@cedros/login-react 0.0.16 → 0.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/{EmailRegisterForm-DcpT5LU6.cjs → EmailRegisterForm-CdTuvJmf.cjs} +1 -1
  2. package/dist/{EmailRegisterForm-DcpT5LU6.cjs.map → EmailRegisterForm-CdTuvJmf.cjs.map} +1 -1
  3. package/dist/{EmailRegisterForm-HMcnD3KA.js → EmailRegisterForm-CxOdldks.js} +1 -1
  4. package/dist/{EmailRegisterForm-HMcnD3KA.js.map → EmailRegisterForm-CxOdldks.js.map} +1 -1
  5. package/dist/{GoogleLoginButton-CXwp4LsQ.js → GoogleLoginButton-CwKEUISj.js} +19 -19
  6. package/dist/{GoogleLoginButton-CXwp4LsQ.js.map → GoogleLoginButton-CwKEUISj.js.map} +1 -1
  7. package/dist/{GoogleLoginButton-zS_69-KV.cjs → GoogleLoginButton-oM5fMYPB.cjs} +1 -1
  8. package/dist/{GoogleLoginButton-zS_69-KV.cjs.map → GoogleLoginButton-oM5fMYPB.cjs.map} +1 -1
  9. package/dist/email-only.cjs +1 -1
  10. package/dist/email-only.js +2 -2
  11. package/dist/google-only.cjs +1 -1
  12. package/dist/google-only.js +2 -2
  13. package/dist/index.cjs +2 -2
  14. package/dist/index.cjs.map +1 -1
  15. package/dist/index.js +11 -11
  16. package/dist/index.js.map +1 -1
  17. package/dist/login-react.css +1 -1
  18. package/dist/{mobileWalletAdapter-coZRD4Yx.js → mobileWalletAdapter-BulleEbi.js} +2 -2
  19. package/dist/{mobileWalletAdapter-coZRD4Yx.js.map → mobileWalletAdapter-BulleEbi.js.map} +1 -1
  20. package/dist/{mobileWalletAdapter-Dp4yFxCm.cjs → mobileWalletAdapter-DOdmFAk0.cjs} +1 -1
  21. package/dist/{mobileWalletAdapter-Dp4yFxCm.cjs.map → mobileWalletAdapter-DOdmFAk0.cjs.map} +1 -1
  22. package/dist/{shamir-DAa54dMh.cjs → shamir-CiBczzDN.cjs} +1 -1
  23. package/dist/{shamir-DAa54dMh.cjs.map → shamir-CiBczzDN.cjs.map} +1 -1
  24. package/dist/{shamir-CDbZS8I1.js → shamir-OAB2zD9Y.js} +1 -1
  25. package/dist/{shamir-CDbZS8I1.js.map → shamir-OAB2zD9Y.js.map} +1 -1
  26. package/dist/{silentWalletEnroll-CRHzr4Zy.js → silentWalletEnroll-FqXS7Rvh.js} +2 -2
  27. package/dist/{silentWalletEnroll-CRHzr4Zy.js.map → silentWalletEnroll-FqXS7Rvh.js.map} +1 -1
  28. package/dist/{silentWalletEnroll-Dl_oFapH.cjs → silentWalletEnroll-wnkcB9HP.cjs} +1 -1
  29. package/dist/{silentWalletEnroll-Dl_oFapH.cjs.map → silentWalletEnroll-wnkcB9HP.cjs.map} +1 -1
  30. package/dist/solana-only.cjs +1 -1
  31. package/dist/solana-only.js +2 -2
  32. package/dist/useAuth-X6Ds6WW4.cjs +1 -0
  33. package/dist/useAuth-X6Ds6WW4.cjs.map +1 -0
  34. package/dist/{useAuth-D1NSN6yY.js → useAuth-m5Hf89v8.js} +408 -397
  35. package/dist/useAuth-m5Hf89v8.js.map +1 -0
  36. package/package.json +1 -1
  37. package/dist/useAuth-D1NSN6yY.js.map +0 -1
  38. package/dist/useAuth-dS_6wAMp.cjs +0 -1
  39. package/dist/useAuth-dS_6wAMp.cjs.map +0 -1
package/dist/{silentWalletEnroll-CRHzr4Zy.js → silentWalletEnroll-FqXS7Rvh.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import { A as g } from "./useCedrosLogin-_94MmGGq.js";
2
- import { g as f, a as w, D as i, b as K, t as b, c as p, w as S } from "./useAuth-D1NSN6yY.js";
3
- import { s as T, a as k, g as B, p as D } from "./shamir-CDbZS8I1.js";
2
+ import { g as f, a as w, D as i, b as K, t as b, c as p, w as S } from "./useAuth-m5Hf89v8.js";
3
+ import { s as T, a as k, g as B, p as D } from "./shamir-OAB2zD9Y.js";
4
4
  async function P(u) {
5
5
  const { password: A, serverUrl: h, accessToken: r, timeoutMs: y = 3e4 } = u, s = [];
6
6
  try {
package/dist/{silentWalletEnroll-CRHzr4Zy.js.map → silentWalletEnroll-FqXS7Rvh.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"silentWalletEnroll-CRHzr4Zy.js","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":";;;AA2DA,eAAsBA,EACpBC,GAC6B;AAC7B,QAAM,EAAE,UAAAC,GAAU,WAAAC,GAAW,aAAAC,GAAa,WAAAC,IAAY,QAAUJ,GAG1DK,IAA8B,CAAA;AAEpC,MAAI;AAEF,UAAMC,IAAOC,EAAA;AACb,IAAAF,EAAc,KAAKC,CAAI;AAGvB,UAAM,EAAE,QAAAE,GAAQ,QAAAC,MAAWC,EAAYJ,CAAI;AAC3C,IAAAD,EAAc,KAAKG,GAAQC,CAAM;AAGjC,UAAME,IAAOC,EAAA,GACPC,IAAM,MAAMC,EAAqBb,GAAUU,GAAMI,CAAkB;AACzE,IAAAV,EAAc,KAAKQ,CAAG;AAGtB,UAAMG,IAAa,MAAMC,EAAsBT,GAAQU,EAAgBL,CAAG,CAAC,GAGrEM,IAAYC,EAAqBd,CAAI,GACrCe,IAAeC,EAAkBH,CAAS,GAI1CI,IAA+B;AAAA,MACnC,cAAAF;AAAA,MACA,kBAAkB;AAAA,MAClB,kBAAkBL,EAAW;AAAA,MAC7B,aAAaA,EAAW;AAAA,MACxB,QAAQQ,EAAmBf,CAAM;AAAA,MACjC,eAAee,EAAmBb,CAAI;AAAA,MACtC,iBAAiBI;AAAA,IAAA;AAWnB,iBANkB,IAAIU,EAAU;AAAA,MAC9B,SAASvB;AAAA,MACT,WAAAE;AAAA,MACA,gBAAgBD,IAAc,MAAMA,IAAc;AAAA,IAAA,CACnD,EAEe,KAAK,kBAAkBoB,CAAO,GAEvC;AAAA,MACL,SAAS;AAAA,MACT,cAAAF;AAAA,IAAA;AAAA,EAEJ,SAASK,GAAK;AAGZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAJmBA,aAAe,QAAQA,EAAI,UAAU;AAAA,IAIjD;AAAA,EAEX,UAAA;AAEE,IAAAC,EAAQ,GAAGtB,CAAa;AAAA,EAC1B;AACF;"}
1
+ {"version":3,"file":"silentWalletEnroll-FqXS7Rvh.js","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":";;;AA2DA,eAAsBA,EACpBC,GAC6B;AAC7B,QAAM,EAAE,UAAAC,GAAU,WAAAC,GAAW,aAAAC,GAAa,WAAAC,IAAY,QAAUJ,GAG1DK,IAA8B,CAAA;AAEpC,MAAI;AAEF,UAAMC,IAAOC,EAAA;AACb,IAAAF,EAAc,KAAKC,CAAI;AAGvB,UAAM,EAAE,QAAAE,GAAQ,QAAAC,MAAWC,EAAYJ,CAAI;AAC3C,IAAAD,EAAc,KAAKG,GAAQC,CAAM;AAGjC,UAAME,IAAOC,EAAA,GACPC,IAAM,MAAMC,EAAqBb,GAAUU,GAAMI,CAAkB;AACzE,IAAAV,EAAc,KAAKQ,CAAG;AAGtB,UAAMG,IAAa,MAAMC,EAAsBT,GAAQU,EAAgBL,CAAG,CAAC,GAGrEM,IAAYC,EAAqBd,CAAI,GACrCe,IAAeC,EAAkBH,CAAS,GAI1CI,IAA+B;AAAA,MACnC,cAAAF;AAAA,MACA,kBAAkB;AAAA,MAClB,kBAAkBL,EAAW;AAAA,MAC7B,aAAaA,EAAW;AAAA,MACxB,QAAQQ,EAAmBf,CAAM;AAAA,MACjC,eAAee,EAAmBb,CAAI;AAAA,MACtC,iBAAiBI;AAAA,IAAA;AAWnB,iBANkB,IAAIU,EAAU;AAAA,MAC9B,SAASvB;AAAA,MACT,WAAAE;AAAA,MACA,gBAAgBD,IAAc,MAAMA,IAAc;AAAA,IAAA,CACnD,EAEe,KAAK,kBAAkBoB,CAAO,GAEvC;AAAA,MACL,SAAS;AAAA,MACT,cAAAF;AAAA,IAAA;AAAA,EAEJ,SAASK,GAAK;AAGZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAJmBA,aAAe,QAAQA,EAAI,UAAU;AAAA,IAIjD;AAAA,EAEX,UAAA;AAEE,IAAAC,EAAQ,GAAGtB,CAAa;AAAA,EAC1B;AACF;"}
package/dist/{silentWalletEnroll-Dl_oFapH.cjs → silentWalletEnroll-wnkcB9HP.cjs} RENAMED
@@ -1 +1 @@
1
- "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const S=require("./useCedrosLogin-C9MrcZvh.cjs"),e=require("./useAuth-dS_6wAMp.cjs"),t=require("./shamir-DAa54dMh.cjs");async function T(A){const{password:p,serverUrl:h,accessToken:n,timeoutMs:y=3e4}=A,r=[];try{const s=e.generateSeed();r.push(s);const{shareA:a,shareB:o}=t.splitSecret(s);r.push(a,o);const c=e.generateArgon2Salt(),l=await t.argon2DeriveInWorker(p,c,e.DEFAULT_KDF_PARAMS);r.push(l);const i=await e.aesGcmEncryptToBase64(a,e.toEncryptionKey(l)),d=t.getPublicKeyFromSeed(s),u=t.publicKeyToBase58(d),g={solanaPubkey:u,shareAAuthMethod:"password",shareACiphertext:i.ciphertext,shareANonce:i.nonce,shareB:e.uint8ArrayToBase64(o),shareAKdfSalt:e.uint8ArrayToBase64(c),shareAKdfParams:e.DEFAULT_KDF_PARAMS};return await new S.ApiClient({baseUrl:h,timeoutMs:y,getAccessToken:n?()=>n:void 0}).post("/wallet/enroll",g),{success:!0,solanaPubkey:u}}catch(s){return{success:!1,error:s instanceof Error?s.message:"Wallet enrollment failed"}}finally{e.wipeAll(...r)}}exports.silentWalletEnroll=T;
1
+ "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const S=require("./useCedrosLogin-C9MrcZvh.cjs"),e=require("./useAuth-X6Ds6WW4.cjs"),t=require("./shamir-CiBczzDN.cjs");async function T(A){const{password:p,serverUrl:h,accessToken:n,timeoutMs:y=3e4}=A,r=[];try{const s=e.generateSeed();r.push(s);const{shareA:a,shareB:o}=t.splitSecret(s);r.push(a,o);const c=e.generateArgon2Salt(),l=await t.argon2DeriveInWorker(p,c,e.DEFAULT_KDF_PARAMS);r.push(l);const i=await e.aesGcmEncryptToBase64(a,e.toEncryptionKey(l)),d=t.getPublicKeyFromSeed(s),u=t.publicKeyToBase58(d),g={solanaPubkey:u,shareAAuthMethod:"password",shareACiphertext:i.ciphertext,shareANonce:i.nonce,shareB:e.uint8ArrayToBase64(o),shareAKdfSalt:e.uint8ArrayToBase64(c),shareAKdfParams:e.DEFAULT_KDF_PARAMS};return await new S.ApiClient({baseUrl:h,timeoutMs:y,getAccessToken:n?()=>n:void 0}).post("/wallet/enroll",g),{success:!0,solanaPubkey:u}}catch(s){return{success:!1,error:s instanceof Error?s.message:"Wallet enrollment failed"}}finally{e.wipeAll(...r)}}exports.silentWalletEnroll=T;
package/dist/{silentWalletEnroll-Dl_oFapH.cjs.map → silentWalletEnroll-wnkcB9HP.cjs.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"file":"silentWalletEnroll-Dl_oFapH.cjs","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":"wMA2DA,eAAsBA,EACpBC,EAC6B,CAC7B,KAAM,CAAE,SAAAC,EAAU,UAAAC,EAAW,YAAAC,EAAa,UAAAC,EAAY,KAAUJ,EAG1DK,EAA8B,CAAA,EAEpC,GAAI,CAEF,MAAMC,EAAOC,EAAAA,aAAA,EACbF,EAAc,KAAKC,CAAI,EAGvB,KAAM,CAAE,OAAAE,EAAQ,OAAAC,GAAWC,EAAAA,YAAYJ,CAAI,EAC3CD,EAAc,KAAKG,EAAQC,CAAM,EAGjC,MAAME,EAAOC,EAAAA,mBAAA,EACPC,EAAM,MAAMC,EAAAA,qBAAqBb,EAAUU,EAAMI,EAAAA,kBAAkB,EACzEV,EAAc,KAAKQ,CAAG,EAGtB,MAAMG,EAAa,MAAMC,EAAAA,sBAAsBT,EAAQU,EAAAA,gBAAgBL,CAAG,CAAC,EAGrEM,EAAYC,EAAAA,qBAAqBd,CAAI,EACrCe,EAAeC,EAAAA,kBAAkBH,CAAS,EAI1CI,EAA+B,CACnC,aAAAF,EACA,iBAAkB,WAClB,iBAAkBL,EAAW,WAC7B,YAAaA,EAAW,MACxB,OAAQQ,EAAAA,mBAAmBf,CAAM,EACjC,cAAee,EAAAA,mBAAmBb,CAAI,EACtC,gBAAiBI,EAAAA,kBAAA,EAWnB,aANkB,IAAIU,YAAU,CAC9B,QAASvB,EACT,UAAAE,EACA,eAAgBD,EAAc,IAAMA,EAAc,MAAA,CACnD,EAEe,KAAK,iBAAkBoB,CAAO,EAEvC,CACL,QAAS,GACT,aAAAF,CAAA,CAEJ,OAASK,EAAK,CAGZ,MAAO,CACL,QAAS,GACT,MAJmBA,aAAe,MAAQA,EAAI,QAAU,0BAIjD,CAEX,QAAA,CAEEC,EAAAA,QAAQ,GAAGtB,CAAa,CAC1B,CACF"}
