@cedros/login-react 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (200) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +1183 -0
  3. package/dist/EmailRegisterForm-D_uCEdX9.cjs +1 -0
  4. package/dist/EmailRegisterForm-D_uCEdX9.cjs.map +1 -0
  5. package/dist/EmailRegisterForm-m3rX3A6X.js +2923 -0
  6. package/dist/EmailRegisterForm-m3rX3A6X.js.map +1 -0
  7. package/dist/ErrorMessage-Bm1j5mBT.js +2042 -0
  8. package/dist/ErrorMessage-Bm1j5mBT.js.map +1 -0
  9. package/dist/ErrorMessage-CntMyn93.cjs +1 -0
  10. package/dist/ErrorMessage-CntMyn93.cjs.map +1 -0
  11. package/dist/GoogleLoginButton-CJNJ-THo.cjs +1 -0
  12. package/dist/GoogleLoginButton-CJNJ-THo.cjs.map +1 -0
  13. package/dist/GoogleLoginButton-CvDoOc-0.js +227 -0
  14. package/dist/GoogleLoginButton-CvDoOc-0.js.map +1 -0
  15. package/dist/SolanaLoginButton-BlSgPW50.cjs +1 -0
  16. package/dist/SolanaLoginButton-BlSgPW50.cjs.map +1 -0
  17. package/dist/SolanaLoginButton-h32xN2PQ.js +261 -0
  18. package/dist/SolanaLoginButton-h32xN2PQ.js.map +1 -0
  19. package/dist/assets/argon2Worker-Bi5TuQvD.js +1 -0
  20. package/dist/assets/argon2Worker-Bi5TuQvD.js.map +1 -0
  21. package/dist/components/LoginButton.d.ts +23 -0
  22. package/dist/components/LoginForm.d.ts +9 -0
  23. package/dist/components/LoginModal.d.ts +9 -0
  24. package/dist/components/admin/AdminUserDetail.d.ts +21 -0
  25. package/dist/components/admin/AdminUserList.d.ts +25 -0
  26. package/dist/components/admin/CedrosAdminDashboard.d.ts +48 -0
  27. package/dist/components/admin/SystemSettings.d.ts +19 -0
  28. package/dist/components/apple/AppleLoginButton.d.ts +29 -0
  29. package/dist/components/deposit/CreditBalance.d.ts +19 -0
  30. package/dist/components/deposit/DepositFlow.d.ts +118 -0
  31. package/dist/components/deposit/FeeConfigDisplay.d.ts +15 -0
  32. package/dist/components/deposit/History.d.ts +21 -0
  33. package/dist/components/deposit/TieredAmountSlider.d.ts +19 -0
  34. package/dist/components/deposit/TokenSelector.d.ts +23 -0
  35. package/dist/components/deposit/admin/AdminDepositList.d.ts +21 -0
  36. package/dist/components/deposit/admin/AdminDepositStats.d.ts +15 -0
  37. package/dist/components/deposit/admin/AdminPrivacyPeriodDeposits.d.ts +19 -0
  38. package/dist/components/deposit/admin/AdminWithdrawalHistory.d.ts +19 -0
  39. package/dist/components/deposit/admin/AdminWithdrawalQueue.d.ts +23 -0
  40. package/dist/components/deposit/admin/PrivacySystemStatus.d.ts +15 -0
  41. package/dist/components/deposit/admin/index.d.ts +17 -0
  42. package/dist/components/deposit/index.d.ts +12 -0
  43. package/dist/components/deposit/tierUtils.d.ts +8 -0
  44. package/dist/components/deposit/tokens.d.ts +19 -0
  45. package/dist/components/email/EmailLoginForm.d.ts +11 -0
  46. package/dist/components/email/EmailRegisterForm.d.ts +14 -0
  47. package/dist/components/email/ForgotPasswordForm.d.ts +17 -0
  48. package/dist/components/email/PasswordInput.d.ts +14 -0
  49. package/dist/components/email/ResetPasswordForm.d.ts +22 -0
  50. package/dist/components/google/GoogleLoginButton.d.ts +12 -0
  51. package/dist/components/invites/InviteForm.d.ts +38 -0
  52. package/dist/components/invites/InviteList.d.ts +40 -0
  53. package/dist/components/members/MemberList.d.ts +47 -0
  54. package/dist/components/org/CreateOrgForm.d.ts +7 -0
  55. package/dist/components/org/OrgAvatar.d.ts +7 -0
  56. package/dist/components/org/OrgListView.d.ts +9 -0
  57. package/dist/components/org/OrgSelector.d.ts +51 -0
  58. package/dist/components/org/OrgSwitcher.d.ts +47 -0
  59. package/dist/components/org/icons.d.ts +8 -0
  60. package/dist/components/sessions/SessionList.d.ts +33 -0
  61. package/dist/components/shared/ErrorBoundary.d.ts +38 -0
  62. package/dist/components/shared/ErrorMessage.d.ts +14 -0
  63. package/dist/components/shared/LoadingSpinner.d.ts +16 -0
  64. package/dist/components/solana/SolanaLoginButton.d.ts +49 -0
  65. package/dist/components/templates/FullPageLayout.d.ts +40 -0
  66. package/dist/components/templates/SplitPageLayout.d.ts +44 -0
  67. package/dist/components/templates/index.d.ts +4 -0
  68. package/dist/components/totp/OtpInput.d.ts +32 -0
  69. package/dist/components/totp/QrCode.d.ts +21 -0
  70. package/dist/components/totp/TotpSettings.d.ts +38 -0
  71. package/dist/components/totp/TotpSetup.d.ts +23 -0
  72. package/dist/components/totp/TotpVerify.d.ts +25 -0
  73. package/dist/components/totp/index.d.ts +10 -0
  74. package/dist/components/wallet/CapabilityWarning.d.ts +11 -0
  75. package/dist/components/wallet/PasskeyPrompt.d.ts +34 -0
  76. package/dist/components/wallet/RecoveryPhraseDisplay.d.ts +18 -0
  77. package/dist/components/wallet/RecoveryPhraseInput.d.ts +21 -0
  78. package/dist/components/wallet/WalletAddressRow.d.ts +10 -0
  79. package/dist/components/wallet/WalletEnrollment.d.ts +15 -0
  80. package/dist/components/wallet/WalletManager.d.ts +9 -0
  81. package/dist/components/wallet/WalletRecovery.d.ts +19 -0
  82. package/dist/components/wallet/WalletStatus.d.ts +28 -0
  83. package/dist/components/wallet/WalletUnlock.d.ts +23 -0
  84. package/dist/components/wallet/index.d.ts +23 -0
  85. package/dist/components/webauthn/PasskeyLoginButton.d.ts +8 -0
  86. package/dist/context/CedrosLoginContext.d.ts +24 -0
  87. package/dist/context/CedrosLoginProvider.d.ts +17 -0
  88. package/dist/context/EmbeddedWalletExposure.d.ts +19 -0
  89. package/dist/context/useCedrosLogin.d.ts +12 -0
  90. package/dist/crypto/aesGcm.d.ts +89 -0
  91. package/dist/crypto/argon2.d.ts +65 -0
  92. package/dist/crypto/argon2Worker.d.ts +1 -0
  93. package/dist/crypto/argon2WorkerClient.d.ts +28 -0
  94. package/dist/crypto/bip39.d.ts +106 -0
  95. package/dist/crypto/capabilities.d.ts +35 -0
  96. package/dist/crypto/entropy.d.ts +56 -0
  97. package/dist/crypto/hkdf.d.ts +38 -0
  98. package/dist/crypto/index.d.ts +30 -0
  99. package/dist/crypto/secureWipe.d.ts +90 -0
  100. package/dist/crypto/shamir.d.ts +52 -0
  101. package/dist/crypto/solanaKeypair.d.ts +63 -0
  102. package/dist/crypto/types.d.ts +134 -0
  103. package/dist/crypto/webauthnPrf.d.ts +118 -0
  104. package/dist/email-only.cjs +1 -0
  105. package/dist/email-only.cjs.map +1 -0
  106. package/dist/email-only.d.ts +16 -0
  107. package/dist/email-only.js +15 -0
  108. package/dist/email-only.js.map +1 -0
  109. package/dist/google-only.cjs +1 -0
  110. package/dist/google-only.cjs.map +1 -0
  111. package/dist/google-only.d.ts +13 -0
  112. package/dist/google-only.js +11 -0
  113. package/dist/google-only.js.map +1 -0
  114. package/dist/hooks/useAdminDeposits.d.ts +10 -0
  115. package/dist/hooks/useAdminUsers.d.ts +28 -0
  116. package/dist/hooks/useAppleAuth.d.ts +52 -0
  117. package/dist/hooks/useAuth.d.ts +34 -0
  118. package/dist/hooks/useAuthSession.d.ts +19 -0
  119. package/dist/hooks/useAuthorize.d.ts +62 -0
  120. package/dist/hooks/useCredits.d.ts +11 -0
  121. package/dist/hooks/useDeposit.d.ts +16 -0
  122. package/dist/hooks/useEmailAuth.d.ts +60 -0
  123. package/dist/hooks/useGoogleAuth.d.ts +67 -0
  124. package/dist/hooks/useInstantLink.d.ts +42 -0
  125. package/dist/hooks/useInvites.d.ts +57 -0
  126. package/dist/hooks/useMembers.d.ts +52 -0
  127. package/dist/hooks/useOrgs.d.ts +49 -0
  128. package/dist/hooks/usePasswordReset.d.ts +32 -0
  129. package/dist/hooks/usePendingRecovery.d.ts +34 -0
  130. package/dist/hooks/useRateLimiter.d.ts +58 -0
  131. package/dist/hooks/useSessions.d.ts +45 -0
  132. package/dist/hooks/useSolanaAuth.d.ts +30 -0
  133. package/dist/hooks/useSystemSettings.d.ts +47 -0
  134. package/dist/hooks/useThemeManager.d.ts +11 -0
  135. package/dist/hooks/useTotp.d.ts +52 -0
  136. package/dist/hooks/useTotpVerify.d.ts +38 -0
  137. package/dist/hooks/useTransactionSigning.d.ts +45 -0
  138. package/dist/hooks/useWallet.d.ts +10 -0
  139. package/dist/hooks/useWalletDiscovery.d.ts +24 -0
  140. package/dist/hooks/useWalletEnrollment.d.ts +9 -0
  141. package/dist/hooks/useWalletMaterial.d.ts +10 -0
  142. package/dist/hooks/useWalletRecovery.d.ts +9 -0
  143. package/dist/hooks/useWalletSigning.d.ts +31 -0
  144. package/dist/hooks/useWebAuthn.d.ts +25 -0
  145. package/dist/i18n/I18nProvider.d.ts +16 -0
  146. package/dist/i18n/context.d.ts +6 -0
  147. package/dist/i18n/index.d.ts +5 -0
  148. package/dist/i18n/translations.d.ts +66 -0
  149. package/dist/i18n/useI18n.d.ts +9 -0
  150. package/dist/index.cjs +2061 -0
  151. package/dist/index.cjs.map +1 -0
  152. package/dist/index.d.ts +126 -0
  153. package/dist/index.js +14910 -0
  154. package/dist/index.js.map +1 -0
  155. package/dist/login-react.css +1 -0
  156. package/dist/solana-only.cjs +1 -0
  157. package/dist/solana-only.cjs.map +1 -0
