@cinchor/sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/LICENSE +23 -0
  2. package/README.md +93 -0
  3. package/dist/index.cjs +799 -0
  4. package/dist/index.cjs.map +1 -0
  5. package/dist/index.d.cts +514 -0
  6. package/dist/index.d.ts +514 -0
  7. package/dist/index.js +755 -0
  8. package/dist/index.js.map +1 -0
  9. package/package.json +53 -0
package/dist/index.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/index.ts","../src/capability-registry.ts","../src/address.ts","../src/config.ts","../src/types.ts","../src/attestation.ts","../src/client.ts"],"sourcesContent":["/**\n * @cinchor/sdk — accountability infrastructure for autonomous agents.\n *\n * Bound what an agent can do *before* it acts, and prove what it did *after* —\n * verifiably enough for a regulator, auditor, insurer, or court.\n *\n * import { CinchorClient, IGNIS_LOCAL } from '@cinchor/sdk';\n *\n * const cinchor = await CinchorClient.connect({\n * network: IGNIS_LOCAL,\n * contract: { name: 'cinchor_permissions', address: 'om1z…' },\n * });\n *\n * const { capabilityId } = await cinchor.mintCapability({\n * principal, agent: agentAddress, maxSpend: 100n, ttlSeconds: 3600,\n * });\n *\n * const outcome = await cinchor.enforce({ capability: capabilityId, agent, amount: 40n });\n * if (!outcome.allowed) throw new Error(`refused: ${outcome.reason}`);\n *\n * await cinchor.attest({ capability: capabilityId, agent, context: decision });\n */\n\n// Facade\nexport {\n CinchorClient,\n nowSecs,\n type MintCapabilityOptions,\n type MintCapabilityResult,\n type EnforceOptions,\n type AttestOptions,\n type AttestResult,\n} from './client.js';\n\n// Configuration\nexport {\n type CinchorConfig,\n type NetworkConfig,\n type ContractConfig,\n exportPrefixFor,\n IGNIS_LOCAL,\n BURN_SENTINEL,\n DEFAULT_GAS_LIMIT,\n DEFAULT_GAS_PRICE,\n} from './config.js';\n\n// Outcome types + enums\nexport {\n CapabilityStatus,\n CAPABILITY_STATUS_LABELS,\n EnforcementCode,\n ENFORCEMENT_LABELS,\n Verdict,\n type CapabilityStatusLabel,\n type EnforcementLabel,\n type Signer,\n type SubmitReceipt,\n type EnforcementOutcome,\n type CapabilityState,\n type AttestationRecord,\n} from './types.js';\n\n// Lower-level primitives (power users)\nexport { CapabilityRegistry, parseAddressReturn } from './capability-registry.js';\n\n// Address + identifier utilities\nexport {\n encodeAddress,\n decodeAddress,\n addressArg,\n deriveCapabilityId,\n counterpartyKey,\n} from './address.js';\n\n// Attestation helpers\nexport {\n canonicalJson,\n hashDecisionContext,\n deriveAttestationId,\n verifyDecisionContext,\n} from './attestation.js';\n","/**\n * @cinchor/sdk — typed wrapper over the deployed accountability contract.\n *\n * Each method maps to a contract export, encoding arguments per the on-chain\n * ABI and parsing the returned state. This is the low-level primitive layer;\n * most consumers use the high-level {@link CinchorClient} facade instead.\n *\n * Read methods (query) work standalone — no wallet/signing required.\n * Write methods (call) require a signer whose om1z address is funded to pay gas.\n *\n * Substrate-enforced invariants for an action (in precedence order):\n * 0 = not_found, 1 = success, 2 = revoked, 3 = expired, 4 = over_budget,\n * 5 = out_of_allowlist.\n */\n\nimport {\n OmneClient,\n OmneContract,\n AbiEncode,\n encodeContractCall,\n type AbiArgument,\n type ContractQueryResult,\n} from '@omne/sdk';\nimport { addressArg, counterpartyKey, encodeAddress } from './address.js';\nimport {\n type CinchorConfig,\n type ContractConfig,\n exportPrefixFor,\n BURN_SENTINEL,\n DEFAULT_GAS_LIMIT,\n DEFAULT_GAS_PRICE,\n} from './config.js';\nimport {\n CapabilityStatus,\n CAPABILITY_STATUS_LABELS,\n type CapabilityState,\n type AttestationRecord,\n type Signer,\n type SubmitReceipt,\n} from './types.js';\n\n/** A JSON-RPC submit result, discriminated so a real rejection is never swallowed. */\ntype SubmitStatus = 'ok' | 'duplicate' | 'stale_nonce';\n\nfunction toBigInt(v: ContractQueryResult['returnValue']): bigint {\n return BigInt(v ?? 0);\n}\n\nfunction toNumber(v: ContractQueryResult['returnValue']): number {\n return Number(v ?? 0);\n}\n\nexport class CapabilityRegistry {\n private readonly contract: OmneContract;\n private readonly rpcUrl: string;\n private readonly chainId: number;\n private readonly contractAddress: string;\n private readonly exportPrefix: string;\n private readonly defaultGasLimit: number;\n private readonly defaultGasPrice: string;\n /** Per-signer next-nonce cache (see {@link sendSigned} for node nonce semantics). */\n private readonly nonces = new Map<string, number>();\n\n private constructor(contract: OmneContract, config: CinchorConfig) {\n this.contract = contract;\n this.rpcUrl = config.network.rpcUrl;\n this.chainId = config.network.chainId;\n this.contractAddress = config.contract.address;\n this.exportPrefix = exportPrefixFor(config.contract);\n this.defaultGasLimit = config.defaultGasLimit ?? DEFAULT_GAS_LIMIT;\n this.defaultGasPrice = config.defaultGasPrice ?? DEFAULT_GAS_PRICE;\n }\n\n static async connect(config: CinchorConfig): Promise<CapabilityRegistry> {\n const client = new OmneClient(config.network.rpcUrl);\n await client.connect();\n const contract = new OmneContract(client, config.contract.address);\n return new CapabilityRegistry(contract, config);\n }\n\n private fn(name: string): string {\n return this.exportPrefix + name;\n }\n\n /** A single, non-retrying JSON-RPC POST. */\n private async rpc<T = unknown>(method: string, params: unknown[]): Promise<T> {\n const resp = await fetch(this.rpcUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ jsonrpc: '2.0', method, params, id: 1 }),\n });\n if (!resp.ok) {\n throw new Error(`${method} HTTP ${resp.status}: ${await resp.text()}`);\n }\n const json = (await resp.json()) as { result?: T; error?: { message?: string } };\n if (json.error) throw new Error(`${method} rejected: ${json.error.message ?? 'unknown'}`);\n return json.result as T;\n }\n\n // ── Write path ──────────────────────────────────────────────────\n\n /**\n * Build, SIGN, and submit a state-changing contract call. The Omne node\n * mandates a valid ML-DSA-44 signature on every transaction; we encode the\n * call data, build the transaction, sign it with the role's signer (chainId\n * 3 = Ignis), and submit via a single raw JSON-RPC POST. The submitter\n * (\"from\") must equal the signer's om1z address — the node re-derives the PQC\n * address from the public key and checks it matches.\n */\n private async sendSigned(\n signer: Signer,\n method: string,\n args: AbiArgument[],\n gasLimit = this.defaultGasLimit,\n ): Promise<SubmitReceipt> {\n const data = encodeContractCall(this.fn(method), args);\n\n // Node nonce semantics: this devnet node does NOT currently track or enforce\n // per-account nonces — omne_getNonce / omne_getAccount report 0 even for a\n // signer with many committed txs, and any nonce is accepted. We keep a\n // client-side monotonic counter (seeded once from the node) for hygiene.\n // If/when the node enforces real nonces, the seed becomes authoritative and\n // the stale-nonce recovery below takes over.\n let nonce = this.nonces.get(signer.address);\n if (nonce === undefined) nonce = await this.fetchNonce(signer.address);\n\n // Build → sign → submit, retrying ONCE on \"nonce too low\" (a stale seed).\n // The tx is signed WITH the nonce, so recovery re-signs with a fresh one.\n // \"nonce too low\" is a definitive rejection (tx NOT accepted), so re-signing\n // higher cannot double-submit. \"duplicate\" means the node already holds this\n // exact tx — treated as accepted; outcome is read from state.