@opendatalabs/vana-sdk 0.1.0-alpha.ffe4659 → 2.1.0

package/dist/utils/grantValidation.d.ts

@@ -0,0 +1,226 @@
+/**
+ * Provides comprehensive validation for permission grant files.
+ *
+ * @remarks
+ * This module implements multi-layer validation for grant files including
+ * JSON schema validation, business rule checking, expiration verification,
+ * and access control validation. It provides both throwing and non-throwing
+ * modes for flexible error handling.
+ *
+ * @category Permissions
+ * @module utils/grantValidation
+ */
+import type { Address } from "viem";
+import type { GrantFile } from "../types/permissions";
+/**
+ * Indicates a general grant validation failure.
+ *
+ * @remarks
+ * Base class for all grant validation errors. Provides structured
+ * error details for debugging and recovery.
+ *
+ * @category Permissions
+ */
+export declare class GrantValidationError extends Error {
+    details?: Record<string, unknown> | undefined;
+    constructor(message: string, details?: Record<string, unknown> | undefined);
+}
+/**
+ * Indicates that a grant has expired and is no longer valid.
+ *
+ * @remarks
+ * Thrown when attempting to use a grant past its expiration timestamp.
+ * Includes both the expiration time and current time for debugging.
+ *
+ * @category Permissions
+ */
+export declare class GrantExpiredError extends GrantValidationError {
+    expires: number;
+    currentTime: number;
+    constructor(message: string, expires: number, currentTime: number);
+}
+/**
+ * Indicates that the requesting address doesn't match the grant's grantee.
+ *
+ * @remarks
+ * Thrown when a user attempts to use a grant that was issued to a
+ * different address. This prevents unauthorized use of permissions.
+ *
+ * @category Permissions
+ */
+export declare class GranteeMismatchError extends GrantValidationError {
+    grantee: Address;
+    requestingAddress: Address;
+    constructor(message: string, grantee: Address, requestingAddress: Address);
+}
+/**
+ * Indicates that the requested operation is not allowed by the grant.
+ *
+ * @remarks
+ * Thrown when attempting an operation that differs from what the
+ * grant authorizes. Includes both granted and requested operations.
+ *
+ * @category Permissions
+ */
+export declare class OperationNotAllowedError extends GrantValidationError {
+    grantedOperation: string;
+    requestedOperation: string;
+    constructor(message: string, grantedOperation: string, requestedOperation: string);
+}
+/**
+ * Indicates that the grant file structure violates the JSON schema.
+ *
+ * @remarks
+ * Thrown when a grant file doesn't conform to the expected schema.
+ * Includes detailed schema validation errors and the invalid data.
+ *
+ * @category Permissions
+ */
+export declare class GrantSchemaError extends GrantValidationError {
+    schemaErrors: unknown[];
+    invalidData: unknown;
+    constructor(message: string, schemaErrors: unknown[], invalidData: unknown);
+}
+/**
+ * Configures grant validation behavior and scope.
+ *
+ * @remarks
+ * Controls which validations to perform and how to handle errors.
+ * Allows selective validation of specific aspects of a grant.
+ *
+ * @category Permissions
+ */
+export interface GrantValidationOptions {
+    /** Enable JSON schema validation (default: true) */
+    schema?: boolean;
+    /** Grantee address to validate access for */
+    grantee?: Address;
+    /** Operation to validate permission for */
+    operation?: string;
+    /** Override current time for expiry checking (Unix timestamp) */
+    currentTime?: number;
+    /** Return detailed results instead of throwing (default: false) */
+    throwOnError?: boolean;
+}
+/**
+ * Represents the detailed result of grant validation.
+ *
+ * @remarks
+ * Provides comprehensive validation results including all errors
+ * encountered during validation. Used in non-throwing mode.
+ *
+ * @category Permissions
+ */
+export interface GrantValidationResult {
+    /** Whether validation passed */
+    valid: boolean;
+    /** Validation errors encountered */
+    errors: Array<{
+        type: "schema" | "business";
+        field?: string;
+        message: string;
+        error?: Error;
+    }>;
+    /** The validated grant file (if validation passed) */
+    grant?: GrantFile;
+}
+/**
+ * Validates a grant file with comprehensive schema and business rule checking.
+ *
+ * This function provides flexible validation with TypeScript overloads:
+ * - When `throwOnError` is false (or `{ throwOnError: false }`), returns a detailed validation result
+ * - When `throwOnError` is true (default), throws specific errors or returns the validated grant
+ *
+ * @param data - The grant file data to validate (unknown type for safety)
+ * @param options - Validation options including grantee, operation, files, etc.
+ * @returns Either a GrantFile (when throwing) or GrantValidationResult (when not throwing)
+ * @throws {GrantSchemaError} When the grant file structure is invalid
+ * @throws {GrantExpiredError} When the grant has expired
+ * @throws {GranteeMismatchError} When the grantee doesn't match the requesting address
+ * @throws {OperationNotAllowedError} When the requested operation is not allowed
+ * @example
+ * ```typescript
+ * // Throwing mode (default) - returns GrantFile or throws
+ * const grant = validateGrant(data, {
+ *   grantee: '0x123...',
+ *   operation: 'llm_inference',
+ * });
+ *
+ * // Non-throwing mode - returns validation result
+ * const result = validateGrant(data, {
+ *   grantee: '0x123...',
+ *   throwOnError: false
+ * });
+ * if (result.valid) {
+ *   console.log('Grant is valid:', result.grant);
+ * } else {
+ *   console.log('Validation errors:', result.errors);
+ * }
+ * ```
+ */
+export declare function validateGrant(data: unknown, options: GrantValidationOptions & {
+    throwOnError: false;
+}): GrantValidationResult;
+export declare function validateGrant(data: unknown, options?: Omit<GrantValidationOptions, "throwOnError"> | (GrantValidationOptions & {
+    throwOnError?: true;
+})): GrantFile;
+/**
+ * Validates that a grant allows access for the requesting address.
+ *
+ * @param grantFile - The grant file to validate.
+ *   Obtain from permission operations or server responses.
+ * @param requestingAddress - The address requesting access.
+ *   Typically the current wallet address.
