@ozura/elements 0.1.0-beta.5 → 0.1.0-beta.7

package/README.md

@@ -4,7 +4,7 @@ PCI-compliant card tokenization SDK for the Ozura Vault.
 
 OzElements renders secure, iframe-isolated card input fields on your page and tokenizes card data directly to the Ozura Vault. Your JavaScript never touches raw card numbers, CVVs, or expiry dates — the iframes handle everything. You get back a token. Use it with your own payment processor, your own backend systems, or with the Ozura Pay API.
 
-All you need is a vault API key.
+You need a **vault public key** (`pk_…`) for the browser SDK and your **vault API key** on the server only — it mints short-lived **wax keys** so the secret never reaches the browser. **Integration expectations and examples are in this README** (section [Wax keys (merchant integration)](#wax-keys-merchant-integration)). [WAX_KEY_IMPLEMENTATION.md](./WAX_KEY_IMPLEMENTATION.md) is an optional deep dive (design history, dev server, security notes).
 
 ---
 
@@ -14,7 +14,7 @@ If you need to collect card data, you have a PCI compliance problem. OzElements
 
 The Ozura Vault stores and tokenizes sensitive card data. OzElements is the frontend SDK for the vault — it gives you drop-in card fields that are fully isolated inside Ozura-controlled iframes. Your page never sees raw card data, which keeps your PCI scope minimal (SAQ-A).
 
-**You don't need to be an OzuraPay merchant to use this.** You just need a vault API key. Once you have a token, you can use it however you want — with your own processor, your own systems, or optionally with the Ozura Pay API.
+**You don't need to be an OzuraPay merchant to use this.** You need vault credentials: a **public key** for the browser and the **vault API key** on your server (for minting wax only). Once you have a token, you can use it however you want — with your own processor, your own systems, or optionally with the Ozura Pay API.
 
 ---
 
@@ -23,9 +23,9 @@ The Ozura Vault stores and tokenizes sensitive card data. OzElements is the fron
 ```
 Your page (yoursite.com)
 │
-│  import { OzVault } from 'oz-elements'
+│  import { OzVault } from '@ozura/elements'
 │
-│  const vault = new OzVault('vault_api_key');
+│  const vault = await OzVault.create({ pubKey, fetchWaxKey });
 │
 │  const cardNumber = vault.createElement('cardNumber', { style: { ... } });
 │  cardNumber.mount('#card-number');
@@ -47,29 +47,42 @@ Your page (yoursite.com)
 
 Raw card data travels one path: element iframe → tokenizer iframe (direct same-origin `postMessage`). Your SDK only ever sees metadata (valid/complete/cardBrand) and the final token.
 
+The tokenizer POSTs to the vault with **`X-Wax-Key`** (minted on your backend). The vault secret must **never** appear in the browser or in tokenize requests.
+
 ---
 
 ## Installation
 
 ```bash
-npm install oz-elements
+npm install @ozura/elements
 ```
 
-Or via script tag (UMD):
+Or via script tag (UMD) from jsDelivr (served from npm after you publish):
 
 ```html
-<script src="https://cdn.ozura.com/oz-elements/oz-elements.umd.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/@ozura/elements/dist/oz-elements.umd.js"></script>
 ```
 
+For production, pin a version: `.../npm/@ozura/elements@1.0.0/dist/oz-elements.umd.js`
+
 ---
 
 ## Quick start
 
 ```js
-import { OzVault } from 'oz-elements';
+import { OzVault } from '@ozura/elements';
 
-const vault = new OzVault('your_vault_api_key', {
+const vault = await OzVault.create({
   pubKey: 'your_pub_key',
+  fetchWaxKey: async (sessionId) => {
+    // Your backend mints a session-bound wax key using the vault secret
+    const { waxKey } = await fetch('/api/mint-wax', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ sessionId }),
+    }).then(r => r.json());
+    return waxKey;
+  },
 });
 
 const cardNumber = vault.createElement('cardNumber', {
@@ -111,16 +124,135 @@ document.getElementById('tokenize').addEventListener('click', async () => {
 
 ---
 
+## Wax keys (merchant integration)
+
+The vault `/tokenize` call must not use your vault secret from the browser. Instead:
+
+1. During `OzVault.create()`, the SDK generates a `sessionId` (UUID) and calls **`fetchWaxKey(sessionId)`** once.
+2. Your **`fetchWaxKey`** implementation should `POST` to **your** backend (e.g. `/api/mint-wax`) with that `sessionId`.
+3. Your backend uses the **vault API key only on the server** to mint a short-lived **wax key** from the vault, then returns `{ waxKey }` to the browser.
+4. The hidden tokenizer iframe sends **`X-Wax-Key`** (and related headers) to the vault — **never `X-API-Key`**.
+
+### Vault mint contract (your backend → vault)
+
+Your server calls the vault (the SDK’s `Ozura.mintWaxKey` does this for you):
+
+| | |
+|---|---|
+| **Method / URL** | `POST {vaultBaseUrl}/internal/wax-session` |
+| **Auth** | `X-API-Key: <vault API key>` (server only) |
+| **Body** | `{ "checkout_session_id": "<sessionId>" }` — optional; correlates with the SDK session. `{}` is valid. |
+| **Success** | HTTP **201** · `{ "data": { "wax_key": "<uuid>", "expires_in_seconds": 1800 } }` (TTL is typically 30 minutes) |
+| **Errors** | JSON such as `{ "message", "error_code" }` — treat like any API error |
+
+If your vault hostname differs from the default used by published iframe builds, pass **`vaultUrl`** on `Ozura` so mint/revoke hit the correct host.
+
+### One-line handlers (`@ozura/elements/server`)
+
+Both helpers accept **`sessionId`** or **`tokenizationSessionId`** in the JSON body. They respond with **`{ waxKey }`** on success.
+
+**Next.js App Router** (or any runtime with `Request` / `Response`):
+
+```ts
+import { Ozura, createMintWaxHandler } from '@ozura/elements/server';
+
+const ozura = new Ozura({
+  merchantId: process.env.MERCHANT_ID!,
+  apiKey:     process.env.MERCHANT_API_KEY!,
+  vaultKey:   process.env.VAULT_API_KEY!,
+  // vaultUrl: process.env.VAULT_URL,  // optional override
+});
+
+export const POST = createMintWaxHandler(ozura);
+```
+
+**Express** (register JSON body parsing **before** the middleware):
+
+```ts
+import express from 'express';
+import { Ozura, createMintWaxMiddleware } from '@ozura/elements/server';
+
+const app = express();
+const ozura = new Ozura({
+  merchantId: process.env.MERCHANT_ID!,
+  apiKey:     process.env.MERCHANT_API_KEY!,
+  vaultKey:   process.env.VAULT_API_KEY!,
+});
+
+app.use(express.json());
+app.post('/api/mint-wax', createMintWaxMiddleware(ozura));
+```
+
+### Manual route
+
+Use this if you need to persist `waxKey` server-side for later revocation:
+
+```ts
+app.post('/api/mint-wax', async (req, res) => {
+  const sessionId = req.body?.sessionId ?? req.body?.tokenizationSessionId;
+  const { waxKey, expiresInSeconds } = await ozura.mintWaxKey(
+    typeof sessionId === 'string' && sessionId
+      ? { tokenizationSessionId: sessionId }
+      : {},
+  );
+  // await saveWaxForSession(sessionId, waxKey);
+  res.json({ waxKey });
+});
+```
+
+`mintWaxKey` throws **`OzuraError`** on failure (vault 4xx/5xx). The one-line handlers catch that and respond with **`{ error: string }`**: HTTP status is the vault status when ≥ 400, otherwise **502** (e.g. network failure).
+
+### Browser: handle mint failures
+
+Check the response from your mint endpoint before calling `createToken`:
+
+```js
+fetchWaxKey: async (sessionId) => {
+  const res = await fetch('/api/mint-wax', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ sessionId }),
+  });
+  const data = await res.json().catch(() => ({}));
+  if (!res.ok) {
+    throw new Error(typeof data.error === 'string' ? data.error : 'Could not mint wax key');
+  }
+  if (!data.waxKey) throw new Error('Mint response missing waxKey');
+  return data.waxKey;
+},
+```
+
+### Optional: revoke when the checkout session ends
+
+To shorten exposure before TTL, call **`await ozura.revokeWaxKey(waxKey)`** from your server when the session completes successfully, the user cancels, or your session times out. It is best-effort (does not throw). **Do not** revoke on card decline — the user may fix the card and call `createToken()` again without a full new `OzVault.create()`.
+
+### Expired or consumed wax
+
+If tokenization fails with an auth-style error after the wax key expired or was consumed, create a **new** vault instance: `await OzVault.create({ pubKey, fetchWaxKey })` so `fetchWaxKey` runs again.
+
+### More detail
+
+[WAX_KEY_IMPLEMENTATION.md](./WAX_KEY_IMPLEMENTATION.md) covers revocation scenarios, local dev-server behaviour, and security notes in depth.
+
+---
+
 ## API
 