  158. package/dist/solana-only.d.ts +13 -0
  159. package/dist/solana-only.js +11 -0
  160. package/dist/solana-only.js.map +1 -0
  161. package/dist/style.cjs +1 -0
  162. package/dist/style.cjs.map +1 -0
  163. package/dist/style.js +1 -0
  164. package/dist/style.js.map +1 -0
  165. package/dist/types/adminUser.d.ts +112 -0
  166. package/dist/types/auth.d.ts +122 -0
  167. package/dist/types/config.d.ts +266 -0
  168. package/dist/types/deposit.d.ts +488 -0
  169. package/dist/types/index.d.ts +11 -0
  170. package/dist/types/invite.d.ts +71 -0
  171. package/dist/types/member.d.ts +45 -0
  172. package/dist/types/org.d.ts +101 -0
  173. package/dist/types/session.d.ts +28 -0
  174. package/dist/types/systemSettings.d.ts +81 -0
  175. package/dist/types/totp.d.ts +52 -0
  176. package/dist/types/wallet.d.ts +309 -0
  177. package/dist/utils/adminUserApi.d.ts +51 -0
  178. package/dist/utils/apiClient.d.ts +78 -0
  179. package/dist/utils/cryptoShim.d.ts +17 -0
  180. package/dist/utils/csrf.d.ts +1 -0
  181. package/dist/utils/deviceDetection.d.ts +17 -0
  182. package/dist/utils/embeddedWallet.d.ts +75 -0
  183. package/dist/utils/inviteApi.d.ts +31 -0
  184. package/dist/utils/memberApi.d.ts +23 -0
  185. package/dist/utils/orgApi.d.ts +36 -0
  186. package/dist/utils/sanitization.d.ts +66 -0
  187. package/dist/utils/sessionApi.d.ts +16 -0
  188. package/dist/utils/silentWalletEnroll.d.ts +41 -0
  189. package/dist/utils/systemSettingsApi.d.ts +18 -0
  190. package/dist/utils/tabSync.d.ts +46 -0
  191. package/dist/utils/tokenManager.d.ts +107 -0
  192. package/dist/utils/unlockCredential.d.ts +5 -0
  193. package/dist/utils/validation.d.ts +48 -0
  194. package/dist/utils/walletDetection.d.ts +23 -0
  195. package/dist/utils/webauthnJson.d.ts +21 -0
  196. package/dist/validation-BeXIfuHB.cjs +1 -0
  197. package/dist/validation-BeXIfuHB.cjs.map +1 -0
  198. package/dist/validation-BebL7hMF.js +56 -0
  199. package/dist/validation-BebL7hMF.js.map +1 -0
  200. package/package.json +109 -0
package/dist/ErrorMessage-CntMyn93.cjs ADDED
@@ -0,0 +1 @@
1
+ "use strict";const F=require("react/jsx-runtime"),o=require("react"),ie=o.createContext(null);function be({theme:e,themeOverrides:t}){o.useEffect(()=>{if(typeof document>"u"||typeof window>"u")return;const A=document.documentElement;let r=!1;e==="dark"?(A.classList.add("cedros-dark"),r=!0):e==="light"?A.classList.remove("cedros-dark"):window.matchMedia("(prefers-color-scheme: dark)").matches?(A.classList.add("cedros-dark"),r=!0):A.classList.remove("cedros-dark");const n=new Map;return t&&Object.entries(t).forEach(([i,s])=>{if(s){const a=A.style.getPropertyValue(i);n.set(i,a),A.style.setProperty(i,s)}}),()=>{r&&A.classList.remove("cedros-dark"),n.forEach((i,s)=>{i?A.style.setProperty(s,i):A.style.removeProperty(s)})}},[e,t])}const Ge="cedros_tokens",Ke=6e4;class He{storage;requestedStorage;storageKey;tokens=null;expiresAt=0;refreshTimer=null;onRefreshNeeded=null;onSessionExpired=null;onRefreshError=null;isDestroyed=!1;allowWebStorage;constructor(t="cookie",A=Ge,r={}){this.requestedStorage=t,this.storage=t,this.storageKey=A,this.allowWebStorage=r.allowWebStorage??!1,this.warnIfLocalStorage(),!this.allowWebStorage&&(this.requestedStorage==="localStorage"||this.requestedStorage==="sessionStorage")&&(this.storage="memory"),this.loadFromStorage()}warnIfLocalStorage(){if((this.requestedStorage==="localStorage"||this.requestedStorage==="sessionStorage")&&typeof console<"u"){const t=this.allowWebStorage?"":" (web storage disabled by default; set allowWebStorage=true to enable)";console.warn("[cedros-login] SECURITY: Using web storage for token storage. Tokens are vulnerable to XSS attacks."+t+" PRODUCTION RECOMMENDATIONS: (1) Use httpOnly cookie storage instead, (2) If web storage required: implement strict Content-Security-Policy, sanitize all input/output, audit third-party scripts. See https://owasp.org/www-community/attacks/xss/")}}setRefreshCallback(t){this.onRefreshNeeded=t,this.scheduleRefresh()}setSessionExpiredCallback(t){this.onSessionExpired=t}setRefreshErrorCallback(t){this.onRefreshError=t}setTokens(t){this.tokens=t,this.expiresAt=Date.now()+t.expiresIn*1e3,this.saveToStorage(),this.scheduleRefresh()}getAccessToken(){if(this.isDestroyed)return null;const t=this.tokens?.accessToken;return t?Date.now()>=this.expiresAt?(this.clear(),this.onSessionExpired?.(),null):t:null}getRefreshToken(){return this.tokens?.refreshToken??null}clear(){this.tokens=null,this.expiresAt=0,this.cancelRefresh(),this.clearStorage()}hasTokens(){return this.tokens!==null&&Date.now()<this.expiresAt}destroy(){this.isDestroyed=!0,this.cancelRefresh(),this.onRefreshNeeded=null,this.onSessionExpired=null,this.onRefreshError=null,this.tokens=null}getTimeUntilExpiry(){return this.tokens?Math.max(0,this.expiresAt-Date.now()):0}scheduleRefresh(){if(this.cancelRefresh(),!this.tokens||!this.onRefreshNeeded)return;const t=this.getTimeUntilExpiry(),A=Math.max(0,t-Ke);if(A<=0){if(this.isDestroyed)return;this.onRefreshNeeded().catch(r=>{if(this.isDestroyed)return;const n=r instanceof Error?r:new Error("Token refresh failed");this.onRefreshError?.(n),this.clear(),this.onSessionExpired?.()});return}this.refreshTimer=setTimeout(()=>{this.isDestroyed||this.onRefreshNeeded?.().catch(r=>{if(this.isDestroyed)return;const n=r instanceof Error?r:new Error("Token refresh failed");this.onRefreshError?.(n),this.clear(),this.onSessionExpired?.()})},A)}cancelRefresh(){this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null)}loadFromStorage(){if(this.storage!=="memory"&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage,A=t.getItem(this.storageKey);if(A){const r=JSON.parse(A);this.isValidStoredTokenData(r)?r.expiresAt>Date.now()?(this.tokens=r.tokens,this.expiresAt=r.expiresAt):t.removeItem(this.storageKey):t.removeItem(this.storageKey)}}}catch{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage;try{t.removeItem(this.storageKey)}catch{}}}}isValidStoredTokenData(t){if(typeof t!="object"||t===null)return!1;const A=t;if(typeof A.expiresAt!="number"||typeof A.tokens!="object"||A.tokens===null)return!1;const r=A.tokens;return!(typeof r.accessToken!="string"||typeof r.refreshToken!="string"||typeof r.expiresIn!="number")}saveToStorage(){if(!(this.storage==="memory"||!this.tokens)&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage,A={tokens:this.tokens,expiresAt:this.expiresAt};t.setItem(this.storageKey,JSON.stringify(A))}}catch{}}clearStorage(){if(this.storage!=="memory"&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{(this.storage==="localStorage"||this.storage==="sessionStorage")&&(this.storage==="localStorage"?localStorage:sessionStorage).removeItem(this.storageKey)}catch{}}}const Je="cedros_auth_sync";class Me{channel=null;callback=null;boundHandler=null;constructor(){typeof window<"u"&&"BroadcastChannel"in window&&(this.channel=new BroadcastChannel(Je),this.boundHandler=this.handleMessage.bind(this),this.channel.addEventListener("message",this.boundHandler))}handleMessage(t){this.callback?.(t.data)}setCallback(t){this.callback=t}broadcastLogin(t){this.channel?.postMessage({type:"login",user:t})}broadcastLogout(){this.channel?.postMessage({type:"logout"})}broadcastRefresh(){this.channel?.postMessage({type:"refresh"})}close(){this.channel&&(this.boundHandler&&(this.channel.removeEventListener("message",this.boundHandler),this.boundHandler=null),this.channel.close(),this.channel=null),this.callback=null}}const ge=20;function ee(){if(typeof document>"u")return null;const e=document.querySelector('meta[name="csrf-token"]');if(e){const A=e.getAttribute("content");if(A&&A.length>=ge)return A}const t=document.cookie.split(";");for(const A of t){const[r,...n]=A.trim().split("="),i=n.join("="),s=r.toLowerCase();if(s==="xsrf-token"||s==="csrf-token")try{const a=decodeURIComponent(i.trim());if(a.length>=ge)return a}catch{continue}}return null}function Y(e){if(typeof e!="object"||e===null)return!1;const t=e;if(typeof t.user!="object"||t.user===null)return!1;const A=t.user;return typeof A.id=="string"&&A.id.length>0}function Ne(e){if(typeof e!