@ftptech/x402-canton-client 0.1.0

package/dist/fetch.js

@@ -0,0 +1,120 @@
+/**
+ * wrapFetchWithCantonPayment — automate the x402 v2 "detect 402 →
+ * pay → retry" flow against any Canton-aware facilitator.
+ *
+ * Usage:
+ *
+ *   const fetchWithPay = wrapFetchWithCantonPayment(globalThis.fetch, signer);
+ *   const res = await fetchWithPay("https://api.example.com/data");
+ *   const settle = readPaymentResponseHeader(res);
+ *
+ * Wire format: x402 v2 only. v1 fallback is tracked in BACKLOG.md
+ * and lands when an older facilitator demands it.
+ *
+ * Limitations:
+ * - The original request body must be replayable (e.g. JSON string,
+ *   Uint8Array, FormData). Streaming bodies will fail on retry.
+ * - Idempotency: callers should treat the wrapped fetch as
+ *   at-most-twice. If the second response is still 402 we throw —
+ *   no infinite-loop retries.
+ */
+import { HEADER_PAYMENT_REQUIRED_V2, HEADER_PAYMENT_SIGNATURE_V2, HEADER_PAYMENT_RESPONSE_V2, encodeBase64Json, decodeBase64Json, } from "@ftptech/x402-canton-core";
+import { ExactCantonScheme, SchemeMethodMismatchError } from "./scheme.js";
+/** Which on-ledger transfer methods a given signer can actually produce. */
+function signerMethods(signer) {
+    const m = new Set();
+    if (signer.signTransferCommand)
+        m.add("external-party-amulet-rules");
+    if (signer.signCip56Transfer)
+        m.add("cip56-transfer-factory");
+    return m;
+}
+export class X402PaymentError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.code = code;
+        this.name = "X402PaymentError";
+    }
+}
+export function wrapFetchWithCantonPayment(fetch, signer, options = {}) {
+    const scheme = new ExactCantonScheme(signer);
+    return async function fetchWithPayment(input, init) {
+        // If the caller is already attempting payment (has the signature
+        // header) just pass through — don't recurse.
+        const initHeaders = new Headers(init?.headers);
+        if (initHeaders.has(HEADER_PAYMENT_SIGNATURE_V2)) {
+            return fetch(input, init);
+        }
+        const first = await fetch(input, init);
+        if (first.status !== 402)
+            return first;
+        const requiredHeader = first.headers.get(HEADER_PAYMENT_REQUIRED_V2);
+        if (!requiredHeader) {
+            throw new X402PaymentError("402 response missing PAYMENT-REQUIRED header (v1 wire format not supported in client v0.1)", "MISSING_PAYMENT_REQUIRED_HEADER");
+        }
+        // The PAYMENT-REQUIRED header is server-controlled and untrusted:
+        // bad base64, non-JSON, or JSON missing `accepts[]` must surface as a
+        // discriminated X402PaymentError, not leak a raw SyntaxError/TypeError
+        // out of the wrapped fetch (the whole contract of this wrapper is that
+        // it only ever throws X402PaymentError).
+        let required;
+        try {
+            required = decodeBase64Json(requiredHeader);
+        }
+        catch {
+            throw new X402PaymentError("402 PAYMENT-REQUIRED header is not valid base64-encoded JSON", "MALFORMED_PAYMENT_REQUIRED");
+        }
+        if (!required || !Array.isArray(required.accepts)) {
+            throw new X402PaymentError("402 PAYMENT-REQUIRED payload missing a valid accepts[] array", "MALFORMED_PAYMENT_REQUIRED");
+        }
+        const candidates = required.accepts.filter((a) => {
+            if (a.scheme !== "exact-canton")
+                return false;
+            if (options.networkFilter && !options.networkFilter(a.network))
+                return false;
+            return true;
+        });
+        if (candidates.length === 0) {
+            throw new X402PaymentError("no exact-canton entry in 402 accepts[] (or networkFilter excluded all)", "NO_ACCEPTABLE_SCHEME");
+        }
+        // Narrow to entries whose transferMethod THIS signer can actually produce.
+        // A merchant may advertise both v1 (external-party-amulet-rules) and cip56;
+        // a CIP-56-only wallet (e.g. the agent-wallet relay signer) must pick the
+        // cip56 entry rather than blindly take accepts[0] and fail. If the merchant
+        // advertised exact-canton entries but NONE match this wallet, raise a clear,
+        // named mismatch error instead of a cryptic downstream failure (plan §4.1/3).
+        const methods = signerMethods(signer);
+        const compatible = candidates.filter((a) => methods.has(a.extra.transferMethod));
+        if (compatible.length === 0) {
+            const required_ = [
+                ...new Set(candidates.map((a) => a.extra.transferMethod)),
+            ].join(", ");
+            const supported = [...methods].join(", ") || "(none)";
+            throw new SchemeMethodMismatchError(required_, supported);
+        }
+        const chosen = options.selectRequirements?.(compatible) ?? compatible[0];
+        const envelope = await scheme.createPaymentPayload(chosen, required.resource);
+        const retryHeaders = new Headers(init?.headers);
+        retryHeaders.set(HEADER_PAYMENT_SIGNATURE_V2, encodeBase64Json(envelope));
+        const retryInit = { ...init, headers: retryHeaders };
+        const second = await fetch(input, retryInit);
+        if (second.status === 402) {
+            throw new X402PaymentError("payment retry still returned 402 — facilitator rejected the payment", "PAYMENT_REJECTED");
+        }
+        return second;
+    };
+}
+/**
+ * Decode the `PAYMENT-RESPONSE` header (x402 v2) attached to a
+ * response that came back through wrapFetchWithCantonPayment.
+ * Returns null when the header is absent (e.g. response unrelated to
+ * x402).
