@droplinked_inc/wallet-connection 0.1.1

package/CHANGELOG.md

@@ -0,0 +1,16 @@
+# @droplinked_inc/wallet-connection
+
+## 0.1.1
+
+### Patch Changes
+
+- 562318e: Initial publish of `wallet-connection` under the supply-chain rebuild sprint. Hostile-namespace replacement for `droplinked-wallet-connection`.
+
+## 0.1.0
+
+### Minor Changes
+
+- Initial publish. Wallet connection adapters for droplinked (MetaMask,
+  Coinbase, WalletConnect, Phantom). Hardened recover+rewrite from the
+  legacy `@droplinked/wallet-connection` source. See `README.md` and
+  `THREAT_MODEL.md` for the public surface and trust boundaries.

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Droplinked Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,142 @@
+# @droplinked_inc/wallet-connection
+
+Hardened wallet-connection primitives for droplinked: MetaMask, Coinbase
+Wallet, and Phantom. EIP-712 typed-data login with chain + origin +
+nonce binding, zod-validated RPC boundaries, no `any`, no remote ABI
+fetches.
+
+This package is a clean rewrite of the original
+`@droplinked/wallet-connection@1.0.1` (hostile-published by an external
+actor). See `THREAT_MODEL.md` for the threat scenarios this package
+mitigates and the test cases that exercise them.
+
+## Install
+
+```sh
+pnpm add @droplinked_inc/wallet-connection
+```
+
+Peer-ish runtime deps:
+
+- `viem ^2.21`
+- `zod ^3.23`
+
+Both are direct dependencies; you do not need to install them yourself.
+
+## Quick start — EVM login (MetaMask)
+
+```ts
+import {
+  EvmConnector,
+  Chain,
+  Network,
+  verifyLoginSignature,
+  buildSession,
+  saveSession,
+} from '@droplinked_inc/wallet-connection';
+
+const connector = new EvmConnector({
+  chain: Chain.ETH,
+  network: Network.MAINNET,
+  origin: window.location.origin,
+});
+
+const { address, signature } = await connector.walletLogin();
+
+// Verify (server-side or client-side):
+await verifyLoginSignature({
+  payload: /* the LoginPayload returned by your server */,
+  signature,
+  expectedAddress: address,
+  expectedChainId: 1,
+  expectedOrigin: window.location.origin,
+});
+
+saveSession(
+  buildSession({
+    address,
+    chainId: 1,
+    origin: window.location.origin,
+    signature,
+    ttlSeconds: 60 * 60 * 8, // 8 hours
+  }),
+);
+```
+
+## Quick start — Phantom (Solana) login
+
+```ts
+import { PhantomConnector, Network } from '@droplinked_inc/wallet-connection';
+
+const connector = new PhantomConnector(Network.MAINNET);
+const { address, signature } = await connector.walletLogin();
+```
+
+## ERC-20 transfer
+
+```ts
+const txHash = await connector.paymentWithToken(
+  receiverAddress,
+  1000000n, // amount as bigint
+  tokenAddress,
+);
+```
+
+Note: this issues a direct `transfer`. There is **no** `approve` API
+exposed — drainer-style allowance flows are not reachable from this
+package. See `THREAT_MODEL.md` §T5.
+
+## Custom checkout calldata
+
+The droplinked v3 checkout contract is invoked via
+`submitRawTransaction()` with calldata produced by the droplinked
+checkout API. The legacy direct ABI encoder is intentionally removed
+(see `THREAT_MODEL.md` §T7 — remote ABI/address fetch was a single
+point of supply-chain compromise).
+
+```ts
+const txHash = await connector.submitRawTransaction({
+  to: checkoutContractAddress,
+  data: serverProducedCalldata,
+  value: totalPriceWei,
+  gasLimit: 3_000_000n,
+});
+```
+
+## Security
+
+- All RPC responses are zod-validated. Wallets that return malformed
+  data cause a typed error, not silent corruption.
+- Login signatures are EIP-712 typed with chain + origin + nonce +
+  issuedAt + optional expirationTime.
+- `selectMetaMaskProvider()` and `selectCoinbaseProvider()` require the
+  wallet's own self-identification flag. There is no fallback to the
+  umbrella `window.ethereum`.
+- Nonces use `crypto.getRandomValues()` (256 bits). If Web Crypto is
+  unavailable the call throws — there is no `Math.random()` fallback.