\n for (let attempt = 0; attempt < 2; attempt++) {\n const wire = this.buildSignedWire(signer, data, nonce, gasLimit);\n const res = await this.submitOnce(wire);\n if (res.status === 'ok' || res.status === 'duplicate') {\n this.nonces.set(signer.address, nonce + 1);\n return this.pollReceipt(res.txHash);\n }\n const fresh = await this.fetchNonce(signer.address);\n if (attempt === 0 && fresh > nonce) {\n nonce = fresh;\n this.nonces.set(signer.address, fresh);\n continue;\n }\n throw new Error(\n `transaction rejected nonce ${nonce} as too low; node reports ${fresh} (cannot recover)`,\n );\n }\n throw new Error('sendSigned: exhausted submit attempts'); // unreachable\n }\n\n /** Fetch the signer's next nonce from the node (0 on this devnet). */\n private async fetchNonce(address: string): Promise<number> {\n try {\n const n = await this.rpc<unknown>('omne_getNonce', [address]);\n return Number(n ?? 0);\n } catch {\n const acct = await this.rpc<{ nonce?: number }>('omne_getAccount', [address]);\n return Number(acct?.nonce ?? 0);\n }\n }\n\n /**\n * Build a signed wire payload for a contract call at a given nonce, validating\n * the ML-DSA-44 signature/pubkey/chainId lengths locally before submit so a\n * malformed signed object fails fast here, not at the node.\n */\n private buildSignedWire(\n signer: Signer,\n data: string,\n nonce: number,\n gasLimit: number,\n ): Record<string, unknown> {\n const tx = {\n from: signer.address,\n to: this.contractAddress,\n value: '0',\n gasLimit,\n gasPrice: this.defaultGasPrice,\n nonce,\n data,\n chainId: this.chainId,\n };\n const signed = signer.signTransaction(tx, { chainId: this.chainId });\n // ML-DSA-44: 2420-byte signature (4840 hex), 1312-byte public key (2624 hex).\n if (typeof signed.signature !== 'string' || !/^[0-9a-f]{4840}$/i.test(signed.signature)) {\n throw new Error(\n `signTransaction produced an invalid ML-DSA-44 signature (expected 4840 hex chars, got ${signed.signature?.length ?? 0})`,\n );\n }\n if (typeof signed.publicKey !== 'string' || !/^[0-9a-f]{2624}$/i.test(signed.publicKey)) {\n throw new Error(\n `signTransaction produced an invalid ML-DSA-44 public key (expected 2624 hex chars, got ${signed.publicKey?.length ?? 0})`,\n );\n }\n if (!Number.isInteger(signed.chainId) || signed.chainId < 0) {\n throw new Error(`signed tx carries an invalid chainId: ${signed.chainId}`);\n }\n return {\n from: signed.from,\n to: signed.to,\n value: signed.value,\n gasLimit: signed.gasLimit,\n gasPrice: signed.gasPrice,\n nonce: signed.nonce,\n chainId: signed.chainId,\n data: signed.data ?? '',\n signature: { signature: signed.signature, publicKey: signed.publicKey },\n };\n }\n\n /** Submit a signed wire payload with one non-retrying POST. */\n private async submitOnce(\n wire: Record<string, unknown>,\n ): Promise<{ status: SubmitStatus; txHash: string | null }> {\n const resp = await fetch(this.rpcUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: JSON.stringify({ jsonrpc: '2.0', method: 'omne_sendTransaction', params: [wire], id: 1 }),\n });\n if (!resp.ok) {\n throw new Error(`omne_sendTransaction HTTP ${resp.status}: ${await resp.text()}`);\n }\n const json = (await resp.json()) as {\n result?: string | { transactionHash?: string };\n error?: { message?: string };\n };\n if (json.error) {\n const msg = String(json.error.message ?? json.error);\n if (/already\\s*known|already\\s*exists|duplicate/i.test(msg)) {\n return { status: 'duplicate', txHash: null };\n }\n if (/nonce\\s*too\\s*low|invalid\\s*nonce/i.test(msg)) {\n return { status: 'stale_nonce', txHash: null };\n }\n throw new Error(`omne_sendTransaction rejected: ${msg}`);\n }\n const r = json.result;\n return { status: 'ok', txHash: typeof r === 'string' ? r : (r?.transactionHash ?? null) };\n }\n\n /**\n * Poll for a transaction receipt, tolerating the node's \"receipt not found\"\n * RPC error while the tx is still in the mempool. 60s default: a 4-node BFT\n * mesh confirms contract calls in ~20-30s.\n */\n private async pollReceipt(\n txHash: string | null,\n timeoutMs = 60_000,\n intervalMs = 1_000,\n ): Promise<SubmitReceipt> {\n if (!txHash) return { transactionHash: null, status: 'submitted', blockNumber: null };\n const start = Date.now();\n let lastTransportError: string | null = null;\n while (Date.now() - start < timeoutMs) {\n try {\n const r = await this.rpc<SubmitReceipt | null>('omne_getTransactionReceipt', [txHash]);\n if (r) return r;\n } catch (e: unknown) {\n const msg = e instanceof Error ? e.message : String(e);\n if (/receipt.*not\\s*found|not\\s*found|-32000|-32602/i.test(msg)) {\n // Expected: tx still in the mempool — keep polling quietly.\n } else {\n lastTransportError = msg;\n }\n }\n await new Promise((res) => setTimeout(res, intervalMs));\n }\n return {\n transactionHash: txHash,\n status: 'pending',\n blockNumber: null,\n note: lastTransportError\n ? `receipt not available within ${timeoutMs}ms; last transport error: ${lastTransportError}`\n : `receipt not available within ${timeoutMs}ms`,\n };\n }\n\n // ── Reads ───────────────────────────────────────────────────────\n\n private async queryNumber(method: string, id: string): Promise<number> {\n const r = await this.contract.query(this.fn(method), [addressArg(id)]);\n return toNumber(r.returnValue);\n }\n\n private async queryBigInt(method: string, id: string): Promise<bigint> {\n const r = await this.contract.query(this.fn(method), [addressArg(id)]);\n return toBigInt(r.returnValue);\n }\n\n private async queryAddress(method: string, id: string): Promise<string> {\n const r = await this.contract.query(this.fn(method), [addressArg(id)]);\n return parseAddressReturn(r.returnValue);\n }\n\n getStatus(capabilityId: string): Promise<number> {\n return this.queryNumber('get_status', capabilityId);\n }\n getMaxSpend(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_max_spend', capabilityId);\n }\n getValidUntil(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_valid_until', capabilityId);\n }\n getTotalSpent(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_total_spent', capabilityId);\n }\n getActionCount(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_action_count', capabilityId);\n }\n getCreatedAt(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_created_at', capabilityId);\n }\n getRevokedAt(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_revoked_at', capabilityId);\n }\n getPolicyVersion(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_policy_version', capabilityId);\n }\n getAttestationCount(capabilityId: string): Promise<bigint> {\n return this.queryBigInt('get_attestation_count', capabilityId);\n }\n\n async getAllowlistEnabled(capabilityId: string): Promise<boolean> {\n return (await this.queryNumber('get_allowlist_enabled', capabilityId)) === 1;\n }\n\n async isCounterpartyAllowed(capabilityId: string, counterparty: string): Promise<boolean> {\n const key = await counterpartyKey(capabilityId, counterparty);\n const r = await this.contract.query(this.fn('is_counterparty_allowed'), [addressArg(key)]);\n return toNumber(r.returnValue) === 1;\n }\n\n /** Read a decision attestation's on-chain record (the tamper-evidence anchor). */\n async getAttestation(attestationId: string): Promise<AttestationRecord> {\n const [exists, ch, pv, v, t] = await Promise.all([\n this.contract.query(this.fn('get_attestation_exists'), [addressArg(attestationId)]),\n this.contract.query(this.fn('get_attestation_context_hash'), [addressArg(attestationId)]),\n this.contract.query(this.fn('get_attestation_policy_version'), [addressArg(attestationId)]),\n this.contract.query(this.fn('get_attestation_verdict'), [addressArg(attestationId)]),\n this.contract.query(this.fn('get_attestation_time'), [addressArg(attestationId)]),\n ]);\n return {\n exists: toNumber(exists.returnValue) === 1,\n contextHash: parseAddressReturn(ch.returnValue),\n policyVersion: toBigInt(pv.returnValue),\n verdict: toNumber(v.returnValue),\n time: toBigInt(t.returnValue),\n };\n }\n\n /** Fetch the complete state of a capability in one call. */\n async getCapabilityState(capabilityId: string): Promise<CapabilityState> {\n const [\n status,\n principal,\n agent,\n maxSpend,\n validUntil,\n totalSpent,\n actionCount,\n createdAt,\n revokedAt,\n ] = await Promise.all([\n this.getStatus(capabilityId),\n this.queryAddress('get_principal', capabilityId).catch(() => ''),\n this.queryAddress('get_agent', capabilityId).catch(() => ''),\n this.getMaxSpend(capabilityId),\n this.getValidUntil(capabilityId),\n this.getTotalSpent(capabilityId),\n this.getActionCount(capabilityId),\n this.getCreatedAt(capabilityId),\n this.getRevokedAt(capabilityId),\n ]);\n return {\n capabilityId,\n status,\n statusLabel: CAPABILITY_STATUS_LABELS[status] ?? 