOKEN_ISSUE_METHOD","buildInnerTokenClient","headers","method","MAX_EXPIRES_AT_SECS","DEFAULT_REFRESH_SKEW_SECS","VpTokenProvider","cached","client","existing","fresh","VpTokenRegistry","provider","peginTxid","vpTokenRegistry","createAuthenticatedVpClient","innerTokenClient","tokenProvider","primeVpTokenRegistry","resolveProtocolAddresses","publicClient","btcVaultRegistryAddress","protocolParams","applicationRegistry","BTCVaultRegistryABI","UINT16_MAX","mapOffchainParams","result","mapTBVParams","deriveTimelockPegin","timelockAssert","ViemProtocolParamsReader","contractAddress","version","results","tbvParams","offchainParams","mapKeyPairs","pair","ViemVaultKeeperReader","appEntryPoint","ViemUniversalChallengerReader","ViemVaultRegistryReader","vpAddress","lowered","stripped","hexToUint8Array","vaultId","basic","protocol"],"mappings":"osBAmBMA,GAAe,KAAa,IAG5BC,EAA6B,IAMnC,eAAeC,EACbC,EACAC,EACmB,CACnB,MAAMC,EAAa,IAAI,gBACjBC,EAAY,WAChB,IAAMD,EAAW,MAAA,EACjBJ,CAAA,EAIIM,EAAU,CAACF,EAAW,OAAQD,GAAA,YAAAA,EAAS,MAAM,EAAE,OACnD,OAAA,EAGF,GAAI,CAEF,OAAO,MAAM,MAAMD,EAAK,CACtB,GAAGC,EACH,OAAQ,YAAY,IAAIG,CAAO,CAAA,CAChC,CACH,OAASC,EAAO,CAEd,MADA,aAAaF,CAAS,EAEpBE,GAAS,MACT,OAAOA,GAAU,UACjB,SAAUA,GACVA,EAAM,OAAS,aAET,IAAI,MACR,uCAAuCP,CAA0B,OAAOE,CAAG,EAAA,EAGzEK,CACR,CACF,CAMA,MAAMC,EAAe,IAErB,SAASC,EAAoBC,EAAwB,CACnD,OAAO,OAAO,UAAUA,CAAK,GAAKA,EAAQ,GAAKA,GAASX,EAC1D,CAEA,SAASY,GAAeD,EAAwB,CAC9C,OAAO,OAAO,UAAUA,CAAK,GAAKA,EAAQ,GAAKA,GAASF,CAC1D,CAEA,SAASI,EAAYC,EAAcC,EAA+B,CAChE,MAAI,CAAC,OAAO,UAAUD,CAAI,GAAKA,EAAO,EAAU,GACzCC,IAAgB,QAAaD,EAAOC,CAC7C,CAGA,SAASC,EAAgBC,EAAoB,CAC3C,GAAI,CAACC,EAAAA,QAAQ,KAAKD,CAAI,EACpB,MAAM,IAAI,MAAM,kCAAkCA,CAAI,EAAE,CAE5D,CAEA,SAASE,EAAmBC,EAAuB,CACjD,GAAI,CAACC,EAAAA,mBAAmB,KAAKD,CAAO,EAClC,MAAM,IAAI,MAAM,mCAAmCA,CAAO,EAAE,CAEhE,CAEA,SAASE,EAAwBC,EAAsBC,EAAuB,CAC5E,GAAI,CAACC,EAAAA,OAAO,KAAKF,CAAY,EAC3B,MAAM,IAAI,MACR,2CAA2CC,CAAO,EAAA,EAMtD,GAAI,CAHqBE,EAAAA,sBAAsB,KAAMC,GACnDJ,EAAa,YAAA,EAAc,WAAWI,CAAM,CAAA,EAG5C,MAAM,IAAI,MACR,sCAAsCH,CAAO,YACjCD,EAAa,MAAM,EAAG,CAAC,CAAC,+CAAA,CAG1C,CAKO,MAAMK,EAAmB,CAC9B,QAAS,4BACT,QAAS,oCACT,OAAQ,kCACV,EAKA,eAAeC,EACb1B,EACAC,EACY,CACZ,GAAI,CACF,MAAM0B,EAAW,MAAM5B,EAAiBC,EAAKC,CAAO,EAEpD,GAAI,CAAC0B,EAAS,GAAI,CAChB,MAAMC,EAAY,MAAMD,EAAS,KAAA,EACjC,MAAM,IAAI,MACR,sBAAsBA,EAAS,MAAM,MAAMC,GAAaD,EAAS,UAAU,EAAA,CAE/E,CAEA,MAAME,EAAcF,EAAS,QAAQ,IAAI,cAAc,EACvD,OAAIE,GAAA,MAAAA,EAAa,SAAS,oBAChB,MAAMF,EAAS,KAAA,EAEf,MAAMA,EAAS,KAAA,CAE3B,OAAStB,EAAO,CACd,MAAIA,aAAiB,MACb,IAAI,MAAM,qCAAqCA,EAAM,OAAO,EAAE,EAEhE,IAAI,MAAM,iDAAiD,CACnE,CACF,CAUA,eAAsByB,GAAOC,EAAeC,EAAiC,CAC3E,GAAI,CACF,MAAML,EAAW,MAAM5B,EAAiB,GAAGiC,CAAM,MAAO,CACtD,OAAQ,OACR,KAAMD,EACN,QAAS,CACP,eAAgB,YAAA,CAClB,CACD,EAED,GAAI,CAACJ,EAAS,GAAI,CAChB,MAAMC,EAAY,MAAMD,EAAS,KAAA,EAEjC,IAAIM,EACJ,GAAI,CAEFA,EADkB,KAAK,MAAML,CAAS,EAClB,OACtB,MAAQ,CAENK,EAAUL,CACZ,CACA,MAAM,IAAI,MACRK,GAAW,oCAAoCN,EAAS,UAAU,EAAA,CAEtE,CAIA,OADa,MAAMA,EAAS,KAAA,CAE9B,OAAStB,EAAO,CACd,MAAIA,aAAiB,MACb,IAAI,MAAM,wCAAwCA,EAAM,OAAO,EAAE,EAEnE,IAAI,MAAM,oDAAoD,CACtE,CACF,CASA,eAAsB6B,EAAUpB,EAAckB,EAAiC,CAC7E,OAAAnB,EAAgBC,CAAI,EACbY,EAAiB,GAAGM,CAAM,OAAOlB,CAAI,EAAE,CAChD,CAUA,eAAsBqB,GAASrB,EAAckB,EAAiC,CAC5EnB,EAAgBC,CAAI,EACpB,GAAI,CACF,MAAMa,EAAW,MAAM5B,EAAiB,GAAGiC,CAAM,OAAOlB,CAAI,MAAM,EAElE,GAAI,CAACa,EAAS,GAAI,CAChB,MAAMC,EAAY,MAAMD,EAAS,KAAA,EACjC,MAAM,IAAI,MACR,sBAAsBA,EAAS,MAAM,MAAMC,GAAaD,EAAS,UAAU,EAAA,CAE/E,CAEA,OAAO,MAAMA,EAAS,KAAA,CACxB,OAAStB,EAAO,CACd,MAAIA,aAAiB,MACb,IAAI,MAAM,qCAAqCS,CAAI,KAAKT,EAAM,OAAO,EAAE,EAEzE,IAAI,MAAM,qCAAqCS,CAAI,iBAAiB,CAC5E,CACF,CAaA,eAAsBsB,GACpBtB,