+- Sessions default to `sessionStorage` (cleared on tab close), not
+  `localStorage`. They carry an explicit `expiresAt` that
+  `loadSession()` enforces.
+
+See `THREAT_MODEL.md` for the full delta vs. the original v1.0.1 and
+the tests that exercise each scenario.
+
+## Status
+
+Initial recover + harden. The original public API names are preserved
+where feasible; the following changes are deliberate and noted in
+`THREAT_MODEL.md`:
+
+- Chain/Network/ChainWallet are now string-valued enums (was implicit-
+  numeric).
+- `getNetworkProvider(chain, network, address, wallet)` is now
+  `getNetworkProvider({ chain, network, address, wallet, ... })`.
+- `EVMProvider` is now `EvmConnector`; `SolanaProvider` is now
+  `PhantomConnector` (constructor signatures changed accordingly).
+- `EVMPayment` (the free function) is removed; use
+  `EvmConnector.submitRawTransaction()`.
+- Error classes now extend `Error` (regression-fixes try/catch).
+
+## License
+
+MIT.

package/THREAT_MODEL.md

@@ -0,0 +1,180 @@
+# Threat Model — @droplinked_inc/wallet-connection
+
+This document enumerates the wallet-specific threats the package is built
+to mitigate, the design decisions taken in response, and the test cases
+that exercise each scenario.
+
+The starting point is a hardened rewrite of the original
+`@droplinked/wallet-connection@1.0.1` package (hostile-published by an
+external actor). The original is presumed compromised; behavior is not
+trusted, only the recovered TypeScript source is used as a feature
+reference. Every behavior carried forward was reviewed.
+
+## Scope
+
+In-scope: connection, signature, and routing primitives shipped by this
+package. Out-of-scope: backend session storage, JWT issuance, payment-
+intent reconciliation — those belong to neighboring packages.
+
+## Threats and mitigations
+
+### T1 — Forged signature presentation
+
+**Scenario.** An attacker presents a signature obtained out-of-band (a
+leak from another origin's database, a phishing site that captured a
+sign) and tries to authenticate as the owning address.
+
+**Mitigation.** All login signatures are EIP-712 typed data with an
+explicit `chainId`, `domain` (host), `nonce`, and `issuedAt` field. The
+server (or `verifyLoginSignature` client-side) refuses a signature when
+any of these mismatch the expected values. The original v1.0.1 used a
+`personal_sign` of a static plaintext that had none of these bindings.
+
+**Test.** `signing.test.ts → 'tampered payload (different address) rejected'`.
+
+### T2 — Cross-chain replay
+
+**Scenario.** A signature obtained on chain X is replayed against the
+server when the user thinks they're acting on chain Y. The droplinked
+checkout contract reads a `chainLinkRoundId` so cross-chain replay can
+mis-price an order.
+
+**Mitigation.** `chainId` is bound into both the EIP-712 domain *and*
+the typed message. `verifyLoginSignature` rejects with
+`ChainMismatchError` if the payload's chainId disagrees with what the
+server expected for that route.
+
+**Test.** `signing.test.ts → 'cross-chain replay refused'`.
+
+### T3 — Origin spoofing on `eth_requestAccounts`
+
+**Scenario.** A subdomain or partner site impersonates the droplinked
+origin, captures a signed login payload, and replays it against the
+real droplinked backend.
+
+**Mitigation.** The signed payload's `domain` field is set to
+`new URL(origin).host` at build time and re-verified against the
+expected origin host using constant-time comparison. `OriginMismatchError`
+is thrown on disagreement.
+
+**Test.** `signing.test.ts → 'origin spoofing refused'`.
+
+### T4 — Phishing via deceptive wallet popups
+
+**Scenario.** A page running multiple wallets injects `window.ethereum`
+with `isMetaMask=true` to impersonate MetaMask and steal a sign.
+
+**Mitigation.** `selectMetaMaskProvider()` walks the legacy
+`ethereum.providers` array if present and only accepts the entry whose
+`isMetaMask` flag is set. There is no fallback to the umbrella
+`window.ethereum`. We never call `window.open('https://phantom.app/')`
+on the user's behalf — the original v1.0.1 did, opening a side-channel
+for tab-redirect attacks.