1
+ {"version":3,"file":"silentWalletEnroll-wnkcB9HP.cjs","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n generateSeed,\n generateArgon2Salt,\n splitSecret,\n argon2DeriveInWorker,\n aesGcmEncryptToBase64,\n uint8ArrayToBase64,\n getPublicKeyFromSeed,\n publicKeyToBase58,\n wipeAll,\n toEncryptionKey,\n DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n /** User's password for Share A encryption */\n password: string;\n /** Server base URL */\n serverUrl: string;\n /** Access token for authentication (optional if using cookies) */\n accessToken?: string;\n /** Request timeout in ms */\n timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n success: boolean;\n solanaPubkey?: string;\n error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n // Track sensitive data for cleanup\n const sensitiveData: Uint8Array[] = [];\n\n try {\n // Step 1: Generate seed\n const seed = generateSeed();\n sensitiveData.push(seed);\n\n // Step 2: Split into shares\n const { shareA, shareB } = splitSecret(seed);\n sensitiveData.push(shareA, shareB);\n\n // Step 3: Derive encryption key from password\n const salt = generateArgon2Salt();\n const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n sensitiveData.push(key);\n\n // Step 4: Encrypt Share A\n const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n // Step 5: Derive Solana public key\n const publicKey = getPublicKeyFromSeed(seed);\n const solanaPubkey = publicKeyToBase58(publicKey);\n\n // Step 6: Build enrollment request\n // Only send encrypted shares — never send the raw seed to the server\n const request: WalletEnrollRequest = {\n solanaPubkey,\n shareAAuthMethod: 'password',\n shareACiphertext: encryptedA.ciphertext,\n shareANonce: encryptedA.nonce,\n shareB: uint8ArrayToBase64(shareB),\n shareAKdfSalt: uint8ArrayToBase64(salt),\n shareAKdfParams: DEFAULT_KDF_PARAMS,\n };\n\n // Step 7: Upload to server\n // If accessToken provided, use it; otherwise rely on cookies\n const apiClient = new ApiClient({\n baseUrl: serverUrl,\n timeoutMs,\n getAccessToken: accessToken ? () => accessToken : undefined,\n });\n\n await apiClient.post('/wallet/enroll', request);\n\n return {\n success: true,\n solanaPubkey,\n };\n } catch (err) {\n const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n // Silent failure - don't break registration flow\n return {\n success: false,\n error: errorMessage,\n };\n } finally {\n // Always wipe sensitive data\n wipeAll(...sensitiveData);\n }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":"wMA2DA,eAAsBA,EACpBC,EAC6B,CAC7B,KAAM,CAAE,SAAAC,EAAU,UAAAC,EAAW,YAAAC,EAAa,UAAAC,EAAY,KAAUJ,EAG1DK,EAA8B,CAAA,EAEpC,GAAI,CAEF,MAAMC,EAAOC,EAAAA,aAAA,EACbF,EAAc,KAAKC,CAAI,EAGvB,KAAM,CAAE,OAAAE,EAAQ,OAAAC,GAAWC,EAAAA,YAAYJ,CAAI,EAC3CD,EAAc,KAAKG,EAAQC,CAAM,EAGjC,MAAME,EAAOC,EAAAA,mBAAA,EACPC,EAAM,MAAMC,EAAAA,qBAAqBb,EAAUU,EAAMI,EAAAA,kBAAkB,EACzEV,EAAc,KAAKQ,CAAG,EAGtB,MAAMG,EAAa,MAAMC,EAAAA,sBAAsBT,EAAQU,EAAAA,gBAAgBL,CAAG,CAAC,EAGrEM,EAAYC,EAAAA,qBAAqBd,CAAI,EACrCe,EAAeC,EAAAA,kBAAkBH,CAAS,EAI1CI,EAA+B,CACnC,aAAAF,EACA,iBAAkB,WAClB,iBAAkBL,EAAW,WAC7B,YAAaA,EAAW,MACxB,OAAQQ,EAAAA,mBAAmBf,CAAM,EACjC,cAAee,EAAAA,mBAAmBb,CAAI,EACtC,gBAAiBI,EAAAA,kBAAA,EAWnB,aANkB,IAAIU,YAAU,CAC9B,QAASvB,EACT,UAAAE,EACA,eAAgBD,EAAc,IAAMA,EAAc,MAAA,CACnD,EAEe,KAAK,iBAAkBoB,CAAO,EAEvC,CACL,QAAS,GACT,aAAAF,CAAA,CAEJ,OAASK,EAAK,CAGZ,MAAO,CACL,QAAS,GACT,MAJmBA,aAAe,MAAQA,EAAI,QAAU,0BAIjD,CAEX,QAAA,CAEEC,EAAAA,QAAQ,GAAGtB,CAAa,CAC1B,CACF"}
package/dist/solana-only.cjs CHANGED
@@ -1 +1 @@
1
- "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const r=require("./useAuth-dS_6wAMp.cjs"),o=require("./useCedrosLogin-C9MrcZvh.cjs"),e=require("./mobileWalletAdapter-Dp4yFxCm.cjs"),n=require("./LoadingSpinner-d6sSxgQN.cjs"),i=require("./ErrorMessage-CHbYbVi2.cjs");exports.CedrosLoginProvider=r.CedrosLoginProvider;exports.useAuth=r.useAuth;exports.useCedrosLogin=o.useCedrosLogin;exports.SolanaLoginButton=e.SolanaLoginButton;exports.registerMobileWallet=e.registerMobileWallet;exports.useSolanaAuth=e.useSolanaAuth;exports.LoadingSpinner=n.LoadingSpinner;exports.ErrorMessage=i.ErrorMessage;
1
+ "use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const r=require("./useAuth-X6Ds6WW4.cjs"),o=require("./useCedrosLogin-C9MrcZvh.cjs"),e=require("./mobileWalletAdapter-DOdmFAk0.cjs"),n=require("./LoadingSpinner-d6sSxgQN.cjs"),i=require("./ErrorMessage-CHbYbVi2.cjs");exports.CedrosLoginProvider=r.CedrosLoginProvider;exports.useAuth=r.useAuth;exports.useCedrosLogin=o.useCedrosLogin;exports.SolanaLoginButton=e.SolanaLoginButton;exports.registerMobileWallet=e.registerMobileWallet;exports.useSolanaAuth=e.useSolanaAuth;exports.LoadingSpinner=n.LoadingSpinner;exports.ErrorMessage=i.ErrorMessage;
package/dist/solana-only.js CHANGED
@@ -1,6 +1,6 @@
1
- import { C as e, u as s } from "./useAuth-D1NSN6yY.js";
1
+ import { C as e, u as s } from "./useAuth-m5Hf89v8.js";
2
2
  import { u as t } from "./useCedrosLogin-_94MmGGq.js";
3
- import { S as u, r as i, u as g } from "./mobileWalletAdapter-coZRD4Yx.js";
3
+ import { S as u, r as i, u as g } from "./mobileWalletAdapter-BulleEbi.js";
4
4
  import { L as f } from "./LoadingSpinner-6vml-zwr.js";
5
5
  import { E as m } from "./ErrorMessage-CcEK0pYO.js";
6
6
  export {
package/dist/useAuth-X6Ds6WW4.cjs ADDED
@@ -0,0 +1 @@
1
+ "use strict";const X=require("react/jsx-runtime"),o=require("react"),Ae=require("./LoadingSpinner-d6sSxgQN.cjs"),b=require("./useCedrosLogin-C9MrcZvh.cjs");let W=0;function He({theme:e,themeOverrides:t}){o.useEffect(()=>{if(typeof document>"u"||typeof window>"u")return;const A=document.documentElement;let i=!1;e==="dark"?i=!0:e==="light"?i=!1:i=window.matchMedia("(prefers-color-scheme: dark)").matches;let r=!1;i?(W++,r=!0,A.classList.add("cedros-dark")):W===0&&A.classList.remove("cedros-dark");const n=new Map;return t&&Object.entries(t).forEach(([s,g])=>{if(g){const C=A.style.getPropertyValue(s);n.set(s,C),A.style.setProperty(s,g)}}),()=>{r&&(W--,W===0&&A.classList.remove("cedros-dark")),n.forEach((s,g)=>{s?A.style.setProperty(g,s):A.style.removeProperty(g)})}},[e,t])}const Je={email:!0,google:!0,apple:!0,solana:!0,webauthn:!0,instantLink:!0};function Me(e,t,A){const[i,r]=o.useState(null),[n,s]=o.useState(),[g,C]=o.useState(),[I,y]=o.useState(t),p=o.useRef(!1);return o.useEffect(()=>{if(!t||p.current)return;p.current=!0,new b.ApiClient({baseUrl:e,timeoutMs:A??5e3,retryAttempts:1}).get("/features",{credentials:"omit"}).then(u=>{r({email:u.email,google:u.google,apple:u.apple,solana:u.solana,webauthn:u.webauthn,instantLink:u.instantLink}),s(u.googleClientId),C(u.appleClientId)}).catch(()=>{r(Je)}).finally(()=>{y(!1)})},[t,e,A]),{features:i,googleClientId:n,appleClientId:g,isLoading:I}}const Pe="cedros_tokens",Ve=6e4;class Ne{storage;requestedStorage;storageKey;tokens=null;expiresAt=0;refreshTimer=null;onRefreshNeeded=null;onSessionExpired=null;onRefreshError=null;isDestroyed=!1;sessionExpiredFired=!1;allowWebStorage;constructor(t="cookie",A=Pe,i={}){this.requestedStorage=t,this.storage=t,this.storageKey=A,this.allowWebStorage=i.allowWebStorage??!1,this.warnIfLocalStorage(),!this.allowWebStorage&&(this.requestedStorage==="localStorage"||this.requestedStorage==="sessionStorage")&&(this.storage="memory"),this.loadFromStorage()}warnIfLocalStorage(){if((this.requestedStorage==="localStorage"||this.requestedStorage==="sessionStorage")&&typeof console<"u"){const t=this.allowWebStorage?"":" (web storage disabled by default; set allowWebStorage=true to enable)";console.warn("[cedros-login] SECURITY: Using web storage for token storage. Tokens are vulnerable to XSS attacks."+t+" PRODUCTION RECOMMENDATIONS: (1) Use httpOnly cookie storage instead, (2) If web storage required: implement strict Content-Security-Policy, sanitize all input/output, audit third-party scripts. See https://owasp.org/www-community/attacks/xss/")}}setRefreshCallback(t){this.onRefreshNeeded=t,this.scheduleRefresh()}setSessionExpiredCallback(t){this.onSessionExpired=t}setRefreshErrorCallback(t){this.onRefreshError=t}setTokens(t){this.tokens=t,this.expiresAt=Date.now()+t.expiresIn*1e3,this.sessionExpiredFired=!1,this.saveToStorage(),this.scheduleRefresh()}getAccessToken(){if(this.isDestroyed)return null;const t=this.tokens?.accessToken;return t?Date.now()>=this.expiresAt?(this.clear(),this.fireSessionExpired(),null):t:null}getRefreshToken(){return this.tokens?.refreshToken??null}clear(){this.tokens=null,this.expiresAt=0,this.cancelRefresh(),this.clearStorage()}hasTokens(){return this.tokens!==null&&Date.now()<this.expiresAt}destroy(){this.isDestroyed=!0,this.cancelRefresh(),this.clearStorage(),this.onRefreshNeeded=null,this.onSessionExpired=null,this.onRefreshError=null,this.tokens=null}getTimeUntilExpiry(){return this.tokens?Math.max(0,this.expiresAt-Date.now()):0}fireSessionExpired(){this.sessionExpiredFired||(this.sessionExpiredFired=!0,this.onSessionExpired?.