@droplinked_inc/wallet-connection 0.1.1

package/dist/provider.d.ts

@@ -0,0 +1,74 @@
+/** EIP-1193 request method signature. */
+export interface Eip1193RequestArgs {
+    readonly method: string;
+    readonly params?: readonly unknown[] | object;
+}
+export interface Eip1193Provider {
+    request(args: Eip1193RequestArgs): Promise<unknown>;
+    readonly isMetaMask?: boolean;
+    readonly isCoinbaseWallet?: boolean;
+    /** MetaMask's multi-wallet bridge (deprecated but still in the wild). */
+    readonly providers?: readonly Eip1193Provider[];
+}
+/**
+ * Resolves the EIP-1193 provider from the host environment. Returns
+ * undefined when not in a browser or when no injection is present —
+ * callers should throw a typed error in that case.
+ */
+export declare function getInjectedProvider(): Eip1193Provider | undefined;
+export declare function requireInjectedProvider(): Eip1193Provider;
+/**
+ * Canonical rdns identifiers for the wallets this package supports.
+ * Match against these — never against `info.name`, which any extension
+ * can set.
+ */
+export declare const WALLET_RDNS: {
+    readonly metamask: "io.metamask";
+    readonly coinbase: "com.coinbase.wallet";
+    readonly phantom: "app.phantom";
+};
+export type WalletRdns = (typeof WALLET_RDNS)[keyof typeof WALLET_RDNS];
+export interface Eip6963ProviderInfo {
+    readonly uuid: string;
+    readonly name: string;
+    readonly icon: string;
+    /** Reverse-DNS identifier — the only spoofing-resistant wallet ID. */
+    readonly rdns: string;
+}
+export interface Eip6963ProviderDetail {
+    readonly info: Eip6963ProviderInfo;
+    readonly provider: Eip1193Provider;
+}
+/**
+ * Synchronously collect EIP-6963 provider announcements. Dispatches
+ * `eip6963:requestProvider` and listens for `eip6963:announceProvider`
+ * responses. Announcements are deduplicated by `info.uuid`.
+ *
+ * NOTE: EIP-6963 announcements are synchronous; wallets respond to the
+ * request event before the dispatch returns. Async polling is not
+ * required.
+ */
+export declare function discoverEip6963Providers(): ReadonlyMap<string, Eip6963ProviderDetail>;
+/** Find the first announced provider whose `info.rdns` matches `rdns`. */
+export declare function findProviderByRdns(rdns: WalletRdns | string): Eip6963ProviderDetail | undefined;
+/**
+ * MetaMask-specific selection.
+ *
+ *   Strict (EIP-6963) path: match on `info.rdns === 'io.metamask'`.
+ *   Legacy fallback: when no EIP-6963 announcement is heard, fall back to
+ *   `window.ethereum.isMetaMask` / `ethereum.providers[i].isMetaMask`.
+ *   The legacy path is strictly weaker — an extension that injects
+ *   `window.ethereum = { isMetaMask: true, request: drainerRequest }`
+ *   before MetaMask loads will be matched there. Document this to
+ *   consumers in JSDoc + THREAT_MODEL.md.