+
+**Test.** `provider.test.ts → 'selectMetaMaskProvider rejects impersonation'`
+and `phantom.test.ts → 'throws when isPhantom is false (impersonation)'`.
+
+### T5 — Drainer-style approve-all-tokens attacks
+
+**Scenario.** A malicious wrapper convinces the user to issue an
+`approve(spender, uint256.max)` against an ERC-20, letting the spender
+drain the token at any future time.
+
+**Mitigation.** The package exposes `paymentWithToken(receiver, amount,
+token)` which issues a direct `transfer(receiver, amount)`. There is no
+`approve` API. Callers that need allowance-based flows must use a
+specialized package (out of scope here) so the dangerous primitive is
+not casually reachable. `submitRawTransaction()` is the escape hatch for
+server-built calldata — callers explicitly opt in.
+
+**Test.** `evm.test.ts → 'encodeErc20Transfer produces correct calldata'`
+verifies the selector is `0xa9059cbb` (`transfer`) and not `0x095ea7b3`
+(`approve`).
+
+### T6 — Hardware wallet ledger-state desync (popup loop)
+
+**Scenario.** The original v1.0.1 `handleWallet` method recursively
+called itself after each `wallet_requestPermissions` rejection. On a
+Ledger that has gone to sleep, this spins an infinite popup loop the
+user cannot escape.
+
+**Mitigation.** The new `EvmConnector.handleWallet` is iterative with a
+hard bound of 3 attempts, after which `AccountChangedException` is
+thrown. No recursive self-call.
+
+**Test.** `evm.test.ts → 'handleWallet does NOT recurse forever on
+persistent account mismatch'`.
+
+### T7 — Supply-chain compromise via remote ABI/address fetch
+
+**Scenario.** The original v1.0.1 fetched the on-chain contract address
+from `https://apiv3dev.droplinked.com/storage/<chain><network>ContractAddress`
+at every payment. Anyone who compromises that endpoint (DNS hijack,
+storage write, internal-CI compromise, or — historically — a hostile
+npm publisher who can also touch that endpoint) can redirect every
+customer payment to an attacker's address.
+
+**Mitigation.** Remote address discovery is fully removed.
+`EvmConnector.payment()` requires `checkoutContractAddress` at
+construction time. The legacy direct ABI encode path is intentionally
+disabled in favor of `submitRawTransaction()` with server-built
+calldata, so the address validation lives behind the backend's signed
+order.
+
+**Test.** `evm.test.ts → "payment() refuses without contract address
+(no remote fetch)"`.
+
+### T8 — Session reuse after wallet rotation
+
+**Scenario.** A user signs in, the page caches the session in
+`localStorage`, the user disconnects/changes their wallet — the cached
+session can be replayed by a later visitor on a shared device.
+
+**Mitigation.** Sessions default to `sessionStorage` (cleared on tab
+close), are zod-validated on read, and carry an `expiresAt` that
+`loadSession` enforces. Corrupt or expired blobs are scrubbed on read.
+
+**Test.** `session.test.ts → 'expired session is dropped on load'` and
+`'corrupt JSON drops session'`.
+
+### T9 — Nonce predictability
+
+**Scenario.** A weak PRNG produces predictable nonces, allowing a
+replay window where the attacker can pre-compute a server-acceptable
+nonce.
+
+**Mitigation.** `generateNonce()` uses `crypto.getRandomValues()` with
+256 bits of entropy. If Web Crypto is unavailable we throw — no fallback
+to `Math.random()`.
+
+**Test.** `signing.test.ts → 'generateNonce produces unique url-safe
+strings'` and the property test `'nonce always url-safe and unique
+within batch'`.
+
+### T10 — Error swallowed in framework error boundaries
+
+**Scenario.** The original v1.0.1 error classes did not extend `Error`.
+React error boundaries and Node uncaughtException handlers would not
+match them, so wallet errors silently slipped through to incorrect
+"success" states.
+
+**Mitigation.** All error classes extend a common
+`WalletConnectionError` which extends native `Error`. Stack traces and
+`instanceof` both work.
+
+**Test.** `errors.test.ts → 'errors propagate through try/catch
+(regression: v1.0.1 did not extend Error)'`.
+
+## Out of scope (tracked for follow-ups)
+
+- WalletConnect v2 connector — placeholder factory exposed; needs a
+  dedicated Reown/AppKit integration PR.