())}scheduleRefresh(){if(this.cancelRefresh(),!this.tokens||!this.onRefreshNeeded)return;const t=this.getTimeUntilExpiry(),A=Math.max(0,t-Ve);if(A<=0){if(this.isDestroyed)return;this.onRefreshNeeded().catch(i=>{if(this.isDestroyed)return;const r=i instanceof Error?i:new Error("Token refresh failed");this.onRefreshError?.(r),this.clear(),this.fireSessionExpired()});return}this.refreshTimer=setTimeout(()=>{this.isDestroyed||this.onRefreshNeeded?.().catch(i=>{if(this.isDestroyed)return;const r=i instanceof Error?i:new Error("Token refresh failed");this.onRefreshError?.(r),this.clear(),this.fireSessionExpired()})},A)}cancelRefresh(){this.refreshTimer&&(clearTimeout(this.refreshTimer),this.refreshTimer=null)}loadFromStorage(){if(this.storage!=="memory"&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage,A=t.getItem(this.storageKey);if(A){const i=JSON.parse(A);this.isValidStoredTokenData(i)?i.expiresAt>Date.now()?(this.tokens=i.tokens,this.expiresAt=i.expiresAt):t.removeItem(this.storageKey):t.removeItem(this.storageKey)}}}catch{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage;try{t.removeItem(this.storageKey)}catch{}}}}isValidStoredTokenData(t){if(typeof t!="object"||t===null)return!1;const A=t;if(typeof A.expiresAt!="number"||typeof A.tokens!="object"||A.tokens===null)return!1;const i=A.tokens;return!(typeof i.accessToken!="string"||typeof i.refreshToken!="string"||typeof i.expiresIn!="number")}saveToStorage(){if(!(this.storage==="memory"||!this.tokens)&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{if(this.storage==="localStorage"||this.storage==="sessionStorage"){const t=this.storage==="localStorage"?localStorage:sessionStorage,A={tokens:this.tokens,expiresAt:this.expiresAt};t.setItem(this.storageKey,JSON.stringify(A))}}catch{}}clearStorage(){if(this.storage!=="memory"&&!(typeof window>"u")&&!(!this.allowWebStorage&&(this.storage==="localStorage"||this.storage==="sessionStorage")))try{(this.storage==="localStorage"||this.storage==="sessionStorage")&&(this.storage==="localStorage"?localStorage:sessionStorage).removeItem(this.storageKey)}catch{}}}const Ye="cedros_auth_sync";class xe{channel=null;callback=null;boundHandler=null;constructor(){typeof window<"u"&&"BroadcastChannel"in window&&(this.channel=new BroadcastChannel(Ye),this.boundHandler=this.handleMessage.bind(this),this.channel.addEventListener("message",this.boundHandler))}handleMessage(t){const A=t.data;if(!(!A||typeof A!="object"||typeof A.type!="string")&&["login","logout","refresh"].includes(A.type)){if(A.type==="login"){const i=A;if(typeof i.user!="object"||i.user===null||typeof i.user.id!="string")return}this.callback?.(A)}}setCallback(t){this.callback=t}broadcastLogin(t){this.channel?.postMessage({type:"login",user:t})}broadcastLogout(){this.channel?.postMessage({type:"logout"})}broadcastRefresh(){this.channel?.postMessage({type:"refresh"})}close(){this.channel&&(this.boundHandler&&(this.channel.removeEventListener("message",this.boundHandler),this.boundHandler=null),this.channel.close(),this.channel=null),this.callback=null}}function j(e){if(typeof e!="object"||e===null)return!1;const t=e;if(typeof t.user!="object"||t.user===null)return!1;const A=t.user;return typeof A.id=="string"&&A.id.length>0}function Oe(e){if(typeof e!="object"||e===null)return!1;const t=e;return typeof t.accessToken=="string"&&t.accessToken.length>0&&typeof t.refreshToken=="string"&&t.refreshToken.length>0&&typeof t.expiresIn=="number"&&t.expiresIn>0}function ve({serverUrl:e,session:t,callbacks:A,requestTimeoutMs:i}){const[r,n]=o.useState(null),[s,g]=o.useState("idle"),C=o.useRef(null),I=o.useRef(null),y=o.useRef(A),p=o.useRef(!0),Q=o.useRef(null),u=o.useRef(()=>Promise.resolve()),m=o.useRef(()=>{});o.useEffect(()=>{y.current=A},[A]),o.useEffect(()=>(p.current=!0,()=>{p.current=!1}),[]);const B=o.useCallback(h=>{p.current&&n(h)},[]),d=o.useCallback(h=>{p.current&&g(h)},[]),f=o.useMemo(()=>({storage:t?.storage??"cookie",autoRefresh:t?.autoRefresh??!0,syncTabs:t?.syncTabs??!0,persistKey:t?.persistKey,allowWebStorage:t?.allowWebStorage??!1}),[t?.storage,t?.autoRefresh,t?.syncTabs,t?.persistKey,t?.allowWebStorage]);o.useEffect(()=>{const h=new Ne(f.storage,f.persistKey,{allowWebStorage:f.allowWebStorage});return C.current=h,f.autoRefresh&&h.setRefreshCallback(()=>u.current()),h.setSessionExpiredCallback(()=>m.current()),f.syncTabs&&(I.current=new xe),()=>{h.destroy(),C.current=null,I.current?.close()}},[f.storage,f.syncTabs,f.persistKey,f.allowWebStorage,f.autoRefresh]);const F=o.useCallback(async()=>{if(Q.current)return Q.current;const h=C.current?.getRefreshToken(),S=!!h,K=b.getCsrfToken(),H={};S&&(H["Content-Type"]="application/json"),K&&(H["X-CSRF-Token"]=K);let G,M;const J=new Promise((L,ee)=>{G=L,M=ee});Q.current=J,(async()=>{const L=new AbortController,ee=i??1e4,Ke=window.setTimeout(()=>L.abort(),ee);try{const O=await fetch(`${e}/refresh`,{method:"POST",headers:Object.keys(H).length>0?H:void 0,credentials:"include",body:S?JSON.stringify({refreshToken:h}):void 0,signal:L.signal});if(!O.ok)throw new Error("Token refresh failed");const te=await O.json();if(te.tokens){if(!Oe(te.tokens))throw new Error("Invalid token response structure");C.current?.setTokens(te.tokens)}else if(f.storage!=="cookie")throw new Error("Token refresh failed");I.current?.broadcastRefresh(),G()}catch(O){throw M(O),O}finally{window.clearTimeout(Ke)}})().catch(()=>{});try{await J}finally{Q.current=null}},[e,f.storage,i]),k=o.useCallback(()=>{if(f.storage==="cookie")return;const h=C.current?.getAccessToken();if(h)return{Authorization:`Bearer ${h}`}},[f.storage]),U=o.useCallback(()=>{C.current?.clear(),B(null),d("unauthenticated"),y.current?.onSessionExpired?.()},[d,B]);u.current=F,m.current=U;const E=o.useCallback(h=>{const S=new AbortController,K=i??1e4,H=window.setTimeout(()=>S.abort(),K),G={},M=k();M&&Object.assign(G,M);const J=b.getCsrfToken();return J&&(G["X-CSRF-Token"]=J),{promise:fetch(h,{credentials:"include",headers:Object.keys(G).length>0?G:void 0,signal:S.signal}),cleanup:()=>window.clearTimeout(H)}},[k,i]),l=o.useCallback(async()=>{const h=E(`${e}/user`);try{const S=await h.promise;if(S.ok){const K=await S.json();if(j(K)){B(K.user),d("authenticated");return}}if(S.status===401&&f.autoRefresh){try{await F()}catch{U();return}const K=E(`${e}/user`);try{const H=await K.promise;if(H.ok){const G=await H.json();if(j(G)){B(G.user),d("authenticated");return}}}finally{K.cleanup()}}B(null),d("unauthenticated")}catch{B(null),d("unauthenticated")}finally{h.cleanup()}},[e,f.autoRefresh,F,E,U,d,B]);o.useEffect(()=>{!I.current||!f.syncTabs||I.current.setCallback(h=>{switch(h.type){case"login":B(h.user),d("authenticated");break;case"logout":B(null),d("unauthenticated"),C.current?.clear();break;case"refresh":l();break;default:console.warn("[Cedros Login] Unhandled tab sync event:",h)}})},[f.syncTabs,l,d,B]),o.useEffect(()=>{const h=new AbortController,S=i??1e4,K=window.setTimeout(()=>h.abort(),S);return(async()=>{d("loading");try{const G=await fetch(`${e}/user`,{credentials:"include",headers:k(),signal:h.signal});if(G.ok){const M=await G.json();if(j(M)){B(M.user),d("authenticated");return}}if(G.status===401&&f.autoRefresh){try{await F()}catch{U();return}const M=await fetch(`${e}/user`,{credentials:"include",headers:k(),signal:h.signal});if(M.ok){const J=await M.json();if(j(J)){B(J.user),d("authenticated");return}}}B(null),d("unauthenticated")}catch{B(null),d("unauthenticated")}})(),()=>{window.clearTimeout(K),h.abort()}},[e,f.autoRefresh,F,k,U,d,B,i]);const a=o.useCallback((h,S)=>{B(h),d("authenticated"),S&&C.current?.setTokens(S),p.current&&I.current?.broadcastLogin(h)},[B,d]),c=o.useCallback(async()=>{const h=b.getCsrfToken(),S=new AbortController,K=i??1e4,H=window.setTimeout(()=>S.abort(),K);try{await fetch(`${e}/logout`,{method:"POST",headers:{...h?{"X-CSRF-Token":h}:{},...k()??{}},credentials:"include",signal:S.signal})}catch{}finally{window.clearTimeout(H),B(null),d("unauthenticated"),C.current?.clear(),I.current?.broadcastLogout(),y.current?.onLogout?.()}},[e,k,B,d,i]),w=o.useCallback(()=>C.current?.getAccessToken()??null,[]);return{user:r,authState:s,handleLoginSuccess:a,logout:c,refreshUser:l,getAccessToken:w}}const Be={mCost:19456,tCost:2,pCost:1};function Re(e){return e.length===16}function Te(e){if(e.length===16)return!0;if(e.length<18)return!1;const t=e[0];return t===0||t===1||t===128||t===8}function Le(e){return e.length===32}function Xe(e){return e.length===12}function We(e){return e.length>=16}function je(e){return e.length===32}function de(e){if(!Re(e))throw new Error(`Invalid seed length: expected 16, got ${e.length}`);return e}function Ze(e){if(!Te(e))throw new Error(`Invalid share length: expected >=16, got ${e.length}`);return e}function ce(e){if(!Le(e))throw new Error(`Invalid key length: expected 32, got ${e.length}`);return e}function qe(e){if(!Xe(e))throw new Error(`Invalid nonce length: expected 12, got ${e.length}`);return e}function _e(e){if(!We(e))throw new Error(`Invalid salt length: expected >=16, got ${e.length}`);return e}function $e(e){if(!je(e))throw new Error(`Invalid PRF salt length: expected 32, got ${e.length}`);return e}function Y(e){return new Uint8Array(e)}function _(e){if(typeof crypto>"u"||!crypto.getRandomValues)throw new Error("WebCrypto API not available. Secure random generation requires a modern browser.");const t=new Uint8Array(e);return crypto.getRandomValues(t),t}function ze(){return de(_(16))}function et(){return qe(_(12))}function tt(){return _e(_(16))}function Ee(){return $e(_(32))}function Ce(e){if(!