@tatchi-xyz/sdk 0.17.0 → 0.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/dist/cjs/core/EmailRecovery/emailRecoveryPendingStore.js +69 -0
  2. package/dist/cjs/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
  3. package/dist/cjs/core/EmailRecovery/index.js +32 -20
  4. package/dist/cjs/core/EmailRecovery/index.js.map +1 -1
  5. package/dist/cjs/core/TatchiPasskey/emailRecovery.js +519 -448
  6. package/dist/cjs/core/TatchiPasskey/emailRecovery.js.map +1 -1
  7. package/dist/cjs/core/TatchiPasskey/index.js +1 -0
  8. package/dist/cjs/core/TatchiPasskey/index.js.map +1 -1
  9. package/dist/cjs/core/TatchiPasskey/relay.js +23 -1
  10. package/dist/cjs/core/TatchiPasskey/relay.js.map +1 -1
  11. package/dist/cjs/core/WalletIframe/client/IframeTransport.js +0 -7
  12. package/dist/cjs/core/WalletIframe/client/IframeTransport.js.map +1 -1
  13. package/dist/cjs/core/WalletIframe/client/router.js +6 -2
  14. package/dist/cjs/core/WalletIframe/client/router.js.map +1 -1
  15. package/dist/cjs/core/rpcCalls.js +8 -0
  16. package/dist/cjs/core/rpcCalls.js.map +1 -1
  17. package/dist/cjs/index.js +6 -2
  18. package/dist/cjs/index.js.map +1 -1
  19. package/dist/cjs/react/components/AccountMenuButton/{LinkedDevicesModal-B6api181.css → LinkedDevicesModal-CSSowiHP.css} +1 -1
  20. package/dist/{esm/react/components/AccountMenuButton/LinkedDevicesModal-B6api181.css.map → cjs/react/components/AccountMenuButton/LinkedDevicesModal-CSSowiHP.css.map} +1 -1
  21. package/dist/cjs/react/components/AccountMenuButton/{ProfileDropdown-B-DrG_u5.css → ProfileDropdown-CEPMZ1gY.css} +1 -1
  22. package/dist/{esm/react/components/AccountMenuButton/ProfileDropdown-B-DrG_u5.css.map → cjs/react/components/AccountMenuButton/ProfileDropdown-CEPMZ1gY.css.map} +1 -1
  23. package/dist/cjs/react/components/AccountMenuButton/{Web3AuthProfileButton-BnZDUeCL.css → Web3AuthProfileButton-DopOg7Xc.css} +1 -1
  24. package/dist/cjs/react/components/AccountMenuButton/{Web3AuthProfileButton-BnZDUeCL.css.map → Web3AuthProfileButton-DopOg7Xc.css.map} +1 -1
  25. package/dist/cjs/react/components/AccountMenuButton/icons/{TouchIcon-CAGCi8MY.css → TouchIcon-BQWentvJ.css} +1 -1
  26. package/dist/cjs/react/components/AccountMenuButton/icons/{TouchIcon-CAGCi8MY.css.map → TouchIcon-BQWentvJ.css.map} +1 -1
  27. package/dist/cjs/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-CNNxVj4L.css → PasskeyAuthMenu-DwrzWMYx.css} +1 -1
  28. package/dist/cjs/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-CNNxVj4L.css.map → PasskeyAuthMenu-DwrzWMYx.css.map} +1 -1
  29. package/dist/cjs/react/components/{ShowQRCode-nZhZSaba.css → ShowQRCode-CCN4h6Uv.css} +1 -1
  30. package/dist/cjs/react/components/{ShowQRCode-nZhZSaba.css.map → ShowQRCode-CCN4h6Uv.css.map} +1 -1
  31. package/dist/cjs/react/hooks/usePreconnectWalletAssets.js +27 -32
  32. package/dist/cjs/react/hooks/usePreconnectWalletAssets.js.map +1 -1
  33. package/dist/cjs/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js +69 -0
  34. package/dist/cjs/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
  35. package/dist/cjs/react/sdk/src/core/EmailRecovery/index.js +32 -20
  36. package/dist/cjs/react/sdk/src/core/EmailRecovery/index.js.map +1 -1
  37. package/dist/cjs/react/sdk/src/core/TatchiPasskey/emailRecovery.js +519 -448
  38. package/dist/cjs/react/sdk/src/core/TatchiPasskey/emailRecovery.js.map +1 -1
  39. package/dist/cjs/react/sdk/src/core/TatchiPasskey/index.js +1 -0
  40. package/dist/cjs/react/sdk/src/core/TatchiPasskey/index.js.map +1 -1
  41. package/dist/cjs/react/sdk/src/core/TatchiPasskey/relay.js +23 -1
  42. package/dist/cjs/react/sdk/src/core/TatchiPasskey/relay.js.map +1 -1
  43. package/dist/cjs/react/sdk/src/core/WalletIframe/client/IframeTransport.js +0 -7
  44. package/dist/cjs/react/sdk/src/core/WalletIframe/client/IframeTransport.js.map +1 -1
  45. package/dist/cjs/react/sdk/src/core/WalletIframe/client/router.js +6 -2
  46. package/dist/cjs/react/sdk/src/core/WalletIframe/client/router.js.map +1 -1
  47. package/dist/cjs/react/sdk/src/core/rpcCalls.js +8 -0
  48. package/dist/cjs/react/sdk/src/core/rpcCalls.js.map +1 -1
  49. package/dist/esm/core/EmailRecovery/emailRecoveryPendingStore.js +63 -0
  50. package/dist/esm/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
  51. package/dist/esm/core/EmailRecovery/index.js +28 -21
  52. package/dist/esm/core/EmailRecovery/index.js.map +1 -1
  53. package/dist/esm/core/TatchiPasskey/emailRecovery.js +519 -448
  54. package/dist/esm/core/TatchiPasskey/emailRecovery.js.map +1 -1
  55. package/dist/esm/core/TatchiPasskey/index.js +2 -1
  56. package/dist/esm/core/TatchiPasskey/index.js.map +1 -1
  57. package/dist/esm/core/TatchiPasskey/relay.js +23 -1
  58. package/dist/esm/core/TatchiPasskey/relay.js.map +1 -1
  59. package/dist/esm/core/WalletIframe/client/IframeTransport.js +0 -7
  60. package/dist/esm/core/WalletIframe/client/IframeTransport.js.map +1 -1
  61. package/dist/esm/core/WalletIframe/client/router.js +7 -3
  62. package/dist/esm/core/WalletIframe/client/router.js.map +1 -1
  63. package/dist/esm/core/rpcCalls.js +8 -1
  64. package/dist/esm/core/rpcCalls.js.map +1 -1
  65. package/dist/esm/index.js +4 -1
  66. package/dist/esm/index.js.map +1 -1
  67. package/dist/esm/react/components/AccountMenuButton/{LinkedDevicesModal-B6api181.css → LinkedDevicesModal-CSSowiHP.css} +1 -1
  68. package/dist/{cjs/react/components/AccountMenuButton/LinkedDevicesModal-B6api181.css.map → esm/react/components/AccountMenuButton/LinkedDevicesModal-CSSowiHP.css.map} +1 -1
  69. package/dist/esm/react/components/AccountMenuButton/{ProfileDropdown-B-DrG_u5.css → ProfileDropdown-CEPMZ1gY.css} +1 -1
  70. package/dist/{cjs/react/components/AccountMenuButton/ProfileDropdown-B-DrG_u5.css.map → esm/react/components/AccountMenuButton/ProfileDropdown-CEPMZ1gY.css.map} +1 -1
  71. package/dist/esm/react/components/AccountMenuButton/{Web3AuthProfileButton-BnZDUeCL.css → Web3AuthProfileButton-DopOg7Xc.css} +1 -1
  72. package/dist/esm/react/components/AccountMenuButton/{Web3AuthProfileButton-BnZDUeCL.css.map → Web3AuthProfileButton-DopOg7Xc.css.map} +1 -1
  73. package/dist/esm/react/components/AccountMenuButton/icons/{TouchIcon-CAGCi8MY.css → TouchIcon-BQWentvJ.css} +1 -1
  74. package/dist/esm/react/components/AccountMenuButton/icons/{TouchIcon-CAGCi8MY.css.map → TouchIcon-BQWentvJ.css.map} +1 -1
  75. package/dist/esm/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-CNNxVj4L.css → PasskeyAuthMenu-DwrzWMYx.css} +1 -1
  76. package/dist/esm/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-CNNxVj4L.css.map → PasskeyAuthMenu-DwrzWMYx.css.map} +1 -1
  77. package/dist/esm/react/components/{ShowQRCode-nZhZSaba.css → ShowQRCode-CCN4h6Uv.css} +1 -1
  78. package/dist/esm/react/components/{ShowQRCode-nZhZSaba.css.map → ShowQRCode-CCN4h6Uv.css.map} +1 -1
  79. package/dist/esm/react/hooks/usePreconnectWalletAssets.js +27 -32
  80. package/dist/esm/react/hooks/usePreconnectWalletAssets.js.map +1 -1
  81. package/dist/esm/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js +63 -0
  82. package/dist/esm/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
  83. package/dist/esm/react/sdk/src/core/EmailRecovery/index.js +28 -21
  84. package/dist/esm/react/sdk/src/core/EmailRecovery/index.js.map +1 -1
  85. package/dist/esm/react/sdk/src/core/TatchiPasskey/emailRecovery.js +519 -448
  86. package/dist/esm/react/sdk/src/core/TatchiPasskey/emailRecovery.js.map +1 -1
  87. package/dist/esm/react/sdk/src/core/TatchiPasskey/index.js +2 -1
  88. package/dist/esm/react/sdk/src/core/TatchiPasskey/index.js.map +1 -1
  89. package/dist/esm/react/sdk/src/core/TatchiPasskey/relay.js +23 -1
  90. package/dist/esm/react/sdk/src/core/TatchiPasskey/relay.js.map +1 -1
  91. package/dist/esm/react/sdk/src/core/WalletIframe/client/IframeTransport.js +0 -7
  92. package/dist/esm/react/sdk/src/core/WalletIframe/client/IframeTransport.js.map +1 -1
  93. package/dist/esm/react/sdk/src/core/WalletIframe/client/router.js +7 -3
  94. package/dist/esm/react/sdk/src/core/WalletIframe/client/router.js.map +1 -1
  95. package/dist/esm/react/sdk/src/core/rpcCalls.js +8 -1
  96. package/dist/esm/react/sdk/src/core/rpcCalls.js.map +1 -1
  97. package/dist/esm/sdk/offline-export-app.js.map +1 -1
  98. package/dist/esm/sdk/{router-BLFegW7J.js → router-DuGYOd3G.js} +6 -9
  99. package/dist/esm/sdk/{rpcCalls-DEv9x5-f.js → rpcCalls-BQrJMTdg.js} +2 -2
  100. package/dist/esm/sdk/{rpcCalls-OhgEeFig.js → rpcCalls-YVeUVMk2.js} +8 -1
  101. package/dist/esm/sdk/wallet-iframe-host.js +624 -471
  102. package/dist/esm/wasm_vrf_worker/pkg/wasm_vrf_worker_bg.wasm +0 -0
  103. package/dist/types/src/core/EmailRecovery/emailRecoveryPendingStore.d.ts +25 -0
  104. package/dist/types/src/core/EmailRecovery/emailRecoveryPendingStore.d.ts.map +1 -0
  105. package/dist/types/src/core/EmailRecovery/index.d.ts +1 -0
  106. package/dist/types/src/core/EmailRecovery/index.d.ts.map +1 -1
  107. package/dist/types/src/core/TatchiPasskey/emailRecovery.d.ts +35 -6
  108. package/dist/types/src/core/TatchiPasskey/emailRecovery.d.ts.map +1 -1
  109. package/dist/types/src/core/TatchiPasskey/index.d.ts +2 -2
  110. package/dist/types/src/core/TatchiPasskey/index.d.ts.map +1 -1
  111. package/dist/types/src/core/TatchiPasskey/relay.d.ts +2 -1
  112. package/dist/types/src/core/TatchiPasskey/relay.d.ts.map +1 -1
  113. package/dist/types/src/core/WalletIframe/client/IframeTransport.d.ts.map +1 -1
  114. package/dist/types/src/core/WalletIframe/client/router.d.ts +3 -3
  115. package/dist/types/src/core/WalletIframe/client/router.d.ts.map +1 -1
  116. package/dist/types/src/core/rpcCalls.d.ts +9 -0
  117. package/dist/types/src/core/rpcCalls.d.ts.map +1 -1
  118. package/dist/types/src/index.d.ts +1 -0
  119. package/dist/types/src/index.d.ts.map +1 -1
  120. package/dist/types/src/react/hooks/usePreconnectWalletAssets.d.ts.map +1 -1
  121. package/dist/workers/wasm_vrf_worker_bg.wasm +0 -0
  122. package/package.json +1 -1
package/dist/esm/sdk/offline-export-app.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"offline-export-app.js","names":["target","UserVerificationPolicy","DEFAULT_CONFIRMATION_CONFIG: ConfirmationConfig","DB_CONFIG: PasskeyClientDBConfig","DB_CONFIG","err: any","entry: AppStateEntry<T>","userData: ClientUserData","lastUserState: LastUserAccountIdState","fixed: ClientUserData","updatedUser: ClientUserData","clientAuth: ClientAuthenticatorData","rec: DerivedAddressRecord","rec: RecoveryEmailRecord","DB_CONFIG: PasskeyNearKeysDBConfig","ALPHABET","basex","bs58","txPayload: EncodableSignedTx","lastError: unknown","err: unknown","base","params: Record<string, unknown>","fullAccessKeys: FullAccessKey[]","functionCallAccessKeys: FunctionCallAccessKey[]","isObject","err: unknown","serializedCredential: WebAuthnRegistrationCredential","result: CheckCanRegisterUserResult","error: unknown","wasmModule.UserVerificationPolicy.Required","wasmModule.UserVerificationPolicy.Preferred","wasmModule.UserVerificationPolicy.Discouraged","DEFAULT_AUTHENTICATOR_OPTIONS: AuthenticatorOptions","keyData: EncryptedKeyData","error: unknown","error: unknown","txSigningRequests: TransactionPayload[]","error: unknown","error: unknown","error: unknown","error: unknown","error: unknown","keyData: EncryptedKeyData","error: unknown","cfg: ConfirmationConfig","newUiMode: ConfirmationConfig['uiMode']","payload: any","request: SecureConfirmRequest","confirmationConfig: ConfirmationConfig","transactionSummary: TransactionSummary","e: unknown","_err: unknown","HANDLERS: Partial<Record<SecureConfirmationType, Handler>>","vrfPort: MessagePort | undefined","error: unknown","promises: Promise<void>[]","responses: WorkerResponseForRequest<T>[]","errorMessage","message: VRFWorkerMessage<WasmVrfWorkerRequestType>","message: VRFWorkerMessage<WasmClearSessionRequest>","message: VRFWorkerMessage<WasmVrfWorkerRequestType>","message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest>","intentDigest: string","request: SecureConfirmRequest<SignTransactionPayload | SignNep413Payload, TransactionSummary>","summary: TransactionSummary","txSigningRequests: TransactionInputWasm[]","message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest>","message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest>","message: VRFWorkerMessage<WasmMintSessionKeysAndSendToSignerRequest>","message: VRFWorkerMessage<WasmDispenseSessionKeyRequest>","message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest>","message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest>","error: any","message: VRFWorkerMessage<WasmCheckSessionStatusRequest>","message: VRFWorkerMessage<any>","requestRegistrationCredentialConfirmation","request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary>","requestRegistrationCredentialConfirmationFlow","message: VRFWorkerMessage<WasmShamir3PassClientDecryptVrfKeypairRequest>","message: VRFWorkerMessage<WasmVrfWorkerRequestType>","message: VRFWorkerMessage<WasmUnlockVrfKeypairRequest>","error: any","error: any","next: ConfirmationConfig","envTheme: 'dark' | 'light' | null","accountId: AccountId | undefined","maybeAccessKey: unknown","maybeBlock: unknown","accessKeyError: unknown","blockError: unknown","tasks: Promise<void>[]","akErr: unknown","err: unknown","transactionContext: TransactionContext","now","planned: string[]","error: unknown","newLast: bigint | null","UserPreferencesInstance","NonceManagerInstance","error: any","result: {\n success: boolean;\n vrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfChallenge: VRFChallenge | null;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }","deviceNumberToUse: number | null","credentialId: string","attestationB64u: string","transports: string[]","normalizedRpcCall: RpcCallPayload","all: string[]","offlineConfigsInput: TatchiConfigsInput","err: any","last","e: any"],"sources":["../../../../node_modules/.pnpm/idb@8.0.3/node_modules/idb/build/index.js","../../../src/wasm_signer_worker/pkg/wasm_signer_worker.js","../../../src/core/types/signer-worker.ts","../../../src/core/IndexedDBManager/passkeyClientDB.ts","../../../src/core/IndexedDBManager/passkeyNearKeysDB.ts","../../../src/core/IndexedDBManager/index.ts","../../../../node_modules/.pnpm/base-x@5.0.1/node_modules/base-x/src/esm/index.js","../../../../node_modules/.pnpm/bs58@6.0.0/node_modules/bs58/src/esm/index.js","../../../src/utils/base58.ts","../../../src/react/deviceDetection.ts","../../../src/core/NearRpcError.ts","../../../src/core/types/rpc.ts","../../../src/core/NearClient.ts","../../../src/core/OfflineExport/messages.ts","../../../build-paths.ts","../../../src/config.ts","../../../src/core/sdkPaths/workers.ts","../../../src/core/workerControlMessages.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/sessionMessages.ts","../../../src/core/rpcCalls.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.ts","../../../src/core/types/authenticatorOptions.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/session.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/sessionHandshake.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/recoverKeypairFromPasskey.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/extractCosePublicKey.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionWithKeyPair.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestAdapter.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/handleSecureConfirmRequest.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/secureConfirmBridge.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/index.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkVrfStatus.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearVrf.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndDeriveDevice2RegistrationSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndPrepareSigningSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/createSigningSessionChannel.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/mintSessionKeysAndSendToSigner.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/dispenseSessionKey.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkSessionStatus.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/prepareDecryptSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/requestRegistrationCredentialConfirmation.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/requestRegistrationCredentialConfirmation.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/shamir3PassDecryptVrfKeypair.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/shamir3PassEncryptCurrentVrfKeypair.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/unlockVrfKeypair.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/index.ts","../../../src/core/WebAuthnManager/userPreferences.ts","../../../src/core/nonceManager.ts","../../../src/core/WalletIframe/host-mode.ts","../../../src/core/WebAuthnManager/index.ts","../../../src/core/OfflineExport/offline-export-app.ts"],"sourcesContent":["const instanceOfAny = (object, constructors) => constructors.some((c) => object instanceof c);\n\nlet idbProxyableTypes;\nlet cursorAdvanceMethods;\n// This is a function to prevent it throwing up in node environments.\nfunction getIdbProxyableTypes() {\n return (idbProxyableTypes ||\n (idbProxyableTypes = [\n IDBDatabase,\n IDBObjectStore,\n IDBIndex,\n IDBCursor,\n IDBTransaction,\n ]));\n}\n// This is a function to prevent it throwing up in node environments.\nfunction getCursorAdvanceMethods() {\n return (cursorAdvanceMethods ||\n (cursorAdvanceMethods = [\n IDBCursor.prototype.advance,\n IDBCursor.prototype.continue,\n IDBCursor.prototype.continuePrimaryKey,\n ]));\n}\nconst transactionDoneMap = new WeakMap();\nconst transformCache = new WeakMap();\nconst reverseTransformCache = new WeakMap();\nfunction promisifyRequest(request) {\n const promise = new Promise((resolve, reject) => {\n const unlisten = () => {\n request.removeEventListener('success', success);\n request.removeEventListener('error', error);\n };\n const success = () => {\n resolve(wrap(request.result));\n unlisten();\n };\n const error = () => {\n reject(request.error);\n unlisten();\n };\n request.addEventListener('success', success);\n request.addEventListener('error', error);\n });\n // This mapping exists in reverseTransformCache but doesn't exist in transformCache. This\n // is because we create many promises from a single IDBRequest.\n reverseTransformCache.set(promise, request);\n return promise;\n}\nfunction cacheDonePromiseForTransaction(tx) {\n // Early bail if we've already created a done promise for this transaction.\n if (transactionDoneMap.has(tx))\n return;\n const done = new Promise((resolve, reject) => {\n const unlisten = () => {\n tx.removeEventListener('complete', complete);\n tx.removeEventListener('error', error);\n tx.removeEventListener('abort', error);\n };\n const complete = () => {\n resolve();\n unlisten();\n };\n const error = () => {\n reject(tx.error || new DOMException('AbortError', 'AbortError'));\n unlisten();\n };\n tx.addEventListener('complete', complete);\n tx.addEventListener('error', error);\n tx.addEventListener('abort', error);\n });\n // Cache it for later retrieval.\n transactionDoneMap.set(tx, done);\n}\nlet idbProxyTraps = {\n get(target, prop, receiver) {\n if (target instanceof IDBTransaction) {\n // Special handling for transaction.done.\n if (prop === 'done')\n return transactionDoneMap.get(target);\n // Make tx.store return the only store in the transaction, or undefined if there are many.\n if (prop === 'store') {\n return receiver.objectStoreNames[1]\n ? undefined\n : receiver.objectStore(receiver.objectStoreNames[0]);\n }\n }\n // Else transform whatever we get back.\n return wrap(target[prop]);\n },\n set(target, prop, value) {\n target[prop] = value;\n return true;\n },\n has(target, prop) {\n if (target instanceof IDBTransaction &&\n (prop === 'done' || prop === 'store')) {\n return true;\n }\n return prop in target;\n },\n};\nfunction replaceTraps(callback) {\n idbProxyTraps = callback(idbProxyTraps);\n}\nfunction wrapFunction(func) {\n // Due to expected object equality (which is enforced by the caching in `wrap`), we\n // only create one new func per func.\n // Cursor methods are special, as the behaviour is a little more different to standard IDB. In\n // IDB, you advance the cursor and wait for a new 'success' on the IDBRequest that gave you the\n // cursor. It's kinda like a promise that can resolve with many values. That doesn't make sense\n // with real promises, so each advance methods returns a new promise for the cursor object, or\n // undefined if the end of the cursor has been reached.\n if (getCursorAdvanceMethods().includes(func)) {\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n func.apply(unwrap(this), args);\n return wrap(this.request);\n };\n }\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n return wrap(func.apply(unwrap(this), args));\n };\n}\nfunction transformCachableValue(value) {\n if (typeof value === 'function')\n return wrapFunction(value);\n // This doesn't return, it just creates a 'done' promise for the transaction,\n // which is later returned for transaction.done (see idbObjectHandler).\n if (value instanceof IDBTransaction)\n cacheDonePromiseForTransaction(value);\n if (instanceOfAny(value, getIdbProxyableTypes()))\n return new Proxy(value, idbProxyTraps);\n // Return the same value back if we're not going to transform it.\n return value;\n}\nfunction wrap(value) {\n // We sometimes generate multiple promises from a single IDBRequest (eg when cursoring), because\n // IDB is weird and a single IDBRequest can yield many responses, so these can't be cached.\n if (value instanceof IDBRequest)\n return promisifyRequest(value);\n // If we've already transformed this value before, reuse the transformed value.\n // This is faster, but it also provides object equality.\n if (transformCache.has(value))\n return transformCache.get(value);\n const newValue = transformCachableValue(value);\n // Not all types are transformed.\n // These may be primitive types, so they can't be WeakMap keys.\n if (newValue !== value) {\n transformCache.set(value, newValue);\n reverseTransformCache.set(newValue, value);\n }\n return newValue;\n}\nconst unwrap = (value) => reverseTransformCache.get(value);\n\n/**\n * Open a database.\n *\n * @param name Name of the database.\n * @param version Schema version.\n * @param callbacks Additional callbacks.\n */\nfunction openDB(name, version, { blocked, upgrade, blocking, terminated } = {}) {\n const request = indexedDB.open(name, version);\n const openPromise = wrap(request);\n if (upgrade) {\n request.addEventListener('upgradeneeded', (event) => {\n upgrade(wrap(request.result), event.oldVersion, event.newVersion, wrap(request.transaction), event);\n });\n }\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event.newVersion, event));\n }\n openPromise\n .then((db) => {\n if (terminated)\n db.addEventListener('close', () => terminated());\n if (blocking) {\n db.addEventListener('versionchange', (event) => blocking(event.oldVersion, event.newVersion, event));\n }\n })\n .catch(() => { });\n return openPromise;\n}\n/**\n * Delete a database.\n *\n * @param name Name of the database.\n */\nfunction deleteDB(name, { blocked } = {}) {\n const request = indexedDB.deleteDatabase(name);\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event));\n }\n return wrap(request).then(() => undefined);\n}\n\nconst readMethods = ['get', 'getKey', 'getAll', 'getAllKeys', 'count'];\nconst writeMethods = ['put', 'add', 'delete', 'clear'];\nconst cachedMethods = new Map();\nfunction getMethod(target, prop) {\n if (!(target instanceof IDBDatabase &&\n !(prop in target) &&\n typeof prop === 'string')) {\n return;\n }\n if (cachedMethods.get(prop))\n return cachedMethods.get(prop);\n const targetFuncName = prop.replace(/FromIndex$/, '');\n const useIndex = prop !== targetFuncName;\n const isWrite = writeMethods.includes(targetFuncName);\n if (\n // Bail if the target doesn't exist on the target. Eg, getAll isn't in Edge.\n !(targetFuncName in (useIndex ? IDBIndex : IDBObjectStore).prototype) ||\n !(isWrite || readMethods.includes(targetFuncName))) {\n return;\n }\n const method = async function (storeName, ...args) {\n // isWrite ? 'readwrite' : undefined gzipps better, but fails in Edge :(\n const tx = this.transaction(storeName, isWrite ? 'readwrite' : 'readonly');\n let target = tx.store;\n if (useIndex)\n target = target.index(args.shift());\n // Must reject if op rejects.\n // If it's a write operation, must reject if tx.done rejects.\n // Must reject with op rejection first.\n // Must resolve with op value.\n // Must handle both promises (no unhandled rejections)\n return (await Promise.all([\n target[targetFuncName](...args),\n isWrite && tx.done,\n ]))[0];\n };\n cachedMethods.set(prop, method);\n return method;\n}\nreplaceTraps((oldTraps) => ({\n ...oldTraps,\n get: (target, prop, receiver) => getMethod(target, prop) || oldTraps.get(target, prop, receiver),\n has: (target, prop) => !!getMethod(target, prop) || oldTraps.has(target, prop),\n}));\n\nconst advanceMethodProps = ['continue', 'continuePrimaryKey', 'advance'];\nconst methodMap = {};\nconst advanceResults = new WeakMap();\nconst ittrProxiedCursorToOriginalProxy = new WeakMap();\nconst cursorIteratorTraps = {\n get(target, prop) {\n if (!advanceMethodProps.includes(prop))\n return target[prop];\n let cachedFunc = methodMap[prop];\n if (!cachedFunc) {\n cachedFunc = methodMap[prop] = function (...args) {\n advanceResults.set(this, ittrProxiedCursorToOriginalProxy.get(this)[prop](...args));\n };\n }\n return cachedFunc;\n },\n};\nasync function* iterate(...args) {\n // tslint:disable-next-line:no-this-assignment\n let cursor = this;\n if (!(cursor instanceof IDBCursor)) {\n cursor = await cursor.openCursor(...args);\n }\n if (!cursor)\n return;\n cursor = cursor;\n const proxiedCursor = new Proxy(cursor, cursorIteratorTraps);\n ittrProxiedCursorToOriginalProxy.set(proxiedCursor, cursor);\n // Map this double-proxy back to the original, so other cursor methods work.\n reverseTransformCache.set(proxiedCursor, unwrap(cursor));\n while (cursor) {\n yield proxiedCursor;\n // If one of the advancing methods was not called, call continue().\n cursor = await (advanceResults.get(proxiedCursor) || cursor.continue());\n advanceResults.delete(proxiedCursor);\n }\n}\nfunction isIteratorProp(target, prop) {\n return ((prop === Symbol.asyncIterator &&\n instanceOfAny(target, [IDBIndex, IDBObjectStore, IDBCursor])) ||\n (prop === 'iterate' && instanceOfAny(target, [IDBIndex, IDBObjectStore])));\n}\nreplaceTraps((oldTraps) => ({\n ...oldTraps,\n get(target, prop, receiver) {\n if (isIteratorProp(target, prop))\n return iterate;\n return oldTraps.get(target, prop, receiver);\n },\n has(target, prop) {\n return isIteratorProp(target, prop) || oldTraps.has(target, prop);\n },\n}));\n\nexport { deleteDB, openDB, unwrap, wrap };\n","let wasm;\n\nlet WASM_VECTOR_LEN = 0;\n\nlet cachedUint8ArrayMemory0 = null;\n\nfunction getUint8ArrayMemory0() {\n if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {\n cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);\n }\n return cachedUint8ArrayMemory0;\n}\n\nconst cachedTextEncoder = (typeof TextEncoder !== 'undefined' ? new TextEncoder('utf-8') : { encode: () => { throw Error('TextEncoder not available') } } );\n\nconst encodeString = (typeof cachedTextEncoder.encodeInto === 'function'\n ? function (arg, view) {\n return cachedTextEncoder.encodeInto(arg, view);\n}\n : function (arg, view) {\n const buf = cachedTextEncoder.encode(arg);\n view.set(buf);\n return {\n read: arg.length,\n written: buf.length\n };\n});\n\nfunction passStringToWasm0(arg, malloc, realloc) {\n\n if (realloc === undefined) {\n const buf = cachedTextEncoder.encode(arg);\n const ptr = malloc(buf.length, 1) >>> 0;\n getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);\n WASM_VECTOR_LEN = buf.length;\n return ptr;\n }\n\n let len = arg.length;\n let ptr = malloc(len, 1) >>> 0;\n\n const mem = getUint8ArrayMemory0();\n\n let offset = 0;\n\n for (; offset < len; offset++) {\n const code = arg.charCodeAt(offset);\n if (code > 0x7F) break;\n mem[ptr + offset] = code;\n }\n\n if (offset !== len) {\n if (offset !== 0) {\n arg = arg.slice(offset);\n }\n ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;\n const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);\n const ret = encodeString(arg, view);\n\n offset += ret.written;\n ptr = realloc(ptr, len, offset, 1) >>> 0;\n }\n\n WASM_VECTOR_LEN = offset;\n return ptr;\n}\n\nlet cachedDataViewMemory0 = null;\n\nfunction getDataViewMemory0() {\n if (cachedDataViewMemory0 === null || cachedDataViewMemory0.buffer.detached === true || (cachedDataViewMemory0.buffer.detached === undefined && cachedDataViewMemory0.buffer !== wasm.memory.buffer)) {\n cachedDataViewMemory0 = new DataView(wasm.memory.buffer);\n }\n return cachedDataViewMemory0;\n}\n\nfunction addToExternrefTable0(obj) {\n const idx = wasm.__externref_table_alloc();\n wasm.__wbindgen_export_4.set(idx, obj);\n return idx;\n}\n\nfunction handleError(f, args) {\n try {\n return f.apply(this, args);\n } catch (e) {\n const idx = addToExternrefTable0(e);\n wasm.__wbindgen_exn_store(idx);\n }\n}\n\nconst cachedTextDecoder = (typeof TextDecoder !== 'undefined' ? new TextDecoder('utf-8', { ignoreBOM: true, fatal: true }) : { decode: () => { throw Error('TextDecoder not available') } } );\n\nif (typeof TextDecoder !== 'undefined') { cachedTextDecoder.decode(); };\n\nfunction getStringFromWasm0(ptr, len) {\n ptr = ptr >>> 0;\n return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));\n}\n\nfunction isLikeNone(x) {\n return x === undefined || x === null;\n}\n\nconst CLOSURE_DTORS = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(state => {\n wasm.__wbindgen_export_5.get(state.dtor)(state.a, state.b)\n});\n\nfunction makeMutClosure(arg0, arg1, dtor, f) {\n const state = { a: arg0, b: arg1, cnt: 1, dtor };\n const real = (...args) => {\n // First up with a closure we increment the internal reference\n // count. This ensures that the Rust closure environment won't\n // be deallocated while we're invoking it.\n state.cnt++;\n const a = state.a;\n state.a = 0;\n try {\n return f(a, state.b, ...args);\n } finally {\n if (--state.cnt === 0) {\n wasm.__wbindgen_export_5.get(state.dtor)(a, state.b);\n CLOSURE_DTORS.unregister(state);\n } else {\n state.a = a;\n }\n }\n };\n real.original = state;\n CLOSURE_DTORS.register(real, state, state);\n return real;\n}\n\nfunction debugString(val) {\n // primitive types\n const type = typeof val;\n if (type == 'number' || type == 'boolean' || val == null) {\n return `${val}`;\n }\n if (type == 'string') {\n return `\"${val}\"`;\n }\n if (type == 'symbol') {\n const description = val.description;\n if (description == null) {\n return 'Symbol';\n } else {\n return `Symbol(${description})`;\n }\n }\n if (type == 'function') {\n const name = val.name;\n if (typeof name == 'string' && name.length > 0) {\n return `Function(${name})`;\n } else {\n return 'Function';\n }\n }\n // objects\n if (Array.isArray(val)) {\n const length = val.length;\n let debug = '[';\n if (length > 0) {\n debug += debugString(val[0]);\n }\n for(let i = 1; i < length; i++) {\n debug += ', ' + debugString(val[i]);\n }\n debug += ']';\n return debug;\n }\n // Test for built-in\n const builtInMatches = /\\[object ([^\\]]+)\\]/.exec(toString.call(val));\n let className;\n if (builtInMatches && builtInMatches.length > 1) {\n className = builtInMatches[1];\n } else {\n // Failed to match the standard '[object ClassName]'\n return toString.call(val);\n }\n if (className == 'Object') {\n // we're a user defined class or Object\n // JSON.stringify avoids problems with cycles, and is generally much\n // easier than looping through ownProperties of `val`.\n try {\n return 'Object(' + JSON.stringify(val) + ')';\n } catch (_) {\n return 'Object';\n }\n }\n // errors\n if (val instanceof Error) {\n return `${val.name}: ${val.message}\\n${val.stack}`;\n }\n // TODO we could test for more things here, like `Set`s and `Map`s.\n return className;\n}\n\nfunction _assertClass(instance, klass) {\n if (!(instance instanceof klass)) {\n throw new Error(`expected instance of ${klass.name}`);\n }\n}\n\nfunction getArrayU8FromWasm0(ptr, len) {\n ptr = ptr >>> 0;\n return getUint8ArrayMemory0().subarray(ptr / 1, ptr / 1 + len);\n}\n\nfunction passArray8ToWasm0(arg, malloc) {\n const ptr = malloc(arg.length * 1, 1) >>> 0;\n getUint8ArrayMemory0().set(arg, ptr / 1);\n WASM_VECTOR_LEN = arg.length;\n return ptr;\n}\n\nfunction getArrayJsValueFromWasm0(ptr, len) {\n ptr = ptr >>> 0;\n const mem = getDataViewMemory0();\n const result = [];\n for (let i = ptr; i < ptr + 4 * len; i += 4) {\n result.push(wasm.__wbindgen_export_4.get(mem.getUint32(i, true)));\n }\n wasm.__externref_drop_slice(ptr, len);\n return result;\n}\n\nfunction passArrayJsValueToWasm0(array, malloc) {\n const ptr = malloc(array.length * 4, 4) >>> 0;\n for (let i = 0; i < array.length; i++) {\n const add = addToExternrefTable0(array[i]);\n getDataViewMemory0().setUint32(ptr + 4 * i, add, true);\n }\n WASM_VECTOR_LEN = array.length;\n return ptr;\n}\n\nfunction takeFromExternrefTable0(idx) {\n const value = wasm.__wbindgen_export_4.get(idx);\n wasm.__externref_table_dealloc(idx);\n return value;\n}\n\nexport function init_worker() {\n wasm.init_wasm_signer_worker();\n}\n\n/**\n * Alias for init_worker to maintain compatibility with bundlers that auto-generate\n * imports based on the module name (e.g., Rolldown)\n */\nexport function init_wasm_signer_worker() {\n wasm.init_wasm_signer_worker();\n}\n\n/**\n * Attach a MessagePort for a signing session and store WrapKeySeed material in Rust.\n * JS shim should transfer the port; all parsing/caching lives here.\n * @param {string} session_id\n * @param {any} port_val\n */\nexport function attach_wrap_key_seed_port(session_id, port_val) {\n const ptr0 = passStringToWasm0(session_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.attach_wrap_key_seed_port(ptr0, len0, port_val);\n}\n\n/**\n * Unified message handler for all signer worker operations\n * This replaces the TypeScript-based message dispatching with a Rust-based approach\n * for better type safety and performance\n * @param {any} message_val\n * @returns {Promise<any>}\n */\nexport function handle_signer_message(message_val) {\n const ret = wasm.handle_signer_message(message_val);\n return ret;\n}\n\nfunction __wbg_adapter_52(arg0, arg1, arg2) {\n wasm.closure7_externref_shim(arg0, arg1, arg2);\n}\n\nfunction __wbg_adapter_55(arg0, arg1) {\n wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h34a15fa9267e5503(arg0, arg1);\n}\n\nfunction __wbg_adapter_483(arg0, arg1, arg2, arg3) {\n wasm.closure75_externref_shim(arg0, arg1, arg2, arg3);\n}\n\n/**\n * Behavior mode for confirmation flow\n * @enum {0 | 1}\n */\nexport const ConfirmationBehavior = Object.freeze({\n RequireClick: 0, \"0\": \"RequireClick\",\n AutoProceed: 1, \"1\": \"AutoProceed\",\n});\n/**\n * UI mode for confirmation display\n * @enum {0 | 1 | 2}\n */\nexport const ConfirmationUIMode = Object.freeze({\n Skip: 0, \"0\": \"Skip\",\n Modal: 1, \"1\": \"Modal\",\n Drawer: 2, \"2\": \"Drawer\",\n});\n/**\n * Progress message types that can be sent during WASM operations.\n * Values MUST align with the progress variants of WorkerResponseType in\n * `worker_messages.rs` so that TypeScript can treat them as progress\n * responses (not success/failure) based on the shared numeric codes.\n * @enum {18 | 19 | 20 | 21}\n */\nexport const ProgressMessageType = Object.freeze({\n RegistrationProgress: 18, \"18\": \"RegistrationProgress\",\n RegistrationComplete: 19, \"19\": \"RegistrationComplete\",\n ExecuteActionsProgress: 20, \"20\": \"ExecuteActionsProgress\",\n ExecuteActionsComplete: 21, \"21\": \"ExecuteActionsComplete\",\n});\n/**\n * Progress step identifiers for different phases of operations\n * Values start at 100 to avoid conflicts with WorkerResponseType enum\n * @enum {100 | 101 | 102 | 103 | 104 | 105 | 106}\n */\nexport const ProgressStep = Object.freeze({\n Preparation: 100, \"100\": \"Preparation\",\n UserConfirmation: 101, \"101\": \"UserConfirmation\",\n WebauthnAuthentication: 102, \"102\": \"WebauthnAuthentication\",\n AuthenticationComplete: 103, \"103\": \"AuthenticationComplete\",\n TransactionSigningProgress: 104, \"104\": \"TransactionSigningProgress\",\n TransactionSigningComplete: 105, \"105\": \"TransactionSigningComplete\",\n Error: 106, \"106\": \"Error\",\n});\n/**\n * User verification policy for WebAuthn authenticators\n * @enum {0 | 1 | 2}\n */\nexport const UserVerificationPolicy = Object.freeze({\n Required: 0, \"0\": \"Required\",\n Preferred: 1, \"1\": \"Preferred\",\n Discouraged: 2, \"2\": \"Discouraged\",\n});\n/**\n * @enum {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8}\n */\nexport const WorkerRequestType = Object.freeze({\n DeriveNearKeypairAndEncrypt: 0, \"0\": \"DeriveNearKeypairAndEncrypt\",\n RecoverKeypairFromPasskey: 1, \"1\": \"RecoverKeypairFromPasskey\",\n DecryptPrivateKeyWithPrf: 2, \"2\": \"DecryptPrivateKeyWithPrf\",\n SignTransactionsWithActions: 3, \"3\": \"SignTransactionsWithActions\",\n ExtractCosePublicKey: 4, \"4\": \"ExtractCosePublicKey\",\n SignTransactionWithKeyPair: 5, \"5\": \"SignTransactionWithKeyPair\",\n SignNep413Message: 6, \"6\": \"SignNep413Message\",\n RegisterDevice2WithDerivedKey: 7, \"7\": \"RegisterDevice2WithDerivedKey\",\n SignDelegateAction: 8, \"8\": \"SignDelegateAction\",\n});\n/**\n * Worker response types enum - corresponds to TypeScript WorkerResponseType\n * @enum {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21}\n */\nexport const WorkerResponseType = Object.freeze({\n DeriveNearKeypairAndEncryptSuccess: 0, \"0\": \"DeriveNearKeypairAndEncryptSuccess\",\n RecoverKeypairFromPasskeySuccess: 1, \"1\": \"RecoverKeypairFromPasskeySuccess\",\n DecryptPrivateKeyWithPrfSuccess: 2, \"2\": \"DecryptPrivateKeyWithPrfSuccess\",\n SignTransactionsWithActionsSuccess: 3, \"3\": \"SignTransactionsWithActionsSuccess\",\n ExtractCosePublicKeySuccess: 4, \"4\": \"ExtractCosePublicKeySuccess\",\n SignTransactionWithKeyPairSuccess: 5, \"5\": \"SignTransactionWithKeyPairSuccess\",\n SignNep413MessageSuccess: 6, \"6\": \"SignNep413MessageSuccess\",\n RegisterDevice2WithDerivedKeySuccess: 7, \"7\": \"RegisterDevice2WithDerivedKeySuccess\",\n SignDelegateActionSuccess: 8, \"8\": \"SignDelegateActionSuccess\",\n DeriveNearKeypairAndEncryptFailure: 9, \"9\": \"DeriveNearKeypairAndEncryptFailure\",\n RecoverKeypairFromPasskeyFailure: 10, \"10\": \"RecoverKeypairFromPasskeyFailure\",\n DecryptPrivateKeyWithPrfFailure: 11, \"11\": \"DecryptPrivateKeyWithPrfFailure\",\n SignTransactionsWithActionsFailure: 12, \"12\": \"SignTransactionsWithActionsFailure\",\n ExtractCosePublicKeyFailure: 13, \"13\": \"ExtractCosePublicKeyFailure\",\n SignTransactionWithKeyPairFailure: 14, \"14\": \"SignTransactionWithKeyPairFailure\",\n SignNep413MessageFailure: 15, \"15\": \"SignNep413MessageFailure\",\n RegisterDevice2WithDerivedKeyFailure: 16, \"16\": \"RegisterDevice2WithDerivedKeyFailure\",\n SignDelegateActionFailure: 17, \"17\": \"SignDelegateActionFailure\",\n RegistrationProgress: 18, \"18\": \"RegistrationProgress\",\n RegistrationComplete: 19, \"19\": \"RegistrationComplete\",\n ExecuteActionsProgress: 20, \"20\": \"ExecuteActionsProgress\",\n ExecuteActionsComplete: 21, \"21\": \"ExecuteActionsComplete\",\n});\n\nconst AuthenticationResponseFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_authenticationresponse_free(ptr >>> 0, 1));\n\nexport class AuthenticationResponse {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(AuthenticationResponse.prototype);\n obj.__wbg_ptr = ptr;\n AuthenticationResponseFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n AuthenticationResponseFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_authenticationresponse_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get clientDataJSON() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_authenticationresponse_clientDataJSON(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set clientDataJSON(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get authenticatorData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_authenticationresponse_authenticatorData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set authenticatorData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get signature() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_authenticationresponse_signature(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signature(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get userHandle() {\n const ret = wasm.__wbg_get_authenticationresponse_userHandle(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set userHandle(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst AuthenticatorOptionsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_authenticatoroptions_free(ptr >>> 0, 1));\n/**\n * Options for configuring WebAuthn authenticator behavior during registration\n */\nexport class AuthenticatorOptions {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(AuthenticatorOptions.prototype);\n obj.__wbg_ptr = ptr;\n AuthenticatorOptionsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n AuthenticatorOptionsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_authenticatoroptions_free(ptr, 0);\n }\n /**\n * @returns {UserVerificationPolicy | undefined}\n */\n get userVerification() {\n const ret = wasm.__wbg_get_authenticatoroptions_userVerification(this.__wbg_ptr);\n return ret === 3 ? undefined : ret;\n }\n /**\n * @param {UserVerificationPolicy | null} [arg0]\n */\n set userVerification(arg0) {\n wasm.__wbg_set_authenticatoroptions_userVerification(this.__wbg_ptr, isLikeNone(arg0) ? 3 : arg0);\n }\n /**\n * @returns {OriginPolicyInput | undefined}\n */\n get originPolicy() {\n const ret = wasm.__wbg_get_authenticatoroptions_originPolicy(this.__wbg_ptr);\n return ret === 0 ? undefined : OriginPolicyInput.__wrap(ret);\n }\n /**\n * @param {OriginPolicyInput | null} [arg0]\n */\n set originPolicy(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, OriginPolicyInput);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_authenticatoroptions_originPolicy(this.__wbg_ptr, ptr0);\n }\n}\n\nconst ClientExtensionResultsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_clientextensionresults_free(ptr >>> 0, 1));\n\nexport class ClientExtensionResults {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(ClientExtensionResults.prototype);\n obj.__wbg_ptr = ptr;\n ClientExtensionResultsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n ClientExtensionResultsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_clientextensionresults_free(ptr, 0);\n }\n /**\n * @returns {PrfResults}\n */\n get prf() {\n const ret = wasm.__wbg_get_clientextensionresults_prf(this.__wbg_ptr);\n return PrfResults.__wrap(ret);\n }\n /**\n * @param {PrfResults} arg0\n */\n set prf(arg0) {\n _assertClass(arg0, PrfResults);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_clientextensionresults_prf(this.__wbg_ptr, ptr0);\n }\n}\n\nconst ConfirmationConfigFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_confirmationconfig_free(ptr >>> 0, 1));\n/**\n * Unified confirmation configuration passed from main thread to WASM worker\n */\nexport class ConfirmationConfig {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n ConfirmationConfigFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_confirmationconfig_free(ptr, 0);\n }\n /**\n * Type of UI to display for confirmation\n * @returns {ConfirmationUIMode}\n */\n get uiMode() {\n const ret = wasm.__wbg_get_confirmationconfig_uiMode(this.__wbg_ptr);\n return ret;\n }\n /**\n * Type of UI to display for confirmation\n * @param {ConfirmationUIMode} arg0\n */\n set uiMode(arg0) {\n wasm.__wbg_set_confirmationconfig_uiMode(this.__wbg_ptr, arg0);\n }\n /**\n * How the confirmation UI behaves\n * @returns {ConfirmationBehavior}\n */\n get behavior() {\n const ret = wasm.__wbg_get_confirmationconfig_behavior(this.__wbg_ptr);\n return ret;\n }\n /**\n * How the confirmation UI behaves\n * @param {ConfirmationBehavior} arg0\n */\n set behavior(arg0) {\n wasm.__wbg_set_confirmationconfig_behavior(this.__wbg_ptr, arg0);\n }\n /**\n * Delay in milliseconds before auto-proceeding (only used with autoProceedWithDelay)\n * @returns {number | undefined}\n */\n get autoProceedDelay() {\n const ret = wasm.__wbg_get_confirmationconfig_autoProceedDelay(this.__wbg_ptr);\n return ret === 0x100000001 ? undefined : ret;\n }\n /**\n * Delay in milliseconds before auto-proceeding (only used with autoProceedWithDelay)\n * @param {number | null} [arg0]\n */\n set autoProceedDelay(arg0) {\n wasm.__wbg_set_confirmationconfig_autoProceedDelay(this.__wbg_ptr, isLikeNone(arg0) ? 0x100000001 : (arg0) >>> 0);\n }\n /**\n * UI theme preference (dark/light)\n * @returns {string | undefined}\n */\n get theme() {\n const ret = wasm.__wbg_get_confirmationconfig_theme(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * UI theme preference (dark/light)\n * @param {string | null} [arg0]\n */\n set theme(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_confirmationconfig_theme(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst CoseExtractionResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_coseextractionresult_free(ptr >>> 0, 1));\n\nexport class CoseExtractionResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n CoseExtractionResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_coseextractionresult_free(ptr, 0);\n }\n /**\n * @returns {Uint8Array}\n */\n get cosePublicKeyBytes() {\n const ret = wasm.__wbg_get_coseextractionresult_cosePublicKeyBytes(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set cosePublicKeyBytes(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_coseextractionresult_cosePublicKeyBytes(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst DecryptPrivateKeyRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_decryptprivatekeyrequest_free(ptr >>> 0, 1));\n\nexport class DecryptPrivateKeyRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DecryptPrivateKeyRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_decryptprivatekeyrequest_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedPrivateKeyData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_encryptedPrivateKeyData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedPrivateKeyData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @returns {string}\n */\n get encryptedPrivateKeyChacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @param {string} arg0\n */\n set encryptedPrivateKeyChacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} near_account_id\n * @param {string} encrypted_private_key_data\n * @param {string} encrypted_private_key_chacha20_nonce_b64u\n * @param {string} session_id\n */\n constructor(near_account_id, encrypted_private_key_data, encrypted_private_key_chacha20_nonce_b64u, session_id) {\n const ptr0 = passStringToWasm0(near_account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_private_key_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(encrypted_private_key_chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(session_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n const ret = wasm.decryptprivatekeyrequest_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n DecryptPrivateKeyRequestFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst DecryptPrivateKeyResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_decryptprivatekeyresult_free(ptr >>> 0, 1));\n\nexport class DecryptPrivateKeyResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DecryptPrivateKeyResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_decryptprivatekeyresult_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get privateKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyresult_privateKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set privateKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyresult_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} private_key\n * @param {string} near_account_id\n */\n constructor(private_key, near_account_id) {\n const ptr0 = passStringToWasm0(private_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(near_account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.decryptionpayload_new(ptr0, len0, ptr1, len1);\n this.__wbg_ptr = ret >>> 0;\n DecryptPrivateKeyResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst DecryptionPayloadFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_decryptionpayload_free(ptr >>> 0, 1));\n/**\n * Decryption payload (consolidated for deserialization and WASM binding)\n */\nexport class DecryptionPayload {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DecryptionPayloadFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_decryptionpayload_free(ptr, 0);\n }\n /**\n * Encrypted NEAR private key\n * @returns {string}\n */\n get encryptedPrivateKeyData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptionpayload_encryptedPrivateKeyData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Encrypted NEAR private key\n * @param {string} arg0\n */\n set encryptedPrivateKeyData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @returns {string}\n */\n get encryptedPrivateKeyChacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptionpayload_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @param {string} arg0\n */\n set encryptedPrivateKeyChacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} encrypted_private_key_data\n * @param {string} encrypted_private_key_chacha20_nonce_b64u\n */\n constructor(encrypted_private_key_data, encrypted_private_key_chacha20_nonce_b64u) {\n const ptr0 = passStringToWasm0(encrypted_private_key_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_private_key_chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.decryptionpayload_new(ptr0, len0, ptr1, len1);\n this.__wbg_ptr = ret >>> 0;\n DecryptionPayloadFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst DelegateSignResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_delegatesignresult_free(ptr >>> 0, 1));\n\nexport class DelegateSignResult {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(DelegateSignResult.prototype);\n obj.__wbg_ptr = ptr;\n DelegateSignResultFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DelegateSignResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_delegatesignresult_free(ptr, 0);\n }\n /**\n * @returns {boolean}\n */\n get success() {\n const ret = wasm.__wbg_get_delegatesignresult_success(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set success(arg0) {\n wasm.__wbg_set_delegatesignresult_success(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string | undefined}\n */\n get hash() {\n const ret = wasm.__wbg_get_delegatesignresult_hash(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set hash(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_hash(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmSignedDelegate | undefined}\n */\n get signedDelegate() {\n const ret = wasm.__wbg_get_delegatesignresult_signedDelegate(this.__wbg_ptr);\n return ret === 0 ? undefined : WasmSignedDelegate.__wrap(ret);\n }\n /**\n * @param {WasmSignedDelegate | null} [arg0]\n */\n set signedDelegate(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, WasmSignedDelegate);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_delegatesignresult_signedDelegate(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string[]}\n */\n get logs() {\n const ret = wasm.__wbg_get_delegatesignresult_logs(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set logs(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_logs(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get error() {\n const ret = wasm.__wbg_get_delegatesignresult_error(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set error(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_error(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {boolean} success\n * @param {string | null | undefined} hash\n * @param {WasmSignedDelegate | null | undefined} signed_delegate\n * @param {string[]} logs\n * @param {string | null} [error]\n */\n constructor(success, hash, signed_delegate, logs, error) {\n var ptr0 = isLikeNone(hash) ? 0 : passStringToWasm0(hash, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n let ptr1 = 0;\n if (!isLikeNone(signed_delegate)) {\n _assertClass(signed_delegate, WasmSignedDelegate);\n ptr1 = signed_delegate.__destroy_into_raw();\n }\n const ptr2 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(error) ? 0 : passStringToWasm0(error, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.delegatesignresult_new(success, ptr0, len0, ptr1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n DelegateSignResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n /**\n * @param {string[]} logs\n * @param {string} error_msg\n * @returns {DelegateSignResult}\n */\n static failed(logs, error_msg) {\n const ptr0 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(error_msg, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.delegatesignresult_failed(ptr0, len0, ptr1, len1);\n return DelegateSignResult.__wrap(ret);\n }\n}\n\nconst DeriveNearKeypairAndEncryptRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_derivenearkeypairandencryptrequest_free(ptr >>> 0, 1));\n\nexport class DeriveNearKeypairAndEncryptRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DeriveNearKeypairAndEncryptRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_derivenearkeypairandencryptrequest_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {SerializedRegistrationCredential}\n */\n get credential() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr);\n return SerializedRegistrationCredential.__wrap(ret);\n }\n /**\n * @param {SerializedRegistrationCredential} arg0\n */\n set credential(arg0) {\n _assertClass(arg0, SerializedRegistrationCredential);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {AuthenticatorOptions | undefined}\n */\n get authenticatorOptions() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_authenticatorOptions(this.__wbg_ptr);\n return ret === 0 ? undefined : AuthenticatorOptions.__wrap(ret);\n }\n /**\n * @param {AuthenticatorOptions | null} [arg0]\n */\n set authenticatorOptions(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, AuthenticatorOptions);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_derivenearkeypairandencryptrequest_authenticatorOptions(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst DeriveNearKeypairAndEncryptResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_derivenearkeypairandencryptresult_free(ptr >>> 0, 1));\n\nexport class DeriveNearKeypairAndEncryptResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DeriveNearKeypairAndEncryptResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_derivenearkeypairandencryptresult_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_encryptedData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get chacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_chacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set chacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get wrapKeySalt() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set wrapKeySalt(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {number}\n */\n get version() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_version(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set version(arg0) {\n wasm.__wbg_set_derivenearkeypairandencryptresult_version(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {boolean}\n */\n get stored() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_stored(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set stored(arg0) {\n wasm.__wbg_set_derivenearkeypairandencryptresult_stored(this.__wbg_ptr, arg0);\n }\n /**\n * @param {string} near_account_id\n * @param {string} public_key\n * @param {string} encrypted_data\n * @param {string} chacha20_nonce_b64u\n * @param {string} wrap_key_salt\n * @param {number} version\n * @param {boolean} stored\n */\n constructor(near_account_id, public_key, encrypted_data, chacha20_nonce_b64u, wrap_key_salt, version, stored) {\n const ptr0 = passStringToWasm0(near_account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(encrypted_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n const ptr4 = passStringToWasm0(wrap_key_salt, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len4 = WASM_VECTOR_LEN;\n const ret = wasm.derivenearkeypairandencryptresult_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4, version, stored);\n this.