+ */
+export declare function selectMetaMaskProvider(): Eip1193Provider;
+export declare function selectCoinbaseProvider(): Eip1193Provider;
+export declare function getAccounts(provider: Eip1193Provider): Promise<string[]>;
+export declare function requestAccounts(provider: Eip1193Provider): Promise<string[]>;
+export declare function getChainId(provider: Eip1193Provider): Promise<string>;
+export declare function isWalletConnected(provider: Eip1193Provider): Promise<boolean>;
+export declare function getBalance(provider: Eip1193Provider, address: string): Promise<bigint>;
+export declare function isMetamaskInstalled(): boolean;
+export declare function isCoinBaseInstalled(): boolean;
+//# sourceMappingURL=provider.d.ts.map

package/dist/provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../src/provider.ts"],"names":[],"mappings":"AAoBA,yCAAyC;AACzC,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,OAAO,EAAE,GAAG,MAAM,CAAC;CAC/C;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,IAAI,EAAE,kBAAkB,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACpD,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,OAAO,CAAC;IACpC,yEAAyE;IACzE,QAAQ,CAAC,SAAS,CAAC,EAAE,SAAS,eAAe,EAAE,CAAC;CACjD;AAQD;;;;GAIG;AACH,wBAAgB,mBAAmB,IAAI,eAAe,GAAG,SAAS,CAMjE;AAED,wBAAgB,uBAAuB,IAAI,eAAe,CAMzD;AAaD;;;;GAIG;AACH,eAAO,MAAM,WAAW;;;;CAId,CAAC;AAEX,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,WAAW,CAAC,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAExE,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,sEAAsE;IACtE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;CACpC;AA+BD;;;;;;;;GAQG;AACH,wBAAgB,wBAAwB,IAAI,WAAW,CAAC,MAAM,EAAE,qBAAqB,CAAC,CA2BrF;AAED,0EAA0E;AAC1E,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,qBAAqB,GAAG,SAAS,CAM/F;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,sBAAsB,IAAI,eAAe,CAgBxD;AAED,wBAAgB,sBAAsB,IAAI,eAAe,CAgBxD;AAED,wBAAsB,WAAW,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAG9E;AAED,wBAAsB,eAAe,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAGlF;AAED,wBAAsB,UAAU,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAG3E;AAED,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,CAGnF;AAED,wBAAsB,UAAU,CAC9B,QAAQ,EAAE,eAAe,EACzB,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,MAAM,CAAC,CAOjB;AAMD,wBAAgB,mBAAmB,IAAI,OAAO,CAO7C;AAED,wBAAgB,mBAAmB,IAAI,OAAO,CAO7C"}

package/dist/provider.js

@@ -0,0 +1,210 @@
+/**
+ * Minimal EIP-1193 provider type and probing helpers.
+ *
+ * The original v1.0.1 stuffed `window.ethereum` into `any` everywhere. This
+ * module replaces that with a typed shape and validates each response.
+ *
+ * Wallet-impersonation hardening (HIGH-1):
+ *
+ *   `isMetaMask` / `isCoinbaseWallet` are self-reported flags any
+ *   extension can set. To pick a wallet by *identity* rather than by
+ *   claim, this module also implements EIP-6963 multi-provider
+ *   discovery: wallets emit `eip6963:announceProvider` events with a
+ *   reverse-DNS `rdns` identifier (`io.metamask`, `com.coinbase.wallet`,
+ *   `app.phantom`, …). When the user picks a wallet we match on `rdns`,
+ *   not on the spoofable `isXxx` flag. The legacy `window.ethereum`
+ *   path remains as a fallback with a documented weaker guarantee.
+ */
+import { z } from 'zod';
+import { WalletNotFoundException } from './errors.js';
+const AccountsResponseSchema = z.array(z.string().regex(/^0x[a-fA-F0-9]{40}$/u));
+const HexResponseSchema = z.string().regex(/^0x[a-fA-F0-9]*$/u);
+/**
+ * Resolves the EIP-1193 provider from the host environment. Returns
+ * undefined when not in a browser or when no injection is present —
+ * callers should throw a typed error in that case.
+ */
+export function getInjectedProvider() {
+    if (typeof globalThis === 'undefined') {
+        return undefined;
+    }
+    const w = globalThis;
+    return w.ethereum;
+}
+export function requireInjectedProvider() {
+    const p = getInjectedProvider();
+    if (p === undefined) {
+        throw new WalletNotFoundException('No EVM wallet provider found on window');
+    }
+    return p;
+}
+/* -------------------------------------------------------------------------- */
+/*  EIP-6963: Multi-Injected Provider Discovery                                */
+/*                                                                              */
+/*  https://eips.ethereum.org/EIPS/eip-6963                                     */
+/*                                                                              */
+/*  Wallets dispatch `eip6963:announceProvider` whenever the page emits         */
+/*  `eip6963:requestProvider`. We collect announcements into a Map keyed by     */
+/*  the wallet's reverse-DNS `rdns` identifier — the canonical wallet           */
+/*  identity, NOT the spoofable `info.name` string.                             */
+/* -------------------------------------------------------------------------- */
+/**
+ * Canonical rdns identifiers for the wallets this package supports.
+ * Match against these — never against `info.name`, which any extension
+ * can set.