+ *
+ * @throws {GranteeMismatchError} If addresses don't match.
+ *   Ensure using the correct wallet that received the grant.
+ *
+ * @example
+ * ```typescript
+ * validateGranteeAccess(grantFile, walletAddress);
+ * // Throws if walletAddress doesn't match grantFile.grantee
+ * ```
+ *
+ * @category Permissions
+ */
+export declare function validateGranteeAccess(grantFile: GrantFile, requestingAddress: Address): void;
+/**
+ * Validates that a grant has not expired.
+ *
+ * @param grantFile - The grant file to check.
+ *   Must include expiry timestamp if time-limited.
+ * @param currentTime - Optional time override for testing.
+ *   Unix timestamp in seconds. Defaults to current time.
+ *
+ * @throws {GrantExpiredError} If grant has expired.
+ *   Request a new grant from the data owner.
+ *
+ * @example
+ * ```typescript
+ * validateGrantExpiry(grantFile);
+ * // Throws if current time > grantFile.expires
+ * ```
+ *
+ * @category Permissions
+ */
+export declare function validateGrantExpiry(grantFile: GrantFile, currentTime?: number): void;
+/**
+ * Validates that a grant authorizes the requested operation.
+ *
+ * @param grantFile - The grant file to check.
+ *   Contains the authorized operation.
+ * @param requestedOperation - The operation to validate.
+ *   Must match the grant's operation exactly.
+ *
+ * @throws {OperationNotAllowedError} If operations don't match.
+ *   Request a grant for the specific operation needed.
+ *
+ * @example
+ * ```typescript
+ * validateOperationAccess(grantFile, 'llm_inference');
+ * // Throws if grantFile.operation !== 'llm_inference'
+ * ```
+ *
+ * @category Permissions
+ */
+export declare function validateOperationAccess(grantFile: GrantFile, requestedOperation: string): void;

package/dist/utils/grantValidation.js

@@ -0,0 +1,201 @@
+import { getAddress } from "viem";
+import Ajv from "ajv";
+import addFormats from "ajv-formats";
+import grantFileSchema from "../schemas/grantFile.schema.json";
+class GrantValidationError extends Error {
+  constructor(message, details) {
+    super(message);
+    this.details = details;
+    this.name = "GrantValidationError";
+  }
+}
+class GrantExpiredError extends GrantValidationError {
+  constructor(message, expires, currentTime) {
+    super(message, { expires, currentTime });
+    this.expires = expires;
+    this.currentTime = currentTime;
+    this.name = "GrantExpiredError";
+  }
+}
+class GranteeMismatchError extends GrantValidationError {
+  constructor(message, grantee, requestingAddress) {
+    super(message, { grantee, requestingAddress });
+    this.grantee = grantee;
+    this.requestingAddress = requestingAddress;
+    this.name = "GranteeMismatchError";
+  }
+}
+class OperationNotAllowedError extends GrantValidationError {
+  constructor(message, grantedOperation, requestedOperation) {
+    super(message, { grantedOperation, requestedOperation });
+    this.grantedOperation = grantedOperation;
+    this.requestedOperation = requestedOperation;
+    this.name = "OperationNotAllowedError";
+  }
+}
+class GrantSchemaError extends GrantValidationError {
+  constructor(message, schemaErrors, invalidData) {
+    super(message, { errors: schemaErrors, data: invalidData });
+    this.schemaErrors = schemaErrors;
+    this.invalidData = invalidData;
+    this.name = "GrantSchemaError";
+  }
+}
+const ajv = new Ajv({
+  strict: true,
+  removeAdditional: false,
+  useDefaults: false,
+  coerceTypes: false
+});
+addFormats(ajv);
+const validateGrantFileSchema = ajv.compile(grantFileSchema);
+function validateGrant(data, options = {}) {
+  const {
+    schema = true,
+    grantee,
+    operation,
+    currentTime,
+    throwOnError = true
+  } = options;
+  const errors = [];
+  let grant;
+  if (schema) {
+    try {
+      if (validateGrantFileSchema(data)) {
+        grant = data;
+      } else {
+        throw new GrantValidationError("Invalid grant file schema");
+      }
+    } catch (error) {
+      if (error instanceof GrantValidationError) {
+        const schemaError = new GrantSchemaError(
+          error.message,
+          Array.isArray(error.details?.errors) ? error.details.errors : [],
+          data
+        );
+        errors.push({
+          type: "schema",
+          message: error.message,
+          error: schemaError
+        });
+      } else {
+        errors.push({
+          type: "schema",
+          message: `Schema validation failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+          error: error instanceof Error ? error : new Error("Unknown error")
+        });
+      }
+    }
+  } else {
+    grant = data;
+  }
+  if (grant) {
+    if (grantee) {
+      try {
+        validateGranteeAccess(grant, grantee);
+      } catch (error) {
+        const field = extractFieldFromBusinessError(error);
+        errors.push({
+          type: "business",
+          field,
+          message: error instanceof Error ? error.message : "Unknown business rule error",
+          error: error instanceof Error ? error : new Error("Unknown error")
+        });
+      }
+    }
+    try {
+      validateGrantExpiry(grant, currentTime);
+    } catch (error) {
+      const field = extractFieldFromBusinessError(error);
+      errors.push({
+        type: "business",
+        field,
+        message: error instanceof Error ? error.message : "Unknown business rule error",
+        error: error instanceof Error ? error : new Error("Unknown error")
+      });
+    }
+    if (operation) {
+      try {
