@brninpay/core 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +4 -0
- package/LICENSE +203 -0
- package/README.md +7 -0
- package/dist/decision-resolver.d.ts +5 -0
- package/dist/decision-resolver.d.ts.map +1 -0
- package/dist/decision-resolver.js +20 -0
- package/dist/decision-resolver.js.map +1 -0
- package/dist/errors.d.ts +3 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +2 -0
- package/dist/errors.js.map +1 -0
- package/dist/index.d.ts +10 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -0
- package/dist/policies/allowlist.d.ts +3 -0
- package/dist/policies/allowlist.d.ts.map +1 -0
- package/dist/policies/allowlist.js +21 -0
- package/dist/policies/allowlist.js.map +1 -0
- package/dist/policies/budget-check.d.ts +3 -0
- package/dist/policies/budget-check.d.ts.map +1 -0
- package/dist/policies/budget-check.js +22 -0
- package/dist/policies/budget-check.js.map +1 -0
- package/dist/policies/index.d.ts +5 -0
- package/dist/policies/index.d.ts.map +1 -0
- package/dist/policies/index.js +5 -0
- package/dist/policies/index.js.map +1 -0
- package/dist/policies/max-per-call.d.ts +3 -0
- package/dist/policies/max-per-call.d.ts.map +1 -0
- package/dist/policies/max-per-call.js +20 -0
- package/dist/policies/max-per-call.js.map +1 -0
- package/dist/policies/rate-limit.d.ts +3 -0
- package/dist/policies/rate-limit.d.ts.map +1 -0
- package/dist/policies/rate-limit.js +33 -0
- package/dist/policies/rate-limit.js.map +1 -0
- package/dist/policy-engine.d.ts +8 -0
- package/dist/policy-engine.d.ts.map +1 -0
- package/dist/policy-engine.js +39 -0
- package/dist/policy-engine.js.map +1 -0
- package/dist/types/errors.d.ts +80 -0
- package/dist/types/errors.d.ts.map +1 -0
- package/dist/types/errors.js +150 -0
- package/dist/types/errors.js.map +1 -0
- package/dist/types/payment.d.ts +55 -0
- package/dist/types/payment.d.ts.map +1 -0
- package/dist/types/payment.js +188 -0
- package/dist/types/payment.js.map +1 -0
- package/dist/types/policy.d.ts +58 -0
- package/dist/types/policy.d.ts.map +1 -0
- package/dist/types/policy.js +194 -0
- package/dist/types/policy.js.map +1 -0
- package/dist/types/wallet.d.ts +66 -0
- package/dist/types/wallet.d.ts.map +1 -0
- package/dist/types/wallet.js +13 -0
- package/dist/types/wallet.js.map +1 -0
- package/dist/types.d.ts +117 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +4 -0
- package/dist/types.js.map +1 -0
- package/dist/utils/crypto.d.ts +25 -0
- package/dist/utils/crypto.d.ts.map +1 -0
- package/dist/utils/crypto.js +119 -0
- package/dist/utils/crypto.js.map +1 -0
- package/dist/validation/schemas.d.ts +598 -0
- package/dist/validation/schemas.d.ts.map +1 -0
- package/dist/validation/schemas.js +178 -0
- package/dist/validation/schemas.js.map +1 -0
- package/package.json +30 -0
- package/src/decision-resolver.ts +16 -0
- package/src/errors.ts +20 -0
- package/src/index.ts +139 -0
- package/src/policies/allowlist.ts +26 -0
- package/src/policies/budget-check.ts +26 -0
- package/src/policies/index.ts +4 -0
- package/src/policies/max-per-call.ts +25 -0
- package/src/policies/rate-limit.ts +40 -0
- package/src/policy-engine.ts +65 -0
- package/src/types/errors.ts +215 -0
- package/src/types/payment.ts +297 -0
- package/src/types/policy.ts +289 -0
- package/src/types/wallet.ts +84 -0
- package/src/types.ts +193 -0
- package/src/utils/crypto.ts +182 -0
- package/src/validation/schemas.ts +208 -0
- package/test/architecture/architecture-invariants.test.ts +95 -0
- package/test/authorization-pipeline.test.ts +117 -0
- package/test/crypto.test.ts +56 -0
- package/test/decision-resolver.test.ts +52 -0
- package/test/errors.test.ts +97 -0
- package/test/payment-types.test.ts +49 -0
- package/test/policies.test.ts +162 -0
- package/test/policy-engine.test.ts +96 -0
- package/test/policy-types.test.ts +93 -0
- package/test/property/auth-invariants.test.ts +110 -0
- package/test/property/policy-invariants.test.ts +241 -0
- package/test/schemas.test.ts +58 -0
- package/tsconfig.json +9 -0
- package/vitest.config.ts +8 -0
|
@@ -0,0 +1,194 @@
|
|
|
1
|
+
import { ValidationError } from './errors.js';
|
|
2
|
+
export const POLICY_DECISIONS = ['allow', 'deny', 'review'];
|
|
3
|
+
function assertBasePolicy(policy) {
|
|
4
|
+
if (!policy.id.trim()) {
|
|
5
|
+
throw new ValidationError('Policy id is required', { field: 'id' });
|
|
6
|
+
}
|
|
7
|
+
if (!policy.name.trim()) {
|
|
8
|
+
throw new ValidationError('Policy name is required', { field: 'name' });
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
function normalizeAddress(address) {
|
|
12
|
+
return address.toLowerCase();
|
|
13
|
+
}
|
|
14
|
+
export function evaluatePolicy(policy, context) {
|
|
15
|
+
assertBasePolicy(policy);
|
|
16
|
+
if (!policy.enabled) {
|
|
17
|
+
return {
|
|
18
|
+
policyId: policy.id,
|
|
19
|
+
decision: 'allow',
|
|
20
|
+
reason: {
|
|
21
|
+
code: 'policy_disabled',
|
|
22
|
+
message: `Policy ${policy.name} is disabled`,
|
|
23
|
+
},
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
switch (policy.kind) {
|
|
27
|
+
case 'budget': {
|
|
28
|
+
if (policy.currency !== context.currency) {
|
|
29
|
+
return {
|
|
30
|
+
policyId: policy.id,
|
|
31
|
+
decision: 'deny',
|
|
32
|
+
reason: {
|
|
33
|
+
code: 'budget_currency_mismatch',
|
|
34
|
+
message: `Budget policy ${policy.name} only allows ${policy.currency}`,
|
|
35
|
+
},
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
const nextSpend = context.spentAmount + context.amount;
|
|
39
|
+
if (nextSpend > policy.limit) {