+ */
+export const WALLET_RDNS = {
+    metamask: 'io.metamask',
+    coinbase: 'com.coinbase.wallet',
+    phantom: 'app.phantom',
+};
+function getEventTarget() {
+    const g = globalThis;
+    // Test injection hook — lets node `testEnvironment: 'node'` provide
+    // its own EventTarget when one is not natively available.
+    if (g.__droplinkedEventTarget__ !== undefined &&
+        typeof g.__droplinkedEventTarget__.addEventListener === 'function') {
+        return g.__droplinkedEventTarget__;
+    }
+    if (typeof g.addEventListener === 'function')
+        return g;
+    if (g.window !== undefined && typeof g.window.addEventListener === 'function')
+        return g.window;
+    return undefined;
+}
+/**
+ * Synchronously collect EIP-6963 provider announcements. Dispatches
+ * `eip6963:requestProvider` and listens for `eip6963:announceProvider`
+ * responses. Announcements are deduplicated by `info.uuid`.
+ *
+ * NOTE: EIP-6963 announcements are synchronous; wallets respond to the
+ * request event before the dispatch returns. Async polling is not
+ * required.
+ */
+export function discoverEip6963Providers() {
+    const map = new Map();
+    const target = getEventTarget();
+    if (target === undefined)
+        return map;
+    const handler = (e) => {
+        const ann = e;
+        const detail = ann.detail;
+        if (detail === undefined ||
+            detail.info === undefined ||
+            typeof detail.info.uuid !== 'string' ||
+            typeof detail.info.rdns !== 'string' ||
+            detail.provider === undefined ||
+            typeof detail.provider.request !== 'function') {
+            return;
+        }
+        map.set(detail.info.uuid, detail);
+    };
+    target.addEventListener('eip6963:announceProvider', handler);
+    try {
+        target.dispatchEvent(new Event('eip6963:requestProvider'));
+    }
+    finally {
+        target.removeEventListener('eip6963:announceProvider', handler);
+    }
+    return map;
+}
+/** Find the first announced provider whose `info.rdns` matches `rdns`. */
+export function findProviderByRdns(rdns) {
+    const map = discoverEip6963Providers();
+    for (const detail of map.values()) {
+        if (detail.info.rdns === rdns)
+            return detail;
+    }
+    return undefined;
+}
+/**
+ * MetaMask-specific selection.
+ *
+ *   Strict (EIP-6963) path: match on `info.rdns === 'io.metamask'`.
+ *   Legacy fallback: when no EIP-6963 announcement is heard, fall back to
+ *   `window.ethereum.isMetaMask` / `ethereum.providers[i].isMetaMask`.
+ *   The legacy path is strictly weaker — an extension that injects
+ *   `window.ethereum = { isMetaMask: true, request: drainerRequest }`
+ *   before MetaMask loads will be matched there. Document this to
+ *   consumers in JSDoc + THREAT_MODEL.md.
+ */
+export function selectMetaMaskProvider() {
+    const detail = findProviderByRdns(WALLET_RDNS.metamask);
+    if (detail !== undefined)
+        return detail.provider;
+    const root = requireInjectedProvider();
+    if (Array.isArray(root.providers)) {
+        const mm = root.providers.find((p) => p.isMetaMask === true);
+        if (mm === undefined) {
+            throw new WalletNotFoundException('MetaMask provider not found');
+        }
+        return mm;
+    }
+    if (root.isMetaMask !== true) {
+        throw new WalletNotFoundException('MetaMask provider not found');
+    }
+    return root;
+}
+export function selectCoinbaseProvider() {
+    const detail = findProviderByRdns(WALLET_RDNS.coinbase);
+    if (detail !== undefined)
+        return detail.provider;
+    const root = requireInjectedProvider();
+    if (Array.isArray(root.providers)) {
+        const cb = root.providers.find((p) => p.isCoinbaseWallet === true);
+        if (cb === undefined) {
+            throw new WalletNotFoundException('Coinbase Wallet provider not found');
+        }