EACAH,EACAqB,EACmB,CACnBnB,EAAgBC,CAAI,EACpB,MAAMuB,EAAS,MAAMH,EAAUpB,EAAMkB,CAAM,EAE3C,GAAI,CAACtB,EAAYC,EAAM0B,EAAO,KAAK,MAAM,EACvC,MAAM,IAAI,MACR,gBAAgB1B,CAAI,oBAAoBG,CAAI,SAASuB,EAAO,KAAK,MAAM,WAAA,EAI3E,MAAMC,EAASD,EAAO,KAAK1B,CAAI,EAC/B,GAAI,CAACJ,EAAoB+B,EAAO,KAAK,EACnC,MAAM,IAAI,MAAM,sBAAsBA,EAAO,KAAK,QAAQxB,CAAI,IAAIH,CAAI,EAAE,EAE1E,OAAAQ,EAAwBmB,EAAO,aAAc,GAAGxB,CAAI,IAAIH,CAAI,EAAE,EAEvD,CACL,KAAAG,EACA,KAAAH,EACA,MAAO2B,EAAO,MACd,aAAcA,EAAO,YAAA,CAEzB,CASA,eAAsBC,GACpBtB,EACAe,EACwB,CACxBhB,EAAmBC,CAAO,EAC1B,GAAI,CAEF,MAAMuB,EAAQ,MAAMd,EASlB,GAAGM,CAAM,YAAYf,CAAO,OAAO,EAG/BwB,EAAc,MAAMf,EAGvB,GAAGM,CAAM,wBAAwBf,CAAO,EAAE,EAE7C,GAAI,CAACwB,EAAY,QACf,MAAM,IAAI,MACR,4BAA4BxB,CAAO,kCAAA,EAGvCE,EAAwBsB,EAAY,aAAcxB,CAAO,EAQzD,UAAWyB,KAAQF,EAAO,CAExB,GADA3B,EAAgB6B,EAAK,IAAI,EACrB,CAAChC,EAAYgC,EAAK,IAAI,EACxB,MAAM,IAAI,MAAM,gBAAgBA,EAAK,IAAI,QAAQA,EAAK,IAAI,EAAE,EAE9D,GAAI,CAACnC,EAAoBmC,EAAK,KAAK,EACjC,MAAM,IAAI,MACR,sBAAsBA,EAAK,KAAK,QAAQA,EAAK,IAAI,IAAIA,EAAK,IAAI,EAAA,CAGpE,CAKA,OAFoBF,EAAM,KAAK,CAACG,EAAGC,IAAMA,EAAE,MAAQD,EAAE,KAAK,EAEvC,IAAKD,IAAU,CAChC,KAAMA,EAAK,KACX,KAAMA,EAAK,KACX,MAAOA,EAAK,MACZ,aAAcD,EAAY,aAC1B,UAAWC,EAAK,OAAO,SAAA,EACvB,CACJ,OAASrC,EAAO,CACd,MAAIA,aAAiB,MACb,IAAI,MACR,mCAAmCY,CAAO,KAAKZ,EAAM,OAAO,EAAA,EAG1D,IAAI,MACR,mCAAmCY,CAAO,iBAAA,CAE9C,CACF,CAQO,SAAS4B,GACdC,EACQ,CACR,OAAOrB,EAAiBqB,CAAO,CACjC,CAuBA,eAAsBC,GACpB9B,EACAe,EACsB,CACtB,OAAAhB,EAAmBC,CAAO,EACnBS,EAAsB,GAAGM,CAAM,YAAYf,CAAO,MAAM,CACjE,CAWA,eAAsB+B,GAAehB,EAAsC,CACzE,MAAML,EAAW,MAAM5B,EAAiB,GAAGiC,CAAM,sBAAsB,EAEvE,GAAI,CAACL,EAAS,GACZ,MAAM,IAAI,MACR,iCAAiCA,EAAS,MAAM,IAAIA,EAAS,UAAU,EAAA,EAI3E,MAAMsB,EAAO,MAAMtB,EAAS,KAAA,EAEtBuB,EAAY,CAChB,aACA,cACA,UACA,aACA,YAAA,EAGF,UAAWC,KAASD,EAClB,GAAI,CAACzC,GAAewC,EAAKE,CAAK,CAAC,EAC7B,MAAM,IAAI,MACR,oBAAoBA,CAAK,IAAIF,EAAKE,CAAK,CAAC,mDAAmD7C,CAAY,EAAA,EAK7G,GACE2C,EAAK,WAAaA,EAAK,YACvBA,EAAK,WAAaA,EAAK,SACvBA,EAAK,QAAUA,EAAK,aACpBA,EAAK,YAAcA,EAAK,WAExB,MAAM,IAAI,MACR,sEACiBA,EAAK,UAAU,oBAAoBA,EAAK,UAAU,iBACrDA,EAAK,OAAO,qBAAqBA,EAAK,WAAW,oBAC9CA,EAAK,UAAU,IAAA,EAIpC,OAAOA,CACT,CCxbO,MAAMG,EAAyB,CACpC,CACE,KAAM,WACN,KAAM,2BACN,OAAQ,CACN,CACE,KAAM,gBACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,gBACN,KAAM,SACN,aAAc,QAAA,CAChB,EAEF,QAAS,CACP,CACE,KAAM,GACN,KAAM,UACN,aAAc,2CACd,WAAY,CACV,CACE,KAAM,aACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,YACN,KAAM,UACN,aAAc,SAAA,CAChB,CACF,CACF,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,yBACN,OAAQ,CACN,CACE,KAAM,gBACN,KAAM,UACN,aAAc,SAAA,CAChB,EAEF,QAAS,CACP,CACE,KAAM,GACN,KAAM,UACN,aAAc,2CACd,WAAY,CACV,CACE,KAAM,aACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,YACN,KAAM,UACN,aAAc,SAAA,CAChB,CACF,CACF,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,gCACN,OAAQ,CACN,CACE,KAAM,gBACN,KAAM,UACN,aAAc,SAAA,CAChB,EAEF,QAAS,CACP,CACE,KAAM,GACN,KAAM,SACN,aAAc,QAAA,CAChB,EAEF,gBAAiB,MAAA,CAErB,ECvFaC,EAAoB,CAC/B,CACE,KAAM,WACN,KAAM,uBACN,OAAQ,CAAA,EACR,QAAS,CACP,CACE,KAAM,GACN,KAAM,QACN,aAAc,2CACd,WAAY,CACV,CACE,KAAM,qBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,iBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,kBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,yBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,qBACN,KAAM,QACN,aAAc,OAAA,CAChB,CACF,CACF,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,0BACN,OAAQ,CAAA,EACR,QAAS,CACP,CACE,KAAM,GACN,KAAM,QACN,aAAc,iDACd,WAAY,CACV,CACE,KAAM,iBACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,0BACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,sBACN,KAAM,YACN,aAAc,WAAA,EAEhB,CACE,