@cavos/kit 0.0.1 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +113 -42
- package/dist/Cavos-BH2_tOQ2.d.mts +994 -0
- package/dist/Cavos-BH2_tOQ2.d.ts +994 -0
- package/dist/chunk-BNGLH3Q3.mjs +2777 -0
- package/dist/chunk-BNGLH3Q3.mjs.map +1 -0
- package/dist/index.d.mts +156 -242
- package/dist/index.d.ts +156 -242
- package/dist/index.js +1989 -151
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +88 -2
- package/dist/index.mjs.map +1 -1
- package/dist/react/index.d.mts +42 -5
- package/dist/react/index.d.ts +42 -5
- package/dist/react/index.js +1786 -86
- package/dist/react/index.js.map +1 -1
- package/dist/react/index.mjs +48 -7
- package/dist/react/index.mjs.map +1 -1
- package/package.json +4 -1
- package/dist/chunk-XWBX2ZIO.mjs +0 -1061
- package/dist/chunk-XWBX2ZIO.mjs.map +0 -1
- package/dist/constants-C530TZFF.d.mts +0 -89
- package/dist/constants-C530TZFF.d.ts +0 -89
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/crypto/encoding.ts","../src/crypto/signature.ts","../src/signer/WebCryptoSigner.ts","../src/chains/starknet/constants.ts","../src/chains/starknet/StarknetAdapter.ts","../src/chains/starknet/StarknetDeviceSigner.ts","../src/registry/WalletRegistry.ts","../src/registry/HttpWalletRegistry.ts","../src/identity.ts","../src/chains/solana/constants.ts","../src/chains/solana/SolanaAdapter.ts","../src/chains/solana/SolanaRelayer.ts","../src/recovery/BackupSigner.ts","../src/crypto/webauthn.ts","../src/chains/solana/CavosSolana.ts","../src/chains/stellar/constants.ts","../src/chains/stellar/StellarAdapter.ts","../src/chains/stellar/StellarRelayer.ts","../src/chains/stellar/CavosStellar.ts","../src/recovery/HttpRecoveryClient.ts","../src/Cavos.ts","../src/auth/CavosAuth.ts"],"names":["sha256","num","hash","ix","lowS","PublicKey","tx","p256","Connection","isSigner","Transaction","SECP256R1_N","encodeLowSSignature","Account","TransactionBuilder","BASE_FEE","defaultRegistry","address","Operation","rpc","xdr","Address","toHex","fromHex","account"],"mappings":";;;;;;;;;;AAIA,IAAM,SAAA,GAAA,CAAa,MAAM,IAAA,IAAQ,EAAA;AAG1B,SAAS,YAAY,KAAA,EAAiC;AAC3D,EAAA,OAAO,CAAC,KAAA,GAAQ,SAAA,EAAW,KAAA,IAAS,IAAI,CAAA;AAC1C;AAGO,SAAS,cAAc,KAAA,EAA2B;AACvD,EAAA,IAAI,GAAA,GAAM,EAAA;AACV,EAAA,KAAA,MAAW,KAAK,KAAA,EAAO,GAAA,GAAO,GAAA,IAAO,EAAA,GAAM,OAAO,CAAC,CAAA;AACnD,EAAA,OAAO,GAAA;AACT;AAEO,SAAS,WAAW,KAAA,EAA2B;AACpD,EAAA,IAAI,CAAA,GAAI,IAAA;AACR,EAAA,KAAA,MAAW,CAAA,IAAK,OAAO,CAAA,IAAK,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAA;AAC1D,EAAA,OAAO,CAAA;AACT;AAEO,SAAS,WAAW,GAAA,EAAyB;AAClD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,IAAI,IAAI,GAAA,CAAI,KAAA,CAAM,CAAC,CAAA,GAAI,GAAA;AACpD,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,MAAA,GAAS,CAAA,GAAI,MAAM,KAAA,GAAQ,KAAA;AAChD,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,MAAA,CAAO,SAAS,CAAC,CAAA;AAC5C,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,IAAI,MAAA,EAAQ,CAAA,EAAA,MAAS,CAAC,CAAA,GAAI,QAAA,CAAS,MAAA,CAAO,MAAM,CAAA,GAAI,CAAA,EAAG,IAAI,CAAA,GAAI,CAAC,GAAG,EAAE,CAAA;AACzF,EAAA,OAAO,GAAA;AACT;AASO,SAAS,yBAAyB,KAAA,EAA6B;AACpE,EAAA,MAAM,KAAA,GAAQ,EAAA;AACd,EAAA,MAAM,SAAA,GAAY,IAAA,CAAK,KAAA,CAAM,KAAA,CAAM,SAAS,KAAK,CAAA;AACjD,EAAA,MAAM,GAAA,GAAgB,CAAC,MAAA,CAAO,SAAS,CAAC,CAAA;AACxC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,SAAA,EAAW,CAAA,EAAA,EAAK;AAClC,IAAA,GAAA,CAAI,IAAA,CAAK,IAAA,GAAO,aAAA,CAAc,KAAA,CAAM,SAAS,CAAA,GAAI,KAAA,EAAO,CAAA,GAAI,KAAA,GAAQ,KAAK,CAAC,CAAA,CAAE,QAAA,CAAS,EAAE,CAAC,CAAA;AAAA,EAC1F;AACA,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,QAAA,CAAS,SAAA,GAAY,KAAK,CAAA;AAC5C,EAAA,GAAA,CAAI,IAAA,CAAK,IAAA,IAAQ,GAAA,CAAI,MAAA,GAAS,aAAA,CAAc,GAAG,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,GAAI,GAAA,CAAI,CAAA;AACpE,EAAA,GAAA,CAAI,IAAA,CAAK,MAAA,CAAO,GAAA,CAAI,MAAM,CAAC,CAAA;AAC3B,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,gBAAgB,KAAA,EAA2B;AACzD,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,EAAE,CAAA;AAC7B,EAAA,IAAI,CAAA,GAAI,KAAA;AACR,EAAA,KAAA,IAAS,CAAA,GAAI,EAAA,EAAI,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK;AAC5B,IAAA,GAAA,CAAI,CAAC,CAAA,GAAI,MAAA,CAAO,CAAA,GAAI,KAAK,CAAA;AACzB,IAAA,CAAA,KAAM,EAAA;AAAA,EACR;AACA,EAAA,OAAO,GAAA;AACT;ACjDO,SAAS,iBAAiB,GAAA,EAAgC;AAC/D,EAAA,MAAM,CAAC,IAAA,EAAM,KAAK,CAAA,GAAI,WAAA,CAAY,IAAI,CAAC,CAAA;AACvC,EAAA,MAAM,CAAC,IAAA,EAAM,KAAK,CAAA,GAAI,WAAA,CAAY,IAAI,CAAC,CAAA;AACvC,EAAA,OAAO,CAAC,MAAM,KAAA,EAAO,IAAA,EAAM,OAAO,GAAA,CAAI,OAAA,GAAU,KAAK,EAAE,CAAA;AACzD;AAOO,SAAS,cAAA,CACd,CAAA,EACA,CAAA,EACA,MAAA,EACA,MAAA,EACS;AACT,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,CAAA,EAAG,CAAC,CAAA,EAAY;AACjC,IAAA,IAAI;AACF,MAAA,MAAM,SAAA,GAAY,IAAI,IAAA,CAAK,SAAA,CAAU,GAAG,CAAC,CAAA,CAAE,eAAe,GAAG,CAAA;AAC7D,MAAA,MAAM,KAAA,GAAQ,SAAA,CAAU,gBAAA,CAAiB,MAAM,EAAE,QAAA,EAAS;AAC1D,MAAA,IAAI,MAAM,CAAA,KAAM,MAAA,CAAO,KAAK,KAAA,CAAM,CAAA,KAAM,OAAO,CAAA,EAAG;AAChD,QAAA,OAAO,GAAA,KAAQ,CAAA;AAAA,MACjB;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACA,EAAA,MAAM,IAAI,MAAM,8DAA8D,CAAA;AAChF;ACpCA,IAAM,QAAA,GAAW,WAAA;AACjB,IAAM,SAAA,GAAY,aAAA;AAuBX,IAAM,eAAA,GAAN,MAAM,gBAAA,CAAwC;AAAA,EAC3C,WAAA,CACW,UAAA,EACA,SAAA,EACR,KAAA,EACT;AAHiB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AACR,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAAA,EACR;AAAA;AAAA,EAGH,aAAa,OAAO,IAAA,EAAwD;AAC1E,IAAA,mBAAA,EAAoB;AACpB,IAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,MAAA,CAAO,WAAA;AAAA,MAC/B,EAAE,IAAA,EAAM,OAAA,EAAS,UAAA,EAAY,OAAA,EAAQ;AAAA,MACrC,KAAA;AAAA;AAAA,MACA,CAAC,QAAQ,QAAQ;AAAA,KACnB;AACA,IAAA,MAAM,SAAA,GAAY,MAAM,eAAA,CAAgB,IAAA,CAAK,SAAS,CAAA;AACtD,IAAA,MAAM,MAAA,CAAO,IAAA,CAAK,KAAA,EAAO,EAAE,UAAA,EAAY,IAAA,CAAK,UAAA,EAAY,CAAA,EAAG,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,SAAA,CAAU,GAAG,CAAA;AACxF,IAAA,OAAO,IAAI,gBAAA,CAAgB,IAAA,CAAK,UAAA,EAAY,SAAA,EAAW,KAAK,KAAK,CAAA;AAAA,EACnE;AAAA;AAAA,EAGA,aAAa,KAAK,IAAA,EAA+D;AAC/E,IAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA;AACnC,IAAA,IAAI,CAAC,KAAK,OAAO,IAAA;AACjB,IAAA,OAAO,IAAI,gBAAA,CAAgB,GAAA,CAAI,UAAA,EAAY,EAAE,CAAA,EAAG,GAAA,CAAI,CAAA,EAAG,CAAA,EAAG,GAAA,CAAI,CAAA,EAAE,EAAG,KAAK,KAAK,CAAA;AAAA,EAC/E;AAAA;AAAA,EAGA,aAAa,aAAa,IAAA,EAAwD;AAChF,IAAA,OAAQ,MAAM,iBAAgB,IAAA,CAAK,IAAI,KAAO,MAAM,gBAAA,CAAgB,OAAO,IAAI,CAAA;AAAA,EACjF;AAAA,EAEA,MAAM,YAAA,GAAyC;AAC7C,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AAAA,EAEA,MAAM,KAAK,MAAA,EAA8C;AAEvD,IAAA,MAAM,MAAM,IAAI,UAAA;AAAA,MACd,MAAM,OAAO,MAAA,CAAO,IAAA;AAAA,QAClB,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,QACjC,IAAA,CAAK,UAAA;AAAA,QACL;AAAA;AACF,KACF;AAEA,IAAA,MAAM,IAAI,aAAA,CAAc,GAAA,CAAI,QAAA,CAAS,CAAA,EAAG,EAAE,CAAC,CAAA;AAC3C,IAAA,MAAM,IAAI,aAAA,CAAc,GAAA,CAAI,QAAA,CAAS,EAAA,EAAI,EAAE,CAAC,CAAA;AAC5C,IAAA,MAAM,MAAA,GAAS,OAAO,MAAM,CAAA;AAC5B,IAAA,MAAM,UAAU,cAAA,CAAe,CAAA,EAAG,CAAA,EAAG,MAAA,EAAQ,KAAK,SAAS,CAAA;AAC3D,IAAA,OAAO,EAAE,CAAA,EAAG,CAAA,EAAG,OAAA,EAAQ;AAAA,EACzB;AACF;AAEA,eAAe,gBAAgB,SAAA,EAAgD;AAC7E,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,MAAM,OAAO,MAAA,CAAO,SAAA,CAAU,KAAA,EAAO,SAAS,CAAC,CAAA;AAC1E,EAAA,OAAO,EAAE,CAAA,EAAG,aAAA,CAAc,GAAA,CAAI,QAAA,CAAS,GAAG,EAAE,CAAC,CAAA,EAAG,CAAA,EAAG,cAAc,GAAA,CAAI,QAAA,CAAS,EAAA,EAAI,EAAE,CAAC,CAAA,EAAE;AACzF;AASA,SAAS,mBAAA,GAA4B;AACnC,EAAA,MAAM,EAAA,GACJ,OAAO,MAAA,KAAW,WAAA,IAClB,OAAO,MAAA,CAAO,MAAA,KAAW,WAAA,KACxB,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,CAAO,eAAA,CAAA;AAC3C,EAAA,IAAI,CAAC,EAAA,EAAI;AACP,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KAEF;AAAA,EACF;AACF;AAIA,SAAS,MAAA,GAA+B;AACtC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,IAAA,MAAM,GAAA,GAAM,SAAA,CAAU,IAAA,CAAK,QAAA,EAAU,CAAC,CAAA;AACtC,IAAA,GAAA,CAAI,eAAA,GAAkB,MAAM,GAAA,CAAI,MAAA,CAAO,kBAAkB,SAAS,CAAA;AAClE,IAAA,GAAA,CAAI,SAAA,GAAY,MAAM,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,GAAA,CAAI,OAAA,GAAU,MAAM,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA;AAAA,EACtC,CAAC,CAAA;AACH;AAEA,eAAe,MAAA,CAAO,OAAe,KAAA,EAAiC;AACpE,EAAA,MAAM,EAAA,GAAK,MAAM,MAAA,EAAO;AACxB,EAAA,MAAM,EAAA,CAAG,IAAI,WAAA,EAAa,CAAC,UAAU,KAAA,CAAM,GAAA,CAAI,KAAA,EAAO,KAAK,CAAC,CAAA;AAC5D,EAAA,EAAA,CAAG,KAAA,EAAM;AACX;AAEA,eAAe,OAAO,KAAA,EAA0C;AAC9D,EAAA,MAAM,EAAA,GAAK,MAAM,MAAA,EAAO;AACxB,EAAA,MAAM,MAAA,GAAS,MAAM,EAAA,CAAG,EAAA,EAAI,UAAA,EAAY,CAAC,KAAA,KAAU,KAAA,CAAM,GAAA,CAAI,KAAK,CAAC,CAAA;AACnE,EAAA,EAAA,CAAG,KAAA,EAAM;AACT,EAAA,OAAQ,MAAA,IAAwB,IAAA;AAClC;AAEA,SAAS,EAAA,CACP,EAAA,EACA,IAAA,EACA,GAAA,EACY;AACZ,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,IAAA,MAAM,QAAQ,EAAA,CAAG,WAAA,CAAY,WAAW,IAAI,CAAA,CAAE,YAAY,SAAS,CAAA;AACnE,IAAA,MAAM,GAAA,GAAM,IAAI,KAAK,CAAA;AACrB,IAAA,GAAA,CAAI,SAAA,GAAY,MAAM,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA;AACxC,IAAA,GAAA,CAAI,OAAA,GAAU,MAAM,MAAA,CAAO,GAAA,CAAI,KAAK,CAAA;AAAA,EACtC,CAAC,CAAA;AACH;;;AC7IO,IAAM,iBAAA,GAAoB;AAAA,EAC/B,OAAA,EAAS;AAAA,IACP,OAAA,EAAS,wBAAA;AAAA;AAAA,IACT,MAAA,EAAQ;AAAA,GACV;AAAA,EACA,OAAA,EAAS;AAAA,IACP,OAAA,EAAS,kBAAA;AAAA;AAAA,IACT,MAAA,EAAQ;AAAA;AAEZ;AAKO,IAAM,WAAA,GACX;AAGK,IAAM,mBAAA,GAAuD;AAAA,EAClE,OAAA,EAAS,qCAAA;AAAA,EACT,OAAA,EAAS;AACX,CAAA;AAUO,IAAM,yBAAA,GAA6D;AAAA,EACxE,OAAA,EAAS,mEAAA;AAAA,EACT,OAAA,EAAS;AACX;AClBO,IAAM,kBAAN,MAA8C;AAAA,EAGnD,YAA6B,IAAA,EAA8B;AAA9B,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAF7B,IAAA,IAAA,CAAS,KAAA,GAAQ,UAAA;AAAA,EAE2C;AAAA,EAE5D,cAAA,CAAe,EAAE,WAAA,EAAa,aAAA,EAAe,MAAK,EAAiC;AACjF,IAAA,OAAO,IAAA,CAAK,gCAAA;AAAA,MACV,GAAA,CAAI,KAAA,CAAM,IAAA,IAAQ,WAAW,CAAA;AAAA,MAC7B,KAAK,IAAA,CAAK,SAAA;AAAA,MACV,IAAA,CAAK,mBAAA,CAAoB,WAAA,EAAa,aAAa,CAAA;AAAA,MACnD;AAAA;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,MAAA,EAA2C;AACrD,IAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,IAAQ,MAAA,CAAO,WAAA;AACnC,IAAA,MAAM,WAAW,IAAA,CAAK,mBAAA,CAAoB,MAAA,CAAO,WAAA,EAAa,OAAO,aAAa,CAAA;AAClF,IAAA,OAAO;AAAA,MACL;AAAA,QACE,eAAA,EAAiB,WAAA;AAAA,QACjB,UAAA,EAAY,gBAAA;AAAA,QACZ,QAAA,EAAU;AAAA,UACR,KAAK,IAAA,CAAK,SAAA;AAAA,UACV,GAAA,CAAI,MAAM,IAAI,CAAA;AAAA,UACd,KAAA;AAAA;AAAA,UACA,GAAA,CAAI,KAAA,CAAM,QAAA,CAAS,MAAM,CAAA;AAAA,UACzB,GAAG;AAAA;AACL;AACF,KACF;AAAA,EACF;AAAA;AAAA,EAGA,mBAAA,CAAoB,aAAqB,aAAA,EAA0C;AACjF,IAAA,OAAO,CAAC,IAAI,KAAA,CAAM,WAAW,GAAG,GAAG,cAAA,CAAe,aAAa,CAAC,CAAA;AAAA,EAClE;AAAA,EAEA,cAAA,CAAe,gBAAwB,MAAA,EAAoC;AACzE,IAAA,OAAO,EAAE,iBAAiB,cAAA,EAAgB,UAAA,EAAY,cAAc,QAAA,EAAU,cAAA,CAAe,MAAM,CAAA,EAAE;AAAA,EACvG;AAAA,EAEA,iBAAA,CAAkB,gBAAwB,MAAA,EAAoC;AAC5E,IAAA,OAAO,EAAE,iBAAiB,cAAA,EAAgB,UAAA,EAAY,iBAAiB,QAAA,EAAU,cAAA,CAAe,MAAM,CAAA,EAAE;AAAA,EAC1G;AAAA,EAEA,MAAM,kBAAA,CAAmB,cAAA,EAAwB,MAAA,EAA2C;AAC1F,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,UAAU,MAAM,IAAI,MAAM,2CAA2C,CAAA;AACpF,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAK,SAAS,YAAA,CAAa;AAAA,MAChD,eAAA,EAAiB,cAAA;AAAA,MACjB,UAAA,EAAY,sBAAA;AAAA,MACZ,QAAA,EAAU,eAAe,MAAM;AAAA,KAChC,CAAA;AACD,IAAA,OAAO,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,IAAK,CAAC,CAAA,KAAM,EAAA;AAAA,EACjC;AAAA,EAEA,MAAM,eAAe,MAAA,EAAmC;AACtD,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,QAAQ,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAC9E,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAK,OAAO,IAAA,CAAK,eAAA,CAAgB,MAAM,CAAC,CAAA;AAC/D,IAAA,OAAO,gBAAA,CAAiB,GAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,KAAM,GAAA,CAAI,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACtD;AAAA;AAAA,EAIA,gBAAA,CAAiB,gBAAwB,OAAA,EAAqC;AAC5E,IAAA,OAAO,EAAE,iBAAiB,cAAA,EAAgB,UAAA,EAAY,gBAAgB,QAAA,EAAU,cAAA,CAAe,OAAO,CAAA,EAAE;AAAA,EAC1G;AAAA,EAEA,mBAAA,CAAoB,gBAAwB,OAAA,EAAqC;AAC/E,IAAA,OAAO,EAAE,iBAAiB,cAAA,EAAgB,UAAA,EAAY,mBAAmB,QAAA,EAAU,cAAA,CAAe,OAAO,CAAA,EAAE;AAAA,EAC7G;AAAA,EAEA,MAAM,UAAA,CAAW,cAAA,EAAwB,OAAA,EAA4C;AACnF,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,UAAU,MAAM,IAAI,MAAM,2CAA2C,CAAA;AACpF,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAK,SAAS,YAAA,CAAa;AAAA,MAChD,eAAA,EAAiB,cAAA;AAAA,MACjB,UAAA,EAAY,aAAA;AAAA,MACZ,QAAA,EAAU,eAAe,OAAO;AAAA,KACjC,CAAA;AACD,IAAA,OAAO,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,IAAK,CAAC,CAAA,KAAM,EAAA;AAAA,EACjC;AAAA,EAEA,MAAM,gBAAgB,cAAA,EAAyC;AAC7D,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,UAAU,MAAM,IAAI,MAAM,2CAA2C,CAAA;AACpF,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAK,SAAS,YAAA,CAAa;AAAA,MAChD,eAAA,EAAiB,cAAA;AAAA,MACjB,UAAA,EAAY,mBAAA;AAAA,MACZ,UAAU;AAAC,KACZ,CAAA;AACD,IAAA,OAAO,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,IAAK,CAAC,CAAA;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,WAAA,CAAY,WAA4B,KAAA,EAA2B;AACjE,IAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,EAAA,GAAK,KAAK,EAAE,CAAA;AACvC,IAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgB,SAAA,CAAU,CAAC,GAAG,CAAC,CAAA;AACvC,IAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgB,SAAA,CAAU,CAAC,GAAG,EAAE,CAAA;AACxC,IAAA,GAAA,CAAI,IAAI,eAAA,CAAgB,KAAK,EAAE,QAAA,CAAS,EAAE,GAAG,EAAE,CAAA;AAC/C,IAAA,OAAOA,OAAO,GAAG,CAAA;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,yBACE,cAAA,EACA,SAAA,EACA,OACA,MAAA,EACA,SAAA,EACA,WACA,OAAA,EACW;AACX,IAAA,MAAM,CAAC,EAAA,EAAI,EAAE,CAAA,GAAI,WAAA,CAAY,UAAU,CAAC,CAAA;AACxC,IAAA,MAAM,CAAC,EAAA,EAAI,EAAE,CAAA,GAAI,WAAA,CAAY,UAAU,CAAC,CAAA;AACxC,IAAA,MAAM,cAAA,GAA2B,CAAC,MAAA,CAAO,MAAA,CAAO,MAAM,CAAC,CAAA;AACvD,IAAA,KAAA,MAAW,QAAQ,MAAA,EAAQ;AACzB,MAAA,MAAM,CAAC,EAAA,EAAI,EAAE,IAAI,WAAA,CAAY,aAAA,CAAc,IAAI,CAAC,CAAA;AAChD,MAAA,cAAA,CAAe,IAAA,CAAK,IAAI,KAAA,CAAM,EAAE,GAAG,GAAA,CAAI,KAAA,CAAM,EAAE,CAAC,CAAA;AAAA,IAClD;AACA,IAAA,OAAO;AAAA,MACL,eAAA,EAAiB,cAAA;AAAA,MACjB,UAAA,EAAY,wBAAA;AAAA,MACZ,QAAA,EAAU;AAAA,QACR,GAAG,eAAe,SAAS,CAAA;AAAA;AAAA,QAC3B,GAAA,CAAI,MAAM,KAAK,CAAA;AAAA,QACf,GAAG,cAAA;AAAA;AAAA,QACH,OAAO,SAAS,CAAA;AAAA,QAChB,GAAG,wBAAA,CAAyB,SAAA,CAAU,iBAAiB,CAAA;AAAA,QACvD,GAAG,wBAAA,CAAyB,SAAA,CAAU,cAAc,CAAA;AAAA,QACpD,MAAA,CAAO,UAAU,eAAe,CAAA;AAAA,QAChC,GAAA,CAAI,MAAM,EAAE,CAAA;AAAA,QAAG,GAAA,CAAI,MAAM,EAAE,CAAA;AAAA,QAC3B,GAAA,CAAI,MAAM,EAAE,CAAA;AAAA,QAAG,GAAA,CAAI,MAAM,EAAE,CAAA;AAAA,QAC3B,UAAU,KAAA,GAAQ;AAAA;AACpB,KACF;AAAA,EACF;AACF;AAGA,SAAS,eAAe,EAAA,EAA+B;AACrD,EAAA,MAAM,CAAC,EAAA,EAAI,EAAE,CAAA,GAAI,WAAA,CAAY,GAAG,CAAC,CAAA;AACjC,EAAA,MAAM,CAAC,EAAA,EAAI,EAAE,CAAA,GAAI,WAAA,CAAY,GAAG,CAAC,CAAA;AACjC,EAAA,OAAO,CAAC,GAAA,CAAI,KAAA,CAAM,EAAE,CAAA,EAAG,IAAI,KAAA,CAAM,EAAE,CAAA,EAAG,GAAA,CAAI,MAAM,EAAE,CAAA,EAAG,GAAA,CAAI,KAAA,CAAM,EAAE,CAAC,CAAA;AACpE;ACrJO,IAAM,oBAAA,GAAN,cAAmC,MAAA,CAAO;AAAA,EAC/C,YAA6B,MAAA,EAAsB;AAEjD,IAAA,KAAA,CAAM,KAAK,CAAA;AAFgB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AAAA,EAG7B;AAAA;AAAA,EAGA,MAAe,SAAA,GAA6B;AAC1C,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAyB,QAAQ,OAAA,EAA8C;AAC7E,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,eAAA,CAAgB,MAAA,CAAO,OAAO,CAAC,CAAC,CAAA;AACnE,IAAA,OAAO,gBAAA,CAAiB,GAAG,CAAA,CAAE,GAAA,CAAI,CAAC,CAAA,KAAMC,GAAAA,CAAI,KAAA,CAAM,CAAC,CAAC,CAAA;AAAA,EACtD;AACF;;;ACQO,IAAM,yBAAN,MAAuD;AAAA,EAAvD,WAAA,GAAA;AACL,IAAA,IAAA,CAAQ,OAAA,uBAAc,GAAA,EAA8B;AAAA,EAAA;AAAA,EAEpD,MAAM,OAAO,MAAA,EAAkD;AAC7D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,MAAM,CAAA,IAAK,IAAA;AAAA,EACrC;AAAA,EACA,MAAM,SAAS,MAAA,EAA6E;AAC1F,IAAA,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,MAAA,CAAO,MAAA,EAAQ,EAAE,OAAA,EAAS,MAAA,CAAO,OAAA,EAAS,OAAA,EAAS,CAAC,MAAA,CAAO,aAAa,GAAG,CAAA;AAAA,EAC9F;AAAA,EACA,MAAM,UAAU,MAAA,EAAsE;AACpF,IAAA,MAAM,CAAA,GAAI,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,OAAO,MAAM,CAAA;AACxC,IAAA,IAAI,CAAA,EAAG,CAAA,CAAE,OAAA,GAAU,CAAC,GAAI,EAAE,OAAA,IAAW,EAAC,EAAI,MAAA,CAAO,MAAM,CAAA;AAAA,EACzD;AACF;;;ACzCA,SAAS,MAAM,CAAA,EAAmB;AAChC,EAAA,OAAO,IAAA,GAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA;AAC7B;AAGA,SAAS,QAAQ,CAAA,EAAmB;AAClC,EAAA,OAAO,OAAO,CAAC,CAAA;AACjB;AAQO,IAAM,qBAAN,MAAmD;AAAA,EACxD,YAA6B,IAAA,EAAiC;AAAjC,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAAA,EAAkC;AAAA,EAE/D,MAAM,OAAO,MAAA,EAAkD;AAC7D,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,cAAA,EAAgB,IAAA,CAAK,KAAK,OAAO,CAAA;AACrD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,QAAA,EAAU,IAAA,CAAK,KAAK,KAAK,CAAA;AAC9C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,MAAM,CAAA;AAC7C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,SAAA,EAAW,IAAA,CAAK,KAAK,OAAO,CAAA;AAEjD,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,SAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB,EAAG,CAAA;AAChF,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AACpE,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,IAAA,IAAI,CAAC,IAAA,CAAK,KAAA,IAAS,CAAC,IAAA,CAAK,SAAS,OAAO,IAAA;AAEzC,IAAA,MAAM,OAAA,GAAyC,KAAA,CAAM,OAAA,CAAQ,IAAA,CAAK,OAAO,IACrE,IAAA,CAAK,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,MAAyC;AAAA,MACzD,CAAA,EAAG,OAAA,CAAQ,CAAA,CAAE,KAAK,CAAA;AAAA,MAClB,CAAA,EAAG,OAAA,CAAQ,CAAA,CAAE,KAAK;AAAA,MAClB,CAAA,GACF,MAAA;AAEJ,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,CAAK,OAAA,EAAS,OAAA,EAAQ;AAAA,EAC1C;AAAA,EAEA,MAAM,SAAS,MAAA,EAIG;AAChB,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,IAAI,IAAI,cAAA,EAAgB,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,EAAG;AAAA,MAClE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,MAAA,EAAQ,KAAK,IAAA,CAAK,KAAA;AAAA,QAClB,gBAAgB,MAAA,CAAO,MAAA;AAAA,QACvB,OAAA,EAAS,KAAK,IAAA,CAAK,OAAA;AAAA,QACnB,SAAS,MAAA,CAAO,OAAA;AAAA;AAAA,QAEhB,OAAA,EAAS,CAAC,EAAE,CAAA,EAAG,MAAM,MAAA,CAAO,aAAA,CAAc,CAAC,CAAA,EAAG,GAAG,KAAA,CAAM,MAAA,CAAO,aAAA,CAAc,CAAC,GAAG;AAAA,OACjF;AAAA,KACF,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAI,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AACzC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,IAAI,MAAM,CAAA,CAAA,EAAI,CAAC,CAAA,CAAE,CAAA;AAAA,IAChE;AAAA,EACF;AAAA,EAEA,MAAM,UAAW,MAAA,EAIC;AAGX,EACP;AACF;ACnEO,SAAS,iBAAA,CAAkB,EAAE,MAAA,EAAQ,OAAA,EAAQ,EAA0B;AAE5E,EAAA,MAAM,CAAA,GAAIC,IAAAA,CAAK,6BAAA,CAA8B,CAAC,cAAA,CAAe,MAAM,CAAA,EAAG,cAAA,CAAe,OAAO,CAAC,CAAC,CAAA;AAC9F,EAAA,OAAO,OAAO,CAAC,CAAA;AACjB;AASO,SAAS,uBAAA,CAAwB,EAAE,MAAA,EAAQ,OAAA,EAAQ,EAA8B;AACtF,EAAA,OAAOF,MAAAA,CAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,mBAAmB,MAAM,CAAA,CAAA,EAAI,OAAO,CAAA,CAAE,CAAC,CAAA;AAChF;AAQO,SAAS,wBAAA,CAAyB,EAAE,MAAA,EAAQ,OAAA,EAAQ,EAA8B;AACvF,EAAA,OAAOA,MAAAA,CAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,oBAAoB,MAAM,CAAA,CAAA,EAAI,OAAO,CAAA,CAAE,CAAC,CAAA;AACjF;AAGA,SAAS,eAAe,CAAA,EAAmB;AACzC,EAAA,MAAM,KAAA,GAAQ,IAAI,WAAA,EAAY,CAAE,OAAO,CAAC,CAAA;AACxC,EAAA,MAAM,SAAmB,EAAC;AAC1B,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,MAAA,EAAQ,KAAK,EAAA,EAAI;AACzC,IAAA,IAAI,CAAA,GAAI,EAAA;AACR,IAAA,KAAA,MAAW,CAAA,IAAK,KAAA,CAAM,QAAA,CAAS,CAAA,EAAG,CAAA,GAAI,EAAE,CAAA,EAAG,CAAA,GAAK,CAAA,IAAK,EAAA,GAAM,MAAA,CAAO,CAAC,CAAA;AACnE,IAAA,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,EACf;AACA,EAAA,IAAI,MAAA,CAAO,MAAA,KAAW,CAAA,EAAG,OAAO,EAAA;AAChC,EAAA,IAAI,MAAA,CAAO,MAAA,KAAW,CAAA,EAAG,OAAO,OAAO,CAAC,CAAA;AACxC,EAAA,OAAO,MAAA,CAAOE,IAAAA,CAAK,6BAAA,CAA8B,MAAM,CAAC,CAAA;AAC1D;;;ACrDO,IAAM,yBAAA,GACX;AAGK,IAAM,oBAAA,GACX;AAGK,IAAM,YAAA,GAAe,eAAA;AAGrB,IAAM,UAAA,GAAa,qBAAA;AACnB,IAAM,aAAA,GAAgB,wBAAA;AACtB,IAAM,eAAA,GAAkB,mBAAA;AAGxB,IAAM,cAAA,GAAiB,kBAAA;AACvB,IAAM,mBAAA,GAAsB,uBAAA;AAC5B,IAAM,sBAAA,GAAyB,0BAAA;AAG/B,IAAM,WAAA,GACX,mEAAA;AAEK,IAAM,eAAA,GAAkB;AAAA,EAC7B,eAAA,EAAiB,+BAAA;AAAA,EACjB,gBAAA,EAAkB,qCAAA;AAAA,EAClB,iBAAA,EAAmB;AACrB;ACPA,IAAM,sBAAA,GAAyB,EAAA;AAC/B,IAAM,cAAA,GAAiB,EAAA;AACvB,IAAM,UAAA,GAAa,KAAA;AAoCZ,IAAM,gBAAN,MAAoB;AAAA,EAIzB,WAAA,CAA6B,IAAA,GAA6B,EAAC,EAAG;AAAjC,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAH7B,IAAA,IAAA,CAAS,KAAA,GAAQ,QAAA;AAIf,IAAA,IAAA,CAAK,SAAA,GAAY,IAAI,SAAA,CAAU,IAAA,CAAK,aAAa,yBAAyB,CAAA;AAAA,EAC5E;AAAA;AAAA,EAGA,cAAA,CAAe,aAAyB,aAAA,EAAwC;AAC9E,IAAA,OAAO,KAAK,GAAA,CAAI,WAAA,EAAa,iBAAiB,aAAa,CAAC,EAAE,QAAA,EAAS;AAAA,EACzE;AAAA,EAEQ,GAAA,CAAI,aAAyB,iBAAA,EAA0C;AAC7E,IAAA,MAAM,CAAC,GAAG,CAAA,GAAI,SAAA,CAAU,sBAAA;AAAA,MACtB;AAAA,QACE,MAAA,CAAO,KAAK,YAAY,CAAA;AAAA,QACxB,MAAA,CAAO,KAAK,WAAW,CAAA;AAAA,QACvB,OAAO,IAAA,CAAK,iBAAA,CAAkB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAC;AAAA;AAAA,OAC5C;AAAA,MACA,IAAA,CAAK;AAAA,KACP;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA,EAGA,eAAA,CACE,WAAA,EACA,KAAA,EACA,aAAA,EACwB;AACxB,IAAA,MAAM,iBAAA,GAAoB,iBAAiB,aAAa,CAAA;AACxD,IAAA,MAAM,OAAA,GAAU,IAAA,CAAK,GAAA,CAAI,WAAA,EAAa,iBAAiB,CAAA;AACvD,IAAA,MAAM,IAAA,GAAO,OAAO,MAAA,CAAO;AAAA,MACzB,oBAAoB,YAAY,CAAA;AAAA,MAChC,MAAA,CAAO,KAAK,WAAW,CAAA;AAAA;AAAA,MACvB,MAAA,CAAO,KAAK,iBAAiB;AAAA;AAAA,KAC9B,CAAA;AACD,IAAA,OAAO,IAAI,sBAAA,CAAuB;AAAA,MAChC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM;AAAA,QACJ,EAAE,MAAA,EAAQ,OAAA,EAAS,QAAA,EAAU,KAAA,EAAO,YAAY,IAAA,EAAK;AAAA,QACrD,EAAE,QAAQ,IAAI,SAAA,CAAU,KAAK,CAAA,EAAG,QAAA,EAAU,IAAA,EAAM,UAAA,EAAY,IAAA,EAAK;AAAA,QACjE,EAAE,MAAA,EAAQ,aAAA,CAAc,WAAW,QAAA,EAAU,KAAA,EAAO,YAAY,KAAA;AAAM,OACxE;AAAA,MACA;AAAA,KACD,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,cAAA,CACJ,OAAA,EACA,SAAA,EACmC;AACnC,IAAA,MAAM,SAAA,GAAY,IAAI,SAAA,CAAU,OAAO,CAAA;AACvC,IAAA,MAAM,aAAA,GAAgB,iBAAiB,SAAS,CAAA;AAChD,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,WAAA;AAAA,MACd,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,MACtB,UAAU,QAAA,EAAS;AAAA,MACnB,aAAA;AAAA,MACA,MAAM,KAAK;AAAA,KACb;AACA,IAAA,MAAM,EAAE,YAAA,EAAa,GAAI,MAAM,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAC5D,IAAA,MAAM,EAAA,GAAK,IAAI,sBAAA,CAAuB;AAAA,MACpC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,IAAA,CAAK,WAAA,CAAY,SAAS,CAAA;AAAA,MAChC,IAAA,EAAM,MAAA,CAAO,MAAA,CAAO,CAAC,mBAAA,CAAoB,YAAY,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,aAAa,CAAC,CAAC;AAAA,KACpF,CAAA;AACD,IAAA,OAAO,CAAC,cAAc,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA,EAGA,MAAM,iBAAA,CACJ,OAAA,EACA,MAAA,EACmC;AACnC,IAAA,MAAM,SAAA,GAAY,IAAI,SAAA,CAAU,OAAO,CAAA;AACvC,IAAA,MAAM,UAAA,GAAa,iBAAiB,MAAM,CAAA;AAC1C,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,WAAA;AAAA,MACd,MAAA,CAAO,KAAK,aAAa,CAAA;AAAA,MACzB,UAAU,QAAA,EAAS;AAAA,MACnB,UAAA;AAAA,MACA,MAAM,KAAK;AAAA,KACb;AACA,IAAA,MAAM,EAAE,YAAA,EAAa,GAAI,MAAM,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAC5D,IAAA,MAAM,EAAA,GAAK,IAAI,sBAAA,CAAuB;AAAA,MACpC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,IAAA,CAAK,WAAA,CAAY,SAAS,CAAA;AAAA,MAChC,IAAA,EAAM,MAAA,CAAO,MAAA,CAAO,CAAC,mBAAA,CAAoB,eAAe,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAC;AAAA,KACpF,CAAA;AACD,IAAA,OAAO,CAAC,cAAc,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA,EAGA,MAAM,gBAAA,CACJ,OAAA,EACA,OAAA,EACmC;AACnC,IAAA,MAAM,SAAA,GAAY,IAAI,SAAA,CAAU,OAAO,CAAA;AACvC,IAAA,MAAM,UAAA,GAAa,iBAAiB,OAAO,CAAA;AAC3C,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,WAAA;AAAA,MACd,MAAA,CAAO,KAAK,mBAAmB,CAAA;AAAA,MAC/B,UAAU,QAAA,EAAS;AAAA,MACnB,UAAA;AAAA,MACA,MAAM,KAAK;AAAA,KACb;AACA,IAAA,MAAM,EAAE,YAAA,EAAa,GAAI,MAAM,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAC5D,IAAA,MAAM,EAAA,GAAK,IAAI,sBAAA,CAAuB;AAAA,MACpC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,IAAA,CAAK,WAAA,CAAY,SAAS,CAAA;AAAA,MAChC,IAAA,EAAM,MAAA,CAAO,MAAA,CAAO,CAAC,mBAAA,CAAoB,cAAc,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAC;AAAA,KACnF,CAAA;AACD,IAAA,OAAO,CAAC,cAAc,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA,EAGA,MAAM,mBAAA,CACJ,OAAA,EACA,OAAA,EACmC;AACnC,IAAA,MAAM,SAAA,GAAY,IAAI,SAAA,CAAU,OAAO,CAAA;AACvC,IAAA,MAAM,UAAA,GAAa,iBAAiB,OAAO,CAAA;AAC3C,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,WAAA;AAAA,MACd,MAAA,CAAO,KAAK,sBAAsB,CAAA;AAAA,MAClC,UAAU,QAAA,EAAS;AAAA,MACnB,UAAA;AAAA,MACA,MAAM,KAAK;AAAA,KACb;AACA,IAAA,MAAM,EAAE,YAAA,EAAa,GAAI,MAAM,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAC5D,IAAA,MAAM,EAAA,GAAK,IAAI,sBAAA,CAAuB;AAAA,MACpC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,IAAA,CAAK,WAAA,CAAY,SAAS,CAAA;AAAA,MAChC,IAAA,EAAM,MAAA,CAAO,MAAA,CAAO,CAAC,mBAAA,CAAoB,iBAAiB,CAAA,EAAG,MAAA,CAAO,IAAA,CAAK,UAAU,CAAC,CAAC;AAAA,KACtF,CAAA;AACD,IAAA,OAAO,CAAC,cAAc,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA,EAKA,WAAA,CAAY,WAA4B,KAAA,EAA2B;AACjE,IAAA,OAAOF,MAAAA,CAAO,YAAY,gBAAA,CAAiB,SAAS,GAAG,KAAA,CAAM,KAAK,CAAC,CAAC,CAAA;AAAA,EACtE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,yBACE,OAAA,EACA,SAAA,EACA,OAAA,EACA,MAAA,EACA,WACA,SAAA,EAC0B;AAC1B,IAAA,MAAM,SAAA,GAAY,IAAI,SAAA,CAAU,OAAO,CAAA;AACvC,IAAA,MAAM,aAAA,GAAgB,iBAAiB,SAAS,CAAA;AAChD,IAAA,MAAM,iBAAA,GAAoB,iBAAiB,OAAO,CAAA;AAIlD,IAAA,MAAM,UAAA,GAAaA,MAAAA,CAAO,SAAA,CAAU,cAAc,CAAA;AAClD,IAAA,MAAM,OAAA,GAAU,WAAA,CAAY,SAAA,CAAU,iBAAA,EAAmB,UAAU,CAAA;AACnE,IAAA,MAAM,SAAA,GAAY,mBAAA,CAAoB,SAAA,CAAU,CAAA,EAAG,UAAU,CAAC,CAAA;AAC9D,IAAA,MAAM,YAAA,GAAe,yBAAA,CAA0B,iBAAA,EAAmB,SAAA,EAAW,OAAO,CAAA;AAGpF,IAAA,MAAM,aAAa,MAAA,CAAO,MAAA,CAAO,CAAC,KAAA,CAAM,MAAA,CAAO,MAAM,CAAA,EAAG,GAAG,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,MAAA,CAAO,KAAK,CAAC,CAAC,CAAC,CAAC,CAAA;AAC7F,IAAA,MAAM,IAAA,GAAO,OAAO,MAAA,CAAO;AAAA,MACzB,oBAAoB,wBAAwB,CAAA;AAAA,MAC5C,MAAA,CAAO,KAAK,aAAa,CAAA;AAAA,MACzB,UAAA;AAAA,MACA,MAAM,SAAS,CAAA;AAAA,MACf,cAAA,CAAe,UAAU,iBAAiB,CAAA;AAAA,MAC1C,cAAA,CAAe,UAAU,cAAc,CAAA;AAAA,MACvC,KAAA,CAAM,UAAU,eAAe;AAAA,KAChC,CAAA;AACD,IAAA,MAAM,EAAA,GAAK,IAAI,sBAAA,CAAuB;AAAA,MACpC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM,IAAA,CAAK,WAAA,CAAY,SAAS,CAAA;AAAA,MAChC;AAAA,KACD,CAAA;AACD,IAAA,OAAO,CAAC,cAAc,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA,EAGA,MAAM,UAAA,CAAW,OAAA,EAAiB,OAAA,EAA4C;AAC5E,IAAA,MAAM,YAAY,MAAM,IAAA,CAAK,eAAe,IAAI,SAAA,CAAU,OAAO,CAAC,CAAA;AAClE,IAAA,MAAM,MAAA,GAAS,OAAO,IAAA,CAAK,gBAAA,CAAiB,OAAO,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AACpE,IAAA,OAAO,SAAA,CAAU,IAAA,CAAK,CAAC,CAAA,KAAM,MAAA,CAAO,IAAA,CAAK,CAAC,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA,KAAM,MAAM,CAAA;AAAA,EACxE;AAAA;AAAA,EAGA,MAAM,aAAa,OAAA,EAAkC;AACnD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,iBAAA,GAAoB,cAAA,CAAe,IAAI,SAAA,CAAU,OAAO,CAAC,CAAA;AACjF,IAAA,IAAI,CAAC,MAAM,OAAO,EAAA;AAClB,IAAA,MAAM,IAAI,IAAA,CAAK,IAAA;AACf,IAAA,MAAM,aAAA,GAAgB,CAAA,GAAI,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,sBAAA;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,YAAA,CAAa,aAAa,CAAA;AAChD,IAAA,MAAM,eAAA,GAAkB,aAAA,GAAgB,CAAA,GAAI,WAAA,GAAc,sBAAA;AAC1D,IAAA,MAAM,aAAA,GAAgB,CAAA,CAAE,YAAA,CAAa,eAAe,CAAA;AACpD,IAAA,MAAM,eAAA,GAAkB,eAAA,GAAkB,CAAA,GAAI,aAAA,GAAgB,sBAAA;AAC9D,IAAA,OAAO,SAAA,CAAU,GAAG,eAAe,CAAA;AAAA,EACrC;AAAA;AAAA,EAGA,MAAM,oBAAA,CACJ,OAAA,EACA,WAAA,EACA,MAAA,EACmC;AACnC,IAAA,MAAM,SAAA,GAAY,IAAI,SAAA,CAAU,OAAO,CAAA;AACvC,IAAA,MAAM,MAAA,GAAS,IAAI,SAAA,CAAU,WAAW,CAAA;AACxC,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,WAAA;AAAA,MACd,MAAA,CAAO,KAAK,eAAe,CAAA;AAAA,MAC3B,UAAU,QAAA,EAAS;AAAA,MACnB,OAAO,QAAA,EAAS;AAAA,MAChB,MAAM,MAAM,CAAA;AAAA,MACZ,MAAM,KAAK;AAAA,KACb;AACA,IAAA,MAAM,EAAE,YAAA,EAAa,GAAI,MAAM,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAC5D,IAAA,MAAM,EAAA,GAAK,IAAI,sBAAA,CAAuB;AAAA,MACpC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM;AAAA,QACJ,EAAE,MAAA,EAAQ,SAAA,EAAW,QAAA,EAAU,KAAA,EAAO,YAAY,IAAA,EAAK;AAAA,QACvD,EAAE,MAAA,EAAQ,MAAA,EAAQ,QAAA,EAAU,KAAA,EAAO,YAAY,IAAA,EAAK;AAAA,QACpD,EAAE,MAAA,EAAQ,0BAAA,EAA4B,QAAA,EAAU,KAAA,EAAO,YAAY,KAAA;AAAM,OAC3E;AAAA,MACA,IAAA,EAAM,MAAA,CAAO,MAAA,CAAO,CAAC,mBAAA,CAAoB,kBAAkB,CAAA,EAAG,KAAA,CAAM,MAAM,CAAC,CAAC;AAAA,KAC7E,CAAA;AACD,IAAA,OAAO,CAAC,cAAc,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,YAAA,CACJ,OAAA,EACA,YAAA,EACmC;AACnC,IAAA,IAAI,aAAa,MAAA,KAAW,CAAA,EAAG,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAEtG,IAAA,MAAM,SAAA,GAAY,IAAI,SAAA,CAAU,OAAO,CAAA;AACvC,IAAA,MAAM,KAAA,GAAQ,MAAM,IAAA,CAAK,UAAA,CAAW,SAAS,CAAA;AAI7C,IAAA,MAAM,IAAA,GAAO,sBAAsB,YAAY,CAAA;AAC/C,IAAA,MAAM,OAAA,GAAUA,OAAO,IAAI,CAAA;AAE3B,IAAA,MAAM,OAAA,GAAU,WAAA;AAAA,MACd,MAAA,CAAO,KAAK,cAAc,CAAA;AAAA,MAC1B,UAAU,QAAA,EAAS;AAAA,MACnB,MAAA,CAAO,KAAK,OAAO,CAAA;AAAA,MACnB,MAAM,KAAK;AAAA,KACb;AACA,IAAA,MAAM,EAAE,YAAA,EAAa,GAAI,MAAM,IAAA,CAAK,iBAAiB,OAAO,CAAA;AAO5D,IAAA,MAAM,OAAA,GAAU,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA;AAC9B,IAAA,IAAI,QAAA,CAAS,QAAQ,MAAM,CAAA,CAAE,UAAU,CAAA,EAAG,IAAA,CAAK,QAAQ,IAAI,CAAA;AAC3D,IAAA,MAAM,IAAA,GAAO,OAAO,MAAA,CAAO,CAAC,oBAAoB,SAAS,CAAA,EAAG,OAAA,EAAS,IAAI,CAAC,CAAA;AAC1E,IAAA,MAAM,oBAAwF,EAAC;AAC/F,IAAA,KAAA,MAAWG,OAAM,YAAA,EAAc;AAC7B,MAAA,KAAA,MAAW,GAAA,IAAOA,IAAG,QAAA,EAAU;AAC7B,QAAA,iBAAA,CAAkB,IAAA,CAAK;AAAA,UACrB,MAAA,EAAQ,IAAI,SAAA,CAAU,GAAA,CAAI,MAAM,CAAA;AAAA,UAChC,QAAA,EAAU,KAAA;AAAA;AAAA,UACV,YAAY,GAAA,CAAI;AAAA,SACjB,CAAA;AAAA,MACH;AAGA,MAAA,iBAAA,CAAkB,IAAA,CAAK;AAAA,QACrB,MAAA,EAAQ,IAAI,SAAA,CAAUA,GAAAA,CAAG,SAAS,CAAA;AAAA,QAClC,QAAA,EAAU,KAAA;AAAA,QACV,UAAA,EAAY;AAAA,OACb,CAAA;AAAA,IACH;AACA,IAAA,MAAM,EAAA,GAAK,IAAI,sBAAA,CAAuB;AAAA,MACpC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,IAAA,EAAM;AAAA,QACJ,EAAE,MAAA,EAAQ,SAAA,EAAW,QAAA,EAAU,KAAA,EAAO,YAAY,IAAA,EAAK;AAAA,QACvD,EAAE,MAAA,EAAQ,0BAAA,EAA4B,QAAA,EAAU,KAAA,EAAO,YAAY,KAAA,EAAM;AAAA,QACzE,GAAG;AAAA,OACL;AAAA,MACA;AAAA,KACD,CAAA;AACD,IAAA,OAAO,CAAC,cAAc,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA,EAGA,MAAM,kBAAA,CAAmB,OAAA,EAAiB,MAAA,EAA2C;AACnF,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,aAAa,IAAI,SAAA,CAAU,OAAO,CAAC,CAAA;AAC9D,IAAA,MAAM,MAAA,GAAS,OAAO,IAAA,CAAK,gBAAA,CAAiB,MAAM,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AACnE,IAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,CAAC,CAAA,KAAM,MAAA,CAAO,IAAA,CAAK,CAAC,CAAA,CAAE,QAAA,CAAS,KAAK,CAAA,KAAM,MAAM,CAAA;AAAA,EACtE;AAAA,EAEQ,YAAY,OAAA,EAAoB;AACtC,IAAA,OAAO;AAAA,MACL,EAAE,MAAA,EAAQ,OAAA,EAAS,QAAA,EAAU,KAAA,EAAO,YAAY,IAAA,EAAK;AAAA,MACrD,EAAE,MAAA,EAAQ,0BAAA,EAA4B,QAAA,EAAU,KAAA,EAAO,YAAY,KAAA;AAAM,KAC3E;AAAA,EACF;AAAA;AAAA,EAGA,MAAc,iBACZ,OAAA,EACmD;AACnD,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,QAAQ,MAAM,IAAI,MAAM,0CAA0C,CAAA;AACjF,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,IAAA,CAAK,OAAO,YAAA,EAAa;AAEnD,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,IAAA,CAAK,MAAA,CAAO,KAAK,OAAqB,CAAA;AAC7D,IAAA,MAAM,SAAA,GAAY,mBAAA,CAAoB,GAAA,CAAI,CAAA,EAAG,IAAI,CAAC,CAAA;AAClD,IAAA,MAAM,YAAA,GAAe,yBAAA;AAAA,MACnB,iBAAiB,MAAM,CAAA;AAAA,MACvB,SAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,OAAO,EAAE,YAAA,EAAa;AAAA,EACxB;AAAA,EAEA,MAAc,WAAW,OAAA,EAAqC;AAC5D,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,iBAAA,EAAkB,CAAE,eAAe,OAAO,CAAA;AAClE,IAAA,IAAI,CAAC,MAAM,OAAO,EAAA;AAGlB,IAAA,OAAO,SAAA,CAAU,IAAA,CAAK,IAAA,EAAM,EAAE,CAAA;AAAA,EAChC;AAAA,EAEA,MAAc,aAAa,OAAA,EAA2C;AACpE,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,iBAAA,EAAkB,CAAE,eAAe,OAAO,CAAA;AAClE,IAAA,IAAI,CAAC,IAAA,EAAM,OAAO,EAAC;AACnB,IAAA,MAAM,IAAI,IAAA,CAAK,IAAA;AAEf,IAAA,MAAM,SAAA,GAAY,CAAA,GAAI,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,sBAAA;AACnC,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,YAAA,CAAa,SAAS,CAAA;AACtC,IAAA,MAAM,MAAoB,EAAC;AAC3B,IAAA,IAAI,MAAM,SAAA,GAAY,CAAA;AACtB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,CAAA,EAAA,EAAK;AAC9B,MAAA,GAAA,CAAI,IAAA,CAAK,WAAW,IAAA,CAAK,CAAA,CAAE,SAAS,GAAA,EAAK,GAAA,GAAM,sBAAsB,CAAC,CAAC,CAAA;AACvE,MAAA,GAAA,IAAO,sBAAA;AAAA,IACT;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA,EAEA,MAAc,eAAe,OAAA,EAA2C;AACtE,IAAA,MAAM,OAAO,MAAM,IAAA,CAAK,iBAAA,EAAkB,CAAE,eAAe,OAAO,CAAA;AAClE,IAAA,IAAI,CAAC,IAAA,EAAM,OAAO,EAAC;AACnB,IAAA,MAAM,IAAI,IAAA,CAAK,IAAA;AACf,IAAA,MAAM,aAAA,GAAgB,CAAA,GAAI,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,sBAAA;AACvC,IAAA,MAAM,WAAA,GAAc,CAAA,CAAE,YAAA,CAAa,aAAa,CAAA;AAChD,IAAA,MAAM,eAAA,GAAkB,aAAA,GAAgB,CAAA,GAAI,WAAA,GAAc,sBAAA;AAC1D,IAAA,MAAM,KAAA,GAAQ,CAAA,CAAE,YAAA,CAAa,eAAe,CAAA;AAC5C,IAAA,MAAM,MAAoB,EAAC;AAC3B,IAAA,IAAI,MAAM,eAAA,GAAkB,CAAA;AAC5B,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,CAAA,EAAA,EAAK;AAC9B,MAAA,GAAA,CAAI,IAAA,CAAK,WAAW,IAAA,CAAK,CAAA,CAAE,SAAS,GAAA,EAAK,GAAA,GAAM,sBAAsB,CAAC,CAAC,CAAA;AACvE,MAAA,GAAA,IAAO,sBAAA;AAAA,IACT;AACA,IAAA,OAAO,GAAA;AAAA,EACT;AAAA,EAEQ,iBAAA,GAAgC;AACtC,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,CAAK,YAAY,MAAM,IAAI,MAAM,2CAA2C,CAAA;AACtF,IAAA,OAAO,KAAK,IAAA,CAAK,UAAA;AAAA,EACnB;AACF;AAGO,SAAS,iBAAiB,EAAA,EAAiC;AAChE,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,sBAAsB,CAAA;AACjD,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,EAAA,CAAG,CAAA,GAAI,EAAA,KAAO,KAAK,CAAA,GAAO,CAAA;AACnC,EAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgB,EAAA,CAAG,CAAC,GAAG,CAAC,CAAA;AAChC,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,mBAAA,CAAoB,GAAW,CAAA,EAAuB;AACpE,EAAA,MAAMC,KAAAA,GAAO,CAAA,GAAI,WAAA,GAAc,EAAA,GAAK,cAAc,CAAA,GAAI,CAAA;AACtD,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,cAAc,CAAA;AACzC,EAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgB,CAAC,CAAA,EAAG,CAAC,CAAA;AAC7B,EAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgBA,KAAI,CAAA,EAAG,EAAE,CAAA;AACjC,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,yBAAA,CACd,UAAA,EACA,SAAA,EACA,OAAA,EACwB;AACxB,EAAA,MAAM,SAAA,GAAY,CAAA;AAClB,EAAA,MAAM,UAAA,GAAa,EAAA;AACnB,EAAA,MAAM,eAAe,SAAA,GAAY,UAAA;AACjC,EAAA,MAAM,YAAY,YAAA,GAAe,sBAAA;AACjC,EAAA,MAAM,YAAY,SAAA,GAAY,cAAA;AAC9B,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,KAAA,CAAM,SAAA,GAAY,QAAQ,MAAM,CAAA;AAEpD,EAAA,IAAA,CAAK,UAAA,CAAW,GAAG,CAAC,CAAA;AACpB,EAAA,IAAA,CAAK,UAAA,CAAW,GAAG,CAAC,CAAA;AACpB,EAAA,IAAI,CAAA,GAAI,SAAA;AACR,EAAA,IAAA,CAAK,aAAA,CAAc,WAAW,CAAC,CAAA;AAAG,EAAA,CAAA,IAAK,CAAA;AACvC,EAAA,IAAA,CAAK,aAAA,CAAc,YAAY,CAAC,CAAA;AAAG,EAAA,CAAA,IAAK,CAAA;AACxC,EAAA,IAAA,CAAK,aAAA,CAAc,cAAc,CAAC,CAAA;AAAG,EAAA,CAAA,IAAK,CAAA;AAC1C,EAAA,IAAA,CAAK,aAAA,CAAc,YAAY,CAAC,CAAA;AAAG,EAAA,CAAA,IAAK,CAAA;AACxC,EAAA,IAAA,CAAK,aAAA,CAAc,WAAW,CAAC,CAAA;AAAG,EAAA,CAAA,IAAK,CAAA;AACvC,EAAA,IAAA,CAAK,aAAA,CAAc,OAAA,CAAQ,MAAA,EAAQ,CAAC,CAAA;AAAG,EAAA,CAAA,IAAK,CAAA;AAC5C,EAAA,IAAA,CAAK,aAAA,CAAc,YAAY,CAAC,CAAA;AAAG,EAAA,CAAA,IAAK,CAAA;AACxC,EAAA,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA,CAAE,IAAA,CAAK,MAAM,YAAY,CAAA;AAC/C,EAAA,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA,CAAE,IAAA,CAAK,MAAM,SAAS,CAAA;AAC3C,EAAA,MAAA,CAAO,IAAA,CAAK,OAAO,CAAA,CAAE,IAAA,CAAK,MAAM,SAAS,CAAA;AAEzC,EAAA,OAAO,IAAI,sBAAA,CAAuB;AAAA,IAChC,MAAM,EAAC;AAAA,IACP,SAAA,EAAW,IAAI,SAAA,CAAU,oBAAoB,CAAA;AAAA,IAC7C;AAAA,GACD,CAAA;AACH;AAGO,SAAS,oBAAoB,IAAA,EAAsB;AACxD,EAAA,OAAO,MAAA,CAAO,IAAA,CAAKJ,MAAAA,CAAO,CAAA,OAAA,EAAU,IAAI,EAAE,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,CAAC,CAAC,CAAA;AACzD;AAEA,SAAS,MAAM,CAAA,EAAmB;AAChC,EAAA,MAAM,CAAA,GAAI,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA;AACxB,EAAA,CAAA,CAAE,cAAc,CAAC,CAAA;AACjB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,MAAM,CAAA,EAA4B;AACzC,EAAA,MAAM,CAAA,GAAI,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA;AAGxB,EAAA,IAAI,QAAA,CAAS,CAAA,CAAE,MAAA,EAAQ,CAAA,CAAE,UAAA,EAAY,CAAC,CAAA,CAAE,YAAA,CAAa,CAAA,EAAG,MAAA,CAAO,CAAC,CAAA,EAAG,IAAI,CAAA;AACvE,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,SAAA,CAAU,KAAa,MAAA,EAAwB;AACtD,EAAA,OAAO,IAAI,SAAS,GAAA,CAAI,MAAA,EAAQ,IAAI,UAAA,EAAY,GAAA,CAAI,MAAM,CAAA,CAAE,YAAA;AAAA,IAC1D,MAAA;AAAA,IACA;AAAA,GACF;AACF;AAEA,SAAS,eAAe,KAAA,EAAiC;AACvD,EAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,CAAC,GAAG,CAAA,KAAM,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA;AACpD,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,KAAK,CAAA;AAChC,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,KAAA,MAAW,KAAK,KAAA,EAAO;AACrB,IAAA,GAAA,CAAI,GAAA,CAAI,GAAG,GAAG,CAAA;AACd,IAAA,GAAA,IAAO,CAAA,CAAE,MAAA;AAAA,EACX;AACA,EAAA,OAAO,GAAA;AACT;AASA,SAAS,qBAAqB,EAAA,EAA6B;AACzD,EAAA,MAAM,YAAY,IAAI,SAAA,CAAU,EAAA,CAAG,SAAS,EAAE,QAAA,EAAS;AACvD,EAAA,MAAM,QAAA,GAAW,iBAAA,CAAkB,EAAA,CAAG,QAAQ,CAAA;AAC9C,EAAA,MAAM,IAAA,GAAO,cAAA,CAAe,EAAA,CAAG,IAAI,CAAA;AACnC,EAAA,OAAO,OAAO,MAAA,CAAO,CAAC,SAAA,EAAW,QAAA,EAAU,IAAI,CAAC,CAAA;AAClD;AAEA,SAAS,kBAAkB,KAAA,EAAqC;AAC9D,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA;AAC1B,EAAA,IAAI,QAAA,CAAS,IAAI,MAAM,CAAA,CAAE,UAAU,CAAA,EAAG,KAAA,CAAM,QAAQ,IAAI,CAAA;AACxD,EAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,GAAA,CAAI,oBAAoB,CAAA;AAC5C,EAAA,OAAO,OAAO,MAAA,CAAO,CAAC,GAAA,EAAK,GAAG,KAAK,CAAC,CAAA;AACtC;AAEA,SAAS,qBAAqB,IAAA,EAAkC;AAC9D,EAAA,MAAM,SAAS,IAAI,SAAA,CAAU,IAAA,CAAK,MAAM,EAAE,QAAA,EAAS;AACnD,EAAA,OAAO,OAAO,MAAA,CAAO,CAAC,MAAA,EAAQ,MAAA,CAAO,KAAK,CAAC,IAAA,CAAK,QAAA,GAAW,CAAA,GAAI,GAAG,IAAA,CAAK,UAAA,GAAa,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA;AAC9F;AAEA,SAAS,eAAe,IAAA,EAA0B;AAChD,EAAA,MAAM,GAAA,GAAM,MAAA,CAAO,KAAA,CAAM,CAAC,CAAA;AAC1B,EAAA,IAAI,QAAA,CAAS,IAAI,MAAM,CAAA,CAAE,UAAU,CAAA,EAAG,IAAA,CAAK,QAAQ,IAAI,CAAA;AACvD,EAAA,OAAO,MAAA,CAAO,OAAO,CAAC,GAAA,EAAK,OAAO,IAAA,CAAK,IAAI,CAAC,CAAC,CAAA;AAC/C;AAGO,SAAS,sBAAsB,YAAA,EAAyC;AAC7E,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,oBAAoB,CAAC,CAAA;AAC7D;ACniBO,IAAM,gBAAN,MAAoB;AAAA,EAGzB,YAA6B,IAAA,EAA4B;AAA5B,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAAA,EAA6B;AAAA;AAAA,EAG1D,MAAM,WAAA,GAAkC;AACtC,IAAA,IAAI,IAAA,CAAK,QAAA,EAAU,OAAO,IAAA,CAAK,QAAA;AAC/B,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,0BAAA,EAA6B,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAC5F,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI,MAAM,IAAI,KAAA,CAAM,CAAA,6CAAA,EAAgD,GAAA,CAAI,MAAM,CAAA,CAAA,CAAG,CAAA;AAC1F,IAAA,MAAM,EAAE,SAAA,EAAU,GAAK,MAAM,IAAI,IAAA,EAAK;AACtC,IAAA,IAAA,CAAK,QAAA,GAAW,IAAIK,SAAAA,CAAU,SAAS,CAAA;AACvC,IAAA,OAAO,IAAA,CAAK,QAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,KAAK,YAAA,EAAyD;AAClE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,WAAA,EAAY;AACxC,IAAA,MAAM,EAAE,WAAU,GAAI,MAAM,KAAK,IAAA,CAAK,UAAA,CAAW,mBAAmB,WAAW,CAAA;AAC/E,IAAA,MAAMC,GAAAA,GAAK,IAAI,WAAA,EAAY;AAC3B,IAAAA,IAAG,QAAA,GAAW,QAAA;AACd,IAAAA,IAAG,eAAA,GAAkB,SAAA;AACrB,IAAAA,GAAAA,CAAG,GAAA,CAAI,GAAG,YAAY,CAAA;AAEtB,IAAA,MAAM,UAAA,GAAaA,GAAAA,CAChB,SAAA,CAAU,EAAE,oBAAA,EAAsB,KAAA,EAAO,gBAAA,EAAkB,KAAA,EAAO,CAAA,CAClE,QAAA,CAAS,QAAQ,CAAA;AAEpB,IAAA,MAAM,MAAM,MAAM,KAAA,CAAM,GAAG,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,iBAAA,CAAA,EAAqB;AAAA,MAC/D,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,MAAA,EAAQ,KAAK,IAAA,CAAK,KAAA;AAAA,QAClB,OAAA,EAAS,KAAK,IAAA,CAAK,OAAA;AAAA,QACnB,WAAA,EAAa;AAAA,OACd;AAAA,KACF,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,SAAS,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC9C,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,IAAI,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAE,CAAA;AAAA,IACtE;AACA,IAAA,MAAM,EAAE,SAAA,EAAU,GAAK,MAAM,IAAI,IAAA,EAAK;AACtC,IAAA,OAAO,SAAA;AAAA,EACT;AACF;AC7CA,IAAM,eAAA,GAAkB,mBAAA;AAGxB,IAAM,wBAAA,GAA2B,IAAA;AAEjC,IAAM,gBAAA,GAAmB,qBAAA;AAGzB,IAAM,UAAA,GAAa,EAAA;AAQZ,SAAS,oBAAA,GAA+B;AAC7C,EAAA,MAAM,KAAA,GAAQ,YAAY,UAAU,CAAA;AACpC,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,KAAA,MAAW,KAAK,KAAA,EAAO,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,CAAC,CAAC,CAAA;AAC7C,EAAA,OAAO,KAAA,CAAM,KAAK,GAAG,CAAA;AACvB;AAYO,SAAS,gBAAgB,IAAA,EAG9B;AACA,EAAA,MAAM,UAAA,GAAa,KAAK,IAAA,EAAK,CAAE,QAAQ,MAAA,EAAQ,GAAG,EAAE,WAAA,EAAY;AAChE,EAAA,IAAI,CAAC,UAAA,EAAY,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAI9D,EAAA,MAAM,SAAA,GAAY,MAAA;AAAA,IAChBN,MAAAA;AAAA,IACA,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,UAAU,CAAA;AAAA,IACnC,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,eAAe,CAAA;AAAA,IACxC,EAAE,CAAA,EAAG,wBAAA,EAA0B,KAAA,EAAO,EAAA;AAAG,GAC3C;AACA,EAAA,MAAM,OAAO,IAAA,CAAKA,MAAAA,EAAQ,SAAA,EAAW,MAAA,EAAW,kBAAkB,EAAE,CAAA;AAKpE,EAAA,MAAM,CAAA,GAAI,aAAA,CAAc,IAAI,CAAA,GAAIO,KAAK,KAAA,CAAM,CAAA;AAC3C,EAAA,IAAI,CAAA,KAAM,EAAA,EAAI,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAEvF,EAAA,MAAM,IAAA,GAAO,gBAAgB,CAAC,CAAA;AAI9B,EAAA,MAAM,GAAA,GAAMA,IAAAA,CAAK,YAAA,CAAa,IAAA,EAAM,KAAK,CAAA;AACzC,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,IAAA;AAAA,IACZ,WAAW,EAAE,CAAA,EAAG,aAAA,CAAc,GAAA,CAAI,SAAS,CAAA,EAAG,EAAE,CAAC,CAAA,EAAG,GAAG,aAAA,CAAc,GAAA,CAAI,SAAS,EAAA,EAAI,EAAE,CAAC,CAAA;AAAE,GAC7F;AACF;AASO,IAAM,YAAA,GAAN,MAAM,aAAA,CAAqC;AAAA,EAIhD,WAAA,CAAY,YAAwB,SAAA,EAA4B;AAC9D,IAAA,IAAA,CAAK,UAAA,GAAa,UAAA;AAClB,IAAA,IAAA,CAAK,cAAA,GAAiB,SAAA;AAAA,EACxB;AAAA;AAAA,EAGA,OAAO,SAAS,IAAA,EAA4B;AAC1C,IAAA,MAAM,EAAE,UAAA,EAAY,SAAA,EAAU,GAAI,gBAAgB,IAAI,CAAA;AACtD,IAAA,OAAO,IAAI,aAAA,CAAa,UAAA,EAAY,SAAS,CAAA;AAAA,EAC/C;AAAA,EAEA,MAAM,YAAA,GAAyC;AAC7C,IAAA,OAAO,IAAA,CAAK,cAAA;AAAA,EACd;AAAA,EAEA,MAAM,KAAK,MAAA,EAA8C;AAKvD,IAAA,MAAM,MAAA,GAASP,OAAO,MAAM,CAAA;AAC5B,IAAA,MAAM,GAAA,GAAMO,IAAAA,CAAK,IAAA,CAAK,MAAA,EAAQ,KAAK,UAAU,CAAA;AAC7C,IAAA,MAAM,OAAA,GAAU,eAAe,GAAA,CAAI,CAAA,EAAG,IAAI,CAAA,EAAG,MAAA,EAAQ,KAAK,cAAc,CAAA;AACxE,IAAA,OAAO,EAAE,CAAA,EAAG,GAAA,CAAI,GAAG,CAAA,EAAG,GAAA,CAAI,GAAG,OAAA,EAAQ;AAAA,EACvC;AACF;AAOA,IAAM,QAAA,GAAW;AAAA,EACf,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAC5D,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAC/D,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAChE,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EACjE,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAChE,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,SAAA;AAAA,EAAW,OAAA;AAAA,EACjE,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAC9D,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAC7D,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,MAAA;AAAA,EAAQ,SAAA;AAAA,EAAW,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAChE,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,MAAA;AAAA,EACnE,SAAA;AAAA,EAAW,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAClE,SAAA;AAAA,EAAW,OAAA;AAAA,EAAS,SAAA;AAAA,EAAW,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,MAAA;AAAA,EACrE,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,QAAA;AAAA,EAAU,UAAA;AAAA,EAAY,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,MAAA;AAAA,EAAQ,OAAA;AAAA,EACtE,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EACjE,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,SAAA;AAAA,EAAW,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,QAAA;AAAA,EACrE,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAC5D,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EACtE,OAAA;AAAA,EAAS,SAAA;AAAA,EAAW,UAAA;AAAA,EAAY,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,UAAA;AAAA,EAAY,SAAA;AAAA,EAAW,OAAA;AAAA,EAC1E,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,OAAA;AAAA,EAClE,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,SAAA;AAAA,EAAW,MAAA;AAAA,EAClE,MAAA;AAAA,EAAQ,QAAA;AAAA,EAAU,UAAA;AAAA,EAAY,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EACrE,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,UAAA;AAAA,EAAY,OAAA;AAAA,EAAS,OAAA;AAAA,EACtE,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,MAAA;AAAA,EAAQ,SAAA;AAAA,EAAW,UAAA;AAAA,EAAY,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,QAAA;AAAA,EACxE,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAClE,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,MAAA;AAAA,EACrE,UAAA;AAAA,EAAY,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,MAAA;AAAA,EAAQ,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EACrE,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,SAAA;AAAA,EAAW,QAAA;AAAA,EAAU,SAAA;AAAA,EACnE,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EACnE,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAC/D,OAAA;AAAA,EAAS,SAAA;AAAA,EAAW,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,OAAA;AAAA,EAChE,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAClE,MAAA;AAAA,EAAQ,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,OAAA;AAAA,EAAS,QAAA;AAAA,EAAU,KAAA;AAAA,EAAO,OAAA;AAAA,EAAS;AAChE,CAAA;AC7IO,SAAS,gBAAgB,KAAA,EAA2B;AACzD,EAAA,IAAI,GAAA,GAAM,EAAA;AACV,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,EAAO,GAAA,IAAO,MAAA,CAAO,aAAa,CAAC,CAAA;AACnD,EAAA,MAAM,GAAA,GAAM,OAAO,IAAA,KAAS,WAAA,GAAc,IAAA,CAAK,GAAG,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,QAAA,CAAS,QAAQ,CAAA;AAC1F,EAAA,OAAO,GAAA,CAAI,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,EAAE,CAAA;AACtE;AAGO,SAAS,QAAQ,GAAA,EAA2C;AAEjE,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,IAAI,IAAI,CAAA,EAAG,CAAA,KAAM,IAAM,MAAM,IAAI,MAAM,qCAAqC,CAAA;AAC5E,EAAA,IAAI,GAAA,CAAI,CAAC,CAAA,GAAI,GAAA,OAAW,CAAA,IAAK,GAAA,CAAI,CAAC,CAAA,GAAI,GAAA,CAAA;AAAA,OACjC,CAAA,IAAK,CAAA;AACV,EAAA,IAAI,IAAI,CAAA,EAAG,CAAA,KAAM,GAAM,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAC7E,EAAA,MAAM,IAAA,GAAO,IAAI,CAAA,EAAG,CAAA;AACpB,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,CAAI,SAAS,CAAA,EAAG,CAAA,GAAI,IAAI,CAAC,CAAA;AACjD,EAAA,CAAA,IAAK,IAAA;AACL,EAAA,IAAI,IAAI,CAAA,EAAG,CAAA,KAAM,GAAM,MAAM,IAAI,MAAM,sCAAsC,CAAA;AAC7E,EAAA,MAAM,IAAA,GAAO,IAAI,CAAA,EAAG,CAAA;AACpB,EAAA,MAAM,IAAI,aAAA,CAAc,GAAA,CAAI,SAAS,CAAA,EAAG,CAAA,GAAI,IAAI,CAAC,CAAA;AACjD,EAAA,OAAO,EAAE,GAAG,CAAA,EAAE;AAChB;AAKO,SAAS,gBAAgB,IAAA,EAAmC;AACjE,EAAA,MAAM,MAAM,IAAA,CAAK,WAAA,CAAY,CAAA,EAAM,IAAA,CAAK,SAAS,EAAE,CAAA;AACnD,EAAA,MAAM,KAAA,GAAQ,KAAK,MAAA,GAAS,EAAA;AAC5B,EAAA,MAAM,MAAA,GAAS,KAAK,KAAK,CAAA;AACzB,EAAA,IAAI,WAAW,CAAA,EAAM;AAEnB,IAAA,IAAI,GAAA,GAAM,CAAA,EAAG,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAC7E,IAAA,OAAO,EAAE,GAAG,aAAA,CAAc,IAAA,CAAK,SAAS,GAAA,GAAM,CAAA,EAAG,MAAM,EAAE,CAAC,GAAG,CAAA,EAAG,aAAA,CAAc,KAAK,QAAA,CAAS,GAAA,GAAM,IAAI,GAAA,GAAM,EAAE,CAAC,CAAA,EAAE;AAAA,EACnH;AACA,EAAA,OAAO;AAAA,IACL,CAAA,EAAG,cAAc,IAAA,CAAK,QAAA,CAAS,QAAQ,CAAA,EAAG,KAAA,GAAQ,EAAE,CAAC,CAAA;AAAA,IACrD,CAAA,EAAG,cAAc,IAAA,CAAK,QAAA,CAAS,QAAQ,EAAA,EAAI,KAAA,GAAQ,EAAE,CAAC;AAAA,GACxD;AACF;AAQO,SAAS,eAAe,MAAA,EAAkC;AAC/D,EAAA,MAAM,KAAA,GAAQ,OAAO,MAAA,CAAO,CAAC,GAAG,CAAA,KAAM,CAAA,GAAI,CAAA,CAAE,MAAA,EAAQ,CAAC,CAAA;AACrD,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,KAAK,CAAA;AAChC,EAAA,IAAI,CAAA,GAAI,CAAA;AACR,EAAA,KAAA,MAAW,KAAK,MAAA,EAAQ;AACtB,IAAA,GAAA,CAAI,GAAA,CAAI,GAAG,CAAC,CAAA;AACZ,IAAA,CAAA,IAAK,CAAA,CAAE,MAAA;AAAA,EACT;AACA,EAAA,OAAOP,OAAO,GAAG,CAAA;AACnB;AAGO,SAAS,cAAA,CAAe,mBAA+B,cAAA,EAAwC;AACpG,EAAA,MAAM,UAAA,GAAaA,OAAO,cAAc,CAAA;AACxC,EAAA,MAAM,MAAM,IAAI,UAAA,CAAW,iBAAA,CAAkB,MAAA,GAAS,WAAW,MAAM,CAAA;AACvE,EAAA,GAAA,CAAI,GAAA,CAAI,mBAAmB,CAAC,CAAA;AAC5B,EAAA,GAAA,CAAI,GAAA,CAAI,UAAA,EAAY,iBAAA,CAAkB,MAAM,CAAA;AAC5C,EAAA,OAAOA,OAAO,GAAG,CAAA;AACnB;AAMO,SAAS,0BAAA,CACd,CAAA,EACA,CAAA,EACA,MAAA,EACoD;AACpD,EAAA,MAAM,MAA0D,EAAC;AACjE,EAAA,KAAA,MAAW,GAAA,IAAO,CAAC,CAAA,EAAG,CAAC,CAAA,EAAY;AACjC,IAAA,IAAI;AACF,MAAA,MAAM,KAAA,GAAQ,IAAIO,IAAAA,CAAK,SAAA,CAAU,CAAA,EAAG,CAAC,CAAA,CAAE,cAAA,CAAe,GAAG,CAAA,CAAE,gBAAA,CAAiB,MAAM,EAAE,QAAA,EAAS;AAC7F,MAAA,GAAA,CAAI,IAAA,CAAK,EAAE,SAAA,EAAW,EAAE,GAAG,KAAA,CAAM,CAAA,EAAG,CAAA,EAAG,KAAA,CAAM,CAAA,EAAE,EAAG,OAAA,EAAS,GAAA,KAAQ,GAAG,CAAA;AAAA,IACxE,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AACA,EAAA,OAAO,GAAA;AACT;AAIO,SAAS,KAAK,CAAA,EAAmB;AACtC,EAAA,MAAM,CAAA,GAAIA,KAAK,KAAA,CAAM,CAAA;AACrB,EAAA,OAAO,CAAA,GAAI,CAAA,GAAI,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,CAAA;AAC9B;AAGO,SAAS,iBAAA,CAAkB,gBAA4B,YAAA,EAA8B;AAC1F,EAAA,MAAM,IAAA,GAAO,IAAI,WAAA,EAAY,CAAE,OAAO,cAAc,CAAA;AACpD,EAAA,MAAM,GAAA,GAAM,IAAA,CAAK,OAAA,CAAQ,YAAY,CAAA;AACrC,EAAA,IAAI,GAAA,GAAM,CAAA,EAAG,MAAM,IAAI,MAAM,qDAAqD,CAAA;AAElF,EAAA,OAAO,GAAA;AACT;ACnCO,IAAM,WAAA,GAAN,MAAM,YAAA,CAAY;AAAA,EAIf,WAAA,CACG,UACA,OAAA,EACA,MAAA,EACA,YACQ,OAAA,EACA,YAAA,EACA,SACA,QAAA,EACjB;AARS,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AACQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAVnB;AAAA,IAAA,IAAA,CAAS,KAAA,GAAQ,QAAA;AAAA,EAWd;AAAA,EAEH,IAAI,SAAA,GAA6B;AAC/B,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA,EAEA,aAAa,QAAQ,IAAA,EAAkD;AACrE,IAAA,MAAM,WAAW,IAAA,CAAK,QAAA,IAAa,MAAM,IAAA,CAAK,MAAM,YAAA,EAAa;AACjE,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAMlF,IAAA,IAAI,IAAA,CAAK,OAAA,KAAY,gBAAA,IAAoB,CAAC,KAAK,MAAA,EAAQ;AACrD,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OAEF;AAAA,IACF;AACA,IAAA,MAAM,UAAA,GAAa,IAAIC,UAAAA,CAAW,IAAA,CAAK,UAAU,eAAA,CAAgB,IAAA,CAAK,OAAO,CAAA,EAAG,WAAW,CAAA;AAE3F,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,GAChB,MAAM,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAE,IAC5D,MAAM,eAAA,CAAgB,YAAA,CAAa,EAAE,KAAA,EAAO,CAAA,EAAG,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAA,EAAI,CAAA;AACtF,IAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,YAAA,EAAa;AAE/C,IAAA,MAAM,OAAA,GAAU,IAAI,aAAA,CAAc,EAAE,WAAW,IAAA,CAAK,SAAA,EAAW,UAAA,EAAY,MAAA,EAAQ,CAAA;AACnF,IAAA,MAAM,WAAA,GAAc,wBAAwB,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAQ,OAAA,EAAS,IAAA,CAAK,OAAA,EAAS,CAAA;AAE9F,IAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,mBAAA;AACtC,IAAA,MAAM,WACJ,IAAA,CAAK,QAAA,KACJ,IAAA,CAAK,KAAA,GACF,IAAI,kBAAA,CAAmB,EAAE,OAAA,EAAS,UAAA,EAAY,OAAO,IAAA,CAAK,KAAA,EAAO,SAAS,IAAA,CAAK,OAAA,EAAS,CAAA,GACxF,eAAA,CAAA;AAIN,IAAA,MAAM,UACJ,IAAA,CAAK,OAAA,KACJ,KAAK,KAAA,GACF,IAAI,cAAc,EAAE,OAAA,EAAS,UAAA,EAAY,KAAA,EAAO,KAAK,KAAA,EAAO,OAAA,EAAS,KAAK,OAAA,EAAS,UAAA,EAAY,CAAA,GAC/F,MAAA,CAAA;AAKN,IAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,MAAA,CAAO,SAAS,MAAM,CAAA;AACtD,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,MAAMC,YAAW,MAAM,OAAA,CAAQ,kBAAA,CAAmB,QAAA,CAAS,SAAS,YAAY,CAAA;AAChF,MAAA,OAAO,IAAI,YAAA;AAAA,QACT,QAAA;AAAA,QACA,QAAA,CAAS,OAAA;AAAA,QACTA,YAAW,OAAA,GAAU,uBAAA;AAAA,QACrB,UAAA;AAAA,QACA,OAAA;AAAA,QACA,YAAA;AAAA,QACA,OAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACP;AAAA,IACF;AAEA,IAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,cAAA,CAAe,WAAA,EAAa,YAAY,CAAA;AAChE,IAAA,MAAM,QAAA,GAAY,MAAM,UAAA,CAAW,cAAA,CAAe,IAAIJ,SAAAA,CAAU,OAAO,CAAC,CAAA,KAAO,IAAA;AAE/E,IAAA,IAAI,CAAC,QAAA,EAAU;AAGb,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,WAAA,EAAY;AACxC,QAAA,MAAM,KAAK,OAAA,CAAQ,eAAA,CAAgB,aAAa,KAAA,CAAM,QAAA,IAAY,YAAY,CAAA;AAC9E,QAAA,MAAM,OAAA,CAAQ,IAAA,CAAK,CAAC,EAAE,CAAC,CAAA;AAAA,MACzB,CAAA,MAAA,IAAW,KAAK,QAAA,EAAU;AACxB,QAAA,MAAM,EAAA,GAAK,QAAQ,eAAA,CAAgB,WAAA,EAAa,KAAK,QAAA,CAAS,SAAA,CAAU,QAAA,EAAS,EAAG,YAAY,CAAA;AAChG,QAAA,MAAM,yBAAA,CAA0B,UAAA,EAAY,IAAIK,WAAAA,EAAY,CAAE,GAAA,CAAI,EAAE,CAAA,EAAG,CAAC,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA,MACxF,CAAA,MAAO;AACL,QAAA,MAAM,IAAI,MAAM,mFAAmF,CAAA;AAAA,MACrG;AAAA,IACF;AAEA,IAAA,MAAM,QAAA,CAAS,SAAS,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAQ,OAAA,EAAS,aAAA,EAAe,YAAA,EAAc,CAAA;AACzF,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,kBAAA,CAAmB,SAAS,YAAY,CAAA;AACvE,IAAA,OAAO,IAAI,YAAA;AAAA,MACT,QAAA;AAAA,MACA,OAAA;AAAA,MACA,WAAW,OAAA,GAAU,uBAAA;AAAA,MACrB,UAAA;AAAA,MACA,OAAA;AAAA,MACA,YAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,CAAK;AAAA,KACP;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,UAAU,MAAA,EAA0C;AACxD,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,cAAA,CAAe,IAAA,CAAK,SAAS,MAAM,CAAA;AAClE,IAAA,OAAO,IAAA,CAAK,KAAK,GAAG,CAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aAAA,CACJ,OAAA,EACA,MAAA,EACmE;AACnE,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA;AAC5C,IAAA,MAAM,EAAE,eAAA,EAAgB,GAAI,MAAM,IAAA,CAAK,WAAA,CAAY,SAAS,SAAS,CAAA;AACrE,IAAA,OAAO,EAAE,SAAA,EAAW,QAAA,CAAS,SAAA,EAAW,eAAA,EAAgB;AAAA,EAC1D;AAAA;AAAA;AAAA,EAIA,MAAM,YAAY,MAAA,EAAgE;AAChF,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,6DAA6D,CAAA;AAAA,IAC/E;AACA,IAAA,IAAI,MAAM,KAAK,OAAA,CAAQ,UAAA,CAAW,KAAK,OAAA,EAAS,MAAM,CAAA,EAAG,OAAO,EAAC;AACjE,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,gBAAA,CAAiB,IAAA,CAAK,SAAS,MAAM,CAAA;AACpE,IAAA,MAAM,eAAA,GAAkB,MAAM,IAAA,CAAK,IAAA,CAAK,GAAG,CAAA;AAC3C,IAAA,OAAO,EAAE,eAAA,EAAgB;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,6BAA6B,OAAA,EAAyC;AAC1E,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,yDAAyD,CAAA;AAAA,IAC3E;AACA,IAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,KAAK,wBAAA,EAAyB;AAC5D,IAAA,MAAM,MAAA,GAAS,CAAC,IAAI,CAAA;AACpB,IAAA,MAAM,YAAY,MAAM,OAAA,CAAQ,MAAA,CAAO,cAAA,CAAe,MAAM,CAAC,CAAA;AAC7D,IAAA,MAAM,EAAE,iBAAgB,GAAI,MAAM,KAAK,qBAAA,CAAsB,SAAA,EAAW,MAAA,EAAQ,CAAA,EAAG,KAAK,CAAA;AACxF,IAAA,OAAO,eAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,wBAAA,GAAyE;AAC7E,IAAA,MAAM,QAAQ,MAAM,IAAA,CAAK,OAAA,CAAQ,YAAA,CAAa,KAAK,OAAO,CAAA;AAC1D,IAAA,OAAO,EAAE,MAAM,IAAA,CAAK,OAAA,CAAQ,YAAY,IAAA,CAAK,YAAA,EAAc,KAAK,CAAA,EAAG,KAAA,EAAM;AAAA,EAC3E;AAAA;AAAA;AAAA,EAIA,MAAM,qBAAA,CACJ,SAAA,EACA,MAAA,EACA,WACA,MAAA,EACsC;AACtC,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,SAAA,CAAU,iBAAA,EAAmB,UAAU,cAAc,CAAA;AACnF,IAAA,MAAM,aAAa,0BAAA,CAA2B,SAAA,CAAU,CAAA,EAAG,SAAA,CAAU,GAAG,MAAM,CAAA;AAC9E,IAAA,IAAI,QAAA,GAAmC,IAAA;AACvC,IAAA,KAAA,MAAW,QAAQ,UAAA,EAAY;AAC7B,MAAA,IAAI,MAAM,KAAK,OAAA,CAAQ,UAAA,CAAW,KAAK,OAAA,EAAS,IAAA,CAAK,SAAS,CAAA,EAAG;AAC/D,QAAA,QAAA,GAAW,IAAA,CAAK,SAAA;AAChB,QAAA;AAAA,MACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,MAAM,uDAAuD,CAAA;AACtF,IAAA,MAAM,GAAA,GAAM,KAAK,OAAA,CAAQ,wBAAA;AAAA,MACvB,IAAA,CAAK,OAAA;AAAA,MAAS,IAAA,CAAK,YAAA;AAAA,MAAc,QAAA;AAAA,MAAU,MAAA;AAAA,MAAQ,SAAA;AAAA,MAAW;AAAA,KAChE;AACA,IAAA,OAAO,EAAE,eAAA,EAAiB,MAAM,IAAA,CAAK,IAAA,CAAK,GAAG,CAAA,EAAE;AAAA,EACjD;AAAA;AAAA,EAGA,MAAM,OAAA,CAAQ,MAAA,EAAgB,WAAA,EAAsC;AAClE,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,uEAAuE,CAAA;AAAA,IACzF;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,qBAAqB,IAAA,CAAK,OAAA,EAAS,aAAa,MAAM,CAAA;AACrF,IAAA,OAAO,IAAA,CAAK,KAAK,GAAG,CAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,oBAAoB,YAAA,EAAkD;AAC1E,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,uEAAuE,CAAA;AAAA,IACzF;AACA,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,QAAQ,YAAA,CAAa,IAAA,CAAK,SAAS,YAAY,CAAA;AACtE,IAAA,OAAO,IAAA,CAAK,KAAK,GAAG,CAAA;AAAA,EACtB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,cAAc,IAAA,EAA2C;AAC7D,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA,IACjF;AACA,IAAA,MAAM,EAAE,SAAA,EAAW,YAAA,EAAa,GAAI,gBAAgB,IAAI,CAAA;AAExD,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,QAAQ,kBAAA,CAAmB,IAAA,CAAK,SAAS,YAAY,CAAA;AAChF,IAAA,IAAI,SAAS,OAAO,MAAA;AACpB,IAAA,OAAO,IAAA,CAAK,UAAU,YAAY,CAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,aAAa,QAAQ,IAAA,EAAkD;AACrE,IAAA,IAAI,IAAA,CAAK,OAAA,KAAY,gBAAA,IAAoB,CAAC,KAAK,MAAA,EAAQ;AACrD,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OAEF;AAAA,IACF;AACA,IAAA,MAAM,UAAA,GAAa,IAAIF,UAAAA,CAAW,IAAA,CAAK,UAAU,eAAA,CAAgB,IAAA,CAAK,OAAO,CAAA,EAAG,WAAW,CAAA;AAG3F,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,GAChB,MAAM,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA,GACjE,MAAM,eAAA,CAAgB,YAAA,CAAa,EAAE,KAAA,EAAO,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAA,EAAI,CAAA;AAC3F,IAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,YAAA,EAAa;AAM/C,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA;AAC9C,IAAA,MAAM,aAAA,GAAgB,IAAI,aAAA,CAAc;AAAA,MACtC,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,UAAA;AAAA,MACA,MAAA,EAAQ;AAAA,KACT,CAAA;AAED,IAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,mBAAA;AACtC,IAAA,MAAM,WACJ,IAAA,CAAK,QAAA,KACJ,IAAA,CAAK,KAAA,GACF,IAAI,kBAAA,CAAmB,EAAE,OAAA,EAAS,UAAA,EAAY,OAAO,IAAA,CAAK,KAAA,EAAO,SAAS,IAAA,CAAK,OAAA,EAAS,CAAA,GACxF,eAAA,CAAA;AACN,IAAA,MAAM,WAAW,MAAM,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,SAAS,MAAM,CAAA;AAC3D,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,MAAM,0EAAqE,CAAA;AAAA,IACvF;AAEA,IAAA,MAAM,UACJ,IAAA,CAAK,OAAA,KACJ,KAAK,KAAA,GACF,IAAI,cAAc,EAAE,OAAA,EAAS,UAAA,EAAY,KAAA,EAAO,KAAK,KAAA,EAAO,OAAA,EAAS,KAAK,OAAA,EAAS,UAAA,EAAY,CAAA,GAC/F,MAAA,CAAA;AAIN,IAAA,MAAM,gBAAgB,MAAM,aAAA,CAAc,kBAAA,CAAmB,QAAA,CAAS,SAAS,YAAY,CAAA;AAC3F,IAAA,IAAI,CAAC,aAAA,EAAe;AAClB,MAAA,MAAM,MAAM,MAAM,aAAA,CAAc,cAAA,CAAe,QAAA,CAAS,SAAS,YAAY,CAAA;AAC7E,MAAA,IAAI,OAAA,EAAS;AACX,QAAA,MAAM,OAAA,CAAQ,KAAK,GAAG,CAAA;AAAA,MACxB,CAAA,MAAA,IAAW,KAAK,QAAA,EAAU;AACxB,QAAA,MAAM,yBAAA,CAA0B,UAAA,EAAY,IAAIE,WAAAA,EAAY,CAAE,GAAA,CAAI,GAAG,GAAG,CAAA,EAAG,CAAC,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA,MAC5F,CAAA,MAAO;AACL,QAAA,MAAM,IAAI,MAAM,kEAAkE,CAAA;AAAA,MACpF;AAAA,IACF;AAGA,IAAA,MAAM,OAAA,GAAU,IAAI,aAAA,CAAc,EAAE,WAAW,IAAA,CAAK,SAAA,EAAW,UAAA,EAAY,MAAA,EAAQ,CAAA;AACnF,IAAA,OAAO,IAAI,YAAA;AAAA,MACT,IAAA,CAAK,QAAA;AAAA,MACL,QAAA,CAAS,OAAA;AAAA,MACT,OAAA;AAAA,MACA,UAAA;AAAA,MACA,OAAA;AAAA,MACA,YAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,CAAK;AAAA,KACP;AAAA,EACF;AAAA,EAEA,MAAc,KAAK,GAAA,EAAgD;AAEjE,IAAA,IAAI,KAAK,OAAA,EAAS,OAAO,IAAA,CAAK,OAAA,CAAQ,KAAK,GAAG,CAAA;AAC9C,IAAA,IAAI,KAAK,QAAA,EAAU;AACjB,MAAA,OAAO,yBAAA,CAA0B,IAAA,CAAK,UAAA,EAAY,IAAIA,WAAAA,EAAY,CAAE,GAAA,CAAI,GAAG,GAAG,CAAA,EAAG,CAAC,IAAA,CAAK,QAAQ,CAAC,CAAA;AAAA,IAClG;AACA,IAAA,MAAM,IAAI,MAAM,sEAAsE,CAAA;AAAA,EACxF;AACF;AAEA,IAAM,eAAA,GAAkB,IAAI,sBAAA,EAAuB;;;ACla5C,IAAM,mBAAA,GAAsB;AAAA;AAAA;AAAA;AAAA,EAIjC,iBAAA,EAAmB,0DAAA;AAAA;AAAA;AAAA,EAGnB,iBAAA,EAAmB;AACrB;AAGO,IAAM,wBAAA,GAA2B;AAAA,EACtC,iBAAA,EAAmB,kEAAA;AAAA,EACnB,iBAAA,EAAmB;AACrB;AAEO,IAAM,gBAAA,GAAmB;AAAA,EAC9B,iBAAA,EAAmB;AAAA,IACjB,MAAA,EAAQ,qCAAA;AAAA,IACR,UAAA,EAAY;AAAA,GACd;AAAA,EACA,iBAAA,EAAmB;AAAA,IACjB,MAAA,EAAQ,gDAAA;AAAA,IACR,UAAA,EAAY;AAAA;AAEhB;AAMO,IAAM,aAAA,GAAgB;AAAA,EAC3B,iBAAA,EAAmB,0DAAA;AAAA,EACnB,iBAAA,EAAmB;AACrB;ACpBA,IAAMC,YAAAA,GACJ,mEAAA;AAwBK,IAAM,iBAAN,MAAqB;AAAA,EAS1B,YAAY,IAAA,EAA6B;AARzC,IAAA,IAAA,CAAS,KAAA,GAAQ,SAAA;AASf,IAAA,IAAA,CAAK,UAAU,IAAA,CAAK,OAAA;AACpB,IAAA,IAAA,CAAK,UAAA,GAAa,gBAAA,CAAiB,IAAA,CAAK,OAAO,CAAA,CAAE,UAAA;AACjD,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA,IAAU,gBAAA,CAAiB,IAAA,CAAK,OAAO,CAAA,CAAE,MAAA;AAC5D,IAAA,IAAA,CAAK,SAAA,GAAY,IAAA,CAAK,SAAA,IAAa,mBAAA,CAAoB,KAAK,OAAO,CAAA;AACnE,IAAA,IAAI,CAAC,KAAK,SAAA,EAAW;AACnB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,mDAAA,EAAsD,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAAA,IACtF;AACA,IAAA,IAAA,CAAK,SAAS,IAAA,CAAK,MAAA;AAAA,EACrB;AAAA,EAEA,MAAA,GAAqB;AACnB,IAAA,IAAI,CAAC,KAAK,OAAA,EAAS;AACjB,MAAA,IAAA,CAAK,OAAA,GAAU,IAAI,GAAA,CAAI,MAAA,CAAO,KAAK,MAAA,EAAQ;AAAA,QACzC,SAAA,EAAW,IAAA,CAAK,MAAA,CAAO,UAAA,CAAW,SAAS;AAAA,OAC5C,CAAA;AAAA,IACH;AACA,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA,EAEQ,SAAA,GAAoB;AAC1B,IAAA,OAAOT,MAAAA,CAAK,MAAA,CAAO,IAAA,CAAK,IAAA,CAAK,UAAU,CAAC,CAAA;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,cAAA,CAAe,aAAyB,aAAA,EAAwC;AAC9E,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,WAAA,CAAY,WAAA,EAAa,aAAa,CAAA;AACxD,IAAA,MAAM,QAAA,GAAW,IAAI,cAAA,CAAe,sBAAA;AAAA,MAClC,IAAI,IAAI,wBAAA,CAAyB;AAAA,QAC/B,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,QAC1B,kBAAA,EAAoB,IAAI,kBAAA,CAAmB,6BAAA;AAAA,UACzC,IAAI,IAAI,6BAAA,CAA8B;AAAA,YACpC,SAAS,IAAI,OAAA,CAAQ,IAAA,CAAK,SAAS,EAAE,WAAA,EAAY;AAAA,YACjD;AAAA,WACD;AAAA;AACH,OACD;AAAA,KACH;AACA,IAAA,OAAO,OAAO,cAAA,CAAeA,MAAAA,CAAK,QAAA,CAAS,KAAA,EAAO,CAAC,CAAA;AAAA,EACrD;AAAA;AAAA,EAGA,WAAA,CAAY,aAAyB,aAAA,EAAwC;AAC3E,IAAA,OAAOA,MAAAA,CAAK,MAAA,CAAO,MAAA,CAAO,CAAC,OAAO,IAAA,CAAK,WAAW,CAAA,EAAG,MAAA,CAAO,KAAK,UAAA,CAAW,aAAa,CAAC,CAAC,CAAC,CAAC,CAAA;AAAA,EAC/F;AAAA;AAAA,EAGA,WAAA,CAAY,aAAyB,aAAA,EAAkD;AACrF,IAAA,OAAO,UAAA,CAAW,IAAA,CAAK,SAAA,EAAW,QAAA,EAAU;AAAA,MAC1C,WAAW,WAAW,CAAA;AAAA,MACtB,UAAA,CAAW,UAAA,CAAW,aAAa,CAAC;AAAA,KACrC,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,cAAA,CAAe,gBAAwB,MAAA,EAA2C;AAChF,IAAA,OAAO,UAAA,CAAW,gBAAgB,YAAA,EAAc,CAAC,WAAW,UAAA,CAAW,MAAM,CAAC,CAAC,CAAC,CAAA;AAAA,EAClF;AAAA;AAAA,EAGA,iBAAA,CAAkB,gBAAwB,MAAA,EAA2C;AACnF,IAAA,OAAO,UAAA,CAAW,gBAAgB,eAAA,EAAiB,CAAC,WAAW,UAAA,CAAW,MAAM,CAAC,CAAC,CAAC,CAAA;AAAA,EACrF;AAAA;AAAA,EAGA,gBAAA,CAAiB,gBAAwB,OAAA,EAA4C;AACnF,IAAA,OAAO,UAAA,CAAW,gBAAgB,cAAA,EAAgB,CAAC,WAAW,UAAA,CAAW,OAAO,CAAC,CAAC,CAAC,CAAA;AAAA,EACrF;AAAA;AAAA,EAGA,mBAAA,CAAoB,gBAAwB,OAAA,EAA4C;AACtF,IAAA,OAAO,UAAA,CAAW,gBAAgB,iBAAA,EAAmB,CAAC,WAAW,UAAA,CAAW,OAAO,CAAC,CAAC,CAAC,CAAA;AAAA,EACxF;AAAA;AAAA;AAAA;AAAA,EAKA,WAAA,CAAY,WAA4B,KAAA,EAA2B;AACjE,IAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,EAAA,GAAK,CAAC,CAAA;AACjC,IAAA,GAAA,CAAI,GAAA,CAAI,UAAA,CAAW,SAAS,CAAA,EAAG,CAAC,CAAA;AAChC,IAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,CAAC,CAAA;AAC1B,IAAA,IAAI,CAAA,GAAI,KAAA;AACR,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK;AAC3B,MAAA,CAAA,CAAE,CAAC,CAAA,GAAI,MAAA,CAAO,CAAA,GAAI,KAAK,CAAA;AACvB,MAAA,CAAA,KAAM,EAAA;AAAA,IACR;AACA,IAAA,GAAA,CAAI,GAAA,CAAI,GAAG,EAAE,CAAA;AACb,IAAA,OAAOF,OAAO,GAAG,CAAA;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,yBACE,cAAA,EACA,SAAA,EACA,SACA,KAAA,EACA,MAAA,EACA,WACA,SAAA,EACkB;AAClB,IAAA,MAAM,GAAA,GAAMY,oBAAAA,CAAoB,EAAE,CAAA,EAAG,SAAA,CAAU,CAAA,EAAG,CAAA,EAAG,SAAA,CAAU,CAAkB,CAAC,CAAA;AAClF,IAAA,MAAM,WAAA,GAAc,GAAA,CAAI,KAAA,CAAM,MAAA,CAAO,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,UAAA,CAAW,CAAC,CAAC,CAAC,CAAA;AACrE,IAAA,OAAO,UAAA,CAAW,gBAAgB,wBAAA,EAA0B;AAAA,MAC1D,UAAA,CAAW,UAAA,CAAW,SAAS,CAAC,CAAA;AAAA,MAChC,UAAA,CAAW,UAAA,CAAW,OAAO,CAAC,CAAA;AAAA,MAC9B,aAAA,CAAc,KAAA,EAAO,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,MACpC,WAAA;AAAA,MACA,aAAA,CAAc,SAAA,EAAW,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,MACxC,UAAA,CAAW,UAAU,iBAAiB,CAAA;AAAA,MACtC,UAAA,CAAW,UAAU,cAAc,CAAA;AAAA,MACnC,cAAc,SAAA,CAAU,eAAA,EAAiB,EAAE,IAAA,EAAM,OAAO,CAAA;AAAA,MACxD,WAAW,GAAG;AAAA,KACf,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,UAAA,CACJ,cAAA,EACA,OAAA,EACA,UAAA,EACkB;AAClB,IAAA,IAAI,CAAE,MAAM,IAAA,CAAK,UAAA,CAAW,cAAc,GAAI,OAAO,KAAA;AACrD,IAAA,MAAM,EAAE,OAAA,EAAAC,QAAAA,EAAS,kBAAA,EAAAC,mBAAAA,EAAoB,UAAAC,SAAAA,EAAS,GAAI,MAAM,OAAO,sBAAsB,CAAA;AACrF,IAAA,MAAM,GAAA,GAAM,IAAIF,QAAAA,CAAQ,UAAA,EAAY,GAAG,CAAA;AACvC,IAAA,MAAM,EAAA,GAAK,UAAU,kBAAA,CAAmB;AAAA,MACtC,IAAA,EAAM,UAAA,CAAW,cAAA,EAAgB,aAAA,EAAe,CAAC,WAAW,UAAA,CAAW,OAAO,CAAC,CAAC,CAAC,CAAA;AAAA,MACjF,MAAM;AAAC,KACR,CAAA;AACD,IAAA,MAAMP,MAAK,IAAIQ,mBAAAA,CAAmB,KAAK,EAAE,GAAA,EAAKC,WAAU,iBAAA,EAAmB,IAAA,CAAK,UAAA,EAAY,EACzF,YAAA,CAAa,EAAE,EACf,UAAA,CAAW,EAAE,EACb,KAAA,EAAM;AACT,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,MAAA,EAAO,CAAE,oBAAoBT,GAAE,CAAA;AACtD,IAAA,IAAI,GAAA,CAAI,GAAA,CAAI,iBAAA,CAAkB,GAAG,CAAA,EAAG;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4CAAA,EAA+C,GAAA,CAAI,KAAK,CAAA,CAAE,CAAA;AAAA,IAC5E;AACA,IAAA,IAAI,CAAC,GAAA,CAAI,MAAA,EAAQ,MAAA,EAAQ,OAAO,KAAA;AAChC,IAAA,OAAO,aAAA,CAAc,GAAA,CAAI,MAAA,CAAO,MAAM,CAAA,KAAM,IAAA;AAAA,EAC9C;AAAA;AAAA,EAGA,MAAM,YAAA,CAAa,cAAA,EAAwB,UAAA,EAAqC;AAC9E,IAAA,IAAI,CAAE,MAAM,IAAA,CAAK,UAAA,CAAW,cAAc,GAAI,OAAO,EAAA;AACrD,IAAA,MAAM,EAAE,OAAA,EAAAO,QAAAA,EAAS,kBAAA,EAAAC,mBAAAA,EAAoB,UAAAC,SAAAA,EAAS,GAAI,MAAM,OAAO,sBAAsB,CAAA;AACrF,IAAA,MAAM,GAAA,GAAM,IAAIF,QAAAA,CAAQ,UAAA,EAAY,GAAG,CAAA;AACvC,IAAA,MAAM,EAAA,GAAK,UAAU,kBAAA,CAAmB;AAAA,MACtC,IAAA,EAAM,UAAA,CAAW,cAAA,EAAgB,eAAA,EAAiB,EAAE,CAAA;AAAA,MACpD,MAAM;AAAC,KACR,CAAA;AACD,IAAA,MAAMP,MAAK,IAAIQ,mBAAAA,CAAmB,KAAK,EAAE,GAAA,EAAKC,WAAU,iBAAA,EAAmB,IAAA,CAAK,UAAA,EAAY,EACzF,YAAA,CAAa,EAAE,EACf,UAAA,CAAW,EAAE,EACb,KAAA,EAAM;AACT,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,MAAA,EAAO,CAAE,oBAAoBT,GAAE,CAAA;AACtD,IAAA,IAAI,GAAA,CAAI,GAAA,CAAI,iBAAA,CAAkB,GAAG,CAAA,EAAG;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8CAAA,EAAiD,GAAA,CAAI,KAAK,CAAA,CAAE,CAAA;AAAA,IAC9E;AACA,IAAA,IAAI,CAAC,GAAA,CAAI,MAAA,EAAQ,MAAA,EAAQ,OAAO,EAAA;AAChC,IAAA,OAAO,MAAA,CAAO,aAAA,CAAc,GAAA,CAAI,MAAA,CAAO,MAAM,CAAC,CAAA;AAAA,EAChD;AAAA;AAAA,EAGA,aAAA,CACE,OAAA,EACA,cAAA,EACA,WAAA,EACA,MAAA,EACkB;AAClB,IAAA,OAAO,UAAA,CAAW,SAAS,UAAA,EAAY;AAAA,MACrC,IAAI,OAAA,CAAQ,cAAc,CAAA,CAAE,OAAA,EAAQ;AAAA,MACpC,IAAI,OAAA,CAAQ,WAAW,CAAA,CAAE,OAAA,EAAQ;AAAA,MACjC,aAAA,CAAc,MAAA,EAAQ,EAAE,IAAA,EAAM,QAAQ;AAAA,KACvC,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAA,CACJ,KAAA,EACA,gBAAA,EACwC;AACxC,IAAA,MAAM,SAAA,GAAY,KAAA,CAAM,WAAA,EAAY,CAAE,OAAA,EAAQ;AAC9C,IAAA,SAAA,CAAU,0BAA0B,gBAAgB,CAAA;AAEpD,IAAA,MAAM,QAAA,GAAW,IAAI,cAAA,CAAe,gCAAA;AAAA,MAClC,IAAI,IAAI,kCAAA,CAAmC;AAAA,QACzC,SAAA,EAAW,KAAK,SAAA,EAAU;AAAA,QAC1B,KAAA,EAAO,UAAU,KAAA,EAAM;AAAA,QACvB,yBAAA,EAA2B,gBAAA;AAAA,QAC3B,UAAA,EAAY,MAAM,cAAA;AAAe,OAClC;AAAA,KACH;AACA,IAAA,MAAM,OAAA,GAAUJ,MAAAA,CAAK,QAAA,CAAS,KAAA,EAAO,CAAA;AACrC,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,MAAA,CAAO,KAAK,IAAI,UAAA,CAAW,OAAO,CAAC,CAAA;AAC1D,IAAA,MAAM,MAAA,GAAS,MAAM,IAAA,CAAK,MAAA,CAAO,YAAA,EAAa;AAC9C,IAAA,SAAA,CAAU,SAAA,CAAU,oBAAA,CAAqB,MAAA,EAAQ,GAAG,CAAC,CAAA;AACrD,IAAA,OAAO,KAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,WAAA,CAAY,OAAA,EAAiB,OAAA,EAAiB,UAAA,EAAqC;AACvF,IAAA,IAAI,CAAE,MAAM,IAAA,CAAK,UAAA,CAAW,OAAO,GAAI,OAAO,EAAA;AAC9C,IAAA,MAAM,EAAE,OAAA,EAAAW,QAAAA,EAAS,kBAAA,EAAAC,mBAAAA,EAAoB,UAAAC,SAAAA,EAAS,GAAI,MAAM,OAAO,sBAAsB,CAAA;AACrF,IAAA,MAAM,GAAA,GAAM,IAAIF,QAAAA,CAAQ,UAAA,EAAY,GAAG,CAAA;AACvC,IAAA,MAAM,EAAA,GAAK,UAAU,kBAAA,CAAmB;AAAA,MACtC,IAAA,EAAM,UAAA,CAAW,OAAA,EAAS,SAAA,EAAW,CAAC,IAAI,OAAA,CAAQ,OAAO,CAAA,CAAE,OAAA,EAAS,CAAC,CAAA;AAAA,MACrE,MAAM;AAAC,KACR,CAAA;AACD,IAAA,MAAMP,MAAK,IAAIQ,mBAAAA,CAAmB,KAAK,EAAE,GAAA,EAAKC,WAAU,iBAAA,EAAmB,IAAA,CAAK,UAAA,EAAY,EACzF,YAAA,CAAa,EAAE,EACf,UAAA,CAAW,EAAE,EACb,KAAA,EAAM;AACT,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,MAAA,EAAO,CAAE,oBAAoBT,GAAE,CAAA;AACtD,IAAA,IAAI,GAAA,CAAI,IAAI,iBAAA,CAAkB,GAAG,KAAK,CAAC,GAAA,CAAI,MAAA,EAAQ,MAAA,EAAQ,OAAO,EAAA;AAClE,IAAA,OAAO,MAAA,CAAO,aAAA,CAAc,GAAA,CAAI,MAAA,CAAO,MAAM,CAA6B,CAAA;AAAA,EAC5E;AAAA;AAAA,EAGA,MAAM,WAAW,cAAA,EAA0C;AACzD,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,MAAA,EAAO,CAAE,eAAA;AAAA,QAC9B,cAAA;AAAA,QACA,GAAA,CAAI,MAAM,4BAAA,EAA6B;AAAA,QACvC,IAAI,UAAA,CAAW;AAAA,OACjB;AACA,MAAA,OAAO,CAAC,CAAC,GAAA;AAAA,IACX,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,KAAA;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,kBAAA,CACJ,cAAA,EACA,MAAA,EACA,UAAA,EACkB;AAClB,IAAA,IAAI,CAAE,MAAM,IAAA,CAAK,UAAA,CAAW,cAAc,GAAI,OAAO,KAAA;AACrD,IAAA,MAAM,EAAE,OAAA,EAAAO,QAAAA,EAAS,kBAAA,EAAAC,mBAAAA,EAAoB,UAAAC,SAAAA,EAAS,GAAI,MAAM,OAAO,sBAAsB,CAAA;AACrF,IAAA,MAAM,GAAA,GAAM,IAAIF,QAAAA,CAAQ,UAAA,EAAY,GAAG,CAAA;AACvC,IAAA,MAAM,EAAA,GAAK,UAAU,kBAAA,CAAmB;AAAA,MACtC,IAAA,EAAM,UAAA,CAAW,cAAA,EAAgB,eAAA,EAAiB,CAAC,WAAW,UAAA,CAAW,MAAM,CAAC,CAAC,CAAC,CAAA;AAAA,MAClF,MAAM;AAAC,KACR,CAAA;AACD,IAAA,MAAMP,MAAK,IAAIQ,mBAAAA,CAAmB,KAAK,EAAE,GAAA,EAAKC,WAAU,iBAAA,EAAmB,IAAA,CAAK,UAAA,EAAY,EACzF,YAAA,CAAa,EAAE,EACf,UAAA,CAAW,EAAE,EACb,KAAA,EAAM;AACT,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,MAAA,EAAO,CAAE,oBAAoBT,GAAE,CAAA;AACtD,IAAA,IAAI,GAAA,CAAI,GAAA,CAAI,iBAAA,CAAkB,GAAG,CAAA,EAAG;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8CAAA,EAAiD,GAAA,CAAI,KAAK,CAAA,CAAE,CAAA;AAAA,IAC9E;AACA,IAAA,IAAI,CAAC,GAAA,CAAI,MAAA,EAAQ,MAAA,EAAQ,OAAO,KAAA;AAChC,IAAA,OAAO,aAAA,CAAc,GAAA,CAAI,MAAA,CAAO,MAAM,CAAA,KAAM,IAAA;AAAA,EAC9C;AACF;AAGO,SAAS,WAAW,EAAA,EAAiC;AAC1D,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,EAAE,CAAA;AAC7B,EAAA,GAAA,CAAI,CAAC,CAAA,GAAI,CAAA;AACT,EAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgB,EAAA,CAAG,CAAC,GAAG,CAAC,CAAA;AAChC,EAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgB,EAAA,CAAG,CAAC,GAAG,EAAE,CAAA;AACjC,EAAA,OAAO,GAAA;AACT;AAGO,SAASM,qBAAoB,GAAA,EAAkC;AACpE,EAAA,MAAMR,KAAAA,GAAO,IAAI,CAAA,GAAIO,YAAAA,GAAc,KAAKA,YAAAA,GAAc,GAAA,CAAI,IAAI,GAAA,CAAI,CAAA;AAClE,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,EAAE,CAAA;AAC7B,EAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgB,GAAA,CAAI,CAAC,GAAG,CAAC,CAAA;AACjC,EAAA,GAAA,CAAI,GAAA,CAAI,eAAA,CAAgBP,KAAI,CAAA,EAAG,EAAE,CAAA;AACjC,EAAA,OAAO,GAAA;AACT;AAQO,SAAS,oBAAA,CACd,QACA,GAAA,EACW;AACX,EAAA,MAAM,OAAA,GAAU,aAAA;AAAA,IACd;AAAA,MACE,UAAA,EAAY,MAAA,CAAO,IAAA,CAAK,UAAA,CAAW,MAAM,CAAC,CAAA;AAAA,MAC1C,SAAA,EAAW,MAAA,CAAO,IAAA,CAAKQ,oBAAAA,CAAoB,GAAG,CAAC;AAAA,KACjD;AAAA,IACA,EAAE,IAAA,EAAM,EAAE,UAAA,EAAY,CAAC,QAAA,EAAU,OAAO,CAAA,EAAG,SAAA,EAAW,CAAC,QAAA,EAAU,OAAO,GAAE