+        validateOperationAccess(grant, operation);
+      } catch (error) {
+        const field = extractFieldFromBusinessError(error);
+        errors.push({
+          type: "business",
+          field,
+          message: error instanceof Error ? error.message : "Unknown business rule error",
+          error: error instanceof Error ? error : new Error("Unknown error")
+        });
+      }
+    }
+  }
+  if (errors.length > 0) {
+    if (throwOnError) {
+      const firstError = errors[0];
+      if (firstError.error) {
+        throw firstError.error;
+      } else {
+        const combinedMessage = errors.map((e) => e.message).join("; ");
+        throw new GrantValidationError(
+          `Grant validation failed: ${combinedMessage}`,
+          { errors, data }
+        );
+      }
+    }
+    return { valid: false, errors, grant };
+  }
+  if (throwOnError) {
+    return grant;
+  } else {
+    return { valid: true, errors: [], grant };
+  }
+}
+function extractFieldFromBusinessError(error) {
+  if (error instanceof GrantExpiredError) return "expires";
+  if (error instanceof GranteeMismatchError) return "grantee";
+  if (error instanceof OperationNotAllowedError) return "operation";
+  return void 0;
+}
+function validateGranteeAccess(grantFile, requestingAddress) {
+  const normalizedGrantee = getAddress(grantFile.grantee);
+  const normalizedRequesting = getAddress(requestingAddress);
+  if (normalizedGrantee !== normalizedRequesting) {
+    throw new GranteeMismatchError(
+      "Permission denied: requesting address does not match grantee",
+      grantFile.grantee,
+      requestingAddress
+    );
+  }
+}
+function validateGrantExpiry(grantFile, currentTime) {
+  if (grantFile.expires) {
+    const now = currentTime !== void 0 ? currentTime : Math.floor(Date.now() / 1e3);
+    if (now > grantFile.expires) {
+      throw new GrantExpiredError(
+        "Permission denied: grant has expired",
+        grantFile.expires,
+        now
+      );
+    }
+  }
+}
+function validateOperationAccess(grantFile, requestedOperation) {
+  if (grantFile.operation !== requestedOperation) {
+    throw new OperationNotAllowedError(
+      "Permission denied: operation not allowed by grant",
+      grantFile.operation,
+      requestedOperation
+    );
+  }
+}
+export {
+  GrantExpiredError,
+  GrantSchemaError,
+  GrantValidationError,
+  GranteeMismatchError,
+  OperationNotAllowedError,
+  validateGrant,
+  validateGrantExpiry,
+  validateGranteeAccess,
+  validateOperationAccess
+};
+//# sourceMappingURL=grantValidation.js.map

package/dist/utils/grantValidation.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/grantValidation.ts"],"sourcesContent":["/**\n * Provides comprehensive validation for permission grant files.\n *\n * @remarks\n * This module implements multi-layer validation for grant files including\n * JSON schema validation, business rule checking, expiration verification,\n * and access control validation. It provides both throwing and non-throwing\n * modes for flexible error handling.\n *\n * @category Permissions\n * @module utils/grantValidation\n */\n\nimport type { Address } from \"viem\";\nimport { getAddress } from \"viem\";\nimport Ajv, { type ValidateFunction } from \"ajv\";\nimport addFormats from \"ajv-formats\";\nimport type { GrantFile } from \"../types/permissions\";\nimport grantFileSchema from \"../schemas/grantFile.schema.json\";\n\n/**\n * Indicates a general grant validation failure.\n *\n * @remarks\n * Base class for all grant validation errors. Provides structured\n * error details for debugging and recovery.\n *\n * @category Permissions\n */\nexport class GrantValidationError extends Error {\n  constructor(\n    message: string,\n    public details?: Record<string, unknown>,\n  ) {\n    super(message);\n    this.name = \"GrantValidationError\";\n  }\n}\n\n/**\n * Indicates that a grant has expired and is no longer valid.\n *\n * @remarks\n * Thrown when attempting to use a grant past its expiration timestamp.\n * Includes both the expiration time and current time for debugging.\n *\n * @category Permissions\n */\nexport class GrantExpiredError extends GrantValidationError {\n  constructor(\n    message: string,\n    public expires: number,\n    public currentTime: number,\n  ) {\n    super(message, { expires, currentTime });\n    this.name = \"GrantExpiredError\";\n  }\n}\n\n/**\n * Indicates that the requesting address doesn't match the grant's grantee.\n *\n * @remarks\n * Thrown when a user attempts to use a grant that was issued to a\n * different address. This prevents unauthorized use of permissions.\n *\n * @category Permissions\n */\nexport class GranteeMismatchError extends GrantValidationError {\n  constructor(\n    message: string,\n    public grantee: Address,\n    public requestingAddress: Address,\n  ) {\n    super(message, { grantee, requestingAddress });\n    this.name = \"GranteeMismatchError\";\n  }\n}\n\n/**\n * Indicates that the requested operation is not allowed by the grant.\n *\n * @remarks\n * Thrown when attempting an operation that differs from what the\n * grant authorizes. Includes both granted and requested operations.\n *\n * @category Permissions\n */\nexport class OperationNotAllowedError extends GrantValidationError {\n  constructor(\n    message: string,\n    public grantedOperation: string,\n    public requestedOperation: string,\n  ) {\n    super(message, { grantedOperation, requestedOperation });\n    this.name = \"OperationNotAllowedError\";\n  }\n}\n\n/**\n * Indicates that the grant file structure violates the JSON schema.