+        return cb;
+    }
+    if (root.isCoinbaseWallet !== true) {
+        throw new WalletNotFoundException('Coinbase Wallet provider not found');
+    }
+    return root;
+}
+export async function getAccounts(provider) {
+    const raw = await provider.request({ method: 'eth_accounts' });
+    return AccountsResponseSchema.parse(raw);
+}
+export async function requestAccounts(provider) {
+    const raw = await provider.request({ method: 'eth_requestAccounts' });
+    return AccountsResponseSchema.parse(raw);
+}
+export async function getChainId(provider) {
+    const raw = await provider.request({ method: 'eth_chainId' });
+    return HexResponseSchema.parse(raw);
+}
+export async function isWalletConnected(provider) {
+    const accounts = await getAccounts(provider);
+    return accounts.length > 0;
+}
+export async function getBalance(provider, address) {
+    const raw = await provider.request({
+        method: 'eth_getBalance',
+        params: [address, 'latest'],
+    });
+    const hex = HexResponseSchema.parse(raw);
+    return BigInt(hex);
+}
+/* -------------------------------------------------------------------------- */
+/*  Back-compat free-standing probes (mirror v1.0.1 boolean helpers)           */
+/* -------------------------------------------------------------------------- */
+export function isMetamaskInstalled() {
+    try {
+        selectMetaMaskProvider();
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export function isCoinBaseInstalled() {
+    try {
+        selectCoinbaseProvider();
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=provider.js.map

package/dist/provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../src/provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAgBtD,MAAM,sBAAsB,GAAG,CAAC,CAAC,KAAK,CACpC,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,sBAAsB,CAAC,CACzC,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;AAEhE;;;;GAIG;AACH,MAAM,UAAU,mBAAmB;IACjC,IAAI,OAAO,UAAU,KAAK,WAAW,EAAE,CAAC;QACtC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,CAAC,GAAG,UAAuD,CAAC;IAClE,OAAO,CAAC,CAAC,QAAQ,CAAC;AACpB,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,MAAM,CAAC,GAAG,mBAAmB,EAAE,CAAC;IAChC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;QACpB,MAAM,IAAI,uBAAuB,CAAC,wCAAwC,CAAC,CAAC;IAC9E,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,gFAAgF;AAChF,iFAAiF;AACjF,kFAAkF;AAClF,kFAAkF;AAClF,kFAAkF;AAClF,kFAAkF;AAClF,kFAAkF;AAClF,kFAAkF;AAClF,kFAAkF;AAClF,gFAAgF;AAEhF;;;;GAIG;AACH,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,QAAQ,EAAE,aAAa;IACvB,QAAQ,EAAE,qBAAqB;IAC/B,OAAO,EAAE,aAAa;CACd,CAAC;AA2BX,SAAS,cAAc;IACrB,MAAM,CAAC,GAAG,UAGT,CAAC;IACF,oEAAoE;IACpE,0DAA0D;IAC1D,IACE,CAAC,CAAC,yBAAyB,KAAK,SAAS;QACzC,OAAO,CAAC,CAAC,yBAAyB,CAAC,gBAAgB,KAAK,UAAU,EAClE,CAAC;QACD,OAAO,CAAC,CAAC,yBAAyB,CAAC;IACrC,CAAC;IACD,IAAI,OAAO,CAAC,CAAC,gBAAgB,KAAK,UAAU;QAAE,OAAO,CAAoB,CAAC;IAC1E,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,gBAAgB,KAAK,UAAU;QAC3E,OAAO,CAAC,CAAC,MAAM,CAAC;IAClB,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,wBAAwB;IACtC,MAAM,GAAG,GAAG,IAAI,GAAG,EAAiC,CAAC;IACrD,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,GAAG,CAAC;IAErC,MAAM,OAAO,GAAG,CAAC,CAAQ,EAAQ,EAAE;QACjC,MAAM,GAAG,GAAG,CAAyB,CAAC;QACtC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QAC1B,IACE,MAAM,KAAK,SAAS;YACpB,MAAM,CAAC,IAAI,KAAK,SAAS;YACzB,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ;YACpC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,QAAQ;YACpC,MAAM,CAAC,QAAQ,KAAK,SAAS;YAC7B,OAAO,MAAM,CAAC,QAAQ,CAAC,OAAO,KAAK,UAAU,EAC7C,CAAC;YACD,OAAO;QACT,CAAC;QACD,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACpC,CAAC,CAAC;IACF,MAAM,CAAC,gBAAgB,CAAC,0BAA0B,EAAE,OAAO,CAAC,CAAC;IAC7D,IAAI,CAAC;QACH,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC;IAC7D,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,mBAAmB,CAAC,0BAA0B,