@bsv/wallet-toolbox 1.3.20 → 1.3.22

package/mobile/out/src/WalletPermissionsManager.d.ts

@@ -0,0 +1,598 @@
+import { WalletInterface, WalletProtocol, Base64String, PubKeyHex } from '@bsv/sdk';
+/**
+ * Describes a single requested permission that the user must either grant or deny.
+ *
+ * Four categories of permission are supported, each with a unique protocol:
+ *  1) protocol - "DPACP" (Domain Protocol Access Control Protocol)
+ *  2) basket   - "DBAP"  (Domain Basket Access Protocol)
+ *  3) certificate - "DCAP" (Domain Certificate Access Protocol)
+ *  4) spending - "DSAP"  (Domain Spending Authorization Protocol)
+ *
+ * This model underpins "requests" made to the user for permission, which the user can
+ * either grant or deny. The manager can then create on-chain tokens (PushDrop outputs)
+ * if permission is granted. Denying requests cause the underlying operation to throw,
+ * and no token is created. An "ephemeral" grant is also possible, denoting a one-time
+ * authorization without an associated persistent on-chain token.
+ */
+export interface PermissionRequest {
+    type: 'protocol' | 'basket' | 'certificate' | 'spending';
+    originator: string;
+    privileged?: boolean;
+    protocolID?: WalletProtocol;
+    counterparty?: string;
+    basket?: string;
+    certificate?: {
+        verifier: string;
+        certType: string;
+        fields: string[];
+    };
+    spending?: {
+        satoshis: number;
+        lineItems?: Array<{
+            type: 'input' | 'output' | 'fee';
+            description: string;
+            satoshis: number;
+        }>;
+    };
+    reason?: string;
+    renewal?: boolean;
+    previousToken?: PermissionToken;
+}
+/**
+ * Signature for functions that handle a permission request event, e.g. "Please ask the user to allow basket X".
+ */
+export type PermissionEventHandler = (request: PermissionRequest & {
+    requestID: string;
+}) => void | Promise<void>;
+/**
+ * Data structure representing an on-chain permission token.
+ * It is typically stored as a single unspent PushDrop output in a special "internal" admin basket belonging to
+ * the user, held in their underlying wallet.
+ *
+ * It can represent any of the four permission categories by having the relevant fields:
+ *  - DPACP: originator, privileged, protocol, securityLevel, counterparty
+ *  - DBAP:  originator, basketName
+ *  - DCAP:  originator, privileged, verifier, certType, certFields
+ *  - DSAP:  originator, authorizedAmount
+ */
+export interface PermissionToken {
+    /** The transaction ID where this token resides. */
+    txid: string;
+    /** The current transaction encapsulating the token. */
+    tx: number[];
+    /** The output index within that transaction. */
+    outputIndex: number;
+    /** The exact script hex for the locking script. */
+    outputScript: string;
+    /** The amount of satoshis assigned to the permission output (often 1). */
+    satoshis: number;
+    /** The originator domain or FQDN that is allowed to use this permission. */
+    originator: string;
+    /** The expiration time for this token in UNIX epoch seconds. (0 or omitted for spending authorizations, which are indefinite) */
+    expiry: number;
+    /** Whether this token grants privileged usage (for protocol or certificate). */
+    privileged?: boolean;
+    /** The protocol name, if this is a DPACP token. */
+    protocol?: string;
+    /** The security level (0,1,2) for DPACP. */
+    securityLevel?: 0 | 1 | 2;
+    /** The counterparty, for DPACP. */
+    counterparty?: string;
+    /** The name of a basket, if this is a DBAP token. */
+    basketName?: string;
+    /** The certificate type, if this is a DCAP token. */
+    certType?: string;
+    /** The certificate fields that this token covers, if DCAP token. */
+    certFields?: string[];
+    /** The "verifier" public key string, if DCAP. */
+    verifier?: string;
+    /** For DSAP, the maximum authorized spending for the month. */
+    authorizedAmount?: number;
+}
+/**
+ * The set of callbacks that external code can bind to, e.g. to display UI prompts or logs
+ * when a permission is requested.
+ */
+export interface WalletPermissionsManagerCallbacks {
+    onProtocolPermissionRequested?: PermissionEventHandler[];
+    onBasketAccessRequested?: PermissionEventHandler[];
+    onCertificateAccessRequested?: PermissionEventHandler[];
+    onSpendingAuthorizationRequested?: PermissionEventHandler[];
+}
+/**
+ * Configuration object for the WalletPermissionsManager. If a given option is `false`,
+ * the manager will skip or alter certain permission checks or behaviors.
+ *
+ * By default, all of these are `true` unless specified otherwise. This is the most secure configuration.
+ */
+export interface PermissionsManagerConfig {
+    /**
+     * For `createSignature` and `verifySignature`,
+     * require a "protocol usage" permission check?
+     */
+    seekProtocolPermissionsForSigning?: boolean;
+    /**
+     * For methods that perform encryption (encrypt/decrypt), require
+     * a "protocol usage" permission check?
+     */
+    seekProtocolPermissionsForEncrypting?: boolean;
+    /**
+     * For methods that perform HMAC creation or verification (createHmac, verifyHmac),
+     * require a "protocol usage" permission check?
+     */
+    seekProtocolPermissionsForHMAC?: boolean;
+    /**
+     * For revealing counterparty-level or specific key linkage revelation information,
+     * should we require permission?
+     */
+    seekPermissionsForKeyLinkageRevelation?: boolean;
+    /**
+     * For revealing any user public key (getPublicKey) **other** than the identity key,
+     * should we require permission?