|
|
40
|
+
return {
|
|
41
|
+
policyId: policy.id,
|
|
42
|
+
decision: 'deny',
|
|
43
|
+
reason: {
|
|
44
|
+
code: 'budget_limit_exceeded',
|
|
45
|
+
message: `Budget policy ${policy.name} would exceed its hard limit`,
|
|
46
|
+
detail: {
|
|
47
|
+
limit: policy.limit.toString(),
|
|
48
|
+
spentAmount: context.spentAmount.toString(),
|
|
49
|
+
requestedAmount: context.amount.toString(),
|
|
50
|
+
},
|
|
51
|
+
},
|
|
52
|
+
};
|
|
53
|
+
}
|
|
54
|
+
if (policy.softLimit !== undefined && nextSpend > policy.softLimit) {
|
|
55
|
+
return {
|
|
56
|
+
policyId: policy.id,
|
|
57
|
+
decision: 'review',
|
|
58
|
+
reason: {
|
|
59
|
+
code: 'budget_soft_limit_exceeded',
|
|
60
|
+
message: `Budget policy ${policy.name} exceeded its soft limit`,
|
|
61
|
+
detail: {
|
|
62
|
+
softLimit: policy.softLimit.toString(),
|
|
63
|
+
nextSpend: nextSpend.toString(),
|
|
64
|
+
},
|
|
65
|
+
},
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
return {
|
|
69
|
+
policyId: policy.id,
|
|
70
|
+
decision: 'allow',
|
|
71
|
+
reason: {
|
|
72
|
+
code: 'budget_ok',
|
|
73
|
+
message: `Budget policy ${policy.name} approved the request`,
|
|
74
|
+
},
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
case 'allowlist': {
|
|
78
|
+
const addressAllowed = policy.addresses
|
|
79
|
+
.map((address) => normalizeAddress(address))
|
|
80
|
+
.includes(normalizeAddress(context.recipient));
|
|
81
|
+
if (!addressAllowed) {
|
|
82
|
+
return {
|
|
83
|
+
policyId: policy.id,
|
|
84
|
+
decision: 'deny',
|
|
85
|
+
reason: {
|
|
86
|
+
code: 'recipient_not_allowlisted',
|
|
87
|
+
message: `Recipient ${context.recipient} is not allowlisted by ${policy.name}`,
|
|
88
|
+
},
|
|
89
|
+
};
|
|
90
|
+
}
|
|
91
|
+
if (policy.chains && !policy.chains.includes(context.chainId)) {
|
|
92
|
+
return {
|
|
93
|
+
policyId: policy.id,
|
|
94
|
+
decision: 'deny',
|
|
95
|
+
reason: {
|
|
96
|
+
code: 'chain_not_allowlisted',
|
|
97
|
+
message: `Chain ${context.chainId} is not allowlisted by ${policy.name}`,
|
|
98
|
+
},
|
|
99
|
+
};
|
|
100
|
+
}
|
|
101
|
+
return {
|
|
102
|
+
policyId: policy.id,
|
|
103
|
+
decision: 'allow',
|
|
104
|
+
reason: {
|
|
105
|
+
code: 'allowlist_ok',
|
|
106
|
+
message: `Allowlist policy ${policy.name} approved the request`,
|
|
107
|
+
},
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
case 'rate_limit': {
|
|
111
|
+
if (!Number.isInteger(policy.maxRequests) || policy.maxRequests <= 0) {
|
|
112
|
+
throw new ValidationError('Rate limit maxRequests must be a positive integer', {
|
|
113
|
+
field: 'maxRequests',
|
|
114
|
+
value: policy.maxRequests,
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
if (!Number.isInteger(policy.intervalMs) || policy.intervalMs <= 0) {
|
|
118
|
+
throw new ValidationError('Rate limit intervalMs must be a positive integer', {
|
|
119
|
+
field: 'intervalMs',
|
|
120
|
+
value: policy.intervalMs,
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
const nextCount = context.requestCount + 1;
|
|
124
|
+
if (nextCount > policy.maxRequests) {
|
|
125
|
+
return {
|
|
126
|
+
policyId: policy.id,
|
|
127
|
+
decision: 'deny',
|
|
128
|
+
reason: {
|
|
129
|
+
code: 'rate_limit_exceeded',
|
|
130
|
+
message: `Rate limit policy ${policy.name} denied the request`,
|
|
131
|
+
detail: {
|
|
132
|
+
scope: policy.scope,
|
|
133
|
+
maxRequests: policy.maxRequests,
|
|
134
|
+
requestCount: context.requestCount,
|
|
135
|
+
},
|
|
136
|
+
},
|
|
137
|
+
};
|
|
138
|
+
}
|
|
139
|
+
if (policy.burst !== undefined && nextCount > policy.burst) {
|
|
140
|
+
return {
|
|
141
|
+
policyId: policy.id,
|
|
142
|
+
decision: 'review',
|
|
143
|
+
reason: {
|
|
144
|
+
code: 'rate_limit_burst_review',
|
|
145
|
+
message: `Rate limit policy ${policy.name} exceeded its preferred burst`,
|
|
146
|
+
detail: {
|
|
147
|
+
burst: policy.burst,
|
|
148
|
+
requestCount: nextCount,
|
|
149
|
+
},
|
|
150
|
+
},
|
|
151
|
+
};
|
|
152
|
+
}
|
|
153
|
+
return {
|
|
154
|
+
policyId: policy.id,
|
|
155
|
+
decision: 'allow',
|
|
156
|
+
reason: {
|
|
157
|
+
code: 'rate_limit_ok',
|
|
158
|
+
message: `Rate limit policy ${policy.name} approved the request`,
|
|
159
|
+
},
|
|
160
|
+
};
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
}
|
|
164
|
+
export function aggregatePolicyDecisions(evaluations) {
|
|
165
|
+
const denyResult = evaluations.find((evaluation) => evaluation.decision === 'deny');
|
|
166
|
+
if (denyResult) {
|
|
167
|
+
return {
|
|
168
|
+
decision: 'deny',
|
|
169
|
+
reasons: evaluations
|
|
170
|
+
.filter((evaluation) => evaluation.decision === 'deny')
|
|
171
|
+
.map((evaluation) => evaluation.reason),
|
|
172
|
+
evaluations: [...evaluations],
|
|
173
|
+
};
|
|
174
|
+
}
|
|
175
|
+
const reviewResult = evaluations.find((evaluation) => evaluation.decision === 'review');
|
|
176
|
+
if (reviewResult) {
|
|
177
|
+
return {
|
|
178
|
+
decision: 'review',
|
|
179
|
+
reasons: evaluations
|
|
180
|
+
.filter((evaluation) => evaluation.decision === 'review')
|
|
181
|
+
.map((evaluation) => evaluation.reason),
|
|
182
|
+
evaluations: [...evaluations],
|
|
183
|
+
};
|
|
184
|
+
}
|
|
185
|
+
return {
|
|
186
|
+
decision: 'allow',
|
|
187
|
+
reasons: evaluations.map((evaluation) => evaluation.reason),
|
|
188
|
+
evaluations: [...evaluations],
|
|
189
|
+
};
|
|
190
|
+
}
|
|
191
|
+
export function evaluatePolicies(policies, context) {
|
|
192
|
+
return aggregatePolicyDecisions(policies.map((policy) => evaluatePolicy(policy, context)));