(!e||e.length===0)){if(typeof globalThis.crypto?.getRandomValues=="function")globalThis.crypto.getRandomValues(e);else for(let t=0;t<e.length;t++)e[t]=t*90&255;e.fill(0)}}function At(...e){for(const t of e)t&&Ce(t)}async function it(e){return crypto.subtle.importKey("raw",Y(e),{name:"AES-GCM",length:256},!1,["encrypt","decrypt"])}async function rt(e,t,A){const i=A??et(),r=await it(t),n=await crypto.subtle.encrypt({name:"AES-GCM",iv:Y(i)},r,Y(e));return{ciphertext:new Uint8Array(n),nonce:i}}async function nt(e,t){const A=await rt(e,t);return{ciphertext:T(A.ciphertext),nonce:T(A.nonce)}}function T(e){const A=[];for(let i=0;i<e.length;i+=32768){const r=e.subarray(i,Math.min(i+32768,e.length));A.push(String.fromCharCode(...r))}return btoa(A.join(""))}function pe(e){let t;try{t=atob(e)}catch{throw new Error("Invalid base64 string: input is malformed or contains invalid characters")}const A=new Uint8Array(t.length);for(let i=0;i<t.length;i++)A[i]=t.charCodeAt(i);return A}async function ot(e,t,A,i=32){const r=await crypto.subtle.importKey("raw",Y(e),"HKDF",!1,["deriveBits"]),n=new TextEncoder().encode(A),s=await crypto.subtle.deriveBits({name:"HKDF",hash:"SHA-256",salt:Y(t??new Uint8Array(32)),info:Y(n)},r,i*8);return new Uint8Array(s)}async function st(e,t){const A=await ot(e,t,"cedros-wallet-share-b-encryption",32);return ce(A)}async function It(){try{const e=await crypto.subtle.importKey("raw",new Uint8Array(32),"HKDF",!1,["deriveBits"]);return await crypto.subtle.deriveBits({name:"HKDF",hash:"SHA-256",salt:new Uint8Array(32),info:new Uint8Array(0)},e,256),!0}catch{return!1}}function x(e,t,A,i){function r(n){return n instanceof A?n:new A(function(s){s(n)})}return new(A||(A=Promise))(function(n,s){function g(y){try{I(i.next(y))}catch(p){s(p)}}function C(y){try{I(i.throw(y))}catch(p){s(p)}}function I(y){y.done?n(y.value):r(y.value).then(g,C)}I((i=i.apply(e,[])).next())})}class D{constructor(){this.mutex=Promise.resolve()}lock(){let t=()=>{};return this.mutex=this.mutex.then(()=>new Promise(t)),new Promise(A=>{t=A})}dispatch(t){return x(this,void 0,void 0,function*(){const A=yield this.lock();try{return yield Promise.resolve(t())}finally{A()}})}}var ie;function at(){return typeof globalThis<"u"?globalThis:typeof self<"u"?self:typeof window<"u"?window:global}const ae=at(),re=(ie=ae.Buffer)!==null&&ie!==void 0?ie:null,gt=ae.TextEncoder?new ae.TextEncoder:null;function ye(e,t){return(e&15)+(e>>6|e>>3&8)<<4|(t&15)+(t>>6|t>>3&8)}function ke(e,t){const A=t.length>>1;for(let i=0;i<A;i++){const r=i<<1;e[i]=ye(t.charCodeAt(r),t.charCodeAt(r+1))}}function lt(e,t){if(e.length!==t.length*2)return!1;for(let A=0;A<t.length;A++){const i=A<<1;if(t[A]!==ye(e.charCodeAt(i),e.charCodeAt(i+1)))return!1}return!0}const he=87,ue=48;function ge(e,t,A){let i=0;for(let r=0;r<A;r++){let n=t[r]>>>4;e[i++]=n>9?n+he:n+ue,n=t[r]&15,e[i++]=n>9?n+he:n+ue}return String.fromCharCode.apply(null,e)}const N=re!==null?e=>{if(typeof e=="string"){const t=re.from(e,"utf8");return new Uint8Array(t.buffer,t.byteOffset,t.length)}if(re.isBuffer(e))return new Uint8Array(e.buffer,e.byteOffset,e.length);if(ArrayBuffer.isView(e))return new Uint8Array(e.buffer,e.byteOffset,e.byteLength);throw new Error("Invalid data type!")}:e=>{if(typeof e=="string")return gt.encode(e);if(ArrayBuffer.isView(e))return new Uint8Array(e.buffer,e.byteOffset,e.byteLength);throw new Error("Invalid data type!")},P="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",R=new Uint8Array(256);for(let e=0;e<P.length;e++)R[P.charCodeAt(e)]=e;function fe(e,t=!0){const A=e.length,i=A%3,r=[],n=A-i;for(let s=0;s<n;s+=3){const g=(e[s]<<16&16711680)+(e[s+1]<<8&65280)+(e[s+2]&255),C=P.charAt(g>>18&63)+P.charAt(g>>12&63)+P.charAt(g>>6&63)+P.charAt(g&63);r.push(C)}if(i===1){const s=e[A-1],g=P.charAt(s>>2),C=P.charAt(s<<4&63);r.push(`${g}${C}`),t&&r.push("==")}else if(i===2){const s=(e[A-2]<<8)+e[A-1],g=P.charAt(s>>10),C=P.charAt(s>>4&63),I=P.charAt(s<<2&63);r.push(`${g}${C}${I}`),t&&r.push("=")}return r.join("")}function ct(e){let t=Math.floor(e.length*.75);const A=e.length;return e[A-1]==="="&&(t-=1,e[A-2]==="="&&(t-=1)),t}function Ct(e){const t=ct(e),A=e.length,i=new Uint8Array(t);let r=0;for(let n=0;n<A;n+=4){const s=R[e.charCodeAt(n)],g=R[e.charCodeAt(n+1)],C=R[e.charCodeAt(n+2)],I=R[e.charCodeAt(n+3)];i[r]=s<<2|g>>4,r+=1,i[r]=(g&15)<<4|C>>2,r+=1,i[r]=(C&3)<<6|I&63,r+=1}return i}const Z=16*1024,v=4,ht=new D,ne=new Map;function Se(e,t){return x(this,void 0,void 0,function*(){let A=null,i=null,r=!1;if(typeof WebAssembly>"u")throw new Error("WebAssembly is not supported in this environment!");const n=(l,a=0)=>{i.set(l,a)},s=()=>i,g=()=>A.exports,C=l=>{A.exports.Hash_SetMemorySize(l);const a=A.exports.Hash_GetBuffer(),c=A.exports.memory.buffer;i=new Uint8Array(c,a,l)},I=()=>new DataView(A.exports.memory.buffer).getUint32(A.exports.STATE_SIZE,!0),y=ht.dispatch(()=>x(this,void 0,void 0,function*(){if(!ne.has(e.name)){const a=Ct(e.data),c=WebAssembly.compile(a);ne.set(e.name,c)}const l=yield ne.get(e.name);A=yield WebAssembly.instantiate(l,{})})),p=()=>x(this,void 0,void 0,function*(){A||(yield y);const l=A.exports.Hash_GetBuffer(),a=A.exports.memory.buffer;i=new Uint8Array(a,l,Z)}),Q=(l=null)=>{r=!0,A.exports.Hash_Init(l)},u=l=>{let a=0;for(;a<l.length;){const c=l.subarray(a,a+Z);a+=c.length,i.set(c),A.exports.Hash_Update(c.length)}},m=l=>{if(!r)throw new Error("update() called before init()");const a=N(l);u(a)},B=new Uint8Array(t*2),d=(l,a=null)=>{if(!r)throw new Error("digest() called before init()");return r=!1,A.exports.Hash_Final(a),l==="binary"?i.slice(0,t):ge(B,i,t)},f=()=>{if(!r)throw new Error("save() can only be called after init() and before digest()");const l=A.exports.Hash_GetState(),a=I(),c=A.exports.memory.buffer,w=new Uint8Array(c,l,a),h=new Uint8Array(v+a);return ke(h,e.hash),h.set(w,v),h},F=l=>{if(!(l instanceof Uint8Array))throw new Error("load() expects an Uint8Array generated by save()");const a=A.exports.Hash_GetState(),c=I(),w=v+c,h=A.exports.memory.buffer;if(l.length!==w)throw new Error(`Bad state length (expected ${w} bytes, got ${l.length})`);if(!lt(e.hash,l.subarray(0,v)))throw new Error("This state was written by an incompatible hash implementation");const S=l.subarray(v);new Uint8Array(h,a,c).set(S),r=!0},k=l=>typeof l=="string"?l.length<Z/4:l.byteLength<Z;let U=k;switch(e.name){case"argon2":case"scrypt":U=()=>!0;break;case"blake2b":case"blake2s":U=(l,a)=>a<=512&&k(l);break;case"blake3":U=(l,a)=>a===0&&k(l);break;case"xxhash64":case"xxhash3":case"xxhash128":case"crc64":U=()=>!1;break}const E=(l,a=null,c=null)=>{if(!U(l,a))return Q(a),m(l),d("hex",c);const w=N(l);return i.set(w),A.exports.Hash_Calculate(w.length,a,c),ge(B,i,t)};return yield p(),{getMemory:s,writeMemory:n,getExports:g,setMemorySize:C,init:Q,update:m,digest:d,save:f,load:F,calculate:E,hashLength:t}})}new D;var ut="argon2",ft="AGFzbQEAAAABKQVgAX8Bf2AAAX9gEH9/f39/f39/f39/f39/f38AYAR/f39/AGACf38AAwYFAAECAwQFBgEBAoCAAgYIAX8BQZCoBAsHQQQGbWVtb3J5AgASSGFzaF9TZXRNZW1vcnlTaXplAAAOSGFzaF9HZXRCdWZmZXIAAQ5IYXNoX0NhbGN1bGF0ZQAECvEyBVgBAn9BACEBAkAgAEEAKAKICCICRg0AAkAgACACayIAQRB2IABBgIB8cSAASWoiAEAAQX9HDQBB/wHADwtBACEBQQBBACkDiAggAEEQdK18NwOICAsgAcALcAECfwJAQQAoAoAIIgANAEEAPwBBEHQiADYCgAhBACgCiAgiAUGAgCBGDQACQEGAgCAgAWsiAEEQdiAAQYCAfHEgAElqIgBAAEF/Rw0AQQAPC0EAQQApA4gIIABBEHStfDcDiAhBACgCgAghAAsgAAvcDgECfiAAIAQpAwAiECAAKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAMIBAgDCkDAIVCIIkiEDcDACAIIBAgCCkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgBCAQIAQpAwCFQiiJIhA3AwAgACAQIAApAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAwgECAMKQMAhUIwiSIQNwMAIAggECAIKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAEIBAgBCkDAIVCAYk3AwAgASAFKQMAIhAgASkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDSAQIA0pAwCFQiCJIhA3AwAgCSAQIAkpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAUgECAFKQMAhUIoiSIQNwMAIAEgECABKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACANIBAgDSkDAIVCMIkiEDcDACAJIBAgCSkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBSAQIAUpAwCFQgGJNwMAIAIgBikDACIQIAIpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIA4gECAOKQMAhUIgiSIQNwMAIAogECAKKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAGIBAgBikDAIVCKIkiEDcDACACIBAgAikDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgDiAQIA4pAwCFQjCJIhA3AwAgCiAQIAopAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAYgECAGKQMAhUIBiTcDACADIAcpAwAiECADKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAPIBAgDykDAIVCIIkiEDcDACALIBAgCykDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgByAQIAcpAwCFQiiJIhA3AwAgAyAQIAMpAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIA8gECAPKQMAhUIwiSIQNwMAIAsgECALKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAHIBAgBykDAIVCAYk3AwAgACAFKQMAIhAgACkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDyAQIA8pAwCFQiCJIhA3AwAgCiAQIAopAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAUgECAFKQMAhUIoiSIQNwMAIAAgECAAKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAPIBAgDykDAIVCMIkiEDcDACAKIBAgCikDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBSAQIAUpAwCFQgGJNwMAIAEgBikDACIQIAEpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAwgECAMKQMAhUIgiSIQNwMAIAsgECALKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACAGIBAgBikDAIVCKIkiEDcDACABIBAgASkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgDCAQIAwpAwCFQjCJIhA3AwAgCyAQIAspAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIAYgECAGKQMAhUIBiTcDACACIAcpAwAiECACKQMAIhF8IBFCAYZC/v///x+DIBBC/////w+DfnwiEDcDACANIBAgDSkDAIVCIIkiEDcDACAIIBAgCCkDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgByAQIAcpAwCFQiiJIhA3AwAgAiAQIAIpAwAiEXwgEEL/////D4MgEUIBhkL+////H4N+fCIQNwMAIA0gECANKQMAhUIwiSIQNwMAIAggECAIKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAHIBAgBykDAIVCAYk3AwAgAyAEKQMAIhAgAykDACIRfCARQgGGQv7///8fgyAQQv////8Pg358IhA3AwAgDiAQIA4pAwCFQiCJIhA3AwAgCSAQIAkpAwAiEXwgEUIBhkL+////H4MgEEL/////D4N+fCIQNwMAIAQgECAEKQMAhUIoiSIQNwMAIAMgECADKQMAIhF8IBBC/////w+DIBFCAYZC/v///x+DfnwiEDcDACAOIBAgDikDAIVCMIkiEDcDACAJIBAgCSkDACIRfCAQQv////8PgyARQgGGQv7///8fg358IhA3AwAgBCAQIAQpAwCFQgGJNwMAC98aAQN/QQAhBEEAIAIpAwAgASkDAIU3A5AIQQAgAikDCCABKQMIhTcDmAhBACACKQMQIAEpAxCFNwOgCEEAIAIpAxggASkDGIU3A6gIQQAgAikDICABKQMghTcDsAhBACACKQMoIAEpAyiFNwO4CEEAIAIpAzAgASkDMIU3A8AIQQAgAikDOCABKQM4hTcDyAhBACACKQNAIAEpA0CFNwPQCEEAIAIpA0ggASkDSIU3A9gIQQAgAikDUCABKQNQhTcD4AhBACACKQNYIAEpA1iFNwPoCEEAIAIpA2AgASkDYIU3A/AIQQAgAikDaCABKQNohTcD+AhBACACKQNwIAEpA3CFNwOACUEAIAIpA3ggASkDeIU3A4gJQQAgAikDgAEgASkDgAGFNwOQCUEAIAIpA4gBIAEpA4gBhTcDmAlBACACKQOQASABKQOQAYU3A6AJQQAgAikDmAEgASkDmAGFNwOoCUEAIAIpA6ABIAEpA6ABhTcDsAlBACACKQOoASABKQOoAYU3A7gJQQAgAikDsAEgASkDsAGFNwPACUEAIAIpA7gBIAEpA7gBhTcDyAlBACACKQPAASABKQPAAYU3A9AJQQAgAikDyAEgASkDyAGFNwPYCUEAIAIpA9ABIAEpA9ABhTcD4AlBACACKQPYASABKQPYAYU3A+gJQQAgAikD4AEgASkD4AGFNwPwCUEAIAIpA+gBIAEpA+gBhTcD+AlBACACKQPwASABKQPwAYU3A4AKQQAgAikD+AEgASkD+AGFNwOICkEAIAIpA4ACIAEpA4AChTcDkApBACACKQOIAiABKQOIAoU3A5gKQQAgAikDkAIgASkDkAKFNwOgCkEAIAIpA5gCIAEpA5gChTcDqApBACACKQOgAiABKQOgAoU3A7AKQQAgAikDqAIgASkDqAKFNwO4CkEAIAIpA7ACIAEpA7AChTcDwApBACACKQO4AiABKQO4AoU3A8gKQQAgAikDwAIgASkDwAKFNwPQCkEAIAIpA8gCIAEpA8gChTcD2ApBACACKQPQAiABKQPQAoU3A+AKQQAgAikD2AIgASkD2AKFNwPoCkEAIAIpA+ACIAEpA+AChTcD8ApBACACKQPoAiABKQPoAoU3A/gKQQAgAikD8AIgASkD8AKFNwOAC0EAIAIpA/gCIAEpA/gChTcDiAtBACACKQOAAyABKQOAA4U3A5ALQQAgAikDiAMgASkDiAOFNwOYC0EAIAIpA5ADIAEpA5ADhTcDoAtBACACKQOYAyABKQOYA4U3A6gLQQAgAikDoAMgASkDoAOFNwOwC0EAIAIpA6gDIAEpA6gDhTcDuAtBACACKQOwAyABKQOwA4U3A8ALQQAgAikDuAMgASkDuAOFNwPIC0EAIAIpA8ADIAEpA8ADhTcD0AtBACACKQPIAyABKQPIA4U3A9gLQQAgAikD0AMgASkD0AOFNwPgC0EAIAIpA9gDIAEpA9gDhTcD6AtBACACKQPgAyABKQPgA4U3A/ALQQAgAikD6AMgASkD6AOFNwP4C0EAIAIpA/ADIAEpA/ADhTcDgAxBACACKQP4AyABKQP4A4U3A4gMQQAgAikDgAQgASkDgASFNwOQDEEAIAIpA4gEIAEpA4gEhTcDmAxBACACKQOQBCABKQOQBIU3A6AMQQAgAikDmAQgASkDmASFNwOoDEEAIAIpA6AEIAEpA6AEhTcDsAxBACACKQOoBCABKQOoBIU3A7gMQQAgAikDsAQgASkDsASFNwPADEEAIAIpA7gEIAEpA7gEhTcDyAxBACACKQPABCABKQPABIU3A9AMQQAgAikDyAQgASkDyASFNwPYDEEAIAIpA9AEIAEpA9AEhTcD4AxBACACKQPYBCABKQPYBIU3A+gMQQAgAikD4AQgASkD4ASFNwPwDEEAIAIpA+gEIAEpA+gEhTcD+AxBACACKQPwBCABKQPwBIU3A4ANQQAgAikD+AQgASkD+ASFNwOIDUEAIAIpA4AFIAEpA4AFhTcDkA1BACACKQOIBSABKQOIBYU3A5gNQQAgAikDkAUgASkDkAWFNwOgDUEAIAIpA5gFIAEpA5gFhTcDqA1BACACKQOgBSABKQOgBYU3A7ANQQAgAikDqAUgASkDqAWFNwO4DUEAIAIpA7AFIAEpA7AFhTcDwA1BACACKQO4BSABKQO4BYU3A8gNQQAgAikDwAUgASkDwAWFNwPQDUEAIAIpA8gFIAEpA8gFhTcD2A1BACACKQPQBSABKQPQBYU3A+ANQQAgAikD2AUgASkD2AWFNwPoDUEAIAIpA+AFIAEpA+AFhTcD8A1BACACKQPoBSABKQPoBYU3A/gNQQAgAikD8AUgASkD8AWFNwOADkEAIAIpA/gFIAEpA/gFhTcDiA5BACACKQOABiABKQOABoU3A5AOQQAgAikDiAYgASkDiAaFNwOYDkEAIAIpA5AGIAEpA5AGhTcDoA5BACACKQOYBiABKQOYBoU3A6gOQQAgAikDoAYgASkDoAaFNwOwDkEAIAIpA6gGIAEpA6gGhTcDuA5BACACKQOwBiABKQOwBoU3A8AOQQAgAikDuAYgASkDuAaFNwPIDkEAIAIpA8AGIAEpA8AGhTcD0A5BACACKQPIBiABKQPIBoU3A9gOQQAgAikD0AYgASkD0AaFNwPgDkEAIAIpA9gGIAEpA9gGhTcD6A5BACACKQPgBiABKQPgBoU3A/AOQQAgAikD6AYgASkD6AaFNwP4DkEAIAIpA/AGIAEpA/AGhTcDgA9BACACKQP4BiABKQP4BoU3A4gPQQAgAikDgAcgASkDgAeFNwOQD0EAIAIpA4gHIAEpA4gHhTcDmA9BACACKQOQByABKQOQB4U3A6APQQAgAikDmAcgASkDmAeFNwOoD0EAIAIpA6AHIAEpA6AHhTcDsA9BACACKQOoByABKQOoB4U3A7gPQQAgAikDsAcgASkDsAeFNwPAD0EAIAIpA7gHIAEpA7gHhTcDyA9BACACKQPAByABKQPAB4U3A9APQQAgAikDyAcgASkDyAeFNwPYD0EAIAIpA9AHIAEpA9AHhTcD4A9BACACKQPYByABKQPYB4U3A+gPQQAgAikD4AcgASkD4AeFNwPwD0EAIAIpA+gHIAEpA+gHhTcD+A9BACACKQPwByABKQPwB4U3A4AQQQAgAikD+AcgASkD+AeFNwOIEEGQCEGYCEGgCEGoCEGwCEG4CEHACEHICEHQCEHYCEHgCEHoCEHwCEH4CEGACUGICRACQZAJQZgJQaAJQagJQbAJQbgJQcAJQcgJQdAJQdgJQeAJQegJQfAJQfgJQYAKQYgKEAJBkApBmApBoApBqApBsApBuApBwApByApB0ApB2ApB4ApB6ApB8ApB+ApBgAtBiAsQAkGQC0GYC0GgC0GoC0GwC0G4C0HAC0HIC0HQC0HYC0HgC0HoC0HwC0H4C0GADEGIDBACQZAMQZgMQaAMQagMQbAMQbgMQcAMQcgMQdAMQdgMQeAMQegMQfAMQfgMQYANQYgNEAJBkA1BmA1BoA1BqA1BsA1BuA1BwA1ByA1B0A1B2A1B4A1B6A1B8A1B+A1BgA5BiA4QAkGQDkGYDkGgDkGoDkGwDkG4DkHADkHIDkHQDkHYDkHgDkHoDkHwDkH4DkGAD0GIDxACQZAPQZgPQaAPQagPQbAPQbgPQcAPQcgPQdAPQdgPQeAPQegPQfAPQfgPQYAQQYgQEAJBkAhBmAhBkAlBmAlBkApBmApBkAtBmAtBkAxBmAxBkA1BmA1BkA5BmA5BkA9BmA8QAkGgCEGoCEGgCUGoCUGgCkGoCkGgC0GoC0GgDEGoDEGgDUGoDUGgDkGoDkGgD0GoDxACQbAIQbgIQbAJQbgJQbAKQbgKQbALQbgLQbAMQbgMQbANQbgNQbAOQbgOQbAPQbgPEAJBwAhByAhBwAlByAlBwApByApBwAtByAtBwAxByAxBwA1ByA1BwA5ByA5BwA9ByA8QAkHQCEHYCEHQCUHYCUHQCkHYCkHQC0HYC0HQDEHYDEHQDUHYDUHQDkHYDkHQD0HYDxACQeAIQegIQeAJQegJQeAKQegKQeALQegLQeAMQegMQeANQegNQeAOQegOQeAPQegPEAJB8AhB+AhB8AlB+AlB8ApB+ApB8AtB+AtB8AxB+AxB8A1B+A1B8A5B+A5B8A9B+A8QAkGACUGICUGACkGICkGAC0GIC0GADEGIDEGADUGIDUGADkGIDkGAD0GID0GAEEGIEBACAkACQCADRQ0AA0AgACAEaiIDIAIgBGoiBSkDACABIARqIgYpAwCFIARBkAhqKQMAhSADKQMAhTcDACADQQhqIgMgBUEIaikDACAGQQhqKQMAhSAEQZgIaikDAIUgAykDAIU3AwAgBEEQaiIEQYAIRw0ADAILC0EAIQQDQCAAIARqIgMgAiAEaiIFKQMAIAEgBGoiBikDAIUgBEGQCGopAwCFNwMAIANBCGogBUEIaikDACAGQQhqKQMAhSAEQZgIaikDAIU3AwAgBEEQaiIEQYAIRw0ACwsL5QcMBX8BfgR/An4BfwF+AX8Bfgd/AX4DfwF+AkBBACgCgAgiAiABQQp0aiIDKAIIIAFHDQAgAygCDCEEIAMoAgAhBUEAIAMoAhQiBq03A7gQQQAgBK0iBzcDsBBBACAFIAEgBUECdG4iCGwiCUECdK03A6gQAkACQAJAAkAgBEUNAEF/IQogBUUNASAIQQNsIQsgCEECdCIErSEMIAWtIQ0gBkF/akECSSEOQgAhDwNAQQAgDzcDkBAgD6chEEIAIRFBACEBA0BBACARNwOgECAPIBGEUCIDIA5xIRIgBkEBRiAPUCITIAZBAkYgEUICVHFxciEUQX8gAUEBakEDcSAIbEF/aiATGyEVIAEgEHIhFiABIAhsIRcgA0EBdCEYQgAhGQNAQQBCADcDwBBBACAZNwOYECAYIQECQCASRQ0AQQBCATcDwBBBkBhBkBBBkCBBABADQZAYQZAYQZAgQQAQA0ECIQELAkAgASAITw0AIAQgGaciGmwgF2ogAWohAwNAIANBACAEIAEbQQAgEVAiGxtqQX9qIRwCQAJAIBQNAEEAKAKACCICIBxBCnQiHGohCgwBCwJAIAFB/wBxIgINAEEAQQApA8AQQgF8NwPAEEGQGEGQEEGQIEEAEANBkBhBkBhBkCBBABADCyAcQQp0IRwgAkEDdEGQGGohCkEAKAKACCECCyACIANBCnRqIAIgHGogAiAKKQMAIh1CIIinIAVwIBogFhsiHCAEbCABIAFBACAZIBytUSIcGyIKIBsbIBdqIAogC2ogExsgAUUgHHJrIhsgFWqtIB1C/////w+DIh0gHX5CIIggG61+QiCIfSAMgqdqQQp0akEBEAMgA0EBaiEDIAggAUEBaiIBRw0ACwsgGUIBfCIZIA1SDQALIBFCAXwiEachASARQgRSDQALIA9CAXwiDyAHUg0AC0EAKAKACCECCyAJQQx0QYB4aiEXIAVBf2oiCkUNAgwBC0EAQgM3A6AQQQAgBEF/aq03A5AQQYB4IRcLIAIgF2ohGyAIQQx0IQhBACEcA0AgCCAcQQFqIhxsQYB4aiEEQQAhAQNAIBsgAWoiAyADKQMAIAIgBCABamopAwCFNwMAIANBCGoiAyADKQMAIAIgBCABQQhyamopAwCFNwMAIAFBCGohAyABQRBqIQEgA0H4B0kNAAsgHCAKRw0ACwsgAiAXaiEbQXghAQNAIAIgAWoiA0EIaiAbIAFqIgRBCGopAwA3AwAgA0EQaiAEQRBqKQMANwMAIANBGGogBEEYaikDADcDACADQSBqIARBIGopAwA3AwAgAUEgaiIBQfgHSQ0ACwsL",wt="e4cdc523",Qt={name:ut,data:ft,hash:wt},Bt="blake2b",dt="AGFzbQEAAAABEQRgAAF/YAJ/fwBgAX8AYAAAAwoJAAECAwECAgABBQQBAQICBg4CfwFBsIsFC38AQYAICwdwCAZtZW1vcnkCAA5IYXNoX0dldEJ1ZmZlcgAACkhhc2hfRmluYWwAAwlIYXNoX0luaXQABQtIYXNoX1VwZGF0ZQAGDUhhc2hfR2V0U3RhdGUABw5IYXNoX0NhbGN1bGF0ZQAIClNUQVRFX1NJWkUDAQrTOAkFAEGACQvrAgIFfwF+AkAgAUEBSA0AAkACQAJAIAFBgAFBACgC4IoBIgJrIgNKDQAgASEEDAELQQBBADYC4IoBAkAgAkH/AEoNACACQeCJAWohBSAAIQRBACEGA0AgBSAELQAAOgAAIARBAWohBCAFQQFqIQUgAyAGQQFqIgZB/wFxSg0ACwtBAEEAKQPAiQEiB0KAAXw3A8CJAUEAQQApA8iJASAHQv9+Vq18NwPIiQFB4IkBEAIgACADaiEAAkAgASADayIEQYEBSA0AIAIgAWohBQNAQQBBACkDwIkBIgdCgAF8NwPAiQFBAEEAKQPIiQEgB0L/flatfDcDyIkBIAAQAiAAQYABaiEAIAVBgH9qIgVBgAJLDQALIAVBgH9qIQQMAQsgBEEATA0BC0EAIQUDQCAFQQAoAuCKAWpB4IkBaiAAIAVqLQAAOgAAIAQgBUEBaiIFQf8BcUoNAAsLQQBBACgC4IoBIARqNgLgigELC78uASR+QQBBACkD0IkBQQApA7CJASIBQQApA5CJAXwgACkDICICfCIDhULr+obav7X2wR+FQiCJIgRCq/DT9K/uvLc8fCIFIAGFQiiJIgYgA3wgACkDKCIBfCIHIASFQjCJIgggBXwiCSAGhUIBiSIKQQApA8iJAUEAKQOoiQEiBEEAKQOIiQF8IAApAxAiA3wiBYVCn9j52cKR2oKbf4VCIIkiC0K7zqqm2NDrs7t/fCIMIASFQiiJIg0gBXwgACkDGCIEfCIOfCAAKQNQIgV8Ig9BACkDwIkBQQApA6CJASIQQQApA4CJASIRfCAAKQMAIgZ8IhKFQtGFmu/6z5SH0QCFQiCJIhNCiJLznf/M+YTqAHwiFCAQhUIoiSIVIBJ8IAApAwgiEHwiFiAThUIwiSIXhUIgiSIYQQApA9iJAUEAKQO4iQEiE0EAKQOYiQF8IAApAzAiEnwiGYVC+cL4m5Gjs/DbAIVCIIkiGkLx7fT4paf9p6V/fCIbIBOFQiiJIhwgGXwgACkDOCITfCIZIBqFQjCJIhogG3wiG3wiHSAKhUIoiSIeIA98IAApA1giCnwiDyAYhUIwiSIYIB18Ih0gDiALhUIwiSIOIAx8Ih8gDYVCAYkiDCAWfCAAKQNAIgt8Ig0gGoVCIIkiFiAJfCIaIAyFQiiJIiAgDXwgACkDSCIJfCIhIBaFQjCJIhYgGyAchUIBiSIMIAd8IAApA2AiB3wiDSAOhUIgiSIOIBcgFHwiFHwiFyAMhUIoiSIbIA18IAApA2giDHwiHCAOhUIwiSIOIBd8IhcgG4VCAYkiGyAZIBQgFYVCAYkiFHwgACkDcCINfCIVIAiFQiCJIhkgH3wiHyAUhUIoiSIUIBV8IAApA3giCHwiFXwgDHwiIoVCIIkiI3wiJCAbhUIoiSIbICJ8IBJ8IiIgFyAYIBUgGYVCMIkiFSAffCIZIBSFQgGJIhQgIXwgDXwiH4VCIIkiGHwiFyAUhUIoiSIUIB98IAV8Ih8gGIVCMIkiGCAXfCIXIBSFQgGJIhR8IAF8IiEgFiAafCIWIBUgHSAehUIBiSIaIBx8IAl8IhyFQiCJIhV8Ih0gGoVCKIkiGiAcfCAIfCIcIBWFQjCJIhWFQiCJIh4gGSAOIBYgIIVCAYkiFiAPfCACfCIPhUIgiSIOfCIZIBaFQiiJIhYgD3wgC3wiDyAOhUIwiSIOIBl8Ihl8IiAgFIVCKIkiFCAhfCAEfCIhIB6FQjCJIh4gIHwiICAiICOFQjCJIiIgJHwiIyAbhUIBiSIbIBx8IAp8IhwgDoVCIIkiDiAXfCIXIBuFQiiJIhsgHHwgE3wiHCAOhUIwiSIOIBkgFoVCAYkiFiAffCAQfCIZICKFQiCJIh8gFSAdfCIVfCIdIBaFQiiJIhYgGXwgB3wiGSAfhUIwiSIfIB18Ih0gFoVCAYkiFiAVIBqFQgGJIhUgD3wgBnwiDyAYhUIgiSIYICN8IhogFYVCKIkiFSAPfCADfCIPfCAHfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgBnwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAOIBd8Ig4gDyAYhUIwiSIPICAgFIVCAYkiFCAZfCAKfCIXhUIgiSIYfCIZIBSFQiiJIhQgF3wgC3wiF3wgBXwiICAPIBp8Ig8gHyAOIBuFQgGJIg4gIXwgCHwiGoVCIIkiG3wiHyAOhUIoiSIOIBp8IAx8IhogG4VCMIkiG4VCIIkiISAdIB4gDyAVhUIBiSIPIBx8IAF8IhWFQiCJIhx8Ih0gD4VCKIkiDyAVfCADfCIVIByFQjCJIhwgHXwiHXwiHiAWhUIoiSIWICB8IA18IiAgIYVCMIkiISAefCIeIBogFyAYhUIwiSIXIBl8IhggFIVCAYkiFHwgCXwiGSAchUIgiSIaICR8IhwgFIVCKIkiFCAZfCACfCIZIBqFQjCJIhogHSAPhUIBiSIPICJ8IAR8Ih0gF4VCIIkiFyAbIB98Iht8Ih8gD4VCKIkiDyAdfCASfCIdIBeFQjCJIhcgH3wiHyAPhUIBiSIPIBsgDoVCAYkiDiAVfCATfCIVICOFQiCJIhsgGHwiGCAOhUIoiSIOIBV8IBB8IhV8IAx8IiKFQiCJIiN8IiQgD4VCKIkiDyAifCAHfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBogHHwiGiAVIBuFQjCJIhUgHiAWhUIBiSIWIB18IAR8IhuFQiCJIhx8Ih0gFoVCKIkiFiAbfCAQfCIbfCABfCIeIBUgGHwiFSAXIBogFIVCAYkiFCAgfCATfCIYhUIgiSIXfCIaIBSFQiiJIhQgGHwgCXwiGCAXhUIwiSIXhUIgiSIgIB8gISAVIA6FQgGJIg4gGXwgCnwiFYVCIIkiGXwiHyAOhUIoiSIOIBV8IA18IhUgGYVCMIkiGSAffCIffCIhIA+FQiiJIg8gHnwgBXwiHiAghUIwiSIgICF8IiEgGyAchUIwiSIbIB18IhwgFoVCAYkiFiAYfCADfCIYIBmFQiCJIhkgJHwiHSAWhUIoiSIWIBh8IBJ8IhggGYVCMIkiGSAfIA6FQgGJIg4gInwgAnwiHyAbhUIgiSIbIBcgGnwiF3wiGiAOhUIoiSIOIB98IAZ8Ih8gG4VCMIkiGyAafCIaIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAh8IhUgI4VCIIkiFyAcfCIcIBSFQiiJIhQgFXwgC3wiFXwgBXwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IAh8IiIgGiAgIBUgF4VCMIkiFSAcfCIXIBSFQgGJIhQgGHwgCXwiGIVCIIkiHHwiGiAUhUIoiSIUIBh8IAZ8IhggHIVCMIkiHCAafCIaIBSFQgGJIhR8IAR8IiAgGSAdfCIZIBUgISAPhUIBiSIPIB98IAN8Ih2FQiCJIhV8Ih8gD4VCKIkiDyAdfCACfCIdIBWFQjCJIhWFQiCJIiEgFyAbIBkgFoVCAYkiFiAefCABfCIZhUIgiSIbfCIXIBaFQiiJIhYgGXwgE3wiGSAbhUIwiSIbIBd8Ihd8Ih4gFIVCKIkiFCAgfCAMfCIgICGFQjCJIiEgHnwiHiAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIB18IBJ8Ih0gG4VCIIkiGyAafCIaIA6FQiiJIg4gHXwgC3wiHSAbhUIwiSIbIBcgFoVCAYkiFiAYfCANfCIXICKFQiCJIhggFSAffCIVfCIfIBaFQiiJIhYgF3wgEHwiFyAYhUIwiSIYIB98Ih8gFoVCAYkiFiAVIA+FQgGJIg8gGXwgCnwiFSAchUIgiSIZICN8IhwgD4VCKIkiDyAVfCAHfCIVfCASfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgBXwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAbIBp8IhogFSAZhUIwiSIVIB4gFIVCAYkiFCAXfCADfCIXhUIgiSIZfCIbIBSFQiiJIhQgF3wgB3wiF3wgAnwiHiAVIBx8IhUgGCAaIA6FQgGJIg4gIHwgC3wiGoVCIIkiGHwiHCAOhUIoiSIOIBp8IAR8IhogGIVCMIkiGIVCIIkiICAfICEgFSAPhUIBiSIPIB18IAZ8IhWFQiCJIh18Ih8gD4VCKIkiDyAVfCAKfCIVIB2FQjCJIh0gH3wiH3wiISAWhUIoiSIWIB58IAx8Ih4gIIVCMIkiICAhfCIhIBogFyAZhUIwiSIXIBt8IhkgFIVCAYkiFHwgEHwiGiAdhUIgiSIbICR8Ih0gFIVCKIkiFCAafCAJfCIaIBuFQjCJIhsgHyAPhUIBiSIPICJ8IBN8Ih8gF4VCIIkiFyAYIBx8Ihh8IhwgD4VCKIkiDyAffCABfCIfIBeFQjCJIhcgHHwiHCAPhUIBiSIPIBggDoVCAYkiDiAVfCAIfCIVICOFQiCJIhggGXwiGSAOhUIoiSIOIBV8IA18IhV8IA18IiKFQiCJIiN8IiQgD4VCKIkiDyAifCAMfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBsgHXwiGyAVIBiFQjCJIhUgISAWhUIBiSIWIB98IBB8IhiFQiCJIh18Ih8gFoVCKIkiFiAYfCAIfCIYfCASfCIhIBUgGXwiFSAXIBsgFIVCAYkiFCAefCAHfCIZhUIgiSIXfCIbIBSFQiiJIhQgGXwgAXwiGSAXhUIwiSIXhUIgiSIeIBwgICAVIA6FQgGJIg4gGnwgAnwiFYVCIIkiGnwiHCAOhUIoiSIOIBV8IAV8IhUgGoVCMIkiGiAcfCIcfCIgIA+FQiiJIg8gIXwgBHwiISAehUIwiSIeICB8IiAgGCAdhUIwiSIYIB98Ih0gFoVCAYkiFiAZfCAGfCIZIBqFQiCJIhogJHwiHyAWhUIoiSIWIBl8IBN8IhkgGoVCMIkiGiAcIA6FQgGJIg4gInwgCXwiHCAYhUIgiSIYIBcgG3wiF3wiGyAOhUIoiSIOIBx8IAN8IhwgGIVCMIkiGCAbfCIbIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAt8IhUgI4VCIIkiFyAdfCIdIBSFQiiJIhQgFXwgCnwiFXwgBHwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IAl8IiIgGyAeIBUgF4VCMIkiFSAdfCIXIBSFQgGJIhQgGXwgDHwiGYVCIIkiHXwiGyAUhUIoiSIUIBl8IAp8IhkgHYVCMIkiHSAbfCIbIBSFQgGJIhR8IAN8Ih4gGiAffCIaIBUgICAPhUIBiSIPIBx8IAd8IhyFQiCJIhV8Ih8gD4VCKIkiDyAcfCAQfCIcIBWFQjCJIhWFQiCJIiAgFyAYIBogFoVCAYkiFiAhfCATfCIahUIgiSIYfCIXIBaFQiiJIhYgGnwgDXwiGiAYhUIwiSIYIBd8Ihd8IiEgFIVCKIkiFCAefCAFfCIeICCFQjCJIiAgIXwiISAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIBx8IAt8IhwgGIVCIIkiGCAbfCIbIA6FQiiJIg4gHHwgEnwiHCAYhUIwiSIYIBcgFoVCAYkiFiAZfCABfCIXICKFQiCJIhkgFSAffCIVfCIfIBaFQiiJIhYgF3wgBnwiFyAZhUIwiSIZIB98Ih8gFoVCAYkiFiAVIA+FQgGJIg8gGnwgCHwiFSAdhUIgiSIaICN8Ih0gD4VCKIkiDyAVfCACfCIVfCANfCIihUIgiSIjfCIkIBaFQiiJIhYgInwgCXwiIiAjhUIwiSIjICR8IiQgFoVCAYkiFiAYIBt8IhggFSAahUIwiSIVICEgFIVCAYkiFCAXfCASfCIXhUIgiSIafCIbIBSFQiiJIhQgF3wgCHwiF3wgB3wiISAVIB18IhUgGSAYIA6FQgGJIg4gHnwgBnwiGIVCIIkiGXwiHSAOhUIoiSIOIBh8IAt8IhggGYVCMIkiGYVCIIkiHiAfICAgFSAPhUIBiSIPIBx8IAp8IhWFQiCJIhx8Ih8gD4VCKIkiDyAVfCAEfCIVIByFQjCJIhwgH3wiH3wiICAWhUIoiSIWICF8IAN8IiEgHoVCMIkiHiAgfCIgIBggFyAahUIwiSIXIBt8IhogFIVCAYkiFHwgBXwiGCAchUIgiSIbICR8IhwgFIVCKIkiFCAYfCABfCIYIBuFQjCJIhsgHyAPhUIBiSIPICJ8IAx8Ih8gF4VCIIkiFyAZIB18Ihl8Ih0gD4VCKIkiDyAffCATfCIfIBeFQjCJIhcgHXwiHSAPhUIBiSIPIBkgDoVCAYkiDiAVfCAQfCIVICOFQiCJIhkgGnwiGiAOhUIoiSIOIBV8IAJ8IhV8IBN8IiKFQiCJIiN8IiQgD4VCKIkiDyAifCASfCIiICOFQjCJIiMgJHwiJCAPhUIBiSIPIBsgHHwiGyAVIBmFQjCJIhUgICAWhUIBiSIWIB98IAt8IhmFQiCJIhx8Ih8gFoVCKIkiFiAZfCACfCIZfCAJfCIgIBUgGnwiFSAXIBsgFIVCAYkiFCAhfCAFfCIahUIgiSIXfCIbIBSFQiiJIhQgGnwgA3wiGiAXhUIwiSIXhUIgiSIhIB0gHiAVIA6FQgGJIg4gGHwgEHwiFYVCIIkiGHwiHSAOhUIoiSIOIBV8IAF8IhUgGIVCMIkiGCAdfCIdfCIeIA+FQiiJIg8gIHwgDXwiICAhhUIwiSIhIB58Ih4gGSAchUIwiSIZIB98IhwgFoVCAYkiFiAafCAIfCIaIBiFQiCJIhggJHwiHyAWhUIoiSIWIBp8IAp8IhogGIVCMIkiGCAdIA6FQgGJIg4gInwgBHwiHSAZhUIgiSIZIBcgG3wiF3wiGyAOhUIoiSIOIB18IAd8Ih0gGYVCMIkiGSAbfCIbIA6FQgGJIg4gFSAXIBSFQgGJIhR8IAx8IhUgI4VCIIkiFyAcfCIcIBSFQiiJIhQgFXwgBnwiFXwgEnwiIoVCIIkiI3wiJCAOhUIoiSIOICJ8IBN8IiIgGyAhIBUgF4VCMIkiFSAcfCIXIBSFQgGJIhQgGnwgBnwiGoVCIIkiHHwiGyAUhUIoiSIUIBp8IBB8IhogHIVCMIkiHCAbfCIbIBSFQgGJIhR8IA18IiEgGCAffCIYIBUgHiAPhUIBiSIPIB18IAJ8Ih2FQiCJIhV8Ih4gD4VCKIkiDyAdfCABfCIdIBWFQjCJIhWFQiCJIh8gFyAZIBggFoVCAYkiFiAgfCADfCIYhUIgiSIZfCIXIBaFQiiJIhYgGHwgBHwiGCAZhUIwiSIZIBd8Ihd8IiAgFIVCKIkiFCAhfCAIfCIhIB+FQjCJIh8gIHwiICAiICOFQjCJIiIgJHwiIyAOhUIBiSIOIB18IAd8Ih0gGYVCIIkiGSAbfCIbIA6FQiiJIg4gHXwgDHwiHSAZhUIwiSIZIBcgFoVCAYkiFiAafCALfCIXICKFQiCJIhogFSAefCIVfCIeIBaFQiiJIhYgF3wgCXwiFyAahUIwiSIaIB58Ih4gFoVCAYkiFiAVIA+FQgGJIg8gGHwgBXwiFSAchUIgiSIYICN8IhwgD4VCKIkiDyAVfCAKfCIVfCACfCIChUIgiSIifCIjIBaFQiiJIhYgAnwgC3wiAiAihUIwiSILICN8IiIgFoVCAYkiFiAZIBt8IhkgFSAYhUIwiSIVICAgFIVCAYkiFCAXfCANfCINhUIgiSIXfCIYIBSFQiiJIhQgDXwgBXwiBXwgEHwiECAVIBx8Ig0gGiAZIA6FQgGJIg4gIXwgDHwiDIVCIIkiFXwiGSAOhUIoiSIOIAx8IBJ8IhIgFYVCMIkiDIVCIIkiFSAeIB8gDSAPhUIBiSINIB18IAl8IgmFQiCJIg98IhogDYVCKIkiDSAJfCAIfCIJIA+FQjCJIgggGnwiD3wiGiAWhUIoiSIWIBB8IAd8IhAgEYUgDCAZfCIHIA6FQgGJIgwgCXwgCnwiCiALhUIgiSILIAUgF4VCMIkiBSAYfCIJfCIOIAyFQiiJIgwgCnwgE3wiEyALhUIwiSIKIA58IguFNwOAiQFBACADIAYgDyANhUIBiSINIAJ8fCICIAWFQiCJIgUgB3wiBiANhUIoiSIHIAJ8fCICQQApA4iJAYUgBCABIBIgCSAUhUIBiSIDfHwiASAIhUIgiSISICJ8IgkgA4VCKIkiAyABfHwiASAShUIwiSIEIAl8IhKFNwOIiQFBACATQQApA5CJAYUgECAVhUIwiSIQIBp8IhOFNwOQiQFBACABQQApA5iJAYUgAiAFhUIwiSICIAZ8IgGFNwOYiQFBACASIAOFQgGJQQApA6CJAYUgAoU3A6CJAUEAIBMgFoVCAYlBACkDqIkBhSAKhTcDqIkBQQAgASAHhUIBiUEAKQOwiQGFIASFNwOwiQFBACALIAyFQgGJQQApA7iJAYUgEIU3A7iJAQvdAgUBfwF+AX8BfgJ/IwBBwABrIgAkAAJAQQApA9CJAUIAUg0AQQBBACkDwIkBIgFBACgC4IoBIgKsfCIDNwPAiQFBAEEAKQPIiQEgAyABVK18NwPIiQECQEEALQDoigFFDQBBAEJ/NwPYiQELQQBCfzcD0IkBAkAgAkH/AEoNAEEAIQQDQCACIARqQeCJAWpBADoAACAEQQFqIgRBgAFBACgC4IoBIgJrSA0ACwtB4IkBEAIgAEEAKQOAiQE3AwAgAEEAKQOIiQE3AwggAEEAKQOQiQE3AxAgAEEAKQOYiQE3AxggAEEAKQOgiQE3AyAgAEEAKQOoiQE3AyggAEEAKQOwiQE3AzAgAEEAKQO4iQE3AzhBACgC5IoBIgVBAUgNAEEAIQRBACECA0AgBEGACWogACAEai0AADoAACAEQQFqIQQgBSACQQFqIgJB/wFxSg0ACwsgAEHAAGokAAv9AwMBfwF+AX8jAEGAAWsiAiQAQQBBgQI7AfKKAUEAIAE6APGKAUEAIAA6APCKAUGQfiEAA0AgAEGAiwFqQgA3AAAgAEH4igFqQgA3AAAgAEHwigFqQgA3AAAgAEEYaiIADQALQQAhAEEAQQApA/CKASIDQoiS853/zPmE6gCFNwOAiQFBAEEAKQP4igFCu86qptjQ67O7f4U3A4iJAUEAQQApA4CLAUKr8NP0r+68tzyFNwOQiQFBAEEAKQOIiwFC8e30+KWn/aelf4U3A5iJAUEAQQApA5CLAULRhZrv+s+Uh9EAhTcDoIkBQQBBACkDmIsBQp/Y+dnCkdqCm3+FNwOoiQFBAEEAKQOgiwFC6/qG2r+19sEfhTcDsIkBQQBBACkDqIsBQvnC+JuRo7Pw2wCFNwO4iQFBACADp0H/AXE2AuSKAQJAIAFBAUgNACACQgA3A3ggAkIANwNwIAJCADcDaCACQgA3A2AgAkIANwNYIAJCADcDUCACQgA3A0ggAkIANwNAIAJCADcDOCACQgA3AzAgAkIANwMoIAJCADcDICACQgA3AxggAkIANwMQIAJCADcDCCACQgA3AwBBACEEA0AgAiAAaiAAQYAJai0AADoAACAAQQFqIQAgBEEBaiIEQf8BcSABSA0ACyACQYABEAELIAJBgAFqJAALEgAgAEEDdkH/P3EgAEEQdhAECwkAQYAJIAAQAQsGAEGAiQELGwAgAUEDdkH/P3EgAUEQdhAEQYAJIAAQARADCwsLAQBBgAgLBPAAAAA=",Et="c6f286e6",pt={name:Bt,data:dt,hash:Et};new D;function we(e){return!Number.isInteger(e)||e<8||e>512||e%8!