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,0EAA0E;AAC1E,MAAM,UAAU,kBAAkB,CAAC,IAAyB;IAC1D,MAAM,GAAG,GAAG,wBAAwB,EAAE,CAAC;IACvC,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;QAClC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI;YAAE,OAAO,MAAM,CAAC;IAC/C,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,sBAAsB;IACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,QAAQ,CAAC;IAEjD,MAAM,IAAI,GAAG,uBAAuB,EAAE,CAAC;IACvC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,IAAI,CAAC,CAAC;QAC7D,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;YACrB,MAAM,IAAI,uBAAuB,CAAC,6BAA6B,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,IAAI,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC;QAC7B,MAAM,IAAI,uBAAuB,CAAC,6BAA6B,CAAC,CAAC;IACnE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,MAAM,MAAM,GAAG,kBAAkB,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxD,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,CAAC,QAAQ,CAAC;IAEjD,MAAM,IAAI,GAAG,uBAAuB,EAAE,CAAC;IACvC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAClC,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,gBAAgB,KAAK,IAAI,CAAC,CAAC;QACnE,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;YACrB,MAAM,IAAI,uBAAuB,CAAC,oCAAoC,CAAC,CAAC;QAC1E,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,IAAI,CAAC,gBAAgB,KAAK,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,uBAAuB,CAAC,oCAAoC,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,QAAyB;IACzD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;IAC/D,OAAO,sBAAsB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,QAAyB;IAC7D,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC,CAAC;IACtE,OAAO,sBAAsB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC3C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,QAAyB;IACxD,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IAC9D,OAAO,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,QAAyB;IAC/D,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC7C,OAAO,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,QAAyB,EACzB,OAAe;IAEf,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;QACjC,MAAM,EAAE,gBAAgB;QACxB,MAAM,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC;KAC5B,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzC,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC;AAED,gFAAgF;AAChF,iFAAiF;AACjF,gFAAgF;AAEhF,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC;QACH,sBAAsB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC;QACH,sBAAsB,EAAE,CAAC;QACzB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/session.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Session storage helpers. The original v1.0.1 had no notion of sessions
+ * — every call required the caller to pass an address as a string, which
+ * encouraged callers to stash addresses in cookies/localStorage with no
+ * binding to chain or origin.
+ *
+ * This module provides a typed, expiring, origin-bound session record.
+ * Storage backend is pluggable; defaults to `sessionStorage` (cleared on
+ * tab close) rather than `localStorage` (persists forever) — that matches
+ * the threat model for wallet sessions.
+ */
+import { z } from 'zod';
+import { type EvmAddress } from './types.js';
+import type { Hex } from 'viem';
+/**
+ * Hard upper bound on session TTL (HIGH-2 mitigation). Because the
+ * raw EIP-712 signature is persisted in sessionStorage alongside the
+ * payload, it functions as a bearer credential for whoever can read
+ * the storage entry — any XSS in any consumer, any malicious browser
+ * extension with the `storage` permission, or a screen-share leak.
+ * We refuse to issue a session longer than 15 minutes so the blast
+ * radius of a single sessionStorage exfil is bounded.
+ *
+ * Consumers that need longer-lived sessions MUST exchange the
+ * signature for a server-issued opaque session token and drop the
+ * raw signature client-side.