="object"||e===null)return!1;const t=e;return typeof t.accessToken=="string"&&t.accessToken.length>0&&typeof t.refreshToken=="string"&&t.refreshToken.length>0&&typeof t.expiresIn=="number"&&t.expiresIn>0}function xe({serverUrl:e,session:t,callbacks:A,requestTimeoutMs:r}){const[n,i]=o.useState(null),[s,a]=o.useState("idle"),l=o.useRef(null),Q=o.useRef(null),d=o.useRef(A),y=o.useRef(!0),w=o.useRef(null);o.useEffect(()=>{d.current=A},[A]),o.useEffect(()=>(y.current=!0,()=>{y.current=!1}),[]);const B=o.useCallback(I=>{y.current&&i(I)},[]),f=o.useCallback(I=>{y.current&&a(I)},[]),h=o.useMemo(()=>({storage:t?.storage??"cookie",autoRefresh:t?.autoRefresh??!0,syncTabs:t?.syncTabs??!0,persistKey:t?.persistKey,allowWebStorage:t?.allowWebStorage??!1}),[t?.storage,t?.autoRefresh,t?.syncTabs,t?.persistKey,t?.allowWebStorage]);o.useEffect(()=>(l.current=new He(h.storage,h.persistKey,{allowWebStorage:h.allowWebStorage}),h.syncTabs&&(Q.current=new Me),()=>{l.current?.destroy(),l.current=null,Q.current?.close()}),[h.storage,h.syncTabs,h.persistKey,h.allowWebStorage]);const g=o.useCallback(async()=>{if(w.current)return w.current;const I=l.current?.getRefreshToken(),p=!!I,m=ee(),U={};p&&(U["Content-Type"]="application/json"),m&&(U["X-CSRF-Token"]=m);const J=(async()=>{const M=new AbortController,v=r??1e4,Ue=window.setTimeout(()=>M.abort(),v);try{const ae=await fetch(`${e}/refresh`,{method:"POST",headers:Object.keys(U).length>0?U:void 0,credentials:"include",body:p?JSON.stringify({refreshToken:I}):void 0,signal:M.signal});if(!ae.ok)throw new Error("Token refresh failed");const j=await ae.json();if(j.tokens){if(!Ne(j.tokens))throw new Error("Invalid token response structure");l.current?.setTokens(j.tokens)}else if(h.storage!=="cookie")throw new Error("Token refresh failed");Q.current?.broadcastRefresh()}finally{window.clearTimeout(Ue)}})();w.current=J;try{await J}finally{w.current=null}},[e,h.storage,r]),c=o.useCallback(()=>{if(h.storage==="cookie")return;const I=l.current?.getAccessToken();if(I)return{Authorization:`Bearer ${I}`}},[h.storage]),u=o.useCallback(()=>{l.current?.clear(),B(null),f("unauthenticated"),d.current?.onSessionExpired?.()},[f,B]);o.useEffect(()=>{l.current&&(h.autoRefresh&&l.current.setRefreshCallback(g),l.current.setSessionExpiredCallback(u))},[h.autoRefresh,g,u]);const E=o.useCallback(async()=>{try{const I=await fetch(`${e}/user`,{credentials:"include",headers:c()});if(I.ok){const p=await I.json();if(Y(p)){B(p.user),f("authenticated");return}}if(I.status===401&&h.autoRefresh){try{await g()}catch{u();return}const p=await fetch(`${e}/user`,{credentials:"include",headers:c()});if(p.ok){const m=await p.json();if(Y(m)){B(m.user),f("authenticated");return}}}B(null),f("unauthenticated")}catch{}},[e,h.autoRefresh,g,c,u,f,B]);o.useEffect(()=>{!Q.current||!h.syncTabs||Q.current.setCallback(I=>{switch(I.type){case"login":B(I.user),f("authenticated");break;case"logout":B(null),f("unauthenticated"),l.current?.clear();break;case"refresh":E();break;default:console.warn("[Cedros Login] Unhandled tab sync event:",I)}})},[h.syncTabs,E,f,B]),o.useEffect(()=>{const I=new AbortController,p=r??1e4,m=window.setTimeout(()=>I.abort(),p);return(async()=>{f("loading");try{const J=await fetch(`${e}/user`,{credentials:"include",headers:c(),signal:I.signal});if(J.ok){const M=await J.json();if(Y(M)){B(M.user),f("authenticated");return}}if(J.status===401&&h.autoRefresh){try{await g()}catch{u();return}const M=await fetch(`${e}/user`,{credentials:"include",headers:c(),signal:I.signal});if(M.ok){const v=await M.json();if(Y(v)){B(v.user),f("authenticated");return}}}B(null),f("unauthenticated")}catch{B(null),f("unauthenticated")}})(),()=>{window.clearTimeout(m),I.abort()}},[e,h.autoRefresh,g,c,u,f,B,r]);const D=o.useCallback((I,p)=>{B(I),f("authenticated"),p&&l.current?.setTokens(p),y.current&&Q.current?.broadcastLogin(I)},[B,f]),k=o.useCallback(async()=>{const I=ee();try{await fetch(`${e}/logout`,{method:"POST",headers:{...I?{"X-CSRF-Token":I}:{},...c()??{}},credentials:"include"})}catch{}finally{B(null),f("unauthenticated"),l.current?.clear(),Q.current?.broadcastLogout(),d.current?.onLogout?.()}},[e,c,B,f]),C=o.useCallback(()=>l.current?.getAccessToken()??null,[]);return{user:n,authState:s,handleLoginSuccess:D,logout:k,refreshUser:E,getAccessToken:C}}function ne(){const e=o.useContext(ie);if(!e)throw new Error("useCedrosLogin must be used within a CedrosLoginProvider");return e}function se(){return o.useContext(ie)}const fe={mCost:19456,tCost:2,pCost:1};function Ve(e){return e.length===16}function Pe(e){if(e.length===16)return!0;if(e.length<18)return!1;const t=e[0];return!(t!==128&&t!==8)}function Oe(e){return e.length===32}function ve(e){return e.length===12}function Ye(e){return e.length>=16}function Te(e){return e.length===32}function we(e){if(!Ve(e))throw new Error(`Invalid seed length: expected 16, got ${e.length}`);return e}function Re(e){if(!Pe(e))throw new Error(`Invalid share length: expected >=16, got ${e.length}`);return e}function oe(e){if(!Oe(e))throw new Error(`Invalid key length: expected 32, got ${e.length}`);return e}function Le(e){if(!ve(e))throw new Error(`Invalid nonce length: expected 12, got ${e.length}`);return e}function Xe(e){if(!Ye(e))throw new Error(`Invalid salt length: expected >=16, got ${e.length}`);return e}function We(e){if(!Te(e))throw new Error(`Invalid PRF salt length: expected 32, got ${e.length}`);return e}function N(e){return new Uint8Array(e)}function L(e){if(typeof crypto>"u"||!crypto.getRandomValues)throw new Error("WebCrypto API not available. Secure random generation requires a modern browser.");const t=new Uint8Array(e);return crypto.getRandomValues(t),t}function je(){return we(L(16))}function qe(){return Le(L(12))}function Ze(){return Xe(L(16))}function Qe(){return We(L(32))}function Ie(e){if(!(!e||e.length===0)){e.fill(0);for(let t=0;t<e.length;t++)e[t]=t*90&255;e.fill(0)}}function _e(...e){for(const t of e)t&&Ie(t)}async function $e(e){return crypto.subtle.importKey("raw",N(e),{name:"AES-GCM",length:256},!1,["encrypt","decrypt"])}async function ze(e,t,A){const r=A??qe(),n=await $e(t),i=await crypto.subtle.encrypt({name:"AES-GCM",iv:N(r)},n,N(e));return{ciphertext:new Uint8Array(i),nonce:r}}async function et(e,t){const A=await ze(e,t);return{ciphertext:O(A.ciphertext),nonce:O(A.nonce)}}function O(e){const A=[];for(let r=0;r<e.length;r+=32768){const n=e.subarray(r,Math.min(r+32768,e.length));A.push(String.fromCharCode(...n))}return btoa(A.join(""))}function Be(e){let t;try{t=atob(e)}catch{throw new Error("Invalid base64 string: input is malformed or contains invalid characters")}const A=new Uint8Array(t.length);for(let r=0;r<t.length;r++)A[r]=t.charCodeAt(r);return A}async function tt(e,t,A,r=32){const n=await crypto.subtle.importKey("raw",N(e),"HKDF",!1,["deriveBits"]),i=new TextEncoder().encode(A),s=await crypto.subtle.deriveBits({name:"HKDF",hash:"SHA-256",salt:N(t??new Uint8Array(32)),info:N(i)},n,r*8);return new Uint8Array(s)}async function At(e,t){const A=await tt(e,t,"cedros-wallet-share-b-encryption",32);return oe(A)}async function rt(){try{const e=await crypto.subtle.importKey("raw",new Uint8Array(32),"HKDF",!1,["deriveBits"]);return await crypto.subtle.deriveBits({name:"HKDF",hash:"SHA-256",salt:new Uint8Array(32),info:new Uint8Array(0)},e,256),!0}catch{return!1}}function x(e,t,A,r){function n(i){return i instanceof A?i:new A(function(s){s(i)})}return new(A||(A=Promise))(function(i,s){function a(d){try{Q(r.next(d))}catch(y){s(y)}}function l(d){try{Q(r.throw(d))}catch(y){s(y)}}function Q(d){d.done?i(d.value):n(d.value).then(a,l)}Q((r=r.apply(e,[])).next())})}class S{constructor(){this.mutex=Promise.resolve()}lock(){let t=()=>{};return this.mutex=this.mutex.then(()=>new Promise(t)),new Promise(A=>{t=A})}dispatch(t){return x(this,void 0,void 0,function*(){const A=yield this.lock();try{return yield Promise.resolve(t())}finally{A()}})}}var q;function it(){return typeof globalThis<"u"?globalThis:typeof self<"u"?self:typeof window<"u"?window:global}const te=it(),Z=(q=te.Buffer)!==null&&q!==void 0?q:null,nt=te.TextEncoder?new te.TextEncoder:null;function de(e,t){return(e&15)+(e>>6|e>>3&8)<<4|(t&15)+(t>>6|t>>3&8)}function Ee(e,t){const A=t.length>>1;for(let r=0;r<A;r++){const n=r<<1;e[r]=de(t.charCodeAt(n),t.charCodeAt(n+1))}}function st(e,t){if(e.length!==t.length*2)return!1;for(let A=0;A<t.length;A++){const r=A<<1;if(t[A]!==de(e.charCodeAt(r),e.charCodeAt(r+1)))return!1}return!0}const ce=87,le=48;function Ae(e,t,A){let r=0;for(let n=0;n<A;n++){let i=t[n]>>>4;e[r++]=i>9?i+ce:i+le,i=t[n]&15,e[r++]=i>9?i+ce:i+le}return String.fromCharCode.apply(null,e)}const H=Z!==null?e=>{if(typeof e=="string"){const t=Z.from(e,"utf8");return new Uint8Array(t.buffer,t.byteOffset,t.length)}if(Z.isBuffer(e))return new Uint8Array(e.buffer,e.byteOffset,e.length);if(ArrayBuffer.isView(e))return new Uint8Array(e.buffer,e.byteOffset,e.byteLength);throw new Error("Invalid data type!")}:e=>{if(typeof e=="string")return nt.encode(e);if(ArrayBuffer.isView(e))return new Uint8Array(e.buffer,e.byteOffset,e.byteLength);throw new Error("Invalid data type!")},b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",P=new Uint8Array(256);for(let e=0;e<b.length;e++)P[b.charCodeAt(e)]=e;function Ce(e,t=!0){const A=e.length,r=A%3,n=[],i=A-r;for(let s=0;s<i;s+=3){const a=(e[s]<<16&16711680)+(e[s+1]<<8&65280)+(e[s+2]&255),l=b.charAt(a>>18&63)+b.charAt(a>>12&63)+b.charAt(a>>6&63)+b.charAt(a&63);n.push(l)}if(r===1){const s=e[A-1],a=b.charAt(s>>2),l=b.charAt(s<<4&63);n.push(`${a}${l}`),t&&n.push("==")}else if(r===2){const s=(e[A-2]<<8)+e[A-1],a=b.charAt(s>>10),l=b.charAt(s>>4&63),Q=b.charAt(s<<2&63);n.push(`${a}${l}${Q}`),t&&n.push("=")}return n.join("")}function ot(e){let t=Math.floor(e.length*.75);const A=e.length;return e[A-1]==="="&&(t-=1,e[A-2]==="="&&(t-=1)),t}function It(e){const t=ot(e),A=e.length,r=new Uint8Array(t);let n=0;for(let i=0;i<A;i+=4){const s=P[e.charCodeAt(i)],a=P[e.charCodeAt(i+1)],l=P[e.charCodeAt(i+2)],Q=P[e.charCodeAt(i+3)];r[n]=s<<2|a>>4,n+=1,r[n]=(a&15)<<4|l>>2,n+=1,r[n]=(l&3)<<6|Q&63,n+=1}return r}const T=16*1024,V=4,at=new S,_=new Map;function pe(e,t){return x(this,void 0,void 0,function*(){let A=null,r=null,n=!1;if(typeof WebAssembly>"u")throw new Error("WebAssembly is not supported in this environment!");const i=(C,I=0)=>{r.set(C,I)},s=()=>r,a=()=>A.exports,l=C=>{A.exports.Hash_SetMemorySize(C);const I=A.exports.Hash_GetBuffer(),p=A.exports.memory.buffer;r=new Uint8Array(p,I,C)},Q=()=>new DataView(A.exports.memory.buffer).getUint32(A.exports.STATE_SIZE,!0),d=at.dispatch(()=>x(this,void 0,void 0,function*(){if(!_.has(e.name)){const I=It(e.data),p=WebAssembly.compile(I);_.set(e.name,p)}const C=yield _.get(e.name);A=yield WebAssembly.instantiate(C,{})})),y=()=>x(this,void 0,void 0,function*(){A||(yield d);const C=A.exports.Hash_GetBuffer(),I=A.exports.memory.buffer;r=new Uint8Array(I,C,T)}),w=(C=null)=>{n=!0,A.exports.Hash_Init(C)},B=C=>{let I=0;for(;I<C.length;){const p=C.subarray(I,I+T);I+=p.length,r.set(p),A.exports.Hash_Update(p.length)}},f=C=>{if(!n)throw new Error("update() called before init()");const I=H(C);B(I)},h=new Uint8Array(t*2),g=(C,I=null)=>{if(!n)throw new Error("digest() called before init()");return n=!1,A.exports.Hash_Final(I),C==="binary"?r.slice(0,t):Ae(h,r,t)},c=()=>{if(!n)throw new Error("save() can only be called after init() and before digest()");const C=A.exports.Hash_GetState(),I=Q(),p=A.exports.memory.buffer,m=new Uint8Array(p,C,I),U=new Uint8Array(V+I);return Ee(U,e.hash),U.set(m,V),U},u=C=>{if(!(C instanceof Uint8Array))throw new Error("load() expects an Uint8Array generated by save()");const I=A.exports.Hash_GetState(),p=Q(),m=V+p,U=A.exports.memory.buffer;if(C.length!==m)throw new Error(`Bad state length (expected ${m} bytes, got ${C.length})`);if(!st(e.hash,C.subarray(0,V)))throw new Error("This state was written by an incompatible hash implementation");const J=C.subarray(V);new Uint8Array(U,I,p).set(J),n=!0},E=C=>typeof C=="string"?C.length<T/4:C.byteLength<T;let D=E;switch(e.name){case"argon2":case"scrypt":D=()=>!0;break;case"blake2b":case"blake2s":D=(C,I)=>I<=512&&E(C);break;case"blake3":D=(C,I)=>I===0&&E(C);break;case"xxhash64":case"xxhash3":case"xxhash128":case"crc64":D=()=>!1;break}const k=(C,I=null,p=null)=>{if(!D(C,I))return w(I),f(C),g("hex",p);const m=H(C);return r.set(m),A.exports.Hash_Calculate(m.length,I,p),Ae(h,r,t)};return yield y(),{getMemory:s,writeMemory:i,getExports:a,setMemorySize:l,init:w,update:f,digest:g,save:c,load:u,calculate:k,hashLength:t}})}new S;var gt="argon2",ct="AGFzbQEAAAABKQVgAX8Bf2AAAX9gEH9/f39/f39/f39/f39/f38AYAR/f39/AGACf38AAwYFAAECAwQFBgEBAoCAAgYIAX8BQZCoBAsHQQQGbWVtb3J5AgASSGFzaF9TZXRNZW1vcnlTaXplAAAOSGFzaF9HZXRCdWZmZXIAAQ5IYXNoX0NhbGN1bGF0ZQAECvEyBVgBAn9BACEBAkAgAEEAKAKICCICRg0AAkAgACACayIAQRB2IABBgIB8cSAASWoiAEAAQX9HDQBB/wHADwtBACEBQQBBACkDiAggAEEQdK18NwOICAsgAcALcAECfwJAQQAoAoAIIgANAEEAPwBBEHQiADYCgAhBACgCiAgiAUGAgCBGDQACQEGAgCAgAWsiAEEQdiAAQYCAfHEgAElqIgBAAEF/Rw0AQQAPC0EAQQApA4gIIABBEHStfDcDiAhBACgCgAghAAsgAAvcDgECfiAAIAQpAwAiECAAKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAMIBAgDCkDAIVCIIkiEDcDACAIIBAgCCkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgBCAQIAQpAwCFQiiJIhA3AwAgACAQIAApAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAwgECAMKQMAhUIwiSIQNwMAIAggECAIKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAEIBAgBCkDAIVCAYk3AwAgASAFKQMAIhAgASkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDSAQIA0pAwCFQiCJIhA3AwAgCSAQIAkpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAUgECAFKQMAhUIoiSIQNwMAIAEgECABKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACANIBAgDSkDAIVCMIkiEDcDACAJIBAgCSkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBSAQIAUpAwCFQgGJNwMAIAIgBikDACIQIAIpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIA4gECAOKQMAhUIgiSIQNwMAIAogECAKKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAGIBAgBikDAIVCKIkiEDcDACACIBAgAikDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgDiAQIA4pAwCFQjCJIhA3AwAgCiAQIAopAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAYgECAGKQMAhUIBiTcDACADIAcpAwAiECADKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAPIBAgDykDAIVCIIkiEDcDACALIBAgCykDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgByAQIAcpAwCFQiiJIhA3AwAgAyAQIAMpAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIA8gECAPKQMAhUIwiSIQNwMAIAsgECALKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAHIBAgBykDAIVCAYk3AwAgACAFKQMAIhAgACkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDyAQIA8pAwCFQiCJIhA3AwAgCiAQIAopAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAUgECAFKQMAhUIoiSIQNwMAIAAgECAAKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAPIBAgDykDAIVCMIkiEDcDACAKIBAgCikDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBSAQIAUpAwCFQgGJNwMAIAEgBikDACIQIAEpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAwgECAMKQMAhUIgiSIQNwMAIAsgECALKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAGIBAgBikDAIVCKIkiEDcDACABIBAgASkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgDCAQIAwpAwCFQjCJIhA3AwAgCyAQIAspAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAYgECAGKQMAhUIBiTcDACACIAcpAwAiECACKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACANIBAgDSkDAIVCIIkiEDcDACAIIBAgCCkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgByAQIAcpAwCFQiiJIhA3AwAgAiAQIAIpAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIA0gECANKQMAhUIwiSIQNwMAIAggECAIKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAHIBAgBykDAIVCAYk3AwAgAyAEKQMAIhAgAykDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDiAQIA4pAwCFQiCJIhA3AwAgCSAQIAkpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAQgECAEKQMAhUIoiSIQNwMAIAMgECADKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAOIBAgDikDAIVCMIkiEDcDACAJIBAgCSkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBCAQIAQpAwCFQgGJNwMAC98aAQN/QQAhBEEAIAIpAwAgASkDAIU3A5AIQQAgAikDCCABKQMIhTcDmAhBACACKQMQIAEpAxCFNwOgCEEAIAIpAxggASkDGIU3A6gIQQAgAikDICABKQMghTcDsAhBACACKQMoIAEpAyiFNwO4CEEAIAIpAzAgASkDMIU3A8AIQQAgAikDOCABKQM4hTcDyAhBACACKQNAIAEpA0CFNwPQCEEAIAIpA0ggASkDSIU3A9gIQQAgAikDUCABKQNQhTcD4AhBACACKQNYIAEpA1iFNwPoCEEAIAIpA2AgASkDYIU3A/AIQQAgAikDaCABKQNohTcD+AhBACACKQNwIAEpA3CFNwOACUEAIAIpA3ggASkDeIU3A4gJQQAgAikDgAEgASkDgAGFNwOQCUEAIAIpA4gBIAEpA4gBhTcDmAlBACACKQOQASABKQOQAYU3A6AJQQAgAikDmAEgASkDmAGFNwOoCUEAIAIpA6ABIAEpA6ABhTcDsAlBACACKQOoASABKQOoAYU3A7gJQQAgAikDsAEgASkDsAGFNwPACUEAIAIpA7gBIAEpA7gBhTcDyAlBACACKQPAASABKQPAAYU3A9AJQQAgAikDyAEgASkDyAGFNwPYCUEAIAIpA9ABIAEpA9ABhTcD4AlBACACKQPYASABKQPYAYU3A+gJQQAgAikD4AEgASkD4AGFNwPwCUEAIAIpA+gBIAEpA+gBhTcD+AlBACACKQPwASABKQPwAYU3A4AKQQAgAikD+AEgASkD+AGFNwOICkEAIAIpA4ACIAEpA4AChTcDkApBACACKQOIAiABKQOIAoU3A5gKQQAgAikDkAIgASkDkAKFNwOgCkEAIAIpA5gCIAEpA5gChTcDqApBACACKQOgAiABKQOgAoU3A7AKQQAgAikDqAIgASkDqAKFNwO4CkEAIAIpA7ACIAEpA7AChTcDwApBACACKQO4AiABKQO4AoU3A8gKQQAgAikDwAIgASkDwAKFNwPQCkEAIAIpA8gCIAEpA8gChTcD2ApBACACKQPQAiABKQPQAoU3A+AKQQAgAikD2AIgASkD2AKFNwPoCkEAIAIpA+ACIAEpA+AChTcD8ApBACACKQPoAiABKQPoAoU3A/gKQQAgAikD8AIgASkD8AKFNwOAC0EAIAIpA/gCIAEpA/gChTcDiAtBACACKQOAAyABKQOAA4U3A5ALQQAgAikDiAMgASkDiAOFNwOYC0EAIAIpA5ADIAEpA5ADhTcDoAtBACACKQOYAyABKQOYA4U3A6gLQQAgAikDoAMgASkDoAOFNwOwC0EAIAIpA6gDIAEpA6gDhTcDuAtBACACKQOwAyABKQOwA4U3A8ALQQAgAikDuAMgASkDuAOFNwPIC0EAIAIpA8ADIAEpA8ADhTcD0AtBACACKQPIAyABKQPIA4U3A9gLQQAgAikD0AMgASkD0AOFNwPgC0EAIAIpA9gDIAEpA9gDhTcD6AtBACACKQPgAyABKQPgA4U3A/ALQQAgAikD6AMgASkD6AOFNwP4C0EAIAIpA/ADIAEpA/ADhTcDgAxBACACKQP4AyABKQP4A4U3A4gMQQAgAikDgAQgASkDgASFNwOQDEEAIAIpA4gEIAEpA4gEhTcDmAxBACACKQOQBCABKQOQBIU3A6AMQQAgAikDmAQgASkDmASFNwOoDEEAIAIpA6AEIAEpA6AEhTcDsAxBACACKQOoBCABKQOoBIU3A7gMQQAgAikDsAQgASkDsASFNwPADEEAIAIpA7gEIAEpA7gEhTcDyAxBACACKQPABCABKQPABIU3A9AMQQAgAikDyAQgASkDyASFNwPYDEEAIAIpA9AEIAEpA9AEhTcD4AxBACACKQPYBCABKQPYBIU3A+gMQQAgAikD4AQgASkD4ASFNwPwDEEAIAIpA+gEIAEpA+gEhTcD+AxBACACKQPwBCABKQPwBIU3A4ANQQAgAikD+AQgASkD+ASFNwOIDUEAIAIpA4AFIAEpA4AFhTcDkA1BACACKQOIBSABKQOIBYU3A5gNQQAgAikDkAUgASkDkAWFNwOgDUEAIAIpA5gFIAEpA5gFhTcDqA1BACACKQOgBSABKQOgBYU3A7ANQQAgAikDqAUgASkDqAWFNwO4DUEAIAIpA7AFIAEpA7AFhTcDwA1BACACKQO4BSABKQO4BYU3A8gNQQAgAikDwAUgASkDwAWFNwPQDUEAIAIpA8gFIAEpA8gFhTcD2A1BACACKQPQBSABKQPQBYU3A+ANQQAgAikD2AUgASkD2AWFNwPoDUEAIAIpA+AFIAEpA+AFhTcD8A1BACACKQPoBSABKQPoBYU3A/gNQQAgAikD8AUgASkD8AWFNwOADkEAIAIpA/gFIAEpA/gFhTcDiA5BACACKQOABiABKQOABoU3A5AOQQAgAikDiAYgASkDiAaFNwOYDkEAIAIpA5AGIAEpA5AGhTcDoA5BACACKQOYBiABKQOYBoU3A6gOQQAgAikDoAYgASkDoAaFNwOwDkEAIAIpA6gGIAEpA6gGhTcDuA5BACACKQOwBiABKQOwBoU3A8AOQQAgAikDuAYgASkDuAaFNwPIDkEAIAIpA8AGIAEpA8AGhTcD0A5BACACKQPIBiABKQPIBoU3A9gOQQAgAikD0AYgASkD0AaFNwPgDkEAIAIpA9gGIAEpA9gGhTcD6A5BACACKQPgBiABKQPgBoU3A/AOQQAgAikD6AYgASkD6AaFNwP4DkEAIAIpA/AGIAEpA/AGhTcDgA9BACACKQP4BiABKQP4BoU3A4gPQQAgAikDgAcgASkDgAeFNwOQD0EAIAIpA4gHIAEpA4gHhTcDmA9BACACKQOQByABKQOQB4U3A6APQQAgAikDmAcgASkDmAeFNwOoD0EAIAIpA6AHIAEpA6AHhTcDsA9BACACKQOoByABKQOoB4U3A7gPQQAgAikDsAcgASkDsAeFNwPAD0EAIAIpA7gHIAEpA7gHhTcDyA9BACACKQPAByABKQPAB4U3A9APQQAgAikDyAcgASkDyAeFNwPYD0EAIAIpA9AHIAEpA9AHhTcD4A9BACACKQPYByABKQPYB4U3A+gPQQAgAikD4AcgASkD4AeFNwPwD0EAIAIpA+gHIAEpA+gHhTcD+A9BACACKQPwByABKQPwB4U3A4AQQQAgAikD+AcgASkD+AeFNwOIEEGQCEGYCEGgCEGoCEGwCEG4CEHACEHICEHQCEHYCEHgCEHoCEHwCEH4CEGACUGICRACQZAJQZgJQaAJQagJQbAJQbgJQcAJQcgJQdAJQdgJQeAJQegJQfAJQfgJQYAKQYgKEAJBkApBmApBoApBqApBsApBuApBwApByApB0ApB2ApB4ApB6ApB8ApB+ApBgAtBiAsQAkGQC0GYC0GgC0GoC0GwC0G4C0HAC0HIC0HQC0HYC0HgC0HoC0HwC0H4C0GADEGIDBACQZAMQZgMQaAMQagMQbAMQbgMQcAMQcgMQdAMQdgMQeAMQegMQfAMQfgMQYANQYgNEAJBkA1BmA1BoA1BqA1BsA1BuA1BwA1ByA1B0A1B2A1B4A1B6A1B8A1B+A1BgA5BiA4QAkGQDkGYDkGgDkGoDkGwDkG4DkHADkHIDkHQDkHYDkHgDkHoDkHwDkH4DkGAD0GIDxACQZAPQZgPQaAPQagPQbAPQbgPQcAPQcgPQdAPQdgPQeAPQegPQfAPQfgPQYAQQYgQEAJBkAhBmAhBkAlBmAlBkApBmApBkAtBmAtBkAxBmAxBkA1BmA1BkA5BmA5BkA9BmA8QAkGgCEGoCEGgCUGoCUGgCkGoCkGgC0GoC0GgDEGoDEGgDUGoDUGgDkGoDkGgD0GoDxACQbAIQbgIQbAJQbgJQbAKQbgKQbALQbgLQbAMQbgMQbANQbgNQbAOQbgOQbAPQbgPEAJBwAhByAhBwAlByAlBwApByApBwAtByAtBwAxByAxBwA1ByA1BwA5ByA5BwA9ByA8QAkHQCEHYCEHQCUHYCUHQCkHYCkHQC0HYC0HQDEHYDEHQDUHYDUHQDkHYDkHQD0HYDxACQeAIQegIQeAJQegJQeAKQegKQeALQegLQeAMQegMQeANQegNQeAOQegOQeAPQegPEAJB8AhB+AhB8AlB+AlB8ApB+ApB8AtB+AtB8AxB+AxB8A1B+A1B8A5B+A5B8A9B+A8QAkGACUGICUGACkGICkGAC0GIC0GADEGIDEGADUGIDUGADkGIDkGAD0GID0GAEEGIEBACAkACQCADRQ0AA0AgACAEaiIDIAIgBGoiBSkDACABIARqIgYpAwCFIARBkAhqKQMAhSADKQMAhTcDACADQQhqIgMgBUEIaikDACAGQQhqKQMAhSAEQZgIaikDAIUgAykDAIU3AwAgBEEQaiIEQYAIRw0ADAILC0EAIQQDQCAAIARqIgMgAiAEaiIFKQMAIAEgBGoiBikDAIUgBEGQCGopAwCFNwMAIANBCGogBUEIaikDACAGQQhqKQMAhSAEQZgIaikDAIU3AwAgBEEQaiIEQYAIRw0ACwsL5QcMBX8BfgR/An4BfwF+AX8Bfgd/AX4DfwF+AkBBACgCgAgiAiABQQp0aiIDKAIIIAFHDQAgAygCDCEEIAMoAgAhBUEAIAMoAhQiBq03A7gQQQAgBK0iBzcDsBBBACAFIAEgBUECdG4iCGwiCUECdK03A6gQAkACQAJAAkAgBEUNAEF/IQogBUUNASAIQQNsIQsgCEECdCIErSEMIAWtIQ0gBkF/akECSSEOQgAhDwNAQQAgDzcDkBAgD6chEEIAIRFBACEBA0BBACARNwOgECAPIBGEUCIDIA5xIRIgBkEBRiAPUCITIAZBAkYgEUICVHFxciEUQX8gAUEBakEDcSAIbEF/aiATGyEVIAEgEHIhFiABIAhsIRcgA0EBdCEYQgAhGQNAQQBCADcDwBBBACAZNwOYECAYIQECQCASRQ0AQQBCATcDwBBBkBhBkBBBkCBBABADQZAYQZAYQZAgQQAQA0ECIQELAkAgASAITw0AIAQgGaciGmwgF2ogAWohAwNAIANBACAEIAEbQQAgEVAiGxtqQX9qIRwCQAJAIBQNAEEAKAKACCICIBxBCnQiHGohCgwBCwJAIAFB/wBxIgINAEEAQQApA8AQQgF8NwPAEEGQGEGQEEGQIEEAEANBkBhBkBhBkCBBABADCyAcQQp0IRwgAkEDdEGQGGohCkEAKAKACCECCyACIANBCnRqIAIgHGogAiAKKQMAIh1CIIinIAVwIBogFhsiHCAEbCABIAFBACAZIBytUSIcGyIKIBsbIBdqIAogC2ogExsgAUUgHHJrIhsgFWqtIB1C/////w+DIh0gHX5CIIggG61+QiCIfSAMgqdqQQp0akEBEAMgA0EBaiEDIAggAUEBaiIBRw0ACwsgGUIBfCIZIA1SDQALIBFCAXwiEachASARQgRSDQALIA9CAXwiDyAHUg0AC0EAKAKACCECCyAJQQx0QYB4aiEXIAVBf2oiCkUNAgwBC0EAQgM3A6AQQQAgBEF/aq03A5AQQYB4IRcLIAIgF2ohGyAIQQx0IQhBACEcA0AgCCAcQQFqIhxsQYB4aiEEQQAhAQNAIBsgAWoiAyADKQMAIAIgBCABamopAwCFNwMAIANBCGoiAyADKQMAIAIgBCABQQhyamopAwCFNwMAIAFBCGohAyABQRBqIQEgA0H4B0kNAAsgHCAKRw0ACwsgAiAXaiEbQXghAQNAIAIgAWoiA0EIaiAbIAFqIgRBCGopAwA3AwAgA0EQaiAEQRBqKQMANwMAIANBGGogBEEYaikDADcDACADQSBqIARBIGopAwA3AwAgAUEgaiIBQfgHSQ0ACwsL",lt="e4cdc523",Ct={name:gt,data:ct,hash:lt},ht="blake2b",ut="AGFzbQEAAAABEQRgAAF/YAJ/fwBgAX8AYAAAAwoJAAECAwECAgABBQQBAQICBg4CfwFBsIsFC38AQYAICwdwCAZtZW1vcnkCAA5IYXNoX0dldEJ1ZmZlcgAACkhhc2hfRmluYWwAAwlIYXNoX0luaXQABQtIYXNoX1VwZGF0ZQAGDUhhc2hfR2V0U3RhdGUABw5IYXNoX0NhbGN1bGF0ZQAIClNUQVRFX1NJWkUDAQrTOAkFAEGACQvrAgIFfwF+AkAgAUEBSA0AAkACQAJAIAFBgAFBACgC4IoBIgJrIgNKDQAgASEEDAELQQBBADYC4IoBAkAgAkH/AEoNACACQeCJAWohBSAAIQRBACEGA0AgBSAELQAAOgAAIARBAWohBCAFQQFqIQUgAyAGQQFqIgZB/wFxSg0ACwtBAEEAKQPAiQEiB0KAAXw3A8CJAUEAQQApA8iJASAHQv9+Vq18NwPIiQFB4IkBEAIgACADaiEAAkAgASADayIEQYEBSA0AIAIgAWohBQNAQQBBACkDwIkBIgdCgAF8NwPAiQFBAEEAKQPIiQEgB0L/flatfDcDyIkBIAAQAiAAQYABaiEAIAVBgH9qIgVBgAJLDQALIAVBgH9qIQQMAQsgBEEATA0BC0EAIQUDQCAFQQAoAuCKAWpB4IkBaiAAIAVqLQAAOgAAIAQgBUEBaiIFQf8BcUoNAAsLQQBBACgC4IoBIARqNgLgigELC78uASR+QQBBACkD0IkBQQApA7CJASIBQQApA5CJAXwgACkDICICfCIDhULr+obav7X2wR+FQiCJIgRCq/DT9K/uvLc8fCIFIAGFQiiJIgYgA3wgACkDKCIBfCIHIASFQjCJIgggBXwiCSAGhUIBiSIKQQApA8iJAUEAKQOoiQEiBEEAKQOIiQF8IAApAxAiA3wiBYVCn9j52cKR2oKbf4VCIIkiC0K7zqqm2NDrs7t/fCIMIASFQiiJIg0gBXwgACkDGCIEfCIOfCAAKQNQIgV8Ig9BACkDwIkBQQApA6CJASIQQQApA4CJASIRfCAAKQMAIgZ8IhKFQtGFmu/6z5SH0QCFQiCJIhNCiJLznf/M+YTqAHwiFCAQhUIoiSIVIBJ8IAApAwgiEHwiFiAThUIwiSIXhUIgiSIYQQApA9iJAUEAKQO4iQEiE0EAKQOYiQF8IAApAzAiEnwiGYVC+cL4m5Gjs/DbAIVCIIkiGkLx7fT4paf9p6V/fCIbIBOFQiiJIhwgGXwgACkDOCITfCIZIBqFQjCJIhogG3wiG3wiHSAKhUIoiSIeIA98IAApA1giCnwiDyAYhUIwiSIYIB18Ih0gDiALhUIwiSIOIAx8Ih8gDYVCAYkiDCAWfCAAKQNAIgt8Ig0gGoVCIIkiFiAJfCIaIAyFQiiJIiAgDXwgACkDSCIJfCIhIBaFQjCJIhYgGyAchUIBiSIMIAd8IAApA2AiB3wiDSAOhUIgiSIOIBcgFHwiFHwiFyAMhUIoiSIbIA18IAApA2giDHwiHCAOhUIwiSIOIBd8IhcgG4VCAYkiGyAZIBQgFYVCAYkiFHwgACkDcCINfCIVIAiFQiCJIhkgH3wiHyAUhUIoiSIUIBV8IAApA3giCHwiFXwgDHwiIoVCIIkiI3wiJCAbhUIoiSIbICJ8IBJ8IiIgFyAYIBUgGYVCMIkiFSAffCIZIBSFQgGJIhQgIXwgDXwiH4VCIIkiGHwiFyAUhUIoiSIUIB98IAV8Ih8gGIVCMIkiGCAXfCIXIBSFQgGJIhR8IAF8IiEgFiAafCIWIBUgHSAehUIBiSIaIBx8IAl8IhyFQiCJIhV8Ih0gGoVCKIkiGiAcfCAIfCIcIBWFQjCJIhWFQiCJIh4gGSAOIBYgIIVCAYkiFiAPfCACfCIPhUIgiSIOfCIZIBaFQiiJIhYgD3wgC3wiDyAOhUIwiSIOIBl8Ihl8IiAgFIVCKIkiFCAhfCAEfCIhIB6FQjCJIh4gIHwiICAiICOFQjCJIiIgJHwiIyAbhUIBiSIbIBx8IAp8IhwgDoVCIIkiDiAXfCIXIBuFQiiJIhsgHHwgE3wiHCAOhUIwiSIOIBkgFoVCAYkiFiAffCAQfCIZICKFQiCJIh8gFSAdfCIVfCIdIBaFQiiJIhYgGXwgB3wiGSAfhUIwiSIfIB18Ih0gFoVCAYkiFiAVIBqFQgGJIhUgD3wgBnwiDyAYhUIgiSIYICN8IhogFYVCKIkiFSAPfCADfCIPfCAHfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgBnwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAOIBd8Ig4gDyAYhUIwiSIPICAgFIVCAYkiFCAZfCAKfCIXhUIgiSIYfCIZIBSFQiiJIhQgF3wgC3wiF3wgBXwiICAPIBp8Ig8gHyAOIBuFQgGJIg4gIXwgCHwiGoVCIIkiG3wiHyAOhUIoiSIOIBp8IAx8IhogG4VCMIkiG4VCIIkiISAdIB4gDyAVhUIBiSIPIBx8IAF8IhWFQiCJIhx8Ih0gD4VCKIkiDyAVfCADfCIVIByFQjCJIhwgHXwiHXwiHiAWhUIoiSIWICB8IA18IiAgIYVCMIkiISAefCIeIBogFyAYhUIwiSIXIBl8IhggFIVCAYkiFHwgCXwiGSAchUIgiSIaICR8IhwgFIVCKIkiFCAZfCACfCIZIBqFQjCJIhogHSAPhUIBiSIPICJ8IAR8Ih0gF4VCIIkiFyAbIB98Iht8Ih8gD4VCKIkiDyAdfCASfCIdIBeFQjCJIhcgH3wiHyAPhUIBiSIPIBsgDoVCAYkiDiAVfCATfCIVICOFQiCJIhsgGHwiGCAOhUIoiSIOIBV8IBB8IhV8IAx8IiKFQiCJIiN8IiQgD4VCKIkiDyAifCAHfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBogHHwiGiAVIBuFQjCJIhUgHiAWhUIBiSIWIB18IAR8IhuFQiCJIhx8Ih0gFoVCKIkiFiAbfCAQfCIbfCABfCIeIBUgGHwiFSAXIBogFIVCAYkiFCAgfCATfCIYhUIgiSIXfCIaIBSFQiiJIhQgGHwgCXwiGCAXhUIwiSIXhUIgiSIgIB8gISAVIA6FQgGJIg4gGXwgCnwiFYVCIIkiGXwiHyAOhUIoiSIOIBV8IA18IhUgGYVCMIkiGSAffCIffCIhIA+FQiiJIg8gHnwgBXwiHiAghUIwiSIgICF8IiEgGyAchUIwiSIbIB18IhwgFoVCAYkiFiAYfCADfCIYIBmFQiCJIhkgJHwiHSAWhUIoiSIWIBh8IBJ8IhggGYVCMIkiGSAfIA6FQgGJIg4gInwgAnwiHyAbhUIgiSIbIBcgGnwiF3wiGiAOhUIoiSIOIB98IAZ8Ih8gG4VCMIkiGyAafCIaIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAh8IhUgI4VCIIkiFyAcfCIcIBSFQiiJIhQgFXwgC3wiFXwgBXwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IAh8IiIgGiAgIBUgF4VCMIkiFSAcfCIXIBSFQgGJIhQgGHwgCXwiGIVCIIkiHHwiGiAUhUIoiSIUIBh8IAZ8IhggHIVCMIkiHCAafCIaIBSFQgGJIhR8IAR8IiAgGSAdfCIZIBUgISAPhUIBiSIPIB98IAN8Ih2FQiCJIhV8Ih8gD4VCKIkiDyAdfCACfCIdIBWFQjCJIhWFQiCJIiEgFyAbIBkgFoVCAYkiFiAefCABfCIZhUIgiSIbfCIXIBaFQiiJIhYgGXwgE3wiGSAbhUIwiSIbIBd8Ihd8Ih4gFIVCKIkiFCAgfCAMfCIgICGFQjCJIiEgHnwiHiAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIB18IBJ8Ih0gG4VCIIkiGyAafCIaIA6FQiiJIg4gHXwgC3wiHSAbhUIwiSIbIBcgFoVCAYkiFiAYfCANfCIXICKFQiCJIhggFSAffCIVfCIfIBaFQiiJIhYgF3wgEHwiFyAYhUIwiSIYIB98Ih8gFoVCAYkiFiAVIA+FQgGJIg8gGXwgCnwiFSAchUIgiSIZICN8IhwgD4VCKIkiDyAVfCAHfCIVfCASfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgBXwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAbIBp8IhogFSAZhUIwiSIVIB4gFIVCAYkiFCAXfCADfCIXhUIgiSIZfCIbIBSFQiiJIhQgF3wgB3wiF3wgAnwiHiAVIBx8IhUgGCAaIA6FQgGJIg4gIHwgC3wiGoVCIIkiGHwiHCAOhUIoiSIOIBp8IAR8IhogGIVCMIkiGIVCIIkiICAfICEgFSAPhUIBiSIPIB18IAZ8IhWFQiCJIh18Ih8gD4VCKIkiDyAVfCAKfCIVIB2FQjCJIh0gH3wiH3wiISAWhUIoiSIWIB58IAx8Ih4gIIVCMIkiICAhfCIhIBogFyAZhUIwiSIXIBt8IhkgFIVCAYkiFHwgEHwiGiAdhUIgiSIbICR8Ih0gFIVCKIkiFCAafCAJfCIaIBuFQjCJIhsgHyAPhUIBiSIPICJ8IBN8Ih8gF4VCIIkiFyAYIBx8Ihh8IhwgD4VCKIkiDyAffCABfCIfIBeFQjCJIhcgHHwiHCAPhUIBiSIPIBggDoVCAYkiDiAVfCAIfCIVICOFQiCJIhggGXwiGSAOhUIoiSIOIBV8IA18IhV8IA18IiKFQiCJIiN8IiQgD4VCKIkiDyAifCAMfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBsgHXwiGyAVIBiFQjCJIhUgISAWhUIBiSIWIB98IBB8IhiFQiCJIh18Ih8gFoVCKIkiFiAYfCAIfCIYfCASfCIhIBUgGXwiFSAXIBsgFIVCAYkiFCAefCAHfCIZhUIgiSIXfCIbIBSFQiiJIhQgGXwgAXwiGSAXhUIwiSIXhUIgiSIeIBwgICAVIA6FQgGJIg4gGnwgAnwiFYVCIIkiGnwiHCAOhUIoiSIOIBV8IAV8IhUgGoVCMIkiGiAcfCIcfCIgIA+FQiiJIg8gIXwgBHwiISAehUIwiSIeICB8IiAgGCAdhUIwiSIYIB98Ih0gFoVCAYkiFiAZfCAGfCIZIBqFQiCJIhogJHwiHyAWhUIoiSIWIBl8IBN8IhkgGoVCMIkiGiAcIA6FQgGJIg4gInwgCXwiHCAYhUIgiSIYIBcgG3wiF3wiGyAOhUIoiSIOIBx8IAN8IhwgGIVCMIkiGCAbfCIbIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAt8IhUgI4VCIIkiFyAdfCIdIBSFQiiJIhQgFXwgCnwiFXwgBHwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IAl8IiIgGyAeIBUgF4VCMIkiFSAdfCIXIBSFQgGJIhQgGXwgDHwiGYVCIIkiHXwiGyAUhUIoiSIUIBl8IAp8IhkgHYVCMIkiHSAbfCIbIBSFQgGJIhR8IAN8Ih4gGiAffCIaIBUgICAPhUIBiSIPIBx8IAd8IhyFQiCJIhV8Ih8gD4VCKIkiDyAcfCAQfCIcIBWFQjCJIhWFQiCJIiAgFyAYIBogFoVCAYkiFiAhfCATfCIahUIgiSIYfCIXIBaFQiiJIhYgGnwgDXwiGiAYhUIwiSIYIBd8Ihd8IiEgFIVCKIkiFCAefCAFfCIeICCFQjCJIiAgIXwiISAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIBx8IAt8IhwgGIVCIIkiGCAbfCIbIA6FQiiJIg4gHHwgEnwiHCAYhUIwiSIYIBcgFoVCAYkiFiAZfCABfCIXICKFQiCJIhkgFSAffCIVfCIfIBaFQiiJIhYgF3wgBnwiFyAZhUIwiSIZIB98Ih8gFoVCAYkiFiAVIA+FQgGJIg8gGnwgCHwiFSAdhUIgiSIaICN8Ih0gD4VCKIkiDyAVfCACfCIVfCANfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgCXwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAYIBt8IhggFSAahUIwiSIVICEgFIVCAYkiFCAXfCASfCIXhUIgiSIafCIbIBSFQiiJIhQgF3wgCHwiF3wgB3wiISAVIB18IhUgGSAYIA6FQgGJIg4gHnwgBnwiGIVCIIkiGXwiHSAOhUIoiSIOIBh8IAt8IhggGYVCMIkiGYVCIIkiHiAfICAgFSAPhUIBiSIPIBx8IAp8IhWFQiCJIhx8Ih8gD4VCKIkiDyAVfCAEfCIVIByFQjCJIhwgH3wiH3wiICAWhUIoiSIWICF8IAN8IiEgHoVCMIkiHiAgfCIgIBggFyAahUIwiSIXIBt8IhogFIVCAYkiFHwgBXwiGCAchUIgiSIbICR8IhwgFIVCKIkiFCAYfCABfCIYIBuFQjCJIhsgHyAPhUIBiSIPICJ8IAx8Ih8gF4VCIIkiFyAZIB18Ihl8Ih0gD4VCKIkiDyAffCATfCIfIBeFQjCJIhcgHXwiHSAPhUIBiSIPIBkgDoVCAYkiDiAVfCAQfCIVICOFQiCJIhkgGnwiGiAOhUIoiSIOIBV8IAJ8IhV8IBN8IiKFQiCJIiN8IiQgD4VCKIkiDyAifCASfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBsgHHwiGyAVIBmFQjCJIhUgICAWhUIBiSIWIB98IAt8IhmFQiCJIhx8Ih8gFoVCKIkiFiAZfCACfCIZfCAJfCIgIBUgGnwiFSAXIBsgFIVCAYkiFCAhfCAFfCIahUIgiSIXfCIbIBSFQiiJIhQgGnwgA3wiGiAXhUIwiSIXhUIgiSIhIB0gHiAVIA6FQgGJIg4gGHwgEHwiFYVCIIkiGHwiHSAOhUIoiSIOIBV8IAF8IhUgGIVCMIkiGCAdfCIdfCIeIA+FQiiJIg8gIHwgDXwiICAhhUIwiSIhIB58Ih4gGSAchUIwiSIZIB98IhwgFoVCAYkiFiAafCAIfCIaIBiFQiCJIhggJHwiHyAWhUIoiSIWIBp8IAp8IhogGIVCMIkiGCAdIA6FQgGJIg4gInwgBHwiHSAZhUIgiSIZIBcgG3wiF3wiGyAOhUIoiSIOIB18IAd8Ih0gGYVCMIkiGSAbfCIbIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAx8IhUgI4VCIIkiFyAcfCIcIBSFQiiJIhQgFXwgBnwiFXwgEnwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IBN8IiIgGyAhIBUgF4VCMIkiFSAcfCIXIBSFQgGJIhQgGnwgBnwiGoVCIIkiHHwiGyAUhUIoiSIUIBp8IBB8IhogHIVCMIkiHCAbfCIbIBSFQgGJIhR8IA18IiEgGCAffCIYIBUgHiAPhUIBiSIPIB18IAJ8Ih2FQiCJIhV8Ih4gD4VCKIkiDyAdfCABfCIdIBWFQjCJIhWFQiCJIh8gFyAZIBggFoVCAYkiFiAgfCADfCIYhUIgiSIZfCIXIBaFQiiJIhYgGHwgBHwiGCAZhUIwiSIZIBd8Ihd8IiAgFIVCKIkiFCAhfCAIfCIhIB+FQjCJIh8gIHwiICAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIB18IAd8Ih0gGYVCIIkiGSAbfCIbIA6FQiiJIg4gHXwgDHwiHSAZhUIwiSIZIBcgFoVCAYkiFiAafCALfCIXICKFQiCJIhogFSAefCIVfCIeIBaFQiiJIhYgF3wgCXwiFyAahUIwiSIaIB58Ih4gFoVCAYkiFiAVIA+FQgGJIg8gGHwgBXwiFSAchUIgiSIYICN8IhwgD4VCKIkiDyAVfCAKfCIVfCACfCIChUIgiSIifCIjIBaFQiiJIhYgAnwgC3wiAiAihUIwiSILICN8IiIgFoVCAYkiFiAZIBt8IhkgFSAYhUIwiSIVICAgFIVCAYkiFCAXfCANfCINhUIgiSIXfCIYIBSFQiiJIhQgDXwgBXwiBXwgEHwiECAVIBx8Ig0gGiAZIA6FQgGJIg4gIXwgDHwiDIVCIIkiFXwiGSAOhUIoiSIOIAx8IBJ8IhIgFYVCMIkiDIVCIIkiFSAeIB8gDSAPhUIBiSINIB18IAl8IgmFQiCJIg98IhogDYVCKIkiDSAJfCAIfCIJIA+FQjCJIgggGnwiD3wiGiAWhUIoiSIWIBB8IAd8IhAgEYUgDCAZfCIHIA6FQgGJIgwgCXwgCnwiCiALhUIgiSILIAUgF4VCMIkiBSAYfCIJfCIOIAyFQiiJIgwgCnwgE3wiEyALhUIwiSIKIA58IguFNwOAiQFBACADIAYgDyANhUIBiSINIAJ8fCICIAWFQiCJIgUgB3wiBiANhUIoiSIHIAJ8fCICQQApA4iJAYUgBCABIBIgCSAUhUIBiSIDfHwiASAIhUIgiSISICJ8IgkgA4VCKIkiAyABfHwiASAShUIwiSIEIAl8IhKFNwOIiQFBACATQQApA5CJAYUgECAVhUIwiSIQIBp8IhOFNwOQiQFBACABQQApA5iJAYUgAiAFhUIwiSICIAZ8IgGFNwOYiQFBACASIAOFQgGJQQApA6CJAYUgAoU3A6CJAUEAIBMgFoVCAYlBACkDqIkBhSAKhTcDqIkBQQAgASAHhUIBiUEAKQOwiQGFIASFNwOwiQFBACALIAyFQgGJQQApA7iJAYUgEIU3A7iJAQvdAgUBfwF+AX8BfgJ/IwBBwABrIgAkAAJAQQApA9CJAUIAUg0AQQBBACkDwIkBIgFBACgC4IoBIgKsfCIDNwPAiQFBAEEAKQPIiQEgAyABVK18NwPIiQECQEEALQDoigFFDQBBAEJ/NwPYiQELQQBCfzcD0IkBAkAgAkH/AEoNAEEAIQQDQCACIARqQeCJAWpBADoAACAEQQFqIgRBgAFBACgC4IoBIgJrSA0ACwtB4IkBEAIgAEEAKQOAiQE3AwAgAEEAKQOIiQE3AwggAEEAKQOQiQE3AxAgAEEAKQOYiQE3AxggAEEAKQOgiQE3AyAgAEEAKQOoiQE3AyggAEEAKQOwiQE3AzAgAEEAKQO4iQE3AzhBACgC5IoBIgVBAUgNAEEAIQRBACECA0AgBEGACWogACAEai0AADoAACAEQQFqIQQgBSACQQFqIgJB/wFxSg0ACwsgAEHAAGokAAv9AwMBfwF+AX8jAEGAAWsiAiQAQQBBgQI7AfKKAUEAIAE6APGKAUEAIAA6APCKAUGQfiEAA0AgAEGAiwFqQgA3AAAgAEH4igFqQgA3AAAgAEHwigFqQgA3AAAgAEEYaiIADQALQQAhAEEAQQApA/CKASIDQoiS853/zPmE6gCFNwOAiQFBAEEAKQP4igFCu86qptjQ67O7f4U3A4iJAUEAQQApA4CLAUKr8NP0r+68tzyFNwOQiQFBAEEAKQOIiwFC8e30+KWn/aelf4U3A5iJAUEAQQApA5CLAULRhZrv+s+Uh9EAhTcDoIkBQQBBACkDmIsBQp/Y+dnCkdqCm3+FNwOoiQFBAEEAKQOgiwFC6/qG2r+19sEfhTcDsIkBQQBBACkDqIsBQvnC+JuRo7Pw2wCFNwO4iQFBACADp0H/AXE2AuSKAQJAIAFBAUgNACACQgA3A3ggAkIANwNwIAJCADcDaCACQgA3A2AgAkIANwNYIAJCADcDUCACQgA3A0ggAkIANwNAIAJCADcDOCACQgA3AzAgAkIANwMoIAJCADcDICACQgA3AxggAkIANwMQIAJCADcDCCACQgA3AwBBACEEA0AgAiAAaiAAQYAJai0AADoAACAAQQFqIQAgBEEBaiIEQf8BcSABSA0ACyACQYABEAELIAJBgAFqJAALEgAgAEEDdkH/P3EgAEEQdhAECwkAQYAJIAAQAQsGAEGAiQELGwAgAUEDdkH/P3EgAUEQdhAEQYAJIAAQARADCwsLAQBBgAgLBPAAAAA=",ft="c6f286e6",wt={name:ht,data:ut,hash:ft};new S;function he(e){return!Number.isInteger(e)||e<8||e>512||e%8!==0?new Error("Invalid variant! Valid values: 8, 16, ..., 512"):null}function Qt(e,t){return e|t<<16}function re(e=512,t=null){if(he(e))return Promise.reject(he(e));let A=null,r=e;if(t!==null){if(A=H(t),A.length>64)return Promise.reject(new Error("Max key length is 64 bytes"));r=Qt(e,A.length)}const n=e/8;return pe(wt,n).then(i=>{r>512&&i.writeMemory(A),i.init(r);const s={init:r>512?()=>(i.writeMemory(A),i.init(r),s):()=>(i.init(r),s),update:a=>(i.update(a),s),digest:a=>i.digest(a),save:()=>i.save(),load:a=>(i.load(a),s),blockSize:128,digestSize:n};return s})}function Bt(e,t,A){const r=[`m=${t.memorySize}`,`t=${t.iterations}`,`p=${t.parallelism}`].join(",");return`$argon2${t.hashType}$v=19$${r}$${Ce(e,!1)}$${Ce(A,!1)}`}const ue=new DataView(new ArrayBuffer(4));function K(e){return ue.setInt32(0,e,!0),new Uint8Array(ue.buffer)}function $(e,t,A){return x(this,void 0,void 0,function*(){if(A<=64){const l=yield re(A*8);return l.update(K(A)),l.update(t),l.digest("binary")}const r=Math.ceil(A/32)-2,n=new Uint8Array(A);e.init(),e.update(K(A)),e.update(t);let i=e.digest("binary");n.set(i.subarray(0,32),0);for(let l=1;l<r;l++)e.init(),e.update(i),i=e.digest("binary"),n.set(i.subarray(0,32),l*32);const s=A-32*r;let a;return s===64?(a=e,a.init()):a=yield re(s*8),a.update(i),i=a.digest("binary"),n.set(i.subarray(0,s),r*32),n})}function dt(e){switch(e){case"d":return 0;case"i":return 1;default:return 2}}function Et(e){return x(this,void 0,void 0,function*(){var t;const{parallelism:A,iterations:r,hashLength:n}=e,i=H(e.password),s=H(e.salt),a=19,l=dt(e.hashType),{memorySize:Q}=e,d=H((t=e.secret)!==null&&t!==void 0?t:""),[y,w]=yield Promise.all([pe(Ct,1024),re(512)]);y.setMemorySize(Q*1024+1024);const B=new Uint8Array(24),f=new DataView(B.buffer);f.setInt32(0,A,!0),f.setInt32(4,n,!0),f.setInt32(8,Q,!0),f.setInt32(12,r,!0),f.setInt32(16,a,!0),f.setInt32(20,l,!0),y.writeMemory(B,Q*1024),w.init(),w.update(B),w.update(K(i.length)),w.update(i),w.update(K(s.length)),w.update(s),w.update(K(d.length)),w.update(d),w.update(K(0));const g=Math.floor(Q/(A*4))*4,c=new Uint8Array(72),u=w.digest("binary");c.set(u);for(let k=0;k<A;k++){c.set(K(0),64),c.set(K(k),68);let C=k*g,I=yield $(w,c,1024);y.writeMemory(I,C*1024),C+=1,c.set(K(1),64),I=yield $(w,c,1024),y.writeMemory(I,C*1024)}const E=new Uint8Array(1024);Ee(E,y.calculate(new Uint8Array([]),Q));const D=yield $(w,E,n);if(e.outputType==="hex"){const k=new Uint8Array(n*2);return Ae(k,D,n)}return e.outputType==="encoded"?Bt(s,e,D):D})}const pt=e=>{var t;if(!e||typeof e!="object")throw new Error("Invalid options parameter. It requires an object.");if(!e.password)throw new Error("Password must be specified");if(e.password=H(e.password),e.password.length<1)throw new Error("Password must be specified");if(!e.salt)throw new Error("Salt must be specified");if(e.salt=H(e.salt),e.salt.length<8)throw new Error("Salt should be at least 8 bytes long");if(e.secret=H((t=e.secret)!==null&&t!==void 0?t:""),!Number.isInteger(e.iterations)||e.iterations<1)throw new Error("Iterations should be a positive number");if(!Number.isInteger(e.parallelism)||e.parallelism<1)throw new Error("Parallelism should be a positive number");if(!Number.isInteger(e.hashLength)||e.hashLength<4)throw new Error("Hash length should be at least 4 bytes.");if(!Number.isInteger(e.memorySize))throw new Error("Memory size should be specified.");if(e.memorySize<8*e.parallelism)throw new Error("Memory size should be at least 8 * parallelism.");if(e.outputType===void 0&&(e.outputType="hex"),!