+     */
+    seekPermissionsForPublicKeyRevelation?: boolean;
+    /**
+     * If getPublicKey is requested with `identityKey=true`, do we require permission?
+     */
+    seekPermissionsForIdentityKeyRevelation?: boolean;
+    /**
+     * If discoverByIdentityKey / discoverByAttributes are called, do we require permission
+     * for "identity resolution" usage?
+     */
+    seekPermissionsForIdentityResolution?: boolean;
+    /**
+     * When we do internalizeAction with `basket insertion`, or include outputs in baskets
+     * with `createAction, do we ask for basket permission?
+     */
+    seekBasketInsertionPermissions?: boolean;
+    /**
+     * When relinquishOutput is called, do we ask for basket permission?
+     */
+    seekBasketRemovalPermissions?: boolean;
+    /**
+     * When listOutputs is called, do we ask for basket permission?
+     */
+    seekBasketListingPermissions?: boolean;
+    /**
+     * When createAction is called with labels, do we ask for "label usage" permission?
+     */
+    seekPermissionWhenApplyingActionLabels?: boolean;
+    /**
+     * When listActions is called with labels, do we ask for "label usage" permission?
+     */
+    seekPermissionWhenListingActionsByLabel?: boolean;
+    /**
+     * If proving a certificate (proveCertificate) or revealing certificate fields,
+     * do we require a "certificate access" permission?
+     */
+    seekCertificateDisclosurePermissions?: boolean;
+    /**
+     * If acquiring a certificate (acquireCertificate), do we require a permission check?
+     */
+    seekCertificateAcquisitionPermissions?: boolean;
+    /**
+     * If relinquishing a certificate (relinquishCertificate), do we require a permission check?
+     */
+    seekCertificateRelinquishmentPermissions?: boolean;
+    /**
+     * If listing a user's certificates (listCertificates), do we require a permission check?
+     */
+    seekCertificateListingPermissions?: boolean;
+    /**
+     * Should transaction descriptions, input descriptions, and output descriptions be encrypted
+     * when before they are passed to the underlying wallet, and transparently decrypted when retrieved?
+     */
+    encryptWalletMetadata?: boolean;
+    /**
+     * If the originator tries to spend wallet funds (netSpent > 0 in createAction),
+     * do we seek spending authorization?
+     */
+    seekSpendingPermissions?: boolean;
+    /**
+     * If false, permissions are checked without regard for whether we are in
+     * privileged mode. Privileged status is ignored with respect to whether
+     * permissions are granted. Internally, they are always sought and checked
+     * with privileged=false, regardless of the actual value.
+     */
+    differentiatePrivilegedOperations?: boolean;
+}
+/**
+ * @class WalletPermissionsManager
+ *
+ * Wraps an underlying BRC-100 `Wallet` implementation with permissions management capabilities.
+ * The manager intercepts calls from external applications (identified by originators), checks if the request is allowed,
+ * and if not, orchestrates user permission flows. It creates or renews on-chain tokens in special
+ * admin baskets to track these authorizations. Finally, it proxies the actual call to the underlying wallet.
+ *
+ * ### Key Responsibilities:
+ *  - **Permission Checking**: Before standard wallet operations (e.g. `encrypt`),
+ *    the manager checks if a valid permission token exists. If not, it attempts to request permission from the user.
+ *  - **On-Chain Tokens**: When permission is granted, the manager stores it as an unspent "PushDrop" output.
+ *    This can be spent later to revoke or renew the permission.
+ *  - **Callbacks**: The manager triggers user-defined callbacks on permission requests (to show a UI prompt),
+ *    on grants/denials, and on internal processes.
+ *
+ * ### Implementation Notes:
+ *  - The manager follows the BRC-100 `createAction` + `signAction` pattern for building or spending these tokens.
+ *  - Token revocation or renewal uses standard BRC-100 flows: we build a transaction that consumes
+ *    the old token UTXO and outputs a new one (or none, if fully revoked).
+ */
+export declare class WalletPermissionsManager implements WalletInterface {
+    /** A reference to the BRC-100 wallet instance. */
+    private underlying;
+    /** The "admin" domain or FQDN that is implicitly allowed to do everything. */
+    private adminOriginator;
+    /**
+     * Event callbacks that external code can subscribe to, e.g. to show a UI prompt
+     * or log events. Each event can have multiple handlers.
+     */
+    private callbacks;
+    /**
+     * We queue parallel requests for the same resource so that only one
+     * user prompt is created for a single resource. If multiple calls come
+     * in at once for the same "protocol:domain:privileged:counterparty" etc.,
+     * they get merged.
+     *
+     * The key is a string derived from the operation; the value is an object with a reference to the
+     * associated request and an array of pending promise resolve/reject pairs, one for each active
+     * operation that's waiting on the particular resource described by the key.
+     */
+    private activeRequests;
+    /**
+     * Configuration that determines whether to skip or apply various checks and encryption.
+     */
+    private config;
+    /**
+     * Constructs a new Permissions Manager instance.
+     *
+     * @param underlyingWallet           The underlying BRC-100 wallet, where requests are forwarded after permission is granted
+     * @param adminOriginator            The domain or FQDN that is automatically allowed everything
+     * @param config                     A set of boolean flags controlling how strictly permissions are enforced
+     */
+    constructor(underlyingWallet: WalletInterface, adminOriginator: string, config?: PermissionsManagerConfig);
+    /**
+     * Binds a callback function to a named event, such as `onProtocolPermissionRequested`.