KAAM,gBACN,KAAM,QACN,aAAc,OAAA,EAEhB,CACE,KAAM,UACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,qBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,0BACN,KAAM,QACN,aAAc,OAAA,EAEhB,CACE,KAAM,qBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,UACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,SACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,kBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,uBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,mBACN,KAAM,SACN,aAAc,QAAA,CAChB,CACF,CACF,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,6BACN,OAAQ,CACN,CACE,KAAM,gBACN,KAAM,SACN,aAAc,QAAA,CAChB,EAEF,QAAS,CACP,CACE,KAAM,GACN,KAAM,QACN,aAAc,iDACd,WAAY,CACV,CACE,KAAM,iBACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,0BACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,sBACN,KAAM,YACN,aAAc,WAAA,EAEhB,CACE,KAAM,gBACN,KAAM,QACN,aAAc,OAAA,EAEhB,CACE,KAAM,UACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,qBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,0BACN,KAAM,QACN,aAAc,OAAA,EAEhB,CACE,KAAM,qBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,UACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,SACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,kBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,uBACN,KAAM,SACN,aAAc,QAAA,EAEhB,CACE,KAAM,mBACN,KAAM,SACN,aAAc,QAAA,CAChB,CACF,CACF,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,8BACN,OAAQ,CAAA,EACR,QAAS,CACP,CACE,KAAM,GACN,KAAM,SACN,aAAc,QAAA,CAChB,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,mCACN,OAAQ,CACN,CACE,KAAM,gBACN,KAAM,SACN,aAAc,QAAA,CAChB,EAEF,QAAS,CACP,CACE,KAAM,GACN,KAAM,UACN,aAAc,2CACd,WAAY,CACV,CACE,KAAM,aACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,YACN,KAAM,UACN,aAAc,SAAA,CAChB,CACF,CACF,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,iCACN,OAAQ,CAAA,EACR,QAAS,CACP,CACE,KAAM,GACN,KAAM,UACN,aAAc,2CACd,WAAY,CACV,CACE,KAAM,aACN,KAAM,UACN,aAAc,SAAA,EAEhB,CACE,KAAM,YACN,KAAM,UACN,aAAc,SAAA,CAChB,CACF,CACF,EAEF,gBAAiB,MAAA,EAEnB,CACE,KAAM,WACN,KAAM,oCACN,OAAQ,CAAA,EACR,QAAS,CACP,CACE,KAAM,GACN,KAAM,SACN,aAAc,QAAA,CAChB,EAEF,gBAAiB,MAAA,CAErB,ECjRMC,EAAuB,IAAI,IAAY,OAAO,OAAOC,EAAAA,YAAY,CAAC,EAElEC,GAA2B,IAEjC,SAASC,EAAQjD,EAAwB,OACvC,QACEkD,EAAA,KAAK,UAAUlD,CAAK,IAApB,YAAAkD,EAAuB,MAAM,EAAGF,MAA6B,WAEjE,CAEA,MAAMG,GACJ,2FAQK,MAAMC,UAAkC,KAAM,CAGnD,YAAYC,EAAgB,CAC1B,MAAMF,EAA0B,EAHzBG,EAAA,eAIP,KAAK,KAAO,4BACZ,KAAK,OAASD,CAChB,CACF,CAGA,MAAME,EAAe,GAErB,SAASC,EAAcxD,EAAiC,CACtD,OAAO,OAAOA,GAAU,UAAYA,EAAM,OAAS,GAAKc,EAAAA,OAAO,KAAKd,CAAK,CAC3E,CAEA,SAASyD,EAAiBzD,EAAiC,CACzD,OAAO,OAAOA,GAAU,UAAYA,EAAM,OAAS,CACrD,CAEA,SAAS0D,GAAkB1D,EAAgB2C,EAAqB,CAC9D,GAAI,CAACa,EAAcxD,CAAK,EACtB,MAAM,IAAIoD,EACR,mCAAmCT,CAAK,yCAAyCM,EAAQjD,CAAK,CAAC,EAAA,CAGrG,CAEA,SAAS2D,EAAqB3D,EAAgB2C,EAAqB,CACjE,GAAI,CAACc,EAAiBzD,CAAK,EACzB,MAAM,IAAIoD,EACR,mCAAmCT,CAAK,qCAAqCM,EAAQjD,CAAK,CAAC,EAAA,CAGjG,CAMA,SAAS4D,GAAgB5D,EAAgB2C,EAAqB,CAC5D,GACE,CAACa,EAAcxD,CAAK,GACnBA,EAAM,SAAW6D,yBAChB7D,EAAM,SAAW8D,4BAEnB,MAAM,IAAIV,EACR,mCAAmCT,CAAK,eAAekB,EAAAA,qBAAqB,OAAOC,EAAAA,yBAAyB,sCAAsCb,EAAQjD,CAAK,CAAC,EAAA,CAGtK,CAKA,SAAS+D,GACPC,EACM,CACN,MAAMC,EAAaD,EAAS,WAC5B,GAAgCC,GAAe,KAAM,OACrD,GAAI,OAAOA,GAAe,UAAY,MAAM,QAAQA,CAAU,EAC5D,MAAM,IAAIb,EACR,mFAAA,EAIJ,MAAMc,EAAID,EAEV,GACEC,EAAE,0BAA4B,QAC9B,OAAOA,EAAE,yBAA4B,UAErC,MAAM,IAAId,EACR,kHAAkHH,EAAQiB,EAAE,uBAAuB,CAAC,EAAA,EAIxJ,GACEA,EAAE,qCAAuC,QACzC,OAAOA,EAAE,oCAAuC,SAEhD,MAAM,IAAId,EACR,4HAA4HH,EAAQiB,EAAE,kCAAkC,CAAC,EAAA,EAI7K,GACEA,EAAE,iCAAmC,QACrC,OAAOA,EAAE,gCAAmC,SAE5C,MAAM,IAAId,EACR,wHAAwHH