@solana/keychain-dfns 0.0.0 → 0.6.1

package/README.md

@@ -0,0 +1,136 @@
+# @solana/keychain-dfns
+
+Dfns-based signer for Solana transactions using [Dfns](https://dfns.co) Keys API.
+
+## Installation
+
+```bash
+pnpm add @solana/keychain-dfns
+```
+
+## Prerequisites
+
+1. A [Dfns](https://dfns.co) account with API access
+2. A Solana wallet created in the Dfns dashboard
+3. A service account with signing permissions
+
+### Setting Up a Service Account
+
+Follow the [Creating a Service
+Account](https://docs.dfns.co/guides/developers/creating-a-service-account) guide:
+
+1. **Generate a keypair** - https://docs.dfns.co/guides/developers/generate-a-key-pair#generate-a-key-pair
+2. **Create the service account** in Settings > Developers > Service Accounts, pasting your public key
+3. **Save the auth token** — it is only shown once. Store it securely along with your private key
+4. **Configure permissions** — assign a role with minimal required permissions
+
+You will need:
+- **Auth token** (`authToken`) — the service account token
+- **Credential ID** (`credId`) — shown in the service account details
+- **Private key** (`privateKeyPem`) — the PEM key you generated in step 1
+- **Wallet ID** (`walletId`) — found in the Dfns dashboard under Wallets
+
+## Usage
+
+### Basic Setup
+
+```typescript
+import { createDfnsSigner } from '@solana/keychain-dfns';
+
+const signer = await createDfnsSigner({
+    authToken: 'your-service-account-token',
+    credId: 'your-credential-id',
+    privateKeyPem: `-----BEGIN PRIVATE KEY-----
+...your private key...
+-----END PRIVATE KEY-----`,
+    walletId: 'wa-xxxxx-xxxxx-xxxxx',
+});
+
+console.log('Signer address:', signer.address);
+```
+
+### Signing Transactions
+
+```typescript
+import {
+    appendTransactionMessageInstructions,
+    createSolanaRpc,
+    createTransactionMessage,
+    getBase64EncodedWireTransaction,
+    pipe,
+    setTransactionMessageFeePayerSigner,
+    setTransactionMessageLifetimeUsingBlockhash,
+    signTransactionMessageWithSigners,
+} from '@solana/kit';
+
+const rpc = createSolanaRpc('https://api.devnet.solana.com');
+const { value: latestBlockhash } = await rpc.getLatestBlockhash().send();
+
+const message = pipe(
+    createTransactionMessage({ version: 0 }),
+    (tx) => setTransactionMessageFeePayerSigner(signer, tx),
+    (tx) => appendTransactionMessageInstructions([/* your instructions */], tx),
+    (tx) => setTransactionMessageLifetimeUsingBlockhash(latestBlockhash, tx),
+);
+
+const signedTx = await signTransactionMessageWithSigners(message);
+const encoded = getBase64EncodedWireTransaction(signedTx);
+await rpc.sendTransaction(encoded).send();
+```
+
+### Signing Messages
+
+```typescript
+const message = new TextEncoder().encode('Hello, Solana!');
+const [signatureDictionary] = await signer.signMessages([{ content: message }]);
+```
+
+## Configuration
+
+### DfnsSignerConfig
+
+| Field           | Type     | Required | Default                 | Description                                       |
+|-----------------|----------|----------|-------------------------|---------------------------------------------------|
+| `authToken`     | `string` | Yes      | -                       | Service account token or personal access token    |
+| `credId`        | `string` | Yes      | -                       | Credential ID for user action signing             |
+| `privateKeyPem` | `string` | Yes      | -                       | Private key in PEM format                         |
+| `walletId`      | `string` | Yes      | -                       | Dfns wallet ID (starts with `wa-`)                |
+| `apiBaseUrl`    | `string` | No       | `https://api.dfns.io`   | Custom API base URL                               |
+| `requestDelayMs`| `number` | No       | `0`                     | Delay in ms between concurrent signing requests   |
+
+## How It Works
+
+1. **Initialization**: `create()` fetches the wallet from Dfns API and validates the Ed25519 public key
+(your Solana address)
+2. **Signing**: Transactions and messages are sent to the Dfns Keys API (`/keys/{keyId}/signatures`)
+which returns Ed25519 signature components (r, s)
+3. **User Action Signing**: Mutating API requests (like signing) go through a 3-step challenge/response
+flow — the SDK handles this automatically using your `credId` and `privateKeyPem`
+
+## Error Handling
+
+The signer throws errors with specific codes from `@solana/keychain-core`:
+
+- `CONFIG_ERROR` — Invalid configuration (missing fields, inactive wallet, unsupported key type)
+- `REMOTE_API_ERROR` — Dfns API returned an error
+- `SIGNING_FAILED` — Signature request failed or requires policy approval
+- `PARSING_ERROR` — Failed to parse Dfns response
+
+```typescript
+import { SignerErrorCode } from '@solana/keychain-core';
+
+try {
+    await signer.signMessages([message]);
+} catch (error) {
+    if (error.code === SignerErrorCode.REMOTE_API_ERROR) {
+        console.error('Dfns API error:', error.message);
+    }
+}
+```
+
+## Security Considerations
+
+1. **Token Security**: Never hardcode auth tokens. Use environment variables or a secrets manager.
+2. **Private Key**: Store the PEM private key securely. It is used to sign every user action requests.
+3. **Policy Engine**: Configure [Dfns Policies](https://docs.dfns.co/api-reference/policies) to enforce
+signing rules and approval workflows.