+     *
+     * @param eventName The name of the event to listen to
+     * @param handler   A function that handles the event
+     * @returns         A numeric ID you can use to unbind later
+     */
+    bindCallback(eventName: keyof WalletPermissionsManagerCallbacks, handler: PermissionEventHandler): number;
+    /**
+     * Unbinds a previously registered callback by either its numeric ID (returned by `bindCallback`)
+     * or by exact function reference.
+     *
+     * @param eventName  The event name, e.g. "onProtocolPermissionRequested"
+     * @param reference  Either the numeric ID or the function reference
+     * @returns          True if successfully unbound, false otherwise
+     */
+    unbindCallback(eventName: keyof WalletPermissionsManagerCallbacks, reference: number | Function): boolean;
+    /**
+     * Internally triggers a named event, calling all subscribed listeners.
+     * Each callback is awaited in turn (though errors are swallowed so that
+     * one failing callback doesn't prevent the others).
+     *
+     * @param eventName The event name
+     * @param param     The parameter object passed to all listeners
+     */
+    private callEvent;
+    /**
+     * Grants a previously requested permission.
+     * This method:
+     *  1) Resolves all pending promise calls waiting on this request
+     *  2) Optionally creates or renews an on-chain PushDrop token (unless `ephemeral===true`)
+     *
+     * @param params      requestID to identify which request is granted, plus optional expiry
+     *                    or `ephemeral` usage, etc.
+     */
+    grantPermission(params: {
+        requestID: string;
+        expiry?: number;
+        ephemeral?: boolean;
+        amount?: number;
+    }): Promise<void>;
+    /**
+     * Denies a previously requested permission.
+     * This method rejects all pending promise calls waiting on that request
+     *
+     * @param requestID    requestID identifying which request to deny
+     */
+    denyPermission(requestID: string): Promise<void>;
+    /**
+     * Ensures the originator has protocol usage permission.
+     * If no valid (unexpired) permission token is found, triggers a permission request flow.
+     */
+    ensureProtocolPermission({ originator, privileged, protocolID, counterparty, reason, seekPermission, usageType }: {
+        originator: string;
+        privileged: boolean;
+        protocolID: WalletProtocol;
+        counterparty: string;
+        reason?: string;
+        seekPermission?: boolean;
+        usageType: 'signing' | 'encrypting' | 'hmac' | 'publicKey' | 'identityKey' | 'linkageRevelation' | 'generic';
+    }): Promise<boolean>;
+    /**
+     * Ensures the originator has basket usage permission for the specified basket.
+     * If not, triggers a permission request flow.
+     */
+    ensureBasketAccess({ originator, basket, reason, seekPermission, usageType }: {
+        originator: string;
+        basket: string;
+        reason?: string;
+        seekPermission?: boolean;
+        usageType: 'insertion' | 'removal' | 'listing';
+    }): Promise<boolean>;
+    /**
+     * Ensures the originator has a valid certificate permission.
+     * This is relevant when revealing certificate fields in DCAP contexts.
+     */
+    ensureCertificateAccess({ originator, privileged, verifier, certType, fields, reason, seekPermission, usageType }: {
+        originator: string;
+        privileged: boolean;
+        verifier: string;
+        certType: string;
+        fields: string[];
+        reason?: string;
+        seekPermission?: boolean;
+        usageType: 'disclosure';
+    }): Promise<boolean>;
+    /**
+     * Ensures the originator has spending authorization (DSAP) for a certain satoshi amount.
+     * If the existing token limit is insufficient, attempts to renew. If no token, attempts to create one.
+     */
+    ensureSpendingAuthorization({ originator, satoshis, lineItems, reason, seekPermission }: {
+        originator: string;
+        satoshis: number;
+        lineItems?: Array<{
+            type: 'input' | 'output' | 'fee';
+            description: string;
+            satoshis: number;
+        }>;
+        reason?: string;
+        seekPermission?: boolean;
+    }): Promise<boolean>;
+    /**
+     * Ensures the originator has label usage permission.
+     * If no valid (unexpired) permission token is found, triggers a permission request flow.
+     */
+    ensureLabelAccess({ originator, label, reason, seekPermission, usageType }: {
+        originator: string;
+        label: string;
+        reason?: string;
+        seekPermission?: boolean;
+        usageType: 'apply' | 'list';
+    }): Promise<boolean>;
+    /**
+     * A central method that triggers the permission request flow.
+     * - It checks if there's already an active request for the same key
+     * - If so, we wait on that existing request rather than creating a duplicative one
+     * - Otherwise we create a new request queue, call the relevant "onXXXRequested" event,
+     *   and return a promise that resolves once permission is granted or rejects if denied.
+     */
+    private requestPermissionFlow;
+    /**
+     * We will use a administrative "permission token encryption" protocol to store fields
+     * in each permission's PushDrop script. This ensures that only the user's wallet
+     * can decrypt them. In practice, this data is not super sensitive, but we still
+     * follow the principle of least exposure.
+     */
+    private static readonly PERM_TOKEN_ENCRYPTION_PROTOCOL;
+    /**
+     * Similarly, we will use a "metadata encryption" protocol to preserve the confidentiality
+     * of transaction descriptions and input/output descriptions from lower storage layers.
+     */
+    private static readonly METADATA_ENCRYPTION_PROTOCOL;
+    /** We always use `keyID="1"` and `counterparty="self"` for these encryption ops. */
+    private encryptPermissionTokenField;
+    private decryptPermissionTokenField;
+    /**
+     * Encrypts wallet metadata if configured to do so, otherwise returns the original plaintext for storage.
