npm - @cartridge/controller - Versions diffs - 0.13.3 → 0.13.5 - Mend

@cartridge/controller 0.13.3 → 0.13.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/.turbo/turbo-build$colon$deps.log +40 -20
package/.turbo/turbo-build.log +38 -18
package/HEADLESS_MODE.md +113 -0
package/LICENSE +16 -0
package/dist/controller.d.ts +9 -2
package/dist/errors.d.ts +10 -0
package/dist/iframe/security.d.ts +10 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +1662 -1244
package/dist/index.js.map +1 -1
package/dist/node/index.cjs +28 -3
package/dist/node/index.cjs.map +1 -1
package/dist/node/index.d.cts +11 -1
package/dist/node/index.d.ts +11 -1
package/dist/node/index.js +26 -4
package/dist/node/index.js.map +1 -1
package/dist/{provider-bC9cKItb.js → provider-NKp7_oNj.js} +134 -116
package/dist/provider-NKp7_oNj.js.map +1 -0
package/dist/session/provider.d.ts +1 -0
package/dist/session.js +13 -10
package/dist/session.js.map +1 -1
package/dist/stats.html +1 -1
package/dist/types.d.ts +20 -1
package/package.json +26 -25
package/src/__tests__/asWalletStandard.test.ts +87 -0
package/src/__tests__/headlessConnectApproval.test.ts +97 -0
package/src/__tests__/iframeSecurity.test.ts +84 -0
package/src/__tests__/parseChainId.test.ts +1 -1
package/src/controller.ts +165 -13
package/src/errors.ts +30 -0
package/src/iframe/base.ts +14 -3
package/src/iframe/keychain.ts +1 -5
package/src/iframe/security.ts +48 -0
package/src/index.ts +1 -0
package/src/session/provider.ts +2 -0
package/src/types.ts +30 -1
package/src/utils.ts +2 -2
package/dist/provider-bC9cKItb.js.map +0 -1

package/src/errors.ts CHANGED Viewed

@@ -5,3 +5,33 @@ export class NotReadyToConnect extends Error {
     Object.setPrototypeOf(this, NotReadyToConnect.prototype);
   }
 }
+export class HeadlessAuthenticationError extends Error {
+  constructor(
+    message: string,
+    public cause?: Error,
+  ) {
+    super(message);
+    this.name = "HeadlessAuthenticationError";
+    Object.setPrototypeOf(this, HeadlessAuthenticationError.prototype);
+  }
+}
+export class InvalidCredentialsError extends HeadlessAuthenticationError {
+  constructor(credentialType: string) {
+    super(`Invalid credentials provided for type: ${credentialType}`);
+    this.name = "InvalidCredentialsError";
+    Object.setPrototypeOf(this, InvalidCredentialsError.prototype);
+  }
+}
+export class HeadlessModeNotSupportedError extends Error {
+  constructor(operation: string) {
+    super(`Operation "${operation}" is not supported in headless mode`);
+    this.name = "HeadlessModeNotSupportedError";
+    Object.setPrototypeOf(this, HeadlessModeNotSupportedError.prototype);
+  }
+}

package/src/iframe/base.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { AsyncMethodReturns, connectToChild } from "@cartridge/penpal";
 import { Modal } from "../types";
+import { buildIframeAllowList, validateKeychainIframeUrl } from "./security";
 export type IFrameOptions<CallSender> = Omit<
   ConstructorParameters<typeof IFrame>[0],
@@ -34,6 +35,7 @@ export class IFrame<CallSender extends {}> implements Modal {
     }
     this.url = url;
+    validateKeychainIframeUrl(url);
     const docHead = document.head;
@@ -53,8 +55,8 @@ export class IFrame<CallSender extends {}> implements Modal {
     iframe.sandbox.add("allow-popups-to-escape-sandbox");
     iframe.sandbox.add("allow-scripts");
     iframe.sandbox.add("allow-same-origin");
-    iframe.allow =
-      "publickey-credentials-create *; publickey-credentials-get *; clipboard-write; local-network-access *; payment *";
+    iframe.allow = buildIframeAllowList(url);
+    iframe.referrerPolicy = "no-referrer";
     iframe.style.scrollbarWidth = "none";
     iframe.style.setProperty("-ms-overflow-style", "none");
     iframe.style.setProperty("-webkit-scrollbar", "none");
@@ -122,12 +124,21 @@ export class IFrame<CallSender extends {}> implements Modal {
     connectToChild<CallSender>({
       iframe: this.iframe,
+      childOrigin: url.origin,
       methods: {
+        open: (_origin: string) => () => this.open(),
         close: (_origin: string) => () => this.close(),
         reload: (_origin: string) => () => window.location.reload(),
         ...methods,
       },
-    }).promise.then(onConnect);
+    })
+      .promise.then(onConnect)
+      .catch((error) => {
+        console.error("Failed to establish secure keychain iframe connection", {
+          error,
+          childOrigin: url.origin,
+        });
+      });
     this.resize();
     window.addEventListener("resize", () => this.resize());

package/src/iframe/keychain.ts CHANGED Viewed

@@ -119,11 +119,7 @@ export class KeychainIFrame extends IFrame<Keychain> {
       methods: {
         ...walletBridge.getIFrameMethods(),
         // Expose callback for keychain to notify parent that session was created and storage access granted
-        onSessionCreated: (_origin: string) => () => {
-          if (onSessionCreated) {
-            onSessionCreated();
-          }
-        },
+        onSessionCreated: (_origin: string) => () => onSessionCreated?.(),
         onStarterpackPlay: (_origin: string) => async () => {
           if (onStarterpackPlayHandler) {
             await onStarterpackPlayHandler();

package/src/iframe/security.ts ADDED Viewed

@@ -0,0 +1,48 @@
+const LOCALHOST_HOSTNAMES = new Set(["localhost", "127.0.0.1", "::1", "[::1]"]);
+export function isLocalhostHostname(hostname: string): boolean {
+  const normalized = hostname.toLowerCase();
+  return (
+    LOCALHOST_HOSTNAMES.has(normalized) || normalized.endsWith(".localhost")
+  );
+}
+/**
+ * Restrict iframe targets to HTTPS in production, while still allowing local HTTP dev.
+ */
+export function validateKeychainIframeUrl(url: URL): void {
+  if (url.username || url.password) {
+    throw new Error("Invalid keychain iframe URL: credentials are not allowed");
+  }
+  if (url.protocol === "https:") {
+    return;
+  }
+  if (url.protocol === "http:" && isLocalhostHostname(url.hostname)) {
+    return;
+  }
+  throw new Error(
+    "Invalid keychain iframe URL: only https:// or local http:// URLs are allowed",
+  );
+}
+/**
+ * Build a conservative allow list for iframe feature policy.
+ * Local network access is only needed for localhost development.
+ */
+export function buildIframeAllowList(url: URL): string {
+  const allowFeatures = [
+    "publickey-credentials-create *",
+    "publickey-credentials-get *",
+    "clipboard-write",
+    "payment *",
+  ];
+  if (isLocalhostHostname(url.hostname)) {
+    allowFeatures.push("local-network-access *");
+  }
+  return allowFeatures.join("; ");
+}

package/src/index.ts CHANGED Viewed

@@ -3,6 +3,7 @@ export * from "./errors";
 export * from "./types";
 export * from "./lookup";
 export * from "./utils";
+export * from "./policies";
 export * from "./wallets";
 export * from "./toast";
 export * from "@cartridge/presets";

package/src/session/provider.ts CHANGED Viewed

@@ -23,6 +23,7 @@ interface SessionRegistration {
   guardianKeyGuid: string;
   metadataHash: string;
   sessionKeyGuid: string;
+  allowedPoliciesRoot?: string;
 }
 export type SessionOptions = {
@@ -314,6 +315,7 @@ export default class SessionProvider extends BaseProvider {
     localStorage.removeItem("sessionPolicies");
     localStorage.removeItem("lastUsedConnector");
     this.account = undefined;
+    this.emitAccountsChanged([]);
     this._username = undefined;
     const disconnectUrl = new URL(`${this._keychainUrl}`);
     disconnectUrl.pathname = "disconnect";