==0?new Error("Invalid variant! Valid values: 8, 16, ..., 512"):null}function yt(e,t){return e|t<<16}function le(e=512,t=null){if(we(e))return Promise.reject(we(e));let A=null,i=e;if(t!==null){if(A=N(t),A.length>64)return Promise.reject(new Error("Max key length is 64 bytes"));i=yt(e,A.length)}const r=e/8;return Se(pt,r).then(n=>{i>512&&n.writeMemory(A),n.init(i);const s={init:i>512?()=>(n.writeMemory(A),n.init(i),s):()=>(n.init(i),s),update:g=>(n.update(g),s),digest:g=>n.digest(g),save:()=>n.save(),load:g=>(n.load(g),s),blockSize:128,digestSize:r};return s})}function kt(e,t,A){const i=[`m=${t.memorySize}`,`t=${t.iterations}`,`p=${t.parallelism}`].join(",");return`$argon2${t.hashType}$v=19$${i}$${fe(e,!1)}$${fe(A,!1)}`}const Qe=new DataView(new ArrayBuffer(4));function V(e){return Qe.setInt32(0,e,!0),new Uint8Array(Qe.buffer)}function oe(e,t,A){return x(this,void 0,void 0,function*(){if(A<=64){const C=yield le(A*8);return C.update(V(A)),C.update(t),C.digest("binary")}const i=Math.ceil(A/32)-2,r=new Uint8Array(A);e.init(),e.update(V(A)),e.update(t);let n=e.digest("binary");r.set(n.subarray(0,32),0);for(let C=1;C<i;C++)e.init(),e.update(n),n=e.digest("binary"),r.set(n.subarray(0,32),C*32);const s=A-32*i;let g;return s===64?(g=e,g.init()):g=yield le(s*8),g.update(n),n=g.digest("binary"),r.set(n.subarray(0,s),i*32),r})}function St(e){switch(e){case"d":return 0;case"i":return 1;default:return 2}}function Dt(e){return x(this,void 0,void 0,function*(){var t;const{parallelism:A,iterations:i,hashLength:r}=e,n=N(e.password),s=N(e.salt),g=19,C=St(e.hashType),{memorySize:I}=e,y=N((t=e.secret)!==null&&t!==void 0?t:""),[p,Q]=yield Promise.all([Se(Qt,1024),le(512)]);p.setMemorySize(I*1024+1024);const u=new Uint8Array(24),m=new DataView(u.buffer);m.setInt32(0,A,!0),m.setInt32(4,r,!0),m.setInt32(8,I,!0),m.setInt32(12,i,!0),m.setInt32(16,g,!0),m.setInt32(20,C,!0),p.writeMemory(u,I*1024),Q.init(),Q.update(u),Q.update(V(n.length)),Q.update(n),Q.update(V(s.length)),Q.update(s),Q.update(V(y.length)),Q.update(y),Q.update(V(0));const d=Math.floor(I/(A*4))*4,f=new Uint8Array(72),F=Q.digest("binary");f.set(F);for(let E=0;E<A;E++){f.set(V(0),64),f.set(V(E),68);let l=E*d,a=yield oe(Q,f,1024);p.writeMemory(a,l*1024),l+=1,f.set(V(1),64),a=yield oe(Q,f,1024),p.writeMemory(a,l*1024)}const k=new Uint8Array(1024);ke(k,p.calculate(new Uint8Array([]),I));const U=yield oe(Q,k,r);if(e.outputType==="hex"){const E=new Uint8Array(r*2);return ge(E,U,r)}return e.outputType==="encoded"?kt(s,e,U):U})}const Ft=e=>{var t;if(!e||typeof e!="object")throw new Error("Invalid options parameter. It requires an object.");if(!e.password)throw new Error("Password must be specified");if(e.password=N(e.password),e.password.length<1)throw new Error("Password must be specified");if(!e.salt)throw new Error("Salt must be specified");if(e.salt=N(e.salt),e.salt.length<8)throw new Error("Salt should be at least 8 bytes long");if(e.secret=N((t=e.secret)!==null&&t!==void 0?t:""),!Number.isInteger(e.iterations)||e.iterations<1)throw new Error("Iterations should be a positive number");if(!Number.isInteger(e.parallelism)||e.parallelism<1)throw new Error("Parallelism should be a positive number");if(!Number.isInteger(e.hashLength)||e.hashLength<4)throw new Error("Hash length should be at least 4 bytes.");if(!Number.isInteger(e.memorySize))throw new Error("Memory size should be specified.");if(e.memorySize<8*e.parallelism)throw new Error("Memory size should be at least 8 * parallelism.");if(e.outputType===void 0&&(e.outputType="hex"),!["hex","binary","encoded"].includes(e.outputType))throw new Error(`Insupported output type ${e.outputType}. Valid values: ['hex', 'binary', 'encoded']`)};function De(e){return x(this,void 0,void 0,function*(){return Ft(e),Dt(Object.assign(Object.assign({},e),{hashType:"id"}))})}new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;new D;const Ut=32;async function bt(e,t,A=Be){Fe(A);try{const i=await De({password:e,salt:t,iterations:A.tCost,memorySize:A.mCost,parallelism:A.pCost,hashLength:Ut,outputType:"binary"});return ce(i)}catch{throw new Error("Key derivation failed")}}function Fe(e){if(e.mCost<16384)throw new Error("KDF memory cost too low (minimum 16 MiB)");if(e.mCost>1048576)throw new Error("KDF memory cost too high (maximum 1 GiB)");if(e.tCost<1)throw new Error("KDF time cost must be at least 1");if(e.tCost>10)throw new Error("KDF time cost too high (maximum 10)");if(e.pCost<1)throw new Error("KDF parallelism must be at least 1");if(e.pCost>4)throw new Error("KDF parallelism too high (maximum 4)")}async function mt(){try{const e=await De({password:"test",salt:new Uint8Array(16),iterations:1,memorySize:1024,parallelism:1,hashLength:32,outputType:"binary"});return e.length!==32?!1:(Ce(e),!0)}catch{return!1}}function Gt(e){return e==="localhost"||e==="127.0.0.1"||e.endsWith(".localhost")}function Ue(e){if(typeof window>"u")return;const t=window.location.hostname;if(!Gt(t))throw new Error("[Cedros] WebAuthn RP domain validation is not configured. Set wallet.allowedRpDomains to a non-empty list of allowed domains.")}function $(){return typeof window<"u"&&typeof window.PublicKeyCredential<"u"&&typeof navigator.credentials<"u"}async function Kt(){if(!$())return!1;try{if(!await PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable())return!1;if("getClientCapabilities"in PublicKeyCredential&&typeof PublicKeyCredential.getClientCapabilities=="function"){const t=await PublicKeyCredential.getClientCapabilities();if(t&&"prf"in t)return t.prf===!0}return!0}catch{return!1}}async function Ht(e,t,A,i,r){if(!$())throw new Error("WebAuthn is not available in this browser");Ue();const n=i??Ee(),s=await navigator.credentials.create({publicKey:{challenge:crypto.getRandomValues(new Uint8Array(32)),rp:{name:"Cedros Wallet",id:window.location.hostname},user:{id:Y(e),name:t,displayName:A},pubKeyCredParams:[{type:"public-key",alg:-7},{type:"public-key",alg:-257}],authenticatorSelection:{authenticatorAttachment:"platform",userVerification:"required",residentKey:"required"},timeout:6e4,attestation:"none",extensions:{prf:{eval:{first:n}}}}});if(!s)throw new Error("Passkey registration was cancelled");const g=s.getClientExtensionResults();if(!g.prf?.enabled||!g.prf?.results?.first)throw new Error("PRF extension is not supported by this authenticator. Please use a device with a compatible platform authenticator.");const C=g.prf?.results?.first;if(!C)throw new Error("PRF extension did not return a result");const I=new Uint8Array(C);if(I.length!==32)throw new Error(`Unexpected PRF output length: expected 32 bytes, got ${I.length}. The authenticator may not be compatible.`);return{credentialId:T(new Uint8Array(s.rawId)),prfSalt:T(n),prfOutput:I}}async function Jt(e,t){if(!$())throw new Error("WebAuthn is not available in this browser");Ue();const A=pe(e),i=await navigator.credentials.get({publicKey:{challenge:crypto.getRandomValues(new Uint8Array(32)),rpId:window.location.hostname,allowCredentials:[],userVerification:"required",timeout:6e4,extensions:{prf:{eval:{first:A}}}}});if(!i)throw new Error("Passkey authentication was cancelled");const n=i.getClientExtensionResults().prf?.results?.first;if(!n)throw new Error("PRF extension did not return a result during authentication");const s=new Uint8Array(n);if(s.length!==32)throw new Error(`Unexpected PRF output length: expected 32 bytes, got ${s.length}. The authenticator may not be compatible.`);return{prfOutput:s}}async function Mt(){const[e,t,A,i,r,n,s]=await Promise.all([Pt(),Vt(),It(),Nt(),Promise.resolve($()),Kt(),mt()]);return{webCrypto:e,aesGcm:t,hkdf:A,ed25519:i,webAuthn:r,webAuthnPrf:n,argon2:s,allSupported:e&&t&&A&&r&&n&&s}}async function Pt(){try{return typeof crypto<"u"&&typeof crypto.subtle<"u"&&typeof crypto.getRandomValues=="function"}catch{return!1}}async function Vt(){try{const e=await crypto.subtle.generateKey({name:"AES-GCM",length:256},!1,["encrypt","decrypt"]),t=new Uint8Array([1,2,3,4]),A=crypto.getRandomValues(new Uint8Array(12)),i=await crypto.subtle.encrypt({name:"AES-GCM",iv:A},e,t),r=await crypto.subtle.decrypt({name:"AES-GCM",iv:A},e,i),n=new Uint8Array(r);return n.length===t.length&&n.every((s,g)=>s===t[g])}catch{return!1}}async function Nt(){try{return await crypto.subtle.generateKey("Ed25519",!1,["sign","verify"]),!0}catch{return!1}}function Yt(e){if(e.allSupported)return null;const t=[];return e.webCrypto||t.push("Web Crypto API"),e.aesGcm||t.push("AES-GCM encryption"),e.hkdf||t.push("HKDF key derivation"),e.webAuthn||t.push("WebAuthn/Passkeys"),e.webAuthnPrf||t.push("WebAuthn PRF extension (requires platform authenticator)"),e.argon2||t.push("Argon2 password hashing"),t.length===0?null:`Your browser or device is missing required features: ${t.join(", ")}. Please use a modern browser with a platform authenticator (e.g., Touch ID, Face ID, Windows Hello).