|
|
193
|
+
}
|
|
194
|
+
//# sourceMappingURL=policy.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"policy.js","sourceRoot":"","sources":["../../src/types/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAG7C,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAU,CAAA;AAgEpE,SAAS,gBAAgB,CAAC,MAAkB;IAC1C,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,eAAe,CAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IACrE,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,eAAe,CAAC,yBAAyB,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAA;IACzE,CAAC;AACH,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAgB;IACxC,OAAO,OAAO,CAAC,WAAW,EAAE,CAAA;AAC9B,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,MAAwB,EACxB,OAAgC;IAEhC,gBAAgB,CAAC,MAAM,CAAC,CAAA;IAExB,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO;YACL,QAAQ,EAAE,MAAM,CAAC,EAAE;YACnB,QAAQ,EAAE,OAAO;YACjB,MAAM,EAAE;gBACN,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,UAAU,MAAM,CAAC,IAAI,cAAc;aAC7C;SACF,CAAA;IACH,CAAC;IAED,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACpB,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACzC,OAAO;oBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;oBACnB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE;wBACN,IAAI,EAAE,0BAA0B;wBAChC,OAAO,EAAE,iBAAiB,MAAM,CAAC,IAAI,gBAAgB,MAAM,CAAC,QAAQ,EAAE;qBACvE;iBACF,CAAA;YACH,CAAC;YAED,MAAM,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,OAAO,CAAC,MAAM,CAAA;YACtD,IAAI,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC7B,OAAO;oBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;oBACnB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE;wBACN,IAAI,EAAE,uBAAuB;wBAC7B,OAAO,EAAE,iBAAiB,MAAM,CAAC,IAAI,8BAA8B;wBACnE,MAAM,EAAE;4BACN,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,QAAQ,EAAE;4BAC9B,WAAW,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,EAAE;4BAC3C,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE;yBAC3C;qBACF;iBACF,CAAA;YACH,CAAC;YAED,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS,IAAI,SAAS,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;gBACnE,OAAO;oBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;oBACnB,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE;wBACN,IAAI,EAAE,4BAA4B;wBAClC,OAAO,EAAE,iBAAiB,MAAM,CAAC,IAAI,0BAA0B;wBAC/D,MAAM,EAAE;4BACN,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE;4BACtC,SAAS,EAAE,SAAS,CAAC,QAAQ,EAAE;yBAChC;qBACF;iBACF,CAAA;YACH,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE;oBACN,IAAI,EAAE,WAAW;oBACjB,OAAO,EAAE,iBAAiB,MAAM,CAAC,IAAI,uBAAuB;iBAC7D;aACF,CAAA;QACH,CAAC;QAED,KAAK,WAAW,CAAC,CAAC,CAAC;YACjB,MAAM,cAAc,GAAG,MAAM,CAAC,SAAS;iBACpC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;iBAC3C,QAAQ,CAAC,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAA;YAEhD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,OAAO;oBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;oBACnB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE;wBACN,IAAI,EAAE,2BAA2B;wBACjC,OAAO,EAAE,aAAa,OAAO,CAAC,SAAS,0BAA0B,MAAM,CAAC,IAAI,EAAE;qBAC/E;iBACF,CAAA;YACH,CAAC;YAED,IAAI,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9D,OAAO;oBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;oBACnB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE;wBACN,IAAI,EAAE,uBAAuB;wBAC7B,OAAO,EAAE,SAAS,OAAO,CAAC,OAAO,0BAA0B,MAAM,CAAC,IAAI,EAAE;qBACzE;iBACF,CAAA;YACH,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE;oBACN,IAAI,EAAE,cAAc;oBACpB,OAAO,EAAE,oBAAoB,MAAM,CAAC,IAAI,uBAAuB;iBAChE;aACF,CAAA;QACH,CAAC;QAED,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC;gBACrE,MAAM,IAAI,eAAe,CAAC,mDAAmD,EAAE;oBAC7E,KAAK,EAAE,aAAa;oBACpB,KAAK,EAAE,MAAM,CAAC,WAAW;iBAC1B,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,MAAM,CAAC,UAAU,IAAI,CAAC,EAAE,CAAC;gBACnE,MAAM,IAAI,eAAe,CAAC,kDAAkD,EAAE;oBAC5E,KAAK,EAAE,YAAY;oBACnB,KAAK,EAAE,MAAM,CAAC,UAAU;iBACzB,CAAC,CAAA;YACJ,CAAC;YAED,MAAM,SAAS,GAAG,OAAO,CAAC,YAAY,GAAG,CAAC,CAAA;YAC1C,IAAI,SAAS,GAAG,MAAM,CAAC,WAAW,EAAE,CAAC;gBACnC,OAAO;oBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;oBACnB,QAAQ,EAAE,MAAM;oBAChB,MAAM,EAAE;wBACN,IAAI,EAAE,qBAAqB;wBAC3B,OAAO,EAAE,qBAAqB,MAAM,CAAC,IAAI,qBAAqB;wBAC9D,MAAM,EAAE;4BACN,KAAK,EAAE,MAAM,CAAC,KAAK;4BACnB,WAAW,EAAE,MAAM,CAAC,WAAW;4BAC/B,YAAY,EAAE,OAAO,CAAC,YAAY;yBACnC;qBACF;iBACF,CAAA;YACH,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,KAAK,SAAS,IAAI,SAAS,GAAG,MAAM,CAAC,KAAK,EAAE,CAAC;gBAC3D,OAAO;oBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;oBACnB,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE;wBACN,IAAI,EAAE,yBAAyB;wBAC/B,OAAO,EAAE,qBAAqB,MAAM,CAAC,IAAI,+BAA+B;wBACxE,MAAM,EAAE;4BACN,KAAK,EAAE,MAAM,CAAC,KAAK;4BACnB,YAAY,EAAE,SAAS;yBACxB;qBACF;iBACF,CAAA;YACH,CAAC;YAED,OAAO;gBACL,QAAQ,EAAE,MAAM,CAAC,EAAE;gBACnB,QAAQ,EAAE,OAAO;gBACjB,MAAM,EAAE;oBACN,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,qBAAqB,MAAM,CAAC,IAAI,uBAAuB;iBACjE;aACF,CAAA;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,WAA8C;IAE9C,MAAM,UAAU,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAA;IACnF,IAAI,UAAU,EAAE,CAAC;QACf,OAAO;YACL,QAAQ,EAAE,MAAM;YAChB,OAAO,EAAE,WAAW;iBACjB,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,KAAK,MAAM,CAAC;iBACtD,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;YACzC,WAAW,EAAE,CAAC,GAAG,WAAW,CAAC;SAC9B,CAAA;IACH,CAAC;IAED,MAAM,YAAY,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAA;IACvF,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,WAAW;iBACjB,MAAM,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,QAAQ,KAAK,QAAQ,CAAC;iBACxD,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;YACzC,WAAW,EAAE,CAAC,GAAG,WAAW,CAAC;SAC9B,CAAA;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,OAAO;QACjB,OAAO,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,UAAU,EAAE,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC;QAC3D,WAAW,EAAE,CAAC,GAAG,WAAW,CAAC;KAC9B,CAAA;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAAqC,EACrC,OAAgC;IAEhC,OAAO,wBAAwB,CAC7B,QAAQ,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAC1D,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