;AAAE,GAC9E;AACA,EAAA,OAAO,GAAA,CAAI,KAAA,CAAM,MAAA,CAAO,CAAC,OAAO,CAAC,CAAA;AACnC;AAEA,SAAS,UAAA,CAAW,UAAA,EAAoB,MAAA,EAAgB,IAAA,EAAqC;AAC3F,EAAA,OAAO,IAAI,YAAA,CAAa,8BAAA;AAAA,IACtB,IAAI,IAAI,kBAAA,CAAmB;AAAA,MACzB,eAAA,EAAiB,IAAI,OAAA,CAAQ,UAAU,EAAE,WAAA,EAAY;AAAA,MACrD,YAAA,EAAc,MAAA;AAAA,MACd;AAAA,KACD;AAAA,GACH;AACF;AAEA,SAAS,WAAW,KAAA,EAA8B;AAChD,EAAA,OAAO,IAAI,KAAA,CAAM,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,KAAK,CAAC,CAAA;AAC9C;;;ACtWO,IAAM,iBAAN,MAAqB;AAAA,EAG1B,YAA6B,IAAA,EAA6B;AAA7B,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAAA,EAA8B;AAAA;AAAA,EAG3D,MAAM,SAAA,GAA6B;AACjC,IAAA,IAAI,IAAA,CAAK,MAAA,EAAQ,OAAO,IAAA,CAAK,MAAA;AAC7B,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,CAAA,EAAG,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,2BAAA,EAA8B,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAC7F,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI,MAAM,IAAI,KAAA,CAAM,CAAA,2CAAA,EAA8C,GAAA,CAAI,MAAM,CAAA,CAAA,CAAG,CAAA;AACxF,IAAA,MAAM,EAAE,SAAA,EAAU,GAAK,MAAM,IAAI,IAAA,EAAK;AACtC,IAAA,IAAA,CAAK,MAAA,GAAS,SAAA;AACd,IAAA,OAAO,IAAA,CAAK,MAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,cAAA,EAAyC;AACpD,IAAA,MAAM,MAAM,MAAM,KAAA,CAAM,GAAG,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,kBAAA,CAAA,EAAsB;AAAA,MAChE,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,MAAA,EAAQ,KAAK,IAAA,CAAK,KAAA;AAAA,QAClB,OAAA,EAAS,KAAK,IAAA,CAAK,OAAA;AAAA,QACnB,WAAA,EAAa;AAAA,OACd;AAAA,KACF,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,SAAS,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC9C,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,2BAAA,EAA8B,IAAI,MAAM,CAAA,EAAA,EAAK,MAAM,CAAA,CAAE,CAAA;AAAA,IACvE;AACA,IAAA,MAAM,EAAE,IAAA,EAAAV,KAAAA,EAAK,GAAK,MAAM,IAAI,IAAA,EAAK;AACjC,IAAA,OAAOA,KAAAA;AAAA,EACT;AACF;ACkBO,IAAM,YAAA,GAAN,MAAM,aAAA,CAAa;AAAA,EAIhB,WAAA,CACG,UACA,OAAA,EACA,MAAA,EACA,SACQ,OAAA,EACA,YAAA,EACA,SACA,aAAA,EACjB;AARS,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AAVnB;AAAA,IAAA,IAAA,CAAS,KAAA,GAAQ,SAAA;AAAA,EAWd;AAAA,EAEH,IAAI,SAAA,GAA6B;AAC/B,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA,EAEA,aAAa,QAAQ,IAAA,EAAoD;AACvE,IAAA,MAAM,WAAW,IAAA,CAAK,QAAA,IAAa,MAAM,IAAA,CAAK,MAAM,YAAA,EAAa;AACjE,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,MAAM,oDAAoD,CAAA;AAEnF,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,GAChB,MAAM,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAE,IAC5D,MAAM,eAAA,CAAgB,YAAA,CAAa,EAAE,KAAA,EAAO,CAAA,EAAG,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAA,EAAI,CAAA;AACtF,IAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,YAAA,EAAa;AAE/C,IAAA,MAAM,OAAA,GAAU,IAAI,cAAA,CAAe;AAAA,MACjC,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB;AAAA,KACD,CAAA;AACD,IAAA,MAAM,WAAA,GAAc,yBAAyB,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAQ,OAAA,EAAS,IAAA,CAAK,OAAA,EAAS,CAAA;AAE/F,IAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,mBAAA;AACtC,IAAA,MAAM,WACJ,IAAA,CAAK,QAAA,KACJ,IAAA,CAAK,KAAA,GACF,IAAI,kBAAA,CAAmB,EAAE,OAAA,EAAS,UAAA,EAAY,OAAO,IAAA,CAAK,KAAA,EAAO,SAAS,IAAA,CAAK,OAAA,EAAS,CAAA,GACxFc,gBAAAA,CAAAA;AACN,IAAA,MAAM,UACJ,IAAA,CAAK,OAAA,KACJ,IAAA,CAAK,KAAA,GACF,IAAI,cAAA,CAAe,EAAE,OAAA,EAAS,UAAA,EAAY,OAAO,IAAA,CAAK,KAAA,EAAO,SAAS,IAAA,CAAK,OAAA,EAAS,CAAA,GACpF,MAAA,CAAA;AAEN,IAAA,MAAM,KAAA,GAAQ,CACZC,QAAAA,EACA,MAAA,KAEA,IAAI,aAAA,CAAa,QAAA,EAAUA,QAAAA,EAAS,MAAA,EAAQ,KAAK,OAAA,EAAS,OAAA,EAAS,YAAA,EAAc,OAAA,EAAS,KAAK,aAAa,CAAA;AAE9G,IAAA,MAAM,IAAA,GAAO,KAAA,CAAM,EAAA,EAAI,uBAAuB,CAAA;AAC9C,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,EAAc;AAK5C,IAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,MAAA,CAAO,SAAS,MAAM,CAAA;AACtD,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,MAAMR,YAAW,MAAM,OAAA,CAAQ,mBAAmB,QAAA,CAAS,OAAA,EAAS,cAAc,UAAU,CAAA;AAC5F,MAAA,OAAO,KAAA,CAAM,QAAA,CAAS,OAAA,EAASA,SAAAA,GAAW,UAAU,uBAAuB,CAAA;AAAA,IAC7E;AAEA,IAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,cAAA,CAAe,WAAA,EAAa,YAAY,CAAA;AAChE,IAAA,IAAI,CAAE,MAAM,OAAA,CAAQ,UAAA,CAAW,OAAO,CAAA,EAAI;AACxC,MAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,WAAA,CAAY,WAAA,EAAa,YAAY,CAAA;AAG1D,MAAA,MAAM,IAAA,CAAK,kBAAA,CAAmB,IAAA,EAAM,MAAS,CAAA;AAAA,IAC/C;AAEA,IAAA,MAAM,QAAA,CAAS,SAAS,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAQ,OAAA,EAAS,aAAA,EAAe,YAAA,EAAc,CAAA;AACzF,IAAA,MAAM,WAAW,MAAM,OAAA,CAAQ,kBAAA,CAAmB,OAAA,EAAS,cAAc,UAAU,CAAA;AACnF,IAAA,OAAO,KAAA,CAAM,OAAA,EAAS,QAAA,GAAW,OAAA,GAAU,uBAAuB,CAAA;AAAA,EACpE;AAAA;AAAA,EAGA,MAAM,UAAU,MAAA,EAA0C;AACxD,IAAA,MAAM,OAAO,IAAA,CAAK,OAAA,CAAQ,cAAA,CAAe,IAAA,CAAK,SAAS,MAAM,CAAA;AAC7D,IAAA,OAAO,IAAA,CAAK,kBAAA,CAAmB,IAAA,EAAM,IAAA,CAAK,OAAO,CAAA;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,aAAA,CACJ,OAAA,EACA,MAAA,EACmE;AACnE,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA;AAC5C,IAAA,MAAM,EAAE,eAAA,EAAgB,GAAI,MAAM,IAAA,CAAK,WAAA,CAAY,SAAS,SAAS,CAAA;AACrE,IAAA,OAAO,EAAE,SAAA,EAAW,QAAA,CAAS,SAAA,EAAW,eAAA,EAAgB;AAAA,EAC1D;AAAA;AAAA;AAAA,EAIA,MAAM,YAAY,MAAA,EAAgE;AAChF,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,8DAA8D,CAAA;AAAA,IAChF;AACA,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,EAAc;AAC5C,IAAA,IAAI,MAAM,IAAA,CAAK,OAAA,CAAQ,UAAA,CAAW,IAAA,CAAK,SAAS,MAAA,EAAQ,UAAU,CAAA,EAAG,OAAO,EAAC;AAC7E,IAAA,MAAM,OAAO,IAAA,CAAK,OAAA,CAAQ,gBAAA,CAAiB,IAAA,CAAK,SAAS,MAAM,CAAA;AAC/D,IAAA,MAAM,kBAAkB,MAAM,IAAA,CAAK,kBAAA,CAAmB,IAAA,EAAM,KAAK,OAAO,CAAA;AACxE,IAAA,OAAO,EAAE,eAAA,EAAgB;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,6BAA6B,OAAA,EAAyC;AAC1E,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAAA,IAC5E;AACA,IAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,KAAK,wBAAA,EAAyB;AAC5D,IAAA,MAAM,MAAA,GAAS,CAAC,IAAI,CAAA;AACpB,IAAA,MAAM,YAAY,MAAM,OAAA,CAAQ,MAAA,CAAO,cAAA,CAAe,MAAM,CAAC,CAAA;AAC7D,IAAA,MAAM,EAAE,iBAAgB,GAAI,MAAM,KAAK,qBAAA,CAAsB,SAAA,EAAW,MAAA,EAAQ,CAAA,EAAG,KAAK,CAAA;AACxF,IAAA,OAAO,eAAA;AAAA,EACT;AAAA;AAAA,EAGA,MAAM,wBAAA,GAAyE;AAC7E,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,EAAc;AAC5C,IAAA,MAAM,QAAQ,MAAM,IAAA,CAAK,QAAQ,YAAA,CAAa,IAAA,CAAK,SAAS,UAAU,CAAA;AACtE,IAAA,OAAO,EAAE,MAAM,IAAA,CAAK,OAAA,CAAQ,YAAY,IAAA,CAAK,YAAA,EAAc,KAAK,CAAA,EAAG,KAAA,EAAM;AAAA,EAC3E;AAAA;AAAA;AAAA,EAIA,MAAM,qBAAA,CACJ,SAAA,EACA,MAAA,EACA,WACA,KAAA,EACsC;AACtC,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,EAAc;AAC5C,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,SAAA,CAAU,iBAAA,EAAmB,UAAU,cAAc,CAAA;AACnF,IAAA,MAAM,aAAa,0BAAA,CAA2B,SAAA,CAAU,CAAA,EAAG,SAAA,CAAU,GAAG,MAAM,CAAA;AAC9E,IAAA,IAAI,QAAA,GAAmC,IAAA;AACvC,IAAA,KAAA,MAAW,QAAQ,UAAA,EAAY;AAC7B,MAAA,IAAI,MAAM,KAAK,OAAA,CAAQ,UAAA,CAAW,KAAK,OAAA,EAAS,IAAA,CAAK,SAAA,EAAW,UAAU,CAAA,EAAG;AAC3E,QAAA,QAAA,GAAW,IAAA,CAAK,SAAA;AAChB,QAAA;AAAA,MACF;AAAA,IACF;AACA,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,MAAM,wDAAwD,CAAA;AACvF,IAAA,MAAM,IAAA,GAAO,KAAK,OAAA,CAAQ,wBAAA;AAAA,MACxB,IAAA,CAAK,OAAA;AAAA,MAAS,IAAA,CAAK,YAAA;AAAA,MAAc,QAAA;AAAA,MAAU,KAAA;AAAA,MAAO,MAAA;AAAA,MAAQ,SAAA;AAAA,MAAW;AAAA,KACvE;AACA,IAAA,OAAO,EAAE,eAAA,EAAiB,MAAM,KAAK,kBAAA,CAAmB,IAAA,EAAM,MAAS,CAAA,EAAE;AAAA,EAC3E;AAAA;AAAA,EAGA,MAAM,OAAA,CAAQ,MAAA,EAAgB,WAAA,EAAsC;AAClE,IAAA,OAAO,KAAK,eAAA,CAAgB,aAAA,CAAc,KAAK,OAAO,CAAA,EAAG,QAAQ,WAAW,CAAA;AAAA,EAC9E;AAAA;AAAA,EAGA,MAAM,OAAA,CAAQ,OAAA,GAAkB,aAAA,CAAc,IAAA,CAAK,OAAO,CAAA,EAAoB;AAC5E,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,EAAc;AAC5C,IAAA,OAAO,KAAK,OAAA,CAAQ,WAAA,CAAY,OAAA,EAAS,IAAA,CAAK,SAAS,UAAU,CAAA;AAAA,EACnE;AAAA;AAAA,EAGA,MAAM,eAAA,CAAgB,OAAA,EAAiB,MAAA,EAAgB,WAAA,EAAsC;AAC3F,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,wEAAwE,CAAA;AAAA,IAC1F;AACA,IAAA,MAAM,IAAA,GAAO,KAAK,OAAA,CAAQ,aAAA,CAAc,SAAS,IAAA,CAAK,OAAA,EAAS,aAAa,MAAM,CAAA;AAClF,IAAA,OAAO,IAAA,CAAK,kBAAA,CAAmB,IAAA,EAAM,IAAA,CAAK,OAAO,CAAA;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,cAAc,IAAA,EAA2C;AAC7D,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,gEAAgE,CAAA;AAAA,IAClF;AACA,IAAA,MAAM,EAAE,SAAA,EAAW,YAAA,EAAa,GAAI,gBAAgB,IAAI,CAAA;AACxD,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,EAAc;AAC5C,IAAA,IAAI,MAAM,KAAK,OAAA,CAAQ,kBAAA,CAAmB,KAAK,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA,EAAG,OAAO,MAAA;AAC1F,IAAA,OAAO,IAAA,CAAK,UAAU,YAAY,CAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,QAAQ,IAAA,EAAoD;AACvE,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,GAChB,MAAM,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA,GACjE,MAAM,eAAA,CAAgB,YAAA,CAAa,EAAE,KAAA,EAAO,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAA,EAAI,CAAA;AAC3F,IAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,YAAA,EAAa;AAK/C,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA;AAC9C,IAAA,MAAM,aAAA,GAAgB,IAAI,cAAA,CAAe;AAAA,MACvC,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,MAAA,EAAQ;AAAA,KACT,CAAA;AAED,IAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,mBAAA;AACtC,IAAA,MAAM,WACJ,IAAA,CAAK,QAAA,KACJ,IAAA,CAAK,KAAA,GACF,IAAI,kBAAA,CAAmB,EAAE,OAAA,EAAS,UAAA,EAAY,OAAO,IAAA,CAAK,KAAA,EAAO,SAAS,IAAA,CAAK,OAAA,EAAS,CAAA,GACxFO,gBAAAA,CAAAA;AACN,IAAA,MAAM,WAAW,MAAM,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,SAAS,MAAM,CAAA;AAC3D,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,MAAM,2EAAsE,CAAA;AAAA,IACxF;AACA,IAAA,MAAM,UACJ,IAAA,CAAK,OAAA,KACJ,IAAA,CAAK,KAAA,GACF,IAAI,cAAA,CAAe,EAAE,OAAA,EAAS,UAAA,EAAY,OAAO,IAAA,CAAK,KAAA,EAAO,SAAS,IAAA,CAAK,OAAA,EAAS,CAAA,GACpF,MAAA,CAAA;AAGN,IAAA,MAAM,eAAe,IAAI,aAAA;AAAA,MACvB,IAAA,CAAK,QAAA;AAAA,MACL,QAAA,CAAS,OAAA;AAAA,MACT,OAAA;AAAA,MACA,IAAA,CAAK,OAAA;AAAA,MACL,aAAA;AAAA,MACA,YAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,CAAK;AAAA,KACP;AACA,IAAA,MAAM,UAAA,GAAa,MAAM,YAAA,CAAa,aAAA,EAAc;AACpD,IAAA,IAAI,CAAE,MAAM,aAAA,CAAc,kBAAA,CAAmB,SAAS,OAAA,EAAS,YAAA,EAAc,UAAU,CAAA,EAAI;AACzF,MAAA,MAAM,YAAA,CAAa,UAAU,YAAY,CAAA;AAAA,IAC3C;AAGA,IAAA,MAAM,OAAA,GAAU,IAAI,cAAA,CAAe;AAAA,MACjC,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB;AAAA,KACD,CAAA;AACD,IAAA,OAAO,IAAI,aAAA;AAAA,MACT,IAAA,CAAK,QAAA;AAAA,MACL,QAAA,CAAS,OAAA;AAAA,MACT,OAAA;AAAA,MACA,IAAA,CAAK,OAAA;AAAA,MACL,OAAA;AAAA,MACA,YAAA;AAAA,MACA,OAAA;AAAA,MACA,IAAA,CAAK;AAAA,KACP;AAAA,EACF;AAAA;AAAA,EAGA,MAAc,aAAA,GAAiC;AAC7C,IAAA,IAAI,IAAA,CAAK,OAAA,EAAS,OAAO,IAAA,CAAK,QAAQ,SAAA,EAAU;AAChD,IAAA,IAAI,IAAA,CAAK,aAAA,EAAe,OAAO,IAAA,CAAK,cAAc,SAAA,EAAU;AAC5D,IAAA,MAAM,IAAI,MAAM,6DAA6D,CAAA;AAAA,EAC/E;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,kBAAA,CACZ,IAAA,EACA,WAAA,EACiB;AACjB,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAO;AACnC,IAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,aAAA,EAAc;AAI5C,IAAA,MAAM,SAAA,GAAY,IAAI,OAAA,CAAQ,UAAA,EAAY,GAAG,CAAA;AAC7C,IAAA,MAAM,UAAA,GAAaE,UAAU,kBAAA,CAAmB,EAAE,MAAM,IAAA,EAAM,IAAI,CAAA;AAClE,IAAA,MAAM,KAAA,GAAQ,IAAI,kBAAA,CAAmB,SAAA,EAAW;AAAA,MAC9C,GAAA,EAAK,QAAA;AAAA,MACL,iBAAA,EAAmB,KAAK,OAAA,CAAQ;AAAA,KACjC,EACE,YAAA,CAAa,UAAU,EACvB,UAAA,CAAW,GAAG,EACd,KAAA,EAAM;AAET,IAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,mBAAA,CAAoB,KAAK,CAAA;AAClD,IAAA,IAAIC,GAAAA,CAAI,GAAA,CAAI,iBAAA,CAAkB,GAAG,CAAA,EAAG;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gCAAA,EAAmC,GAAA,CAAI,KAAK,CAAA,CAAE,CAAA;AAAA,IAChE;AAEA,IAAA,MAAM,UAAA,GAAA,CAAc,MAAM,MAAA,CAAO,eAAA,IAAmB,QAAA,GAAW,GAAA;AAC/D,IAAA,MAAM,OAAA,GAAU,GAAA,CAAI,MAAA,EAAQ,IAAA,IAAQ,EAAC;AACrC,IAAA,MAAM,aAA8C,EAAC;AACrD,IAAA,KAAA,MAAW,SAAS,OAAA,EAAS;AAC3B,MAAA,IAAI,WAAA,IAAe,sBAAA,CAAuB,KAAA,EAAO,WAAW,CAAA,EAAG;AAC7D,QAAA,UAAA,CAAW,KAAK,MAAM,IAAA,CAAK,QAAQ,aAAA,CAAc,KAAA,EAAO,UAAU,CAAC,CAAA;AAAA,MACrE,CAAA,MAAO;AACL,QAAA,UAAA,CAAW,KAAK,KAAK,CAAA;AAAA,MACvB;AAAA,IACF;AAIA,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,UAAA,CAAW,UAAU,CAAA;AAClD,IAAA,MAAM,UAAUD,SAAAA,CAAU,kBAAA,CAAmB,EAAE,IAAA,EAAM,IAAA,EAAM,YAAY,CAAA;AACvE,IAAA,MAAM,KAAA,GAAQ,IAAI,kBAAA,CAAmB,OAAA,EAAS;AAAA,MAC5C,GAAA,EAAK,QAAA;AAAA,MACL,iBAAA,EAAmB,KAAK,OAAA,CAAQ;AAAA,KACjC,EACE,YAAA,CAAa,OAAO,EACpB,UAAA,CAAW,GAAG,EACd,KAAA,EAAM;AAMT,IAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,mBAAA,CAAoB,KAAK,CAAA;AACtD,IAAA,IAAIC,GAAAA,CAAI,GAAA,CAAI,iBAAA,CAAkB,OAAO,CAAA,EAAG;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,OAAA,CAAQ,KAAK,CAAA,CAAE,CAAA;AAAA,IACzE;AACA,IAAA,MAAM,YAAYA,GAAAA,CAAI,mBAAA,CAAoB,KAAA,EAAO,OAAO,EAAE,KAAA,EAAM;AAGhE,IAAA,IAAI,KAAK,OAAA,EAAS;AAChB,MAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA;AAAA,IAC9C;AACA,IAAA,IAAI,KAAK,aAAA,EAAe;AACtB,MAAA,SAAA,CAAU,IAAA,CAAK,KAAK,aAAa,CAAA;AACjC,MAAA,OAAO,IAAA,CAAK,eAAe,SAAS,CAAA;AAAA,IACtC;AACA,IAAA,MAAM,IAAI,MAAM,+DAA+D,CAAA;AAAA,EACjF;AAAA;AAAA,EAGA,MAAc,eAAeb,GAAAA,EAAkC;AAC7D,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAO;AACnC,IAAA,MAAM,IAAA,GAAO,MAAM,MAAA,CAAO,eAAA,CAAgBA,GAAE,CAAA;AAC5C,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,CAAA,8BAAA,EAAiC,IAAA,CAAK,UAAU,IAAA,CAAK,WAAW,CAAC,CAAA,CAAE,CAAA;AAAA,IACrF;AACA,IAAA,MAAMJ,QAAO,IAAA,CAAK,IAAA;AAClB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,MAAA,MAAM,GAAA,GAAM,MAAM,MAAA,CAAO,cAAA,CAAeA,KAAI,CAAA;AAC5C,MAAA,IAAI,IAAI,MAAA,KAAWiB,GAAAA,CAAI,GAAA,CAAI,oBAAA,CAAqB,SAAS,OAAOjB,KAAAA;AAChE,MAAA,IAAI,GAAA,CAAI,MAAA,KAAWiB,GAAAA,CAAI,GAAA,CAAI,qBAAqB,MAAA,EAAQ;AACtD,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gBAAA,EAAmBjB,KAAI,CAAA,OAAA,CAAS,CAAA;AAAA,MAClD;AACA,MAAA,MAAM,IAAI,OAAA,CAAQ,CAAC,MAAM,UAAA,CAAW,CAAA,EAAG,GAAI,CAAC,CAAA;AAAA,IAC9C;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gBAAA,EAAmBA,KAAI,CAAA,sBAAA,CAAwB,CAAA;AAAA,EACjE;AACF;AAGA,SAAS,sBAAA,CAAuB,OAAsC,cAAA,EAAiC;AACrG,EAAA,MAAM,KAAA,GAAQ,MAAM,WAAA,EAAY;AAChC,EAAA,IAAI,MAAM,MAAA,EAAO,KAAMkB,IAAI,sBAAA,CAAuB,yBAAA,IAA6B,OAAO,KAAA;AACtF,EAAA,OAAOC,OAAAA,CAAQ,cAAc,KAAA,CAAM,OAAA,GAAU,OAAA,EAAS,CAAA,CAAE,QAAA,EAAS,KAAM,cAAA;AACzE;AAEA,IAAML,gBAAAA,GAAkB,IAAI,sBAAA,EAAuB;;;AC1bnD,SAASM,OAAM,CAAA,EAAmB;AAChC,EAAA,OAAO,IAAA,GAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA;AAC7B;AACA,SAASC,SAAQ,CAAA,EAAmB;AAClC,EAAA,OAAO,OAAO,CAAC,CAAA;AACjB;AAEA,SAAS,WAAA,GAAsB;AAC7B,EAAA,IAAI,OAAO,cAAc,WAAA,EAAa;AACpC,IAAA,OAAO,UAAU,SAAA,IAAa,cAAA;AAAA,EAChC;AACA,EAAA,OAAO,cAAA;AACT;AAQO,IAAM,qBAAN,MAAmD;AAAA,EACxD,YAA6B,IAAA,EAAiC;AAAjC,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAAA,EAAkC;AAAA,EAE/D,MAAM,sBAAsB,MAAA,EAMO;AACjC,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,IAAI,IAAI,sBAAA,EAAwB,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA,EAAG;AAAA,MAC1E,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,MAAA,EAAQ,KAAK,IAAA,CAAK,KAAA;AAAA,QAClB,gBAAgB,MAAA,CAAO,cAAA;AAAA,QACvB,SAAA,EAAWD,MAAAA,CAAM,MAAA,CAAO,SAAA,CAAU,CAAC,CAAA;AAAA,QACnC,SAAA,EAAWA,MAAAA,CAAM,MAAA,CAAO,SAAA,CAAU,CAAC,CAAA;AAAA,QACnC,YAAA,EAAc,MAAA,CAAO,WAAA,IAAe,WAAA,EAAY;AAAA,QAChD,GAAI,OAAO,KAAA,GAAQ,EAAE,OAAO,MAAA,CAAO,KAAA,KAAU;AAAC,OAC/C;AAAA,KACF,CAAA;AACD,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAI,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AACzC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8BAAA,EAAiC,IAAI,MAAM,CAAA,CAAA,EAAI,CAAC,CAAA,CAAE,CAAA;AAAA,IACpE;AACA,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,IAAA,OAAO,EAAE,SAAA,EAAW,IAAA,CAAK,UAAA,EAAW;AAAA,EACtC;AAAA,EAEA,MAAM,kBAAkB,SAAA,EAAyD;AAC/E,IAAA,MAAM,MAAM,IAAI,GAAA,CAAI,sBAAA,EAAwB,IAAA,CAAK,KAAK,OAAO,CAAA;AAC7D,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,IAAA,EAAM,SAAS,CAAA;AACpC,IAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,EAAK,EAAE,SAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB,EAAG,CAAA;AAChF,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AACtE,IAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,IAAA,IAAI,CAAC,IAAA,CAAK,KAAA,EAAO,OAAO,IAAA;AAExB,IAAA,MAAM,SAAS,IAAA,CAAK,MAAA;AACpB,IAAA,OAAO;AAAA,MACL,WAAW,IAAA,CAAK,UAAA;AAAA,MAChB,OAAO,IAAA,CAAK,MAAA;AAAA,MACZ,MAAA,EAAQ,EAAA;AAAA;AAAA,MACR,gBAAgB,IAAA,CAAK,cAAA;AAAA,MACrB,SAAA,EAAW,EAAE,CAAA,EAAGC,QAAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAG,CAAA,EAAGA,QAAAA,CAAQ,IAAA,CAAK,SAAS,CAAA,EAAE;AAAA,MACpE,WAAW,IAAA,CAAK,UAAA;AAAA,MAChB;AAAA,KACF;AAAA,EACF;AAAA,EAEA,MAAM,sBAAsB,MAAA,EAGV;AAChB,IAAA,MAAM,MAAM,MAAM,KAAA;AAAA,MAChB,IAAI,IAAI,CAAA,qBAAA,EAAwB,MAAA,CAAO,SAAS,CAAA,QAAA,CAAA,EAAY,IAAA,CAAK,KAAK,OAAO,CAAA;AAAA,MAC7E;AAAA,QACE,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,QAC9C,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,OAAA,EAAS,MAAA,CAAO,QAAQ;AAAA;AACjD,KACF;AACA,IAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,MAAA,MAAM,IAAI,MAAM,GAAA,CAAI,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AACzC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8BAAA,EAAiC,IAAI,MAAM,CAAA,CAAA,EAAI,CAAC,CAAA,CAAE,CAAA;AAAA,IACpE;AAAA,EACF;AACF;ACvDA,IAAM,YAAA,GAAoD;AAAA,EACxD,OAAA,EAAS,SAAA;AAAA,EACT,OAAA,EAAS;AACX,CAAA;AACA,IAAM,UAAA,GAAgD;AAAA,EACpD,OAAA,EAAS,gBAAA;AAAA,EACT,OAAA,EAAS;AACX,CAAA;AACA,IAAM,WAAA,GAAkD;AAAA,EACtD,OAAA,EAAS,iBAAA;AAAA,EACT,OAAA,EAAS;AACX,CAAA;AAgHO,IAAM,KAAA,GAAN,MAAM,MAAA,CAAM;AAAA,EAMT,YACG,QAAA,EACA,OAAA,EACA,QACA,OAAA,EACQ,OAAA,EACA,cAEA,SAAA,EACjB;AARS,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACQ,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AACA,IAAA,IAAA,CAAA,YAAA,GAAA,YAAA;AAEA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAZnB;AAAA,IAAA,IAAA,CAAS,KAAA,GAAQ,UAAA;AAEjB;AAAA,IAAA,IAAA,CAAA,gBAAA,GAAkC,IAAA;AAAA,EAW/B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYH,aAAa,QAAQ,IAAA,EAA4C;AAC/D,IAAA,IAAI,IAAA,CAAK,UAAU,QAAA,EAAU;AAC3B,MAAA,OAAO,YAAY,OAAA,CAAQ;AAAA,QACzB,OAAA,EAAS,UAAA,CAAW,IAAA,CAAK,OAAO,CAAA;AAAA,QAChC,GAAI,KAAK,IAAA,GAAO,EAAE,MAAM,IAAA,CAAK,IAAA,KAAS,EAAC;AAAA,QACvC,GAAI,KAAK,QAAA,GAAW,EAAE,UAAU,IAAA,CAAK,QAAA,KAAa,EAAC;AAAA,QACnD,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,GAAI,KAAK,KAAA,GAAQ,EAAE,OAAO,IAAA,CAAK,KAAA,KAAU,EAAC;AAAA,QAC1C,GAAI,KAAK,UAAA,GAAa,EAAE,YAAY,IAAA,CAAK,UAAA,KAAe,EAAC;AAAA,QACzD,GAAI,KAAK,QAAA,GAAW,EAAE,UAAU,IAAA,CAAK,QAAA,KAAa,EAAC;AAAA,QACnD,GAAI,KAAK,MAAA,GAAS,EAAE,QAAQ,IAAA,CAAK,MAAA,KAAW,EAAC;AAAA,QAC7C,GAAI,KAAK,SAAA,GAAY,EAAE,WAAW,IAAA,CAAK,SAAA,KAAc,EAAC;AAAA,QACtD,GAAI,KAAK,YAAA,GAAe,EAAE,cAAc,IAAA,CAAK,YAAA,KAAiB,EAAC;AAAA,QAC/D,GAAI,KAAK,OAAA,GAAU,EAAE,SAAS,IAAA,CAAK,OAAA,KAAY,EAAC;AAAA,QAChD,GAAI,KAAK,QAAA,GAAW,EAAE,UAAU,IAAA,CAAK,QAAA,KAAa;AAAC,OACpD,CAAA;AAAA,IACH;AACA,IAAA,IAAI,IAAA,CAAK,UAAU,SAAA,EAAW;AAC5B,MAAA,OAAO,aAAa,OAAA,CAAQ;AAAA,QAC1B,OAAA,EAAS,WAAA,CAAY,IAAA,CAAK,OAAO,CAAA;AAAA,QACjC,GAAI,KAAK,IAAA,GAAO,EAAE,MAAM,IAAA,CAAK,IAAA,KAAS,EAAC;AAAA,QACvC,GAAI,KAAK,QAAA,GAAW,EAAE,UAAU,IAAA,CAAK,QAAA,KAAa,EAAC;AAAA,QACnD,SAAS,IAAA,CAAK,OAAA;AAAA,QACd,GAAI,KAAK,KAAA,GAAQ,EAAE,OAAO,IAAA,CAAK,KAAA,KAAU,EAAC;AAAA,QAC1C,GAAI,KAAK,UAAA,GAAa,EAAE,YAAY,IAAA,CAAK,UAAA,KAAe,EAAC;AAAA,QACzD,GAAI,KAAK,QAAA,GAAW,EAAE,UAAU,IAAA,CAAK,QAAA,KAAa,EAAC;AAAA,QACnD,GAAI,KAAK,MAAA,GAAS,EAAE,QAAQ,IAAA,CAAK,MAAA,KAAW,EAAC;AAAA,QAC7C,GAAI,KAAK,SAAA,GAAY,EAAE,WAAW,IAAA,CAAK,SAAA,KAAc,EAAC;AAAA,QACtD,GAAI,KAAK,YAAA,GAAe,EAAE,cAAc,IAAA,CAAK,YAAA,KAAiB,EAAC;AAAA,QAC/D,GAAI,KAAK,cAAA,GAAiB,EAAE,SAAS,IAAA,CAAK,cAAA,KAAmB,EAAC;AAAA,QAC9D,GAAI,KAAK,oBAAA,GAAuB,EAAE,eAAe,IAAA,CAAK,oBAAA,KAAyB;AAAC,OACjF,CAAA;AAAA,IACH;AACA,IAAA,IAAI,CAAC,KAAK,eAAA,EAAiB;AACzB,MAAA,MAAM,IAAI,MAAM,6DAA6D,CAAA;AAAA,IAC/E;AACA,IAAA,OAAO,OAAM,eAAA,CAAgB;AAAA,MAC3B,OAAA,EAAS,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AAAA,MAClC,MAAM,IAAA,CAAK,IAAA;AAAA,MACX,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,SAAS,IAAA,CAAK,OAAA;AAAA,MACd,OAAO,IAAA,CAAK,KAAA;AAAA,MACZ,YAAY,IAAA,CAAK,UAAA;AAAA,MACjB,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,UAAU,IAAA,CAAK,QAAA;AAAA,MACf,iBAAiB,IAAA,CAAK,eAAA;AAAA,MACtB,cAAc,IAAA,CAAK,YAAA;AAAA,MACnB,QAAQ,IAAA,CAAK,MAAA;AAAA,MACb,WAAW,IAAA,CAAK,SAAA;AAAA,MAChB,cAAc,IAAA,CAAK;AAAA,KACpB,CAAA;AAAA,EACH;AAAA,EAEA,aAAqB,gBAAgB,IAAA,EAA8C;AACjF,IAAA,MAAM,WAAW,IAAA,CAAK,QAAA,IAAa,MAAM,IAAA,CAAK,MAAM,YAAA,EAAa;AACjE,IAAA,IAAI,CAAC,QAAA,EAAU,MAAM,IAAI,MAAM,4CAA4C,CAAA;AAE3E,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,SAAA,IAAa,yBAAA,CAA0B,KAAK,OAAO,CAAA;AAC1E,IAAA,IAAI,CAAC,WAAW,MAAM,IAAI,MAAM,CAAA,qCAAA,EAAwC,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA;AAEtF,IAAA,MAAM,QAAA,GAAW,IAAI,WAAA,CAAY;AAAA,MAC/B,SAAS,IAAA,CAAK,MAAA,IAAU,iBAAA,CAAkB,IAAA,CAAK,OAAO,CAAA,CAAE;AAAA,KACzD,CAAA;AACD,IAAA,MAAM,YAAA,GAAe,IAAA,CAAK,YAAA,IAAgB,mBAAA,CAAoB,KAAK,OAAO,CAAA;AAC1E,IAAA,MAAM,kBAAkB,EAAE,GAAA,EAAK,YAAA,EAAc,MAAA,EAAQ,KAAK,eAAA,EAAgB;AAC1E,IAAA,MAAM,SAAA,GAAY,IAAI,YAAA,CAAa;AAAA,MACjC,OAAA,EAAS,YAAA;AAAA,MACT,OAAA,EAAS,EAAE,qBAAA,EAAuB,IAAA,CAAK,eAAA;AAAgB,KACxD,CAAA;AAED,IAAA,MAAM,WAAA,GAAc,kBAAkB,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAQ,OAAA,EAAS,IAAA,CAAK,OAAA,EAAS,CAAA;AAGxF,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,GAChB,MAAM,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAE,IAC5D,MAAM,eAAA,CAAgB,YAAA,CAAa,EAAE,KAAA,EAAO,CAAA,EAAG,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAA,EAAI,CAAA;AACtF,IAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,YAAA,EAAa;AAE/C,IAAA,MAAM,UAAU,IAAI,eAAA,CAAgB,EAAE,SAAA,EAAW,MAAA,EAAQ,UAAU,CAAA;AACnE,IAAA,MAAM,WAAA,GAAc,CAACN,QAAAA,KACnB,IAAIJ,SAAAA,CAAQ;AAAA,MACV,QAAA;AAAA,MACA,OAAA,EAAAI,QAAAA;AAAA,MACA,MAAA,EAAQ,IAAI,oBAAA,CAAqB,MAAM,CAAA;AAAA,MACvC,SAAA;AAAA,MACA,YAAA,EAAc;AAAA,KACf,CAAA;AAKH,IAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,mBAAA;AACtC,IAAA,MAAM,WACJ,IAAA,CAAK,QAAA,KACJ,IAAA,CAAK,KAAA,GACF,IAAI,kBAAA,CAAmB,EAAE,OAAA,EAAS,UAAA,EAAY,OAAO,IAAA,CAAK,KAAA,EAAO,SAAS,IAAA,CAAK,OAAA,EAAS,CAAA,GACxFD,gBAAAA,CAAAA;AACN,IAAA,MAAM,QAAA,GACJ,IAAA,CAAK,QAAA,KAAa,IAAA,CAAK,QAAQ,IAAI,kBAAA,CAAmB,EAAE,OAAA,EAAS,UAAA,EAAY,KAAA,EAAO,IAAA,CAAK,KAAA,EAAO,CAAA,GAAI,IAAA,CAAA;AACtG,IAAA,MAAM,QAAA,GAAW,MAAM,QAAA,CAAS,MAAA,CAAO,SAAS,MAAM,CAAA;AAEtD,IAAA,IAAI,QAAA,EAAU;AACZ,MAAA,MAAMQ,QAAAA,GAAU,WAAA,CAAY,QAAA,CAAS,OAAO,CAAA;AAC5C,MAAA,MAAMf,YAAW,MAAM,OAAA,CAAQ,kBAAA,CAAmB,QAAA,CAAS,SAAS,YAAY,CAAA;AAChF,MAAA,MAAM,QAAQ,IAAI,MAAA;AAAA,QAChB,QAAA;AAAA,QACA,QAAA,CAAS,OAAA;AAAA,QACTA,YAAW,OAAA,GAAU,uBAAA;AAAA,QACrBe,QAAAA;AAAA,QACA,OAAA;AAAA,QACA,YAAA;AAAA,QACA;AAAA,OACF;AAWA,MAAA,IAAI,CAACf,aAAY,QAAA,EAAU;AACzB,QAAA,MAAM,KAAA,GAAQ,iBAAA,CAAkB,GAAA,CAAI,QAAA,CAAS,MAAM,CAAA;AACnD,QAAA,MAAM,QAAQ,KAAA,IAAS,IAAA,CAAK,GAAA,EAAI,GAAI,MAAM,WAAA,GAAc,uBAAA;AACxD,QAAA,IAAI;AACF,UAAA,IAAI,KAAA,EAAO;AACT,YAAA,KAAA,CAAM,mBAAmB,KAAA,CAAO,SAAA;AAAA,UAClC,CAAA,MAAO;AACL,YAAA,MAAM,EAAE,SAAA,EAAU,GAAI,MAAM,SAAS,qBAAA,CAAsB;AAAA,cACzD,QAAQ,QAAA,CAAS,MAAA;AAAA,cACjB,gBAAgB,QAAA,CAAS,OAAA;AAAA,cACzB,SAAA,EAAW,YAAA;AAAA,cACX,GAAI,SAAS,KAAA,GAAQ,EAAE,OAAO,QAAA,CAAS,KAAA,KAAU;AAAC,aACnD,CAAA;AACD,YAAA,KAAA,CAAM,gBAAA,GAAmB,SAAA;AACzB,YAAA,iBAAA,CAAkB,GAAA,CAAI,SAAS,MAAA,EAAQ,EAAE,WAAW,WAAA,EAAa,IAAA,CAAK,GAAA,EAAI,EAAG,CAAA;AAAA,UAC/E;AAAA,QACF,SAAS,CAAA,EAAG;AACV,UAAA,OAAA,CAAQ,IAAA,CAAK,yCAAyC,CAAC,CAAA;AAAA,QACzD;AAAA,MACF;AACA,MAAA,OAAO,KAAA;AAAA,IACT;AAOA,IAAA,MAAM,UAAU,OAAA,CAAQ,cAAA,CAAe,EAAE,WAAA,EAAa,aAAA,EAAe,cAAc,CAAA;AACnF,IAAA,MAAM,OAAA,GAAU,YAAY,OAAO,CAAA;AACnC,IAAA,MAAM,eAAA,GAAkB,MAAM,UAAA,CAAW,QAAA,EAAU,OAAO,CAAA;AAE1D,IAAA,IAAI,CAAC,eAAA,EAAiB;AACpB,MAAA,MAAM,cAAA,GAAiB;AAAA,QACrB,OAAA;AAAA,QACA,UAAA,EAAY,SAAA;AAAA,QACZ,IAAA,EAAMR,GAAAA,CAAI,KAAA,CAAM,WAAW,CAAA;AAAA,QAC3B,QAAA,EAAU,OAAA,CAAQ,mBAAA,CAAoB,WAAA,EAAa,YAAY,CAAA;AAAA,QAC/D,OAAA,EAAS;AAAA,OACX;AACA,MAAA,MAAM,SAAA,GAAY,MAAM,OAAA,CAAQ,2BAAA,CAA4B,EAAC,EAAG;AAAA,QAC9D,OAAA,EAAS,EAAE,IAAA,EAAM,WAAA,EAAY;AAAA,QAC7B;AAAA,OACD,CAAA;AAID,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,CAAS,kBAAA,CAAmB,SAAA,CAAU,gBAAgB,CAAA;AAAA,MAC9D,SAAS,CAAA,EAAG;AACV,QAAA,OAAA,CAAQ,IAAA,CAAK,uCAAuC,CAAC,CAAA;AAAA,MACvD;AAAA,IACF;AAOA,IAAA,MAAM,QAAA,CAAS,SAAS,EAAE,MAAA,EAAQ,SAAS,MAAA,EAAQ,OAAA,EAAS,aAAA,EAAe,YAAA,EAAc,CAAA;AACzF,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,OAAA,CAAQ,kBAAA,CAAmB,OAAA,EAAS,YAAY,CAAA;AAAA,IACnE,SAAS,CAAA,EAAG;AAGV,MAAA,OAAA,CAAQ,IAAA,CAAK,2CAA2C,CAAC,CAAA;AACzD,MAAA,QAAA,GAAW,CAAC,eAAA;AAAA,IACd;AAEA,IAAA,OAAO,IAAI,MAAA;AAAA,MACT,QAAA;AAAA,MACA,OAAA;AAAA,MACA,WAAW,OAAA,GAAU,uBAAA;AAAA,MACrB,OAAA;AAAA,MACA,OAAA;AAAA,MACA,YAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA;AAAA,EAGA,IAAI,SAAA,GAA6B;AAC/B,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA,EAGA,MAAM,QAAQ,KAAA,EAA0D;AACtE,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,gEAAgE,CAAA;AAAA,IAClF;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,OAAA,CAAQ,4BAA4B,KAAA,EAAiB;AAAA,MAC1E,OAAA,EAAS,EAAE,IAAA,EAAM,WAAA;AAAY,KAC9B,CAAA;AACD,IAAA,OAAO,EAAE,eAAA,EAAiB,GAAA,CAAI,gBAAA,EAAiB;AAAA,EACjD;AAAA;AAAA,EAGA,MAAM,UAAU,MAAA,EAA+D;AAC7E,IAAA,OAAO,IAAA,CAAK,OAAA,CAAQ,CAAC,IAAA,CAAK,OAAA,CAAQ,eAAe,IAAA,CAAK,OAAA,EAAS,MAAM,CAAC,CAAC,CAAA;AAAA,EACzE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,aAAA,CACJ,OAAA,EACA,MAAA,EACmE;AACnE,IAAA,MAAM,QAAA,GAAW,MAAM,OAAA,CAAQ,MAAA,CAAO,MAAM,CAAA;AAC5C,IAAA,MAAM,EAAE,eAAA,EAAgB,GAAI,MAAM,IAAA,CAAK,WAAA,CAAY,SAAS,SAAS,CAAA;AACrE,IAAA,OAAO,EAAE,SAAA,EAAW,QAAA,CAAS,SAAA,EAAW,eAAA,EAAgB;AAAA,EAC1D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,YAAY,MAAA,EAAgE;AAChF,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,sDAAsD,CAAA;AAAA,IACxE;AACA,IAAA,IAAI,MAAM,KAAK,OAAA,CAAQ,UAAA,CAAW,KAAK,OAAA,EAAS,MAAM,CAAA,EAAG,OAAO,EAAC;AACjE,IAAA,MAAM,EAAE,eAAA,EAAgB,GAAI,MAAM,KAAK,OAAA,CAAQ;AAAA,MAC7C,IAAA,CAAK,OAAA,CAAQ,gBAAA,CAAiB,IAAA,CAAK,SAAS,MAAM;AAAA,KACnD,CAAA;AACD,IAAA,OAAO,EAAE,eAAA,EAAgB;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,6BAA6B,IAAA,EAGM;AACvC,IAAA,IAAI,IAAA,CAAK,WAAW,OAAA,EAAS;AAC3B,MAAA,MAAM,IAAI,MAAM,kDAAkD,CAAA;AAAA,IACpE;AACA,IAAA,MAAM,EAAE,IAAA,EAAM,KAAA,EAAM,GAAI,MAAM,KAAK,wBAAA,EAAyB;AAC5D,IAAA,MAAM,MAAA,GAAS,CAAC,IAAI,CAAA;AACpB,IAAA,MAAM,YAAY,MAAM,IAAA,CAAK,QAAQ,MAAA,CAAO,cAAA,CAAe,MAAM,CAAC,CAAA;AAClE,IAAA,OAAO,KAAK,qBAAA,CAAsB,SAAA,EAAW,QAAQ,CAAA,EAAG,KAAA,EAAO,KAAK,MAAM,CAAA;AAAA,EAC5E;AAAA;AAAA;AAAA,EAIA,MAAM,wBAAA,GAAyE;AAC7E,IAAA,MAAM,QAAQ,MAAM,IAAA,CAAK,OAAA,CAAQ,eAAA,CAAgB,KAAK,OAAO,CAAA;AAC7D,IAAA,OAAO,EAAE,MAAM,IAAA,CAAK,OAAA,CAAQ,YAAY,IAAA,CAAK,YAAA,EAAc,KAAK,CAAA,EAAG,KAAA,EAAM;AAAA,EAC3E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAA,CACJ,SAAA,EACA,MAAA,EACA,SAAA,EACA,OACA,MAAA,EACsC;AACtC,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,SAAA,CAAU,iBAAA,EAAmB,UAAU,cAAc,CAAA;AACnF,IAAA,MAAM,aAAa,0BAAA,CAA2B,SAAA,CAAU,CAAA,EAAG,SAAA,CAAU,GAAG,MAAM,CAAA;AAC9E,IAAA,IAAI,OAAA,GAA0B,IAAA;AAC9B,IAAA,KAAA,MAAW,QAAQ,UAAA,EAAY;AAC7B,MAAA,IAAI,MAAM,KAAK,OAAA,CAAQ,UAAA,CAAW,KAAK,OAAA,EAAS,IAAA,CAAK,SAAS,CAAA,EAAG;AAC/D,QAAA,OAAA,GAAU,IAAA,CAAK,OAAA;AACf,QAAA;AAAA,MACF;AAAA,IACF;AACA,IAAA,IAAI,YAAY,IAAA,EAAM;AACpB,MAAA,MAAM,IAAI,MAAM,8DAA8D,CAAA;AAAA,IAChF;AACA,IAAA,MAAM,IAAA,GAAO,KAAK,OAAA,CAAQ,wBAAA;AAAA,MACxB,IAAA,CAAK,OAAA;AAAA,MAAS,IAAA,CAAK,YAAA;AAAA,MAAc,KAAA;AAAA,MAAO,MAAA;AAAA,MAAQ,SAAA;AAAA,MAAW,SAAA;AAAA,MAAW;AAAA,KACxE;AACA,IAAA,IAAI,MAAA,EAAQ,OAAO,MAAA,CAAO,IAAI,CAAA;AAC9B,IAAA,IAAI,CAAC,KAAK,SAAA,EAAW;AACnB,MAAA,MAAM,IAAI,MAAM,6FAAwF,CAAA;AAAA,IAC1G;AACA,IAAA,OAAO,sBAAA,CAAuB,IAAA,CAAK,SAAA,EAAW,IAAA,CAAK,SAAS,IAAI,CAAA;AAAA,EAClE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,cAAc,IAAA,EAAgE;AAClF,IAAA,MAAM,EAAE,SAAA,EAAW,YAAA,EAAa,GAAI,gBAAgB,IAAI,CAAA;AAExD,IAAA,MAAM,UAAU,MAAM,IAAA,CAAK,QAAQ,kBAAA,CAAmB,IAAA,CAAK,SAAS,YAAY,CAAA;AAChF,IAAA,IAAI,SAAS,OAAO,MAAA;AACpB,IAAA,OAAO,IAAA,CAAK,UAAU,YAAY,CAAA;AAAA,EACpC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,aAAa,QAAQ,IAAA,EAAuC;AAC1D,IAAA,MAAM,OAAA,GAAU,YAAA,CAAa,IAAA,CAAK,OAAO,CAAA;AACzC,IAAA,MAAM,SAAA,GAAY,IAAA,CAAK,SAAA,IAAa,yBAAA,CAA0B,OAAO,CAAA;AACrE,IAAA,IAAI,CAAC,SAAA,EAAW,MAAM,IAAI,KAAA,CAAM,CAAA,qCAAA,EAAwC,OAAO,CAAA,CAAE,CAAA;AAEjF,IAAA,MAAM,QAAA,GAAW,IAAI,WAAA,CAAY;AAAA,MAC/B,OAAA,EAAS,IAAA,CAAK,MAAA,IAAU,iBAAA,CAAkB,OAAO,CAAA,CAAE;AAAA,KACpD,CAAA;AACD,IAAA,MAAM,SAAA,GAAY,IAAI,YAAA,CAAa;AAAA,MACjC,OAAA,EAAS,IAAA,CAAK,YAAA,IAAgB,mBAAA,CAAoB,OAAO,CAAA;AAAA,MACzD,OAAA,EAAS,EAAE,qBAAA,EAAuB,IAAA,CAAK,eAAA;AAAgB,KACxD,CAAA;AAGD,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,YAAA,GAChB,MAAM,IAAA,CAAK,YAAA,CAAa,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAE,CAAA,GACjE,MAAM,eAAA,CAAgB,YAAA,CAAa,EAAE,KAAA,EAAO,CAAA,EAAG,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAA,CAAK,OAAO,CAAA,CAAA,EAAI,CAAA;AAC3F,IAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,YAAA,EAAa;AAI/C,IAAA,MAAM,MAAA,GAAS,YAAA,CAAa,QAAA,CAAS,IAAA,CAAK,IAAI,CAAA;AAC9C,IAAA,MAAM,aAAA,GAAgB,IAAI,eAAA,CAAgB,EAAE,WAAW,MAAA,EAAQ,MAAA,EAAQ,UAAU,CAAA;AAEjF,IAAA,MAAM,UAAA,GAAa,KAAK,UAAA,IAAc,mBAAA;AACtC,IAAA,MAAM,QAAA,GACJ,IAAA,CAAK,QAAA,KACJ,IAAA,CAAK,QACF,IAAI,kBAAA,CAAmB,EAAE,OAAA,EAAS,YAAY,KAAA,EAAO,IAAA,CAAK,KAAA,EAAO,OAAA,EAAS,CAAA,GAC1Ee,gBAAAA,CAAAA;AACN,IAAA,MAAM,WAAW,MAAM,QAAA,CAAS,MAAA,CAAO,IAAA,CAAK,SAAS,MAAM,CAAA;AAC3D,IAAA,IAAI,CAAC,QAAA,EAAU;AACb,MAAA,MAAM,IAAI,MAAM,mEAA8D,CAAA;AAAA,IAChF;AAGA,IAAA,MAAM,aAAA,GAAgB,IAAIH,SAAAA,CAAQ;AAAA,MAChC,QAAA;AAAA,MACA,SAAS,QAAA,CAAS,OAAA;AAAA,MAClB,MAAA,EAAQ,IAAI,oBAAA,CAAqB,MAAM,CAAA;AAAA,MACvC,SAAA;AAAA,MACA,YAAA,EAAc;AAAA,KACf,CAAA;AACD,IAAA,MAAM,gBAAgB,MAAM,aAAA,CAAc,kBAAA,CAAmB,QAAA,CAAS,SAAS,YAAY,CAAA;AAC3F,IAAA,IAAI,CAAC,aAAA,EAAe;AAClB,MAAA,MAAM,GAAA,GAAM,MAAM,aAAA,CAAc,2BAAA;AAAA,QAC9B,CAAC,aAAA,CAAc,cAAA,CAAe,QAAA,CAAS,OAAA,EAAS,YAAY,CAAC,CAAA;AAAA,QAC7D,EAAE,OAAA,EAAS,EAAE,IAAA,EAAM,aAAY;AAAE,OACnC;AACA,MAAA,IAAI;AACF,QAAA,MAAM,QAAA,CAAS,kBAAA,CAAmB,GAAA,CAAI,gBAAgB,CAAA;AAAA,MACxD,SAAS,CAAA,EAAG;AACV,QAAA,OAAA,CAAQ,IAAA,CAAK,oDAAoD,CAAC,CAAA;AAAA,MACpE;AAAA,IACF;AAGA,IAAA,MAAM,UAAU,IAAI,eAAA,CAAgB,EAAE,SAAA,EAAW,MAAA,EAAQ,UAAU,CAAA;AACnE,IAAA,MAAM,OAAA,GAAU,IAAIA,SAAAA,CAAQ;AAAA,MAC1B,QAAA;AAAA,MACA,SAAS,QAAA,CAAS,OAAA;AAAA,MAClB,MAAA,EAAQ,IAAI,oBAAA,CAAqB,MAAM,CAAA;AAAA,MACvC,SAAA;AAAA,MACA,YAAA,EAAc;AAAA,KACf,CAAA;AACD,IAAA,OAAO,IAAI,OAAM,IAAA,CAAK,QAAA,EAAU,SAAS,OAAA,EAAS,OAAA,EAAS,OAAA,EAAS,OAAA,EAAS,YAAY,CAAA;AAAA,EAC3F;AACF;AAOA,IAAMG,gBAAAA,GAAkB,IAAI,sBAAA,EAAuB;AAQnD,IAAM,uBAAA,GAA0B,IAAI,EAAA,GAAK,GAAA;AACzC,IAAM,iBAAA,uBAAwB,GAAA,EAAwD;AAGtF,eAAe,UAAA,CAAW,UAAuB,OAAA,EAAmC;AAClF,EAAA,IAAI;AACF,IAAA,MAAM,SAAA,GAAY,MAAM,QAAA,CAAS,cAAA,CAAe,OAAO,CAAA;AACvD,IAAA,OAAO,CAAC,CAAC,SAAA,IAAa,SAAA,KAAc,KAAA;AAAA,EACtC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAyBA,eAAsB,uBAAA,CACpB,SACA,OAAA,EACuD;AACvD,EAAA,MAAM,UAAU,OAAA,CAAQ,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,WAAW,uBAAuB,CAAA;AAC1E,EAAA,IAAI,OAAA,CAAQ,MAAA,KAAW,CAAA,EAAG,OAAO,EAAC;AAClC,EAAA,MAAM,KAAA,GAAQ,MAAM,OAAA,CAAQ,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,wBAAA,EAA0B,CAAC,CAAA;AAChF,EAAA,MAAM,SAAS,KAAA,CAAM,GAAA,CAAI,CAAC,CAAA,KAAM,EAAE,IAAI,CAAA;AAEtC,EAAA,MAAM,YAAY,MAAM,OAAA,CAAQ,MAAA,CAAO,cAAA,CAAe,MAAM,CAAC,CAAA;AAC7D,EAAA,MAAM,MAAoD,EAAC;AAC3D,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,IAAA,MAAM,EAAE,eAAA,EAAgB,GAAI,MAAM,OAAA,CAAQ,CAAC,CAAA,CAAE,qBAAA;AAAA,MAC3C,SAAA;AAAA,MAAW,MAAA;AAAA,MAAQ,CAAA;AAAA,MAAG,KAAA,CAAM,CAAC,CAAA,CAAE;AAAA,KACjC;AACA,IAAA,GAAA,CAAI,IAAA,CAAK,EAAE,KAAA,EAAO,OAAA,CAAQ,CAAC,CAAA,CAAE,KAAA,EAAO,iBAAiB,CAAA;AAAA,EACvD;AACA,EAAA,OAAO,GAAA;AACT;AAUA,eAAe,sBAAA,CACb,SAAA,EACA,WAAA,EACA,IAAA,EACsC;AACtC,EAAA,MAAM,IAAA,GAAO;AAAA,IACX,OAAA,EAAS,KAAA;AAAA,IACT,EAAA,EAAI,CAAA;AAAA,IACJ,MAAA,EAAQ,oCAAA;AAAA,IACR,MAAA,EAAQ;AAAA,MACN,WAAA,EAAa;AAAA,QACX,IAAA,EAAM,QAAA;AAAA,QACN,MAAA,EAAQ;AAAA,UACN,YAAA,EAAc,WAAA;AAAA,UACd,yBAAA,EAA2B;AAAA,YACzB,IAAI,IAAA,CAAK,eAAA;AAAA,YACT,QAAA,EAAUd,IAAAA,CAAK,mBAAA,CAAoB,IAAA,CAAK,UAAU,CAAA;AAAA,YAClD,QAAA,EAAU,KAAK,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,KAAMD,GAAAA,CAAI,KAAA,CAAM,CAAC,CAAC;AAAA;AACjD;AACF,OACF;AAAA,MACA,UAAA,EAAY,EAAE,OAAA,EAAS,KAAA,EAAO,UAAU,EAAE,IAAA,EAAM,aAAY;AAAE;AAChE,GACF;AACA,EAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,SAAA,CAAU,GAAA,EAAK;AAAA,IACrC,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAI,UAAU,MAAA,GAAS,EAAE,uBAAuB,SAAA,CAAU,MAAA,KAAW;AAAC,KACxE;AAAA,IACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,GAC1B,CAAA;AACD,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,KAAK,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,MAAM,CAAA,wCAAA,EAA2C,IAAA,CAAK,UAAU,IAAA,CAAK,KAAK,CAAC,CAAA,CAAE,CAAA;AAAA,EACzF;AACA,EAAA,OAAO,EAAE,eAAA,EAAiB,IAAA,CAAK,QAAQ,gBAAA,IAAoB,IAAA,CAAK,QAAQ,WAAA,EAAY;AACtF;ACtrBO,IAAM,YAAN,MAAwC;AAAA,EAM7C,WAAA,CAA6B,IAAA,GAAyB,EAAC,EAAG;AAA7B,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAH7B;AAAA,IAAA,IAAA,CAAQ,YAAA,GAA8B,IAAA;AACtC,IAAA,IAAA,CAAQ,IAAA,GAAwB,IAAA;AAG9B,IAAA,IAAA,CAAK,UAAA,GAAa,KAAK,UAAA,IAAc,mBAAA;AAAA,EACvC;AAAA;AAAA,EAGA,MAAM,kBAAkB,WAAA,EAAuC;AAC7D,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,QAAA,EAAU,WAAW,CAAA;AAAA,EAC5C;AAAA;AAAA,EAGA,MAAM,iBAAiB,WAAA,EAAuC;AAC5D,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,OAAA,EAAS,WAAW,CAAA;AAAA,EAC3C;AAAA,EAEA,MAAc,QAAA,CAAS,QAAA,EAA8B,WAAA,EAAuC;AAC1F,IAAA,IAAI,OAAO,MAAA,KAAW,WAAA,EAAa,MAAM,IAAI,MAAM,oCAAoC,CAAA;AACvF,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB;AAAA,MACjC,KAAA,EAAO,KAAK,UAAA,EAAW;AAAA,MACvB,YAAA,EAAc,WAAA,IAAe,MAAA,CAAO,QAAA,CAAS,IAAA;AAAA,MAC7C,GAAI,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,EAAE,QAAQ,IAAA,CAAK,IAAA,CAAK,KAAA,EAAM,GAAI;AAAC,KACtD,CAAA;AACD,IAAA,MAAM,EAAE,GAAA,EAAI,GAAI,MAAM,IAAA,CAAK,IAAI,CAAA,WAAA,EAAc,QAAQ,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,CAAA;AACjE,IAAA,OAAO,GAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,eAAe,gBAAA,EAA6C;AAChE,IAAA,MAAM,QAAA,GAAW,gBAAgB,gBAAgB,CAAA;AACjD,IAAA,OAAO,IAAA,CAAK,oBAAA,CAAqB,QAAA,EAAU,OAAO,CAAA;AAAA,EACpD;AAAA;AAAA,EAGA,MAAM,QAAQ,KAAA,EAA8B;AAC1C,IAAA,MAAM,IAAA,CAAK,KAAK,iCAAA,EAAmC;AAAA,MACjD,KAAA;AAAA,MACA,KAAA,EAAO,KAAK,UAAA,EAAW;AAAA,MACvB,GAAI,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,EAAE,QAAQ,IAAA,CAAK,IAAA,CAAK,KAAA,EAAM,GAAI;AAAC,KACtD,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,cAAc,KAAA,EAA8B;AAChD,IAAA,MAAM,IAAA,CAAK,KAAK,gCAAA,EAAkC;AAAA,MAChD,KAAA;AAAA,MACA,KAAA,EAAO,KAAK,UAAA,EAAW;AAAA,MACvB,GAAI,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,EAAE,QAAQ,IAAA,CAAK,IAAA,CAAK,KAAA,EAAM,GAAI,EAAC;AAAA,MACrD,GAAI,OAAO,MAAA,KAAW,WAAA,GAAc,EAAE,cAAc,MAAA,CAAO,QAAA,CAAS,IAAA,EAAK,GAAI;AAAC,KAC/E,CAAA;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,SAAA,CAAU,KAAA,EAAe,IAAA,EAAiC;AAC9D,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAK,gCAAA,EAAkC;AAAA,MAC5D,KAAA;AAAA,MACA,IAAA;AAAA,MACA,KAAA,EAAO,KAAK,YAAA,EAAa;AAAA,MACzB,GAAI,IAAA,CAAK,IAAA,CAAK,KAAA,GAAQ,EAAE,QAAQ,IAAA,CAAK,IAAA,CAAK,KAAA,EAAM,GAAI;AAAC,KACtD,CAAA;AACD,IAAA,OAAO,IAAA,CAAK,oBAAA,CAAqB,GAAA,CAAI,QAAA,IAAY,GAAA,CAAI,GAAA,IAAO,GAAA,CAAI,KAAA,IAAS,IAAA,CAAK,SAAA,CAAU,GAAG,CAAA,EAAG,OAAO,KAAK,CAAA;AAAA,EAC5G;AAAA;AAAA,EAGA,MAAM,YAAA,GAAkC;AACtC,IAAA,IAAI,CAAC,IAAA,CAAK,IAAA,EAAM,MAAM,IAAI,MAAM,yDAAoD,CAAA;AACpF,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAc,oBAAA,CACZ,QAAA,EACA,QAAA,EACA,aAAA,EACmB;AACnB,IAAA,IAAI,KAAA,GAAQ,QAAA;AACZ,IAAA,IAAI;AACF,MAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,QAAQ,CAAA;AAClC,MAAA,KAAA,GAAQ,MAAA,CAAO,QAAA,IAAY,MAAA,CAAO,GAAA,IAAO,OAAO,KAAA,IAAS,QAAA;AAAA,IAC3D,CAAA,CAAA,MAAQ;AAAA,IAER;AACA,IAAA,MAAM,MAAA,GAAS,SAAS,KAAK,CAAA;AAC7B,IAAA,OAAO,KAAK,QAAA,CAAS;AAAA,MACnB,QAAQ,MAAA,CAAO,MAAA,CAAO,OAAO,MAAA,CAAO,OAAA,IAAW,OAAO,GAAG,CAAA;AAAA,MACzD,KAAA,EAAO,OAAO,KAAA,IAAS,aAAA;AAAA,MACvB,QAAA,EAAU,MAAA,CAAO,QAAA,EAAU,gBAAA,IAAoB,OAAO,QAAA,IAAY;AAAA,KACnE,CAAA;AAAA,EACH;AAAA;AAAA,EAGQ,UAAA,GAAqB;AAG3B,IAAA,MAAM,QAAQ,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,EAAE,CAAC,CAAA;AACvD,IAAA,MAAM,IAAIC,IAAAA,CAAK,6BAAA,CAA8B,CAAC,aAAA,CAAc,KAAK,CAAC,CAAC,CAAA;AACnE,IAAA,IAAA,CAAK,YAAA,GAAeD,GAAAA,CAAI,KAAA,CAAM,CAAC,CAAA;AAC/B,IAAA,OAAO,IAAA,CAAK,YAAA;AAAA,EACd;AAAA;AAAA,EAGQ,YAAA,GAAuB;AAC7B,IAAA,IAAI,CAAC,IAAA,CAAK,YAAA,EAAc,OAAO,KAAK,UAAA,EAAW;AAC/C,IAAA,MAAM,IAAI,IAAA,CAAK,YAAA;AACf,IAAA,IAAA,CAAK,YAAA,GAAe,IAAA;AACpB,IAAA,OAAO,CAAA;AAAA,EACT;AAAA,EAEQ,SAAS,EAAA,EAAwB;AACvC,IAAA,IAAA,CAAK,IAAA,GAAO,EAAA;AACZ,IAAA,OAAO,EAAA;AAAA,EACT;AAAA,EAEA,MAAc,IAAI,IAAA,EAA4B;AAC5C,IAAA,MAAM,CAAA,GAAI,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,UAAU,CAAA,EAAG,IAAI,CAAA,CAAE,CAAA;AACjD,IAAA,IAAI,CAAC,CAAA,CAAE,EAAA,EAAI,MAAM,IAAI,MAAM,CAAA,UAAA,EAAa,IAAI,CAAA,IAAA,EAAO,CAAA,CAAE,MAAM,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,IAAA,EAAM,CAAA,CAAE,CAAA;AAC/E,IAAA,OAAO,EAAE,IAAA,EAAK;AAAA,EAChB;AAAA,EAEA,MAAc,IAAA,CAAK,IAAA,EAAc,IAAA,EAA6B;AAC5D,IAAA,MAAM,CAAA,GAAI,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,UAAU,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,MACjD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KAC1B,CAAA;AACD,IAAA,IAAI,CAAC,CAAA,CAAE,EAAA,EAAI,MAAM,IAAI,MAAM,CAAA,UAAA,EAAa,IAAI,CAAA,IAAA,EAAO,CAAA,CAAE,MAAM,CAAA,CAAA,EAAI,MAAM,CAAA,CAAE,IAAA,EAAM,CAAA,CAAE,CAAA;AAC/E,IAAA,OAAO,EAAE,IAAA,EAAK;AAAA,EAChB;AACF;AAGA,SAAS,gBAAgB,KAAA,EAAuB;AAC9C,EAAA,IAAI,MAAM,QAAA,CAAS,YAAY,KAAK,KAAA,CAAM,QAAA,CAAS,eAAe,CAAA,EAAG;AACnE,IAAA,MAAM,MAAA,GAAS,IAAI,eAAA,CAAgB,KAAA,CAAM,UAAA,CAAW,GAAG,CAAA,GAAI,KAAA,GAAQ,CAAA,CAAA,EAAI,KAAK,CAAA,CAAE,CAAA;AAC9E,IAAA,OAAO,OAAO,GAAA,CAAI,WAAW,KAAK,MAAA,CAAO,GAAA,CAAI,cAAc,CAAA,IAAK,KAAA;AAAA,EAClE;AACA,EAAA,OAAO,KAAA;AACT;AAGA,SAAS,SAAS,GAAA,EAAkB;AAClC,EAAA,MAAM,IAAA,GAAO,GAAA,CAAI,KAAA,CAAM,GAAG,EAAE,CAAC,CAAA;AAC7B,EAAA,IAAI,CAAC,IAAA,EAAM,MAAM,IAAI,MAAM,yBAAyB,CAAA;AACpD,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,IAAA,CAAK,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CAAE,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAC,CAAA;AAC5D,EAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AACxB;AAGA,SAAS,cAAc,KAAA,EAA2B;AAChD,EAAA,IAAI,CAAA,GAAI,EAAA;AACR,EAAA,KAAA,MAAW,CAAA,IAAK,KAAA,CAAM,QAAA,CAAS,CAAA,EAAG,EAAE,GAAG,CAAA,GAAK,CAAA,IAAK,EAAA,GAAM,MAAA,CAAO,CAAC,CAAA;AAC/D,EAAA,OAAO,CAAA;AACT","file":"chunk-BNGLH3Q3.mjs","sourcesContent":["/**\n * Low-level encoding helpers shared across the kit.