'not_found',\n principal,\n agent,\n maxSpend,\n validUntil,\n totalSpent,\n actionCount,\n createdAt,\n revokedAt,\n };\n }\n\n // ── Writes (signed; require a funded signer) ─────────────────────\n\n /** Principal mints a scoped capability to an agent. Signed by the principal. */\n mintPermission(opts: {\n signer: Signer;\n capabilityId: string;\n principal: string;\n agent: string;\n maxSpend: bigint;\n validUntil: bigint;\n allowlistEnabled?: boolean;\n currentTime: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n return this.sendSigned(\n opts.signer,\n 'mint_permission',\n [\n addressArg(opts.capabilityId),\n addressArg(opts.principal),\n addressArg(opts.agent),\n AbiEncode.i64(opts.maxSpend),\n AbiEncode.i64(opts.validUntil),\n AbiEncode.i64(opts.allowlistEnabled ? 1n : 0n),\n AbiEncode.i64(opts.currentTime),\n ],\n opts.gasLimit,\n );\n }\n\n /** Principal authorizes a counterparty for a capability's allowlist. */\n async addAllowedCounterparty(opts: {\n signer: Signer;\n capabilityId: string;\n counterparty: string;\n currentTime: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n const key = await counterpartyKey(opts.capabilityId, opts.counterparty);\n return this.sendSigned(\n opts.signer,\n 'add_allowed_counterparty',\n [addressArg(opts.capabilityId), addressArg(key), AbiEncode.i64(opts.currentTime)],\n opts.gasLimit,\n );\n }\n\n /** Principal updates a capability's policy (limits) and bumps its on-chain version. */\n updatePolicy(opts: {\n signer: Signer;\n capabilityId: string;\n newMaxSpend: bigint;\n newValidUntil: bigint;\n currentTime: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n return this.sendSigned(\n opts.signer,\n 'update_policy',\n [\n addressArg(opts.capabilityId),\n AbiEncode.i64(opts.newMaxSpend),\n AbiEncode.i64(opts.newValidUntil),\n AbiEncode.i64(opts.currentTime),\n ],\n opts.gasLimit,\n );\n }\n\n /**\n * Agent records a capability-bound action — the substrate Policy Enforcement\n * Point. Signed by the agent. `counterparty` is ignored when the capability's\n * allowlist is disabled; when enabled, the substrate refuses (code 5) unless\n * the counterparty has been allowlisted.\n */\n async recordAction(opts: {\n signer: Signer;\n capabilityId: string;\n amountSpent: bigint;\n counterparty?: string;\n currentTime: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n const cp = opts.counterparty ?? BURN_SENTINEL;\n const key = await counterpartyKey(opts.capabilityId, cp);\n return this.sendSigned(\n opts.signer,\n 'record_action',\n [\n addressArg(opts.capabilityId),\n AbiEncode.i64(opts.amountSpent),\n addressArg(key),\n AbiEncode.i64(opts.currentTime),\n ],\n opts.gasLimit,\n );\n }\n\n /** Principal revokes a capability. Terminal. Signed by the principal. */\n revokePermission(opts: {\n signer: Signer;\n capabilityId: string;\n currentTime: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n return this.sendSigned(\n opts.signer,\n 'revoke_permission',\n [addressArg(opts.capabilityId), AbiEncode.i64(opts.currentTime)],\n opts.gasLimit,\n );\n }\n\n /**\n * Agent records a decision attestation (provable-after). Commits the\n * decision's context_hash + verdict, bound to the capability's current policy\n * version. Signed by the agent.\n */\n recordAttestation(opts: {\n signer: Signer;\n attestationId: string;\n capabilityId: string;\n contextHash: string;\n verdict: number;\n currentTime: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n return this.sendSigned(\n opts.signer,\n 'record_attestation',\n [\n addressArg(opts.attestationId),\n addressArg(opts.capabilityId),\n addressArg(opts.contextHash),\n AbiEncode.i64(BigInt(opts.verdict)),\n AbiEncode.i64(opts.currentTime),\n ],\n opts.gasLimit,\n );\n }\n}\n\n/**\n * Parse an address return value from a contract query. The chain is uniformly\n * 32-byte (PQC, witness v2); we normalize to 32 bytes and re-encode to om1z. A\n * short hex value is zero-padded to 32 bytes (never 20) so a runtime returning\n * the wrong width surfaces as a clearly-wrong address, not a silently-valid one.\n */\nexport function parseAddressReturn(returnValue: ContractQueryResult['returnValue']): string {\n if (typeof returnValue === 'string' && /^(0x)?[0-9a-fA-F]+$/.test(returnValue)) {\n let hex = returnValue.replace(/^0x/, '');\n if (hex.length > 64) return returnValue; // unexpected width — surface raw, don't truncate\n hex = hex.padStart(64, '0');\n const bytes = new Uint8Array(32);\n for (let i = 0; i < 32; i++) {\n bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);\n }\n try {\n return encodeAddress(bytes);\n } catch {\n return returnValue;\n }\n }\n if (returnValue === '0' || returnValue === null) return '';\n return String(returnValue);\n}\n","/**\n * @cinchor/sdk — Omne address + identifier encoding.\n *\n * The Omne chain is uniformly 32-byte (post-quantum). On-chain addresses and\n * contract map-key identifiers (capability ids, attestation ids) are bech32m\n * encodings of a 32-byte payload under witness version 2. This module produces\n * ABI arguments in that on-chain format and derives the deterministic ids the\n * accountability contract keys its state by.\n *\n * Format: bech32m(\"om\", [0x02, ...toWords(32-byte payload)]) → 62-char \"om1z…\"\n */\n\nimport { bech32m } from '@scure/base';\nimport { ArgType, type AbiArgument } from '@omne/sdk';\n\nconst ADDRESS_HRP = 'om';\nconst WITNESS_VERSION = 2;\n\n/** Decode an om1z bech32m address to its raw 32-byte payload. */\nexport function decodeAddress(address: string): Uint8Array {\n const { prefix, words } = bech32m.decode(address as `${string}1${string}`);\n if (prefix !== ADDRESS_HRP) {\n throw new Error(`Invalid address HRP: expected \"${ADDRESS_HRP}\", got \"${prefix}\"`);\n }\n if (words[0] !== WITNESS_VERSION) {\n throw new Error(`Invalid witness version: expected ${WITNESS_VERSION}, got ${words[0]}`);\n }\n return new Uint8Array(bech32m.fromWords(Array.from(words.slice(1))));\n}\n\n/** Encode a raw 32-byte payload as canonical om1z bech32m. Rejects non-32-byte input. */\nexport function encodeAddress(payload: Uint8Array): string {\n if (payload.length !== 32) {\n throw new Error(`Address payload must be 32 bytes, got ${payload.length}`);\n }\n const dataWords = bech32m.toWords(payload);\n const words = new Uint8Array(dataWords.length + 1);\n words[0] = WITNESS_VERSION;\n words.set(dataWords, 1);\n return bech32m.encode(ADDRESS_HRP, words);\n}\n\n/**\n * Build an ABI `Address` argument from an om1z string. Uses the 32-byte payload\n * directly — the substrate runtime accepts the Address discriminant + 32-byte\n * payload because that matches the on-chain representation.