["hex","binary","encoded"].includes(e.outputType))throw new Error(`Insupported output type ${e.outputType}. Valid values: ['hex', 'binary', 'encoded']`)};function ye(e){return x(this,void 0,void 0,function*(){return pt(e),Et(Object.assign(Object.assign({},e),{hashType:"id"}))})}new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;new S;const yt=32;async function kt(e,t,A=fe){St(A);try{const r=await ye({password:e,salt:t,iterations:A.tCost,memorySize:A.mCost,parallelism:A.pCost,hashLength:yt,outputType:"binary"});return oe(r)}catch{throw new Error("Key derivation failed")}}function St(e){if(e.mCost<16384)throw new Error("KDF memory cost too low (minimum 16 MiB)");if(e.mCost>1048576)throw new Error("KDF memory cost too high (maximum 1 GiB)");if(e.tCost<1)throw new Error("KDF time cost must be at least 1");if(e.tCost>10)throw new Error("KDF time cost too high (maximum 10)");if(e.pCost<1)throw new Error("KDF parallelism must be at least 1");if(e.pCost>4)throw new Error("KDF parallelism too high (maximum 4)")}async function Dt(){try{const e=await ye({password:"test",salt:new Uint8Array(16),iterations:1,memorySize:1024,parallelism:1,hashLength:32,outputType:"binary"});return e.length!==32?!1:(Ie(e),!0)}catch{return!1}}function Ft(e){return e==="localhost"||e==="127.0.0.1"||e.endsWith(".localhost")}function ke(e){if(typeof window>"u")return;const t=window.location.hostname;if(!Ft(t)){console.warn("[Cedros] SEC-004: WebAuthn RP domain validation not configured. In production, set wallet.allowedRpDomains to prevent passkey phishing.");return}}function X(){return typeof window<"u"&&typeof window.PublicKeyCredential<"u"&&typeof navigator.credentials<"u"}async function mt(){if(!X())return!1;try{if(!await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable())return!1;if("getClientCapabilities"in PublicKeyCredential&&typeof PublicKeyCredential.getClientCapabilities=="function"){const t=await PublicKeyCredential.getClientCapabilities();if(t&&"prf"in t)return t.prf===!0}return!0}catch{return!1}}async function Ut(e,t,A,r,n){if(!X())throw new Error("WebAuthn is not available in this browser");ke();const i=r??Qe(),s=await navigator.credentials.create({publicKey:{challenge:crypto.getRandomValues(new Uint8Array(32)),rp:{name:"Cedros Wallet",id:window.location.hostname},user:{id:N(e),name:t,displayName:A},pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],authenticatorSelection:{authenticatorAttachment:"platform",userVerification:"required",residentKey:"required"},timeout:6e4,attestation:"none",extensions:{prf:{eval:{first:i}}}}});if(!s)throw new Error("Passkey registration was cancelled");const a=s.getClientExtensionResults();if(!a.prf?.enabled||!a.prf?.results?.first)throw new Error("PRF extension is not supported by this authenticator. Please use a device with a compatible platform authenticator.");const l=a.prf?.results?.first;if(!l)throw new Error("PRF extension did not return a result");const Q=new Uint8Array(l);if(Q.length!==32)throw new Error(`Unexpected PRF output length: expected 32 bytes, got ${Q.length}. The authenticator may not be compatible.`);return{credentialId:O(new Uint8Array(s.rawId)),prfSalt:O(i),prfOutput:Q}}async function bt(e,t){if(!X())throw new Error("WebAuthn is not available in this browser");ke();const A=Be(e),r=await navigator.credentials.get({publicKey:{challenge:crypto.getRandomValues(new Uint8Array(32)),rpId:window.location.hostname,allowCredentials:[],userVerification:"required",timeout:6e4,extensions:{prf:{eval:{first:A}}}}});if(!r)throw new Error("Passkey authentication was cancelled");const i=r.getClientExtensionResults().prf?.results?.first;if(!i)throw new Error("PRF extension did not return a result during authentication");return{prfOutput:new Uint8Array(i)}}async function Gt(){const[e,t,A,r,n,i,s]=await Promise.all([Kt(),Ht(),rt(),Jt(),Promise.resolve(X()),mt(),Dt()]);return{webCrypto:e,aesGcm:t,hkdf:A,ed25519:r,webAuthn:n,webAuthnPrf:i,argon2:s,allSupported:e&&t&&A&&n&&i&&s}}async function Kt(){try{return typeof crypto<"u"&&typeof crypto.subtle<"u"&&typeof crypto.getRandomValues=="function"}catch{return!1}}async function Ht(){try{const e=await crypto.subtle.generateKey({name:"AES-GCM",length:256},!1,["encrypt","decrypt"]),t=new Uint8Array([1,2,3,4]),A=crypto.getRandomValues(new Uint8Array(12)),r=await crypto.subtle.encrypt({name:"AES-GCM",iv:A},e,t),n=await crypto.subtle.decrypt({name:"AES-GCM",iv:A},e,r),i=new Uint8Array(n);return i.length===t.length&&i.every((s,a)=>s===t[a])}catch{return!1}}async function Jt(){try{return await crypto.subtle.generateKey("Ed25519",!1,["sign","verify"]),!0}catch{return!1}}function Mt(e){if(e.allSupported)return null;const t=[];return e.webCrypto||t.push("Web Crypto API"),e.aesGcm||t.push("AES-GCM encryption"),e.hkdf||t.push("HKDF key derivation"),e.webAuthn||t.push("WebAuthn/Passkeys"),e.webAuthnPrf||t.push("WebAuthn PRF extension (requires platform authenticator)"),e.argon2||t.push("Argon2 password hashing"),t.length===0?null:`Your browser or device is missing required features: ${t.join(", ")}. Please use a modern browser with a platform authenticator (e.g., Touch ID, Face ID, Windows Hello).`}function Nt(){const e=typeof navigator<"u"?navigator.userAgent:"",t=e.match(/Chrome\/(\d+)/);if(t){const i=parseInt(t[1],10);return{browser:"Chrome",version:t[1],likelySupported:i>=116}}const A=e.match(/Version\/(\d+)/);if(A&&e.includes("Safari")&&!e.includes("Chrome")){const i=parseInt(A[1],10);return{browser:"Safari",version:A[1],likelySupported:i>=17}}const r=e.match(/Firefox\/(\d+)/);if(r)return{browser:"Firefox",version:r[1],likelySupported:!1};const n=e.match(/Edg\/(\d+)/);if(n){const i=parseInt(n[1],10);return{browser:"Edge",version:n[1],likelySupported:i>=116}}return{browser:"Unknown",version:"Unknown",likelySupported:!1}}let R=null;async function xt(e=!1){return!e&&R!==null||(R=await Gt()),R}const Vt=1e4,Pt=2;function Ot(e,t){return{code:e.code||"SERVER_ERROR",message:e.message||t,details:e.details}}function vt(){return{code:"NETWORK_ERROR",message:"Unable to connect to server"}}async function Yt(e,t,A){const r=new AbortController,n=setTimeout(()=>r.abort(),A);try{return await fetch(e,{...t,signal:r.signal})}finally{clearTimeout(n)}}function Tt(e){if(e instanceof Error){if(e.retryable)return!0;if(e.name==="AbortError")return!1;if(e.message.includes("fetch"))return!0}return!1}function Rt(e){return new Promise(t=>setTimeout(t,e))}class Se{baseUrl;timeoutMs;retryAttempts;getAccessToken;constructor(t){this.baseUrl=t.baseUrl,this.timeoutMs=t.timeoutMs??Vt,this.retryAttempts=t.retryAttempts??Pt,this.getAccessToken=t.getAccessToken}async request(t){const{method:A,path:r,body:n,credentials:i="include",skipRetry:s=!1,validator:a}=t,l=`${this.baseUrl}${r}`,d=s||!(A==="GET"||A==="HEAD"||A==="PUT"||A==="DELETE")?1:this.retryAttempts+1,y={};n!==void 0&&(y["Content-Type"]="application/json");const w=this.getAccessToken?.();w&&(y.Authorization=`Bearer ${w}`);const B=ee();B&&(y["X-CSRF-Token"]=B);let f;for(let h=1;h<=d;h++)try{const g=await Yt(l,{method:A,headers:y,credentials:i,body:n!==void 0?JSON.stringify(n):void 0},this.timeoutMs),c=g.headers.get("content-type")||"";let u={};if(c.includes("application/json")){if(g.status!==204)try{u=await g.json()}catch(E){const D=E instanceof Error?E.message:"parse failed";throw new Error(`Invalid JSON response: ${D}`)}}else{const E=await g.text();if(E){const D=E.length>200?E.slice(0,200)+"...":E;u={message:c.includes("text/html")||E.trimStart().startsWith("<")?`Unexpected HTML response (${g.status}). The server may be unavailable.`:D}}}if(!g.ok){if(g.status>=400&&g.status<500)throw{isApiError:!0,data:u,status:g.status};const E=new Error(`Server error: ${g.status}`);throw E.retryable=!0,E}if(a)try{return a(u)}catch(E){throw new Error(`Response validation failed: ${E instanceof Error?E.message:"Invalid response shape"}`)}return u}catch(g){if(f=g,typeof g=="object"&&g!==null&&"isApiError"in g)throw g;if(h<d&&Tt(g)){await Rt(100*Math.pow(2,h-1));continue}throw g}throw f}async post(t,A,r){return this.request({method:"POST",path:t,body:A,...r})}async get(t,A){return this.request({method:"GET",path:t,...A})}async patch(t,A,r){return this.request({method:"PATCH",path:t,body:A,...r})}async delete(t,A){return this.request({method:"DELETE",path:t,...A})}}function Lt(e){return typeof e=="object"&&e!==null&&"isApiError"in e}function Xt(e){return typeof e=="object"&&e!