\n */\n\nconst U128_MASK = (1n << 128n) - 1n;\n\n/** Split a u256 into the `[low, high]` felt pair Cairo expects. */\nexport function u256ToFelts(value: bigint): [bigint, bigint] {\n return [value & U128_MASK, value >> 128n];\n}\n\n/** Big-endian bytes -> bigint. */\nexport function bytesToBigInt(bytes: Uint8Array): bigint {\n let out = 0n;\n for (const b of bytes) out = (out << 8n) | BigInt(b);\n return out;\n}\n\nexport function bytesToHex(bytes: Uint8Array): string {\n let s = \"0x\";\n for (const b of bytes) s += b.toString(16).padStart(2, \"0\");\n return s;\n}\n\nexport function hexToBytes(hex: string): Uint8Array {\n const clean = hex.startsWith(\"0x\") ? hex.slice(2) : hex;\n const padded = clean.length % 2 ? \"0\" + clean : clean;\n const out = new Uint8Array(padded.length / 2);\n for (let i = 0; i < out.length; i++) out[i] = parseInt(padded.slice(i * 2, i * 2 + 2), 16);\n return out;\n}\n\n/**\n * Serialize raw bytes into the calldata a Cairo `ByteArray` deserializes from:\n * [ num_full_words, ...full_words(31 bytes each), pending_word, pending_len ]\n * Each full word is 31 big-endian bytes; the pending word holds the trailing\n * `< 31` bytes. Used to pass `authenticator_data` / `client_data_json` to the\n * passkey-approval entrypoint.\n */\nexport function bytesToByteArrayCalldata(bytes: Uint8Array): string[] {\n const CHUNK = 31;\n const fullCount = Math.floor(bytes.length / CHUNK);\n const out: string[] = [String(fullCount)];\n for (let i = 0; i < fullCount; i++) {\n out.push(\"0x\" + bytesToBigInt(bytes.subarray(i * CHUNK, i * CHUNK + CHUNK)).toString(16));\n }\n const rem = bytes.subarray(fullCount * CHUNK);\n out.push(\"0x\" + (rem.length ? bytesToBigInt(rem).toString(16) : \"0\"));\n out.push(String(rem.length));\n return out;\n}\n\n/** A felt/bigint -> 32-byte big-endian Uint8Array (the tx-hash width). */\nexport function bigIntTo32Bytes(value: bigint): Uint8Array {\n const out = new Uint8Array(32);\n let v = value;\n for (let i = 31; i >= 0; i--) {\n out[i] = Number(v & 0xffn);\n v >>= 8n;\n }\n return out;\n}\n","/**\n * secp256r1 signature helpers for silent device signers.\n */\nimport { p256 } from \"@noble/curves/p256\";\nimport type { DevicePublicKey, DeviceSignature } from \"../signer/DeviceSigner\";\nimport { u256ToFelts } from \"./encoding\";\n\n/**\n * Serialize a device signature to the felt array for `tx_info.signature`:\n * [ r_low, r_high, s_low, s_high, y_parity ]\n * exactly what DeviceAccount.__validate__ decodes.\n */\nexport function signatureToFelts(sig: DeviceSignature): bigint[] {\n const [rLow, rHigh] = u256ToFelts(sig.r);\n const [sLow, sHigh] = u256ToFelts(sig.s);\n return [rLow, rHigh, sLow, sHigh, sig.yParity ? 1n : 0n];\n}\n\n/**\n * Recover the parity bit of an (r, s) signature over `digest` for a known\n * pubkey. WebCrypto/Secure Enclave don't return a recovery id, so we derive it\n * by trying both candidates and matching the device's public key.\n */\nexport function recoverYParity(\n r: bigint,\n s: bigint,\n digest: Uint8Array,\n pubkey: DevicePublicKey,\n): boolean {\n for (const bit of [0, 1] as const) {\n try {\n const candidate = new p256.Signature(r, s).addRecoveryBit(bit);\n const point = candidate.recoverPublicKey(digest).toAffine();\n if (point.x === pubkey.x && point.y === pubkey.y) {\n return bit === 1;\n }\n } catch {\n // try the other bit\n }\n }\n throw new Error(\"kit/signature: could not recover parity for the given pubkey\");\n}\n","import { sha256 } from \"@noble/hashes/sha256\";\nimport type { DeviceSigner, DevicePublicKey, DeviceSignature } from \"./DeviceSigner\";\nimport { bytesToBigInt } from \"../crypto/encoding\";\nimport { recoverYParity } from \"../crypto/signature\";\n\nconst IDB_NAME = \"cavos-kit\";\nconst IDB_STORE = \"device-keys\";\n\nexport interface WebCryptoSignerOptions {\n /**\n * Storage key for the device's private key (e.g. the account address). One\n * silent key per (this value, browser profile).\n */\n keyId: string;\n}\n\ninterface StoredKey {\n privateKey: CryptoKey; // non-extractable; structured-cloneable\n x: bigint;\n y: bigint;\n}\n\n/**\n * Silent, device-bound signer for the browser. Generates a non-extractable\n * secp256r1 (P-256) key via WebCrypto and stores the `CryptoKey` in IndexedDB.\n * The private key is never exposed to JS and signing produces NO UI — there is\n * no passkey, no Face ID / Touch ID prompt. To the user it is invisible; they\n * only ever see the OAuth / email login used to derive their address.\n */\nexport class WebCryptoSigner implements DeviceSigner {\n private constructor(\n private readonly privateKey: CryptoKey,\n private readonly publicKey: DevicePublicKey,\n readonly keyId: string,\n ) {}\n\n /** Create a fresh device key (first run on this device) and persist it. */\n static async create(opts: WebCryptoSignerOptions): Promise<WebCryptoSigner> {\n assertSecureContext();\n const pair = await crypto.subtle.generateKey(\n { name: \"ECDSA\", namedCurve: \"P-256\" },\n false, // private key is NON-extractable\n [\"sign\", \"verify\"],\n );\n const publicKey = await exportPublicKey(pair.publicKey);\n await idbPut(opts.keyId, { privateKey: pair.privateKey, x: publicKey.x, y: publicKey.y });\n return new WebCryptoSigner(pair.privateKey, publicKey, opts.keyId);\n }\n\n /** Load an existing device key from storage, or null if none exists yet. */\n static async load(opts: WebCryptoSignerOptions): Promise<WebCryptoSigner | null> {\n const rec = await idbGet(opts.keyId);\n if (!rec) return null;\n return new WebCryptoSigner(rec.privateKey, { x: rec.x, y: rec.y }, opts.keyId);\n }\n\n /** Load the device key, creating one on first use. */\n static async loadOrCreate(opts: WebCryptoSignerOptions): Promise<WebCryptoSigner> {\n return (await WebCryptoSigner.load(opts)) ?? (await WebCryptoSigner.create(opts));\n }\n\n async getPublicKey(): Promise<DevicePublicKey> {\n return this.publicKey;\n }\n\n async sign(txHash: Uint8Array): Promise<DeviceSignature> {\n // WebCrypto ECDSA hashes the message with SHA-256 internally, then signs.\n const raw = new Uint8Array(\n await crypto.subtle.sign(\n { name: \"ECDSA\", hash: \"SHA-256\" },\n this.privateKey,\n txHash as unknown as BufferSource,\n ),\n );\n // IEEE P1363 form: r || s, 32 bytes each.\n const r = bytesToBigInt(raw.subarray(0, 32));\n const s = bytesToBigInt(raw.subarray(32, 64));\n const digest = sha256(txHash);\n const yParity = recoverYParity(r, s, digest, this.publicKey);\n return { r, s, yParity };\n }\n}\n\nasync function exportPublicKey(publicKey: CryptoKey): Promise<DevicePublicKey> {\n const raw = new Uint8Array(await crypto.subtle.exportKey(\"raw\", publicKey)); // 0x04 || X || Y\n return { x: bytesToBigInt(raw.subarray(1, 33)), y: bytesToBigInt(raw.subarray(33, 65)) };\n}\n\n/**\n * WebCrypto (`crypto.subtle`) is only available in secure contexts — HTTPS, or\n * `http://localhost`. Accessing the dev server over a LAN IP (e.g.\n * http://192.168.1.24:3000) is NOT secure, so `crypto.subtle` is undefined and\n * device-key generation would crash with a cryptic \"undefined is not an object\".\n * Fail early with an actionable message instead.\n */\nfunction assertSecureContext(): void {\n const ok =\n typeof crypto !== \"undefined\" &&\n typeof crypto.subtle !== \"undefined\" &&\n (typeof window === \"undefined\" || window.isSecureContext);\n if (!ok) {\n throw new Error(\n \"Cavos: WebCrypto is unavailable. Device keys require a secure context — use HTTPS, or http://localhost. \" +\n \"(For LAN/mobile dev testing, run `next dev --experimental-https`.)\",\n );\n }\n}\n\n// --- minimal IndexedDB wrapper ---\n\nfunction openDb(): Promise<IDBDatabase> {\n return new Promise((resolve, reject) => {\n const req = indexedDB.open(IDB_NAME, 1);\n req.onupgradeneeded = () => req.result.createObjectStore(IDB_STORE);\n req.onsuccess = () => resolve(req.result);\n req.onerror = () => reject(req.error);\n });\n}\n\nasync function idbPut(keyId: string, value: StoredKey): Promise<void> {\n const db = await openDb();\n await tx(db, \"readwrite\", (store) => store.put(value, keyId));\n db.close();\n}\n\nasync function idbGet(keyId: string): Promise<StoredKey | null> {\n const db = await openDb();\n const result = await tx(db, \"readonly\", (store) => store.get(keyId));\n db.close();\n return (result as StoredKey) ?? null;\n}\n\nfunction tx<T>(\n db: IDBDatabase,\n mode: IDBTransactionMode,\n run: (store: IDBObjectStore) => IDBRequest<T>,\n): Promise<T> {\n return new Promise((resolve, reject) => {\n const store = db.transaction(IDB_STORE, mode).objectStore(IDB_STORE);\n const req = run(store);\n req.onsuccess = () => resolve(req.result);\n req.onerror = () => reject(req.error);\n });\n}\n","/** Starknet network presets and well-known addresses for the kit. */\n\nexport const STARKNET_NETWORKS = {\n sepolia: {\n chainId: \"0x534e5f5345504f4c4941\", // SN_SEPOLIA\n rpcUrl: \"https://api.cartridge.gg/x/starknet/sepolia\",\n },\n mainnet: {\n chainId: \"0x534e5f4d41494e\", // SN_MAIN\n rpcUrl: \"https://api.cartridge.gg/x/starknet/mainnet\",\n },\n} as const;\n\nexport type StarknetNetwork = keyof typeof STARKNET_NETWORKS;\n\n/** Universal Deployer Contract (same address on mainnet & sepolia). */\nexport const UDC_ADDRESS =\n \"0x041a78e741e5af2fec34b695679bc6891742439f7afb8484ecd7766661ad02bf\";\n\n/** Cavos-hosted SNIP-29 paymaster (same service @cavos/react uses). */\nexport const CAVOS_PAYMASTER_URL: Record<StarknetNetwork, string> = {\n sepolia: \"https://sepolia-paymaster.cavos.xyz\",\n mainnet: \"https://paymaster.cavos.xyz\",\n};\n\n/**\n * DeviceAccount class hash, per network. Populated from\n * `account-contracts/starknet/deployments/<network>.json` after declaring.\n *\n * Sepolia re-declared 2026-07-01 with the passkey-approval surface + BATCHED\n * multi-chain challenge (one passkey prompt approves a device on all chains).\n * Mainnet still runs the prior class (no passkey) until it is re-declared.\n */\nexport const DEVICE_ACCOUNT_CLASS_HASH: Record<StarknetNetwork, string> = {\n sepolia: \"0x25cbc5423e8ee895febb0ef2c3945b408da44d0039d915fbdd681fe6b6ba66b\",\n mainnet: \"0x1840aded59e8a0d2b440a134cb9079a7fc11b06c77f58ed189ab436a034ca6a\",\n};\n","import { hash, num } from \"starknet\";\nimport { sha256 } from \"@noble/hashes/sha256\";\nimport type { ChainAdapter, ChainCall, ComputeAddressParams } from \"../ChainAdapter\";\nimport type { DeviceSigner, DevicePublicKey } from \"../../signer/DeviceSigner\";\nimport { signatureToFelts } from \"../../crypto/signature\";\nimport { u256ToFelts, bigIntTo32Bytes, bytesToByteArrayCalldata, bytesToBigInt } from \"../../crypto/encoding\";\nimport type { PasskeyAssertion } from \"../../crypto/webauthn\";\nimport { UDC_ADDRESS } from \"./constants\";\n\nexport interface StarknetAdapterOptions {\n classHash: string;\n /** Read provider for `isAuthorizedSigner`. Optional for build-only usage. */\n provider?: { callContract(call: { contractAddress: string; entrypoint: string; calldata: string[] }): Promise<string[]> };\n /** Signer used to sign outgoing transactions. */\n signer?: DeviceSigner;\n}\n\n/** Starknet implementation of the device-signer account adapter. */\nexport class StarknetAdapter implements ChainAdapter {\n readonly chain = \"starknet\" as const;\n\n constructor(private readonly opts: StarknetAdapterOptions) {}\n\n computeAddress({ addressSeed, initialSigner, salt }: ComputeAddressParams): string {\n return hash.calculateContractAddressFromHash(\n num.toHex(salt ?? addressSeed),\n this.opts.classHash,\n this.constructorCalldata(addressSeed, initialSigner),\n 0, // deployerAddress 0 => deterministic counterfactual address\n );\n }\n\n /** Single UDC deploy; the constructor registers the first device signer, so\n * the account is ready the moment it is deployed (fits the paymaster's\n * deploy + execute_from_outside bundle). */\n buildDeploy(params: ComputeAddressParams): ChainCall[] {\n const salt = params.salt ?? params.addressSeed;\n const calldata = this.constructorCalldata(params.addressSeed, params.initialSigner);\n return [\n {\n contractAddress: UDC_ADDRESS,\n entrypoint: \"deployContract\",\n calldata: [\n this.opts.classHash,\n num.toHex(salt),\n \"0x0\", // unique = false -> deployer-independent address\n num.toHex(calldata.length),\n ...calldata,\n ],\n },\n ];\n }\n\n /** Constructor calldata: [address_seed, pub_x_low, pub_x_high, pub_y_low, pub_y_high]. */\n constructorCalldata(addressSeed: bigint, initialSigner: DevicePublicKey): string[] {\n return [num.toHex(addressSeed), ...pubkeyCalldata(initialSigner)];\n }\n\n buildAddSigner(accountAddress: string, signer: DevicePublicKey): ChainCall {\n return { contractAddress: accountAddress, entrypoint: \"add_signer\", calldata: pubkeyCalldata(signer) };\n }\n\n buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): ChainCall {\n return { contractAddress: accountAddress, entrypoint: \"remove_signer\", calldata: pubkeyCalldata(signer) };\n }\n\n async isAuthorizedSigner(accountAddress: string, signer: DevicePublicKey): Promise<boolean> {\n if (!this.opts.provider) throw new Error(\"kit/starknet: provider required for reads\");\n const res = await this.opts.provider.callContract({\n contractAddress: accountAddress,\n entrypoint: \"is_authorized_signer\",\n calldata: pubkeyCalldata(signer),\n });\n return BigInt(res[0] ?? 0) !== 0n;\n }\n\n async buildSignature(txHash: bigint): Promise<string[]> {\n if (!this.opts.signer) throw new Error(\"kit/starknet: signer required to sign\");\n const sig = await this.opts.signer.sign(bigIntTo32Bytes(txHash));\n return signatureToFelts(sig).map((f) => num.toHex(f));\n }\n\n // --- passkey approvers ---\n\n buildAddApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall {\n return { contractAddress: accountAddress, entrypoint: \"add_approver\", calldata: pubkeyCalldata(passkey) };\n }\n\n buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): ChainCall {\n return { contractAddress: accountAddress, entrypoint: \"remove_approver\", calldata: pubkeyCalldata(passkey) };\n }\n\n async isApprover(accountAddress: string, passkey: DevicePublicKey): Promise<boolean> {\n if (!this.opts.provider) throw new Error(\"kit/starknet: provider required for reads\");\n const res = await this.opts.provider.callContract({\n contractAddress: accountAddress,\n entrypoint: \"is_approver\",\n calldata: pubkeyCalldata(passkey),\n });\n return BigInt(res[0] ?? 0) !== 0n;\n }\n\n async getPasskeyNonce(accountAddress: string): Promise<bigint> {\n if (!this.opts.provider) throw new Error(\"kit/starknet: provider required for reads\");\n const res = await this.opts.provider.callContract({\n contractAddress: accountAddress,\n entrypoint: \"get_passkey_nonce\",\n calldata: [],\n });\n return BigInt(res[0] ?? 0);\n }\n\n /** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:\n * `sha256(new_x || new_y || nonce)` (coords 32B BE, nonce 16B BE). The batch\n * challenge the passkey signs is `sha256(concat(leaves))` across chains. */\n passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array {\n const msg = new Uint8Array(32 + 32 + 16);\n msg.set(bigIntTo32Bytes(newSigner.x), 0);\n msg.set(bigIntTo32Bytes(newSigner.y), 32);\n msg.set(bigIntTo32Bytes(nonce).subarray(16), 64); // low 16 bytes = u128 BE\n return sha256(msg);\n }\n\n /** Passkey-authorized `add_signer` call. `leaves`/`leafIndex` place this chain's\n * leaf in the multi-chain batch (single chain → `[leaf]`, index 0). `yParity`\n * matches the raw `(r, s)` — the contract normalizes high-S internally. */\n buildAddSignerViaPasskey(\n accountAddress: string,\n newSigner: DevicePublicKey,\n nonce: bigint,\n leaves: Uint8Array[],\n leafIndex: number,\n assertion: PasskeyAssertion,\n yParity: boolean,\n ): ChainCall {\n const [rl, rh] = u256ToFelts(assertion.r);\n const [sl, sh] = u256ToFelts(assertion.s);\n const leavesCalldata: string[] = [String(leaves.length)];\n for (const leaf of leaves) {\n const [lo, hi] = u256ToFelts(bytesToBigInt(leaf));\n leavesCalldata.push(num.toHex(lo), num.toHex(hi));\n }\n return {\n contractAddress: accountAddress,\n entrypoint: \"add_signer_via_passkey\",\n calldata: [\n ...pubkeyCalldata(newSigner), // new_x, new_y (u256 pairs)\n num.toHex(nonce),\n ...leavesCalldata, // Array<u256> leaves\n String(leafIndex),\n ...bytesToByteArrayCalldata(assertion.authenticatorData),\n ...bytesToByteArrayCalldata(assertion.clientDataJSON),\n String(assertion.challengeOffset),\n num.toHex(rl), num.toHex(rh),\n num.toHex(sl), num.toHex(sh),\n yParity ? \"0x1\" : \"0x0\",\n ],\n };\n }\n}\n\n/** Encode a P-256 pubkey as `[x_low, x_high, y_low, y_high]` (two u256s). */\nfunction pubkeyCalldata(pk: DevicePublicKey): string[] {\n const [xl, xh] = u256ToFelts(pk.x);\n const [yl, yh] = u256ToFelts(pk.y);\n return [num.toHex(xl), num.toHex(xh), num.toHex(yl), num.toHex(yh)];\n}\n","import { Signer, num, type ArraySignatureType } from \"starknet\";\nimport type { DeviceSigner } from \"../../signer/DeviceSigner\";\nimport { signatureToFelts } from \"../../crypto/signature\";\nimport { bigIntTo32Bytes } from \"../../crypto/encoding\";\n\n/**\n * A starknet.js `SignerInterface` backed by a device signer. Extends the base\n * `Signer` so all transaction/declare hash computation (v3) is reused; only the\n * raw hash-signing primitive is overridden to sign silently with the device key.\n *\n * Usage:\n * const account = new Account(provider, address, new StarknetDeviceSigner(device), \"1\");\n * await account.execute(calls); // DeviceAccount validates the device signature\n *\n * For gasless flows, hand this signer to your paymaster SDK (e.g. AVNU) the same\n * way you would any starknet.js signer.\n */\nexport class StarknetDeviceSigner extends Signer {\n constructor(private readonly device: DeviceSigner) {\n // Base `pk` is unused: device accounts have no single Stark private key.\n super(\"0x1\");\n }\n\n /** Device accounts are not controlled by a single Stark pubkey. */\n override async getPubKey(): Promise<string> {\n return \"0x0\";\n }\n\n /** Sign the computed tx hash silently with the device signer. */\n protected override async signRaw(msgHash: string): Promise<ArraySignatureType> {\n const sig = await this.device.sign(bigIntTo32Bytes(BigInt(msgHash)));\n return signatureToFelts(sig).map((f) => num.toHex(f));\n }\n}\n","import type { DevicePublicKey } from \"../signer/DeviceSigner\";\n\n/**\n * Off-chain map of `user_id -> wallet`. Because the account address is\n * `f(identity, first_device_pubkey)` (unforgeable, secure), it is NOT derivable\n * from the identity alone on a new device. The backend is the source of truth\n * for \"does this user already have a wallet?\" — enabling multi-device:\n *\n * - First device, unknown user -> deploy a new wallet, then `register`.\n * - Same user, new device -> `lookup` returns the existing wallet; the\n * new device is added as a signer (recovery\n * approval), NOT a new wallet.\n *\n * The backend implements this (it already manages the user<->address binding).\n */\nexport interface WalletRegistry {\n /** The user's existing wallet, or null if they don't have one yet. */\n lookup(userId: string): Promise<RegisteredWallet | null>;\n\n /** Record a freshly deployed wallet for the user (first device). */\n register(params: {\n userId: string;\n address: string;\n initialSigner: DevicePublicKey;\n }): Promise<void>;\n\n /** Note an additional device signer for the user's wallet (after approval). */\n addDevice?(params: {\n userId: string;\n address: string;\n signer: DevicePublicKey;\n }): Promise<void>;\n}\n\nexport interface RegisteredWallet {\n address: string;\n /** Public keys of the devices registered on this wallet (if tracked). */\n devices?: DevicePublicKey[];\n}\n\n/** Simple in-memory registry for demos / tests. */\nexport class InMemoryWalletRegistry implements WalletRegistry {\n private wallets = new Map<string, RegisteredWallet>();\n\n async lookup(userId: string): Promise<RegisteredWallet | null> {\n return this.wallets.get(userId) ?? null;\n }\n async register(params: { userId: string; address: string; initialSigner: DevicePublicKey }) {\n this.wallets.set(params.userId, { address: params.address, devices: [params.initialSigner] });\n }\n async addDevice(params: { userId: string; address: string; signer: DevicePublicKey }) {\n const w = this.wallets.get(params.userId);\n if (w) w.devices = [...(w.devices ?? []), params.signer];\n }\n}\n","import type { DevicePublicKey } from \"../signer/DeviceSigner\";\nimport type { WalletRegistry, RegisteredWallet } from \"./WalletRegistry\";\n\nexport interface HttpWalletRegistryOptions {\n /** Cavos backend base URL (e.g. https://cavos.xyz). */\n baseUrl: string;\n /** The Cavos App ID — authenticates the SDK calls (verifyAppId). */\n appId: string;\n /** Network the wallet lives on (e.g. \"sepolia\"). */\n network: string;\n}\n\n/** Serialize a bigint pubkey component for transport (hex string). */\nfunction toHex(n: bigint): string {\n return \"0x\" + n.toString(16);\n}\n\n/** Parse a hex/decimal string back to a bigint pubkey component. */\nfunction fromHex(s: string): bigint {\n return BigInt(s);\n}\n\n/**\n * WalletRegistry backed by the Cavos backend (`/api/wallets`). This is the\n * persistent, cross-device source of truth for `user_id -> wallet`. The backend\n * stores authorized device signers in `wallet_devices`; the registry maps a\n * backend `userId` (the OAuth `sub`) onto that wallet row.\n */\nexport class HttpWalletRegistry implements WalletRegistry {\n constructor(private readonly opts: HttpWalletRegistryOptions) {}\n\n async lookup(userId: string): Promise<RegisteredWallet | null> {\n const url = new URL(\"/api/wallets\", this.opts.baseUrl);\n url.searchParams.set(\"app_id\", this.opts.appId);\n url.searchParams.set(\"user_social_id\", userId);\n url.searchParams.set(\"network\", this.opts.network);\n\n const res = await fetch(url, { headers: { \"Content-Type\": \"application/json\" } });\n if (!res.ok) throw new Error(`registry lookup failed: ${res.status}`);\n const data = await res.json();\n if (!data.found || !data.address) return null;\n\n const devices: DevicePublicKey[] | undefined = Array.isArray(data.devices)\n ? data.devices.map((d: { pub_x: string; pub_y: string }) => ({\n x: fromHex(d.pub_x),\n y: fromHex(d.pub_y),\n }))\n : undefined;\n\n return { address: data.address, devices };\n }\n\n async register(params: {\n userId: string;\n address: string;\n initialSigner: DevicePublicKey;\n }): Promise<void> {\n const res = await fetch(new URL(\"/api/wallets\", this.opts.baseUrl), {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n app_id: this.opts.appId,\n user_social_id: params.userId,\n network: this.opts.network,\n address: params.address,\n // Device-signer wallets send their initial signer (no encrypted blob).\n devices: [{ x: toHex(params.initialSigner.x), y: toHex(params.initialSigner.y) }],\n }),\n });\n if (!res.ok) {\n const t = await res.text().catch(() => \"\");\n throw new Error(`registry register failed: ${res.status} ${t}`);\n }\n }\n\n async addDevice?(params: {\n userId: string;\n address: string;\n signer: DevicePublicKey;\n }): Promise<void> {\n // The backend mirrors `wallet_devices` via the confirm endpoint after an\n // on-chain add_signer, so this is a no-op here (kept for interface parity).\n void params;\n }\n}\n","import { hash } from \"starknet\";\nimport { sha256 } from \"@noble/hashes/sha256\";\n\n/**\n * The address seed binds a wallet to a stable, backend-managed user identity.\n * The deterministic account address is derived from this seed + salt ONLY — never\n * from a device pubkey — so the same user resolves to the same wallet on any\n * device. The backend owns the user_id <-> address mapping off-chain.\n */\nexport interface IdentityInput {\n /** Stable, backend-managed user identifier (e.g. from email / magic link). */\n userId: string;\n /** Per-app salt, so the same user has distinct wallets across apps. */\n appSalt: string;\n}\n\n/** Derive the felt `address_seed` passed to the contract constructor. */\nexport function deriveAddressSeed({ userId, appSalt }: IdentityInput): bigint {\n // Poseidon over the identity components; stable and collision-resistant.\n const h = hash.computePoseidonHashOnElements([feltFromString(userId), feltFromString(appSalt)]);\n return BigInt(h);\n}\n\n/**\n * Solana variant: a 32-byte `address_seed` for the Cavos device-account PDA.\n * Uses the SAME identity input as Starknet (`userId + appSalt`) but hashes with\n * SHA-256 instead of Poseidon, since Solana has no native Poseidon and the PDA\n * seed is raw bytes. The same user therefore maps to a stable, app-scoped\n * address on each chain (different address spaces, one identity).\n */\nexport function deriveAddressSeedSolana({ userId, appSalt }: IdentityInput): Uint8Array {\n return sha256(new TextEncoder().encode(`cavos:solana:v1:${userId}:${appSalt}`));\n}\n\n/**\n * Stellar variant: a 32-byte `address_seed` used as the Soroban account's seed\n * and folded (with the initial device signer) into the factory deploy salt.\n * Same identity input as the other chains, SHA-256 hashed, with a Stellar-scoped\n * domain so the same user maps to a distinct address per chain.\n */\nexport function deriveAddressSeedStellar({ userId, appSalt }: IdentityInput): Uint8Array {\n return sha256(new TextEncoder().encode(`cavos:stellar:v1:${userId}:${appSalt}`));\n}\n\n/** Map an arbitrary UTF-8 string into a felt via Poseidon over its byte chunks. */\nfunction feltFromString(s: string): bigint {\n const bytes = new TextEncoder().encode(s);\n const chunks: bigint[] = [];\n for (let i = 0; i < bytes.length; i += 31) {\n let w = 0n;\n for (const b of bytes.subarray(i, i + 31)) w = (w << 8n) | BigInt(b);\n chunks.push(w);\n }\n if (chunks.length === 0) return 0n;\n if (chunks.length === 1) return chunks[0];\n return BigInt(hash.computePoseidonHashOnElements(chunks));\n}\n","/** Cavos device-account program + Solana primitives. */\n\n/** Deployed `cavos-device-account` program id (see account-contracts/solana). */\nexport const DEVICE_ACCOUNT_PROGRAM_ID =\n \"FHnoYNfYAmFrwt18gcBGG7G1S5q3RAbCBvrV2D29izNJ\";\n\n/** Native secp256r1 signature-verify precompile (SIMD-0075). */\nexport const SECP256R1_PROGRAM_ID =\n \"Secp256r1SigVerify1111111111111111111111111\";\n\n/** PDA seed prefix, must match the program's `ACCOUNT_SEED`. */\nexport const ACCOUNT_SEED = \"cavos-account\";\n\n/** Domain separators, must match the program's signed-message domains. */\nexport const DOMAIN_ADD = \"cavos:add_signer:v1\";\nexport const DOMAIN_REMOVE = \"cavos:remove_signer:v1\";\nexport const DOMAIN_TRANSFER = \"cavos:transfer:v1\";\n/** Arbitrary execution (CPI). The signed message commits to sha256 of the\n * canonical Borsh serialization of the instruction set — see `buildExecute`. */\nexport const DOMAIN_EXECUTE = \"cavos:execute:v1\";\nexport const DOMAIN_ADD_APPROVER = \"cavos:add_approver:v1\";\nexport const DOMAIN_REMOVE_APPROVER = \"cavos:remove_approver:v1\";\n\n/** secp256r1 (P-256) curve order, for low-S normalization. */\nexport const SECP256R1_N =\n 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551n;\n\nexport const SOLANA_NETWORKS = {\n \"solana-devnet\": \"https://api.devnet.solana.com\",\n \"solana-mainnet\": \"https://api.mainnet-beta.solana.com\",\n \"solana-localnet\": \"http://127.0.0.1:8899\",\n} as const;\n\nexport type SolanaNetwork = keyof typeof SOLANA_NETWORKS;\n","import {\n Connection,\n PublicKey,\n SystemProgram,\n SYSVAR_INSTRUCTIONS_PUBKEY,\n TransactionInstruction,\n} from \"@solana/web3.js\";\nimport { sha256 } from \"@noble/hashes/sha256\";\nimport type { DeviceSigner, DevicePublicKey } from \"../../signer/DeviceSigner\";\nimport { bigIntTo32Bytes } from \"../../crypto/encoding\";\nimport {\n ACCOUNT_SEED,\n DEVICE_ACCOUNT_PROGRAM_ID,\n DOMAIN_ADD,\n DOMAIN_REMOVE,\n DOMAIN_TRANSFER,\n DOMAIN_EXECUTE,\n DOMAIN_ADD_APPROVER,\n DOMAIN_REMOVE_APPROVER,\n SECP256R1_N,\n SECP256R1_PROGRAM_ID,\n} from \"./constants\";\nimport type { PasskeyAssertion } from \"../../crypto/webauthn\";\n\nconst COMPRESSED_PUBKEY_SIZE = 33;\nconst SIGNATURE_SIZE = 64;\nconst CURRENT_IX = 0xffff;\n\n/** An account meta candidate for a CPI instruction inside `execute`. Mirrors the\n * on-chain `AccountMetaCandidate` (Borsh). */\nexport interface InstructionAccount {\n pubkey: string;\n isSigner: boolean;\n isWritable: boolean;\n}\n\n/** A CPI instruction the device key authorizes via `execute`. Mirrors the\n * on-chain `InstructionData` (Borsh). Serialized canonically and hashed before\n * signing, so a signature binds exactly this instruction set. */\nexport interface InstructionData {\n programId: string;\n accounts: InstructionAccount[];\n data: Uint8Array;\n}\n\nexport interface SolanaAdapterOptions {\n /** Cavos device-account program id (defaults to the deployed one). */\n programId?: string;\n /** RPC connection for reads (`isAuthorizedSigner`) and nonce fetch. */\n connection?: Connection;\n /** Device signer used to authorize guarded actions. */\n signer?: DeviceSigner;\n}\n\n/**\n * Solana adapter for the Cavos device-signer account. Unlike Starknet (where the\n * account contract verifies the P-256 signature in `__validate__`), Solana\n * verifies it natively via the secp256r1 precompile, so every guarded action is\n * a two-instruction bundle: `[secp256r1 precompile ix, program ix]`. This adapter\n * derives the account PDA, builds those bundles, and reuses the same\n * `DeviceSigner` (P-256 / WebCrypto) as every other chain.