+- Solana SPL token transfer — the original v1.0.1 used the deprecated
+  `@solana/spl-token` v0.1 Token-class API. Re-implementing against
+  v0.4 is queued separately so this PR can land clean.
+- Sui connector — listed in the package description; no recovered
+  source exists. Will land in a follow-up.
+- Ledger device address-confirmation prompts — out of scope until the
+  WalletConnect path lands.
+- Server-side signature verification rate limiting / per-IP brute force
+  controls — backend concern.

package/dist/chains.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Chain metadata. Read-only registry that powers chain-add/chain-switch
+ * RPC calls. No remote fetches — the original v1.0.1 reached out to
+ * `apiv3dev.droplinked.com/storage/...` to discover contract addresses,
+ * which is a supply-chain vulnerability (any compromise of that endpoint
+ * could redirect every customer payment to an attacker address). The new
+ * design takes contract addresses as explicit caller-provided arguments.
+ */
+import { Chain, Network } from './types.js';
+export interface ChainMetadata {
+    readonly chainName: string;
+    /** 0x-hex chainId, e.g. "0x89". */
+    readonly chainIdHex: `0x${string}`;
+    /** Decimal chainId for EIP-712 / viem. */
+    readonly chainIdNumber: number;
+    readonly nativeCurrency: {
+        name: string;
+        decimals: number;
+        symbol: string;
+    };
+    readonly rpcUrls: readonly string[];
+}
+export declare function getChainMetadata(chain: Chain, network: Network): ChainMetadata;
+export declare function hasChainMetadata(chain: Chain, network: Network): boolean;
+//# sourceMappingURL=chains.d.ts.map

package/dist/chains.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chains.d.ts","sourceRoot":"","sources":["../src/chains.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAG5C,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,mCAAmC;IACnC,QAAQ,CAAC,UAAU,EAAE,KAAK,MAAM,EAAE,CAAC;IACnC,0CAA0C;IAC1C,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,cAAc,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAC5E,QAAQ,CAAC,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;CACrC;AAsID,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,aAAa,CAS9E;AAED,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAExE"}

package/dist/chains.js

@@ -0,0 +1,153 @@
+/**
+ * Chain metadata. Read-only registry that powers chain-add/chain-switch
+ * RPC calls. No remote fetches — the original v1.0.1 reached out to
+ * `apiv3dev.droplinked.com/storage/...` to discover contract addresses,
+ * which is a supply-chain vulnerability (any compromise of that endpoint
+ * could redirect every customer payment to an attacker address). The new
+ * design takes contract addresses as explicit caller-provided arguments.
+ */
+import { Chain, Network } from './types.js';
+import { ChainNotImplementedException } from './errors.js';
+const CHAIN_TABLE = {
+    [Chain.BINANCE]: {
+        [Network.TESTNET]: {
+            chainName: 'Smart Chain - Testnet',
+            chainIdHex: '0x61',
+            chainIdNumber: 97,
+            nativeCurrency: { name: 'BNB', decimals: 18, symbol: 'BNB' },
+            rpcUrls: ['https://data-seed-prebsc-1-s1.binance.org:8545/'],
+        },
+        [Network.MAINNET]: {
+            chainName: 'Smart Chain',
+            chainIdHex: '0x38',
+            chainIdNumber: 56,
+            nativeCurrency: { name: 'BNB', decimals: 18, symbol: 'BNB' },
+            rpcUrls: ['https://bsc-dataseed.binance.org/'],
+        },
+    },
+    [Chain.POLYGON]: {
+        [Network.TESTNET]: {
+            chainName: 'Polygon Amoy',
+            chainIdHex: '0x13882',
+            chainIdNumber: 80002,
+            nativeCurrency: { name: 'MATIC', decimals: 18, symbol: 'MATIC' },
+            rpcUrls: ['https://rpc-amoy.polygon.technology'],
+        },
+        [Network.MAINNET]: {
