@hashgraphonline/standards-sdk 0.1.160 → 0.1.162

package/dist/es/standards-sdk.es175.js

@@ -1,262 +1,188 @@
-class EncryptionUnavailableError extends Error {
-  constructor(sessionId, summary) {
-    super("Encryption is not enabled for this session");
-    this.sessionId = sessionId;
-    this.summary = summary;
+import { Buffer } from "buffer";
+import { ledgerChallengeResponseSchema, ledgerVerifyResponseSchema } from "./standards-sdk.es140.js";
+import { canonicalizeLedgerNetwork } from "./standards-sdk.es142.js";
+import { createPrivateKeySignerAsync } from "./standards-sdk.es143.js";
+async function loadViemAccount(privateKey) {
+  try {
+    const viem = await import("viem/accounts");
+    return viem.privateKeyToAccount(privateKey);
+  } catch (error) {
+    const err = new Error(
+      'EVM ledger authentication requires the optional dependency "viem". Install it to use evmPrivateKey flows.'
+    );
+    err.cause = error;
+    throw err;
   }
 }
-class EncryptedChatManager {
-  constructor(client) {
-    this.client = client;
-  }
-  registerConversationContext(context) {
-    this.client.registerConversationContextForEncryption(context);
-  }
-  async startSession(options) {
-    await this.client.encryptionReady();
-    const session = await this.client.chat.createSession({
-      uaid: options.uaid,
-      senderUaid: options.senderUaid,
-      encryptionRequested: true,
-      historyTtlSeconds: options.historyTtlSeconds,
-      auth: options.auth
-    });
-    options.onSessionCreated?.(session.sessionId);
-    const summary = session.encryption;
-    if (!summary?.enabled) {
-      throw new EncryptionUnavailableError(
-        session.sessionId,
-        session.encryption ?? null
-      );
+async function resolveLedgerAuthSignature(message, options) {
+  if (typeof options.sign === "function") {
+    const result = await options.sign(message);
+    if (!result || typeof result.signature !== "string" || result.signature.length === 0) {
+      throw new Error("Custom ledger signer failed to produce a signature.");
     }
-    const handle = await this.establishRequesterContext({
-      sessionId: session.sessionId,
-      summary,
-      senderUaid: options.senderUaid,
-      handshakeTimeoutMs: options.handshakeTimeoutMs,
-      pollIntervalMs: options.pollIntervalMs
-    });
-    return handle;
+    return result;
   }
-  async acceptSession(options) {
-    await this.client.encryptionReady();
-    const summary = await this.waitForEncryptionSummary(
-      options.sessionId,
-      options.handshakeTimeoutMs,
-      options.pollIntervalMs
+  if (!options.signer || typeof options.signer.sign !== "function") {
+    throw new Error(
+      "Ledger authentication requires a Hedera Signer or custom sign function."
     );
-    const handle = await this.establishResponderContext({
-      sessionId: options.sessionId,
-      summary,
-      responderUaid: options.responderUaid,
-      handshakeTimeoutMs: options.handshakeTimeoutMs,
-      pollIntervalMs: options.pollIntervalMs
-    });
-    return handle;
   }
-  async establishRequesterContext(params) {
-    const keyPair = this.client.encryption.generateEphemeralKeyPair();
-    await this.client.chat.submitEncryptionHandshake(params.sessionId, {
-      role: "requester",
-      keyType: "secp256k1",
-      ephemeralPublicKey: keyPair.publicKey,
-      uaid: params.senderUaid ?? params.summary.requester?.uaid ?? void 0
-    });
-    const { summary, record } = await this.waitForHandshakeCompletion(
-      params.sessionId,
-      params.handshakeTimeoutMs,
-      params.pollIntervalMs
-    );
-    const responderKey = record.responder?.ephemeralPublicKey;
-    if (!responderKey) {
-      throw new Error("Responder handshake was not completed in time");
-    }
-    const sharedSecret = this.client.encryption.deriveSharedSecret({
-      privateKey: keyPair.privateKey,
-      peerPublicKey: responderKey
-    }).subarray();
-    const recipients = this.buildRecipients(summary);
-    return this.createHandle({
-      sessionId: params.sessionId,
-      sharedSecret,
-      summary,
-      recipients,
-      identity: summary.requester ?? void 0
-    });
+  const payload = Buffer.from(message, "utf8");
+  const signatures = await options.signer.sign([payload]);
+  const signatureEntry = signatures?.[0];
+  if (!signatureEntry) {
+    throw new Error("Signer did not return any signatures.");
   }
-  async establishResponderContext(params) {
-    const keyPair = this.client.encryption.generateEphemeralKeyPair();
-    await this.client.chat.submitEncryptionHandshake(params.sessionId, {
-      role: "responder",
-      keyType: "secp256k1",
-      ephemeralPublicKey: keyPair.publicKey,
-      uaid: params.responderUaid ?? params.summary.responder?.uaid ?? void 0
-    });
-    const { summary, record } = await this.waitForHandshakeCompletion(
-      params.sessionId,
-      params.handshakeTimeoutMs,
-      params.pollIntervalMs
-    );
-    const requesterKey = record.requester?.ephemeralPublicKey;
-    if (!requesterKey) {
-      throw new Error("Requester handshake was not detected in time");
+  let derivedPublicKey;
+  if (signatureEntry.publicKey) {
+    derivedPublicKey = signatureEntry.publicKey.toString();
+  } else if (typeof options.signer.getAccountKey === "function") {
+    const accountKey = await options.signer.getAccountKey();
+    if (accountKey && typeof accountKey.toString === "function") {
+      derivedPublicKey = accountKey.toString();
     }
-    const sharedSecret = this.client.encryption.deriveSharedSecret({
-      privateKey: keyPair.privateKey,
-      peerPublicKey: requesterKey
-    }).subarray();
-    const recipients = this.buildRecipients(summary);
-    return this.createHandle({
-      sessionId: params.sessionId,
-      sharedSecret,
-      summary,
-      recipients,
-      identity: summary.responder ?? void 0
-    });
   }
-  async waitForHandshakeCompletion(sessionId, timeoutMs = 3e4, pollIntervalMs = 1e3) {
-    const deadline = Date.now() + timeoutMs;
-    while (true) {
-      const status = await this.client.chat.getEncryptionStatus(sessionId);
-      const summary = status.encryption;
-      const record = summary?.handshake;
-      if (summary && record && record.status === "complete") {
-        return { summary, record };
-      }
-      if (Date.now() >= deadline) {
-        throw new Error("Timed out waiting for encrypted handshake completion");
-      }
-      await this.delay(pollIntervalMs);
+  return {
+    signature: Buffer.from(signatureEntry.signature).toString("base64"),
+    signatureKind: "raw",
+    publicKey: derivedPublicKey
+  };
+}
+async function createLedgerChallenge(client, payload) {
+  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
+  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