\n */\nexport class SolanaAdapter {\n readonly chain = \"solana\" as const;\n readonly programId: PublicKey;\n\n constructor(private readonly opts: SolanaAdapterOptions = {}) {\n this.programId = new PublicKey(opts.programId ?? DEVICE_ACCOUNT_PROGRAM_ID);\n }\n\n /** Deterministic account address: PDA of [seed, address_seed, initial_signer_x]. */\n computeAddress(addressSeed: Uint8Array, initialSigner: DevicePublicKey): string {\n return this.pda(addressSeed, compressedPubkey(initialSigner)).toBase58();\n }\n\n private pda(addressSeed: Uint8Array, initialCompressed: Uint8Array): PublicKey {\n const [pda] = PublicKey.findProgramAddressSync(\n [\n Buffer.from(ACCOUNT_SEED),\n Buffer.from(addressSeed),\n Buffer.from(initialCompressed.slice(1, 33)), // x-coordinate\n ],\n this.programId\n );\n return pda;\n }\n\n /** `initialize` instruction creating the account with its first device signer. */\n buildInitialize(\n addressSeed: Uint8Array,\n payer: string,\n initialSigner: DevicePublicKey\n ): TransactionInstruction {\n const initialCompressed = compressedPubkey(initialSigner);\n const account = this.pda(addressSeed, initialCompressed);\n const data = Buffer.concat([\n anchorDiscriminator(\"initialize\"),\n Buffer.from(addressSeed), // [u8;32]\n Buffer.from(initialCompressed), // [u8;33]\n ]);\n return new TransactionInstruction({\n programId: this.programId,\n keys: [\n { pubkey: account, isSigner: false, isWritable: true },\n { pubkey: new PublicKey(payer), isSigner: true, isWritable: true },\n { pubkey: SystemProgram.programId, isSigner: false, isWritable: false },\n ],\n data,\n });\n }\n\n /** `[precompile, add_signer]` bundle, authorized by an existing device signer. */\n async buildAddSigner(\n account: string,\n newSigner: DevicePublicKey\n ): Promise<TransactionInstruction[]> {\n const accountPk = new PublicKey(account);\n const newCompressed = compressedPubkey(newSigner);\n const nonce = await this.fetchNonce(accountPk);\n const message = concatBytes(\n Buffer.from(DOMAIN_ADD),\n accountPk.toBuffer(),\n newCompressed,\n u64le(nonce)\n );\n const { precompileIx } = await this.signToPrecompile(message);\n const ix = new TransactionInstruction({\n programId: this.programId,\n keys: this.guardedKeys(accountPk),\n data: Buffer.concat([anchorDiscriminator(\"add_signer\"), Buffer.from(newCompressed)]),\n });\n return [precompileIx, ix];\n }\n\n /** `[precompile, remove_signer]` bundle, authorized by an existing device signer. */\n async buildRemoveSigner(\n account: string,\n signer: DevicePublicKey\n ): Promise<TransactionInstruction[]> {\n const accountPk = new PublicKey(account);\n const compressed = compressedPubkey(signer);\n const nonce = await this.fetchNonce(accountPk);\n const message = concatBytes(\n Buffer.from(DOMAIN_REMOVE),\n accountPk.toBuffer(),\n compressed,\n u64le(nonce)\n );\n const { precompileIx } = await this.signToPrecompile(message);\n const ix = new TransactionInstruction({\n programId: this.programId,\n keys: this.guardedKeys(accountPk),\n data: Buffer.concat([anchorDiscriminator(\"remove_signer\"), Buffer.from(compressed)]),\n });\n return [precompileIx, ix];\n }\n\n /** `[precompile, add_approver]` bundle enrolling a passkey approver (device-signed). */\n async buildAddApprover(\n account: string,\n passkey: DevicePublicKey\n ): Promise<TransactionInstruction[]> {\n const accountPk = new PublicKey(account);\n const compressed = compressedPubkey(passkey);\n const nonce = await this.fetchNonce(accountPk);\n const message = concatBytes(\n Buffer.from(DOMAIN_ADD_APPROVER),\n accountPk.toBuffer(),\n compressed,\n u64le(nonce)\n );\n const { precompileIx } = await this.signToPrecompile(message);\n const ix = new TransactionInstruction({\n programId: this.programId,\n keys: this.guardedKeys(accountPk),\n data: Buffer.concat([anchorDiscriminator(\"add_approver\"), Buffer.from(compressed)]),\n });\n return [precompileIx, ix];\n }\n\n /** `[precompile, remove_approver]` bundle (device-signed). */\n async buildRemoveApprover(\n account: string,\n passkey: DevicePublicKey\n ): Promise<TransactionInstruction[]> {\n const accountPk = new PublicKey(account);\n const compressed = compressedPubkey(passkey);\n const nonce = await this.fetchNonce(accountPk);\n const message = concatBytes(\n Buffer.from(DOMAIN_REMOVE_APPROVER),\n accountPk.toBuffer(),\n compressed,\n u64le(nonce)\n );\n const { precompileIx } = await this.signToPrecompile(message);\n const ix = new TransactionInstruction({\n programId: this.programId,\n keys: this.guardedKeys(accountPk),\n data: Buffer.concat([anchorDiscriminator(\"remove_approver\"), Buffer.from(compressed)]),\n });\n return [precompileIx, ix];\n }\n\n /** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:\n * `sha256(compressed(new_signer) || passkey_nonce_le8)`. The batch challenge the\n * passkey signs is `sha256(concat(leaves))` across chains. */\n passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array {\n return sha256(concatBytes(compressedPubkey(newSigner), u64le(nonce)));\n }\n\n /**\n * `[precompile(passkey), add_signer_via_passkey]` bundle. The precompile ix\n * verifies the PASSKEY's WebAuthn assertion over `authData || sha256(clientDataJSON)`;\n * the program ix binds the challenge to `newSigner` + the passkey nonce and adds\n * the signer. No device signature — a gasless relayer can submit it.\n */\n buildAddSignerViaPasskey(\n account: string,\n newSigner: DevicePublicKey,\n passkey: DevicePublicKey,\n leaves: Uint8Array[],\n leafIndex: number,\n assertion: PasskeyAssertion\n ): TransactionInstruction[] {\n const accountPk = new PublicKey(account);\n const newCompressed = compressedPubkey(newSigner);\n const passkeyCompressed = compressedPubkey(passkey);\n\n // Precompile message = authData || sha256(clientDataJSON); the precompile\n // hashes it once → the WebAuthn signed digest.\n const clientHash = sha256(assertion.clientDataJSON);\n const message = concatBytes(assertion.authenticatorData, clientHash);\n const signature = encodeLowSSignature(assertion.r, assertion.s);\n const precompileIx = buildSecp256r1Instruction(passkeyCompressed, signature, message);\n\n // Borsh Vec<[u8; 32]> leaves: u32 len + len*32 bytes.\n const leavesBlob = Buffer.concat([u32le(leaves.length), ...leaves.map((l) => Buffer.from(l))]);\n const data = Buffer.concat([\n anchorDiscriminator(\"add_signer_via_passkey\"),\n Buffer.from(newCompressed),\n leavesBlob,\n u32le(leafIndex),\n serializeVecU8(assertion.authenticatorData),\n serializeVecU8(assertion.clientDataJSON),\n u32le(assertion.challengeOffset),\n ]);\n const ix = new TransactionInstruction({\n programId: this.programId,\n keys: this.guardedKeys(accountPk),\n data,\n });\n return [precompileIx, ix];\n }\n\n /** Read whether `passkey` is a registered approver. */\n async isApprover(account: string, passkey: DevicePublicKey): Promise<boolean> {\n const approvers = await this.fetchApprovers(new PublicKey(account));\n const target = Buffer.from(compressedPubkey(passkey)).toString(\"hex\");\n return approvers.some((a) => Buffer.from(a).toString(\"hex\") === target);\n }\n\n /** Read the current passkey-approval nonce. */\n async passkeyNonce(account: string): Promise<bigint> {\n const info = await this.requireConnection().getAccountInfo(new PublicKey(account));\n if (!info) return 0n;\n const d = info.data;\n const signersLenOff = 8 + 32 + 1 + 8 + COMPRESSED_PUBKEY_SIZE; // 82\n const signerCount = d.readUInt32LE(signersLenOff);\n const approversLenOff = signersLenOff + 4 + signerCount * COMPRESSED_PUBKEY_SIZE;\n const approverCount = d.readUInt32LE(approversLenOff);\n const passkeyNonceOff = approversLenOff + 4 + approverCount * COMPRESSED_PUBKEY_SIZE;\n return readU64le(d, passkeyNonceOff);\n }\n\n /** `[precompile, execute_transfer]` bundle moving lamports out of the account. */\n async buildExecuteTransfer(\n account: string,\n destination: string,\n amount: bigint\n ): Promise<TransactionInstruction[]> {\n const accountPk = new PublicKey(account);\n const destPk = new PublicKey(destination);\n const nonce = await this.fetchNonce(accountPk);\n const message = concatBytes(\n Buffer.from(DOMAIN_TRANSFER),\n accountPk.toBuffer(),\n destPk.toBuffer(),\n u64le(amount),\n u64le(nonce)\n );\n const { precompileIx } = await this.signToPrecompile(message);\n const ix = new TransactionInstruction({\n programId: this.programId,\n keys: [\n { pubkey: accountPk, isSigner: false, isWritable: true },\n { pubkey: destPk, isSigner: false, isWritable: true },\n { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false },\n ],\n data: Buffer.concat([anchorDiscriminator(\"execute_transfer\"), u64le(amount)]),\n });\n return [precompileIx, ix];\n }\n\n /**\n * `[precompile, execute]` bundle running arbitrary CPI instructions with the\n * account PDA as signer. The device key signs over\n * `DOMAIN_EXECUTE || account || sha256(canonical(instructions)) || nonce`, so\n * the signature commits to the EXACT instruction set the program will invoke —\n * no account/data substitution is possible after signing.\n *\n * The instructions' accounts are passed to the program via `remaining_accounts`\n * (flattened, in order); the program enforces an exact, ordered mapping.\n */\n async buildExecute(\n account: string,\n instructions: InstructionData[]\n ): Promise<TransactionInstruction[]> {\n if (instructions.length === 0) throw new Error(\"kit/solana: execute requires at least one instruction\");\n\n const accountPk = new PublicKey(account);\n const nonce = await this.fetchNonce(accountPk);\n\n // Canonical Borsh serialization MUST match the on-chain\n // `hash_instructions` (sha256 over the concatenated `InstructionData`).\n const blob = serializeInstructions(instructions);\n const ixsHash = sha256(blob);\n\n const message = concatBytes(\n Buffer.from(DOMAIN_EXECUTE),\n accountPk.toBuffer(),\n Buffer.from(ixsHash),\n u64le(nonce)\n );\n const { precompileIx } = await this.signToPrecompile(message);\n\n // The program ix carries the instructions in its data; the accounts they\n // reference are flattened into `remaining_accounts` in order. The wire format\n // is discriminator + Borsh Vec<u8>(blob) = discriminator + u32_len + blob.\n // The signed hash (above) is over the inner `blob` only — no length prefix —\n // matching the program's parse and the relay's allowlist parser.\n const blobLen = Buffer.alloc(4);\n new DataView(blobLen.buffer).setUint32(0, blob.length, true);\n const data = Buffer.concat([anchorDiscriminator(\"execute\"), blobLen, blob]);\n const remainingAccounts: Array<{ pubkey: PublicKey; isSigner: false; isWritable: boolean }> = [];\n for (const ix of instructions) {\n for (const acc of ix.accounts) {\n remainingAccounts.push({\n pubkey: new PublicKey(acc.pubkey),\n isSigner: false, // signer flags are part of the signed InstructionData\n isWritable: acc.isWritable,\n });\n }\n // The CPI target program must be a remaining_account too — invoke_signed\n // needs it loaded. Appended (not part of the signed account list).\n remainingAccounts.push({\n pubkey: new PublicKey(ix.programId),\n isSigner: false,\n isWritable: false,\n });\n }\n const ix = new TransactionInstruction({\n programId: this.programId,\n keys: [\n { pubkey: accountPk, isSigner: false, isWritable: true },\n { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false },\n ...remainingAccounts,\n ],\n data,\n });\n return [precompileIx, ix];\n }\n\n /** Read whether `signer` is currently an authorized signer of `account`. */\n async isAuthorizedSigner(account: string, signer: DevicePublicKey): Promise<boolean> {\n const signers = await this.fetchSigners(new PublicKey(account));\n const target = Buffer.from(compressedPubkey(signer)).toString(\"hex\");\n return signers.some((s) => Buffer.from(s).toString(\"hex\") === target);\n }\n\n private guardedKeys(account: PublicKey) {\n return [\n { pubkey: account, isSigner: false, isWritable: true },\n { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY, isSigner: false, isWritable: false },\n ];\n }\n\n /** Sign `message` with the device key and build the matching precompile ix. */\n private async signToPrecompile(\n message: Uint8Array\n ): Promise<{ precompileIx: TransactionInstruction }> {\n if (!this.opts.signer) throw new Error(\"kit/solana: signer required to authorize\");\n const pubkey = await this.opts.signer.getPublicKey();\n // The signer signs sha256(message); the precompile recomputes sha256(message).\n const sig = await this.opts.signer.sign(message as Uint8Array);\n const signature = encodeLowSSignature(sig.r, sig.s);\n const precompileIx = buildSecp256r1Instruction(\n compressedPubkey(pubkey),\n signature,\n message\n );\n return { precompileIx };\n }\n\n private async fetchNonce(account: PublicKey): Promise<bigint> {\n const info = await this.requireConnection().getAccountInfo(account);\n if (!info) return 0n;\n // layout: 8 disc + 32 address_seed + 1 bump + 8 nonce(LE) + 33 initial_signer + ...\n // nonce is right after bump, so its offset is unaffected by initial_signer.\n return readU64le(info.data, 41);\n }\n\n private async fetchSigners(account: PublicKey): Promise<Uint8Array[]> {\n const info = await this.requireConnection().getAccountInfo(account);\n if (!info) return [];\n const d = info.data;\n // layout: 8 disc + 32 address_seed + 1 bump + 8 nonce + 33 initial_signer + 4 vec_len + signers\n const lenOffset = 8 + 32 + 1 + 8 + COMPRESSED_PUBKEY_SIZE; // = 82\n const count = d.readUInt32LE(lenOffset);\n const out: Uint8Array[] = [];\n let off = lenOffset + 4;\n for (let i = 0; i < count; i++) {\n out.push(Uint8Array.from(d.subarray(off, off + COMPRESSED_PUBKEY_SIZE)));\n off += COMPRESSED_PUBKEY_SIZE;\n }\n return out;\n }\n\n private async fetchApprovers(account: PublicKey): Promise<Uint8Array[]> {\n const info = await this.requireConnection().getAccountInfo(account);\n if (!info) return [];\n const d = info.data;\n const signersLenOff = 8 + 32 + 1 + 8 + COMPRESSED_PUBKEY_SIZE; // 82\n const signerCount = d.readUInt32LE(signersLenOff);\n const approversLenOff = signersLenOff + 4 + signerCount * COMPRESSED_PUBKEY_SIZE;\n const count = d.readUInt32LE(approversLenOff);\n const out: Uint8Array[] = [];\n let off = approversLenOff + 4;\n for (let i = 0; i < count; i++) {\n out.push(Uint8Array.from(d.subarray(off, off + COMPRESSED_PUBKEY_SIZE)));\n off += COMPRESSED_PUBKEY_SIZE;\n }\n return out;\n }\n\n private requireConnection(): Connection {\n if (!this.opts.connection) throw new Error(\"kit/solana: connection required for reads\");\n return this.opts.connection;\n }\n}\n\n/** Compressed SEC1 P-256 pubkey (33 bytes) from {x, y}. */\nexport function compressedPubkey(pk: DevicePublicKey): Uint8Array {\n const out = new Uint8Array(COMPRESSED_PUBKEY_SIZE);\n out[0] = pk.y % 2n === 0n ? 0x02 : 0x03;\n out.set(bigIntTo32Bytes(pk.x), 1);\n return out;\n}\n\n/** Encode (r, s) as raw 64-byte r‖s, normalized to low-S (precompile requires it). */\nexport function encodeLowSSignature(r: bigint, s: bigint): Uint8Array {\n const lowS = s > SECP256R1_N / 2n ? SECP256R1_N - s : s;\n const out = new Uint8Array(SIGNATURE_SIZE);\n out.set(bigIntTo32Bytes(r), 0);\n out.set(bigIntTo32Bytes(lowS), 32);\n return out;\n}\n\n/** Build the native secp256r1 precompile instruction (single self-contained sig). */\nexport function buildSecp256r1Instruction(\n compressed: Uint8Array,\n signature: Uint8Array,\n message: Uint8Array\n): TransactionInstruction {\n const headerLen = 2;\n const offsetsLen = 14;\n const pubkeyOffset = headerLen + offsetsLen;\n const sigOffset = pubkeyOffset + COMPRESSED_PUBKEY_SIZE;\n const msgOffset = sigOffset + SIGNATURE_SIZE;\n const data = Buffer.alloc(msgOffset + message.length);\n\n data.writeUInt8(1, 0);\n data.writeUInt8(0, 1);\n let o = headerLen;\n data.writeUInt16LE(sigOffset, o); o += 2;\n data.writeUInt16LE(CURRENT_IX, o); o += 2;\n data.writeUInt16LE(pubkeyOffset, o); o += 2;\n data.writeUInt16LE(CURRENT_IX, o); o += 2;\n data.writeUInt16LE(msgOffset, o); o += 2;\n data.writeUInt16LE(message.length, o); o += 2;\n data.writeUInt16LE(CURRENT_IX, o); o += 2;\n Buffer.from(compressed).copy(data, pubkeyOffset);\n Buffer.from(signature).copy(data, sigOffset);\n Buffer.from(message).copy(data, msgOffset);\n\n return new TransactionInstruction({\n keys: [],\n programId: new PublicKey(SECP256R1_PROGRAM_ID),\n data,\n });\n}\n\n/** Anchor instruction discriminator = sha256(\"global:<name>\")[..8]. */\nexport function anchorDiscriminator(name: string): Buffer {\n return Buffer.from(sha256(`global:${name}`).slice(0, 8));\n}\n\nfunction u32le(n: number): Buffer {\n const b = Buffer.alloc(4);\n b.writeUInt32LE(n);\n return b;\n}\n\nfunction u64le(n: bigint | number): Buffer {\n const b = Buffer.alloc(8);\n // Avoid Buffer.writeBigUInt64LE: the browser `buffer` polyfill doesn't\n // implement the BigInt methods. Use DataView instead.\n new DataView(b.buffer, b.byteOffset, 8).setBigUint64(0, BigInt(n), true);\n return b;\n}\n\nfunction readU64le(buf: Buffer, offset: number): bigint {\n return new DataView(buf.buffer, buf.byteOffset, buf.length).getBigUint64(\n offset,\n true,\n );\n}\n\nfunction concatBytes(...parts: Uint8Array[]): Uint8Array {\n const total = parts.reduce((n, p) => n + p.length, 0);\n const out = new Uint8Array(total);\n let off = 0;\n for (const p of parts) {\n out.set(p, off);\n off += p.length;\n }\n return out;\n}\n\n// ─── Canonical Borsh serialization for `execute` ────────────────────────────\n// MUST match the on-chain `InstructionData`/`AccountMetaCandidate` AnchorSer\n// layout byte-for-byte: `hash_instructions` hashes this and the program\n// requires the precompile-verified message to commit to the same hash. Changing\n// the byte layout here breaks signature binding (and recovery of past sigs).\n\n/** Serialize a single `InstructionData` exactly as Anchor's Borsh derive would. */\nfunction serializeInstruction(ix: InstructionData): Buffer {\n const programId = new PublicKey(ix.programId).toBuffer(); // 32 bytes\n const accounts = serializeAccounts(ix.accounts);\n const data = serializeVecU8(ix.data);\n return Buffer.concat([programId, accounts, data]);\n}\n\nfunction serializeAccounts(metas: InstructionAccount[]): Buffer {\n const len = Buffer.alloc(4);\n new DataView(len.buffer).setUint32(0, metas.length, true);\n const parts = metas.map(serializeAccountMeta);\n return Buffer.concat([len, ...parts]);\n}\n\nfunction serializeAccountMeta(meta: InstructionAccount): Buffer {\n const pubkey = new PublicKey(meta.pubkey).toBuffer(); // 32 bytes\n return Buffer.concat([pubkey, Buffer.from([meta.isSigner ? 1 : 0, meta.isWritable ? 1 : 0])]);\n}\n\nfunction serializeVecU8(data: Uint8Array): Buffer {\n const len = Buffer.alloc(4);\n new DataView(len.buffer).setUint32(0, data.length, true);\n return Buffer.concat([len, Buffer.from(data)]);\n}\n\n/** Serialize the full instruction set — the bytes `hash_instructions` hashes. */\nexport function serializeInstructions(instructions: InstructionData[]): Buffer {\n return Buffer.concat(instructions.map(serializeInstruction));\n}\n","import {\n Connection,\n PublicKey,\n Transaction,\n type TransactionInstruction,\n} from \"@solana/web3.js\";\nimport type { SolanaNetwork } from \"./constants\";\n\nexport interface SolanaRelayerOptions {\n /** Base URL of the Cavos backend exposing /api/solana/relay. */\n baseUrl: string;\n /** Cavos App ID (authorizes the sponsored request). */\n appId: string;\n network: SolanaNetwork;\n /** Connection used only to fetch a recent blockhash before serializing. */\n connection: Connection;\n}\n\n/**\n * Client for the Cavos Solana sponsoring relayer. Lets the SDK submit\n * device-account transactions WITHOUT the integrator holding a fee-payer\n * keypair: the relayer co-signs as fee payer and pays the fee/rent. The relayer\n * only pays — the device signature inside the instructions (verified by the\n * secp256r1 precompile) is what authorizes the action, and it does not bind the\n * fee payer, so sponsorship needs no re-signing.\n */\nexport class SolanaRelayer {\n private feePayer?: PublicKey;\n\n constructor(private readonly opts: SolanaRelayerOptions) {}\n\n /** The relayer's fee-payer pubkey (fetched + cached from the backend). */\n async getFeePayer(): Promise<PublicKey> {\n if (this.feePayer) return this.feePayer;\n const res = await fetch(`${this.opts.baseUrl}/api/solana/relay?network=${this.opts.network}`);\n if (!res.ok) throw new Error(`kit/solana: relayer fee-payer lookup failed (${res.status})`);\n const { fee_payer } = (await res.json()) as { fee_payer: string };\n this.feePayer = new PublicKey(fee_payer);\n return this.feePayer;\n }\n\n /**\n * Build a tx with the relayer as fee payer, serialize it unsigned, and POST it\n * to the relayer to co-sign + submit. Returns the confirmed signature.\n */\n async send(instructions: TransactionInstruction[]): Promise<string> {\n const feePayer = await this.getFeePayer();\n const { blockhash } = await this.opts.connection.getLatestBlockhash(\"confirmed\");\n const tx = new Transaction();\n tx.feePayer = feePayer;\n tx.recentBlockhash = blockhash;\n tx.add(...instructions);\n\n const serialized = tx\n .serialize({ requireAllSignatures: false, verifySignatures: false })\n .toString(\"base64\");\n\n const res = await fetch(`${this.opts.baseUrl}/api/solana/relay`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n app_id: this.opts.appId,\n network: this.opts.network,\n transaction: serialized,\n }),\n });\n if (!res.ok) {\n const detail = await res.text().catch(() => \"\");\n throw new Error(`kit/solana: relay failed (${res.status}) ${detail}`);\n }\n const { signature } = (await res.json()) as { signature: string };\n return signature;\n }\n}\n","import { p256 } from \"@noble/curves/p256\";\nimport { hkdf } from \"@noble/hashes/hkdf\";\nimport { pbkdf2 } from \"@noble/hashes/pbkdf2\";\nimport { sha256 } from \"@noble/hashes/sha256\";\nimport { randomBytes } from \"@noble/hashes/utils\";\nimport type { DeviceSigner, DevicePublicKey, DeviceSignature } from \"../signer/DeviceSigner\";\nimport { bytesToBigInt, bigIntTo32Bytes } from \"../crypto/encoding\";\nimport { recoverYParity } from \"../crypto/signature\";\n\n/**\n * Self-custodial account recovery via a backup signer derived from a code.\n *\n * The user generates a human-readable recovery code once (see\n * `generateRecoveryCode`). That code is stretched with PBKDF2 + HKDF into a\n * deterministic secp256r1 private key — the SAME key on every device that\n * enters the SAME code. The code never leaves the device: the backend and the\n * chain only ever see the derived public key, which is registered on-chain as\n * an ordinary signer via `add_signer`. Recovering access after losing every\n * device is therefore: enter the code → re-derive the backup key → sign an\n * `add_signer` for the new device. No guardian, no timelock, no custodial key.\n *\n * This module is intentionally chain-agnostic and free of WebCrypto/DOM calls:\n * the derivation is pure `@noble/*` math, so the identical code runs in the\n * browser, React Native, and (eventually) Solana / Stellar / EVM adapters.\n */\n\n/** Fixed domain-separation salt for `deriveBackupKey`. Bumped only to re-derive\n * a new key space (e.g. changing the KDF parameters). Never per-user. */\nconst BACKUP_KDF_SALT = \"cavos-recovery-v1\";\n/** PBKDF2 iteration count. High enough to make brute-forcing a strong code\n * infeasible, low enough that derivation stays well under a second. */\nconst BACKUP_PBKDF2_ITERATIONS = 210_000;\n/** HKDF info string, scopes the derived material to \"backup-signer\". */\nconst BACKUP_HKDF_INFO = \"cavos-backup-signer\";\n\n/** How many words make up a recovery code. 16 words @ 8 bits/word = 128 bits. */\nconst CODE_WORDS = 16;\n\n/**\n * Generate a fresh, human-readable recovery code. The caller MUST present this\n * to the user exactly once and never persist it server-side. ~128 bits of\n * entropy encoded as words from a fixed wordlist (BIP39-style but our own list,\n * so we don't pull a dependency on a BIP39 wordfile).\n */\nexport function generateRecoveryCode(): string {\n const bytes = randomBytes(CODE_WORDS);\n const words: string[] = [];\n for (const b of bytes) words.push(WORDLIST[b]);\n return words.join(\" \");\n}\n\n/**\n * Deterministically derive a secp256r1 keypair from a recovery code. Pure\n * function: the same normalised code always yields the same keypair, on any\n * runtime. Returns the raw 32-byte private key (so it can be wrapped in a\n * `BackupSigner` or fed to any chain adapter) plus the public key coordinates\n * the contract stores as an authorised signer.\n *\n * Normalisation trims surrounding whitespace and collapses runs of spaces, so\n * \"a b\" and \"a b\" derive the same key regardless of how the code was pasted.\n */\nexport function deriveBackupKey(code: string): {\n privateKey: Uint8Array;\n publicKey: DevicePublicKey;\n} {\n const normalised = code.trim().replace(/\\s+/g, \" \").toLowerCase();\n if (!normalised) throw new Error(\"kit: recovery code is empty\");\n\n // Stretch the low-entropy-ish human code into 32 bytes with PBKDF2, then mix\n // into a scoped seed with HKDF. PBKDF2 also serves as the brute-force brake.\n const stretched = pbkdf2(\n sha256,\n new TextEncoder().encode(normalised),\n new TextEncoder().encode(BACKUP_KDF_SALT),\n { c: BACKUP_PBKDF2_ITERATIONS, dkLen: 32 },\n );\n const seed = hkdf(sha256, stretched, undefined, BACKUP_HKDF_INFO, 32);\n\n // Reduce the seed to a valid secp256r1 scalar. The seed is 32 bytes (< n with\n // overwhelming probability); reducing mod n keeps it a valid private key\n // without bias that matters in practice for an HMAC-stretched 256-bit input.\n const d = bytesToBigInt(seed) % p256.CURVE.n;\n if (d === 0n) throw new Error(\"kit: derived backup key is zero (retry with a new code)\");\n\n const priv = bigIntTo32Bytes(d);\n // isCompressed = false → uncompressed point (0x04 || X || Y, 65 bytes), so the\n // X/Y split below is correct. The default would return a 33-byte compressed\n // point and the Y half would be empty.\n const pub = p256.getPublicKey(priv, false);\n return {\n privateKey: priv,\n publicKey: { x: bytesToBigInt(pub.subarray(1, 33)), y: bytesToBigInt(pub.subarray(33, 65)) },\n };\n}\n\n/**\n * A `DeviceSigner` backed by an in-memory backup key derived from a recovery\n * code. Used transiently during recovery to sign the `add_signer` that\n * authorises a new device — it is NOT persisted and should not be reused as a\n * device signer. The key material lives only for the duration of the recovery\n * transaction.\n */\nexport class BackupSigner implements DeviceSigner {\n private readonly privateKey: Uint8Array;\n private readonly publicKeyValue: DevicePublicKey;\n\n constructor(privateKey: Uint8Array, publicKey: DevicePublicKey) {\n this.privateKey = privateKey;\n this.publicKeyValue = publicKey;\n }\n\n /** Build a signer from a recovery code (derive + wrap in one step). */\n static fromCode(code: string): BackupSigner {\n const { privateKey, publicKey } = deriveBackupKey(code);\n return new BackupSigner(privateKey, publicKey);\n }\n\n async getPublicKey(): Promise<DevicePublicKey> {\n return this.publicKeyValue;\n }\n\n async sign(txHash: Uint8Array): Promise<DeviceSignature> {\n // Mirror the WebCrypto path exactly: WebCrypto's `subtle.sign({ hash:\n // 'SHA-256' }, key, txHash)` hashes `txHash` with SHA-256 and signs the\n // digest. `p256.sign(msgHash)` signs the bytes it's given WITHOUT hashing,\n // so we pre-hash here to produce the same (r, s) the contract verifies.\n const digest = sha256(txHash);\n const sig = p256.sign(digest, this.privateKey);\n const yParity = recoverYParity(sig.r, sig.s, digest, this.publicKeyValue);\n return { r: sig.r, s: sig.s, yParity };\n }\n}\n\n// 256 short, unambiguous, lowercase English words. Chosen to be hard to\n// misread and easy to type; not the full BIP39 list (we don't need 2048 — 8\n// bits/word is plenty at 16 words). Keep this list stable: changing it changes\n// the meaning of every existing recovery code. Must stay exactly 256 unique\n// entries so each byte value maps to one word.\nconst WORDLIST = [\n \"able\", \"acid\", \"amber\", \"apple\", \"arch\", \"arrow\", \"ashen\", \"atlas\",\n \"axis\", \"badge\", \"baker\", \"balm\", \"banner\", \"basin\", \"beacon\", \"bench\",\n \"beryl\", \"birch\", \"blade\", \"bloom\", \"bluer\", \"border\", \"brave\", \"brick\",\n \"brook\", \"cabin\", \"candle\", \"carbon\", \"cargo\", \"cedar\", \"chalk\", \"charm\",\n \"chrome\", \"cipher\", \"clam\", \"clasp\", \"cliff\", \"clock\", \"cobia\", \"comet\",\n \"coral\", \"cotton\", \"coves\", \"crane\", \"crest\", \"crow\", \"crystal\", \"curio\",\n \"dawn\", \"delta\", \"denim\", \"depth\", \"dewy\", \"digger\", \"docks\", \"dover\",\n \"drift\", \"dunes\", \"eagle\", \"ember\", \"echo\", \"eden\", \"elite\", \"ethic\",\n \"fable\", \"falcon\", \"fawn\", \"feather\", \"fern\", \"fjord\", \"flame\", \"flint\",\n \"forest\", \"forge\", \"frost\", \"garnet\", \"gemini\", \"glade\", \"glider\", \"glow\",\n \"granite\", \"grove\", \"guppy\", \"harbor\", \"haven\", \"hazel\", \"helio\", \"heron\",\n \"hickory\", \"honey\", \"horizon\", \"ivory\", \"jade\", \"jasper\", \"kestrel\", \"knot\",\n \"lagoon\", \"lattice\", \"laurel\", \"lavender\", \"lemon\", \"linden\", \"loon\", \"luger\",\n \"lumen\", \"lunar\", \"mango\", \"maple\", \"marble\", \"marsh\", \"meadow\", \"mercy\",\n \"mistle\", \"monsoon\", \"morning\", \"moss\", \"nacre\", \"nectar\", \"needle\", \"nimbus\",\n \"nova\", \"ocean\", \"onyx\", \"orbit\", \"otter\", \"palm\", \"panda\", \"pansy\",\n \"papaya\", \"passage\", \"pebble\", \"pelican\", \"pepper\", \"petal\", \"piano\", \"pierce\",\n \"pilot\", \"pioneer\", \"platinum\", \"plume\", \"poplar\", \"porpoise\", \"prairie\", \"prism\",\n \"pulsar\", \"quartz\", \"quasar\", \"quill\", \"quiver\", \"raven\", \"reef\", \"relic\",\n \"ridge\", \"ripple\", \"robin\", \"rocket\", \"rouge\", \"ruby\", \"saffron\", \"sage\",\n \"sail\", \"salmon\", \"sapphire\", \"scarab\", \"shadow\", \"shale\", \"sienna\", \"silica\",\n \"silver\", \"skyline\", \"slate\", \"sonar\", \"spruce\", \"starling\", \"stone\", \"sugar\",\n \"summit\", \"sunset\", \"swan\", \"tangent\", \"tarragon\", \"temple\", \"thistle\", \"thrush\",\n \"tiger\", \"topaz\", \"tundra\", \"turtle\", \"umber\", \"union\", \"valley\", \"vapor\",\n \"vector\", \"velvet\", \"violet\", \"vortex\", \"walnut\", \"whale\", \"winter\", \"wisp\",\n \"wisteria\", \"xenon\", \"yarrow\", \"zephyr\", \"zinc\", \"zodiac\", \"anchor\", \"basil\",\n \"cider\", \"daisy\", \"elfin\", \"ferry\", \"gimlet\", \"halcyon\", \"indigo\", \"juniper\",\n \"kindle\", \"lilac\", \"mantis\", \"nylon\", \"oracle\", \"parch\", \"quokka\", \"ramble\",\n \"thatch\", \"ultra\", \"vivid\", \"xylo\", \"yodel\", \"zesty\", \"arbor\", \"bliss\",\n \"calyx\", \"dwindle\", \"folio\", \"globe\", \"hymn\", \"ionic\", \"jolly\", \"knack\",\n \"lyric\", \"myrtle\", \"noble\", \"plumb\", \"quaint\", \"rustic\", \"satin\", \"timber\",\n \"urge\", \"vault\", \"whimsy\", \"yearn\", \"zenith\", \"ash\", \"beach\", \"dusk\",\n];\n","/**\n * WebAuthn (passkey) helpers for the passkey-approval flow.\n *\n * A passkey is a synced secp256r1 credential (iCloud Keychain / Google Password\n * Manager). We use it as an on-chain \"approver\" that can authorize `add_signer`\n * from ANY browser — so a user never has to return to an already-authorized\n * device to onboard a new one.\n *\n * Unlike a silent device key (which signs `sha256(txHash)`), a passkey signs\n * `sha256(authenticatorData || sha256(clientDataJSON))`, with the challenge\n * embedded (base64url) in `clientDataJSON`. These helpers parse an assertion and\n * reproduce exactly what the on-chain contracts recompute.\n */\nimport { p256 } from \"@noble/curves/p256\";\nimport { sha256 } from \"@noble/hashes/sha256\";\nimport type { DevicePublicKey } from \"../signer/DeviceSigner\";\nimport { bytesToBigInt } from \"./encoding\";\n\n/** A parsed passkey assertion, chain-agnostic. */\nexport interface PasskeyAssertion {\n authenticatorData: Uint8Array;\n clientDataJSON: Uint8Array;\n /** ECDSA signature components (raw, as returned by the authenticator). */\n r: bigint;\n s: bigint;\n /** Byte index where the base64url challenge starts inside clientDataJSON. */\n challengeOffset: number;\n}\n\n/** base64url (no padding) of a byte array. */\nexport function base64urlEncode(bytes: Uint8Array): string {\n let bin = \"\";\n for (const b of bytes) bin += String.fromCharCode(b);\n const b64 = typeof btoa !== \"undefined\" ? btoa(bin) : Buffer.from(bytes).toString(\"base64\");\n return b64.replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=+$/, \"\");\n}\n\n/** Parse a DER (ASN.1) ECDSA signature into its `{ r, s }` components. */\nexport function derToRs(der: Uint8Array): { r: bigint; s: bigint } {\n // SEQUENCE(0x30) len INTEGER(0x02) rlen r INTEGER(0x02) slen s\n let i = 0;\n if (der[i++] !