package/dist/__tests__/dfns-signer.integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=dfns-signer.integration.test.d.ts.map

package/dist/__tests__/dfns-signer.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dfns-signer.integration.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/dfns-signer.integration.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/dfns-signer.integration.test.js

@@ -0,0 +1,17 @@
+import { describe, it } from 'vitest';
+import { runSignerIntegrationTest } from '@solana/keychain-test-utils';
+import { getConfig } from './setup';
+import { config } from 'dotenv';
+config();
+describe('DfnsSigner Integration', () => {
+    it.skipIf(!process.env.DFNS_AUTH_TOKEN)('signs transactions with real API', async () => {
+        await runSignerIntegrationTest(await getConfig(['signTransaction']));
+    });
+    it.skipIf(!process.env.DFNS_AUTH_TOKEN)('signs messages with real API', async () => {
+        await runSignerIntegrationTest(await getConfig(['signMessage']));
+    });
+    it.skipIf(!process.env.DFNS_AUTH_TOKEN)('simulates transactions with real API', async () => {
+        await runSignerIntegrationTest(await getConfig(['simulateTransaction']));
+    });
+});
+//# sourceMappingURL=dfns-signer.integration.test.js.map

package/dist/__tests__/dfns-signer.integration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dfns-signer.integration.test.js","sourceRoot":"","sources":["../../src/__tests__/dfns-signer.integration.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AACvE,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAChC,MAAM,EAAE,CAAC;AAET,QAAQ,CAAC,wBAAwB,EAAE,GAAG,EAAE;IACpC,EAAE,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QACnF,MAAM,wBAAwB,CAAC,MAAM,SAAS,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;IACzE,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC/E,MAAM,wBAAwB,CAAC,MAAM,SAAS,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IACH,EAAE,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACvF,MAAM,wBAAwB,CAAC,MAAM,SAAS,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/__tests__/dfns-signer.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=dfns-signer.test.d.ts.map

package/dist/__tests__/dfns-signer.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dfns-signer.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/dfns-signer.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/dfns-signer.test.js