+ */
+export function readPaymentResponseHeader(response) {
+    const header = response.headers.get(HEADER_PAYMENT_RESPONSE_V2);
+    if (!header)
+        return null;
+    return decodeBase64Json(header);
+}
+//# sourceMappingURL=fetch.js.map

package/dist/fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.js","sourceRoot":"","sources":["../src/fetch.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EACL,0BAA0B,EAC1B,2BAA2B,EAC3B,0BAA0B,EAC1B,gBAAgB,EAChB,gBAAgB,GAIjB,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAE3E,4EAA4E;AAC5E,SAAS,aAAa,CAAC,MAAoB;IACzC,MAAM,CAAC,GAAG,IAAI,GAAG,EAAU,CAAC;IAC5B,IAAI,MAAM,CAAC,mBAAmB;QAAE,CAAC,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IACrE,IAAI,MAAM,CAAC,iBAAiB;QAAE,CAAC,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAC9D,OAAO,CAAC,CAAC;AACX,CAAC;AAmBD,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACI;IAA7C,YAAY,OAAe,EAAkB,IAA0B;QACrE,KAAK,CAAC,OAAO,CAAC,CAAC;QAD4B,SAAI,GAAJ,IAAI,CAAsB;QAErE,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AAQD,MAAM,UAAU,0BAA0B,CACxC,KAA8B,EAC9B,MAAoB,EACpB,UAA4B,EAAE;IAE9B,MAAM,MAAM,GAAG,IAAI,iBAAiB,CAAC,MAAM,CAAC,CAAC;IAE7C,OAAO,KAAK,UAAU,gBAAgB,CAAC,KAAK,EAAE,IAAI;QAChD,iEAAiE;QACjE,6CAA6C;QAC7C,MAAM,WAAW,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC/C,IAAI,WAAW,CAAC,GAAG,CAAC,2BAA2B,CAAC,EAAE,CAAC;YACjD,OAAO,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC5B,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,KAAK,CAAC;QAEvC,MAAM,cAAc,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;QACrE,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,gBAAgB,CACxB,4FAA4F,EAC5F,iCAAiC,CAClC,CAAC;QACJ,CAAC;QAED,kEAAkE;QAClE,sEAAsE;QACtE,uEAAuE;QACvE,uEAAuE;QACvE,yCAAyC;QACzC,IAAI,QAA6B,CAAC;QAClC,IAAI,CAAC;YACH,QAAQ,GAAG,gBAAgB,CAAsB,cAAc,CAAC,CAAC;QACnE,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,gBAAgB,CACxB,8DAA8D,EAC9D,4BAA4B,CAC7B,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,gBAAgB,CACxB,8DAA8D,EAC9D,4BAA4B,CAC7B,CAAC;QACJ,CAAC;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YAC/C,IAAI,CAAC,CAAC,MAAM,KAAK,cAAc;gBAAE,OAAO,KAAK,CAAC;YAC9C,IAAI,OAAO,CAAC,aAAa,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC7E,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC;QACH,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,IAAI,gBAAgB,CACxB,wEAAwE,EACxE,sBAAsB,CACvB,CAAC;QACJ,CAAC;QAED,2EAA2E;QAC3E,4EAA4E;QAC5E,0EAA0E;QAC1E,4EAA4E;QAC5E,6EAA6E;QAC7E,8EAA8E;QAC9E,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC;QACjF,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,MAAM,SAAS,GAAG;gBAChB,GAAG,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;aAC1D,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACb,MAAM,SAAS,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC;YACtD,MAAM,IAAI,yBAAyB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,MAAM,GACV,OAAO,CAAC,kBAAkB,EAAE,CAAC,UAAU,CAAC,IAAK,UAAU,CAAC,CAAC,CAAyB,CAAC;QAErF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAE9E,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAChD,YAAY,CAAC,GAAG,CAAC,2BAA2B,EAAE,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1E,MAAM,SAAS,GAAgB,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;QAElE,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC1B,MAAM,IAAI,gBAAgB,CACxB,qEAAqE,EACrE,kBAAkB,CACnB,CAAC;QACJ,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CACvC,QAAkB;IAElB,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;IAChE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,OAAO,gBAAgB,CAAI,MAAM,CAAC,CAAC;AACrC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export * from "./signer.js";
+export * from "./scheme.js";
+export * from "./fetch.js";
+export * from "./keyfile-signer.js";
+export * from "./cip56-signer.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC"}

package/dist/index.js

@@ -0,0 +1,6 @@
+export * from "./signer.js";
+export * from "./scheme.js";
+export * from "./fetch.js";
+export * from "./keyfile-signer.js";
+export * from "./cip56-signer.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAC;AAC5B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC"}

package/dist/keyfile-signer.d.ts

@@ -0,0 +1,185 @@
+/**
+ * KeyfileSigner — production `CantonSigner` implementation backed by
+ * a local Ed25519 PEM key, the JSON Ledger API v2's interactive-
+ * submission flow, and the Scan API for nonce + DSO lookups.
+ *
+ * Flow per `signTransferCommand`:
+ *
+ *   1. Read sender's next-expected nonce from
+ *      `ScanClient.getTransferCommandCounter(party)`. First payment
+ *      from a new party falls back to nonce 0.
+ *   2. Prepare an ExerciseCommand for
+ *      `ExternalPartyAmuletRules_CreateTransferCommand` with the
+ *      caller-supplied receiver / delegate / amount / description and
+ *      our just-resolved nonce. The `ExternalPartyAmuletRules`
+ *      contract id + template id + createdEventBlob must be supplied
+ *      via `deps.externalPartyAmuletRules` (caller fetches it from
+ *      Scan once at startup or via `loadExternalPartyAmuletRules`).