__wbg_ptr = ret >>> 0;\n DeriveNearKeypairAndEncryptResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst Device2TransactionContextFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_device2transactioncontext_free(ptr >>> 0, 1));\n/**\n * Transaction context from NEAR RPC\n */\nexport class Device2TransactionContext {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n Device2TransactionContextFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_device2transactioncontext_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get txBlockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_device2transactioncontext_txBlockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get txBlockHeight() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_device2transactioncontext_txBlockHeight(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHeight(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get baseNonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_device2transactioncontext_baseNonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set baseNonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst ExtractCoseRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_extractcoserequest_free(ptr >>> 0, 1));\n\nexport class ExtractCoseRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n ExtractCoseRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_extractcoserequest_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get attestationObjectBase64url() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_extractcoserequest_attestationObjectBase64url(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set attestationObjectBase64url(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_coseextractionresult_cosePublicKeyBytes(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst KeyActionResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_keyactionresult_free(ptr >>> 0, 1));\n\nexport class KeyActionResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n KeyActionResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_keyactionresult_free(ptr, 0);\n }\n /**\n * @returns {boolean}\n */\n get success() {\n const ret = wasm.__wbg_get_delegatesignresult_success(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set success(arg0) {\n wasm.__wbg_set_delegatesignresult_success(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string | undefined}\n */\n get transactionHash() {\n const ret = wasm.__wbg_get_keyactionresult_transactionHash(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set transactionHash(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_hash(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmSignedTransaction | undefined}\n */\n get signedTransaction() {\n const ret = wasm.__wbg_get_keyactionresult_signedTransaction(this.__wbg_ptr);\n return ret === 0 ? undefined : WasmSignedTransaction.__wrap(ret);\n }\n /**\n * @param {WasmSignedTransaction | null} [arg0]\n */\n set signedTransaction(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, WasmSignedTransaction);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_keyactionresult_signedTransaction(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string[]}\n */\n get logs() {\n const ret = wasm.__wbg_get_keyactionresult_logs(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set logs(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_logs(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get error() {\n const ret = wasm.__wbg_get_keyactionresult_error(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set error(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_error(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {boolean} success\n * @param {string | null | undefined} transaction_hash\n * @param {WasmSignedTransaction | null | undefined} signed_transaction\n * @param {string[]} logs\n * @param {string | null} [error]\n */\n constructor(success, transaction_hash, signed_transaction, logs, error) {\n var ptr0 = isLikeNone(transaction_hash) ? 0 : passStringToWasm0(transaction_hash, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n let ptr1 = 0;\n if (!isLikeNone(signed_transaction)) {\n _assertClass(signed_transaction, WasmSignedTransaction);\n ptr1 = signed_transaction.__destroy_into_raw();\n }\n const ptr2 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(error) ? 0 : passStringToWasm0(error, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.keyactionresult_new(success, ptr0, len0, ptr1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n KeyActionResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst OriginPolicyInputFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_originpolicyinput_free(ptr >>> 0, 1));\n/**\n * Origin policy input for WebAuthn registration (user-provided)\n */\nexport class OriginPolicyInput {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(OriginPolicyInput.prototype);\n obj.__wbg_ptr = ptr;\n OriginPolicyInputFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n OriginPolicyInputFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_originpolicyinput_free(ptr, 0);\n }\n /**\n * Exactly one of these should be set\n * @returns {boolean | undefined}\n */\n get single() {\n const ret = wasm.__wbg_get_originpolicyinput_single(this.__wbg_ptr);\n return ret === 0xFFFFFF ? undefined : ret !== 0;\n }\n /**\n * Exactly one of these should be set\n * @param {boolean | null} [arg0]\n */\n set single(arg0) {\n wasm.__wbg_set_originpolicyinput_single(this.__wbg_ptr, isLikeNone(arg0) ? 0xFFFFFF : arg0 ? 1 : 0);\n }\n /**\n * @returns {boolean | undefined}\n */\n get all_subdomains() {\n const ret = wasm.__wbg_get_originpolicyinput_all_subdomains(this.__wbg_ptr);\n return ret === 0xFFFFFF ? undefined : ret !== 0;\n }\n /**\n * @param {boolean | null} [arg0]\n */\n set all_subdomains(arg0) {\n wasm.__wbg_set_originpolicyinput_all_subdomains(this.__wbg_ptr, isLikeNone(arg0) ? 0xFFFFFF : arg0 ? 1 : 0);\n }\n /**\n * @returns {string[] | undefined}\n */\n get multiple() {\n const ret = wasm.__wbg_get_originpolicyinput_multiple(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {string[] | null} [arg0]\n */\n set multiple(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_originpolicyinput_multiple(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst PrfOutputsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_prfoutputs_free(ptr >>> 0, 1));\n\nexport class PrfOutputs {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(PrfOutputs.prototype);\n obj.__wbg_ptr = ptr;\n PrfOutputsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n PrfOutputsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_prfoutputs_free(ptr, 0);\n }\n /**\n * @returns {string | undefined}\n */\n get first() {\n const ret = wasm.__wbg_get_prfoutputs_first(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set first(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_prfoutputs_first(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get second() {\n const ret = wasm.__wbg_get_prfoutputs_second(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set second(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_prfoutputs_second(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst PrfResultsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_prfresults_free(ptr >>> 0, 1));\n\nexport class PrfResults {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(PrfResults.prototype);\n obj.__wbg_ptr = ptr;\n PrfResultsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n PrfResultsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_prfresults_free(ptr, 0);\n }\n /**\n * @returns {PrfOutputs}\n */\n get results() {\n const ret = wasm.__wbg_get_clientextensionresults_prf(this.__wbg_ptr);\n return PrfOutputs.__wrap(ret);\n }\n /**\n * @param {PrfOutputs} arg0\n */\n set results(arg0) {\n _assertClass(arg0, PrfOutputs);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_clientextensionresults_prf(this.__wbg_ptr, ptr0);\n }\n}\n\nconst RecoverKeypairRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_recoverkeypairrequest_free(ptr >>> 0, 1));\n\nexport class RecoverKeypairRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RecoverKeypairRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_recoverkeypairrequest_free(ptr, 0);\n }\n /**\n * @returns {SerializedCredential}\n */\n get credential() {\n const ret = wasm.__wbg_get_recoverkeypairrequest_credential(this.__wbg_ptr);\n return SerializedCredential.__wrap(ret);\n }\n /**\n * @param {SerializedCredential} arg0\n */\n set credential(arg0) {\n _assertClass(arg0, SerializedCredential);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_recoverkeypairrequest_credential(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string | undefined}\n */\n get accountIdHint() {\n const ret = wasm.__wbg_get_recoverkeypairrequest_accountIdHint(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set accountIdHint(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_recoverkeypairrequest_accountIdHint(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst RecoverKeypairResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_recoverkeypairresult_free(ptr >>> 0, 1));\n\nexport class RecoverKeypairResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RecoverKeypairResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_recoverkeypairresult_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_encryptedData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get chacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_chacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set chacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get wrapKeySalt() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_wrapKeySalt(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set wrapKeySalt(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get accountIdHint() {\n const ret = wasm.__wbg_get_recoverkeypairresult_accountIdHint(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set accountIdHint(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_recoverkeypairresult_accountIdHint(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} public_key\n * @param {string} encrypted_data\n * @param {string} chacha20_nonce_b64u\n * @param {string} wrap_key_salt\n * @param {string | null} [account_id_hint]\n */\n constructor(public_key, encrypted_data, chacha20_nonce_b64u, wrap_key_salt, account_id_hint) {\n const ptr0 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(wrap_key_salt, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n var ptr4 = isLikeNone(account_id_hint) ? 0 : passStringToWasm0(account_id_hint, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len4 = WASM_VECTOR_LEN;\n const ret = wasm.recoverkeypairresult_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4);\n this.__wbg_ptr = ret >>> 0;\n RecoverKeypairResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst RegisterDevice2WithDerivedKeyRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registerdevice2withderivedkeyrequest_free(ptr >>> 0, 1));\n/**\n * Request for combined Device2 registration flow.\n * Assumes WrapKeySeed and PRF.second have already been delivered to the signer worker via MessagePort.\n */\nexport class RegisterDevice2WithDerivedKeyRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegisterDevice2WithDerivedKeyRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registerdevice2withderivedkeyrequest_free(ptr, 0);\n }\n /**\n * Session ID (identifies the MessagePort session where WrapKeySeed and PRF.second were delivered)\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Session ID (identifies the MessagePort session where WrapKeySeed and PRF.second were delivered)\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Serialized registration credential (contains PRF.second in client extension results)\n * @returns {SerializedRegistrationCredential}\n */\n get credential() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr);\n return SerializedRegistrationCredential.__wrap(ret);\n }\n /**\n * Serialized registration credential (contains PRF.second in client extension results)\n * @param {SerializedRegistrationCredential} arg0\n */\n set credential(arg0) {\n _assertClass(arg0, SerializedRegistrationCredential);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr, ptr0);\n }\n /**\n * NEAR account ID for Device2\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyrequest_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * NEAR account ID for Device2\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Contract ID (Receiver ID for the transaction)\n * @returns {string}\n */\n get contractId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyrequest_contractId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Contract ID (Receiver ID for the transaction)\n * @param {string} arg0\n */\n set contractId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyrequest_contractId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst RegisterDevice2WithDerivedKeyResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registerdevice2withderivedkeyresult_free(ptr >>> 0, 1));\n/**\n * Result of combined Device2 registration\n */\nexport class RegisterDevice2WithDerivedKeyResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegisterDevice2WithDerivedKeyResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registerdevice2withderivedkeyresult_free(ptr, 0);\n }\n /**\n * Derived NEAR public key (ed25519, base58-encoded)\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Derived NEAR public key (ed25519, base58-encoded)\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_publicKey(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Encrypted NEAR private key (base64url-encoded)\n * @returns {string}\n */\n get encryptedData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_encryptedData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Encrypted NEAR private key (base64url-encoded)\n * @param {string} arg0\n */\n set encryptedData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_encryptedData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce used for encryption (base64url-encoded)\n * @returns {string}\n */\n get chacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_chacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce used for encryption (base64url-encoded)\n * @param {string} arg0\n */\n set chacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_chacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * WrapKeySalt used for KEK derivation (base64url-encoded)\n * @returns {string}\n */\n get wrapKeySalt() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_wrapKeySalt(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * WrapKeySalt used for KEK derivation (base64url-encoded)\n * @param {string} arg0\n */\n set wrapKeySalt(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Signed registration transaction (borsh-serialized, base64url-encoded)\n * @returns {WasmSignedTransaction}\n */\n get signedTransaction() {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_signedTransaction(this.__wbg_ptr);\n return WasmSignedTransaction.__wrap(ret);\n }\n /**\n * Signed registration transaction (borsh-serialized, base64url-encoded)\n * @param {WasmSignedTransaction} arg0\n */\n set signedTransaction(arg0) {\n _assertClass(arg0, WasmSignedTransaction);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_registerdevice2withderivedkeyresult_signedTransaction(this.__wbg_ptr, ptr0);\n }\n /**\n * @param {string} public_key\n * @param {string} encrypted_data\n * @param {string} chacha20_nonce_b64u\n * @param {string} wrap_key_salt\n * @param {WasmSignedTransaction} signed_transaction\n */\n constructor(public_key, encrypted_data, chacha20_nonce_b64u, wrap_key_salt, signed_transaction) {\n const ptr0 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(wrap_key_salt, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n _assertClass(signed_transaction, WasmSignedTransaction);\n var ptr4 = signed_transaction.__destroy_into_raw();\n const ret = wasm.registerdevice2withderivedkeyresult_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4);\n this.__wbg_ptr = ret >>> 0;\n RegisterDevice2WithDerivedKeyResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst RegistrationPayloadFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registrationpayload_free(ptr >>> 0, 1));\n\nexport class RegistrationPayload {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegistrationPayloadFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registrationpayload_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationpayload_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationpayload_nonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get blockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationpayload_blockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set blockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get deterministicVrfPublicKey() {\n const ret = wasm.__wbg_get_registrationpayload_deterministicVrfPublicKey(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set deterministicVrfPublicKey(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {number | undefined}\n */\n get deviceNumber() {\n const ret = wasm.__wbg_get_registrationpayload_deviceNumber(this.__wbg_ptr);\n return ret === 0xFFFFFF ? undefined : ret;\n }\n /**\n * @param {number | null} [arg0]\n */\n set deviceNumber(arg0) {\n wasm.__wbg_set_registrationpayload_deviceNumber(this.__wbg_ptr, isLikeNone(arg0) ? 0xFFFFFF : arg0);\n }\n /**\n * @returns {AuthenticatorOptions | undefined}\n */\n get authenticatorOptions() {\n const ret = wasm.__wbg_get_registrationpayload_authenticatorOptions(this.__wbg_ptr);\n return ret === 0 ? undefined : AuthenticatorOptions.__wrap(ret);\n }\n /**\n * @param {AuthenticatorOptions | null} [arg0]\n */\n set authenticatorOptions(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, AuthenticatorOptions);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_registrationpayload_authenticatorOptions(this.__wbg_ptr, ptr0);\n }\n}\n\nconst RegistrationResponseFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registrationresponse_free(ptr >>> 0, 1));\n\nexport class RegistrationResponse {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(RegistrationResponse.prototype);\n obj.__wbg_ptr = ptr;\n RegistrationResponseFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegistrationResponseFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registrationresponse_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get clientDataJSON() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationresponse_clientDataJSON(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set clientDataJSON(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get attestationObject() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationresponse_attestationObject(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set attestationObject(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string[]}\n */\n get transports() {\n const ret = wasm.__wbg_get_registrationresponse_transports(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set transports(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registrationresponse_transports(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst RpcCallPayloadFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_rpccallpayload_free(ptr >>> 0, 1));\n/**\n * RPC call parameters for NEAR operations and VRF generation\n * Used to pass essential parameters for background operations\n */\nexport class RpcCallPayload {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RpcCallPayloadFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_rpccallpayload_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get contractId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_rpccallpayload_contractId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set contractId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nearRpcUrl() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_rpccallpayload_nearRpcUrl(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearRpcUrl(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_rpccallpayload_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst SerializedCredentialFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_serializedcredential_free(ptr >>> 0, 1));\n\nexport class SerializedCredential {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(SerializedCredential.prototype);\n obj.__wbg_ptr = ptr;\n SerializedCredentialFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SerializedCredentialFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_serializedcredential_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedcredential_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get rawId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedcredential_rawId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set rawId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedcredential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticatorAttachment() {\n const ret = wasm.__wbg_get_serializedcredential_authenticatorAttachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticatorAttachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {AuthenticationResponse}\n */\n get response() {\n const ret = wasm.__wbg_get_serializedcredential_response(this.__wbg_ptr);\n return AuthenticationResponse.__wrap(ret);\n }\n /**\n * @param {AuthenticationResponse} arg0\n */\n set response(arg0) {\n _assertClass(arg0, AuthenticationResponse);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedcredential_response(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {ClientExtensionResults}\n */\n get clientExtensionResults() {\n const ret = wasm.__wbg_get_serializedcredential_clientExtensionResults(this.__wbg_ptr);\n return ClientExtensionResults.__wrap(ret);\n }\n /**\n * @param {ClientExtensionResults} arg0\n */\n set clientExtensionResults(arg0) {\n _assertClass(arg0, ClientExtensionResults);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedcredential_clientExtensionResults(this.__wbg_ptr, ptr0);\n }\n}\n\nconst SerializedRegistrationCredentialFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_serializedregistrationcredential_free(ptr >>> 0, 1));\n\nexport class SerializedRegistrationCredential {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(SerializedRegistrationCredential.prototype);\n obj.__wbg_ptr = ptr;\n SerializedRegistrationCredentialFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SerializedRegistrationCredentialFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_serializedregistrationcredential_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedregistrationcredential_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get rawId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedregistrationcredential_rawId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set rawId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedregistrationcredential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticatorAttachment() {\n const ret = wasm.__wbg_get_serializedregistrationcredential_authenticatorAttachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticatorAttachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedregistrationcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {RegistrationResponse}\n */\n get response() {\n const ret = wasm.__wbg_get_serializedregistrationcredential_response(this.__wbg_ptr);\n return RegistrationResponse.__wrap(ret);\n }\n /**\n * @param {RegistrationResponse} arg0\n */\n set response(arg0) {\n _assertClass(arg0, RegistrationResponse);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedregistrationcredential_response(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {ClientExtensionResults}\n */\n get clientExtensionResults() {\n const ret = wasm.__wbg_get_serializedregistrationcredential_clientExtensionResults(this.__wbg_ptr);\n return ClientExtensionResults.__wrap(ret);\n }\n /**\n * @param {ClientExtensionResults} arg0\n */\n set clientExtensionResults(arg0) {\n _assertClass(arg0, ClientExtensionResults);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedregistrationcredential_clientExtensionResults(this.__wbg_ptr, ptr0);\n }\n}\n\nconst SignNep413RequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_signnep413request_free(ptr >>> 0, 1));\n\nexport class SignNep413Request {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SignNep413RequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_signnep413request_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get message() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_message(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set message(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get recipient() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_recipient(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set recipient(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_nonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get state() {\n const ret = wasm.__wbg_get_signnep413request_state(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set state(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get accountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_accountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set accountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedPrivateKeyData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_encryptedPrivateKeyData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedPrivateKeyData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @returns {string}\n */\n get encryptedPrivateKeyChacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @param {string} arg0\n */\n set encryptedPrivateKeyChacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst SignNep413ResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_signnep413result_free(ptr >>> 0, 1));\n\nexport class SignNep413Result {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SignNep413ResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_signnep413result_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get accountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413result_accountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set accountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413result_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get signature() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413result_signature(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signature(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get state() {\n const ret = wasm.__wbg_get_signnep413result_state(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set state(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} account_id\n * @param {string} public_key\n * @param {string} signature\n * @param {string | null} [state]\n */\n constructor(account_id, public_key, signature, state) {\n const ptr0 = passStringToWasm0(account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(signature, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(state) ? 0 : passStringToWasm0(state, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.signnep413result_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n SignNep413ResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst TransactionContextFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_transactioncontext_free(ptr >>> 0, 1));\n/**\n * Transaction context containing NEAR blockchain data\n * Computed in the main thread confirmation flow\n */\nexport class TransactionContext {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n TransactionContextFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_transactioncontext_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearPublicKeyStr() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_nearPublicKeyStr(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearPublicKeyStr(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nextNonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_nextNonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nextNonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get txBlockHeight() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_txBlockHeight(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHeight(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get txBlockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_txBlockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst TransactionSignResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_transactionsignresult_free(ptr >>> 0, 1));\n\nexport class TransactionSignResult {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(TransactionSignResult.prototype);\n obj.__wbg_ptr = ptr;\n TransactionSignResultFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n TransactionSignResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_transactionsignresult_free(ptr, 0);\n }\n /**\n * @returns {boolean}\n */\n get success() {\n const ret = wasm.__wbg_get_transactionsignresult_success(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set success(arg0) {\n wasm.__wbg_set_transactionsignresult_success(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string[] | undefined}\n */\n get transactionHashes() {\n const ret = wasm.__wbg_get_transactionsignresult_transactionHashes(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {string[] | null} [arg0]\n */\n set transactionHashes(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_transactionsignresult_transactionHashes(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmSignedTransaction[] | undefined}\n */\n get signedTransactions() {\n const ret = wasm.__wbg_get_transactionsignresult_signedTransactions(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {WasmSignedTransaction[] | null} [arg0]\n */\n set signedTransactions(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_transactionsignresult_signedTransactions(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string[]}\n */\n get logs() {\n const ret = wasm.__wbg_get_transactionsignresult_logs(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set logs(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_transactionsignresult_logs(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get error() {\n const ret = wasm.__wbg_get_transactionsignresult_error(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set error(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {boolean} success\n * @param {string[] | null | undefined} transaction_hashes\n * @param {WasmSignedTransaction[] | null | undefined} signed_transactions\n * @param {string[]} logs\n * @param {string | null} [error]\n */\n constructor(success, transaction_hashes, signed_transactions, logs, error) {\n var ptr0 = isLikeNone(transaction_hashes) ? 0 : passArrayJsValueToWasm0(transaction_hashes, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n var ptr1 = isLikeNone(signed_transactions) ? 0 : passArrayJsValueToWasm0(signed_transactions, wasm.__wbindgen_malloc);\n var len1 = WASM_VECTOR_LEN;\n const ptr2 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(error) ? 0 : passStringToWasm0(error, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.transactionsignresult_new(success, ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n TransactionSignResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n /**\n * Helper function to create a failed TransactionSignResult\n * @param {string[]} logs\n * @param {string} error_msg\n * @returns {TransactionSignResult}\n */\n static failed(logs, error_msg) {\n const ptr0 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(error_msg, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.transactionsignresult_failed(ptr0, len0, ptr1, len1);\n return TransactionSignResult.__wrap(ret);\n }\n}\n\nconst VrfChallengeFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_vrfchallenge_free(ptr >>> 0, 1));\n\nexport class VrfChallenge {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n VrfChallengeFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_vrfchallenge_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get vrfInput() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfInput(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfInput(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get vrfOutput() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfOutput(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfOutput(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get vrfProof() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfProof(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfProof(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get vrfPublicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfPublicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfPublicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get userId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_userId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set userId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get rpId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_rpId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set rpId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get blockHeight() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_blockHeight(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set blockHeight(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get blockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_blockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set blockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_vrfchallenge_blockHash(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst WasmDelegateActionFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmdelegateaction_free(ptr >>> 0, 1));\n\nexport class WasmDelegateAction {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmDelegateAction.prototype);\n obj.__wbg_ptr = ptr;\n WasmDelegateActionFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmDelegateActionFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmdelegateaction_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get senderId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmdelegateaction_senderId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set senderId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_senderId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get receiverId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmdelegateaction_receiverId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set receiverId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_receiverId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {any}\n */\n get actions() {\n const ret = wasm.__wbg_get_wasmdelegateaction_actions(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {any} arg0\n */\n set actions(arg0) {\n wasm.__wbg_set_wasmdelegateaction_actions(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {bigint}\n */\n get nonce() {\n const ret = wasm.__wbg_get_wasmdelegateaction_nonce(this.__wbg_ptr);\n return BigInt.asUintN(64, ret);\n }\n /**\n * @param {bigint} arg0\n */\n set nonce(arg0) {\n wasm.__wbg_set_wasmdelegateaction_nonce(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {bigint}\n */\n get maxBlockHeight() {\n const ret = wasm.__wbg_get_wasmdelegateaction_maxBlockHeight(this.__wbg_ptr);\n return BigInt.asUintN(64, ret);\n }\n /**\n * @param {bigint} arg0\n */\n set maxBlockHeight(arg0) {\n wasm.__wbg_set_wasmdelegateaction_maxBlockHeight(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {WasmPublicKey}\n */\n get publicKey() {\n const ret = wasm.__wbg_get_wasmdelegateaction_publicKey(this.__wbg_ptr);\n return WasmPublicKey.__wrap(ret);\n }\n /**\n * @param {WasmPublicKey} arg0\n */\n set publicKey(arg0) {\n _assertClass(arg0, WasmPublicKey);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmdelegateaction_publicKey(this.__wbg_ptr, ptr0);\n }\n}\n\nconst WasmPublicKeyFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmpublickey_free(ptr >>> 0, 1));\n\nexport class WasmPublicKey {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmPublicKey.prototype);\n obj.__wbg_ptr = ptr;\n WasmPublicKeyFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmPublicKeyFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmpublickey_free(ptr, 0);\n }\n /**\n * @returns {number}\n */\n get keyType() {\n const ret = wasm.__wbg_get_wasmpublickey_keyType(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set keyType(arg0) {\n wasm.__wbg_set_wasmpublickey_keyType(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {Uint8Array}\n */\n get keyData() {\n const ret = wasm.__wbg_get_wasmpublickey_keyData(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set keyData(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {number} keyType\n * @param {Uint8Array} keyData\n */\n constructor(keyType, keyData) {\n const ptr0 = passArray8ToWasm0(keyData, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ret = wasm.wasmpublickey_new(keyType, ptr0, len0);\n this.__wbg_ptr = ret >>> 0;\n WasmPublicKeyFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WasmSignatureFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmsignature_free(ptr >>> 0, 1));\n\nexport class WasmSignature {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmSignature.prototype);\n obj.__wbg_ptr = ptr;\n WasmSignatureFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmSignatureFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmsignature_free(ptr, 0);\n }\n /**\n * @returns {number}\n */\n get keyType() {\n const ret = wasm.__wbg_get_wasmpublickey_keyType(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set keyType(arg0) {\n wasm.__wbg_set_wasmpublickey_keyType(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {Uint8Array}\n */\n get signatureData() {\n const ret = wasm.__wbg_get_wasmsignature_signatureData(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set signatureData(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {number} keyType\n * @param {Uint8Array} signatureData\n */\n constructor(keyType, signatureData) {\n const ptr0 = passArray8ToWasm0(signatureData, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ret = wasm.wasmpublickey_new(keyType, ptr0, len0);\n this.__wbg_ptr = ret >>> 0;\n WasmSignatureFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WasmSignedDelegateFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmsigneddelegate_free(ptr >>> 0, 1));\n\nexport class WasmSignedDelegate {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmSignedDelegate.prototype);\n obj.__wbg_ptr = ptr;\n WasmSignedDelegateFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmSignedDelegateFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmsigneddelegate_free(ptr, 0);\n }\n /**\n * @returns {WasmDelegateAction}\n */\n get delegateAction() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_delegateAction(this.__wbg_ptr);\n return WasmDelegateAction.__wrap(ret);\n }\n /**\n * @param {WasmDelegateAction} arg0\n */\n set delegateAction(arg0) {\n _assertClass(arg0, WasmDelegateAction);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsigneddelegate_delegateAction(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {WasmSignature}\n */\n get signature() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_signature(this.__wbg_ptr);\n return WasmSignature.__wrap(ret);\n }\n /**\n * @param {WasmSignature} arg0\n */\n set signature(arg0) {\n _assertClass(arg0, WasmSignature);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsigneddelegate_signature(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {Uint8Array}\n */\n get borshBytes() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_borshBytes(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set borshBytes(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmsigneddelegate_borshBytes(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {WasmDelegateAction} delegateAction\n * @param {WasmSignature} signature\n * @param {Uint8Array} borshBytes\n */\n constructor(delegateAction, signature, borshBytes) {\n _assertClass(delegateAction, WasmDelegateAction);\n var ptr0 = delegateAction.__destroy_into_raw();\n _assertClass(signature, WasmSignature);\n var ptr1 = signature.__destroy_into_raw();\n const ptr2 = passArray8ToWasm0(borshBytes, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n const ret = wasm.wasmsigneddelegate_new(ptr0, ptr1, ptr2, len2);\n this.__wbg_ptr = ret >>> 0;\n WasmSignedDelegateFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n /**\n * @returns {Uint8Array}\n */\n to_borsh_bytes() {\n const ret = wasm.wasmsigneddelegate_to_borsh_bytes(this.__wbg_ptr);\n if (ret[3]) {\n throw takeFromExternrefTable0(ret[2]);\n }\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n}\n\nconst WasmSignedTransactionFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmsignedtransaction_free(ptr >>> 0, 1));\n\nexport class WasmSignedTransaction {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmSignedTransaction.prototype);\n obj.__wbg_ptr = ptr;\n WasmSignedTransactionFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n static __unwrap(jsValue) {\n if (!(jsValue instanceof WasmSignedTransaction)) {\n return 0;\n }\n return jsValue.__destroy_into_raw();\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmSignedTransactionFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmsignedtransaction_free(ptr, 0);\n }\n /**\n * @returns {WasmTransaction}\n */\n get transaction() {\n const ret = wasm.__wbg_get_wasmsignedtransaction_transaction(this.__wbg_ptr);\n return WasmTransaction.__wrap(ret);\n }\n /**\n * @param {WasmTransaction} arg0\n */\n set transaction(arg0) {\n _assertClass(arg0, WasmTransaction);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsignedtransaction_transaction(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {WasmSignature}\n */\n get signature() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_signature(this.__wbg_ptr);\n return WasmSignature.__wrap(ret);\n }\n /**\n * @param {WasmSignature} arg0\n */\n set signature(arg0) {\n _assertClass(arg0, WasmSignature);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsigneddelegate_signature(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {Uint8Array}\n */\n get borshBytes() {\n const ret = wasm.__wbg_get_wasmsignedtransaction_borshBytes(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set borshBytes(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmsigneddelegate_borshBytes(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {WasmTransaction} transaction\n * @param {WasmSignature} signature\n * @param {Uint8Array} borshBytes\n */\n constructor(transaction, signature, borshBytes) {\n _assertClass(transaction, WasmTransaction);\n var ptr0 = transaction.__destroy_into_raw();\n _assertClass(signature, WasmSignature);\n var ptr1 = signature.__destroy_into_raw();\n const ptr2 = passArray8ToWasm0(borshBytes, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n const ret = wasm.wasmsigneddelegate_new(ptr0, ptr1, ptr2, len2);\n this.__wbg_ptr = ret >>> 0;\n WasmSignedTransactionFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WasmTransactionFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmtransaction_free(ptr >>> 0, 1));\n\nexport class WasmTransaction {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmTransaction.prototype);\n obj.__wbg_ptr = ptr;\n WasmTransactionFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmTransactionFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmtransaction_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get signerId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmtransaction_signerId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signerId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmtransaction_signerId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmPublicKey}\n */\n get publicKey() {\n const ret = wasm.__wbg_get_wasmdelegateaction_publicKey(this.__wbg_ptr);\n return WasmPublicKey.__wrap(ret);\n }\n /**\n * @param {WasmPublicKey} arg0\n */\n set publicKey(arg0) {\n _assertClass(arg0, WasmPublicKey);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmdelegateaction_publicKey(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {bigint}\n */\n get nonce() {\n const ret = wasm.__wbg_get_wasmdelegateaction_nonce(this.__wbg_ptr);\n return BigInt.asUintN(64, ret);\n }\n /**\n * @param {bigint} arg0\n */\n set nonce(arg0) {\n wasm.__wbg_set_wasmdelegateaction_nonce(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string}\n */\n get receiverId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmtransaction_receiverId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set receiverId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmtransaction_receiverId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {Uint8Array}\n */\n get blockHash() {\n const ret = wasm.__wbg_get_wasmtransaction_blockHash(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set blockHash(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmtransaction_blockHash(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {any}\n */\n get actions() {\n const ret = wasm.__wbg_get_wasmtransaction_actions(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {any} arg0\n */\n set actions(arg0) {\n wasm.__wbg_set_wasmtransaction_actions(this.__wbg_ptr, arg0);\n }\n /**\n * @param {string} signerId\n * @param {WasmPublicKey} publicKey\n * @param {bigint} nonce\n * @param {string} receiverId\n * @param {Uint8Array} blockHash\n * @param {any} actions\n */\n constructor(signerId, publicKey, nonce, receiverId, blockHash, actions) {\n const ptr0 = passStringToWasm0(signerId, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n _assertClass(publicKey, WasmPublicKey);\n var ptr1 = publicKey.__destroy_into_raw();\n const ptr2 = passStringToWasm0(receiverId, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passArray8ToWasm0(blockHash, wasm.__wbindgen_malloc);\n const len3 = WASM_VECTOR_LEN;\n const ret = wasm.wasmtransaction_new(ptr0, len0, ptr1, nonce, ptr2, len2, ptr3, len3, actions);\n this.__wbg_ptr = ret >>> 0;\n WasmTransactionFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WebAuthnAuthenticationCredentialStructFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_webauthnauthenticationcredentialstruct_free(ptr >>> 0, 1));\n\nexport class WebAuthnAuthenticationCredentialStruct {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WebAuthnAuthenticationCredentialStructFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_webauthnauthenticationcredentialstruct_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get raw_id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_raw_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set raw_id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get credential_type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_credential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set credential_type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticator_attachment() {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_authenticator_attachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticator_attachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedregistrationcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get client_data_json() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_client_data_json(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set client_data_json(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get authenticator_data() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_authenticator_data(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set authenticator_data(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get signature() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_signature(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signature(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get user_handle() {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_user_handle(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set user_handle(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} id\n * @param {string} raw_id\n * @param {string} credential_type\n * @param {string | null | undefined} authenticator_attachment\n * @param {string} client_data_json\n * @param {string} authenticator_data\n * @param {string} signature\n * @param {string | null} [user_handle]\n */\n constructor(id, raw_id, credential_type, authenticator_attachment, client_data_json, authenticator_data, signature, user_handle) {\n const ptr0 = passStringToWasm0(id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(raw_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(credential_type, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(authenticator_attachment) ? 0 : passStringToWasm0(authenticator_attachment, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ptr4 = passStringToWasm0(client_data_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len4 = WASM_VECTOR_LEN;\n const ptr5 = passStringToWasm0(authenticator_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len5 = WASM_VECTOR_LEN;\n const ptr6 = passStringToWasm0(signature, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len6 = WASM_VECTOR_LEN;\n var ptr7 = isLikeNone(user_handle) ? 0 : passStringToWasm0(user_handle, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len7 = WASM_VECTOR_LEN;\n const ret = wasm.webauthnauthenticationcredentialstruct_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4, ptr5, len5, ptr6, len6, ptr7, len7);\n this.__wbg_ptr = ret >>> 0;\n WebAuthnAuthenticationCredentialStructFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WebAuthnRegistrationCredentialStructFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_webauthnregistrationcredentialstruct_free(ptr >>> 0, 1));\n\nexport class WebAuthnRegistrationCredentialStruct {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WebAuthnRegistrationCredentialStructFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_webauthnregistrationcredentialstruct_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get raw_id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_raw_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set raw_id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get credential_type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_credential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set credential_type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticator_attachment() {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_authenticator_attachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticator_attachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_webauthnregistrationcredentialstruct_authenticator_attachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get client_data_json() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_client_data_json(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set client_data_json(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get attestation_object() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_attestation_object(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set attestation_object(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string[] | undefined}\n */\n get transports() {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_transports(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {string[] | null} [arg0]\n */\n set transports(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_webauthnregistrationcredentialstruct_transports(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get ed25519_prf_output() {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_ed25519_prf_output(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set ed25519_prf_output(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} id\n * @param {string} raw_id\n * @param {string} credential_type\n * @param {string | null | undefined} authenticator_attachment\n * @param {string} client_data_json\n * @param {string} attestation_object\n * @param {string[] | null} [transports]\n * @param {string | null} [ed25519_prf_output]\n */\n constructor(id, raw_id, credential_type, authenticator_attachment, client_data_json, attestation_object, transports, ed25519_prf_output) {\n const ptr0 = passStringToWasm0(id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(raw_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(credential_type, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(authenticator_attachment) ? 0 : passStringToWasm0(authenticator_attachment, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ptr4 = passStringToWasm0(client_data_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len4 = WASM_VECTOR_LEN;\n const ptr5 = passStringToWasm0(attestation_object, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len5 = WASM_VECTOR_LEN;\n var ptr6 = isLikeNone(transports) ? 0 : passArrayJsValueToWasm0(transports, wasm.__wbindgen_malloc);\n var len6 = WASM_VECTOR_LEN;\n var ptr7 = isLikeNone(ed25519_prf_output) ? 0 : passStringToWasm0(ed25519_prf_output, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len7 = WASM_VECTOR_LEN;\n const ret = wasm.webauthnregistrationcredentialstruct_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4, ptr5, len5, ptr6, len6, ptr7, len7);\n this.__wbg_ptr = ret >>> 0;\n WebAuthnRegistrationCredentialStructFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WorkerProgressMessageFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_workerprogressmessage_free(ptr >>> 0, 1));\n/**\n * Base progress message structure sent from WASM to TypeScript\n * Auto-generates TypeScript interface: WorkerProgressMessage\n */\nexport class WorkerProgressMessage {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WorkerProgressMessageFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_workerprogressmessage_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get message_type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_message_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set message_type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_workerprogressmessage_message_type(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get step() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_step(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set step(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_workerprogressmessage_step(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get message() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_message(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set message(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_senderId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get status() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_status(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set status(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_receiverId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {number}\n */\n get timestamp() {\n const ret = wasm.__wbg_get_workerprogressmessage_timestamp(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set timestamp(arg0) {\n wasm.__wbg_set_workerprogressmessage_timestamp(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string | undefined}\n */\n get data() {\n const ret = wasm.__wbg_get_workerprogressmessage_data(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set data(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_workerprogressmessage_data(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} message_type\n * @param {string} step\n * @param {string} message\n * @param {string} status\n * @param {number} timestamp\n * @param {string | null} [data]\n */\n constructor(message_type, step, message, status, timestamp, data) {\n const ptr0 = passStringToWasm0(message_type, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(step, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(message, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(status, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n var ptr4 = isLikeNone(data) ? 0 : passStringToWasm0(data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len4 = WASM_VECTOR_LEN;\n const ret = wasm.workerprogressmessage_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, timestamp, ptr4, len4);\n this.__wbg_ptr = ret >>> 0;\n WorkerProgressMessageFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nasync function __wbg_load(module, imports) {\n if (typeof Response === 'function' && module instanceof Response) {\n if (typeof WebAssembly.instantiateStreaming === 'function') {\n try {\n return await WebAssembly.instantiateStreaming(module, imports);\n\n } catch (e) {\n if (module.headers.get('Content-Type') != 'application/wasm') {\n console.warn(\"`WebAssembly.instantiateStreaming` failed because your server does not serve Wasm with `application/wasm` MIME type. Falling back to `WebAssembly.instantiate` which is slower. Original error:\\n\", e);\n\n } else {\n throw e;\n }\n }\n }\n\n const bytes = await module.arrayBuffer();\n return await WebAssembly.instantiate(bytes, imports);\n\n } else {\n const instance = await WebAssembly.instantiate(module, imports);\n\n if (instance instanceof WebAssembly.Instance) {\n return { instance, module };\n\n } else {\n return instance;\n }\n }\n}\n\nfunction __wbg_get_imports() {\n const imports = {};\n imports.wbg = {};\n imports.wbg.