-### `new OzVault(apiKey, options)`
+### `OzVault.create(options)`
+
+Returns `Promise<OzVault>`. The static factory is the only way to create a vault — the constructor is private.
 
 | Option | Type | Default | Description |
 |---|---|---|---|
-| `apiKey` | `string` | required | Your Ozura vault API key |
 | `options.pubKey` | `string` | required | System pub key for the tokenize endpoint. Obtain from Ozura admin. |
-| `options.apiUrl` | `string` | Ozura prod vault | Vault base URL |
+| `options.fetchWaxKey` | `(sessionId: string) => Promise<string>` | required | Called once during `create()`. Receives an SDK-generated session UUID; your implementation passes it to your backend, which mints a session-bound wax key from the vault using your vault secret. Returns the wax key string. |
 | `options.frameBaseUrl` | `string` | `https://elements.ozura.com` | Where iframe assets are served from |
+| `options.fonts` | `FontSource[]` | `[]` | Custom fonts to inject into element iframes |
+| `options.appearance` | `ElementStyleConfig` | — | Default style applied to all created elements |
+| `options.onLoadError` | `() => void` | — | Called if the tokenizer iframe fails to load within `loadTimeoutMs` |
+| `options.loadTimeoutMs` | `number` | `10000` | Timeout in ms before `onLoadError` fires |
+
+Implement **`/api/mint-wax`** on your server using `@ozura/elements/server` — see [Wax keys (merchant integration)](#wax-keys-merchant-integration) for Next.js, Express, manual mint, errors, and optional revocation.
 
 ### `vault.createElement(type, options?)`
 
@@ -233,24 +365,41 @@ Updates `style`, `placeholder`, or `disabled` on a mounted element without remou
 
 ---
 
+## Server SDK (`@ozura/elements/server`)
+
+Import `Ozura` and optional wax helpers from `@ozura/elements/server`:
+
+| Export | Role |
+|--------|------|
+| `new Ozura({ merchantId, apiKey, vaultKey, apiUrl?, vaultUrl?, … })` | Pay API (`cardSale`, `listTransactions`) and vault wax calls |
+| `ozura.mintWaxKey({ tokenizationSessionId? })` | `POST /internal/wax-session` — implement or use helpers below |
+| `ozura.revokeWaxKey(waxKey)` | Best-effort revoke when the checkout session ends |
+| `createMintWaxHandler(ozura)` | Fetch API handler (Next.js App Router, Workers, Edge) → `{ waxKey }` |
+| `createMintWaxMiddleware(ozura)` | Express / Connect middleware → `{ waxKey }` |
+| `getClientIp(req)` | Helper for `cardSale` client IP |
+
+See [Wax keys (merchant integration)](#wax-keys-merchant-integration) in this README for vault contract, examples, and client error handling. Extra depth (dev server, threat notes): [WAX_KEY_IMPLEMENTATION.md](./WAX_KEY_IMPLEMENTATION.md).
+
+---
+
 ## React
 
 ```bash
-npm install oz-elements
+npm install @ozura/elements
 ```
 
 Import from the `/react` subpath:
 
 ```tsx
-import { OzElements, OzCardNumber, OzExpiry, OzCvv, useOzElements } from 'oz-elements/react';
+import { OzElements, OzCardNumber, OzExpiry, OzCvv, useOzElements } from '@ozura/elements/react';
 ```
 
 ### Example
 
 ```tsx
 import { useState } from 'react';
-import { OzElements, OzCardNumber, OzExpiry, OzCvv, useOzElements } from 'oz-elements/react';
-import { normalizeCardSaleError } from 'oz-elements';
+import { OzElements, OzCardNumber, OzExpiry, OzCvv, useOzElements } from '@ozura/elements/react';
+import { normalizeCardSaleError } from '@ozura/elements';
 
 const fieldStyle = {
   base:    { color: '#111827', fontSize: '16px', fontFamily: 'Inter, sans-serif' },
@@ -334,8 +483,15 @@ function CheckoutForm() {
 export default function App() {
   return (
     <OzElements
-      apiKey="your_vault_api_key"
       pubKey="your_pub_key"
+      fetchWaxKey={async (sessionId) => {
+        const { waxKey } = await fetch('/api/mint-wax', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ sessionId }),
+        }).then(r => r.json());
+        return waxKey;
+      }}
       frameBaseUrl="https://elements.ozura.com"
     >
       <CheckoutForm />
@@ -348,9 +504,13 @@ export default function App() {
 
 | Prop | Type | Description |
 |---|---|---|
-| `apiKey` | `string` | Your Ozura vault API key |
-| `apiUrl` | `string?` | Vault API base URL |
+| `fetchWaxKey` | `(sessionId: string) => Promise<string>` | Called once on mount. Pass the received `sessionId` to your backend; your backend mints a wax key from the vault and returns it. |
+| `pubKey` | `string` | System pub key for the tokenize endpoint |
 | `frameBaseUrl` | `string?` | Where iframe assets are hosted |
+| `fonts` | `FontSource[]?` | Custom fonts to inject into element iframes |
+| `onLoadError` | `() => void?` | Called if vault init fails (fetchWaxKey error or tokenizer iframe timeout) |
+| `loadTimeoutMs` | `number?` | Timeout before `onLoadError` fires (default: 10 000) |
+| `appearance` | `Appearance?` | Global theme / variable overrides |
 
 ### `useOzElements()` return
 
@@ -380,7 +540,7 @@ If you're an OzuraPay merchant and want to charge cards through Ozura's processo
 
 | Credential | Where it goes |
 |-----------|---------------|
-| Vault API key | Frontend: `new OzVault(vaultApiKey)`. Backend: `vault-api-key` header |
+| Vault API key | **Server only.** Browser calls `fetchWaxKey` → your backend mints a wax key with this secret; never send the secret in the browser. Pay API `cardSale` also sends it as `vault-api-key` from the server. |
 | Pay API key | Backend only: `x-api-key` header |
 | Merchant ID | Backend only: `merchantId` in request body |
 
@@ -389,10 +549,18 @@ For the full credential setup, billing form field requirements, validation rules
 ### 1 — Collect card data + billing in one call
 
 ```js
-import { OzVault, normalizeCardSaleError } from 'oz-elements';
+import { OzVault, normalizeCardSaleError } from '@ozura/elements';
 
-const vault = new OzVault('vault_api_key_here', {
+const vault = await OzVault.create({
   pubKey: 'your_pub_key',
+  fetchWaxKey: async (sessionId) => {
+    const { waxKey } = await fetch('/api/mint-wax', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ sessionId }),
+    }).then(r => r.json());
+    return waxKey;
+  },
 });
 