+  const raw = await client.requestJson("/auth/ledger/challenge", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: {
+      accountId: payload.accountId,
+      network
     }
+  });
+  return client.parseWithSchema(
+    raw,
+    ledgerChallengeResponseSchema,
+    "ledger challenge response"
+  );
+}
+async function verifyLedgerChallenge(client, payload) {
+  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);
+  const network = resolvedNetwork.kind === "hedera" ? resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical : resolvedNetwork.canonical;
+  const body = {
+    challengeId: payload.challengeId,
+    accountId: payload.accountId,
+    network,
+    signature: payload.signature
+  };
+  if (payload.signatureKind) {
+    body.signatureKind = payload.signatureKind;
   }
-  async waitForEncryptionSummary(sessionId, _timeoutMs = 3e4, _pollIntervalMs = 1e3) {
-    const status = await this.client.chat.getEncryptionStatus(sessionId);
-    if (!status.encryption?.enabled) {
-      throw new EncryptionUnavailableError(
-        sessionId,
-        status.encryption ?? null
-      );
-    }
-    return status.encryption;
+  if (payload.publicKey) {
+    body.publicKey = payload.publicKey;
   }
-  buildRecipients(summary) {
-    const candidates = [summary.requester, summary.responder].filter(Boolean);
-    const normalized = candidates.map((candidate) => {
-      if (!candidate) {
-        return null;
-      }
-      const recipient = {};
-      if (candidate.uaid) {
-        recipient.uaid = candidate.uaid;
-      }
-      if (candidate.ledgerAccountId) {
-        recipient.ledgerAccountId = candidate.ledgerAccountId;
-      }
-      if (candidate.userId) {
-        recipient.userId = candidate.userId;
-      }
-      if (candidate.email) {
-        recipient.email = candidate.email;
-      }
-      return recipient;
-    }).filter(
-      (entry) => Boolean(
-        entry?.uaid || entry?.ledgerAccountId || entry?.userId || entry?.email
-      )
-    );
-    if (normalized.length > 0) {
-      return normalized;
-    }
-    if (summary.responder?.uaid) {
-      return [{ uaid: summary.responder.uaid }];
-    }
-    return [];
+  if (typeof payload.expiresInMinutes === "number") {
+    body.expiresInMinutes = payload.expiresInMinutes;
   }
-  createHandle(context) {
-    const sharedSecret = context.sharedSecret;
-    const uaid = context.summary.requester?.uaid ?? context.summary.responder?.uaid ?? context.identity?.uaid;
-    const decryptHistoryEntry = (entry) => this.decryptEntry(entry, context.identity, sharedSecret);
-    const fetchHistory = async (options) => {
-      const snapshot = await this.client.fetchHistorySnapshot(
-        context.sessionId,
-        options
+  const raw = await client.requestJson("/auth/ledger/verify", {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body
+  });
+  const result = client.parseWithSchema(
+    raw,
+    ledgerVerifyResponseSchema,
+    "ledger verification response"
+  );
+  client.setLedgerApiKey(result.key);
+  return result;
+}
+async function authenticateWithLedger(client, options) {
+  const challenge = await client.createLedgerChallenge({
+    accountId: options.accountId,
+    network: options.network
+  });
+  const signed = await resolveLedgerAuthSignature(challenge.message, options);
+  const verification = await client.verifyLedgerChallenge({
+    challengeId: challenge.challengeId,
+    accountId: options.accountId,
+    network: options.network,
+    signature: signed.signature,
+    signatureKind: signed.signatureKind,
+    publicKey: signed.publicKey,
+    expiresInMinutes: options.expiresInMinutes
+  });
+  return verification;
+}
+async function authenticateWithLedgerCredentials(client, options) {
+  const {
+    accountId,
+    network,
+    signer,
+    sign,
+    hederaPrivateKey,
+    evmPrivateKey,
+    expiresInMinutes,
+    setAccountHeader = true,
+    label,
+    logger
+  } = options;
+  const resolvedNetwork = canonicalizeLedgerNetwork(network);
+  const labelSuffix = label ? ` for ${label}` : "";
+  const networkPayload = resolvedNetwork.canonical;
+  const authOptions = {
+    accountId,
+    network: networkPayload,
+    expiresInMinutes
+  };
+  if (sign) {
+    authOptions.sign = sign;
+  } else if (signer) {
+    authOptions.signer = signer;
+  } else if (hederaPrivateKey) {
+    if (resolvedNetwork.kind !== "hedera" || !resolvedNetwork.hederaNetwork) {
+      throw new Error(
+        "hederaPrivateKey can only be used with hedera:mainnet or hedera:testnet networks."
       );
-      if (snapshot.decryptedHistory) {
-        return snapshot.decryptedHistory;
-      }
-      return snapshot.history.map((entry) => ({
-        entry,
-        plaintext: decryptHistoryEntry(entry)
-      }));
-    };
-    const handle = {
-      sessionId: context.sessionId,
-      mode: "encrypted",
-      summary: context.summary,
-      send: async (options) => {
-        const recipients = options.recipients ?? context.recipients;
-        return this.client.chat.sendMessage({
-          sessionId: context.sessionId,
-          message: options.message ?? "[ciphertext omitted]",
-          streaming: options.streaming,
-          auth: options.auth,
-          uaid,
-          encryption: {
-            plaintext: options.plaintext,
-            sharedSecret: Buffer.from(sharedSecret),
-            recipients
-          }
-        });
-      },
-      decryptHistoryEntry,
-      fetchHistory
-    };
-    this.registerConversationContext({
-      sessionId: context.sessionId,
-      sharedSecret,
-      identity: context.identity
-    });
-    return handle;
-  }
-  decryptEntry(entry, identity, fallbackSecret) {
-    const envelope = entry.cipherEnvelope;
-    if (!envelope) {
-      return null;
     }
-    const secret = Buffer.from(fallbackSecret);
-    try {
-      return this.client.encryption.decryptCipherEnvelope({
-        envelope,
-        sharedSecret: secret
-      });
-    } catch (_error) {
-      return null;
-    }
-  }
-  recipientMatches(candidate, target) {
-    if (target.uaid && candidate.uaid?.toLowerCase() === target.uaid.toLowerCase()) {
-      return true;
-    }
-    if (target.ledgerAccountId && candidate.ledgerAccountId?.toLowerCase() === target.ledgerAccountId.toLowerCase()) {
-      return true;
-    }
-    if (target.userId && candidate.userId === target.userId) {
-      return true;
-    }
-    if (target.email && candidate.email?.toLowerCase() === target.email.toLowerCase()) {
-      return true;
+    authOptions.signer = await createPrivateKeySignerAsync({
+      accountId,
+      privateKey: hederaPrivateKey,
+      network: resolvedNetwork.hederaNetwork
+    });
+  } else if (evmPrivateKey) {
+    if (resolvedNetwork.kind !== "evm") {
+      throw new Error(
+        "evmPrivateKey can only be used with CAIP-2 EVM networks (eip155:<chainId>)."