+            chainName: 'Polygon Mainnet',
+            chainIdHex: '0x89',
+            chainIdNumber: 137,
+            nativeCurrency: { name: 'MATIC', decimals: 18, symbol: 'MATIC' },
+            rpcUrls: ['https://polygon-rpc.com/'],
+        },
+    },
+    [Chain.BASE]: {
+        [Network.TESTNET]: {
+            chainName: 'Base Sepolia',
+            chainIdHex: '0x14a34',
+            chainIdNumber: 84532,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'ETH' },
+            rpcUrls: ['https://sepolia.base.org'],
+        },
+        [Network.MAINNET]: {
+            chainName: 'Base Mainnet',
+            chainIdHex: '0x2105',
+            chainIdNumber: 8453,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'ETH' },
+            rpcUrls: ['https://mainnet.base.org/'],
+        },
+    },
+    [Chain.LINEA]: {
+        [Network.MAINNET]: {
+            chainName: 'Linea',
+            chainIdHex: '0xe708',
+            chainIdNumber: 59144,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'LineaETH' },
+            rpcUrls: ['https://rpc.linea.build'],
+        },
+        [Network.TESTNET]: {
+            chainName: 'Linea Sepolia',
+            chainIdHex: '0xe705',
+            chainIdNumber: 59141,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'LineaETH' },
+            rpcUrls: ['https://rpc.sepolia.linea.build'],
+        },
+    },
+    [Chain.ETH]: {
+        [Network.MAINNET]: {
+            chainName: 'Ethereum',
+            chainIdHex: '0x1',
+            chainIdNumber: 1,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'ETH' },
+            rpcUrls: ['https://eth.llamarpc.com'],
+        },
+        [Network.TESTNET]: {
+            chainName: 'Sepolia',
+            chainIdHex: '0xaa36a7',
+            chainIdNumber: 11155111,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'ETH' },
+            rpcUrls: ['https://eth-sepolia.public.blastapi.io/'],
+        },
+    },
+    [Chain.NEAR]: {
+        [Network.TESTNET]: {
+            chainName: 'Aurora Testnet',
+            chainIdHex: '0x4e454153',
+            chainIdNumber: 1313161555,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'ETH' },
+            rpcUrls: ['https://testnet.aurora.dev'],
+        },
+        [Network.MAINNET]: {
+            chainName: 'Aurora Mainnet',
+            chainIdHex: '0x4e454152',
+            chainIdNumber: 1313161554,
+            nativeCurrency: { name: 'ETH', decimals: 18, symbol: 'ETH' },
+            rpcUrls: ['https://mainnet.aurora.dev'],
+        },
+    },
+    [Chain.XRPLSIDECHAIN]: {
+        [Network.TESTNET]: {
+            chainName: 'XRPL EVM Sidechain',
+            chainIdHex: '0x15f902',
+            chainIdNumber: 1440002,
+            nativeCurrency: { name: 'XRP', decimals: 18, symbol: 'XRP' },
+            rpcUrls: ['https://rpc-evm-sidechain.xrpl.org'],
+        },
+        [Network.MAINNET]: {
+            chainName: 'XRPL EVM Sidechain',
+            chainIdHex: '0x15f902',
+            chainIdNumber: 1440002,
+            nativeCurrency: { name: 'XRP', decimals: 18, symbol: 'XRP' },
+            rpcUrls: ['https://rpc-evm-sidechain.xrpl.org'],
+        },
+    },
+    [Chain.SKALE]: {
+        [Network.TESTNET]: {
+            chainName: 'SKALE Calypso Testnet',
+            chainIdHex: '0x3a14269b',
+            chainIdNumber: 974399131,
+            nativeCurrency: { name: 'sFUEL', decimals: 18, symbol: 'sFUEL' },
+            rpcUrls: ['https://testnet.skalenodes.com/v1/giant-half-dual-testnet'],
+        },
+    },
+    [Chain.STACKS]: {
+    // Stacks is not EVM. The original v1.0.1 stuffed BSC metadata in here.
+    // We intentionally leave this empty — Stacks integration requires a
+    // separate native-protocol connector, not EVM RPC tricks.
+    },
+    [Chain.SOLANA]: {
+    // Solana is not EVM. Handled by SolanaProvider, not by this table.