__wbg_String_8f0eb39a4a4c2f66 = function(arg0, arg1) {\n const ret = String(arg1);\n const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);\n };\n imports.wbg.__wbg_buffer_609cc3eee51ed158 = function(arg0) {\n const ret = arg0.buffer;\n return ret;\n };\n imports.wbg.__wbg_call_672a4d21634d4a24 = function() { return handleError(function (arg0, arg1) {\n const ret = arg0.call(arg1);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_call_7cccdd69e0791ae2 = function() { return handleError(function (arg0, arg1, arg2) {\n const ret = arg0.call(arg1, arg2);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_call_833bed5770ea2041 = function() { return handleError(function (arg0, arg1, arg2, arg3) {\n const ret = arg0.call(arg1, arg2, arg3);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_close_414b379454494b29 = function(arg0) {\n arg0.close();\n };\n imports.wbg.__wbg_crypto_574e78ad8b13b65f = function(arg0) {\n const ret = arg0.crypto;\n return ret;\n };\n imports.wbg.__wbg_done_769e5ede4b31c67b = function(arg0) {\n const ret = arg0.done;\n return ret;\n };\n imports.wbg.__wbg_entries_3265d4158b33e5dc = function(arg0) {\n const ret = Object.entries(arg0);\n return ret;\n };\n imports.wbg.__wbg_getRandomValues_b8f5dbd5f3995a9e = function() { return handleError(function (arg0, arg1) {\n arg0.getRandomValues(arg1);\n }, arguments) };\n imports.wbg.__wbg_get_67b2ba62fc30de12 = function() { return handleError(function (arg0, arg1) {\n const ret = Reflect.get(arg0, arg1);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_get_b9b93047fe3cf45b = function(arg0, arg1) {\n const ret = arg0[arg1 >>> 0];\n return ret;\n };\n imports.wbg.__wbg_getwithrefkey_1dc361bd10053bfe = function(arg0, arg1) {\n const ret = arg0[arg1];\n return ret;\n };\n imports.wbg.__wbg_instanceof_ArrayBuffer_e14585432e3737fc = function(arg0) {\n let result;\n try {\n result = arg0 instanceof ArrayBuffer;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_instanceof_Map_f3469ce2244d2430 = function(arg0) {\n let result;\n try {\n result = arg0 instanceof Map;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_instanceof_MessagePort_17e6fe07f7e99f84 = function(arg0) {\n let result;\n try {\n result = arg0 instanceof MessagePort;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_instanceof_Uint8Array_17156bcf118086a9 = function(arg0) {\n let result;\n try {\n result = arg0 instanceof Uint8Array;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_isArray_a1eab7e0d067391b = function(arg0) {\n const ret = Array.isArray(arg0);\n return ret;\n };\n imports.wbg.__wbg_isSafeInteger_343e2beeeece1bb0 = function(arg0) {\n const ret = Number.isSafeInteger(arg0);\n return ret;\n };\n imports.wbg.__wbg_iterator_9a24c88df860dc65 = function() {\n const ret = Symbol.iterator;\n return ret;\n };\n imports.wbg.__wbg_length_a446193dc22c12f8 = function(arg0) {\n const ret = arg0.length;\n return ret;\n };\n imports.wbg.__wbg_length_e2d2a49132c1b256 = function(arg0) {\n const ret = arg0.length;\n return ret;\n };\n imports.wbg.__wbg_msCrypto_a61aeb35a24c1329 = function(arg0) {\n const ret = arg0.msCrypto;\n return ret;\n };\n imports.wbg.__wbg_new_23a2665fac83c611 = function(arg0, arg1) {\n try {\n var state0 = {a: arg0, b: arg1};\n var cb0 = (arg0, arg1) => {\n const a = state0.a;\n state0.a = 0;\n try {\n return __wbg_adapter_483(a, state0.b, arg0, arg1);\n } finally {\n state0.a = a;\n }\n };\n const ret = new Promise(cb0);\n return ret;\n } finally {\n state0.a = state0.b = 0;\n }\n };\n imports.wbg.__wbg_new_405e22f390576ce2 = function() {\n const ret = new Object();\n return ret;\n };\n imports.wbg.__wbg_new_78feb108b6472713 = function() {\n const ret = new Array();\n return ret;\n };\n imports.wbg.__wbg_new_a12002a7f91c75be = function(arg0) {\n const ret = new Uint8Array(arg0);\n return ret;\n };\n imports.wbg.__wbg_newnoargs_105ed471475aaf50 = function(arg0, arg1) {\n const ret = new Function(getStringFromWasm0(arg0, arg1));\n return ret;\n };\n imports.wbg.__wbg_newwithbyteoffsetandlength_d97e637ebe145a9a = function(arg0, arg1, arg2) {\n const ret = new Uint8Array(arg0, arg1 >>> 0, arg2 >>> 0);\n return ret;\n };\n imports.wbg.__wbg_newwithlength_a381634e90c276d4 = function(arg0) {\n const ret = new Uint8Array(arg0 >>> 0);\n return ret;\n };\n imports.wbg.__wbg_next_25feadfc0913fea9 = function(arg0) {\n const ret = arg0.next;\n return ret;\n };\n imports.wbg.__wbg_next_6574e1a8a62d1055 = function() { return handleError(function (arg0) {\n const ret = arg0.next();\n return ret;\n }, arguments) };\n imports.wbg.__wbg_node_905d3e251edff8a2 = function(arg0) {\n const ret = arg0.node;\n return ret;\n };\n imports.wbg.__wbg_now_807e54c39636c349 = function() {\n const ret = Date.now();\n return ret;\n };\n imports.wbg.__wbg_parse_def2e24ef1252aff = function() { return handleError(function (arg0, arg1) {\n const ret = JSON.parse(getStringFromWasm0(arg0, arg1));\n return ret;\n }, arguments) };\n imports.wbg.__wbg_process_dc0fbacc7c1c06f7 = function(arg0) {\n const ret = arg0.process;\n return ret;\n };\n imports.wbg.__wbg_push_737cfc8c1432c2c6 = function(arg0, arg1) {\n const ret = arg0.push(arg1);\n return ret;\n };\n imports.wbg.__wbg_queueMicrotask_97d92b4fcc8a61c5 = function(arg0) {\n queueMicrotask(arg0);\n };\n imports.wbg.__wbg_queueMicrotask_d3219def82552485 = function(arg0) {\n const ret = arg0.queueMicrotask;\n return ret;\n };\n imports.wbg.__wbg_race_ace53f9902587e09 = function(arg0) {\n const ret = Promise.race(arg0);\n return ret;\n };\n imports.wbg.__wbg_randomFillSync_ac0988aba3254290 = function() { return handleError(function (arg0, arg1) {\n arg0.randomFillSync(arg1);\n }, arguments) };\n imports.wbg.__wbg_require_60cc747a6bc5215a = function() { return handleError(function () {\n const ret = module.require;\n return ret;\n }, arguments) };\n imports.wbg.__wbg_resolve_4851785c9c5f573d = function(arg0) {\n const ret = Promise.resolve(arg0);\n return ret;\n };\n imports.wbg.__wbg_sendProgressMessage_10ef7504101ae634 = function(arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) {\n sendProgressMessage(arg0 >>> 0, getStringFromWasm0(arg1, arg2), arg3 >>> 0, getStringFromWasm0(arg4, arg5), getStringFromWasm0(arg6, arg7), arg8, arg9);\n };\n imports.wbg.__wbg_set_37837023f3d740e8 = function(arg0, arg1, arg2) {\n arg0[arg1 >>> 0] = arg2;\n };\n imports.wbg.__wbg_set_3f1d0b984ed272ed = function(arg0, arg1, arg2) {\n arg0[arg1] = arg2;\n };\n imports.wbg.__wbg_set_65595bdd868b3009 = function(arg0, arg1, arg2) {\n arg0.set(arg1, arg2 >>> 0);\n };\n imports.wbg.__wbg_setonmessage_23d122da701b8ddb = function(arg0, arg1) {\n arg0.onmessage = arg1;\n };\n imports.wbg.__wbg_start_2c099369ce831bf1 = function(arg0) {\n arg0.start();\n };\n imports.wbg.__wbg_static_accessor_GLOBAL_88a902d13a557d07 = function() {\n const ret = typeof global === 'undefined' ? null : global;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_static_accessor_GLOBAL_THIS_56578be7e9f832b0 = function() {\n const ret = typeof globalThis === 'undefined' ? null : globalThis;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_static_accessor_SELF_37c5d418e4bf5819 = function() {\n const ret = typeof self === 'undefined' ? null : self;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_static_accessor_WINDOW_5de37043a91a9c40 = function() {\n const ret = typeof window === 'undefined' ? null : window;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_subarray_aa9065fa9dc5df96 = function(arg0, arg1, arg2) {\n const ret = arg0.subarray(arg1 >>> 0, arg2 >>> 0);\n return ret;\n };\n imports.wbg.__wbg_then_44b73946d2fb3e7d = function(arg0, arg1) {\n const ret = arg0.then(arg1);\n return ret;\n };\n imports.wbg.__wbg_then_48b406749878a531 = function(arg0, arg1, arg2) {\n const ret = arg0.then(arg1, arg2);\n return ret;\n };\n imports.wbg.__wbg_value_cd1ffa7b1ab794f1 = function(arg0) {\n const ret = arg0.value;\n return ret;\n };\n imports.wbg.__wbg_versions_c01dfd4722a88165 = function(arg0) {\n const ret = arg0.versions;\n return ret;\n };\n imports.wbg.__wbg_wasmsignedtransaction_new = function(arg0) {\n const ret = WasmSignedTransaction.__wrap(arg0);\n return ret;\n };\n imports.wbg.__wbg_wasmsignedtransaction_unwrap = function(arg0) {\n const ret = WasmSignedTransaction.__unwrap(arg0);\n return ret;\n };\n imports.wbg.__wbindgen_as_number = function(arg0) {\n const ret = +arg0;\n return ret;\n };\n imports.wbg.__wbindgen_bigint_from_i64 = function(arg0) {\n const ret = arg0;\n return ret;\n };\n imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {\n const ret = BigInt.asUintN(64, arg0);\n return ret;\n };\n imports.wbg.__wbindgen_bigint_get_as_i64 = function(arg0, arg1) {\n const v = arg1;\n const ret = typeof(v) === 'bigint' ? v : undefined;\n getDataViewMemory0().setBigInt64(arg0 + 8 * 1, isLikeNone(ret) ? BigInt(0) : ret, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, !isLikeNone(ret), true);\n };\n imports.wbg.__wbindgen_boolean_get = function(arg0) {\n const v = arg0;\n const ret = typeof(v) === 'boolean' ? (v ? 1 : 0) : 2;\n return ret;\n };\n imports.wbg.__wbindgen_cb_drop = function(arg0) {\n const obj = arg0.original;\n if (obj.cnt-- == 1) {\n obj.a = 0;\n return true;\n }\n const ret = false;\n return ret;\n };\n imports.wbg.__wbindgen_closure_wrapper181 = function(arg0, arg1, arg2) {\n const ret = makeMutClosure(arg0, arg1, 8, __wbg_adapter_52);\n return ret;\n };\n imports.wbg.__wbindgen_closure_wrapper183 = function(arg0, arg1, arg2) {\n const ret = makeMutClosure(arg0, arg1, 8, __wbg_adapter_55);\n return ret;\n };\n imports.wbg.__wbindgen_closure_wrapper2154 = function(arg0, arg1, arg2) {\n const ret = makeMutClosure(arg0, arg1, 85, __wbg_adapter_52);\n return ret;\n };\n imports.wbg.__wbindgen_debug_string = function(arg0, arg1) {\n const ret = debugString(arg1);\n const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);\n };\n imports.wbg.__wbindgen_error_new = function(arg0, arg1) {\n const ret = new Error(getStringFromWasm0(arg0, arg1));\n return ret;\n };\n imports.wbg.__wbindgen_in = function(arg0, arg1) {\n const ret = arg0 in arg1;\n return ret;\n };\n imports.wbg.__wbindgen_init_externref_table = function() {\n const table = wasm.__wbindgen_export_4;\n const offset = table.grow(4);\n table.set(0, undefined);\n table.set(offset + 0, undefined);\n table.set(offset + 1, null);\n table.set(offset + 2, true);\n table.set(offset + 3, false);\n ;\n };\n imports.wbg.__wbindgen_is_bigint = function(arg0) {\n const ret = typeof(arg0) === 'bigint';\n return ret;\n };\n imports.wbg.__wbindgen_is_function = function(arg0) {\n const ret = typeof(arg0) === 'function';\n return ret;\n };\n imports.wbg.__wbindgen_is_object = function(arg0) {\n const val = arg0;\n const ret = typeof(val) === 'object' && val !== null;\n return ret;\n };\n imports.wbg.__wbindgen_is_string = function(arg0) {\n const ret = typeof(arg0) === 'string';\n return ret;\n };\n imports.wbg.__wbindgen_is_undefined = function(arg0) {\n const ret = arg0 === undefined;\n return ret;\n };\n imports.wbg.__wbindgen_jsval_eq = function(arg0, arg1) {\n const ret = arg0 === arg1;\n return ret;\n };\n imports.wbg.__wbindgen_jsval_loose_eq = function(arg0, arg1) {\n const ret = arg0 == arg1;\n return ret;\n };\n imports.wbg.__wbindgen_memory = function() {\n const ret = wasm.memory;\n return ret;\n };\n imports.wbg.__wbindgen_number_get = function(arg0, arg1) {\n const obj = arg1;\n const ret = typeof(obj) === 'number' ? obj : undefined;\n getDataViewMemory0().setFloat64(arg0 + 8 * 1, isLikeNone(ret) ? 0 : ret, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, !isLikeNone(ret), true);\n };\n imports.wbg.__wbindgen_number_new = function(arg0) {\n const ret = arg0;\n return ret;\n };\n imports.wbg.__wbindgen_string_get = function(arg0, arg1) {\n const obj = arg1;\n const ret = typeof(obj) === 'string' ? obj : undefined;\n var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len1 = WASM_VECTOR_LEN;\n getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);\n };\n imports.wbg.__wbindgen_string_new = function(arg0, arg1) {\n const ret = getStringFromWasm0(arg0, arg1);\n return ret;\n };\n imports.wbg.__wbindgen_throw = function(arg0, arg1) {\n throw new Error(getStringFromWasm0(arg0, arg1));\n };\n\n return imports;\n}\n\nfunction __wbg_init_memory(imports, memory) {\n\n}\n\nfunction __wbg_finalize_init(instance, module) {\n wasm = instance.exports;\n __wbg_init.__wbindgen_wasm_module = module;\n cachedDataViewMemory0 = null;\n cachedUint8ArrayMemory0 = null;\n\n\n wasm.__wbindgen_start();\n return wasm;\n}\n\nfunction initSync(module) {\n if (wasm !== undefined) return wasm;\n\n\n if (typeof module !== 'undefined') {\n if (Object.getPrototypeOf(module) === Object.prototype) {\n ({module} = module)\n } else {\n console.warn('using deprecated parameters for `initSync()`; pass a single object instead')\n }\n }\n\n const imports = __wbg_get_imports();\n\n __wbg_init_memory(imports);\n\n if (!(module instanceof WebAssembly.Module)) {\n module = new WebAssembly.Module(module);\n }\n\n const instance = new WebAssembly.Instance(module, imports);\n\n return __wbg_finalize_init(instance, module);\n}\n\nasync function __wbg_init(module_or_path) {\n if (wasm !== undefined) return wasm;\n\n\n if (typeof module_or_path !== 'undefined') {\n if (Object.getPrototypeOf(module_or_path) === Object.prototype) {\n ({module_or_path} = module_or_path)\n } else {\n console.warn('using deprecated parameters for the initialization function; pass a single object instead')\n }\n }\n\n if (typeof module_or_path === 'undefined') {\n module_or_path = new URL('wasm_signer_worker_bg.wasm', import.meta.url);\n }\n const imports = __wbg_get_imports();\n\n if (typeof module_or_path === 'string' || (typeof Request === 'function' && module_or_path instanceof Request) || (typeof URL === 'function' && module_or_path instanceof URL)) {\n module_or_path = fetch(module_or_path);\n }\n\n __wbg_init_memory(imports);\n\n const { instance, module } = await __wbg_load(await module_or_path, imports);\n\n return __wbg_finalize_init(instance, module);\n}\n\nexport { initSync };\nexport default __wbg_init;\n","\n// === IMPORT AUTO-GENERATED WASM TYPES ===\n// These are the source of truth generated from Rust structs via wasm-bindgen\n// Import as instance types from the WASM module classes\nimport * as wasmModule from '../../wasm_signer_worker/pkg/wasm_signer_worker.js';\nimport { WorkerRequestType, WorkerResponseType } from '../../wasm_signer_worker/pkg/wasm_signer_worker.js';\nexport { WorkerRequestType, WorkerResponseType }; // Export the WASM enums directly\n\nimport { StripFree } from \"./index.js\";\nimport type { onProgressEvents } from \"./sdkSentEvents.js\";\nimport type { TransactionContext } from './rpc.js';\nimport type { VRFChallenge } from './vrf-worker.js';\nimport type { ActionArgsWasm } from './actions.js';\n\nexport type WasmTransaction = wasmModule.WasmTransaction;\nexport type WasmSignature = wasmModule.WasmSignature;\n\nexport interface TransactionPayload {\n nearAccountId: string;\n receiverId: string;\n actions: ActionArgsWasm[];\n}\nexport type RpcCallPayload = StripFree<wasmModule.RpcCallPayload>;\n/**\n * RPC call parameters for NEAR operations and VRF generation\n * Used to pass essential parameters for background operations\n * export interface RpcCallPayload {\n * contractId: string; // Web3Authn contract ID for verification\n * nearRpcUrl: string; // NEAR RPC endpoint URL\n * nearAccountId: string; // Account ID for VRF challenge generation\n * }\n */\n\nexport type WasmDeriveNearKeypairAndEncryptRequest = StripFree<wasmModule.DeriveNearKeypairAndEncryptRequest>;\nexport type WasmRecoverKeypairRequest = StripFree<wasmModule.RecoverKeypairRequest>;\nexport interface WasmSignTransactionsWithActionsRequest {\n rpcCall: RpcCallPayload;\n sessionId: string;\n createdAt?: number;\n decryption: StripFree<wasmModule.DecryptionPayload>;\n txSigningRequests: TransactionPayload[];\n intentDigest?: string;\n transactionContext?: TransactionContext;\n vrfChallenge?: VRFChallenge;\n credential?: string;\n}\nexport interface WasmSignDelegateActionRequest {\n rpcCall: RpcCallPayload;\n sessionId: string;\n createdAt?: number;\n decryption: StripFree<wasmModule.DecryptionPayload>;\n delegate: DelegatePayload;\n intentDigest?: string;\n transactionContext?: TransactionContext;\n credential?: string;\n}\nexport interface DelegatePayload {\n senderId: string;\n receiverId: string;\n actions: ActionArgsWasm[];\n nonce: string;\n maxBlockHeight: string;\n publicKey: string;\n}\nexport type WasmDecryptPrivateKeyRequest = StripFree<wasmModule.DecryptPrivateKeyRequest>;\nexport type WasmExtractCosePublicKeyRequest = StripFree<wasmModule.ExtractCoseRequest>;\nexport type WasmSignNep413MessageRequest = StripFree<wasmModule.SignNep413Request>;\nexport interface WasmSignTransactionWithKeyPairRequest {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n}\n// Combined Device2 registration handler (derive + sign in one step)\nexport type WasmRegisterDevice2WithDerivedKeyRequest = StripFree<wasmModule.RegisterDevice2WithDerivedKeyRequest>;\n\nexport type WasmRequestPayload = WasmDeriveNearKeypairAndEncryptRequest\n | WasmRecoverKeypairRequest\n | WasmSignTransactionsWithActionsRequest\n | WasmSignDelegateActionRequest\n | WasmDecryptPrivateKeyRequest\n | WasmExtractCosePublicKeyRequest\n | WasmSignNep413MessageRequest\n | WasmSignTransactionWithKeyPairRequest\n | WasmRegisterDevice2WithDerivedKeyRequest;\n\n// WASM Worker Response Types\nexport type WasmRecoverKeypairResult = InstanceType<typeof wasmModule.RecoverKeypairResult>;\nexport type WasmSignedTransaction = InstanceType<typeof wasmModule.WasmSignedTransaction>;\nexport type WasmSignedDelegate = wasmModule.WasmSignedDelegate;\nexport type WasmDelegateAction = wasmModule.WasmDelegateAction;\nexport type WasmTransactionSignResult = InstanceType<typeof wasmModule.TransactionSignResult>;\nexport type WasmDelegateSignResult = wasmModule.DelegateSignResult;\nexport type WasmDecryptPrivateKeyResult = InstanceType<typeof wasmModule.DecryptPrivateKeyResult>;\nexport type WasmDeriveNearKeypairAndEncryptResult = InstanceType<typeof wasmModule.DeriveNearKeypairAndEncryptResult>;\n// wasm-bindgen generates some classes with private constructors, which breaks\n// `InstanceType<typeof Class>`. Use the class name directly for the instance type.\nexport type WasmRegisterDevice2WithDerivedKeyResult = InstanceType<typeof wasmModule.RegisterDevice2WithDerivedKeyResult>;\n\n// === WORKER REQUEST TYPE MAPPING ===\n// Define the complete type mapping for each worker request\nexport interface WorkerRequestTypeMap {\n [WorkerRequestType.DeriveNearKeypairAndEncrypt]: {\n type: WorkerRequestType.DeriveNearKeypairAndEncrypt;\n request: WasmDeriveNearKeypairAndEncryptRequest;\n result: WasmDeriveNearKeypairAndEncryptResult;\n };\n [WorkerRequestType.RecoverKeypairFromPasskey]: {\n type: WorkerRequestType.RecoverKeypairFromPasskey;\n request: WasmRecoverKeypairRequest;\n result: WasmRecoverKeypairResult;\n };\n [WorkerRequestType.SignTransactionsWithActions]: {\n type: WorkerRequestType.SignTransactionsWithActions;\n request: WasmSignTransactionsWithActionsRequest;\n result: WasmTransactionSignResult;\n };\n [WorkerRequestType.SignDelegateAction]: {\n type: WorkerRequestType.SignDelegateAction;\n request: WasmSignDelegateActionRequest;\n result: WasmDelegateSignResult;\n };\n [WorkerRequestType.DecryptPrivateKeyWithPrf]: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf;\n request: WasmDecryptPrivateKeyRequest;\n result: WasmDecryptPrivateKeyResult;\n };\n [WorkerRequestType.ExtractCosePublicKey]: {\n type: WorkerRequestType.ExtractCosePublicKey;\n request: WasmExtractCosePublicKeyRequest;\n result: wasmModule.CoseExtractionResult;\n };\n [WorkerRequestType.SignTransactionWithKeyPair]: {\n type: WorkerRequestType.SignTransactionWithKeyPair;\n request: WasmSignTransactionWithKeyPairRequest;\n result: WasmTransactionSignResult;\n };\n [WorkerRequestType.SignNep413Message]: {\n type: WorkerRequestType.SignNep413Message;\n request: WasmSignNep413MessageRequest;\n result: wasmModule.SignNep413Result;\n };\n [WorkerRequestType.RegisterDevice2WithDerivedKey]: {\n type: WorkerRequestType.RegisterDevice2WithDerivedKey;\n request: WasmRegisterDevice2WithDerivedKeyRequest;\n result: WasmRegisterDevice2WithDerivedKeyResult;\n };\n}\n\n/**\n * Validation rules for ConfirmationConfig to ensure behavior conforms to UI mode:\n *\n * - uiMode: 'skip' → behavior is ignored, autoProceedDelay is ignored\n * - uiMode: 'modal' | 'drawer' → behavior: 'requireClick' | 'autoProceed', autoProceedDelay only used with 'autoProceed'\n *\n * The WASM worker automatically validates and overrides these settings:\n * - For 'skip' mode: behavior is set to 'autoProceed' with autoProceedDelay: 0\n * - For 'modal' and 'drawer' modes: behavior and autoProceedDelay are used as specified\n *\n * The actual type would be the following, but we use the flat interface for simplicity:\n * export interface ConfirmationConfig {\n * uiMode: 'skip' | 'modal' | 'drawer'\n *\n * }\n */\nexport type ConfirmationUIMode = 'skip' | 'modal' | 'drawer';\nexport type ConfirmationBehavior = 'requireClick' | 'autoProceed';\nexport interface ConfirmationConfig {\n /** Type of UI to display for confirmation: 'skip' | 'modal' | 'drawer' */\n uiMode: ConfirmationUIMode;\n /** How the confirmation UI behaves: 'requireClick' | 'autoProceed' */\n behavior: ConfirmationBehavior;\n /** Delay in milliseconds before auto-proceeding (only used with autoProceed) */\n autoProceedDelay?: number;\n /** Theme for the confirmation UI: 'dark' | 'light' */\n theme: 'dark' | 'light';\n}\n\nexport const DEFAULT_CONFIRMATION_CONFIG: ConfirmationConfig = {\n uiMode: 'modal',\n behavior: 'requireClick',\n autoProceedDelay: 0,\n theme: 'dark',\n};\n\n// WASM enum types for confirmation configuration\nexport type WasmConfirmationUIMode = wasmModule.ConfirmationUIMode;\nexport type WasmConfirmationBehavior = wasmModule.ConfirmationBehavior;\n\n// Mapping functions to convert string literals to numeric enum values\nexport const mapUIModeToWasm = (uiMode: ConfirmationUIMode): number => {\n switch (uiMode) {\n case 'skip': return wasmModule.ConfirmationUIMode.Skip;\n case 'modal': return wasmModule.ConfirmationUIMode.Modal;\n // Drawer now has a dedicated WASM enum variant\n case 'drawer': return (wasmModule as any).ConfirmationUIMode.Drawer ?? wasmModule.ConfirmationUIMode.Modal;\n default: return wasmModule.ConfirmationUIMode.Modal;\n }\n};\n\nexport const mapBehaviorToWasm = (behavior: ConfirmationBehavior): number => {\n switch (behavior) {\n case 'requireClick': return wasmModule.ConfirmationBehavior.RequireClick;\n case 'autoProceed': return wasmModule.ConfirmationBehavior.AutoProceed;\n default: return wasmModule.ConfirmationBehavior.RequireClick;\n }\n};\nexport type WasmRequestResult = WasmRecoverKeypairResult\n | WasmSignedTransaction\n | WasmSignedDelegate\n | WasmTransactionSignResult\n | WasmDelegateSignResult\n | WasmDecryptPrivateKeyResult\n\nexport interface SignerWorkerMessage<T extends WorkerRequestType, R extends WasmRequestPayload> {\n type: T;\n payload: R;\n}\n\n/**\n * =============================\n * Worker Progress Message Types\n * =============================\n *\n * 1. PROGRESS MESSAGES (During Operation):\n * Rust WASM → send_typed_progress_message() → TypeScript sendProgressMessage() → postMessage() → Main Thread\n * - Used for real-time updates during long operations\n * - Multiple progress messages can be sent per operation\n * - Does not affect the final result\n * - Types: ProgressMessageType, ProgressStep, ProgressStatus (auto-generated from Rust)\n *\n * 2. FINAL RESULTS (Operation Complete):\n * Rust WASM → return value from handle_signer_message() → TypeScript worker → postMessage() → Main Thread\n * - Contains the actual operation result (success/error)\n * - Only one result message per operation\n * - This is what the main thread awaits for completion\n */\n\n// === PROGRESS MESSAGE TYPES ===\n\n// Basic interface for development - actual types are auto-generated from Rust\nexport type ProgressMessage = wasmModule.WorkerProgressMessage;\n\n// Type guard for basic progress message validation during development\nexport function isProgressMessage(obj: unknown): obj is ProgressMessage {\n return (\n typeof obj === 'object' &&\n obj !== null &&\n typeof (obj as { message_type?: unknown }).message_type === 'string' &&\n typeof (obj as { step?: unknown }).step === 'string' &&\n typeof (obj as { message?: unknown }).message === 'string' &&\n typeof (obj as { status?: unknown }).status === 'string'\n );\n}\n\nexport enum ProgressMessageType {\n REGISTRATION_PROGRESS = 'REGISTRATION_PROGRESS',\n REGISTRATION_COMPLETE = 'REGISTRATION_COMPLETE',\n EXECUTE_ACTIONS_PROGRESS = 'EXECUTE_ACTIONS_PROGRESS',\n EXECUTE_ACTIONS_COMPLETE = 'EXECUTE_ACTIONS_COMPLETE',\n}\n\n// Step identifiers for progress tracking\n// This enum exactly matches the Rust WASM ProgressStep enum from:\n// packages/passkey/src/wasm_signer_worker/src/types/progress.rs\n// The string values come from the progress_step_name() function in that file\nexport enum ProgressStep {\n PREPARATION = 'preparation', // Rust: Preparation\n WEBAUTHN_AUTHENTICATION = 'webauthn-authentication', // Rust: WebauthnAuthentication\n AUTHENTICATION_COMPLETE = 'authentication-complete', // Rust: AuthenticationComplete\n TRANSACTION_SIGNING_PROGRESS = 'transaction-signing-progress', // Rust: TransactionSigningProgress\n TRANSACTION_SIGNING_COMPLETE = 'transaction-signing-complete', // Rust: TransactionSigningComplete\n ERROR = 'error', // Rust: Error\n}\n\nexport interface ProgressStepMap {\n [wasmModule.ProgressStep.Preparation]: ProgressStep.PREPARATION;\n [wasmModule.ProgressStep.WebauthnAuthentication]: ProgressStep.WEBAUTHN_AUTHENTICATION;\n [wasmModule.ProgressStep.AuthenticationComplete]: ProgressStep.AUTHENTICATION_COMPLETE;\n [wasmModule.ProgressStep.TransactionSigningProgress]: ProgressStep.TRANSACTION_SIGNING_PROGRESS;\n [wasmModule.ProgressStep.TransactionSigningComplete]: ProgressStep.TRANSACTION_SIGNING_COMPLETE;\n [wasmModule.ProgressStep.Error]: ProgressStep.ERROR;\n}\n\n// === RESPONSE MESSAGE INTERFACES ===\n\n// Base interface for all worker responses\nexport interface BaseWorkerResponse {\n type: WorkerResponseType;\n payload: unknown;\n}\n\n// Map request types to their expected success response payloads (WASM types)\nexport interface RequestResponseMap {\n [WorkerRequestType.DeriveNearKeypairAndEncrypt]: WasmDeriveNearKeypairAndEncryptResult;\n [WorkerRequestType.RecoverKeypairFromPasskey]: WasmRecoverKeypairResult;\n [WorkerRequestType.DecryptPrivateKeyWithPrf]: WasmDecryptPrivateKeyResult;\n [WorkerRequestType.SignTransactionsWithActions]: WasmTransactionSignResult;\n [WorkerRequestType.SignDelegateAction]: WasmDelegateSignResult;\n [WorkerRequestType.ExtractCosePublicKey]: wasmModule.CoseExtractionResult;\n [WorkerRequestType.SignTransactionWithKeyPair]: WasmTransactionSignResult;\n [WorkerRequestType.SignNep413Message]: wasmModule.SignNep413Result;\n [WorkerRequestType.RegisterDevice2WithDerivedKey]: WasmRegisterDevice2WithDerivedKeyResult;\n}\n\n// Generic success response type that uses WASM types\nexport interface WorkerSuccessResponse<T extends WorkerRequestType> extends BaseWorkerResponse {\n type: WorkerResponseType;\n payload: RequestResponseMap[T];\n}\n\n// Generic error response type\nexport interface WorkerErrorResponse extends BaseWorkerResponse {\n type: WorkerResponseType;\n payload: {\n error: string;\n errorCode?: WorkerErrorCode;\n context?: Record<string, unknown>;\n };\n}\n\nexport enum WorkerErrorCode {\n WASM_INIT_FAILED = 'WASM_INIT_FAILED',\n INVALID_REQUEST = 'INVALID_REQUEST',\n TIMEOUT = 'TIMEOUT',\n ENCRYPTION_FAILED = 'ENCRYPTION_FAILED',\n DECRYPTION_FAILED = 'DECRYPTION_FAILED',\n SIGNING_FAILED = 'SIGNING_FAILED',\n STORAGE_FAILED = 'STORAGE_FAILED',\n UNKNOWN_ERROR = 'UNKNOWN_ERROR',\n}\n\nexport interface WorkerProgressResponse extends BaseWorkerResponse {\n type: WorkerResponseType;\n payload: onProgressEvents\n}\n\n// === MAIN RESPONSE TYPE ===\n\ntype RequestTypeKey = keyof RequestResponseMap;\n\nexport type WorkerResponseForRequest<T extends RequestTypeKey> =\n | WorkerSuccessResponse<T>\n | WorkerErrorResponse\n | WorkerProgressResponse;\n\n// === CONVENIENCE TYPE ALIASES ===\n\nexport type EncryptionResponse = WorkerResponseForRequest<typeof WorkerRequestType.DeriveNearKeypairAndEncrypt>;\nexport type RecoveryResponse = WorkerResponseForRequest<typeof WorkerRequestType.RecoverKeypairFromPasskey>;\nexport type TransactionResponse = WorkerResponseForRequest<typeof WorkerRequestType.SignTransactionsWithActions>;\nexport type DelegateSignResponse = WorkerResponseForRequest<typeof WorkerRequestType.SignDelegateAction>;\nexport type DecryptionResponse = WorkerResponseForRequest<typeof WorkerRequestType.DecryptPrivateKeyWithPrf>;\nexport type CoseExtractionResponse = WorkerResponseForRequest<typeof WorkerRequestType.ExtractCosePublicKey>;\nexport type Nep413SigningResponse = WorkerResponseForRequest<typeof WorkerRequestType.SignNep413Message>;\n\n// === TYPE GUARDS FOR GENERIC RESPONSES ===\n\nexport function isWorkerProgress<T extends RequestTypeKey>(\n response: WorkerResponseForRequest<T>\n): response is WorkerProgressResponse {\n return (\n response.type === WorkerResponseType.RegistrationProgress ||\n response.type === WorkerResponseType.RegistrationComplete ||\n response.type === WorkerResponseType.ExecuteActionsProgress ||\n response.type === WorkerResponseType.ExecuteActionsComplete\n );\n}\n\nexport function isWorkerSuccess<T extends RequestTypeKey>(\n response: WorkerResponseForRequest<T>\n): response is WorkerSuccessResponse<T> {\n return (\n response.type === WorkerResponseType.DeriveNearKeypairAndEncryptSuccess ||\n response.type === WorkerResponseType.RecoverKeypairFromPasskeySuccess ||\n response.type === WorkerResponseType.DecryptPrivateKeyWithPrfSuccess ||\n response.type === WorkerResponseType.SignTransactionsWithActionsSuccess ||\n response.type === WorkerResponseType.SignDelegateActionSuccess ||\n response.type === WorkerResponseType.ExtractCosePublicKeySuccess ||\n response.type === WorkerResponseType.SignTransactionWithKeyPairSuccess ||\n response.type === WorkerResponseType.SignNep413MessageSuccess ||\n response.type === WorkerResponseType.RegisterDevice2WithDerivedKeySuccess\n );\n}\n\nexport function isWorkerError<T extends RequestTypeKey>(\n response: WorkerResponseForRequest<T>\n): response is WorkerErrorResponse {\n return (\n response.type === WorkerResponseType.DeriveNearKeypairAndEncryptFailure ||\n response.type === WorkerResponseType.RecoverKeypairFromPasskeyFailure ||\n response.type === WorkerResponseType.DecryptPrivateKeyWithPrfFailure ||\n response.type === WorkerResponseType.SignTransactionsWithActionsFailure ||\n response.type === WorkerResponseType.SignDelegateActionFailure ||\n response.type === WorkerResponseType.ExtractCosePublicKeyFailure ||\n response.type === WorkerResponseType.SignTransactionWithKeyPairFailure ||\n response.type === WorkerResponseType.SignNep413MessageFailure ||\n response.type === WorkerResponseType.RegisterDevice2WithDerivedKeyFailure\n );\n}\n\n// === SPECIFIC TYPE GUARDS FOR COMMON OPERATIONS ===\n\nexport function isDeriveNearKeypairAndEncryptSuccess(response: EncryptionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.DeriveNearKeypairAndEncrypt> {\n return response.type === WorkerResponseType.DeriveNearKeypairAndEncryptSuccess;\n}\n\nexport function isRecoverKeypairFromPasskeySuccess(response: RecoveryResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.RecoverKeypairFromPasskey> {\n return response.type === WorkerResponseType.RecoverKeypairFromPasskeySuccess;\n}\n\nexport function isSignTransactionsWithActionsSuccess(response: TransactionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.SignTransactionsWithActions> {\n return response.type === WorkerResponseType.SignTransactionsWithActionsSuccess;\n}\n\nexport function isSignDelegateActionSuccess(response: DelegateSignResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.SignDelegateAction> {\n return response.type === WorkerResponseType.SignDelegateActionSuccess;\n}\n\nexport function isDecryptPrivateKeyWithPrfSuccess(response: DecryptionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.DecryptPrivateKeyWithPrf> {\n return response.type === WorkerResponseType.DecryptPrivateKeyWithPrfSuccess;\n}\n\nexport function isExtractCosePublicKeySuccess(response: CoseExtractionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.ExtractCosePublicKey> {\n return response.type === WorkerResponseType.ExtractCosePublicKeySuccess;\n}\n\nexport function isSignNep413MessageSuccess(response: Nep413SigningResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.SignNep413Message> {\n return response.type === WorkerResponseType.SignNep413MessageSuccess;\n}\n\nexport function isRegisterDevice2WithDerivedKeySuccess(\n response: WorkerResponseForRequest<typeof WorkerRequestType.RegisterDevice2WithDerivedKey>\n): response is WorkerSuccessResponse<typeof WorkerRequestType.RegisterDevice2WithDerivedKey> {\n return response.type === WorkerResponseType.RegisterDevice2WithDerivedKeySuccess;\n}\n","import { openDB, type IDBPDatabase } from 'idb';\nimport { type ValidationResult, validateNearAccountId } from '../../utils/validation';\nimport type { AccountId } from '../types/accountIds';\nimport { toAccountId } from '../types/accountIds';\nimport { ConfirmationConfig, DEFAULT_CONFIRMATION_CONFIG } from '../types/signer-worker'\n\n\nexport interface ClientUserData {\n // Primary key - now uses AccountId + deviceNumber for unique identification\n nearAccountId: AccountId;\n deviceNumber: number; // Device number for multi-device support (1-indexed)\n version?: number;\n\n // User metadata\n registeredAt?: number;\n lastLogin?: number;\n lastUpdated?: number;\n\n // WebAuthn/Passkey data (merged from WebAuthnManager)\n clientNearPublicKey: string;\n passkeyCredential: {\n id: string;\n rawId: string;\n };\n\n // VRF credentials for stateless authentication\n encryptedVrfKeypair: {\n encryptedVrfDataB64u: string;\n chacha20NonceB64u: string;\n };\n // Server-assisted auto-login (VRF key session): Shamir 3-pass fields\n // Stores relayer-blinded KEK and the VRF ciphertext; server never sees plaintext VRF or KEK\n serverEncryptedVrfKeypair?: {\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n // Metadata for proactive refresh\n serverKeyId: string;\n updatedAt?: number;\n };\n\n // User preferences\n preferences?: UserPreferences;\n}\n\nexport type StoreUserDataInput = Omit<ClientUserData, 'deviceNumber' | 'lastLogin' | 'registeredAt'>\n & {\n deviceNumber?: number;\n serverEncryptedVrfKeypair?: ClientUserData['serverEncryptedVrfKeypair'];\n version?: number;\n };\n\nexport type StoreWebAuthnUserDataInput = {\n nearAccountId: AccountId;\n deviceNumber: number;\n clientNearPublicKey: string;\n lastUpdated?: number;\n version?: number;\n passkeyCredential: ClientUserData['passkeyCredential'];\n encryptedVrfKeypair: ClientUserData['encryptedVrfKeypair'];\n serverEncryptedVrfKeypair?: ClientUserData['serverEncryptedVrfKeypair'];\n};\n\nexport interface UserPreferences {\n useRelayer: boolean;\n useNetwork: 'testnet' | 'mainnet';\n confirmationConfig: ConfirmationConfig;\n // User preferences can be extended here as needed\n}\n\n// Authenticator cache\nexport interface ClientAuthenticatorData {\n credentialId: string;\n credentialPublicKey: Uint8Array;\n transports?: string[]; // AuthenticatorTransport[]\n name?: string;\n nearAccountId: AccountId; // FK reference using AccountId\n deviceNumber: number; // Device number for this authenticator (1-indexed)\n registered: string; // ISO date string\n syncedAt: string; // When this cache entry was last synced with contract\n vrfPublicKey: string; // Base64-encoded VRF public key (1:1 relationship on client)\n}\n\ninterface AppStateEntry<T = unknown> {\n key: string;\n value: T;\n}\n\n// Internal helper: legacy user records may be missing deviceNumber.\ntype ClientUserDataWithOptionalDevice =\n | ClientUserData\n | (Omit<ClientUserData, 'deviceNumber'> & { deviceNumber?: number });\n\n// Special type for lastUserAccountId app state entry\nexport interface LastUserAccountIdState {\n accountId: AccountId;\n deviceNumber: number;\n}\n\ninterface PasskeyClientDBConfig {\n dbName: string;\n dbVersion: number;\n userStore: string;\n appStateStore: string;\n authenticatorStore: string;\n derivedAddressStore: string;\n recoveryEmailStore: string;\n}\n\n// === CONSTANTS ===\nconst DB_CONFIG: PasskeyClientDBConfig = {\n dbName: 'PasskeyClientDB',\n dbVersion: 15, // v15: add recoveryEmails store\n userStore: 'users',\n appStateStore: 'appState',\n authenticatorStore: 'authenticators',\n derivedAddressStore: 'derivedAddresses',\n recoveryEmailStore: 'recoveryEmails'\n} as const;\n\nexport interface IndexedDBEvent {\n type: 'user-updated' | 'preferences-updated' | 'user-deleted';\n accountId: AccountId;\n data?: Record<string, unknown>;\n}\n\n// Persisted mapping of derived (e.g., EVM) addresses tied to an account\n/**\n * Persisted mapping of derived (e.g., EVM/Solana/Zcash) addresses tied to an account.\n *\n * Notes on multi-chain support:\n * - The composite primary key is [nearAccountId, contractId, path]. To support\n * different chains and chain IDs, encode them in the `path` string, e.g.:\n * - EVM: `evm:<chainId>:<derivationPath>` → `evm:84532:ethereum-1`\n * - Solana: `solana:<derivationPath>`\n * - Zcash: `zcash:<derivationPath>`\n * - Additional descriptive fields like `namespace` and `chainRef` are optional metadata\n * and are not part of the key.\n */\nexport interface DerivedAddressRecord {\n nearAccountId: AccountId;\n contractId: string; // MPC/Derivation contract on NEAR\n path: string; // Composite path (may include namespace/chainId); see docs above\n address: string; // Derived address (e.g., 0x...)\n updatedAt: number;\n // Optional metadata (not used in the key)\n namespace?: string; // e.g., 'evm', 'solana', 'zcash'\n chainRef?: string; // e.g., chainId '84532' or a named network slug\n}\n\n/**\n * Persisted mapping of recovery email hashes to canonical email addresses for an account.\n *\n * Notes:\n * - Composite primary key is [nearAccountId, hashHex].\n * - `hashHex` is the 0x-prefixed hex encoding of the 32-byte hash:\n * SHA256(canonical_email || \"|\" || account_id)\n * - `email` is the canonical form: \"local@domain\", lowercased.\n */\nexport interface RecoveryEmailRecord {\n nearAccountId: AccountId;\n hashHex: string;\n email: string;\n addedAt: number;\n}\n\nexport class PasskeyClientDBManager {\n private config: PasskeyClientDBConfig;\n private db: IDBPDatabase | null = null;\n private disabled = false;\n private eventListeners: Set<(event: IndexedDBEvent) => void> = new Set();\n\n constructor(config: PasskeyClientDBConfig = DB_CONFIG) {\n this.config = config;\n }\n\n getDbName(): string {\n return this.config.dbName;\n }\n\n setDbName(dbName: string): void {\n const next = String(dbName || '').trim();\n if (!next || next === this.config.dbName) return;\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n this.config = { ...this.config, dbName: next };\n }\n\n isDisabled(): boolean {\n return this.disabled;\n }\n\n setDisabled(disabled: boolean): void {\n const next = !!disabled;\n if (next === this.disabled) return;\n this.disabled = next;\n if (next) {\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n }\n }\n\n // === EVENT SYSTEM ===\n\n onChange(listener: (event: IndexedDBEvent) => void): () => void {\n this.eventListeners.add(listener);\n return () => {\n this.eventListeners.delete(listener);\n };\n }\n\n private emitEvent(event: IndexedDBEvent): void {\n this.eventListeners.forEach(listener => {\n try {\n listener(event);\n } catch (error) {\n console.warn('[IndexedDBManager]: Error in event listener:', error);\n }\n });\n }\n\n private async getDB(): Promise<IDBPDatabase> {\n if (this.disabled) {\n throw new Error('[PasskeyClientDBManager] IndexedDB is disabled in this environment.');\n }\n if (this.db) {\n return this.db;\n }\n\n try {\n this.db = await openDB(this.config.dbName, this.config.dbVersion, {\n upgrade: (db, oldVersion, _newVersion, _transaction): void => {\n // Create stores if they don't exist\n if (!db.objectStoreNames.contains(DB_CONFIG.userStore)) {\n // Users table: composite key of [nearAccountId, deviceNumber]\n const userStore = db.createObjectStore(DB_CONFIG.userStore, { keyPath: ['nearAccountId', 'deviceNumber'] });\n userStore.createIndex('nearAccountId', 'nearAccountId', { unique: false });\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.appStateStore)) {\n db.createObjectStore(DB_CONFIG.appStateStore, { keyPath: 'key' });\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.authenticatorStore)) {\n // Authenticators table: composite key of [nearAccountId, deviceNumber, credentialId]\n const authStore = db.createObjectStore(DB_CONFIG.authenticatorStore, { keyPath: ['nearAccountId', 'deviceNumber', 'credentialId'] });\n authStore.createIndex('nearAccountId', 'nearAccountId', { unique: false });\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.derivedAddressStore)) {\n // Derived addresses: composite key of [nearAccountId, contractId, path]\n const dStore = db.createObjectStore(DB_CONFIG.derivedAddressStore, { keyPath: ['nearAccountId', 'contractId', 'path'] });\n try { dStore.createIndex('nearAccountId', 'nearAccountId', { unique: false }); } catch {}\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.recoveryEmailStore)) {\n // Recovery emails: composite key of [nearAccountId, hashHex]\n const rStore = db.createObjectStore(DB_CONFIG.recoveryEmailStore, { keyPath: ['nearAccountId', 'hashHex'] });\n try { rStore.createIndex('nearAccountId', 'nearAccountId', { unique: false }); } catch {}\n }\n },\n blocked() {\n console.warn('PasskeyClientDB connection is blocked.');\n },\n blocking() {\n console.warn('PasskeyClientDB connection is blocking another connection.');\n },\n terminated: () => {\n console.warn('PasskeyClientDB connection has been terminated.');\n this.db = null;\n },\n });\n\n // Post-open migrations (non-blocking)\n try { await this.runMigrationsIfNeeded(this.db); } catch {}\n\n } catch (err: any) {\n const msg = String(err?.message || '');\n if (err?.name === 'VersionError' || /less than the existing version/i.test(msg)) {\n // Mixed-version contexts (host/app) — open without version to adopt existing DB\n try {\n console.warn('PasskeyClientDB: opening existing DB without version due to VersionError');\n this.db = await openDB(this.config.dbName);\n } catch (e) {\n throw err;\n }\n } else {\n throw err;\n }\n }\n\n return this.db;\n }\n\n private async runMigrationsIfNeeded(_db: IDBPDatabase): Promise<void> {\n return;\n }\n\n // === APP STATE METHODS ===\n\n async getAppState<T = unknown>(key: string): Promise<T | undefined> {\n const db = await this.getDB();\n const result = await db.get(DB_CONFIG.appStateStore, key);\n return result?.value as T | undefined;\n }\n\n async setAppState<T = unknown>(key: string, value: T): Promise<void> {\n const db = await this.getDB();\n const entry: AppStateEntry<T> = { key, value };\n await db.put(DB_CONFIG.appStateStore, entry);\n }\n\n // === ACCOUNT ID VALIDATION AND UTILITIES ===\n\n /**\n * Validate that a NEAR account ID is in the expected format\n * Supports both <username>.<relayerAccountId> and <username>.testnet formats\n */\n validateNearAccountId(nearAccountId: AccountId): ValidationResult {\n return validateNearAccountId(nearAccountId);\n }\n\n /**\n * Extract username from NEAR account ID\n */\n extractUsername(nearAccountId: AccountId): string {\n const validation = validateNearAccountId(nearAccountId);\n if (!validation.valid) {\n throw new Error(`Invalid NEAR account ID: ${validation.error}`);\n }\n return nearAccountId.split('.')[0];\n }\n\n /**\n * Generate a NEAR account ID from a username and domain\n * @param username - The username to use for the account ID\n * @param domain - The domain to use for the account ID\n * @returns The generated NEAR account ID\n */\n generateNearAccountId(username: string, domain: string): string {\n const sanitizedName = username\n .toLowerCase()\n .replace(/[^a-z0-9_\\\\-]/g, '')\n .substring(0, 32);\n return `${sanitizedName}.${domain}`;\n }\n\n // === USER MANAGEMENT METHODS ===\n\n async getUser(nearAccountId: AccountId, deviceNumber?: number): Promise<ClientUserData | null> {\n if (!nearAccountId) return null;\n\n const validation = this.validateNearAccountId(nearAccountId);\n if (!validation.valid) {\n console.warn(`Invalid account ID format: ${nearAccountId}`);\n return null;\n }\n\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n\n if (typeof deviceNumber === 'number') {\n const rec = await db.get(DB_CONFIG.userStore, [accountId, deviceNumber]);\n if (!rec) return null;\n return await this.normalizeUserDeviceNumber(rec as ClientUserDataWithOptionalDevice, deviceNumber);\n }\n\n const index = db.transaction(DB_CONFIG.userStore).store.index('nearAccountId');\n const results = await index.getAll(accountId);\n if (results.length === 0) {\n return null;\n }\n\n if (results.length > 1) {\n console.warn(\n `Multiple passkeys found for account ${accountId}, deviceNumber not provided; ` +\n 'defaulting to last logged-in user.'\n );\n console.log('defaulting to last used user deviceNumber');\n const lastUserState = await this.getAppState<LastUserAccountIdState>('lastUserAccountId').catch(() => null);\n if (lastUserState && toAccountId(lastUserState.accountId) === accountId) {\n const keyed = await db.get(DB_CONFIG.userStore, [accountId, lastUserState.deviceNumber]);\n if (keyed) {\n return await this.normalizeUserDeviceNumber(\n keyed as ClientUserDataWithOptionalDevice,\n lastUserState.deviceNumber\n );\n }\n }\n }\n\n const first = results[0] as ClientUserDataWithOptionalDevice;\n if (!first) return null;\n return await this.normalizeUserDeviceNumber(first, 1);\n }\n\n /**\n * Get the current/last user\n * This is maintained via app state and updated whenever a user is stored or updated\n */\n async getLastUser(): Promise<ClientUserData | null> {\n const lastUserState = await this.getAppState<LastUserAccountIdState>('lastUserAccountId');\n if (!lastUserState) return null;\n const db = await this.getDB();\n const accountId = toAccountId(lastUserState.accountId);\n // Prefer exact device match using composite primary key\n const record = await db.get(DB_CONFIG.userStore, [accountId, lastUserState.deviceNumber]);\n if (record) return record as ClientUserData;\n // Fallback: return any user for account\n return this.getUser(accountId);\n }\n\n /** Get user record by composite key (nearAccountId, deviceNumber) */\n async getUserByDevice(nearAccountId: AccountId, deviceNumber: number): Promise<ClientUserData | null> {\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n const rec = await db.get(DB_CONFIG.userStore, [accountId, deviceNumber]);\n return rec as ClientUserData || null;\n }\n\n /**\n * Get the most recently updated user record for a given account.\n * Useful when deviceNumber is unknown but we need the freshest key for the account.\n */\n /**\n * Get the most recently updated user record for a given account.\n * Useful when deviceNumber is unknown but we need the freshest key for the account.\n */\n async getLastDBUpdatedUser(nearAccountId: AccountId): Promise<ClientUserData | null> {\n const db = await this.getDB();\n try {\n const idx = db.transaction(DB_CONFIG.userStore).store.index('nearAccountId');\n const all = await idx.getAll(toAccountId(nearAccountId));\n if (Array.isArray(all) && all.length > 0) {\n const latest = (all as ClientUserData[]).reduce((a, b) =>\n (a.lastUpdated ?? 0) >= (b.lastUpdated ?? 0) ? a : b\n );\n return latest;\n }\n } catch {\n // fall through\n }\n return null;\n }\n\n async hasPasskeyCredential(nearAccountId: AccountId): Promise<boolean> {\n const authenticators = await this.getAuthenticatorsByUser(nearAccountId);\n return !!authenticators[0]?.credentialId;\n }\n\n /**\n * Ensure the current passkey selection is aligned with the last logged-in device.\n *\n * - When multiple authenticators exist for an account and no deviceNumber is specified,\n * this helper prefers authenticators whose deviceNumber matches the last logged-in user.\n * - Optionally validates that a selected credential (by rawId) also matches the last-user device.\n *\n * @param nearAccountId - Account ID for which the operation is being performed\n * @param authenticators - All authenticators stored for the account\n * @param selectedCredentialRawId - Optional rawId of the credential chosen by WebAuthn\n * @returns filtered authenticators for allowCredentials, plus optional wrongPasskeyError\n */\n async ensureCurrentPasskey(\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n selectedCredentialRawId?: string,\n ): Promise<{\n authenticatorsForPrompt: ClientAuthenticatorData[];\n wrongPasskeyError?: string;\n }> {\n if (authenticators.length <= 1) {\n return { authenticatorsForPrompt: authenticators };\n }\n\n const accountIdNormalized = toAccountId(nearAccountId);\n const lastUser = await this.getLastUser().catch(() => null);\n if (!lastUser || lastUser.nearAccountId !== accountIdNormalized) {\n return { authenticatorsForPrompt: authenticators };\n }\n\n const expectedDeviceNumber = lastUser.deviceNumber;\n const byDeviceNumber = authenticators.filter(a => a.deviceNumber === expectedDeviceNumber);\n\n // Prefer the credentialId for the last-user deviceNumber; use the stored last-user rawId\n // only when it matches an authenticator for that device (or when we have no device match).\n let expectedCredentialId = lastUser.passkeyCredential.rawId;\n if (byDeviceNumber.length > 0 && !byDeviceNumber.some(a => a.credentialId === expectedCredentialId)) {\n expectedCredentialId = byDeviceNumber[0].credentialId;\n }\n\n // Preference: restrict allowCredentials to the last-user credentialId.\n // Fallback: if the local authenticator cache is missing that entry, prefer the last-user deviceNumber.\n const byCredentialId = authenticators.filter(a => a.credentialId === expectedCredentialId);\n const authenticatorsForPrompt =\n byCredentialId.length > 0\n ? byCredentialId\n : (byDeviceNumber.length > 0 ? byDeviceNumber : authenticators);\n\n const wrongPasskeyError =\n selectedCredentialRawId && selectedCredentialRawId !== expectedCredentialId\n ? (\n `You have multiple passkeys (deviceNumbers) for account ${accountIdNormalized}, ` +\n 'but used a different passkey than the most recently logged-in one. Please use the passkey for the most recently logged-in device.'\n )\n : undefined;\n\n return { authenticatorsForPrompt, wrongPasskeyError };\n }\n\n /**\n * Register a new user with the given NEAR account ID\n * @param nearAccountId - Full NEAR account ID (e.g., \"username.testnet\" or \"username.relayer.testnet\")\n * @param additionalData - Additional user data to store\n */\n async registerUser(storeUserData: StoreUserDataInput): Promise<ClientUserData> {\n\n const validation = this.validateNearAccountId(storeUserData.nearAccountId);\n if (!validation.valid) {\n throw new Error(`Cannot register user with invalid account ID: ${validation.error}`);\n }\n\n const now = Date.now();\n\n const userData: ClientUserData = {\n nearAccountId: toAccountId(storeUserData.nearAccountId),\n deviceNumber: storeUserData.deviceNumber || 1, // Default to device 1 (1-indexed)\n version: storeUserData.version || 2,\n registeredAt: now,\n lastLogin: now,\n lastUpdated: now,\n clientNearPublicKey: storeUserData.clientNearPublicKey,\n passkeyCredential: storeUserData.passkeyCredential,\n preferences: {\n useRelayer: false,\n useNetwork: 'testnet',\n confirmationConfig: DEFAULT_CONFIRMATION_CONFIG,\n // Default preferences can be set here\n },\n encryptedVrfKeypair: storeUserData.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: storeUserData.serverEncryptedVrfKeypair,\n };\n\n await this.storeUser(userData);\n return userData;\n }\n\n async updateUser(nearAccountId: AccountId, updates: Partial<ClientUserData>): Promise<void> {\n const user = await this.getUser(nearAccountId);\n if (user) {\n const updatedUser = {\n ...user,\n ...updates,\n lastUpdated: Date.now()\n };\n await this.storeUser(updatedUser); // This will update the app state lastUserAccountId\n\n // Emit event for user updates\n this.emitEvent({\n type: 'user-updated',\n accountId: nearAccountId,\n data: { updates, updatedUser }\n });\n }\n }\n\n async updateLastLogin(nearAccountId: AccountId): Promise<void> {\n await this.updateUser(nearAccountId, { lastLogin: Date.now() });\n }\n\n /**\n * Set the last logged-in user\n * @param nearAccountId - The account ID of the user\n * @param deviceNumber - The device number (defaults to 1)\n */\n async setLastUser(nearAccountId: AccountId, deviceNumber: number = 1): Promise<void> {\n const lastUserState: LastUserAccountIdState = {\n accountId: nearAccountId,\n deviceNumber,\n };\n await this.setAppState('lastUserAccountId', lastUserState);\n }\n\n async updatePreferences(\n nearAccountId: AccountId,\n preferences: Partial<UserPreferences>\n ): Promise<void> {\n const user = await this.getUser(nearAccountId);\n if (user) {\n const updatedPreferences = {\n ...user.preferences,\n ...preferences\n } as UserPreferences;\n await this.updateUser(nearAccountId, { preferences: updatedPreferences });\n\n // Emit event for preference changes\n this.emitEvent({\n type: 'preferences-updated',\n accountId: nearAccountId,\n data: { preferences: updatedPreferences }\n });\n }\n }\n\n private async normalizeUserDeviceNumber(\n user: ClientUserDataWithOptionalDevice,\n defaultDeviceNumber: number\n ): Promise<ClientUserData> {\n const hasValidDevice =\n typeof user.deviceNumber === 'number' && Number.isFinite(user.deviceNumber);\n if (hasValidDevice) {\n return user as ClientUserData;\n }\n\n const deviceNumber = defaultDeviceNumber;\n const fixed: ClientUserData = {\n ...(user as Omit<ClientUserData, 'deviceNumber'>),\n deviceNumber,\n };\n await this.storeUser(fixed);\n return fixed;\n }\n\n private async storeUser(userData: ClientUserData): Promise<void> {\n const validation = this.validateNearAccountId(userData.nearAccountId);\n if (!validation.valid) {\n throw new Error(`Cannot store user with invalid account ID: ${validation.error}`);\n }\n\n const db = await this.getDB();\n await db.put(DB_CONFIG.userStore, userData);\n\n // Update lastUserAccountId with new format including device info\n const lastUserState: LastUserAccountIdState = {\n accountId: userData.nearAccountId,\n deviceNumber: userData.deviceNumber,\n };\n\n await this.setAppState('lastUserAccountId', lastUserState);\n }\n\n /**\n * Store WebAuthn user data (compatibility with WebAuthnManager)\n * @param userData - User data with nearAccountId as primary identifier\n */\n async storeWebAuthnUserData(userData: StoreWebAuthnUserDataInput): Promise<void> {\n const validation = this.validateNearAccountId(userData.nearAccountId);\n if (!validation.valid) {\n throw new Error(`Cannot store WebAuthn data for invalid account ID: ${validation.error}`);\n }\n\n const accountId = toAccountId(userData.nearAccountId);\n const deviceNumber = userData.deviceNumber;\n let user = await this.getUser(accountId, deviceNumber);\n\n if (!user) {\n user = await this.registerUser({\n nearAccountId: accountId,\n deviceNumber,\n clientNearPublicKey: userData.clientNearPublicKey,\n passkeyCredential: userData.passkeyCredential,\n encryptedVrfKeypair: userData.encryptedVrfKeypair,\n version: userData.version || 2,\n serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair,\n });\n }\n\n const updatedUser: ClientUserData = {\n ...user,\n clientNearPublicKey: userData.clientNearPublicKey,\n passkeyCredential: userData.passkeyCredential,\n encryptedVrfKeypair: userData.