package/src/types.ts CHANGED Viewed

@@ -131,7 +131,7 @@ export type ControllerAccounts = Record<ContractAddress, CartridgeID>;
 export interface Keychain {
   probe(rpcUrl: string): Promise<ProbeReply | ConnectError>;
-  connect(signupOptions?: AuthOptions): Promise<ConnectReply | ConnectError>;
+  connect(options?: ConnectOptions): Promise<ConnectReply | ConnectError>;
   disconnect(): void;
   reset(): void;
@@ -276,3 +276,32 @@ export type StarterpackOptions = {
   /** Callback fired after the Play button closes the starterpack modal */
   onPurchaseComplete?: () => void;
 };
+// Connect options (used by controller.connect)
+export interface ConnectOptions {
+  /** Signup options (shown in UI when not headless) */
+  signupOptions?: AuthOptions;
+  /** Headless mode username (when combined with signer) */
+  username?: string;
+  /** Headless mode signer option (auth method) */
+  signer?: AuthOption;
+  /** Required when signer is "password" */
+  password?: string;
+}
+export type HeadlessConnectOptions = Required<
+  Pick<ConnectOptions, "username" | "signer">
+> &
+  Pick<ConnectOptions, "password">;
+export type HeadlessConnectReply =
+  | {
+      code: ResponseCodes.SUCCESS;
+      address: string;
+    }
+  | {
+      code: ResponseCodes.USER_INTERACTION_REQUIRED;
+      requestId: string;
+      message?: string;
+    }
+  | ConnectError;

package/src/utils.ts CHANGED Viewed

@@ -129,7 +129,7 @@ export function toWasmPolicies(policies: ParsedSessionPolicies): Policy[] {
             return {
               target,
               method: hash.getSelectorFromName(m.entrypoint),
-              authorized: m.authorized,
+              authorized: !!m.authorized,
             };
           }),
       ),
@@ -149,7 +149,7 @@ export function toWasmPolicies(policies: ParsedSessionPolicies): Policy[] {
         return {
           scope_hash: hash.computePoseidonHash(domainHash, typeHash),
-          authorized: p.authorized,
+          authorized: !!p.authorized,
         };
       })
       .sort((a, b) =>