+     * @param plaintext The metadata to encrypt if configured to do so
+     * @returns The encrypted metadata, or the original value if encryption was disabled.
+     */
+    private maybeEncryptMetadata;
+    /**
+     * Attempts to decrypt metadata. if decryption fails, assumes the value is already plaintext and returns it.
+     * @param ciphertext The metadata to attempt decryption for.
+     * @returns The decrypted metadata. If decryption fails, returns the original value instead.
+     */
+    private maybeDecryptMetadata;
+    /** Helper to see if a token's expiry is in the past. */
+    private isTokenExpired;
+    /** Looks for a DPACP permission token matching origin/domain, privileged, protocol, cpty. */
+    private findProtocolToken;
+    /** Looks for a DBAP token matching (originator, basket). */
+    private findBasketToken;
+    /** Looks for a DCAP token matching (origin, privileged, verifier, certType, fields subset). */
+    private findCertificateToken;
+    /** Looks for a DSAP token matching origin, returning the first one found. */
+    private findSpendingToken;
+    /**
+     * Returns the current month and year in UTC as a string in the format "YYYY-MM".
+     *
+     * @returns {string} The current month and year in UTC.
+     */
+    private getCurrentMonthYearUTC;
+    /**
+     * Returns spending for an originator in the current calendar month.
+     */
+    querySpentSince(token: PermissionToken): Promise<number>;
+    /**
+     * Creates a brand-new permission token as a single-output PushDrop script in the relevant admin basket.
+     *
+     * The main difference between each type of token is in the "fields" we store in the PushDrop script.
+     *
+     * @param r        The permission request
+     * @param expiry   The expiry epoch time
+     * @param amount   For DSAP, the authorized spending limit
+     */
+    private createPermissionOnChain;
+    /**
+     * Renews a permission token by spending the old token as input and creating a new token output.
+     * This invalidates the old token and replaces it with a new one.
+     *
+     * @param oldToken The old token to consume
+     * @param r        The permission request being renewed
+     * @param newExpiry The new expiry epoch time
+     * @param newAmount For DSAP, the new authorized amount
+     */
+    private renewPermissionOnChain;
+    /**
+     * Builds the encrypted array of fields for a PushDrop permission token
+     * (protocol / basket / certificate / spending).
+     */
+    private buildPushdropFields;
+    /**
+     * Helper to build an array of tags for the new output, matching the user request's
+     * origin, basket, privileged, protocol name, etc.
+     */
+    private buildTagsForRequest;
+    /**
+     * Lists all protocol permission tokens (DPACP) with optional filters.
+     * @param originator Optional originator domain to filter by
+     * @param privileged Optional boolean to filter by privileged status
+     * @param protocolName Optional protocol name to filter by
+     * @param protocolSecurityLevel Optional protocol security level to filter by
+     * @param counterparty Optional counterparty to filter by
+     * @returns Array of permission tokens that match the filter criteria
+     */
+    listProtocolPermissions({ originator, privileged, protocolName, protocolSecurityLevel, counterparty }?: {
+        originator?: string;
+        privileged?: boolean;
+        protocolName?: string;
+        protocolSecurityLevel?: number;
+        counterparty?: string;
+    }): Promise<PermissionToken[]>;
+    /**
+     * Returns true if the originator already holds a valid unexpired protocol permission.
+     * This calls `ensureProtocolPermission` with `seekPermission=false`, so it won't prompt.
+     */
+    hasProtocolPermission(params: {
+        originator: string;
+        privileged: boolean;
+        protocolID: WalletProtocol;
+        counterparty: string;
+    }): Promise<boolean>;
+    /**
+     * Lists basket permission tokens (DBAP) for a given originator or basket (or for all if not specified).
+     * @param params.originator Optional originator to filter by
+     * @param params.basket Optional basket name to filter by
+     * @returns Array of permission tokens that match the filter criteria
+     */
+    listBasketAccess(params?: {
+        originator?: string;
+        basket?: string;
+    }): Promise<PermissionToken[]>;
+    /**
+     * Returns `true` if the originator already holds a valid unexpired basket permission for `basket`.
+     */
+    hasBasketAccess(params: {
+        originator: string;
+        basket: string;
+    }): Promise<boolean>;
+    /**
+     * Lists spending authorization tokens (DSAP) for a given originator (or all).
+     */
+    listSpendingAuthorizations(params: {
+        originator?: string;
+    }): Promise<PermissionToken[]>;
+    /**
+     * Returns `true` if the originator already holds a valid spending authorization token
+     * with enough available monthly spend. We do not prompt (seekPermission=false).
+     */
+    hasSpendingAuthorization(params: {
+        originator: string;
+        satoshis: number;
+    }): Promise<boolean>;
+    /**
+     * Lists certificate permission tokens (DCAP) with optional filters.
+     * @param originator Optional originator domain to filter by
+     * @param privileged Optional boolean to filter by privileged status
+     * @param certType Optional certificate type to filter by
+     * @param verifier Optional verifier to filter by
+     * @returns Array of permission tokens that match the filter criteria
+     */
+    listCertificateAccess(params?: {
+        originator?: string;
+        privileged?: boolean;
+        certType?: Base64String;
+        verifier?: PubKeyHex;
+    }): Promise<PermissionToken[]>;
+    /**
+     * Returns `true` if the originator already holds a valid unexpired certificate access
+     * for the given certType/fields. Does not prompt the user.
+     */
+    hasCertificateAccess(params: {
+        originator: string;
+        privileged: boolean;
+        verifier: string;
+        certType: string;
+        fields: string[];
+    }): Promise<boolean>;
+    /**
+     * Revokes a permission token by spending it with no replacement output.