export type Hex = `0x${string}`;
|
|
2
|
+
export type Address = `0x${string}`;
|
|
3
|
+
export type SmartWalletProvider = 'safe' | 'kernel' | 'circle';
|
|
4
|
+
export type EntryPointVersion = 'v0.6' | 'v0.7';
|
|
5
|
+
export interface SmartWallet {
|
|
6
|
+
address: Address;
|
|
7
|
+
ownerAddress: Address;
|
|
8
|
+
chainId: number;
|
|
9
|
+
provider: SmartWalletProvider;
|
|
10
|
+
entryPointAddress: Address;
|
|
11
|
+
entryPointVersion: EntryPointVersion;
|
|
12
|
+
factoryAddress?: Address;
|
|
13
|
+
deployed: boolean;
|
|
14
|
+
}
|
|
15
|
+
export interface UserOperationCall {
|
|
16
|
+
to: Address;
|
|
17
|
+
value: bigint;
|
|
18
|
+
data: Hex;
|
|
19
|
+
}
|
|
20
|
+
export interface GasEstimate {
|
|
21
|
+
callGasLimit: bigint;
|
|
22
|
+
verificationGasLimit: bigint;
|
|
23
|
+
preVerificationGas: bigint;
|
|
24
|
+
maxFeePerGas: bigint;
|
|
25
|
+
maxPriorityFeePerGas: bigint;
|
|
26
|
+
paymasterVerificationGasLimit?: bigint;
|
|
27
|
+
paymasterPostOpGasLimit?: bigint;
|
|
28
|
+
}
|
|
29
|
+
export interface UserOperationV06 {
|
|
30
|
+
version: 'v0.6';
|
|
31
|
+
sender: Address;
|
|
32
|
+
nonce: bigint;
|
|
33
|
+
initCode: Hex;
|
|
34
|
+
callData: Hex;
|
|
35
|
+
callGasLimit: bigint;
|
|
36
|
+
verificationGasLimit: bigint;
|
|
37
|
+
preVerificationGas: bigint;
|
|
38
|
+
maxFeePerGas: bigint;
|
|
39
|
+
maxPriorityFeePerGas: bigint;
|
|
40
|
+
paymasterAndData: Hex;
|
|
41
|
+
signature: Hex;
|
|
42
|
+
}
|
|
43
|
+
export interface UserOperationV07 {
|
|
44
|
+
version: 'v0.7';
|
|
45
|
+
sender: Address;
|
|
46
|
+
nonce: bigint;
|
|
47
|
+
factory: Address | Hex;
|
|
48
|
+
factoryData: Hex;
|
|
49
|
+
callData: Hex;
|
|
50
|
+
callGasLimit: bigint;
|
|
51
|
+
verificationGasLimit: bigint;
|
|
52
|
+
preVerificationGas: bigint;
|
|
53
|
+
maxFeePerGas: bigint;
|
|
54
|
+
maxPriorityFeePerGas: bigint;
|
|
55
|
+
paymaster: Address | Hex;
|
|
56
|
+
paymasterVerificationGasLimit: bigint;
|
|
57
|
+
paymasterPostOpGasLimit: bigint;
|
|
58
|
+
paymasterData: Hex;
|
|
59
|
+
signature: Hex;
|
|
60
|
+
}
|
|
61
|
+
export type UserOperation = UserOperationV06 | UserOperationV07;
|
|
62
|
+
export declare function isUserOperationV06(value: UserOperation): value is UserOperationV06;
|
|
63
|
+
export declare function isUserOperationV07(value: UserOperation): value is UserOperationV07;
|
|
64
|
+
export declare function getUserOperationSender(value: UserOperation): Address;
|
|
65
|
+
export declare function getUserOperationNonce(value: UserOperation): bigint;
|
|
66
|
+
//# sourceMappingURL=wallet.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"wallet.d.ts","sourceRoot":"","sources":["../../src/types/wallet.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,GAAG,GAAG,KAAK,MAAM,EAAE,CAAA;AAC/B,MAAM,MAAM,OAAO,GAAG,KAAK,MAAM,EAAE,CAAA;AAEnC,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,QAAQ,GAAG,QAAQ,CAAA;AAC9D,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,MAAM,CAAA;AAE/C,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,OAAO,CAAA;IAChB,YAAY,EAAE,OAAO,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,mBAAmB,CAAA;IAC7B,iBAAiB,EAAE,OAAO,CAAA;IAC1B,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,QAAQ,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,OAAO,CAAA;IACX,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,GAAG,CAAA;CACV;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAA;IACpB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,kBAAkB,EAAE,MAAM,CAAA;IAC1B,YAAY,EAAE,MAAM,CAAA;IACpB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,6BAA6B,CAAC,EAAE,MAAM,CAAA;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAA;CACjC;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,OAAO,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,QAAQ,EAAE,GAAG,CAAA;IACb,QAAQ,EAAE,GAAG,CAAA;IACb,YAAY,EAAE,MAAM,CAAA;IACpB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,kBAAkB,EAAE,MAAM,CAAA;IAC1B,YAAY,EAAE,MAAM,CAAA;IACpB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,gBAAgB,EAAE,GAAG,CAAA;IACrB,SAAS,EAAE,GAAG,CAAA;CACf;AAED,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,OAAO,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,OAAO,GAAG,GAAG,CAAA;IACtB,WAAW,EAAE,GAAG,CAAA;IAChB,QAAQ,EAAE,GAAG,CAAA;IACb,YAAY,EAAE,MAAM,CAAA;IACpB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,kBAAkB,EAAE,MAAM,CAAA;IAC1B,YAAY,EAAE,MAAM,CAAA;IACpB,oBAAoB,EAAE,MAAM,CAAA;IAC5B,SAAS,EAAE,OAAO,GAAG,GAAG,CAAA;IACxB,6BAA6B,EAAE,MAAM,CAAA;IACrC,uBAAuB,EAAE,MAAM,CAAA;IAC/B,aAAa,EAAE,GAAG,CAAA;IAClB,SAAS,EAAE,GAAG,CAAA;CACf;AAED,MAAM,MAAM,aAAa,GAAG,gBAAgB,GAAG,gBAAgB,CAAA;AAE/D,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,aAAa,GAAG,KAAK,IAAI,gBAAgB,CAElF;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,aAAa,GAAG,KAAK,IAAI,gBAAgB,CAElF;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAEpE;AAED,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,CAElE"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export function isUserOperationV06(value) {