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair ?? user.serverEncryptedVrfKeypair,\n version: userData.version ?? user.version,\n lastUpdated: userData.lastUpdated ?? Date.now(),\n };\n\n await this.storeUser(updatedUser);\n this.emitEvent({\n type: 'user-updated',\n accountId,\n data: { updatedUser }\n });\n }\n\n async getAllUsers(): Promise<ClientUserData[]> {\n const db = await this.getDB();\n return db.getAll(DB_CONFIG.userStore);\n }\n\n async deleteUser(nearAccountId: AccountId): Promise<void> {\n const db = await this.getDB();\n await db.delete(DB_CONFIG.userStore, nearAccountId);\n // Also clean up related authenticators\n await this.clearAuthenticatorsForUser(nearAccountId);\n }\n\n async clearAllUsers(): Promise<void> {\n const db = await this.getDB();\n await db.clear(DB_CONFIG.userStore);\n }\n\n async clearAllAppState(): Promise<void> {\n const db = await this.getDB();\n await db.clear(DB_CONFIG.appStateStore);\n }\n\n /**\n * Store authenticator data for a user\n */\n async storeAuthenticator(authenticatorData: ClientAuthenticatorData): Promise<void> {\n const db = await this.getDB();\n await db.put(DB_CONFIG.authenticatorStore, authenticatorData);\n }\n\n /**\n * Get all authenticators for a user (optionally for a specific device)\n */\n async getAuthenticatorsByUser(nearAccountId: AccountId): Promise<ClientAuthenticatorData[]> {\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readonly');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n const accountId = toAccountId(nearAccountId);\n\n // Get all authenticators for this account across all devices\n const index = store.index('nearAccountId');\n return await index.getAll(accountId);\n }\n\n /**\n * Get a specific authenticator by credential ID\n */\n async getAuthenticatorByCredentialId(\n nearAccountId: AccountId,\n credentialId: string\n ): Promise<ClientAuthenticatorData | null> {\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readonly');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n const accountId = toAccountId(nearAccountId);\n\n // Primary key is [nearAccountId, deviceNumber, credentialId], so we cannot\n // look up by [nearAccountId, credentialId] directly. Use the nearAccountId\n // index and filter by credentialId.\n const index = store.index('nearAccountId');\n const all = await index.getAll(accountId);\n const match = all.find((auth: any) => auth.credentialId === credentialId) || null;\n return match;\n }\n\n /**\n * Clear all authenticators for a user\n */\n async clearAuthenticatorsForUser(nearAccountId: AccountId): Promise<void> {\n const authenticators = await this.getAuthenticatorsByUser(nearAccountId);\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readwrite');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n\n for (const auth of authenticators) {\n // Composite PK is [nearAccountId, deviceNumber, credentialId]\n await store.delete([nearAccountId, auth.deviceNumber, auth.credentialId]);\n }\n }\n\n /**\n * Sync authenticators from contract data\n */\n async syncAuthenticatorsFromContract(\n nearAccountId: AccountId,\n contractAuthenticators: Array<{\n credentialId: string;\n credentialPublicKey: Uint8Array;\n transports?: string[];\n name?: string;\n registered: string;\n vrfPublicKey: string;\n deviceNumber?: number; // Device number from contract\n }>\n ): Promise<void> {\n // Clear existing cache for this user\n await this.clearAuthenticatorsForUser(nearAccountId);\n\n // Add all contract authenticators to cache\n const syncedAt = new Date().toISOString();\n for (const auth of contractAuthenticators) {\n // Fix transport processing: filter out undefined values and provide fallback\n const rawTransports = auth.transports || [];\n const validTransports = rawTransports.filter((transport: any) =>\n transport !== undefined && transport !== null && typeof transport === 'string'\n );\n\n // If no valid transports, default to 'internal' for platform authenticators\n const transports = validTransports.length > 0 ? validTransports : ['internal'];\n\n const clientAuth: ClientAuthenticatorData = {\n credentialId: auth.credentialId,\n credentialPublicKey: auth.credentialPublicKey,\n transports,\n name: auth.name,\n nearAccountId: toAccountId(nearAccountId),\n deviceNumber: auth.deviceNumber || 1, // Default to device 1 (1-indexed)\n registered: auth.registered,\n syncedAt: syncedAt,\n vrfPublicKey: auth.vrfPublicKey,\n };\n await this.storeAuthenticator(clientAuth);\n }\n }\n\n // === ATOMIC OPERATIONS AND ROLLBACK METHODS ===\n\n /**\n * Delete all authenticators for a user\n */\n async deleteAllAuthenticatorsForUser(nearAccountId: AccountId): Promise<void> {\n const authenticators = await this.getAuthenticatorsByUser(nearAccountId);\n\n if (authenticators.length === 0) {\n console.warn(`No authenticators found for user ${nearAccountId}`);\n return;\n }\n\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readwrite');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n\n for (const auth of authenticators) {\n // Composite PK is [nearAccountId, deviceNumber, credentialId]\n await store.delete([nearAccountId, auth.deviceNumber, auth.credentialId]);\n }\n\n console.debug(`Deleted ${authenticators.length} authenticators for user ${nearAccountId}`);\n }\n\n /**\n * Get user's confirmation config from IndexedDB\n * @param nearAccountId - The user's account ID\n * @returns ConfirmationConfig or undefined\n */\n async getConfirmationConfig(nearAccountId: AccountId): Promise<ConfirmationConfig> {\n const user = await this.getUser(nearAccountId);\n return user?.preferences?.confirmationConfig || DEFAULT_CONFIRMATION_CONFIG;\n }\n\n /**\n * Get user's theme preference from IndexedDB\n * @param nearAccountId - The user's account ID\n * @returns 'dark' | 'light' | null\n */\n async getTheme(nearAccountId: AccountId): Promise<'dark' | 'light' | null> {\n const user = await this.getUser(nearAccountId);\n return user?.preferences?.confirmationConfig.theme || null;\n }\n\n /**\n * Set user's theme preference in IndexedDB\n * @param nearAccountId - The user's account ID\n * @param theme - The theme to set ('dark' | 'light')\n */\n async setTheme(nearAccountId: AccountId, theme: 'dark' | 'light'): Promise<void> {\n const existingConfig = await this.getConfirmationConfig(nearAccountId);\n const confirmationConfig = { ...existingConfig, theme };\n await this.updatePreferences(nearAccountId, { confirmationConfig });\n }\n\n /**\n * Get user's theme with fallback to 'dark'\n * @param nearAccountId - The user's account ID\n * @returns 'dark' | 'light'\n */\n async getThemeOrDefault(nearAccountId: AccountId): Promise<'dark' | 'light'> {\n const theme = await this.getTheme(nearAccountId);\n return theme || 'dark';\n }\n\n /**\n * Toggle between dark and light theme for a user\n * @param nearAccountId - The user's account ID\n * @returns The new theme that was set\n */\n async toggleTheme(nearAccountId: AccountId): Promise<'dark' | 'light'> {\n const currentTheme = await this.getThemeOrDefault(nearAccountId);\n const newTheme = currentTheme === 'dark' ? 'light' : 'dark';\n await this.setTheme(nearAccountId, newTheme);\n return newTheme;\n }\n\n // === DERIVED ADDRESS METHODS ===\n\n /**\n * Store a derived address for a given NEAR account + contract + path\n */\n async setDerivedAddress(nearAccountId: AccountId, args: { contractId: string; path: string; address: string }): Promise<void> {\n if (!nearAccountId || !args?.contractId || !args?.path || !args?.address) return;\n const validation = this.validateNearAccountId(nearAccountId);\n if (!validation.valid) return;\n const rec: DerivedAddressRecord = {\n nearAccountId: toAccountId(nearAccountId),\n contractId: String(args.contractId),\n path: String(args.path),\n address: String(args.address),\n updatedAt: Date.now(),\n };\n const db = await this.getDB();\n await db.put(DB_CONFIG.derivedAddressStore, rec);\n }\n\n /**\n * Fetch a derived address record; returns null if not found\n */\n async getDerivedAddressRecord(nearAccountId: AccountId, args: { contractId: string; path: string }): Promise<DerivedAddressRecord | null> {\n if (!nearAccountId || !args?.contractId || !args?.path) return null;\n const db = await this.getDB();\n const rec = await db.get(DB_CONFIG.derivedAddressStore, [toAccountId(nearAccountId), String(args.contractId), String(args.path)]);\n return (rec as DerivedAddressRecord) || null;\n }\n\n /**\n * Get only the derived address string; returns null if not set\n */\n async getDerivedAddress(nearAccountId: AccountId, args: { contractId: string; path: string }): Promise<string | null> {\n const rec = await this.getDerivedAddressRecord(nearAccountId, args);\n return rec?.address || null;\n }\n\n // === RECOVERY EMAIL METHODS ===\n\n /**\n * Upsert recovery email records for an account.\n * Merges by hashHex, preferring the most recent email.\n */\n async upsertRecoveryEmails(\n nearAccountId: AccountId,\n entries: Array<{ hashHex: string; email: string }>\n ): Promise<void> {\n if (!nearAccountId || !entries?.length) return;\n const validation = this.validateNearAccountId(nearAccountId);\n if (!validation.valid) return;\n\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n const now = Date.now();\n\n for (const entry of entries) {\n const hashHex = String(entry?.hashHex || '').trim();\n const email = String(entry?.email || '').trim();\n if (!hashHex || !email) continue;\n\n const rec: RecoveryEmailRecord = {\n nearAccountId: accountId,\n hashHex,\n email,\n addedAt: now,\n };\n await db.put(DB_CONFIG.recoveryEmailStore, rec);\n }\n }\n\n /**\n * Fetch all recovery email records for an account.\n */\n async getRecoveryEmails(nearAccountId: AccountId): Promise<RecoveryEmailRecord[]> {\n if (!nearAccountId) return [];\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n const tx = db.transaction(DB_CONFIG.recoveryEmailStore, 'readonly');\n const store = tx.objectStore(DB_CONFIG.recoveryEmailStore);\n const index = store.index('nearAccountId');\n const result = await index.getAll(accountId);\n return (result as RecoveryEmailRecord[]) || [];\n }\n\n /**\n * Atomic operation wrapper for multiple IndexedDB operations\n * Either all operations succeed or all are rolled back\n */\n async atomicOperation<T>(operation: (db: IDBPDatabase) => Promise<T>): Promise<T> {\n const db = await this.getDB();\n try {\n const result = await operation(db);\n return result;\n } catch (error) {\n console.error('Atomic operation failed:', error);\n throw error;\n }\n }\n\n /**\n * Complete rollback of user registration data\n * Deletes user, authenticators, and WebAuthn data atomically\n */\n async rollbackUserRegistration(nearAccountId: AccountId): Promise<void> {\n console.debug(`Rolling back registration data for ${nearAccountId}`);\n\n await this.atomicOperation(async (db) => {\n // Delete all authenticators for this user\n await this.deleteAllAuthenticatorsForUser(nearAccountId);\n\n // Delete user record\n await db.delete(DB_CONFIG.userStore, nearAccountId);\n\n // Clear from app state if this was the last user\n const lastUserAccount = await this.getAppState<string>('lastUserAccountId');\n if (lastUserAccount === nearAccountId) {\n await this.setAppState('lastUserAccountId', null);\n }\n\n console.debug(`Rolled back all registration data for ${nearAccountId}`);\n return true;\n });\n }\n}\n","import { openDB, type IDBPDatabase } from 'idb';\n\nconst DB_CONFIG: PasskeyNearKeysDBConfig = {\n dbName: 'PasskeyNearKeys',\n dbVersion: 2,\n storeName: 'encryptedKeys',\n keyPath: ['nearAccountId', 'deviceNumber']\n} as const;\n\nexport interface EncryptedKeyData {\n nearAccountId: string;\n deviceNumber: number; // 1-indexed device number\n encryptedData: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for `encryptedData`.\n */\n chacha20NonceB64u: string;\n /**\n * HKDF salt used alongside WrapKeySeed for KEK derivation.\n * Required for v2+ vaults; entries missing `wrapKeySalt` are considered invalid\n * and require re-registration to upgrade the vault format.\n */\n wrapKeySalt?: string;\n version?: number;\n timestamp: number;\n}\n\ninterface PasskeyNearKeysDBConfig {\n dbName: string;\n dbVersion: number;\n storeName: string;\n keyPath: string | [string, string];\n}\n\nexport class PasskeyNearKeysDBManager {\n private config: PasskeyNearKeysDBConfig;\n private db: IDBPDatabase | null = null;\n private disabled = false;\n\n constructor(config: PasskeyNearKeysDBConfig = DB_CONFIG) {\n this.config = config;\n }\n\n getDbName(): string {\n return this.config.dbName;\n }\n\n setDbName(dbName: string): void {\n const next = String(dbName || '').trim();\n if (!next || next === this.config.dbName) return;\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n this.config = { ...this.config, dbName: next };\n }\n\n isDisabled(): boolean {\n return this.disabled;\n }\n\n setDisabled(disabled: boolean): void {\n const next = !!disabled;\n if (next === this.disabled) return;\n this.disabled = next;\n if (next) {\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n }\n }\n\n /**\n * Get database connection, initializing if necessary\n */\n private async getDB(): Promise<IDBPDatabase> {\n if (this.disabled) {\n throw new Error('[PasskeyNearKeysDBManager] IndexedDB is disabled in this environment.');\n }\n if (this.db) {\n return this.db;\n }\n\n this.db = await openDB(this.config.dbName, this.config.dbVersion, {\n upgrade(db): void {\n // Always recreate store with composite key; no migration\n try { if (db.objectStoreNames.contains(DB_CONFIG.storeName)) db.deleteObjectStore(DB_CONFIG.storeName); } catch {}\n const store = db.createObjectStore(DB_CONFIG.storeName, { keyPath: DB_CONFIG.keyPath });\n try { store.createIndex('nearAccountId', 'nearAccountId', { unique: false }); } catch {}\n },\n blocked() {\n console.warn('PasskeyNearKeysDB connection is blocked.');\n },\n blocking() {\n console.warn('PasskeyNearKeysDB connection is blocking another connection.');\n },\n terminated: () => {\n console.warn('PasskeyNearKeysDB connection has been terminated.');\n this.db = null;\n },\n });\n\n return this.db;\n }\n\n /**\n * Store encrypted key data\n */\n async storeEncryptedKey(data: EncryptedKeyData): Promise<void> {\n const db = await this.getDB();\n if (!data.chacha20NonceB64u) {\n throw new Error('PasskeyNearKeysDB: Missing chacha20NonceB64u');\n }\n await db.put(this.config.storeName, data);\n }\n\n /**\n * Retrieve encrypted key data\n */\n async getEncryptedKey(nearAccountId: string, deviceNumber: number): Promise<EncryptedKeyData | null> {\n const db = await this.getDB();\n const sanitize = (rec: any): EncryptedKeyData | null => {\n if (!rec?.encryptedData || !rec?.chacha20NonceB64u) return null;\n return {\n nearAccountId: rec.nearAccountId,\n deviceNumber: rec.deviceNumber,\n encryptedData: rec.encryptedData,\n chacha20NonceB64u: rec.chacha20NonceB64u,\n wrapKeySalt: rec.wrapKeySalt,\n version: rec.version,\n timestamp: rec.timestamp,\n };\n };\n\n if (typeof deviceNumber === 'number') {\n const res = await db.get(this.config.storeName, [nearAccountId, deviceNumber]);\n const direct = sanitize(res);\n if (direct) return direct;\n // Fallback: if specific device key missing, return the most recent key for the account\n if (nearAccountId !== '_init_check') {\n console.warn('PasskeyNearKeysDB: getEncryptedKey - No result for device', deviceNumber, '→ falling back to any key for account');\n }\n try {\n const idx = db.transaction(this.config.storeName).store.index('nearAccountId');\n const all = await idx.getAll(nearAccountId);\n if (Array.isArray(all) && all.length > 0) {\n // Choose the most recently stored entry by timestamp\n const latest = (all as any[]).reduce((a, b) => (a.timestamp >= b.timestamp ? a : b));\n return sanitize(latest);\n }\n } catch {}\n return null;\n }\n // Fallback: pick the first entry for this account (non-deterministic order)\n try {\n const idx = db.transaction(this.config.storeName).store.index('nearAccountId');\n // Prefer all+latest even in generic path for consistency\n const all = await idx.getAll(nearAccountId);\n if (Array.isArray(all) && all.length > 0) {\n const latest = (all as any[]).reduce((a, b) => (a.timestamp >= b.timestamp ? a : b));\n return sanitize(latest);\n }\n } catch {}\n return null;\n }\n\n /**\n * Verify key storage by attempting retrieval\n */\n async verifyKeyStorage(nearAccountId: string, deviceNumber: number): Promise<boolean> {\n const retrievedKey = await this.getEncryptedKey(nearAccountId, deviceNumber);\n return !!retrievedKey;\n }\n\n /**\n * Delete encrypted key data for a specific account\n */\n async deleteEncryptedKey(nearAccountId: string, deviceNumber?: number): Promise<void> {\n const db = await this.getDB();\n if (typeof deviceNumber === 'number') {\n await db.delete(this.config.storeName, [nearAccountId, deviceNumber]);\n } else {\n // Delete all keys for this account if device unspecified\n const tx = db.transaction(this.config.storeName, 'readwrite');\n const idx = tx.store.index('nearAccountId');\n let cursor = await idx.openCursor(IDBKeyRange.only(nearAccountId));\n while (cursor) {\n await tx.store.delete(cursor.primaryKey);\n cursor = await cursor.continue();\n }\n await tx.done;\n }\n console.debug('PasskeyNearKeysDB: deleteEncryptedKey - Successfully deleted');\n }\n\n /**\n * Get all encrypted keys (for migration or debugging purposes)\n */\n async getAllEncryptedKeys(): Promise<EncryptedKeyData[]> {\n const db = await this.getDB();\n const all = await db.getAll(this.config.storeName);\n return (all as any[])\n .map((rec) => {\n if (!rec?.encryptedData || !rec?.chacha20NonceB64u) return null;\n return {\n nearAccountId: rec.nearAccountId,\n deviceNumber: rec.deviceNumber,\n encryptedData: rec.encryptedData,\n chacha20NonceB64u: rec.chacha20NonceB64u,\n wrapKeySalt: rec.wrapKeySalt,\n version: rec.version,\n timestamp: rec.timestamp,\n } as EncryptedKeyData;\n })\n .filter((rec): rec is EncryptedKeyData => rec !== null);\n }\n\n /**\n * Check if a key exists for the given account\n */\n async hasEncryptedKey(nearAccountId: string, deviceNumber: number): Promise<boolean> {\n const keyData = await this.getEncryptedKey(nearAccountId, deviceNumber);\n return !!keyData;\n }\n}\n","export { PasskeyClientDBManager } from './passkeyClientDB';\nexport { PasskeyNearKeysDBManager } from './passkeyNearKeysDB';\n\nexport type {\n ClientUserData,\n UserPreferences,\n ClientAuthenticatorData,\n IndexedDBEvent,\n DerivedAddressRecord,\n RecoveryEmailRecord\n} from './passkeyClientDB';\n\nexport type {\n EncryptedKeyData\n} from './passkeyNearKeysDB';\n\nimport { AccountId } from '../types/accountIds';\n\n// === SINGLETON INSTANCES ===\nimport { PasskeyClientDBManager, type ClientUserData } from './passkeyClientDB';\nimport { PasskeyNearKeysDBManager, type EncryptedKeyData } from './passkeyNearKeysDB';\n\n// Export singleton instances for backward compatibility with existing code\nexport const passkeyClientDB = new PasskeyClientDBManager();\nexport const passkeyNearKeysDB = new PasskeyNearKeysDBManager();\n\nexport type IndexedDBMode = 'legacy' | 'wallet' | 'disabled';\n\nconst DB_CONFIG_BY_MODE: Record<IndexedDBMode, { clientDbName: string; nearKeysDbName: string; disabled: boolean }> = {\n legacy: { clientDbName: 'PasskeyClientDB', nearKeysDbName: 'PasskeyNearKeys', disabled: false },\n wallet: { clientDbName: 'PasskeyClientDB', nearKeysDbName: 'PasskeyNearKeys', disabled: false },\n // When running the SDK on the app origin with a wallet iframe configured, we disable IndexedDB entirely\n // to ensure no SDK tables are created and nothing can accidentally persist there.\n disabled: { clientDbName: 'PasskeyClientDB', nearKeysDbName: 'PasskeyNearKeys', disabled: true },\n};\n\nlet configured: { mode: IndexedDBMode; clientDbName: string; nearKeysDbName: string; disabled: boolean } | null = null;\n\n/**\n * Configure IndexedDB database names for the current runtime.\n *\n * Call this once, early (before any IndexedDB access).\n * - Wallet iframe host should use `mode: 'wallet'`.\n * - App origin should use `mode: 'disabled'` when wallet-iframe mode is enabled.\n * - Non-iframe apps should use `mode: 'legacy'`.\n */\nexport function configureIndexedDB(args: { mode: IndexedDBMode }): { clientDbName: string; nearKeysDbName: string } {\n const mode = args?.mode;\n const next = DB_CONFIG_BY_MODE[mode];\n if (!next) {\n throw new Error(`[IndexedDBManager] Unknown IndexedDBMode: ${String(mode)}`);\n }\n\n if (configured) {\n const isSame =\n configured.clientDbName === next.clientDbName\n && configured.nearKeysDbName === next.nearKeysDbName\n && configured.disabled === next.disabled;\n if (!isSame) {\n console.warn('[IndexedDBManager] configureIndexedDB called multiple times; ignoring subsequent configuration', {\n configured,\n requested: next,\n });\n }\n return { clientDbName: configured.clientDbName, nearKeysDbName: configured.nearKeysDbName };\n }\n\n configured = { mode, ...next };\n passkeyClientDB.setDbName(next.clientDbName);\n passkeyNearKeysDB.setDbName(next.nearKeysDbName);\n passkeyClientDB.setDisabled(next.disabled);\n passkeyNearKeysDB.setDisabled(next.disabled);\n return { clientDbName: configured.clientDbName, nearKeysDbName: configured.nearKeysDbName };\n}\n\nexport function getIndexedDBNames(): { clientDbName: string; nearKeysDbName: string } {\n return configured || {\n clientDbName: passkeyClientDB.getDbName(),\n nearKeysDbName: passkeyNearKeysDB.getDbName(),\n };\n}\n\n/**\n * Unified IndexedDB interface providing access to both databases\n * This allows centralized access while maintaining separation of concerns\n */\nexport class UnifiedIndexedDBManager {\n public readonly clientDB: PasskeyClientDBManager;\n public readonly nearKeysDB: PasskeyNearKeysDBManager;\n private _initialized = false;\n\n constructor() {\n this.clientDB = passkeyClientDB;\n this.nearKeysDB = passkeyNearKeysDB;\n }\n\n /**\n * Initialize both databases proactively\n * This ensures both databases are created and ready for use\n */\n async initialize(): Promise<void> {\n if (this._initialized) {\n return;\n }\n\n try {\n if (this.clientDB.isDisabled() || this.nearKeysDB.isDisabled()) {\n this._initialized = true;\n return;\n }\n // Initialize both databases by calling a simple operation\n // This will trigger the getDB() method in both managers and ensure databases are created\n await Promise.all([\n this.clientDB.getAppState('_init_check'),\n this.nearKeysDB.hasEncryptedKey('_init_check', 1)\n ]);\n\n this._initialized = true;\n } catch (error) {\n console.warn('Failed to initialize IndexedDB databases:', error);\n // Don't throw - allow the SDK to continue working, databases will be initialized on first use\n }\n }\n\n /**\n * Check if databases have been initialized\n */\n get isInitialized(): boolean {\n return this._initialized;\n }\n\n // === CONVENIENCE METHODS ===\n\n /**\n * Get user data and check if they have encrypted NEAR keys\n */\n async getUserWithKeys(nearAccountId: AccountId): Promise<{\n userData: ClientUserData | null;\n hasKeys: boolean;\n keyData?: EncryptedKeyData | null;\n }> {\n const last = await this.clientDB.getLastUser();\n const userData = last && last.nearAccountId === nearAccountId\n ? last\n : await this.clientDB.getUserByDevice(nearAccountId, 1);\n const deviceNumber = (last && last.nearAccountId === nearAccountId)\n ? last.deviceNumber\n : userData?.deviceNumber!;\n const [hasKeys, keyData] = await Promise.all([\n this.nearKeysDB.hasEncryptedKey(nearAccountId, deviceNumber),\n this.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber)\n ]);\n\n return {\n userData,\n hasKeys,\n keyData: hasKeys ? keyData : undefined\n };\n }\n\n // === Derived addresses convenience ===\n async setDerivedAddress(\n nearAccountId: AccountId,\n args: { contractId: string; path: string; address: string }\n ): Promise<void> {\n return this.clientDB.setDerivedAddress(nearAccountId, args);\n }\n\n async getDerivedAddressRecord(\n nearAccountId: AccountId,\n args: { contractId: string; path: string }\n ): Promise<import('./passkeyClientDB').DerivedAddressRecord | null> {\n return this.clientDB.getDerivedAddressRecord(nearAccountId, args);\n }\n\n async getDerivedAddress(\n nearAccountId: AccountId,\n args: { contractId: string; path: string }\n ): Promise<string | null> {\n return this.clientDB.getDerivedAddress(nearAccountId, args);\n }\n\n // === Recovery emails convenience ===\n async upsertRecoveryEmails(\n nearAccountId: AccountId,\n entries: Array<{ hashHex: string; email: string }>\n ): Promise<void> {\n return this.clientDB.upsertRecoveryEmails(nearAccountId, entries);\n }\n\n async getRecoveryEmails(nearAccountId: AccountId): Promise<import('./passkeyClientDB').RecoveryEmailRecord[]> {\n return this.clientDB.getRecoveryEmails(nearAccountId);\n }\n}\n\n// Export singleton instance of unified manager\nexport const IndexedDBManager = new UnifiedIndexedDBManager();\n","// base-x encoding / decoding\n// Copyright (c) 2018 base-x contributors\n// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)\n// Distributed under the MIT software license, see the accompanying\n// file LICENSE or http://www.opensource.org/licenses/mit-license.php.\nfunction base (ALPHABET) {\n if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }\n const BASE_MAP = new Uint8Array(256)\n for (let j = 0; j < BASE_MAP.length; j++) {\n BASE_MAP[j] = 255\n }\n for (let i = 0; i < ALPHABET.length; i++) {\n const x = ALPHABET.charAt(i)\n const xc = x.charCodeAt(0)\n if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }\n BASE_MAP[xc] = i\n }\n const BASE = ALPHABET.length\n const LEADER = ALPHABET.charAt(0)\n const FACTOR = Math.log(BASE) / Math.log(256) // log(BASE) / log(256), rounded up\n const iFACTOR = Math.log(256) / Math.log(BASE) // log(256) / log(BASE), rounded up\n function encode (source) {\n // eslint-disable-next-line no-empty\n if (source instanceof Uint8Array) { } else if (ArrayBuffer.isView(source)) {\n source = new Uint8Array(source.buffer, source.byteOffset, source.byteLength)\n } else if (Array.isArray(source)) {\n source = Uint8Array.from(source)\n }\n if (!(source instanceof Uint8Array)) { throw new TypeError('Expected Uint8Array') }\n if (source.length === 0) { return '' }\n // Skip & count leading zeroes.\n let zeroes = 0\n let length = 0\n let pbegin = 0\n const pend = source.length\n while (pbegin !== pend && source[pbegin] === 0) {\n pbegin++\n zeroes++\n }\n // Allocate enough space in big-endian base58 representation.\n const size = ((pend - pbegin) * iFACTOR + 1) >>> 0\n const b58 = new Uint8Array(size)\n // Process the bytes.\n while (pbegin !== pend) {\n let carry = source[pbegin]\n // Apply \"b58 = b58 * 256 + ch\".\n let i = 0\n for (let it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {\n carry += (256 * b58[it1]) >>> 0\n b58[it1] = (carry % BASE) >>> 0\n carry = (carry / BASE) >>> 0\n }\n if (carry !== 0) { throw new Error('Non-zero carry') }\n length = i\n pbegin++\n }\n // Skip leading zeroes in base58 result.\n let it2 = size - length\n while (it2 !== size && b58[it2] === 0) {\n it2++\n }\n // Translate the result into a string.\n let str = LEADER.repeat(zeroes)\n for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]) }\n return str\n }\n function decodeUnsafe (source) {\n if (typeof source !== 'string') { throw new TypeError('Expected String') }\n if (source.length === 0) { return new Uint8Array() }\n let psz = 0\n // Skip and count leading '1's.\n let zeroes = 0\n let length = 0\n while (source[psz] === LEADER) {\n zeroes++\n psz++\n }\n // Allocate enough space in big-endian base256 representation.\n const size = (((source.length - psz) * FACTOR) + 1) >>> 0 // log(58) / log(256), rounded up.\n const b256 = new Uint8Array(size)\n // Process the characters.\n while (psz < source.length) {\n // Find code of next character\n const charCode = source.charCodeAt(psz)\n // Base map can not be indexed using char code\n if (charCode > 255) { return }\n // Decode character\n let carry = BASE_MAP[charCode]\n // Invalid character\n if (carry === 255) { return }\n let i = 0\n for (let it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {\n carry += (BASE * b256[it3]) >>> 0\n b256[it3] = (carry % 256) >>> 0\n carry = (carry / 256) >>> 0\n }\n if (carry !== 0) { throw new Error('Non-zero carry') }\n length = i\n psz++\n }\n // Skip leading zeroes in b256.\n let it4 = size - length\n while (it4 !== size && b256[it4] === 0) {\n it4++\n }\n const vch = new Uint8Array(zeroes + (size - it4))\n let j = zeroes\n while (it4 !== size) {\n vch[j++] = b256[it4++]\n }\n return vch\n }\n function decode (string) {\n const buffer = decodeUnsafe(string)\n if (buffer) { return buffer }\n throw new Error('Non-base' + BASE + ' character')\n }\n return {\n encode,\n decodeUnsafe,\n decode\n }\n}\nexport default base\n","import basex from 'base-x';\nvar ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';\nexport default basex(ALPHABET);\n","import bs58 from 'bs58';\n\n/**\n * Encodes binary data to base58 string using Bitcoin's base58 alphabet.\n * Used extensively in NEAR for account IDs, public keys, hashes, and signatures.\n *\n * @param data - Binary data to encode (Uint8Array, ArrayBuffer, or number[])\n * @returns Base58-encoded string\n */\nexport const base58Encode = (data: Uint8Array | ArrayBuffer | number[]): string => {\n if (data instanceof ArrayBuffer) {\n return bs58.encode(new Uint8Array(data));\n }\n if (Array.isArray(data)) {\n return bs58.encode(new Uint8Array(data));\n }\n return bs58.encode(data);\n};\n\n/**\n * Decodes a base58 string to binary data using Bitcoin's base58 alphabet.\n * Returns a Uint8Array containing the decoded bytes.\n *\n * @param base58String - Base58-encoded string to decode\n * @returns Uint8Array containing the decoded bytes\n * @throws Error if input contains invalid base58 characters\n */\nexport const base58Decode = (base58String: string): Uint8Array => {\n return bs58.decode(base58String);\n};\n\n","/**\n * Device detection utilities for camera and UI optimization\n */\n\nexport type DeviceType = 'mobile' | 'tablet' | 'desktop';\nexport type CameraFacingMode = 'user' | 'environment';\n\n/**\n * Detects the current device type based on multiple indicators\n */\nexport const detectDeviceType = (): DeviceType => {\n // Method 1: User agent detection\n const userAgent = navigator.userAgent.toLowerCase();\n const isMobileUA = /android|iphone|ipod|blackberry|iemobile|opera mini/i.test(userAgent);\n const isTabletUA = /ipad|tablet|kindle|playbook|silk/i.test(userAgent);\n\n // Method 2: Touch and screen size detection\n const isTouchDevice = navigator.maxTouchPoints > 0;\n const screenWidth = window.screen.width;\n const isSmallScreen = screenWidth <= 480;\n const isMediumScreen = screenWidth <= 1024;\n\n // Method 3: Orientation support (mobile/tablet indicator)\n const hasOrientation = 'orientation' in window;\n\n // Determine device type with priority: mobile > tablet > desktop\n if (isMobileUA || (isTouchDevice && isSmallScreen)) {\n return 'mobile';\n }\n\n if (isTabletUA || (isTouchDevice && isMediumScreen && hasOrientation)) {\n return 'tablet';\n }\n\n return 'desktop';\n};\n\n/**\n * Basic Safari detection (desktop Safari). Note: all iOS browsers use WebKit,\n * so use isIOS() to capture iOS Safari-like restrictions.\n */\nexport const isSafari = (): boolean => {\n try {\n const ua = navigator.userAgent;\n const isSafariEngine = /safari/i.test(ua) && !/chrome|crios|crmo|chromium|edg|edge|opr|opera|brave/i.test(ua);\n return isSafariEngine;\n } catch {\n return false;\n }\n};\n\n/**\n * Detect iOS (covers iPhone/iPad/iPod and iPadOS with desktop UA).\n * iOS has WebAuthn user-activation quirks that are shared by all iOS browsers.\n */\nexport const isIOS = (): boolean => {\n try {\n const ua = navigator.userAgent;\n const platform = (navigator as any).platform || '';\n const maxTouch = Number(navigator.maxTouchPoints || 0);\n const iOSUA = /iPad|iPhone|iPod/.test(ua);\n const iPadOSMacLike = /Macintosh/.test(ua) && maxTouch > 1; // iPadOS masquerading as Mac\n const iOSPlatform = /iPad|iPhone|iPod/.test(platform);\n return iOSUA || iPadOSMacLike || iOSPlatform;\n } catch {\n return false;\n }\n};\n\n/**\n * Detect Mobile Safari (iOS Safari specifically). Chrome/Firefox on iOS still use WebKit,\n * so for WebAuthn activation rules, prefer checking isIOS() as well.\n */\nexport const isMobileSafari = (): boolean => {\n try {\n const ua = navigator.userAgent;\n if (!isIOS()) return false;\n // Exclude Chrome/Firefox/Edge branded iOS browsers (still WebKit underneath)\n const branded = /crios|fxios|edgios|opios|mercury/i.test(ua);\n const safariToken = /safari/i.test(ua);\n return safariToken && !branded;\n } catch {\n return false;\n }\n};\n\n/**\n * Returns true when the page currently has a transient user activation\n * (click/tap/key within the allowed time window).\n */\nexport const hasActiveUserActivation = (): boolean => {\n try {\n const ua = (navigator as any).userActivation;\n return !!(ua && typeof ua.isActive === 'boolean' && ua.isActive);\n } catch {\n return false;\n }\n};\n\n/**\n * Heuristic: when on Safari/iOS or on a mobile device AND no active user\n * activation, we should surface a clickable UI to capture activation.\n */\nexport const needsExplicitActivation = (): boolean => {\n try {\n if (hasActiveUserActivation()) return false;\n return isIOS() || isMobileDevice() || isSafari();\n } catch {\n // In non-browser or SSR/test environments, avoid forcing UI changes\n return false;\n }\n};\n\n/**\n * Determines optimal camera facing mode based on device type\n * - Mobile/Tablet: Back camera (environment) for QR scanning\n * - Desktop/Laptop: Front camera (user) for video calls/selfies\n */\nexport const getOptimalCameraFacingMode = (): CameraFacingMode => {\n const deviceType = detectDeviceType();\n\n switch (deviceType) {\n case 'mobile':\n case 'tablet':\n console.log(`${deviceType} device detected - using back camera (environment)`);\n return 'environment';\n\n case 'desktop':\n default:\n return 'user';\n }\n};\n\n/**\n * Check if the current device is likely mobile\n */\nexport const isMobileDevice = (): boolean => {\n return detectDeviceType() === 'mobile';\n};\n\n/**\n * Check if the current device supports touch\n */\nexport const isTouchDevice = (): boolean => {\n return navigator.maxTouchPoints > 0;\n};\n\n/**\n * Get device capabilities for camera constraints\n */\nexport const getDeviceCapabilities = () => {\n const deviceType = detectDeviceType();\n const isTouch = isTouchDevice();\n const facingMode = getOptimalCameraFacingMode();\n\n return {\n deviceType,\n isTouch,\n recommendedFacingMode: facingMode,\n // Recommended camera constraints based on device\n cameraConstraints: {\n video: {\n facingMode,\n width: deviceType === 'mobile' ? { ideal: 720, min: 480 } : { ideal: 1280, min: 720 },\n height: deviceType === 'mobile' ? { ideal: 720, min: 480 } : { ideal: 720, min: 480 },\n aspectRatio: deviceType === 'mobile' ? { ideal: 1.0 } : { ideal: 16/9 }\n }\n }\n };\n};\n","import { RpcResponse } from './types/rpc';\n\ntype NearRpcErrorType = 'InvalidTxError' | 'ActionError' | 'TxExecutionError' | 'RpcError' | 'Failure' | 'Unknown';\n\nfunction isObj(v: unknown): v is Record<string, unknown> {\n return !!v && typeof v === 'object' && !Array.isArray(v);\n}\n\nfunction firstKey(o: Record<string, unknown> | undefined): string | undefined {\n if (!o) return undefined;\n const keys = Object.keys(o);\n return keys.length ? keys[0] : undefined;\n}\n\nexport class NearRpcError extends Error {\n code?: number;\n type: NearRpcErrorType;\n kind?: string;\n index?: number;\n short: string;\n details?: unknown;\n operation?: string;\n\n constructor(params: {\n message: string;\n short: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n code?: number;\n name?: string;\n operation?: string;\n details?: unknown;\n }) {\n super(params.message);\n this.name = params.name || 'NearRpcError';\n this.code = params.code;\n this.type = params.type || 'Unknown';\n this.kind = params.kind;\n this.index = params.index;\n this.short = params.short;\n this.details = params.details;\n this.operation = params.operation;\n }\n\n static fromRpcResponse(operationName: string, rpc: RpcResponse): NearRpcError {\n const err = rpc.error || {};\n const details = err.data as unknown;\n\n const { message, type, kind, index, short } = describeDetails(operationName, details);\n\n return new NearRpcError({\n message: message || err.message || `${operationName} RPC error`,\n short: short || kind || 'RPC error',\n type: type || 'RpcError',\n kind,\n index,\n code: err.code,\n name: err.name || 'NearRpcError',\n operation: operationName,\n details,\n });\n }\n\n static fromOutcome(operationName: string, outcome: any, failure: any): NearRpcError {\n const { message, type, kind, index, short } = describeFailure(operationName, failure);\n return new NearRpcError({\n message: message || `${operationName} failed`,\n short: short || kind || 'TxExecutionError',\n type: type || 'Failure',\n kind,\n index,\n name: 'TxExecutionFailure',\n operation: operationName,\n details: { Failure: failure, outcome },\n });\n }\n}\n\nfunction describeDetails(operationName: string, details: unknown): {\n message: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n short?: string;\n} {\n const d = isObj(details) ? details : undefined;\n const txExec = isObj(d?.TxExecutionError) ? (d!.TxExecutionError as Record<string, unknown>) : undefined;\n if (!txExec) {\n const dataStr = d ? ` Details: ${JSON.stringify(d)}` : '';\n return { message: `${operationName} RPC error.${dataStr}` };\n }\n return describeTxExecution(operationName, txExec);\n}\n\nfunction describeFailure(operationName: string, failure: any): {\n message: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n short?: string;\n} {\n const f = isObj(failure) ? (failure as Record<string, unknown>) : undefined;\n if (!f) {\n return { message: `${operationName} failed (Unknown Failure)` };\n }\n // Reuse TxExecutionError shape if available\n return describeTxExecution(operationName, f as Record<string, unknown>);\n}\n\nfunction describeTxExecution(operationName: string, exec: Record<string, unknown>): {\n message: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n short?: string;\n} {\n // InvalidTxError\n if (isObj(exec.InvalidTxError)) {\n const inv = exec.InvalidTxError as Record<string, unknown>;\n let kind = firstKey(inv) || 'InvalidTxError';\n if (isObj(inv.ActionsValidation)) {\n kind = `ActionsValidation.${firstKey(inv.ActionsValidation as Record<string, unknown>)}`;\n }\n const short = kind.startsWith('ActionsValidation.')\n ? `InvalidTxError: ${kind.split('.')[1] || 'ActionsValidation'}`\n : `InvalidTxError: ${kind}`;\n return {\n message: `${operationName} failed (InvalidTxError: ${kind})`,\n type: 'InvalidTxError',\n kind,\n short,\n };\n }\n\n // ActionError\n if (isObj(exec.ActionError)) {\n const ae = exec.ActionError as Record<string, unknown>;\n const idx = typeof (ae.index as unknown) === 'number' ? (ae.index as number) : undefined;\n const kobj = isObj(ae.kind) ? (ae.kind as Record<string, unknown>) : undefined;\n const kind = firstKey(kobj) || 'ActionError';\n const idxStr = typeof idx === 'number' ? ` at action ${idx}` : '';\n const short = `ActionError: ${kind}`;\n return {\n message: `${operationName} failed${idxStr} (ActionError: ${kind})`,\n type: 'ActionError',\n kind,\n index: idx,\n short,\n };\n }\n\n // Fallback TxExecutionError without specifics\n return {\n message: `${operationName} failed (TxExecutionError)`,\n type: 'TxExecutionError',\n kind: 'TxExecutionError',\n short: 'TxExecutionError',\n };\n}\n","import type { AccessKeyView, TxExecutionStatus } from \"@near-js/types\";\n\nexport const DEFAULT_WAIT_STATUS = {\n executeAction: \"EXECUTED_OPTIMISTIC\" as TxExecutionStatus,\n linkDeviceAddKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n linkDeviceSwapKey: \"FINAL\" as TxExecutionStatus,\n linkDeviceAccountMapping: \"INCLUDED_FINAL\" as TxExecutionStatus,\n linkDeviceDeleteKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n linkDeviceRegistration: \"FINAL\" as TxExecutionStatus,\n // See default finality settings:\n // https://github.com/near/near-api-js/blob/99f34864317725467a097dc3c7a3cc5f7a5b43d4/packages/accounts/src/account.ts#L68\n}\n\n// Transaction and Signature types - defined as TypeScript interfaces since they're handled as JSON\nexport interface TransactionStruct {\n signerAccount: string;\n publicKey: {\n keyType: number;\n keyData: number[];\n };\n nonce: number;\n receiverAccount: string;\n blockHash: number[];\n actions: any[]; // Actions are complex, handled as JSON\n}\n\nexport interface SignatureStruct {\n keyType: number;\n signatureData: number[];\n}\n\nexport interface NearRpcCallParams {\n jsonrpc: string;\n id: string;\n method: string;\n params: {\n signed_tx_base64: string;\n wait_until: TxExecutionStatus;\n }\n}\n\nexport interface TransactionContext {\n nearPublicKeyStr: string;\n accessKeyInfo: AccessKeyView;\n nextNonce: string;\n txBlockHeight: string;\n txBlockHash: string;\n}\n\nexport interface BlockInfo {\n header: {\n hash: string;\n height: number;\n };\n}\nexport interface RpcErrorData {\n // NEAR error payloads vary; keep flexible but preserve common fields\n // Top-level helper message if present\n message?: string;\n // Anything else from the node (TxExecutionError, ActionError, etc.)\n [key: string]: any;\n}\n\nexport interface RpcError {\n code?: number;\n name?: string;\n data?: RpcErrorData;\n message?: string;\n}\n\nexport interface RpcResponse {\n error?: RpcError;\n result?: any;\n}\n","/**\n * Minimal NEAR RPC client that replaces @near-js/providers\n * Only includes the methods actually used by TatchiPasskey\n *\n * If needed, we can just wrap @near-js if we require more complex\n * functionality and type definitions\n */\n\nimport type {\n FinalExecutionOutcome,\n QueryResponseKind,\n TxExecutionStatus,\n AccessKeyView,\n AccessKeyInfoView,\n AccessKeyList,\n FunctionCallPermissionView,\n AccountView,\n BlockResult,\n BlockReference,\n RpcQueryRequest,\n FinalityReference,\n} from \"@near-js/types\";\nimport { base64Encode, base64Decode } from \"../utils\";\nimport { errorMessage } from \"../utils/errors\";\nimport { NearRpcError } from \"./NearRpcError\";\nimport { DEFAULT_WAIT_STATUS, RpcResponse } from \"./types/rpc\";\nimport { isFunction } from './WalletIframe/validation';\nimport {\n WasmTransaction,\n WasmSignature,\n} from \"../wasm_signer_worker/pkg/wasm_signer_worker.js\";\n\n// re-export near-js types\nexport type { AccessKeyList } from \"@near-js/types\";\n\nexport interface ViewAccountParams {\n account: string;\n block_id?: string;\n}\n\nexport type FullAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n & { access_key: Omit<AccessKeyView, 'permission'> & { permission: 'FullAccess' } }\n\nexport type FunctionCallAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n & { access_key: Omit<AccessKeyView, 'permission'> & { permission: FunctionCallPermissionView } }\n\nexport interface ContractResult<T> extends QueryResponseKind {\n result?: T | string | number;\n logs: string[];\n}\n\nexport enum RpcCallType {\n Query = \"query\",\n View = \"view\",\n Send = \"send_tx\",\n Block = \"block\",\n Call = \"call_function\",\n}\n\nexport class SignedTransaction {\n transaction: WasmTransaction;\n signature: WasmSignature;\n borsh_bytes: number[];\n\n constructor(data: {\n transaction: WasmTransaction;\n signature: WasmSignature;\n borsh_bytes: number[]\n }) {\n this.transaction = data.transaction;\n this.signature = data.signature;\n this.borsh_bytes = data.borsh_bytes;\n }\n\n static fromPlain(input: { transaction: unknown; signature: unknown; borsh_bytes: number[] }): SignedTransaction {\n return new SignedTransaction({\n transaction: input.transaction as WasmTransaction,\n signature: input.signature as WasmSignature,\n borsh_bytes: input.borsh_bytes,\n });\n }\n\n encode(): ArrayBuffer {\n // If borsh_bytes are already available, use them\n return (new Uint8Array(this.borsh_bytes)).buffer;\n }\n\n base64Encode(): string {\n return base64Encode(this.encode());\n }\n\n static decode(bytes: Uint8Array): SignedTransaction {\n // This would need borsh deserialization\n throw new Error('SignedTransaction.decode(): borsh deserialization not implemented');\n }\n}\n\n/**\n * Serialize a signed transaction-like object to base64.\n * Accepts either our SignedTransaction instance or a plain object\n * with borsh bytes (borsh_bytes | borshBytes) from cross-origin RPC.\n *\n * Implementation notes / pitfalls:\n * - We always bind `this` correctly when calling .base64Encode() / .encode()\n * so methods defined on SignedTransaction can safely call this.encode().\n * - The underlying base64Encode() helper is implemented to avoid spreading large\n * Uint8Arrays into String.fromCharCode(...), which can overflow the JS call\n * stack for big WASM binaries or large transactions.\n * - As a fallback, we accept raw borsh bytes in multiple shapes to keep the\n * serializer resilient to different runtimes (plain objects, typed arrays, etc.).\n */\nexport type EncodableSignedTx =\n | SignedTransaction\n | {\n // Borsh bytes in various shapes from different runtimes\n borsh_bytes?: unknown;\n borshBytes?: unknown;\n // Optional helper methods from some callers\n encode?: () => ArrayBuffer;\n base64Encode?: () => string;\n };\n\nexport function toArrayBufferFromUnknownBytes(\n bytes: unknown\n): ArrayBuffer | SharedArrayBuffer | null {\n if (!bytes) return null;\n\n // Plain number[]\n if (Array.isArray(bytes)) {\n return new Uint8Array(bytes as number[]).buffer;\n }\n\n // Typed arrays / DataView\n if (ArrayBuffer.isView(bytes)) {\n const view = bytes as ArrayBufferView;\n return view.buffer.slice(view.byteOffset, view.byteOffset + view.byteLength);\n }\n\n // Raw ArrayBuffer\n if (bytes instanceof ArrayBuffer) {\n return bytes;\n }\n\n return null;\n}\n\nexport function encodeSignedTransactionBase64(signed: EncodableSignedTx): string {\n // Some call sites wrap the actual SignedTransaction in a { signedTransaction } envelope.\n // Normalize that here so the rest of the function always works with a concrete tx-like object.\n const maybeSigned = (signed as any)?.signedTransaction;\n const txPayload: EncodableSignedTx =\n maybeSigned && typeof maybeSigned === 'object'\n ? (maybeSigned as EncodableSignedTx)\n : signed;\n\n // 1) If the payload exposes a .base64Encode() helper (our SignedTransaction class),\n // use it directly. Bind `this` so the method can safely call this.encode().\n const maybeBase64 = (txPayload as { base64Encode?: unknown }).base64Encode;\n if (isFunction(maybeBase64)) {\n return (maybeBase64 as () => string).call(txPayload);\n }\n\n // 2) Otherwise, fall back to a generic encode() → ArrayBuffer method if present.\n const maybeEncode = (txPayload as { encode?: unknown }).encode;\n if (isFunction(maybeEncode)) {\n const buf = (maybeEncode as () => ArrayBuffer).call(txPayload);\n return base64Encode(buf);\n }\n\n // 3) Finally, accept raw borsh bytes in multiple shapes / field names.\n // This keeps the serializer resilient across runtimes that may not\n // hydrate SignedTransaction instances but still provide borsh_bytes/Bytes.\n const snakeBuf = toArrayBufferFromUnknownBytes(\n (txPayload as { borsh_bytes?: unknown }).borsh_bytes\n );\n if (snakeBuf) {\n return base64Encode(snakeBuf);\n }\n\n const camelBuf = toArrayBufferFromUnknownBytes(\n (txPayload as { borshBytes?: unknown }).borshBytes\n );\n if (camelBuf) {\n return base64Encode(camelBuf);\n }\n\n throw new Error('Invalid signed transaction payload: cannot serialize to base64');\n}\n\n/**\n * MinimalNearClient provides a simplified interface for NEAR protocol interactions\n */\nexport interface NearClient {\n viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView>;\n viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList>;\n viewAccount(accountId: string): Promise<AccountView>;\n viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array>;\n viewBlock(params: BlockReference): Promise<BlockResult>;\n sendTransaction(\n signedTransaction: SignedTransaction,\n waitUntil?: TxExecutionStatus\n ): Promise<FinalExecutionOutcome>;\n query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T>;\n callFunction<A, T>(\n contractId: string,\n method: string,\n args: A,\n blockQuery?: BlockReference\n ): Promise<T>;\n view<A, T>(params: { account: string; method: string; args: A }): Promise<T>;\n getAccessKeys(params: ViewAccountParams): Promise<{\n fullAccessKeys: FullAccessKey[];\n functionCallAccessKeys: FunctionCallAccessKey[];\n }>;\n}\n\nexport class MinimalNearClient implements NearClient {\n private readonly rpcUrls: string[];\n\n constructor(rpcUrl: string | string[]) {\n this.rpcUrls = MinimalNearClient.normalizeRpcUrls(rpcUrl);\n }\n\n private static normalizeRpcUrls(input: string | string[]): string[] {\n const urls = Array.isArray(input)\n ? input\n : input\n .split(/[\\s,]+/)\n .map(url => url.trim())\n .filter(Boolean);\n\n const normalized = urls.map(url => {\n try {\n return new URL(url).toString();\n } catch (err) {\n const message = errorMessage(err) || `Invalid NEAR RPC URL: ${url}`;\n throw new Error(message);\n }\n });\n\n if (!normalized.length) {\n throw new Error('NEAR RPC URL cannot be empty');\n }\n\n return Array.from(new Set(normalized));\n }\n\n // ===========================\n // PRIVATE HELPER FUNCTIONS\n // ===========================\n\n /** Build a JSON-RPC 2.0 POST body (stringified). */\n private buildRequestBody<P>(method: string, params: P): string {\n return JSON.stringify({\n jsonrpc: '2.0',\n id: crypto.randomUUID(),\n method,\n params\n });\n }\n\n /** Perform a single POST to one endpoint and return parsed RpcResponse. */\n private async postOnce(url: string, requestBody: string): Promise<RpcResponse> {\n const response = await fetch(url, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: requestBody\n });\n\n if (!response.ok) {\n throw new Error(`RPC request failed: ${response.status} ${response.statusText}`);\n }\n\n const text = await response.text();\n if (!text?.trim()) {\n throw new Error('Empty response from RPC server');\n }\n\n return JSON.parse(text) as RpcResponse;\n }\n\n /** Try each configured RPC endpoint in order and return the first successful RpcResponse. */\n private async requestWithFallback(requestBody: string): Promise<RpcResponse> {\n let lastError: unknown;\n for (const [index, url] of this.rpcUrls.entries()) {\n try {\n const result = await this.postOnce(url, requestBody);\n if (index > 0) console.warn(`[NearClient] RPC succeeded via fallback: ${url}`);\n return result;\n } catch (err) {\n lastError = err;\n const remaining = index < this.rpcUrls.length - 1;\n console.warn(`[NearClient] RPC call to ${url} failed${remaining ? ', trying next' : ''}: ${errorMessage(err) || 'RPC request failed'}`);\n if (!remaining) throw err instanceof Error ? err : new Error(String(err));\n }\n }\n throw new Error(errorMessage(lastError) || 'RPC request failed');\n }\n\n /** Validate and unwrap RpcResponse into the typed result with rich error forwarding. */\n private unwrapRpcResult<T>(rpc: RpcResponse, operationName: string): T {\n if (rpc.error) {\n throw NearRpcError.fromRpcResponse(operationName, rpc);\n }\n const result = rpc.result as any;\n // Some providers return a wrapped error in `result.error`\n if (result?.error) {\n const msg = typeof result.error === 'string' ? result.error : JSON.stringify(result.error);\n throw new NearRpcError({ message: `${operationName} Error: ${msg}`, short: 'RpcError', type: 'RpcError' });\n }\n return rpc.result as T;\n }\n\n /**\n * Execute RPC call with proper error handling and result extraction\n */\n private async makeRpcCall<P, T>(\n method: string,\n params: P,\n operationName: string\n ): Promise<T> {\n const requestBody = this.buildRequestBody(method, params);\n const rpc = await this.requestWithFallback(requestBody);\n return this.unwrapRpcResult<T>(rpc, operationName);\n }\n\n // ===========================\n // PUBLIC API METHODS\n // ===========================\n\n async query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T> {\n return this.makeRpcCall<RpcQueryRequest, T>(RpcCallType.Query, params, 'Query');\n }\n\n async viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView> {\n const publicKeyStr = publicKey;\n const finality = finalityQuery?.finality || 'final';\n const params = {\n request_type: 'view_access_key',\n finality: finality,\n account_id: accountId,\n public_key: publicKeyStr\n };\n return this.makeRpcCall<typeof params, AccessKeyView>(\n RpcCallType.Query,\n params,\n 'View Access Key'\n );\n }\n\n async viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList> {\n const finality = finalityQuery?.finality || 'final';\n const params = {\n request_type: 'view_access_key_list',\n finality: finality,\n account_id: accountId\n };\n return this.makeRpcCall<typeof params, AccessKeyList>(RpcCallType.Query, params, 'View Access Key List');\n }\n\n async viewAccount(accountId: string): Promise<AccountView> {\n const params = {\n request_type: 'view_account',\n finality: 'final',\n account_id: accountId\n };\n return this.makeRpcCall<typeof params, AccountView>(RpcCallType.Query, params, 'View Account');\n }\n\n async viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array> {\n const finality = finalityQuery?.finality || 'final';\n const params = {\n request_type: 'view_code',\n finality,\n account_id: accountId\n };\n const result = await this.makeRpcCall<typeof params, any>(\n RpcCallType.Query,\n params,\n 'View Code'\n );\n const codeBase64 = result?.code_base64;\n if (typeof codeBase64 !