+    },
+};
+export function getChainMetadata(chain, network) {
+    const networkTable = CHAIN_TABLE[chain];
+    const meta = networkTable[network];
+    if (meta === undefined) {
+        throw new ChainNotImplementedException(`Chain ${chain} on network ${network} is not implemented`);
+    }
+    return meta;
+}
+export function hasChainMetadata(chain, network) {
+    return CHAIN_TABLE[chain][network] !== undefined;
+}
+//# sourceMappingURL=chains.js.map

package/dist/chains.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chains.js","sourceRoot":"","sources":["../src/chains.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAC5C,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAY3D,MAAM,WAAW,GAAqE;IACpF,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QACf,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,uBAAuB;YAClC,UAAU,EAAE,MAAM;YAClB,aAAa,EAAE,EAAE;YACjB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,iDAAiD,CAAC;SAC7D;QACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,aAAa;YACxB,UAAU,EAAE,MAAM;YAClB,aAAa,EAAE,EAAE;YACjB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,mCAAmC,CAAC;SAC/C;KACF;IACD,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QACf,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,cAAc;YACzB,UAAU,EAAE,SAAS;YACrB,aAAa,EAAE,KAAK;YACpB,cAAc,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;YAChE,OAAO,EAAE,CAAC,qCAAqC,CAAC;SACjD;QACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,iBAAiB;YAC5B,UAAU,EAAE,MAAM;YAClB,aAAa,EAAE,GAAG;YAClB,cAAc,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;YAChE,OAAO,EAAE,CAAC,0BAA0B,CAAC;SACtC;KACF;IACD,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE;QACZ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,cAAc;YACzB,UAAU,EAAE,SAAS;YACrB,aAAa,EAAE,KAAK;YACpB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,0BAA0B,CAAC;SACtC;QACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,cAAc;YACzB,UAAU,EAAE,QAAQ;YACpB,aAAa,EAAE,IAAI;YACnB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,2BAA2B,CAAC;SACvC;KACF;IACD,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;QACb,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,OAAO;YAClB,UAAU,EAAE,QAAQ;YACpB,aAAa,EAAE,KAAK;YACpB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE;YACjE,OAAO,EAAE,CAAC,yBAAyB,CAAC;SACrC;QACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,eAAe;YAC1B,UAAU,EAAE,QAAQ;YACpB,aAAa,EAAE,KAAK;YACpB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE;YACjE,OAAO,EAAE,CAAC,iCAAiC,CAAC;SAC7C;KACF;IACD,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE;QACX,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,UAAU;YACrB,UAAU,EAAE,KAAK;YACjB,aAAa,EAAE,CAAC;YAChB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,0BAA0B,CAAC;SACtC;QACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,SAAS;YACpB,UAAU,EAAE,UAAU;YACtB,aAAa,EAAE,QAAQ;YACvB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,yCAAyC,CAAC;SACrD;KACF;IACD,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE;QACZ,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,gBAAgB;YAC3B,UAAU,EAAE,YAAY;YACxB,aAAa,EAAE,UAAU;YACzB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,4BAA4B,CAAC;SACxC;QACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,gBAAgB;YAC3B,UAAU,EAAE,YAAY;YACxB,aAAa,EAAE,UAAU;YACzB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,4BAA4B,CAAC;SACxC;KACF;IACD,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE;QACrB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,oBAAoB;YAC/B,UAAU,EAAE,UAAU;YACtB,aAAa,EAAE,OAAO;YACtB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,oCAAoC,CAAC;SAChD;QACD,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,oBAAoB;YAC/B,UAAU,EAAE,UAAU;YACtB,aAAa,EAAE,OAAO;YACtB,cAAc,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE;YAC5D,OAAO,EAAE,CAAC,oCAAoC,CAAC;SAChD;KACF;IACD,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;QACb,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;YACjB,SAAS,EAAE,uBAAuB;YAClC,UAAU,EAAE,YAAY;YACxB,aAAa,EAAE,SAAS;YACxB,cAAc,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE;YAChE,OAAO,EAAE,CAAC,2DAA2D,CAAC;SACvE;KACF;IACD,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;IACd,uEAAuE;IACvE,oEAAoE;IACpE,0DAA0D;KAC3D;IACD,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE;IACd,mEAAmE;KACpE;CACF,CAAC;AAEF,MAAM,UAAU,gBAAgB,CAAC,KAAY,EAAE,OAAgB;IAC7D,MAAM,YAAY,GAAG,WAAW,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,IAAI,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,4BAA4B,CACpC,SAAS,KAAK,eAAe,OAAO,qBAAqB,CAC1D,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,KAAY,EAAE,OAAgB;IAC7D,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,KAAK,SAAS,CAAC;AACnD,CAAC"}