|
|
2
|
+
return value.version === 'v0.6';
|
|
3
|
+
}
|
|
4
|
+
export function isUserOperationV07(value) {
|
|
5
|
+
return value.version === 'v0.7';
|
|
6
|
+
}
|
|
7
|
+
export function getUserOperationSender(value) {
|
|
8
|
+
return value.sender;
|
|
9
|
+
}
|
|
10
|
+
export function getUserOperationNonce(value) {
|
|
11
|
+
return value.nonce;
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=wallet.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"wallet.js","sourceRoot":"","sources":["../../src/types/wallet.ts"],"names":[],"mappings":"AAqEA,MAAM,UAAU,kBAAkB,CAAC,KAAoB;IACrD,OAAO,KAAK,CAAC,OAAO,KAAK,MAAM,CAAA;AACjC,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAoB;IACrD,OAAO,KAAK,CAAC,OAAO,KAAK,MAAM,CAAA;AACjC,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAAoB;IACzD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,KAAoB;IACxD,OAAO,KAAK,CAAC,KAAK,CAAA;AACpB,CAAC"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
export interface Actor {
|
|
2
|
+
id: string;
|
|
3
|
+
name: string;
|
|
4
|
+
status: 'active' | 'frozen' | 'depleted';
|
|
5
|
+
createdAt: string;
|
|
6
|
+
}
|
|
7
|
+
export interface Budget {
|
|
8
|
+
id: string;
|
|
9
|
+
actorId: string;
|
|
10
|
+
amount: bigint;
|
|
11
|
+
used: bigint;
|
|
12
|
+
currency: 'USDC';
|
|
13
|
+
period: 'monthly' | 'total';
|
|
14
|
+
resetAt: string;
|
|
15
|
+
}
|
|
16
|
+
export interface Policy {
|
|
17
|
+
id: string;
|
|
18
|
+
actorId: string;
|
|
19
|
+
type: string;
|
|
20
|
+
version: string;
|
|
21
|
+
config: Record<string, unknown>;
|
|
22
|
+
priority: number;
|
|
23
|
+
}
|
|
24
|
+
export interface SettlementDescriptor {
|
|
25
|
+
address: string;
|
|
26
|
+
chain: string;
|
|
27
|
+
asset: string;
|
|
28
|
+
}
|
|
29
|
+
export interface Target {
|
|
30
|
+
id: string;
|
|
31
|
+
actorId: string;
|
|
32
|
+
name: string;
|
|
33
|
+
settlement: SettlementDescriptor;
|
|
34
|
+
}
|
|
35
|
+
export interface Purpose {
|
|
36
|
+
type: string;
|
|
37
|
+
id: string;
|
|
38
|
+
description?: string;
|
|
39
|
+
}
|
|
40
|
+
export interface Intent {
|
|
41
|
+
target: string;
|
|
42
|
+
amount: bigint;
|
|
43
|
+
purpose: Purpose;
|
|
44
|
+
idempotencyKey?: string;
|
|
45
|
+
}
|
|
46
|
+
export interface BudgetState {
|
|
47
|
+
total: bigint;
|
|
48
|
+
used: bigint;
|
|
49
|
+
remaining: bigint;
|
|
50
|
+
period: string;
|
|
51
|
+
currency: string;
|
|
52
|
+
}
|
|
53
|
+
export interface PolicyResult {
|
|
54
|
+
policyId: string;
|
|
55
|
+
policyType: string;
|
|
56
|
+
version: string;
|
|
57
|
+
decision: 'pass' | 'deny' | 'review';
|
|
58
|
+
reason: {
|
|
59
|
+
code: string;
|
|
60
|
+
message: string;
|
|
61
|
+
};
|
|
62
|
+
evaluatedAt: string;
|
|
63
|
+
}
|
|
64
|
+
export type AuthorizationDecision = 'approved' | 'denied' | 'pending-review';
|
|
65
|
+
export interface Authorization {
|
|
66
|
+
intent: Intent;
|
|
67
|
+
policyResults: PolicyResult[];
|
|
68
|
+
decision: AuthorizationDecision;
|
|
69
|
+
evaluatedAt: string;
|
|
70
|
+
actorVersion: string;
|
|
71
|
+
}
|
|
72
|
+
export interface SettlementHint {
|
|
73
|
+
preferredChain?: string;
|
|
74
|
+
deadline?: string;
|
|
75
|
+
gasStrategy?: string;
|
|
76
|
+
}
|
|
77
|
+
export interface ExecutionPlan {
|
|
78
|
+
authorization: Authorization;
|
|
79
|
+
settlementHints: SettlementHint;
|
|
80
|
+
}
|
|
81
|
+
export interface PolicyContext {
|
|
82
|
+
actor: Actor;
|
|
83
|
+
intent: Intent;
|
|
84
|
+
budget: BudgetState;
|
|
85
|
+
evaluatedPolicies: PolicyResult[];
|
|
86
|
+
}
|
|
87
|
+
export type PolicyMiddleware = (ctx: PolicyContext, next: () => Promise<PolicyResult>) => Promise<PolicyResult>;
|
|
88
|
+
export interface PolicyEvaluator {
|
|
89
|
+
id: string;
|
|
90
|
+
type: string;
|
|
91
|
+
version: string;
|
|
92
|
+
middleware: PolicyMiddleware;
|
|
93
|
+
}
|
|
94
|
+
export interface SimulationResult {
|
|
95
|
+
decision: AuthorizationDecision;
|
|
96
|
+
policyResults: PolicyResult[];
|
|
97
|
+
estimatedGas?: bigint;
|
|
98
|
+
estimatedCost?: bigint;
|
|
99
|
+
}
|
|
100
|
+
export interface SignedTransaction {
|
|
101
|
+
serialized: `0x${string}`;
|
|
102
|
+
hash: `0x${string}`;
|
|
103
|
+
}
|
|
104
|
+
export interface Receipt {
|
|
105
|
+
txHash: `0x${string}`;
|
|
106
|
+
status: 'confirmed' | 'failed';
|
|
107
|
+
blockNumber: bigint;
|
|
108
|
+
gasUsed: bigint;
|
|
109
|
+
effectiveGasPrice: bigint;
|
|
110
|
+
}
|
|
111
|
+
export type { PaymentIntentStatus, PaymentAmount, PaymentRecipient, PaymentIntentFailure, PaymentMetadataValue, PaymentIntent, SerializedBigInt, } from './types/payment.js';
|
|
112
|
+
export { PAYMENT_INTENT_STATUSES, PAYMENT_INTENT_TERMINAL_STATUSES, PAYMENT_INTENT_TRANSITIONS, validatePaymentAmount, isPaymentIntentTerminalStatus, canTransitionPaymentIntentStatus, assertValidPaymentIntentTransition, assertPaymentIntent, serializeBigInts, deserializeBigInts, serializePaymentIntent, deserializePaymentIntent, } from './types/payment.js';
|
|
113
|
+
export type { PolicyDecision, PolicyReason, BasePolicy, BudgetPolicy, AllowlistPolicy, RateLimitPolicy, PolicyDefinition, PolicyEvaluationContext, PolicyEvaluationResult, AggregatedPolicyDecision, } from './types/policy.js';
|
|
114
|
+
export { POLICY_DECISIONS, evaluatePolicy, aggregatePolicyDecisions, evaluatePolicies, } from './types/policy.js';
|
|
115
|
+