== 'string' || !codeBase64.length) {\n throw new Error('Invalid View Code response: missing code_base64');\n }\n return base64Decode(codeBase64);\n }\n\n async viewBlock(params: BlockReference): Promise<BlockResult> {\n return this.makeRpcCall<BlockReference, BlockResult>(RpcCallType.Block, params, 'View Block');\n }\n\n async sendTransaction(\n signedTransaction: SignedTransaction,\n waitUntil: TxExecutionStatus = DEFAULT_WAIT_STATUS.executeAction\n ): Promise<FinalExecutionOutcome> {\n const params = {\n signed_tx_base64: encodeSignedTransactionBase64(signedTransaction),\n wait_until: waitUntil\n };\n\n // Retry on transient RPC errors commonly seen with shared/public nodes\n const maxAttempts = 5;\n let lastError: unknown = null;\n for (let attempt = 1; attempt <= maxAttempts; attempt++) {\n try {\n const outcome = await this.makeRpcCall<typeof params, FinalExecutionOutcome>(RpcCallType.Send, params, 'Send Transaction');\n // near-api-js throws on Failure; replicate that for clearer UX\n const status = (outcome as any)?.status;\n if (status && typeof status === 'object' && 'Failure' in status) {\n const failure = (status as any).Failure;\n throw NearRpcError.fromOutcome('Send Transaction', outcome, failure);\n }\n return outcome;\n } catch (err: unknown) {\n lastError = err;\n const msg = errorMessage(err);\n const retryable = /server error|internal|temporar|timeout|too many requests|429|unavailable|bad gateway|gateway timeout/i.test(msg || '');\n if (!retryable || attempt === maxAttempts) {\n throw err;\n }\n // Exponential backoff with jitter (200–1200ms approx across attempts)\n const base = 200 * Math.pow(2, attempt - 1);\n const jitter = Math.floor(Math.random() * 150);\n await new Promise(r => setTimeout(r, base + jitter));\n }\n }\n // Should be unreachable\n throw lastError instanceof Error ? lastError : new Error(String(lastError));\n }\n\n // legacy helpers removed in favor of NearRpcError\n\n async callFunction<A, T>(\n contractId: string,\n method: string,\n args: A,\n blockQuery?: BlockReference\n ): Promise<T> {\n const rpcParams = {\n request_type: 'call_function',\n finality: 'final',\n account_id: contractId,\n method_name: method,\n args_base64: base64Encode(new TextEncoder().encode(JSON.stringify(args)).buffer)\n };\n const result = await this.makeRpcCall<typeof rpcParams, ContractResult<T>>(\n RpcCallType.Query,\n rpcParams,\n 'View Function'\n );\n\n // Parse result bytes to string/JSON\n const resultBytes = result.result;\n\n if (!Array.isArray(resultBytes)) {\n // If result is not bytes array, it might already be parsed\n return result as unknown as T;\n }\n\n const resultString = String.fromCharCode(...resultBytes);\n\n if (!resultString.trim()) {\n return null as T;\n }\n\n try {\n const parsed = JSON.parse(resultString);\n return parsed as T;\n } catch (parseError) {\n console.warn('Failed to parse result as JSON, returning as string:', parseError);\n console.warn('Raw result string:', resultString);\n // Return the string value if it's not valid JSON\n const cleanString = resultString.replace(/^\"|\"$/g, ''); // Remove quotes\n return cleanString as T;\n }\n }\n\n async view<A, T>(params: { account: string; method: string; args: A }): Promise<T> {\n return this.callFunction<A, T>(params.account, params.method, params.args);\n }\n\n async getAccessKeys({ account, block_id }: ViewAccountParams): Promise<{\n fullAccessKeys: FullAccessKey[];\n functionCallAccessKeys: FunctionCallAccessKey[];\n }> {\n // Build RPC parameters similar to the official implementation\n const params: Record<string, unknown> = {\n request_type: 'view_access_key_list',\n account_id: account,\n finality: 'final'\n };\n\n // Add block_id if provided (for specific block queries)\n if (block_id) {\n params.block_id = block_id;\n delete params.finality; // block_id takes precedence over finality\n }\n\n // Make the RPC call directly to match the official implementation\n const accessKeyList = await this.makeRpcCall<typeof params, AccessKeyList>(\n RpcCallType.Query,\n params,\n 'View Access Key List'\n );\n\n // Separate full access keys and function call access keys\n const fullAccessKeys: FullAccessKey[] = [];\n const functionCallAccessKeys: FunctionCallAccessKey[] = [];\n\n // Process each access key (matching the official categorization logic)\n for (const key of accessKeyList.keys) {\n if (key.access_key.permission === 'FullAccess') {\n // Full Access Keys: Keys with FullAccess permission\n fullAccessKeys.push(key as FullAccessKey);\n } else if (key.access_key.permission && typeof key.access_key.permission === 'object' && 'FunctionCall' in key.access_key.permission) {\n // Function Call Keys: Keys with limited permissions for specific contract calls\n functionCallAccessKeys.push(key as FunctionCallAccessKey);\n }\n }\n\n return {\n fullAccessKeys,\n functionCallAccessKeys\n };\n }\n}\n","export const OFFLINE_EXPORT_DONE = 'OFFLINE_EXPORT_DONE';\nexport const OFFLINE_EXPORT_ERROR = 'OFFLINE_EXPORT_ERROR';\n\n// Posted by wallet host to request parent fallback to the offline route\nexport const OFFLINE_EXPORT_FALLBACK = 'OFFLINE_EXPORT_FALLBACK';\n\n// Reused wallet-iframe close notification\nexport const WALLET_UI_CLOSED = 'WALLET_UI_CLOSED';\n\n// Export UI: user explicitly cancelled TouchID/FaceID during key export\nexport const EXPORT_NEAR_KEYPAIR_CANCELLED = 'EXPORT_NEAR_KEYPAIR_CANCELLED';\n\nexport type OfflineExportDoneMsg = { type: typeof OFFLINE_EXPORT_DONE; nearAccountId: string };\nexport type OfflineExportErrorMsg = { type: typeof OFFLINE_EXPORT_ERROR; error: string };\nexport type WalletUiClosedMsg = { type: typeof WALLET_UI_CLOSED };\n\n// No inbound handshake is required in the new-tab flow\nexport type OfflineExportInboundMsg = never;\nexport type OfflineExportOutboundMsg =\n | OfflineExportDoneMsg\n | OfflineExportErrorMsg\n | WalletUiClosedMsg;\n","// Centralized build configuration\n// This file defines all paths used across the build system\n\nexport const BUILD_PATHS = {\n // Build output directories\n BUILD: {\n ROOT: 'dist',\n WORKERS: 'dist/workers',\n ESM: 'dist/esm',\n CJS: 'dist/cjs',\n TYPES: 'dist/types'\n },\n\n // Source directories\n SOURCE: {\n ROOT: 'src',\n CORE: 'src/core',\n WASM_SIGNER: 'src/wasm_signer_worker',\n WASM_VRF: 'src/wasm_vrf_worker',\n CRITICAL_DIRS: [\n 'src/core',\n 'src/wasm_signer_worker',\n 'src/wasm_vrf_worker'\n ]\n },\n\n // Frontend deployment paths\n FRONTEND: {\n ROOT: '../examples/vite/public',\n SDK: '../examples/vite/public/sdk',\n WORKERS: '../examples/vite/public/sdk/workers'\n },\n\n // Runtime paths (used by workers and tests)\n RUNTIME: {\n SDK_BASE: '/sdk',\n WORKERS_BASE: '/sdk/workers',\n VRF_WORKER: '/sdk/workers/web3authn-vrf.worker.js',\n SIGNER_WORKER: '/sdk/workers/web3authn-signer.worker.js'\n },\n\n // Worker file names\n WORKERS: {\n VRF: 'web3authn-vrf.worker.js',\n SIGNER: 'web3authn-signer.worker.js',\n OFFLINE_SW: 'offline-export-sw.js',\n WASM_VRF_JS: 'wasm_vrf_worker.js',\n WASM_VRF_WASM: 'wasm_vrf_worker_bg.wasm',\n WASM_SIGNER_JS: 'wasm_signer_worker.js',\n WASM_SIGNER_WASM: 'wasm_signer_worker_bg.wasm'\n },\n\n // Test worker file paths (for test files)\n TEST_WORKERS: {\n VRF: '/sdk/workers/web3authn-vrf.worker.js',\n SIGNER: '/sdk/workers/web3authn-signer.worker.js',\n WASM_VRF_JS: '/sdk/workers/wasm_vrf_worker.js',\n WASM_VRF_WASM: '/sdk/workers/wasm_vrf_worker_bg.wasm',\n WASM_SIGNER_JS: '/sdk/workers/wasm_signer_worker.js',\n WASM_SIGNER_WASM: '/sdk/workers/wasm_signer_worker_bg.wasm'\n }\n} as const;\n\n// Helper functions\nexport const getWorkerPath = (workerName: string): string => `${BUILD_PATHS.BUILD.WORKERS}/${workerName}`;\nexport const getRuntimeWorkerPath = (workerName: string): string => `${BUILD_PATHS.RUNTIME.WORKERS_BASE}/${workerName}`;\nexport const getFrontendWorkerPath = (workerName: string): string => `${BUILD_PATHS.FRONTEND.WORKERS}/${workerName}`;\n\n// Default export for easier importing\nexport default BUILD_PATHS;\n","import { BUILD_PATHS } from '../build-paths.js';\n\n// === CONFIGURATION ===\nexport const SIGNER_WORKER_MANAGER_CONFIG = {\n TIMEOUTS: {\n DEFAULT: 60_000, // 60s default fallback for worker operations\n TRANSACTION: 60_000, // 60s for contract verification + signing\n REGISTRATION: 60_000, // 60s for registration operations\n },\n WORKER: {\n URL: BUILD_PATHS.RUNTIME.SIGNER_WORKER,\n TYPE: 'module' as const,\n NAME: 'Web3AuthnSignerWorker',\n },\n RETRY: {\n MAX_ATTEMPTS: 3,\n BACKOFF_MS: 1000,\n }\n} as const;\n\n// === DEVICE LINKING CONFIGURATION ===\nexport const DEVICE_LINKING_CONFIG = {\n TIMEOUTS: {\n QR_CODE_MAX_AGE_MS: 15 * 60 * 1000, // 15 minutes - QR code expiration\n SESSION_EXPIRATION_MS: 15 * 60 * 1000, // 15 minutes - Device linking session timeout\n TEMP_KEY_CLEANUP_MS: 15 * 60 * 1000, // 15 minutes - Automatic cleanup of temporary keys\n POLLING_INTERVAL_MS: 3000, // 3 seconds - AddKey polling interval\n REGISTRATION_RETRY_DELAY_MS: 2000, // 2 seconds - Delay between registration retries\n },\n RETRY: {\n MAX_REGISTRATION_ATTEMPTS: 5, // Maximum registration retry attempts\n }\n} as const;\n","/**\n * Resolve the base origin for worker scripts.\n * Priority:\n * 1) window.__W3A_WALLET_SDK_BASE__ (absolute `${walletOrigin}${sdkBasePath}/`) → take its origin\n * 2) window.location.origin (host/app origin)\n *\n * @returns The origin (protocol + host [+ port]) used to resolve worker script URLs.\n * Prefers the wallet SDK base origin; falls back to the current window origin.\n */\nexport function resolveWorkerBaseOrigin(): string {\n let origin = ''\n if (typeof window !== 'undefined' && window.location?.origin) {\n origin = window.location.origin\n }\n try {\n const embeddedBase = (window as any)?.__W3A_WALLET_SDK_BASE__ as string | undefined\n if (embeddedBase) {\n origin = new URL(embeddedBase, origin || 'https://invalid.local').origin\n }\n } catch {}\n return origin\n}\n\n/**\n * Build an absolute worker script URL from a path or absolute URL.\n * If `input` is a path (e.g., `/sdk/workers/foo.js`), it will be resolved\n * against the wallet origin (from `__W3A_WALLET_SDK_BASE__`) when available,\n * otherwise against the host origin.\n *\n * @param input - Absolute URL or path (e.g., `/sdk/workers/web3authn-signer.worker.js`).\n * @returns Absolute URL to the worker script, resolved against the wallet origin when available,\n * otherwise against the current window origin.\n */\nexport function resolveWorkerScriptUrl(input: string): string {\n return resolveWorkerUrl(input, { worker: detectWorkerFromPath(input) })\n}\n\nexport function resolveWorkerUrl(\n input: string | undefined,\n opts: { worker: 'signer' | 'vrf'; baseOrigin?: string }\n): string {\n const worker = opts.worker\n const baseOrigin = opts.baseOrigin || resolveWorkerBaseOrigin() || (typeof window !== 'undefined' ? window.location.origin : '') || 'https://invalid.local'\n try {\n // Prefer explicit per-worker URL override\n const ovAny = (typeof window !== 'undefined' ? (window as any) : {}) as any\n const override = worker === 'signer' ? ovAny.__W3A_SIGNER_WORKER_URL__ : ovAny.__W3A_VRF_WORKER_URL__\n const candidate = (typeof override === 'string' && override) ? override : (input || defaultWorkerPath(worker))\n if (/^https?:\\/\\//i.test(candidate)) {\n return new URL(candidate).toString()\n }\n return new URL(candidate, baseOrigin).toString()\n } catch {\n try { return new URL(input || defaultWorkerPath(worker), baseOrigin).toString() } catch {}\n return input || defaultWorkerPath(worker)\n }\n}\n\nfunction detectWorkerFromPath(p: string): 'signer' | 'vrf' {\n return /web3authn-signer\\.worker\\.js(?:$|\\?)/.test(p) ? 'signer' : 'vrf'\n}\n\nfunction defaultWorkerPath(worker: 'signer' | 'vrf'): string {\n return worker === 'signer' ? '/sdk/workers/web3authn-signer.worker.js' : '/sdk/workers/web3authn-vrf.worker.js'\n}\n","/**\n * Control messages exchanged between worker shims and the main thread.\n *\n * These messages are JS-only and do NOT go through the Rust WASM JSON request/response pipeline.\n * They are used for:\n * - MessagePort attachment handshakes (WrapKeySeed delivery)\n * - Readiness signals (worker pool health checks)\n */\nexport const WorkerControlMessage = {\n ATTACH_WRAP_KEY_SEED_PORT: 'ATTACH_WRAP_KEY_SEED_PORT',\n ATTACH_WRAP_KEY_SEED_PORT_OK: 'ATTACH_WRAP_KEY_SEED_PORT_OK',\n ATTACH_WRAP_KEY_SEED_PORT_ERROR: 'ATTACH_WRAP_KEY_SEED_PORT_ERROR',\n WORKER_READY: 'WORKER_READY',\n} as const;\n\nexport type WorkerControlMessageType =\n (typeof WorkerControlMessage)[keyof typeof WorkerControlMessage];\n","/**\n * Session Message Handling for Signer Worker\n *\n * This module provides helpers for waiting on session lifecycle messages from the signer worker.\n * Session messages are JS-only messages that never go through the Rust JSON pipeline\n * and are used for worker lifecycle management and session setup.\n */\n\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\n// === SESSION MESSAGE TYPES ===\n\n/**\n * Control message sent by the signer worker after successfully attaching\n * a WrapKeySeed MessagePort for a signing session.\n */\nexport interface AttachWrapKeySeedPortOkMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK;\n sessionId: string;\n}\n\n/**\n * Control message sent by the signer worker when attaching a WrapKeySeed\n * MessagePort fails.\n */\nexport interface AttachWrapKeySeedPortErrorMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR;\n sessionId: string;\n error: string;\n}\n\n/**\n * Control message sent by the signer worker when it's ready to receive messages.\n */\nexport interface WorkerReadyMessage {\n type: typeof WorkerControlMessage.WORKER_READY;\n ready: boolean;\n}\n\n/**\n * All control messages that can be sent by the signer worker.\n */\nexport type SignerWorkerControlMessage =\n | AttachWrapKeySeedPortOkMessage\n | AttachWrapKeySeedPortErrorMessage\n | WorkerReadyMessage;\n\n/**\n * Type guard to check if a message is a control message.\n */\nexport function isSignerWorkerControlMessage(msg: unknown): msg is SignerWorkerControlMessage {\n if (!isObject(msg) || typeof (msg as any).type !== 'string') {\n return false;\n }\n const type = (msg as any).type;\n return type === WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK\n || type === WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR\n || type === WorkerControlMessage.WORKER_READY;\n}\n\nfunction isObject(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null;\n}\n\n// === SESSION MESSAGE HELPERS ===\n\n/**\n * Generic helper for waiting on session messages from a worker.\n * Registers a listener, sends no message (caller handles that), and waits for a matching response.\n *\n * @param worker - The worker to listen to\n * @param options - Configuration for what to wait for\n * @returns Promise that resolves when the expected message arrives, rejects on timeout or error\n */\nexport function waitForSessionMessage(\n worker: Worker,\n options: {\n /** Message type(s) to wait for (success) */\n successType: string | string[];\n /** Optional error type to reject on */\n errorType?: string;\n /** Session ID to match (if applicable) */\n sessionId?: string;\n /** Timeout in milliseconds */\n timeoutMs?: number;\n /** Custom message validator - return true to resolve, false to ignore, throw to reject */\n validator?: (msg: any) => boolean;\n }\n): Promise<void> {\n const {\n successType,\n errorType,\n sessionId,\n timeoutMs = 2000,\n validator,\n } = options;\n\n const successTypes = Array.isArray(successType) ? successType : [successType];\n\n return new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error(\n `Timeout waiting for session message (${successTypes.join('|')})${sessionId ? ` for session ${sessionId}` : ''}`\n ));\n }, timeoutMs);\n\n const messageHandler = (event: MessageEvent) => {\n const msg = event.data;\n\n // Skip if message doesn't have a type\n if (!msg || typeof msg.type !== 'string') {\n return;\n }\n\n // Check if sessionId matches (if specified)\n if (sessionId && msg.sessionId !== sessionId) {\n return;\n }\n\n // Check for error type\n if (errorType && msg.type === errorType) {\n cleanup();\n const error = msg.error || 'Unknown error';\n reject(new Error(`Session message error: ${error}`));\n return;\n }\n\n // Check for success type\n if (successTypes.includes(msg.type)) {\n // Run custom validator if provided\n if (validator) {\n try {\n const shouldResolve = validator(msg);\n if (!shouldResolve) {\n return; // Validator said to ignore this message\n }\n } catch (err) {\n cleanup();\n reject(err);\n return;\n }\n }\n\n cleanup();\n resolve();\n }\n };\n\n const cleanup = () => {\n clearTimeout(timeout);\n worker.removeEventListener('message', messageHandler);\n };\n\n worker.addEventListener('message', messageHandler);\n });\n}\n\n/**\n * Wait for the worker to acknowledge successful attachment of the WrapKeySeed port.\n * This provides early detection of attach failures instead of only seeing late WASM errors.\n *\n * @param worker - The worker that should send the ACK\n * @param sessionId - The session ID to match\n * @param timeoutMs - How long to wait before rejecting (default: 2000ms)\n * @returns Promise that resolves on success ACK, rejects on error or timeout\n */\nexport function waitForWrapKeyPortAttach(\n worker: Worker,\n sessionId: string,\n timeoutMs: number = 2000\n): Promise<void> {\n return waitForSessionMessage(worker, {\n successType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK,\n errorType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR,\n sessionId,\n timeoutMs,\n });\n}\n","/**\n * Consolidated NEAR Contract Calls\n *\n * This file contains all the NEAR contract calls made to the web3authn contract\n * throughout the passkey SDK. It provides a centralized location for all\n * contract interactions and makes it easier to maintain and update contract\n * call patterns.\n */\n\nimport type { FinalExecutionOutcome } from '@near-js/types';\nimport type { NearClient, SignedTransaction } from './NearClient';\nimport type { ContractStoredAuthenticator } from './TatchiPasskey/recoverAccount';\nimport type { PasskeyManagerContext } from './TatchiPasskey';\nimport type { AccountId } from './types/accountIds';\nimport type { DeviceLinkingSSEEvent } from './types/sdkSentEvents';\nimport type {\n StoredAuthenticator,\n WebAuthnRegistrationCredential,\n WebAuthnAuthenticationCredential\n} from './types/webauthn';\n\nimport { ActionPhase, DeviceLinkingPhase, DeviceLinkingStatus } from './types/sdkSentEvents';\nimport { ActionType, type ActionArgs } from './types/actions';\nimport { VRFChallenge } from './types/vrf-worker';\nimport { DEFAULT_WAIT_STATUS, TransactionContext } from './types/rpc';\nimport type { AuthenticatorOptions } from './types/authenticatorOptions';\nimport type { ConfirmationConfig } from './types/signer-worker';\nimport { base64UrlDecode, base64UrlEncode } from '../utils/encoders';\nimport { errorMessage } from '../utils/errors';\nimport type { EmailRecoveryContracts } from './types/tatchi';\nimport { DEFAULT_EMAIL_RECOVERY_CONTRACTS } from './defaultConfigs';\n\n// ===========================\n// CONTRACT CALL RESPONSES\n// ===========================\n\nexport interface DeviceLinkingResult {\n linkedAccountId: string;\n deviceNumber: number;\n}\n\nexport interface CredentialIdsResult {\n credentialIds: string[];\n}\n\nexport interface AuthenticatorsResult {\n authenticators: Array<[string, ContractStoredAuthenticator]>;\n}\n\n// ===========================\n// DEVICE LINKING CONTRACT CALLS\n// ===========================\n\n/**\n * Query the contract to get the account linked to a device public key\n * Used in device linking flow to check if a device key has been added\n *\n * NEAR does not provide a way to lookup the AccountID an access key has access to.\n * So we store a temporary mapping in the contract to lookup pubkey -> account ID.\n */\nexport async function getDeviceLinkingAccountContractCall(\n nearClient: NearClient,\n contractId: string,\n devicePublicKey: string\n): Promise<DeviceLinkingResult | null> {\n try {\n const result = await nearClient.callFunction<\n { device_public_key: string },\n [string, number | string]\n >(\n contractId,\n 'get_device_linking_account',\n { device_public_key: devicePublicKey }\n );\n\n // Handle different result formats\n if (result && Array.isArray(result) && result.length >= 2) {\n const [linkedAccountId, deviceNumberRaw] = result;\n const deviceNumber = Number(deviceNumberRaw);\n if (!Number.isSafeInteger(deviceNumber) || deviceNumber < 0) {\n console.warn(\n 'Invalid deviceNumber returned from get_device_linking_account:',\n deviceNumberRaw\n );\n return null;\n }\n return {\n linkedAccountId,\n deviceNumber\n };\n }\n\n return null;\n } catch (error: any) {\n console.warn('Failed to get device linking account:', error.message);\n return null;\n }\n}\n\n// ===========================\n// DEVICE LINKING TRANSACTION CALLS\n// ===========================\n\n/**\n * Execute device1's linking transactions (AddKey + Contract mapping)\n * This function signs and broadcasts both transactions required for device linking\n */\nexport async function executeDeviceLinkingContractCalls({\n context,\n device1AccountId,\n device2PublicKey,\n nextNonce,\n nextNextNonce,\n nextNextNextNonce,\n txBlockHash,\n vrfChallenge,\n onEvent,\n confirmationConfigOverride,\n confirmerText,\n}: {\n context: PasskeyManagerContext,\n device1AccountId: AccountId,\n device2PublicKey: string,\n nextNonce: string,\n nextNextNonce: string,\n nextNextNextNonce: string,\n txBlockHash: string,\n vrfChallenge: VRFChallenge,\n onEvent?: (event: DeviceLinkingSSEEvent) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n confirmerText?: { title?: string; body?: string };\n}): Promise<{\n addKeyTxResult: FinalExecutionOutcome;\n storeDeviceLinkingTxResult: FinalExecutionOutcome;\n signedDeleteKeyTransaction: SignedTransaction\n}> {\n\n // Sign three transactions with one PRF authentication\n const signedTransactions = await context.webAuthnManager.signTransactionsWithActions({\n rpcCall: {\n contractId: context.webAuthnManager.tatchiPasskeyConfigs.contractId,\n nearRpcUrl: context.webAuthnManager.tatchiPasskeyConfigs.nearRpcUrl,\n nearAccountId: device1AccountId\n },\n confirmationConfigOverride,\n title: confirmerText?.title,\n body: confirmerText?.body,\n transactions: [\n // Transaction 1: AddKey - Add Device2's key to Device1's account\n {\n receiverId: device1AccountId,\n actions: [{\n action_type: ActionType.AddKey,\n public_key: device2PublicKey,\n access_key: JSON.stringify({\n // NEAR-style AccessKey JSON shape, matching near-api-js:\n // { nonce: number, permission: { FullAccess: {} } }\n nonce: 0,\n permission: { FullAccess: {} },\n }),\n }],\n nonce: nextNonce,\n },\n // Transaction 2: Store temporary mapping in contract so Device2 can lookup Device1's accountID.\n {\n receiverId: context.webAuthnManager.tatchiPasskeyConfigs.contractId,\n actions: [{\n action_type: ActionType.FunctionCall,\n method_name: 'store_device_linking_mapping',\n args: JSON.stringify({\n device_public_key: device2PublicKey,\n target_account_id: device1AccountId,\n }),\n gas: '30000000000000', // 30 TGas for device linking with yield promise automatic cleanup\n deposit: '0'\n }],\n nonce: nextNextNonce,\n },\n // Transaction 3: Remove Device2's temporary key if it fails to complete linking after a timeout\n {\n receiverId: device1AccountId,\n actions: [{\n action_type: ActionType.DeleteKey,\n public_key: device2PublicKey\n }],\n nonce: nextNextNextNonce,\n }\n ],\n onEvent: (progress) => {\n // Bridge all action progress events to the parent so the wallet iframe overlay\n // can expand during user confirmation in wallet-iframe mode.\n try { onEvent?.(progress as any); } catch { }\n // Keep existing mapping for device linking semantics; surface signing as a loading state\n if (progress.phase == ActionPhase.STEP_6_TRANSACTION_SIGNING_COMPLETE) {\n onEvent?.({\n step: 3,\n phase: DeviceLinkingPhase.STEP_3_AUTHORIZATION,\n status: DeviceLinkingStatus.PROGRESS,\n message: progress.message || 'Transaction signing in progress...'\n })\n }\n }\n });\n\n if (!signedTransactions[0].signedTransaction) {\n throw new Error('AddKey transaction signing failed');\n }\n if (!signedTransactions[1].signedTransaction) {\n throw new Error('Contract mapping transaction signing failed');\n }\n if (!signedTransactions[2].signedTransaction) {\n throw new Error('DeleteKey transaction signing failed');\n }\n\n // Broadcast just the first 2 transactions: addKey and store device linking mapping\n let addKeyTxResult: FinalExecutionOutcome;\n let storeDeviceLinkingTxResult: FinalExecutionOutcome;\n try {\n console.debug('LinkDeviceFlow: AddKey transaction details:', {\n receiverId: signedTransactions[0].signedTransaction.transaction.receiverId,\n actions: signedTransactions[0].signedTransaction.transaction.actions || [],\n transactionKeys: Object.keys(signedTransactions[0].signedTransaction.transaction),\n });\n\n addKeyTxResult = await context.nearClient.sendTransaction(\n signedTransactions[0].signedTransaction,\n DEFAULT_WAIT_STATUS.linkDeviceAddKey\n );\n console.log('LinkDeviceFlow: AddKey transaction result:', addKeyTxResult?.transaction?.hash);\n\n // Send success events immediately after AddKey succeeds\n onEvent?.({\n step: 3,\n phase: DeviceLinkingPhase.STEP_3_AUTHORIZATION,\n status: DeviceLinkingStatus.SUCCESS,\n message: `AddKey transaction completed successfully!`\n });\n\n // Check if contract mapping transaction is valid before attempting to broadcast\n const contractTx = signedTransactions[1].signedTransaction;\n console.log('LinkDeviceFlow: Contract mapping transaction details:', {\n receiverId: contractTx.transaction.receiverId,\n actions: (contractTx.transaction.actions || []).length\n });\n\n // Standard timeout since nonce conflict should be resolved by the 2s delay\n storeDeviceLinkingTxResult = await context.nearClient.sendTransaction(\n contractTx,\n DEFAULT_WAIT_STATUS.linkDeviceAccountMapping\n );\n\n } catch (txError: any) {\n console.error('LinkDeviceFlow: Transaction broadcasting failed:', txError);\n throw new Error(`Transaction broadcasting failed: ${txError.message}`);\n }\n\n onEvent?.({\n step: 6,\n phase: DeviceLinkingPhase.STEP_6_REGISTRATION,\n status: DeviceLinkingStatus.SUCCESS,\n message: `Device linking completed successfully!`\n });\n\n return {\n addKeyTxResult,\n storeDeviceLinkingTxResult,\n signedDeleteKeyTransaction: signedTransactions[2].signedTransaction\n };\n}\n\n// ===========================\n// ACCOUNT RECOVERY CONTRACT CALLS\n// ===========================\n\n/**\n * Get credential IDs associated with an account from the contract\n * Used in account recovery to discover available credentials\n */\nexport async function getCredentialIdsContractCall(\n nearClient: NearClient,\n contractId: string,\n accountId: AccountId\n): Promise<string[]> {\n try {\n const credentialIds = await nearClient.callFunction<{ account_id: AccountId }, string[]>(\n contractId,\n 'get_credential_ids_by_account',\n { account_id: accountId }\n );\n return credentialIds || [];\n } catch (error: any) {\n console.warn('Failed to fetch credential IDs from contract:', error.message);\n return [];\n }\n}\n\n/**\n * Get all authenticators stored for a user from the contract\n * Used in account recovery to sync authenticator data\n */\nexport async function getAuthenticatorsByUser(\n nearClient: NearClient,\n contractId: string,\n accountId: AccountId\n): Promise<[string, ContractStoredAuthenticator][]> {\n try {\n const authenticatorsResult = await nearClient.view<{ user_id: AccountId }, [string, ContractStoredAuthenticator][]>({\n account: contractId,\n method: 'get_authenticators_by_user',\n args: { user_id: accountId }\n });\n\n if (authenticatorsResult && Array.isArray(authenticatorsResult)) {\n return authenticatorsResult;\n }\n return [];\n } catch (error: any) {\n console.warn('Failed to fetch authenticators from contract:', error.message);\n return [];\n }\n}\n\nexport async function syncAuthenticatorsContractCall(\n nearClient: NearClient,\n contractId: string,\n accountId: AccountId\n): Promise<Array<{ credentialId: string, authenticator: StoredAuthenticator }>> {\n try {\n const authenticatorsResult = await getAuthenticatorsByUser(nearClient, contractId, accountId);\n if (authenticatorsResult && Array.isArray(authenticatorsResult)) {\n return authenticatorsResult.map(([credentialId, contractAuthenticator]) => {\n console.log(`Contract authenticator device_number for ${credentialId}:`, contractAuthenticator.device_number);\n\n const transports = Array.isArray(contractAuthenticator.transports)\n ? contractAuthenticator.transports\n : [];\n\n const registered = (() => {\n const raw = String((contractAuthenticator as any).registered ?? '');\n if (!raw) return new Date(0);\n if (/^\\d+$/.test(raw)) {\n const ts = Number(raw);\n return Number.isFinite(ts) ? new Date(ts) : new Date(0);\n }\n const d = new Date(raw);\n return Number.isFinite(d.getTime()) ? d : new Date(0);\n })();\n\n const vrfPublicKeys = (() => {\n const raw = (contractAuthenticator as any).vrf_public_keys;\n if (!raw) return undefined;\n if (Array.isArray(raw) && raw.length > 0 && typeof raw[0] === 'string') {\n return raw as string[];\n }\n if (Array.isArray(raw)) {\n return raw\n .map((entry: unknown) => {\n if (!entry) return null;\n if (entry instanceof Uint8Array) return base64UrlEncode(entry);\n if (Array.isArray(entry)) return base64UrlEncode(new Uint8Array(entry));\n return null;\n })\n .filter((x): x is string => typeof x === 'string' && x.length > 0);\n }\n return undefined;\n })();\n\n return {\n credentialId,\n authenticator: {\n credentialId,\n credentialPublicKey: new Uint8Array(contractAuthenticator.credential_public_key),\n transports,\n userId: accountId,\n name: `Device ${contractAuthenticator.device_number} Authenticator`,\n registered,\n // Store the actual device number from contract (no fallback)\n deviceNumber: contractAuthenticator.device_number,\n vrfPublicKeys\n }\n };\n });\n }\n return [];\n } catch (error: any) {\n console.warn('Failed to fetch authenticators from contract:', error.message);\n return [];\n }\n}\n\n// ===========================\n// RECOVERY EMAIL CONTRACT CALLS\n// ===========================\n\n/**\n * Fetch on-chain recovery email hashes from the per-account contract.\n * Returns [] when no contract is deployed or on failure.\n */\nexport async function getRecoveryEmailHashesContractCall(\n nearClient: NearClient,\n accountId: AccountId\n): Promise<number[][]> {\n try {\n const code = await nearClient.viewCode(accountId);\n const hasContract = !!code && code.byteLength > 0;\n if (!hasContract) return [];\n\n const hashes = await nearClient.view<Record<string, never>, number[][]>({\n account: accountId,\n method: 'get_recovery_emails',\n args: {} as Record<string, never>,\n });\n\n return Array.isArray(hashes) ? (hashes as number[][]) : [];\n } catch (error) {\n console.error('[rpcCalls] Failed to fetch recovery email hashes', error);\n return [];\n }\n}\n\n/**\n * Build action args to update on-chain recovery emails for an account.\n * If the per-account contract is missing, deploy/attach the global recoverer via `init_email_recovery`.\n */\nexport async function buildSetRecoveryEmailsActions(\n nearClient: NearClient,\n accountId: AccountId,\n recoveryEmailHashes: number[][],\n contracts: EmailRecoveryContracts = DEFAULT_EMAIL_RECOVERY_CONTRACTS\n): Promise<ActionArgs[]> {\n let hasContract = false;\n try {\n const code = await nearClient.viewCode(accountId);\n hasContract = !!code && code.byteLength > 0;\n } catch {\n hasContract = false;\n }\n\n const {\n emailRecovererGlobalContract,\n zkEmailVerifierContract,\n emailDkimVerifierContract,\n } = contracts;\n\n return hasContract\n ? [\n {\n type: ActionType.UseGlobalContract,\n accountId: emailRecovererGlobalContract,\n },\n {\n type: ActionType.FunctionCall,\n methodName: 'set_recovery_emails',\n args: {\n recovery_emails: recoveryEmailHashes,\n },\n gas: '80000000000000',\n deposit: '0',\n },\n ]\n : [\n {\n type: ActionType.UseGlobalContract,\n accountId: emailRecovererGlobalContract,\n },\n {\n type: ActionType.FunctionCall,\n methodName: 'init_email_recovery',\n args: {\n zk_email_verifier: zkEmailVerifierContract,\n email_dkim_verifier: emailDkimVerifierContract,\n policy: null,\n recovery_emails: recoveryEmailHashes,\n },\n gas: '80000000000000',\n deposit: '0',\n },\n ];\n}\n\nexport async function fetchNonceBlockHashAndHeight({ nearClient, nearPublicKeyStr, nearAccountId }: {\n nearClient: NearClient,\n nearPublicKeyStr: string,\n nearAccountId: AccountId\n}): Promise<TransactionContext> {\n // Get access key and transaction block info concurrently\n const [accessKeyInfo, txBlockInfo] = await Promise.all([\n nearClient.viewAccessKey(nearAccountId, nearPublicKeyStr)\n .catch(e => { throw new Error(`Failed to fetch Access Key`) }),\n nearClient.viewBlock({ finality: 'final' })\n .catch(e => { throw new Error(`Failed to fetch Block Info`) })\n ]);\n if (!accessKeyInfo || accessKeyInfo.nonce === undefined) {\n throw new Error(`Access key not found or invalid for account ${nearAccountId} with public key ${nearPublicKeyStr}. Response: ${JSON.stringify(accessKeyInfo)}`);\n }\n const nextNonce = (BigInt(accessKeyInfo.nonce) + BigInt(1)).toString();\n const txBlockHeight = String(txBlockInfo.header.height);\n const txBlockHash = txBlockInfo.header.hash; // Keep original base58 string\n\n return {\n nearPublicKeyStr,\n accessKeyInfo,\n nextNonce,\n txBlockHeight,\n txBlockHash,\n };\n}\n\n// ===========================\n// REGISTRATION PRE-CHECK CALL\n// ===========================\n\nexport interface CheckCanRegisterUserResult {\n success: boolean;\n verified: boolean;\n logs: string[];\n error?: string;\n}\n\n/**\n * View-only registration pre-check.\n *\n * Calls the contract's `check_can_register_user` view method with VRF data\n * derived from the provided VRF challenge and a serialized WebAuthn\n * registration credential (typically with PRF outputs embedded).\n */\nexport async function checkCanRegisterUserContractCall({\n nearClient,\n contractId,\n vrfChallenge,\n credential,\n authenticatorOptions,\n}: {\n nearClient: NearClient;\n contractId: string;\n vrfChallenge: VRFChallenge;\n credential: WebAuthnRegistrationCredential;\n authenticatorOptions?: AuthenticatorOptions;\n}): Promise<CheckCanRegisterUserResult> {\n try {\n const vrfData = {\n vrf_input_data: Array.from(base64UrlDecode(vrfChallenge.vrfInput)),\n vrf_output: Array.from(base64UrlDecode(vrfChallenge.vrfOutput)),\n vrf_proof: Array.from(base64UrlDecode(vrfChallenge.vrfProof)),\n public_key: Array.from(base64UrlDecode(vrfChallenge.vrfPublicKey)),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight),\n block_hash: Array.from(base64UrlDecode(vrfChallenge.blockHash)),\n };\n\n const args = {\n vrf_data: vrfData,\n webauthn_registration: credential,\n authenticator_options: authenticatorOptions,\n };\n\n const response = await nearClient.callFunction<typeof args, any>(\n contractId,\n 'check_can_register_user',\n args,\n );\n\n const verified = !!response?.verified;\n return {\n success: true,\n verified,\n logs: [],\n error: verified ? undefined : 'Contract registration check failed',\n };\n } catch (err: unknown) {\n return {\n success: false,\n verified: false,\n logs: [],\n error: errorMessage(err) || 'Failed to call check_can_register_user',\n };\n }\n}\n\n\n/**\n * Verify authentication response through relay server\n * Routes the request to relay server which calls the web3authn contract for verification\n * and issues a JWT or session credential\n */\nexport async function verifyAuthenticationResponse(\n relayServerUrl: string,\n routePath: string,\n sessionKind: 'jwt' | 'cookie',\n vrfChallenge: VRFChallenge,\n webauthnAuthentication: WebAuthnAuthenticationCredential\n): Promise<{\n success: boolean;\n verified?: boolean;\n jwt?: string;\n sessionCredential?: any;\n error?: string;\n contractResponse?: any;\n}> {\n try {\n // Map VRFChallenge into server ContractVrfData shape (number arrays)\n const toBytes = (b64u: string | undefined): number[] => {\n if (!b64u) return [];\n return Array.from(base64UrlDecode(b64u));\n };\n const vrf_data = {\n vrf_input_data: toBytes(vrfChallenge.vrfInput),\n vrf_output: toBytes(vrfChallenge.vrfOutput),\n vrf_proof: toBytes(vrfChallenge.vrfProof),\n public_key: toBytes(vrfChallenge.vrfPublicKey),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight || 0),\n block_hash: toBytes(vrfChallenge.blockHash),\n };\n\n // Normalize authenticatorAttachment and userHandle to null for server schema\n const webauthn_authentication = {\n ...webauthnAuthentication,\n authenticatorAttachment: webauthnAuthentication.authenticatorAttachment ?? null,\n response: {\n ...webauthnAuthentication.response,\n userHandle: webauthnAuthentication.response.userHandle ?? null,\n }\n };\n\n const url = `${relayServerUrl.replace(/\\/$/, '')}${routePath.startsWith('/') ? routePath : `/${routePath}`}`;\n const response = await fetch(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: sessionKind === 'cookie' ? 'include' : 'omit',\n body: JSON.stringify({\n sessionKind: sessionKind,\n vrf_data,\n webauthn_authentication,\n }),\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n return {\n success: false,\n error: `HTTP ${response.status}: ${errorText}`,\n };\n }\n\n const result = await response.json();\n return {\n success: true,\n verified: result.verified,\n jwt: result.jwt,\n sessionCredential: result.sessionCredential,\n contractResponse: result.contractResponse,\n };\n } catch (error: any) {\n return {\n success: false,\n error: error.message || 'Failed to verify authentication response',\n };\n }\n}\n","\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from \"../../../defaultConfigs\";\nimport type { CheckCanRegisterUserResult } from '../../../rpcCalls';\nimport { checkCanRegisterUserContractCall } from '../../../rpcCalls';\nimport { serializeRegistrationCredentialWithPRF, removePrfOutputGuard } from '../../credentialsHelpers';\nimport { VRFChallenge } from '../../../types/vrf-worker';\nimport type { onProgressEvents } from '../../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { errorMessage } from '@/utils/errors';\nimport { isObject, isString } from '../../../WalletIframe/validation';\n\n\nexport async function checkCanRegisterUser({\n ctx,\n vrfChallenge,\n credential,\n contractId,\n nearRpcUrl,\n authenticatorOptions,\n onEvent,\n}: {\n ctx: SignerWorkerManagerContext,\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n}): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: {\n credentialId: Uint8Array;\n credentialPublicKey: Uint8Array;\n userId: string;\n vrfPublicKey: Uint8Array | undefined;\n };\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n}> {\n try {\n // Accept either a real PublicKeyCredential or an already-serialized credential\n const isSerialized = (cred: unknown): cred is WebAuthnRegistrationCredential => {\n if (!isObject(cred)) return false;\n const resp = (cred as { response?: unknown }).response;\n if (!isObject(resp)) return false;\n return isString((resp as { clientDataJSON?: unknown }).clientDataJSON)\n && isString((resp as { attestationObject?: unknown }).attestationObject);\n };\n\n const serializedCredential: WebAuthnRegistrationCredential = isSerialized(credential)\n ? credential\n : serializeRegistrationCredentialWithPRF({ credential: credential });\n\n // Ensure required fields are present; avoid undefined which gets dropped by JSON.stringify in the worker\n const resolvedContractId = contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: 'PROGRESS' as any,\n message: 'Calling check_can_register_user on contract...',\n });\n\n // PRF outputs must never be sent over the network. Strip them before\n // calling the contract while preserving the rest of the credential shape.\n const strippedCredential = removePrfOutputGuard<WebAuthnRegistrationCredential>(serializedCredential);\n\n const result: CheckCanRegisterUserResult = await checkCanRegisterUserContractCall({\n nearClient: ctx.nearClient,\n contractId: resolvedContractId,\n vrfChallenge,\n credential: strippedCredential,\n authenticatorOptions,\n });\n\n if (!result.success) {\n throw new Error(result.error || 'Registration pre-check RPC failed');\n }\n\n const wasmResult = {\n verified: result.verified,\n registrationInfo: undefined,\n logs: result.logs,\n error: result.error,\n };\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: result.verified ? 'SUCCESS' as any : 'ERROR' as any,\n message: result.verified ? 'Registration pre-check succeeded' : (result.error || 'Registration pre-check failed'),\n });\n\n return {\n success: true,\n verified: wasmResult.verified,\n registrationInfo: wasmResult.registrationInfo,\n logs: wasmResult.logs,\n error: wasmResult.error,\n };\n\n } catch (error: unknown) {\n // Preserve the detailed error message instead of converting to generic error\n console.error('checkCanRegisterUser failed:', error);\n return {\n success: false,\n verified: false,\n error: errorMessage(error) || 'Unknown error occurred',\n logs: [],\n };\n }\n}\n","import * as wasmModule from '../../wasm_signer_worker/pkg/wasm_signer_worker.js';\n\n/**\n * User verification policy for WebAuthn authenticators\n *\n * @example\n * ```typescript\n * // Require user verification (PIN, fingerprint, etc.)\n * UserVerificationPolicy.Required\n *\n * // Prefer user verification but don't require it\n * UserVerificationPolicy.Preferred\n *\n * // Discourage user verification (for performance)\n * UserVerificationPolicy.Discouraged\n * ```\n */\nexport enum UserVerificationPolicy {\n Required = 'required',\n Preferred = 'preferred',\n Discouraged = 'discouraged'\n}\n\n/**\n * Origin policy input for WebAuthn registration (matches WASM OriginPolicyInput struct)\n * Note: choose only one of the fields: single, all_subdomains, multiple\n */\nexport interface OriginPolicyInput {\n single: boolean | undefined;\n all_subdomains: boolean | undefined;\n multiple: string[] | undefined;\n}\n\nexport const toEnumUserVerificationPolicy = (userVerification: UserVerificationPolicy | undefined): wasmModule.UserVerificationPolicy => {\n switch (userVerification) {\n case UserVerificationPolicy.Required:\n return wasmModule.UserVerificationPolicy.Required;\n case UserVerificationPolicy.Preferred:\n return wasmModule.UserVerificationPolicy.Preferred;\n case UserVerificationPolicy.Discouraged:\n return wasmModule.UserVerificationPolicy.Discouraged;\n default:\n return wasmModule.UserVerificationPolicy.Preferred;\n }\n};\n\nexport interface AuthenticatorOptions {\n userVerification: UserVerificationPolicy;\n originPolicy: OriginPolicyInput;\n}\n\n/**\n * Default authenticator options (matches contract defaults)\n */\nexport const DEFAULT_AUTHENTICATOR_OPTIONS: AuthenticatorOptions = {\n userVerification: UserVerificationPolicy.Preferred,\n originPolicy: {\n single: undefined,\n all_subdomains: true,\n multiple: undefined\n }\n};\n","\nexport function withSessionId<T>(\n sessionId: string,\n payload: T,\n): T & { sessionId: string } {\n\n if (!sessionId) {\n throw new Error('withSessionId: sessionId is required');\n }\n\n const existing = (payload as any)?.sessionId as string | undefined;\n if (existing && existing !== sessionId) {\n throw new Error(\n `withSessionId: payload.sessionId (${existing}) does not match provided sessionId (${sessionId})`,\n );\n }\n\n return { ...payload, sessionId };\n}\n","\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport {\n WorkerRequestType,\n isDeriveNearKeypairAndEncryptSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport { toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\nimport { withSessionId } from './session';\n\n/**\n * Derive NEAR keypair and encrypt it from a serialized WebAuthn registration credential\n * (shape compatible with SerializedRegistrationCredential from WASM) by extracting PRF outputs from it.\n */\nexport async function deriveNearKeypairAndEncryptFromSerialized({\n ctx,\n credential,\n nearAccountId,\n options,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId,\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n}): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n error?: string;\n}> {\n try {\n // PRF outputs are now extracted by VRF worker and delivered to signer worker via MessagePort\n // No need to extract or send them through main thread\n if (!sessionId) throw new Error('Missing sessionId for registration WrapKeySeed delivery');\n\n const response = await ctx.sendMessage<WorkerRequestType.DeriveNearKeypairAndEncrypt>({\n sessionId,\n message: {\n type: WorkerRequestType.DeriveNearKeypairAndEncrypt,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n credential,\n authenticatorOptions: options?.authenticatorOptions ? {\n userVerification: toEnumUserVerificationPolicy(options.authenticatorOptions.userVerification),\n originPolicy: options.authenticatorOptions.originPolicy,\n } : undefined,\n })\n },\n });\n\n if (!isDeriveNearKeypairAndEncryptSuccess(response)) {\n throw new Error('Dual PRF registration (from serialized) failed');\n }\n\n const wasmResult = response.payload;\n const version = (wasmResult as any).version ?? 2;\n const wrapKeySaltPersisted = wasmResult.wrapKeySalt;\n // Prefer explicitly provided deviceNumber, else derive from IndexedDB state\n const deviceNumber = (typeof options?.deviceNumber === 'number')\n ? options!.deviceNumber!\n : await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in deriveNearKeypairAndEncrypt result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId: nearAccountId,\n deviceNumber,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n version,\n timestamp: Date.now()\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n return {\n success: true,\n nearAccountId: toAccountId(wasmResult.nearAccountId),\n publicKey: wasmResult.publicKey,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: deriveNearKeypairAndEncryptFromSerialized error:', error);\n const message = String((error as { message?: unknown })?.message || error || '');\n return {\n success: false,\n nearAccountId,\n publicKey: '',\n error: message\n };\n }\n}\n","\nimport { ClientAuthenticatorData } from '../../../IndexedDBManager';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\n\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { withSessionId } from './session';\n\nexport async function decryptPrivateKeyWithPrf({\n ctx,\n nearAccountId,\n authenticators,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n}): Promise<{ decryptedPrivateKey: string; nearAccountId: AccountId }> {\n try {\n console.info('WebAuthnManager: Starting private key decryption with dual PRF (local operation)');\n // Retrieve encrypted key data from IndexedDB in main thread\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n })\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Dual PRF private key decryption failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError || 'Private key decryption failed');\n }\n return {\n decryptedPrivateKey: response.payload.privateKey,\n nearAccountId: toAccountId(response.payload.nearAccountId)\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: Dual PRF private key decryption error:', error);\n throw error;\n }\n}\n","/**\n * Session Handshake Orchestration for Signer Worker\n *\n * This module provides high-level functions for setting up and validating\n * signing sessions with the signer worker. It orchestrates the complete\n * handshake flow for port attachment so the VRF worker can deliver WrapKeySeed\n * to the signer worker over a session MessagePort.\n */\n\nimport { waitForWrapKeyPortAttach } from './sessionMessages.js';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '../txDigest';\nimport type { NearClient } from '../../NearClient';\nimport type { NonceManager } from '../../nonceManager';\nimport type { TransactionContext } from '../../types/rpc';\nimport type { TransactionInputWasm } from '../../types/actions';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\ntype VrfSessionKeyDispenser = {\n dispenseSessionKey: (args: { sessionId: string; uses?: number }) => Promise<unknown>;\n};\n\n/**\n * Attach a WrapKeySeed MessagePort to the signer worker and wait for acknowledgment.\n * This ensures the port is successfully attached before proceeding.\n *\n * Flow:\n * 1. Register ACK listener (avoids race where worker responds before we listen)\n * 2. Send ATTACH_WRAP_KEY_SEED_PORT message with port transfer\n * 3. Wait for ATTACH_WRAP_KEY_SEED_PORT_OK acknowledgment\n *\n * @param worker - The signer worker to attach the port to\n * @param sessionId - The signing session ID\n * @param signerPort - The MessagePort for receiving WrapKeySeed material\n * @param timeoutMs - How long to wait for ACK (default: 2000ms)\n * @throws Error if attachment fails or times out\n */\nexport async function attachSessionPort(\n worker: Worker,\n sessionId: string,\n signerPort: MessagePort,\n timeoutMs: number = 2000\n): Promise<void> {\n // Register the ACK listener BEFORE sending the message to avoid race condition\n const waitPromise = waitForWrapKeyPortAttach(worker, sessionId, timeoutMs);\n\n // Send the attach command (transfer the port)\n worker.postMessage(\n { type: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT, sessionId },\n [signerPort]\n );\n\n // Wait for the worker to acknowledge successful attachment\n await waitPromise;\n}\n\nexport const generateSessionId = (): string => {\n return (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `sign-session-${Date.now()}-${Math.random().toString(16).slice(2)}`\n}\n\nexport function isWarmSessionUnavailableError(err: unknown): boolean {\n const msg = err instanceof Error ? err.message : String(err);\n return (\n msg.includes('SESSION_NOT_FOUND') ||\n msg.includes('SESSION_EXPIRED') ||\n msg.includes('SESSION_EXHAUSTED')\n );\n}\n\nfunction releaseNoncesBestEffort(nonceManager: NonceManager, nonces: string[]): void {\n for (const n of nonces) {\n try { nonceManager.releaseNonce(n); } catch {}\n }\n}\n\n/**\n * Warm signing helper for transaction-like operations.\n *\n * - Computes canonical `intentDigest` for UI/signer validation\n * - Reserves nonces for `txCount` to avoid collisions\n * - Attempts VRF session key dispense (WrapKeySeed + wrapKeySalt) without prompting\n *\n * Returns null when the VRF session is missing/expired/exhausted so callers can\n * fall back to full confirmTxFlow.\n */\nexport async function tryPrepareWarmSigningContext(args: {\n nearClient: NearClient;\n nonceManager: NonceManager;\n txInputsForDigest: TransactionInputWasm[];\n sessionId: string;\n vrfWorkerManager: VrfSessionKeyDispenser;\n nonceCount?: number;\n uses?: number;\n}): Promise<{ intentDigest: string; transactionContext: TransactionContext } | null> {\n const baseCtx = await args.nonceManager.getNonceBlockHashAndHeight(args.nearClient);\n const txCount = Math.max(1, args.nonceCount ?? args.txInputsForDigest.length ?? 1);\n const reservedNonces = args.nonceManager.reserveNonces(txCount);\n\n let keepReservations = false;\n try {\n const transactionContext: TransactionContext = {\n ...baseCtx,\n nextNonce: reservedNonces[0] ?? baseCtx.nextNonce,\n };\n\n const intentDigest = await computeUiIntentDigestFromTxs(\n args.txInputsForDigest.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const uses = Math.max(1, args.uses ?? txCount);\n try {\n await args.vrfWorkerManager.dispenseSessionKey({ sessionId: args.sessionId, uses });\n } catch (err) {\n if (isWarmSessionUnavailableError(err)) {\n return null;\n }\n throw err;\n }\n\n keepReservations = true;\n return { intentDigest, transactionContext };\n } finally {\n if (!keepReservations) {\n releaseNoncesBestEffort(args.nonceManager, reservedNonces);\n }\n }\n}\n","\nimport { SignedTransaction } from '../../../NearClient';\nimport { TransactionInputWasm, validateActionArgsWasm } from '../../../types/actions';\nimport { type onProgressEvents } from '../../../types/sdkSentEvents';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport {\n WorkerRequestType,\n TransactionPayload,\n isSignTransactionsWithActionsSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId } from \"../../../types/accountIds\";\nimport { SignerWorkerManagerContext } from '..';\nimport { RpcCallPayload } from '../../../types/signer-worker';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../defaultConfigs';\nimport { toAccountId } from '../../../types/accountIds';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { generateSessionId } from '../sessionHandshake.js';\n\n/**\n * Sign multiple transactions with shared VRF challenge and credential\n * Efficiently processes multiple transactions with one PRF authentication\n */\nexport async function signTransactionsWithActions({\n ctx,\n transactions,\n rpcCall,\n onEvent,\n confirmationConfigOverride,\n title,\n body,\n sessionId: providedSessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n // Allow callers to pass a partial override (e.g., { uiMode: 'drawer' })\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId?: string;\n}): Promise<Array<{\n signedTransaction: SignedTransaction;\n nearAccountId: AccountId;\n logs?: string[]\n}>> {\n try {\n if (transactions.length === 0) {\n throw new Error('No transactions provided for batch signing');\n }\n\n const sessionId = providedSessionId ?? generateSessionId();\n const nearAccountId = rpcCall.nearAccountId;\n\n // Validate all actions in all payloads\n transactions.forEach((txPayload, txIndex) => {\n txPayload.actions.forEach((action, actionIndex) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(`Transaction ${txIndex}, Action ${actionIndex} validation failed: ${error instanceof Error ? error.message : 'Unknown error'}`);\n }\n });\n });\n\n // Retrieve encrypted key data from IndexedDB in main thread\n console.debug('WebAuthnManager: Retrieving encrypted key from IndexedDB for account:', nearAccountId);\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n\n // Normalize rpcCall to ensure required fields are present\n const resolvedRpcCall = {\n contractId: rpcCall.contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl || (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl),\n nearAccountId: rpcCall.nearAccountId,\n } as RpcCallPayload;\n\n // Confirm via VRF-driven flow before sending anything to the signer worker.\n // WrapKeySeed derivation is handled inside confirmTxFlow (handleTransactionSigningFlow),\n // which uses the same sessionId/requestId and delivers WrapKeySeed over the reserved port.\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for signing');\n }\n const confirmation = await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'transaction',\n txSigningRequests: transactions,\n rpcCall: resolvedRpcCall,\n confirmationConfigOverride,\n title,\n body,\n });\n\n const intentDigest = confirmation.intentDigest;\n const transactionContext = confirmation.transactionContext;\n const credential = confirmation.credential ? JSON.stringify(confirmation.credential) : undefined;\n\n // Create transaction signing requests\n // NOTE: nonce and blockHash are computed in confirmation flow, not here\n const txSigningRequests: TransactionPayload[] = transactions.map(tx => ({\n nearAccountId: rpcCall.nearAccountId,\n receiverId: tx.receiverId,\n actions: tx.actions\n }));\n\n // Send batch signing request to WASM worker\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.SignTransactionsWithActions,\n payload: {\n rpcCall: resolvedRpcCall,\n createdAt: Date.now(),\n decryption: {\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n },\n txSigningRequests: txSigningRequests,\n intentDigest,\n transactionContext,\n credential,\n }\n },\n onEvent,\n });\n\n if (!isSignTransactionsWithActionsSuccess(response)) {\n console.error('WebAuthnManager: Batch transaction signing failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError || 'Batch transaction signing failed');\n }\n if (!response.payload.success) {\n throw new Error(response.payload.error || 'Batch transaction signing failed');\n }\n // Extract arrays from the single result - wasmResult contains arrays of all transactions\n const signedTransactions = response.payload.signedTransactions || [];\n if (signedTransactions.length !== transactions.length) {\n throw new Error(`Expected ${transactions.length} signed transactions but received ${signedTransactions.length}`);\n }\n\n // Process results for each transaction using WASM types directly\n const results = signedTransactions.map((signedTx, index) => {\n if (!signedTx || !signedTx.transaction || !signedTx.signature) {\n throw new Error(`Incomplete signed transaction data received for transaction ${index + 1}`);\n }\n return {\n signedTransaction: new SignedTransaction({\n transaction: signedTx.transaction,\n signature: signedTx.signature,\n borsh_bytes: Array.from(signedTx.borshBytes || [])\n }),\n nearAccountId: toAccountId(nearAccountId),\n logs: response.payload.logs\n };\n });\n\n return results;\n\n } catch (error: unknown) {\n console.error('WebAuthnManager: Batch transaction signing error:', error);\n throw error;\n }\n}\n","import { normalizeRegistrationCredential } from '../../credentialsHelpers';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { isObject, assertString } from '../../../WalletIframe/validation';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { base58Encode } from '../../../../utils/base58';\n\n// Strongly typed payload expected from the WASM → JS boundary\nexport interface RegistrationCredentialConfirmationPayload {\n confirmed: boolean;\n requestId: string;\n intentDigest: string;\n credential: WebAuthnRegistrationCredential; // serialized PublicKeyCredential (no methods)\n vrfChallenge: VRFChallenge;\n transactionContext?: TransactionContext;\n error?: string;\n}\n\nfunction validateTransactionContextMaybe(input: unknown): TransactionContext | undefined {\n if (input == null) return undefined;\n if (!isObject(input)) {\n throw new Error('Invalid transactionContext: expected object');\n }\n\n const {\n nearPublicKeyStr,\n nextNonce,\n txBlockHeight,\n txBlockHash,\n accessKeyInfo,\n } = input as {\n nearPublicKeyStr?: unknown;\n nextNonce?: unknown;\n txBlockHeight?: unknown;\n txBlockHash?: unknown;\n accessKeyInfo?: unknown;\n };\n\n // Minimal structural validation; AccessKeyView is complex. Be tolerant because the WASM struct omits it.\n const normalizedNearPublicKeyStr = assertString(\n nearPublicKeyStr,\n 'transactionContext.nearPublicKeyStr',\n );\n const normalizedNextNonce = assertString(nextNonce, 'transactionContext.nextNonce');\n const normalizedTxBlockHeight = assertString(\n txBlockHeight,\n 'transactionContext.txBlockHeight',\n );\n const normalizedTxBlockHash = assertString(txBlockHash, 'transactionContext.txBlockHash');\n\n let normalizedAccessKeyInfo = accessKeyInfo as TransactionContext['accessKeyInfo'] | undefined;\n if (normalizedAccessKeyInfo != null && !isObject(normalizedAccessKeyInfo)) {\n throw new Error('Invalid transactionContext.accessKeyInfo: expected object');\n }\n if (normalizedAccessKeyInfo == null) {\n // Synthesize a minimal placeholder; not used by registration flows consuming this payload\n normalizedAccessKeyInfo = { nonce: 0 } as unknown as TransactionContext['accessKeyInfo'];\n }\n\n return {\n nearPublicKeyStr: normalizedNearPublicKeyStr,\n nextNonce: normalizedNextNonce,\n txBlockHeight: normalizedTxBlockHeight,\n txBlockHash: normalizedTxBlockHash,\n accessKeyInfo: normalizedAccessKeyInfo,\n };\n}\n\nfunction validateCredentialMaybe(input: unknown): WebAuthnRegistrationCredential | undefined {\n if (input == null) return undefined;\n\n const cred = normalizeRegistrationCredential(input);\n if (cred.type !== 'public-key') {\n throw new Error('Invalid credential.type: expected \"public-key\"');\n }\n\n const { id, rawId, response, authenticatorAttachment } = cred as {\n id?: unknown;\n rawId?: unknown;\n response?: unknown;\n authenticatorAttachment?: unknown;\n };\n\n // Core field/type validation (serialized shapes should be base64url strings)\n assertString(id, 'credential.id');\n assertString(rawId, 'credential.rawId');\n\n if (!isObject(response)) {\n throw new Error('Invalid credential.response: expected object');\n }\n\n const {\n clientDataJSON,\n attestationObject,\n transports,\n } = response as {\n clientDataJSON?: unknown;\n attestationObject?: unknown;\n transports?: unknown;\n };\n\n assertString(clientDataJSON, 'credential.response.clientDataJSON');\n assertString(attestationObject, 'credential.response.attestationObject');\n\n if (!Array.isArray(transports)) {\n throw new Error('Invalid credential.response.transports: expected string[]');\n }\n for (const t of transports) {\n if (typeof t !