@@ -0,0 +1,157 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+vi.mock('@solana/keychain-core', async (importOriginal) => {
+    const mod = await importOriginal();
+    return { ...mod, assertSignatureValid: vi.fn() };
+});
+import { DfnsSigner } from '../dfns-signer.js';
+import { TEST_AUTH_TOKEN, TEST_CRED_ID, TEST_ED25519_PEM, TEST_WALLET_ID, createSignatureResponse, createUserActionInitResponse, createUserActionResponse, createWalletResponse, } from './setup.js';
+global.fetch = vi.fn();
+const mockFetch = global.fetch;
+const defaultConfig = {
+    authToken: TEST_AUTH_TOKEN,
+    credId: TEST_CRED_ID,
+    privateKeyPem: TEST_ED25519_PEM,
+    walletId: TEST_WALLET_ID,
+};
+function mockWalletFetch(overrides) {
+    mockFetch.mockResolvedValueOnce({
+        json: async () => createWalletResponse(overrides),
+        ok: true,
+    });
+}
+describe('DfnsSigner', () => {
+    beforeEach(() => {
+        vi.resetAllMocks();
+    });
+    describe('create', () => {
+        it('creates a DfnsSigner with valid config', async () => {
+            mockWalletFetch();
+            const signer = await DfnsSigner.create(defaultConfig);
+            expect(signer).toBeDefined();
+            expect(signer.address).toBeDefined();
+        });
+        it('throws error for missing authToken', async () => {
+            await expect(DfnsSigner.create({ ...defaultConfig, authToken: '' })).rejects.toThrow('Missing required authToken field');
+        });
+        it('throws error for missing credId', async () => {
+            await expect(DfnsSigner.create({ ...defaultConfig, credId: '' })).rejects.toThrow('Missing required credId field');
+        });
+        it('throws error for missing privateKeyPem', async () => {
+            await expect(DfnsSigner.create({ ...defaultConfig, privateKeyPem: '' })).rejects.toThrow('Missing required privateKeyPem field');
+        });
+        it('throws error for missing walletId', async () => {
+            await expect(DfnsSigner.create({ ...defaultConfig, walletId: '' })).rejects.toThrow('Missing required walletId field');
+        });
+        it('throws error for inactive wallet', async () => {
+            mockWalletFetch({ status: 'Inactive' });
+            await expect(DfnsSigner.create(defaultConfig)).rejects.toThrow('not active');
+        });
+        it('throws error for non-EdDSA scheme', async () => {
+            mockWalletFetch({ scheme: 'ECDSA' });
+            await expect(DfnsSigner.create(defaultConfig)).rejects.toThrow('Unsupported key scheme');
+        });
+        it('throws error for API failure', async () => {
+            mockFetch.mockResolvedValueOnce({
+                ok: false,
+                status: 401,
+            });
+            await expect(DfnsSigner.create(defaultConfig)).rejects.toThrow();
+        });
+        it('throws error for negative requestDelayMs', async () => {
+            await expect(DfnsSigner.create({ ...defaultConfig, requestDelayMs: -1 })).rejects.toThrow('requestDelayMs must not be negative');
+        });
+        it('warns for high requestDelayMs', async () => {
+            const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => { });
+            mockWalletFetch();
+            await DfnsSigner.create({ ...defaultConfig, requestDelayMs: 5000 });
+            expect(warnSpy).toHaveBeenCalledWith(expect.stringContaining('requestDelayMs is greater than 3000ms'));
+            warnSpy.mockRestore();
+        });
+        it('throws HTTP_ERROR when fetch fails during create', async () => {
+            mockFetch.mockRejectedValueOnce(new Error('Network timeout'));
+            await expect(DfnsSigner.create(defaultConfig)).rejects.toMatchObject({
+                code: 'SIGNER_HTTP_ERROR',
+                message: expect.stringContaining('Dfns network request failed'),
+            });
+        });
+    });
+    describe('signMessages', () => {
+        it('throws HTTP_ERROR when fetch fails during signing', async () => {
+            mockWalletFetch();
+            const signer = await DfnsSigner.create(defaultConfig);
+            // The auth flow init request fails with network error
+            mockFetch.mockRejectedValueOnce(new Error('Network timeout'));
+            await expect(signer.signMessages([{ content: new Uint8Array([1, 2, 3]), signatures: {} }])).rejects.toMatchObject({
+                code: 'SIGNER_HTTP_ERROR',
+                message: expect.stringContaining('Dfns network request failed'),
+            });
+        });
+        it('signs a message successfully', async () => {
+            const rHex = '11'.repeat(32);
+            const sHex = '22'.repeat(32);
+            mockWalletFetch();
+            mockFetch.mockResolvedValueOnce({
+                json: async () => createUserActionInitResponse(),
+                ok: true,
+            });
+            mockFetch.mockResolvedValueOnce({
+                json: async () => createUserActionResponse(),
+                ok: true,
+            });
+            mockFetch.mockResolvedValueOnce({
+                json: async () => createSignatureResponse(rHex, sHex),
+                ok: true,
+            });
+            const signer = await DfnsSigner.create(defaultConfig);
+            const result = await signer.signMessages([{ content: new Uint8Array([1, 2, 3]), signatures: {} }]);
+            expect(result).toHaveLength(1);
+            expect(result[0]?.[signer.address]).toBeDefined();
+            const sig = result[0][signer.address];
+            expect(sig.length).toBe(64);
+        });
+        it('left-pads short signature components', async () => {
+            // r is 31 bytes (short by 1), s is 32 bytes
+            const rHex = 'ff'.repeat(31);
+            const sHex = 'aa'.repeat(32);
+            mockWalletFetch();
+            mockFetch.mockResolvedValueOnce({
+                json: async () => createUserActionInitResponse(),
+                ok: true,
+            });
+            mockFetch.mockResolvedValueOnce({
+                json: async () => createUserActionResponse(),
+                ok: true,
+            });
+            mockFetch.mockResolvedValueOnce({
+                json: async () => createSignatureResponse(rHex, sHex),
+                ok: true,
+            });
+            const signer = await DfnsSigner.create(defaultConfig);
+            const result = await signer.signMessages([{ content: new Uint8Array([1, 2, 3]), signatures: {} }]);
+            const sig = result[0][signer.address];
+            expect(sig.length).toBe(64);
+            // First byte should be 0x00 (left-pad), then 31 bytes of 0xff
+            expect(sig[0]).toBe(0x00);
+            expect(sig[1]).toBe(0xff);
+        });
+    });
+    describe('isAvailable', () => {
+        it('returns true when API responds', async () => {
+            mockWalletFetch();
+            // isAvailable doesn't need create(), but we need a signer instance
+            mockWalletFetch(); // for the isAvailable call
+            const signer = await DfnsSigner.create(defaultConfig);
+            expect(await signer.isAvailable()).toBe(true);
+        });
+        it('returns false when API fails', async () => {
+            mockWalletFetch(); // for create()
+            const signer = await DfnsSigner.create(defaultConfig);
+            mockFetch.mockResolvedValueOnce({
+                ok: false,
+                status: 500,
+            });
+            expect(await signer.isAvailable()).toBe(false);
+        });
+    });
+});
+//# sourceMappingURL=dfns-signer.test.js.map