package/dist/provider-bC9cKItb.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"provider-bC9cKItb.js","sources":["../src/wallets/types.ts","../src/types.ts","../src/utils.ts","../src/constants.ts","../src/errors.ts","../../../node_modules/.pnpm/@starknet-io+types-js@0.8.4/node_modules/@starknet-io/types-js/dist/esm/wallet-api/constants.js","../src/icon.ts","../src/mutex.ts","../src/provider.ts"],"sourcesContent":["export const AUTH_EXTERNAL_WALLETS = [\n \"metamask\",\n \"rabby\",\n \"phantom-evm\",\n] as const;\nexport type AuthExternalWallet = (typeof AUTH_EXTERNAL_WALLETS)[number];\n\nexport const EXTRA_EXTERNAL_WALLETS = [\n \"argent\",\n \"braavos\",\n \"phantom\",\n \"base\",\n] as const;\nexport type ExtraExternalWallet = (typeof EXTRA_EXTERNAL_WALLETS)[number];\n\nexport const EXTERNAL_WALLETS = [\n ...AUTH_EXTERNAL_WALLETS,\n ...EXTRA_EXTERNAL_WALLETS,\n] as const;\n\nexport type ExternalWalletType = (typeof EXTERNAL_WALLETS)[number];\n\nexport type ExternalPlatform =\n | \"starknet\"\n | \"ethereum\"\n | \"solana\"\n | \"base\"\n | \"arbitrum\"\n | \"optimism\";\n\nexport interface ExternalWallet {\n type: ExternalWalletType;\n available: boolean;\n version?: string;\n chainId?: string;\n name?: string;\n platform?: ExternalPlatform;\n connectedAccounts?: string[];\n}\n\nexport interface ExternalWalletResponse<T = unknown> {\n success: boolean;\n wallet: ExternalWalletType;\n result?: T;\n error?: string;\n account?: string;\n}\n\nexport interface WalletAdapter {\n type: ExternalWalletType;\n platform: ExternalPlatform | undefined;\n\n // Methods\n isAvailable(): boolean;\n getInfo(): ExternalWallet;\n getConnectedAccounts(): string[];\n connect(): Promise<ExternalWalletResponse<any>>;\n signMessage?(\n message: string,\n address?: string,\n ): Promise<ExternalWalletResponse<any>>;\n signTypedData?(data: any): Promise<ExternalWalletResponse<any>>;\n sendTransaction(tx: any): Promise<ExternalWalletResponse<any>>;\n getBalance(tokenAddress?: string): Promise<ExternalWalletResponse<any>>;\n switchChain(chainId: string): Promise<boolean>;\n waitForTransaction(\n txHash: string,\n timeoutMs?: number,\n ): Promise<ExternalWalletResponse<any>>;\n disconnect?(): void;\n}\n","import { Policy, SessionPolicies } from \"@cartridge/presets\";\nimport {\n AddInvokeTransactionResult,\n ChainId,\n Signature,\n TypedData,\n} from \"@starknet-io/types-js\";\nimport {\n Abi,\n BigNumberish,\n Call,\n constants,\n InvocationsDetails,\n} from \"starknet\";\nimport { KeychainIFrame } from \"./iframe\";\nimport {\n AUTH_EXTERNAL_WALLETS,\n EXTERNAL_WALLETS,\n ExternalWallet,\n ExternalWalletResponse,\n ExternalWalletType,\n} from \"./wallets/types\";\n\nexport type KeychainSession = {\n chainId: constants.StarknetChainId;\n policies: Policy[];\n maxFee: BigNumberish;\n expiresAt: bigint;\n credentials: {\n authorization: string[];\n privateKey: string;\n };\n};\n\nexport const EMBEDDED_WALLETS = [\n \"google\",\n \"webauthn\",\n \"discord\",\n \"walletconnect\",\n \"password\",\n] as const;\n\nexport type EmbeddedWallet = (typeof EMBEDDED_WALLETS)[number];\n\nexport const ALL_AUTH_OPTIONS = [\n ...EMBEDDED_WALLETS,\n ...EXTERNAL_WALLETS,\n] as const;\n\nexport type AuthOption = (typeof ALL_AUTH_OPTIONS)[number];\n\nexport const IMPLEMENTED_AUTH_OPTIONS = [\n ...EMBEDDED_WALLETS,\n ...AUTH_EXTERNAL_WALLETS,\n];\n\nexport type AuthOptions = (typeof IMPLEMENTED_AUTH_OPTIONS)[number][];\n\nexport enum ResponseCodes {\n SUCCESS = \"SUCCESS\",\n NOT_CONNECTED = \"NOT_CONNECTED\",\n ERROR = \"ERROR\",\n CANCELED = \"CANCELED\",\n USER_INTERACTION_REQUIRED = \"USER_INTERACTION_REQUIRED\",\n}\n\nexport type ConnectError = {\n code: ResponseCodes;\n message: string;\n error?: ControllerError;\n};\n\nexport type ControllerError = {\n code: Number;\n message: string;\n data?: any;\n};\n\nexport type ConnectReply = {\n code: ResponseCodes.SUCCESS;\n address: string;\n policies?: SessionPolicies;\n};\n\nexport type ExecuteReply =\n | (AddInvokeTransactionResult & {\n code: ResponseCodes.SUCCESS;\n })\n | {\n code: ResponseCodes.USER_INTERACTION_REQUIRED;\n };\n\nexport type ProbeReply = {\n code: ResponseCodes.SUCCESS;\n address: string;\n rpcUrl?: string;\n};\n\nexport type DeployReply = {\n code: ResponseCodes.SUCCESS;\n transaction_hash: string;\n};\n\nexport type IFrames = {\n keychain?: KeychainIFrame;\n version?: number;\n};\n\nexport interface LookupRequest {\n usernames?: string[];\n addresses?: string[];\n}\n\nexport interface LookupResult {\n username: string;\n addresses: string[];\n}\n\nexport interface LookupResponse {\n results: LookupResult[];\n}\n\nexport enum FeeSource {\n PAYMASTER = \"PAYMASTER\",\n CREDITS = \"CREDITS\",\n}\n\ntype ContractAddress = string;\ntype CartridgeID = string;\nexport type ControllerAccounts = Record<ContractAddress, CartridgeID>;\n\nexport interface Keychain {\n probe(rpcUrl: string): Promise<ProbeReply | ConnectError>;\n connect(signupOptions?: AuthOptions): Promise<ConnectReply | ConnectError>;\n disconnect(): void;\n\n reset(): void;\n revoke(origin: string): void;\n\n deploy(): Promise<DeployReply | ConnectError>;\n execute(\n calls: Call | Call[],\n abis?: Abi[],\n transactionsDetail?: InvocationsDetails,\n sync?: boolean,\n feeSource?: any,\n error?: ControllerError,\n ): Promise<ExecuteReply | ConnectError>;\n signMessage(\n typedData: TypedData,\n account: string,\n async?: boolean,\n ): Promise<Signature | ConnectError>;\n openSettings(): Promise<void | ConnectError>;\n session(): Promise<KeychainSession>;\n sessions(): Promise<{\n [key: string]: KeychainSession;\n }>;\n delegateAccount(): string;\n username(): string;\n openPurchaseCredits(): void;\n openExecute(calls: Call[]): Promise<void>;\n switchChain(rpcUrl: string): Promise<void>;\n openStarterPack(\n id: string | number,\n options?: StarterpackOptions,\n ): Promise<void>;\n navigate(path: string): Promise<void>;\n\n // External wallet methods\n externalDetectWallets(): Promise<ExternalWallet[]>;\n externalConnectWallet(\n type: ExternalWalletType,\n address?: string,\n ): Promise<ExternalWalletResponse>;\n externalSignMessage(\n type: ExternalWalletType,\n message: string,\n ): Promise<ExternalWalletResponse>;\n externalSignTypedData(\n type: ExternalWalletType,\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n data: any,\n ): Promise<ExternalWalletResponse>;\n externalGetBalance(\n type: ExternalWalletType,\n tokenAddress?: string,\n ): Promise<ExternalWalletResponse>;\n externalSwitchChain(\n type: ExternalWalletType,\n chainId: string,\n ): Promise<boolean>;\n}\n\nexport interface Profile {\n navigate(path: string): void;\n switchChain(rpcUrl: string): Promise<void>;\n}\n\nexport interface Modal {\n open: () => void;\n close: () => void;\n}\n\n/**\n * Options for configuring the controller\n */\nexport type ControllerOptions = ProviderOptions & KeychainOptions;\n\nexport type IFrameOptions = {\n /** The ID of the starter pack to use */\n starterPackId?: string;\n /** The preset to use */\n preset?: string;\n};\n\nexport type Chain = {\n rpcUrl: string;\n};\n\nexport type ProviderOptions = {\n defaultChainId?: ChainId;\n chains?: Chain[];\n};\n\nexport type KeychainOptions = IFrameOptions & {\n policies?: SessionPolicies;\n /** The URL of keychain */\n url?: string;\n /** The origin of keychain */\n origin?: string;\n /** The RPC URL to use (derived from defaultChainId) */\n rpcUrl?: string;\n /** Propagate transaction errors back to caller instead of showing modal */\n propagateSessionErrors?: boolean;\n /** How to display transaction/execution errors to the user ('modal' | 'notification' | 'silent'). Defaults to 'modal'. */\n errorDisplayMode?: \"modal\" | \"notification\" | \"silent\";\n /** The fee source to use for execute from outside */\n feeSource?: FeeSource;\n /** Signup options (the order of the options is reflected in the UI. It's recommended to group socials and wallets together ) */\n signupOptions?: AuthOptions;\n /** When true, manually provided policies will override preset policies. Default is false. */\n shouldOverridePresetPolicies?: boolean;\n /** The project name of Slot instance. */\n slot?: string;\n /** The namespace to use to fetch trophies data from indexer. Will be mandatory once profile page is in production */\n namespace?: string;\n /** The tokens to be listed on Inventory modal */\n tokens?: Tokens;\n /** When true, defer iframe mounting until connect() is called. Reduces initial load and resource fetching. */\n lazyload?: boolean;\n};\n\nexport type ProfileContextTypeVariant =\n | \"inventory\"\n | \"trophies\"\n | \"achievements\"\n | \"quests\"\n | \"leaderboard\"\n | \"activity\";\n\nexport type Token = \"eth\" | \"strk\" | \"lords\" | \"usdc\" | \"usdt\";\n\nexport type Tokens = {\n erc20?: Token[];\n};\n\nexport type OpenOptions = {\n /** The URL to redirect to after authentication (defaults to current page) */\n redirectUrl?: string;\n};\n\nexport type StarterpackOptions = {\n /** The preimage to use */\n preimage?: string;\n /** Callback fired after the Play button closes the starterpack modal */\n onPurchaseComplete?: () => void;\n};\n","import { Policy, ApprovalPolicy } from \"@cartridge/controller-wasm/controller\";\nimport { Policies, SessionPolicies } from \"@cartridge/presets\";\nimport { ChainId } from \"@starknet-io/types-js\";\nimport {\n addAddressPadding,\n Call,\n CallData,\n constants,\n getChecksumAddress,\n hash,\n shortString,\n typedData,\n TypedDataRevision,\n} from \"starknet\";\nimport { ParsedSessionPolicies } from \"./policies\";\n\n// Whitelist of allowed property names to prevent prototype pollution\nconst ALLOWED_PROPERTIES = new Set([\n \"contracts\",\n \"messages\",\n \"target\",\n \"method\",\n \"name\",\n \"description\",\n \"types\",\n \"domain\",\n \"primaryType\",\n]);\n\nfunction validatePropertyName(prop: string): void {\n if (!ALLOWED_PROPERTIES.has(prop)) {\n throw new Error(`Invalid property name: ${prop}`);\n }\n}\n\nfunction safeObjectAccess<T>(obj: any, prop: string): T {\n validatePropertyName(prop);\n return obj[prop];\n}\n\nexport function normalizeCalls(calls: Call | Call[]) {\n return toArray(calls).map((call) => {\n return {\n entrypoint: call.entrypoint,\n contractAddress: addAddressPadding(call.contractAddress),\n calldata: CallData.toHex(call.calldata),\n };\n });\n}\n\nexport function toSessionPolicies(policies: Policies): SessionPolicies {\n return Array.isArray(policies)\n ? policies.reduce<SessionPolicies>(\n (prev, p) => {\n if (safeObjectAccess<string>(p, \"target\")) {\n const target = getChecksumAddress(\n safeObjectAccess<string>(p, \"target\"),\n );\n const entrypoint = safeObjectAccess<string>(p, \"method\");\n const contracts = safeObjectAccess<Record<string, any>>(\n prev,\n \"contracts\",\n );\n const item = {\n name: humanizeString(entrypoint),\n entrypoint: entrypoint,\n description: safeObjectAccess<string>(p, \"description\"),\n };\n\n if (target in contracts) {\n const methods = toArray(contracts[target].methods);\n contracts[target] = {\n methods: [...methods, item],\n };\n } else {\n contracts[target] = {\n methods: [item],\n };\n }\n } else {\n const messages = safeObjectAccess<any[]>(prev, \"messages\");\n messages.push(p);\n }\n\n return prev;\n },\n { contracts: {}, messages: [] },\n )\n : policies;\n}\n\n/**\n * Converts parsed session policies to WASM-compatible Policy objects.\n *\n * IMPORTANT: Policies are sorted canonically before hashing. Without this,\n * Object.keys/entries reordering can cause identical policies to produce\n * different merkle roots, leading to \"session/not-registered\" errors.\n * See: https://github.com/cartridge-gg/controller/issues/2357\n */\nexport function toWasmPolicies(policies: ParsedSessionPolicies): Policy[] {\n return [\n ...Object.entries(policies.contracts ?? {})\n .sort(([a], [b]) => a.toLowerCase().localeCompare(b.toLowerCase()))\n .flatMap(([target, { methods }]) =>\n toArray(methods)\n .slice()\n .sort((a, b) => a.entrypoint.localeCompare(b.entrypoint))\n .map((m): Policy => {\n // Check if this is an approve entrypoint with spender and amount\n if (m.entrypoint === \"approve\") {\n if (\"spender\" in m && \"amount\" in m && m.spender && m.amount) {\n const approvalPolicy: ApprovalPolicy = {\n target,\n spender: m.spender,\n amount: String(m.amount),\n };\n return approvalPolicy;\n }\n\n // Fall back to CallPolicy with deprecation warning\n console.warn(\n `[DEPRECATED] Approve method without spender and amount fields will be rejected in future versions. ` +\n `Please update your preset or policies to include both 'spender' and 'amount' fields for approve calls on contract ${target}. ` +\n `Example: { entrypoint: \"approve\", spender: \"0x...