== 'string') {\n throw new Error('Invalid credential.response.transports item: expected string');\n }\n }\n\n if (authenticatorAttachment != null && typeof authenticatorAttachment !== 'string') {\n throw new Error('Invalid credential.authenticatorAttachment: expected string | undefined');\n }\n\n // Note: prf.results may be undefined/null here. We intentionally do NOT\n // require them at the boundary; internal callers that need PRF (e.g. key\n // derivation) will extract/compute them separately. Contract payloads must\n // not include PRF values.\n return cred;\n}\n\nfunction validateVrfChallengeMaybe(input: unknown): VRFChallenge | undefined {\n if (input == null) return undefined;\n return validateVRFChallenge(input as Parameters<typeof validateVRFChallenge>[0]);\n}\n\nexport function parseAndValidateRegistrationCredentialConfirmationPayload(\n payload: unknown,\n): RegistrationCredentialConfirmationPayload {\n\n if (!isObject(payload)) {\n throw new Error('Invalid response payload: expected object');\n }\n\n const {\n confirmed,\n requestId,\n intentDigest,\n credential,\n vrfChallenge,\n transactionContext,\n error,\n } = payload as {\n confirmed?: unknown;\n requestId?: unknown;\n intentDigest?: unknown;\n credential?: unknown;\n vrfChallenge?: unknown;\n transactionContext?: unknown;\n error?: unknown;\n };\n\n const normalizedRequestId = assertString(requestId, 'requestId');\n\n // intentDigest is only used for TX signing requests, not registration or link device requests\n const normalizedIntentDigest =\n intentDigest == null ? '' : assertString(intentDigest, 'intentDigest');\n\n const normalizedCredential =\n credential != null ? validateCredentialMaybe(credential) : undefined;\n\n if (!normalizedCredential) {\n throw new Error('Missing registration credential');\n }\n\n const normalizedVrfChallenge =\n vrfChallenge != null ? validateVrfChallengeMaybe(vrfChallenge) : undefined;\n\n if (!normalizedVrfChallenge) {\n throw new Error('Missing VRF Challenge');\n }\n\n const normalizedTransactionContext =\n transactionContext != null ? validateTransactionContextMaybe(transactionContext) : undefined;\n\n const normalizedError =\n error == null ? undefined : assertString(error, 'error');\n\n return {\n confirmed: !!confirmed,\n requestId: normalizedRequestId,\n intentDigest: normalizedIntentDigest,\n credential: normalizedCredential,\n vrfChallenge: normalizedVrfChallenge,\n transactionContext: normalizedTransactionContext,\n error: normalizedError,\n };\n}\n\nexport const ensureEd25519Prefix = (value: string) => {\n return value.startsWith('ed25519:') ? value : `ed25519:${value}`\n}\n\nexport const toPublicKeyString = (pk: DelegateActionInput['publicKey']): string => {\n if (typeof pk === 'string') {\n return pk;\n }\n return ensureEd25519Prefix(base58Encode(pk.keyData));\n};","import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../defaultConfigs';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport { toActionArgsWasm, validateActionArgsWasm } from '../../../types/actions';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { type onProgressEvents } from '../../../types/sdkSentEvents';\nimport {\n ConfirmationConfig,\n RpcCallPayload,\n WorkerRequestType,\n isSignDelegateActionSuccess,\n WasmDelegateSignResult,\n WasmSignedDelegate,\n} from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { generateSessionId } from '../sessionHandshake.js';\nimport { toPublicKeyString } from './validation';\n\n\nexport async function signDelegateAction({\n ctx,\n delegate,\n rpcCall,\n onEvent,\n confirmationConfigOverride,\n title,\n body,\n sessionId: providedSessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId?: string;\n}): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n}> {\n const sessionId = providedSessionId ?? generateSessionId();\n const nearAccountId = rpcCall.nearAccountId || delegate.senderId;\n\n const resolvedRpcCall = {\n contractId: rpcCall.contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl || (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl),\n nearAccountId,\n } as RpcCallPayload;\n\n const actionsWasm = delegate.actions.map(toActionArgsWasm);\n actionsWasm.forEach((action, actionIndex) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(\n `Delegate action ${actionIndex} validation failed: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n });\n\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for delegate signing');\n }\n\n const confirmation = await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'delegate',\n nearAccountId,\n delegate: {\n senderId: delegate.senderId || nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce,\n maxBlockHeight: delegate.maxBlockHeight,\n },\n rpcCall: resolvedRpcCall,\n confirmationConfigOverride,\n title,\n body,\n });\n\n const intentDigest = confirmation.intentDigest;\n const transactionContext = confirmation.transactionContext;\n const credential = confirmation.credential ? JSON.stringify(confirmation.credential) : undefined;\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.SignDelegateAction,\n payload: {\n rpcCall: resolvedRpcCall,\n createdAt: Date.now(),\n decryption: {\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n },\n delegate: {\n senderId: delegate.senderId || nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce.toString(),\n maxBlockHeight: delegate.maxBlockHeight.toString(),\n publicKey: toPublicKeyString(delegate.publicKey),\n },\n intentDigest,\n transactionContext,\n credential,\n },\n },\n onEvent,\n });\n\n // eslint-disable-next-line no-console\n console.debug('[WebAuthnManager][delegate] raw worker response', response);\n\n if (!isSignDelegateActionSuccess(response)) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] non-success worker response', response);\n const payloadError = (response as any)?.payload?.error;\n throw new Error(payloadError || 'Delegate action signing failed');\n }\n\n const payload = response.payload as WasmDelegateSignResult;\n if (!payload.success || !payload.signedDelegate || !payload.hash) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] invalid delegate payload', payload);\n throw new Error(payload.error || 'Delegate action signing failed');\n }\n\n return {\n signedDelegate: payload.signedDelegate,\n hash: payload.hash,\n nearAccountId: toAccountId(nearAccountId),\n logs: payload.logs,\n };\n}\n","import {\n WorkerRequestType, // from wasm worker\n isRecoverKeypairFromPasskeySuccess,\n} from '../../../types/signer-worker';\nimport type { WebAuthnAuthenticationCredential } from '../../../types/webauthn';\nimport { SignerWorkerManagerContext } from '..';\nimport { withSessionId } from './session';\n\n/**\n * Recover keypair from authentication credential for account recovery\n * Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption\n */\nexport async function recoverKeypairFromPasskey({\n ctx,\n credential,\n accountIdHint,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n credential: WebAuthnAuthenticationCredential;\n accountIdHint?: string;\n sessionId: string;\n}): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n}> {\n try {\n console.info('SignerWorkerManager: Starting dual PRF-based keypair recovery from authentication credential');\n // Accept either live PublicKeyCredential or already-serialized auth credential\n\n // Verify dual PRF outputs are available\n if (\n !credential.clientExtensionResults?.prf?.results?.first ||\n !credential.clientExtensionResults?.prf?.results?.second\n ) {\n throw new Error('Dual PRF outputs required for account recovery - both ChaCha20 and Ed25519 PRF outputs must be available');\n }\n\n if (!sessionId) throw new Error('Missing sessionId for recovery WrapKeySeed delivery');\n\n // Use generic sendMessage with specific request type for better type safety\n const response = await ctx.sendMessage<WorkerRequestType.RecoverKeypairFromPasskey>({\n sessionId,\n message: {\n type: WorkerRequestType.RecoverKeypairFromPasskey,\n payload: withSessionId(sessionId, {\n credential,\n accountIdHint,\n })\n },\n });\n\n // response is RecoverKeypairSuccessResponse | RecoverKeypairFailureResponse\n if (!isRecoverKeypairFromPasskeySuccess(response)) {\n throw new Error('Dual PRF keypair recovery failed in WASM worker');\n }\n\n const chacha20NonceB64u = response.payload.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in recovery result');\n }\n return {\n publicKey: response.payload.publicKey,\n encryptedPrivateKey: response.payload.encryptedData,\n chacha20NonceB64u,\n accountIdHint: response.payload.accountIdHint,\n wrapKeySalt: response.payload.wrapKeySalt,\n };\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: Dual PRF keypair recovery error:', error);\n throw error;\n }\n}\n","\nimport { WorkerRequestType, isExtractCosePublicKeySuccess } from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\n\n\n/**\n * Extract COSE public key from WebAuthn attestation object\n * Simple operation that doesn't require TouchID or progress updates\n */\nexport async function extractCosePublicKey({ ctx, attestationObjectBase64url }: {\n ctx: SignerWorkerManagerContext;\n attestationObjectBase64url: string;\n}): Promise<Uint8Array> {\n try {\n const response = await ctx.sendMessage<WorkerRequestType.ExtractCosePublicKey>({\n message: {\n type: WorkerRequestType.ExtractCosePublicKey,\n payload: {\n attestationObjectBase64url\n }\n }\n });\n\n if (isExtractCosePublicKeySuccess(response)) {\n return response.payload.cosePublicKeyBytes;\n } else {\n throw new Error('COSE public key extraction failed in WASM worker');\n }\n } catch (error: unknown) {\n throw error;\n }\n}\n","\nimport { SignedTransaction } from '../../../NearClient';\nimport { type ActionArgsWasm, validateActionArgsWasm } from '../../../types/actions';\nimport {\n WorkerRequestType,\n WorkerResponseType,\n WasmTransactionSignResult,\n} from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\n\n/**\n * Sign transaction with raw private key (for key replacement in Option D device linking)\n * No TouchID/PRF required - uses provided private key directly\n */\nexport async function signTransactionWithKeyPair({\n ctx,\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash,\n actions\n}: {\n ctx: SignerWorkerManagerContext;\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n}): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n}> {\n try {\n console.info('SignerWorkerManager: Starting transaction signing with provided private key');\n\n // Validate actions\n actions.forEach((action, index) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(`Action ${index} validation failed: ${error instanceof Error ? error.message : 'Unknown error'}`);\n }\n });\n\n const response = await ctx.sendMessage<WorkerRequestType.SignTransactionWithKeyPair>({\n message: {\n type: WorkerRequestType.SignTransactionWithKeyPair,\n payload: {\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash: blockHash,\n actions: actions\n }\n }\n });\n\n if (response.type !== WorkerResponseType.SignTransactionWithKeyPairSuccess) {\n console.error('SignerWorkerManager: Transaction signing with private key failed:', response);\n throw new Error('Transaction signing with private key failed');\n }\n\n const wasmResult = response.payload as WasmTransactionSignResult;\n if (!wasmResult.success) {\n throw new Error(wasmResult.error || 'Transaction signing failed');\n }\n // Extract the signed transaction\n const signedTransactions = wasmResult.signedTransactions || [];\n if (signedTransactions.length !== 1) {\n throw new Error(`Expected 1 signed transaction but received ${signedTransactions.length}`);\n }\n const signedTx = signedTransactions[0];\n if (!signedTx || !signedTx.transaction || !signedTx.signature) {\n throw new Error('Incomplete signed transaction data received');\n }\n\n const result = {\n signedTransaction: new SignedTransaction({\n transaction: signedTx.transaction,\n signature: signedTx.signature,\n borsh_bytes: Array.from(signedTx.borshBytes || [])\n }),\n logs: wasmResult.logs\n };\n\n console.debug('SignerWorkerManager: Transaction signing with private key successful');\n return result;\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: Transaction signing with private key error:', error);\n throw error;\n }\n}\n","\nimport { WorkerRequestType, isSignNep413MessageSuccess } from '../../../types/signer-worker';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { generateSessionId } from '../sessionHandshake.js';\n\n/**\n * Sign a NEP-413 message using the user's passkey-derived private key\n *\n * @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n */\nexport async function signNep413Message({ ctx, payload }: {\n ctx: SignerWorkerManagerContext;\n payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string | null;\n accountId: string;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId?: string;\n contractId?: string;\n nearRpcUrl?: string;\n };\n}): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n}> {\n try {\n const deviceNumber = await getLastLoggedInDeviceNumber(payload.accountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(payload.accountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${payload.accountId}`);\n }\n\n // Expect caller (SignerWorkerManager) to reserve a session and wire ports; just use provided sessionId\n const sessionId = payload.sessionId ?? generateSessionId();\n\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for NEP-413 signing');\n }\n\n await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'nep413',\n nearAccountId: payload.accountId,\n message: payload.message,\n recipient: payload.recipient,\n title: payload.title,\n body: payload.body,\n confirmationConfigOverride: payload.confirmationConfigOverride,\n contractId: payload.contractId,\n nearRpcUrl: payload.nearRpcUrl,\n });\n\n const response = await ctx.sendMessage<WorkerRequestType.SignNep413Message>({\n sessionId,\n message: {\n type: WorkerRequestType.SignNep413Message,\n payload: {\n message: payload.message,\n recipient: payload.recipient,\n nonce: payload.nonce,\n state: payload.state || undefined,\n accountId: payload.accountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n }\n },\n });\n\n if (!isSignNep413MessageSuccess(response)) {\n console.error('SignerWorkerManager: NEP-413 signing failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError || 'NEP-413 signing failed');\n }\n\n return {\n success: true,\n accountId: response.payload.accountId,\n publicKey: response.payload.publicKey,\n signature: response.payload.signature,\n state: response.payload.state || undefined\n };\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: NEP-413 signing error:', error);\n return {\n success: false,\n accountId: '',\n publicKey: '',\n signature: '',\n error: (error && typeof (error as { message?: unknown }).message === 'string')\n ? (error as { message: string }).message\n : 'Unknown error'\n };\n }\n}\n","import { base64UrlDecode } from '../../../../utils';\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport {\n WorkerRequestType,\n isRegisterDevice2WithDerivedKeySuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { withSessionId } from './session';\nimport { UserVerificationPolicy, toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\n\n/**\n * Combined Device2 registration flow: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n *\n * This handler orchestrates:\n * 1. Retrieving PRF.second and WrapKeySeed from session storage (delivered via MessagePort)\n * 2. Deriving NEAR ed25519 keypair from PRF.second\n * 3. Encrypting the NEAR private key with KEK (derived from WrapKeySeed + wrapKeySalt)\n * 4. Building the Device2 registration transaction (`link_device_register_user`)\n * 5. Signing the transaction with the derived NEAR keypair\n * 6. Storing encrypted key data in IndexedDB\n *\n * Security: PRF.second and WrapKeySeed never traverse the main thread - they're delivered\n * directly from VRF worker to Signer worker via MessagePort.\n */\nexport async function registerDevice2WithDerivedKey({\n ctx,\n sessionId,\n nearAccountId,\n credential,\n vrfChallenge,\n transactionContext,\n contractId,\n wrapKeySalt,\n deviceNumber,\n deterministicVrfPublicKey,\n}: {\n ctx: SignerWorkerManagerContext;\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey?: string;\n}): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n error?: string;\n}> {\n try {\n if (!sessionId) {\n throw new Error('Missing sessionId for Device2 registration');\n }\n\n console.debug('[SignerWorkerManager] Starting Device2 combined registration', {\n nearAccountId,\n sessionId,\n deviceNumber,\n });\n\n // Helper to convert base64url string to byte array (number[])\n const b64ToBytes = (s: string | undefined): number[] => {\n if (!s) return [];\n return Array.from(base64UrlDecode(s));\n };\n // Construct contractArgs in TypeScript and use JSON.stringify() here.\n // This is native to JS, extremely fast, and means the Rust worker just receives a \"dumb\" string that it can blindly convert to bytes\n const finalContractArgs = {\n vrf_data: {\n vrf_input_data: b64ToBytes(vrfChallenge.vrfInput),\n vrf_output: b64ToBytes(vrfChallenge.vrfOutput),\n vrf_proof: b64ToBytes(vrfChallenge.vrfProof),\n public_key: b64ToBytes(vrfChallenge.vrfPublicKey),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight),\n block_hash: b64ToBytes(vrfChallenge.blockHash),\n },\n webauthn_registration: credential,\n deterministic_vrf_public_key: b64ToBytes(deterministicVrfPublicKey),\n authenticator_options: {\n userVerification: toEnumUserVerificationPolicy(UserVerificationPolicy.Preferred),\n originPolicy: {\n single: undefined,\n all_subdomains: true,\n multiple: undefined,\n },\n },\n };\n\n // Build request payload for combined Device2 registration\n const response = await ctx.sendMessage<WorkerRequestType.RegisterDevice2WithDerivedKey>({\n sessionId,\n message: {\n type: WorkerRequestType.RegisterDevice2WithDerivedKey,\n payload: withSessionId(sessionId, {\n credential,\n nearAccountId,\n transactionContext: {\n txBlockHash: transactionContext.txBlockHash,\n txBlockHeight: transactionContext.txBlockHeight,\n baseNonce: transactionContext.nextNonce,\n },\n contractId,\n contractArgsJson: JSON.stringify(finalContractArgs),\n }),\n },\n });\n\n if (!isRegisterDevice2WithDerivedKeySuccess(response)) {\n throw new Error('Device2 combined registration failed');\n }\n\n const wasmResult = response.payload;\n\n console.debug('[SignerWorkerManager] Device2 registration complete, storing encrypted key');\n\n // Store encrypted NEAR key in IndexedDB\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in Device2 registration result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId,\n deviceNumber: deviceNumber ?? 2, // Default to device 2\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wasmResult.wrapKeySalt,\n version: 2,\n timestamp: Date.now(),\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n console.debug('[SignerWorkerManager] Device2 encrypted key stored successfully');\n\n return {\n success: true,\n publicKey: wasmResult.publicKey,\n signedTransaction: wasmResult.signedTransaction,\n wrapKeySalt: wasmResult.wrapKeySalt,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n };\n } catch (error: unknown) {\n console.error('[SignerWorkerManager] registerDevice2WithDerivedKey error:', error);\n const message = String((error as { message?: unknown })?.message || error || '');\n return {\n success: false,\n publicKey: '',\n signedTransaction: null,\n wrapKeySalt: '',\n error: message,\n };\n }\n}\n","import type { ConfirmationConfig } from '../../../types/signer-worker';\nimport type { VrfWorkerManagerContext } from '../';\nimport type { SecureConfirmRequest } from './types';\nimport { SecureConfirmationType } from './types';\nimport { needsExplicitActivation } from '@/utils';\n\n/**\n * determineConfirmationConfig\n *\n * Computes the effective confirmation UI behavior used by the secure‑confirmation\n * flow by merging inputs and applying safe runtime rules.\n *\n * Order of precedence (highest → lowest):\n * 1) Request‑level override (request.confirmationConfig), when explicitly set.\n * 2) User preferences stored in the wallet host (from IndexedDB via ctx.userPreferencesManager).\n * 3) Runtime safety rules (wallet‑iframe registration/link flows) that may clamp behavior.\n *\n * Wallet‑iframe registration/link safety rule:\n * - When running inside the wallet-iframe host context, always clamp registration/link flows to\n * `{ uiMode: 'modal', behavior: 'requireClick' }` so the user activation happens inside the iframe.\n * This intentionally overrides both user preferences and request-level overrides.\n *\n * Notes\n * - The function is pure (does not mutate the input object) and safe to call multiple times.\n * - Theme and unrelated visual options are preserved in all cases.\n */\nexport function determineConfirmationConfig(\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest | undefined,\n): ConfirmationConfig {\n\n // Merge request‑level override over user preferences\n // Important: drop undefined/null fields from the override so they don't clobber\n // persisted preferences (e.g., behavior) with an undefined value.\n const configBase = ctx.userPreferencesManager.getConfirmationConfig();\n const rawOverride = (request?.confirmationConfig || {}) as Partial<ConfirmationConfig>;\n const cleanedOverride = Object.fromEntries(\n Object.entries(rawOverride).filter(([, v]) => v !== undefined && v !== null)\n ) as Partial<ConfirmationConfig>;\n let cfg: ConfirmationConfig = { ...configBase, ...cleanedOverride } as ConfirmationConfig;\n\n // Normalize theme default\n cfg = { ...cfg, theme: cfg.theme || 'dark' } as ConfirmationConfig;\n // Default decrypt-private-key confirmations to 'skip' UI. The flow collects\n // WebAuthn credentials silently and the worker may follow up with a\n // SHOW_SECURE_PRIVATE_KEY_UI request to display the key.\n if (request?.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n return {\n uiMode: 'skip',\n behavior: cfg.behavior,\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme || 'dark',\n // container selection handled by uiMode only\n } as ConfirmationConfig;\n }\n // Detect if running inside an iframe (wallet host context)\n const inIframe = (() => window.self !== window.top)();\n\n // On Safari/iOS or mobile devices without a fresh user activation,\n // clamp to a clickable UI to reliably satisfy WebAuthn requirements.\n // - If caller/user set uiMode: 'skip', promote to 'modal' + requireClick\n // - If behavior is 'autoProceed', upgrade to 'requireClick'\n // Use shared heuristic to decide if explicit activation is necessary\n if (needsExplicitActivation()) {\n const newUiMode: ConfirmationConfig['uiMode'] = (cfg.uiMode === 'skip') ? 'drawer' : cfg.uiMode;\n cfg = {\n ...cfg,\n uiMode: newUiMode,\n behavior: 'requireClick',\n } as ConfirmationConfig;\n }\n\n // In wallet‑iframe host context: registration/link flows default to an explicit click.\n // However, if the effective config explicitly opts into auto‑proceed (or skip), honor it.\n if (\n inIframe &&\n request?.type &&\n (request.type === SecureConfirmationType.REGISTER_ACCOUNT || request.type === SecureConfirmationType.LINK_DEVICE)\n ) {\n // Cross‑origin registration/link flows: always require a visible, clickable confirmation\n // so the click lands inside the wallet iframe and satisfies WebAuthn activation.\n return {\n uiMode: 'modal',\n behavior: 'requireClick',\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme || 'dark',\n } as ConfirmationConfig;\n }\n\n // Otherwise honor caller/user configuration\n return cfg;\n}\n","import type { SecureConfirmRequest } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport { isObject, isString } from '@/core/WalletIframe/validation';\n\n/**\n * Validates secure-confirm requests (V2 only).\n * This deliberately does not accept JSON strings or shorthand/legacy shapes.\n */\nexport function validateSecureConfirmRequest(input: unknown): SecureConfirmRequest {\n if (typeof input === 'string') {\n throw new Error('Invalid secure confirm request: expected an object (JSON strings are not supported)');\n }\n if (!isObject(input)) throw new Error('parsed is not an object');\n const p = input as {\n schemaVersion?: unknown;\n requestId?: unknown;\n type?: unknown;\n summary?: unknown;\n payload?: unknown;\n };\n if (p.schemaVersion !== 2) throw new Error('schemaVersion must be 2');\n if (!isString(p.requestId) || !p.requestId) throw new Error('missing requestId');\n if (!isString(p.type) || !p.type) throw new Error('missing type');\n if (p.summary === undefined || p.summary === null) throw new Error('missing summary');\n if (p.payload === undefined || p.payload === null) throw new Error('missing payload');\n return input as unknown as SecureConfirmRequest;\n}\n\nexport function assertNoForbiddenMainThreadSigningSecrets(request: SecureConfirmRequest): void {\n if (\n request.type !== SecureConfirmationType.SIGN_TRANSACTION\n && request.type !== SecureConfirmationType.SIGN_NEP413_MESSAGE\n ) {\n return;\n }\n\n const payload: any = (request as any).payload || {};\n if (payload.prfOutput !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field prfOutput');\n }\n if (payload.wrapKeySeed !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySeed');\n }\n if (payload.wrapKeySalt !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySalt');\n }\n if (payload.vrf_sk !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field vrf_sk');\n }\n}\n","import type { VrfWorkerManagerContext } from '../';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { determineConfirmationConfig } from './determineConfirmationConfig';\nimport {\n TransactionSummary,\n SecureConfirmMessageType,\n SecureConfirmRequest,\n SecureConfirmationType,\n} from './types';\nimport { errorMessage, toError } from '../../../../utils/errors';\nimport {\n parseTransactionSummary,\n getIntentDigest,\n sendConfirmResponse,\n sanitizeForPostMessage,\n} from './flows';\nimport {\n assertNoForbiddenMainThreadSigningSecrets,\n validateSecureConfirmRequest,\n} from './adapters/requestAdapter';\nimport type {\n LocalOnlySecureConfirmRequest,\n RegistrationSecureConfirmRequest,\n SigningSecureConfirmRequest,\n} from './types';\n\n/**\n * Handles secure confirmation requests from the worker with robust error handling\n * => SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD\n * and proper data validation. Supports both transaction and registration confirmation flows.\n */\nexport async function handlePromptUserConfirmInJsMainThread(\n ctx: VrfWorkerManagerContext,\n message: {\n type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD,\n data: SecureConfirmRequest,\n },\n worker: Worker\n): Promise<void> {\n\n // 1. Validate and parse request\n let request: SecureConfirmRequest;\n let confirmationConfig: ConfirmationConfig;\n let transactionSummary: TransactionSummary;\n\n try {\n\n request = validateSecureConfirmRequest(message.data);\n assertNoForbiddenMainThreadSigningSecrets(request);\n confirmationConfig = determineConfirmationConfig(ctx, request);\n\n const parsedSummary = parseTransactionSummary(request.summary);\n const intentDigest = getIntentDigest(request);\n\n transactionSummary = sanitizeForPostMessage({\n ...parsedSummary,\n ...(intentDigest ? { intentDigest } : {}),\n }) as TransactionSummary;\n\n } catch (e: unknown) {\n\n console.error('[SecureConfirm][Host] validateAndParseRequest failed', e);\n // Attempt to send a structured error back to the worker to avoid hard failure\n try {\n const rid = (message?.data as any)?.requestId;\n if (typeof rid === 'string' && rid) {\n sendConfirmResponse(worker, {\n requestId: rid,\n confirmed: false,\n error: errorMessage(e) || 'Invalid secure confirm request',\n });\n return;\n }\n } catch (_err: unknown) {\n throw toError(e);\n }\n throw toError(e);\n }\n\n const handler = HANDLERS[request.type];\n if (!handler) {\n // Unsupported type fallback: return structured error to worker.\n sendConfirmResponse(worker, {\n requestId: request.requestId,\n confirmed: false,\n error: 'Unsupported secure confirmation type'\n });\n return;\n }\n\n await handler({ ctx, request, worker, confirmationConfig, transactionSummary });\n}\n\ntype HandlerArgs = {\n ctx: VrfWorkerManagerContext;\n request: SecureConfirmRequest;\n worker: Worker;\n confirmationConfig: ConfirmationConfig;\n transactionSummary: TransactionSummary;\n};\n\ntype Handler = (args: HandlerArgs) => Promise<void>;\n\nasync function importFlow<T>(label: string, loader: () => Promise<T>): Promise<T> {\n try {\n return await loader();\n } catch (e) {\n console.error(`[SecureConfirm][Host] failed to import ${label} flow module`, e);\n throw e;\n }\n}\n\nconst HANDLERS: Partial<Record<SecureConfirmationType, Handler>> = {\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.REGISTER_ACCOUNT]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.LINK_DEVICE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_TRANSACTION]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n};\n","import {\n SecureConfirmMessageType,\n SecureConfirmRequest,\n SecureConfirmDecision,\n} from './confirmTxFlow/types';\nimport { handlePromptUserConfirmInJsMainThread } from './confirmTxFlow';\nimport type { VrfWorkerManagerContext } from '.';\n\n/**\n * VRF-side helper to run confirmTxFlow directly from JS without going through a worker.\n * Useful while VRF-driven flows migrate off the signer worker.\n *\n * Returns the USER_PASSKEY_CONFIRM_RESPONSE data once the flow completes.\n */\nexport async function runSecureConfirm(\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest\n): Promise<SecureConfirmDecision> {\n return new Promise<SecureConfirmDecision>((resolve, reject) => {\n // Minimal Worker-like object to capture the response\n const worker = {\n postMessage: (msg: any) => {\n if (msg?.type === SecureConfirmMessageType.USER_PASSKEY_CONFIRM_RESPONSE) {\n resolve(msg.data as SecureConfirmDecision);\n }\n }\n } as unknown as Worker;\n\n handlePromptUserConfirmInJsMainThread(\n ctx,\n { type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD, data: request },\n worker\n ).catch(reject);\n });\n}\n","import { isObject } from '../../../WalletIframe/validation';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { runSecureConfirm } from '../../VrfWorkerManager/secureConfirmBridge';\nimport { SecureConfirmationType } from '../../VrfWorkerManager/confirmTxFlow/types';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\n\n/**\n * Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker\n * - Decrypt inside signer worker (session-bound)\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\nexport async function exportNearKeypairUi({\n ctx,\n nearAccountId,\n variant,\n theme,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n nearAccountId: AccountId;\n variant?: 'drawer' | 'modal';\n theme?: 'dark' | 'light';\n sessionId: string;\n}): Promise<void> {\n const accountId = toAccountId(nearAccountId);\n\n // Gather encrypted key + ChaCha20 nonce and public key from IndexedDB\n const deviceNumber = await getLastLoggedInDeviceNumber(accountId, ctx.indexedDB.clientDB);\n const [keyData, user] = await Promise.all([\n ctx.indexedDB.nearKeysDB.getEncryptedKey(accountId, deviceNumber),\n ctx.indexedDB.clientDB.getUserByDevice(accountId, deviceNumber),\n ]);\n const publicKey = user?.clientNearPublicKey || '';\n if (!keyData || !publicKey) {\n throw new Error('Missing local key material for export. Re-register to upgrade vault.');\n }\n\n // Decrypt inside signer worker using the reserved session\n const response = await ctx.sendMessage<WorkerRequestType.DecryptPrivateKeyWithPrf>({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: {\n nearAccountId: accountId,\n encryptedPrivateKeyData: keyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: keyData.chacha20NonceB64u,\n },\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Export decrypt failed:', response);\n const payloadError = isObject(response?.payload) && response?.payload?.error;\n const msg = String(payloadError || 'Export decrypt failed');\n throw new Error(msg);\n }\n\n const privateKey = response.payload.privateKey;\n\n // Phase 2: show secure UI (VRF-driven viewer)\n const showReq = {\n schemaVersion: 2 as const,\n requestId: sessionId,\n type: SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI,\n summary: {\n operation: 'Export Private Key' as const,\n accountId,\n publicKey,\n warning: 'Anyone with your private key can fully control your account. Never share it.',\n },\n payload: {\n nearAccountId: accountId,\n publicKey,\n privateKey,\n variant,\n theme,\n },\n };\n await runSecureConfirm(ctx, showReq);\n}\n","import { SIGNER_WORKER_MANAGER_CONFIG } from \"../../../config\";\nimport { ClientAuthenticatorData, UnifiedIndexedDBManager } from '../../IndexedDBManager';\nimport { IndexedDBManager } from '../../IndexedDBManager';\nimport { SignedTransaction, type NearClient } from '../../NearClient';\nimport { isObject } from '../../WalletIframe/validation';\nimport { resolveWorkerUrl } from '../../sdkPaths';\nimport {\n WorkerRequestType,\n WorkerResponseForRequest,\n isWorkerProgress,\n isWorkerError,\n isWorkerSuccess,\n WorkerProgressResponse,\n WorkerErrorResponse,\n WorkerRequestTypeMap,\n} from '../../types/signer-worker';\nimport { VrfWorkerManager } from '../VrfWorkerManager';\nimport { VRFChallenge } from '../../types/vrf-worker';\nimport type { ActionArgsWasm, TransactionInputWasm } from '../../types/actions';\nimport type { DelegateActionInput } from '../../types/delegate';\nimport type { onProgressEvents } from '../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../types/authenticatorOptions';\nimport { AccountId } from \"../../types/accountIds\";\nimport { TransactionContext } from '../../types/rpc';\nimport {\n ConfirmationConfig,\n WasmSignedDelegate,\n} from '../../types/signer-worker';\nimport { TouchIdPrompt } from \"../touchIdPrompt\";\nimport { isSignerWorkerControlMessage } from './sessionMessages';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\nimport {\n decryptPrivateKeyWithPrf,\n checkCanRegisterUser,\n signTransactionsWithActions,\n recoverKeypairFromPasskey,\n extractCosePublicKey,\n signTransactionWithKeyPair,\n signNep413Message,\n deriveNearKeypairAndEncryptFromSerialized,\n signDelegateAction,\n registerDevice2WithDerivedKey,\n exportNearKeypairUi,\n} from './handlers';\nimport { RpcCallPayload } from '../../types/signer-worker';\nimport { UserPreferencesManager } from '../userPreferences';\nimport { NonceManager } from '../../nonceManager';\nimport { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../types';\nimport { toError } from '@/utils/errors';\nimport { withSessionId } from './handlers/session';\nimport { attachSessionPort } from './sessionHandshake.js';\n\ntype WithOptionalSessionId<T> = T extends { sessionId: string }\n ? Omit<T, 'sessionId'> & { sessionId?: string }\n : T;\n\ntype SigningSessionEntry = {\n worker: Worker;\n wrapKeySeedPort?: MessagePort;\n createdAt: number;\n};\n\nexport interface SignerWorkerManagerContext {\n touchIdPrompt: TouchIdPrompt;\n nearClient: NearClient;\n indexedDB: UnifiedIndexedDBManager;\n userPreferencesManager: UserPreferencesManager;\n nonceManager: NonceManager;\n rpIdOverride?: string;\n nearExplorerUrl?: string;\n vrfWorkerManager?: VrfWorkerManager;\n sendMessage: <T extends keyof WorkerRequestTypeMap>(args: {\n message: {\n type: T;\n payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']>;\n };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n sessionId?: string;\n }) => Promise<WorkerResponseForRequest<T>>;\n};\n\n/**\n * WebAuthnWorkers handles PRF, workers, and COSE operations\n *\n * Note: Challenge store removed as VRF provides cryptographic freshness\n * without needing centralized challenge management\n */\nexport class SignerWorkerManager {\n\n private indexedDB: UnifiedIndexedDBManager;\n private touchIdPrompt: TouchIdPrompt;\n private vrfWorkerManager: VrfWorkerManager;\n private nearClient: NearClient;\n private userPreferencesManager: UserPreferencesManager;\n private nonceManager: NonceManager;\n private workerBaseOrigin: string | undefined;\n private nearExplorerUrl?: string;\n\n constructor(\n vrfWorkerManager: VrfWorkerManager,\n nearClient: NearClient,\n userPreferencesManager: UserPreferencesManager,\n nonceManager: NonceManager,\n rpIdOverride?: string,\n enableSafariGetWebauthnRegistrationFallback: boolean = true,\n nearExplorerUrl?: string,\n ) {\n this.indexedDB = IndexedDBManager;\n this.touchIdPrompt = new TouchIdPrompt(rpIdOverride, enableSafariGetWebauthnRegistrationFallback);\n this.vrfWorkerManager = vrfWorkerManager;\n this.nearClient = nearClient;\n this.userPreferencesManager = userPreferencesManager;\n this.nonceManager = nonceManager;\n this.nearExplorerUrl = nearExplorerUrl;\n }\n\n setWorkerBaseOrigin(origin: string | undefined): void {\n this.workerBaseOrigin = origin;\n }\n\n getContext(): SignerWorkerManagerContext {\n return {\n sendMessage: this.sendMessage.bind(this), // bind to access this.createSecureWorker\n indexedDB: this.indexedDB,\n touchIdPrompt: this.touchIdPrompt,\n vrfWorkerManager: this.vrfWorkerManager,\n nearClient: this.nearClient,\n userPreferencesManager: this.userPreferencesManager,\n nonceManager: this.nonceManager,\n rpIdOverride: this.touchIdPrompt.getRpId(),\n nearExplorerUrl: this.nearExplorerUrl,\n };\n }\n\n createSecureWorker(): Worker {\n const workerUrlStr = resolveWorkerUrl(\n SIGNER_WORKER_MANAGER_CONFIG.WORKER.URL,\n { worker: 'signer', baseOrigin: this.workerBaseOrigin }\n )\n try {\n const worker = new Worker(workerUrlStr, {\n type: SIGNER_WORKER_MANAGER_CONFIG.WORKER.TYPE,\n name: SIGNER_WORKER_MANAGER_CONFIG.WORKER.NAME\n });\n // minimal error handler in tests; avoid noisy logs\n worker.onerror = () => {};\n return worker;\n } catch (error) {\n // Do not silently downgrade to same‑origin. Cross‑origin workers must be\n // resolvable under the configured wallet origin with proper headers.\n // Surface a precise error so tests assert the real path.\n const msg = error instanceof Error ? error.message : String(error);\n throw new Error(`Failed to create secure worker: ${msg}`);\n }\n }\n\n /**\n * Executes a worker operation by sending a message to the secure worker.\n * Handles progress updates via onEvent callback, supports both single and multiple response patterns.\n * Intercepts secure confirmation handshake messages for pluggable UI.\n * Resolves with the final worker response or rejects on error/timeout.\n *\n * @template T - Worker request type.\n * @param params.message - The message to send to the worker.\n * @param params.onEvent - Optional callback for progress events.\n * @param params.timeoutMs - Optional timeout in milliseconds.\n * @returns Promise resolving to the worker response for the request.\n */\n private workerPool: Worker[] = [];\n private readonly MAX_WORKER_POOL_SIZE = 3; // Increased for security model\n // Map of active signing sessions to reserved workers and optional WrapKeySeed ports\n private signingSessions: Map<string, SigningSessionEntry> = new Map();\n private readonly SIGNING_SESSION_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\n\n private getWorkerFromPool(): Worker {\n if (this.workerPool.length > 0) {\n return this.workerPool.pop()!;\n }\n return this.createSecureWorker();\n }\n\n private terminateAndReplaceWorker(worker: Worker): void {\n // Always terminate workers to clear memory\n worker.terminate();\n // Asynchronously create a replacement worker for the pool\n this.createReplacementWorker();\n }\n\n /**\n * Reserve a signer worker \"session\"\n *\n * What this does:\n * - Reserves a specific `Worker` instance from the pool and pins it to `sessionId`.\n * - Ensures the signer worker has a dedicated `MessagePort` attached for receiving `WrapKeySeed`\n * from the VRF worker (VRF → Signer channel).\n *\n * Port wiring:\n * - The VRF worker retains one end of a `MessageChannel` and the signer worker receives the other.\n * - This method attaches the signer-facing port via a control message (`ATTACH_WRAP_KEY_SEED_PORT`)\n * and waits for an ACK (`ATTACH_WRAP_KEY_SEED_PORT_OK`) before exposing the session.\n *\n * @param sessionId - Session identifier used to correlate MessagePorts + ready signals.\n * @param opts.signerPort - Optional signer-facing `MessagePort` created/owned by the caller (VRF-created channel).\n * If omitted, this method creates a fresh `MessageChannel` and returns `vrfPort` so the\n * caller can transfer it to the VRF worker.\n * @returns `{ worker, signerPort, vrfPort }` where `vrfPort` is only present when we created the channel here.\n */\n async reserveSignerWorkerSession(sessionId: string, opts?: { signerPort?: MessagePort }): Promise<{ worker: Worker; signerPort?: MessagePort; vrfPort?: MessagePort }> {\n if (this.signingSessions.has(sessionId)) {\n throw new Error(`Signing session already exists for id: ${sessionId}`);\n }\n // Reserve a worker from the pool for this sessionId.\n const worker = this.getWorkerFromPool();\n let signerPort = opts?.signerPort;\n let vrfPort: MessagePort | undefined;\n if (!signerPort) {\n // If caller did not provide a signer-facing port, create a channel.\n // - port1 => signer worker (receiver)\n // - port2 => VRF worker (sender) returned to caller\n const channel = new MessageChannel();\n signerPort = channel.port1;\n vrfPort = channel.port2;\n }\n\n // Attach the signerPort to the worker and wait for ACK before adding to signingSessions\n try {\n if (!signerPort) {\n throw new Error('Missing signerPort for signing session');\n }\n\n // Use centralized handshake logic (registers listener, sends message, waits for ACK)\n await attachSessionPort(worker, sessionId, signerPort);\n\n // Only add to signingSessions after successful attachment\n // (prevents callers from observing a session that can't receive WrapKeySeed yet).\n this.signingSessions.set(sessionId, {\n worker,\n wrapKeySeedPort: signerPort,\n createdAt: Date.now(),\n });\n\n } catch (err) {\n console.error('[SignerWorkerManager]: Failed to attach WrapKeySeed port to signer worker', err);\n // Best-effort cleanup\n try { signerPort?.close(); } catch {}\n try { vrfPort?.close(); } catch {}\n this.terminateAndReplaceWorker(worker);\n this.signingSessions.delete(sessionId);\n throw err;\n }\n return { worker, signerPort, vrfPort };\n }\n\n /**\n * Release a signing session: close ports and terminate/replace the worker to zeroize state.\n */\n releaseSigningSession(sessionId: string): void {\n const entry = this.signingSessions.get(sessionId);\n if (!entry) return;\n try { entry.wrapKeySeedPort?.close() } catch {}\n try { this.terminateAndReplaceWorker(entry.worker) } catch {}\n this.signingSessions.delete(sessionId);\n }\n\n /**\n * Sweep expired signing sessions based on createdAt and timeout.\n */\n sweepExpiredSigningSessions(): void {\n const now = Date.now();\n for (const [sessionId, entry] of this.signingSessions.entries()) {\n if (now - entry.createdAt > this.SIGNING_SESSION_TIMEOUT_MS) {\n this.releaseSigningSession(sessionId);\n }\n }\n }\n\n private async createReplacementWorker(): Promise<void> {\n try {\n const worker = this.createSecureWorker();\n\n // Simple health check\n const healthPromise = new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => reject(new Error('Health check timeout')), 5000);\n\n const onMessage = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY || event.data?.ready) {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n resolve();\n }\n };\n\n worker.addEventListener('message', onMessage);\n worker.onerror = () => {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n reject(new Error('Worker error during health check'));\n };\n });\n\n await healthPromise;\n\n if (this.workerPool.length < this.MAX_WORKER_POOL_SIZE) {\n this.workerPool.push(worker);\n } else {\n worker.terminate();\n }\n } catch (error: unknown) {\n console.warn('SignerWorkerManager: Failed to create replacement worker:', error);\n }\n }\n\n /**\n * Pre-warm worker pool by creating and initializing workers in advance\n * This reduces latency for the first transaction by having workers ready\n */\n async preWarmWorkerPool(): Promise<void> {\n const promises: Promise<void>[] = [];\n\n for (let i = 0; i < this.MAX_WORKER_POOL_SIZE; i++) {\n promises.push(\n new Promise<void>((resolve, reject) => {\n try {\n const worker = this.createSecureWorker();\n\n // Set up one-time ready handler\n const onReady = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY || event.data?.ready) {\n worker.removeEventListener('message', onReady);\n this.terminateAndReplaceWorker(worker);\n resolve();\n }\n };\n\n worker.addEventListener('message', onReady);\n\n // Set up error handler\n worker.onerror = (error) => {\n worker.removeEventListener('message', onReady);\n console.error(`WebAuthnManager: Worker ${i + 1} pre-warm failed:`, error);\n reject(error);\n };\n\n // Timeout after 5 seconds\n setTimeout(() => {\n worker.removeEventListener('message', onReady);\n // Pre-warm timeouts are benign; workers will be created on-demand later.\n // console.debug(`WebAuthnManager: Worker ${i + 1} pre-warm timeout`);\n reject(new Error('Pre-warm timeout'));\n }, 5000);\n\n } catch (error: unknown) {\n console.error(`WebAuthnManager: Failed to create worker ${i + 1}:`, error);\n reject(toError(error));\n }\n })\n );\n }\n\n try {\n await Promise.allSettled(promises);\n } catch (error: unknown) {\n console.warn('WebAuthnManager: Some workers failed to pre-warm:', error);\n }\n }\n\n private async sendMessage<T extends WorkerRequestType>({\n sessionId,\n message,\n onEvent,\n timeoutMs = SIGNER_WORKER_MANAGER_CONFIG.TIMEOUTS.DEFAULT, // 60s\n }: {\n sessionId?: string;\n message: { type: T; payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']> };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n }): Promise<WorkerResponseForRequest<T>> {\n\n // Clean up any expired signing sessions before allocating a worker\n this.sweepExpiredSigningSessions();\n\n const payloadSessionId = (message.payload as any)?.sessionId as string | undefined;\n if (sessionId && payloadSessionId && payloadSessionId !== sessionId) {\n throw new Error(\n `sendMessage: payload.sessionId (${payloadSessionId}) does not match provided sessionId (${sessionId})`\n );\n }\n\n const effectiveSessionId = sessionId || payloadSessionId;\n const sessionEntry = effectiveSessionId ? this.signingSessions.get(effectiveSessionId) : undefined;\n if (effectiveSessionId && !sessionEntry) {\n throw new Error(`Signing session not found for id: ${effectiveSessionId}`);\n }\n\n // Normalize/inject sessionId into payload once to avoid duplication at call sites.\n const finalPayload = effectiveSessionId\n ? withSessionId(effectiveSessionId, message.payload)\n : (message.payload);\n\n const worker = sessionEntry ? sessionEntry.worker : this.getWorkerFromPool();\n const isSessionWorker = !!sessionEntry;\n\n return new Promise((resolve, reject) => {\n const timeoutId = setTimeout(() => {\n try {\n if (isSessionWorker && effectiveSessionId) {\n // Release reserved session to avoid leaking worker/port\n this.releaseSigningSession(effectiveSessionId);\n } else {\n this.terminateAndReplaceWorker(worker);\n }\n } catch {}\n // Notify any open modal host to transition to error state\n try {\n const seconds = Math.round(timeoutMs / 1000);\n window.postMessage({ type: 'MODAL_TIMEOUT', payload: `Timed out after ${seconds}s, try again` }, '*');\n } catch {}\n reject(new Error(`Worker operation timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n\n const responses: WorkerResponseForRequest<T>[] = [];\n\n worker.onmessage = async (event) => {\n try {\n // Ignore control messages (lifecycle/session setup) – they are handled elsewhere.\n if (isSignerWorkerControlMessage(event?.data)) {\n return;\n }\n // Ignore readiness pings that can arrive if a worker was just spawned\n if (event?.data?.type === WorkerControlMessage.WORKER_READY || event?.data?.ready) {\n return; // not a response to an operation\n }\n // Use strong typing from WASM-generated types\n const response = event.data as WorkerResponseForRequest<T>;\n responses.push(response);\n\n // Handle progress updates using WASM-generated numeric enum values\n if (isWorkerProgress(response)) {\n const progressResponse = response as WorkerProgressResponse;\n onEvent?.(progressResponse.payload as onProgressEvents);\n return; // Continue listening for more messages\n }\n\n // Handle errors using WASM-generated enum\n if (isWorkerError(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorResponse = response as WorkerErrorResponse;\n console.error('Worker error response:', errorResponse);\n reject(new Error(errorResponse.payload.error));\n return;\n }\n\n // Handle successful completion types using strong typing\n if (isWorkerSuccess(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n resolve(response as WorkerResponseForRequest<T>);\n return;\n }\n\n // If we reach here, the response doesn't match any expected type\n console.error('Unexpected worker response format:', {\n response,\n });\n\n // Check if it's a generic Error object\n if (isObject(response) && 'message' in response && 'stack' in response) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Worker sent generic Error object:', response);\n reject(new Error(`Worker sent generic error: ${(response as Error).message}`));\n return;\n }\n\n // Unknown response format\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n reject(new Error(`Unknown worker response format: ${JSON.stringify(response)}`));\n } catch (error: unknown) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Error processing worker message:', error);\n const err = toError(error);\n reject(new Error(`Worker message processing error: ${err.message}`));\n }\n };\n\n worker.onerror = (event) => {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorMessage = event.error?.message || event.message || 'Unknown worker error';\n console.error('Worker error details (progress):', {\n message: errorMessage,\n filename: event.filename,\n lineno: event.lineno,\n colno: event.colno,\n error: event.error\n });\n reject(new Error(`Worker error: ${errorMessage}`));\n };\n\n // Format message for Rust SignerWorkerMessage structure using WASM types\n const formattedMessage = {\n type: message.type, // Numeric enum value from WorkerRequestType\n payload: finalPayload,\n };\n\n worker.postMessage(formattedMessage);\n });\n }\n\n /**\n * Derive NEAR keypair from a serialized WebAuthn registration credential\n */\n async deriveNearKeypairAndEncryptFromSerialized(args: {\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId;\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n }): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n }> {\n return deriveNearKeypairAndEncryptFromSerialized({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Secure private key decryption with dual PRF\n */\n async decryptPrivateKeyWithPrf(args: {\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n }): Promise<{\n decryptedPrivateKey: string;\n nearAccountId: AccountId\n }> {\n return decryptPrivateKeyWithPrf({ ctx: this.getContext(), ...args });\n }\n\n async checkCanRegisterUser(args: {\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n }): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: unknown;\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n }> {\n return checkCanRegisterUser({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Combined Device2 registration: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n *\n * This replaces the old two-step flow (register → authenticate → sign).\n * PRF.second and WrapKeySeed are already in the signer worker via MessagePort.\n */\n async registerDevice2WithDerivedKey(args: {\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey: string;\n }): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n error?: string;\n }> {\n return registerDevice2WithDerivedKey({ ctx: this.getContext(), ...args });\n }\n\n // === ACTION-BASED SIGNING METHODS ===\n\n /**\n * Sign multiple transactions with shared VRF challenge and credential\n * Efficiently processes multiple transactions with one PRF authentication\n */\n async signTransactionsWithActions(args: {\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload,\n onEvent?: (update: onProgressEvents) => void,\n confirmationConfigOverride?: Partial<ConfirmationConfig>,\n title?: string;\n body?: string;\n sessionId: string,\n }): Promise<Array<{\n signedTransaction: SignedTransaction;\n nearAccountId: AccountId;\n logs?: string[]\n }>> {\n return signTransactionsWithActions({\n ctx: this.getContext(),\n ...args\n });\n }\n\n async signDelegateAction(args: {\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId: string;\n }): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n }> {\n return signDelegateAction({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Recover keypair from authentication credential for account recovery\n * Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption\n */\n async recoverKeypairFromPasskey(args: {\n credential: WebAuthnAuthenticationCredential;\n accountIdHint?: string;\n sessionId: string,\n }): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /** Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for encrypted key */\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n }> {\n return recoverKeypairFromPasskey({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Extract COSE public key from WebAuthn attestation object\n * Simple operation that doesn't require TouchID or progress updates\n */\n async extractCosePublicKey(attestationObjectBase64url: string): Promise<Uint8Array> {\n return extractCosePublicKey({ ctx: this.getContext(), attestationObjectBase64url });\n }\n\n /**\n * Sign transaction with raw private key (for key replacement in Option D device linking)\n * No TouchID/PRF required - uses provided private key directly\n */\n async signTransactionWithKeyPair(args: {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n }): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n }> {\n return signTransactionWithKeyPair({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Sign a NEP-413 message using the user's passkey-derived private key\n *\n * @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n */\n async signNep413Message(payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string | null;\n accountId: string;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId: string;\n contractId?: string;\n nearRpcUrl?: string;\n }): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n }> {\n return signNep413Message({\n ctx: this.getContext(),\n payload\n });\n }\n\n /**\n * Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip')\n * - Decrypt inside worker\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\n async exportNearKeypairUi(args: {\n nearAccountId: AccountId,\n variant?: 'drawer'|'modal',\n theme?: 'dark'|'light',\n sessionId: string,\n }): Promise<void> {\n return exportNearKeypairUi({ ctx: this.getContext(), ...args });\n }\n\n}\n","import type { VRFWorkerMessage, VRFWorkerStatus, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport { toAccountId } from '../../../types/accountIds';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * \"Global\" VRF status: is the VRF keypair currently unlocked/active inside the VRF worker?\n *\n * This is NOT the same as a signing session status (WrapKeySeed session gating).\n * For per-`sessionId` signing-session status, use `checkSessionStatus`.\n */\nexport async function checkVrfStatus(ctx: VrfWorkerManagerHandlerContext): Promise<VRFWorkerStatus> {\n try {\n await ctx.ensureWorkerReady();\n } catch {\n // If initialization fails, return inactive status\n return { active: false, nearAccountId: null };\n }\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CHECK_VRF_STATUS',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success && response.data) {\n const data = response.data as { active: boolean; sessionDuration?: number };\n const current = ctx.getCurrentVrfAccountId();\n return {\n active: data.active,\n nearAccountId: current ? toAccountId(current) : null,\n sessionDuration: data.sessionDuration\n };\n }\n\n return { active: false, nearAccountId: null };\n } catch (error) {\n console.warn('VRF Manager: Failed to get VRF status:', error);\n return { active: false, nearAccountId: null };\n }\n}\n","import type { VRFWorkerMessage, WasmClearSessionRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Best-effort cleanup for a single VRF-owned signing session.\n *\n * Clears any VRF worker state bound to `sessionId`:\n * - cached WrapKeySeed session material (TTL/uses),\n * - cached VRF challenge (used for contract verification),\n * - and any attached WrapKeySeed MessagePort.