+ *   3. `CantonExternalPartySigner.prepareSignAndExecute` lands the
+ *      transaction. The execute endpoint returns `updateId` but NOT
+ *      events.
+ *   4. Query ACS via `CantonClient.queryActiveContracts` and filter
+ *      to TransferCommands matching `(sender, nonce)`. The
+ *      `TransferCommandCounter` ensures (sender, nonce) is unique,
+ *      so the match is the cid we just created.
+ *   5. Return `{transferCommandCid, payerParty, nonce}`.
+ *
+ * Open question (logged in CRON-RUNBOOK.md):
+ * - The exact choice argument shape for
+ *   `ExternalPartyAmuletRules_CreateTransferCommand` is inferred
+ *   from the Splice source comment ("sender, receiver, delegate,
+ *   amount, expiresAt, nonce, description, expectedDso"). Confirm
+ *   against a live participant; adjust if the participant rejects.
+ */
+import { CantonClient, CantonExternalPartySigner, ScanClient, type ExternalPartyKey, type ScanFlavor } from "@ftptech/x402-canton-ledger";
+import type { CantonSigner, SignedTransferCommand, SignTransferCommandInput } from "./signer.js";
+export interface ExternalPartyAmuletRulesRef {
+    contractId: string;
+    /**
+     * RESOLVED package-id form of the ExternalPartyAmuletRules template, taken
+     * verbatim from Scan's `template_id`
+     * (e.g. `<pkgHash>:Splice.ExternalPartyAmuletRules:ExternalPartyAmuletRules`).
+     *
+     * MUST NOT be the `#package-name` form: the create flows through
+     * interactive-submission/prepare, which cannot parse a leading `#`
+     * (the participant rejects it with "non expected character 0x23").
+     * Use `loadExternalPartyAmuletRules(scan)` to fetch a correct ref.
+     *
+     * This is the EPAR's OWN package (its creation version), used ONLY for the
+     * disclosed-contract entry — it must match `createdEventBlob`'s package or the
+     * participant rejects the prepare (DisclosedContract.template_id mismatch).
+     * The exercise itself targets `exerciseTemplateId`.
+     */
+    templateId: string;
+    /** Base64-encoded `created_event_blob` from Scan. Required for the
+     *  disclosedContracts entry. */
+    createdEventBlob: string;
+    /**
+     * Template id for the `ExternalPartyAmuletRules_CreateTransferCommand`
+     * EXERCISE: `<currentSpliceAmuletPkg>:Splice.ExternalPartyAmuletRules:ExternalPartyAmuletRules`,
+     * where the package is the CURRENT splice-amulet (what `#splice-amulet`
+     * resolves to), taken from the live AmuletRules contract.
+     *
+     * Separate from `templateId` because the EPAR singleton can sit on an OLDER
+     * package whose `CreateTransferCommand` lacks `description`/`expectedDso`,
+     * while the current package has them (verified live on mainnet). Canton
+     * smart-contract-upgrade reconciles the older disclosed contract with this
+     * newer exercise package. Must also be the resolved package-id form (no `#`).
+     */
+    exerciseTemplateId: string;
+}
+export interface KeyfileSignerDeps {
+    /** Wraps interactive-submission/prepare + execute. */
+    signer: CantonExternalPartySigner;
+    /** For ACS lookup of the newly-created TransferCommand cid. */
+    client: CantonClient;
+    /** For TransferCommandCounter (nonce). */
+    scan: ScanClient;
+    /** The Ed25519 keypair this signer signs with. */
+    key: ExternalPartyKey;
+    /** The agent's Canton party id. */
+    party: string;
+    /** The ExternalPartyAmuletRules contract reference (disclosed). */
+    externalPartyAmuletRules: ExternalPartyAmuletRulesRef;
+    /** DSO party id for the `expectedDso` field of
+     *  `ExternalPartyAmuletRules_CreateTransferCommand`. If omitted, it's
+     *  derived from the per-call synchronizerId (`global-domain::<hash>` →
+     *  `DSO::<hash>`). Set explicitly if your network uses a
+     *  non-conventional DSO/synchronizer naming. */
+    dso?: string;
+    /** Ledger user id submitted in the JsCommands envelope. */
+    userId?: string;
+    /** Default TransferCommand expiry window in seconds. Default 60. */
+    defaultExpirySeconds?: number;
+    /** Post-execute ACS poll attempts. interactive-submission/execute is async
+     *  (the create commits on the completion stream AFTER execute returns), so
+     *  the created TransferCommand is not visible immediately. Default 20. */
+    acsLookupAttempts?: number;
+    /** Delay between ACS poll attempts, ms. Default 1000. */
+    acsLookupDelayMs?: number;
+}
+/**
+ * Derive the DSO party id from a Global Synchronizer id.
+ *
+ * On Canton the DSO party and the global synchronizer share the same
+ * namespace fingerprint; the synchronizer id is `global-domain::<hash>`
+ * and the DSO party is `DSO::<hash>`. Verified live on DevNet:
+ * synchronizer `global-domain::1220be58c…` ↔ dso `DSO::1220be58c…`
+ * (the EPAR + AmuletRules payloads both report this dso). Returns null
+ * if the input doesn't have the expected `global-domain::` prefix.
+ */
+export declare function deriveDsoFromSynchronizer(synchronizerId: string): string | null;
+/**
+ * Fetch the live ExternalPartyAmuletRules + AmuletRules contracts from Scan and
+ * return a ready-to-use `ExternalPartyAmuletRulesRef`. `templateId` is the
+ * EPAR's own resolved package (for the disclosed contract); `exerciseTemplateId`
+ * is the CURRENT splice-amulet package (derived from AmuletRules) for the
+ * exercise. Both are the resolved package-id form — what
+ * interactive-submission/prepare requires, never `#package-name`. Call once at
+ * startup and pass the result as `KeyfileSignerDeps.externalPartyAmuletRules`.