 // … mount card elements …
@@ -470,7 +638,7 @@ Your server proxies to the Ozura Pay API with **two API keys** in the headers:
 
 ```js
 // Node.js / Express example
-import type { CardSaleRequest, CardSaleApiResponse } from 'oz-elements';
+import type { CardSaleRequest, CardSaleApiResponse } from '@ozura/elements';
 
 app.post('/api/charge', async (req, res) => {
   const body = req.body;
@@ -545,7 +713,7 @@ app.post('/api/charge', async (req, res) => {
 ### 3 — cardSale response shape
 
 ```ts
-import type { CardSaleApiResponse, CardSaleResponseData } from 'oz-elements';
+import type { CardSaleApiResponse, CardSaleResponseData } from '@ozura/elements';
 
 // Successful response shape from POST /api/v1/cardSale:
 // {
@@ -591,7 +759,7 @@ app.get('/api/client-ip', (req, res) => {
 Maps raw Pay API error strings to user-friendly copy. Uses the same key table as the Ozura checkout frontend — identical errors produce identical messages on both surfaces:
 
 ```js
-import { normalizeCardSaleError } from 'oz-elements';
+import { normalizeCardSaleError } from '@ozura/elements';
 
 normalizeCardSaleError('Insufficient Funds')
 // → "Your card has insufficient funds. Please use a different payment method."
@@ -608,7 +776,7 @@ normalizeCardSaleError('Card expired')
 Import the interface to type your cardSale payload and catch missing fields at compile time:
 
 ```ts
-import type { CardSaleRequest } from 'oz-elements';
+import type { CardSaleRequest } from '@ozura/elements';
 
 const payload: CardSaleRequest = {
   processor:        'elavon',
@@ -652,22 +820,23 @@ The test suite covers: Luhn algorithm, card brand detection, card number formatt
 ```bash
 npm install
 npm run dev      # build + serve demo at http://localhost:4242/demo/index.html
-npm run build    # production build
 npm run watch    # rebuild on save
+npm run build    # production build
 ```
 
 Build outputs in `dist/`:
 
 | File | Format | Use |
 |---|---|---|
-| `oz-elements.esm.js` | ESM | `import { OzVault } from 'oz-elements'` |
+| `oz-elements.esm.js` | ESM | `import { OzVault } from '@ozura/elements'` |
 | `oz-elements.umd.js` | UMD | `<script>` tag / CDN |
 | `frame/element-frame.js` | IIFE | loaded by element iframes |
 | `frame/tokenizer-frame.js` | IIFE | loaded by tokenizer iframe |
-| `react/index.esm.js` | ESM | `import ... from 'oz-elements/react'` |
-| `react/index.cjs.js` | CJS | `require('oz-elements/react')` |
+| `react/index.esm.js` | ESM | `import ... from '@ozura/elements/react'` |
+| `react/index.cjs.js` | CJS | `require('@ozura/elements/react')` |
+| `server/index.*.js` | ESM + CJS | `import { Ozura, createMintWaxHandler } from '@ozura/elements/server'` |
 
-See [ARCHITECTURE.md](./ARCHITECTURE.md) for architecture detail, security model, and pre-production requirements.
+Maintainer notes: [DEVELOPMENT.md](./DEVELOPMENT.md). Merchants: [Wax keys (merchant integration)](#wax-keys-merchant-integration) in this file; supplementary detail in [WAX_KEY_IMPLEMENTATION.md](./WAX_KEY_IMPLEMENTATION.md).
 
 ---
 
@@ -692,23 +861,24 @@ See [ARCHITECTURE.md](./ARCHITECTURE.md) for architecture detail, security model
 - [x] `OzVault.isReady` getter
 - [x] `element.mount()` accepts `HTMLElement` as well as a CSS selector
 - [x] Unit test suite (Vitest + jsdom) — 168 tests, 0 failures
-- [ ] Published to npm as `oz-elements`
-- [ ] CDN delivery for UMD build
+- [ ] Published to npm as `@ozura/elements`
+- [ ] CDN delivery for UMD build (optional for v1)
 
 ### v0.3 — React ✅
 - [x] `<OzElements>` provider — creates and owns an `OzVault` instance
 - [x] `<OzCardNumber />`, `<OzExpiry />`, `<OzCvv />` field components
 - [x] `useOzElements()` hook — `createToken` + `ready` flag
-- [x] ESM + CJS React bundle, exported at `oz-elements/react`
-- [ ] Published as a standalone `@oz/react-elements` package
+- [x] ESM + CJS React bundle, exported at `@ozura/elements/react`
+- [ ] Published as a standalone `@oz/react-elements` package (optional; subpath export is sufficient for v1)
 
 ### v1.0 — Production ready
 - [x] Production iframe hosting at `elements.ozura.com`
-- [ ] postMessage integration tests
-- [ ] Security audit
-- [ ] Public documentation site
-- [ ] ACH / bank account element (pending Pay API support)
-- [ ] Saved payment method support (returning customers)
+- [x] postMessage security covered (unit + E2E tests; see `docs/AUDIT.md`)
+- [x] Security audit (consolidated in `docs/AUDIT.md`; all findings resolved or closed)
+- [ ] Publish `@ozura/elements@1.0.0` to npm
+- [ ] Public documentation site (or link to ozura-documentation)
+- [ ] ACH / bank account element (pending Pay API support) — post-v1
+- [ ] Saved payment method support (returning customers) — post-v1
 
 ---
 

package/dist/frame/element-frame.html

@@ -2,7 +2,7 @@
 <html lang="en">
 <head>
   <meta charset="UTF-8" />
-  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; connect-src 'self'; style-src 'unsafe-inline' https:; font-src https: 'self';" />
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; connect-src 'self'; style-src 'self' 'unsafe-inline' https:; font-src https: data:; base-uri 'none'; form-action 'none';" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
   <title>Secure Input</title>
   <style>

package/dist/frame/tokenizer-frame.html

@@ -2,7 +2,7 @@
 <html lang="en">
 <head>
   <meta charset="UTF-8" />
-  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; connect-src https:;" />
+  <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'self'; connect-src https://pci-vault-staging-drc0duhcakf4g4fr.eastus-01.azurewebsites.net; base-uri 'none'; form-action 'none';" />
   <title>Ozura Tokenizer</title>
 </head>
 <body>