+      );
     }
-    return false;
+    const formattedKey = evmPrivateKey.startsWith("0x") ? evmPrivateKey : `0x${evmPrivateKey}`;
+    const account = await loadViemAccount(formattedKey);
+    authOptions.sign = async (message) => ({
+      signature: await account.signMessage({ message }),
+      signatureKind: "evm",
+      publicKey: account.publicKey
+    });
+  } else {
+    throw new Error(
+      "Provide a signer, sign function, hederaPrivateKey, or evmPrivateKey to authenticate with the ledger."
+    );
   }
-  async delay(ms) {
-    if (ms <= 0) {
-      return;
-    }
-    await new Promise((resolve) => setTimeout(resolve, ms));
+  logger?.info?.(
+    `Authenticating ledger account ${accountId} (${resolvedNetwork.canonical})${labelSuffix}...`
+  );
+  const verification = await client.authenticateWithLedger(authOptions);
+  if (setAccountHeader) {
+    client.setDefaultHeader("x-account-id", verification.accountId);
   }
+  logger?.info?.(
+    `Ledger authentication complete${labelSuffix}. Issued key prefix: ${verification.apiKey.prefix}…${verification.apiKey.lastFour}`
+  );
+  return verification;
 }
 export {
-  EncryptedChatManager,
-  EncryptionUnavailableError
+  authenticateWithLedger,
+  authenticateWithLedgerCredentials,
+  createLedgerChallenge,
+  verifyLedgerChallenge
 };
 //# sourceMappingURL=standards-sdk.es175.js.map

package/dist/es/standards-sdk.es175.js.map

@@ -1 +1 @@
-{"version":3,"file":"standards-sdk.es175.js","sources":["../../src/services/registry-broker/client/encrypted-chat-manager.ts"],"sourcesContent":["import type {\n  AcceptEncryptedChatSessionOptions,\n  ChatHistoryEntry,\n  ChatHistoryFetchOptions,\n  CipherEnvelopeRecipient,\n  DecryptedHistoryEntry,\n  EncryptedChatSessionHandle,\n  EncryptionHandshakeRecord,\n  RecipientIdentity,\n  SessionEncryptionSummary,\n  SharedSecretInput,\n  StartEncryptedChatSessionOptions,\n} from '../types';\nimport type { RegistryBrokerClient } from './base-client';\n\ninterface EncryptedSessionContext {\n  sessionId: string;\n  sharedSecret: Uint8Array;\n  summary: SessionEncryptionSummary;\n  recipients: RecipientIdentity[];\n  identity?: RecipientIdentity;\n}\n\ninterface ConversationContextInput {\n  sessionId: string;\n  sharedSecret: Uint8Array | Buffer;\n  identity?: RecipientIdentity;\n}\n\nexport class EncryptionUnavailableError extends Error {\n  constructor(\n    readonly sessionId: string,\n    readonly summary?: SessionEncryptionSummary | null,\n  ) {\n    super('Encryption is not enabled for this session');\n  }\n}\n\nexport class EncryptedChatManager {\n  constructor(private readonly client: RegistryBrokerClient) {}\n\n  registerConversationContext(context: ConversationContextInput): void {\n    this.client.registerConversationContextForEncryption(context);\n  }\n\n  async startSession(\n    options: StartEncryptedChatSessionOptions,\n  ): Promise<EncryptedChatSessionHandle> {\n    await this.client.encryptionReady();\n    const session = await this.client.chat.createSession({\n      uaid: options.uaid,\n      senderUaid: options.senderUaid,\n      encryptionRequested: true,\n      historyTtlSeconds: options.historyTtlSeconds,\n      auth: options.auth,\n    });\n    options.onSessionCreated?.(session.sessionId);\n    const summary = session.encryption;\n    if (!summary?.enabled) {\n      throw new EncryptionUnavailableError(\n        session.sessionId,\n        session.encryption ?? null,\n      );\n    }\n    const handle = await this.establishRequesterContext({\n      sessionId: session.sessionId,\n      summary,\n      senderUaid: options.senderUaid,\n      handshakeTimeoutMs: options.handshakeTimeoutMs,\n      pollIntervalMs: options.pollIntervalMs,\n    });\n    return handle;\n  }\n\n  async acceptSession(\n    options: AcceptEncryptedChatSessionOptions,\n  ): Promise<EncryptedChatSessionHandle> {\n    await this.client.encryptionReady();\n    const summary = await this.waitForEncryptionSummary(\n      options.sessionId,\n      options.handshakeTimeoutMs,\n      options.pollIntervalMs,\n    );\n    const handle = await this.establishResponderContext({\n      sessionId: options.sessionId,\n      summary,\n      responderUaid: options.responderUaid,\n      handshakeTimeoutMs: options.handshakeTimeoutMs,\n      pollIntervalMs: options.pollIntervalMs,\n    });\n    return handle;\n  }\n\n  private async establishRequesterContext(params: {\n    sessionId: string;\n    summary: SessionEncryptionSummary;\n    senderUaid?: string;\n    handshakeTimeoutMs?: number;\n    pollIntervalMs?: number;\n  }): Promise<EncryptedChatSessionHandle> {\n    const keyPair = this.client.encryption.generateEphemeralKeyPair();\n    await this.client.chat.submitEncryptionHandshake(params.sessionId, {\n      role: 'requester',\n      keyType: 'secp256k1',\n      ephemeralPublicKey: keyPair.publicKey,\n      uaid: params.senderUaid ?? params.summary.requester?.uaid ?? undefined,\n    });\n    const { summary, record } = await this.waitForHandshakeCompletion(\n      params.sessionId,\n      params.handshakeTimeoutMs,\n      params.pollIntervalMs,\n    );\n    const responderKey = record.responder?.ephemeralPublicKey;\n    if (!responderKey) {\n      throw new Error('Responder handshake was not completed in time');\n    }\n    const sharedSecret = this.client.encryption\n      .deriveSharedSecret({\n        privateKey: keyPair.privateKey,\n        peerPublicKey: responderKey,\n      })\n      .subarray();\n    const recipients = this.buildRecipients(summary);\n    return this.createHandle({\n      sessionId: params.sessionId,\n      sharedSecret,\n      summary,\n      recipients,\n      identity: summary.requester ?? undefined,\n    });\n  }\n\n  private async establishResponderContext(params: {\n    sessionId: string;\n    summary: SessionEncryptionSummary;\n    responderUaid?: string;\n    handshakeTimeoutMs?: number;\n    pollIntervalMs?: number;\n  }): Promise<EncryptedChatSessionHandle> {\n    const keyPair = this.client.encryption.generateEphemeralKeyPair();\n    await this.client.chat.submitEncryptionHandshake(params.sessionId, {\n      role: 'responder',\n      keyType: 'secp256k1',\n      ephemeralPublicKey: keyPair.publicKey,\n      uaid: params.responderUaid ?? params.summary.responder?.uaid ?? undefined,\n    });\n    const { summary, record } = await this.waitForHandshakeCompletion(\n      params.sessionId,\n      params.handshakeTimeoutMs,\n      params.pollIntervalMs,\n    );\n    const requesterKey = record.requester?.ephemeralPublicKey;\n    if (!requesterKey) {\n      throw new Error('Requester handshake was not detected in time');\n    }\n    const sharedSecret = this.client.encryption\n      .deriveSharedSecret({\n        privateKey: keyPair.privateKey,\n        peerPublicKey: requesterKey,\n      })\n      .subarray();\n    const recipients = this.buildRecipients(summary);\n    return this.createHandle({\n      sessionId: params.sessionId,\n      sharedSecret,\n      summary,\n      recipients,\n      identity: summary.responder ?? undefined,\n    });\n  }\n\n  private async waitForHandshakeCompletion(\n    sessionId: string,\n    timeoutMs = 30_000,\n    pollIntervalMs = 1_000,\n  ): Promise<{\n    summary: SessionEncryptionSummary;\n    record: EncryptionHandshakeRecord;\n  }> {\n    const deadline = Date.now() + timeoutMs;\n    while (true) {\n      const status = await this.client.chat.getEncryptionStatus(sessionId);\n      const summary = status.encryption;\n      const record = summary?.handshake;\n      if (summary && record && record.status === 'complete') {\n        return { summary, record };\n      }\n      if (Date.now() >= deadline) {\n        throw new Error('Timed out waiting for encrypted handshake completion');\n      }\n      await this.delay(pollIntervalMs);\n    }\n  }\n\n  private async waitForEncryptionSummary(\n    sessionId: string,\n    _timeoutMs = 30_000,\n    _pollIntervalMs = 1_000,\n  ): Promise<SessionEncryptionSummary> {\n    const status = await this.client.chat.getEncryptionStatus(sessionId);\n    if (!status.encryption?.enabled) {\n      throw new EncryptionUnavailableError(\n        sessionId,\n        status.encryption ?? null,\n      );\n    }\n    return status.encryption;\n  }\n\n  private buildRecipients(\n    summary: SessionEncryptionSummary,\n  ): RecipientIdentity[] {\n    const candidates = [summary.requester, summary.responder].filter(Boolean);\n    const normalized = candidates\n      .map(candidate => {\n        if (!candidate) {\n          return null;\n        }\n        const recipient: RecipientIdentity = {};\n        if (candidate.uaid) {\n          recipient.uaid = candidate.uaid;\n        }\n        if (candidate.ledgerAccountId) {\n          recipient.ledgerAccountId = candidate.ledgerAccountId;\n        }\n        if (candidate.userId) {\n          recipient.userId = candidate.userId;\n        }\n        if (candidate.email) {\n          recipient.email = candidate.email;\n        }\n        return recipient;\n      })\n      .filter((entry): entry is RecipientIdentity =>\n        Boolean(\n          entry?.uaid ||\n            entry?.ledgerAccountId ||\n            entry?.userId ||\n            entry?.email,\n        ),\n      );\n    if (normalized.length > 0) {\n      return normalized;\n    }\n    if (summary.responder?.uaid) {\n      return [{ uaid: summary.responder.uaid }];\n    }\n    return [];\n  }\n\n  private createHandle(\n    context: EncryptedSessionContext,\n  ): EncryptedChatSessionHandle {\n    const sharedSecret = context.sharedSecret;\n    const uaid =\n      context.summary.requester?.uaid ??\n      context.summary.responder?.uaid ??\n      context.identity?.uaid;\n    const decryptHistoryEntry = (entry: ChatHistoryEntry): string | null =>\n      this.decryptEntry(entry, context.identity, sharedSecret);\n    const fetchHistory = async (\n      options?: ChatHistoryFetchOptions,\n    ): Promise<DecryptedHistoryEntry[]> => {\n      const snapshot = await this.client.fetchHistorySnapshot(\n        context.sessionId,\n        options,\n      );\n      if (snapshot.decryptedHistory) {\n        return snapshot.decryptedHistory;\n      }\n      return snapshot.history.map(entry => ({\n        entry,\n        plaintext: decryptHistoryEntry(entry),\n      }));\n    };\n    const handle: EncryptedChatSessionHandle = {\n      sessionId: context.sessionId,\n      mode: 'encrypted',\n      summary: context.summary,\n      send: async options => {\n        const recipients = options.recipients ?? context.recipients;\n        return this.client.chat.sendMessage({\n          sessionId: context.sessionId,\n          message: options.message ?? '[ciphertext omitted]',\n          streaming: options.streaming,\n          auth: options.auth,\n          uaid,\n          encryption: {\n            plaintext: options.plaintext,\n            sharedSecret: Buffer.from(sharedSecret),\n            recipients,\n          },\n        });\n      },\n      decryptHistoryEntry,\n      fetchHistory,\n    };\n    this.registerConversationContext({\n      sessionId: context.sessionId,\n      sharedSecret,\n      identity: context.identity,\n    });\n    return handle;\n  }\n\n  private decryptEntry(\n    entry: ChatHistoryEntry,\n    identity: RecipientIdentity | undefined,\n    fallbackSecret: Uint8Array,\n  ): string | null {\n    const envelope = entry.cipherEnvelope;\n    if (!envelope) {\n      return null;\n    }\n    const secret: SharedSecretInput = Buffer.from(fallbackSecret);\n    try {\n      return this.client.encryption.decryptCipherEnvelope({\n        envelope,\n        sharedSecret: secret,\n      });\n    } catch (_error) {\n      return null;\n    }\n  }\n\n  private recipientMatches(\n    candidate: CipherEnvelopeRecipient,\n    target: RecipientIdentity,\n  ): boolean {\n    if (\n      target.uaid &&\n      candidate.uaid?.toLowerCase() === target.uaid.toLowerCase()\n    ) {\n      return true;\n    }\n    if (\n      target.ledgerAccountId &&\n      candidate.ledgerAccountId?.toLowerCase() ===\n        target.ledgerAccountId.toLowerCase()\n    ) {\n      return true;\n    }\n    if (target.userId && candidate.userId === target.userId) {\n      return true;\n    }\n    if (\n      target.email &&\n      candidate.email?.toLowerCase() === target.email.toLowerCase()\n    ) {\n      return true;\n    }\n    return false;\n  }\n\n  private async delay(ms: number): Promise<void> {\n    if (ms <= 0) {\n      return;\n    }\n    await new Promise(resolve => setTimeout(resolve, ms));\n  }\n}\n"],"names":[],"mappings":"AA6BO,MAAM,mCAAmC,MAAM;AAAA,EACpD,YACW,WACA,SACT;AACA,UAAM,4CAA4C;AAHzC,SAAA,YAAA;AACA,SAAA,UAAA;AAAA,EAGX;AACF;AAEO,MAAM,qBAAqB;AAAA,EAChC,YAA6B,QAA8B;AAA9B,SAAA,SAAA;AAAA,EAA+B;AAAA,EAE5D,4BAA4B,SAAyC;AACnE,SAAK,OAAO,yCAAyC,OAAO;AAAA,EAC9D;AAAA,EAEA,MAAM,aACJ,SACqC;AACrC,UAAM,KAAK,OAAO,gBAAA;AAClB,UAAM,UAAU,MAAM,KAAK,OAAO,KAAK,cAAc;AAAA,MACnD,MAAM,QAAQ;AAAA,MACd,YAAY,QAAQ;AAAA,MACpB,qBAAqB;AAAA,MACrB,mBAAmB,QAAQ;AAAA,MAC3B,MAAM,QAAQ;AAAA,IAAA,CACf;AACD,YAAQ,mBAAmB,QAAQ,SAAS;AAC5C,UAAM,UAAU,QAAQ;AACxB,QAAI,CAAC,SAAS,SAAS;AACrB,YAAM,IAAI;AAAA,QACR,QAAQ;AAAA,QACR,QAAQ,cAAc;AAAA,MAAA;AAAA,IAE1B;AACA,UAAM,SAAS,MAAM,KAAK,0BAA0B;AAAA,MAClD,WAAW,QAAQ;AAAA,MACnB;AAAA,MACA,YAAY,QAAQ;AAAA,MACpB,oBAAoB,QAAQ;AAAA,MAC5B,gBAAgB,QAAQ;AAAA,IAAA,CACzB;AACD,WAAO;AAAA,EACT;AAAA,EAEA,MAAM,cACJ,SACqC;AACrC,UAAM,KAAK,OAAO,gBAAA;AAClB,UAAM,UAAU,MAAM,KAAK;AAAA,MACzB,QAAQ;AAAA,MACR,QAAQ;AAAA,MACR,QAAQ;AAAA,IAAA;AAEV,UAAM,SAAS,MAAM,KAAK,0BAA0B;AAAA,MAClD,WAAW,QAAQ;AAAA,MACnB;AAAA,MACA,eAAe,QAAQ;AAAA,MACvB,oBAAoB,QAAQ;AAAA,MAC5B,gBAAgB,QAAQ;AAAA,IAAA,CACzB;AACD,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,0BAA0B,QAMA;AACtC,UAAM,UAAU,KAAK,OAAO,WAAW,yBAAA;AACvC,UAAM,KAAK,OAAO,KAAK,0BAA0B,OAAO,WAAW;AAAA,MACjE,MAAM;AAAA,MACN,SAAS;AAAA,MACT,oBAAoB,QAAQ;AAAA,MAC5B,MAAM,OAAO,cAAc,OAAO,QAAQ,WAAW,QAAQ;AAAA,IAAA,CAC9D;AACD,UAAM,EAAE,SAAS,WAAW,MAAM,KAAK;AAAA,MACrC,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IAAA;AAET,UAAM,eAAe,OAAO,WAAW;AACvC,QAAI,CAAC,cAAc;AACjB,YAAM,IAAI,MAAM,+CAA+C;AAAA,IACjE;AACA,UAAM,eAAe,KAAK,OAAO,WAC9B,mBAAmB;AAAA,MAClB,YAAY,QAAQ;AAAA,MACpB,eAAe;AAAA,IAAA,CAChB,EACA,SAAA;AACH,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,WAAO,KAAK,aAAa;AAAA,MACvB,WAAW,OAAO;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ,aAAa;AAAA,IAAA,CAChC;AAAA,EACH;AAAA,EAEA,MAAc,0BAA0B,QAMA;AACtC,UAAM,UAAU,KAAK,OAAO,WAAW,yBAAA;AACvC,UAAM,KAAK,OAAO,KAAK,0BAA0B,OAAO,WAAW;AAAA,MACjE,MAAM;AAAA,MACN,SAAS;AAAA,MACT,oBAAoB,QAAQ;AAAA,MAC5B,MAAM,OAAO,iBAAiB,OAAO,QAAQ,WAAW,QAAQ;AAAA,IAAA,CACjE;AACD,UAAM,EAAE,SAAS,WAAW,MAAM,KAAK;AAAA,MACrC,OAAO;AAAA,MACP,OAAO;AAAA,MACP,OAAO;AAAA,IAAA;AAET,UAAM,eAAe,OAAO,WAAW;AACvC,QAAI,CAAC,cAAc;AACjB,YAAM,IAAI,MAAM,8CAA8C;AAAA,IAChE;AACA,UAAM,eAAe,KAAK,OAAO,WAC9B,mBAAmB;AAAA,MAClB,YAAY,QAAQ;AAAA,MACpB,eAAe;AAAA,IAAA,CAChB,EACA,SAAA;AACH,UAAM,aAAa,KAAK,gBAAgB,OAAO;AAC/C,WAAO,KAAK,aAAa;AAAA,MACvB,WAAW,OAAO;AAAA,MAClB;AAAA,MACA;AAAA,MACA;AAAA,MACA,UAAU,QAAQ,aAAa;AAAA,IAAA,CAChC;AAAA,EACH;AAAA,EAEA,MAAc,2BACZ,WACA,YAAY,KACZ,iBAAiB,KAIhB;AACD,UAAM,WAAW,KAAK,IAAA,IAAQ;AAC9B,WAAO,MAAM;AACX,YAAM,SAAS,MAAM,KAAK,OAAO,KAAK,oBAAoB,SAAS;AACnE,YAAM,UAAU,OAAO;AACvB,YAAM,SAAS,SAAS;AACxB,UAAI,WAAW,UAAU,OAAO,WAAW,YAAY;AACrD,eAAO,EAAE,SAAS,OAAA;AAAA,MACpB;AACA,UAAI,KAAK,IAAA,KAAS,UAAU;AAC1B,cAAM,IAAI,MAAM,sDAAsD;AAAA,MACxE;AACA,YAAM,KAAK,MAAM,cAAc;AAAA,IACjC;AAAA,EACF;AAAA,EAEA,MAAc,yBACZ,WACA,aAAa,KACb,kBAAkB,KACiB;AACnC,UAAM,SAAS,MAAM,KAAK,OAAO,KAAK,oBAAoB,SAAS;AACnE,QAAI,CAAC,OAAO,YAAY,SAAS;AAC/B,YAAM,IAAI;AAAA,QACR;AAAA,QACA,OAAO,cAAc;AAAA,MAAA;AAAA,IAEzB;AACA,WAAO,OAAO;AAAA,EAChB;AAAA,EAEQ,gBACN,SACqB;AACrB,UAAM,aAAa,CAAC,QAAQ,WAAW,QAAQ,SAAS,EAAE,OAAO,OAAO;AACxE,UAAM,aAAa,WAChB,IAAI,CAAA,cAAa;AAChB,UAAI,CAAC,WAAW;AACd,eAAO;AAAA,MACT;AACA,YAAM,YAA+B,CAAA;AACrC,UAAI,UAAU,MAAM;AAClB,kBAAU,OAAO,UAAU;AAAA,MAC7B;AACA,UAAI,UAAU,iBAAiB;AAC7B,kBAAU,kBAAkB,UAAU;AAAA,MACxC;AACA,UAAI,UAAU,QAAQ;AACpB,kBAAU,SAAS,UAAU;AAAA,MAC/B;AACA,UAAI,UAAU,OAAO;AACnB,kBAAU,QAAQ,UAAU;AAAA,MAC9B;AACA,aAAO;AAAA,IACT,CAAC,EACA;AAAA,MAAO,CAAC,UACP;AAAA,QACE,OAAO,QACL,OAAO,mBACP,OAAO,UACP,OAAO;AAAA,MAAA;AAAA,IACX;AAEJ,QAAI,WAAW,SAAS,GAAG;AACzB,aAAO;AAAA,IACT;AACA,QAAI,QAAQ,WAAW,MAAM;AAC3B,aAAO,CAAC,EAAE,MAAM,QAAQ,UAAU,MAAM;AAAA,IAC1C;AACA,WAAO,CAAA;AAAA,EACT;AAAA,EAEQ,aACN,SAC4B;AAC5B,UAAM,eAAe,QAAQ;AAC7B,UAAM,OACJ,QAAQ,QAAQ,WAAW,QAC3B,QAAQ,QAAQ,WAAW,QAC3B,QAAQ,UAAU;AACpB,UAAM,sBAAsB,CAAC,UAC3B,KAAK,aAAa,OAAO,QAAQ,UAAU,YAAY;AACzD,UAAM,eAAe,OACnB,YACqC;AACrC,YAAM,WAAW,MAAM,KAAK,OAAO;AAAA,QACjC,QAAQ;AAAA,QACR;AAAA,MAAA;AAEF,UAAI,SAAS,kBAAkB;AAC7B,eAAO,SAAS;AAAA,MAClB;AACA,aAAO,SAAS,QAAQ,IAAI,CAAA,WAAU;AAAA,QACpC;AAAA,QACA,WAAW,oBAAoB,KAAK;AAAA,MAAA,EACpC;AAAA,IACJ;AACA,UAAM,SAAqC;AAAA,MACzC,WAAW,QAAQ;AAAA,MACnB,MAAM;AAAA,MACN,SAAS,QAAQ;AAAA,MACjB,MAAM,OAAM,YAAW;AACrB,cAAM,aAAa,QAAQ,cAAc,QAAQ;AACjD,eAAO,KAAK,OAAO,KAAK,YAAY;AAAA,UAClC,WAAW,QAAQ;AAAA,UACnB,SAAS,QAAQ,WAAW;AAAA,UAC5B,WAAW,QAAQ;AAAA,UACnB,MAAM,QAAQ;AAAA,UACd;AAAA,UACA,YAAY;AAAA,YACV,WAAW,QAAQ;AAAA,YACnB,cAAc,OAAO,KAAK,YAAY;AAAA,YACtC;AAAA,UAAA;AAAA,QACF,CACD;AAAA,MACH;AAAA,MACA;AAAA,MACA;AAAA,IAAA;AAEF,SAAK,4BAA4B;AAAA,MAC/B,WAAW,QAAQ;AAAA,MACnB;AAAA,MACA,UAAU,QAAQ;AAAA,IAAA,CACnB;AACD,WAAO;AAAA,EACT;AAAA,EAEQ,aACN,OACA,UACA,gBACe;AACf,UAAM,WAAW,MAAM;AACvB,QAAI,CAAC,UAAU;AACb,aAAO;AAAA,IACT;AACA,UAAM,SAA4B,OAAO,KAAK,cAAc;AAC5D,QAAI;AACF,aAAO,KAAK,OAAO,WAAW,sBAAsB;AAAA,QAClD;AAAA,QACA,cAAc;AAAA,MAAA,CACf;AAAA,IACH,SAAS,QAAQ;AACf,aAAO;AAAA,IACT;AAAA,EACF;AAAA,EAEQ,iBACN,WACA,QACS;AACT,QACE,OAAO,QACP,UAAU,MAAM,kBAAkB,OAAO,KAAK,eAC9C;AACA,aAAO;AAAA,IACT;AACA,QACE,OAAO,mBACP,UAAU,iBAAiB,kBACzB,OAAO,gBAAgB,eACzB;AACA,aAAO;AAAA,IACT;AACA,QAAI,OAAO,UAAU,UAAU,WAAW,OAAO,QAAQ;AACvD,aAAO;AAAA,IACT;AACA,QACE,OAAO,SACP,UAAU,OAAO,kBAAkB,OAAO,MAAM,eAChD;AACA,aAAO;AAAA,IACT;AACA,WAAO;AAAA,EACT;AAAA,EAEA,MAAc,MAAM,IAA2B;AAC7C,QAAI,MAAM,GAAG;AACX;AAAA,IACF;AACA,UAAM,IAAI,QAAQ,CAAA,YAAW,WAAW,SAAS,EAAE,CAAC;AAAA,EACtD;AACF;"}
+{"version":3,"file":"standards-sdk.es175.js","sources":["../../src/services/registry-broker/client/ledger-auth.ts"],"sourcesContent":["import { Buffer } from 'buffer';\nimport type { SignerSignature } from '@hashgraph/sdk';\nimport type {\n  JsonObject,\n  JsonValue,\n  LedgerAuthenticationOptions,\n  LedgerAuthenticationSignerResult,\n  LedgerChallengeRequest,\n  LedgerChallengeResponse,\n  LedgerCredentialAuthOptions,\n  LedgerVerifyRequest,\n  LedgerVerifyResponse,\n} from '../types';\nimport {\n  ledgerChallengeResponseSchema,\n  ledgerVerifyResponseSchema,\n} from '../schemas';\nimport { canonicalizeLedgerNetwork } from '../ledger-network';\nimport { createPrivateKeySignerAsync } from '../private-key-signer';\nimport type { RegistryBrokerClient } from './base-client';\n\nasync function loadViemAccount(privateKey: `0x${string}`): Promise<{\n  publicKey: string;\n  signMessage: (input: { message: string }) => Promise<string>;\n}> {\n  try {\n    const viem = await import('viem/accounts');\n    return viem.privateKeyToAccount(privateKey);\n  } catch (error) {\n    const err = new Error(\n      'EVM ledger authentication requires the optional dependency \"viem\". Install it to use evmPrivateKey flows.',\n    );\n    (err as { cause?: unknown }).cause = error;\n    throw err;\n  }\n}\n\nasync function resolveLedgerAuthSignature(\n  message: string,\n  options: LedgerAuthenticationOptions,\n): Promise<LedgerAuthenticationSignerResult> {\n  if (typeof options.sign === 'function') {\n    const result = await options.sign(message);\n    if (\n      !result ||\n      typeof result.signature !== 'string' ||\n      result.signature.length === 0\n    ) {\n      throw new Error('Custom ledger signer failed to produce a signature.');\n    }\n    return result;\n  }\n\n  if (!options.signer || typeof options.signer.sign !