export type { Hex, Address, SmartWalletProvider, EntryPointVersion, SmartWallet, UserOperationCall, GasEstimate, UserOperationV06, UserOperationV07, UserOperation, } from './types/wallet.js';
|
|
116
|
+
export { isUserOperationV06, isUserOperationV07, getUserOperationSender, getUserOperationNonce, } from './types/wallet.js';
|
|
117
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,QAAQ,GAAG,QAAQ,GAAG,UAAU,CAAA;IACxC,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,SAAS,GAAG,OAAO,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC/B,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,EAAE,MAAM,CAAA;IACb,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAA;IACV,OAAO,EAAE,MAAM,CAAA;IACf,IAAI,EAAE,MAAM,CAAA;IACZ,UAAU,EAAE,oBAAoB,CAAA;CACjC;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,MAAM,CAAA;IACZ,EAAE,EAAE,MAAM,CAAA;IACV,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,OAAO,CAAA;IAChB,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAA;IACb,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,QAAQ,CAAA;IACpC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAA;IACzC,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,MAAM,qBAAqB,GAAG,UAAU,GAAG,QAAQ,GAAG,gBAAgB,CAAA;AAE5E,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAA;IACd,aAAa,EAAE,YAAY,EAAE,CAAA;IAC7B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,aAAa,CAAA;IAC5B,eAAe,EAAE,cAAc,CAAA;CAChC;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,KAAK,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,WAAW,CAAA;IACnB,iBAAiB,EAAE,YAAY,EAAE,CAAA;CAClC;AAED,MAAM,MAAM,gBAAgB,GAAG,CAC7B,GAAG,EAAE,aAAa,EAClB,IAAI,EAAE,MAAM,OAAO,CAAC,YAAY,CAAC,KAC9B,OAAO,CAAC,YAAY,CAAC,CAAA;AAE1B,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,gBAAgB,CAAA;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,qBAAqB,CAAA;IAC/B,aAAa,EAAE,YAAY,EAAE,CAAA;IAC7B,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,KAAK,MAAM,EAAE,CAAA;IACzB,IAAI,EAAE,KAAK,MAAM,EAAE,CAAA;CACpB;AAED,MAAM,WAAW,OAAO;IACtB,MAAM,EAAE,KAAK,MAAM,EAAE,CAAA;IACrB,MAAM,EAAE,WAAW,GAAG,QAAQ,CAAA;IAC9B,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,iBAAiB,EAAE,MAAM,CAAA;CAC1B;AAED,YAAY,EACV,mBAAmB,EACnB,aAAa,EACb,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,aAAa,EACb,gBAAgB,GACjB,MAAM,oBAAoB,CAAA;AAE3B,OAAO,EACL,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,qBAAqB,EACrB,6BAA6B,EAC7B,gCAAgC,EAChC,kCAAkC,EAClC,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,oBAAoB,CAAA;AAE3B,YAAY,EACV,cAAc,EACd,YAAY,EACZ,UAAU,EACV,YAAY,EACZ,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,uBAAuB,EACvB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,mBAAmB,CAAA;AAE1B,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAE1B,YAAY,EACV,GAAG,EACH,OAAO,EACP,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,iBAAiB,EACjB,WAAW,EACX,gBAAgB,EAChB,gBAAgB,EAChB,aAAa,GACd,MAAM,mBAAmB,CAAA;AAE1B,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA"}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
export { PAYMENT_INTENT_STATUSES, PAYMENT_INTENT_TERMINAL_STATUSES, PAYMENT_INTENT_TRANSITIONS, validatePaymentAmount, isPaymentIntentTerminalStatus, canTransitionPaymentIntentStatus, assertValidPaymentIntentTransition, assertPaymentIntent, serializeBigInts, deserializeBigInts, serializePaymentIntent, deserializePaymentIntent, } from './types/payment.js';
|
|
2
|
+
export { POLICY_DECISIONS, evaluatePolicy, aggregatePolicyDecisions, evaluatePolicies, } from './types/policy.js';
|
|
3
|
+
export { isUserOperationV06, isUserOperationV07, getUserOperationSender, getUserOperationNonce, } from './types/wallet.js';
|
|
4
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AA2IA,OAAO,EACL,uBAAuB,EACvB,gCAAgC,EAChC,0BAA0B,EAC1B,qBAAqB,EACrB,6BAA6B,EAC7B,gCAAgC,EAChC,kCAAkC,EAClC,mBAAmB,EACnB,gBAAgB,EAChB,kBAAkB,EAClB,sBAAsB,EACtB,wBAAwB,GACzB,MAAM,oBAAoB,CAAA;AAe3B,OAAO,EACL,gBAAgB,EAChB,cAAc,EACd,wBAAwB,EACxB,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAe1B,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,sBAAsB,EACtB,qBAAqB,GACtB,MAAM,mBAAmB,CAAA"}
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
export interface HmacSignatureOptions {
|
|
2
|
+
secret: string | Uint8Array;
|
|
3
|
+
message: string | Uint8Array;
|
|
4
|
+
encoding?: 'hex' | 'base64';
|
|
5
|
+
}
|
|
6
|
+
export interface TimestampValidationOptions {
|
|
7
|
+
nowMs?: number;
|
|
8
|
+
maxSkewMs?: number;
|
|
9
|
+
}
|
|
10
|
+
export interface TimestampValidationResult {
|
|
11
|
+
valid: boolean;
|
|
12
|
+
ageMs: number;
|
|
13
|
+
}
|
|
14
|
+
export declare function sha256Hex(value: string | Uint8Array): Promise<`0x${string}`>;
|
|
15
|
+
export declare function signHmacSha256({ secret, message, encoding, }: HmacSignatureOptions): Promise<string>;
|
|
16
|
+
export declare function verifyHmacSha256(options: HmacSignatureOptions & {
|
|
17
|
+
signature: string;
|
|
18
|
+
}): Promise<boolean>;
|
|
19
|
+
export declare function assertValidHmac(options: HmacSignatureOptions & {
|
|
20
|
+
signature: string;
|
|
21
|
+
}): Promise<void>;
|
|
22
|
+
export declare function generateNonce(byteLength?: number): string;
|
|
23
|
+
export declare function validateTimestamp(value: string | number | Date, options?: TimestampValidationOptions): TimestampValidationResult;
|
|
24
|
+
export declare function assertValidTimestamp(value: string | number | Date, options?: TimestampValidationOptions): void;
|
|
25
|
+