\n *\n * Used by UI \"Lock\" actions and as a safety valve for session lifecycle cleanup.\n */\nexport async function clearSession(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n clearedSession: boolean;\n clearedChallenge: boolean;\n clearedPort: boolean;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmClearSessionRequest> = {\n type: 'CLEAR_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmClearSessionRequest>(message);\n if (!response.success) {\n throw new Error(`clearSession failed: ${response.error}`);\n }\n return (response.data as any) || {\n sessionId: args.sessionId,\n clearedSession: false,\n clearedChallenge: false,\n clearedPort: false,\n };\n}\n","import type { VRFWorkerMessage, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Full VRF logout: zeroize the in-memory VRF keypair and clear all VRF worker caches.\n *\n * This differs from `clearSession`, which only clears a single signing session (`sessionId`).\n * Use this when the user explicitly logs out / locks the VRF keypair.\n */\nexport async function clearVrfSession(ctx: VrfWorkerManagerHandlerContext): Promise<void> {\n console.debug('VRF Manager: Clearing VRF session...');\n\n await ctx.ensureWorkerReady();\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CLEAR_VRF',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success) {\n // Clear the TypeScript-tracked account ID\n ctx.setCurrentVrfAccountId(null);\n console.debug('VRF Manager: VRF session cleared (key material zeroized)');\n } else {\n console.warn('️VRF Manager: Clear VRF failed:', response.error);\n }\n } catch (error) {\n console.warn('VRF Manager: Clear VRF error:', error);\n }\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type { EncryptedVRFKeypair, VRFWorkerMessage, WasmDevice2RegistrationSessionRequest } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Kick off the SecureConfirm flow for Device2 registration (\"link device\") and return the confirmed result.\n *\n * This is a bundled orchestration that can:\n * - collect a registration credential (PRF-capable),\n * - derive a deterministic VRF keypair for the new device,\n * - and return the data needed for storage + subsequent signing steps (tx context, VRF challenge, etc.).\n */\nexport async function confirmAndDeriveDevice2RegistrationSession(\n ctx: VrfWorkerManagerHandlerContext,\n params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }\n): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n}> {\n await ctx.ensureWorkerReady(true);\n\n const message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest> = {\n type: 'DEVICE2_REGISTRATION_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: params.sessionId,\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n contractId: params.contractId,\n nearRpcUrl: params.nearRpcUrl,\n wrapKeySalt: params.wrapKeySalt || '',\n // No confirmationConfig override for now; can add later if needed\n }\n };\n\n const response = await ctx.sendMessage<WasmDevice2RegistrationSessionRequest>(message);\n\n if (!response.success) {\n throw new Error(`Device2 registration session failed: ${response.error}`);\n }\n\n const data = response.data as any;\n\n if (!data.confirmed) {\n throw new Error(data.error || 'User rejected Device2 registration');\n }\n\n if (!data.credential) {\n throw new Error('Missing credential from Device2 registration session');\n }\n if (!data.vrfChallenge) {\n throw new Error('Missing vrfChallenge from Device2 registration session');\n }\n if (!data.transactionContext) {\n throw new Error('Missing transactionContext from Device2 registration session');\n }\n if (!data.wrapKeySalt) {\n throw new Error('Missing wrapKeySalt from Device2 registration session');\n }\n\n return {\n confirmed: true,\n sessionId: data.sessionId,\n credential: data.credential,\n vrfChallenge: data.vrfChallenge,\n transactionContext: data.transactionContext,\n wrapKeySalt: data.wrapKeySalt,\n requestId: data.requestId,\n intentDigest: data.intentDigest,\n deterministicVrfPublicKey: data.deterministicVrfPublicKey,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n };\n}\n","import type { TransactionInputWasm } from '../../../types/actions';\nimport { ActionType } from '../../../types/actions';\nimport type { RpcCallPayload, ConfirmationConfig } from '../../../types/signer-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '../../txDigest';\nimport {\n SecureConfirmationType,\n type SecureConfirmRequest,\n type SignTransactionPayload,\n type TransactionSummary,\n type SerializableCredential,\n} from '../confirmTxFlow/types';\nimport type { SignNep413Payload } from '../confirmTxFlow/types';\nimport type { VrfWorkerManagerContext } from '..';\nimport type { VrfWorkerManagerHandlerContext } from './types';\nimport type { VRFWorkerMessage, WasmConfirmAndPrepareSigningSessionRequest } from '../../../types/vrf-worker';\n\nexport interface ConfirmAndPrepareSigningSessionBaseParams {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n}\n\nexport interface ConfirmAndPrepareSigningSessionTransactionParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'transaction';\n txSigningRequests: TransactionInputWasm[];\n rpcCall: RpcCallPayload;\n title?: string;\n body?: string;\n}\n\nexport interface ConfirmAndPrepareSigningSessionDelegateParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'delegate';\n nearAccountId: string;\n title?: string;\n body?: string;\n delegate: {\n senderId: string;\n receiverId: string;\n actions: TransactionInputWasm['actions'];\n nonce: string | number | bigint;\n maxBlockHeight: string | number | bigint;\n };\n rpcCall: RpcCallPayload;\n}\n\nexport interface ConfirmAndPrepareSigningSessionNep413Params extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'nep413';\n nearAccountId: string;\n message: string;\n recipient: string;\n title?: string;\n body?: string;\n contractId?: string;\n nearRpcUrl?: string;\n}\n\nexport type ConfirmAndPrepareSigningSessionParams =\n | ConfirmAndPrepareSigningSessionTransactionParams\n | ConfirmAndPrepareSigningSessionDelegateParams\n | ConfirmAndPrepareSigningSessionNep413Params;\n\nexport interface ConfirmAndPrepareSigningSessionResult {\n sessionId: string;\n transactionContext: TransactionContext;\n intentDigest: string;\n credential?: SerializableCredential;\n}\n\n/**\n * Kick off the SecureConfirm signing flow inside the VRF worker.\n *\n * This creates a schemaVersion=2 `SecureConfirmRequest` (tx / delegate / NEP-413) and sends it to the\n * VRF worker, which will render UI, collect a WebAuthn credential when needed, and return the\n * `transactionContext` (reserved nonces, block hash/height) needed by the signer worker.\n */\nexport async function confirmAndPrepareSigningSession(\n handlerCtx: VrfWorkerManagerHandlerContext,\n params: ConfirmAndPrepareSigningSessionParams\n): Promise<ConfirmAndPrepareSigningSessionResult> {\n const { sessionId } = params;\n\n let intentDigest: string;\n let request: SecureConfirmRequest<SignTransactionPayload | SignNep413Payload, TransactionSummary>;\n\n switch (params.kind) {\n case 'transaction': {\n const txSigningRequests = params.txSigningRequests;\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'transaction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'delegate': {\n const txSigningRequests: TransactionInputWasm[] = [{\n receiverId: params.delegate.receiverId,\n actions: params.delegate.actions,\n } as TransactionInputWasm];\n\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'delegateAction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n delegate: {\n senderId: params.delegate.senderId,\n receiverId: params.delegate.receiverId,\n nonce: String(params.delegate.nonce),\n maxBlockHeight: String(params.delegate.maxBlockHeight),\n },\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'nep413': {\n intentDigest = `${params.nearAccountId}:${params.recipient}:${params.message}`;\n const summary: TransactionSummary = {\n intentDigest,\n method: 'NEP-413',\n receiverId: params.recipient,\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_NEP413_MESSAGE,\n summary,\n payload: {\n nearAccountId: params.nearAccountId,\n message: params.message,\n recipient: params.recipient,\n ...(params.contractId ? { contractId: params.contractId } : {}),\n ...(params.nearRpcUrl ? { nearRpcUrl: params.nearRpcUrl } : {}),\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n default: {\n // Exhaustiveness guard\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const _exhaustive: never = params;\n throw new Error('Unsupported signing session kind');\n }\n }\n\n await handlerCtx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest> = {\n type: 'CONFIRM_AND_PREPARE_SIGNING_SESSION',\n id: handlerCtx.generateMessageId(),\n payload: {\n request,\n },\n };\n const response = await handlerCtx.sendMessage<WasmConfirmAndPrepareSigningSessionRequest>(message);\n if (!response.success) {\n throw new Error(`confirmAndPrepareSigningSession failed: ${response.error}`);\n }\n\n const decision = response.data as {\n confirmed?: boolean;\n error?: string;\n intent_digest?: string;\n transaction_context?: TransactionContext;\n credential?: SerializableCredential;\n };\n\n if (!decision?.confirmed) {\n throw new Error(decision?.error || 'User rejected signing request');\n }\n if (!decision.transaction_context) {\n throw new Error('Missing transactionContext from confirmation flow');\n }\n\n return {\n sessionId,\n transactionContext: decision.transaction_context,\n intentDigest: decision.intent_digest || intentDigest,\n credential: decision.credential,\n };\n}\n\nfunction computeTotalAmountYocto(txSigningRequests: TransactionInputWasm[]): string | undefined {\n try {\n let total = BigInt(0);\n for (const tx of txSigningRequests) {\n for (const action of tx.actions) {\n switch (action.action_type) {\n case ActionType.Transfer:\n total += BigInt(action.deposit || '0');\n break;\n case ActionType.FunctionCall:\n total += BigInt(action.deposit || '0');\n break;\n case ActionType.Stake:\n total += BigInt(action.stake || '0');\n break;\n default:\n break;\n }\n }\n }\n return total > BigInt(0) ? total.toString() : undefined;\n } catch {\n return undefined;\n }\n}\n","import { WorkerControlMessage } from '../../../workerControlMessages';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Create a VRF-owned MessageChannel for signing and return the signer-facing port.\n * VRF retains the sibling port for WrapKeySeed delivery.\n *\n * This is the first step in the VRF ↔ Signer \"warm session\" handshake:\n * - transfer Port1 to the VRF worker (sender),\n * - return Port2 so the caller can transfer it to the signer worker (receiver).\n */\nexport async function createSigningSessionChannel(\n ctx: VrfWorkerManagerHandlerContext,\n sessionId: string\n): Promise<MessagePort> {\n await ctx.ensureWorkerReady(true);\n const channel = new MessageChannel();\n try {\n ctx.postToWorker(\n { type: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT, sessionId },\n [channel.port1],\n );\n } catch (err) {\n console.error('[VrfWorkerManager] Failed to attach WrapKeySeed port to VRF worker', err);\n throw err;\n }\n return channel.port2;\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type {\n EncryptedVRFKeypair,\n ServerEncryptedVrfKeypair,\n VRFInputData,\n VRFWorkerMessage,\n WasmDeriveVrfKeypairFromPrfRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.\n */\nexport async function deriveVrfKeypairFromPrf(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData;\n saveInMemory?: boolean;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge | null;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n}> {\n const saveInMemory = args.saveInMemory ?? true;\n await ctx.ensureWorkerReady();\n\n const vrfInputData = args.vrfInputData;\n const hasVrfInputData = vrfInputData?.blockHash\n && vrfInputData?.blockHeight\n && vrfInputData?.userId\n && vrfInputData?.rpId;\n\n const message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest> = {\n type: 'DERIVE_VRF_KEYPAIR_FROM_PRF',\n id: ctx.generateMessageId(),\n payload: {\n credential: args.credential,\n nearAccountId: args.nearAccountId,\n saveInMemory,\n vrfInputData: hasVrfInputData ? {\n userId: vrfInputData.userId,\n rpId: vrfInputData.rpId,\n blockHeight: String(vrfInputData.blockHeight),\n blockHash: vrfInputData.blockHash,\n } : undefined,\n }\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF keypair derivation failed: ${response.error}`);\n }\n const data = response.data as {\n vrfPublicKey?: string;\n vrfChallengeData?: VRFChallenge;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair?: ServerEncryptedVrfKeypair | null;\n };\n\n const vrfPublicKey = data.vrfPublicKey || data.vrfChallengeData?.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key not found in response');\n }\n if (!data.encryptedVrfKeypair) {\n throw new Error('Encrypted VRF keypair not found in response');\n }\n\n const vrfChallenge = data.vrfChallengeData\n ? validateVRFChallenge({\n vrfInput: data.vrfChallengeData.vrfInput,\n vrfOutput: data.vrfChallengeData.vrfOutput,\n vrfProof: data.vrfChallengeData.vrfProof,\n vrfPublicKey: data.vrfChallengeData.vrfPublicKey,\n userId: data.vrfChallengeData.userId,\n rpId: data.vrfChallengeData.rpId,\n blockHeight: data.vrfChallengeData.blockHeight,\n blockHash: data.vrfChallengeData.blockHash,\n })\n : null;\n\n if (saveInMemory) {\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n console.debug(`VRF Manager: VRF keypair loaded in memory for ${args.nearAccountId}`);\n }\n\n return {\n vrfPublicKey,\n vrfChallenge,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: data.serverEncryptedVrfKeypair || null,\n };\n}\n","import type {\n VRFWorkerMessage,\n WasmMintSessionKeysAndSendToSignerRequest,\n} from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Mint/refresh a VRF-owned signing session and deliver WrapKey material to the signer worker.\n *\n * VRF WASM will:\n * - (optionally) gate on `verify_authentication_response` when `contractId` + `nearRpcUrl` are provided,\n * - derive WrapKeySeed from PRF.first_auth + the in-memory VRF secret key,\n * - choose/generate `wrapKeySalt` (when omitted/empty),\n * - upsert session metadata (TTL + remaining uses),\n * - and send `{ wrap_key_seed, wrapKeySalt, prfSecond? }` to the signer worker over the attached MessagePort.\n *\n * The main thread never receives WrapKeySeed; it only receives `wrapKeySalt` metadata.\n * This expects `createSigningSessionChannel` + signer port attachment to have happened for `sessionId`.\n */\nexport async function mintSessionKeysAndSendToSigner(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n sessionId: string;\n wrapKeySalt?: string;\n contractId?: string;\n nearRpcUrl?: string;\n ttlMs?: number;\n remainingUses?: number;\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n }\n): Promise<{ sessionId: string; wrapKeySalt: string }> {\n await ctx.ensureWorkerReady(true);\n\n const message: VRFWorkerMessage<WasmMintSessionKeysAndSendToSignerRequest> = {\n type: 'MINT_SESSION_KEYS_AND_SEND_TO_SIGNER',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n // Use empty string as a sentinel to tell the VRF worker to generate wrapKeySalt when none is provided.\n wrapKeySalt: args.wrapKeySalt ?? '',\n contractId: args.contractId,\n nearRpcUrl: args.nearRpcUrl,\n ttlMs: args.ttlMs,\n remainingUses: args.remainingUses,\n credential: args.credential,\n }\n };\n const response = await ctx.sendMessage<WasmMintSessionKeysAndSendToSignerRequest>(message);\n if (!response.success) {\n throw new Error(`mintSessionKeysAndSendToSigner failed: ${response.error}`);\n }\n // VRF WASM now delivers WrapKeySeed + wrapKeySalt directly to the signer worker via the\n // attached MessagePort; TS only needs to know that the session is prepared and\n // what wrapKeySalt was actually used (for new vault entries).\n const data = (response.data as unknown) as { sessionId: string; wrapKeySalt?: string } | undefined;\n const wrapKeySalt = data?.wrapKeySalt ?? args.wrapKeySalt ?? '';\n if (!wrapKeySalt) {\n throw new Error('mintSessionKeysAndSendToSigner: VRF worker did not return wrapKeySalt');\n }\n return { sessionId: data?.sessionId ?? args.sessionId, wrapKeySalt };\n}\n","import type { VRFWorkerMessage, WasmDispenseSessionKeyRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * \"Warm session\" path: dispense an existing VRF-owned session key to the signer worker.\n *\n * VRF WASM enforces TTL/usage limits for `sessionId`, then sends `{ wrap_key_seed, wrapKeySalt }`\n * over the attached MessagePort to the signer worker. This does not prompt for WebAuthn.\n */\nexport async function dispenseSessionKey(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string; uses?: number }\n): Promise<{\n sessionId: string;\n remainingUses?: number;\n expiresAtMs?: number;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmDispenseSessionKeyRequest> = {\n type: 'DISPENSE_SESSION_KEY',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n uses: args.uses,\n } as any,\n };\n const response = await ctx.sendMessage<WasmDispenseSessionKeyRequest>(message);\n if (!response.success) {\n throw new Error(`dispenseSessionKey failed: ${response.error}`);\n }\n return (response.data as any) || { sessionId: args.sessionId };\n}\n","import type {\n VRFInputData,\n VRFWorkerMessage,\n WasmGenerateVrfChallengeRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Generate a VRF challenge and cache it under `sessionId` inside the VRF worker.\n *\n * This is used by SecureConfirm flows so later steps (e.g. contract verification) can rely on\n * worker-owned challenge data instead of JS-provided state.\n */\nexport async function generateVrfChallengeForSession(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId: string\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData, sessionId);\n}\n\n/**\n * Generate a one-off VRF challenge without caching it in the VRF worker.\n *\n * Used for standalone WebAuthn prompts where we don't need to later look up the challenge by `sessionId`.\n */\nexport async function generateVrfChallengeOnce(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData);\n}\n\nasync function generateVrfChallengeInternal(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId?: string\n): Promise<VRFChallenge> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest> = {\n type: 'GENERATE_VRF_CHALLENGE',\n id: ctx.generateMessageId(),\n payload: {\n sessionId,\n vrfInputData: {\n userId: inputData.userId,\n rpId: inputData.rpId,\n blockHeight: String(inputData.blockHeight),\n blockHash: inputData.blockHash,\n },\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF challenge generation failed: ${response.error}`);\n }\n\n const data = response.data as unknown as VRFChallenge;\n console.debug('VRF Manager: VRF challenge generated successfully');\n return validateVRFChallenge(data);\n}\n","import type { VRFInputData } from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VRFWorkerMessage, WasmGenerateVrfKeypairBootstrapRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Registration bootstrap: generate a fresh random VRF keypair in the VRF worker and (optionally)\n * generate a VRF challenge from it.\n *\n * This solves the \"chicken-and-egg\" problem during registration where you need a VRF challenge\n * before you have PRF outputs to encrypt the VRF keypair. The generated VRF keypair lives in\n * VRF worker memory until it is later encrypted with PRF output.\n */\nexport async function generateVrfKeypairBootstrap(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId?: string;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n}> {\n await ctx.ensureWorkerReady();\n try {\n const message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest> = {\n type: 'GENERATE_VRF_KEYPAIR_BOOTSTRAP',\n id: ctx.generateMessageId(),\n payload: {\n // Include VRF input data if provided for challenge generation\n sessionId: args.sessionId,\n vrfInputData: args.vrfInputData\n ? {\n userId: args.vrfInputData.userId,\n rpId: args.vrfInputData.rpId,\n blockHeight: String(args.vrfInputData.blockHeight),\n blockHash: args.vrfInputData.blockHash,\n }\n : undefined,\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF bootstrap keypair generation failed: ${response.error}`);\n }\n const data = response.data as { vrf_challenge_data?: VRFChallenge; vrfPublicKey?: string };\n const challengeData = data.vrf_challenge_data as VRFChallenge | undefined;\n if (!challengeData) {\n throw new Error('VRF challenge data failed to be generated');\n }\n const vrfPublicKey = data.vrfPublicKey || challengeData.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key missing in bootstrap response');\n }\n if (args.vrfInputData && args.saveInMemory) {\n // Track the account ID for this VRF session if saving in memory\n ctx.setCurrentVrfAccountId(args.vrfInputData.userId);\n }\n\n // TODO: strong types generated by Rust wasm-bindgen\n return {\n vrfPublicKey,\n vrfChallenge: validateVRFChallenge({\n vrfInput: challengeData.vrfInput,\n vrfOutput: challengeData.vrfOutput,\n vrfProof: challengeData.vrfProof,\n vrfPublicKey: challengeData.vrfPublicKey,\n userId: challengeData.userId,\n rpId: challengeData.rpId,\n blockHeight: challengeData.blockHeight,\n blockHash: challengeData.blockHash,\n })\n }\n\n } catch (error: any) {\n console.error('VRF Manager: Bootstrap VRF keypair generation failed:', error);\n throw new Error(`Failed to generate bootstrap VRF keypair: ${error.message}`);\n }\n}\n","import type { VRFWorkerMessage, WasmCheckSessionStatusRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Per-`sessionId` signing-session status (WrapKeySeed session gating).\n *\n * This is NOT the same as the \"global\" VRF unlock status (whether the VRF keypair is active).\n * For VRF keypair unlock status, use `checkVrfStatus`.\n */\nexport async function checkSessionStatus(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmCheckSessionStatusRequest> = {\n type: 'CHECK_SESSION_STATUS',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmCheckSessionStatusRequest>(message);\n if (!response.success) {\n throw new Error(`checkSessionStatus failed: ${response.error}`);\n }\n return (\n (response.data as any) || {\n sessionId: args.sessionId,\n status: 'not_found',\n }\n );\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type { EncryptedVRFKeypair, VRFWorkerMessage } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Prepare an export/decrypt session by having the VRF worker derive and deliver WrapKeySeed\n * to the signer worker, using the VRF-owned confirmation flow.\n *\n * This is used by \"offline export\" / decrypt flows where secrets must not touch the main thread.\n */\nexport async function prepareDecryptSession(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n sessionId: string;\n nearAccountId: AccountId;\n wrapKeySalt: string;\n /**\n * Optional: local encrypted VRF keypair for this account/device.\n * Supplying this lets the VRF worker unlock the correct VRF secret in offline mode.\n */\n encryptedVrfKeypair?: EncryptedVRFKeypair;\n /**\n * Optional: expected VRF public key (base64url) for sanity checking/fallback derivation.\n */\n expectedVrfPublicKey?: string;\n }\n): Promise<void> {\n if (!args.wrapKeySalt) {\n throw new Error('wrapKeySalt is required for decrypt session');\n }\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<any> = {\n type: 'DECRYPT_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n wrapKeySalt: args.wrapKeySalt,\n encryptedVrfKeypair: args.encryptedVrfKeypair,\n expectedVrfPublicKey: args.expectedVrfPublicKey,\n },\n };\n try {\n console.debug('[VRF] prepareDecryptSession: start', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n });\n const response = await ctx.sendMessage(message);\n if (!response.success) {\n console.error('[VRF] prepareDecryptSession: worker reported failure', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n error: response.error,\n });\n throw new Error(`prepareDecryptSession failed: ${response.error}`);\n }\n console.debug('[VRF] prepareDecryptSession: success', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n });\n } catch (error) {\n console.error('[VRF] prepareDecryptSession: error', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n error,\n });\n throw error;\n }\n}\n","import type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport type { VrfWorkerManagerContext } from '../../';\nimport { runSecureConfirm } from '../../secureConfirmBridge';\nimport {\n SecureConfirmationType,\n type RegistrationSummary,\n type SecureConfirmRequest,\n} from '../types';\nimport {\n parseAndValidateRegistrationCredentialConfirmationPayload,\n type RegistrationCredentialConfirmationPayload,\n} from '../../../SignerWorkerManager/handlers/validation';\n\nexport async function requestRegistrationCredentialConfirmation({\n ctx,\n nearAccountId,\n deviceNumber,\n confirmerText,\n contractId,\n nearRpcUrl,\n confirmationConfig,\n}: {\n ctx: VrfWorkerManagerContext,\n nearAccountId: string,\n deviceNumber: number,\n confirmerText?: { title?: string; body?: string };\n contractId: string,\n nearRpcUrl: string,\n confirmationConfig?: Partial<ConfirmationConfig>,\n}): Promise<RegistrationCredentialConfirmationPayload> {\n\n // Ensure required fields are present; JSON.stringify drops undefined causing Rust parse failure\n const resolvedContractId = contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n // Use the first URL if defaults include a failover list\n const resolvedNearRpcUrl = nearRpcUrl\n || (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl);\n\n const requestId = (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `register-${Date.now()}-${Math.random().toString(16).slice(2)}`;\n\n const title = confirmerText?.title;\n const body = confirmerText?.body;\n const request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary> = {\n schemaVersion: 2,\n requestId,\n type: SecureConfirmationType.REGISTER_ACCOUNT,\n summary: {\n nearAccountId,\n deviceNumber,\n contractId: resolvedContractId,\n ...(title != null ? { title } : {}),\n ...(body != null ? { body } : {}),\n },\n payload: {\n nearAccountId,\n deviceNumber,\n rpcCall: {\n contractId: resolvedContractId,\n nearRpcUrl: resolvedNearRpcUrl,\n nearAccountId,\n },\n },\n confirmationConfig,\n intentDigest: `register:${nearAccountId}:${deviceNumber}`,\n };\n\n const decision = await runSecureConfirm(ctx, request);\n\n return parseAndValidateRegistrationCredentialConfirmationPayload({\n confirmed: decision.confirmed,\n requestId,\n intentDigest: decision.intentDigest || '',\n credential: decision.credential,\n vrfChallenge: decision.vrfChallenge,\n transactionContext: decision.transactionContext,\n error: decision.error,\n });\n}\n","import type { ConfirmationConfig } from '../../../types/signer-worker';\nimport type { RegistrationCredentialConfirmationPayload } from '../../SignerWorkerManager/handlers/validation';\nimport { requestRegistrationCredentialConfirmation as requestRegistrationCredentialConfirmationFlow } from '../confirmTxFlow/flows/requestRegistrationCredentialConfirmation';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Kick off the SecureConfirm UI flow for account registration and return the confirmed decision.\n *\n * This is used when the host (main thread) needs a registration credential + VRF challenge + NEAR context,\n * but the UI/confirmation orchestration lives in the VRF worker confirmation flow.\n */\nexport async function requestRegistrationCredentialConfirmation(\n ctx: VrfWorkerManagerHandlerContext,\n params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n contractId: string;\n nearRpcUrl: string;\n }\n): Promise<RegistrationCredentialConfirmationPayload> {\n const hostCtx = ctx.getContext();\n const decision = await requestRegistrationCredentialConfirmationFlow({\n ctx: hostCtx,\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n confirmerText: params.confirmerText,\n contractId: params.contractId,\n nearRpcUrl: params.nearRpcUrl,\n // Flow expects `confirmationConfig` on the request envelope; forward the override.\n confirmationConfig: params.confirmationConfigOverride,\n });\n\n if (!decision.confirmed) {\n throw new Error(decision.error || 'User rejected registration request');\n }\n if (!decision.credential) {\n throw new Error('Missing credential from registration confirmation');\n }\n if (!decision.vrfChallenge) {\n throw new Error('Missing vrfChallenge from registration confirmation');\n }\n if (!decision.transactionContext) {\n throw new Error('Missing transactionContext from registration confirmation');\n }\n\n return decision;\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type {\n VRFWorkerMessage,\n VRFWorkerResponse,\n WasmShamir3PassClientDecryptVrfKeypairRequest\n} from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Shamir 3-pass (client): decrypt/unlock a VRF keypair using a server-protected envelope.\n *\n * On success, the VRF keypair becomes active in the VRF worker and is bound (in TS state) to `nearAccountId`.\n */\nexport async function shamir3PassDecryptVrfKeypair(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n nearAccountId: AccountId;\n kek_s_b64u: string;\n ciphertextVrfB64u: string;\n serverKeyId: string;\n }\n): Promise<VRFWorkerResponse> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmShamir3PassClientDecryptVrfKeypairRequest> = {\n type: 'SHAMIR3PASS_CLIENT_DECRYPT_VRF_KEYPAIR',\n id: ctx.generateMessageId(),\n payload: {\n nearAccountId: args.nearAccountId,\n kek_s_b64u: args.kek_s_b64u,\n ciphertextVrfB64u: args.ciphertextVrfB64u,\n // Required key for server selection\n keyId: args.serverKeyId,\n },\n };\n const response = await ctx.sendMessage(message);\n if (response.success) {\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n }\n return response;\n}\n","import type { VRFWorkerMessage, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Shamir 3-pass (client): encrypt the currently-unlocked VRF keypair for server lock flows.\n *\n * Returns ciphertext + client key share (`kek_s_b64u`) + server key id for subsequent unlock.\n */\nexport async function shamir3PassEncryptCurrentVrfKeypair(\n ctx: VrfWorkerManagerHandlerContext,\n): Promise<{\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n serverKeyId: string;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'SHAMIR3PASS_CLIENT_ENCRYPT_CURRENT_VRF_KEYPAIR',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType,\n };\n const response = await ctx.sendMessage(message);\n if (!response.success || !response.data) {\n throw new Error(`VRF encrypt-current failed: ${response.error}`);\n }\n const { ciphertextVrfB64u, kek_s_b64u, serverKeyId } = response.data as {\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n serverKeyId: string;\n };\n if (!ciphertextVrfB64u || !kek_s_b64u) {\n throw new Error('Invalid encrypt-current response');\n }\n if (!serverKeyId) {\n throw new Error('Server did not return keyId from apply-server-lock');\n }\n return { ciphertextVrfB64u, kek_s_b64u, serverKeyId };\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type {\n EncryptedVRFKeypair,\n VRFWorkerMessage,\n VRFWorkerResponse,\n WasmUnlockVrfKeypairRequest,\n} from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Unlock/load the VRF keypair into VRF worker memory using a WebAuthn authentication credential.\n *\n * This is the \"login\" / \"unlock\" path: the VRF worker decrypts the stored encrypted VRF keypair\n * using PRF output, and keeps it active in-memory for subsequent operations (challenge gen, sessions, etc.).\n */\nexport async function unlockVrfKeypair(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n credential: WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n onEvent?: (event: { type: string; data: { step: string; message: string } }) => void;\n }\n): Promise<VRFWorkerResponse> {\n await ctx.ensureWorkerReady(true);\n\n args.onEvent?.({\n type: 'loginProgress',\n data: {\n step: 'verifying-server',\n message: 'TouchId success! Unlocking VRF keypair...'\n }\n });\n\n const message: VRFWorkerMessage<WasmUnlockVrfKeypairRequest> = {\n type: 'UNLOCK_VRF_KEYPAIR',\n id: ctx.generateMessageId(),\n payload: {\n nearAccountId: args.nearAccountId,\n encryptedVrfKeypair: args.encryptedVrfKeypair,\n credential: args.credential,\n }\n };\n\n const response = await ctx.sendMessage(message);\n if (response.success) {\n // Track the current VRF session account at TypeScript level\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n console.debug(`VRF Manager: VRF keypair unlocked for ${args.nearAccountId}`);\n } else {\n console.error('VRF Manager: Failed to unlock VRF keypair:', response.error);\n console.error('VRF Manager: Full response:', JSON.stringify(response, null, 2));\n console.error('VRF Manager: Message that was sent:', JSON.stringify(message, null, 2));\n }\n\n return response;\n}\n","/**\n * VRF Manager\n * Uses Web Workers for VRF keypair management with client-hosted worker files.\n */\n\nimport type {\n VRFWorkerStatus,\n VrfWorkerManagerConfig,\n EncryptedVRFKeypair,\n VRFInputData,\n VRFWorkerMessage,\n VRFWorkerResponse,\n ServerEncryptedVrfKeypair,\n WasmVrfWorkerRequestType,\n WasmShamir3PassConfigPRequest,\n WasmShamir3PassConfigServerUrlsRequest,\n} from '../../types/vrf-worker';\nimport type { VRFChallenge } from '../../types/vrf-worker';\nimport { BUILD_PATHS } from '../../../../build-paths.js';\nimport { resolveWorkerUrl } from '../../sdkPaths';\nimport type { AccountId } from '../../types/accountIds';\nimport type { TouchIdPrompt } from '../touchIdPrompt';\nimport type { NearClient } from '../../NearClient';\nimport type { UnifiedIndexedDBManager } from '../../IndexedDBManager';\nimport type { UserPreferencesManager } from '../userPreferences';\nimport type { NonceManager } from '../../nonceManager';\nimport {\n SecureConfirmMessageType,\n type SecureConfirmRequest,\n type SerializableCredential,\n} from './confirmTxFlow/types';\nimport type { TransactionInputWasm } from '../../types/actions';\nimport type { RpcCallPayload, ConfirmationConfig } from '../../types/signer-worker';\nimport type { TransactionContext } from '../../types/rpc';\nimport type { RegistrationCredentialConfirmationPayload } from '../SignerWorkerManager/handlers/validation';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../types/webauthn';\nimport { handlePromptUserConfirmInJsMainThread } from './confirmTxFlow';\nimport type { VrfWorkerManagerHandlerContext } from './handlers/types';\nimport {\n checkVrfStatus,\n clearSession,\n clearVrfSession,\n confirmAndDeriveDevice2RegistrationSession,\n confirmAndPrepareSigningSession,\n createSigningSessionChannel,\n deriveVrfKeypairFromPrf,\n mintSessionKeysAndSendToSigner,\n dispenseSessionKey,\n generateVrfChallengeForSession,\n generateVrfChallengeOnce,\n generateVrfKeypairBootstrap,\n checkSessionStatus,\n prepareDecryptSession,\n requestRegistrationCredentialConfirmation,\n shamir3PassDecryptVrfKeypair,\n shamir3PassEncryptCurrentVrfKeypair,\n unlockVrfKeypair,\n} from './handlers';\n\n/**\n * VRF-owned host context passed into confirmTxFlow.\n */\nexport interface VrfWorkerManagerContext {\n touchIdPrompt: TouchIdPrompt;\n nearClient: NearClient;\n indexedDB: UnifiedIndexedDBManager;\n userPreferencesManager: UserPreferencesManager;\n nonceManager: NonceManager;\n rpIdOverride?: string;\n nearExplorerUrl?: string;\n vrfWorkerManager?: SessionVrfWorkerManager;\n}\n\n/**\n * Narrow VRF manager surface used by confirmTxFlow. This interface only exposes\n * session-bound operations so confirm flows cannot accidentally call the\n * low-level helpers that take an optional sessionId.\n */\nexport interface SessionVrfWorkerManager {\n generateVrfKeypairBootstrap(args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId: string;\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n }>;\n\n generateVrfChallengeForSession(inputData: VRFInputData, sessionId: string): Promise<VRFChallenge>;\n\n mintSessionKeysAndSendToSigner(args: {\n sessionId: string;\n wrapKeySalt?: string;\n contractId?: string;\n nearRpcUrl?: string;\n ttlMs?: number;\n remainingUses?: number;\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n }): Promise<{ sessionId: string; wrapKeySalt: string }>;\n\n dispenseSessionKey(args: {\n sessionId: string;\n uses?: number;\n }): Promise<{\n sessionId: string;\n remainingUses?: number;\n expiresAtMs?: number;\n }>;\n\n prepareDecryptSession(args: {\n sessionId: string;\n nearAccountId: AccountId;\n wrapKeySalt: string;\n encryptedVrfKeypair?: EncryptedVRFKeypair;\n expectedVrfPublicKey?: string;\n }): Promise<void>;\n\n requestRegistrationCredentialConfirmation(params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n contractId: string;\n nearRpcUrl: string;\n }): Promise<RegistrationCredentialConfirmationPayload>;\n\n confirmAndDeriveDevice2RegistrationSession(params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n }>;\n\n checkVrfStatus(): Promise<VRFWorkerStatus>;\n}\n\n/**\n * VRF Worker Manager\n *\n * This class manages VRF operations using Web Workers for:\n * - VRF keypair unlocking (login)\n * - VRF challenge generation (authentication)\n * - Session management (browser session only)\n * - Client-hosted worker files\n */\nexport class VrfWorkerManager {\n private vrfWorker: Worker | null = null;\n private initializationPromise: Promise<void> | null = null;\n private messageId = 0;\n private config: VrfWorkerManagerConfig;\n private currentVrfAccountId: string | null = null;\n private workerBaseOrigin: string | undefined;\n private context: VrfWorkerManagerContext;\n\n constructor(config: VrfWorkerManagerConfig, context: VrfWorkerManagerContext) {\n this.config = {\n // Default to client-hosted worker file using centralized config\n vrfWorkerUrl: BUILD_PATHS.RUNTIME.VRF_WORKER,\n workerTimeout: 60_000,\n debug: false,\n ...config\n };\n // Attach a self-reference so confirmTxFlow helpers can call back into VRF APIs.\n this.context = {\n ...context,\n vrfWorkerManager: this,\n };\n }\n\n /**\n * Context used by confirmTxFlow for VRF-driven flows.\n */\n getContext(): VrfWorkerManagerContext {\n return this.context;\n }\n\n private getHandlerContext(): VrfWorkerManagerHandlerContext {\n return {\n ensureWorkerReady: this.ensureWorkerReady.bind(this),\n sendMessage: this.sendMessage.bind(this),\n generateMessageId: this.generateMessageId.bind(this),\n getContext: this.getContext.bind(this),\n postToWorker: (message: unknown, transfer?: Transferable[]) => {\n if (!this.vrfWorker) {\n throw new Error('VRF Web Worker not available');\n }\n this.vrfWorker.postMessage(message, transfer as any);\n },\n getCurrentVrfAccountId: () => this.currentVrfAccountId,\n setCurrentVrfAccountId: (next: string | null) => {\n this.currentVrfAccountId = next;\n },\n };\n }\n\n /**\n * Create a VRF-owned MessageChannel for signing and return the signer-facing port.\n * VRF retains the sibling port for WrapKeySeed delivery.\n */\n async createSigningSessionChannel(sessionId: string): Promise<MessagePort> {\n return createSigningSessionChannel(this.getHandlerContext(), sessionId);\n }\n\n /**\n * Derive WrapKeySeed in the VRF worker and deliver it (along with PRF.second if credential provided)\n * to the signer worker via the registered port.\n */\n async mintSessionKeysAndSendToSigner(args: {\n sessionId: string;\n // Optional vault wrapKeySalt. When omitted or empty, VRF worker will generate a fresh wrapKeySalt.\n wrapKeySalt?: string;\n // Optional contract verification context; when provided, VRF Rust will call\n // verify_authentication_response before deriving WrapKeySeed.\n contractId?: string;\n nearRpcUrl?: string;\n // Optional signing-session config. When omitted, VRF worker uses defaults.\n ttlMs?: number;\n remainingUses?: number;\n // Optional credential for PRF.second extraction (registration or authentication)\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n }): Promise<{ sessionId: string; wrapKeySalt: string }> {\n return mintSessionKeysAndSendToSigner(this.getHandlerContext(), args);\n }\n\n /**\n * Dispense an existing VRF-owned session key (WrapKeySeed + wrapKeySalt) over the\n * attached MessagePort for `sessionId`, enforcing TTL/usage in the VRF worker.\n *\n * This is the primitive needed for \"warm\" signing sessions: 1 VRF worker → N one-shot signer workers.\n */\n async dispenseSessionKey(args: {\n sessionId: string;\n uses?: number;\n }): Promise<{\n sessionId: string;\n remainingUses?: number;\n expiresAtMs?: number;\n }> {\n return dispenseSessionKey(this.getHandlerContext(), args);\n }\n\n /**\n * Query VRF-owned signing session status for UI introspection.\n * This does not prompt and does not reveal secrets; it only returns metadata.\n */\n async checkSessionStatus(args: {\n sessionId: string;\n }): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n }> {\n return checkSessionStatus(this.getHandlerContext(), args);\n }\n\n /**\n * Clear VRF-owned signing session material for a given `sessionId`.\n * Intended for explicit \"Lock\" actions or lifecycle cleanup.\n */\n async clearSession(args: {\n sessionId: string;\n }): Promise<{\n sessionId: string;\n clearedSession: boolean;\n clearedChallenge: boolean;\n clearedPort: boolean;\n }> {\n return clearSession(this.getHandlerContext(), args);\n }\n\n /**\n * VRF-driven decrypt session for export flows.\n * Kicks off a LocalOnly DECRYPT_PRIVATE_KEY_WITH_PRF confirm via VRF Rust and derives\n * WrapKeySeed using the vault-provided wrapKeySalt. WrapKeySeed + wrapKeySalt are sent to the signer over\n * the dedicated MessagePort for the given sessionId.\n */\n async prepareDecryptSession(args: {\n sessionId: string;\n nearAccountId: AccountId;\n wrapKeySalt: string;\n encryptedVrfKeypair?: EncryptedVRFKeypair;\n expectedVrfPublicKey?: string;\n }): Promise<void> {\n return prepareDecryptSession(this.getHandlerContext(), args);\n }\n\n /**\n * VRF-driven confirmation + WrapKeySeed derivation for signing flows.\n * Runs confirmTxFlow on the main thread, derives WrapKeySeed in the VRF worker, and returns\n * the session metadata needed by the signer worker. WrapKeySeed itself travels only over the\n * reserved MessagePort registered via registerSignerWrapKeySeedPort.\n */\n async confirmAndPrepareSigningSession(params: {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n kind: 'transaction';\n txSigningRequests: TransactionInputWasm[];\n rpcCall: RpcCallPayload;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n } | {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n kind: 'delegate';\n nearAccountId: string;\n title?: string;\n body?: string;\n delegate: {\n senderId: string;\n receiverId: string;\n actions: TransactionInputWasm['actions'];\n nonce: string | number | bigint;\n maxBlockHeight: string | number | bigint;\n };\n rpcCall: RpcCallPayload;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n } | {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n kind: 'nep413';\n nearAccountId: string;\n message: string;\n recipient: string;\n title?: string;\n body?: string;\n contractId?: string;\n nearRpcUrl?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n }): Promise<{\n sessionId: string;\n transactionContext: TransactionContext;\n intentDigest: string;\n credential?: SerializableCredential;\n }> {\n return confirmAndPrepareSigningSession(this.getHandlerContext(), params);\n }\n\n /**\n * VRF-driven helper for registration confirmation.\n * Runs confirmTxFlow on the main thread and returns registration artifacts.\n * WrapKeySeed derivation is handled later when we call into signing/derivation\n * flows with PRF + withSigningSession.\n */\n async requestRegistrationCredentialConfirmation(params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n contractId: string;\n nearRpcUrl: string;\n }): Promise<RegistrationCredentialConfirmationPayload> {\n return requestRegistrationCredentialConfirmation(this.getHandlerContext(), params);\n }\n\n /**\n * Combined Device2 registration session: single WebAuthn ceremony for credential + WrapKeySeed derivation.\n *\n * This method orchestrates the complete Device2 registration flow:\n * 1. Runs a VRF-driven registration confirmation (single TouchID prompt)\n * 2. Extracts PRF.first from the credential and derives WrapKeySeed\n * 3. Sends WrapKeySeed to signer worker via MessagePort (never exposed to JS)\n * 4. Returns credential (with PRF.second embedded), vrfChallenge, transactionContext, wrapKeySalt\n *\n * The signer worker can then use PRF.second for NEAR key derivation and WrapKeySeed for encryption.\n */\n async confirmAndDeriveDevice2RegistrationSession(params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n }> {\n return confirmAndDeriveDevice2RegistrationSession(this.getHandlerContext(), params);\n }\n\n setWorkerBaseOrigin(origin: string | undefined): void {\n this.workerBaseOrigin = origin;\n }\n\n /**\n * Ensure VRF worker is ready for operations\n * @param requireHealthCheck - Whether to perform health check after initialization\n */\n private async ensureWorkerReady(requireHealthCheck = false): Promise<void> {\n if (this.initializationPromise) {\n await this.initializationPromise;\n } else if (!this.vrfWorker) {\n await this.initialize();\n }\n if (!this.vrfWorker) {\n throw new Error('VRF Worker failed to initialize');\n }\n // Optional health check for critical operations\n if (requireHealthCheck) {\n try {\n const healthResponse = await this.sendMessage({\n type: 'PING',\n id: this.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n }, 3000);\n\n if (!healthResponse.success) {\n throw new Error('VRF Worker failed health check');\n }\n } catch (error) {\n console.error('VRF Manager: Health check failed:', error);\n throw new Error('VRF Worker failed health check');\n }\n }\n }\n\n /**\n * Initialize VRF functionality using Web Workers\n */\n async initialize(): Promise<void> {\n if (this.initializationPromise) {\n return this.initializationPromise;\n }\n // =============================================================\n // This improved error handling ensures that:\n // 1. Initialization failures are properly logged with full details\n // 2. Errors are re-thrown to callers (no silent swallowing)\n // 3. Failed initialization promise is reset for retry\n // 4. Debug logs actually appear in test output\n this.initializationPromise = this.createVrfWorker().catch(error => {\n console.error('VRF Manager: Initialization failed:', error);\n console.error('VRF Manager: Error details:', {\n message: error.message,\n stack: error.stack,\n name: error.name\n });\n // Reset promise so initialization can be retried\n this.initializationPromise = null;\n throw error; // Re-throw so callers know it failed\n });\n\n const result = await this.initializationPromise;\n return result;\n }\n\n /**\n * Initialize Web Worker with client-hosted VRF worker\n */\n private async createVrfWorker(): Promise<void> {\n try {\n const relativePath = this.config.vrfWorkerUrl || BUILD_PATHS.RUNTIME.VRF_WORKER;\n const vrfUrlStr = resolveWorkerUrl(relativePath, { worker: 'vrf', baseOrigin: this.workerBaseOrigin })\n console.debug('VRF Manager: Worker URL:', vrfUrlStr);\n // Create Web Worker from resolved URL\n this.vrfWorker = new Worker(vrfUrlStr, {\n type: 'module',\n name: 'Web3AuthnVRFWorker'\n });\n // Set up error handling\n this.vrfWorker.onerror = (error) => {\n console.error('VRF Manager: Web Worker error:', error);\n };\n // Test communication with the Web Worker\n await this.testWebWorkerCommunication();\n\n // Configure Shamir P if provided\n if (this.config.shamirPB64u) {\n const resp = await this.sendMessage<WasmShamir3PassConfigPRequest>({\n type: 'SHAMIR3PASS_CONFIG_P',\n id: this.generateMessageId(),\n payload: { p_b64u: this.config.shamirPB64u }\n });\n if (!resp.success) {\n throw new Error(`Failed to configure Shamir P: ${resp.error}`);\n }\n }\n\n // Configure relay server URLs if provided\n if (this.config.relayServerUrl && this.config.applyServerLockRoute && this.config.removeServerLockRoute) {\n const resp2 = await this.sendMessage<WasmShamir3PassConfigServerUrlsRequest>({\n type: 'SHAMIR3PASS_CONFIG_SERVER_URLS',\n id: this.generateMessageId(),\n payload: {\n relayServerUrl: this.config.relayServerUrl,\n applyLockRoute: this.config.applyServerLockRoute,\n removeLockRoute: this.config.removeServerLockRoute,\n }\n });\n if (!resp2.success) {\n throw new Error(`Failed to configure Shamir server URLs: ${resp2.error}`);\n }\n }\n\n } catch (error: any) {\n throw new Error(`VRF Web Worker initialization failed: ${error.message}`);\n }\n }\n\n /**\n * Send message to Web Worker and wait for response\n */\n private async sendMessage<T extends WasmVrfWorkerRequestType>(\n message: VRFWorkerMessage<T>,\n customTimeout?: number\n ): Promise<VRFWorkerResponse> {\n return new Promise((resolve, reject) => {\n if (!this.vrfWorker) {\n reject(new Error('VRF Web Worker not available'));\n return;\n }\n\n const timeoutMs = (customTimeout ?? this.config.workerTimeout ?? 60_000);\n const timeout = setTimeout(() => {\n reject(new Error(`VRF Web Worker communication timeout (${timeoutMs}ms) for message type: ${message.type}`));\n }, timeoutMs);\n\n const handleMessage = (event: MessageEvent) => {\n const payload = event.data as VRFWorkerResponse | {\n type?: unknown;\n data?: unknown;\n };\n\n // Intercept SecureConfirm handshake messages from the VRF worker and\n // dispatch them through confirmTxFlow on the main thread. The decision\n // is sent back to the worker as USER_PASSKEY_CONFIRM_RESPONSE and\n // consumed by awaitSecureConfirmationV2; this should not resolve the\n // original VRF request promise.\n if ((payload as any)?.type === SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD) {\n const env = payload as {\n type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD;\n data: SecureConfirmRequest;\n };\n const ctx = this.getContext();\n if (!this.vrfWorker) {\n console.error('[VRF] SecureConfirm: vrfWorker missing for PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD');\n return;\n }\n void handlePromptUserConfirmInJsMainThread(ctx, env, this.vrfWorker);\n return;\n }\n\n const response = payload as VRFWorkerResponse;\n if (response.id === message.id) {\n clearTimeout(timeout);\n this.vrfWorker!.removeEventListener('message', handleMessage);\n resolve(response);\n }\n };\n\n this.vrfWorker.addEventListener('message', handleMessage);\n this.vrfWorker.postMessage(message);\n });\n }\n\n /**\n * Generate unique message ID\n */\n private generateMessageId(): string {\n return `vrf_${Date.now()}_${++this.messageId}`;\n }\n\n /**\n * Unlock VRF keypair in Web Worker memory using PRF output\n * This is called during login to decrypt and load the VRF keypair in-memory\n */\n async unlockVrfKeypair(args: {\n credential: WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n onEvent?: (event: { type: string; data: { step: string; message: string } }) => void;\n }): Promise<VRFWorkerResponse> {\n return unlockVrfKeypair(this.getHandlerContext(), args);\n }\n\n async generateVrfChallengeForSession(inputData: VRFInputData, sessionId: string): Promise<VRFChallenge> {\n return generateVrfChallengeForSession(this.getHandlerContext(), inputData, sessionId);\n }\n\n async generateVrfChallengeOnce(inputData: VRFInputData): Promise<VRFChallenge> {\n return generateVrfChallengeOnce(this.getHandlerContext(), inputData);\n }\n\n /**\n * Get current VRF session status\n */\n async checkVrfStatus(): Promise<VRFWorkerStatus> {\n return checkVrfStatus(this.getHandlerContext());\n }\n\n /**\n * Logout and clear VRF session\n */\n async clearVrfSession(): Promise<void> {\n return clearVrfSession(this.getHandlerContext());\n }\n\n /**\n * Set the current VRF account ID at the TypeScript level\n * Used after VRF keypair is loaded in WASM memory (e.g., after deriveVrfKeypairFromPrf)\n * to track which account has an active VRF session\n */\n setCurrentVrfAccountId(nearAccountId: AccountId): void {\n this.currentVrfAccountId = nearAccountId;\n console.debug(`VRF Manager: Current VRF account ID set to ${nearAccountId}`);\n }\n\n /**\n * Generate VRF keypair for bootstrapping - stores in memory unencrypted temporarily\n * This is used during registration to generate a VRF keypair that will be used for\n * WebAuthn ceremony and later encrypted with the real PRF output\n *\n * @param saveInMemory - Always true for bootstrap (VRF keypair stored in memory)\n * @param vrfInputParams - Optional parameters to generate VRF challenge/proof in same call\n * @returns VRF public key and optionally VRF challenge data\n */\n async generateVrfKeypairBootstrap(args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId?: string;\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n }> {\n return generateVrfKeypairBootstrap(this.getHandlerContext(), args);\n }\n\n /**\n * Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.\n * Optionally generates VRF challenge if input parameters are provided\n * This enables deterministic VRF key derivation without needing stored VRF keypairs\n *\n * @param credential - WebAuthn credential containing PRF outputs\n * @param nearAccountId - NEAR account ID for key derivation salt\n * @param vrfInputParams - Optional VRF input parameters for challenge generation\n * @returns Deterministic VRF public key, optional VRF challenge, and encrypted VRF keypair for storage\n */\n async deriveVrfKeypairFromPrf(args: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData; // optional, for challenge generation\n saveInMemory?: boolean; // optional, whether to save in worker memory\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge | null;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }> {\n return deriveVrfKeypairFromPrf(this.getHandlerContext(), args);\n }\n\n /**\n * This securely decrypts the shamir3Pass encrypted VRF keypair and loads it into memory\n * It performs Shamir-3-Pass commutative decryption within WASM worker with the relay-server\n */\n async shamir3PassDecryptVrfKeypair(args: {\n nearAccountId: AccountId;\n kek_s_b64u: string;\n ciphertextVrfB64u: string;\n serverKeyId: string;\n }): Promise<VRFWorkerResponse> {\n return shamir3PassDecryptVrfKeypair(this.getHandlerContext(), args);\n }\n\n /**\n * Shamir 3-pass: encrypt the currently unlocked VRF keypair under the server key\n * Returns a fresh serverEncryptedVrfKeypair blob for IndexedDB.\n * Requires: current VRF keypair is unlocked and present in worker memory.\n */\n async shamir3PassEncryptCurrentVrfKeypair(): Promise<{\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n serverKeyId: string;\n }> {\n return shamir3PassEncryptCurrentVrfKeypair(this.getHandlerContext());\n }\n\n /**\n * Test Web Worker communication\n */\n private async testWebWorkerCommunication(): Promise<void> {\n try {\n const timeoutMs = 2000;\n const pingResponse = await this.sendMessage({\n type: 'PING',\n id: this.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n }, timeoutMs);\n if (!pingResponse.success) {\n throw new Error(`VRF Web Worker PING failed: ${pingResponse.error}`);\n }\n return;\n } catch (error: any) {\n console.warn(`️VRF Manager: testWebWorkerCommunication failed:`, error.message);\n }\n }\n}\n","import { ConfirmationConfig, DEFAULT_CONFIRMATION_CONFIG } from '../types/signer-worker';\nimport type { AccountId } from '../types/accountIds';\nimport { IndexedDBManager, type IndexedDBEvent } from '../IndexedDBManager';\n\n\nexport class UserPreferencesManager {\n private themeChangeListeners: Set<(theme: 'dark' | 'light') => void> = new Set();\n private confirmationConfigChangeListeners: Set<(config: ConfirmationConfig) => void> = new Set();\n private currentUserAccountId: AccountId | undefined;\n private confirmationConfig: ConfirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n // Optional app-provided default theme (e.g., configs.walletTheme). This is NOT a per-user preference.\n private walletThemeOverride: 'dark' | 'light' | null = null;\n // Prevent multiple one-time environment syncs per session\n private envThemeSyncedForSession = false;\n\n constructor() {\n // Subscribe to IndexedDB change events for automatic sync\n this.subscribeToIndexedDBChanges();\n }\n\n /**\n * Apply an app-provided default theme (e.g., `configs.walletTheme`) without\n * persisting it as a per-user preference in IndexedDB.\n *\n * This also disables the one-time environment theme sync so host appearance\n * (e.g., VitePress `html.dark`) cannot override an explicit config.\n */\n configureWalletTheme(theme?: 'dark' | 'light'): void {\n if (theme !== 'dark' && theme !== 'light') return;\n this.walletThemeOverride = theme;\n // If integrator explicitly configured a theme, do not auto-sync from environment.\n this.envThemeSyncedForSession = true;\n if (this.confirmationConfig.theme !== theme) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme,\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n }\n }\n\n /**\n * Register a callback for theme change events\n */\n onThemeChange(callback: (theme: 'dark' | 'light') => void): () => void {\n this.themeChangeListeners.add(callback);\n return () => {\n this.themeChangeListeners.delete(callback);\n };\n }\n\n /**\n * Register a callback for confirmation config changes.