+ */
+export declare const SESSION_MAX_TTL_SECONDS: number;
+export declare const WalletSessionSchema: z.ZodObject<{
+    address: z.ZodEffects<z.ZodString, `0x${string}`, string>;
+    chainId: z.ZodNumber;
+    origin: z.ZodString;
+    signature: z.ZodString;
+    issuedAt: z.ZodString;
+    expiresAt: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    address: `0x${string}`;
+    chainId: number;
+    issuedAt: string;
+    signature: string;
+    origin: string;
+    expiresAt: string;
+}, {
+    address: string;
+    chainId: number;
+    issuedAt: string;
+    signature: string;
+    origin: string;
+    expiresAt: string;
+}>;
+export type WalletSession = z.infer<typeof WalletSessionSchema>;
+export interface SessionStorage {
+    getItem(key: string): string | null;
+    setItem(key: string, value: string): void;
+    removeItem(key: string): void;
+}
+export declare function saveSession(session: WalletSession, storage?: SessionStorage | undefined): void;
+export declare function loadSession(storage?: SessionStorage | undefined, nowMs?: number): WalletSession | undefined;
+export declare function clearSession(storage?: SessionStorage | undefined): void;
+export interface BuildSessionArgs {
+    readonly address: EvmAddress;
+    readonly chainId: number;
+    readonly origin: string;
+    readonly signature: Hex;
+    readonly ttlSeconds: number;
+}
+export declare function buildSession(args: BuildSessionArgs): WalletSession;
+//# sourceMappingURL=session.d.ts.map

package/dist/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAoB,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAE/D,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAIhC;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,uBAAuB,QAAU,CAAC;AAE/C,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;EAO9B,CAAC;AAEH,MAAM,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,mBAAmB,CAAC,CAAC;AAEhE,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IACpC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;CAC/B;AAOD,wBAAgB,WAAW,CACzB,OAAO,EAAE,aAAa,EACtB,OAAO,GAAE,cAAc,GAAG,SAA4B,GACrD,IAAI,CAMN;AAED,wBAAgB,WAAW,CACzB,OAAO,GAAE,cAAc,GAAG,SAA4B,EACtD,KAAK,GAAE,MAAmB,GACzB,aAAa,GAAG,SAAS,CA0B3B;AAED,wBAAgB,YAAY,CAC1B,OAAO,GAAE,cAAc,GAAG,SAA4B,GACrD,IAAI,CAKN;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,EAAE,GAAG,CAAC;IACxB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,gBAAgB,GAAG,aAAa,CAiBlE"}

package/dist/session.js

@@ -0,0 +1,99 @@
+/**
+ * Session storage helpers. The original v1.0.1 had no notion of sessions
+ * — every call required the caller to pass an address as a string, which
+ * encouraged callers to stash addresses in cookies/localStorage with no
+ * binding to chain or origin.
+ *
+ * This module provides a typed, expiring, origin-bound session record.
+ * Storage backend is pluggable; defaults to `sessionStorage` (cleared on
+ * tab close) rather than `localStorage` (persists forever) — that matches
+ * the threat model for wallet sessions.
+ */
+import { z } from 'zod';
+import { EvmAddressSchema } from './types.js';
+import { SignaturePayloadInvalidError } from './errors.js';
+const STORAGE_KEY = 'droplinked:wallet-session:v1';
+/**
+ * Hard upper bound on session TTL (HIGH-2 mitigation). Because the
+ * raw EIP-712 signature is persisted in sessionStorage alongside the
+ * payload, it functions as a bearer credential for whoever can read
+ * the storage entry — any XSS in any consumer, any malicious browser
+ * extension with the `storage` permission, or a screen-share leak.
+ * We refuse to issue a session longer than 15 minutes so the blast
+ * radius of a single sessionStorage exfil is bounded.
+ *
+ * Consumers that need longer-lived sessions MUST exchange the
+ * signature for a server-issued opaque session token and drop the
+ * raw signature client-side.