\n */\nexport function addressArg(address: string): AbiArgument {\n return { type: ArgType.Address, data: decodeAddress(address) };\n}\n\nasync function sha256(bytes: Uint8Array): Promise<Uint8Array> {\n // Back the digest input with a concrete ArrayBuffer (TS narrows Uint8Array\n // over ArrayBufferLike, which does not satisfy BufferSource directly).\n const ab = new ArrayBuffer(bytes.byteLength);\n new Uint8Array(ab).set(bytes);\n return new Uint8Array(await crypto.subtle.digest('SHA-256', ab));\n}\n\nfunction u64be(value: number | bigint): Uint8Array {\n const b = new Uint8Array(8);\n new DataView(b.buffer).setBigUint64(0, BigInt(value), false);\n return b;\n}\n\nfunction concat(...parts: Uint8Array[]): Uint8Array {\n const total = parts.reduce((n, p) => n + p.length, 0);\n const out = new Uint8Array(total);\n let off = 0;\n for (const p of parts) {\n out.set(p, off);\n off += p.length;\n }\n return out;\n}\n\n/**\n * Derive a deterministic capability id from (principal, agent, nonce, createdAt).\n * Returns a 32-byte om1z address matching the chain's uniform width, so it\n * round-trips through the contract's address-typed map key.\n */\nexport async function deriveCapabilityId(\n principal: string,\n agent: string,\n nonce: number,\n createdAt: number,\n): Promise<string> {\n const preimage = concat(\n decodeAddress(principal),\n decodeAddress(agent),\n u64be(nonce),\n u64be(createdAt),\n );\n return encodeAddress(await sha256(preimage));\n}\n\n/**\n * Derive the per-(capability, counterparty) allowlist key the contract stores\n * and checks. The contract is agnostic to the derivation — it only compares\n * stored keys — so the SDK owns it; minting an allowed counterparty and\n * enforcing an action MUST use the same derivation. Capability-scoped (the id\n * is in the preimage) so there is no cross-capability collision.\n */\nexport async function counterpartyKey(\n capabilityId: string,\n counterparty: string,\n): Promise<string> {\n const preimage = concat(decodeAddress(capabilityId), decodeAddress(counterparty));\n return encodeAddress(await sha256(preimage));\n}\n\nexport { sha256, u64be, concat };\n","/**\n * @cinchor/sdk — connection + deployment configuration.\n *\n * Everything that ties the SDK to a specific network and a specific deployed\n * accountability contract is injected here, not hardcoded. A consumer points\n * the SDK at their target network (devnet, testnet, mainnet) and the address of\n * the deployed contract they were given.\n */\n\n/** Network coordinates the SDK talks to. */\nexport interface NetworkConfig {\n /** Human-readable network name (informational). */\n name: string;\n /** Omne chain id (Ignis devnet = 3). Signed into every transaction. */\n chainId: number;\n /** JSON-RPC endpoint URL. */\n rpcUrl: string;\n}\n\n/**\n * The deployed accountability contract the SDK calls.\n *\n * `name` is the on-chain contract module name; the runtime resolves calls via\n * the full export path `axiom_contract::<name>::<function>`, which `exportPrefix`\n * encodes. These are deployment details, not brand surfaces — point them at\n * whatever contract instance you were given.\n */\nexport interface ContractConfig {\n /** On-chain contract module name. */\n name: string;\n /** Deployed contract address (om1z bech32m). */\n address: string;\n /** Runtime export prefix: `axiom_contract::<name>::`. Derived if omitted. */\n exportPrefix?: string;\n}\n\n/** Full SDK configuration. */\nexport interface CinchorConfig {\n network: NetworkConfig;\n contract: ContractConfig;\n /** Default gas limit for write calls. */\n defaultGasLimit?: number;\n /** Default gas price (quar) for write calls. Ignis devnet base fee = 5000. */\n defaultGasPrice?: string;\n}\n\n/** Resolve a contract export prefix, deriving the default from the name. */\nexport function exportPrefixFor(contract: ContractConfig): string {\n return contract.exportPrefix ?? `axiom_contract::${contract.name}::`;\n}\n\nexport const DEFAULT_GAS_LIMIT = 200_000;\nexport const DEFAULT_GAS_PRICE = '5000';\n\n/**\n * A never-minted 32-byte sentinel capability id (witness v2, 32 bytes of 0xDE).\n * Used as the counterparty placeholder when allowlist enforcement is disabled.\n */\nexport const BURN_SENTINEL =\n 'om1zmm0dahk7mm0dahk7mm0dahk7mm0dahk7mm0dahk7mm0dahk7mm0qdtuxap';\n\n/** Convenience preset for the local Ignis devnet. */\nexport const IGNIS_LOCAL: NetworkConfig = {\n name: 'ignis',\n chainId: 3,\n rpcUrl: 'http://127.0.0.1:26657',\n};\n","/**\n * @cinchor/sdk — shared types and on-chain outcome codes.\n *\n * These mirror the typed return codes the on-chain accountability contract\n * (the substrate Policy Enforcement Point) emits. They are the contract of the\n * substrate, surfaced to the developer as named outcomes rather than integers.\n */\n\n/** Lifecycle state of a capability (permission token). */\nexport enum CapabilityStatus {\n NotFound = 0,\n Active = 1,\n Revoked = 2,\n}\n\nexport type CapabilityStatusLabel = 'not_found' | 'active' | 'revoked';\n\nexport const CAPABILITY_STATUS_LABELS: readonly CapabilityStatusLabel[] = [\n 'not_found',\n 'active',\n 'revoked',\n] as const;\n\n/**\n * Result of an `enforce()` call — the substrate's authorize-or-refuse verdict\n * for an action recorded under a capability. Code 1 is the only allow; every\n * other code is a substrate-enforced refusal (no state mutation occurred).\n */\nexport enum EnforcementCode {\n NotFound = 0,\n Allowed = 1,\n Revoked = 2,\n Expired = 3,\n OverBudget = 4,\n OutOfAllowlist = 5,\n}\n\nexport type EnforcementLabel =\n | 'not_found'\n | 'allowed'\n | 'revoked'\n | 'expired'\n | 'over_budget'\n | 'out_of_allowlist';\n\nexport const ENFORCEMENT_LABELS: Record<EnforcementCode, EnforcementLabel> = {\n [EnforcementCode.NotFound]: 'not_found',\n [EnforcementCode.Allowed]: 'allowed',\n [EnforcementCode.Revoked]: 'revoked',\n [EnforcementCode.Expired]: 'expired',\n [EnforcementCode.OverBudget]: 'over_budget',\n [EnforcementCode.OutOfAllowlist]: 'out_of_allowlist',\n};\n\n/** Verdict committed alongside a decision attestation. */\nexport enum Verdict {\n InPolicy = 1,\n OutOfPolicy = 2,\n}\n\n/** A signer compatible with the Omne SDK's WalletAccount.\n *\n * Defined structurally so callers can pass any object exposing an om1z\n * `address` and a `signTransaction` method — they need not import the Omne\n * SDK's concrete `WalletAccount` type to use Cinchor.\n */\nexport interface Signer {\n readonly address: string;\n signTransaction(\n tx: Record<string, unknown>,\n opts?: { chainId?: number },\n ): {\n from: string;\n to: string;\n value: string;\n gasLimit: number;\n gasPrice: string;\n nonce: number;\n chainId: number;\n data?: string;\n signature: string;\n publicKey: string;\n };\n}\n\n/** Receipt-shaped result returned from a committed (or pending) write. */\nexport interface SubmitReceipt {\n transactionHash: string | null;\n status: string;\n blockNumber: number | null;\n note?: string;\n}\n\n/** The outcome of an `enforce()` call. */\nexport interface EnforcementOutcome {\n /** True only when the substrate authorized the action (code 1). */\n allowed: boolean;\n code: EnforcementCode;\n reason: EnforcementLabel;\n receipt: SubmitReceipt;\n}\n\n/** Full on-chain state of a capability. */\nexport interface CapabilityState {\n capabilityId: string;\n status: CapabilityStatus;\n statusLabel: CapabilityStatusLabel;\n principal: string;\n agent: string;\n maxSpend: bigint;\n validUntil: bigint;\n totalSpent: bigint;\n actionCount: bigint;\n createdAt: bigint;\n revokedAt: bigint;\n}\n\n/** On-chain record of a decision attestation (the tamper-evidence anchor). */\nexport interface AttestationRecord {\n exists: boolean;\n contextHash: string;\n policyVersion: bigint;\n verdict: number;\n time: bigint;\n}\n","/**\n * @cinchor/sdk — decision attestation (provable-after).