== 'function') {\n    throw new Error(\n      'Ledger authentication requires a Hedera Signer or custom sign function.',\n    );\n  }\n\n  const payload = Buffer.from(message, 'utf8');\n  const signatures: SignerSignature[] = await options.signer.sign([payload]);\n  const signatureEntry = signatures?.[0];\n  if (!signatureEntry) {\n    throw new Error('Signer did not return any signatures.');\n  }\n\n  let derivedPublicKey: string | undefined;\n  if (signatureEntry.publicKey) {\n    derivedPublicKey = signatureEntry.publicKey.toString();\n  } else if (typeof options.signer.getAccountKey === 'function') {\n    const accountKey = await options.signer.getAccountKey();\n    if (accountKey && typeof accountKey.toString === 'function') {\n      derivedPublicKey = accountKey.toString();\n    }\n  }\n\n  return {\n    signature: Buffer.from(signatureEntry.signature).toString('base64'),\n    signatureKind: 'raw',\n    publicKey: derivedPublicKey,\n  };\n}\n\nexport async function createLedgerChallenge(\n  client: RegistryBrokerClient,\n  payload: LedgerChallengeRequest,\n): Promise<LedgerChallengeResponse> {\n  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);\n  const network =\n    resolvedNetwork.kind === 'hedera'\n      ? (resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical)\n      : resolvedNetwork.canonical;\n  const raw = await client.requestJson<JsonValue>('/auth/ledger/challenge', {\n    method: 'POST',\n    headers: { 'content-type': 'application/json' },\n    body: {\n      accountId: payload.accountId,\n      network,\n    },\n  });\n\n  return client.parseWithSchema(\n    raw,\n    ledgerChallengeResponseSchema,\n    'ledger challenge response',\n  );\n}\n\nexport async function verifyLedgerChallenge(\n  client: RegistryBrokerClient,\n  payload: LedgerVerifyRequest,\n): Promise<LedgerVerifyResponse> {\n  const resolvedNetwork = canonicalizeLedgerNetwork(payload.network);\n  const network =\n    resolvedNetwork.kind === 'hedera'\n      ? (resolvedNetwork.hederaNetwork ?? resolvedNetwork.canonical)\n      : resolvedNetwork.canonical;\n  const body: JsonObject = {\n    challengeId: payload.challengeId,\n    accountId: payload.accountId,\n    network,\n    signature: payload.signature,\n  };\n\n  if (payload.signatureKind) {\n    body.signatureKind = payload.signatureKind;\n  }\n  if (payload.publicKey) {\n    body.publicKey = payload.publicKey;\n  }\n  if (typeof payload.expiresInMinutes === 'number') {\n    body.expiresInMinutes = payload.expiresInMinutes;\n  }\n\n  const raw = await client.requestJson<JsonValue>('/auth/ledger/verify', {\n    method: 'POST',\n    headers: { 'content-type': 'application/json' },\n    body,\n  });\n\n  const result = client.parseWithSchema(\n    raw,\n    ledgerVerifyResponseSchema,\n    'ledger verification response',\n  );\n\n  client.setLedgerApiKey(result.key);\n  return result;\n}\n\nexport async function authenticateWithLedger(\n  client: RegistryBrokerClient,\n  options: LedgerAuthenticationOptions,\n): Promise<LedgerVerifyResponse> {\n  const challenge = await client.createLedgerChallenge({\n    accountId: options.accountId,\n    network: options.network,\n  });\n  const signed = await resolveLedgerAuthSignature(challenge.message, options);\n  const verification = await client.verifyLedgerChallenge({\n    challengeId: challenge.challengeId,\n    accountId: options.accountId,\n    network: options.network,\n    signature: signed.signature,\n    signatureKind: signed.signatureKind,\n    publicKey: signed.publicKey,\n    expiresInMinutes: options.expiresInMinutes,\n  });\n  return verification;\n}\n\nexport async function authenticateWithLedgerCredentials(\n  client: RegistryBrokerClient,\n  options: LedgerCredentialAuthOptions,\n): Promise<LedgerVerifyResponse> {\n  const {\n    accountId,\n    network,\n    signer,\n    sign,\n    hederaPrivateKey,\n    evmPrivateKey,\n    expiresInMinutes,\n    setAccountHeader = true,\n    label,\n    logger,\n  } = options;\n\n  const resolvedNetwork = canonicalizeLedgerNetwork(network);\n  const labelSuffix = label ? ` for ${label}` : '';\n\n  const networkPayload = resolvedNetwork.canonical;\n\n  const authOptions: LedgerAuthenticationOptions = {\n    accountId,\n    network: networkPayload,\n    expiresInMinutes,\n  };\n\n  if (sign) {\n    authOptions.sign = sign;\n  } else if (signer) {\n    authOptions.signer = signer;\n  } else if (hederaPrivateKey) {\n    if (resolvedNetwork.kind !== 'hedera' || !resolvedNetwork.hederaNetwork) {\n      throw new Error(\n        'hederaPrivateKey can only be used with hedera:mainnet or hedera:testnet networks.',\n      );\n    }\n    authOptions.signer = await createPrivateKeySignerAsync({\n      accountId,\n      privateKey: hederaPrivateKey,\n      network: resolvedNetwork.hederaNetwork,\n    });\n  } else if (evmPrivateKey) {\n    if (resolvedNetwork.kind !