+ */
+export declare function loadExternalPartyAmuletRules(scan: ScanClient): Promise<ExternalPartyAmuletRulesRef>;
+export declare class KeyfileSigner implements CantonSigner {
+    private readonly deps;
+    readonly party: string;
+    constructor(deps: KeyfileSignerDeps);
+    signTransferCommand(input: SignTransferCommandInput): Promise<SignedTransferCommand>;
+}
+/**
+ * Load an Ed25519 private key from a PEM file and derive the matching
+ * public key + canonical fingerprint via
+ * `ed25519KeyFromNodeKeyPair`.
+ *
+ * Either `keyPath` or `keyPem` must be supplied.
+ */
+export declare function loadEd25519KeyFromPem(args: {
+    keyPath?: string;
+    keyPem?: string;
+    fingerprint?: string;
+}): ExternalPartyKey;
+export interface MakeKeyfileSignerConfig {
+    /** Path to an Ed25519 PEM file. Mutually exclusive with `keyPem`. */
+    keyPath?: string;
+    /** Ed25519 PEM string (e.g. from an env var). */
+    keyPem?: string;
+    /** Optional fingerprint override (when participant canonicalizes
+     *  the public key differently than SPKI-DER-SHA256). */
+    fingerprint?: string;
+    /** Agent's Canton party id (sender of TransferCommands). */
+    party: string;
+    /** JSON Ledger API v2 base URL for the agent's participant. */
+    participantUrl: string;
+    /** Bearer JWT for the agent's participant. */
+    participantToken: string;
+    /** Daml package name used in `templateRef`. */
+    packageName?: string;
+    /** Scan API base URL. */
+    scanUrl: string;
+    /** Optional Scan bearer token. */
+    scanToken?: string;
+    /** Scan flavor — "validator" (validator-local proxy) or "sv"
+     *  (public SV Scan). Default "validator". */
+    scanFlavor?: ScanFlavor;
+    /** ExternalPartyAmuletRules disclosed-contract reference (operator
+     *  fetches once at startup from Scan). */
+    externalPartyAmuletRules: ExternalPartyAmuletRulesRef;
+    /** Optional explicit DSO party id for `expectedDso`. If omitted,
+     *  derived from the synchronizerId (`global-domain::<hash>` →
+     *  `DSO::<hash>`). */
+    dso?: string;
+    /** Optional ledger user id passed in JsCommands. Default
+     *  "x402-agent". */
+    userId?: string;
+    /** Optional default TransferCommand expiry seconds. Default 60. */
+    defaultExpirySeconds?: number;
+    /** Optional HTTP timeout for both participant + Scan. */
+    timeoutMs?: number;
+}
+/**
+ * Convenience builder that wires up `CantonClient`, `ScanClient`,
+ * `CantonExternalPartySigner`, and `loadEd25519KeyFromPem` from a
+ * flat config object so callers don't have to construct each
+ * dependency manually.
+ */
+export declare function makeKeyfileSigner(config: MakeKeyfileSignerConfig): KeyfileSigner;
+//# sourceMappingURL=keyfile-signer.d.ts.map

package/dist/keyfile-signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keyfile-signer.d.ts","sourceRoot":"","sources":["../src/keyfile-signer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAQH,OAAO,EACL,YAAY,EACZ,yBAAyB,EACzB,UAAU,EAEV,KAAK,gBAAgB,EACrB,KAAK,UAAU,EAChB,MAAM,6BAA6B,CAAC;AACrC,OAAO,KAAK,EACV,YAAY,EACZ,qBAAqB,EACrB,wBAAwB,EACzB,MAAM,aAAa,CAAC;AAQrB,MAAM,WAAW,2BAA2B;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB;;;;;;;;;;;;;;OAcG;IACH,UAAU,EAAE,MAAM,CAAC;IACnB;oCACgC;IAChC,gBAAgB,EAAE,MAAM,CAAC;IACzB;;;;;;;;;;;OAWG;IACH,kBAAkB,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,iBAAiB;IAChC,sDAAsD;IACtD,MAAM,EAAE,yBAAyB,CAAC;IAClC,+DAA+D;IAC/D,MAAM,EAAE,YAAY,CAAC;IACrB,0CAA0C;IAC1C,IAAI,EAAE,UAAU,CAAC;IACjB,kDAAkD;IAClD,GAAG,EAAE,gBAAgB,CAAC;IACtB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;IACd,mEAAmE;IACnE,wBAAwB,EAAE,2BAA2B,CAAC;IACtD;;;;oDAIgD;IAChD,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,2DAA2D;IAC3D,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oEAAoE;IACpE,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B;;8EAE0E;IAC1E,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,yDAAyD;IACzD,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;;;;;GASG;AACH,wBAAgB,yBAAyB,CACvC,cAAc,EAAE,MAAM,GACrB,MAAM,GAAG,IAAI,CAIf;AAED;;;;;;;;GAQG;AACH,wBAAsB,4BAA4B,CAChD,IAAI,EAAE,UAAU,GACf,OAAO,CAAC,2BAA2B,CAAC,CAmBtC;AAED,qBAAa,aAAc,YAAW,YAAY;IAGpC,OAAO,CAAC,QAAQ,CAAC,IAAI;IAFjC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBAEM,IAAI,EAAE,iBAAiB;IAI9C,mBAAmB,CACvB,KAAK,EAAE,wBAAwB,GAC9B,OAAO,CAAC,qBAAqB,CAAC;CA4JlC;AAED;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GAAG,gBAAgB,CAcnB;AAED,MAAM,WAAW,uBAAuB;IACtC,qEAAqE;IACrE,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,iDAAiD;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB;4DACwD;IACxD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4DAA4D;IAC5D,KAAK,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,cAAc,EAAE,MAAM,CAAC;IACvB,8CAA8C;IAC9C,gBAAgB,EAAE,MAAM,CAAC;IACzB,+CAA+C;IAC/C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;iDAC6C;IAC7C,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB;8CAC0C;IAC1C,wBAAwB,EAAE,2BAA2B,CAAC;IACtD;;0BAEsB;IACtB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb;wBACoB;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,mEAAmE;IACnE,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,yDAAyD;IACzD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,uBAAuB,GAAG,aAAa,CAoChF"}

package/dist/keyfile-signer.js

@@ -0,0 +1,281 @@
+/**
+ * KeyfileSigner — production `CantonSigner` implementation backed by
+ * a local Ed25519 PEM key, the JSON Ledger API v2's interactive-
+ * submission flow, and the Scan API for nonce + DSO lookups.