== 0x30) throw new Error(\"kit/webauthn: bad DER (no SEQUENCE)\");\n if (der[i] & 0x80) i += 1 + (der[i] & 0x7f); // skip long-form length\n else i += 1;\n if (der[i++] !== 0x02) throw new Error(\"kit/webauthn: bad DER (no r INTEGER)\");\n const rlen = der[i++];\n const r = bytesToBigInt(der.subarray(i, i + rlen));\n i += rlen;\n if (der[i++] !== 0x02) throw new Error(\"kit/webauthn: bad DER (no s INTEGER)\");\n const slen = der[i++];\n const s = bytesToBigInt(der.subarray(i, i + slen));\n return { r, s };\n}\n\n/** Extract the P-256 public key `{ x, y }` from a DER SPKI blob (as returned by\n * `AuthenticatorAttestationResponse.getPublicKey()`). The uncompressed EC point\n * is the trailing 65 bytes (`0x04 || X || Y`). */\nexport function spkiToPublicKey(spki: Uint8Array): DevicePublicKey {\n const idx = spki.lastIndexOf(0x04, spki.length - 65);\n const start = spki.length - 65;\n const prefix = spki[start];\n if (prefix !== 0x04) {\n // Fall back to scanning for the 0x04 uncompressed marker.\n if (idx < 0) throw new Error(\"kit/webauthn: no uncompressed EC point in SPKI\");\n return { x: bytesToBigInt(spki.subarray(idx + 1, idx + 33)), y: bytesToBigInt(spki.subarray(idx + 33, idx + 65)) };\n }\n return {\n x: bytesToBigInt(spki.subarray(start + 1, start + 33)),\n y: bytesToBigInt(spki.subarray(start + 33, start + 65)),\n };\n}\n\n/**\n * Batch challenge over ordered per-chain leaves: `sha256(leaf_0 ‖ … ‖ leaf_n)`.\n * A single passkey assertion over this challenge authorizes `add_signer` on every\n * chain in the batch (each chain verifies only its own leaf sits at its index).\n * For a single chain the batch is one leaf, so the challenge is `sha256(leaf)`.\n */\nexport function batchChallenge(leaves: Uint8Array[]): Uint8Array {\n const total = leaves.reduce((n, l) => n + l.length, 0);\n const cat = new Uint8Array(total);\n let o = 0;\n for (const l of leaves) {\n cat.set(l, o);\n o += l.length;\n }\n return sha256(cat);\n}\n\n/** The WebAuthn signed digest: `sha256(authenticatorData || sha256(clientDataJSON))`. */\nexport function webauthnDigest(authenticatorData: Uint8Array, clientDataJSON: Uint8Array): Uint8Array {\n const clientHash = sha256(clientDataJSON);\n const msg = new Uint8Array(authenticatorData.length + clientHash.length);\n msg.set(authenticatorData, 0);\n msg.set(clientHash, authenticatorData.length);\n return sha256(msg);\n}\n\n/** Both candidate public keys recoverable from `(r, s)` over `digest`, tagged\n * with their y-parity. On a fresh browser the assertion does not carry the\n * pubkey, so the caller identifies the real one via the on-chain `is_approver`\n * view. */\nexport function recoverCandidatePublicKeys(\n r: bigint,\n s: bigint,\n digest: Uint8Array,\n): { publicKey: DevicePublicKey; yParity: boolean }[] {\n const out: { publicKey: DevicePublicKey; yParity: boolean }[] = [];\n for (const bit of [0, 1] as const) {\n try {\n const point = new p256.Signature(r, s).addRecoveryBit(bit).recoverPublicKey(digest).toAffine();\n out.push({ publicKey: { x: point.x, y: point.y }, yParity: bit === 1 });\n } catch {\n // not recoverable for this bit\n }\n }\n return out;\n}\n\n/** Normalize `s` to the low half of the curve order (required by the Stellar\n * and Solana verifiers, which do not normalize on-chain). */\nexport function lowS(s: bigint): bigint {\n const n = p256.CURVE.n;\n return s > n / 2n ? n - s : s;\n}\n\n/** Byte offset of the base64url `challenge` string inside `clientDataJSON`. */\nexport function challengeOffsetOf(clientDataJSON: Uint8Array, challengeB64: string): number {\n const text = new TextDecoder().decode(clientDataJSON);\n const idx = text.indexOf(challengeB64);\n if (idx < 0) throw new Error(\"kit/webauthn: challenge not found in clientDataJSON\");\n // clientDataJSON is ASCII, so the char index equals the byte index.\n return idx;\n}\n","import {\n Connection,\n Keypair,\n PublicKey,\n Transaction,\n sendAndConfirmTransaction,\n type TransactionInstruction,\n} from \"@solana/web3.js\";\nimport type { AuthProvider, Identity } from \"../../auth/AuthProvider\";\nimport type { DeviceSigner, DevicePublicKey } from \"../../signer/DeviceSigner\";\nimport { WebCryptoSigner } from \"../../signer/WebCryptoSigner\";\nimport type { WalletRegistry } from \"../../registry/WalletRegistry\";\nimport { InMemoryWalletRegistry } from \"../../registry/WalletRegistry\";\nimport { HttpWalletRegistry } from \"../../registry/HttpWalletRegistry\";\nimport { deriveAddressSeedSolana } from \"../../identity\";\nimport { SolanaAdapter } from \"./SolanaAdapter\";\nimport type { InstructionData } from \"./SolanaAdapter\";\nimport { SolanaRelayer } from \"./SolanaRelayer\";\nimport { SOLANA_NETWORKS, type SolanaNetwork } from \"./constants\";\nimport { BackupSigner, deriveBackupKey } from \"../../recovery/BackupSigner\";\nimport type { PasskeySigner, PasskeyEnrollParams } from \"../../signer/PasskeySigner\";\nimport { webauthnDigest, recoverCandidatePublicKeys, batchChallenge } from \"../../crypto/webauthn\";\nimport type { PasskeyAssertion } from \"../../crypto/webauthn\";\n\nexport interface ConnectSolanaOptions {\n network: SolanaNetwork;\n /** Authenticated user (pass `identity` directly, or an `auth` provider). */\n auth?: AuthProvider;\n identity?: Identity;\n appSalt: string;\n appId?: string;\n backendUrl?: string;\n registry?: WalletRegistry;\n /** RPC override (else the network default). */\n rpcUrl?: string;\n /** Cavos device-account program id override. */\n programId?: string;\n /** Override the device signer factory (native / tests); default WebCrypto. */\n createSigner?: (keyId: string) => Promise<DeviceSigner>;\n /**\n * Gasless sponsorship via the Cavos relayer. When set (or when `appId` +\n * `backendUrl` are given), transactions are co-signed + paid by the Cavos\n * relayer, so the integrator needs NO fee-payer keypair — the user's silent\n * device key (which holds no SOL) gets a seedless, gasless experience.\n */\n relayer?: SolanaRelayer;\n /**\n * Self-funded fallback: a fee-payer keypair the integrator funds. Used only\n * when no `relayer` is configured (tests / advanced). Sponsored relaying is\n * the default path when `appId` is provided.\n */\n feePayer?: Keypair;\n}\n\nexport type ConnectStatus = \"ready\" | \"needs-device-approval\";\n\n/**\n * Options for recovering a Solana account after losing every device signer.\n * Mirrors `RecoveryOptions` (Starknet), adapted to the Solana path: the backup\n * key signs the `add_signer` bundle via the secp256r1 precompile and the Cavos\n * relayer sponsors it (no fee-payer keypair needed).\n */\nexport interface RecoverSolanaOptions {\n /** The recovery code the user stored when they ran setupRecovery. */\n code: string;\n /** Authenticated identity (same user who owns the account). */\n identity: Identity;\n /** Solana network the account lives on. */\n network: SolanaNetwork;\n appSalt: string;\n appId?: string;\n backendUrl?: string;\n registry?: WalletRegistry;\n /** RPC override (else the network default). */\n rpcUrl?: string;\n /** Cavos device-account program id override. */\n programId?: string;\n /** Override the new device's signer (native / tests); default WebCrypto. */\n createSigner?: (keyId: string) => Promise<DeviceSigner>;\n /** Gasless sponsorship via the Cavos relayer (defaults to hosted when appId set). */\n relayer?: SolanaRelayer;\n /** Self-funded fallback when no relayer is configured (tests / advanced). */\n feePayer?: Keypair;\n}\n\n/**\n * High-level Solana entry — the Solana analogue of `Cavos.connect`. One call\n * derives the deterministic device-bound account, deploys it (PDA `initialize`)\n * if needed, registers it for cross-device recognition, and returns a ready\n * handle whose silent P-256 device key authorizes every action through the\n * native secp256r1 precompile.\n *\n * const cavos = await CavosSolana.connect({ network: \"solana-devnet\", identity, appSalt, feePayer });\n * if (cavos.status === \"ready\") await cavos.execute(amount, dest);\n *\n * Gasless by default: when an `appId` is provided the Cavos relayer co-signs +\n * pays (no fee-payer keypair needed). `feePayer` is the self-funded fallback.\n */\nexport class CavosSolana {\n /** Discriminant for the `CavosWallet` union — narrows `execute()` per chain. */\n readonly chain = \"solana\" as const;\n\n private constructor(\n readonly identity: Identity,\n readonly address: string,\n readonly status: ConnectStatus,\n readonly connection: Connection,\n private readonly adapter: SolanaAdapter,\n private readonly devicePubkey: DevicePublicKey,\n private readonly relayer?: SolanaRelayer,\n private readonly feePayer?: Keypair,\n ) {}\n\n get publicKey(): DevicePublicKey {\n return this.devicePubkey;\n }\n\n static async connect(opts: ConnectSolanaOptions): Promise<CavosSolana> {\n const identity = opts.identity ?? (await opts.auth?.authenticate());\n if (!identity) throw new Error(\"kit/solana: connect requires `identity` or `auth`\");\n\n // Client-side read RPC. The integrator SHOULD pass their own `rpcUrl` — the\n // public default is rate-limited and unfit for production. (This is separate\n // from the relayer's server-side RPC, which Cavos operates.) Warn loudly when\n // hitting mainnet on the shared public endpoint.\n if (opts.network === \"solana-mainnet\" && !opts.rpcUrl) {\n console.warn(\n \"[cavos] Using the public mainnet-beta RPC. Pass `rpcUrl` with your own \" +\n \"provider (Helius/Triton/QuickNode) for production — the public endpoint is rate-limited.\",\n );\n }\n const connection = new Connection(opts.rpcUrl ?? SOLANA_NETWORKS[opts.network], \"confirmed\");\n\n const signer = opts.createSigner\n ? await opts.createSigner(`${identity.userId}:${opts.appSalt}`)\n : await WebCryptoSigner.loadOrCreate({ keyId: `${identity.userId}:${opts.appSalt}` });\n const devicePubkey = await signer.getPublicKey();\n\n const adapter = new SolanaAdapter({ programId: opts.programId, connection, signer });\n const addressSeed = deriveAddressSeedSolana({ userId: identity.userId, appSalt: opts.appSalt });\n\n const backendUrl = opts.backendUrl ?? \"https://cavos.xyz\";\n const registry =\n opts.registry ??\n (opts.appId\n ? new HttpWalletRegistry({ baseUrl: backendUrl, appId: opts.appId, network: opts.network })\n : defaultRegistry);\n\n // Default to gasless sponsorship via the Cavos relayer when an appId is set,\n // so the integrator needs no fee payer. `feePayer` is the self-funded fallback.\n const relayer =\n opts.relayer ??\n (opts.appId\n ? new SolanaRelayer({ baseUrl: backendUrl, appId: opts.appId, network: opts.network, connection })\n : undefined);\n\n // Returning user on another device? The address is device-bound, so the\n // registry (not the identity alone) recognizes it. A new device is flagged\n // needs-device-approval (add it from an existing device) — same model as Starknet.\n const existing = await registry.lookup(identity.userId);\n if (existing) {\n const isSigner = await adapter.isAuthorizedSigner(existing.address, devicePubkey);\n return new CavosSolana(\n identity,\n existing.address,\n isSigner ? \"ready\" : \"needs-device-approval\",\n connection,\n adapter,\n devicePubkey,\n relayer,\n opts.feePayer,\n );\n }\n\n const address = adapter.computeAddress(addressSeed, devicePubkey);\n const deployed = (await connection.getAccountInfo(new PublicKey(address))) !== null;\n\n if (!deployed) {\n // Whoever pays must be the `initialize` payer/fee payer: the relayer (when\n // sponsoring) or the self-funded feePayer.\n if (relayer) {\n const payer = await relayer.getFeePayer();\n const ix = adapter.buildInitialize(addressSeed, payer.toBase58(), devicePubkey);\n await relayer.send([ix]);\n } else if (opts.feePayer) {\n const ix = adapter.buildInitialize(addressSeed, opts.feePayer.publicKey.toBase58(), devicePubkey);\n await sendAndConfirmTransaction(connection, new Transaction().add(ix), [opts.feePayer]);\n } else {\n throw new Error(\"kit/solana: a relayer (appId) or feePayer is required to initialize a new account\");\n }\n }\n\n await registry.register({ userId: identity.userId, address, initialSigner: devicePubkey });\n const isSigner = await adapter.isAuthorizedSigner(address, devicePubkey);\n return new CavosSolana(\n identity,\n address,\n isSigner ? \"ready\" : \"needs-device-approval\",\n connection,\n adapter,\n devicePubkey,\n relayer,\n opts.feePayer,\n );\n }\n\n /** Authorize an additional device signer (device-signed via precompile). */\n async addSigner(pubkey: DevicePublicKey): Promise<string> {\n const ixs = await this.adapter.buildAddSigner(this.address, pubkey);\n return this.send(ixs);\n }\n\n /**\n * Enroll a passkey as an approver (2FA-style step-up). Device-signed + gasless;\n * requires a ready device. Idempotent. Returns the passkey pubkey + tx hash.\n */\n async enrollPasskey(\n passkey: PasskeySigner,\n params: PasskeyEnrollParams,\n ): Promise<{ publicKey: DevicePublicKey; transactionHash?: string }> {\n const enrolled = await passkey.enroll(params);\n const { transactionHash } = await this.addApprover(enrolled.publicKey);\n return { publicKey: enrolled.publicKey, transactionHash };\n }\n\n /** Register an already-enrolled passkey pubkey as an approver (gasless).\n * Idempotent. Lets one passkey be registered across chains without re-prompting. */\n async addApprover(pubkey: DevicePublicKey): Promise<{ transactionHash?: string }> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit/solana: addApprover requires a ready, authorized device\");\n }\n if (await this.adapter.isApprover(this.address, pubkey)) return {};\n const ixs = await this.adapter.buildAddApprover(this.address, pubkey);\n const transactionHash = await this.send(ixs);\n return { transactionHash };\n }\n\n /**\n * From a fresh browser (status `needs-device-approval`), approve adding THIS\n * device with the user's synced passkey. Gasless via the relayer — the bundle\n * carries the passkey's WebAuthn assertion, so no device signature is needed.\n */\n async approveThisDeviceWithPasskey(passkey: PasskeySigner): Promise<string> {\n if (this.status === \"ready\") {\n throw new Error(\"kit/solana: this device is already an authorized signer\");\n }\n const { leaf, nonce } = await this.passkeyLeafForThisDevice();\n const leaves = [leaf];\n const assertion = await passkey.assert(batchChallenge(leaves));\n const { transactionHash } = await this.submitPasskeyApproval(assertion, leaves, 0, nonce);\n return transactionHash;\n }\n\n /** This device's leaf + passkey nonce for a (possibly multi-chain) batch. */\n async passkeyLeafForThisDevice(): Promise<{ leaf: Uint8Array; nonce: bigint }> {\n const nonce = await this.adapter.passkeyNonce(this.address);\n return { leaf: this.adapter.passkeyLeaf(this.devicePubkey, nonce), nonce };\n }\n\n /** Submit `add_signer_via_passkey` given a shared assertion + batch position.\n * Used by `approveThisDeviceWithPasskey` and `approveDeviceEverywhere`. */\n async submitPasskeyApproval(\n assertion: PasskeyAssertion,\n leaves: Uint8Array[],\n leafIndex: number,\n _nonce: bigint,\n ): Promise<{ transactionHash: string }> {\n const digest = webauthnDigest(assertion.authenticatorData, assertion.clientDataJSON);\n const candidates = recoverCandidatePublicKeys(assertion.r, assertion.s, digest);\n let approver: DevicePublicKey | null = null;\n for (const cand of candidates) {\n if (await this.adapter.isApprover(this.address, cand.publicKey)) {\n approver = cand.publicKey;\n break;\n }\n }\n if (!approver) throw new Error(\"kit/solana: this passkey is not a registered approver\");\n const ixs = this.adapter.buildAddSignerViaPasskey(\n this.address, this.devicePubkey, approver, leaves, leafIndex, assertion,\n );\n return { transactionHash: await this.send(ixs) };\n }\n\n /** Move `amount` lamports out of the account to `destination` (device-signed). */\n async execute(amount: bigint, destination: string): Promise<string> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit/solana: this device is not yet an authorized signer of the wallet\");\n }\n const ixs = await this.adapter.buildExecuteTransfer(this.address, destination, amount);\n return this.send(ixs);\n }\n\n /**\n * Run arbitrary CPI `instructions` with the account PDA as signer (device-\n * signed). The signature commits to sha256 of the canonical Borsh\n * serialization of the instructions, so it binds exactly the operations the\n * program will invoke. Unlocks SPL transfers, swaps, staking, etc.\n *\n * What the relayer will sponsor is constrained by the app's Solana program\n * allowlist (configured in the dashboard) — programs outside the allowlist are\n * rejected before co-signing.\n */\n async executeInstructions(instructions: InstructionData[]): Promise<string> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit/solana: this device is not yet an authorized signer of the wallet\");\n }\n const ixs = await this.adapter.buildExecute(this.address, instructions);\n return this.send(ixs);\n }\n\n /**\n * Register the backup signer derived from `code` as an authorized signer of this\n * account (device-signed via precompile). Idempotent: returns without a tx if\n * the backup signer is already registered. The code never leaves the device —\n * only the derived public key travels on-chain.\n *\n * Self-custodial: anyone who can re-derive the backup key from the code (i.e.\n * the rightful owner) can later recover the account with `CavosSolana.recover`.\n * Run this once, on a registered device, and have the user store the code.\n */\n async setupRecovery(code: string): Promise<string | undefined> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit/solana: setupRecovery requires a ready, registered device\");\n }\n const { publicKey: backupPubkey } = deriveBackupKey(code);\n // Skip the on-chain call if the backup signer is already registered.\n const already = await this.adapter.isAuthorizedSigner(this.address, backupPubkey);\n if (already) return undefined;\n return this.addSigner(backupPubkey);\n }\n\n /**\n * Recover an account after losing every device signer. Derives the backup key\n * from `code`, uses it (not the new device key) to sign an `add_signer` for the\n * new device, and returns a ready CavosSolana bound to the new device. The\n * account address is unchanged.\n *\n * Self-custodial: only someone holding the code (i.e. the rightful owner) can\n * re-derive the backup key. The backend never sees the code.\n *\n * This mirrors `Cavos.recover` (Starknet): the backup key is just another\n * authorized signer, so recovery is an `add_signer(newDevice)` bundle signed by\n * the backup key. The on-chain program needs no recovery-specific entrypoint.\n */\n static async recover(opts: RecoverSolanaOptions): Promise<CavosSolana> {\n if (opts.network === \"solana-mainnet\" && !opts.rpcUrl) {\n console.warn(\n \"[cavos] Using the public mainnet-beta RPC. Pass `rpcUrl` with your own \" +\n \"provider (Helius/Triton/QuickNode) for production — the public endpoint is rate-limited.\",\n );\n }\n const connection = new Connection(opts.rpcUrl ?? SOLANA_NETWORKS[opts.network], \"confirmed\");\n\n // The new device's signer (created/loaded the same way connect() does).\n const signer = opts.createSigner\n ? await opts.createSigner(`${opts.identity.userId}:${opts.appSalt}`)\n : await WebCryptoSigner.loadOrCreate({ keyId: `${opts.identity.userId}:${opts.appSalt}` });\n const devicePubkey = await signer.getPublicKey();\n\n // The backup key drives THIS transaction: it's the only signer that can\n // authorise adding the new device after all device keys are lost. The\n // adapter signs every bundle with whatever `signer` it's constructed with,\n // so a backup-backed adapter produces backup-signed `add_signer` bundles.\n const backup = BackupSigner.fromCode(opts.code);\n const backupAdapter = new SolanaAdapter({\n programId: opts.programId,\n connection,\n signer: backup,\n });\n\n const backendUrl = opts.backendUrl ?? \"https://cavos.xyz\";\n const registry =\n opts.registry ??\n (opts.appId\n ? new HttpWalletRegistry({ baseUrl: backendUrl, appId: opts.appId, network: opts.network })\n : defaultRegistry);\n const existing = await registry.lookup(opts.identity.userId);\n if (!existing) {\n throw new Error(\"kit/solana: no account found for this identity — nothing to recover\");\n }\n\n const relayer =\n opts.relayer ??\n (opts.appId\n ? new SolanaRelayer({ baseUrl: backendUrl, appId: opts.appId, network: opts.network, connection })\n : undefined);\n\n // Authorise the new device, signed by the backup key (sponsored by the relayer,\n // or self-funded). The account address is unchanged.\n const alreadyAuthed = await backupAdapter.isAuthorizedSigner(existing.address, devicePubkey);\n if (!alreadyAuthed) {\n const ixs = await backupAdapter.buildAddSigner(existing.address, devicePubkey);\n if (relayer) {\n await relayer.send(ixs);\n } else if (opts.feePayer) {\n await sendAndConfirmTransaction(connection, new Transaction().add(...ixs), [opts.feePayer]);\n } else {\n throw new Error(\"kit/solana: a relayer (appId) or feePayer is required to recover\");\n }\n }\n\n // Hand control to the new device's signer for all future operations.\n const adapter = new SolanaAdapter({ programId: opts.programId, connection, signer });\n return new CavosSolana(\n opts.identity,\n existing.address,\n \"ready\",\n connection,\n adapter,\n devicePubkey,\n relayer,\n opts.feePayer,\n );\n }\n\n private async send(ixs: TransactionInstruction[]): Promise<string> {\n // Prefer the sponsored relayer (no fee payer needed); fall back to self-funded.\n if (this.relayer) return this.relayer.send(ixs);\n if (this.feePayer) {\n return sendAndConfirmTransaction(this.connection, new Transaction().add(...ixs), [this.feePayer]);\n }\n throw new Error(\"kit/solana: no relayer or feePayer configured to submit transactions\");\n }\n}\n\nconst defaultRegistry = new InMemoryWalletRegistry();\n","/** Cavos device-account primitives on Stellar / Soroban. */\n\n/**\n * Deployed `cavos-account-factory` contract id per network (see\n * account-contracts/stellar/deployments). The factory is the fixed deployer that\n * makes account addresses a deterministic function of (identity, device pubkey).\n */\nexport const FACTORY_CONTRACT_ID = {\n // Re-deployed 2026-07-01 with the passkey-approval device-account wasm (batched\n // multi-chain challenge). The factory pins the wasm hash immutably, so a new\n // wasm needs a new factory → new account addresses; testnet has no prod wallets.\n \"stellar-testnet\": \"CBCJIODXIEBOXXD66KCUCF7ZDYJARKI4ZIVQOVWPULOBH5XGNCDP6W3I\",\n // Set once the factory is deployed to mainnet (its address differs — network id\n // is part of contract-address derivation).\n \"stellar-mainnet\": \"\",\n} as const;\n\n/** Uploaded Wasm hash of `cavos-device-account` (informational / verification). */\nexport const DEVICE_ACCOUNT_WASM_HASH = {\n \"stellar-testnet\": \"2671b085578e59a385ef5a5664e42f0450322fe3249539f588e1263ed5a31dce\",\n \"stellar-mainnet\": \"\",\n} as const;\n\nexport const STELLAR_NETWORKS = {\n \"stellar-testnet\": {\n rpcUrl: \"https://soroban-testnet.stellar.org\",\n passphrase: \"Test SDF Network ; September 2015\",\n },\n \"stellar-mainnet\": {\n rpcUrl: \"https://soroban-rpc.mainnet.stellar.gateway.fm\",\n passphrase: \"Public Global Stellar Network ; September 2015\",\n },\n} as const;\n\nexport type StellarNetwork = keyof typeof STELLAR_NETWORKS;\n\n/** Native XLM Stellar Asset Contract (SAC) id per network — the token the demo\n * moves. Any SEP-41 token contract works; this is a convenience default. */\nexport const NATIVE_SAC_ID = {\n \"stellar-testnet\": \"CDLZFC3SYJYDZT7K67VZ75HPJVIEUVNIXF47ZG2FB2RMQQVU2HHGCYSC\",\n \"stellar-mainnet\": \"CAS3J7GYLGXMF6TDJBBYYSE3HQ6BBSMLNUQ34T6TZMYMW2EVH34XOWMA\",\n} as const;\n","import {\n Address,\n Operation,\n StrKey,\n hash,\n nativeToScVal,\n scValToNative,\n xdr,\n rpc,\n} from \"@stellar/stellar-sdk\";\nimport { sha256 } from \"@noble/hashes/sha256\";\nimport type { DeviceSigner, DevicePublicKey, DeviceSignature } from \"../../signer/DeviceSigner\";\nimport { bigIntTo32Bytes } from \"../../crypto/encoding\";\nimport type { PasskeyAssertion } from \"../../crypto/webauthn\";\nimport {\n FACTORY_CONTRACT_ID,\n STELLAR_NETWORKS,\n type StellarNetwork,\n} from \"./constants\";\n\n/** secp256r1 (P-256) curve order — for low-S normalization (verifier requires it). */\nconst SECP256R1_N =\n 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551n;\n\nexport interface StellarAdapterOptions {\n network: StellarNetwork;\n /** RPC override (else the network default). */\n rpcUrl?: string;\n /** Factory contract id override (else the per-network default). */\n factoryId?: string;\n /** The device signer that authorizes account operations. */\n signer: DeviceSigner;\n}\n\n/**\n * Stellar / Soroban implementation of the Cavos device-account surface. Unlike\n * Starknet (`buildSignature(txHash: bigint)`) the Soroban signing unit is a\n * 32-byte Soroban *auth-entry* preimage, so — as the Solana adapter did for its\n * own model — this adapter exposes chain-native methods rather than the generic\n * `ChainAdapter` shape. Its job:\n * - derive the deterministic account address off-chain (matches the factory),\n * - build the factory/account/token invocations as host functions, and\n * - sign a Soroban authorization entry with the silent P-256 device key,\n * producing the `Vec<DeviceSignature>` ScVal that the contract's\n * `__check_auth` verifies.\n */\nexport class StellarAdapter {\n readonly chain = \"stellar\" as const;\n readonly network: StellarNetwork;\n readonly passphrase: string;\n private readonly rpcUrl: string;\n private readonly factoryId: string;\n private readonly signer: DeviceSigner;\n private _server?: rpc.Server;\n\n constructor(opts: StellarAdapterOptions) {\n this.network = opts.network;\n this.passphrase = STELLAR_NETWORKS[opts.network].passphrase;\n this.rpcUrl = opts.rpcUrl ?? STELLAR_NETWORKS[opts.network].rpcUrl;\n this.factoryId = opts.factoryId ?? FACTORY_CONTRACT_ID[opts.network];\n if (!this.factoryId) {\n throw new Error(`kit/stellar: no factory contract id configured for ${opts.network}`);\n }\n this.signer = opts.signer;\n }\n\n server(): rpc.Server {\n if (!this._server) {\n this._server = new rpc.Server(this.rpcUrl, {\n allowHttp: this.rpcUrl.startsWith(\"http://\"),\n });\n }\n return this._server;\n }\n\n private networkId(): Buffer {\n return hash(Buffer.from(this.passphrase));\n }\n\n /**\n * Deterministic account address for `(addressSeed, initialSigner)` — computed\n * off-chain, byte-identical to the factory's on-chain `account_address`.\n * `contractId = sha256(HashIdPreimage(networkId, factory, salt))` with\n * `salt = sha256(addressSeed || sec1(initialSigner))`.\n */\n computeAddress(addressSeed: Uint8Array, initialSigner: DevicePublicKey): string {\n const salt = this.accountSalt(addressSeed, initialSigner);\n const preimage = xdr.HashIdPreimage.envelopeTypeContractId(\n new xdr.HashIdPreimageContractId({\n networkId: this.networkId(),\n contractIdPreimage: xdr.ContractIdPreimage.contractIdPreimageFromAddress(\n new xdr.ContractIdPreimageFromAddress({\n address: new Address(this.factoryId).toScAddress(),\n salt,\n }),\n ),\n }),\n );\n return StrKey.encodeContract(hash(preimage.toXDR()));\n }\n\n /** `salt = sha256(addressSeed(32) || sec1(initialSigner)(65))` — matches the factory. */\n accountSalt(addressSeed: Uint8Array, initialSigner: DevicePublicKey): Buffer {\n return hash(Buffer.concat([Buffer.from(addressSeed), Buffer.from(sec1Pubkey(initialSigner))]));\n }\n\n /** Host function: `factory.deploy(address_seed, initial_signer)`. */\n buildDeploy(addressSeed: Uint8Array, initialSigner: DevicePublicKey): xdr.HostFunction {\n return invokeFunc(this.factoryId, \"deploy\", [\n bytesScVal(addressSeed),\n bytesScVal(sec1Pubkey(initialSigner)),\n ]);\n }\n\n /** Host function: `account.add_signer(new_signer)` (requires device auth). */\n buildAddSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction {\n return invokeFunc(accountAddress, \"add_signer\", [bytesScVal(sec1Pubkey(signer))]);\n }\n\n /** Host function: `account.remove_signer(signer)` (requires device auth). */\n buildRemoveSigner(accountAddress: string, signer: DevicePublicKey): xdr.HostFunction {\n return invokeFunc(accountAddress, \"remove_signer\", [bytesScVal(sec1Pubkey(signer))]);\n }\n\n /** Host function: `account.add_approver(passkey)` (requires device auth). */\n buildAddApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction {\n return invokeFunc(accountAddress, \"add_approver\", [bytesScVal(sec1Pubkey(passkey))]);\n }\n\n /** Host function: `account.remove_approver(passkey)` (requires device auth). */\n buildRemoveApprover(accountAddress: string, passkey: DevicePublicKey): xdr.HostFunction {\n return invokeFunc(accountAddress, \"remove_approver\", [bytesScVal(sec1Pubkey(passkey))]);\n }\n\n /** This chain's leaf for approving `add_signer(newSigner)` at `nonce`:\n * `sha256(sec1(new_signer) || nonce_be8)`. The batch challenge the passkey signs\n * is `sha256(concat(leaves))` across chains. */\n passkeyLeaf(newSigner: DevicePublicKey, nonce: bigint): Uint8Array {\n const msg = new Uint8Array(65 + 8);\n msg.set(sec1Pubkey(newSigner), 0);\n const n = new Uint8Array(8);\n let v = nonce;\n for (let i = 7; i >= 0; i--) {\n n[i] = Number(v & 0xffn);\n v >>= 8n;\n }\n msg.set(n, 65);\n return sha256(msg);\n }\n\n /** Host function: passkey-authorized `add_signer_via_passkey` (no device auth —\n * authorized by the embedded WebAuthn assertion, so any relayer can submit).\n * `leaves`/`leafIndex` place this chain's leaf in the multi-chain batch. */\n buildAddSignerViaPasskey(\n accountAddress: string,\n newSigner: DevicePublicKey,\n passkey: DevicePublicKey,\n nonce: bigint,\n leaves: Uint8Array[],\n leafIndex: number,\n assertion: PasskeyAssertion,\n ): xdr.HostFunction {\n const sig = encodeLowSSignature({ r: assertion.r, s: assertion.s, yParity: false });\n const leavesScVal = xdr.ScVal.scvVec(leaves.map((l) => bytesScVal(l)));\n return invokeFunc(accountAddress, \"add_signer_via_passkey\", [\n bytesScVal(sec1Pubkey(newSigner)),\n bytesScVal(sec1Pubkey(passkey)),\n nativeToScVal(nonce, { type: \"u64\" }),\n leavesScVal,\n nativeToScVal(leafIndex, { type: \"u32\" }),\n bytesScVal(assertion.authenticatorData),\n bytesScVal(assertion.clientDataJSON),\n nativeToScVal(assertion.challengeOffset, { type: \"u32\" }),\n bytesScVal(sig),\n ]);\n }\n\n /** Read whether `passkey` is a registered approver (read-only simulation). */\n async isApprover(\n accountAddress: string,\n passkey: DevicePublicKey,\n readSource: string,\n ): Promise<boolean> {\n if (!(await this.isDeployed(accountAddress))) return false;\n const { Account, TransactionBuilder, BASE_FEE } = await import(\"@stellar/stellar-sdk\");\n const src = new Account(readSource, \"0\");\n const op = Operation.invokeHostFunction({\n func: invokeFunc(accountAddress, \"is_approver\", [bytesScVal(sec1Pubkey(passkey))]),\n auth: [],\n });\n const tx = new TransactionBuilder(src, { fee: BASE_FEE, networkPassphrase: this.passphrase })\n .addOperation(op)\n .setTimeout(30)\n .build();\n const sim = await this.server().simulateTransaction(tx);\n if (rpc.Api.isSimulationError(sim)) {\n throw new Error(`kit/stellar: is_approver simulation failed: ${sim.error}`);\n }\n if (!sim.result?.retval) return false;\n return scValToNative(sim.result.retval) === true;\n }\n\n /** Read the current passkey-approval nonce (read-only simulation). */\n async passkeyNonce(accountAddress: string, readSource: string): Promise<bigint> {\n if (!(await this.isDeployed(accountAddress))) return 0n;\n const { Account, TransactionBuilder, BASE_FEE } = await import(\"@stellar/stellar-sdk\");\n const src = new Account(readSource, \"0\");\n const op = Operation.invokeHostFunction({\n func: invokeFunc(accountAddress, \"passkey_nonce\", []),\n auth: [],\n });\n const tx = new TransactionBuilder(src, { fee: BASE_FEE, networkPassphrase: this.passphrase })\n .addOperation(op)\n .setTimeout(30)\n .build();\n const sim = await this.server().simulateTransaction(tx);\n if (rpc.Api.isSimulationError(sim)) {\n throw new Error(`kit/stellar: passkey_nonce simulation failed: ${sim.error}`);\n }\n if (!sim.result?.retval) return 0n;\n return BigInt(scValToNative(sim.result.retval));\n }\n\n /** Host function: SEP-41 `token.transfer(from=account, to, amount)` (device auth). */\n buildTransfer(\n tokenId: string,\n accountAddress: string,\n destination: string,\n amount: bigint,\n ): xdr.HostFunction {\n return invokeFunc(tokenId, \"transfer\", [\n new Address(accountAddress).toScVal(),\n new Address(destination).toScVal(),\n nativeToScVal(amount, { type: \"i128\" }),\n ]);\n }\n\n /**\n * Sign a Soroban authorization entry with the silent device key, producing the\n * `Vec<DeviceSignature>` the account's `__check_auth` verifies. The device\n * signs `sha256(preimage)` (WebCrypto hashes once more internally), which is\n * exactly what the contract recomputes. Mutates + returns the entry.