+ */
+export const SESSION_MAX_TTL_SECONDS = 15 * 60;
+export const WalletSessionSchema = z.object({
+    address: EvmAddressSchema,
+    chainId: z.number().int().positive(),
+    origin: z.string().min(1),
+    signature: z.string().regex(/^0x[a-fA-F0-9]+$/u),
+    issuedAt: z.string().datetime(),
+    expiresAt: z.string().datetime(),
+});
+function defaultStorage() {
+    const g = globalThis;
+    return g.sessionStorage;
+}
+export function saveSession(session, storage = defaultStorage()) {
+    if (storage === undefined) {
+        return; // headless / SSR — silently no-op
+    }
+    WalletSessionSchema.parse(session);
+    storage.setItem(STORAGE_KEY, JSON.stringify(session));
+}
+export function loadSession(storage = defaultStorage(), nowMs = Date.now()) {
+    if (storage === undefined) {
+        return undefined;
+    }
+    const raw = storage.getItem(STORAGE_KEY);
+    if (raw === null) {
+        return undefined;
+    }
+    let parsedJson;
+    try {
+        parsedJson = JSON.parse(raw);
+    }
+    catch {
+        storage.removeItem(STORAGE_KEY);
+        return undefined;
+    }
+    const result = WalletSessionSchema.safeParse(parsedJson);
+    if (!result.success) {
+        storage.removeItem(STORAGE_KEY);
+        return undefined;
+    }
+    const exp = Date.parse(result.data.expiresAt);
+    if (Number.isNaN(exp) || exp <= nowMs) {
+        storage.removeItem(STORAGE_KEY);
+        return undefined;
+    }
+    return result.data;
+}
+export function clearSession(storage = defaultStorage()) {
+    if (storage === undefined) {
+        return;
+    }
+    storage.removeItem(STORAGE_KEY);
+}
+export function buildSession(args) {
+    if (args.ttlSeconds <= 0 || args.ttlSeconds > SESSION_MAX_TTL_SECONDS) {
+        throw new SignaturePayloadInvalidError(`ttlSeconds must be in (0, ${SESSION_MAX_TTL_SECONDS}]; got ${args.ttlSeconds}. ` +
+            'Long-lived sessions MUST be issued server-side, not from this client library.');
+    }
+    const now = Date.now();
+    const session = {
+        address: args.address,
+        chainId: args.chainId,
+        origin: args.origin,
+        signature: args.signature,
+        issuedAt: new Date(now).toISOString(),
+        expiresAt: new Date(now + args.ttlSeconds * 1000).toISOString(),
+    };
+    return WalletSessionSchema.parse(session);
+}
+//# sourceMappingURL=session.js.map

package/dist/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAmB,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,4BAA4B,EAAE,MAAM,aAAa,CAAC;AAG3D,MAAM,WAAW,GAAG,8BAA8B,CAAC;AAEnD;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,CAAC;AAE/C,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,OAAO,EAAE,gBAAgB;IACzB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACpC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,mBAAmB,CAAC;IAChD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACjC,CAAC,CAAC;AAUH,SAAS,cAAc;IACrB,MAAM,CAAC,GAAG,UAA4D,CAAC;IACvE,OAAO,CAAC,CAAC,cAAc,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,OAAsB,EACtB,UAAsC,cAAc,EAAE;IAEtD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,CAAC,kCAAkC;IAC5C,CAAC;IACD,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IACnC,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,UAAsC,cAAc,EAAE,EACtD,QAAgB,IAAI,CAAC,GAAG,EAAE;IAE1B,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QACjB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,UAAmB,CAAC;IACxB,IAAI,CAAC;QACH,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAChC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,MAAM,GAAG,mBAAmB,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACzD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAChC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC9C,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,GAAG,IAAI,KAAK,EAAE,CAAC;QACtC,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAChC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,UAAsC,cAAc,EAAE;IAEtD,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IACD,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AAClC,CAAC;AAUD,MAAM,UAAU,YAAY,CAAC,IAAsB;IACjD,IAAI,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,GAAG,uBAAuB,EAAE,CAAC;QACtE,MAAM,IAAI,4BAA4B,CACpC,6BAA6B,uBAAuB,UAAU,IAAI,CAAC,UAAU,IAAI;YAC/E,+EAA+E,CAClF,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG;QACd,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,SAAS,EAAE,IAAI,CAAC,SAAmB;QACnC,QAAQ,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE;QACrC,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;KAChE,CAAC;IACF,OAAO,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;AAC5C,CAAC"}

package/dist/signing.d.ts

@@ -0,0 +1,94 @@
+/**
+ * EIP-712 typed-data signing + verification.
+ *
+ * Hardening deltas vs. v1.0.1:
+ *   1. v1.0.1 used `personal_sign` of a static plaintext — replayable
+ *      across chains, origins, time. We use EIP-712 typed data with
+ *      explicit domain (chainId + origin) and a per-attempt nonce.
+ *   2. Nonces are 256-bit cryptographically-random url-safe strings.