+ *
+ * Flow per `signTransferCommand`:
+ *
+ *   1. Read sender's next-expected nonce from
+ *      `ScanClient.getTransferCommandCounter(party)`. First payment
+ *      from a new party falls back to nonce 0.
+ *   2. Prepare an ExerciseCommand for
+ *      `ExternalPartyAmuletRules_CreateTransferCommand` with the
+ *      caller-supplied receiver / delegate / amount / description and
+ *      our just-resolved nonce. The `ExternalPartyAmuletRules`
+ *      contract id + template id + createdEventBlob must be supplied
+ *      via `deps.externalPartyAmuletRules` (caller fetches it from
+ *      Scan once at startup or via `loadExternalPartyAmuletRules`).
+ *   3. `CantonExternalPartySigner.prepareSignAndExecute` lands the
+ *      transaction. The execute endpoint returns `updateId` but NOT
+ *      events.
+ *   4. Query ACS via `CantonClient.queryActiveContracts` and filter
+ *      to TransferCommands matching `(sender, nonce)`. The
+ *      `TransferCommandCounter` ensures (sender, nonce) is unique,
+ *      so the match is the cid we just created.
+ *   5. Return `{transferCommandCid, payerParty, nonce}`.
+ *
+ * Open question (logged in CRON-RUNBOOK.md):
+ * - The exact choice argument shape for
+ *   `ExternalPartyAmuletRules_CreateTransferCommand` is inferred
+ *   from the Splice source comment ("sender, receiver, delegate,
+ *   amount, expiresAt, nonce, description, expectedDso"). Confirm
+ *   against a live participant; adjust if the participant rejects.
+ */
+import { readFileSync } from "node:fs";
+import { createPrivateKey, createPublicKey, } from "node:crypto";
+import { CantonClient, CantonExternalPartySigner, ScanClient, ed25519KeyFromNodeKeyPair, } from "@ftptech/x402-canton-ledger";
+const TRANSFER_COMMAND_TEMPLATE_SUFFIX = ":Splice.ExternalPartyAmuletRules:TransferCommand";
+const CREATE_TRANSFER_COMMAND_CHOICE = "ExternalPartyAmuletRules_CreateTransferCommand";
+/**
+ * Derive the DSO party id from a Global Synchronizer id.
+ *
+ * On Canton the DSO party and the global synchronizer share the same
+ * namespace fingerprint; the synchronizer id is `global-domain::<hash>`
+ * and the DSO party is `DSO::<hash>`. Verified live on DevNet:
+ * synchronizer `global-domain::1220be58c…` ↔ dso `DSO::1220be58c…`
+ * (the EPAR + AmuletRules payloads both report this dso). Returns null
+ * if the input doesn't have the expected `global-domain::` prefix.
+ */
+export function deriveDsoFromSynchronizer(synchronizerId) {
+    const prefix = "global-domain::";
+    if (!synchronizerId.startsWith(prefix))
+        return null;
+    return `DSO::${synchronizerId.slice(prefix.length)}`;
+}
+/**
+ * Fetch the live ExternalPartyAmuletRules + AmuletRules contracts from Scan and
+ * return a ready-to-use `ExternalPartyAmuletRulesRef`. `templateId` is the
+ * EPAR's own resolved package (for the disclosed contract); `exerciseTemplateId`
+ * is the CURRENT splice-amulet package (derived from AmuletRules) for the
+ * exercise. Both are the resolved package-id form — what
+ * interactive-submission/prepare requires, never `#package-name`. Call once at
+ * startup and pass the result as `KeyfileSignerDeps.externalPartyAmuletRules`.
+ */
+export async function loadExternalPartyAmuletRules(scan) {
+    const [eparRes, amuletRulesRes] = await Promise.all([
+        scan.getExternalPartyAmuletRules(),
+        scan.getAmuletRules(),
+    ]);
+    const c = eparRes.external_party_amulet_rules.contract;
+    // The EXERCISE must target the CURRENT splice-amulet package (what
+    // `#splice-amulet` resolves to), which carries the full CreateTransferCommand
+    // signature (description/expectedDso). The EPAR singleton itself may sit on an
+    // older package, so derive the current package from the live AmuletRules
+    // contract (same splice-amulet DAR — both modules ship together).
+    const currentPkg = amuletRulesRes.amulet_rules.contract.template_id.split(":")[0];
+    return {
+        contractId: c.contract_id,
+        templateId: c.template_id,
+        createdEventBlob: c.created_event_blob,
+        exerciseTemplateId: `${currentPkg}:Splice.ExternalPartyAmuletRules:ExternalPartyAmuletRules`,
+    };
+}
+export class KeyfileSigner {
+    deps;
+    party;
+    constructor(deps) {
+        this.deps = deps;
+        this.party = deps.party;
+    }
+    async signTransferCommand(input) {
+        // The create flows through interactive-submission/prepare, which cannot
+        // parse the `#package-name` templateId form (participant rejects it with
+        // "non expected character 0x23"). submit-and-wait tolerates `#name`, so a
+        // local-party smoke would not surface this. Fail fast before any I/O.