\n *\n * A decision attestation commits, on-chain, the HASH of a decision's full\n * context (inputs the agent saw, policy version, model, reasoning, output) plus\n * a verdict — bound to the policy version in force at decision time. The full\n * artifact lives off-chain; the tamper-evidence property is that anyone can\n * re-hash the off-chain artifact and confirm it matches the on-chain\n * context_hash. If a byte changed, the hashes diverge and tampering is detected.\n *\n * This is what makes non-payment decisions (claims denials, underwriting calls)\n * accountable: provable after the fact to a party who does not trust the operator.\n */\n\nimport { encodeAddress, decodeAddress, sha256, u64be, concat } from './address.js';\n\n/**\n * Deterministic JSON: object keys sorted recursively so the same logical\n * context always serializes to the same bytes (stable hashing across machines).\n */\nexport function canonicalJson(value: unknown): string {\n const norm = (v: unknown): unknown => {\n if (Array.isArray(v)) return v.map(norm);\n if (v && typeof v === 'object') {\n return Object.keys(v as Record<string, unknown>)\n .sort()\n .reduce((acc: Record<string, unknown>, k) => {\n acc[k] = norm((v as Record<string, unknown>)[k]);\n return acc;\n }, {});\n }\n return v;\n };\n return JSON.stringify(norm(value));\n}\n\n/** Hash a decision-context object to a 32-byte om1z commitment. */\nexport async function hashDecisionContext(context: unknown): Promise<string> {\n const bytes = new TextEncoder().encode(canonicalJson(context));\n return encodeAddress(await sha256(bytes));\n}\n\n/**\n * Derive a deterministic attestation id from (capabilityId, contextHash, seq).\n * The contract enforces first-write, so reuse fails. Returns a 32-byte om1z id.\n */\nexport async function deriveAttestationId(\n capabilityId: string,\n contextHash: string,\n seq: number,\n): Promise<string> {\n const preimage = concat(\n decodeAddress(capabilityId),\n decodeAddress(contextHash),\n u64be(seq),\n );\n return encodeAddress(await sha256(preimage));\n}\n\n/**\n * Tamper check: re-hash a decision context and confirm it matches the on-chain\n * commitment. Returns whether it matches and the recomputed hash.\n */\nexport async function verifyDecisionContext(\n context: unknown,\n onChainContextHash: string,\n): Promise<{ ok: boolean; recomputed: string }> {\n const recomputed = await hashDecisionContext(context);\n return { ok: recomputed === onChainContextHash, recomputed };\n}\n","/**\n * @cinchor/sdk — the high-level developer facade.\n *\n * Two verbs carry the product:\n * - enforce(action) — authorize-or-refuse a consequential action. The\n * substrate is the Policy Enforcement Point: an\n * out-of-scope action commits no state change.\n * - attest(decision) — commit a tamper-evident, independently-verifiable\n * record of a decision and its context.\n *\n * Plus the capability lifecycle (mint / revoke / update / allow-counterparty)\n * and the audit reads a relying party uses to verify without trusting you.\n *\n * The chain is the substrate, not the product: callers `import` this, wrap\n * their agent's decision points, and never manage a blockchain.\n */\n\nimport { CapabilityRegistry } from './capability-registry.js';\nimport { hashDecisionContext, deriveAttestationId, verifyDecisionContext } from './attestation.js';\nimport { deriveCapabilityId } from './address.js';\nimport { type CinchorConfig, BURN_SENTINEL } from './config.js';\nimport {\n CapabilityStatus,\n EnforcementCode,\n ENFORCEMENT_LABELS,\n Verdict,\n type Signer,\n type SubmitReceipt,\n type EnforcementOutcome,\n type CapabilityState,\n type AttestationRecord,\n} from './types.js';\n\n/** Current UNIX time in seconds, as the bigint the contract expects. */\nexport function nowSecs(): bigint {\n return BigInt(Math.floor(Date.now() / 1000));\n}\n\n/**\n * Poll `read` until `done` holds or the timeout elapses, returning the last\n * value read. A committed transaction's receipt can resolve before the\n * committed state is consistently queryable on a multi-validator mesh; settling\n * makes read-after-write deterministic for the caller.\n */\nasync function settle<T>(\n read: () => Promise<T>,\n done: (v: T) => boolean,\n timeoutMs = 12_000,\n intervalMs = 750,\n): Promise<T> {\n const start = Date.now();\n let last = await read();\n while (!done(last) && Date.now() - start < timeoutMs) {\n await new Promise((r) => setTimeout(r, intervalMs));\n last = await read();\n }\n return last;\n}\n\nexport interface MintCapabilityOptions {\n /** The principal granting authority. Signs the mint. */\n principal: Signer;\n /** om1z address of the agent being granted scoped authority. */\n agent: string;\n /** Spend ceiling (in the unit the action amounts are denominated in). */\n maxSpend: bigint;\n /** Absolute expiry (UNIX seconds). Provide this OR `ttlSeconds`. */\n validUntil?: bigint;\n /** Relative expiry from now (seconds). Used when `validUntil` is omitted. */\n ttlSeconds?: number;\n /** Enforce a counterparty allowlist on every action under this capability. */\n allowlist?: boolean;\n /** Uniqueness nonce for the derived id. Defaults to a random value. */\n nonce?: number;\n /** Override the recorded creation time (UNIX seconds). Defaults to now. */\n currentTime?: bigint;\n gasLimit?: number;\n}\n\nexport interface MintCapabilityResult {\n capabilityId: string;\n receipt: SubmitReceipt;\n}\n\nexport interface EnforceOptions {\n /** The capability id authorizing this action. */\n capability: string;\n /** The agent performing the action. Signs the record. */\n agent: Signer;\n /** Amount this action spends against the capability's ceiling. */\n amount: bigint;\n /** om1z counterparty the action transacts with (required if allowlisted). */\n counterparty?: string;\n /** Override the action time (UNIX seconds). Defaults to now. */\n currentTime?: bigint;\n gasLimit?: number;\n}\n\nexport interface AttestOptions {\n /** The capability the decision was made under (binds the policy version). */\n capability: string;\n /** The agent attesting. Signs the attestation. */\n agent: Signer;\n /** The full decision context. Hashed canonically; the hash is committed. */\n context: unknown;\n /** Verdict committed alongside the context. Defaults to in-policy. */\n verdict?: Verdict;\n /** Sequence number disambiguating multiple attestations. Defaults to 0. */\n seq?: number;\n currentTime?: bigint;\n gasLimit?: number;\n}\n\nexport interface AttestResult {\n attestationId: string;\n contextHash: string;\n verdict: Verdict;\n receipt: SubmitReceipt;\n}\n\nexport class CinchorClient {\n readonly registry: CapabilityRegistry;\n\n private constructor(registry: CapabilityRegistry) {\n this.registry = registry;\n }\n\n /** Connect to a network + deployed accountability contract. */\n static async connect(config: CinchorConfig): Promise<CinchorClient> {\n return new CinchorClient(await CapabilityRegistry.connect(config));\n }\n\n // ── Capability lifecycle ─────────────────────────────────────────\n\n /**\n * Mint a cryptographically-scoped capability to an agent: capability, spend\n * ceiling, validity window, revocable at will. Returns the derived capability\n * id and the commit receipt.\n */\n async mintCapability(opts: MintCapabilityOptions): Promise<MintCapabilityResult> {\n const currentTime = opts.currentTime ?? nowSecs();\n const validUntil =\n opts.validUntil ??\n (opts.ttlSeconds !