==null&&"code"in e&&"message"in e}function G(e,t){if(Xt(e))return e;if(Lt(e))return Ot(e.data,t);if(e instanceof Error){if(e.name==="AbortError")return{code:"NETWORK_ERROR",message:"Request timed out"};if(e.message.startsWith("Server error:")||e.message.startsWith("Invalid JSON response"))return{code:"SERVER_ERROR",message:t}}return vt()}function De(e){switch(e.type){case"password":return{password:e.password};case"prfOutput":return{prfOutput:e.prfOutput}}}function Fe(){const e=se(),[t,A]=o.useState(!1),[r,n]=o.useState(null),i=o.useMemo(()=>e?new Se({baseUrl:e.config.serverUrl,timeoutMs:e.config.requestTimeout,retryAttempts:e.config.retryAttempts,getAccessToken:e._internal?.getAccessToken}):null,[e]),s=o.useCallback(async()=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{return await i.get("/wallet/status")}catch(g){const c=G(g,"Failed to fetch wallet status");throw n(c.message),c}finally{A(!1)}},[i]),a=o.useCallback(async()=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{return await i.get("/wallet/material")}catch(g){const c=G(g,"Failed to fetch wallet material");if(c.code==="NOT_FOUND")return null;throw n(c.message),c}finally{A(!1)}},[i]),l=o.useCallback(async g=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{await i.post("/wallet/enroll",g)}catch(c){const u=G(c,"Failed to enroll wallet");throw n(u.message),u}finally{A(!1)}},[i]),Q=o.useCallback(async g=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{await i.post("/wallet/recover",g)}catch(c){const u=G(c,"Failed to recover wallet");throw n(u.message),u}finally{A(!1)}},[i]),d=o.useCallback(async g=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{return await i.post("/wallet/sign",g)}catch(c){const u=G(c,"Failed to sign transaction");throw n(u.message),u}finally{A(!1)}},[i]),y=o.useCallback(async g=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{await i.post("/wallet/rotate-user-secret",g)}catch(c){const u=G(c,"Failed to rotate user secret");throw n(u.message),u}finally{A(!1)}},[i]),w=o.useCallback(async g=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{return await i.post("/wallet/unlock",De(g))}catch(c){const u=G(c,"Failed to unlock wallet");throw n(u.message),u}finally{A(!1)}},[i]),B=o.useCallback(async()=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{await i.post("/wallet/lock",{})}catch(g){const c=G(g,"Failed to lock wallet");throw n(c.message),c}finally{A(!1)}},[i]),f=o.useCallback(async g=>{if(!i)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),n(null);try{return await i.post("/wallet/share-b",g)}catch(c){const u=G(c,"Failed to get Share B for recovery");throw n(u.message),u}finally{A(!1)}},[i]),h=o.useCallback(()=>n(null),[]);return{getStatus:s,getMaterial:a,enroll:l,recover:Q,signTransaction:d,rotateUserSecret:y,unlock:w,lock:B,getShareBForRecovery:f,isLoading:t,error:r,clearError:h}}const Wt={status:"not_enrolled",solanaPubkey:null,authMethod:null,hasExternalWallet:!1,isUnlocked:!1,capabilities:null,isSupported:!1,error:null,refresh:async()=>{},clearError:()=>{}};function me(){const t=se()!==null,[A,r]=o.useState("loading"),[n,i]=o.useState(null),[s,a]=o.useState(null),[l,Q]=o.useState(!1),[d,y]=o.useState(!1),[w,B]=o.useState(null),[f,h]=o.useState(null),{getStatus:g,isLoading:c}=Fe(),u=o.useRef(!1);o.useEffect(()=>{if(!t)return;let k=!1;return(async()=>{try{const I=await xt();if(k)return;B(I),I.allSupported||(r("error"),h("Your browser or device does not support all required features. Please use a modern browser with a platform authenticator."))}catch{if(k)return;B(null),r("error"),h("Failed to check crypto capabilities")}})(),()=>{k=!0}},[t]);const E=o.useCallback(async()=>{if(!(!t||!w?.allSupported)){r("loading"),h(null);try{const k=await g();i(k.solanaPubkey??null),a(k.authMethod??null),Q(k.hasExternalWallet),y(k.unlocked),k.hasExternalWallet?r("enrolled_unlocked"):k.enrolled?r(k.unlocked?"enrolled_unlocked":"enrolled_locked"):r("not_enrolled")}catch(k){r("error"),h(k instanceof Error?k.message:"Failed to fetch wallet status")}}},[t,w?.allSupported,g]);o.useEffect(()=>{t&&w?.allSupported&&!c&&!u.current&&(u.current=!0,E())},[t,w?.allSupported,c,E]);const D=o.useCallback(()=>h(null),[]);return t?{status:A,solanaPubkey:n,authMethod:s,hasExternalWallet:l,isUnlocked:d,capabilities:w,isSupported:w?.allSupported??!1,error:f,refresh:E,clearError:D}:Wt}const W="__CEDROS_EMBEDDED_WALLET__";function jt(e){typeof window<"u"&&(window[W]=e)}function z(){typeof window<"u"&&delete window[W]}function qt(){return typeof window>"u"?!1:window[W]?.available??!1}function Zt(){return typeof window>"u"?null:window[W]??null}function _t(){const{config:e,user:t}=ne(),{status:A,solanaPubkey:r,hasExternalWallet:n}=me(),i=e.wallet?.exposeAvailability??!1,s=e.wallet?.exposePublicKey??!1;return o.useEffect(()=>{if(!i||!t){z();return}if(n){z();return}if(A==="loading")return;const a=A==="enrolled_locked"||A==="enrolled_unlocked";return jt({available:a,publicKey:s&&a?r:null}),()=>{z()}},[i,s,t,A,r,n]),null}function $t({config:e,children:t}){const[A,r]=o.useState(null),[n,i]=o.useState(!1),s=o.useMemo(()=>JSON.stringify(e.themeOverrides??null),[e.themeOverrides]),a=o.useMemo(()=>JSON.stringify(e.session??null),[e.session]),l=o.useMemo(()=>JSON.stringify(e.features??null),[e.features]),Q=o.useMemo(()=>JSON.stringify(e.forms??null),[e.forms]),d=o.useMemo(()=>e,[e.serverUrl,e.googleClientId,e.requestTimeout,e.retryAttempts,e.theme,s,a,l,Q,e.callbacks]);be({theme:d.theme,themeOverrides:d.themeOverrides});const{user:y,authState:w,handleLoginSuccess:B,logout:f,refreshUser:h,getAccessToken:g}=xe({serverUrl:d.serverUrl,session:d.session,callbacks:d.callbacks,requestTimeoutMs:d.requestTimeout}),c=o.useCallback(async()=>{r(null),await f()},[f]),u=o.useCallback((...C)=>{r(null),B(...C)},[B]),E=o.useCallback(()=>i(!0),[]),D=o.useCallback(()=>i(!1),[]),k=o.useMemo(()=>({config:d,user:y,authState:w,error:A,logout:c,refreshUser:h,isModalOpen:n,openModal:E,closeModal:D,_internal:{handleLoginSuccess:u,getAccessToken:g}}),[d,y,w,A,c,h,n,E,D,u,g]);return F.jsxs(ie.Provider,{value:k,children:[F.jsx(_t,{}),t]})}function zt(){const{user:e,authState:t,error:A,logout:r,refreshUser:n,openModal:i,closeModal:s}=ne();return{user:e,authState:t,error:A,isAuthenticated:t==="authenticated"&&e!==null,isLoading:t==="loading",logout:r,refreshUser:n,openLoginModal:i,closeLoginModal:s}}const eA={sm:16,md:24,lg:32,xl:48},tA=o.memo(function({size:t="md",className:A="",style:r,label:n="Loading",announce:i=!1}){const s=eA[t],a=F.jsxs("svg",{className:`cedros-spinner ${A}`,width:s,height:s,viewBox:"0 0 24 24",fill:"none",style:r,"aria-label":n,role:"status","aria-hidden":i?"true":void 0,children:[F.jsx("circle",{className:"cedros-spinner-track",cx:"12",cy:"12",r:"10",stroke:"currentColor",strokeWidth:"3",strokeOpacity:"0.25"}),F.jsx("circle",{className:"cedros-spinner-head",cx:"12",cy:"12",r:"10",stroke:"currentColor",strokeWidth:"3",strokeLinecap:"round",strokeDasharray:"31.4 31.4",transform:"rotate(-90 12 12)",children:F.jsx("animateTransform",{attributeName:"transform",type:"rotate",from:"0 12 12",to:"360 12 12",dur:"1s",repeatCount:"indefinite"})})]});return i?F.jsxs("span",{"aria-live":"polite","aria-busy":"true",children:[a,F.jsx("span",{className:"cedros-sr-only",children:n})]}):a}),AA=o.memo(function({error:t,className:A="",onDismiss:r,autoFocus:n=!1}){const i=o.useRef(null);if(o.useEffect(()=>{t&&n&&i.current&&i.current.focus()},[t,n]),!t)return null;const s=typeof t=="string"?t:t.message;return F.jsxs("div",{ref:i,className:`cedros-error ${A}`,role:"alert","aria-live":"assertive",tabIndex:n?-1:void 0,children:[F.jsxs("svg",{className:"cedros-error-icon",width:"16",height:"16",viewBox:"0 0 16 16",fill:"none","aria-hidden":"true",children:[F.jsx("circle",{cx:"8",cy:"8",r:"7",stroke:"currentColor",strokeWidth:"1.5"}),F.jsx("path",{d:"M8 4.5v4",stroke:"currentColor",strokeWidth:"1.5",strokeLinecap:"round"}),F.jsx("circle",{cx:"8",cy:"11",r:"0.75",fill:"currentColor"})]}),F.jsx("span",{className:"cedros-error-message",children:s}),r&&F.jsx("button",{type:"button",className:"cedros-error-dismiss",onClick:r,"aria-label":"Dismiss error",children:F.jsx("svg",{width:"14",height:"14",viewBox:"0 0 14 14",fill:"none","aria-hidden":"true",children:F.jsx("path",{d:"M10.5 3.5L3.5 10.5M3.5 3.5l7 7",stroke:"currentColor",strokeWidth:"1.5",strokeLinecap:"round"})})})]})});exports.ApiClient=Se;exports.CedrosLoginProvider=$t;exports.DEFAULT_KDF_PARAMS=fe;exports.ErrorMessage=AA;exports.LoadingSpinner=tA;exports.aesGcmEncryptToBase64=et;exports.argon2Derive=kt;exports.authenticateWithDiscoverablePrf=bt;exports.base64ToUint8Array=Be;exports.deriveKeyFromPrf=At;exports.generateArgon2Salt=Ze;exports.generatePrfSalt=Qe;exports.generateSeed=je;exports.getBrowserSupportInfo=Nt;exports.getEmbeddedWalletInfo=Zt;exports.getMissingCapabilitiesMessage=Mt;exports.handleApiError=G;exports.isEmbeddedWalletAvailable=qt;exports.registerPasskeyWithPrf=Ut;exports.toCredentialRequest=De;exports.toEncryptionKey=oe;exports.toSeed=we;exports.toShamirShare=Re;exports.uint8ArrayToBase64=O;exports.useAuth=zt;exports.useCedrosLogin=ne;exports.useCedrosLoginOptional=se;exports.useWallet=me;exports.useWalletMaterial=Fe;exports.wipeAll=_e;exports.wipeBytes=Ie;