//# sourceMappingURL=crypto.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/utils/crypto.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,GAAG,UAAU,CAAA;IAC3B,OAAO,EAAE,MAAM,GAAG,UAAU,CAAA;IAC5B,QAAQ,CAAC,EAAE,KAAK,GAAG,QAAQ,CAAA;CAC5B;AAED,MAAM,WAAW,0BAA0B;IACzC,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,yBAAyB;IACxC,KAAK,EAAE,OAAO,CAAA;IACd,KAAK,EAAE,MAAM,CAAA;CACd;AAgFD,wBAAsB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,KAAK,MAAM,EAAE,CAAC,CAGlF;AAED,wBAAsB,cAAc,CAAC,EACnC,MAAM,EACN,OAAO,EACP,QAAgB,GACjB,EAAE,oBAAoB,GAAG,OAAO,CAAC,MAAM,CAAC,CAIxC;AAED,wBAAsB,gBAAgB,CACpC,OAAO,EAAE,oBAAoB,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,GACpD,OAAO,CAAC,OAAO,CAAC,CAUlB;AAED,wBAAsB,eAAe,CACnC,OAAO,EAAE,oBAAoB,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,GACpD,OAAO,CAAC,IAAI,CAAC,CAIf;AAED,wBAAgB,aAAa,CAAC,UAAU,SAAK,GAAG,MAAM,CAUrD;AAED,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAC7B,OAAO,GAAE,0BAA+B,GACvC,yBAAyB,CAoB3B;AAED,wBAAgB,oBAAoB,CAClC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAC7B,OAAO,GAAE,0BAA+B,GACvC,IAAI,CAQN"}
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
import { HmacVerificationError, ValidationError } from '../types/errors.js';
|
|
2
|
+
const textEncoder = new TextEncoder();
|
|
3
|
+
function getCrypto() {
|
|
4
|
+
if (!globalThis.crypto?.subtle) {
|
|
5
|
+
throw new Error('Web Crypto API is not available in the current runtime');
|
|
6
|
+
}
|
|
7
|
+
return globalThis.crypto;
|
|
8
|
+
}
|
|
9
|
+
function toUint8Array(value) {
|
|
10
|
+
return typeof value === 'string' ? textEncoder.encode(value) : value;
|
|
11
|
+
}
|
|
12
|
+
function toBufferSource(value) {
|
|
13
|
+
return Uint8Array.from(toUint8Array(value));
|
|
14
|
+
}
|
|
15
|
+
function bytesToHex(bytes) {
|
|
16
|
+
return Array.from(bytes, (byte) => byte.toString(16).padStart(2, '0')).join('');
|
|
17
|
+
}
|
|
18
|
+
function hexToBytes(value) {
|
|
19
|
+
if (!/^[0-9a-f]+$/i.test(value) || value.length % 2 !== 0) {
|
|
20
|
+
throw new ValidationError('Hex signatures must use an even-length hexadecimal string', {
|
|
21
|
+
value,
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
const bytes = new Uint8Array(value.length / 2);
|
|
25
|
+
for (let index = 0; index < value.length; index += 2) {
|
|
26
|
+
bytes[index / 2] = Number.parseInt(value.slice(index, index + 2), 16);
|
|
27
|
+
}
|
|
28
|
+
return bytes;
|
|
29
|
+
}
|
|
30
|
+
function bytesToBase64(bytes) {
|
|
31
|
+
const binary = Array.from(bytes, (byte) => String.fromCharCode(byte)).join('');
|
|
32
|
+
return btoa(binary);
|
|
33
|
+
}
|
|
34
|
+
function base64ToBytes(value) {
|
|
35
|
+
const binary = atob(value);
|
|
36
|
+
return Uint8Array.from(binary, (char) => char.charCodeAt(0));
|
|
37
|
+
}
|
|
38
|
+
function decodeSignature(value, encoding) {
|
|
39
|
+
return encoding === 'hex' ? hexToBytes(value) : base64ToBytes(value);
|
|
40
|
+
}
|
|
41
|
+
function encodeBytes(value, encoding) {
|
|
42
|
+
return encoding === 'hex' ? bytesToHex(value) : bytesToBase64(value);
|
|
43
|
+
}
|
|
44
|
+
function timingSafeEqual(left, right) {
|
|
45
|
+
if (left.length !== right.length) {
|
|
46
|
+
return false;
|
|
47
|
+
}
|
|
48
|
+
let mismatch = 0;
|
|
49
|
+
for (let index = 0; index < left.length; index += 1) {
|
|
50
|
+
mismatch |= left[index] ^ right[index];
|
|
51
|
+
}
|
|
52
|
+
return mismatch === 0;
|
|
53
|
+
}
|
|
54
|
+
async function importHmacKey(secret) {
|
|
55
|
+
return getCrypto().subtle.importKey('raw', toBufferSource(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
|
|
56
|
+
}
|
|
57
|
+
export async function sha256Hex(value) {
|
|
58
|
+
const digest = await getCrypto().subtle.digest('SHA-256', toBufferSource(value));
|
|
59
|
+
return `0x${bytesToHex(new Uint8Array(digest))}`;
|
|
60
|
+
}
|
|
61
|
+
export async function signHmacSha256({ secret, message, encoding = 'hex', }) {
|
|
62
|
+
const key = await importHmacKey(secret);
|
|
63
|
+
const signature = await getCrypto().subtle.sign('HMAC', key, toBufferSource(message));
|
|
64
|
+
return encodeBytes(new Uint8Array(signature), encoding);
|
|
65
|
+
}
|
|
66
|
+
export async function verifyHmacSha256(options) {
|
|
67
|
+
const expected = await signHmacSha256(options);
|
|
68
|
+
try {
|
|
69
|
+
const receivedBuffer = decodeSignature(options.signature, options.encoding ?? 'hex');
|
|
70
|
+
const expectedBuffer = decodeSignature(expected, options.encoding ?? 'hex');
|
|
71
|
+
return timingSafeEqual(receivedBuffer, expectedBuffer);
|
|
72
|
+
}
|
|
73
|
+
catch {
|
|
74
|
+
return false;
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
export async function assertValidHmac(options) {
|
|
78
|
+
if (!(await verifyHmacSha256(options))) {
|
|
79
|
+
throw new HmacVerificationError('HMAC signature verification failed');
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
export function generateNonce(byteLength = 16) {
|
|
83
|
+
if (!Number.isInteger(byteLength) || byteLength < 16) {
|
|
84
|
+
throw new ValidationError('Nonce byte length must be an integer greater than or equal to 16', {
|
|
85
|
+
byteLength,
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
const bytes = new Uint8Array(byteLength);
|
|
89
|
+
getCrypto().getRandomValues(bytes);
|
|
90
|
+
return bytesToHex(bytes);
|
|
91
|
+
}
|
|
92
|
+
export function validateTimestamp(value, options = {}) {
|
|
93
|
+
const nowMs = options.nowMs ?? Date.now();
|
|
94
|
+
const maxSkewMs = options.maxSkewMs ?? 5 * 60 * 1000;
|
|
95
|
+
const timestampMs = value instanceof Date ? value.getTime() : new Date(value).getTime();