package/dist/__tests__/dfns-signer.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dfns-signer.test.js","sourceRoot":"","sources":["../../src/__tests__/dfns-signer.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAE9D,EAAE,CAAC,IAAI,CAAC,uBAAuB,EAAE,KAAK,EAAC,cAAc,EAAC,EAAE;IACpD,MAAM,GAAG,GAAG,MAAM,cAAc,EAA0C,CAAC;IAC3E,OAAO,EAAE,GAAG,GAAG,EAAE,oBAAoB,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC/C,OAAO,EACH,eAAe,EACf,YAAY,EACZ,gBAAgB,EAChB,cAAc,EACd,uBAAuB,EACvB,4BAA4B,EAC5B,wBAAwB,EACxB,oBAAoB,GACvB,MAAM,YAAY,CAAC;AAEpB,MAAM,CAAC,KAAK,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;AACvB,MAAM,SAAS,GAAG,MAAM,CAAC,KAAiC,CAAC;AAE3D,MAAM,aAAa,GAAG;IAClB,SAAS,EAAE,eAAe;IAC1B,MAAM,EAAE,YAAY;IACpB,aAAa,EAAE,gBAAgB;IAC/B,QAAQ,EAAE,cAAc;CAC3B,CAAC;AAEF,SAAS,eAAe,CAAC,SAAsD;IAC3E,SAAS,CAAC,qBAAqB,CAAC;QAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,oBAAoB,CAAC,SAAS,CAAC;QACjD,EAAE,EAAE,IAAI;KACX,CAAC,CAAC;AACP,CAAC;AAED,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IACxB,UAAU,CAAC,GAAG,EAAE;QACZ,EAAE,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;QACpB,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACpD,eAAe,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;YAC7B,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QACzC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;YAChD,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,aAAa,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAChF,kCAAkC,CACrC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;YAC7C,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,aAAa,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC7E,+BAA+B,CAClC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;YACpD,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,aAAa,EAAE,aAAa,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpF,sCAAsC,CACzC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;YAC/C,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,aAAa,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC/E,iCAAiC,CACpC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;YAC9C,eAAe,CAAC,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YACxC,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;YAC/C,eAAe,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YACrC,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAC7F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC1C,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG;aACd,CAAC,CAAC;YACH,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QACrE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;YACtD,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,aAAa,EAAE,cAAc,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACrF,qCAAqC,CACxC,CAAC;QACN,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YACvE,eAAe,EAAE,CAAC;YAClB,MAAM,UAAU,CAAC,MAAM,CAAC,EAAE,GAAG,aAAa,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YACpE,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,uCAAuC,CAAC,CAAC,CAAC;YACvG,OAAO,CAAC,WAAW,EAAE,CAAC;QAC1B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kDAAkD,EAAE,KAAK,IAAI,EAAE;YAC9D,SAAS,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;YAC9D,MAAM,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC;gBACjE,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,6BAA6B,CAAC;aAClE,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;YAC/D,eAAe,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAEtD,sDAAsD;YACtD,SAAS,CAAC,qBAAqB,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;YAE9D,MAAM,MAAM,CACR,MAAM,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,CAChF,CAAC,OAAO,CAAC,aAAa,CAAC;gBACpB,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC,6BAA6B,CAAC;aAClE,CAAC,CAAC;QACP,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC1C,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAE7B,eAAe,EAAE,CAAC;YAElB,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,4BAA4B,EAAE;gBAChD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YAEH,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,wBAAwB,EAAE;gBAC5C,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YAEH,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC;gBACrD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAEtD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAEnG,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;YAElD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC,OAAO,CAAE,CAAC;YACxC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YAClD,4CAA4C;YAC5C,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAE7B,eAAe,EAAE,CAAC;YAElB,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,4BAA4B,EAAE;gBAChD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YAEH,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,wBAAwB,EAAE;gBAC5C,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YAEH,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,uBAAuB,CAAC,IAAI,EAAE,IAAI,CAAC;gBACrD,EAAE,EAAE,IAAI;aACX,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAEtD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC,EAAE,OAAO,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;YAEnG,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAE,CAAC,MAAM,CAAC,OAAO,CAAE,CAAC;YACxC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC5B,8DAA8D;YAC9D,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1B,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QACzB,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAC5C,eAAe,EAAE,CAAC;YAClB,mEAAmE;YACnE,eAAe,EAAE,CAAC,CAAC,2BAA2B;YAC9C,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;YAC1C,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;YAEtD,SAAS,CAAC,qBAAqB,CAAC;gBAC5B,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,GAAG;aACd,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/__tests__/setup.d.ts