\n *\n * @remarks\n * Thrown when a grant file doesn't conform to the expected schema.\n * Includes detailed schema validation errors and the invalid data.\n *\n * @category Permissions\n */\nexport class GrantSchemaError extends GrantValidationError {\n  constructor(\n    message: string,\n    public schemaErrors: unknown[],\n    public invalidData: unknown,\n  ) {\n    super(message, { errors: schemaErrors, data: invalidData });\n    this.name = \"GrantSchemaError\";\n  }\n}\n\n/**\n * Ajv instance configured for strict grant file validation.\n *\n * @internal\n */\nconst ajv = new Ajv({\n  strict: true,\n  removeAdditional: false,\n  useDefaults: false,\n  coerceTypes: false,\n});\n\n// Add format validators (email, date, etc.)\naddFormats(ajv);\n\n/**\n * Pre-compiled grant file schema validator for performance.\n *\n * @internal\n */\nconst validateGrantFileSchema: ValidateFunction = ajv.compile(grantFileSchema);\n\n/**\n * Configures grant validation behavior and scope.\n *\n * @remarks\n * Controls which validations to perform and how to handle errors.\n * Allows selective validation of specific aspects of a grant.\n *\n * @category Permissions\n */\nexport interface GrantValidationOptions {\n  /** Enable JSON schema validation (default: true) */\n  schema?: boolean;\n  /** Grantee address to validate access for */\n  grantee?: Address;\n  /** Operation to validate permission for */\n  operation?: string;\n  /** Override current time for expiry checking (Unix timestamp) */\n  currentTime?: number;\n  /** Return detailed results instead of throwing (default: false) */\n  throwOnError?: boolean;\n}\n\n/**\n * Represents the detailed result of grant validation.\n *\n * @remarks\n * Provides comprehensive validation results including all errors\n * encountered during validation. Used in non-throwing mode.\n *\n * @category Permissions\n */\nexport interface GrantValidationResult {\n  /** Whether validation passed */\n  valid: boolean;\n  /** Validation errors encountered */\n  errors: Array<{\n    type: \"schema\" | \"business\";\n    field?: string;\n    message: string;\n    error?: Error;\n  }>;\n  /** The validated grant file (if validation passed) */\n  grant?: GrantFile;\n}\n\n/**\n * Validates a grant file with comprehensive schema and business rule checking.\n *\n * This function provides flexible validation with TypeScript overloads:\n * - When `throwOnError` is false (or `{ throwOnError: false }`), returns a detailed validation result\n * - When `throwOnError` is true (default), throws specific errors or returns the validated grant\n *\n * @param data - The grant file data to validate (unknown type for safety)\n * @param options - Validation options including grantee, operation, files, etc.\n * @returns Either a GrantFile (when throwing) or GrantValidationResult (when not throwing)\n * @throws {GrantSchemaError} When the grant file structure is invalid\n * @throws {GrantExpiredError} When the grant has expired\n * @throws {GranteeMismatchError} When the grantee doesn't match the requesting address\n * @throws {OperationNotAllowedError} When the requested operation is not allowed\n * @example\n * ```typescript\n * // Throwing mode (default) - returns GrantFile or throws\n * const grant = validateGrant(data, {\n *   grantee: '0x123...',\n *   operation: 'llm_inference',\n * });\n *\n * // Non-throwing mode - returns validation result\n * const result = validateGrant(data, {\n *   grantee: '0x123...',\n *   throwOnError: false\n * });\n * if (result.valid) {\n *   console.log('Grant is valid:', result.grant);\n * } else {\n *   console.log('Validation errors:', result.errors);\n * }\n * ```\n */\n\nexport function validateGrant(\n  data: unknown,\n  options: GrantValidationOptions & { throwOnError: false },\n): GrantValidationResult;\n\nexport function validateGrant(\n  data: unknown,\n  options?:\n    | Omit<GrantValidationOptions, \"throwOnError\">\n    | (GrantValidationOptions & { throwOnError?: true }),\n): GrantFile;\n\n/** @internal */\nexport function validateGrant(\n  data: unknown,\n  options: GrantValidationOptions = {},\n): GrantFile | GrantValidationResult {\n  const {\n    schema = true,\n    grantee,\n    operation,\n    currentTime,\n    throwOnError = true,\n  } = options;\n\n  const errors: GrantValidationResult[\"errors\"] = [];\n  let grant: GrantFile | undefined;\n\n  // 1. Schema Validation\n  if (schema) {\n    try {\n      if (validateGrantFileSchema(data)) {\n        grant = data as GrantFile;\n      } else {\n        throw new GrantValidationError(\"Invalid grant file schema\");\n      }\n    } catch (error) {\n      if (error instanceof GrantValidationError) {\n        const schemaError = new GrantSchemaError(\n          error.message,\n          Array.isArray(error.details?.errors) ? error.details.errors : [],\n          data,\n        );\n        errors.push({\n          type: \"schema\",\n          message: error.message,\n          error: schemaError,\n        });\n      } else {\n        errors.push({\n          type: \"schema\",\n          message: `Schema validation failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n          error: error instanceof Error ? error : new Error(\"Unknown error\"),\n        });\n      }\n    }\n  } else {\n    // Minimal type assertion if schema validation is skipped\n    grant = data as GrantFile;\n  }\n\n  // 2. Business Logic Validation (only if we have a valid grant)\n  if (grant) {\n    // Check grantee access\n    if (grantee) {\n      try {\n        validateGranteeAccess(grant, grantee);\n      } catch (error) {\n        const field = extractFieldFromBusinessError(error);\n        errors.push({\n          type: \"business\",\n          field,\n          message:\n            error instanceof Error\n              ? error.message\n              : \"Unknown business rule error\",\n          error: error instanceof Error ? error : new Error(\"Unknown error\"),\n        });\n      }\n    }\n\n    // Check expiration\n    try {\n      validateGrantExpiry(grant, currentTime);\n    } catch (error) {\n      const field = extractFieldFromBusinessError(error);\n      errors.push({\n        type: \"business\",\n        field,\n        message:\n          error instanceof Error\n            ? error.message\n            : \"Unknown business rule error\",\n        error: error instanceof Error ? error : new Error(\"Unknown error\"),\n      });\n    }\n\n    // Check operation access\n    if (operation) {\n      try {\n        validateOperationAccess(grant, operation);\n      } catch (error) {\n        const field = extractFieldFromBusinessError(error);\n        errors.push({\n          type: \"business\",\n          field,\n          message:\n            error instanceof Error\n              ? error.message\n              : \"Unknown business rule error\",\n          error: error instanceof Error ? error : new Error(\"Unknown error\"),\n        });\n      }\n    }\n  }\n\n  // 3. Return Results\n  if (errors.length > 0) {\n    if (throwOnError) {\n      // Throw the most specific error we have\n      const firstError = errors[0];\n      if (firstError.error) {\n        throw firstError.error;\n      } else {\n        const combinedMessage = errors.map((e) => e.message).join(\"; \");\n        throw new GrantValidationError(\n          `Grant validation failed: ${combinedMessage}`,\n          { errors, data },\n        );\n      }\n    }\n\n    return { valid: false, errors, grant };\n  }\n\n  if (throwOnError) {\n    return grant as GrantFile;\n  } else {\n    return { valid: true, errors: [], grant: grant as GrantFile };\n  }\n}\n\n/**\n * Extracts the field name from business validation errors for reporting.\n *\n * @param error - The validation error to analyze\n * @returns The field name associated with the error, or undefined\n *\n * @internal\n */\nfunction extractFieldFromBusinessError(error: unknown): string | undefined {\n  if (error instanceof GrantExpiredError) return \"expires\";\n  if (error instanceof GranteeMismatchError) return \"grantee\";\n  if (error instanceof OperationNotAllowedError) return \"operation\";\n  return undefined;\n}\n\n/**\n * Validates that a grant allows access for the requesting address.\n *\n * @param grantFile - The grant file to validate.\n *   Obtain from permission operations or server responses.\n * @param requestingAddress - The address requesting access.\n *   Typically the current wallet address.\n *\n * @throws {GranteeMismatchError} If addresses don't match.\n *   Ensure using the correct wallet that received the grant.\n *\n * @example\n * ```typescript\n * validateGranteeAccess(grantFile, walletAddress);\n * // Throws if walletAddress doesn't match grantFile.grantee\n * ```\n *\n * @category Permissions\n */\nexport function validateGranteeAccess(\n  grantFile: GrantFile,\n  requestingAddress: Address,\n): void {\n  const normalizedGrantee = getAddress(grantFile.grantee);\n  const normalizedRequesting = getAddress(requestingAddress);\n\n  if (normalizedGrantee !== normalizedRequesting) {\n    throw new GranteeMismatchError(\n      \"Permission denied: requesting address does not match grantee\",\n      grantFile.grantee,\n      requestingAddress,\n    );\n  }\n}\n\n/**\n * Validates that a grant has not expired.\n *\n * @param grantFile - The grant file to check.\n *   Must include expiry timestamp if time-limited.\n * @param currentTime - Optional time override for testing.\n *   Unix timestamp in seconds. Defaults to current time.\n *\n * @throws {GrantExpiredError} If grant has expired.\n *   Request a new grant from the data owner.\n *\n * @example\n * ```typescript\n * validateGrantExpiry(grantFile);\n * // Throws if current time > grantFile.expires\n * ```\n *\n * @category Permissions\n */\nexport function validateGrantExpiry(\n  grantFile: GrantFile,\n  currentTime?: number,\n): void {\n  if (grantFile.expires) {\n    const now =\n      currentTime !== undefined ? currentTime : Math.floor(Date.now() / 1000); // Current Unix timestamp\n\n    if (now > grantFile.expires) {\n      throw new GrantExpiredError(\n        \"Permission denied: grant has expired\",\n        grantFile.expires,\n        now,\n      );\n    }\n  }\n}\n\n/**\n * Validates that a grant authorizes the requested operation.\n *\n * @param grantFile - The grant file to check.\n *   Contains the authorized operation.\n * @param requestedOperation - The operation to validate.\n *   Must match the grant's operation exactly.\n *\n * @throws {OperationNotAllowedError} If operations don't match.\n *   Request a grant for the specific operation needed.\n *\n * @example\n * ```typescript\n * validateOperationAccess(grantFile, 'llm_inference');\n * // Throws if grantFile.operation !== 'llm_inference'\n * ```\n *\n * @category Permissions\n */\nexport function validateOperationAccess(\n  grantFile: GrantFile,\n  requestedOperation: string,\n): void {\n  if (grantFile.operation !