\n */\n async signAuthEntry(\n entry: xdr.SorobanAuthorizationEntry,\n validUntilLedger: number,\n ): Promise<xdr.SorobanAuthorizationEntry> {\n const addrCreds = entry.credentials().address();\n addrCreds.signatureExpirationLedger(validUntilLedger);\n\n const preimage = xdr.HashIdPreimage.envelopeTypeSorobanAuthorization(\n new xdr.HashIdPreimageSorobanAuthorization({\n networkId: this.networkId(),\n nonce: addrCreds.nonce(),\n signatureExpirationLedger: validUntilLedger,\n invocation: entry.rootInvocation(),\n }),\n );\n const payload = hash(preimage.toXDR());\n const sig = await this.signer.sign(new Uint8Array(payload));\n const pubkey = await this.signer.getPublicKey();\n addrCreds.signature(deviceSignatureScVal(pubkey, sig));\n return entry;\n }\n\n /**\n * Read a SEP-41 token balance of `account` via a read-only simulation of\n * `token.balance(account)`. Returns 0 when the account isn't deployed or holds\n * none. `readSource` is any funded G-account (used only for the simulation).\n */\n async readBalance(tokenId: string, account: string, readSource: string): Promise<bigint> {\n if (!(await this.isDeployed(account))) return 0n;\n const { Account, TransactionBuilder, BASE_FEE } = await import(\"@stellar/stellar-sdk\");\n const src = new Account(readSource, \"0\");\n const op = Operation.invokeHostFunction({\n func: invokeFunc(tokenId, \"balance\", [new Address(account).toScVal()]),\n auth: [],\n });\n const tx = new TransactionBuilder(src, { fee: BASE_FEE, networkPassphrase: this.passphrase })\n .addOperation(op)\n .setTimeout(30)\n .build();\n const sim = await this.server().simulateTransaction(tx);\n if (rpc.Api.isSimulationError(sim) || !sim.result?.retval) return 0n;\n return BigInt(scValToNative(sim.result.retval) as string | number | bigint);\n }\n\n /** Whether the account contract instance exists on-chain (is deployed). */\n async isDeployed(accountAddress: string): Promise<boolean> {\n try {\n const res = await this.server().getContractData(\n accountAddress,\n xdr.ScVal.scvLedgerKeyContractInstance(),\n rpc.Durability.Persistent,\n );\n return !!res;\n } catch {\n return false;\n }\n }\n\n /**\n * Read whether `signer` is a currently-authorized signer of the account, via a\n * read-only simulation of `account.is_authorized(signer)`. `readSource` is any\n * funded G-account (used only for the simulation's source/sequence).\n */\n async isAuthorizedSigner(\n accountAddress: string,\n signer: DevicePublicKey,\n readSource: string,\n ): Promise<boolean> {\n if (!(await this.isDeployed(accountAddress))) return false;\n const { Account, TransactionBuilder, BASE_FEE } = await import(\"@stellar/stellar-sdk\");\n const src = new Account(readSource, \"0\");\n const op = Operation.invokeHostFunction({\n func: invokeFunc(accountAddress, \"is_authorized\", [bytesScVal(sec1Pubkey(signer))]),\n auth: [],\n });\n const tx = new TransactionBuilder(src, { fee: BASE_FEE, networkPassphrase: this.passphrase })\n .addOperation(op)\n .setTimeout(30)\n .build();\n const sim = await this.server().simulateTransaction(tx);\n if (rpc.Api.isSimulationError(sim)) {\n throw new Error(`kit/stellar: is_authorized simulation failed: ${sim.error}`);\n }\n if (!sim.result?.retval) return false;\n return scValToNative(sim.result.retval) === true;\n }\n}\n\n/** SEC-1 uncompressed P-256 public key (65 bytes: 0x04 || X || Y). */\nexport function sec1Pubkey(pk: DevicePublicKey): Uint8Array {\n const out = new Uint8Array(65);\n out[0] = 0x04;\n out.set(bigIntTo32Bytes(pk.x), 1);\n out.set(bigIntTo32Bytes(pk.y), 33);\n return out;\n}\n\n/** Raw 64-byte `r || s`, normalized to low-S (secp256r1_verify requires it). */\nexport function encodeLowSSignature(sig: DeviceSignature): Uint8Array {\n const lowS = sig.s > SECP256R1_N / 2n ? SECP256R1_N - sig.s : sig.s;\n const out = new Uint8Array(64);\n out.set(bigIntTo32Bytes(sig.r), 0);\n out.set(bigIntTo32Bytes(lowS), 32);\n return out;\n}\n\n/**\n * The `Vec<DeviceSignature>` ScVal the contract's `__check_auth` decodes. Each\n * element is a struct `{ public_key: BytesN<65>, signature: BytesN<64> }`.\n * Soroban serializes a struct as a symbol-keyed map sorted by key; `public_key`\n * precedes `signature`, so `nativeToScVal` (which sorts) yields the exact layout.\n */\nexport function deviceSignatureScVal(\n pubkey: DevicePublicKey,\n sig: DeviceSignature,\n): xdr.ScVal {\n const element = nativeToScVal(\n {\n public_key: Buffer.from(sec1Pubkey(pubkey)),\n signature: Buffer.from(encodeLowSSignature(sig)),\n },\n { type: { public_key: [\"symbol\", \"bytes\"], signature: [\"symbol\", \"bytes\"] } },\n );\n return xdr.ScVal.scvVec([element]);\n}\n\nfunction invokeFunc(contractId: string, method: string, args: xdr.ScVal[]): xdr.HostFunction {\n return xdr.HostFunction.hostFunctionTypeInvokeContract(\n new xdr.InvokeContractArgs({\n contractAddress: new Address(contractId).toScAddress(),\n functionName: method,\n args,\n }),\n );\n}\n\nfunction bytesScVal(bytes: Uint8Array): xdr.ScVal {\n return xdr.ScVal.scvBytes(Buffer.from(bytes));\n}\n","import type { StellarNetwork } from \"./constants\";\n\nexport interface StellarRelayerOptions {\n /** Base URL of the Cavos backend exposing /api/stellar/relay. */\n baseUrl: string;\n /** Cavos App ID (authorizes the sponsored request). */\n appId: string;\n network: StellarNetwork;\n}\n\n/**\n * Client for the Cavos Stellar sponsoring relayer. On Stellar the account is a\n * *contract*, which cannot be a transaction source — so the relayer's own\n * G-account is the transaction source AND fee payer. The user's silent device\n * key never pays: it only signs the Soroban *authorization entry* (verified by\n * the account's `__check_auth`), which is independent of who submits or pays.\n * That gives a seedless, gasless experience with no fee-payer keypair on the\n * integrator side — the same \"relayer pays, device authorizes\" split as Solana.\n *\n * The SDK builds the fully-assembled transaction (source = relayer, Soroban auth\n * entries already device-signed) and hands its unsigned XDR to the relayer, which\n * validates it against its allowlist, signs the envelope and submits.\n */\nexport class StellarRelayer {\n private source?: string;\n\n constructor(private readonly opts: StellarRelayerOptions) {}\n\n /** The relayer's source/fee-payer G-account (fetched + cached from the backend). */\n async getSource(): Promise<string> {\n if (this.source) return this.source;\n const res = await fetch(`${this.opts.baseUrl}/api/stellar/relay?network=${this.opts.network}`);\n if (!res.ok) throw new Error(`kit/stellar: relayer source lookup failed (${res.status})`);\n const { fee_payer } = (await res.json()) as { fee_payer: string };\n this.source = fee_payer;\n return this.source;\n }\n\n /**\n * POST the assembled, device-authorized transaction XDR to the relayer to sign\n * the envelope + submit. Returns the confirmed transaction hash.\n */\n async submit(transactionXdr: string): Promise<string> {\n const res = await fetch(`${this.opts.baseUrl}/api/stellar/relay`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n app_id: this.opts.appId,\n network: this.opts.network,\n transaction: transactionXdr,\n }),\n });\n if (!res.ok) {\n const detail = await res.text().catch(() => \"\");\n throw new Error(`kit/stellar: relay failed (${res.status}) ${detail}`);\n }\n const { hash } = (await res.json()) as { hash: string };\n return hash;\n }\n}\n","import {\n Account,\n Address,\n BASE_FEE,\n Operation,\n TransactionBuilder,\n rpc,\n xdr,\n type Keypair,\n type Transaction,\n} from \"@stellar/stellar-sdk\";\nimport type { AuthProvider, Identity } from \"../../auth/AuthProvider\";\nimport type { DeviceSigner, DevicePublicKey } from \"../../signer/DeviceSigner\";\nimport { WebCryptoSigner } from \"../../signer/WebCryptoSigner\";\nimport type { WalletRegistry } from \"../../registry/WalletRegistry\";\nimport { InMemoryWalletRegistry } from \"../../registry/WalletRegistry\";\nimport { HttpWalletRegistry } from \"../../registry/HttpWalletRegistry\";\nimport { deriveAddressSeedStellar } from \"../../identity\";\nimport { BackupSigner, deriveBackupKey } from \"../../recovery/BackupSigner\";\nimport type { PasskeySigner, PasskeyEnrollParams } from \"../../signer/PasskeySigner\";\nimport { webauthnDigest, recoverCandidatePublicKeys, batchChallenge } from \"../../crypto/webauthn\";\nimport type { PasskeyAssertion } from \"../../crypto/webauthn\";\nimport { StellarAdapter } from \"./StellarAdapter\";\nimport { StellarRelayer } from \"./StellarRelayer\";\nimport { NATIVE_SAC_ID, type StellarNetwork } from \"./constants\";\n\nexport interface ConnectStellarOptions {\n network: StellarNetwork;\n /** Authenticated user (pass `identity` directly, or an `auth` provider). */\n auth?: AuthProvider;\n identity?: Identity;\n appSalt: string;\n appId?: string;\n backendUrl?: string;\n registry?: WalletRegistry;\n /** RPC override (else the network default). */\n rpcUrl?: string;\n /** Factory contract id override (else the per-network default). */\n factoryId?: string;\n /** Override the device signer factory (native / tests); default WebCrypto. */\n createSigner?: (keyId: string) => Promise<DeviceSigner>;\n /**\n * Gasless sponsorship via the Cavos relayer. When set (or when `appId` +\n * `backendUrl` are given) the relayer is the transaction source + fee payer, so\n * the integrator needs NO Stellar keypair — the silent device key (which holds\n * no XLM) gets a seedless, gasless experience.\n */\n relayer?: StellarRelayer;\n /**\n * Self-funded fallback: a Stellar `Keypair` that is the transaction source +\n * fee payer. Used only when no `relayer` is configured (tests / advanced).\n */\n sourceKeypair?: Keypair;\n}\n\nexport interface RecoverStellarOptions extends Omit<ConnectStellarOptions, \"auth\"> {\n /** The recovery code the user stored when they ran setupRecovery. */\n code: string;\n /** Authenticated identity (same user who owns the account). */\n identity: Identity;\n}\n\nexport type ConnectStatus = \"ready\" | \"needs-device-approval\";\n\n/**\n * High-level Stellar entry — the Soroban analogue of `Cavos.connect` /\n * `CavosSolana.connect`. One call derives the deterministic device-bound account,\n * deploys it via the factory if needed, registers it for cross-device\n * recognition, and returns a ready handle whose silent P-256 device key\n * authorizes every action through the account's `__check_auth`.\n *\n * const cavos = await CavosStellar.connect({ network: \"stellar-testnet\", identity, appSalt, relayer });\n * if (cavos.status === \"ready\") await cavos.execute(10_000_000n, dest); // 1 XLM\n *\n * Gasless by default: with an `appId` the Cavos relayer is the tx source + fee\n * payer. `sourceKeypair` is the self-funded fallback.\n */\nexport class CavosStellar {\n /** Discriminant for the `CavosWallet` union — narrows `execute()` per chain. */\n readonly chain = \"stellar\" as const;\n\n private constructor(\n readonly identity: Identity,\n readonly address: string,\n readonly status: ConnectStatus,\n readonly network: StellarNetwork,\n private readonly adapter: StellarAdapter,\n private readonly devicePubkey: DevicePublicKey,\n private readonly relayer?: StellarRelayer,\n private readonly sourceKeypair?: Keypair,\n ) {}\n\n get publicKey(): DevicePublicKey {\n return this.devicePubkey;\n }\n\n static async connect(opts: ConnectStellarOptions): Promise<CavosStellar> {\n const identity = opts.identity ?? (await opts.auth?.authenticate());\n if (!identity) throw new Error(\"kit/stellar: connect requires `identity` or `auth`\");\n\n const signer = opts.createSigner\n ? await opts.createSigner(`${identity.userId}:${opts.appSalt}`)\n : await WebCryptoSigner.loadOrCreate({ keyId: `${identity.userId}:${opts.appSalt}` });\n const devicePubkey = await signer.getPublicKey();\n\n const adapter = new StellarAdapter({\n network: opts.network,\n rpcUrl: opts.rpcUrl,\n factoryId: opts.factoryId,\n signer,\n });\n const addressSeed = deriveAddressSeedStellar({ userId: identity.userId, appSalt: opts.appSalt });\n\n const backendUrl = opts.backendUrl ?? \"https://cavos.xyz\";\n const registry =\n opts.registry ??\n (opts.appId\n ? new HttpWalletRegistry({ baseUrl: backendUrl, appId: opts.appId, network: opts.network })\n : defaultRegistry);\n const relayer =\n opts.relayer ??\n (opts.appId\n ? new StellarRelayer({ baseUrl: backendUrl, appId: opts.appId, network: opts.network })\n : undefined);\n\n const build = (\n address: string,\n status: ConnectStatus,\n ): CavosStellar =>\n new CavosStellar(identity, address, status, opts.network, adapter, devicePubkey, relayer, opts.sourceKeypair);\n\n const self = build(\"\", \"needs-device-approval\");\n const readSource = await self.resolveSource();\n\n // Returning user on another device? The address is device-bound, so the\n // registry (not identity alone) recognizes it. A new device is flagged\n // needs-device-approval — same model as Starknet/Solana.\n const existing = await registry.lookup(identity.userId);\n if (existing) {\n const isSigner = await adapter.isAuthorizedSigner(existing.address, devicePubkey, readSource);\n return build(existing.address, isSigner ? \"ready\" : \"needs-device-approval\");\n }\n\n const address = adapter.computeAddress(addressSeed, devicePubkey);\n if (!(await adapter.isDeployed(address))) {\n const func = adapter.buildDeploy(addressSeed, devicePubkey);\n // Deploy needs NO device auth (factory deploys; account doesn't exist yet),\n // so `authAccount` is undefined — nothing to sign, just the relayer/self pays.\n await self.submitHostFunction(func, undefined);\n }\n\n await registry.register({ userId: identity.userId, address, initialSigner: devicePubkey });\n const isSigner = await adapter.isAuthorizedSigner(address, devicePubkey, readSource);\n return build(address, isSigner ? \"ready\" : \"needs-device-approval\");\n }\n\n /** Authorize an additional device signer (device-signed via `__check_auth`). */\n async addSigner(pubkey: DevicePublicKey): Promise<string> {\n const func = this.adapter.buildAddSigner(this.address, pubkey);\n return this.submitHostFunction(func, this.address);\n }\n\n /**\n * Enroll a passkey as an approver (2FA-style step-up). Device-signed + gasless;\n * requires a ready device. Idempotent. Returns the passkey pubkey + tx hash.\n */\n async enrollPasskey(\n passkey: PasskeySigner,\n params: PasskeyEnrollParams,\n ): Promise<{ publicKey: DevicePublicKey; transactionHash?: string }> {\n const enrolled = await passkey.enroll(params);\n const { transactionHash } = await this.addApprover(enrolled.publicKey);\n return { publicKey: enrolled.publicKey, transactionHash };\n }\n\n /** Register an already-enrolled passkey pubkey as an approver (gasless).\n * Idempotent. Lets one passkey be registered across chains without re-prompting. */\n async addApprover(pubkey: DevicePublicKey): Promise<{ transactionHash?: string }> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit/stellar: addApprover requires a ready, authorized device\");\n }\n const readSource = await this.resolveSource();\n if (await this.adapter.isApprover(this.address, pubkey, readSource)) return {};\n const func = this.adapter.buildAddApprover(this.address, pubkey);\n const transactionHash = await this.submitHostFunction(func, this.address);\n return { transactionHash };\n }\n\n /**\n * From a fresh browser (status `needs-device-approval`), approve adding THIS\n * device using the user's synced passkey. Gasless via the relayer — the call\n * carries the WebAuthn assertion, so no device signature is needed. Returns the\n * tx hash. No trip back to an already-authorized device.\n */\n async approveThisDeviceWithPasskey(passkey: PasskeySigner): Promise<string> {\n if (this.status === \"ready\") {\n throw new Error(\"kit/stellar: this device is already an authorized signer\");\n }\n const { leaf, nonce } = await this.passkeyLeafForThisDevice();\n const leaves = [leaf];\n const assertion = await passkey.assert(batchChallenge(leaves));\n const { transactionHash } = await this.submitPasskeyApproval(assertion, leaves, 0, nonce);\n return transactionHash;\n }\n\n /** This device's leaf + passkey nonce for a (possibly multi-chain) batch. */\n async passkeyLeafForThisDevice(): Promise<{ leaf: Uint8Array; nonce: bigint }> {\n const readSource = await this.resolveSource();\n const nonce = await this.adapter.passkeyNonce(this.address, readSource);\n return { leaf: this.adapter.passkeyLeaf(this.devicePubkey, nonce), nonce };\n }\n\n /** Submit `add_signer_via_passkey` given a shared assertion + batch position.\n * No device auth entry — authorized purely by the passkey assertion. */\n async submitPasskeyApproval(\n assertion: PasskeyAssertion,\n leaves: Uint8Array[],\n leafIndex: number,\n nonce: bigint,\n ): Promise<{ transactionHash: string }> {\n const readSource = await this.resolveSource();\n const digest = webauthnDigest(assertion.authenticatorData, assertion.clientDataJSON);\n const candidates = recoverCandidatePublicKeys(assertion.r, assertion.s, digest);\n let approver: DevicePublicKey | null = null;\n for (const cand of candidates) {\n if (await this.adapter.isApprover(this.address, cand.publicKey, readSource)) {\n approver = cand.publicKey;\n break;\n }\n }\n if (!approver) throw new Error(\"kit/stellar: this passkey is not a registered approver\");\n const func = this.adapter.buildAddSignerViaPasskey(\n this.address, this.devicePubkey, approver, nonce, leaves, leafIndex, assertion,\n );\n return { transactionHash: await this.submitHostFunction(func, undefined) };\n }\n\n /** Move `amount` stroops of native XLM to `destination` (device-signed). */\n async execute(amount: bigint, destination: string): Promise<string> {\n return this.executeTransfer(NATIVE_SAC_ID[this.network], amount, destination);\n }\n\n /** Read this account's balance of `tokenId` (defaults to native XLM), in stroops. */\n async balance(tokenId: string = NATIVE_SAC_ID[this.network]): Promise<bigint> {\n const readSource = await this.resolveSource();\n return this.adapter.readBalance(tokenId, this.address, readSource);\n }\n\n /** Transfer `amount` of any SEP-41 token out of the account (device-signed). */\n async executeTransfer(tokenId: string, amount: bigint, destination: string): Promise<string> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit/stellar: this device is not yet an authorized signer of the wallet\");\n }\n const func = this.adapter.buildTransfer(tokenId, this.address, destination, amount);\n return this.submitHostFunction(func, this.address);\n }\n\n /**\n * Register the backup signer derived from `code` as an authorized signer of\n * this account (device-signed). Idempotent. The code never leaves the device —\n * only the derived public key travels on-chain. Mirrors the other chains.\n */\n async setupRecovery(code: string): Promise<string | undefined> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit/stellar: setupRecovery requires a ready, registered device\");\n }\n const { publicKey: backupPubkey } = deriveBackupKey(code);\n const readSource = await this.resolveSource();\n if (await this.adapter.isAuthorizedSigner(this.address, backupPubkey, readSource)) return undefined;\n return this.addSigner(backupPubkey);\n }\n\n /**\n * Recover an account after losing every device signer: derive the backup key\n * from `code`, use it (not the new device) to authorize `add_signer(newDevice)`,\n * and return a ready handle bound to the new device. The address is unchanged.\n */\n static async recover(opts: RecoverStellarOptions): Promise<CavosStellar> {\n const signer = opts.createSigner\n ? await opts.createSigner(`${opts.identity.userId}:${opts.appSalt}`)\n : await WebCryptoSigner.loadOrCreate({ keyId: `${opts.identity.userId}:${opts.appSalt}` });\n const devicePubkey = await signer.getPublicKey();\n\n // The backup key drives this tx: it's the only signer that can authorize\n // adding the new device after all device keys are lost. Build an adapter\n // whose signer IS the backup key so the auth entry is backup-signed.\n const backup = BackupSigner.fromCode(opts.code);\n const backupAdapter = new StellarAdapter({\n network: opts.network,\n rpcUrl: opts.rpcUrl,\n factoryId: opts.factoryId,\n signer: backup,\n });\n\n const backendUrl = opts.backendUrl ?? \"https://cavos.xyz\";\n const registry =\n opts.registry ??\n (opts.appId\n ? new HttpWalletRegistry({ baseUrl: backendUrl, appId: opts.appId, network: opts.network })\n : defaultRegistry);\n const existing = await registry.lookup(opts.identity.userId);\n if (!existing) {\n throw new Error(\"kit/stellar: no account found for this identity — nothing to recover\");\n }\n const relayer =\n opts.relayer ??\n (opts.appId\n ? new StellarRelayer({ baseUrl: backendUrl, appId: opts.appId, network: opts.network })\n : undefined);\n\n // A CavosStellar bound to the backup adapter, used only to authorize add_signer.\n const backupHandle = new CavosStellar(\n opts.identity,\n existing.address,\n \"ready\",\n opts.network,\n backupAdapter,\n devicePubkey,\n relayer,\n opts.sourceKeypair,\n );\n const readSource = await backupHandle.resolveSource();\n if (!(await backupAdapter.isAuthorizedSigner(existing.address, devicePubkey, readSource))) {\n await backupHandle.addSigner(devicePubkey);\n }\n\n // Hand control to the new device's signer for all future operations.\n const adapter = new StellarAdapter({\n network: opts.network,\n rpcUrl: opts.rpcUrl,\n factoryId: opts.factoryId,\n signer,\n });\n return new CavosStellar(\n opts.identity,\n existing.address,\n \"ready\",\n opts.network,\n adapter,\n devicePubkey,\n relayer,\n opts.sourceKeypair,\n );\n }\n\n /** The transaction source/fee-payer G-address (relayer or self-funded). */\n private async resolveSource(): Promise<string> {\n if (this.relayer) return this.relayer.getSource();\n if (this.sourceKeypair) return this.sourceKeypair.publicKey();\n throw new Error(\"kit/stellar: a relayer (appId) or sourceKeypair is required\");\n }\n\n /**\n * Build → simulate → device-sign auth → assemble → submit an invoke-contract\n * host function. `authAccount` is the account whose `__check_auth` must sign the\n * operation's Soroban auth entry (undefined for a plain factory deploy).\n */\n private async submitHostFunction(\n func: xdr.HostFunction,\n authAccount: string | undefined,\n ): Promise<string> {\n const server = this.adapter.server();\n const sourceAddr = await this.resolveSource();\n\n // Simulation ignores the source sequence, so a throwaway seq is fine here —\n // this avoids double-incrementing the real relayer sequence between builds.\n const simSource = new Account(sourceAddr, \"0\");\n const unsignedOp = Operation.invokeHostFunction({ func, auth: [] });\n const simTx = new TransactionBuilder(simSource, {\n fee: BASE_FEE,\n networkPassphrase: this.adapter.passphrase,\n })\n .addOperation(unsignedOp)\n .setTimeout(180)\n .build();\n\n const sim = await server.simulateTransaction(simTx);\n if (rpc.Api.isSimulationError(sim)) {\n throw new Error(`kit/stellar: simulation failed: ${sim.error}`);\n }\n\n const validUntil = (await server.getLatestLedger()).sequence + 100;\n const entries = sim.result?.auth ?? [];\n const signedAuth: xdr.SorobanAuthorizationEntry[] = [];\n for (const entry of entries) {\n if (authAccount && isAddressCredentialFor(entry, authAccount)) {\n signedAuth.push(await this.adapter.signAuthEntry(entry, validUntil));\n } else {\n signedAuth.push(entry);\n }\n }\n\n // Final tx: real sequence + the device-signed auth entries. assembleTransaction\n // preserves the op's existing auth (only fills sorobanData + resource fee).\n const account = await server.getAccount(sourceAddr);\n const finalOp = Operation.invokeHostFunction({ func, auth: signedAuth });\n const built = new TransactionBuilder(account, {\n fee: BASE_FEE,\n networkPassphrase: this.adapter.passphrase,\n })\n .addOperation(finalOp)\n .setTimeout(180)\n .build();\n\n // Re-simulate WITH the signed auth so the resource estimate includes the cost\n // of running `__check_auth` (secp256r1_verify + sha256). The first simulation\n // ran in recording mode with no signatures, so it under-counted CPU and the\n // tx would fail on-chain with RESOURCE_LIMIT_EXCEEDED.\n const authSim = await server.simulateTransaction(built);\n if (rpc.Api.isSimulationError(authSim)) {\n throw new Error(`kit/stellar: auth simulation failed: ${authSim.error}`);\n }\n const assembled = rpc.assembleTransaction(built, authSim).build();\n\n // Relayer signs the envelope + submits (gasless). Self-funded signs locally.\n if (this.relayer) {\n return this.relayer.submit(assembled.toXDR());\n }\n if (this.sourceKeypair) {\n assembled.sign(this.sourceKeypair);\n return this.sendAndConfirm(assembled);\n }\n throw new Error(\"kit/stellar: no relayer or sourceKeypair configured to submit\");\n }\n\n /** Submit a signed tx via RPC and poll to confirmation. Returns the hash. */\n private async sendAndConfirm(tx: Transaction): Promise<string> {\n const server = this.adapter.server();\n const sent = await server.sendTransaction(tx);\n if (sent.status === \"ERROR\") {\n throw new Error(`kit/stellar: submit rejected: ${JSON.stringify(sent.errorResult)}`);\n }\n const hash = sent.hash;\n for (let i = 0; i < 30; i++) {\n const got = await server.getTransaction(hash);\n if (got.status === rpc.Api.GetTransactionStatus.SUCCESS) return hash;\n if (got.status === rpc.Api.GetTransactionStatus.FAILED) {\n throw new Error(`kit/stellar: tx ${hash} failed`);\n }\n await new Promise((r) => setTimeout(r, 1000));\n }\n throw new Error(`kit/stellar: tx ${hash} not confirmed in time`);\n }\n}\n\n/** Whether an auth entry is an Address credential for `accountAddress`. */\nfunction isAddressCredentialFor(entry: xdr.SorobanAuthorizationEntry, accountAddress: string): boolean {\n const creds = entry.credentials();\n if (creds.switch() !== xdr.SorobanCredentialsType.sorobanCredentialsAddress()) return false;\n return Address.fromScAddress(creds.address().address()).toString() === accountAddress;\n}\n\nconst defaultRegistry = new InMemoryWalletRegistry();\n","import type { DevicePublicKey } from \"../signer/DeviceSigner\";\nimport type { RecoveryClient, PendingDeviceRequest } from \"./RecoveryClient\";\n\nexport interface HttpRecoveryClientOptions {\n /** Cavos backend base URL (e.g. https://cavos.xyz). */\n baseUrl: string;\n /** The Cavos App ID — authenticates SDK calls. */\n appId: string;\n}\n\nfunction toHex(n: bigint): string {\n return \"0x\" + n.toString(16);\n}\nfunction fromHex(s: string): bigint {\n return BigInt(s);\n}\n\nfunction deviceLabel(): string {\n if (typeof navigator !== \"undefined\") {\n return navigator.userAgent || \"a new device\";\n }\n return \"a new device\";\n}\n\n/**\n * RecoveryClient backed by the Cavos backend's device-approval relay\n * (`/api/devices/request`). The relay holds NO keys — it stores the pending\n * request, emails the wallet owner, and mirrors the on-chain `add_signer` once a\n * registered device confirms.\n */\nexport class HttpRecoveryClient implements RecoveryClient {\n constructor(private readonly opts: HttpRecoveryClientOptions) {}\n\n async requestDeviceAddition(params: {\n userId: string;\n accountAddress: string;\n newSigner: DevicePublicKey;\n email?: string;\n deviceLabel?: string;\n }): Promise<{ requestId: string }> {\n const res = await fetch(new URL(\"/api/devices/request\", this.opts.baseUrl), {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n app_id: this.opts.appId,\n wallet_address: params.accountAddress,\n new_pub_x: toHex(params.newSigner.x),\n new_pub_y: toHex(params.newSigner.y),\n device_label: params.deviceLabel ?? deviceLabel(),\n ...(params.email ? { email: params.email } : {}),\n }),\n });\n if (!res.ok) {\n const t = await res.text().catch(() => \"\");\n throw new Error(`requestDeviceAddition failed: ${res.status} ${t}`);\n }\n const data = await res.json();\n return { requestId: data.request_id };\n }\n\n async getPendingRequest(requestId: string): Promise<PendingDeviceRequest | null> {\n const url = new URL(\"/api/devices/request\", this.opts.baseUrl);\n url.searchParams.set(\"id\", requestId);\n const res = await fetch(url, { headers: { \"Content-Type\": \"application/json\" } });\n if (!res.ok) throw new Error(`getPendingRequest failed: ${res.status}`);\n const data = await res.json();\n if (!data.found) return null;\n\n const status = data.status as PendingDeviceRequest[\"status\"];\n return {\n requestId: data.request_id,\n appId: data.app_id,\n userId: \"\", // the approving device already knows its own identity\n accountAddress: data.wallet_address,\n newSigner: { x: fromHex(data.new_pub_x), y: fromHex(data.new_pub_y) },\n createdAt: data.created_at,\n status,\n };\n }\n\n async confirmDeviceAddition(params: {\n requestId: string;\n txHash: string;\n }): Promise<void> {\n const res = await fetch(\n new URL(`/api/devices/request/${params.requestId}/confirm`, this.opts.baseUrl),\n {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({ tx_hash: params.txHash }),\n },\n );\n if (!res.ok) {\n const t = await res.text().catch(() => \"\");\n throw new Error(`confirmDeviceAddition failed: ${res.status} ${t}`);\n }\n }\n}\n","import { Account, RpcProvider, PaymasterRpc, hash, num, type Call } from \"starknet\";\nimport type { Keypair } from \"@solana/web3.js\";\nimport type { AuthProvider, Identity } from \"./auth/AuthProvider\";\nimport type { DeviceSigner, DevicePublicKey } from \"./signer/DeviceSigner\";\nimport { WebCryptoSigner } from \"./signer/WebCryptoSigner\";\nimport { StarknetAdapter } from \"./chains/starknet/StarknetAdapter\";\nimport { StarknetDeviceSigner } from \"./chains/starknet/StarknetDeviceSigner\";\nimport { CavosSolana } from \"./chains/solana/CavosSolana\";\nimport type { SolanaRelayer } from \"./chains/solana/SolanaRelayer\";\nimport type { SolanaNetwork } from \"./chains/solana/constants\";\nimport { CavosStellar } from \"./chains/stellar/CavosStellar\";\nimport type { StellarRelayer } from \"./chains/stellar/StellarRelayer\";\nimport type { StellarNetwork } from \"./chains/stellar/constants\";\nimport type { Keypair as StellarKeypair } from \"@stellar/stellar-sdk\";\nimport type { ChainCall } from \"./chains/ChainAdapter\";\nimport type { WalletRegistry } from \"./registry/WalletRegistry\";\nimport { InMemoryWalletRegistry } from \"./registry/WalletRegistry\";\nimport { HttpWalletRegistry } from \"./registry/HttpWalletRegistry\";\nimport type { RecoveryClient } from \"./recovery/RecoveryClient\";\nimport { HttpRecoveryClient } from \"./recovery/HttpRecoveryClient\";\nimport { BackupSigner, deriveBackupKey } from \"./recovery/BackupSigner\";\nimport { deriveAddressSeed } from \"./identity\";\nimport type { PasskeySigner, PasskeyEnrollParams } from \"./signer/PasskeySigner\";\nimport { webauthnDigest, recoverCandidatePublicKeys, batchChallenge } from \"./crypto/webauthn\";\nimport type { PasskeyAssertion } from \"./crypto/webauthn\";\nimport {\n CAVOS_PAYMASTER_URL,\n DEVICE_ACCOUNT_CLASS_HASH,\n STARKNET_NETWORKS,\n type StarknetNetwork,\n} from \"./chains/starknet/constants\";\n\n/** The chains the unified `Cavos.connect` can target. */\nexport type Chain = \"starknet\" | \"solana\" | \"stellar\";\n\n/**\n * Environment selector. `Cavos.connect` resolves it to the chain's concrete\n * network: starknet → sepolia/mainnet, solana → solana-devnet/solana-mainnet.\n */\nexport type NetworkEnv = \"mainnet\" | \"testnet\";\n\n/** Resolve the abstract `{ chain, network }` to each chain's concrete network. */\nconst STARKNET_ENV: Record<NetworkEnv, StarknetNetwork> = {\n mainnet: \"mainnet\",\n testnet: \"sepolia\",\n};\nconst SOLANA_ENV: Record<NetworkEnv, SolanaNetwork> = {\n mainnet: \"solana-mainnet\",\n testnet: \"solana-devnet\",\n};\nconst STELLAR_ENV: Record<NetworkEnv, StellarNetwork> = {\n mainnet: \"stellar-mainnet\",\n testnet: \"stellar-testnet\",\n};\n\n/** A connected wallet: discriminated by `chain`, so `execute()` stays native. */\nexport type CavosWallet = Cavos | CavosSolana | CavosStellar;\n\nexport interface ConnectOptions {\n /** Target chain. The returned wallet is discriminated by this same value. */\n chain: Chain;\n /** Environment. Resolved to sepolia/devnet (testnet) or mainnet per chain. */\n network: NetworkEnv;\n /** Authenticated user (pass `identity` directly, or an `auth` provider). */\n auth?: AuthProvider;\n identity?: Identity;\n appSalt: string;\n /**\n * Cavos App ID. When set (with `backendUrl`), the kit uses the hosted\n * WalletRegistry + RecoveryClient by default for real multi-device support.\n */\n appId?: string;\n /** Cavos backend base URL. Defaults to https://cavos.xyz. */\n backendUrl?: string;\n /**\n * Off-chain user_id -> wallet map. Defaults to the hosted HttpWalletRegistry\n * when `appId` is set, else an in-memory registry (single-device only).\n */\n registry?: WalletRegistry;\n /**\n * Device-approval relay (Starknet). Defaults to HttpRecoveryClient when\n * `appId` is set; used to request addition of this device when it isn't a\n * signer yet.