,EAAQiB,EAAE,8BAA8B,CAAC,EAAA,CAGvK,CAOO,SAASC,GACdhD,EAC4C,CAC5C,GAAIA,IAAa,MAAQ,OAAOA,GAAa,SAC3C,MAAM,IAAIiC,EACR,yEAAA,EAIJ,MAAMgB,EAAIjD,EAEV,GAAI,CAACqC,EAAcY,EAAE,UAAU,GAAKA,EAAE,WAAW,SAAWb,EAC1D,MAAM,IAAIH,EACR,yDAAyDG,CAAY,gCAAgCN,EAAQmB,EAAE,UAAU,CAAC,EAAA,EAI9H,GAAI,OAAOA,EAAE,QAAW,SACtB,MAAM,IAAIhB,EACR,0DAAA,EAIJ,GAAI,CAACN,EAAqB,IAAIsB,EAAE,MAAM,EACpC,MAAM,IAAIhB,EACR,uDAAuDgB,EAAE,MAAM,uBAAuB,CAAC,GAAGtB,CAAoB,EAAE,KAAK,IAAI,CAAC,EAAA,EAI9H,GACEsB,EAAE,WAAa,MACf,OAAOA,EAAE,UAAa,UACtB,MAAM,QAAQA,EAAE,QAAQ,EAExB,MAAM,IAAIhB,EACR,6DAAA,EAMJ,GAFAW,GAAiCK,EAAE,QAAmC,EAElE,OAAOA,EAAE,aAAgB,SAC3B,MAAM,IAAIhB,EACR,+DAAA,EAIJ,GAAIgB,EAAE,aAAe,QAAa,OAAOA,EAAE,YAAe,SACxD,MAAM,IAAIhB,EACR,gFAAgFH,EAAQmB,EAAE,UAAU,CAAC,EAAA,CAG3G,CAKO,SAASC,GACdlD,EACiE,CACjE,GAAIA,IAAa,MAAQ,OAAOA,GAAa,SAC3C,MAAM,IAAIiC,EACR,8FAAA,EAIJ,MAAMgB,EAAIjD,EAEV,GAAI,CAAC,MAAM,QAAQiD,EAAE,GAAG,EACtB,MAAM,IAAIhB,EACR,uDAAA,EAIJ,QAASkB,EAAI,EAAGA,EAAIF,EAAE,IAAI,OAAQE,IAChCC,GAA4BH,EAAE,IAAIE,CAAC,EAAG,OAAOA,CAAC,GAAG,EAGnD,GAAIF,EAAE,kBAAoB,MAAQ,OAAOA,EAAE,iBAAoB,SAC7D,MAAM,IAAIhB,EACR,oEAAA,EAIJoB,GACEJ,EAAE,eAAA,CAEN,CAEA,SAASK,EAAwBzE,EAAgB2C,EAAqB,CACpE,GAAI3C,IAAU,MAAQ,OAAOA,GAAU,SACrC,MAAM,IAAIoD,EACR,mCAAmCT,CAAK,qBAAA,EAI5Ce,GADW1D,EACU,OAAQ,GAAG2C,CAAK,SAAS,CAChD,CAEA,SAAS4B,GAA4BvE,EAAgB2C,EAAqB,CACxE,GAAI3C,IAAU,MAAQ,OAAOA,GAAU,SACrC,MAAM,IAAIoD,EACR,mCAAmCT,CAAK,qBAAA,EAI5C,MAAM+B,EAAK1E,EAEX4D,GAAgBc,EAAG,eAAgB,GAAG/B,CAAK,iBAAiB,EAC5D8B,EAAwBC,EAAG,SAAU,GAAG/B,CAAK,WAAW,EACxD8B,EAAwBC,EAAG,UAAW,GAAG/B,CAAK,YAAY,EAC1D8B,EAAwBC,EAAG,UAAW,GAAG/B,CAAK,YAAY,EAC1DgB,EAAqBe,EAAG,YAAa,GAAG/B,CAAK,cAAc,CAC7D,CAEA,SAASgC,GACP3E,EACA2C,EACM,CACN,GAAI3C,IAAU,MAAQ,OAAOA,GAAU,SACrC,MAAM,IAAIoD,EACR,mCAAmCT,CAAK,qBAAA,EAI5C,MAAMiC,EAAI5E,EACV2D,EAAqBiB,EAAE,cAAe,GAAGjC,CAAK,gBAAgB,EAC9DgB,EAAqBiB,EAAE,kBAAmB,GAAGjC,CAAK,oBAAoB,CACxE,CAEA,SAASkC,GAAiC7E,EAAgB2C,EAAqB,CAC7E,GAAI3C,IAAU,MAAQ,OAAOA,GAAU,SACrC,MAAM,IAAIoD,EACR,mCAAmCT,CAAK,qBAAA,EAI5C,MAAMmC,EAAI9E,EAcV,GAZA4D,GAAgBkB,EAAE,kBAAmB,GAAGnC,CAAK,oBAAoB,EACjE8B,EACEK,EAAE,sBACF,GAAGnC,CAAK,wBAAA,EAEV8B,EACEK,EAAE,sBACF,GAAGnC,CAAK,wBAAA,EAEV8B,EAAwBK,EAAE,YAAa,GAAGnC,CAAK,cAAc,EAC7DgB,EAAqBmB,EAAE,cAAe,GAAGnC,CAAK,gBAAgB,EAE1D,CAAC,MAAM,QAAQmC,EAAE,2BAA2B,EAC9C,MAAM,IAAI1B,EACR,mCAAmCT,CAAK,gDAAA,EAI5C,QAAS2B,EAAI,EAAGA,EAAIQ,EAAE,4BAA4B,OAAQR,IACxDK,GACEG,EAAE,4BAA4BR,CAAC,EAC/B,GAAG3B,CAAK,gCAAgC2B,CAAC,GAAA,EAI7C,GAAI,CAAC,MAAM,QAAQQ,EAAE,mBAAmB,EACtC,MAAM,IAAI1B,EACR,mCAAmCT,CAAK,wCAAA,EAI5C,QAAS2B,EAAI,EAAGA,EAAIQ,EAAE,oBAAoB,OAAQR,IAChDZ,GACEoB,EAAE,oBAAoBR,CAAC,EACvB,GAAG3B,CAAK,wBAAwB2B,CAAC,GAAA,CAGvC,CAKO,SAASS,GACd5D,EAC8D,CAC9D,GAAIA,IAAa,MAAQ,OAAOA,GAAa,SAC3C,MAAM,IAAIiC,EACR,2FAAA,EAIJ,MAAMgB,EAAIjD,EAEV,GAAI,CAACsC,EAAiBW,EAAE,aAAa,EACnC,MAAM,IAAIhB,EACR,kFAAkFH,EAAQmB,EAAE,aAAa,CAAC,EAAA,EAI9G,GAAI,CAACZ,EAAcY,EAAE,iBAAiB,EACpC,MAAM,IAAIhB,EACR,0FAA0FH,EAAQmB,EAAE,iBAAiB,CAAC,EAAA,EAI1H,GAAIA,EAAE,gBAAkB,MAAQ,OAAOA,EAAE,eAAkB,SACzD,MAAM,IAAIhB,EACR,kEAAA,EAIJ,SAAW,CAAC4B,EAAKC,CAAO,IAAK,OAAO,QAClCb,EAAE,aAAA,EACD,CACD,GAAIa,IAAY,MAAQ,OAAOA,GAAY,SACzC,MAAM,IAAI7B,EACR,iDAAiD4B,CAAG,qBAAA,EAGxD,MAAM,EAAIC,EACV,GAAI,CAACzB,EAAc,EAAE,uBAAuB,EAC1C,MAAM,IAAIJ,EACR,iDAAiD4B,CAAG,iEAAiE/B,EAAQ,EAAE,uBAAuB,CAAC,EAAA,CAG7J,CACF,CAKO,SAASiC,GACd/D,EAC6C,CAC7C,GAAIA,IAAa,MAAQ,OAAOA,GAAa,SAC3C,MAAM,IAAIiC,EACR,0EAAA,EAIJ,MAAMgB,EAAIjD,EAEV,GAAI,CAACqC,EAAcY,EAAE,UAAU,GAAKA,EAAE,WAAW,SAAWb,EAC1D,MAAM,IAAIH,EACR,yDAAyDG,CAAY,gCAAgCN,EAAQmB,EAAE,UAAU,CAAC,EAAA,EAI9H,GAAI,OAAOA,EAAE,OAAU,UACrB,MAAM,IAAIhB,EACR,iEAAiEH,EAAQmB,EAAE,KAAK,CAAC,EAAA,EAIrF,GAAIA,EAAE,UAAY,OAAW,CAC3B,GAAIA,EAAE,UAAY,MAAQ,OAAOA,EAAE,SAAY,SAC7C,MAAM,IAAIhB,EACR,uEAAA,EAGJ,MAAM+B,EAAUf,EAAE,QAClB,GAAI,OAAOe,EAAQ,QAAW,SAC5B,MAAM,IAAI/B,EACR,yEAAyEH,EAAQkC,EAAQ,MAAM,CAAC,EAAA,EAGpG,GAAI,OAAOA,EAAQ,QAAW,UAC5B,MAAM,IAAI/B,EACR,0EAA0EH,EAAQkC,EAAQ,MAAM,CAAC,EAAA,CAGvG,CAEA,GAAIf,EAAE,aAAe,OAAW,CAC9B,GAAIA,EAAE,aAAe,MAAQ,OAAOA,EAAE,YAAe,SACnD,MAAM,IAAIhB,EACR,0EAAA,EAGJ,MAAMgC,EAAahB,EAAE,WACrB,GAAI,OAAOgB,EAAW,QAAW,SAC/B,MAAM,IAAIhC,EACR,4EAA4EH,EAAQmC,EAAW,MAAM,CAAC,EAAA,CAG5G,CACF,CAEA,SAASZ,GACPa,EACM,CAMN,GALAZ,EAAwBY,EAAM,SAAU,0BAA0B,EAClEZ,EAAwBY,EAAM,UAAW,2BAA2B,EACpEZ,EAAwBY,EAAM,UAAW,2BAA2B,EACpE1B,EAAqB0B,EAAM,YAAa,6BAA6B,EAEjE,CAAC,MAAM,QAAQA,EAAM,uBAAuB,EAC9C,MAAM,IAAIjC,EACR,2FAAA,EAIJ,QAASkB,EAAI,EAAGA,EAAIe,EAAM,wBAAwB,OAAQf,IACxDO,GACEQ,EAAM,wBAAwBf,CAAC,EAC/B,2CAA2CA,CAAC,GAAA,EAIhD,GAAI,OAAOe,EAAM,yBAA4B,SAC3C,MAAM,IAAIjC,EACR,2FAAA,CAGN,CC3YA,MAAMkC,GAAqB,IAWpB,MAAMC,EAEb,CAGE,YAAYC,EAAiB/F,EAAyC,CAF9D6D,EAAA,eAGN,MAAMmC,EAA8B,CAClC,QAAAD,EACA,SAAS/F,GAAA,YAAAA,EAAS,UAAW6F,GAC7B,QAAS7F,GAAA,YAAAA,EAAS,QAClB,WAAYA,GAAA,YAAAA,EAAS,WACrB,aAAcA,GAAA,YAAAA,EAAS,aACvB,QAASA,GAAA,YAAAA,EAAS,QAClB,cAAeA,GAAA,YAAAA,EAAS,cACxB,iBAAkBA,GAAA,YAAAA,EAAS,gBAAA,EAE7B,KAAK,OAAS,IAAIiG,EAAAA,cAAcD,CAAM,CACxC,CAMA,MAAM,oCACJE,EACAC,EACsD,CACtD,MAAMzE,EAAW,MAAM,KAAK,OAAO,KAGjC,oDAAqDwE,EAAQC,CAAM,EACrE,OAAAvB,GAAoDlD,CAAQ,EACrDA,CACT,CAMA,MAAM,6BACJwE,EACAC,EACe,CACf,OAAO,KAAK,OAAO,KACjB,6CACAD,EACAC,CAAA,CAEJ,CAOA,MAAM,uBACJD,EACAC,EACe,CACf,OAAO,KAAK,OAAO,KACjB,uCACAD,EACAC,CAAA,CAEJ,CAMA,MAAM,iCACJD,EACAC,EACmD,CACnD,MAAMzE,EAAW,MAAM,KAAK,OAAO,KAGjC,iDAAkDwE,EAAQC,CAAM,EAClE,OAAAb,GAAiD5D,CAAQ,EAClDA,CACT,CAGA,MAAM,eACJwE,EACAC,EACiC,CACjC,MAAMzE,EAAW,MAAM,KAAK,OAAO,KACjC,+BACAwE,EACAC,CAAA,EAEF,OAAAzB,GAA+BhD,CAAQ,EAChCA,CACT,CAGA,MAAM,gBACJwE,EACAC,EACkC,CAClC,MAAMzE,EAAW,MAAM,KAAK,OAAO,KACjC,gCACAwE,EACAC,CAAA,EAEF,OAAAV,GAAgC/D,CAAQ,EACjCA,CACT,CACF,CC5IA,MAAM0E,GAAa,yBAGbC,GAAe,WAEfC,GAAqB,GACrBC,GAAmB,GAMzB,SAASC,GAAWC,EAAazD,EAA8B,CAC7D,MAAM0D,EAAW,IAAI,cAAc,OAAOD,CAAG,EACvCE,EAAUC,EAAAA,OAAOF,CAAQ,EACzBG,EAAW,IAAI,WAAWF,EAAQ,OAAS,EAAI3D,EAAK,MAAM,EAChE,OAAA6D,EAAS,IAAIF,EAAS,CAAC,EACvBE,EAAS,IAAIF,EAASA,EAAQ,MAAM,EACpCE,EAAS,IAAI7D,EAAM2D,EAAQ,OAAS,CAAC,EAC9BC,EAAAA,OAAOC,CAAQ,CACxB,CAYA,SAASC,GAAcC,EAAsC,CAC3D,GAAIA,EAAM,SAAWT,GAAoB,OAAO,KAChD,MAAMU,EAAQR,GAAWH,GAAcU,CAAK,EACtCE,EAAUC,EAAI,mBAAmBH,EAAOC,CAAK,EACnD,OAAOC,EAAUA,EAAQ,YAAc,IACzC,CAoBO,SAASE,GACdC,EACAC,EACAC,EACS,CAET,GADID,EAAY,SAAWf,IACvBgB,EAAU,SAAWf,GAAkB,MAAO,GAOlD,GAAI,CAEF,MAAMgB,EAAcf,GAAWJ,GAAYgB,CAAY,EAKjDI,EAAOC,EAAAA,SAAS,KAAK,CACzB,eAAgBC,EAAAA,OAAO,KAAKL,CAAW,CAAA,CACxC,EACD,GAAI,CAACG,EAAK,OAAQ,MAAO,GACzB,MAAMrG,EAAeqG,EAAK,OAUpBG,EAAY,EACZC,EAAU,IAAIC,cACpBD,EAAQ,QAAU,EAClBA,EAAQ,SAAW,EAEnB,MAAME,EAAYJ,EAAAA,OAAO,OAAO,CAC9BA,EAAAA,OAAO,KAAK,CAAC,EAAM,EAAI,CAAC,EACxBA,EAAAA,OAAO,KAAKH,CAAW,CAAA,CACxB,EACDK,EAAQ,SACNF,SAAO,MAAM,GAAI,CAAC,EAClB,WACA,EACAI,CAAA,EAEFF,EAAQ,UAAUzG,EAAcwG,CAAS,EAGzC,MAAMI,EAAS,IAAIF,cACnBE,EAAO,QAAU,EACjBA,EAAO,SAAW,EAElB,MAAMC,EAAcJ,EAAQ,QAAA,EAC5BG,EAAO,SAASC,EAAa,EAAG,CAAC,EACjCD,EAAO,UAAUL,SAAO,KAAK,CAAC,GAAI,CAAC,EAAGC,CAAS,EAG/C,MAAMM,EAAUF,EAAO,iBACrB,EACA,CAAC5G,CAAY,EACb,CAACwG,CAAS,EACVE,cAAY,eAAA,EAIRK,EAAepB,GAAcO,CAAW,EAC9C,OAAKa,EAEEhB,EAAI,cAAce,EAASC,EAAcZ,CAAS,EAF/B,EAG5B,MAAQ,CACN,MAAO,EACT,CACF,CC9IA,SAASa,EAASC,EAAeC,EAAkC,CACjE,MAAM5B,GAAO2B,EAAQ,IAAS,EACxBE,EAAI,OAAOD,GAAQ,SAAWA,EAAM,OAAOA,CAAG,EACpD,GAAIC,EAAI,GAAI,MAAM,IAAI,MAAM,6BAA6B,EAEzD,GAAIA,EAAI,IAAK,OAAO,IAAI,WAAW,CAAC7B,EAAM,OAAO6B,CAAC,CAAC,CAAC,EACpD,GAAIA,EAAI,OAAQ,OAAO,IAAI,WAAW,CAAC7B,EAAM,GAAI,OAAO6B,CAAC,CAAC,CAAC,EAC3D,GAAIA,EAAI,SAAU,CAChB,MAAMC,EAAI,OAAOD,CAAC,EAClB,OAAO,IAAI,WAAW,CAAC7B,EAAM,GAAK8B,IAAM,EAAK,IAAMA,EAAI,GAAI,CAAC,CAC9D,CACA,GAAID,EAAI,aAAgB,CACtB,MAAMC,EAAI,OAAOD,CAAC,EAClB,OAAO,IAAI,WAAW,CACpB7B,EAAM,GACL8B,IAAM,GAAM,IACZA,IAAM,GAAM,IACZA,IAAM,EAAK,IACZA,EAAI,GAAA,CACL,CACH,CAEA,MAAMC,EAAM,IAAI,WAAW,CAAC,EAC5BA,EAAI,CAAC,EAAI/B,EAAM,GACf,QAAS,EAAI,EAAG,GAAK,EAAG,IACtB+B,EAAI,EAAI,CAAC,EAAI,OAAOF,GAAK,QAAQ,EAAI,GAAK,CAAC,CAAC,EAAI,IAElD,OAAOE,CACT,CAEA,SAASC,MAAUC,EAAiC,CAClD,MAAMC,EAAQD,EAAM,OAAO,CAAC,EAAGjE,IAAM,EAAIA,EAAE,OAAQ,CAAC,EAC9C+D,EAAM,IAAI,WAAWG,CAAK,EAChC,IAAIC,EAAS,EACb,UAAWnE,KAAKiE,EACdF,EAAI,IAAI/D,EAAGmE,CAAM,EACjBA,GAAUnE,EAAE,OAEd,OAAO+D,CACT,CASA,SAASK,EAAuBC,EAA+B,CAE7D,MAAMC,EAAsB,CADbZ,EAAS,EAAGW,EAAM,MAAM,CACJ,EACnC,UAAWnG,KAAKmG,EACdC,EAAM,KAAKZ,EAAS,EAAGxF,CAAC,CAAC,EAE3B,OAAO8F,GAAO,GAAGM,CAAK,CACxB,CAsBO,SAASC,GACdC,EACAC,EACAC,EACY,CACZ,GAAI,CAAC,OAAO,cAAcA,CAAS,GAAKA,EAAY,EAClD,MAAM,IAAI,MACR,oFAAoFA,CAAS,EAAA,EAGjG,MAAMC,EAAcjB,EAAS,EAAG,CAAC,EAC3BkB,EAAcR,EAAuBI,CAAM,EAC3CK,EAAcT,EAAuBK,CAAyB,EAC9DK,EAAiBpB,EAAS,EAAGgB,CAAS,EAC5C,OAAOV,GAAOW,EAAaC,EAAaC,EAAaC,CAAc,CACrE,CCzFA,MAAMC,GAAyB,IAAI,YAAA,EAAc,OAC/C,6BACF,EA6BO,MAAMC,UAA4B,KAAM,CAC7C,YACEzH,EACgB0H,EAQhB,CACA,MAAM1H,CAAO,EATG,KAAA,OAAA0H,EAUhB,KAAK,KAAO,qBACd,CACF,CAGA,SAASC,EAAWC,EAAyB,CAC3C,MAAMpB,EAAM,IAAI,WAAWoB,EAAI,OAAS,CAAC,EACzC,QAAS/E,EAAI,EAAGA,EAAI2D,EAAI,OAAQ3D,IAC9B2D,EAAI3D,CAAC,EAAI,SAAS+E,EAAI,MAAM/E,EAAI,EAAGA,EAAI,EAAI,CAAC,EAAG,EAAE,EAEnD,OAAO2D,CACT,CAsBO,SAASqB,GAAqBC,EAAwC,CAC3E,KAAM,CAAE,MAAAC,EAAO,mBAAAC,EAAoB,IAAAC,CAAA,EAAQH,EAErCI,EAASC,EAAAA,eAAeH,CAAkB,EAAE,YAAA,EAClD,GAAIE,EAAO,SAAW9F,EAAAA,uBAAyB,CAAC/C,EAAAA,OAAO,KAAK6I,CAAM,EAChE,MAAM,IAAIT,EACR,+CAA+CS,EAAO,MAAM,SAC5D,yBAAA,EAIJ,MAAME,EAASD,EAAAA,eAAeJ,EAAM,aAAa,EAAE,YAAA,EACnD,GAAIK,EAAO,SAAWhG,EAAAA,uBAAyB,CAAC/C,EAAAA,OAAO,KAAK+I,CAAM,EAChE,MAAM,IAAIX,EACR,0CAA0CW,EAAO,MAAM,SACvD,yBAAA,EAIJ,GAAIA,IAAWF,EACb,MAAM,IAAIT,EACR,uDAAuDS,CAAM,SAASE,CAAM,GAC5E,wBAAA,EAWJ,GAAI,CAAC,OAAO,cAAcL,EAAM,UAAU,EACxC,MAAM,IAAIN,EACR,4CAA4C,KAAK,UAAUM,EAAM,UAAU,CAAC,GAC5E,oBAAA,EAGJ,GAAI,CAAC,OAAO,cAAcE,CAAG,EAC3B,MAAM,IAAIR,EACR,qCAAqC,KAAK,UAAUQ,CAAG,CAAC,GACxD,oBAAA,EAGJ,GAAIF,EAAM,YAAcE,EACtB,MAAM,IAAIR,EACR,oCAAoCM,EAAM,UAAU,SAASE,CAAG,GAChE,SAAA,EAIJ,MAAMI,EAAMF,EAAAA,eAAeJ,EAAM,gBAAgB,EAAE,YAAA,EACnD,GAAIM,EAAI,SAAWhG,EAAAA,2BAA6B,CAAChD,EAAAA,OAAO,KAAKgJ,CAAG,EAC9D,MAAM,IAAIZ,EACR,wDAAwDY,EAAI,MAAM,SAClE,0BAAA,EAGJ,MAAM9I,EAAS8I,EAAI,MAAM,EAAG,CAAC,EAC7B,GAAI9I,IAAW,MAAQA,IAAW,KAChC,MAAM,IAAIkI,EACR,2DAA2DlI,CAAM,GACjE,0BAAA,EASJ,MAAM+I,EAAWX,EAAWU,CAAG,EAC/B,GAAI,CAACnD,EAAI,QAAQoD,CAAQ,EACvB,MAAM,IAAIb,EACR,kDACA,0BAAA,EAIJ,MAAMc,EAAMJ,EAAAA,eAAeJ,EAAM,SAAS,EAAE,YAAA,EAC5C,GAAIQ,EAAI,SAAWC,EAAAA,qBAAuB,CAACnJ,EAAAA,OAAO,KAAKkJ,CAAG,EACxD,MAAM,IAAId,EACR,8CAA8Cc,EAAI,MAAM,SACxD,4BAAA,EAQJ,MAAME,EAAUzB,GACdQ,GACAG,EAAWU,CAAG,EACdN,EAAM,UAAA,EAGR,GAAI,CADa5C,GAAmBsD,EAASd,EAAWS,CAAM,EAAGT,EAAWY,CAAG,CAAC,EAE9E,MAAM,IAAId,EACR,gGACA,+BAAA,CAGN,CClNO,MAAMiB,OAA8C,IAAI,CAC7D,uCACA,6CACA,mDACF,CAAC,ECFKC,GAAuB,IAEhBC,EAAqB,4BAE3B,SAASC,GACd9E,EACA+E,EACe,CACf,OAAO,IAAI7E,EAAAA,cAAc,CACvB,QAAAF,EACA,QAAS4E,GACT,QAAAG,EACA,aAAeC,GAAWA,IAAWH,CAAA,CACtC,CACH,CCgBA,MAAMI,EAAsB,WAOtBC,GAA4B,GAyC3B,MAAMC,EAA+C,CAgB1D,YAAYlF,EAA+B,CAXnCnC,EAAA,eACSA,EAAA,kBACAA,EAAA,sBACAA,EAAA,2BACAA,EAAA,yBACAA,EAAA,wBACAA,EAAA,YAETA,EAAA,cAA6B,MAC7BA,EAAA,gBAAwC,MAG9C,KAAK,OAASmC,EAAO,OACrB,KAAK,UAAYA,EAAO,UACxB,KAAK,cAAgBA,EAAO,cAC5B,KAAK,mBAAqBA,EAAO,mBACjC,KAAK,iBAAmBA,EAAO,iBAC