@@ -0,0 +1,45 @@
+import type { SolanaSigner } from '@solana/keychain-core';
+import { SignerTestConfig, TestScenario } from '@solana/keychain-test-utils';
+export declare const TEST_AUTH_TOKEN = "test-auth-token";
+export declare const TEST_CRED_ID = "test-cred-id";
+export declare const TEST_WALLET_ID = "test-wallet-id";
+export declare const TEST_KEY_ID = "test-key-id";
+export declare const TEST_ED25519_PEM = "-----BEGIN PRIVATE KEY-----\nMC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikUmifl1yiWd+IiYyoHBD\n-----END PRIVATE KEY-----";
+export declare const TEST_PUBKEY_HEX = "5da30b28c87836b0ee76ae7b07e3a2e3be1a4c12e48fce3aee18de0a13040b9a";
+export declare function createWalletResponse(overrides?: Partial<{
+    status: string;
+    scheme: string;
+    curve: string;
+}>): {
+    id: string;
+    network: string;
+    signingKey: {
+        id: string;
+        curve: string;
+        publicKey: string;
+        scheme: string;
+    };
+    status: string;
+};
+export declare function createUserActionInitResponse(): {
+    allowCredentials: {
+        key: {
+            id: string;
+        }[];
+    };
+    challenge: string;
+    challengeIdentifier: string;
+};
+export declare function createUserActionResponse(): {
+    userAction: string;
+};
+export declare function createSignatureResponse(r: string, s: string): {
+    id: string;
+    signature: {
+        r: string;
+        s: string;
+    };
+    status: string;
+};
+export declare function getConfig(scenarios: TestScenario[]): Promise<SignerTestConfig<SolanaSigner>>;
+//# sourceMappingURL=setup.d.ts.map

package/dist/__tests__/setup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.d.ts","sourceRoot":"","sources":["../../src/__tests__/setup.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAG7E,eAAO,MAAM,eAAe,oBAAoB,CAAC;AACjD,eAAO,MAAM,YAAY,iBAAiB,CAAC;AAC3C,eAAO,MAAM,cAAc,mBAAmB,CAAC;AAC/C,eAAO,MAAM,WAAW,gBAAgB,CAAC;AAGzC,eAAO,MAAM,gBAAgB,6HAEH,CAAC;AAE3B,eAAO,MAAM,eAAe,qEAAqE,CAAC;AAElG,wBAAgB,oBAAoB,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;;;;;;;;;;EAY1G;AAED,wBAAgB,4BAA4B;;;;;;;;EAQ3C;AAED,wBAAgB,wBAAwB;;EAIvC;AAED,wBAAgB,uBAAuB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM;;;;;;;EAM3D;AAkBD,wBAAsB,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC,CAKlG"}