+ *   3. Signature verification is constant-time at the byte-array level.
+ *   4. Recovered address is compared as a normalized lowercase hex string.
+ */
+import { type Hex } from 'viem';
+import { type LoginPayload, type EvmAddress } from './types.js';
+import type { Eip1193Provider } from './provider.js';
+/** EIP-712 domain name — kept short, embedded in every signed payload. */
+export declare const TYPED_DATA_DOMAIN_NAME: "droplinked";
+/** EIP-712 type definitions. */
+export declare const LOGIN_TYPES: {
+    readonly Login: readonly [{
+        readonly name: "domain";
+        readonly type: "string";
+    }, {
+        readonly name: "address";
+        readonly type: "address";
+    }, {
+        readonly name: "statement";
+        readonly type: "string";
+    }, {
+        readonly name: "uri";
+        readonly type: "string";
+    }, {
+        readonly name: "version";
+        readonly type: "string";
+    }, {
+        readonly name: "chainId";
+        readonly type: "uint256";
+    }, {
+        readonly name: "nonce";
+        readonly type: "string";
+    }, {
+        readonly name: "issuedAt";
+        readonly type: "string";
+    }, {
+        readonly name: "expirationTime";
+        readonly type: "string";
+    }];
+};
+/**
+ * Generates a 256-bit random url-safe nonce. Uses Web Crypto when available;
+ * throws if no CSPRNG is reachable (we refuse to fall back to Math.random).
+ */
+export declare function generateNonce(): string;
+/**
+ * Build a canonical login payload. Always binds:
+ *   - origin (window.location.origin or caller-provided)
+ *   - chainId (must match the wallet's current chain at signing time)
+ *   - fresh nonce
+ *   - issuedAt timestamp
+ *   - optional expirationTime
+ */
+export interface BuildLoginPayloadArgs {
+    readonly address: EvmAddress;
+    readonly chainId: number;
+    readonly origin: string;
+    readonly statement?: string;
+    readonly expiresInSeconds?: number;
+}
+export declare function buildLoginPayload(args: BuildLoginPayloadArgs): LoginPayload;
+/**
+ * Request the wallet to sign the typed payload. Returns the 0x-prefixed
+ * signature.
+ */
+export declare function signLoginPayload(provider: Eip1193Provider, payload: LoginPayload): Promise<Hex>;
+/**
+ * Verify a previously-issued login signature. Server-side and client-side
+ * use the same function. Returns void on success, throws on any mismatch.
+ */
+export interface VerifyLoginArgs {
+    readonly payload: LoginPayload;
+    readonly signature: Hex;
+    readonly expectedAddress: EvmAddress;
+    readonly expectedChainId: number;
+    readonly expectedOrigin: string;
+    readonly nowMs?: number;
+}
+export declare function verifyLoginSignature(args: VerifyLoginArgs): Promise<void>;
+/**
+ * Constant-time string equality. Compares the UTF-8 byte representation;
+ * always touches every byte of both inputs regardless of mismatch position.
+ * Returns false immediately on length mismatch — note that length is
+ * inherently leaky and not considered a secret here.
+ */
+export declare function constantTimeStringEquals(a: string, b: string): boolean;
+//# sourceMappingURL=signing.d.ts.map

package/dist/signing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAiC,KAAK,GAAG,EAAE,MAAM,MAAM,CAAC;AAC/D,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,UAAU,EAChB,MAAM,YAAY,CAAC;AAOpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAErD,0EAA0E;AAC1E,eAAO,MAAM,sBAAsB,EAAG,YAAqB,CAAC;AAE5D,gCAAgC;AAChC,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAYd,CAAC;AAEX;;;GAGG;AACH,wBAAgB,aAAa,IAAI,MAAM,CActC;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,qBAAqB,GAAG,YAAY,CA4B3E;AAUD;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,eAAe,EACzB,OAAO,EAAE,YAAY,GACpB,OAAO,CAAC,GAAG,CAAC,CAmBd;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAC/B,QAAQ,CAAC,SAAS,EAAE,GAAG,CAAC;IACxB,QAAQ,CAAC,eAAe,EAAE,UAAU,CAAC;IACrC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAAC,IAAI,CAAC,CAgE/E;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAWtE"}