== undefined\n ? currentTime + BigInt(opts.ttlSeconds)\n : (() => {\n throw new Error('mintCapability requires either validUntil or ttlSeconds');\n })());\n const nonce = opts.nonce ?? Math.floor(Math.random() * 2 ** 48);\n const capabilityId = await deriveCapabilityId(\n opts.principal.address,\n opts.agent,\n nonce,\n Number(currentTime),\n );\n const receipt = await this.registry.mintPermission({\n signer: opts.principal,\n capabilityId,\n principal: opts.principal.address,\n agent: opts.agent,\n maxSpend: opts.maxSpend,\n validUntil,\n allowlistEnabled: opts.allowlist,\n currentTime,\n gasLimit: opts.gasLimit,\n });\n await settle(\n () => this.getCapability(capabilityId),\n (c) => c.status === CapabilityStatus.Active,\n );\n return { capabilityId, receipt };\n }\n\n /** Revoke a capability. Terminal. Signed by the principal. */\n async revoke(opts: {\n capability: string;\n principal: Signer;\n currentTime?: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n const receipt = await this.registry.revokePermission({\n signer: opts.principal,\n capabilityId: opts.capability,\n currentTime: opts.currentTime ?? nowSecs(),\n gasLimit: opts.gasLimit,\n });\n await settle(\n () => this.getCapability(opts.capability),\n (c) => c.status === CapabilityStatus.Revoked,\n );\n return receipt;\n }\n\n /** Update a capability's policy (limits) and bump its on-chain version. */\n updatePolicy(opts: {\n capability: string;\n principal: Signer;\n maxSpend: bigint;\n validUntil: bigint;\n currentTime?: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n return this.registry.updatePolicy({\n signer: opts.principal,\n capabilityId: opts.capability,\n newMaxSpend: opts.maxSpend,\n newValidUntil: opts.validUntil,\n currentTime: opts.currentTime ?? nowSecs(),\n gasLimit: opts.gasLimit,\n });\n }\n\n /** Authorize a counterparty for a capability's allowlist. */\n allowCounterparty(opts: {\n capability: string;\n principal: Signer;\n counterparty: string;\n currentTime?: bigint;\n gasLimit?: number;\n }): Promise<SubmitReceipt> {\n return this.registry.addAllowedCounterparty({\n signer: opts.principal,\n capabilityId: opts.capability,\n counterparty: opts.counterparty,\n currentTime: opts.currentTime ?? nowSecs(),\n gasLimit: opts.gasLimit,\n });\n }\n\n // ── The two verbs ────────────────────────────────────────────────\n\n /**\n * Authorize-or-refuse a consequential action. The substrate enforces the\n * capability's invariants atomically: an out-of-scope action commits no state\n * change. The verdict is read back from committed state (a record_action\n * receipt does not carry the contract's return code).\n *\n * Verdict classification assumes serial, single-signer use of the capability\n * (one in-flight action at a time) — the documented integration pattern.\n */\n async enforce(opts: EnforceOptions): Promise<EnforcementOutcome> {\n const currentTime = opts.currentTime ?? nowSecs();\n const before = await this.registry.getCapabilityState(opts.capability);\n const receipt = await this.registry.recordAction({\n signer: opts.agent,\n capabilityId: opts.capability,\n amountSpent: opts.amount,\n counterparty: opts.counterparty,\n currentTime,\n gasLimit: opts.gasLimit,\n });\n // Settle the after-read: an allowed action increments actionCount once the\n // commit is observable. A refusal never commits, so this times out with the\n // count unchanged — correctly classified as refused below.\n const after = await settle(\n () => this.registry.getCapabilityState(opts.capability),\n (a) => a.actionCount > before.actionCount,\n 8_000,\n );\n const code = await this.classify(before, after, opts.amount, currentTime, opts);\n return { allowed: code === EnforcementCode.Allowed, code, reason: ENFORCEMENT_LABELS[code], receipt };\n }\n\n private async classify(\n before: CapabilityState,\n after: CapabilityState,\n amount: bigint,\n t: bigint,\n opts: EnforceOptions,\n ): Promise<EnforcementCode> {\n // Success: the action committed (count incremented and spend advanced).\n if (after.actionCount > before.actionCount && after.totalSpent === before.totalSpent + amount) {\n return EnforcementCode.Allowed;\n }\n // No commit → a refusal. Identify the reason in the contract's precedence.\n if (before.status === CapabilityStatus.NotFound) return EnforcementCode.NotFound;\n if (before.status === CapabilityStatus.Revoked) return EnforcementCode.Revoked;\n if (t > before.validUntil) return EnforcementCode.Expired;\n if (before.totalSpent + amount > before.maxSpend) return EnforcementCode.OverBudget;\n if (await this.registry.getAllowlistEnabled(opts.capability)) {\n const cp = opts.counterparty ?? BURN_SENTINEL;\n if (!(await this.registry.isCounterpartyAllowed(opts.capability, cp))) {\n return EnforcementCode.OutOfAllowlist;\n }\n }\n // Unreachable for serial single-signer use against a committed tx; treat as\n // a conservative not-allowed (e.g. a pending receipt or a concurrent writer).\n return EnforcementCode.NotFound;\n }\n\n /**\n * Commit a tamper-evident attestation of a decision. The full context is\n * hashed canonically; the hash + verdict are committed on-chain, bound to the\n * capability's current policy version. An auditor later re-hashes the\n * off-chain artifact and confirms it matches (see {@link verifyAttestation}).\n */\n async attest(opts: AttestOptions): Promise<AttestResult> {\n const currentTime = opts.currentTime ?? nowSecs();\n const verdict = opts.verdict ?? Verdict.InPolicy;\n const seq = opts.seq ?? 0;\n const contextHash = await hashDecisionContext(opts.context);\n const attestationId = await deriveAttestationId(opts.capability, contextHash, seq);\n const receipt = await this.registry.recordAttestation({\n signer: opts.agent,\n attestationId,\n capabilityId: opts.capability,\n contextHash,\n verdict,\n currentTime,\n gasLimit: opts.gasLimit,\n });\n await settle(() => this.registry.getAttestation(attestationId), (a) => a.exists);\n return { attestationId, contextHash, verdict, receipt };\n }\n\n // ── Audit (reads; no signer required) ────────────────────────────\n\n /** Read the full on-chain state of a capability. */\n getCapability(capabilityId: string): Promise<CapabilityState> {\n return this.registry.getCapabilityState(capabilityId);\n }\n\n /** Read a decision attestation's on-chain record. */\n getAttestation(attestationId: string): Promise<AttestationRecord> {\n return this.registry.getAttestation(attestationId);\n }\n\n /**\n * Tamper check: re-hash a decision context and confirm it matches the\n * attestation's on-chain commitment. Returns whether it matches, the\n * recomputed hash, and the on-chain record.\n */\n async verifyAttestation(\n context: unknown,\n attestationId: string,\n ): Promise<{ ok: boolean; recomputed: string; onChain: AttestationRecord }> {\n const onChain = await this.registry.getAttestation(attestationId);\n const { ok, recomputed } = await verifyDecisionContext(context, onChain.contextHash);\n return { ok: ok && onChain.exists, recomputed, onChain };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACeA,IAAAA,cAOO;;;ACVP,kBAAwB;AACxB,iBAA0C;AAE1C,IAAM,cAAc;AACpB,IAAM,kBAAkB;AAGjB,SAAS,cAAc,SAA6B;AACzD,QAAM,EAAE,QAAQ,MAAM,IAAI,oBAAQ,OAAO,OAAgC;AACzE,MAAI,WAAW,aAAa;AAC1B,UAAM,IAAI,MAAM,kCAAkC,WAAW,WAAW,MAAM,GAAG;AAAA,EACnF;AACA,MAAI,MAAM,CAAC,MAAM,iBAAiB;AAChC,UAAM,IAAI,MAAM,qCAAqC,eAAe,SAAS,MAAM,CAAC,CAAC,EAAE;AAAA,EACzF;AACA,SAAO,IAAI,WAAW,oBAAQ,UAAU,MAAM,KAAK,MAAM,MAAM,CAAC,CAAC,CAAC,CAAC;AACrE;AAGO,SAAS,cAAc,SAA6B;AACzD,MAAI,QAAQ,WAAW,IAAI;AACzB,UAAM,IAAI,MAAM,yCAAyC,QAAQ,MAAM,EAAE;AAAA,EAC3E;AACA,QAAM,YAAY,oBAAQ,QAAQ,OAAO;AACzC,QAAM,QAAQ,IAAI,WAAW,UAAU,SAAS,CAAC;AACjD,QAAM,CAAC,IAAI;AACX,QAAM,IAAI,WAAW,CAAC;AACtB,SAAO,oBAAQ,OAAO,aAAa,KAAK;AAC1C;AAOO,SAAS,WAAW,SAA8B;AACvD,SAAO,EAAE,MAAM,mBAAQ,SAAS,MAAM,cAAc,OAAO,EAAE;AAC/D;AAEA,eAAe,OAAO,OAAwC;AAG5D,QAAM,KAAK,IAAI,YAAY,MAAM,UAAU;AAC3C,MAAI,WAAW,EAAE,EAAE,IAAI,KAAK;AAC5B,SAAO,IAAI,WAAW,MAAM,OAAO,OAAO,OAAO,WAAW,EAAE,CAAC;AACjE;AAEA,SAAS,MAAM,OAAoC;AACjD,QAAM,IAAI,IAAI,WAAW,CAAC;AAC1B,MAAI,SAAS,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,KAAK,GAAG,KAAK;AAC3D,SAAO;AACT;AAEA,SAAS,UAAU,OAAiC;AAClD,QAAM,QAAQ,MAAM,OAAO,CAAC,GAAG,MAAM,IAAI,EAAE,QAAQ,CAAC;AACpD,QAAM,MAAM,IAAI,WAAW,KAAK;AAChC,MAAI,MAAM;AACV,aAAW,KAAK,OAAO;AACrB,QAAI,IAAI,GAAG,GAAG;AACd,WAAO,EAAE;AAAA,EACX;AACA,SAAO;AACT;AAOA,eAAsB,mBACpB,WACA,OACA,OACA,WACiB;AACjB,QAAM,WAAW;AAAA,IACf,cAAc,SAAS;AAAA,IACvB,cAAc,KAAK;AAAA,IACnB,MAAM,KAAK;AAAA,IACX,MAAM,SAAS;AAAA,EACjB;AACA,SAAO,cAAc,MAAM,OAAO,QAAQ,CAAC;AAC7C;AASA,eAAsB,gBACpB,cACA,cACiB;AACjB,QAAM,WAAW,OAAO,cAAc,YAAY,GAAG,cAAc,YAAY,CAAC;AAChF,SAAO,cAAc,MAAM,OAAO,QAAQ,CAAC;AAC7C;;;AC9DO,SAAS,gBAAgB,UAAkC;AAChE,SAAO,SAAS,gBAAgB,mBAAmB,SAAS,IAAI;AAClE;AAEO,IAAM,oBAAoB;AAC1B,IAAM,oBAAoB;AAM1B,IAAM,gBACX;AAGK,IAAM,cAA6B;AAAA,EACxC,MAAM;AAAA,EACN,SAAS;AAAA,EACT,QAAQ;AACV;;;ACzDO,IAAK,mBAAL,kBAAKC,sBAAL;AACL,EAAAA,oCAAA,cAAW,KAAX;AACA,EAAAA,oCAAA,YAAS,KAAT;AACA,EAAAA,oCAAA,aAAU,KAAV;AAHU,SAAAA;AAAA,GAAA;AAQL,IAAM,2BAA6D;AAAA,EACxE;AAAA,EACA;AAAA,EACA;AACF;AAOO,IAAK,kBAAL,kBAAKC,qBAAL;AACL,EAAAA,kCAAA,cAAW,KAAX;AACA,EAAAA,kCAAA,aAAU,KAAV;AACA,EAAAA,kCAAA,aAAU,KAAV;AACA,EAAAA,kCAAA,aAAU,KAAV;AACA,EAAAA,kCAAA,gBAAa,KAAb;AACA,EAAAA,kCAAA,oBAAiB,KAAjB;AANU,SAAAA;AAAA,GAAA;AAiBL,IAAM,qBAAgE;AAAA,EAC3E,CAAC,gBAAwB,GAAG;AAAA,EAC5B,CAAC,eAAuB,GAAG;AAAA,EAC3B,CAAC,eAAuB,GAAG;AAAA,EAC3B,CAAC,eAAuB,GAAG;AAAA,EAC3B,CAAC,kBAA0B,GAAG;AAAA,EAC9B,CAAC,sBAA8B,GAAG;AACpC;AAGO,IAAK,UAAL,kBAAKC,aAAL;AACL,EAAAA,kBAAA,cAAW,KAAX;AACA,EAAAA,kBAAA,iBAAc,KAAd;AAFU,SAAAA;AAAA,GAAA;;;AHXZ,SAAS,SAAS,GAA+C;AAC/D,SAAO,OAAO,KAAK,CAAC;AACtB;AAEA,SAAS,SAAS,GAA+C;AAC/D,SAAO,OAAO,KAAK,CAAC;AACtB;AAEO,IAAM,qBAAN,MAAM,oBAAmB;AAAA,EACb;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA,SAAS,oBAAI,IAAoB;AAAA,EAE1C,YAAY,UAAwB,QAAuB;AACjE,SAAK,WAAW;AAChB,SAAK,SAAS,OAAO,QAAQ;AAC7B,SAAK,UAAU,OAAO,QAAQ;AAC9B,SAAK,kBAAkB,OAAO,SAAS;AACvC,SAAK,eAAe,gBAAgB,OAAO,QAAQ;AACnD,SAAK,kBAAkB,OAAO,mBAAmB;AACjD,SAAK,kBAAkB,OAAO,mBAAmB;AAAA,EACnD;AAAA,EAEA,aAAa,QAAQ,QAAoD;AACvE,UAAM,SAAS,IAAI,uBAAW,OAAO,QAAQ,MAAM;AACnD,UAAM,OAAO,QAAQ;AACrB,UAAM,WAAW,IAAI,yBAAa,QAAQ,OAAO,SAAS,OAAO;AACjE,WAAO,IAAI,oBAAmB,UAAU,MAAM;AAAA,EAChD;AAAA,EAEQ,GAAG,MAAsB;AAC/B,WAAO,KAAK,eAAe;AAAA,EAC7B;AAAA;AAAA,EAGA,MAAc,IAAiB,QAAgB,QAA+B;AAC5E,UAAM,OAAO,MAAM,MAAM,KAAK,QAAQ;AAAA,MACpC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,SAAS,OAAO,QAAQ,QAAQ,IAAI,EAAE,CAAC;AAAA,IAChE,CAAC;AACD,QAAI,CAAC,KAAK,IAAI;AACZ,YAAM,IAAI,MAAM,GAAG,MAAM,SAAS,KAAK,MAAM,KAAK,MAAM,KAAK,KAAK,CAAC,EAAE;AAAA,IACvE;AACA,UAAM,OAAQ,MAAM,KAAK,KAAK;AAC9B,QAAI,KAAK,MAAO,OAAM,IAAI,MAAM,GAAG,MAAM,cAAc,KAAK,MAAM,WAAW,SAAS,EAAE;AACxF,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAc,WACZ,QACA,QACA,MACA,WAAW,KAAK,iBACQ;AACxB,UAAM,WAAO,gCAAmB,KAAK,GAAG,MAAM,GAAG,IAAI;AAQrD,QAAI,QAAQ,KAAK,OAAO,IAAI,OAAO,OAAO;AAC1C,QAAI,UAAU,OAAW,SAAQ,MAAM,KAAK,WAAW,OAAO,OAAO;AAOrE,aAAS,UAAU,GAAG,UAAU,GAAG,WAAW;AAC5C,YAAM,OAAO,KAAK,gBAAgB,QAAQ,MAAM,OAAO,QAAQ;AAC/D,YAAM,MAAM,MAAM,KAAK,WAAW,IAAI;AACtC,UAAI,IAAI,WAAW,QAAQ,IAAI,WAAW,aAAa;AACrD,aAAK,OAAO,IAAI,OAAO,SAAS,QAAQ,CAAC;AACzC,eAAO,KAAK,YAAY,IAAI,MAAM;AAAA,MACpC;AACA,YAAM,QAAQ,MAAM,KAAK,WAAW,OAAO,OAAO;AAClD,UAAI,YAAY,KAAK,QAAQ,OAAO;AAClC,gBAAQ;AACR,aAAK,OAAO,IAAI,OAAO,SAAS,KAAK;AACrC;AAAA,MACF;AACA,YAAM,IAAI;AAAA,QACR,8BAA8B,KAAK,6BAA6B,KAAK;AAAA,MACvE;AAAA,IACF;AACA,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACzD;AAAA;AAAA,EAGA,MAAc,WAAW,SAAkC;AACzD,QAAI;AACF,YAAM,IAAI,MAAM,KAAK,IAAa,iBAAiB,CAAC,OAAO,CAAC;AAC5D,aAAO,OAAO,KAAK,CAAC;AAAA,IACtB,QAAQ;AACN,YAAM,OAAO,MAAM,KAAK,IAAwB,mBAAmB,CAAC,OAAO,CAAC;AAC5E,aAAO,OAAO,MAAM,SAAS,CAAC;AAAA,IAChC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOQ,gBACN,QACA,MACA,OACA,UACyB;AACzB,UAAM,KAAK;AAAA,MACT,MAAM,OAAO;AAAA,MACb,IAAI,KAAK;AAAA,MACT,OAAO;AAAA,MACP;AAAA,MACA,UAAU,KAAK;AAAA,MACf;AAAA,MACA;AAAA,MACA,SAAS,KAAK;AAAA,IAChB;AACA,UAAM,SAAS,OAAO,gBAAgB,IAAI,EAAE,SAAS,KAAK,QAAQ,CAAC;AAEnE,QAAI,OAAO,OAAO,cAAc,YAAY,CAAC,oBAAoB,KAAK,OAAO,SAAS,GAAG;AACvF,YAAM,IAAI;AAAA,QACR,yFAAyF,OAAO,WAAW,UAAU,CAAC;AAAA,MACxH;AAAA,IACF;AACA,QAAI,OAAO,OAAO,cAAc,YAAY,CAAC,oBAAoB,KAAK,OAAO,SAAS,GAAG;AACvF,YAAM,IAAI;AAAA,QACR,0FAA0F,OAAO,WAAW,UAAU,CAAC;AAAA,MACzH;AAAA,IACF;AACA,QAAI,CAAC,OAAO,UAAU,OAAO,OAAO,KAAK,OAAO,UAAU,GAAG;AAC3D,YAAM,IAAI,MAAM,yCAAyC,OAAO,OAAO,EAAE;AAAA,IAC3E;AACA,WAAO;AAAA,MACL,MAAM,OAAO;AAAA,MACb,IAAI,OAAO;AAAA,MACX,OAAO,OAAO;AAAA,MACd,UAAU,OAAO;AAAA,MACjB,UAAU,OAAO;AAAA,MACjB,OAAO,OAAO;AAAA,MACd,SAAS,OAAO;AAAA,MAChB,MAAM,OAAO,QAAQ;AAAA,MACrB,WAAW,EAAE,WAAW,OAAO,WAAW,WAAW,OAAO,UAAU;AAAA,IACxE;AAAA,EACF;AAAA;AAAA,EAGA,MAAc,WACZ,MAC0D;AAC1D,UAAM,OAAO,MAAM,MAAM,KAAK,QAAQ;AAAA,MACpC,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,SAAS,OAAO,QAAQ,wBAAwB,QAAQ,CAAC,IAAI,GAAG,IAAI,EAAE,CAAC;AAAA,IAChG,CAAC;AACD,QAAI,CAAC,KAAK,IAAI;AACZ,YAAM,IAAI,MAAM,6BAA6B,KAAK,MAAM,KAAK,MAAM,KAAK,KAAK,CAAC,EAAE;AAAA,IAClF;AACA,UAAM,OAAQ,MAAM,KAAK,KAAK;AAI9B,QAAI,KAAK,OAAO;AACd,YAAM,MAAM,OAAO,KAAK,MAAM,WAAW,KAAK,KAAK;AACnD,UAAI,8CAA8C,KAAK,GAAG,GAAG;AAC3D,eAAO,EAAE,QAAQ,aAAa,QAAQ,KAAK;AAAA,MAC7C;AACA,UAAI,qCAAqC,KAAK,GAAG,GAAG;AAClD,eAAO,EAAE,QAAQ,eAAe,QAAQ,KAAK;AAAA,MAC/C;AACA,YAAM,IAAI,MAAM,kCAAkC,GAAG,EAAE;AAAA,IACzD;AACA,UAAM,IAAI,KAAK;AACf,WAAO,EAAE,QAAQ,MAAM,QAAQ,OAAO,MAAM,WAAW,IAAK,GAAG,mBAAmB,KAAM;AAAA,EAC1F;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAc,YACZ,QACA,YAAY,KACZ,aAAa,KACW;AACxB,QAAI,CAAC,OAAQ,QAAO,EAAE,iBAAiB,MAAM,QAAQ,aAAa,aAAa,KAAK;AACpF,UAAM,QAAQ,KAAK,IAAI;AACvB,QAAI,qBAAoC;AACxC,WAAO,KAAK,IAAI,IAAI,QAAQ,WAAW;AACrC,UAAI;AACF,cAAM,IAAI,MAAM,KAAK,IAA0B,8BAA8B,CAAC,MAAM,CAAC;AACrF,YAAI,EAAG,QAAO;AAAA,MAChB,SAAS,GAAY;AACnB,cAAM,MAAM,aAAa,QAAQ,EAAE,UAAU,OAAO,CAAC;AACrD,YAAI,kDAAkD,KAAK,GAAG,GAAG;AAAA,QAEjE,OAAO;AACL,+BAAqB;AAAA,QACvB;AAAA,MACF;AACA,YAAM,IAAI,QAAQ,CAAC,QAAQ,WAAW,KAAK,UAAU,CAAC;AAAA,IACxD;AACA,WAAO;AAAA,MACL,iBAAiB;AAAA,MACjB,QAAQ;AAAA,MACR,aAAa;AAAA,MACb,MAAM,qBACF,gCAAgC,SAAS,6BAA6B,kBAAkB,KACxF,gCAAgC,SAAS;AAAA,IAC/C;AAAA,EACF;AAAA;AAAA,EAIA,MAAc,YAAY,QAAgB,IAA6B;AACrE,UAAM,IAAI,MAAM,KAAK,SAAS,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AACrE,WAAO,SAAS,EAAE,WAAW;AAAA,EAC/B;AAAA,EAEA,MAAc,YAAY,QAAgB,IAA6B;AACrE,UAAM,IAAI,MAAM,KAAK,SAAS,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AACrE,WAAO,SAAS,EAAE,WAAW;AAAA,EAC/B;AAAA,EAEA,MAAc,aAAa,QAAgB,IAA6B;AACtE,UAAM,IAAI,MAAM,KAAK,SAAS,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;AACrE,WAAO,mBAAmB,EAAE,WAAW;AAAA,EACzC;AAAA,EAEA,UAAU,cAAuC;AAC/C,WAAO,KAAK,YAAY,cAAc,YAAY;AAAA,EACpD;AAAA,EACA,YAAY,cAAuC;AACjD,WAAO,KAAK,YAAY,iBAAiB,YAAY;AAAA,EACvD;AAAA,EACA,cAAc,cAAuC;AACnD,WAAO,KAAK,YAAY,mBAAmB,YAAY;AAAA,EACzD;AAAA,EACA,cAAc,cAAuC;AACnD,WAAO,KAAK,YAAY,mBAAmB,YAAY;AAAA,EACzD;AAAA,EACA,eAAe,cAAuC;AACpD,WAAO,KAAK,YAAY,oBAAoB,YAAY;AAAA,EAC1D;AAAA,EACA,aAAa,cAAuC;AAClD,WAAO,KAAK,YAAY,kBAAkB,YAAY;AAAA,EACxD;AAAA,EACA,aAAa,cAAuC;AAClD,WAAO,KAAK,YAAY,kBAAkB,YAAY;AAAA,EACxD;AAAA,EACA,iBAAiB,cAAuC;AACtD,WAAO,KAAK,YAAY,sBAAsB,YAAY;AAAA,EAC5D;AAAA,EACA,oBAAoB,cAAuC;AACzD,WAAO,KAAK,YAAY,yBAAyB,YAAY;AAAA,EAC/D;AAAA,EAEA,MAAM,oBAAoB,cAAwC;AAChE,WAAQ,MAAM,KAAK,YAAY,yBAAyB,YAAY,MAAO;AAAA,EAC7E;AAAA,EAEA,MAAM,sBAAsB,cAAsB,cAAwC;AACxF,UAAM,MAAM,MAAM,gBAAgB,cAAc,YAAY;AAC5D,UAAM,IAAI,MAAM,KAAK,SAAS,MAAM,KAAK,GAAG,yBAAyB,GAAG,CAAC,WAAW,GAAG,CAAC,CAAC;AACzF,WAAO,SAAS,EAAE,WAAW,MAAM;AAAA,EACrC;AAAA;AAAA,EAGA,MAAM,eAAe,eAAmD;AACtE,UAAM,CAAC,QAAQ,IAAI,IAAI,GAAG,CAAC,IAAI,MAAM,QAAQ,IAAI;AAAA,MAC/C,KAAK,SAAS,MAAM,KAAK,GAAG,wBAAwB,GAAG,CAAC,WAAW,aAAa,CAAC,CAAC;AAAA,MAClF,KAAK,SAAS,MAAM,KAAK,GAAG,8BAA8B,GAAG,CAAC,WAAW,aAAa,CAAC,CAAC;AAAA,MACxF,KAAK,SAAS,MAAM,KAAK,GAAG,gCAAgC,GAAG,CAAC,WAAW,aAAa,CAAC,CAAC;AAAA,MAC