\", amount: \"0x...\" }`,\n );\n }\n\n // For non-approve methods and legacy approve, create a regular CallPolicy\n return {\n target,\n method: hash.getSelectorFromName(m.entrypoint),\n authorized: m.authorized,\n };\n }),\n ),\n ...(policies.messages ?? [])\n .map((p) => {\n const domainHash = typedData.getStructHash(\n p.types,\n \"StarknetDomain\",\n p.domain,\n TypedDataRevision.ACTIVE,\n );\n const typeHash = typedData.getTypeHash(\n p.types,\n p.primaryType,\n TypedDataRevision.ACTIVE,\n );\n\n return {\n scope_hash: hash.computePoseidonHash(domainHash, typeHash),\n authorized: p.authorized,\n };\n })\n .sort((a, b) =>\n a.scope_hash.toString().localeCompare(b.scope_hash.toString()),\n ),\n ];\n}\n\nexport function toArray<T>(val: T | T[]): T[] {\n return Array.isArray(val) ? val : [val];\n}\n\nexport function humanizeString(str: string): string {\n return (\n str\n // Convert from camelCase or snake_case\n .replace(/([a-z])([A-Z])/g, \"$1 $2\") // camelCase to spaces\n .replace(/_/g, \" \") // snake_case to spaces\n .toLowerCase()\n // Capitalize first letter\n .replace(/^\\w/, (c) => c.toUpperCase())\n );\n}\n\nexport function parseChainId(url: URL): ChainId {\n const parts = url.pathname.split(\"/\");\n const isCartridgeHost = url.hostname === \"api.cartridge.gg\";\n\n // Handle non-Cartridge hosts by making a synchronous call to getChainId\n if (!isCartridgeHost) {\n // Check if we're in a browser environment\n if (typeof XMLHttpRequest === \"undefined\") {\n // In Node.js environment (like tests), we can't make synchronous HTTP calls\n // For now, we'll use a placeholder chainId for non-Cartridge hosts in tests\n console.warn(\n `Cannot make synchronous HTTP call in Node.js environment for ${url.toString()}`,\n );\n return shortString.encodeShortString(\"LOCALHOST\") as ChainId;\n }\n\n // Use a synchronous XMLHttpRequest to get the chain ID\n const xhr = new XMLHttpRequest();\n xhr.open(\"POST\", url.toString(), false); // false makes it synchronous\n xhr.setRequestHeader(\"Content-Type\", \"application/json\");\n\n const requestBody = JSON.stringify({\n jsonrpc: \"2.0\",\n method: \"starknet_chainId\",\n params: [],\n id: 1,\n });\n\n try {\n xhr.send(requestBody);\n\n if (xhr.status === 200) {\n const response = JSON.parse(xhr.responseText);\n if (response.result) {\n return response.result as ChainId;\n }\n }\n\n throw new Error(\n `Failed to get chain ID from ${url.toString()}: ${xhr.status} ${xhr.statusText}`,\n );\n } catch (error) {\n throw new Error(`Failed to connect to ${url.toString()}: ${error}`);\n }\n }\n\n if (parts.includes(\"starknet\")) {\n if (parts.includes(\"mainnet\")) {\n return constants.StarknetChainId.SN_MAIN;\n } else if (parts.includes(\"sepolia\")) {\n return constants.StarknetChainId.SN_SEPOLIA;\n }\n } else if (parts.length >= 3) {\n const projectName = parts[2];\n if (parts.includes(\"katana\")) {\n return shortString.encodeShortString(\n `WP_${projectName.toUpperCase().replace(/-/g, \"_\")}`,\n ) as ChainId;\n } else if (parts.includes(\"mainnet\")) {\n return shortString.encodeShortString(\n `GG_${projectName.toUpperCase().replace(/-/g, \"_\")}`,\n ) as ChainId;\n }\n }\n\n throw new Error(`Chain ${url.toString()} not supported`);\n}\n\nexport function isMobile() {\n return (\n window.matchMedia(\"(max-width: 768px)\").matches ||\n \"ontouchstart\" in window ||\n navigator.maxTouchPoints > 0\n );\n}\n\n// Sanitize image src to prevent XSS\nexport function sanitizeImageSrc(src: string): string {\n // Allow only http/https URLs (absolute)\n try {\n const url = new URL(src, window.location.origin);\n if (url.protocol === \"http:\" || url.protocol === \"https:\") {\n return url.href;\n }\n } catch (_) {\n // If invalid, fall through to fallback src below\n }\n // Fallback image (transparent pixel or default)\n return \"data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\";\n}\n","export const KEYCHAIN_URL = \"https://x.cartridge.gg\";\nexport const PROFILE_URL = \"https://profile.cartridge.gg\";\nexport const API_URL = \"https://api.cartridge.gg\";\n","export class NotReadyToConnect extends Error {\n constructor() {\n super(\"Not ready to connect\");\n\n Object.setPrototypeOf(this, NotReadyToConnect.prototype);\n }\n}\n","export const Permission = {\n ACCOUNTS: 'accounts',\n};\n//# sourceMappingURL=constants.js.map","export const icon =\n \"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iODAwIiBoZWlnaHQ9IjgwMCIgdmlld0JveD0iMCAwIDgwMCA4MDAiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGZpbHRlcj0idXJsKCNmaWx0ZXIwX2RfNTExMl83ODIpIj4KPHBhdGggZD0iTTQ2OS4yMzYgNzBDNDgyLjM5IDcwIDQ5My4wNTMgODAuNjYzIDQ5My4wNTMgOTMuODE2NFYxNDcuMTQ3TDUxNS4zMzggMTQ3LjE0N0w1MTUuNDI4IDE0Ny4xNDdMNTE1LjU1NCAxNDcuMTQ3TDUxNS44MjYgMTQ3LjE0OUM1MTYuMDE2IDE0Ny4xNTEgNTE2LjIyNSAxNDcuMTUzIDUxNi40NTEgMTQ3LjE1N0M1MTYuOTA0IDE0Ny4xNjQgNTE3LjQyOCAxNDcuMTc2IDUxOC4wMiAxNDcuMTk1QzUxOS4yMDEgMTQ3LjIzNCA1MjAuNjYgMTQ3LjMwNCA1MjIuMzYxIDE0Ny40MjRDNTI1Ljc0MSAxNDcuNjYzIDUzMC4xODUgMTQ4LjExNCA1MzUuMzYzIDE0OC45NjlDNTQ1LjAwMSAxNTAuNTYyIDU1OC41NTYgMTUzLjc4IDU3Mi45MTggMTYwLjYwM0w3MzAuNDIgMjI2LjY3MUw3MzIuMTAxIDIyNy41MDVDNzcxLjc4NyAyNDcuMTc3IDc4OS45OTMgMjg2LjI5NiA3ODkuOTkzIDMyMi4wMzZWNTg1Ljg2NUM3ODkuOTkzIDU4Ni4wNTQgNzg5Ljk5NCA1ODYuMjU0IDc4OS45OTQgNTg2LjQ2M0w3ODkuOTk2IDU4Ni45MTNDNzkwLjAzOCA1OTcuMDk2IDc5MC4xNjEgNjI2Ljk5NiA3NjQuMjMxIDY1Mi44MjNMNzE0Ljc2IDcwMi4wOTVMNzE0LjY0MSA3MDIuMjE1QzcwNC42MDEgNzEyLjI3NSA2OTIuMTIzIDcyMC42NTIgNjc2LjI4NCA3MjQuODc5QzY2NC4zOSA3MjguMDU0IDY1Mi44MjcgNzI3Ljk2NiA2NDguNjM3IDcyNy45MzRMNjQ4LjYxOSA3MjcuOTMzQzY0OC40MDkgNzI3LjkzMiA2NDguMjE5IDcyNy45MyA2NDguMDQ3IDcyNy45M0w2NDcuNzUyIDcyNy45MjlINDgwLjcyMUM0NzQuMDk0IDcyNy45MjkgNDY4LjcyMSA3MjIuNTU2IDQ2OC43MjEgNzE1LjkyOVY2NjguMzg4SDMyOC41ODZDMzI4LjU4NiA2NzIuNjI5IDMyOC41NzIgNjk4LjA1MiAzMjguNTYxIDcxNS45NDRDMzI4LjU1NyA3MjIuNTY5IDMyMy4xODYgNzI3LjkyOSAzMTYuNTYxIDcyNy45MjlIMTUyLjI0NkMxNTIuMTA0IDcyNy45MjkgMTUxLjk0MiA3MjcuOTI5IDE1MS43NjIgNzI3LjkzMUwxNTEuMzYyIDcyNy45MzRDMTQ3LjE3MiA3MjcuOTY2IDEzNS42MDkgNzI4LjA1NCAxMjMuNzE0IDcyNC44NzlDMTA3Ljg3MyA3MjAuNjUxIDk1LjM5MzggNzEyLjI3MiA4NS4zNTI5IDcwMi4yMUw4NS4yMzg2IDcwMi4wOTVMMzUuNjcgNjUyLjcyNUwzNS41NzIzIDY1Mi42MjdDOS44NjI0MiA2MjYuNzggOS45NjY3IDU5Ny4xODUgMTAuMDAzIDU4Ni44NzRDMTAuMDA0MyA1ODYuNTEzIDEwLjAwNTUgNTg2LjE3NyAxMC4wMDU1IDU4NS44NjVWMzIyLjAzNkMxMC4wMDU1IDI4Ni40MyAyOC4xNjYyIDI0Ny4xOTkgNjcuODk3NyAyMjcuNTA1TDY5LjU3OSAyMjYuNjcxTDIyNy4wODEgMTYwLjYwM0MyNDEuNDQzIDE1My43OCAyNTQuOTk4IDE1MC41NjIgMjY0LjYzNiAxNDguOTY5QzI2OS44MTQgMTQ4LjExNCAyNzQuMjU4IDE0Ny42NjMgMjc3LjYzOCAxNDcuNDI0QzI3OS4zMzggMTQ3LjMwNCAyODAuNzk4IDE0Ny4yMzQgMjgxLjk3OSAxNDcuMTk1QzI4Mi41NzEgMTQ3LjE3NiAyODMuMDk1IDE0Ny4xNjQgMjgzLjU0NyAxNDcuMTU3TDI4My45MTcgMTQ3LjE1MkwyODQuMTczIDE0Ny4xNDlMMjg0LjQ0NSAxNDcuMTQ3TDI4NC41NzEgMTQ3LjE0N0wyODQuNjYgMTQ3LjE0N0wzMDYuOTQyIDE0Ny4xNDdWOTMuODE2NEMzMDYuOTQyIDgwLjY2MyAzMTcuNjA1IDcwIDMzMC43NTggNzBINDY5LjIzNloiIGZpbGw9IiMxOTFBMUEiLz4KPHBhdGggZD0iTTM2Ni40ODMgMTI5LjU0SDQzMy41MTJWMjA2LjY4N0gzNjYuNDgzVjEyOS41NFoiIGZpbGw9IiNGQkNCNEEiLz4KPHBhdGggZD0iTTI2OS4wMSA2MDIuNDI5SDE0NC4wMDhDMTM1Ljc2OCA2MDIuNDI5IDEzNS43NjggNTk0LjE0NiAxMzUuNzY4IDU5NC4xNDZWMjgwLjg1QzEzNS43NjggMjgwLjg1IDEzNS43NjggMjcyLjY0NCAxNDQuMDA4IDI3Mi42NDRIMzY2LjQ4M0wzNjYuNDgzIDIwNi42ODdIMjg0LjY5QzI4NC42OSAyMDYuNjg3IDI2OC4xMzQgMjA2LjY4NyAyNTEuNTc5IDIxNC44OTNMOTQuMzQxNCAyODAuODVDNzcuNzg2MSAyODkuMDU3IDY5LjU0NjkgMzA1LjYyMyA2OS41NDY5IDMyMi4wMzVWNTg1Ljg2M0M2OS41NDY5IDU5NC4xNDcgNjkuNTQ2OSA2MDIuMzUzIDc3Ljc4NjEgNjEwLjYzNkwxMjcuNDUyIDY2MC4xMDRDMTM1LjY5MSA2NjguMzg3IDE0MS45MjggNjY4LjM4NyAxNTIuMjQ3IDY2OC4zODdIMjY5LjAyOUMyNjkuMDM3IDY0OC4zNCAyNjkuMDQ2IDYyNC42NTUgMjY5LjA1NCA2MDIuODg3SDUyOC4wMTNWNjY4LjM4N0g2NDcuNzUzQzY1OC4wNzEgNjY4LjM4NyA2NjQuMzA4IDY2OC4zODcgNjcyLjU0NyA2NjAuMTA0TDcyMi4yMTMgNjEwLjYzNkM3MzAuNDUzIDYwMi40MjkgNzMwLjQ1MyA1OTQuMTQ3IDczMC40NTMgNTg1Ljg2M1YzMjIuMDM1QzczMC40NTMgMzA1LjU0NiA3MjIuMjEzIDI4OS4wNTcgNzA1LjY1OCAyODAuODVMNTQ4LjQyMSAyMTQuODkzQzUzMS44NjUgMjA2LjY4NyA1MTUuMzEgMjA2LjY4NyA1MTUuMzEgMjA2LjY4N0g0MzMuNTEyTDQzMy41MTIgMjcyLjY0NEg2NTYuMDY5QzY2NC4zMDggMjcyLjY0NCA2NjQuMzA4IDI4MC44NSA2NjQuMzA4IDI4MC44NVY1OTQuMTQ2QzY2NC4zMDggNTk0LjE0NiA2NjQuMzA4IDYwMi40MjkgNjU2LjA2OSA2MDIuNDI5SDUyOC4yNjJWNTM3LjM5NkgyNjkuMDc1QzI2OS4wNzUgNTQzLjcwNyAyNjkuMDE3IDU5Ni45MTIgMjY5LjAxIDYwMi40MjlaIiBmaWxsPSIjRkJDQjRBIi8+CjxwYXRoIGQ9Ik0yNjkuMDA5IDQzNi4xNzJINTI4LjI2MlYzNzAuNjgxSDI2OS4wNzVDMjY5LjA3NSAzNzcuMzczIDI2OS4wMDkgNDM2Ljc4OCAyNjkuMDA5IDQzNi4xNzJaIiBmaWxsPSIjRkJDQjRBIi8+CjwvZz4KPGRlZnM+CjxmaWx0ZXIgaWQ9ImZpbHRlcjBfZF81MTEyXzc4MiIgeD0iLTQiIHk9IjAiIHdpZHRoPSI4MDgiIGhlaWdodD0iODA4IiBmaWx0ZXJVbml0cz0idXNlclNwYWNlT25Vc2UiIGNvbG9yLWludGVycG9sYXRpb24tZmlsdGVycz0ic1JHQiI+CjxmZUZsb29kIGZsb29kLW9wYWNpdHk9IjAiIHJlc3VsdD0iQmFja2dyb3VuZEltYWdlRml4Ii8+CjxmZUNvbG9yTWF0cml4IGluPSJTb3VyY2VBbHBoYSIgdHlwZT0ibWF0cml4IiB2YWx1ZXM9IjAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDEyNyAwIiByZXN1bHQ9ImhhcmRBbHBoYSIvPgo8ZmVPZmZzZXQgZHk9IjQiLz4KPGZlR2F1c3NpYW5CbHVyIHN0ZERldmlhdGlvbj0iMiIvPgo8ZmVDb21wb3NpdGUgaW4yPSJoYXJkQWxwaGEiIG9wZXJhdG9yPSJvdXQiLz4KPGZlQ29sb3JNYXRyaXggdHlwZT0ibWF0cml4IiB2YWx1ZXM9IjAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDAuMjUgMCIvPgo8ZmVCbGVuZCBtb2RlPSJub3JtYWwiIGluMj0iQmFja2dyb3VuZEltYWdlRml4IiByZXN1bHQ9ImVmZmVjdDFfZHJvcFNoYWRvd181MTEyXzc4MiIvPgo8ZmVCbGVuZCBtb2RlPSJub3JtYWwiIGluPSJTb3VyY2VHcmFwaGljIiBpbjI9ImVmZmVjdDFfZHJvcFNoYWRvd181MTEyXzc4MiIgcmVzdWx0PSJzaGFwZSIvPgo8L2ZpbHRlcj4KPC9kZWZzPgo8L3N2Zz4K\";\n","function releaseStub() {}\n\n/**\n * A simple mutual exclusion lock. It allows you to obtain and release a lock,\n * ensuring that only one task can access a critical section at a time.\n */\nexport class Mutex {\n private m_lastPromise: Promise<void> = Promise.resolve();\n\n /**\n * Acquire lock\n * @param [bypass=false] option to skip lock acquisition\n */\n public async obtain(bypass = false): Promise<() => void> {\n let release = releaseStub;\n if (bypass) return release;\n const lastPromise = this.m_lastPromise;\n this.m_lastPromise = new Promise<void>((resolve) => (release = resolve));\n await lastPromise;\n return release;\n }\n}\n","import {\n AddInvokeTransactionParameters,\n AddStarknetChainParameters,\n Permission,\n RequestAccountsParameters,\n RequestFn,\n StarknetWindowObject,\n SwitchStarknetChainParameters,\n TypedData,\n UNEXPECTED_ERROR,\n WalletEventHandlers,\n WalletEventListener,\n WalletEvents,\n} from \"@starknet-io/types-js\";\nimport { WalletAccount } from \"starknet\";\nimport manifest from \"../package.json\";\n\nimport { icon } from \"./icon\";\nimport { Mutex } from \"./mutex\";\n\nconst mutex = new Mutex();\n\nexport default abstract class BaseProvider implements StarknetWindowObject {\n public id = \"controller\";\n public name = \"Controller\";\n public version = manifest.version;\n public icon = icon;\n\n public account?: WalletAccount;\n public subscriptions: WalletEvents[] = [];\n\n private _probePromise: Promise<WalletAccount | undefined> | null = null;\n\n protected async safeProbe(): Promise<WalletAccount | undefined> {\n // If we already have an account, return it\n if (this.account) {\n return this.account;\n }\n\n // If we're already probing, wait for the existing probe\n if (this._probePromise) {\n return this._probePromise;\n }\n\n const release = await mutex.obtain();\n return await new Promise<WalletAccount | undefined>(async (resolve) => {\n try {\n this._probePromise = this.probe();\n const result = await this._probePromise;\n resolve(result);\n } finally {\n this._probePromise = null;\n }\n }).finally(() => {\n release();\n });\n }\n\n request: RequestFn = async (call) => {\n switch (call.type) {\n case \"wallet_getPermissions\":\n await this.safeProbe();\n\n if (this.account) {\n return [Permission.ACCOUNTS];\n }\n\n return [];\n\n case \"wallet_requestAccounts\": {\n if (this.account) {\n return [this.account.address];\n }\n\n const silentMode =\n call.params && (call.params as RequestAccountsParameters).silent_mode;\n\n this.account = await this.safeProbe();\n\n if (!this.account && !silentMode) {\n this.account = await this.connect();\n }\n\n if (this.account) {\n return [this.account.address];\n }\n\n return [];\n }\n\n case \"wallet_watchAsset\":\n throw {\n code: 63,\n message: \"An unexpected error occurred\",\n data: \"wallet_watchAsset not implemented\",\n } as UNEXPECTED_ERROR;\n\n case \"wallet_addStarknetChain\": {\n let params = call.params as AddStarknetChainParameters;\n return this.addStarknetChain(params);\n }\n\n case \"wallet_switchStarknetChain\": {\n let params = call.params as SwitchStarknetChainParameters;\n return this.switchStarknetChain(params.chainId);\n }\n\n case \"wallet_requestChainId\":\n if (!this.account) {\n throw {\n code: 63,\n message: \"An unexpected error occurred\",\n data: \"Account not initialized\",\n } as UNEXPECTED_ERROR;\n }\n\n return await this.account.getChainId();\n\n case \"wallet_deploymentData\":\n throw {\n code: 63,\n message: \"An unexpected error occurred\",\n data: \"wallet_deploymentData not implemented\",\n } as UNEXPECTED_ERROR;\n\n case \"wallet_addInvokeTransaction\":\n if (!this.account) {\n throw {\n code: 63,\n message: \"An unexpected error occurred\",\n data: \"Account not initialized\",\n } as UNEXPECTED_ERROR;\n }\n\n let params = call.params as AddInvokeTransactionParameters;\n return await this.account.execute(\n params.calls.map((call) => ({\n contractAddress: call.contract_address,\n entrypoint: call.entry_point,\n calldata: call.calldata,\n })),\n );\n\n case \"wallet_addDeclareTransaction\":\n throw {\n code: 63,\n message: \"An unexpected error occurred\",\n data: \"wallet_addDeclareTransaction not implemented\",\n } as UNEXPECTED_ERROR;\n\n case \"wallet_signTypedData\": {\n if (!this.account) {\n throw {\n code: 63,\n message: \"An unexpected error occurred\",\n data: \"Account not initialized\",\n } as UNEXPECTED_ERROR;\n }\n\n return await this.account.signMessage(call.params as TypedData);\n }\n\n case \"wallet_supportedSpecs\":\n return [];\n case \"wallet_supportedWalletApi\":\n return [];\n default:\n throw {\n code: 63,\n message: \"An unexpected error occurred\",\n data: `Unknown RPC call type: ${call.type}`,\n } as UNEXPECTED_ERROR;\n }\n };\n\n on: WalletEventListener = <E extends keyof WalletEventHandlers>(\n event: E,\n handler: WalletEventHandlers[E],\n ): void => {\n if (event !== \"accountsChanged\" && event !== \"networkChanged\") {\n throw new Error(`Unknown event: ${event}`);\n }\n this.subscriptions.push({ type: event, handler } as WalletEvents);\n };\n\n off: WalletEventListener = <E extends keyof WalletEventHandlers>(\n event: E,\n handler: WalletEventHandlers[E],\n ): void => {\n if (event !== \"accountsChanged\" && event !== \"networkChanged\") {\n throw new Error(`Unknown event: ${event}`);\n }\n const idx = this.subscriptions.findIndex(\n (sub) => sub.type === event && sub.handler === handler,\n );\n if (idx >= 0) {\n this.subscriptions.splice(idx, 1);\n }\n };\n\n protected emitNetworkChanged(chainId: string) {\n this.subscriptions\n .filter((sub) => sub.type === \"networkChanged\")\n .forEach((sub) => {\n (sub.handler as WalletEventHandlers[\"networkChanged\"])(chainId);\n });\n }\n\n protected emitAccountsChanged(accounts: string[]) {\n this.subscriptions\n .filter((sub) => sub.type === \"accountsChanged\")\n .forEach((sub) => {\n (sub.handler as WalletEventHandlers[\"accountsChanged\"])(accounts);\n });\n }\n\n abstract probe(): Promise<WalletAccount | undefined>;\n abstract connect(): Promise<WalletAccount | undefined>;\n abstract switchStarknetChain(chainId: string): Promise<boolean>;\n abstract addStarknetChain(\n chain: AddStarknetChainParameters,\n ): Promise<boolean>;\n}\n"],"names":["AUTH_EXTERNAL_WALLETS","EXTRA_EXTERNAL_WALLETS","EXTERNAL_WALLETS","EMBEDDED_WALLETS","ALL_AUTH_OPTIONS","IMPLEMENTED_AUTH_OPTIONS","ResponseCodes","FeeSource","ALLOWED_PROPERTIES","validatePropertyName","prop","safeObjectAccess","obj","normalizeCalls","calls","toArray","call","addAddressPadding","CallData","toSessionPolicies","policies","prev","p","target","getChecksumAddress","entrypoint","contracts","item","humanizeString","methods","toWasmPolicies","a","b","m","hash","domainHash","typedData","TypedDataRevision","typeHash","val","str","c","parseChainId","url","parts","shortString","xhr","requestBody","response","error","constants","projectName","isMobile","sanitizeImageSrc","src","KEYCHAIN_URL","API_URL","NotReadyToConnect","Permission","icon","releaseStub","Mutex","bypass","release","lastPromise","resolve","mutex","BaseProvider","manifest","result","silentMode","params","event","handler","idx","sub","chainId","accounts"],"mappings":";;;GAAaA,IAAwB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AACF,GAGaC,IAAyB;AAAA,EACpC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAGaC,IAAmB;AAAA,EAC9B,GAAGF;AAAA,EACH,GAAGC;AACL,GCgBaE,IAAmB;AAAA,EAC9B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,GAIaC,IAAmB;AAAA,EAC9B,GAAGD;AAAA,EACH,GAAGD;AACL,GAIaG,IAA2B;AAAA,EACtC,GAAGF;AAAA,EACH,GAAGH;AACL;AAIY,IAAAM,sBAAAA,OACVA,EAAA,UAAU,WACVA,EAAA,gBAAgB,iBAChBA,EAAA,QAAQ,SACRA,EAAA,WAAW,YACXA,EAAA,4BAA4B,6BALlBA,IAAAA,KAAA,CAAA,CAAA,GAgEAC,sBAAAA,OACVA,EAAA,YAAY,aACZA,EAAA,UAAU,WAFAA,IAAAA,KAAA,CAAA,CAAA;ACzGZ,MAAMC,wBAAyB,IAAI;AAAA,EACjC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,SAASC,EAAqBC,GAAoB;AAChD,MAAI,CAACF,EAAmB,IAAIE,CAAI;AAC9B,UAAM,IAAI,MAAM,0BAA0BA,CAAI,EAAE;AAEpD;AAEA,SAASC,EAAoBC,GAAUF,GAAiB;AACtD,SAAAD,EAAqBC,CAAI,GAClBE,EAAIF,CAAI;AACjB;AAEO,SAASG,EAAeC,GAAsB;AACnD,SAAOC,EAAQD,CAAK,EAAE,IAAI,CAACE,OAClB;AAAA,IACL,YAAYA,EAAK;AAAA,IACjB,iBAAiBC,EAAkBD,EAAK,eAAe;AAAA,IACvD,UAAUE,EAAS,MAAMF,EAAK,QAAQ;AAAA,EACxC,EACD;AACH;AAEO,SAASG,EAAkBC,GAAqC;AACrE,SAAO,MAAM,QAAQA,CAAQ,IACzBA,EAAS;AAAA,IACP,CAACC,GAAMC,MAAM;AACP,UAAAX,EAAyBW,GAAG,QAAQ,GAAG;AACzC,cAAMC,IAASC;AAAA,UACbb,EAAyBW,GAAG,QAAQ;AAAA,QACtC,GACMG,IAAad,EAAyBW,GAAG,QAAQ,GACjDI,IAAYf;AAAA,UAChBU;AAAA,UACA;AAAA,QACF,GACMM,IAAO;AAAA,UACX,MAAMC,EAAeH,CAAU;AAAA,UAC/B,YAAAA;AAAA,UACA,aAAad,EAAyBW,GAAG,aAAa;AAAA,QACxD;AAEA,YAAIC,KAAUG,GAAW;AACvB,gBAAMG,IAAUd,EAAQW,EAAUH,CAAM,EAAE,OAAO;AACjD,UAAAG,EAAUH,CAAM,IAAI;AAAA,YAClB,SAAS,CAAC,GAAGM,GAASF,CAAI;AAAA,UAC5B;AAAA,QAAA;AAEA,UAAAD,EAAUH,CAAM,IAAI;AAAA,YAClB,SAAS,CAACI,CAAI;AAAA,UAChB;AAAA,MACF;AAGA,QADiBhB,EAAwBU,GAAM,UAAU,EAChD,KAAKC,CAAC;AAGV,aAAAD;AAAA,IACT;AAAA,IACA,EAAE,WAAW,IAAI,UAAU,CAAG,EAAA;AAAA,EAAA,IAEhCD;AACN;AAUO,SAASU,EAAeV,GAA2C;AACjE,SAAA;AAAA,IACL,GAAG,OAAO,QAAQA,EAAS,aAAa,CAAA,CAAE,EACvC,KAAK,CAAC,CAACW,CAAC,GAAG,CAACC,CAAC,MAAMD,EAAE,YAAY,EAAE,cAAcC,EAAE,aAAa,CAAC,EACjE;AAAA,MAAQ,CAAC,CAACT,GAAQ,EAAE,SAAAM,GAAS,MAC5Bd,EAAQc,CAAO,EACZ,MAAM,EACN,KAAK,CAACE,GAAGC,MAAMD,EAAE,WAAW,cAAcC,EAAE,UAAU,CAAC,EACvD,IAAI,CAACC,MAAc;AAEd,YAAAA,EAAE,eAAe,WAAW;AAC9B,cAAI,aAAaA,KAAK,YAAYA,KAAKA,EAAE,WAAWA,EAAE;AAM7C,mBALgC;AAAA,cACrC,QAAAV;AAAA,cACA,SAASU,EAAE;AAAA,cACX,QAAQ,OAAOA,EAAE,MAAM;AAAA,YACzB;AAKM,kBAAA;AAAA,YACN,wNACuHV,CAAM;AAAA,UAE/H;AAAA,QAAA;AAIK,eAAA;AAAA,UACL,QAAAA;AAAA,UACA,QAAQW,EAAK,oBAAoBD,EAAE,UAAU;AAAA,UAC7C,YAAYA,EAAE;AAAA,QAChB;AAAA,MACD,CAAA;AAAA,IACL;AAAA,IACF,IAAIb,EAAS,YAAY,CACtB,GAAA,IAAI,CAACE,MAAM;AACV,YAAMa,IAAaC,EAAU;AAAA,QAC3Bd,EAAE;AAAA,QACF;AAAA,QACAA,EAAE;AAAA,QACFe,EAAkB;AAAA,MACpB,GACMC,IAAWF,EAAU;AAAA,QACzBd,EAAE;AAAA,QACFA,EAAE;AAAA,QACFe,EAAkB;AAAA,MACpB;AAEO,aAAA;AAAA,QACL,YAAYH,EAAK,oBAAoBC,GAAYG,CAAQ;AAAA,QACzD,YAAYhB,EAAE;AAAA,MAChB;AAAA,IACD,CAAA,EACA;AAAA,MAAK,CAACS,GAAGC,MACRD,EAAE,WAAW,SAAS,EAAE,cAAcC,EAAE,WAAW,SAAU,CAAA;AAAA,IAAA;AAAA,EAEnE;AACF;AAEO,SAASjB,EAAWwB,GAAmB;AAC5C,SAAO,MAAM,QAAQA,CAAG,IAAIA,IAAM,CAACA,CAAG;AACxC;AAEO,SAASX,EAAeY,GAAqB;AAClD,SACEA,EAEG,QAAQ,mBAAmB,OAAO,EAClC,QAAQ,MAAM,GAAG,EACjB,YAAA,EAEA,QAAQ,OAAO,CAACC,MAAMA,EAAE,aAAa;AAE5C;AAEO,SAASC,EAAaC,GAAmB;AAC9C,QAAMC,IAAQD,EAAI,SAAS,MAAM,GAAG;AAIpC,MAAI,EAHoBA,EAAI,aAAa,qBAGnB;AAEhB,QAAA,OAAO,iBAAmB;AAGpB,qBAAA;AAAA,QACN,gEAAgEA,EAAI,UAAU;AAAA,MAChF,GACOE,EAAY,kBAAkB,WAAW;AAI5C,UAAAC,IAAM,IAAI,eAAe;AAC/B,IAAAA,EAAI,KAAK,QAAQH,EAAI,SAAA,GAAY,EAAK,GAClCG,EAAA,iBAAiB,gBAAgB,kBAAkB;AAEjD,UAAAC,IAAc,KAAK,UAAU;AAAA,MACjC,SAAS;AAAA,MACT,QAAQ;AAAA,MACR,QAAQ,CAAC;AAAA,MACT,IAAI;AAAA,IAAA,CACL;AAEG,QAAA;AAGE,UAFJD,EAAI,KAAKC,CAAW,GAEhBD,EAAI,WAAW,KAAK;AACtB,cAAME,IAAW,KAAK,MAAMF,EAAI,YAAY;AAC5C,YAAIE,EAAS;AACX,iBAAOA,EAAS;AAAA,MAClB;AAGF,YAAM,IAAI;AAAA,QACR,+BAA+BL,EAAI,UAAU,KAAKG,EAAI,MAAM,IAAIA,EAAI,UAAU;AAAA,MAChF;AAAA,aACOG,GAAO;AACR,YAAA,IAAI,MAAM,wBAAwBN,EAAI,UAAU,KAAKM,CAAK,EAAE;AAAA,IAAA;AAAA,EACpE;AAGE,MAAAL,EAAM,SAAS,UAAU,GAAG;AAC1B,QAAAA,EAAM,SAAS,SAAS;AAC1B,aAAOM,EAAU,gBAAgB;AACxB,QAAAN,EAAM,SAAS,SAAS;AACjC,aAAOM,EAAU,gBAAgB;AAAA,EACnC,WACSN,EAAM,UAAU,GAAG;AACtB,UAAAO,IAAcP,EAAM,CAAC;AACvB,QAAAA,EAAM,SAAS,QAAQ;AACzB,aAAOC,EAAY;AAAA,QACjB,MAAMM,EAAY,YAAA,EAAc,QAAQ,MAAM,GAAG,CAAC;AAAA,MACpD;AACS,QAAAP,EAAM,SAAS,SAAS;AACjC,aAAOC,EAAY;AAAA,QACjB,MAAMM,EAAY,YAAA,EAAc,QAAQ,MAAM,GAAG,CAAC;AAAA,MACpD;AAAA,EACF;AAGF,QAAM,IAAI,MAAM,SAASR,EAAI,SAAA,CAAU,gBAAgB;AACzD;AAEO,SAASS,IAAW;AAEvB,SAAA,OAAO,WAAW,oBAAoB,EAAE,WACxC,kBAAkB,UAClB,UAAU,iBAAiB;AAE/B;AAGO,SAASC,EAAiBC,GAAqB;AAEhD,MAAA;AACF,UAAMX,IAAM,IAAI,IAAIW,GAAK,OAAO,SAAS,MAAM;AAC/C,QAAIX,EAAI,aAAa,WAAWA,EAAI,aAAa;AAC/C,aAAOA,EAAI;AAAA,UAEH;AAAA,EAAA;AAIL,SAAA;AACT;ACzQO,MAAMY,IAAe,0BAEfC,IAAU;ACFhB,MAAMC,UAA0B,MAAM;AAAA,EAC3C,cAAc;AACZ,UAAM,sBAAsB,GAErB,OAAA,eAAe,MAAMA,EAAkB,SAAS;AAAA,EAAA;AAE3D;ACNO,MAAMC,IAAa;AAAA,EACtB,UAAU;AACd,GCFaC,IACX;ACDF,SAASC,IAAc;AAAC;AAMjB,MAAMC,EAAM;AAAA,EACT,gBAA+B,QAAQ,QAAQ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMvD,MAAa,OAAOC,IAAS,IAA4B;AACvD,QAAIC,IAAUH;AACd,QAAIE,EAAe,QAAAC;AACnB,UAAMC,IAAc,KAAK;AACzB,gBAAK,gBAAgB,IAAI,QAAc,CAACC,MAAaF,IAAUE,CAAQ,GACjE,MAAAD,GACCD;AAAA,EAAA;AAEX;ACDA,MAAMG,IAAQ,IAAIL,EAAM;AAExB,MAA8BM,EAA6C;AAAA,EAClE,KAAK;AAAA,EACL,OAAO;AAAA,EACP,UAAUC,EAAS;AAAA,EACnB,OAAOT;AAAA,EAEP;AAAA,EACA,gBAAgC,CAAC;AAAA,EAEhC,gBAA2D;AAAA,EAEnE,MAAgB,YAAgD;AAE9D,QAAI,KAAK;AACP,aAAO,KAAK;AAId,QAAI,KAAK;AACP,aAAO,KAAK;AAGR,UAAAI,IAAU,MAAMG,EAAM,OAAO;AACnC,WAAO,MAAM,IAAI,QAAmC,OAAOD,MAAY;AACjE,UAAA;AACG,aAAA,gBAAgB,KAAK,MAAM;AAC1B,cAAAI,IAAS,MAAM,KAAK;AAC1B,QAAAJ,EAAQI,CAAM;AAAA,MAAA,UACd;AACA,aAAK,gBAAgB;AAAA,MAAA;AAAA,IACvB,CACD,EAAE,QAAQ,MAAM;AACP,MAAAN,EAAA;AAAA,IAAA,CACT;AAAA,EAAA;AAAA,EAGH,UAAqB,OAAO/C,MAAS;AACnC,YAAQA,EAAK,MAAM;AAAA,MACjB,KAAK;AAGH,eAFA,MAAM,KAAK,UAAU,GAEjB,KAAK,UACA,CAAC0C,EAAW,QAAQ,IAGtB,CAAC;AAAA,MAEV,KAAK,0BAA0B;AAC7B,YAAI,KAAK;AACA,iBAAA,CAAC,KAAK,QAAQ,OAAO;AAG9B,cAAMY,IACJtD,EAAK,UAAWA,EAAK,OAAqC;AAQ5D,eANK,KAAA,UAAU,MAAM,KAAK,UAAU,GAEhC,CAAC,KAAK,WAAW,CAACsD,MACf,KAAA,UAAU,MAAM,KAAK,QAAQ,IAGhC,KAAK,UACA,CAAC,KAAK,QAAQ,OAAO,IAGvB,CAAC;AAAA,MAAA;AAAA,MAGV,KAAK;AACG,cAAA;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,UACT,MAAM;AAAA,QACR;AAAA,MAEF,KAAK,2BAA2B;AAC9B,YAAIC,IAASvD,EAAK;AACX,eAAA,KAAK,iBAAiBuD,CAAM;AAAA,MAAA;AAAA,MAGrC,KAAK,8BAA8B;AACjC,YAAIA,IAASvD,EAAK;AACX,eAAA,KAAK,oBAAoBuD,EAAO,OAAO;AAAA,MAAA;AAAA,MAGhD,KAAK;AACC,YAAA,CAAC,KAAK;AACF,gBAAA;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,YACT,MAAM;AAAA,UACR;AAGK,eAAA,MAAM,KAAK,QAAQ,WAAW;AAAA,MAEvC,KAAK;AACG,cAAA;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,UACT,MAAM;AAAA,QACR;AAAA,MAEF,KAAK;AACC,YAAA,CAAC,KAAK;AACF,gBAAA;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,YACT,MAAM;AAAA,UACR;AAGF,YAAIA,IAASvD,EAAK;AACX,eAAA,MAAM,KAAK,QAAQ;AAAA,UACxBuD,EAAO,MAAM,IAAI,CAACvD,OAAU;AAAA,YAC1B,iBAAiBA,EAAK;AAAA,YACtB,YAAYA,EAAK;AAAA,YACjB,UAAUA,EAAK;AAAA,UAAA,EACf;AAAA,QACJ;AAAA,MAEF,KAAK;AACG,cAAA;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,UACT,MAAM;AAAA,QACR;AAAA,MAEF,KAAK,wBAAwB;AACvB,YAAA,CAAC,KAAK;AACF,gBAAA;AAAA,YACJ,MAAM;AAAA,YACN,SAAS;AAAA,YACT,MAAM;AAAA,UACR;AAGF,eAAO,MAAM,KAAK,QAAQ,YAAYA,EAAK,MAAmB;AAAA,MAAA;AAAA,MAGhE,KAAK;AACH,eAAO,CAAC;AAAA,MACV,KAAK;AACH,eAAO,CAAC;AAAA,MACV;AACQ,cAAA;AAAA,UACJ,MAAM;AAAA,UACN,SAAS;AAAA,UACT,MAAM,0BAA0BA,EAAK,IAAI;AAAA,QAC3C;AAAA,IAAA;AAAA,EAEN;AAAA,EAEA,KAA0B,CACxBwD,GACAC,MACS;AACL,QAAAD,MAAU,qBAAqBA,MAAU;AAC3C,YAAM,IAAI,MAAM,kBAAkBA,CAAK,EAAE;AAE3C,SAAK,cAAc,KAAK,EAAE,MAAMA,GAAO,SAAAC,GAAyB;AAAA,EAClE;AAAA,EAEA,MAA2B,CACzBD,GACAC,MACS;AACL,QAAAD,MAAU,qBAAqBA,MAAU;AAC3C,YAAM,IAAI,MAAM,kBAAkBA,CAAK,EAAE;AAErC,UAAAE,IAAM,KAAK,cAAc;AAAA,MAC7B,CAACC,MAAQA,EAAI,SAASH,KAASG,EAAI,YAAYF;AAAA,IACjD;AACA,IAAIC,KAAO,KACJ,KAAA,cAAc,OAAOA,GAAK,CAAC;AAAA,EAEpC;AAAA,EAEU,mBAAmBE,GAAiB;AACvC,SAAA,cACF,OAAO,CAACD,MAAQA,EAAI,SAAS,gBAAgB,EAC7C,QAAQ,CAACA,MAAQ;AACf,MAAAA,EAAI,QAAkDC,CAAO;AAAA,IAAA,CAC/D;AAAA,EAAA;AAAA,EAGK,oBAAoBC,GAAoB;AAC3C,SAAA,cACF,OAAO,CAACF,MAAQA,EAAI,SAAS,iBAAiB,EAC9C,QAAQ,CAACA,MAAQ;AACf,MAAAA,EAAI,QAAmDE,CAAQ;AAAA,IAAA,CACjE;AAAA,EAAA;AASP;","x_google_ignoreList":[5]}