`}function xt(){const e=typeof navigator<"u"?navigator.userAgent:"",t=e.match(/Chrome\/(\d+)/);if(t){const n=parseInt(t[1],10);return{browser:"Chrome",version:t[1],likelySupported:n>=116}}const A=e.match(/Version\/(\d+)/);if(A&&e.includes("Safari")&&!e.includes("Chrome")){const n=parseInt(A[1],10);return{browser:"Safari",version:A[1],likelySupported:n>=17}}const i=e.match(/Firefox\/(\d+)/);if(i)return{browser:"Firefox",version:i[1],likelySupported:!1};const r=e.match(/Edg\/(\d+)/);if(r){const n=parseInt(r[1],10);return{browser:"Edge",version:r[1],likelySupported:n>=116}}return{browser:"Unknown",version:"Unknown",likelySupported:!1}}let q=null,se=null;const Ot=6e4;async function vt(e=!1){const t=Date.now(),A=se===null||t-se>Ot;return!e&&!(typeof window>"u")&&!A&&q!==null||(q=await Mt(),se=Date.now()),q}function be(e){switch(e.type){case"password":return{password:e.password};case"prfOutput":return{prfOutput:e.prfOutput}}}function me(){const e=b.useCedrosLoginOptional(),[t,A]=o.useState(!1),[i,r]=o.useState(null),n=e?.config.serverUrl,s=e?.config.requestTimeout,g=e?.config.retryAttempts,C=e?._internal?.getAccessToken,I=o.useMemo(()=>e?new b.ApiClient({baseUrl:n,timeoutMs:s,retryAttempts:g,getAccessToken:C}):null,[e,n,s,g,C]),y=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.get("/wallet/status")}catch(a){const c=b.handleApiError(a,"Failed to fetch wallet status");throw r(c.message),c}finally{A(!1)}},[I]),p=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.get("/wallet/material")}catch(a){const c=b.handleApiError(a,"Failed to fetch wallet material");if(c.code==="NOT_FOUND")return null;throw r(c.message),c}finally{A(!1)}},[I]),Q=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/enroll",a)}catch(c){const w=b.handleApiError(c,"Failed to enroll wallet");throw r(w.message),w}finally{A(!1)}},[I]),u=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/recover",a)}catch(c){const w=b.handleApiError(c,"Failed to recover wallet");throw r(w.message),w}finally{A(!1)}},[I]),m=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/sign",a)}catch(c){const w=b.handleApiError(c,"Failed to sign transaction");throw r(w.message),w}finally{A(!1)}},[I]),B=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/rotate-user-secret",a)}catch(c){const w=b.handleApiError(c,"Failed to rotate user secret");throw r(w.message),w}finally{A(!1)}},[I]),d=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/unlock",be(a))}catch(c){const w=b.handleApiError(c,"Failed to unlock wallet");throw r(w.message),w}finally{A(!1)}},[I]),f=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.post("/wallet/lock",{})}catch(a){const c=b.handleApiError(a,"Failed to lock wallet");throw r(c.message),c}finally{A(!1)}},[I]),F=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/share-b",a)}catch(c){const w=b.handleApiError(c,"Failed to get Share B for recovery");throw r(w.message),w}finally{A(!1)}},[I]),k=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.post("/wallet/derived",a)}catch(c){const w=b.handleApiError(c,"Failed to create derived wallet");throw r(w.message),w}finally{A(!1)}},[I]),U=o.useCallback(async()=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{return await I.get("/wallet/derived")}catch(a){const c=b.handleApiError(a,"Failed to list wallets");throw r(c.message),c}finally{A(!1)}},[I]),E=o.useCallback(async a=>{if(!I)throw new Error("useWalletMaterial must be used within a CedrosLoginProvider");A(!0),r(null);try{await I.delete(`/wallet/derived/${a}`)}catch(c){const w=b.handleApiError(c,"Failed to delete derived wallet");throw r(w.message),w}finally{A(!1)}},[I]),l=o.useCallback(()=>r(null),[]);return{getStatus:y,getMaterial:p,enroll:Q,recover:u,signTransaction:m,rotateUserSecret:B,unlock:d,lock:f,getShareBForRecovery:F,createDerivedWallet:k,listAllWallets:U,deleteDerivedWallet:E,isLoading:t,error:i,clearError:l}}const Rt={status:"not_enrolled",solanaPubkey:null,authMethod:null,hasExternalWallet:!1,isUnlocked:!1,capabilities:null,isSupported:!1,error:null,refresh:async()=>{},clearError:()=>{}};function Ge(){const t=b.useCedrosLoginOptional()!==null,[A,i]=o.useState("loading"),[r,n]=o.useState(null),[s,g]=o.useState(null),[C,I]=o.useState(!1),[y,p]=o.useState(!1),[Q,u]=o.useState(null),[m,B]=o.useState(null),{getStatus:d,isLoading:f}=me(),F=o.useRef(!1);o.useEffect(()=>{if(!t)return;let E=!1;return(async()=>{try{const a=await vt();if(E)return;u(a),a.allSupported||(i("error"),B("Your browser or device does not support all required features. Please use a modern browser with a platform authenticator."))}catch{if(E)return;u(null),i("error"),B("Failed to check crypto capabilities")}})(),()=>{E=!0}},[t]);const k=o.useCallback(async()=>{if(!(!t||!Q?.allSupported)){i("loading"),B(null);try{const E=await d();n(E.solanaPubkey??null),g(E.authMethod??null),I(E.hasExternalWallet),p(E.unlocked),E.hasExternalWallet?i("enrolled_unlocked"):E.enrolled?i(E.unlocked?"enrolled_unlocked":"enrolled_locked"):i("not_enrolled")}catch(E){i("error"),B(E instanceof Error?E.message:"Failed to fetch wallet status")}}},[t,Q?.allSupported,d]);o.useEffect(()=>{t&&Q?.allSupported&&!f&&!F.current&&(F.current=!0,k())},[t,Q?.allSupported,f,k]);const U=o.useCallback(()=>B(null),[]);return t?{status:A,solanaPubkey:r,authMethod:s,hasExternalWallet:C,isUnlocked:y,capabilities:Q,isSupported:Q?.allSupported??!1,error:m,refresh:k,clearError:U}:Rt}const z="__CEDROS_EMBEDDED_WALLET__";function Tt(e){typeof window<"u"&&(window[z]=e)}function Ie(){typeof window<"u"&&delete window[z]}function Lt(){return typeof window>"u"?!1:window[z]?.available??!1}function Xt(){return typeof window>"u"?null:window[z]??null}function Wt(){const{config:e,user:t}=b.useCedrosLogin(),{status:A,solanaPubkey:i,hasExternalWallet:r}=Ge(),n=e.wallet?.exposeAvailability??!1,s=e.wallet?.exposePublicKey??!1;return o.useEffect(()=>{if(!n||!t){Ie();return}if(r){Ie();return}if(A==="loading")return;const g=A==="enrolled_locked"||A==="enrolled_unlocked";return Tt({available:g,publicKey:s&&g?i:null}),()=>{Ie()}},[n,s,t,A,i,r]),null}function jt({config:e,children:t}){const[A,i]=o.useState(null),[r,n]=o.useState(!1),s=o.useRef(e.callbacks);s.current=e.callbacks;const g=o.useRef({onLoginSuccess:(...J)=>s.current?.onLoginSuccess?.(...J),onLoginError:(...J)=>s.current?.onLoginError?.(...J),onLogout:()=>s.current?.onLogout?.(),onSessionExpired:()=>s.current?.onSessionExpired?.()}),C=e.features==="auto",{features:I,googleClientId:y,appleClientId:p,isLoading:Q}=Me(e.serverUrl,C,e.requestTimeout),u=o.useMemo(()=>!C||!I?e:{...e,features:I,googleClientId:e.googleClientId??y,appleClientId:e.appleClientId??p},[e,C,I,y,p]),m=o.useMemo(()=>JSON.stringify(u.themeOverrides??null),[u.themeOverrides]),B=o.useMemo(()=>JSON.stringify(u.session??null),[u.session]),d=o.useMemo(()=>JSON.stringify(u.features??null),[u.features]),f=o.useMemo(()=>JSON.stringify(u.forms??null),[u.forms]),F=o.useMemo(()=>u,[u.serverUrl,u.googleClientId,u.appleClientId,u.requestTimeout,u.retryAttempts,u.theme,m,B,d,f]);He({theme:F.theme,themeOverrides:F.themeOverrides});const{user:k,authState:U,handleLoginSuccess:E,logout:l,refreshUser:a,getAccessToken:c}=ve({serverUrl:F.serverUrl,session:F.session,callbacks:g.current,requestTimeoutMs:F.requestTimeout}),w=o.useCallback(async()=>{i(null),await l()},[l]),h=o.useCallback((...J)=>{i(null),E(...J)},[E]),S=o.useCallback(()=>n(!0),[]),K=o.useCallback(()=>n(!1),[]),H=o.useMemo(()=>({config:F,user:k,authState:U,logout:w,refreshUser:a,_internal:{handleLoginSuccess:h,getAccessToken:c}}),[F,k,U,w,a,h,c]),G=o.useMemo(()=>({error:A,isModalOpen:r,openModal:S,closeModal:K}),[A,r,S,K]),M=o.useMemo(()=>({...H,...G}),[H,G]);return C&&Q?null:X.jsx(Ae.AuthStateContext.Provider,{value:H,children:X.jsx(Ae.AuthUIContext.Provider,{value:G,children:X.jsxs(Ae.CedrosLoginContext.Provider,{value:M,children:[X.jsx(Wt,{}),t]})})})}function Zt(){const{user:e,authState:t,error:A,logout:i,refreshUser:r,openModal:n,closeModal:s}=b.useCedrosLogin();return{user:e,authState:t,error:A,isAuthenticated:t==="authenticated"&&e!==null,isLoading:t==="loading",logout:i,refreshUser:r,openLoginModal:n,closeLoginModal:s}}exports.CedrosLoginProvider=jt;exports.DEFAULT_KDF_PARAMS=Be;exports.aesGcmEncryptToBase64=nt;exports.argon2Derive=bt;exports.authenticateWithDiscoverablePrf=Jt;exports.base64ToUint8Array=pe;exports.deriveKeyFromPrf=st;exports.generateArgon2Salt=tt;exports.generatePrfSalt=Ee;exports.generateSeed=ze;exports.getBrowserSupportInfo=xt;exports.getEmbeddedWalletInfo=Xt;exports.getMissingCapabilitiesMessage=Yt;exports.isEmbeddedWalletAvailable=Lt;exports.registerPasskeyWithPrf=Ht;exports.toCredentialRequest=be;exports.toEncryptionKey=ce;exports.toSeed=de;exports.toShamirShare=Ze;exports.uint8ArrayToBase64=T;exports.useAuth=Zt;exports.useWallet=Ge;exports.useWalletMaterial=me;exports.validateKdfParams=Fe;exports.wipeAll=At;exports.wipeBytes=Ce;