+     * The manager builds a BRC-100 transaction that consumes the token, effectively invalidating it.
+     */
+    revokePermission(oldToken: PermissionToken): Promise<void>;
+    createAction(args: Parameters<WalletInterface['createAction']>[0], originator?: string): ReturnType<WalletInterface['createAction']>;
+    signAction(...args: Parameters<WalletInterface['signAction']>): ReturnType<WalletInterface['signAction']>;
+    abortAction(...args: Parameters<WalletInterface['abortAction']>): ReturnType<WalletInterface['abortAction']>;
+    listActions(...args: Parameters<WalletInterface['listActions']>): ReturnType<WalletInterface['listActions']>;
+    internalizeAction(...args: Parameters<WalletInterface['internalizeAction']>): ReturnType<WalletInterface['internalizeAction']>;
+    listOutputs(...args: Parameters<WalletInterface['listOutputs']>): ReturnType<WalletInterface['listOutputs']>;
+    relinquishOutput(...args: Parameters<WalletInterface['relinquishOutput']>): ReturnType<WalletInterface['relinquishOutput']>;
+    getPublicKey(...args: Parameters<WalletInterface['getPublicKey']>): ReturnType<WalletInterface['getPublicKey']>;
+    revealCounterpartyKeyLinkage(...args: Parameters<WalletInterface['revealCounterpartyKeyLinkage']>): ReturnType<WalletInterface['revealCounterpartyKeyLinkage']>;
+    revealSpecificKeyLinkage(...args: Parameters<WalletInterface['revealSpecificKeyLinkage']>): ReturnType<WalletInterface['revealSpecificKeyLinkage']>;
+    encrypt(...args: Parameters<WalletInterface['encrypt']>): ReturnType<WalletInterface['encrypt']>;
+    decrypt(...args: Parameters<WalletInterface['decrypt']>): ReturnType<WalletInterface['decrypt']>;
+    createHmac(...args: Parameters<WalletInterface['createHmac']>): ReturnType<WalletInterface['createHmac']>;
+    verifyHmac(...args: Parameters<WalletInterface['verifyHmac']>): ReturnType<WalletInterface['verifyHmac']>;
+    createSignature(...args: Parameters<WalletInterface['createSignature']>): ReturnType<WalletInterface['createSignature']>;
+    verifySignature(...args: Parameters<WalletInterface['verifySignature']>): ReturnType<WalletInterface['verifySignature']>;
+    acquireCertificate(...args: Parameters<WalletInterface['acquireCertificate']>): ReturnType<WalletInterface['acquireCertificate']>;
+    listCertificates(...args: Parameters<WalletInterface['listCertificates']>): ReturnType<WalletInterface['listCertificates']>;
+    proveCertificate(...args: Parameters<WalletInterface['proveCertificate']>): ReturnType<WalletInterface['proveCertificate']>;
+    relinquishCertificate(...args: Parameters<WalletInterface['relinquishCertificate']>): ReturnType<WalletInterface['relinquishCertificate']>;
+    discoverByIdentityKey(...args: Parameters<WalletInterface['discoverByIdentityKey']>): ReturnType<WalletInterface['discoverByIdentityKey']>;
+    discoverByAttributes(...args: Parameters<WalletInterface['discoverByAttributes']>): ReturnType<WalletInterface['discoverByAttributes']>;
+    isAuthenticated(...args: Parameters<WalletInterface['isAuthenticated']>): ReturnType<WalletInterface['isAuthenticated']>;
+    waitForAuthentication(...args: Parameters<WalletInterface['waitForAuthentication']>): ReturnType<WalletInterface['waitForAuthentication']>;
+    getHeight(...args: Parameters<WalletInterface['getHeight']>): ReturnType<WalletInterface['getHeight']>;
+    getHeaderForHeight(...args: Parameters<WalletInterface['getHeaderForHeight']>): ReturnType<WalletInterface['getHeaderForHeight']>;
+    getNetwork(...args: Parameters<WalletInterface['getNetwork']>): ReturnType<WalletInterface['getNetwork']>;
+    getVersion(...args: Parameters<WalletInterface['getVersion']>): ReturnType<WalletInterface['getVersion']>;
+    /** Returns true if the specified origin is the admin originator. */
+    private isAdminOriginator;
+    /**
+     * Checks if the given protocol is admin-reserved per BRC-100 rules:
+     *
+     *  - Must not start with `admin` (admin-reserved)
+     *  - Must not start with `p ` (allows for future specially permissioned protocols)
+     *
+     * If it violates these rules and the caller is not admin, we consider it "admin-only."
+     */
+    private isAdminProtocol;
+    /**
+     * Checks if the given label is admin-reserved per BRC-100 rules:
+     *
+     *  - Must not start with `admin` (admin-reserved)
+     *
+     * If it violates these rules and the caller is not admin, we consider it "admin-only."
+     */
+    private isAdminLabel;
+    /**
+     * Checks if the given basket is admin-reserved per BRC-100 rules:
+     *
+     *  - Must not start with `admin`
+     *  - Must not be `default` (some wallets use this for internal operations)
+     *  - Must not start with `p ` (future specially permissioned baskets)
+     */
+    private isAdminBasket;
+    /**
+     * Builds a "map key" string so that identical requests (e.g. "protocol:domain:true:protoName:counterparty")
+     * do not produce multiple user prompts.