+        const eparRef = this.deps.externalPartyAmuletRules;
+        for (const [field, value] of [
+            ["templateId", eparRef.templateId],
+            ["exerciseTemplateId", eparRef.exerciseTemplateId],
+        ]) {
+            if (value.startsWith("#")) {
+                throw new Error(`KeyfileSigner: externalPartyAmuletRules.${field} must be the ` +
+                    'resolved package-id form (from Scan), not the "#package-name" ' +
+                    "form — interactive-submission/prepare cannot parse a leading `#`. " +
+                    `Use loadExternalPartyAmuletRules(scan). Got: ${value}`);
+            }
+        }
+        // 1. Resolve nonce.
+        let nextNonce = 0n;
+        try {
+            const counter = await this.deps.scan.getTransferCommandCounter(this.party);
+            nextNonce = BigInt(counter.transfer_command_counter.contract.payload.nextNonce);
+        }
+        catch {
+            // First payment from this party — counter does not exist yet.
+        }
+        // 2. Build choice argument.
+        const defaultExpirySeconds = this.deps.defaultExpirySeconds ?? 60;
+        const expiresAtMs = input.expiresAtMs ?? Date.now() + defaultExpirySeconds * 1000;
+        const epar = this.deps.externalPartyAmuletRules;
+        // `ExternalPartyAmuletRules_CreateTransferCommand` REQUIRES
+        // `expectedDso` (the DSO party id) — the participant rejects the
+        // prepare otherwise. Prefer an explicitly configured dso; else derive
+        // it from the synchronizer id, which on Canton is the same namespace
+        // with a `DSO` prefix instead of `global-domain` (verified live on
+        // DevNet: synchronizer `global-domain::1220<hash>` ↔ dso
+        // `DSO::1220<hash>`, and the cn-quickstart reference flow does the
+        // same swap). Fail loudly if neither is available rather than send an
+        // argument the ledger will reject.
+        const expectedDso = this.deps.dso ?? deriveDsoFromSynchronizer(input.synchronizerId);
+        if (!expectedDso) {
+            throw new Error("KeyfileSigner: cannot determine expectedDso — pass deps.dso, or a " +
+                `synchronizerId of the form "global-domain::<hash>" (got "${input.synchronizerId}")`);
+        }
+        const choiceArgument = {
+            sender: this.party,
+            receiver: input.receiver,
+            delegate: input.delegate,
+            amount: input.amount,
+            expiresAt: new Date(expiresAtMs).toISOString(),
+            nonce: nextNonce.toString(),
+            description: input.description,
+            expectedDso,
+        };
+        // 3. Prepare → sign → execute.
+        const userId = this.deps.userId ?? "x402-agent";
+        const commandId = `xfer-cmd-${Date.now()}-${Math.random()
+            .toString(36)
+            .slice(2, 10)}`;
+        await this.deps.signer.prepareSignAndExecute({
+            userId,
+            commandId,
+            actAs: [this.party],
+            synchronizerId: input.synchronizerId,
+            disclosedContracts: [
+                {
+                    templateId: epar.templateId,
+                    contractId: epar.contractId,
+                    createdEventBlob: epar.createdEventBlob,
+                    synchronizerId: input.synchronizerId,
+                },
+            ],
+            commands: [
+                {
+                    ExerciseCommand: {
+                        templateId: epar.exerciseTemplateId,
+                        contractId: epar.contractId,
+                        choice: CREATE_TRANSFER_COMMAND_CHOICE,
+                        choiceArgument,
+                    },
+                },
+            ],
+        }, this.deps.key);
+        // 4. Look up the created TransferCommand cid via ACS, matching
+        //    (sender, nonce). interactive-submission/execute is ASYNC — it returns
+        //    before the transaction commits (the commit lands on the completion
+        //    stream), so poll the ACS until the contract appears. The
+        //    TransferCommandCounter enforces nonce monotonicity per sender, so the
+        //    (sender, nonce) match is unique.
+        const nonceStr = nextNonce.toString();
+        const attempts = this.deps.acsLookupAttempts ?? 20;
+        const delayMs = this.deps.acsLookupDelayMs ?? 1000;
+        let foundCid;
+        for (let attempt = 0; attempt < attempts && !foundCid; attempt++) {
+            if (attempt > 0)
+                await new Promise((r) => setTimeout(r, delayMs));
+            const events = await this.deps.client.queryActiveContracts({
+                filtersByParty: {
+                    [this.party]: {
+                        cumulative: [
+                            {
+                                identifierFilter: {
+                                    WildcardFilter: {
+                                        value: { includeCreatedEventBlob: false },
+                                    },
+                                },
+                            },
+                        ],
+                    },
+                },
+            });
+            for (const e of events) {
+                if (!e.templateId.endsWith(TRANSFER_COMMAND_TEMPLATE_SUFFIX))
+                    continue;
+                const p = e.createArgument;
+                if (p.sender === this.party && p.nonce === nonceStr) {
+                    foundCid = e.contractId;
+                    break;
+                }
+            }
+        }
+        if (!foundCid) {
+            throw new Error(`KeyfileSigner: created TransferCommand not found in ACS after execute (party=${this.party}, nonce=${nonceStr}, polled ${attempts}x)`);
+        }
+        return {
+            transferCommandCid: foundCid,
+            payerParty: this.party,
+            nonce: Number(nextNonce),
+        };
+    }
+}
+/**
+ * Load an Ed25519 private key from a PEM file and derive the matching
+ * public key + canonical fingerprint via
+ * `ed25519KeyFromNodeKeyPair`.