package/dist/frame/tokenizer-frame.js

@@ -15,10 +15,10 @@ var _OzTokenizerFrame = (function (exports) {
      */
     const VAULT_API_URL = "https://pci-vault-staging-drc0duhcakf4g4fr.eastus-01.azurewebsites.net";
     /**
-     * Defense-in-depth guard: only allows the build-time vault URL or
-     * localhost for dev. The tokenizer already uses VAULT_API_URL directly
-     * and never reads the merchant-supplied apiUrl, so this is a secondary
-     * safety net — not the primary security boundary.
+     * Defense-in-depth guard: only allows the build-time vault URL origin.
+     * The tokenizer already uses VAULT_API_URL directly and never reads
+     * the merchant-supplied apiUrl, so this is a secondary safety net —
+     * not the primary security boundary.
      *
      * Exported for unit testing only — not part of the public SDK API.
      */
@@ -30,8 +30,6 @@ var _OzTokenizerFrame = (function (exports) {
         catch (_a) {
             return false;
         }
-        if (parsed.protocol === 'http:' && parsed.hostname === 'localhost')
-            return true;
         try {
             const allowed = new URL(VAULT_API_URL);
             return parsed.origin === allowed.origin;
@@ -64,12 +62,13 @@ var _OzTokenizerFrame = (function (exports) {
                     }
                     break;
                 case 'OZ_TOKENIZE':
-                    if (this.hostOrigin && event.origin !== this.hostOrigin)
+                    if (!this.hostOrigin || event.origin !== this.hostOrigin)
                         return;
                     this.pending.set(msg.requestId, {
                         kind: 'card',
                         requestId: msg.requestId,
-                        apiKey: msg.apiKey,
+                        waxKey: msg.waxKey || '',
+                        tokenizationSessionId: msg.tokenizationSessionId || '',
                         pubKey: msg.pubKey || '',
                         firstName: msg.firstName || '',
                         lastName: msg.lastName || '',
@@ -80,12 +79,13 @@ var _OzTokenizerFrame = (function (exports) {
                     });
                     break;
                 case 'OZ_BANK_TOKENIZE':
-                    if (this.hostOrigin && event.origin !== this.hostOrigin)
+                    if (!this.hostOrigin || event.origin !== this.hostOrigin)
                         return;
                     this.pendingBank.set(msg.requestId, {
                         kind: 'bank',
                         requestId: msg.requestId,
-                        apiKey: msg.apiKey,
+                        waxKey: msg.waxKey || '',
+                        tokenizationSessionId: msg.tokenizationSessionId || '',
                         pubKey: msg.pubKey || '',
                         firstName: msg.firstName || '',
                         lastName: msg.lastName || '',
@@ -143,7 +143,7 @@ var _OzTokenizerFrame = (function (exports) {
          * `token` string, or `null` if an error was already reported via
          * postMessage to `target`.
          */
-        async postToVault(requestId, apiUrl, apiKey, pubKey, body, target, logLabel) {
+        async postToVault(requestId, apiUrl, waxKey, pubKey, body, target, logLabel, tokenizationSessionId) {
             var _a, _b;
             if (!isAllowedVaultOrigin(apiUrl)) {
                 let error;
@@ -158,15 +158,39 @@ var _OzTokenizerFrame = (function (exports) {
                 window.parent.postMessage({ __oz: true, vaultId: this.vaultId, type: 'OZ_TOKEN_ERROR', requestId, error, errorCode: 'config' }, target);
                 return null;
             }
+            if (!waxKey) {
+                const error = 'Wax key is missing. Ensure OzVault.create() completed successfully before calling createToken().';
+                console.error(`[OzTokenizer] ${error}`);
+                window.parent.postMessage({ __oz: true, vaultId: this.vaultId, type: 'OZ_TOKEN_ERROR', requestId, error, errorCode: 'config' }, target);
+                return null;
+            }
             try {
                 const headers = {
                     'Content-Type': 'application/json',
-                    'X-API-Key': apiKey,
+                    'X-Wax-Key': waxKey,
                     'X-Request-ID': requestId,
                 };
                 if (pubKey) {
                     headers['X-Pub-Key'] = pubKey;
                 }
+                if (tokenizationSessionId) {
+                    headers['X-Tokenization-Session-Id'] = tokenizationSessionId;
+                }
+                // ── Security enforcement ──────────────────────────────────────────────
+                // x-api-key is a merchant secret and must NEVER be sent to the vault
+                // tokenize endpoint. The vault authenticates tokenize requests via
+                // X-Wax-Key (session-scoped) only. Any accidental inclusion here is a
+                // configuration bug that must surface immediately, not silently degrade.
+                const forbiddenKey = Object.keys(headers).find(k => k.toLowerCase() === 'x-api-key');
+                if (forbiddenKey) {
+                    const msg = `[OzTokenizer] SECURITY: 'x-api-key' must not be sent to the vault ` +
+                        `tokenize endpoint (found as '${forbiddenKey}'). ` +
+                        `Vault tokenize authenticates via X-Wax-Key only.`;
+                    console.error(msg);
+                    window.parent.postMessage({ __oz: true, vaultId: this.vaultId, type: 'OZ_TOKEN_ERROR', requestId, error: msg, errorCode: 'config' }, target);
+                    return null;
+                }
+                // ─────────────────────────────────────────────────────────────────────
                 const data = await this.fetchWithRetry(`${apiUrl}/tokenize`, {
                     method: 'POST',
                     headers,
@@ -192,7 +216,7 @@ var _OzTokenizerFrame = (function (exports) {
         }
         async tokenize(session) {
             var _a, _b, _c, _d;
-            const { requestId, apiKey, pubKey, firstName, lastName, values, cardMeta, hostOrigin } = session;
+            const { requestId, waxKey, tokenizationSessionId, pubKey, firstName, lastName, values, cardMeta, hostOrigin } = session;
             const target = hostOrigin || window.location.origin;
             const cardNumber = values.get('cardNumber') || '';
             const cvv = values.get('cvv') || '';
@@ -215,7 +239,7 @@ var _OzTokenizerFrame = (function (exports) {
                     },
                 },
             };
-            const data = await this.postToVault(requestId, VAULT_API_URL, apiKey, pubKey, body, target, 'card');
+            const data = await this.postToVault(requestId, VAULT_API_URL, waxKey, pubKey, body, target, 'card', tokenizationSessionId);
             if (!data)
                 return;
             const { token } = data;
@@ -232,7 +256,7 @@ var _OzTokenizerFrame = (function (exports) {
             window.parent.postMessage(Object.assign({ __oz: true, vaultId: this.vaultId, type: 'OZ_TOKEN_RESULT', requestId, token, cvcSession }, (hasFullCardMeta ? { card: cardMeta } : {})), target);
         }
         async tokenizeBank(session) {
-            const { requestId, apiKey, pubKey, firstName, lastName, values, bankMeta, hostOrigin } = session;
+            const { requestId, waxKey, tokenizationSessionId, pubKey, firstName, lastName, values, bankMeta, hostOrigin } = session;
             const target = hostOrigin || window.location.origin;
             const body = {
                 type: 'bank',
@@ -248,7 +272,7 @@ var _OzTokenizerFrame = (function (exports) {
                     },
                 },
             };
-            const data = await this.postToVault(requestId, VAULT_API_URL, apiKey, pubKey, body, target, 'bank');
+            const data = await this.postToVault(requestId, VAULT_API_URL, waxKey, pubKey, body, target, 'bank', tokenizationSessionId);
             if (!data)
                 return;
             const { token } = data;