package/dist/__tests__/setup.js

@@ -0,0 +1,64 @@
+import { createDfnsSigner } from '../dfns-signer.js';
+export const TEST_AUTH_TOKEN = 'test-auth-token';
+export const TEST_CRED_ID = 'test-cred-id';
+export const TEST_WALLET_ID = 'test-wallet-id';
+export const TEST_KEY_ID = 'test-key-id';
+// Ed25519 test key in PKCS#8 PEM format
+export const TEST_ED25519_PEM = `-----BEGIN PRIVATE KEY-----
+MC4CAQAwBQYDK2VwBCIEIJ+DYvh6SEqVTm50DFtMDoQikUmifl1yiWd+IiYyoHBD
+-----END PRIVATE KEY-----`;
+export const TEST_PUBKEY_HEX = '5da30b28c87836b0ee76ae7b07e3a2e3be1a4c12e48fce3aee18de0a13040b9a';
+export function createWalletResponse(overrides) {
+    return {
+        id: TEST_WALLET_ID,
+        network: 'Solana',
+        signingKey: {
+            id: TEST_KEY_ID,
+            curve: overrides?.curve ?? 'ed25519',
+            publicKey: TEST_PUBKEY_HEX,
+            scheme: overrides?.scheme ?? 'EdDSA',
+        },
+        status: overrides?.status ?? 'Active',
+    };
+}
+export function createUserActionInitResponse() {
+    return {
+        allowCredentials: {
+            key: [{ id: TEST_CRED_ID }],
+        },
+        challenge: 'test-challenge',
+        challengeIdentifier: 'test-challenge-id',
+    };
+}
+export function createUserActionResponse() {
+    return {
+        userAction: 'test-user-action-token',
+    };
+}
+export function createSignatureResponse(r, s) {
+    return {
+        id: 'sig-123',
+        signature: { r, s },
+        status: 'Signed',
+    };
+}
+const SIGNER_TYPE = 'dfns';
+const REQUIRED_ENV_VARS = ['DFNS_AUTH_TOKEN', 'DFNS_CRED_ID', 'DFNS_PRIVATE_KEY_PEM', 'DFNS_WALLET_ID'];
+const CONFIG = {
+    signerType: SIGNER_TYPE,
+    requiredEnvVars: REQUIRED_ENV_VARS,
+    createSigner: () => createDfnsSigner({
+        authToken: process.env.DFNS_AUTH_TOKEN,
+        credId: process.env.DFNS_CRED_ID,
+        privateKeyPem: process.env.DFNS_PRIVATE_KEY_PEM,
+        walletId: process.env.DFNS_WALLET_ID,
+        apiBaseUrl: process.env.DFNS_API_BASE_URL,
+    }),
+};
+export async function getConfig(scenarios) {
+    return {
+        ...CONFIG,
+        testScenarios: scenarios,
+    };
+}
+//# sourceMappingURL=setup.js.map

package/dist/__tests__/setup.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup.js","sourceRoot":"","sources":["../../src/__tests__/setup.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,CAAC,MAAM,eAAe,GAAG,iBAAiB,CAAC;AACjD,MAAM,CAAC,MAAM,YAAY,GAAG,cAAc,CAAC;AAC3C,MAAM,CAAC,MAAM,cAAc,GAAG,gBAAgB,CAAC;AAC/C,MAAM,CAAC,MAAM,WAAW,GAAG,aAAa,CAAC;AAEzC,wCAAwC;AACxC,MAAM,CAAC,MAAM,gBAAgB,GAAG;;0BAEN,CAAC;AAE3B,MAAM,CAAC,MAAM,eAAe,GAAG,kEAAkE,CAAC;AAElG,MAAM,UAAU,oBAAoB,CAAC,SAAsE;IACvG,OAAO;QACH,EAAE,EAAE,cAAc;QAClB,OAAO,EAAE,QAAQ;QACjB,UAAU,EAAE;YACR,EAAE,EAAE,WAAW;YACf,KAAK,EAAE,SAAS,EAAE,KAAK,IAAI,SAAS;YACpC,SAAS,EAAE,eAAe;YAC1B,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,OAAO;SACvC;QACD,MAAM,EAAE,SAAS,EAAE,MAAM,IAAI,QAAQ;KACxC,CAAC;AACN,CAAC;AAED,MAAM,UAAU,4BAA4B;IACxC,OAAO;QACH,gBAAgB,EAAE;YACd,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,YAAY,EAAE,CAAC;SAC9B;QACD,SAAS,EAAE,gBAAgB;QAC3B,mBAAmB,EAAE,mBAAmB;KAC3C,CAAC;AACN,CAAC;AAED,MAAM,UAAU,wBAAwB;IACpC,OAAO;QACH,UAAU,EAAE,wBAAwB;KACvC,CAAC;AACN,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,CAAS,EAAE,CAAS;IACxD,OAAO;QACH,EAAE,EAAE,SAAS;QACb,SAAS,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE;QACnB,MAAM,EAAE,QAAQ;KACnB,CAAC;AACN,CAAC;AAED,MAAM,WAAW,GAAG,MAAM,CAAC;AAC3B,MAAM,iBAAiB,GAAG,CAAC,iBAAiB,EAAE,cAAc,EAAE,sBAAsB,EAAE,gBAAgB,CAAC,CAAC;AAExG,MAAM,MAAM,GAAmC;IAC3C,UAAU,EAAE,WAAW;IACvB,eAAe,EAAE,iBAAiB;IAClC,YAAY,EAAE,GAAG,EAAE,CACf,gBAAgB,CAAC;QACb,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,eAAgB;QACvC,MAAM,EAAE,OAAO,CAAC,GAAG,CAAC,YAAa;QACjC,aAAa,EAAE,OAAO,CAAC,GAAG,CAAC,oBAAqB;QAChD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,cAAe;QACrC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB;KAC5C,CAAC;CACT,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,SAAyB;IACrD,OAAO;QACH,GAAG,MAAM;QACT,aAAa,EAAE,SAAS;KAC3B,CAAC;AACN,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Perform the Dfns User Action Signing flow. For more details, see https://docs.dfns.co/api-reference/auth/signing-flows#asymetric-keys-signing-flow
+ *
+ * @returns The `userAction` token to include as `x-dfns-useraction` header.
+ */
+export declare function signUserAction(apiBaseUrl: string, authToken: string, credId: string, privateKeyPem: string, httpMethod: string, httpPath: string, body: string): Promise<string>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAMA;;;;GAIG;AACH,wBAAsB,cAAc,CAChC,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,MAAM,EACrB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAoHjB"}