+     */
+    private buildRequestKey;
+}
+//# sourceMappingURL=WalletPermissionsManager.d.ts.map

package/mobile/out/src/WalletPermissionsManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"WalletPermissionsManager.d.ts","sourceRoot":"","sources":["../../../src/WalletPermissionsManager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAA+C,cAAc,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,UAAU,CAAA;AAMhI;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,aAAa,GAAG,UAAU,CAAA;IACxD,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,UAAU,CAAC,EAAE,cAAc,CAAA;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAA;IAErB,MAAM,CAAC,EAAE,MAAM,CAAA;IAEf,WAAW,CAAC,EAAE;QAEZ,QAAQ,EAAE,MAAM,CAAA;QAChB,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,EAAE,MAAM,EAAE,CAAA;KACjB,CAAA;IAED,QAAQ,CAAC,EAAE;QAET,QAAQ,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,KAAK,CAAC;YAChB,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,KAAK,CAAA;YAChC,WAAW,EAAE,MAAM,CAAA;YACnB,QAAQ,EAAE,MAAM,CAAA;SACjB,CAAC,CAAA;KACH,CAAA;IAED,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,aAAa,CAAC,EAAE,eAAe,CAAA;CAChC;AAED;;GAEG;AACH,MAAM,MAAM,sBAAsB,GAAG,CAAC,OAAO,EAAE,iBAAiB,GAAG;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;AAEjH;;;;;;;;;;GAUG;AACH,MAAM,WAAW,eAAe;IAC9B,mDAAmD;IACnD,IAAI,EAAE,MAAM,CAAA;IAEZ,uDAAuD;IACvD,EAAE,EAAE,MAAM,EAAE,CAAA;IAEZ,gDAAgD;IAChD,WAAW,EAAE,MAAM,CAAA;IAEnB,mDAAmD;IACnD,YAAY,EAAE,MAAM,CAAA;IAEpB,0EAA0E;IAC1E,QAAQ,EAAE,MAAM,CAAA;IAEhB,4EAA4E;IAC5E,UAAU,EAAE,MAAM,CAAA;IAElB,iIAAiI;IACjI,MAAM,EAAE,MAAM,CAAA;IAEd,gFAAgF;IAChF,UAAU,CAAC,EAAE,OAAO,CAAA;IAEpB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB,4CAA4C;IAC5C,aAAa,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;IAEzB,mCAAmC;IACnC,YAAY,CAAC,EAAE,MAAM,CAAA;IAErB,qDAAqD;IACrD,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB,oEAAoE;IACpE,UAAU,CAAC,EAAE,MAAM,EAAE,CAAA;IAErB,iDAAiD;IACjD,QAAQ,CAAC,EAAE,MAAM,CAAA;IAEjB,+DAA+D;IAC/D,gBAAgB,CAAC,EAAE,MAAM,CAAA;CAC1B;AAcD;;;GAGG;AACH,MAAM,WAAW,iCAAiC;IAChD,6BAA6B,CAAC,EAAE,sBAAsB,EAAE,CAAA;IACxD,uBAAuB,CAAC,EAAE,sBAAsB,EAAE,CAAA;IAClD,4BAA4B,CAAC,EAAE,sBAAsB,EAAE,CAAA;IACvD,gCAAgC,CAAC,EAAE,sBAAsB,EAAE,CAAA;CAC5D;AAED;;;;;GAKG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;OAGG;IACH,iCAAiC,CAAC,EAAE,OAAO,CAAA;IAE3C;;;OAGG;IACH,oCAAoC,CAAC,EAAE,OAAO,CAAA;IAE9C;;;OAGG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAA;IAExC;;;OAGG;IACH,sCAAsC,CAAC,EAAE,OAAO,CAAA;IAEhD;;;OAGG;IACH,qCAAqC,CAAC,EAAE,OAAO,CAAA;IAE/C;;OAEG;IACH,uCAAuC,CAAC,EAAE,OAAO,CAAA;IAEjD;;;OAGG;IACH,oCAAoC,CAAC,EAAE,OAAO,CAAA;IAE9C;;;OAGG;IACH,8BAA8B,CAAC,EAAE,OAAO,CAAA;IAExC;;OAEG;IACH,4BAA4B,CAAC,EAAE,OAAO,CAAA;IAEtC;;OAEG;IACH,4BAA4B,CAAC,EAAE,OAAO,CAAA;IAEtC;;OAEG;IACH,sCAAsC,CAAC,EAAE,OAAO,CAAA;IAEhD;;OAEG;IACH,uCAAuC,CAAC,EAAE,OAAO,CAAA;IAEjD;;;OAGG;IACH,oCAAoC,CAAC,EAAE,OAAO,CAAA;IAE9C;;OAEG;IACH,qCAAqC,CAAC,EAAE,OAAO,CAAA;IAE/C;;OAEG;IACH,wCAAwC,CAAC,EAAE,OAAO,CAAA;IAElD;;OAEG;IACH,iCAAiC,CAAC,EAAE,OAAO,CAAA;IAE3C;;;OAGG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAA;IAE/B;;;OAGG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAA;IAEjC;;;;;OAKG;IACH,iCAAiC,CAAC,EAAE,OAAO,CAAA;CAC5C;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,wBAAyB,YAAW,eAAe;IAC9D,kDAAkD;IAClD,OAAO,CAAC,UAAU,CAAiB;IAEnC,8EAA8E;IAC9E,OAAO,CAAC,eAAe,CAAQ;IAE/B;;;OAGG;IACH,OAAO,CAAC,SAAS,CAKhB;IAED;;;;;;;;;OASG;IACH,OAAO,CAAC,cAAc,CAST;IAEb;;OAEG;IACH,OAAO,CAAC,MAAM,CAA0B;IAExC;;;;;;OAMG;gBACS,gBAAgB,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,GAAE,wBAA6B;IAiC7G;;;;;;OAMG;IACI,YAAY,CAAC,SAAS,EAAE,MAAM,iCAAiC,EAAE,OAAO,EAAE,sBAAsB,GAAG,MAAM;IAMhH;;;;;;;OAOG;IACI,cAAc,CAAC,SAAS,EAAE,MAAM,iCAAiC,EAAE,SAAS,EAAE,MAAM,GAAG,QAAQ,GAAG,OAAO;IAmBhH;;;;;;;OAOG;YACW,SAAS;IAiBvB;;;;;;;;OAQG;IACU,eAAe,CAAC,MAAM,EAAE;QACnC,SAAS,EAAE,MAAM,CAAA;QACjB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,SAAS,CAAC,EAAE,OAAO,CAAA;QACnB,MAAM,CAAC,EAAE,MAAM,CAAA;KAChB,GAAG,OAAO,CAAC,IAAI,CAAC;IAkCjB;;;;;OAKG;IACU,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAkB7D;;;OAGG;IACU,wBAAwB,CAAC,EACpC,UAAU,EACV,UAAU,EACV,UAAU,EACV,YAAY,EACZ,MAAM,EACN,cAAqB,EACrB,SAAS,EACV,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,OAAO,CAAA;QACnB,UAAU,EAAE,cAAc,CAAA;QAC1B,YAAY,EAAE,MAAM,CAAA;QACpB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,SAAS,EAAE,SAAS,GAAG,YAAY,GAAG,MAAM,GAAG,WAAW,GAAG,aAAa,GAAG,mBAAmB,GAAG,SAAS,CAAA;KAC7G,GAAG,OAAO,CAAC,OAAO,CAAC;IAiFpB;;;OAGG;IACU,kBAAkB,CAAC,EAC9B,UAAU,EACV,MAAM,EACN,MAAM,EACN,cAAqB,EACrB,SAAS,EACV,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,MAAM,EAAE,MAAM,CAAA;QACd,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,SAAS,EAAE,WAAW,GAAG,SAAS,GAAG,SAAS,CAAA;KAC/C,GAAG,OAAO,CAAC,OAAO,CAAC;IAwCpB;;;OAGG;IACU,uBAAuB,CAAC,EACnC,UAAU,EACV,UAAU,EACV,QAAQ,EACR,QAAQ,EACR,MAAM,EACN,MAAM,EACN,cAAqB,EACrB,SAAS,EACV,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,OAAO,CAAA;QACnB,QAAQ,EAAE,MAAM,CAAA;QAChB,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,EAAE,MAAM,EAAE,CAAA;QAChB,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,SAAS,EAAE,YAAY,CAAA;KACxB,GAAG,OAAO,CAAC,OAAO,CAAC;IAgDpB;;;OAGG;IACU,2BAA2B,CAAC,EACvC,UAAU,EACV,QAAQ,EACR,SAAS,EACT,MAAM,EACN,cAAqB,EACtB,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,QAAQ,EAAE,MAAM,CAAA;QAChB,SAAS,CAAC,EAAE,KAAK,CAAC;YAChB,IAAI,EAAE,OAAO,GAAG,QAAQ,GAAG,KAAK,CAAA;YAChC,WAAW,EAAE,MAAM,CAAA;YACnB,QAAQ,EAAE,MAAM,CAAA;SACjB,CAAC,CAAA;QACF,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;KACzB,GAAG,OAAO,CAAC,OAAO,CAAC;IA2CpB;;;OAGG;IACU,iBAAiB,CAAC,EAC7B,UAAU,EACV,KAAK,EACL,MAAM,EACN,cAAqB,EACrB,SAAS,EACV,EAAE;QACD,UAAU,EAAE,MAAM,CAAA;QAClB,KAAK,EAAE,MAAM,CAAA;QACb,MAAM,CAAC,EAAE,MAAM,CAAA;QACf,cAAc,CAAC,EAAE,OAAO,CAAA;QACxB,SAAS,EAAE,OAAO,GAAG,MAAM,CAAA;KAC5B,GAAG,OAAO,CAAC,OAAO,CAAC;IA4BpB;;;;;;OAMG;YACW,qBAAqB;IAqDnC;;;;;OAKG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,8BAA8B,CAGrD;IAED;;;OAGG;IACH,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,4BAA4B,CAGnD;IAED,oFAAoF;YACtE,2BAA2B;YAa3B,2BAA2B;IAgBzC;;;;OAIG;YACW,oBAAoB;IAelC;;;;OAIG;YACW,oBAAoB;IAgBlC,wDAAwD;IACxD,OAAO,CAAC,cAAc;IAKtB,6FAA6F;YAC/E,iBAAiB;IA2E/B,4DAA4D;YAC9C,eAAe;IA4C7B,+FAA+F;YACjF,oBAAoB;IAmElC,6EAA6E;YAC/D,iBAAiB;IAsC/B;;;;OAIG;IACH,OAAO,CAAC,sBAAsB;IAO9B;;OAEG;IACU,eAAe,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC;IAerE;;;;;;;;OAQG;YACW,uBAAuB;IA2CrC;;;;;;;;OAQG;YACW,sBAAsB;IAuEpC;;;OAGG;YACW,mBAAmB;IA0CjC;;;OAGG;IACH,OAAO,CAAC,mBAAmB;IAgC3B;;;;;;;;OAQG;IACU,uBAAuB,CAAC,EACnC,UAAU,EACV,UAAU,EACV,YAAY,EACZ,qBAAqB,EACrB,YAAY,EACb,GAAE;QACD,UAAU,CAAC,EAAE,MAAM,CAAA;QACnB,UAAU,CAAC,EAAE,OAAO,CAAA;QACpB,YAAY,CAAC,EAAE,MAAM,CAAA;QACrB,qBAAqB,CAAC,EAAE,MAAM,CAAA;QAC9B,YAAY,CAAC,EAAE,MAAM,CAAA;KACjB,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAkEnC;;;OAGG;IACU,qBAAqB,CAAC,MAAM,EAAE;QACzC,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,OAAO,CAAA;QACnB,UAAU,EAAE,cAAc,CAAA;QAC1B,YAAY,EAAE,MAAM,CAAA;KACrB,GAAG,OAAO,CAAC,OAAO,CAAC;IAcpB;;;;;OAKG;IACU,gBAAgB,CAAC,MAAM,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA8ChH;;OAEG;IACU,eAAe,CAAC,MAAM,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAc9F;;OAEG;IACU,0BAA0B,CAAC,MAAM,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IAyCpG;;;OAGG;IACU,wBAAwB,CAAC,MAAM,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC;IAazG;;;;;;;OAOG;IACU,qBAAqB,CAAC,MAAM,GAAE;QACzC,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,OAAO,CAAC;QACrB,QAAQ,CAAC,EAAE,YAAY,CAAC;QACxB,QAAQ,CAAC,EAAE,SAAS,CAAA;KAChB,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IA6DnC;;;OAGG;IACU,oBAAoB,CAAC,MAAM,EAAE;QACxC,UAAU,EAAE,MAAM,CAAA;QAClB,UAAU,EAAE,OAAO,CAAA;QACnB,QAAQ,EAAE,MAAM,CAAA;QAChB,QAAQ,EAAE,MAAM,CAAA;QAChB,MAAM,EAAE,MAAM,EAAE,CAAA;KACjB,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBpB;;;OAGG;IACU,gBAAgB,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