== requestedOperation) {\n    throw new OperationNotAllowedError(\n      \"Permission denied: operation not allowed by grant\",\n      grantFile.operation,\n      requestedOperation,\n    );\n  }\n}\n"],"mappings":"AAcA,SAAS,kBAAkB;AAC3B,OAAO,SAAoC;AAC3C,OAAO,gBAAgB;AAEvB,OAAO,qBAAqB;AAWrB,MAAM,6BAA6B,MAAM;AAAA,EAC9C,YACE,SACO,SACP;AACA,UAAM,OAAO;AAFN;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAWO,MAAM,0BAA0B,qBAAqB;AAAA,EAC1D,YACE,SACO,SACA,aACP;AACA,UAAM,SAAS,EAAE,SAAS,YAAY,CAAC;AAHhC;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAWO,MAAM,6BAA6B,qBAAqB;AAAA,EAC7D,YACE,SACO,SACA,mBACP;AACA,UAAM,SAAS,EAAE,SAAS,kBAAkB,CAAC;AAHtC;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAWO,MAAM,iCAAiC,qBAAqB;AAAA,EACjE,YACE,SACO,kBACA,oBACP;AACA,UAAM,SAAS,EAAE,kBAAkB,mBAAmB,CAAC;AAHhD;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAWO,MAAM,yBAAyB,qBAAqB;AAAA,EACzD,YACE,SACO,cACA,aACP;AACA,UAAM,SAAS,EAAE,QAAQ,cAAc,MAAM,YAAY,CAAC;AAHnD;AACA;AAGP,SAAK,OAAO;AAAA,EACd;AACF;AAOA,MAAM,MAAM,IAAI,IAAI;AAAA,EAClB,QAAQ;AAAA,EACR,kBAAkB;AAAA,EAClB,aAAa;AAAA,EACb,aAAa;AACf,CAAC;AAGD,WAAW,GAAG;AAOd,MAAM,0BAA4C,IAAI,QAAQ,eAAe;AA+FtE,SAAS,cACd,MACA,UAAkC,CAAC,GACA;AACnC,QAAM;AAAA,IACJ,SAAS;AAAA,IACT;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe;AAAA,EACjB,IAAI;AAEJ,QAAM,SAA0C,CAAC;AACjD,MAAI;AAGJ,MAAI,QAAQ;AACV,QAAI;AACF,UAAI,wBAAwB,IAAI,GAAG;AACjC,gBAAQ;AAAA,MACV,OAAO;AACL,cAAM,IAAI,qBAAqB,2BAA2B;AAAA,MAC5D;AAAA,IACF,SAAS,OAAO;AACd,UAAI,iBAAiB,sBAAsB;AACzC,cAAM,cAAc,IAAI;AAAA,UACtB,MAAM;AAAA,UACN,MAAM,QAAQ,MAAM,SAAS,MAAM,IAAI,MAAM,QAAQ,SAAS,CAAC;AAAA,UAC/D;AAAA,QACF;AACA,eAAO,KAAK;AAAA,UACV,MAAM;AAAA,UACN,SAAS,MAAM;AAAA,UACf,OAAO;AAAA,QACT,CAAC;AAAA,MACH,OAAO;AACL,eAAO,KAAK;AAAA,UACV,MAAM;AAAA,UACN,SAAS,6BAA6B,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,UAC9F,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,eAAe;AAAA,QACnE,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF,OAAO;AAEL,YAAQ;AAAA,EACV;AAGA,MAAI,OAAO;AAET,QAAI,SAAS;AACX,UAAI;AACF,8BAAsB,OAAO,OAAO;AAAA,MACtC,SAAS,OAAO;AACd,cAAM,QAAQ,8BAA8B,KAAK;AACjD,eAAO,KAAK;AAAA,UACV,MAAM;AAAA,UACN;AAAA,UACA,SACE,iBAAiB,QACb,MAAM,UACN;AAAA,UACN,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,eAAe;AAAA,QACnE,CAAC;AAAA,MACH;AAAA,IACF;AAGA,QAAI;AACF,0BAAoB,OAAO,WAAW;AAAA,IACxC,SAAS,OAAO;AACd,YAAM,QAAQ,8BAA8B,KAAK;AACjD,aAAO,KAAK;AAAA,QACV,MAAM;AAAA,QACN;AAAA,QACA,SACE,iBAAiB,QACb,MAAM,UACN;AAAA,QACN,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,eAAe;AAAA,MACnE,CAAC;AAAA,IACH;AAGA,QAAI,WAAW;AACb,UAAI;AACF,gCAAwB,OAAO,SAAS;AAAA,MAC1C,SAAS,OAAO;AACd,cAAM,QAAQ,8BAA8B,KAAK;AACjD,eAAO,KAAK;AAAA,UACV,MAAM;AAAA,UACN;AAAA,UACA,SACE,iBAAiB,QACb,MAAM,UACN;AAAA,UACN,OAAO,iBAAiB,QAAQ,QAAQ,IAAI,MAAM,eAAe;AAAA,QACnE,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAGA,MAAI,OAAO,SAAS,GAAG;AACrB,QAAI,cAAc;AAEhB,YAAM,aAAa,OAAO,CAAC;AAC3B,UAAI,WAAW,OAAO;AACpB,cAAM,WAAW;AAAA,MACnB,OAAO;AACL,cAAM,kBAAkB,OAAO,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,IAAI;AAC9D,cAAM,IAAI;AAAA,UACR,4BAA4B,eAAe;AAAA,UAC3C,EAAE,QAAQ,KAAK;AAAA,QACjB;AAAA,MACF;AAAA,IACF;AAEA,WAAO,EAAE,OAAO,OAAO,QAAQ,MAAM;AAAA,EACvC;AAEA,MAAI,cAAc;AAChB,WAAO;AAAA,EACT,OAAO;AACL,WAAO,EAAE,OAAO,MAAM,QAAQ,CAAC,GAAG,MAA0B;AAAA,EAC9D;AACF;AAUA,SAAS,8BAA8B,OAAoC;AACzE,MAAI,iBAAiB,kBAAmB,QAAO;AAC/C,MAAI,iBAAiB,qBAAsB,QAAO;AAClD,MAAI,iBAAiB,yBAA0B,QAAO;AACtD,SAAO;AACT;AAqBO,SAAS,sBACd,WACA,mBACM;AACN,QAAM,oBAAoB,WAAW,UAAU,OAAO;AACtD,QAAM,uBAAuB,WAAW,iBAAiB;AAEzD,MAAI,sBAAsB,sBAAsB;AAC9C,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV;AAAA,IACF;AAAA,EACF;AACF;AAqBO,SAAS,oBACd,WACA,aACM;AACN,MAAI,UAAU,SAAS;AACrB,UAAM,MACJ,gBAAgB,SAAY,cAAc,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAExE,QAAI,MAAM,UAAU,SAAS;AAC3B,YAAM,IAAI;AAAA,QACR;AAAA,QACA,UAAU;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;AAqBO,SAAS,wBACd,WACA,oBACM;AACN,MAAI,UAAU,cAAc,oBAAoB;AAC9C,UAAM,IAAI;AAAA,MACR;AAAA,MACA,UAAU;AAAA,MACV;AAAA,IACF;AAAA,EACF;AACF;","names":[]}

package/dist/utils/grants.cjs

@@ -0,0 +1,108 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var grants_exports = {};
+__export(grants_exports, {
+  checkGrantAccess: () => checkGrantAccess,
+  createAndStoreGrant: () => createAndStoreGrant,
+  createValidatedGrant: () => createValidatedGrant,
+  getGrantTimeRemaining: () => getGrantTimeRemaining,
+  isGrantExpired: () => isGrantExpired,
+  retrieveAndValidateGrant: () => retrieveAndValidateGrant,
+  summarizeGrant: () => summarizeGrant
+});
+module.exports = __toCommonJS(grants_exports);
+var import_grantFiles = require("./grantFiles");
+var import_grantValidation = require("./grantValidation");
+function createValidatedGrant(params) {
+  const grantFile = (0, import_grantFiles.createGrantFile)(params);
+  try {
+    (0, import_grantValidation.validateGrant)(grantFile, {
+      schema: true,
+      grantee: params.grantee,
+      operation: params.operation
+    });
+  } catch (error) {
+    throw new import_grantValidation.GrantValidationError(
+      `Created grant file failed validation: ${error instanceof Error ? error.message : "Unknown error"}`,
+      { grantFile, params }
+    );
+  }
+  return grantFile;
+}
+async function createAndStoreGrant(params, relayerUrl) {
+  const grantFile = createValidatedGrant(params);
+  const grantUrl = await (0, import_grantFiles.storeGrantFile)(grantFile, relayerUrl);
+  return { grantFile, grantUrl };
+}
+async function retrieveAndValidateGrant(grantUrl, relayerUrl) {
+  const grantFile = await (0, import_grantFiles.retrieveGrantFile)(grantUrl, relayerUrl);