== 'evm') {\n      throw new Error(\n        'evmPrivateKey can only be used with CAIP-2 EVM networks (eip155:<chainId>).',\n      );\n    }\n    const formattedKey = evmPrivateKey.startsWith('0x')\n      ? (evmPrivateKey as `0x${string}`)\n      : (`0x${evmPrivateKey}` as `0x${string}`);\n    const account = await loadViemAccount(formattedKey);\n    authOptions.sign = async message => ({\n      signature: await account.signMessage({ message }),\n      signatureKind: 'evm',\n      publicKey: account.publicKey,\n    });\n  } else {\n    throw new Error(\n      'Provide a signer, sign function, hederaPrivateKey, or evmPrivateKey to authenticate with the ledger.',\n    );\n  }\n\n  logger?.info?.(\n    `Authenticating ledger account ${accountId} (${resolvedNetwork.canonical})${labelSuffix}...`,\n  );\n  const verification = await client.authenticateWithLedger(authOptions);\n  if (setAccountHeader) {\n    client.setDefaultHeader('x-account-id', verification.accountId);\n  }\n  logger?.info?.(\n    `Ledger authentication complete${labelSuffix}. Issued key prefix: ${verification.apiKey.prefix}…${verification.apiKey.lastFour}`,\n  );\n  return verification;\n}\n"],"names":[],"mappings":";;;;AAqBA,eAAe,gBAAgB,YAG5B;AACD,MAAI;AACF,UAAM,OAAO,MAAM,OAAO,eAAe;AACzC,WAAO,KAAK,oBAAoB,UAAU;AAAA,EAC5C,SAAS,OAAO;AACd,UAAM,MAAM,IAAI;AAAA,MACd;AAAA,IAAA;AAED,QAA4B,QAAQ;AACrC,UAAM;AAAA,EACR;AACF;AAEA,eAAe,2BACb,SACA,SAC2C;AAC3C,MAAI,OAAO,QAAQ,SAAS,YAAY;AACtC,UAAM,SAAS,MAAM,QAAQ,KAAK,OAAO;AACzC,QACE,CAAC,UACD,OAAO,OAAO,cAAc,YAC5B,OAAO,UAAU,WAAW,GAC5B;AACA,YAAM,IAAI,MAAM,qDAAqD;AAAA,IACvE;AACA,WAAO;AAAA,EACT;AAEA,MAAI,CAAC,QAAQ,UAAU,OAAO,QAAQ,OAAO,SAAS,YAAY;AAChE,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AAEA,QAAM,UAAU,OAAO,KAAK,SAAS,MAAM;AAC3C,QAAM,aAAgC,MAAM,QAAQ,OAAO,KAAK,CAAC,OAAO,CAAC;AACzE,QAAM,iBAAiB,aAAa,CAAC;AACrC,MAAI,CAAC,gBAAgB;AACnB,UAAM,IAAI,MAAM,uCAAuC;AAAA,EACzD;AAEA,MAAI;AACJ,MAAI,eAAe,WAAW;AAC5B,uBAAmB,eAAe,UAAU,SAAA;AAAA,EAC9C,WAAW,OAAO,QAAQ,OAAO,kBAAkB,YAAY;AAC7D,UAAM,aAAa,MAAM,QAAQ,OAAO,cAAA;AACxC,QAAI,cAAc,OAAO,WAAW,aAAa,YAAY;AAC3D,yBAAmB,WAAW,SAAA;AAAA,IAChC;AAAA,EACF;AAEA,SAAO;AAAA,IACL,WAAW,OAAO,KAAK,eAAe,SAAS,EAAE,SAAS,QAAQ;AAAA,IAClE,eAAe;AAAA,IACf,WAAW;AAAA,EAAA;AAEf;AAEA,eAAsB,sBACpB,QACA,SACkC;AAClC,QAAM,kBAAkB,0BAA0B,QAAQ,OAAO;AACjE,QAAM,UACJ,gBAAgB,SAAS,WACpB,gBAAgB,iBAAiB,gBAAgB,YAClD,gBAAgB;AACtB,QAAM,MAAM,MAAM,OAAO,YAAuB,0BAA0B;AAAA,IACxE,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAC3B,MAAM;AAAA,MACJ,WAAW,QAAQ;AAAA,MACnB;AAAA,IAAA;AAAA,EACF,CACD;AAED,SAAO,OAAO;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAEJ;AAEA,eAAsB,sBACpB,QACA,SAC+B;AAC/B,QAAM,kBAAkB,0BAA0B,QAAQ,OAAO;AACjE,QAAM,UACJ,gBAAgB,SAAS,WACpB,gBAAgB,iBAAiB,gBAAgB,YAClD,gBAAgB;AACtB,QAAM,OAAmB;AAAA,IACvB,aAAa,QAAQ;AAAA,IACrB,WAAW,QAAQ;AAAA,IACnB;AAAA,IACA,WAAW,QAAQ;AAAA,EAAA;AAGrB,MAAI,QAAQ,eAAe;AACzB,SAAK,gBAAgB,QAAQ;AAAA,EAC/B;AACA,MAAI,QAAQ,WAAW;AACrB,SAAK,YAAY,QAAQ;AAAA,EAC3B;AACA,MAAI,OAAO,QAAQ,qBAAqB,UAAU;AAChD,SAAK,mBAAmB,QAAQ;AAAA,EAClC;AAEA,QAAM,MAAM,MAAM,OAAO,YAAuB,uBAAuB;AAAA,IACrE,QAAQ;AAAA,IACR,SAAS,EAAE,gBAAgB,mBAAA;AAAA,IAC3B;AAAA,EAAA,CACD;AAED,QAAM,SAAS,OAAO;AAAA,IACpB;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAGF,SAAO,gBAAgB,OAAO,GAAG;AACjC,SAAO;AACT;AAEA,eAAsB,uBACpB,QACA,SAC+B;AAC/B,QAAM,YAAY,MAAM,OAAO,sBAAsB;AAAA,IACnD,WAAW,QAAQ;AAAA,IACnB,SAAS,QAAQ;AAAA,EAAA,CAClB;AACD,QAAM,SAAS,MAAM,2BAA2B,UAAU,SAAS,OAAO;AAC1E,QAAM,eAAe,MAAM,OAAO,sBAAsB;AAAA,IACtD,aAAa,UAAU;AAAA,IACvB,WAAW,QAAQ;AAAA,IACnB,SAAS,QAAQ;AAAA,IACjB,WAAW,OAAO;AAAA,IAClB,eAAe,OAAO;AAAA,IACtB,WAAW,OAAO;AAAA,IAClB,kBAAkB,QAAQ;AAAA,EAAA,CAC3B;AACD,SAAO;AACT;AAEA,eAAsB,kCACpB,QACA,SAC+B;AAC/B,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,mBAAmB;AAAA,IACnB;AAAA,IACA;AAAA,EAAA,IACE;AAEJ,QAAM,kBAAkB,0BAA0B,OAAO;AACzD,QAAM,cAAc,QAAQ,QAAQ,KAAK,KAAK;AAE9C,QAAM,iBAAiB,gBAAgB;AAEvC,QAAM,cAA2C;AAAA,IAC/C;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EAAA;AAGF,MAAI,MAAM;AACR,gBAAY,OAAO;AAAA,EACrB,WAAW,QAAQ;AACjB,gBAAY,SAAS;AAAA,EACvB,WAAW,kBAAkB;AAC3B,QAAI,gBAAgB,SAAS,YAAY,CAAC,gBAAgB,eAAe;AACvE,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AACA,gBAAY,SAAS,MAAM,4BAA4B;AAAA,MACrD;AAAA,MACA,YAAY;AAAA,MACZ,SAAS,gBAAgB;AAAA,IAAA,CAC1B;AAAA,EACH,WAAW,eAAe;AACxB,QAAI,gBAAgB,SAAS,OAAO;AAClC,YAAM,IAAI;AAAA,QACR;AAAA,MAAA;AAAA,IAEJ;AACA,UAAM,eAAe,cAAc,WAAW,IAAI,IAC7C,gBACA,KAAK,aAAa;AACvB,UAAM,UAAU,MAAM,gBAAgB,YAAY;AAClD,gBAAY,OAAO,OAAM,aAAY;AAAA,MACnC,WAAW,MAAM,QAAQ,YAAY,EAAE,SAAS;AAAA,MAChD,eAAe;AAAA,MACf,WAAW,QAAQ;AAAA,IAAA;AAAA,EAEvB,OAAO;AACL,UAAM,IAAI;AAAA,MACR;AAAA,IAAA;AAAA,EAEJ;AAEA,UAAQ;AAAA,IACN,iCAAiC,SAAS,KAAK,gBAAgB,SAAS,IAAI,WAAW;AAAA,EAAA;AAEzF,QAAM,eAAe,MAAM,OAAO,uBAAuB,WAAW;AACpE,MAAI,kBAAkB;AACpB,WAAO,iBAAiB,gBAAgB,aAAa,SAAS;AAAA,EAChE;AACA,UAAQ;AAAA,IACN,iCAAiC,WAAW,wBAAwB,aAAa,OAAO,MAAM,IAAI,aAAa,OAAO,QAAQ;AAAA,EAAA;AAEhI,SAAO;AACT;"}