/B,KAAK,gBAAkBA,EAAO,iBAAmBiF,GACjD,KAAK,IAAMjF,EAAO,MAAQ,IAAM,KAAK,MAAM,KAAK,MAAQ,GAAI,EAC9D,CAcA,MAAM,SAAS+E,EAAwC,CAErD,GADIA,IAAWH,GACX,CAAC,KAAK,iBAAiB,IAAIG,CAAM,EAAG,OAAO,KAE/C,MAAMI,EAAS,KAAK,OACpB,OAAIA,GAAU,KAAK,IAAA,EAAQ,KAAK,gBAAkBA,EAAO,UAChDA,EAAO,OAGF,MAAM,KAAK,oBAAA,GACZ,KACf,CAMA,YAAmB,CACjB,KAAK,OAAS,IAKhB,CAUA,UAAUC,EAA6B,CACrC,KAAK,OAASA,CAChB,CAEQ,qBAA4C,CAClD,MAAMC,EAAW,KAAK,SACtB,GAAIA,EAAU,OAAOA,EAErB,MAAM5G,GAAK,SAAY,CACrB,GAAI,CACF,MAAM/C,EAAW,MAAM,KAAK,OAAO,KAGjCkJ,EAAoB,CACpB,WAAY,KAAK,UACjB,YAAa,KAAK,aAAA,CACnB,EAWD,GATAf,GAAqB,CACnB,MAAOnI,EAAS,gBAChB,mBAAoB,KAAK,mBACzB,IAAK,KAAK,IAAA,CAAI,CACf,EAKG,OAAOA,EAAS,OAAU,UAAYA,EAAS,MAAM,SAAW,EAClE,MAAM,IAAI,MACR,sFAAsF,OAAOA,EAAS,KAAK,GAAA,EAG/G,MAAMuI,EAAM,KAAK,IAAA,EACjB,GACE,CAAC,OAAO,cAAcvI,EAAS,UAAU,GACzCA,EAAS,YAAcuI,GACvBvI,EAAS,WAAasJ,EAEtB,MAAM,IAAI,MACR,gEAAgE,KAAK,UAAUtJ,EAAS,UAAU,CAAC,gCAAgCuI,CAAG,KAAKe,CAAmB,IAAA,EAIlK,MAAMM,EAAqB,CACzB,MAAO5J,EAAS,MAChB,UAAWA,EAAS,UAAA,EAEtB,YAAK,OAAS4J,EACPA,CACT,QAAA,CACE,KAAK,SAAW,IAClB,CACF,GAAA,EAEA,YAAK,SAAW7G,EACTA,CACT,CACF,CC9LO,MAAM8G,EAAgB,CAAtB,cACY1H,EAAA,mBAAc,KAS/B,YAAYiG,EAA8C,CACxD,MAAMuB,EAAW,KAAK,QAAQ,IAAIvB,EAAM,SAAS,EACjD,GAAIuB,EAAU,CACZ,GAAIA,EAAS,gBAAkBvB,EAAM,cACnC,MAAM,IAAI,MACR,8BAA8BA,EAAM,SAAS,mCAAmCuB,EAAS,cAAc,MAAM,EAAG,CAAC,CAAC,UAAUvB,EAAM,cAAc,MAAM,EAAG,CAAC,CAAC,GAAA,EAG/J,GAAIuB,EAAS,qBAAuBvB,EAAM,mBACxC,MAAM,IAAI,MACR,8BAA8BA,EAAM,SAAS,wCAAwCuB,EAAS,mBAAmB,MAAM,EAAG,CAAC,CAAC,UAAUvB,EAAM,mBAAmB,MAAM,EAAG,CAAC,CAAC,GAAA,EAM9K,OAAAuB,EAAS,SAAS,UAAUvB,EAAM,MAAM,EACjCuB,EAAS,QAClB,CAEA,MAAMG,EAAW,IAAIN,GAAgB,CACnC,OAAQpB,EAAM,OACd,UAAWA,EAAM,UACjB,cAAeA,EAAM,cACrB,mBAAoBA,EAAM,mBAC1B,iBAAkBY,EAAA,CACnB,EACD,YAAK,QAAQ,IAAIZ,EAAM,UAAW,CAChC,SAAA0B,EACA,cAAe1B,EAAM,cACrB,mBAAoBA,EAAM,kBAAA,CAC3B,EACM0B,CACT,CAGA,KAAKC,EAAgD,OACnD,OAAOhI,EAAA,KAAK,QAAQ,IAAIgI,CAAS,IAA1B,YAAAhI,EAA6B,QACtC,CAOA,QAAQgI,EAAyB,CAC/B,KAAK,QAAQ,OAAOA,CAAS,CAC/B,CAQA,OAAc,CACZ,KAAK,QAAQ,MAAA,CACf,CAEA,IAAI,MAAe,CACjB,OAAO,KAAK,QAAQ,IACtB,CACF,CAaO,MAAMC,EAAyC,IAAIH,GChFnD,SAASI,GACd3F,EACwB,OACxB,MAAM4F,EAAmBf,GACvB7E,EAAO,SACPvC,EAAAuC,EAAO,UAAP,YAAAvC,EAAgB,OAAA,EAGZoI,EAAgBH,EAAgB,YAAY,CAChD,OAAQE,EACR,UAAW5F,EAAO,UAClB,cAAeA,EAAO,cACtB,mBAAoBA,EAAO,kBAAA,CAC5B,EAED,OAAO,IAAIF,GAAuBE,EAAO,QAAS,CAChD,GAAGA,EAAO,QACV,cAAA6F,CAAA,CACD,CACH,CC5BO,SAASC,GAAqBhC,EAA+B,CAClE4B,EAAgB,YAAY,CAC1B,OAAQb,GAAsBf,EAAM,QAASA,EAAM,OAAO,EAC1D,UAAWA,EAAM,UACjB,cAAeA,EAAM,cACrB,mBAAoBA,EAAM,kBAAA,CAC3B,CACH,CCAA,eAAsBiC,GACpBC,EACAC,EAC4B,CAC5B,KAAM,CAACC,EAAgBC,CAAmB,EAAI,MAAMH,EAAa,UAAU,CACzE,UAAW,CACT,CACE,QAASC,EACT,IAAKG,EAAAA,oBACL,aAAc,gBAAA,EAEhB,CACE,QAASH,EACT,IAAKG,EAAAA,oBACL,aAAc,qBAAA,CAChB,EAEF,aAAc,EAAA,CACf,EAED,MAAO,CACL,eAAAF,EACA,oBAAAC,CAAA,CAEJ,CCjCA,MAAME,EAAa,MAgCnB,SAASC,EAAkBC,EAAoD,CAC7E,MAAO,CACL,eAAgBA,EAAO,eACvB,wBAAyBA,EAAO,wBAChC,oBAAqB,CAAC,GAAGA,EAAO,mBAAmB,EACnD,cAAeA,EAAO,cACtB,QAASA,EAAO,QAChB,mBAAoBA,EAAO,mBAC3B,wBAAyBA,EAAO,wBAChC,mBAAoBA,EAAO,mBAC3B,QAASA,EAAO,QAChB,OAAQA,EAAO,OACf,gBAAiBA,EAAO,gBACxB,qBAAsBA,EAAO,qBAC7B,iBAAkBA,EAAO,gBAAA,CAE7B,CAGA,SAASC,EAAaD,EAAyC,CAC7D,MAAO,CACL,mBAAoBA,EAAO,mBAC3B,eAAgBA,EAAO,eACvB,gBAAiBA,EAAO,gBACxB,uBAAwBA,EAAO,uBAC/B,mBAAoBA,EAAO,kBAAA,CAE/B,CAYA,SAASE,EAAoBC,EAAgC,CAC3D,GAAIA,EAAiB,OAAOL,CAAU,EACpC,MAAM,IAAI,MACR,wBAAwBK,CAAc,wBAAwBL,CAAU,GAAA,EAG5E,OAAO,OAAOK,CAAc,CAC9B,CAWO,MAAMC,EAAyD,CACpE,YACUX,EACAY,EACR,CAFQ,KAAA,aAAAZ,EACA,KAAA,gBAAAY,CACP,CAEH,MAAM,sBAAmD,CACvD,MAAML,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKnJ,EACL,aAAc,sBAAA,CACf,EAED,OAAOoJ,EAAaD,CAAM,CAC5B,CAEA,MAAM,