package/dist/auth.js

@@ -0,0 +1,117 @@
+import * as crypto from 'node:crypto';
+import { base64UrlDecoder, SignerErrorCode, throwSignerError } from '@solana/keychain-core';
+/**
+ * Perform the Dfns User Action Signing flow. For more details, see https://docs.dfns.co/api-reference/auth/signing-flows#asymetric-keys-signing-flow
+ *
+ * @returns The `userAction` token to include as `x-dfns-useraction` header.
+ */
+export async function signUserAction(apiBaseUrl, authToken, credId, privateKeyPem, httpMethod, httpPath, body) {
+    // Request a challenge
+    const initUrl = `${apiBaseUrl}/auth/action/init`;
+    let initResponse;
+    try {
+        initResponse = await fetch(initUrl, {
+            body: JSON.stringify({
+                userActionHttpMethod: httpMethod,
+                userActionHttpPath: httpPath,
+                userActionPayload: body,
+                userActionServerKind: 'Api',
+            }),
+            headers: {
+                Authorization: `Bearer ${authToken}`,
+                'Content-Type': 'application/json',
+            },
+            method: 'POST',
+        });
+    }
+    catch (error) {
+        throwSignerError(SignerErrorCode.HTTP_ERROR, {
+            cause: error,
+            message: 'Dfns network request failed',
+            url: initUrl,
+        });
+    }
+    if (!initResponse.ok) {
+        const errorText = await initResponse.text().catch(() => 'Failed to read error response');
+        throwSignerError(SignerErrorCode.REMOTE_API_ERROR, {
+            message: `Dfns auth/action/init failed: ${initResponse.status}`,
+            response: errorText,
+            status: initResponse.status,
+        });
+    }
+    let challenge;
+    try {
+        challenge = (await initResponse.json());
+    }
+    catch (error) {
+        throwSignerError(SignerErrorCode.PARSING_ERROR, {
+            cause: error,
+            message: 'Failed to parse Dfns auth challenge response',
+        });
+    }
+    // Verify credential is allowed
+    const allowed = challenge.allowCredentials.key.some(c => c.id === credId);
+    if (!allowed) {
+        throwSignerError(SignerErrorCode.CONFIG_ERROR, {
+            message: `Credential ${credId} not in allowed credentials`,
+        });
+    }
+    // Sign the challenge
+    const clientData = new TextEncoder().encode(JSON.stringify({
+        challenge: challenge.challenge,
+        type: 'key.get',
+    }));
+    const signature = crypto.sign(undefined, clientData, privateKeyPem);
+    const clientDataB64 = base64UrlDecoder(clientData);
+    const signatureB64 = base64UrlDecoder(new Uint8Array(signature));
+    // Submit the signed challenge
+    const actionUrl = `${apiBaseUrl}/auth/action`;
+    let signResponse;
+    try {
+        signResponse = await fetch(actionUrl, {
+            body: JSON.stringify({
+                challengeIdentifier: challenge.challengeIdentifier,
+                firstFactor: {
+                    credentialAssertion: {
+                        clientData: clientDataB64,
+                        credId,
+                        signature: signatureB64,
+                    },
+                    kind: 'Key',
+                },
+            }),
+            headers: {
+                Authorization: `Bearer ${authToken}`,
+                'Content-Type': 'application/json',
+            },
+            method: 'POST',
+        });
+    }
+    catch (error) {
+        throwSignerError(SignerErrorCode.HTTP_ERROR, {
+            cause: error,
+            message: 'Dfns network request failed',
+            url: actionUrl,
+        });
+    }
+    if (!signResponse.ok) {
+        const errorText = await signResponse.text().catch(() => 'Failed to read error response');
+        throwSignerError(SignerErrorCode.REMOTE_API_ERROR, {