1F,KAAK,SAAS,MAAM,KAAK,GAAG,yBAAyB,GAAG,CAAC,WAAW,aAAa,CAAC,CAAC;AAAA,MACnF,KAAK,SAAS,MAAM,KAAK,GAAG,sBAAsB,GAAG,CAAC,WAAW,aAAa,CAAC,CAAC;AAAA,IAClF,CAAC;AACD,WAAO;AAAA,MACL,QAAQ,SAAS,OAAO,WAAW,MAAM;AAAA,MACzC,aAAa,mBAAmB,GAAG,WAAW;AAAA,MAC9C,eAAe,SAAS,GAAG,WAAW;AAAA,MACtC,SAAS,SAAS,EAAE,WAAW;AAAA,MAC/B,MAAM,SAAS,EAAE,WAAW;AAAA,IAC9B;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,mBAAmB,cAAgD;AACvE,UAAM;AAAA,MACJ;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,IAAI,MAAM,QAAQ,IAAI;AAAA,MACpB,KAAK,UAAU,YAAY;AAAA,MAC3B,KAAK,aAAa,iBAAiB,YAAY,EAAE,MAAM,MAAM,EAAE;AAAA,MAC/D,KAAK,aAAa,aAAa,YAAY,EAAE,MAAM,MAAM,EAAE;AAAA,MAC3D,KAAK,YAAY,YAAY;AAAA,MAC7B,KAAK,cAAc,YAAY;AAAA,MAC/B,KAAK,cAAc,YAAY;AAAA,MAC/B,KAAK,eAAe,YAAY;AAAA,MAChC,KAAK,aAAa,YAAY;AAAA,MAC9B,KAAK,aAAa,YAAY;AAAA,IAChC,CAAC;AACD,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA,aAAa,yBAAyB,MAAM,KAAK;AAAA,MACjD;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA;AAAA;AAAA,EAKA,eAAe,MAUY;AACzB,WAAO,KAAK;AAAA,MACV,KAAK;AAAA,MACL;AAAA,MACA;AAAA,QACE,WAAW,KAAK,YAAY;AAAA,QAC5B,WAAW,KAAK,SAAS;AAAA,QACzB,WAAW,KAAK,KAAK;AAAA,QACrB,sBAAU,IAAI,KAAK,QAAQ;AAAA,QAC3B,sBAAU,IAAI,KAAK,UAAU;AAAA,QAC7B,sBAAU,IAAI,KAAK,mBAAmB,KAAK,EAAE;AAAA,QAC7C,sBAAU,IAAI,KAAK,WAAW;AAAA,MAChC;AAAA,MACA,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,uBAAuB,MAMF;AACzB,UAAM,MAAM,MAAM,gBAAgB,KAAK,cAAc,KAAK,YAAY;AACtE,WAAO,KAAK;AAAA,MACV,KAAK;AAAA,MACL;AAAA,MACA,CAAC,WAAW,KAAK,YAAY,GAAG,WAAW,GAAG,GAAG,sBAAU,IAAI,KAAK,WAAW,CAAC;AAAA,MAChF,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA,EAGA,aAAa,MAOc;AACzB,WAAO,KAAK;AAAA,MACV,KAAK;AAAA,MACL;AAAA,MACA;AAAA,QACE,WAAW,KAAK,YAAY;AAAA,QAC5B,sBAAU,IAAI,KAAK,WAAW;AAAA,QAC9B,sBAAU,IAAI,KAAK,aAAa;AAAA,QAChC,sBAAU,IAAI,KAAK,WAAW;AAAA,MAChC;AAAA,MACA,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAa,MAOQ;AACzB,UAAM,KAAK,KAAK,gBAAgB;AAChC,UAAM,MAAM,MAAM,gBAAgB,KAAK,cAAc,EAAE;AACvD,WAAO,KAAK;AAAA,MACV,KAAK;AAAA,MACL;AAAA,MACA;AAAA,QACE,WAAW,KAAK,YAAY;AAAA,QAC5B,sBAAU,IAAI,KAAK,WAAW;AAAA,QAC9B,WAAW,GAAG;AAAA,QACd,sBAAU,IAAI,KAAK,WAAW;AAAA,MAChC;AAAA,MACA,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA,EAGA,iBAAiB,MAKU;AACzB,WAAO,KAAK;AAAA,MACV,KAAK;AAAA,MACL;AAAA,MACA,CAAC,WAAW,KAAK,YAAY,GAAG,sBAAU,IAAI,KAAK,WAAW,CAAC;AAAA,MAC/D,KAAK;AAAA,IACP;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,kBAAkB,MAQS;AACzB,WAAO,KAAK;AAAA,MACV,KAAK;AAAA,MACL;AAAA,MACA;AAAA,QACE,WAAW,KAAK,aAAa;AAAA,QAC7B,WAAW,KAAK,YAAY;AAAA,QAC5B,WAAW,KAAK,WAAW;AAAA,QAC3B,sBAAU,IAAI,OAAO,KAAK,OAAO,CAAC;AAAA,QAClC,sBAAU,IAAI,KAAK,WAAW;AAAA,MAChC;AAAA,MACA,KAAK;AAAA,IACP;AAAA,EACF;AACF;AAQO,SAAS,mBAAmB,aAAyD;AAC1F,MAAI,OAAO,gBAAgB,YAAY,sBAAsB,KAAK,WAAW,GAAG;AAC9E,QAAI,MAAM,YAAY,QAAQ,OAAO,EAAE;AACvC,QAAI,IAAI,SAAS,GAAI,QAAO;AAC5B,UAAM,IAAI,SAAS,IAAI,GAAG;AAC1B,UAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,aAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AAC3B,YAAM,CAAC,IAAI,SAAS,IAAI,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE;AAAA,IACrD;AACA,QAAI;AACF,aAAO,cAAc,KAAK;AAAA,IAC5B,QAAQ;AACN,aAAO;AAAA,IACT;AAAA,EACF;AACA,MAAI,gBAAgB,OAAO,gBAAgB,KAAM,QAAO;AACxD,SAAO,OAAO,WAAW;AAC3B;;;AIthBO,SAAS,cAAc,OAAwB;AACpD,QAAM,OAAO,CAAC,MAAwB;AACpC,QAAI,MAAM,QAAQ,CAAC,EAAG,QAAO,EAAE,IAAI,IAAI;AACvC,QAAI,KAAK,OAAO,MAAM,UAAU;AAC9B,aAAO,OAAO,KAAK,CAA4B,EAC5C,KAAK,EACL,OAAO,CAAC,KAA8B,MAAM;AAC3C,YAAI,CAAC,IAAI,KAAM,EAA8B,CAAC,CAAC;AAC/C,eAAO;AAAA,MACT,GAAG,CAAC,CAAC;AAAA,IACT;AACA,WAAO;AAAA,EACT;AACA,SAAO,KAAK,UAAU,KAAK,KAAK,CAAC;AACnC;AAGA,eAAsB,oBAAoB,SAAmC;AAC3E,QAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,cAAc,OAAO,CAAC;AAC7D,SAAO,cAAc,MAAM,OAAO,KAAK,CAAC;AAC1C;AAMA,eAAsB,oBACpB,cACA,aACA,KACiB;AACjB,QAAM,WAAW;AAAA,IACf,cAAc,YAAY;AAAA,IAC1B,cAAc,WAAW;AAAA,IACzB,MAAM,GAAG;AAAA,EACX;AACA,SAAO,cAAc,MAAM,OAAO,QAAQ,CAAC;AAC7C;AAMA,eAAsB,sBACpB,SACA,oBAC8C;AAC9C,QAAM,aAAa,MAAM,oBAAoB,OAAO;AACpD,SAAO,EAAE,IAAI,eAAe,oBAAoB,WAAW;AAC7D;;;ACnCO,SAAS,UAAkB;AAChC,SAAO,OAAO,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI,CAAC;AAC7C;AAQA,eAAe,OACb,MACA,MACA,YAAY,MACZ,aAAa,KACD;AACZ,QAAM,QAAQ,KAAK,IAAI;AACvB,MAAI,OAAO,MAAM,KAAK;AACtB,SAAO,CAAC,KAAK,IAAI,KAAK,KAAK,IAAI,IAAI,QAAQ,WAAW;AACpD,UAAM,IAAI,QAAQ,CAAC,MAAM,WAAW,GAAG,UAAU,CAAC;AAClD,WAAO,MAAM,KAAK;AAAA,EACpB;AACA,SAAO;AACT;AA+DO,IAAM,gBAAN,MAAM,eAAc;AAAA,EAChB;AAAA,EAED,YAAY,UAA8B;AAChD,SAAK,WAAW;AAAA,EAClB;AAAA;AAAA,EAGA,aAAa,QAAQ,QAA+C;AAClE,WAAO,IAAI,eAAc,MAAM,mBAAmB,QAAQ,MAAM,CAAC;AAAA,EACnE;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,eAAe,MAA4D;AAC/E,UAAM,cAAc,KAAK,eAAe,QAAQ;AAChD,UAAM,aACJ,KAAK,eACJ,KAAK,eAAe,SACjB,cAAc,OAAO,KAAK,UAAU,KACnC,MAAM;AACL,YAAM,IAAI,MAAM,yDAAyD;AAAA,IAC3E,GAAG;AACT,UAAM,QAAQ,KAAK,SAAS,KAAK,MAAM,KAAK,OAAO,IAAI,KAAK,EAAE;AAC9D,UAAM,eAAe,MAAM;AAAA,MACzB,KAAK,UAAU;AAAA,MACf,KAAK;AAAA,MACL;AAAA,MACA,OAAO,WAAW;AAAA,IACpB;AACA,UAAM,UAAU,MAAM,KAAK,SAAS,eAAe;AAAA,MACjD,QAAQ,KAAK;AAAA,MACb;AAAA,MACA,WAAW,KAAK,UAAU;AAAA,MAC1B,OAAO,KAAK;AAAA,MACZ,UAAU,KAAK;AAAA,MACf;AAAA,MACA,kBAAkB,KAAK;AAAA,MACvB;AAAA,MACA,UAAU,KAAK;AAAA,IACjB,CAAC;AACD,UAAM;AAAA,MACJ,MAAM,KAAK,cAAc,YAAY;AAAA,MACrC,CAAC,MAAM,EAAE;AAAA,IACX;AACA,WAAO,EAAE,cAAc,QAAQ;AAAA,EACjC;AAAA;AAAA,EAGA,MAAM,OAAO,MAKc;AACzB,UAAM,UAAU,MAAM,KAAK,SAAS,iBAAiB;AAAA,MACnD,QAAQ,KAAK;AAAA,MACb,cAAc,KAAK;AAAA,MACnB,aAAa,KAAK,eAAe,QAAQ;AAAA,MACzC,UAAU,KAAK;AAAA,IACjB,CAAC;AACD,UAAM;AAAA,MACJ,MAAM,KAAK,cAAc,KAAK,UAAU;AAAA,MACxC,CAAC,MAAM,EAAE;AAAA,IACX;AACA,WAAO;AAAA,EACT;AAAA;AAAA,EAGA,aAAa,MAOc;AACzB,WAAO,KAAK,SAAS,aAAa;AAAA,MAChC,QAAQ,KAAK;AAAA,MACb,cAAc,KAAK;AAAA,MACnB,aAAa,KAAK;AAAA,MAClB,eAAe,KAAK;AAAA,MACpB,aAAa,KAAK,eAAe,QAAQ;AAAA,MACzC,UAAU,KAAK;AAAA,IACjB,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,kBAAkB,MAMS;AACzB,WAAO,KAAK,SAAS,uBAAuB;AAAA,MAC1C,QAAQ,KAAK;AAAA,MACb,cAAc,KAAK;AAAA,MACnB,cAAc,KAAK;AAAA,MACnB,aAAa,KAAK,eAAe,QAAQ;AAAA,MACzC,UAAU,KAAK;AAAA,IACjB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAaA,MAAM,QAAQ,MAAmD;AAC/D,UAAM,cAAc,KAAK,eAAe,QAAQ;AAChD,UAAM,SAAS,MAAM,KAAK,SAAS,mBAAmB,KAAK,UAAU;AACrE,UAAM,UAAU,MAAM,KAAK,SAAS,aAAa;AAAA,MAC/C,QAAQ,KAAK;AAAA,MACb,cAAc,KAAK;AAAA,MACnB,aAAa,KAAK;AAAA,MAClB,cAAc,KAAK;AAAA,MACnB;AAAA,MACA,UAAU,KAAK;AAAA,IACjB,CAAC;AAID,UAAM,QAAQ,MAAM;AAAA,MAClB,MAAM,KAAK,SAAS,mBAAmB,KAAK,UAAU;AAAA,MACtD,CAAC,MAAM,EAAE,cAAc,OAAO;AAAA,MAC9B;AAAA,IACF;AACA,UAAM,OAAO,MAAM,KAAK,SAAS,QAAQ,OAAO,KAAK,QAAQ,aAAa,IAAI;AAC9E,WAAO,EAAE,SAAS,0BAAkC,MAAM,QAAQ,mBAAmB,IAAI,GAAG,QAAQ;AAAA,EACtG;AAAA,EAEA,MAAc,SACZ,QACA,OACA,QACA,GACA,MAC0B;AAE1B,QAAI,MAAM,cAAc,OAAO,eAAe,MAAM,eAAe,OAAO,aAAa,QAAQ;AAC7F;AAAA,IACF;AAEA,QAAI,OAAO,4BAAsC;AACjD,QAAI,OAAO,2BAAqC;AAChD,QAAI,IAAI,OAAO,WAAY;AAC3B,QAAI,OAAO,aAAa,SAAS,OAAO,SAAU;AAClD,QAAI,MAAM,KAAK,SAAS,oBAAoB,KAAK,UAAU,GAAG;AAC5D,YAAM,KAAK,KAAK,gBAAgB;AAChC,UAAI,CAAE,MAAM,KAAK,SAAS,sBAAsB,KAAK,YAAY,EAAE,GAAI;AACrE;AAAA,MACF;AAAA,IACF;AAGA;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,OAAO,MAA4C;AACvD,UAAM,cAAc,KAAK,eAAe,QAAQ;AAChD,UAAM,UAAU,KAAK;AACrB,UAAM,MAAM,KAAK,OAAO;AACxB,UAAM,cAAc,MAAM,oBAAoB,KAAK,OAAO;AAC1D,UAAM,gBAAgB,MAAM,oBAAoB,KAAK,YAAY,aAAa,GAAG;AACjF,UAAM,UAAU,MAAM,KAAK,SAAS,kBAAkB;AAAA,MACpD,QAAQ,KAAK;AAAA,MACb;AAAA,MACA,cAAc,KAAK;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,KAAK;AAAA,IACjB,CAAC;AACD,UAAM,OAAO,MAAM,KAAK,SAAS,eAAe,aAAa,GAAG,CAAC,MAAM,EAAE,MAAM;AAC/E,WAAO,EAAE,eAAe,aAAa,SAAS,QAAQ;AAAA,EACxD;AAAA;AAAA;AAAA,EAKA,cAAc,cAAgD;AAC5D,WAAO,KAAK,SAAS,mBAAmB,YAAY;AAAA,EACtD;AAAA;AAAA,EAGA,eAAe,eAAmD;AAChE,WAAO,KAAK,SAAS,eAAe,aAAa;AAAA,EACnD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,kBACJ,SACA,eAC0E;AAC1E,UAAM,UAAU,MAAM,KAAK,SAAS,eAAe,aAAa;AAChE,UAAM,EAAE,IAAI,WAAW,IAAI,MAAM,sBAAsB,SAAS,QAAQ,WAAW;AACnF,WAAO,EAAE,IAAI,MAAM,QAAQ,QAAQ,YAAY,QAAQ;AAAA,EACzD;AACF;","names":["import_sdk","CapabilityStatus","EnforcementCode","Verdict"]}