\n */\n recovery?: RecoveryClient;\n rpcUrl?: string;\n /** Override the device signer factory (native / tests); default WebCrypto. */\n createSigner?: (keyId: string) => Promise<DeviceSigner>;\n\n // --- Starknet-only ---\n /** Cavos paymaster API key (sponsors deploy + execute). Required for Starknet. */\n paymasterApiKey?: string;\n paymasterUrl?: string;\n classHash?: string;\n\n // --- Solana-only ---\n /** Cavos device-account program id override. */\n programId?: string;\n /** Gasless sponsorship relayer (defaults to the hosted one when `appId` set). */\n relayer?: SolanaRelayer;\n /** Self-funded fee-payer fallback when no relayer is configured. */\n feePayer?: Keypair;\n\n // --- Stellar-only ---\n /** Gasless sponsorship relayer (defaults to the hosted one when `appId` set). */\n stellarRelayer?: StellarRelayer;\n /** Self-funded source/fee-payer Stellar keypair when no relayer is configured. */\n stellarSourceKeypair?: StellarKeypair;\n /** Factory contract id override (else the per-network default). */\n factoryId?: string;\n}\n\n/** The Starknet-specific connect options, resolved from the unified ones. */\ninterface StarknetConnectOptions {\n network: StarknetNetwork;\n auth?: AuthProvider;\n identity?: Identity;\n appSalt: string;\n appId?: string;\n backendUrl?: string;\n registry?: WalletRegistry;\n recovery?: RecoveryClient;\n paymasterApiKey: string;\n paymasterUrl?: string;\n rpcUrl?: string;\n classHash?: string;\n createSigner?: (keyId: string) => Promise<DeviceSigner>;\n}\n\n/** Whether this device can already operate the wallet, or needs to be added. */\nexport type ConnectStatus = \"ready\" | \"needs-device-approval\";\n\n/** Options for recovering an account after losing every device signer. */\nexport interface RecoveryOptions {\n /** The recovery code the user stored when they ran setupRecovery. */\n code: string;\n /** Authenticated identity (same user who owns the account). */\n identity: Identity;\n /** Environment (recovery is Starknet-only): testnet → sepolia, mainnet. */\n network: NetworkEnv;\n appSalt: string;\n paymasterApiKey: string;\n appId?: string;\n backendUrl?: string;\n rpcUrl?: string;\n paymasterUrl?: string;\n classHash?: string;\n /** Off-chain user_id -> wallet map. Defaults to the hosted registry. */\n registry?: WalletRegistry;\n /** Override the new device's signer (native / tests); default WebCrypto. */\n createSigner?: (keyId: string) => Promise<DeviceSigner>;\n}\n\n/**\n * High-level Cavos wallet. One call logs the user in and returns a ready, gas-\n * sponsored smart account controlled by a silent device key.\n *\n * const cavos = await Cavos.connect({ network, identity, appSalt, registry, paymasterApiKey });\n * if (cavos.status === \"ready\") await cavos.execute(calls);\n *\n * The account address is `f(identity, device_pubkey)` — unforgeable, so it can't\n * be hijacked. The `registry` recognizes returning users across devices: a new\n * device on an existing account is flagged `needs-device-approval` (add it via\n * an already-registered device) instead of creating a second wallet.\n */\nexport class Cavos {\n /** Discriminant for the `CavosWallet` union — narrows `execute()` per chain. */\n readonly chain = \"starknet\" as const;\n /** Request id of the pending device-addition, when status is needs-device-approval. */\n pendingRequestId: string | null = null;\n\n private constructor(\n readonly identity: Identity,\n readonly address: string,\n readonly status: ConnectStatus,\n readonly account: Account,\n private readonly adapter: StarknetAdapter,\n private readonly devicePubkey: DevicePublicKey,\n /** Paymaster URL + API key, for the sponsored passkey-approval path. */\n private readonly paymaster?: { url: string; apiKey?: string },\n ) {}\n\n /**\n * Unified entry point. Pick a `chain` and an `network` environment; the kit\n * resolves the concrete network (sepolia/devnet for testnet, mainnet for\n * mainnet) and returns a chain-native wallet. The result is a discriminated\n * union (`wallet.chain`), so `execute()` keeps each chain's native signature:\n *\n * const wallet = await Cavos.connect({ chain: \"solana\", network: \"testnet\", identity, appSalt, appId });\n * if (wallet.chain === \"starknet\") await wallet.execute(calls);\n * else await wallet.execute(amount, dest);\n */\n static async connect(opts: ConnectOptions): Promise<CavosWallet> {\n if (opts.chain === \"solana\") {\n return CavosSolana.connect({\n network: SOLANA_ENV[opts.network],\n ...(opts.auth ? { auth: opts.auth } : {}),\n ...(opts.identity ? { identity: opts.identity } : {}),\n appSalt: opts.appSalt,\n ...(opts.appId ? { appId: opts.appId } : {}),\n ...(opts.backendUrl ? { backendUrl: opts.backendUrl } : {}),\n ...(opts.registry ? { registry: opts.registry } : {}),\n ...(opts.rpcUrl ? { rpcUrl: opts.rpcUrl } : {}),\n ...(opts.programId ? { programId: opts.programId } : {}),\n ...(opts.createSigner ? { createSigner: opts.createSigner } : {}),\n ...(opts.relayer ? { relayer: opts.relayer } : {}),\n ...(opts.feePayer ? { feePayer: opts.feePayer } : {}),\n });\n }\n if (opts.chain === \"stellar\") {\n return CavosStellar.connect({\n network: STELLAR_ENV[opts.network],\n ...(opts.auth ? { auth: opts.auth } : {}),\n ...(opts.identity ? { identity: opts.identity } : {}),\n appSalt: opts.appSalt,\n ...(opts.appId ? { appId: opts.appId } : {}),\n ...(opts.backendUrl ? { backendUrl: opts.backendUrl } : {}),\n ...(opts.registry ? { registry: opts.registry } : {}),\n ...(opts.rpcUrl ? { rpcUrl: opts.rpcUrl } : {}),\n ...(opts.factoryId ? { factoryId: opts.factoryId } : {}),\n ...(opts.createSigner ? { createSigner: opts.createSigner } : {}),\n ...(opts.stellarRelayer ? { relayer: opts.stellarRelayer } : {}),\n ...(opts.stellarSourceKeypair ? { sourceKeypair: opts.stellarSourceKeypair } : {}),\n });\n }\n if (!opts.paymasterApiKey) {\n throw new Error(\"kit: `paymasterApiKey` is required for Starknet connections\");\n }\n return Cavos.connectStarknet({\n network: STARKNET_ENV[opts.network],\n auth: opts.auth,\n identity: opts.identity,\n appSalt: opts.appSalt,\n appId: opts.appId,\n backendUrl: opts.backendUrl,\n registry: opts.registry,\n recovery: opts.recovery,\n paymasterApiKey: opts.paymasterApiKey,\n paymasterUrl: opts.paymasterUrl,\n rpcUrl: opts.rpcUrl,\n classHash: opts.classHash,\n createSigner: opts.createSigner,\n });\n }\n\n private static async connectStarknet(opts: StarknetConnectOptions): Promise<Cavos> {\n const identity = opts.identity ?? (await opts.auth?.authenticate());\n if (!identity) throw new Error(\"kit: connect requires `identity` or `auth`\");\n\n const classHash = opts.classHash ?? DEVICE_ACCOUNT_CLASS_HASH[opts.network];\n if (!classHash) throw new Error(`kit: no DeviceAccount class hash for ${opts.network}`);\n\n const provider = new RpcProvider({\n nodeUrl: opts.rpcUrl ?? STARKNET_NETWORKS[opts.network].rpcUrl,\n });\n const paymasterUrl = opts.paymasterUrl ?? CAVOS_PAYMASTER_URL[opts.network];\n const paymasterConfig = { url: paymasterUrl, apiKey: opts.paymasterApiKey };\n const paymaster = new PaymasterRpc({\n nodeUrl: paymasterUrl,\n headers: { \"x-paymaster-api-key\": opts.paymasterApiKey },\n });\n\n const addressSeed = deriveAddressSeed({ userId: identity.userId, appSalt: opts.appSalt });\n\n // This device's silent signer.\n const signer = opts.createSigner\n ? await opts.createSigner(`${identity.userId}:${opts.appSalt}`)\n : await WebCryptoSigner.loadOrCreate({ keyId: `${identity.userId}:${opts.appSalt}` });\n const devicePubkey = await signer.getPublicKey();\n\n const adapter = new StarknetAdapter({ classHash, signer, provider });\n const makeAccount = (address: string) =>\n new Account({\n provider,\n address,\n signer: new StarknetDeviceSigner(signer),\n paymaster,\n cairoVersion: \"1\",\n });\n\n // Returning user? The registry knows their wallet (address is device-bound,\n // so it isn't derivable from identity alone). Default to the hosted\n // HttpWalletRegistry when appId is provided, else an in-memory map.\n const backendUrl = opts.backendUrl ?? \"https://cavos.xyz\";\n const registry =\n opts.registry ??\n (opts.appId\n ? new HttpWalletRegistry({ baseUrl: backendUrl, appId: opts.appId, network: opts.network })\n : defaultRegistry);\n const recovery =\n opts.recovery ?? (opts.appId ? new HttpRecoveryClient({ baseUrl: backendUrl, appId: opts.appId }) : null);\n const existing = await registry.lookup(identity.userId);\n\n if (existing) {\n const account = makeAccount(existing.address);\n const isSigner = await adapter.isAuthorizedSigner(existing.address, devicePubkey);\n const cavos = new Cavos(\n identity,\n existing.address,\n isSigner ? \"ready\" : \"needs-device-approval\",\n account,\n adapter,\n devicePubkey,\n paymasterConfig,\n );\n\n // New device on an existing wallet: ask the backend to email the owner an\n // approval link. The approving device signs add_signer on-chain; this device\n // becomes \"ready\" after that. Best-effort: never blocks the connect result.\n //\n // De-duplicate within a short window so a page refresh, reconnect, or\n // rapid retry doesn't spam the owner with one email per attempt. The\n // backend already dedups by request id within its 24h TTL, but that still\n // re-sends the email on each fresh request id — this client-side guard\n // collapses the burst. We keep the last requestId and reuse it.\n if (!isSigner && recovery) {\n const dedup = lastDeviceRequest.get(identity.userId);\n const fresh = dedup && Date.now() - dedup.requestedAt < DEVICE_REQUEST_DEDUP_MS;\n try {\n if (fresh) {\n cavos.pendingRequestId = dedup!.requestId;\n } else {\n const { requestId } = await recovery.requestDeviceAddition({\n userId: identity.userId,\n accountAddress: existing.address,\n newSigner: devicePubkey,\n ...(identity.email ? { email: identity.email } : {}),\n });\n cavos.pendingRequestId = requestId;\n lastDeviceRequest.set(identity.userId, { requestId, requestedAt: Date.now() });\n }\n } catch (e) {\n console.warn(\"[Cavos] requestDeviceAddition failed:\", e);\n }\n }\n return cavos;\n }\n\n // Compute the deterministic address for (identity, this device). The address\n // is device-bound, so it's NOT in the registry for a new device — but it may\n // already be deployed on-chain (same device reconnecting, or a re-run after a\n // deploy that succeeded before a timeout). Ask the chain before deploying:\n // re-deploying an existing account reverts (\"contract already deployed\").\n const address = adapter.computeAddress({ addressSeed, initialSigner: devicePubkey });\n const account = makeAccount(address);\n const alreadyDeployed = await isDeployed(provider, address);\n\n if (!alreadyDeployed) {\n const deploymentData = {\n address,\n class_hash: classHash,\n salt: num.toHex(addressSeed),\n calldata: adapter.constructorCalldata(addressSeed, devicePubkey),\n version: 1 as const,\n };\n const deployRes = await account.executePaymasterTransaction([], {\n feeMode: { mode: \"sponsored\" },\n deploymentData,\n });\n // Wait for the deploy to land before declaring the device \"ready\". Assuming\n // readiness here would report \"ready\" if the tx silently failed or hadn't\n // indexed yet — and the user would hit a confusing error on their first tx.\n try {\n await provider.waitForTransaction(deployRes.transaction_hash);\n } catch (e) {\n console.warn(\"[Cavos] deploy receipt wait failed:\", e);\n }\n }\n\n // Record the wallet (idempotent for reconnects) and resolve readiness from\n // the chain: this device is \"ready\" iff its pubkey is an authorized signer.\n // We re-read even right after a fresh deploy, so a deploy that failed to\n // index (or silently reverted) surfaces as needs-device-approval rather than\n // a false \"ready\".\n await registry.register({ userId: identity.userId, address, initialSigner: devicePubkey });\n let isSigner: boolean;\n try {\n isSigner = await adapter.isAuthorizedSigner(address, devicePubkey);\n } catch (e) {\n // Fall back to the deploy assumption only if the chain read itself errors\n // (e.g. node hiccup right after indexing) — the deploy did submit.\n console.warn(\"[Cavos] isAuthorizedSigner read failed:\", e);\n isSigner = !alreadyDeployed;\n }\n\n return new Cavos(\n identity,\n address,\n isSigner ? \"ready\" : \"needs-device-approval\",\n account,\n adapter,\n devicePubkey,\n paymasterConfig,\n );\n }\n\n /** This device's public key (e.g. to request addition to an existing wallet). */\n get publicKey(): DevicePublicKey {\n return this.devicePubkey;\n }\n\n /** Execute a sponsored (gasless) multicall, signed silently by the device. */\n async execute(calls: ChainCall[]): Promise<{ transactionHash: string }> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit: this device is not yet an authorized signer of the wallet\");\n }\n const res = await this.account.executePaymasterTransaction(calls as Call[], {\n feeMode: { mode: \"sponsored\" },\n });\n return { transactionHash: res.transaction_hash };\n }\n\n /** Authorize an additional device signer (sponsored). Self-submitted. */\n async addSigner(pubkey: DevicePublicKey): Promise<{ transactionHash: string }> {\n return this.execute([this.adapter.buildAddSigner(this.address, pubkey)]);\n }\n\n /**\n * Enroll a passkey as an APPROVER so the user can later add devices from any\n * browser (2FA-style step-up). Requires a ready device (the enrollment call is\n * device-signed and gasless). Idempotent: a no-op if the passkey is already an\n * approver. Call this whenever the app decides to prompt \"turn on device\n * approvals\". Returns the passkey's public key + the enrollment tx hash.\n */\n async enrollPasskey(\n passkey: PasskeySigner,\n params: PasskeyEnrollParams,\n ): Promise<{ publicKey: DevicePublicKey; transactionHash?: string }> {\n const enrolled = await passkey.enroll(params);\n const { transactionHash } = await this.addApprover(enrolled.publicKey);\n return { publicKey: enrolled.publicKey, transactionHash };\n }\n\n /**\n * Register an ALREADY-enrolled passkey public key as an approver (gasless,\n * device-signed). Idempotent. Use this to register ONE passkey across multiple\n * chains without re-prompting `passkey.enroll()` on each: enroll once, then\n * call `addApprover(pubkey)` on each chain's wallet.\n */\n async addApprover(pubkey: DevicePublicKey): Promise<{ transactionHash?: string }> {\n if (this.status !== \"ready\") {\n throw new Error(\"kit: addApprover requires a ready, authorized device\");\n }\n if (await this.adapter.isApprover(this.address, pubkey)) return {};\n const { transactionHash } = await this.execute([\n this.adapter.buildAddApprover(this.address, pubkey),\n ]);\n return { transactionHash };\n }\n\n /**\n * From a brand-new browser (status `needs-device-approval`), use the user's\n * synced passkey to authorize adding THIS device — no trip back to an already-\n * authorized device.\n *\n * `add_signer_via_passkey` is a public external authorized by the embedded\n * WebAuthn assertion (no device signature), so by default we sponsor it through\n * the Cavos paymaster's `paymaster_executeDirectTransaction` (the forwarder's\n * `execute_sponsored` runs a generic call — it does NOT require SNIP-9). Pass a\n * custom `submit` to route it through your own relayer instead. Returns the tx.\n */\n async approveThisDeviceWithPasskey(opts: {\n passkey: PasskeySigner;\n submit?: (call: ChainCall) => Promise<{ transactionHash: string }>;\n }): Promise<{ transactionHash: string }> {\n if (this.status === \"ready\") {\n throw new Error(\"kit: this device is already an authorized signer\");\n }\n const { leaf, nonce } = await this.passkeyLeafForThisDevice();\n const leaves = [leaf];\n const assertion = await opts.passkey.assert(batchChallenge(leaves));\n return this.submitPasskeyApproval(assertion, leaves, 0, nonce, opts.submit);\n }\n\n /** This device's leaf + the current passkey nonce, for a (possibly multi-chain)\n * passkey approval batch. See `approveDeviceEverywhere`. */\n async passkeyLeafForThisDevice(): Promise<{ leaf: Uint8Array; nonce: bigint }> {\n const nonce = await this.adapter.getPasskeyNonce(this.address);\n return { leaf: this.adapter.passkeyLeaf(this.devicePubkey, nonce), nonce };\n }\n\n /** Submit `add_signer_via_passkey` given a (shared) assertion + this chain's\n * position in the batch. The assertion doesn't carry the passkey pubkey, so we\n * recover both candidates and pick the enrolled approver via the on-chain view\n * (no backend). Defaults to sponsoring through the paymaster. */\n async submitPasskeyApproval(\n assertion: PasskeyAssertion,\n leaves: Uint8Array[],\n leafIndex: number,\n nonce: bigint,\n submit?: (call: ChainCall) => Promise<{ transactionHash: string }>,\n ): Promise<{ transactionHash: string }> {\n const digest = webauthnDigest(assertion.authenticatorData, assertion.clientDataJSON);\n const candidates = recoverCandidatePublicKeys(assertion.r, assertion.s, digest);\n let yParity: boolean | null = null;\n for (const cand of candidates) {\n if (await this.adapter.isApprover(this.address, cand.publicKey)) {\n yParity = cand.yParity;\n break;\n }\n }\n if (yParity === null) {\n throw new Error(\"kit: this passkey is not a registered approver of the wallet\");\n }\n const call = this.adapter.buildAddSignerViaPasskey(\n this.address, this.devicePubkey, nonce, leaves, leafIndex, assertion, yParity,\n );\n if (submit) return submit(call);\n if (!this.paymaster) {\n throw new Error(\"kit: no paymaster configured — pass a `submit` relayer to approveThisDeviceWithPasskey\");\n }\n return paymasterExecuteDirect(this.paymaster, this.address, call);\n }\n\n /**\n * Register a self-custodial backup signer derived from `code`, so the account\n * can be recovered after the user loses every device. Idempotent: if the\n * derived backup key is already an authorised signer, this is a no-op.\n *\n * The code never leaves the device — only its deterministic public key is\n * added on-chain as an ordinary signer. Sponsor this like any other\n * add_signer (gasless). Returns the transaction hash (or undefined when the\n * backup was already set up).\n */\n async setupRecovery(code: string): Promise<{ transactionHash: string } | undefined> {\n const { publicKey: backupPubkey } = deriveBackupKey(code);\n // Skip the on-chain call if the backup signer is already registered.\n const already = await this.adapter.isAuthorizedSigner(this.address, backupPubkey);\n if (already) return undefined;\n return this.addSigner(backupPubkey);\n }\n\n /**\n * Recover an account after losing every device signer. Derives the backup key\n * from `code`, uses it (not the new device key) to sign an `add_signer` for\n * the new device, and returns a ready Cavos bound to the new device. The\n * account address is unchanged.\n *\n * Self-custodial: only someone holding the code (i.e. the rightful owner) can\n * re-derive the backup key. The backend never sees the code.\n */\n static async recover(opts: RecoveryOptions): Promise<Cavos> {\n const network = STARKNET_ENV[opts.network];\n const classHash = opts.classHash ?? DEVICE_ACCOUNT_CLASS_HASH[network];\n if (!classHash) throw new Error(`kit: no DeviceAccount class hash for ${network}`);\n\n const provider = new RpcProvider({\n nodeUrl: opts.rpcUrl ?? STARKNET_NETWORKS[network].rpcUrl,\n });\n const paymaster = new PaymasterRpc({\n nodeUrl: opts.paymasterUrl ?? CAVOS_PAYMASTER_URL[network],\n headers: { \"x-paymaster-api-key\": opts.paymasterApiKey },\n });\n\n // The new device's signer (created/loaded the same way connect() does).\n const signer = opts.createSigner\n ? await opts.createSigner(`${opts.identity.userId}:${opts.appSalt}`)\n : await WebCryptoSigner.loadOrCreate({ keyId: `${opts.identity.userId}:${opts.appSalt}` });\n const devicePubkey = await signer.getPublicKey();\n\n // The backup key drives THIS transaction: it's the only signer that can\n // authorise adding the new device after all device keys are lost.\n const backup = BackupSigner.fromCode(opts.code);\n const backupAdapter = new StarknetAdapter({ classHash, signer: backup, provider });\n\n const backendUrl = opts.backendUrl ?? \"https://cavos.xyz\";\n const registry =\n opts.registry ??\n (opts.appId\n ? new HttpWalletRegistry({ baseUrl: backendUrl, appId: opts.appId, network })\n : defaultRegistry);\n const existing = await registry.lookup(opts.identity.userId);\n if (!existing) {\n throw new Error(\"kit: no account found for this identity — nothing to recover\");\n }\n\n // Authorise the new device, signed by the backup key (sponsored).\n const backupAccount = new Account({\n provider,\n address: existing.address,\n signer: new StarknetDeviceSigner(backup),\n paymaster,\n cairoVersion: \"1\",\n });\n const alreadyAuthed = await backupAdapter.isAuthorizedSigner(existing.address, devicePubkey);\n if (!alreadyAuthed) {\n const res = await backupAccount.executePaymasterTransaction(\n [backupAdapter.buildAddSigner(existing.address, devicePubkey)],\n { feeMode: { mode: \"sponsored\" } },\n );\n try {\n await provider.waitForTransaction(res.transaction_hash);\n } catch (e) {\n console.warn(\"[Cavos] recovery add_signer receipt wait failed:\", e);\n }\n }\n\n // Hand control to the new device's signer for all future operations.\n const adapter = new StarknetAdapter({ classHash, signer, provider });\n const account = new Account({\n provider,\n address: existing.address,\n signer: new StarknetDeviceSigner(signer),\n paymaster,\n cairoVersion: \"1\",\n });\n return new Cavos(opts.identity, existing.address, \"ready\", account, adapter, devicePubkey);\n }\n}\n\n/**\n * Shared in-memory registry used when `ConnectOptions.registry` is omitted.\n * Module-level so a returning user is recognized within a single browser session\n * (real cross-device recognition needs an HTTP backend implementation).\n */\nconst defaultRegistry = new InMemoryWalletRegistry();\n\n/**\n * Client-side de-duplication of device-addition requests, keyed by user id. A\n * burst of connects (refresh, reconnect, retry) within this window reuses the\n * last requestId instead of emailing the owner again. Runtime-agnostic — works\n * without DOM/localStorage so the same code runs on native.\n */\nconst DEVICE_REQUEST_DEDUP_MS = 5 * 60 * 1000; // 5 minutes\nconst lastDeviceRequest = new Map<string, { requestId: string; requestedAt: number }>();\n\n/** Whether an account contract is already deployed at `address`. */\nasync function isDeployed(provider: RpcProvider, address: string): Promise<boolean> {\n try {\n const classHash = await provider.getClassHashAt(address);\n return !!classHash && classHash !== \"0x0\";\n } catch {\n return false;\n }\n}\n\n/** A chain wallet that can approve THIS device via a passkey (implemented by\n * `Cavos`, `CavosSolana`, `CavosStellar`). */\nexport interface PasskeyApprovable {\n readonly chain: string;\n readonly status: string;\n passkeyLeafForThisDevice(): Promise<{ leaf: Uint8Array; nonce: bigint }>;\n submitPasskeyApproval(\n assertion: PasskeyAssertion,\n leaves: Uint8Array[],\n leafIndex: number,\n nonce: bigint,\n ): Promise<{ transactionHash: string }>;\n}\n\n/**\n * Approve THIS device across several chains with a SINGLE passkey prompt. Each\n * chain is a separate account, so the device must be added per chain — but one\n * WebAuthn assertion over the batch challenge (`sha256(concat(leaves))`) suffices\n * for all of them. Only wallets whose status is `needs-device-approval` are\n * touched. Returns the per-chain tx hashes.\n *\n * await approveDeviceEverywhere([starknet, solana, stellar], passkey);\n */\nexport async function approveDeviceEverywhere(\n wallets: PasskeyApprovable[],\n passkey: PasskeySigner,\n): Promise<{ chain: string; transactionHash: string }[]> {\n const targets = wallets.filter((w) => w.status === \"needs-device-approval\");\n if (targets.length === 0) return [];\n const infos = await Promise.all(targets.map((w) => w.passkeyLeafForThisDevice()));\n const leaves = infos.map((i) => i.leaf);\n // ONE prompt: the passkey signs the batch challenge over every chain's leaf.\n const assertion = await passkey.assert(batchChallenge(leaves));\n const out: { chain: string; transactionHash: string }[] = [];\n for (let i = 0; i < targets.length; i++) {\n const { transactionHash } = await targets[i].submitPasskeyApproval(\n assertion, leaves, i, infos[i].nonce,\n );\n out.push({ chain: targets[i].chain, transactionHash });\n }\n return out;\n}\n\n/**\n * Sponsor a single call through the Cavos paymaster's `paymaster_executeDirectTransaction`\n * (AVNU-fork extension). In sponsored mode the forwarder runs a generic\n * `call_contract_syscall` (no SNIP-9 / device signature required), so the\n * passkey-authorized `add_signer_via_passkey` external is paid for by the\n * paymaster's relayer. The account's on-chain check (approver membership +\n * challenge binding) is the real authorization.\n */\nasync function paymasterExecuteDirect(\n paymaster: { url: string; apiKey?: string },\n userAddress: string,\n call: ChainCall,\n): Promise<{ transactionHash: string }> {\n const body = {\n jsonrpc: \"2.0\",\n id: 1,\n method: \"paymaster_executeDirectTransaction\",\n params: {\n transaction: {\n type: \"invoke\",\n invoke: {\n user_address: userAddress,\n execute_from_outside_call: {\n to: call.contractAddress,\n selector: hash.getSelectorFromName(call.entrypoint),\n calldata: call.calldata.map((c) => num.toHex(c)),\n },\n },\n },\n parameters: { version: \"0x1\", fee_mode: { mode: \"sponsored\" } },\n },\n };\n const res = await fetch(paymaster.url, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/json\",\n ...(paymaster.apiKey ? { \"x-paymaster-api-key\": paymaster.apiKey } : {}),\n },\n body: JSON.stringify(body),\n });\n const json = await res.json();\n if (json.error) {\n throw new Error(`kit: paymaster passkey approval failed: ${JSON.stringify(json.error)}`);\n }\n return { transactionHash: json.result?.transaction_hash ?? json.result?.tracking_id };\n}\n","import { hash, num } from \"starknet\";\nimport type { AuthProvider, Identity } from \"./AuthProvider\";\n\nexport interface CavosAuthOptions {\n /** Cavos backend base URL. Defaults to the hosted service (same as @cavos/react). */\n backendUrl?: string;\n /** App identifier registered with Cavos (the `appId` from the dashboard). */\n appId?: string;\n}\n\n/**\n * Hosted login (Privy-like) backed by the Cavos backend — same endpoints\n * `@cavos/react` uses (Google / Apple OAuth + Firebase email OTP). Login only\n * resolves a stable `userId` (the OAuth `sub` claim); it never touches signing.\n * Feed the returned `Identity` to `Cavos.connect`.\n *\n * const auth = new CavosAuth({ appId });\n * // social: open the returned URL; user returns, then:\n * const identity = await auth.handleCallback(window.location.search);\n * // or email OTP:\n * await auth.sendOtp(email); const identity = await auth.verifyOtp(email, code);\n * const cavos = await Cavos.connect({ network, appSalt, identity, paymasterApiKey });\n *\n * Device-signer model note: the backend issues a Cavos JWT (the same one react\n * uses for on-chain RSA verification). Here we only need the stable `sub` claim\n * from it — the RSA/JWKS/nonce machinery react relies on is dead weight for the\n * device model, because the device key (not the JWT) authorizes on-chain calls.\n * We still send a `nonce` (Poseidon over random bytes) since the backend expects\n * it on the request; the value itself is irrelevant to us.\n */\nexport class CavosAuth implements AuthProvider {\n private readonly backendUrl: string;\n /** Most recent nonce sent to the backend (for the pending OAuth/OTP request). */\n private pendingNonce: string | null = null;\n private last: Identity | null = null;\n\n constructor(private readonly opts: CavosAuthOptions = {}) {\n this.backendUrl = opts.backendUrl ?? \"https://cavos.xyz\";\n }\n\n /** Redirect URL for Google login (open it; user returns to your redirectUri). */\n async getGoogleOAuthUrl(redirectUri?: string): Promise<string> {\n return this.oauthUrl(\"google\", redirectUri);\n }\n\n /** Redirect URL for Apple login. */\n async getAppleOAuthUrl(redirectUri?: string): Promise<string> {\n return this.oauthUrl(\"apple\", redirectUri);\n }\n\n private async oauthUrl(provider: \"google\" | \"apple\", redirectUri?: string): Promise<string> {\n if (typeof window === \"undefined\") throw new Error(\"kit/auth: OAuth requires a browser\");\n const params = new URLSearchParams({\n nonce: this.freshNonce(),\n redirect_uri: redirectUri ?? window.location.href,\n ...(this.opts.appId ? { app_id: this.opts.appId } : {}),\n });\n const { url } = await this.get(`/api/oauth/${provider}?${params}`);\n return url;\n }\n\n /**\n * Resolve the identity from an OAuth callback. The auth data is carried in the\n * `auth_data` (or `zk_auth_data`) query param on return. We only extract `sub`.\n */\n async handleCallback(authDataOrSearch: string): Promise<Identity> {\n const authData = extractAuthData(authDataOrSearch);\n return this.identityFromAuthData(authData, \"oauth\");\n }\n\n /** Send a one-time code to an email (Firebase OTP). */\n async sendOtp(email: string): Promise<void> {\n await this.post(\"/api/oauth/firebase/otp/request\", {\n email,\n nonce: this.freshNonce(),\n ...(this.opts.appId ? { app_id: this.opts.appId } : {}),\n });\n }\n\n /** Send a passwordless magic-link sign-in email (Firebase). */\n async sendMagicLink(email: string): Promise<void> {\n await this.post(\"/api/oauth/firebase/magic-link\", {\n email,\n nonce: this.freshNonce(),\n ...(this.opts.appId ? { app_id: this.opts.appId } : {}),\n ...(typeof window !== \"undefined\" ? { redirect_uri: window.location.href } : {}),\n });\n }\n\n /** Verify the OTP and resolve the identity. */\n async verifyOtp(email: string, code: string): Promise<Identity> {\n const res = await this.post(\"/api/oauth/firebase/otp/verify\", {\n email,\n code,\n nonce: this.consumeNonce(),\n ...(this.opts.appId ? { app_id: this.opts.appId } : {}),\n });\n return this.identityFromAuthData(res.id_token ?? res.jwt ?? res.token ?? JSON.stringify(res), \"otp\", email);\n }\n\n /** AuthProvider: returns the identity resolved by the last login step. */\n async authenticate(): Promise<Identity> {\n if (!this.last) throw new Error(\"kit/auth: no identity yet — complete a login first\");\n return this.last;\n }\n\n // ── internals ──────────────────────────────────────────────────────────────\n\n /**\n * Build an `Identity` from whatever the backend returned. The Cavos backend\n * wraps the user id in a JWT (its `sub` claim); for the device model we only\n * need that stable id — the signature is never checked on-chain.\n */\n private async identityFromAuthData(\n authData: string,\n provider: string,\n emailOverride?: string,\n ): Promise<Identity> {\n let token = authData;\n try {\n const parsed = JSON.parse(authData);\n token = parsed.id_token ?? parsed.jwt ?? parsed.token ?? authData;\n } catch {\n // raw JWT\n }\n const claims = parseJwt(token);\n return this.remember({\n userId: String(claims.sub ?? claims.user_id ?? claims.uid),\n email: claims.email ?? emailOverride,\n provider: claims.firebase?.sign_in_provider ?? claims.provider ?? provider,\n });\n }\n\n /** Generate (and remember) the nonce the Cavos backend expects on requests. */\n private freshNonce(): string {\n // 31-byte random felt; matches the shape the backend validates, value is\n // irrelevant to the device-signer model.\n const bytes = crypto.getRandomValues(new Uint8Array(31));\n const h = hash.computePoseidonHashOnElements([bytesToChunks(bytes)]);\n this.pendingNonce = num.toHex(h);\n return this.pendingNonce;\n }\n\n /** Return the pending nonce (for the verify step), clearing it. */\n private consumeNonce(): string {\n if (!this.pendingNonce) return this.freshNonce();\n const n = this.pendingNonce;\n this.pendingNonce = null;\n return n;\n }\n\n private remember(id: Identity): Identity {\n this.last = id;\n return id;\n }\n\n private async get(path: string): Promise<any> {\n const r = await fetch(`${this.backendUrl}${path}`);\n if (!r.ok) throw new Error(`kit/auth: ${path} -> ${r.status} ${await r.text()}`);\n return r.json();\n }\n\n private async post(path: string, body: unknown): Promise<any> {\n const r = await fetch(`${this.backendUrl}${path}`, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify(body),\n });\n if (!r.ok) throw new Error(`kit/auth: ${path} -> ${r.status} ${await r.text()}`);\n return r.json();\n }\n}\n\n/** Pull the `auth_data` / `zk_auth_data` value out of a callback string. */\nfunction extractAuthData(input: string): string {\n if (input.includes(\"auth_data=\") || input.includes(\"zk_auth_data=\")) {\n const params = new URLSearchParams(input.startsWith(\"?\") ? input : `?${input}`);\n return params.get(\"auth_data\") ?? params.get(\"zk_auth_data\") ?? input;\n }\n return input;\n}\n\n/** Decode a JWT payload (no verification — the backend already validated it). */\nfunction parseJwt(jwt: string): any {\n const part = jwt.split(\".\")[1];\n if (!part) throw new Error(\"kit/auth: malformed JWT\");\n const json = atob(part.replace(/-/g, \"+\").replace(/_/g, \"/\"));\n return JSON.parse(json);\n}\n\n/** Pack a byte array into the felt252 chunks Poseidon hashes over. */\nfunction bytesToChunks(bytes: Uint8Array): bigint {\n let w = 0n;\n for (const b of bytes.subarray(0, 31)) w = (w << 8n) | BigInt(b);\n return w;\n}\n"]}
|