+  return grantFile;
+}
+async function checkGrantAccess(grantUrl, requestingAddress, operation, _fileIds, relayerUrl) {
+  try {
+    const grantFile = await retrieveAndValidateGrant(grantUrl, relayerUrl);
+    (0, import_grantValidation.validateGrant)(grantFile, {
+      schema: true,
+      grantee: requestingAddress,
+      operation
+    });
+    return { allowed: true, grantFile };
+  } catch (error) {
+    if (error instanceof import_grantValidation.GrantValidationError) {
+      return {
+        allowed: false,
+        reason: error.message
+      };
+    }
+    return {
+      allowed: false,
+      reason: `Grant access check failed: ${error instanceof Error ? error.message : "Unknown error"}`
+    };
+  }
+}
+function isGrantExpired(grantFile) {
+  if (!grantFile.expires) {
+    return false;
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  return now > grantFile.expires;
+}
+function getGrantTimeRemaining(grantFile) {
+  if (!grantFile.expires) {
+    return null;
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  const remaining = grantFile.expires - now;
+  return Math.max(0, remaining);
+}
+function summarizeGrant(grantFile) {
+  const expiration = grantFile.expires ? new Date(grantFile.expires * 1e3).toISOString() : "No expiration";
+  return `Grant for ${grantFile.grantee} to perform "${grantFile.operation}" (expires: ${expiration})`;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  checkGrantAccess,
+  createAndStoreGrant,
+  createValidatedGrant,
+  getGrantTimeRemaining,
+  isGrantExpired,
+  retrieveAndValidateGrant,
+  summarizeGrant
+});
+//# sourceMappingURL=grants.cjs.map

package/dist/utils/grants.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/grants.ts"],"sourcesContent":["/**\n * Provides high-level grant management utilities for the Vana permission system.\n *\n * @remarks\n * This module simplifies grant file creation, validation, storage, and retrieval.\n * Grants are the core mechanism for permission management in Vana, allowing users\n * to delegate specific operations to applications and services.\n *\n * @category Permissions\n * @module grants\n */\n\nimport type { Address } from \"viem\";\nimport type { GrantFile, GrantPermissionParams } from \"../types/permissions\";\nimport {\n  createGrantFile,\n  storeGrantFile,\n  retrieveGrantFile,\n} from \"./grantFiles\";\nimport { validateGrant, GrantValidationError } from \"./grantValidation\";\n\n/**\n * Creates and validates a grant file from permission parameters.\n *\n * @remarks\n * Combines grant creation with immediate validation to ensure only valid\n * grants are created. Validates schema compliance, grantee address, and\n * operation parameters before returning the grant file.\n *\n * @param params - The permission parameters to create and validate the grant from.\n *   Obtain from user input or application configuration.\n * @returns The validated grant file object ready for storage\n *\n * @throws {GrantValidationError} When grant parameters are invalid.\n *   Check error message for specific validation failures.\n *\n * @example\n * ```typescript\n * const grant = createValidatedGrant({\n *   grantee: '0x742d35Cc6634C0532925a3b844Bc9e7595f0b0Bb',\n *   operation: 'llm_inference',\n *   parameters: { model: 'gpt-4', maxTokens: 1000 },\n *   expiresAt: Date.now() + 86400000 // 24 hours\n * });\n * ```\n *\n * @category Permissions\n */\nexport function createValidatedGrant(params: GrantPermissionParams): GrantFile {\n  const grantFile = createGrantFile(params);\n\n  // Validate the created grant file\n  try {\n    validateGrant(grantFile, {\n      schema: true,\n      grantee: params.grantee,\n      operation: params.operation,\n    });\n  } catch (error) {\n    throw new GrantValidationError(\n      `Created grant file failed validation: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n      { grantFile, params },\n    );\n  }\n\n  return grantFile;\n}\n\n/**\n * Creates a grant file and stores it in IPFS.\n *\n * @remarks\n * Combines grant creation, validation, and IPFS storage in a single operation.\n * The grant is stored immutably on IPFS and can be referenced by its URL in\n * on-chain permission records.\n *\n * @param params - The permission parameters to create the grant from.\n *   Obtain from user input or application configuration.\n * @param relayerUrl - The URL of the relayer service for IPFS storage.\n *   Obtain from SDK configuration or environment.\n * @returns Promise resolving to an object containing the grant file and its IPFS URL\n *\n * @throws {GrantValidationError} When grant parameters are invalid.\n *   Check error message for specific validation failures.\n * @throws {Error} When IPFS storage fails.\n *   Retry with exponential backoff or check relayer status.\n *\n * @example\n * ```typescript\n * const { grantFile, grantUrl } = await createAndStoreGrant(\n *   {\n *     grantee: applicationAddress,\n *     operation: 'data_processing',\n *     parameters: { dataTypes: ['medical', 'financial'] }\n *   },\n *   'https://relayer.vana.org'\n * );\n *\n * console.log('Grant stored at:', grantUrl);\n * ```\n *\n * @category Permissions\n */\nexport async function createAndStoreGrant(\n  params: GrantPermissionParams,\n  relayerUrl: string,\n): Promise<{ grantFile: GrantFile; grantUrl: string }> {\n  const grantFile = createValidatedGrant(params);\n  const grantUrl = await storeGrantFile(grantFile, relayerUrl);\n\n  return { grantFile, grantUrl };\n}\n\n/**\n * Retrieves and validates a grant file from IPFS.