package/dist/frame/tokenizer-frame.js.map

@@ -1 +1 @@
-{"version":3,"file":"tokenizer-frame.js","sources":["../../src/frame/tokenizerFrame.ts"],"sourcesContent":[null],"names":[],"mappings":";;;IAAA;;;;;;;;;;;IAWG;IAIH,MAAM,aAAa,GAAG,wEAAiB;IAEvC;;;;;;;IAOG;IACG,SAAU,oBAAoB,CAAC,MAAc,EAAA;IACjD,IAAA,IAAI,MAAW;IACf,IAAA,IAAI;IACF,QAAA,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;QAC1B;IAAE,IAAA,OAAA,EAAA,EAAM;IACN,QAAA,OAAO,KAAK;QACd;QAEA,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW;IAAE,QAAA,OAAO,IAAI;IAE/E,IAAA,IAAI;IACF,QAAA,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC;IACtC,QAAA,OAAO,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;QACzC;IAAE,IAAA,OAAA,EAAA,EAAM;IACN,QAAA,OAAO,KAAK;QACd;IACF;IAmCA,MAAM,cAAc,CAAA;IAMlB,IAAA,WAAA,GAAA;YAJQ,IAAA,CAAA,UAAU,GAAG,EAAE;IACf,QAAA,IAAA,CAAA,OAAO,GAAG,IAAI,GAAG,EAA0B;IAC3C,QAAA,IAAA,CAAA,WAAW,GAAG,IAAI,GAAG,EAA8B;IAGzD,QAAA,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrD,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE;YACrC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC;IACrC,QAAA,IAAI,OAAO;IAAE,YAAA,IAAI,CAAC,UAAU,GAAG,OAAO;IAEtC,QAAA,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE7D,QAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,eAAe,EAAE,EACvF,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAC1C;QACH;IAEQ,IAAA,SAAS,CAAC,KAAmB,EAAA;IACnC,QAAA,MAAM,GAAG,GAAG,KAAK,CAAC,IAAiB;IACnC,QAAA,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,IAAI,GAAG,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO;gBAAE;IAE/D,QAAA,QAAQ,GAAG,CAAC,IAAI;IACd,YAAA,KAAK,SAAS;IACZ,gBAAA,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;IACpB,oBAAA,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,MAAM;oBAChC;oBACA;IAEF,YAAA,KAAK,aAAa;oBAChB,IAAI,IAAI,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU;wBAAE;oBACzD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE;IACxC,oBAAA,IAAI,EAAE,MAAM;wBACZ,SAAS,EAAE,GAAG,CAAC,SAAmB;wBAClC,MAAM,EAAE,GAAG,CAAC,MAAgB;IAC5B,oBAAA,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;IACpC,oBAAA,SAAS,EAAG,GAAG,CAAC,SAAoB,IAAI,EAAE;IAC1C,oBAAA,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,EAAE;IACxC,oBAAA,UAAU,EAAG,GAAG,CAAC,UAAqB,IAAI,CAAC;wBAC3C,MAAM,EAAE,IAAI,GAAG,EAAE;IACjB,oBAAA,QAAQ,EAAE,EAAE;wBACZ,UAAU,EAAE,KAAK,CAAC,MAAM;IACzB,iBAAA,CAAC;oBACF;IAEF,YAAA,KAAK,kBAAkB;oBACrB,IAAI,IAAI,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU;wBAAE;oBACzD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE;IAC5C,oBAAA,IAAI,EAAE,MAAM;wBACZ,SAAS,EAAE,GAAG,CAAC,SAAmB;wBAClC,MAAM,EAAE,GAAG,CAAC,MAAgB;IAC5B,oBAAA,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;IACpC,oBAAA,SAAS,EAAG,GAAG,CAAC,SAAoB,IAAI,EAAE;IAC1C,oBAAA,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,EAAE;IACxC,oBAAA,UAAU,EAAG,GAAG,CAAC,UAAqB,IAAI,CAAC;wBAC3C,MAAM,EAAE,IAAI,GAAG,EAAE;IACjB,oBAAA,QAAQ,EAAE,EAAE;wBACZ,UAAU,EAAE,KAAK,CAAC,MAAM;IACzB,iBAAA,CAAC;oBACF;gBAEF,KAAK,gBAAgB,EAAE;;oBAErB,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE;wBACpC,OAAO,CAAC,IAAI,CAAC,0DAA0D,EAAE,KAAK,CAAC,MAAM,CAAC;wBACtF;oBACF;;IAGA,gBAAA,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,CAAC;oBACzD,IAAI,OAAO,EAAE;IACX,oBAAA,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE,GAAG,CAAC,KAAe,CAAC;wBAEhE,IAAI,GAAG,CAAC,KAAK;4BAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,KAAe;wBAC3D,IAAI,GAAG,CAAC,KAAK;4BAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,KAAe;wBAC3D,IAAI,GAAG,CAAC,QAAQ;4BAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAkB;wBACpE,IAAI,GAAG,CAAC,OAAO;4BAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,GAAG,GAAG,CAAC,OAAiB;wBAEjE,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,UAAU,EAAE;4BAC7C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;IACtC,wBAAA,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACxB;oBACF;;IAGA,gBAAA,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,CAAC;oBACjE,IAAI,WAAW,EAAE;IACf,oBAAA,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE,GAAG,CAAC,KAAe,CAAC;wBAEpE,IAAI,GAAG,CAAC,SAAS,KAAK,eAAe,IAAI,GAAG,CAAC,KAAK;4BAAE,WAAW,CAAC,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,KAAe;IACpG,oBAAA,IAAI,GAAG,CAAC,SAAS,KAAK,eAAe;4BAAE,WAAW,CAAC,QAAQ,CAAC,aAAa,GAAG,GAAG,CAAC,KAAe;wBAE/F,IAAI,WAAW,CAAC,MAAM,CAAC,IAAI,IAAI,WAAW,CAAC,UAAU,EAAE;4BACrD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC;IAC9C,wBAAA,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC;wBAChC;oBACF;oBACA;gBACF;;QAEJ;IAEA;;;;;;;IAOG;IACK,IAAA,MAAM,WAAW,CACvB,SAAiB,EACjB,MAAc,EACd,MAAc,EACd,MAAc,EACd,IAA6B,EAC7B,MAAc,EACd,QAAgB,EAAA;;IAEhB,QAAA,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE;IACjC,YAAA,IAAI,KAAa;IACjB,YAAA,IAAI;IACF,gBAAA,IAAI,GAAG,CAAC,MAAM,CAAC;oBACf,KAAK,GAAG,iCAAiC;gBAC3C;IAAE,YAAA,OAAA,EAAA,EAAM;oBACN,KAAK,GAAG,wBAAwB;gBAClC;gBACA,OAAO,CAAC,KAAK,CAAC,CAAA,sBAAA,EAAyB,QAAQ,CAAA,yBAAA,CAA2B,EAAE,MAAM,CAAC;IACnF,YAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,EACpG,MAAM,CACP;IACD,YAAA,OAAO,IAAI;YACb;IAEA,QAAA,IAAI;IACF,YAAA,MAAM,OAAO,GAA2B;IACtC,gBAAA,cAAc,EAAE,kBAAkB;IAClC,gBAAA,WAAW,EAAE,MAAM;IACnB,gBAAA,cAAc,EAAE,SAAS;iBAC1B;gBACD,IAAI,MAAM,EAAE;IACV,gBAAA,OAAO,CAAC,WAAW,CAAC,GAAG,MAAM;gBAC/B;gBAEA,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,EAAE;IAC3D,gBAAA,MAAM,EAAE,MAAM;oBACd,OAAO;IACP,gBAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;IAC3B,aAAA,CAAC;gBAEF,MAAM,KAAK,GAAG,MAAM,CAAC,CAAA,EAAA,GAAA,MAAA,IAAI,KAAA,IAAA,IAAJ,IAAI,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAJ,IAAI,CAAE,KAAK,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,IAAI,KAAA,IAAA,IAAJ,IAAI,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAJ,IAAI,CAAE,EAAE,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,EAAE,CAAC;gBACnD,IAAI,CAAC,KAAK,EAAE;IACV,gBAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB;IACE,oBAAA,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS;IACpE,oBAAA,KAAK,EAAE,4EAA4E;IACnF,oBAAA,SAAS,EAAE,QAAQ;qBACpB,EACD,MAAM,CACP;IACD,gBAAA,OAAO,IAAI;gBACb;gBAEA,OAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAY,IAAI,CAAA,EAAA,EAAE,KAAK,EAAA,CAAA;YACzB;YAAE,OAAO,GAAY,EAAE;IACrB,YAAA,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,GAAG,GAAG,CAAC,OAAO,GAAG,CAAA,EAAG,QAAQ,sBAAsB;IACtF,YAAA,MAAM,SAAS,GAAG,CAAC,GAAG,YAAY,KAAK,IAAK,GAAsC,CAAC,SAAS,KAAK,SAAS;IAC1G,YAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,EACnG,MAAM,CACP;IACD,YAAA,OAAO,IAAI;YACb;QACF;QAEQ,MAAM,QAAQ,CAAC,OAAuB,EAAA;;IAC5C,QAAA,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,OAAO;YAChG,MAAM,MAAM,GAAG,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;YAEnD,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE;YACjD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE;IACnC,QAAA,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YAClD,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1C,QAAA,MAAM,cAAc,GAAG,CAAA,EAAA,EAAK,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA,CAAE;IAEhD,QAAA,MAAM,IAAI,GAAG;IACX,YAAA,IAAI,EAAE,MAAM;IACZ,YAAA,IAAI,EAAE;oBACJ,UAAU;oBACV,GAAG;oBACH,eAAe;oBACf,cAAc;IACd,gBAAA,UAAU,EAAE,SAAS;IACrB,gBAAA,SAAS,EAAE,QAAQ;IACpB,aAAA;IACD,YAAA,aAAa,EAAE;IACb,gBAAA,KAAK,EAAE;IACL,oBAAA,WAAW,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE;IAChE,iBAAA;IACF,aAAA;aACF;YAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC;IACnG,QAAA,IAAI,CAAC,IAAI;gBAAE;IAEX,QAAA,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI;YACtB,MAAM,UAAU,GAAG,MAAM,CACvB,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,IAAI,CAAC,UAAU,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACf,IAAI,CAAC,SAAS,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACd,IAAI,CAAC,eAAe,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACpB,IAAI,CAAC,cAAc,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACnB,EAAE,CACH;YAED,IAAI,CAAC,UAAU,EAAE;IACf,YAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB;IACE,gBAAA,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS;IACpE,gBAAA,KAAK,EAAE,6FAA6F;IACpG,gBAAA,SAAS,EAAE,QAAQ;iBACpB,EACD,MAAM,CACP;gBACD;YACF;IAEA,QAAA,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,OAAO;IACjG,QAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CAAA,MAAA,CAAA,MAAA,CAAA,EAErB,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,SAAS,EAAE,KAAK,EAAE,UAAU,KACpF,eAAe,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAC,EAEhD,MAAM,CACP;QACH;QAEQ,MAAM,YAAY,CAAC,OAA2B,EAAA;IACpD,QAAA,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,OAAO;YAChG,MAAM,MAAM,GAAG,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;IAEnD,QAAA,MAAM,IAAI,GAAG;IACX,YAAA,IAAI,EAAE,MAAM;IACZ,YAAA,IAAI,EAAE;oBACJ,aAAa,EAAE,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE;oBAChD,aAAa,EAAE,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE;IAChD,gBAAA,UAAU,EAAE,SAAS;IACrB,gBAAA,SAAS,EAAE,QAAQ;IACpB,aAAA;IACD,YAAA,aAAa,EAAE;IACb,gBAAA,KAAK,EAAE;IACL,oBAAA,cAAc,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE;IACnE,iBAAA;IACF,aAAA;aACF;YAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,CAAC;IACnG,QAAA,IAAI,CAAC,IAAI;gBAAE;IAEX,QAAA,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI;IACtB,QAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CAAA,MAAA,CAAA,MAAA,CAAA,EAErB,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,KAAK,EAAA,GAC7E,QAAQ,CAAC,KAAK,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAC,EAE/C,MAAM,CACP;QACH;QAEQ,OAAO,kBAAkB,CAAC,MAAc,EAAA;IAC9C,QAAA,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;IAAE,YAAA,OAAO,MAAM;IACnD,QAAA,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG;IAAE,YAAA,OAAO,YAAY;YACtD,IAAI,MAAM,IAAI,GAAG;IAAE,YAAA,OAAO,QAAQ;IAClC,QAAA,OAAO,SAAS;QAClB;IAEA;;;;;;IAMG;QACK,MAAM,cAAc,CAAC,GAAW,EAAE,IAAiB,EAAE,OAAO,GAAG,CAAC,EAAA;IACtE,QAAA,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE;IACxC,QAAA,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,UAAU,CAAC,KAAK,EAAE,EAAE,KAAM,CAAC;IAE9D,QAAA,IAAI;IACF,YAAA,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAO,IAAI,CAAA,EAAA,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,IAAG;gBACpE,YAAY,CAAC,SAAS,CAAC;IAEvB,YAAA,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE;oBACX,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IACrE,gBAAA,MAAM,MAAM,GAAG,CAAA,GAAG,KAAA,IAAA,IAAH,GAAG,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAH,GAAG,CAAE,KAAK,KAAI,CAAA,KAAA,EAAQ,GAAG,CAAC,MAAM,EAAE;oBACjD,MAAM,IAAI,GAAG,cAAc,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC;oBAE1D,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,EAAE;IACpC,oBAAA,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC3C,oBAAA,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,CAAC;oBACpD;IACA,gBAAA,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC;IAC1B,gBAAA,CAAmC,CAAC,SAAS,GAAG,IAAI;IACrD,gBAAA,MAAM,CAAC;gBACT;IAEA,YAAA,OAAO,MAAM,GAAG,CAAC,IAAI,EAAE;YACzB;YAAE,OAAO,GAAY,EAAE;gBACrB,YAAY,CAAC,SAAS,CAAC;gBAEvB,IAAI,GAAG,YAAY,KAAK,IAAK,GAAsC,CAAC,SAAS,EAAE;IAC7E,gBAAA,MAAM,GAAG;gBACX;gBAEA,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY;IACjE,YAAA,MAAM,cAAc,GAAG,GAAG,YAAY,SAAS;gBAC/C,IAAI,CAAC,OAAO,IAAI,cAAc,IAAI,OAAO,GAAG,CAAC,EAAE;IAC7C,gBAAA,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC3C,gBAAA,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,CAAC;gBACpD;gBAEA,IAAI,OAAO,EAAE;IACX,gBAAA,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,mDAAmD,CAAC;IACvE,gBAAA,CAAmC,CAAC,SAAS,GAAG,SAAS;IAC1D,gBAAA,MAAM,CAAC;gBACT;gBACA,IAAI,cAAc,EAAE;oBAClB,MAAM,CAAC,GAAG,IAAI,KAAK,CAAE,GAAiB,CAAC,OAAO,IAAI,eAAe,CAAC;IACjE,gBAAA,CAAmC,CAAC,SAAS,GAAG,SAAS;IAC1D,gBAAA,MAAM,CAAC;gBACT;IACA,YAAA,MAAM,GAAG;YACX;QACF;IACD;IAED,IAAI,cAAc,EAAE;;;;;;;;;;"}