+ *
+ * Either `keyPath` or `keyPem` must be supplied.
+ */
+export function loadEd25519KeyFromPem(args) {
+    const pem = args.keyPem ??
+        (args.keyPath ? readFileSync(args.keyPath, "utf8") : null);
+    if (!pem) {
+        throw new Error("loadEd25519KeyFromPem: provide keyPath or keyPem");
+    }
+    const privateKey = createPrivateKey({ key: pem, format: "pem" });
+    const publicKey = createPublicKey(privateKey);
+    return ed25519KeyFromNodeKeyPair({
+        privateKey,
+        publicKey,
+        ...(args.fingerprint !== undefined ? { fingerprint: args.fingerprint } : {}),
+    });
+}
+/**
+ * Convenience builder that wires up `CantonClient`, `ScanClient`,
+ * `CantonExternalPartySigner`, and `loadEd25519KeyFromPem` from a
+ * flat config object so callers don't have to construct each
+ * dependency manually.
+ */
+export function makeKeyfileSigner(config) {
+    const client = new CantonClient({
+        participantUrl: config.participantUrl,
+        token: config.participantToken,
+        packageName: config.packageName ?? "splice-amulet",
+        ...(config.timeoutMs !== undefined ? { timeoutMs: config.timeoutMs } : {}),
+    });
+    const scan = new ScanClient({
+        scanUrl: config.scanUrl,
+        ...(config.scanToken !== undefined ? { token: config.scanToken } : {}),
+        ...(config.scanFlavor !== undefined ? { flavor: config.scanFlavor } : {}),
+        ...(config.timeoutMs !== undefined ? { timeoutMs: config.timeoutMs } : {}),
+    });
+    const signer = new CantonExternalPartySigner(client);
+    const key = loadEd25519KeyFromPem({
+        ...(config.keyPath !== undefined ? { keyPath: config.keyPath } : {}),
+        ...(config.keyPem !== undefined ? { keyPem: config.keyPem } : {}),
+        ...(config.fingerprint !== undefined ? { fingerprint: config.fingerprint } : {}),
+    });
+    return new KeyfileSigner({
+        signer,
+        client,
+        scan,
+        key,
+        party: config.party,
+        externalPartyAmuletRules: config.externalPartyAmuletRules,
+        ...(config.dso !== undefined ? { dso: config.dso } : {}),
+        ...(config.userId !== undefined ? { userId: config.userId } : {}),
+        ...(config.defaultExpirySeconds !== undefined
+            ? { defaultExpirySeconds: config.defaultExpirySeconds }
+            : {}),
+    });
+}
+//# sourceMappingURL=keyfile-signer.js.map

package/dist/keyfile-signer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keyfile-signer.js","sourceRoot":"","sources":["../src/keyfile-signer.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EACL,gBAAgB,EAChB,eAAe,GAEhB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,YAAY,EACZ,yBAAyB,EACzB,UAAU,EACV,yBAAyB,GAG1B,MAAM,6BAA6B,CAAC;AAOrC,MAAM,gCAAgC,GACpC,kDAAkD,CAAC;AAErD,MAAM,8BAA8B,GAClC,gDAAgD,CAAC;AAqEnD;;;;;;;;;GASG;AACH,MAAM,UAAU,yBAAyB,CACvC,cAAsB;IAEtB,MAAM,MAAM,GAAG,iBAAiB,CAAC;IACjC,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IACpD,OAAO,QAAQ,cAAc,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;AACvD,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,IAAgB;IAEhB,MAAM,CAAC,OAAO,EAAE,cAAc,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAClD,IAAI,CAAC,2BAA2B,EAAE;QAClC,IAAI,CAAC,cAAc,EAAE;KACtB,CAAC,CAAC;IACH,MAAM,CAAC,GAAG,OAAO,CAAC,2BAA2B,CAAC,QAAQ,CAAC;IACvD,mEAAmE;IACnE,8EAA8E;IAC9E,+EAA+E;IAC/E,yEAAyE;IACzE,kEAAkE;IAClE,MAAM,UAAU,GACd,cAAc,CAAC,YAAY,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjE,OAAO;QACL,UAAU,EAAE,CAAC,CAAC,WAAW;QACzB,UAAU,EAAE,CAAC,CAAC,WAAW;QACzB,gBAAgB,EAAE,CAAC,CAAC,kBAAkB;QACtC,kBAAkB,EAAE,GAAG,UAAU,2DAA2D;KAC7F,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,aAAa;IAGK;IAFpB,KAAK,CAAS;IAEvB,YAA6B,IAAuB;QAAvB,SAAI,GAAJ,IAAI,CAAmB;QAClD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,mBAAmB,CACvB,KAA+B;QAE/B,wEAAwE;QACxE,yEAAyE;QACzE,0EAA0E;QAC1E,sEAAsE;QACtE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC;QACnD,KAAK,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI;YAC3B,CAAC,YAAY,EAAE,OAAO,CAAC,UAAU,CAAC;YAClC,CAAC,oBAAoB,EAAE,OAAO,CAAC,kBAAkB,CAAC;SAC1C,EAAE,CAAC;YACX,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,MAAM,IAAI,KAAK,CACb,2CAA2C,KAAK,eAAe;oBAC7D,gEAAgE;oBAChE,oEAAoE;oBACpE,gDAAgD,KAAK,EAAE,CAC1D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,oBAAoB;QACpB,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAC5D,IAAI,CAAC,KAAK,CACX,CAAC;YACF,SAAS,GAAG,MAAM,CAChB,OAAO,CAAC,wBAAwB,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAC5D,CAAC;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,8DAA8D;QAChE,CAAC;QAED,4BAA4B;QAC5B,MAAM,oBAAoB,GACxB,IAAI,CAAC,IAAI,CAAC,oBAAoB,IAAI,EAAE,CAAC;QACvC,MAAM,WAAW,GACf,KAAK,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