|
|
96
|
+
if (Number.isNaN(timestampMs)) {
|
|
97
|
+
throw new ValidationError('Timestamp must be a valid date value', { value });
|
|
98
|
+
}
|
|
99
|
+
if (!Number.isInteger(maxSkewMs) || maxSkewMs < 0) {
|
|
100
|
+
throw new ValidationError('maxSkewMs must be a non-negative integer', {
|
|
101
|
+
maxSkewMs,
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
const ageMs = nowMs - timestampMs;
|
|
105
|
+
return {
|
|
106
|
+
valid: Math.abs(ageMs) <= maxSkewMs,
|
|
107
|
+
ageMs,
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
export function assertValidTimestamp(value, options = {}) {
|
|
111
|
+
const result = validateTimestamp(value, options);
|
|
112
|
+
if (!result.valid) {
|
|
113
|
+
throw new ValidationError('Timestamp is outside the allowed clock skew window', {
|
|
114
|
+
ageMs: result.ageMs,
|
|
115
|
+
maxSkewMs: options.maxSkewMs ?? 5 * 60 * 1000,
|
|
116
|
+
});
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
//# sourceMappingURL=crypto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/utils/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AAkB3E,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAA;AAErC,SAAS,SAAS;IAChB,IAAI,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAA;IAC3E,CAAC;IAED,OAAO,UAAU,CAAC,MAAM,CAAA;AAC1B,CAAC;AAED,SAAS,YAAY,CAAC,KAA0B;IAC9C,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;AACtE,CAAC;AAED,SAAS,cAAc,CAAC,KAA0B;IAChD,OAAO,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAA;AAC7C,CAAC;AAED,SAAS,UAAU,CAAC,KAAiB;IACnC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;AACjF,CAAC;AAED,SAAS,UAAU,CAAC,KAAa;IAC/B,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,eAAe,CAAC,2DAA2D,EAAE;YACrF,KAAK;SACN,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAC9C,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACrD,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IACvE,CAAC;IAED,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;IAC9E,OAAO,IAAI,CAAC,MAAM,CAAC,CAAA;AACrB,CAAC;AAED,SAAS,aAAa,CAAC,KAAa;IAClC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAA;IAC1B,OAAO,UAAU,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAA;AAC9D,CAAC;AAED,SAAS,eAAe,CAAC,KAAa,EAAE,QAA0B;IAChE,OAAO,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;AACtE,CAAC;AAED,SAAS,WAAW,CAAC,KAAiB,EAAE,QAA0B;IAChE,OAAO,QAAQ,KAAK,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAA;AACtE,CAAC;AAED,SAAS,eAAe,CAAC,IAAgB,EAAE,KAAiB;IAC1D,IAAI,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,EAAE,CAAC;QACjC,OAAO,KAAK,CAAA;IACd,CAAC;IAED,IAAI,QAAQ,GAAG,CAAC,CAAA;IAChB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,IAAI,CAAC,EAAE,CAAC;QACpD,QAAQ,IAAI,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAA;IACxC,CAAC;IAED,OAAO,QAAQ,KAAK,CAAC,CAAA;AACvB,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,MAA2B;IACtD,OAAO,SAAS,EAAE,CAAC,MAAM,CAAC,SAAS,CACjC,KAAK,EACL,cAAc,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,KAA0B;IACxD,MAAM,MAAM,GAAG,MAAM,SAAS,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,cAAc,CAAC,KAAK,CAAC,CAAC,CAAA;IAChF,OAAO,KAAK,UAAU,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,CAAA;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,EACnC,MAAM,EACN,OAAO,EACP,QAAQ,GAAG,KAAK,GACK;IACrB,MAAM,GAAG,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,CAAA;IACvC,MAAM,SAAS,GAAG,MAAM,SAAS,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,cAAc,CAAC,OAAO,CAAC,CAAC,CAAA;IACrF,OAAO,WAAW,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,CAAA;AACzD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAqD;IAErD,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,CAAC,CAAA;IAE9C,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAA;QACpF,MAAM,cAAc,GAAG,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAA;QAC3E,OAAO,eAAe,CAAC,cAAc,EAAE,cAAc,CAAC,CAAA;IACxD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,OAAqD;IAErD,IAAI,CAAC,CAAC,MAAM,gBAAgB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;QACvC,MAAM,IAAI,qBAAqB,CAAC,oCAAoC,CAAC,CAAA;IACvE,CAAC;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,UAAU,GAAG,EAAE;IAC3C,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,UAAU,GAAG,EAAE,EAAE,CAAC;QACrD,MAAM,IAAI,eAAe,CAAC,kEAAkE,EAAE;YAC5F,UAAU;SACX,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAA;IACxC,SAAS,EAAE,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,UAAU,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED,MAAM,UAAU,iBAAiB,CAC/B,KAA6B,EAC7B,UAAsC,EAAE;IAExC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,CAAA;IACzC,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;IACpD,MAAM,WAAW,GAAG,KAAK,YAAY,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAA;IAEvF,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9B,MAAM,IAAI,eAAe,CAAC,sCAAsC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAA;IAC9E,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,IAAI,SAAS,GAAG,CAAC,EAAE,CAAC;QAClD,MAAM,IAAI,eAAe,CAAC,0CAA0C,EAAE;YACpE,SAAS;SACV,CAAC,CAAA;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,GAAG,WAAW,CAAA;IACjC,OAAO;QACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,SAAS;QACnC,KAAK;KACN,CAAA;AACH,CAAC;AAED,MAAM,UAAU,oBAAoB,CAClC,KAA6B,EAC7B,UAAsC,EAAE;IAExC,MAAM,MAAM,GAAG,iBAAiB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;IAChD,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,IAAI,eAAe,CAAC,oDAAoD,EAAE;YAC9E,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI;SAC9C,CAAC,CAAA;IACJ,CAAC;AACH,CAAC"}
|