+            message: `Dfns auth/action failed: ${signResponse.status}`,
+            response: errorText,
+            status: signResponse.status,
+        });
+    }
+    let actionResponse;
+    try {
+        actionResponse = (await signResponse.json());
+    }
+    catch (error) {
+        throwSignerError(SignerErrorCode.PARSING_ERROR, {
+            cause: error,
+            message: 'Failed to parse Dfns auth action response',
+        });
+    }
+    return actionResponse.userAction;
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAEtC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAI5F;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAChC,UAAkB,EAClB,SAAiB,EACjB,MAAc,EACd,aAAqB,EACrB,UAAkB,EAClB,QAAgB,EAChB,IAAY;IAEZ,sBAAsB;IACtB,MAAM,OAAO,GAAG,GAAG,UAAU,mBAAmB,CAAC;IACjD,IAAI,YAAsB,CAAC;IAC3B,IAAI,CAAC;QACD,YAAY,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YAChC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACjB,oBAAoB,EAAE,UAAU;gBAChC,kBAAkB,EAAE,QAAQ;gBAC5B,iBAAiB,EAAE,IAAI;gBACvB,oBAAoB,EAAE,KAAK;aAC9B,CAAC;YACF,OAAO,EAAE;gBACL,aAAa,EAAE,UAAU,SAAS,EAAE;gBACpC,cAAc,EAAE,kBAAkB;aACrC;YACD,MAAM,EAAE,MAAM;SACjB,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,gBAAgB,CAAC,eAAe,CAAC,UAAU,EAAE;YACzC,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,6BAA6B;YACtC,GAAG,EAAE,OAAO;SACf,CAAC,CAAC;IACP,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,+BAA+B,CAAC,CAAC;QACzF,gBAAgB,CAAC,eAAe,CAAC,gBAAgB,EAAE;YAC/C,OAAO,EAAE,iCAAiC,YAAY,CAAC,MAAM,EAAE;YAC/D,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,YAAY,CAAC,MAAM;SAC9B,CAAC,CAAC;IACP,CAAC;IAED,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACD,SAAS,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAA2B,CAAC;IACtE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,gBAAgB,CAAC,eAAe,CAAC,aAAa,EAAE;YAC5C,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,8CAA8C;SAC1D,CAAC,CAAC;IACP,CAAC;IAED,+BAA+B;IAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IAC1E,IAAI,CAAC,OAAO,EAAE,CAAC;QACX,gBAAgB,CAAC,eAAe,CAAC,YAAY,EAAE;YAC3C,OAAO,EAAE,cAAc,MAAM,6BAA6B;SAC7D,CAAC,CAAC;IACP,CAAC;IAED,qBAAqB;IACrB,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CACvC,IAAI,CAAC,SAAS,CAAC;QACX,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,IAAI,EAAE,SAAS;KAClB,CAAC,CACL,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IAEpE,MAAM,aAAa,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IACnD,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;IAEjE,8BAA8B;IAC9B,MAAM,SAAS,GAAG,GAAG,UAAU,cAAc,CAAC;IAC9C,IAAI,YAAsB,CAAC;IAC3B,IAAI,CAAC;QACD,YAAY,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YAClC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACjB,mBAAmB,EAAE,SAAS,CAAC,mBAAmB;gBAClD,WAAW,EAAE;oBACT,mBAAmB,EAAE;wBACjB,UAAU,EAAE,aAAa;wBACzB,MAAM;wBACN,SAAS,EAAE,YAAY;qBAC1B;oBACD,IAAI,EAAE,KAAK;iBACd;aACJ,CAAC;YACF,OAAO,EAAE;gBACL,aAAa,EAAE,UAAU,SAAS,EAAE;gBACpC,cAAc,EAAE,kBAAkB;aACrC;YACD,MAAM,EAAE,MAAM;SACjB,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,gBAAgB,CAAC,eAAe,CAAC,UAAU,EAAE;YACzC,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,6BAA6B;YACtC,GAAG,EAAE,SAAS;SACjB,CAAC,CAAC;IACP,CAAC;IAED,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACnB,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,+BAA+B,CAAC,CAAC;QACzF,gBAAgB,CAAC,eAAe,CAAC,gBAAgB,EAAE;YAC/C,OAAO,EAAE,4BAA4B,YAAY,CAAC,MAAM,EAAE;YAC1D,QAAQ,EAAE,SAAS;YACnB,MAAM,EAAE,YAAY,CAAC,MAAM;SAC9B,CAAC,CAAC;IACP,CAAC;IAED,IAAI,cAAkC,CAAC;IACvC,IAAI,CAAC;QACD,cAAc,GAAG,CAAC,MAAM,YAAY,CAAC,IAAI,EAAE,CAAuB,CAAC;IACvE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,gBAAgB,CAAC,eAAe,CAAC,aAAa,EAAE;YAC5C,KAAK,EAAE,KAAK;YACZ,OAAO,EAAE,2CAA2C;SACvD,CAAC,CAAC;IACP,CAAC;IAED,OAAO,cAAc,CAAC,UAAU,CAAC;AACrC,CAAC"}