\n *\n * @remarks\n * Fetches a grant file from IPFS and performs basic validation to ensure\n * the retrieved data is a valid grant structure. Use this when you need to\n * verify or process existing grants.\n *\n * @param grantUrl - The IPFS URL of the grant file to retrieve.\n *   Obtain from on-chain permission records or grant events.\n * @param relayerUrl - Optional URL of the relayer service.\n *   If not provided, uses default IPFS gateways.\n * @returns Promise resolving to the validated grant file\n *\n * @throws {Error} When grant retrieval fails.\n *   Check network connectivity or IPFS gateway availability.\n * @throws {Error} When grant file is malformed.\n *   Verify the grant URL points to a valid grant file.\n *\n * @example\n * ```typescript\n * const grant = await retrieveAndValidateGrant(\n *   'ipfs://QmXxx...'\n * );\n *\n * console.log('Grant for:', grant.grantee);\n * console.log('Operation:', grant.operation);\n * ```\n *\n * @category Permissions\n */\nexport async function retrieveAndValidateGrant(\n  grantUrl: string,\n  relayerUrl?: string,\n): Promise<GrantFile> {\n  const grantFile = await retrieveGrantFile(grantUrl, relayerUrl);\n\n  // Additional validation can be added here if needed\n  return grantFile;\n}\n\n/**\n * Checks if a grant allows access for a specific request\n *\n * @param grantUrl - The IPFS URL of the grant file to check\n * @param requestingAddress - The address making the access request\n * @param operation - The operation being requested\n * @param _fileIds - Array of file IDs being accessed (currently unused but part of interface)\n * @param relayerUrl - Optional URL of the relayer service\n * @returns Promise resolving to access result with allowed status, reason, and grant file\n */\nexport async function checkGrantAccess(\n  grantUrl: string,\n  requestingAddress: Address,\n  operation: string,\n  _fileIds: number[],\n  relayerUrl?: string,\n): Promise<{ allowed: boolean; reason?: string; grantFile?: GrantFile }> {\n  try {\n    const grantFile = await retrieveAndValidateGrant(grantUrl, relayerUrl);\n\n    // Validate the grant for the request\n    validateGrant(grantFile, {\n      schema: true,\n      grantee: requestingAddress,\n      operation,\n    });\n\n    return { allowed: true, grantFile };\n  } catch (error) {\n    if (error instanceof GrantValidationError) {\n      return {\n        allowed: false,\n        reason: error.message,\n      };\n    }\n\n    return {\n      allowed: false,\n      reason: `Grant access check failed: ${error instanceof Error ? error.message : \"Unknown error\"}`,\n    };\n  }\n}\n\n/**\n * Utility to check if a grant has expired\n *\n * @param grantFile - The grant file to check for expiration\n * @returns True if the grant has expired, false otherwise\n */\nexport function isGrantExpired(grantFile: GrantFile): boolean {\n  if (!grantFile.expires) {\n    return false; // No expiration set\n  }\n\n  const now = Math.floor(Date.now() / 1000);\n  return now > grantFile.expires;\n}\n\n/**\n * Utility to get the time remaining before grant expires (in seconds)\n *\n * @param grantFile - The grant file to check time remaining for\n * @returns Number of seconds remaining, or null if no expiration is set\n */\nexport function getGrantTimeRemaining(grantFile: GrantFile): number | null {\n  if (!grantFile.expires) {\n    return null; // No expiration set\n  }\n\n  const now = Math.floor(Date.now() / 1000);\n  const remaining = grantFile.expires - now;\n  return Math.max(0, remaining);\n}\n\n/**\n * Creates a human-readable summary of a grant\n *\n * @param grantFile - The grant file to create a summary for\n * @returns A human-readable string describing the grant\n */\nexport function summarizeGrant(grantFile: GrantFile): string {\n  const expiration = grantFile.expires\n    ? new Date(grantFile.expires * 1000).toISOString()\n    : \"No expiration\";\n\n  return `Grant for ${grantFile.grantee} to perform \"${grantFile.operation}\" (expires: ${expiration})`;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAcA,wBAIO;AACP,6BAAoD;AA6B7C,SAAS,qBAAqB,QAA0C;AAC7E,QAAM,gBAAY,mCAAgB,MAAM;AAGxC,MAAI;AACF,8CAAc,WAAW;AAAA,MACvB,QAAQ;AAAA,MACR,SAAS,OAAO;AAAA,MAChB,WAAW,OAAO;AAAA,IACpB,CAAC;AAAA,EACH,SAAS,OAAO;AACd,UAAM,IAAI;AAAA,MACR,yCAAyC,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,MACjG,EAAE,WAAW,OAAO;AAAA,IACtB;AAAA,EACF;AAEA,SAAO;AACT;AAqCA,eAAsB,oBACpB,QACA,YACqD;AACrD,QAAM,YAAY,qBAAqB,MAAM;AAC7C,QAAM,WAAW,UAAM,kCAAe,WAAW,UAAU;AAE3D,SAAO,EAAE,WAAW,SAAS;AAC/B;AAiCA,eAAsB,yBACpB,UACA,YACoB;AACpB,QAAM,YAAY,UAAM,qCAAkB,UAAU,UAAU;AAG9D,SAAO;AACT;AAYA,eAAsB,iBACpB,UACA,mBACA,WACA,UACA,YACuE;AACvE,MAAI;AACF,UAAM,YAAY,MAAM,yBAAyB,UAAU,UAAU;AAGrE,8CAAc,WAAW;AAAA,MACvB,QAAQ;AAAA,MACR,SAAS;AAAA,MACT;AAAA,IACF,CAAC;AAED,WAAO,EAAE,SAAS,MAAM,UAAU;AAAA,EACpC,SAAS,OAAO;AACd,QAAI,iBAAiB,6CAAsB;AACzC,aAAO;AAAA,QACL,SAAS;AAAA,QACT,QAAQ,MAAM;AAAA,MAChB;AAAA,IACF;AAEA,WAAO;AAAA,MACL,SAAS;AAAA,MACT,QAAQ,8BAA8B,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,IAChG;AAAA,EACF;AACF;AAQO,SAAS,eAAe,WAA+B;AAC5D,MAAI,CAAC,UAAU,SAAS;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,SAAO,MAAM,UAAU;AACzB;AAQO,SAAS,sBAAsB,WAAqC;AACzE,MAAI,CAAC,UAAU,SAAS;AACtB,WAAO;AAAA,EACT;AAEA,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,QAAM,YAAY,UAAU,UAAU;AACtC,SAAO,KAAK,IAAI,GAAG,SAAS;AAC9B;AAQO,SAAS,eAAe,WAA8B;AAC3D,QAAM,aAAa,UAAU,UACzB,IAAI,KAAK,UAAU,UAAU,GAAI,EAAE,YAAY,IAC/C;AAEJ,SAAO,aAAa,UAAU,OAAO,gBAAgB,UAAU,SAAS,eAAe,UAAU;AACnG;","names":[]}