IA4C1D,YAAY,CACvB,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,EACpD,UAAU,CAAC,EAAE,MAAM,GAClB,UAAU,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;IA2MjC,UAAU,CACrB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC,GACjD,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAI/B,WAAW,CACtB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,GAClD,UAAU,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAIhC,WAAW,CACtB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,GAClD,UAAU,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAgDhC,iBAAiB,CAC5B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,mBAAmB,CAAC,CAAC,GACxD,UAAU,CAAC,eAAe,CAAC,mBAAmB,CAAC,CAAC;IAsBtC,WAAW,CACtB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,GAClD,UAAU,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAuBhC,gBAAgB,CAC3B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC,GACvD,UAAU,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC;IAWrC,YAAY,CACvB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC,GACnD,UAAU,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;IA0BjC,4BAA4B,CACvC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,8BAA8B,CAAC,CAAC,GACnE,UAAU,CAAC,eAAe,CAAC,8BAA8B,CAAC,CAAC;IAajD,wBAAwB,CACnC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,0BAA0B,CAAC,CAAC,GAC/D,UAAU,CAAC,eAAe,CAAC,0BAA0B,CAAC,CAAC;IAgB7C,OAAO,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,GAAG,UAAU,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IAahG,OAAO,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,GAAG,UAAU,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;IAahG,UAAU,CACrB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC,GACjD,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAa/B,UAAU,CACrB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC,GACjD,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAa/B,eAAe,CAC1B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC,GACtD,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAapC,eAAe,CAC1B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC,GACtD,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAapC,kBAAkB,CAC7B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC,GACzD,UAAU,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;IAevC,gBAAgB,CAC3B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC,GACvD,UAAU,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC;IAerC,gBAAgB,CAC3B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC,GACvD,UAAU,CAAC,eAAe,CAAC,kBAAkB,CAAC,CAAC;IAcrC,qBAAqB,CAChC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,uBAAuB,CAAC,CAAC,GAC5D,UAAU,CAAC,eAAe,CAAC,uBAAuB,CAAC,CAAC;IAe1C,qBAAqB,CAChC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,uBAAuB,CAAC,CAAC,GAC5D,UAAU,CAAC,eAAe,CAAC,uBAAuB,CAAC,CAAC;IAe1C,oBAAoB,CAC/B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,sBAAsB,CAAC,CAAC,GAC3D,UAAU,CAAC,eAAe,CAAC,sBAAsB,CAAC,CAAC;IAezC,eAAe,CAC1B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC,GACtD,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAIpC,qBAAqB,CAChC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,uBAAuB,CAAC,CAAC,GAC5D,UAAU,CAAC,eAAe,CAAC,uBAAuB,CAAC,CAAC;IAI1C,SAAS,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC,GAAG,UAAU,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;IAItG,kBAAkB,CAC7B,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC,GACzD,UAAU,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;IAIvC,UAAU,CACrB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC,GACjD,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAI/B,UAAU,CACrB,GAAG,IAAI,EAAE,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC,GACjD,UAAU,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAQ5C,oEAAoE;IACpE,OAAO,CAAC,iBAAiB;IAIzB;;;;;;;OAOG;IACH,OAAO,CAAC,eAAe;IAQvB;;;;;;OAMG;IACH,OAAO,CAAC,YAAY;IAOpB;;;;;;OAMG;IACH,OAAO,CAAC,aAAa;IAOrB;;;OAGG;IACH,OAAO,CAAC,eAAe;CAYxB"}