,oBAAoB,GAAG,IAAI,CAAC;QAEhE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,wBAAwB,CAAC;QAEhD,4DAA4D;QAC5D,iEAAiE;QACjE,sEAAsE;QACtE,qEAAqE;QACrE,mEAAmE;QACnE,yDAAyD;QACzD,mEAAmE;QACnE,sEAAsE;QACtE,mCAAmC;QACnC,MAAM,WAAW,GACf,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,yBAAyB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QACnE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,oEAAoE;gBAClE,4DAA4D,KAAK,CAAC,cAAc,IAAI,CACvF,CAAC;QACJ,CAAC;QAED,MAAM,cAAc,GAAG;YACrB,MAAM,EAAE,IAAI,CAAC,KAAK;YAClB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,SAAS,EAAE,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,WAAW,EAAE;YAC9C,KAAK,EAAE,SAAS,CAAC,QAAQ,EAAE;YAC3B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,WAAW;SACZ,CAAC;QAEF,+BAA+B;QAC/B,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,YAAY,CAAC;QAChD,MAAM,SAAS,GAAG,YAAY,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE;aACtD,QAAQ,CAAC,EAAE,CAAC;aACZ,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;QAElB,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,qBAAqB,CAC1C;YACE,MAAM;YACN,SAAS;YACT,KAAK,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC;YACnB,cAAc,EAAE,KAAK,CAAC,cAAc;YACpC,kBAAkB,EAAE;gBAClB;oBACE,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;oBAC3B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;oBACvC,cAAc,EAAE,KAAK,CAAC,cAAc;iBACrC;aACF;YACD,QAAQ,EAAE;gBACR;oBACE,eAAe,EAAE;wBACf,UAAU,EAAE,IAAI,CAAC,kBAAkB;wBACnC,UAAU,EAAE,IAAI,CAAC,UAAU;wBAC3B,MAAM,EAAE,8BAA8B;wBACtC,cAAc;qBACf;iBACF;aACF;SACF,EACD,IAAI,CAAC,IAAI,CAAC,GAAG,CACd,CAAC;QAEF,+DAA+D;QAC/D,2EAA2E;QAC3E,wEAAwE;QACxE,8DAA8D;QAC9D,2EAA2E;QAC3E,sCAAsC;QACtC,MAAM,QAAQ,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,iBAAiB,IAAI,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC;QACnD,IAAI,QAA4B,CAAC;QACjC,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,GAAG,QAAQ,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,CAAC;YACjE,IAAI,OAAO,GAAG,CAAC;gBAAE,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;YAClE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC;gBACzD,cAAc,EAAE;oBACd,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;wBACZ,UAAU,EAAE;4BACV;gCACE,gBAAgB,EAAE;oCAChB,cAAc,EAAE;wCACd,KAAK,EAAE,EAAE,uBAAuB,EAAE,KAAK,EAAE;qCAC1C;iCACF;6BACF;yBACF;qBACF;iBACF;aACF,CAAC,CAAC;YACH,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvB,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,gCAAgC,CAAC;oBAAE,SAAS;gBACvE,MAAM,CAAC,GAAG,CAAC,CAAC,cAGX,CAAC;gBACF,IAAI,CAAC,CAAC,MAAM,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;oBACpD,QAAQ,GAAG,CAAC,CAAC,UAAU,CAAC;oBACxB,MAAM;gBACR,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CACb,gFAAgF,IAAI,CAAC,KAAK,WAAW,QAAQ,YAAY,QAAQ,IAAI,CACtI,CAAC;QACJ,CAAC;QAED,OAAO;YACL,kBAAkB,EAAE,QAAQ;YAC5B,UAAU,EAAE,IAAI,CAAC,KAAK;YACtB,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC;SACzB,CAAC;IACJ,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAIrC;IACC,MAAM,GAAG,GACP,IAAI,CAAC,MAAM;QACX,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;IAC7D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,UAAU,GAAc,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,MAAM,SAAS,GAAc,eAAe,CAAC,UAAU,CAAC,CAAC;IACzD,OAAO,yBAAyB,CAAC;QAC/B,UAAU;QACV,SAAS;QACT,GAAG,CAAC,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7E,CAAC,CAAC;AACL,CAAC;AAyCD;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAA+B;IAC/D,MAAM,MAAM,GAAG,IAAI,YAAY,CAAC;QAC9B,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,KAAK,EAAE,MAAM,CAAC,gBAAgB;QAC9B,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,eAAe;QAClD,GAAG,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC3E,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC;QAC1B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,GAAG,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,GAAG,CAAC,MAAM,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzE,GAAG,CAAC,MAAM,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC3E,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,IAAI,yBAAyB,CAAC,MAAM,CAAC,CAAC;IAErD,MAAM,GAAG,GAAG,qBAAqB,CAAC;QAChC,GAAG,CAAC,MAAM,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpE,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACjF,CAAC,CAAC;IAEH,OAAO,IAAI,aAAa,CAAC;QACvB,MAAM;QACN,MAAM;QACN,IAAI;QACJ,GAAG;QACH,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,wBAAwB,EAAE,MAAM,CAAC,wBAAwB;QACzD,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,GAAG,CAAC,MAAM,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjE,GAAG,CAAC,MAAM,CAAC,oBAAoB,KAAK,SAAS;YAC3C,CAAC,CAAC,EAAE,oBAAoB,EAAE,MAAM,CAAC,oBAAoB,EAAE;YACvD,CAAC,CAAC,EAAE,CAAC;KACR,CAAC,CAAC;AACL,CAAC"}