+{"version":3,"file":"tokenizer-frame.js","sources":["../../src/frame/tokenizerFrame.ts"],"sourcesContent":[null],"names":[],"mappings":";;;IAAA;;;;;;;;;;;IAWG;IAIH,MAAM,aAAa,GAAG,wEAAiB;IAEvC;;;;;;;IAOG;IACG,SAAU,oBAAoB,CAAC,MAAc,EAAA;IACjD,IAAA,IAAI,MAAW;IACf,IAAA,IAAI;IACF,QAAA,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;QAC1B;IAAE,IAAA,OAAA,EAAA,EAAM;IACN,QAAA,OAAO,KAAK;QACd;IAEA,IAAA,IAAI;IACF,QAAA,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC;IACtC,QAAA,OAAO,MAAM,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM;QACzC;IAAE,IAAA,OAAA,EAAA,EAAM;IACN,QAAA,OAAO,KAAK;QACd;IACF;IAoCA,MAAM,cAAc,CAAA;IAMlB,IAAA,WAAA,GAAA;YAJQ,IAAA,CAAA,UAAU,GAAG,EAAE;IACf,QAAA,IAAA,CAAA,OAAO,GAAG,IAAI,GAAG,EAA0B;IAC3C,QAAA,IAAA,CAAA,WAAW,GAAG,IAAI,GAAG,EAA8B;IAGzD,QAAA,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YACrD,IAAI,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,EAAE;YACrC,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC;IACrC,QAAA,IAAI,OAAO;IAAE,YAAA,IAAI,CAAC,UAAU,GAAG,OAAO;IAEtC,QAAA,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAE7D,QAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,eAAe,EAAE,EACvF,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM,CAC1C;QACH;IAEQ,IAAA,SAAS,CAAC,KAAmB,EAAA;IACnC,QAAA,MAAM,GAAG,GAAG,KAAK,CAAC,IAAiB;IACnC,QAAA,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,IAAI,GAAG,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO;gBAAE;IAE/D,QAAA,QAAQ,GAAG,CAAC,IAAI;IACd,YAAA,KAAK,SAAS;IACZ,gBAAA,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;IACpB,oBAAA,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,MAAM;oBAChC;oBACA;IAEF,YAAA,KAAK,aAAa;oBAChB,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU;wBAAE;oBAC1D,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE;IACxC,oBAAA,IAAI,EAAE,MAAM;wBACZ,SAAS,EAAE,GAAG,CAAC,SAAmB;IAClC,oBAAA,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;IACpC,oBAAA,qBAAqB,EAAG,GAAG,CAAC,qBAAgC,IAAI,EAAE;IAClE,oBAAA,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;IACpC,oBAAA,SAAS,EAAG,GAAG,CAAC,SAAoB,IAAI,EAAE;IAC1C,oBAAA,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,EAAE;IACxC,oBAAA,UAAU,EAAG,GAAG,CAAC,UAAqB,IAAI,CAAC;wBAC3C,MAAM,EAAE,IAAI,GAAG,EAAE;IACjB,oBAAA,QAAQ,EAAE,EAAE;wBACZ,UAAU,EAAE,KAAK,CAAC,MAAM;IACzB,iBAAA,CAAC;oBACF;IAEF,YAAA,KAAK,kBAAkB;oBACrB,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,KAAK,IAAI,CAAC,UAAU;wBAAE;oBAC1D,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE;IAC5C,oBAAA,IAAI,EAAE,MAAM;wBACZ,SAAS,EAAE,GAAG,CAAC,SAAmB;IAClC,oBAAA,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;IACpC,oBAAA,qBAAqB,EAAG,GAAG,CAAC,qBAAgC,IAAI,EAAE;IAClE,oBAAA,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;IACpC,oBAAA,SAAS,EAAG,GAAG,CAAC,SAAoB,IAAI,EAAE;IAC1C,oBAAA,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,EAAE;IACxC,oBAAA,UAAU,EAAG,GAAG,CAAC,UAAqB,IAAI,CAAC;wBAC3C,MAAM,EAAE,IAAI,GAAG,EAAE;IACjB,oBAAA,QAAQ,EAAE,EAAE;wBACZ,UAAU,EAAE,KAAK,CAAC,MAAM;IACzB,iBAAA,CAAC;oBACF;gBAEF,KAAK,gBAAgB,EAAE;;oBAErB,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,EAAE;wBACpC,OAAO,CAAC,IAAI,CAAC,0DAA0D,EAAE,KAAK,CAAC,MAAM,CAAC;wBACtF;oBACF;;IAGA,gBAAA,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,CAAC;oBACzD,IAAI,OAAO,EAAE;IACX,oBAAA,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE,GAAG,CAAC,KAAe,CAAC;wBAEhE,IAAI,GAAG,CAAC,KAAK;4BAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,KAAe;wBAC3D,IAAI,GAAG,CAAC,KAAK;4BAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,KAAe;wBAC3D,IAAI,GAAG,CAAC,QAAQ;4BAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,GAAG,GAAG,CAAC,QAAkB;wBACpE,IAAI,GAAG,CAAC,OAAO;4BAAE,OAAO,CAAC,QAAQ,CAAC,OAAO,GAAG,GAAG,CAAC,OAAiB;wBAEjE,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,UAAU,EAAE;4BAC7C,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC;IACtC,wBAAA,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC;wBACxB;oBACF;;IAGA,gBAAA,MAAM,WAAW,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,CAAC;oBACjE,IAAI,WAAW,EAAE;IACf,oBAAA,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,SAAmB,EAAE,GAAG,CAAC,KAAe,CAAC;wBAEpE,IAAI,GAAG,CAAC,SAAS,KAAK,eAAe,IAAI,GAAG,CAAC,KAAK;4BAAE,WAAW,CAAC,QAAQ,CAAC,KAAK,GAAG,GAAG,CAAC,KAAe;IACpG,oBAAA,IAAI,GAAG,CAAC,SAAS,KAAK,eAAe;4BAAE,WAAW,CAAC,QAAQ,CAAC,aAAa,GAAG,GAAG,CAAC,KAAe;wBAE/F,IAAI,WAAW,CAAC,MAAM,CAAC,IAAI,IAAI,WAAW,CAAC,UAAU,EAAE;4BACrD,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC;IAC9C,wBAAA,IAAI,CAAC,YAAY,CAAC,WAAW,CAAC;wBAChC;oBACF;oBACA;gBACF;;QAEJ;IAEA;;;;;;;IAOG;IACK,IAAA,MAAM,WAAW,CACvB,SAAiB,EACjB,MAAc,EACd,MAAc,EACd,MAAc,EACd,IAA6B,EAC7B,MAAc,EACd,QAAgB,EAChB,qBAA6B,EAAA;;IAE7B,QAAA,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,EAAE;IACjC,YAAA,IAAI,KAAa;IACjB,YAAA,IAAI;IACF,gBAAA,IAAI,GAAG,CAAC,MAAM,CAAC;oBACf,KAAK,GAAG,iCAAiC;gBAC3C;IAAE,YAAA,OAAA,EAAA,EAAM;oBACN,KAAK,GAAG,wBAAwB;gBAClC;gBACA,OAAO,CAAC,KAAK,CAAC,CAAA,sBAAA,EAAyB,QAAQ,CAAA,yBAAA,CAA2B,EAAE,MAAM,CAAC;IACnF,YAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,EACpG,MAAM,CACP;IACD,YAAA,OAAO,IAAI;YACb;YAEA,IAAI,CAAC,MAAM,EAAE;gBACX,MAAM,KAAK,GAAG,kGAAkG;IAChH,YAAA,OAAO,CAAC,KAAK,CAAC,iBAAiB,KAAK,CAAA,CAAE,CAAC;IACvC,YAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,EACpG,MAAM,CACP;IACD,YAAA,OAAO,IAAI;YACb;IAEA,QAAA,IAAI;IACF,YAAA,MAAM,OAAO,GAA2B;IACtC,gBAAA,cAAc,EAAE,kBAAkB;IAClC,gBAAA,WAAW,EAAE,MAAM;IACnB,gBAAA,cAAc,EAAE,SAAS;iBAC1B;gBACD,IAAI,MAAM,EAAE;IACV,gBAAA,OAAO,CAAC,WAAW,CAAC,GAAG,MAAM;gBAC/B;gBACA,IAAI,qBAAqB,EAAE;IACzB,gBAAA,OAAO,CAAC,2BAA2B,CAAC,GAAG,qBAAqB;gBAC9D;;;;;;gBAOA,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,CAC5C,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,WAAW,CACrC;gBACD,IAAI,YAAY,EAAE;oBAChB,MAAM,GAAG,GACP,CAAA,kEAAA,CAAoE;IACpE,oBAAA,CAAA,6BAAA,EAAgC,YAAY,CAAA,IAAA,CAAM;IAClD,oBAAA,CAAA,gDAAA,CAAkD;IACpD,gBAAA,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC;IAClB,gBAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,KAAK,EAAE,GAAG,EAAE,SAAS,EAAE,QAAQ,EAAE,EACzG,MAAM,CACP;IACD,gBAAA,OAAO,IAAI;gBACb;;gBAGA,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,CAAA,EAAG,MAAM,CAAA,SAAA,CAAW,EAAE;IAC3D,gBAAA,MAAM,EAAE,MAAM;oBACd,OAAO;IACP,gBAAA,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;IAC3B,aAAA,CAAC;gBAEF,MAAM,KAAK,GAAG,MAAM,CAAC,CAAA,EAAA,GAAA,MAAA,IAAI,KAAA,IAAA,IAAJ,IAAI,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAJ,IAAI,CAAE,KAAK,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,IAAI,KAAA,IAAA,IAAJ,IAAI,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAJ,IAAI,CAAE,EAAE,MAAA,IAAA,IAAA,EAAA,KAAA,KAAA,CAAA,GAAA,EAAA,GAAI,EAAE,CAAC;gBACnD,IAAI,CAAC,KAAK,EAAE;IACV,gBAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB;IACE,oBAAA,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS;IACpE,oBAAA,KAAK,EAAE,4EAA4E;IACnF,oBAAA,SAAS,EAAE,QAAQ;qBACpB,EACD,MAAM,CACP;IACD,gBAAA,OAAO,IAAI;gBACb;gBAEA,OAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAY,IAAI,CAAA,EAAA,EAAE,KAAK,EAAA,CAAA;YACzB;YAAE,OAAO,GAAY,EAAE;IACrB,YAAA,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,GAAG,GAAG,CAAC,OAAO,GAAG,CAAA,EAAG,QAAQ,sBAAsB;IACtF,YAAA,MAAM,SAAS,GAAG,CAAC,GAAG,YAAY,KAAK,IAAK,GAAsC,CAAC,SAAS,KAAK,SAAS;IAC1G,YAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,EACnG,MAAM,CACP;IACD,YAAA,OAAO,IAAI;YACb;QACF;QAEQ,MAAM,QAAQ,CAAC,OAAuB,EAAA;;YAC5C,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,qBAAqB,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,OAAO;YACvH,MAAM,MAAM,GAAG,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;YAEnD,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE;YACjD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE;IACnC,QAAA,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAC;YAClD,MAAM,eAAe,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1C,QAAA,MAAM,cAAc,GAAG,CAAA,EAAA,EAAK,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA,CAAE;IAEhD,QAAA,MAAM,IAAI,GAAG;IACX,YAAA,IAAI,EAAE,MAAM;IACZ,YAAA,IAAI,EAAE;oBACJ,UAAU;oBACV,GAAG;oBACH,eAAe;oBACf,cAAc;IACd,gBAAA,UAAU,EAAE,SAAS;IACrB,gBAAA,SAAS,EAAE,QAAQ;IACpB,aAAA;IACD,YAAA,aAAa,EAAE;IACb,gBAAA,KAAK,EAAE;IACL,oBAAA,WAAW,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE;IAChE,iBAAA;IACF,aAAA;aACF;YAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,CAAC;IAC1H,QAAA,IAAI,CAAC,IAAI;gBAAE;IAEX,QAAA,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI;YACtB,MAAM,UAAU,GAAG,MAAM,CACvB,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,CAAA,EAAA,GAAA,IAAI,CAAC,UAAU,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACf,IAAI,CAAC,SAAS,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACd,IAAI,CAAC,eAAe,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACpB,IAAI,CAAC,cAAc,MAAA,IAAA,IAAA,EAAA,KAAA,MAAA,GAAA,EAAA,GACnB,EAAE,CACH;YAED,IAAI,CAAC,UAAU,EAAE;IACf,YAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CACvB;IACE,gBAAA,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS;IACpE,gBAAA,KAAK,EAAE,6FAA6F;IACpG,gBAAA,SAAS,EAAE,QAAQ;iBACpB,EACD,MAAM,CACP;gBACD;YACF;IAEA,QAAA,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,OAAO;IACjG,QAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CAAA,MAAA,CAAA,MAAA,CAAA,EAErB,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,iBAAiB,EAAE,SAAS,EAAE,KAAK,EAAE,UAAU,KACpF,eAAe,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAC,EAEhD,MAAM,CACP;QACH;QAEQ,MAAM,YAAY,CAAC,OAA2B,EAAA;YACpD,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,qBAAqB,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,OAAO;YACvH,MAAM,MAAM,GAAG,UAAU,IAAI,MAAM,CAAC,QAAQ,CAAC,MAAM;IAEnD,QAAA,MAAM,IAAI,GAAG;IACX,YAAA,IAAI,EAAE,MAAM;IACZ,YAAA,IAAI,EAAE;oBACJ,aAAa,EAAE,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE;oBAChD,aAAa,EAAE,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,EAAE;IAChD,gBAAA,UAAU,EAAE,SAAS;IACrB,gBAAA,SAAS,EAAE,QAAQ;IACpB,aAAA;IACD,YAAA,aAAa,EAAE;IACb,gBAAA,KAAK,EAAE;IACL,oBAAA,cAAc,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE;IACnE,iBAAA;IACF,aAAA;aACF;YAED,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,CAAC;IAC1H,QAAA,IAAI,CAAC,IAAI;gBAAE;IAEX,QAAA,MAAM,EAAE,KAAK,EAAE,GAAG,IAAI;IACtB,QAAA,MAAM,CAAC,MAAM,CAAC,WAAW,CAAA,MAAA,CAAA,MAAA,CAAA,EAErB,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,sBAAsB,EAAE,SAAS,EAAE,KAAK,EAAA,GAC7E,QAAQ,CAAC,KAAK,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,EAAC,EAE/C,MAAM,CACP;QACH;QAEQ,OAAO,kBAAkB,CAAC,MAAc,EAAA;IAC9C,QAAA,IAAI,MAAM,KAAK,GAAG,IAAI,MAAM,KAAK,GAAG;IAAE,YAAA,OAAO,MAAM;IACnD,QAAA,IAAI,MAAM,IAAI,GAAG,IAAI,MAAM,GAAG,GAAG;IAAE,YAAA,OAAO,YAAY;YACtD,IAAI,MAAM,IAAI,GAAG;IAAE,YAAA,OAAO,QAAQ;IAClC,QAAA,OAAO,SAAS;QAClB;IAEA;;;;;;IAMG;QACK,MAAM,cAAc,CAAC,GAAW,EAAE,IAAiB,EAAE,OAAO,GAAG,CAAC,EAAA;IACtE,QAAA,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE;IACxC,QAAA,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,UAAU,CAAC,KAAK,EAAE,EAAE,KAAM,CAAC;IAE9D,QAAA,IAAI;IACF,YAAA,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,MAAA,CAAA,EAAA,EAAO,IAAI,CAAA,EAAA,EAAE,MAAM,EAAE,UAAU,CAAC,MAAM,IAAG;gBACpE,YAAY,CAAC,SAAS,CAAC;IAEvB,YAAA,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE;oBACX,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC;IACrE,gBAAA,MAAM,MAAM,GAAG,CAAA,GAAG,KAAA,IAAA,IAAH,GAAG,KAAA,KAAA,CAAA,GAAA,KAAA,CAAA,GAAH,GAAG,CAAE,KAAK,KAAI,CAAA,KAAA,EAAQ,GAAG,CAAC,MAAM,EAAE;oBACjD,MAAM,IAAI,GAAG,cAAc,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC;oBAE1D,IAAI,GAAG,CAAC,MAAM,IAAI,GAAG,IAAI,OAAO,GAAG,CAAC,EAAE;IACpC,oBAAA,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC3C,oBAAA,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,CAAC;oBACpD;IACA,gBAAA,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC;IAC1B,gBAAA,CAAmC,CAAC,SAAS,GAAG,IAAI;IACrD,gBAAA,MAAM,CAAC;gBACT;IAEA,YAAA,OAAO,MAAM,GAAG,CAAC,IAAI,EAAE;YACzB;YAAE,OAAO,GAAY,EAAE;gBACrB,YAAY,CAAC,SAAS,CAAC;gBAEvB,IAAI,GAAG,YAAY,KAAK,IAAK,GAAsC,CAAC,SAAS,EAAE;IAC7E,gBAAA,MAAM,GAAG;gBACX;gBAEA,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY;IACjE,YAAA,MAAM,cAAc,GAAG,GAAG,YAAY,SAAS;gBAC/C,IAAI,CAAC,OAAO,IAAI,cAAc,IAAI,OAAO,GAAG,CAAC,EAAE;IAC7C,gBAAA,MAAM,IAAI,OAAO,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC3C,gBAAA,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,GAAG,CAAC,CAAC;gBACpD;gBAEA,IAAI,OAAO,EAAE;IACX,gBAAA,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,mDAAmD,CAAC;IACvE,gBAAA,CAAmC,CAAC,SAAS,GAAG,SAAS;IAC1D,gBAAA,MAAM,CAAC;gBACT;gBACA,IAAI,cAAc,EAAE;oBAClB,MAAM,CAAC,GAAG,IAAI,KAAK,CAAE,GAAiB,CAAC,OAAO,IAAI,eAAe,CAAC;IACjE,gBAAA,CAAmC,CAAC,SAAS,GAAG,SAAS;IAC1D,gBAAA,MAAM,CAAC;gBACT;IACA,YAAA,MAAM,GAAG;YACX;QACF;IACD;IAED,IAAI,cAAc,EAAE;;;;;;;;;;"}