yBAA4D,CAChE,MAAMA,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKnJ,EACL,aAAc,yBAAA,CACf,EAED,OAAOkJ,EAAkBC,CAAM,CACjC,CAEA,MAAM,2BACJM,EACkC,CAClC,MAAMN,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKnJ,EACL,aAAc,6BACd,KAAM,CAACyJ,CAAO,CAAA,CACf,EAED,OAAOP,EAAkBC,CAAM,CACjC,CAEA,MAAM,gCAAkD,CAOtD,OANgB,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKnJ,EACL,aAAc,6BAAA,CACf,CAGH,CAEA,MAAM,0BAA0ByJ,EAAkC,CAChE,MAAM3G,EAAS,MAAM,KAAK,2BAA2B2G,CAAO,EAC5D,OAAOJ,EAAoBvG,EAAO,cAAc,CAClD,CAMA,MAAM,uBAAqD,CACzD,MAAM4G,EAAU,MAAM,KAAK,aAAa,UAAU,CAChD,UAAW,CACT,CACE,QAAS,KAAK,gBACd,IAAK1J,EACL,aAAc,sBAAA,EAEhB,CACE,QAAS,KAAK,gBACd,IAAKA,EACL,aAAc,yBAAA,CAChB,EAEF,aAAc,EAAA,CACf,EAEK2J,EAAYP,EAAaM,EAAQ,CAAC,CAAiB,EACnDE,EAAiBV,EAAkBQ,EAAQ,CAAC,CAAsB,EAExE,MAAO,CACL,mBAAoBC,EAAU,mBAC9B,eAAgBA,EAAU,eAC1B,gBAAiBA,EAAU,gBAC3B,uBAAwBA,EAAU,uBAClC,mBAAoBA,EAAU,mBAC9B,cAAeN,EAAoBO,EAAe,cAAc,EAChE,eAAgBA,EAAe,QAC/B,mBAAoBA,EAAe,mBACnC,eAAAA,CAAA,CAEJ,CACF,CCtLA,SAASC,EACPV,EACqB,CACrB,OAAOA,EAAO,IAAKW,IAAU,CAC3B,WAAYA,EAAK,WACjB,UAAWA,EAAK,SAAA,EAChB,CACJ,CAWO,MAAMC,EAAmD,CAC9D,YACUnB,EACAY,EACR,CAFQ,KAAA,aAAAZ,EACA,KAAA,gBAAAY,CACP,CAEH,MAAM,yBACJQ,EACAP,EAC8B,CAC9B,MAAMN,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKpJ,EACL,aAAc,2BACd,KAAM,CAACiK,EAAeP,CAAO,CAAA,CAC9B,EAED,OAAOI,EAAYV,CAAM,CAC3B,CAEA,MAAM,uBACJa,EAC8B,CAC9B,MAAMb,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKpJ,EACL,aAAc,yBACd,KAAM,CAACiK,CAAa,CAAA,CACrB,EAED,OAAOH,EAAYV,CAAM,CAC3B,CAEA,MAAM,8BACJa,EACiB,CAQjB,OAPgB,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKjK,EACL,aAAc,gCACd,KAAM,CAACiK,CAAa,CAAA,CACrB,CAGH,CACF,CAWO,MAAMC,EAAmE,CAC9E,YACUrB,EACAY,EACR,CAFQ,KAAA,aAAAZ,EACA,KAAA,gBAAAY,CACP,CAEH,MAAM,iCACJC,EAC8B,CAC9B,MAAMN,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKnJ,EACL,aAAc,mCACd,KAAM,CAACyJ,CAAO,CAAA,CACf,EAED,OAAOI,EAAYV,CAAM,CAC3B,CAEA,MAAM,gCAA+D,CACnE,MAAMA,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKnJ,EACL,aAAc,gCAAA,CACf,EAED,OAAO6J,EAAYV,CAAM,CAC3B,CAEA,MAAM,sCAAwD,CAO5D,OANgB,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKnJ,EACL,aAAc,mCAAA,CACf,CAGH,CACF,CCrGO,MAAMkK,EAAuD,CAClE,YACUtB,EACAY,EACR,CAFQ,KAAA,aAAAZ,EACA,KAAA,gBAAAY,CACP,CAQH,MAAM,0BACJW,EAC2B,CAO3B,MAAMC,GANU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKpB,EAAAA,oBACL,aAAc,yBACd,KAAM,CAACmB,CAAS,CAAA,CACjB,GACsB,YAAA,EACvB,GAAI,CAAC,mBAAmB,KAAKC,CAAO,EAClC,MAAM,IAAI,MACR,2DAA2DD,CAAS,YAAYC,EAAQ,MAAM,aAAaA,EAAQ,MAAM,EAAG,CAAC,CAAC,IAAA,EAGlI,MAAMC,EAAWD,EAAQ,MAAM,CAAC,EAChC,GAAI,CAACtG,EAAI,aAAawG,EAAAA,gBAAgBD,CAAQ,CAAC,EAC7C,MAAM,IAAI,MACR,kFAAkFF,CAAS,GAAA,EAG/F,OAAOE,CACT,CAEA,MAAM,kBAAkBE,EAAuC,CAC7D,MAAMpB,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKH,EAAAA,oBACL,aAAc,uBACd,KAAM,CAACuB,CAAO,CAAA,CACf,EAUD,MAAO,CACL,UAAWpB,EAAO,UAClB,mBAAoBA,EAAO,mBAC3B,OAAQA,EAAO,OACf,cAAeA,EAAO,cACtB,OAAQA,EAAO,OACf,sBAAuBA,EAAO,sBAC9B,UAAWA,EAAO,SAAA,CAEtB,CAEA,MAAM,qBAAqBoB,EAA0C,CACnE,MAAMpB,EAAU,MAAM,KAAK,aAAa,aAAa,CACnD,QAAS,KAAK,gBACd,IAAKH,EAAAA,oBACL,aAAc,0BACd,KAAM,CAACuB,CAAO,CAAA,CACf,EAcD,MAAO,CACL,uBAAwBpB,EAAO,uBAC/B,4BAA6BA,EAAO,4BACpC,uBAAwBA,EAAO,uBAC/B,sBAAuBA,EAAO,sBAC9B,WAAYA,EAAO,WACnB,oBAAqBA,EAAO,oBAC5B,SAAUA,EAAO,SACjB,SAAUA,EAAO,SACjB,sBAAuBA,EAAO,sBAC9B,eAAgBA,EAAO,eACvB,2BAA4BA,EAAO,0BAAA,CAEvC,CAEA,MAAM,aAAaoB,EAAkC,CACnD,KAAM,CAACC,EAAOC,CAAQ,EAAI,MAAM,QAAQ,IAAI,CAC1C,KAAK,kBAAkBF,CAAO,EAC9B,KAAK,qBAAqBA,CAAO,CAAA,CAClC,EAED,GACE,CAACE,EAAS,wBACVA,EAAS,yBAA2B,KAEpC,MAAM,IAAI,MACR,SAASF,CAAO,iDAAA,EAIpB,MAAO,CAAE,MAAAC,EAAO,SAAAC,CAAA,CAClB,CACF"}