\n * Used to keep app UI in sync with the wallet host in wallet-iframe mode.\n */\n onConfirmationConfigChange(callback: (config: ConfirmationConfig) => void): () => void {\n this.confirmationConfigChangeListeners.add(callback);\n return () => {\n this.confirmationConfigChangeListeners.delete(callback);\n };\n }\n\n /**\n * Notify all registered listeners of theme changes\n */\n private notifyThemeChange(theme: 'dark' | 'light'): void {\n if (this.themeChangeListeners.size === 0) {\n // In many environments (e.g., wallet iframe host), there may be no UI subscribers.\n // Use debug to avoid noisy warnings while still being helpful during development.\n console.debug(`[UserPreferencesManager]: No listeners registered, theme change will not propagate.`);\n return;\n }\n\n let index = 0;\n this.themeChangeListeners.forEach((listener) => {\n index++;\n try {\n listener(theme);\n } catch (error: any) {\n }\n });\n }\n\n private notifyConfirmationConfigChange(config: ConfirmationConfig): void {\n if (this.confirmationConfigChangeListeners.size === 0) return;\n this.confirmationConfigChangeListeners.forEach((listener) => {\n try {\n listener(config);\n } catch {}\n });\n }\n\n /**\n * Best-effort async initialization from IndexedDB.\n *\n * Callers decide when to invoke this so environments that must avoid\n * app-origin IndexedDB (wallet-iframe mode) can skip it entirely.\n */\n async initFromIndexedDB(): Promise<void> {\n try {\n await this.loadUserSettings();\n } catch (error) {\n console.warn('[WebAuthnManager]: Failed to initialize user settings:', error);\n // Keep default settings if loading fails\n }\n }\n\n /**\n * Subscribe to IndexedDB change events for automatic synchronization\n */\n private subscribeToIndexedDBChanges(): void {\n // Subscribe to IndexedDB change events\n this.unsubscribeFromIndexedDB = IndexedDBManager.clientDB.onChange((event) => {\n this.handleIndexedDBEvent(event);\n });\n }\n\n /**\n * Handle IndexedDB change events.\n * @param event - The IndexedDBEvent: `user-updated`, `preferences-updated`, `user-deleted` to handle.\n */\n private async handleIndexedDBEvent(event: IndexedDBEvent): Promise<void> {\n try {\n switch (event.type) {\n case 'preferences-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-deleted':\n // Check if the deleted user was the current user\n if (event.accountId === this.currentUserAccountId) {\n this.currentUserAccountId = undefined;\n this.confirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n }\n break;\n }\n } catch (error) {\n console.warn('[WebAuthnManager]: Error handling IndexedDB event:', error);\n }\n }\n\n /**\n * Unsubscribe function for IndexedDB events\n */\n private unsubscribeFromIndexedDB?: () => void;\n\n /**\n * Clean up resources and unsubscribe from events\n */\n destroy(): void {\n if (this.unsubscribeFromIndexedDB) {\n this.unsubscribeFromIndexedDB();\n this.unsubscribeFromIndexedDB = undefined;\n }\n // Clear all theme change listeners\n this.themeChangeListeners.clear();\n this.confirmationConfigChangeListeners.clear();\n }\n\n getCurrentUserAccountId(): AccountId {\n if (!this.currentUserAccountId) {\n console.debug('[UserPreferencesManager]: getCurrentUserAccountId called with no current user; returning empty id');\n // Return an empty string to keep callers defensive; most consumers\n // already treat falsy accountIds as \"no-op\"/logged‑out.\n return '' as AccountId;\n }\n return this.currentUserAccountId;\n }\n\n getConfirmationConfig(): ConfirmationConfig {\n return this.confirmationConfig;\n }\n\n /**\n * Apply an authoritative confirmation config snapshot from the wallet-iframe host.\n * This updates in-memory state only; persistence remains owned by the wallet origin.\n */\n applyWalletHostConfirmationConfig(args: {\n nearAccountId?: AccountId | null;\n confirmationConfig: ConfirmationConfig;\n }): void {\n const { nearAccountId, confirmationConfig } = args || ({} as any);\n const prevTheme = this.confirmationConfig.theme;\n const next: ConfirmationConfig = {\n ...DEFAULT_CONFIRMATION_CONFIG,\n ...(confirmationConfig || {}),\n } as ConfirmationConfig;\n\n if (nearAccountId) {\n this.currentUserAccountId = nearAccountId;\n }\n\n // Prevent environment heuristics on the app origin from overriding wallet-host state.\n this.envThemeSyncedForSession = true;\n\n this.confirmationConfig = next;\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n\n setCurrentUser(nearAccountId: AccountId): void {\n this.currentUserAccountId = nearAccountId;\n // Load settings for the new user (best-effort). In wallet-iframe mode on the app origin,\n // IndexedDB is intentionally disabled to avoid creating any tables.\n if (!IndexedDBManager.clientDB.isDisabled()) {\n void this.loadSettingsForUser(nearAccountId).catch(() => undefined);\n }\n\n // One-time: align user theme to current host appearance (e.g., VitePress html.dark)\n // In wallet-iframe mode (app origin), the wallet host owns preferences; do not override.\n if (!IndexedDBManager.clientDB.isDisabled() && !this.envThemeSyncedForSession && !this.walletThemeOverride) {\n let envTheme: 'dark' | 'light' | null = null;\n const isDark = (globalThis as any)?.document?.documentElement?.classList?.contains?.('dark');\n if (typeof isDark === 'boolean') envTheme = isDark ? 'dark' : 'light';\n if (!envTheme) {\n try {\n const stored = (globalThis as any)?.localStorage?.getItem?.('vitepress-theme-appearance');\n if (stored === 'dark' || stored === 'light') envTheme = stored;\n } catch {\n // Storage may be blocked by the environment (e.g., third-party iframes)\n }\n }\n if (envTheme && envTheme !== this.confirmationConfig.theme) {\n // Fire-and-forget; listeners will propagate the change\n void this.setUserTheme(envTheme);\n }\n this.envThemeSyncedForSession = true;\n }\n }\n\n /**\n * Load settings for a specific user\n */\n private async loadSettingsForUser(nearAccountId: AccountId): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (!user || user.nearAccountId !== nearAccountId) return;\n if (user?.preferences?.confirmationConfig) {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n }\n\n /**\n * Reload current user settings from IndexedDB\n */\n async reloadUserSettings(): Promise<void> {\n await this.loadSettingsForUser(this.getCurrentUserAccountId());\n }\n\n /**\n * Set confirmation behavior\n */\n setConfirmBehavior(behavior: 'requireClick' | 'autoProceed'): void {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n behavior\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.saveUserSettings();\n }\n\n /**\n * Set confirmation configuration\n */\n setConfirmationConfig(config: ConfirmationConfig): void {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...config\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n this.saveUserSettings();\n }\n\n /**\n * Load user confirmation settings from IndexedDB\n */\n async loadUserSettings(): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (user) {\n const prevTheme = this.confirmationConfig.theme;\n this.currentUserAccountId = user.nearAccountId;\n // Load user's confirmation config if it exists, otherwise keep existing settings/defaults\n if (user.preferences?.confirmationConfig) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n } else {\n console.debug('[WebAuthnManager]: No user preferences found, using defaults');\n }\n } else {\n console.debug('[WebAuthnManager]: No last user found, using default settings');\n }\n }\n\n /**\n * Save current confirmation settings to IndexedDB\n */\n async saveUserSettings(): Promise<void> {\n try {\n let accountId: AccountId | undefined = this.currentUserAccountId ?? undefined;\n if (!accountId) {\n const last = await IndexedDBManager.clientDB.getLastUser().catch(() => undefined as any);\n accountId = (last as any)?.nearAccountId;\n }\n\n if (!accountId) {\n console.warn('[UserPreferences]: No current user set; keeping confirmation config in memory only');\n return;\n }\n\n // Save confirmation config (which includes theme)\n await IndexedDBManager.clientDB.updatePreferences(accountId, {\n confirmationConfig: this.confirmationConfig,\n });\n } catch (error) {\n console.warn('[WebAuthnManager]: Failed to save user settings:', error);\n }\n }\n\n /**\n * Get user theme preference from IndexedDB\n */\n async getCurrentUserAccountIdTheme(): Promise<'dark' | 'light' | null> {\n const id = this.currentUserAccountId;\n if (!id) return null;\n try {\n return await IndexedDBManager.clientDB.getTheme(id);\n } catch (error) {\n console.debug('[WebAuthnManager]: getCurrentUserAccountIdTheme:', error);\n return null;\n }\n }\n\n getUserTheme(): 'dark' | 'light' {\n return this.confirmationConfig.theme;\n }\n\n /**\n * Set user theme preference in IndexedDB\n */\n async setUserTheme(theme: 'dark' | 'light'): Promise<void> {\n const id = this.currentUserAccountId;\n if (!id) return; // No-op when no user is set (logged-out state)\n // Always update local UI state immediately; persistence is best-effort.\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme\n };\n // Notify all listeners of theme change\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n try {\n await IndexedDBManager.clientDB.setTheme(id, theme);\n } catch (error) {\n console.warn('[UserPreferencesManager]: Failed to save user theme:', error);\n }\n }\n}\n\n// Create and export singleton instance\nconst UserPreferencesInstance = new UserPreferencesManager();\nexport default UserPreferencesInstance;\n","import type { NearClient } from './NearClient';\nimport type { AccountId } from './types/accountIds';\nimport { fetchNonceBlockHashAndHeight } from './rpcCalls';\nimport type { TransactionContext } from './types/rpc';\nimport type { AccessKeyView, BlockResult } from '@near-js/types';\nimport { isObject, isNumber, isString } from './WalletIframe/validation';\nimport { errorMessage } from '../utils/errors';\n\n/**\n * NonceManager - Singleton for managing NEAR transaction context\n *\n * This class pre-fetches nonce and block height asynchronously at the start\n * of executeAction calls to avoid blocking renderUserConfirmUI().\n *\n * The manager is cleared on logout and instantiated with new user on login.\n */\nexport class NonceManager {\n private static instance: NonceManager | null = null;\n\n public lastNonceUpdate: number | null = null;\n public lastBlockHeightUpdate: number | null = null;\n public nearAccountId: AccountId | null = null;\n public nearPublicKeyStr: string | null = null;\n public transactionContext: TransactionContext | null = null;\n private inflightFetch: Promise<TransactionContext> | null = null;\n // Monotonic identifier to disambiguate concurrent fetches and prevent stale commits/clears\n private inflightId: number = 0;\n private refreshTimer: ReturnType<typeof setTimeout> | null = null;\n private prefetchTimer: ReturnType<typeof setTimeout> | null = null;\n\n // Nonce reservation system for batch transactions\n private reservedNonces: Set<string> = new Set();\n private lastReservedNonce: string | null = null;\n\n // Freshness thresholds (ms)\n // Treat context older than 5s as stale enough to refetch\n private readonly NONCE_FRESHNESS_THRESHOLD = 5 * 1000; // 5 seconds\n private readonly BLOCK_FRESHNESS_THRESHOLD = 20 * 1000; // 20 seconds (less frequent block refreshes)\n private readonly PREFETCH_DEBOUNCE_MS = 400; // less aggressive prefetch debounce to reduce churn\n\n // Private constructor for singleton pattern\n private constructor() {}\n\n /**\n * Get singleton instance\n */\n public static getInstance(): NonceManager {\n if (!NonceManager.instance) {\n NonceManager.instance = new NonceManager();\n }\n return NonceManager.instance;\n }\n\n /**\n * Prefetch block height/hash (and nonce if missing) in the background.\n * - If block info is stale or context missing, triggers a non-blocking refresh.\n * - Safe to call frequently (coalesces concurrent fetches).\n */\n public async prefetchBlockheight(nearClient: NearClient): Promise<void> {\n if (!this.nearAccountId || !this.nearPublicKeyStr) return;\n // Debounce prefetch to avoid repeated calls on quick hover/focus toggles\n this.clearPrefetchTimer();\n this.prefetchTimer = setTimeout(async () => {\n this.prefetchTimer = null;\n if (this.inflightFetch) return; // already fetching\n\n const now = Date.now();\n const isBlockStale = !this.lastBlockHeightUpdate || (now - this.lastBlockHeightUpdate) >= this.BLOCK_FRESHNESS_THRESHOLD;\n const missingContext = !this.transactionContext;\n if (!isBlockStale && !missingContext) return;\n\n try {\n await this.fetchFreshData(nearClient);\n } catch (e) {\n // Swallow errors during prefetch; runtime path will retry as needed\n console.debug('[NonceManager]: prefetchBlockheight ignored error:', e);\n }\n }, this.PREFETCH_DEBOUNCE_MS);\n }\n\n /**\n * Initialize or update the manager with user information\n */\n public initializeUser(nearAccountId: AccountId, nearPublicKeyStr: string): void {\n this.nearAccountId = nearAccountId;\n this.nearPublicKeyStr = nearPublicKeyStr;\n this.clearTransactionContext();\n }\n\n /**\n * Clear all data when user logs out\n */\n public clear(): void {\n this.lastNonceUpdate = null;\n this.lastBlockHeightUpdate = null;\n this.nearAccountId = null;\n this.nearPublicKeyStr = null;\n this.transactionContext = null;\n this.clearRefreshTimer();\n this.clearPrefetchTimer();\n this.inflightFetch = null;\n this.reservedNonces.clear();\n this.lastReservedNonce = null;\n }\n\n /**\n * Smart caching method for nonce and block height data\n * Returns cached data if fresh, otherwise fetches synchronously\n */\n public async getNonceBlockHashAndHeight(nearClient: NearClient, opts?: { force?: boolean }): Promise<TransactionContext> {\n // Always prefer a fresh fetch for critical paths; coalesced by fetchFreshData.\n // This minimizes subtle cache bugs after key rotations/linking and across devices.\n if (!this.nearAccountId || !this.nearPublicKeyStr) {\n throw new Error('NonceManager not initialized with user data');\n }\n // Respect caller's intent to force or use freshness thresholds\n const force = opts?.force === true;\n return await this.fetchFreshData(nearClient, force);\n }\n\n /**\n * Schedule an asynchronous refresh of the transaction context\n */\n private maybeScheduleBackgroundRefresh(nearClient: NearClient): void {\n if (!this.lastNonceUpdate || !this.lastBlockHeightUpdate) return;\n if (this.inflightFetch) return; // already fetching\n\n const now = Date.now();\n const nonceAge = now - this.lastNonceUpdate;\n const blockAge = now - this.lastBlockHeightUpdate;\n\n const halfNonceTtl = this.NONCE_FRESHNESS_THRESHOLD / 2;\n const halfBlockTtl = this.BLOCK_FRESHNESS_THRESHOLD / 2;\n\n // If we're past the half-life for either value, refresh NOW in background\n if (nonceAge >= halfNonceTtl || blockAge >= halfBlockTtl) {\n this.clearRefreshTimer();\n // Fire-and-forget refresh to keep cache warm\n void this.fetchFreshData(nearClient)\n .catch((error) => console.warn('[NonceManager]: Background refresh failed:', error));\n return;\n }\n\n // Otherwise, schedule a refresh for when the earliest metric hits half-life\n const delayToHalfNonce = Math.max(0, halfNonceTtl - nonceAge);\n const delayToHalfBlock = Math.max(0, halfBlockTtl - blockAge);\n const delay = Math.min(delayToHalfNonce, delayToHalfBlock);\n\n // Avoid multiple timers\n this.clearRefreshTimer();\n this.refreshTimer = setTimeout(() => {\n this.refreshTimer = null;\n if (this.inflightFetch) return;\n void this.fetchFreshData(nearClient)\n .catch((error) => console.warn('[NonceManager]: Background refresh failed:', error));\n }, delay);\n }\n\n /**\n * Fetch fresh transaction context data from NEAR RPC\n */\n private async fetchFreshData(nearClient: NearClient, force: boolean = false): Promise<TransactionContext> {\n // Coalesce concurrent refreshes when not forced to reduce redundant network calls.\n // Force=true is used by latency-critical paths (e.g., JIT VRF refresh) to guarantee a fresh block height.\n if (this.inflightFetch && !force) {\n return this.inflightFetch;\n }\n\n const capturedAccountId = this.nearAccountId;\n const capturedPublicKey = this.nearPublicKeyStr;\n // Start a new fetch; assign a unique id to guard commit and cleanup\n const requestId = (++this.inflightId);\n const fetchPromise = (async () => {\n try {\n // Determine what is actually stale so we only fetch what we need\n const now = Date.now();\n const isNonceStale = force || !this.lastNonceUpdate || (now - this.lastNonceUpdate) >= this.NONCE_FRESHNESS_THRESHOLD;\n const isBlockStale = force || !this.lastBlockHeightUpdate || (now - this.lastBlockHeightUpdate) >= this.BLOCK_FRESHNESS_THRESHOLD;\n\n let accessKeyInfo = this.transactionContext?.accessKeyInfo;\n let txBlockHeight = this.transactionContext?.txBlockHeight;\n let txBlockHash = this.transactionContext?.txBlockHash;\n\n const fetchAccessKey = isNonceStale || !accessKeyInfo;\n const fetchBlock = isBlockStale || !txBlockHeight || !txBlockHash;\n\n // Fetch required parts with tolerance for missing access key just after creation\n let maybeAccessKey: unknown = accessKeyInfo ?? null;\n let maybeBlock: unknown = null;\n\n // Run RPC calls in parallel where applicable, while preserving tolerant error handling\n let accessKeyError: unknown = null;\n let blockError: unknown = null;\n const tasks: Promise<void>[] = [];\n\n if (fetchAccessKey) {\n tasks.push((async () => {\n try {\n maybeAccessKey = await nearClient.viewAccessKey(capturedAccountId!, capturedPublicKey!);\n } catch (akErr: unknown) {\n const msg = errorMessage(akErr);\n const missingAk = msg.includes('does not exist while viewing')\n || msg.includes('Access key not found')\n || msg.includes('unknown public key')\n || msg.includes('does not exist');\n if (missingAk) {\n // Non-fatal: proceed without live AK; compute nextNonce conservatively\n console.debug('[NonceManager]: Access key missing during fetch; proceeding with block-only context');\n maybeAccessKey = null;\n } else {\n accessKeyError = akErr;\n }\n }\n })());\n }\n\n if (fetchBlock) {\n tasks.push((async () => {\n try {\n maybeBlock = await nearClient.viewBlock({ finality: 'final' });\n } catch (err: unknown) {\n // Block info is required\n blockError = err;\n }\n })());\n }\n\n if (tasks.length > 0) {\n await Promise.all(tasks);\n }\n\n if (accessKeyError) {\n throw accessKeyError;\n }\n if (blockError) {\n throw blockError;\n }\n\n // Commit results\n if (fetchAccessKey) {\n if (isAccessKeyView(maybeAccessKey)) {\n accessKeyInfo = maybeAccessKey;\n } else {\n // Keep previous accessKeyInfo if present; else set minimal placeholder\n accessKeyInfo = this.transactionContext?.accessKeyInfo || makePlaceholderAccessKey();\n }\n }\n\n if (fetchBlock) {\n if (!isBlockResult(maybeBlock)) {\n throw new Error('Failed to fetch Block Info');\n }\n txBlockHeight = String(maybeBlock.header.height);\n txBlockHash = maybeBlock.header.hash;\n }\n\n // Derive nextNonce from access key info + current context + reservations\n let nextCandidate = this.maxBigInt(\n accessKeyInfo?.nonce !== undefined ? (BigInt(accessKeyInfo.nonce) + 1n) : 0n,\n this.transactionContext?.nextNonce ? BigInt(this.transactionContext.nextNonce) : 0n,\n this.lastReservedNonce ? BigInt(this.lastReservedNonce) + 1n : 0n\n );\n if (nextCandidate <= 0n) nextCandidate = 1n; // never use 0\n const nextNonce = nextCandidate.toString();\n\n const transactionContext: TransactionContext = {\n nearPublicKeyStr: capturedPublicKey!,\n accessKeyInfo: accessKeyInfo!,\n nextNonce,\n txBlockHeight: txBlockHeight!,\n txBlockHash: txBlockHash!,\n };\n\n // Only commit if identity did not change AND this fetch is still the latest.\n // This guards against stale commits from races when a forced refresh overtakes a cached one.\n if (\n capturedAccountId === this.nearAccountId &&\n capturedPublicKey === this.nearPublicKeyStr &&\n requestId === this.inflightId\n ) {\n this.transactionContext = transactionContext;\n const now = Date.now();\n if (fetchAccessKey) this.lastNonceUpdate = now;\n if (fetchBlock) this.lastBlockHeightUpdate = now;\n // console.debug('[NonceManager]: committed context', {\n // nextNonce: transactionContext.nextNonce,\n // txBlockHeight: transactionContext.txBlockHeight,\n // txBlockHash: transactionContext.txBlockHash,\n // lastNonceUpdate: this.lastNonceUpdate,\n // lastBlockHeightUpdate: this.lastBlockHeightUpdate,\n // });\n } else {\n // Discard results from outdated or identity-mismatched fetches; a newer fetch has already committed.\n }\n\n return transactionContext;\n } catch (error) {\n console.error('[NonceManager]: Failed to fetch fresh transaction context:', error);\n throw error;\n } finally {\n // Only clear inflight if this promise is still the latest.\n if (requestId === this.inflightId) {\n this.inflightFetch = null;\n }\n }\n })();\n\n this.inflightFetch = fetchPromise;\n return fetchPromise;\n }\n\n /**\n * Get the current transaction context\n * Throws if data is not available or stale\n */\n public getTransactionContext(): TransactionContext {\n if (!this.transactionContext) {\n throw new Error('Transaction context not available - call getNonceBlockHashAndHeight() first');\n }\n\n // Check if data is stale (more than 30 seconds old)\n const now = Date.now();\n const maxAge = 30 * 1000; // 30 seconds\n\n if (this.lastNonceUpdate && (now - this.lastNonceUpdate) > maxAge) {\n console.warn('[NonceManager]: Transaction context is stale, consider refreshing');\n }\n\n return this.transactionContext;\n }\n\n /**\n * Check if transaction context is available and not stale\n */\n public isTransactionContextAvailable(maxAgeMs: number = 30000): boolean {\n if (!this.transactionContext || !this.lastNonceUpdate) {\n return false;\n }\n\n const now = Date.now();\n return (now - this.lastNonceUpdate) <= maxAgeMs;\n }\n\n /**\n * Clear transaction context (useful when nonce might be invalidated)\n */\n public clearTransactionContext(): void {\n this.transactionContext = null;\n this.lastNonceUpdate = null;\n this.lastBlockHeightUpdate = null;\n this.clearRefreshTimer();\n this.clearPrefetchTimer();\n this.inflightFetch = null;\n this.reservedNonces.clear();\n this.lastReservedNonce = null;\n }\n\n /**\n * Force a synchronous refresh of nonce + block context.\n * Useful after key rotations (e.g., link-device) or when encountering INVALID_NONCE.\n * Optionally clears any locally reserved nonces to avoid collisions.\n */\n public async refreshNow(nearClient: NearClient, opts?: { clearReservations?: boolean }): Promise<TransactionContext> {\n if (opts?.clearReservations) {\n try { this.releaseAllNonces(); } catch {}\n }\n return await this.fetchFreshData(nearClient, true);\n }\n\n /**\n * Reserve a nonce for batch transactions\n * This increments the nonce locally to prevent conflicts in batch operations\n * @param count - Number of nonces to reserve (default: 1)\n * @returns Array of reserved nonces\n */\n public reserveNonces(count: number = 1): string[] {\n if (!this.transactionContext) {\n throw new Error('Transaction context not available - call getNonceBlockHashAndHeight() first');\n }\n\n if (count <= 0) return [];\n\n const start = this.lastReservedNonce\n ? BigInt(this.lastReservedNonce) + 1n\n : BigInt(this.transactionContext.nextNonce);\n\n // Plan reservations first (pure), then commit atomically\n const planned: string[] = [];\n for (let i = 0; i < count; i++) {\n const candidate = (start + BigInt(i)).toString();\n if (this.reservedNonces.has(candidate)) {\n throw new Error(`Nonce ${candidate} is already reserved`);\n }\n planned.push(candidate);\n }\n\n // Commit: extend set and bump lastReservedNonce\n const newSet = new Set(this.reservedNonces);\n for (const n of planned) newSet.add(n);\n this.reservedNonces = newSet;\n this.lastReservedNonce = planned[planned.length - 1];\n\n console.debug(`[NonceManager]: Reserved ${count} nonces:`, planned);\n return planned;\n }\n\n /**\n * Release a reserved nonce (call when transaction is completed or failed)\n * @param nonce - The nonce to release\n */\n public releaseNonce(nonce: string): void {\n if (this.reservedNonces.has(nonce)) {\n this.reservedNonces.delete(nonce);\n console.debug(`[NonceManager]: Released nonce ${nonce}`);\n }\n }\n\n /**\n * Release all reserved nonces\n */\n public releaseAllNonces(): void {\n const count = this.reservedNonces.size;\n this.reservedNonces.clear();\n this.lastReservedNonce = null;\n console.debug(`[NonceManager]: Released all ${count} reserved nonces`);\n }\n\n /**\n * Update nonce from blockchain after transaction completion\n * This should be called after a transaction is successfully broadcasted\n * @param nearClient - NEAR client for RPC calls\n * @param actualNonce - The actual nonce used in the completed transaction\n */\n public async updateNonceFromBlockchain(nearClient: NearClient, actualNonce: string): Promise<void> {\n if (!this.nearAccountId || !this.nearPublicKeyStr) {\n throw new Error('NonceManager not initialized with user data');\n }\n\n try {\n // Fetch fresh access key info to get the latest nonce\n const accessKeyInfo = await nearClient.viewAccessKey(this.nearAccountId, this.nearPublicKeyStr);\n\n if (!accessKeyInfo || accessKeyInfo.nonce === undefined) {\n throw new Error(`Access key not found or invalid for account ${this.nearAccountId}`);\n }\n\n const chainNonceBigInt = BigInt(accessKeyInfo.nonce);\n const actualNonceBigInt = BigInt(actualNonce);\n\n // Tolerate both pre- and post-final states:\n // - pre-final: chainNonce == actualNonce - 1\n // - post-final: chainNonce >= actualNonce\n if (chainNonceBigInt < actualNonceBigInt - BigInt(1)) {\n console.warn(\n `[NonceManager]: Chain nonce (${chainNonceBigInt}) behind expected (${actualNonceBigInt - BigInt(1)}). Proceeding with tolerant update.`\n );\n }\n\n // Compute next usable nonce using maxBigInt for clarity\n // Include (actualNonce + 1) to immediately advance locally after broadcast,\n // even if chain finality has not reflected the new nonce yet.\n const candidateNext = this.maxBigInt(\n chainNonceBigInt + 1n,\n actualNonceBigInt + 1n,\n this.transactionContext?.nextNonce ? BigInt(this.transactionContext.nextNonce) : 0n,\n this.lastReservedNonce ? BigInt(this.lastReservedNonce) + 1n : 0n,\n );\n\n // Update cached context with fresh access key info and computed next nonce\n if (this.transactionContext) {\n this.transactionContext.accessKeyInfo = accessKeyInfo;\n this.transactionContext.nextNonce = candidateNext.toString();\n } else {\n // If no context exists (should be rare here), construct a minimal one\n this.transactionContext = {\n nearPublicKeyStr: this.nearPublicKeyStr!,\n accessKeyInfo: accessKeyInfo,\n nextNonce: candidateNext.toString(),\n // Block values are unknown here; leave stale ones to be refreshed later\n txBlockHeight: '0',\n txBlockHash: '',\n } as TransactionContext; // We'll refresh these via fetchFreshData when needed\n }\n this.lastNonceUpdate = Date.now();\n\n // Release the used nonce (idempotent)\n this.releaseNonce(actualNonce);\n\n // Prune any reserved nonces that are now <= chain nonce (already used or invalid)\n if (this.reservedNonces.size > 0) {\n const { set: prunedSet, lastReserved } = this.pruneReserved(chainNonceBigInt, this.reservedNonces);\n this.reservedNonces = prunedSet;\n this.lastReservedNonce = lastReserved;\n }\n\n console.debug(\n `[NonceManager]: Updated from chain nonce=${chainNonceBigInt} actual=${actualNonceBigInt} next=${this.transactionContext!.nextNonce}`\n );\n\n } catch (error: unknown) {\n const msg = errorMessage(error);\n // Tolerate missing/rotated keys: avoid noisy error and advance nextNonce optimistically\n if (msg.includes('does not exist while viewing') || msg.includes('Access key not found')) {\n try {\n const actualNonceBigInt = BigInt(actualNonce);\n const candidateNext = this.maxBigInt(\n actualNonceBigInt + 1n,\n this.transactionContext?.nextNonce ? BigInt(this.transactionContext.nextNonce) : 0n,\n this.lastReservedNonce ? BigInt(this.lastReservedNonce) + 1n : 0n,\n );\n if (this.transactionContext) {\n this.transactionContext.nextNonce = candidateNext.toString();\n } else {\n this.transactionContext = {\n nearPublicKeyStr: this.nearPublicKeyStr!,\n accessKeyInfo: makePlaceholderAccessKey(),\n nextNonce: candidateNext.toString(),\n txBlockHeight: '0',\n txBlockHash: '',\n } as TransactionContext;\n }\n this.lastNonceUpdate = Date.now();\n console.debug('[NonceManager]: Access key missing; advanced nextNonce optimistically to', this.transactionContext?.nextNonce);\n return;\n } catch {}\n }\n console.warn('[NonceManager]: Failed to update nonce from blockchain:', error);\n // Don't throw - this is a best-effort update\n }\n }\n\n /**\n * Get the next available nonce for a single transaction\n * This is a convenience method that reserves exactly one nonce\n * @returns The next nonce to use\n */\n public getNextNonce(): string {\n const nonces = this.reserveNonces(1);\n return nonces[0];\n }\n\n private clearRefreshTimer(): void {\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.refreshTimer = null;\n }\n }\n private clearPrefetchTimer(): void {\n if (this.prefetchTimer) {\n clearTimeout(this.prefetchTimer);\n this.prefetchTimer = null;\n }\n }\n\n // Small helper to get max of BigInt values elegantly\n private maxBigInt(...values: bigint[]): bigint {\n if (values.length === 0) return 0n;\n return values.reduce((a, b) => (a > b ? a : b));\n }\n\n // Return a new reserved set that excludes entries <= chain nonce, and compute new lastReserved\n private pruneReserved(chainNonceBigInt: bigint, reserved: Set<string>): { set: Set<string>, lastReserved: string | null } {\n const newSet = new Set<string>();\n let newLast: bigint | null = null;\n for (const r of reserved) {\n try {\n const rb = BigInt(r);\n if (rb > chainNonceBigInt) {\n newSet.add(r);\n if (newLast === null || rb > newLast) newLast = rb;\n }\n } catch {\n // skip malformed entries\n }\n }\n return {\n set: newSet,\n lastReserved: newLast ? newLast.toString() : null\n };\n }\n\n}\n\n// ===== Type guards for NEAR RPC return shapes =====\nfunction isAccessKeyView(x: unknown): x is AccessKeyView {\n if (!isObject(x)) return false;\n // Only validate the fields we actually use\n return isNumber((x as { nonce?: unknown }).nonce);\n}\n\nfunction isBlockResult(x: unknown): x is BlockResult {\n if (!isObject(x)) return false;\n const h = (x as { header?: unknown }).header;\n if (!isObject(h)) return false;\n const height = (h as { height?: unknown }).height;\n const hash = (h as { hash?: unknown }).hash;\n return isNumber(height) && isString(hash);\n}\n\nfunction makePlaceholderAccessKey(): AccessKeyView {\n return {\n nonce: BigInt(0),\n permission: 'FullAccess',\n block_hash: '',\n block_height: 0\n }\n}\n\n// Create and export singleton instance\nconst NonceManagerInstance = NonceManager.getInstance();\nexport default NonceManagerInstance;\n","// Internal process-wide flag to mark wallet iframe host mode\nlet IS_WALLET_IFRAME_HOST = false;\n\nexport function __setWalletIframeHostMode(enabled: boolean = true): void {\n IS_WALLET_IFRAME_HOST = !!enabled;\n}\n\nexport function __isWalletIframeHostMode(): boolean {\n return IS_WALLET_IFRAME_HOST;\n}\n\n","import {\n IndexedDBManager,\n type ClientUserData,\n type ClientAuthenticatorData,\n type UnifiedIndexedDBManager,\n} from '../IndexedDBManager';\nimport { StoreUserDataInput } from '../IndexedDBManager/passkeyClientDB';\nimport { type NearClient, SignedTransaction } from '../NearClient';\nimport { SignerWorkerManager } from './SignerWorkerManager';\nimport { VrfWorkerManager } from './VrfWorkerManager';\nimport { AllowCredential, TouchIdPrompt, authenticatorsToAllowCredentials } from './touchIdPrompt';\nimport { toAccountId } from '../types/accountIds';\nimport { UserPreferencesManager } from './userPreferences';\nimport UserPreferencesInstance from './userPreferences';\nimport { NonceManager } from '../nonceManager';\nimport NonceManagerInstance from '../nonceManager';\nimport {\n EncryptedVRFKeypair,\n ServerEncryptedVrfKeypair,\n VRFInputData,\n VRFChallenge\n} from '../types/vrf-worker';\nimport type { ActionArgsWasm, TransactionInputWasm } from '../types/actions';\nimport type { RegistrationHooksOptions, RegistrationSSEEvent, onProgressEvents } from '../types/sdkSentEvents';\nimport type { SignTransactionResult, TatchiConfigs } from '../types/tatchi';\nimport type { AccountId } from '../types/accountIds';\nimport type { AuthenticatorOptions } from '../types/authenticatorOptions';\nimport type { DelegateActionInput } from '../types/delegate';\nimport type { ConfirmationConfig, RpcCallPayload, WasmSignedDelegate } from '../types/signer-worker';\nimport { WebAuthnRegistrationCredential, WebAuthnAuthenticationCredential } from '../types';\nimport { RegistrationCredentialConfirmationPayload } from './SignerWorkerManager/handlers/validation';\nimport { resolveWorkerBaseOrigin, onEmbeddedBaseChange } from '../sdkPaths';\nimport { DEFAULT_WAIT_STATUS } from '../types/rpc';\nimport { getLastLoggedInDeviceNumber } from './SignerWorkerManager/getDeviceNumber';\nimport { __isWalletIframeHostMode } from '../WalletIframe/host-mode';\n\ntype SigningSessionOptions = {\n /** PRF-bearing credential; VRF worker extracts PRF outputs internally */\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n};\n\n/**\n * WebAuthnManager - Main orchestrator for WebAuthn operations\n *\n * Architecture:\n * - index.ts (this file): Main class orchestrating everything\n * - signerWorkerManager: NEAR transaction signing, and VRF Web3Authn verification RPC calls\n * - vrfWorkerManager: VRF keypair generation, challenge generation\n * - touchIdPrompt: TouchID prompt for biometric authentication\n */\nexport class WebAuthnManager {\n private readonly vrfWorkerManager: VrfWorkerManager;\n private readonly signerWorkerManager: SignerWorkerManager;\n private readonly touchIdPrompt: TouchIdPrompt;\n private readonly userPreferencesManager: UserPreferencesManager;\n private readonly nearClient: NearClient;\n private readonly nonceManager: NonceManager;\n private workerBaseOrigin: string = '';\n // VRF-owned signing session id per account (warm session reuse).\n private activeSigningSessionIds: Map<string, string> = new Map();\n\n readonly tatchiPasskeyConfigs: TatchiConfigs;\n\n constructor(tatchiPasskeyConfigs: TatchiConfigs, nearClient: NearClient) {\n this.tatchiPasskeyConfigs = tatchiPasskeyConfigs;\n this.nearClient = nearClient;\n // Respect rpIdOverride. Safari get() bridge fallback is always enabled.\n this.touchIdPrompt = new TouchIdPrompt(\n tatchiPasskeyConfigs.iframeWallet?.rpIdOverride,\n true,\n );\n this.userPreferencesManager = UserPreferencesInstance;\n // Apply integrator-provided default UI theme (in-memory only; user preferences may override later).\n try {\n this.userPreferencesManager.configureWalletTheme?.(tatchiPasskeyConfigs.walletTheme);\n } catch {}\n this.nonceManager = NonceManagerInstance;\n const { vrfWorkerConfigs } = tatchiPasskeyConfigs;\n // Group VRF worker configuration and pass context\n this.vrfWorkerManager = new VrfWorkerManager(\n {\n shamirPB64u: vrfWorkerConfigs?.shamir3pass?.p,\n relayServerUrl: vrfWorkerConfigs?.shamir3pass?.relayServerUrl,\n applyServerLockRoute: vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute,\n removeServerLockRoute: vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute,\n },\n {\n touchIdPrompt: this.touchIdPrompt,\n nearClient: this.nearClient,\n indexedDB: IndexedDBManager,\n userPreferencesManager: this.userPreferencesManager,\n nonceManager: this.nonceManager,\n rpIdOverride: this.touchIdPrompt.getRpId(),\n nearExplorerUrl: tatchiPasskeyConfigs.nearExplorerUrl,\n }\n );\n this.signerWorkerManager = new SignerWorkerManager(\n this.vrfWorkerManager,\n nearClient,\n this.userPreferencesManager,\n this.nonceManager,\n tatchiPasskeyConfigs.iframeWallet?.rpIdOverride,\n true,\n tatchiPasskeyConfigs.nearExplorerUrl,\n );\n // VRF worker initializes on-demand with proper error propagation\n\n // Compute initial worker base origin once\n this.workerBaseOrigin = resolveWorkerBaseOrigin() || (typeof window !== 'undefined' ? window.location.origin : '');\n this.signerWorkerManager.setWorkerBaseOrigin(this.workerBaseOrigin);\n this.vrfWorkerManager.setWorkerBaseOrigin?.(this.workerBaseOrigin as any);\n\n // Keep base origin updated if the wallet sets a new embedded base\n if (typeof window !== 'undefined') {\n onEmbeddedBaseChange((url) => {\n const origin = new URL(url, window.location.origin).origin;\n if (origin && origin !== this.workerBaseOrigin) {\n this.workerBaseOrigin = origin;\n this.signerWorkerManager.setWorkerBaseOrigin(origin);\n this.vrfWorkerManager.setWorkerBaseOrigin?.(origin as any);\n }\n });\n }\n\n // Best-effort: load persisted preferences unless we are in app-origin iframe mode,\n // where the wallet origin owns persistence and the app should avoid IndexedDB.\n const shouldAvoidAppOriginIndexedDB =\n !!tatchiPasskeyConfigs.iframeWallet?.walletOrigin && !__isWalletIframeHostMode();\n if (!shouldAvoidAppOriginIndexedDB) {\n void this.userPreferencesManager.initFromIndexedDB().catch(() => undefined);\n }\n }\n\n /**\n * Public pre-warm hook to initialize signer workers ahead of time.\n * Safe to call multiple times; errors are non-fatal.\n */\n prewarmSignerWorkers(): void {\n if (typeof window === 'undefined' || typeof (window as any).Worker === 'undefined') return;\n // Avoid noisy SecurityError in cross‑origin dev: only prewarm when same‑origin\n if (this.workerBaseOrigin && this.workerBaseOrigin !== window.location.origin) return;\n this.signerWorkerManager.preWarmWorkerPool().catch(() => {});\n }\n\n /**\n * Warm critical resources to reduce first-action latency.\n * - Initialize current user (sets up NonceManager and local state)\n * - Prefetch latest block context (and nonce if missing)\n * - Pre-open IndexedDB and warm encrypted key for the active account (best-effort)\n * - Pre-warm signer workers in the background\n */\n async warmCriticalResources(nearAccountId?: string): Promise<void> {\n // Initialize current user first (best-effort)\n if (nearAccountId) {\n await this.initializeCurrentUser(toAccountId(nearAccountId), this.nearClient).catch(() => null);\n }\n // Prefetch latest block/nonce context (best-effort)\n await this.nonceManager.prefetchBlockheight(this.nearClient).catch(() => null);\n // Best-effort: open IndexedDB and warm key data for the account\n if (nearAccountId) {\n await IndexedDBManager.getUserWithKeys(toAccountId(nearAccountId)).catch(() => null);\n }\n // Warm signer workers in background\n this.prewarmSignerWorkers();\n }\n\n /**\n * Resolve the effective rpId used for WebAuthn operations.\n * Delegates to TouchIdPrompt to centralize rpId selection logic.\n */\n getRpId(): string {\n return this.touchIdPrompt.getRpId();\n }\n\n /** Getter for NonceManager instance */\n getNonceManager(): NonceManager {\n return this.nonceManager;\n }\n\n /**\n * WebAuthnManager-level orchestrator for VRF-owned signing sessions.\n * Creates sessionId, wires MessagePort between VRF and signer workers, and ensures cleanup.\n *\n * Overload 1: plain signing session (no WrapKeySeed derivation).\n * Overload 2: signing session with WrapKeySeed derivation, when `SigningSessionOptions`\n * (PRF.first_auth) are provided. wrapKeySalt is generated inside the VRF worker\n * when a new vault entry is being created.\n */\n private generateSessionId(prefix: string): string {\n return (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `${prefix}-${Date.now()}-${Math.random().toString(16).slice(2)}`;\n }\n\n private toNonNegativeInt(value: unknown): number | undefined {\n if (typeof value !== 'number' || !Number.isFinite(value) || value < 0) return undefined;\n return Math.floor(value);\n }\n\n private resolveSigningSessionPolicy(args: {\n ttlMs?: number;\n remainingUses?: number;\n }): {\n ttlMs: number;\n remainingUses: number;\n } {\n const ttlMs = this.toNonNegativeInt(args.ttlMs)\n ?? this.tatchiPasskeyConfigs.signingSessionDefaults.ttlMs;\n const remainingUses = this.toNonNegativeInt(args.remainingUses)\n ?? this.tatchiPasskeyConfigs.signingSessionDefaults.remainingUses;\n return { ttlMs, remainingUses };\n }\n\n private getOrCreateActiveSigningSessionId(nearAccountId: AccountId): string {\n const key = String(toAccountId(nearAccountId));\n const existing = this.activeSigningSessionIds.get(key);\n if (existing) return existing;\n const sessionId = this.generateSessionId('signing-session');\n this.activeSigningSessionIds.set(key, sessionId);\n return sessionId;\n }\n\n private async withSigningSession<T>(args: {\n sessionId?: string;\n prefix?: string;\n options?: SigningSessionOptions;\n handler: (sessionId: string) => Promise<T>;\n }): Promise<T> {\n if (typeof args.handler !== 'function') {\n throw new Error('withSigningSession requires a handler function');\n }\n const sessionId = (args.sessionId || '').trim() || (args.prefix ? this.generateSessionId(args.prefix) : '');\n if (!sessionId) {\n throw new Error('withSigningSession requires a sessionId or prefix');\n }\n return await this.withSigningSessionInternal({ sessionId, options: args.options, handler: args.handler });\n }\n\n private async withSigningSessionInternal<T>(args: {\n sessionId: string;\n options?: SigningSessionOptions;\n handler: (sessionId: string) => Promise<T>;\n }): Promise<T> {\n const signerPort = await this.vrfWorkerManager.createSigningSessionChannel(args.sessionId);\n await this.signerWorkerManager.reserveSignerWorkerSession(args.sessionId, { signerPort });\n try {\n // If PRF is provided, derive WrapKeySeed in VRF worker and deliver it\n // (along with PRF.second if credential is provided) to the signer worker\n // via the reserved MessagePort before invoking the handler.\n if (args.options) {\n await this.vrfWorkerManager.mintSessionKeysAndSendToSigner({\n sessionId: args.sessionId,\n credential: args.options.credential,\n });\n }\n return await args.handler(args.sessionId);\n } finally {\n this.signerWorkerManager.releaseSigningSession(args.sessionId);\n }\n }\n\n /**\n * VRF-driven registration confirmation helper.\n * Runs confirmTxFlow and returns registration artifacts.\n *\n * SecureConfirm wrapper for link-device / registration: prompts user in-iframe to create a\n * new passkey (device N), returning artifacts for subsequent derivation.\n */\n async requestRegistrationCredentialConfirmation(params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n }): Promise<RegistrationCredentialConfirmationPayload> {\n return this.vrfWorkerManager.requestRegistrationCredentialConfirmation({\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n confirmerText: params.confirmerText,\n confirmationConfigOverride: params.confirmationConfigOverride,\n contractId: this.tatchiPasskeyConfigs.contractId,\n nearRpcUrl: this.tatchiPasskeyConfigs.nearRpcUrl,\n });\n }\n\n /**\n * Helper for export/decrypt flows:\n * - Read vault wrapKeySalt\n * - Ask VRF worker to run LocalOnly(DECRYPT_PRIVATE_KEY_WITH_PRF) + derive WrapKeySeed\n * - WrapKeySeed travels only over the VRF→Signer MessagePort\n */\n private async confirmDecryptAndDeriveWrapKeySeed(args: {\n nearAccountId: AccountId;\n sessionId: string;\n }): Promise<void> {\n const nearAccountId = toAccountId(args.nearAccountId);\n // Resolve deviceNumber consistently with signer paths so both VRF and signer\n // operate on the same vault entry. Prefer the last logged-in device for this\n // account; if unavailable, fall back to the most recently updated user row.\n const [last, latest] = await Promise.all([\n IndexedDBManager.clientDB.getLastUser().catch(() => null),\n IndexedDBManager.clientDB.getLastDBUpdatedUser(nearAccountId).catch(() => null)\n ]);\n\n const deviceNumber =\n (last && last.nearAccountId === nearAccountId && typeof last.deviceNumber === 'number')\n ? last.deviceNumber\n : (latest && typeof latest.deviceNumber === 'number')\n ? latest.deviceNumber\n : null;\n\n if (deviceNumber === null) {\n throw new Error(`No deviceNumber found for account ${nearAccountId} (decrypt session)`);\n }\n\n // Load VRF material for this device so the VRF worker can unlock the correct\n // VRF keypair in a fresh/offline worker instance.\n const userForDevice = await IndexedDBManager.clientDB.getUserByDevice(nearAccountId, deviceNumber).catch(() => null);\n const encryptedVrfKeypair = userForDevice?.encryptedVrfKeypair;\n\n // Gather encrypted key + wrapKeySalt and public key from IndexedDB for this device\n const encryptedKeyData = await IndexedDBManager.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n console.error('WebAuthnManager: No encrypted key found for decrypt session', {\n nearAccountId: String(nearAccountId),\n deviceNumber,\n });\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n // For v2+ vaults, wrapKeySalt is the canonical salt.\n const wrapKeySalt = encryptedKeyData.wrapKeySalt || '';\n if (!wrapKeySalt) {\n console.error('WebAuthnManager: Missing wrapKeySalt in vault for decrypt session', {\n nearAccountId: String(nearAccountId),\n deviceNumber,\n });\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n try {\n await this.vrfWorkerManager.prepareDecryptSession({\n sessionId: args.sessionId,\n nearAccountId,\n wrapKeySalt,\n encryptedVrfKeypair,\n });\n } catch (error) {\n console.error('WebAuthnManager: VRF decrypt session failed', {\n nearAccountId: String(nearAccountId),\n sessionId: args.sessionId,\n error,\n });\n throw error;\n }\n }\n\n getAuthenticationCredentialsSerialized({\n nearAccountId,\n challenge,\n allowCredentials\n }: {\n nearAccountId: AccountId;\n challenge: VRFChallenge;\n allowCredentials: AllowCredential[];\n }): Promise<WebAuthnAuthenticationCredential> {\n return this.touchIdPrompt.getAuthenticationCredentialsSerialized({\n nearAccountId,\n challenge,\n allowCredentials\n });\n }\n\n ///////////////////////////////////////\n // VRF MANAGER FUNCTIONS\n ///////////////////////////////////////\n\n /**\n * Generate a VRF challenge bound to a specific signing/confirm session.\n * The challenge will be cached in the VRF worker under this sessionId so\n * later contract verification (MINT_SESSION_KEYS_AND_SEND_TO_SIGNER) can look it up.\n */\n async generateVrfChallengeForSession(\n sessionId: string,\n vrfInputData: VRFInputData,\n ): Promise<VRFChallenge> {\n return this.vrfWorkerManager.generateVrfChallengeForSession(vrfInputData, sessionId);\n }\n\n /**\n * Generate a one-off VRF challenge without caching it in the VRF worker.\n * Use this for flows that don't perform contract verification or derive\n * wrap keys via MINT_SESSION_KEYS_AND_SEND_TO_SIGNER.\n */\n async generateVrfChallengeOnce(vrfInputData: VRFInputData): Promise<VRFChallenge> {\n return this.vrfWorkerManager.generateVrfChallengeOnce(vrfInputData);\n }\n\n /**\n * Generate VRF keypair for bootstrapping - stores in memory unencrypted temporarily\n * This is used during registration to generate a VRF keypair that will be used for\n * WebAuthn ceremony and later encrypted with the real PRF output\n *\n * @param saveInMemory - Whether to persist the generated VRF keypair in WASM worker memory\n * @param vrfInputParams - Optional parameters to generate VRF challenge/proof in same call\n * @returns VRF public key and optionally VRF challenge data\n */\n async generateVrfKeypairBootstrap(args: {\n saveInMemory: boolean;\n vrfInputData: VRFInputData;\n sessionId?: string;\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n }> {\n return this.vrfWorkerManager.generateVrfKeypairBootstrap({\n vrfInputData: args.vrfInputData,\n saveInMemory: args.saveInMemory,\n sessionId: args.sessionId,\n });\n }\n\n /**\n * Derive NEAR keypair directly from a serialized WebAuthn registration credential\n */\n async deriveNearKeypairAndEncryptFromSerialized({\n credential,\n nearAccountId,\n options,\n }: {\n credential: WebAuthnRegistrationCredential;\n nearAccountId: string;\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n }): Promise<{\n success: boolean;\n nearAccountId: string;\n publicKey: string;\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n error?: string;\n }>{\n return this.withSigningSession({\n prefix: 'reg',\n options: { credential },\n handler: (sessionId) =>\n this.signerWorkerManager.deriveNearKeypairAndEncryptFromSerialized({\n credential,\n nearAccountId: toAccountId(nearAccountId),\n options,\n sessionId,\n }),\n });\n }\n\n\n /**\n * **Sign Device2 registration transaction with already-stored key (no prompt)**\n *\n * Used by linkDevice flow after key swap to sign the registration transaction\n * without prompting the user again. Reuses the credential collected earlier.\n *\n * Flow:\n * 1. Extract PRF.first from the provided credential\n * 2. Create new MessagePort session for WrapKeySeed delivery\n * 3. VRF worker re-derives WrapKeySeed and sends to signer (with PRF.second)\n * 4. Signer worker retrieves encrypted key from IndexedDB\n * 5. Signer worker decrypts key and signs registration transaction\n *\n * @param nearAccountId - NEAR account ID for Device2\n * @param credential - WebAuthn registration credential from earlier prompt\n * @param vrfChallenge - VRF challenge from earlier prompt\n * @param deviceNumber - Device number for Device2\n * @returns Signed registration transaction ready for submission\n */\n async signDevice2RegistrationWithStoredKey(args: {\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n deviceNumber: number;\n deterministicVrfPublicKey: string;\n }): Promise<{\n success: boolean;\n publicKey?: string;\n signedTransaction?: any;\n error?: string;\n }> {\n const { nearAccountId, credential, vrfChallenge, deviceNumber, deterministicVrfPublicKey } = args;\n const contractId = this.tatchiPasskeyConfigs.contractId;\n\n try {\n // Generate new session ID for this signing operation\n const sessionId = `device2-sign-${Date.now()}-${Math.random().toString(36).slice(2, 11)}`;\n\n // Retrieve encrypted key data and wrapKeySalt from IndexedDB\n const encryptedKeyData = await IndexedDBManager.nearKeysDB.getEncryptedKey(\n nearAccountId,\n deviceNumber\n );\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account ${nearAccountId} device ${deviceNumber}`);\n }\n\n const wrapKeySalt = encryptedKeyData.wrapKeySalt;\n if (!wrapKeySalt) {\n throw new Error(`Missing wrapKeySalt for account ${nearAccountId} device ${deviceNumber}`);\n }\n\n // === STEP 1: Create MessagePort session for WrapKeySeed delivery ===\n const signerPort = await this.vrfWorkerManager.createSigningSessionChannel(sessionId);\n await this.signerWorkerManager.reserveSignerWorkerSession(sessionId, { signerPort });\n\n // === STEP 2: VRF worker re-derives WrapKeySeed and sends to signer ===\n // This extracts PRF.second from the credential and delivers both WrapKeySeed + PRF.second\n // to the signer worker via MessagePort\n await this.vrfWorkerManager.mintSessionKeysAndSendToSigner({\n sessionId,\n wrapKeySalt,\n credential, // VRF will extract PRF.second from this\n });\n\n // === STEP 4: Get transaction context for registration ===\n const transactionContext = await this.nonceManager.getNonceBlockHashAndHeight(this.nearClient);\n\n // === STEP 5: Determine deterministic VRF public key ===\n // Try: provided parameter → authenticator table → fallback to ephemeral VRF from challenge\n let vrfPublicKey = deterministicVrfPublicKey;\n // Fallback to ephemeral VRF public key from challenge if still not found\n const finalVrfPublicKey = vrfPublicKey || vrfChallenge.vrfPublicKey;\n\n // === STEP 6: Signer worker signs registration transaction ===\n // WrapKeySeed and PRF.second are already in signer worker via MessagePort\n const signerResult = await this.signerWorkerManager.registerDevice2WithDerivedKey({\n sessionId,\n nearAccountId,\n credential,\n vrfChallenge,\n transactionContext,\n contractId,\n wrapKeySalt,\n deviceNumber,\n deterministicVrfPublicKey: finalVrfPublicKey,\n });\n\n return {\n success: true,\n publicKey: signerResult.publicKey,\n signedTransaction: signerResult.signedTransaction,\n };\n\n } catch (error: any) {\n console.error('[WebAuthnManager] Failed to sign Device2 registration with stored key:', error);\n return {\n success: false,\n error: error.message || String(error),\n };\n }\n }\n\n /**\n * Derive deterministic VRF keypair from PRF output for recovery\n * Optionally generates VRF challenge if input parameters are provided\n * This enables deterministic VRF key derivation from WebAuthn credentials\n *\n * @param credential - WebAuthn credential containing PRF outputs\n * @param nearAccountId - NEAR account ID for key derivation salt\n * @param vrfInputParams - Optional VRF inputs, if provided will generate a challenge\n * @param saveInMemory - Whether to save the derived VRF keypair in worker memory for immediate use\n * @returns Deterministic VRF public key, optional VRF challenge, and encrypted VRF keypair for storage\n */\n async deriveVrfKeypair({\n credential,\n nearAccountId,\n vrfInputData,\n saveInMemory = true,\n }: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData; // optional, for challenge generation\n saveInMemory?: boolean; // optional, whether to save in worker memory\n }): Promise<{\n success: boolean;\n vrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfChallenge: VRFChallenge | null;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }> {\n try {\n const vrfResult = await this.vrfWorkerManager.deriveVrfKeypairFromPrf({\n credential,\n nearAccountId,\n vrfInputData,\n saveInMemory,\n });\n\n const result: {\n success: boolean;\n vrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfChallenge: VRFChallenge | null;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n } = {\n success: true,\n vrfPublicKey: vrfResult.vrfPublicKey,\n encryptedVrfKeypair: vrfResult.encryptedVrfKeypair,\n vrfChallenge: vrfResult.vrfChallenge,\n serverEncryptedVrfKeypair: vrfResult.serverEncryptedVrfKeypair,\n };\n\n return result;\n\n } catch (error: any) {\n console.error('WebAuthnManager: VRF keypair derivation error:', error);\n throw new Error(`VRF keypair derivation failed ${error.message}`);\n }\n }\n\n /**\n * Unlock VRF keypair in memory using PRF output\n * This is called during login to decrypt and load the VRF keypair in-memory\n */\n async unlockVRFKeypair({\n nearAccountId,\n encryptedVrfKeypair,\n credential,\n }: {\n nearAccountId: AccountId;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n credential: WebAuthnAuthenticationCredential;\n }): Promise<{ success: boolean; error?: string }> {\n try {\n const unlockResult = await this.vrfWorkerManager.unlockVrfKeypair({\n credential,\n nearAccountId,\n encryptedVrfKeypair,\n });\n\n if (!unlockResult.success) {\n console.error('WebAuthnManager: VRF keypair unlock failed');\n return { success: false, error: 'VRF keypair unlock failed' };\n }\n\n // Warm up signer workers after a successful unlock to minimize first-use latency\n this.signerWorkerManager.preWarmWorkerPool().catch(() => {});\n\n return { success: true };\n\n } catch (error: any) {\n console.error('WebAuthnManager: VRF keypair unlock failed:', error.message);\n return { success: false, error: error.message };\n }\n }\n\n /**\n * Perform Shamir 3-pass commutative decryption within WASM worker\n * This securely decrypts a server-encrypted KEK (key encryption key)\n * which the wasm worker uses to unlock a key to decrypt the VRF keypair and loads it into memory\n * The server never knows the real value of the KEK, nor the VRF keypair\n */\n async shamir3PassDecryptVrfKeypair({\n nearAccountId,\n kek_s_b64u,\n ciphertextVrfB64u,\n serverKeyId,\n }: {\n nearAccountId: AccountId;\n kek_s_b64u: string;\n ciphertextVrfB64u: string;\n serverKeyId: string;\n }): Promise<{ success: boolean; error?: string }> {\n const result = await this.vrfWorkerManager.shamir3PassDecryptVrfKeypair({\n nearAccountId,\n kek_s_b64u,\n ciphertextVrfB64u,\n serverKeyId,\n });\n\n return {\n success: result.success,\n error: result.error\n };\n }\n\n /**\n * Shamir 3-pass: encrypt the unlocked VRF keypair under the server key\n * Returns a fresh blob to store in IndexedDB for future auto-login.\n */\n async shamir3PassEncryptCurrentVrfKeypair(): Promise<ServerEncryptedVrfKeypair> {\n const res = await this.vrfWorkerManager.shamir3PassEncryptCurrentVrfKeypair();\n return {\n ciphertextVrfB64u: res.ciphertextVrfB64u,\n kek_s_b64u: res.kek_s_b64u,\n serverKeyId: res.serverKeyId,\n };\n }\n\n /**\n * Persist refreshed server-encrypted VRF keypair in IndexedDB.\n */\n async updateServerEncryptedVrfKeypair(\n nearAccountId: AccountId,\n serverEncrypted: ServerEncryptedVrfKeypair\n ): Promise<void> {\n await IndexedDBManager.clientDB.updateUser(nearAccountId, {\n serverEncryptedVrfKeypair: {\n ciphertextVrfB64u: serverEncrypted.ciphertextVrfB64u,\n kek_s_b64u: serverEncrypted.kek_s_b64u,\n serverKeyId: serverEncrypted.serverKeyId,\n updatedAt: Date.now(),\n }\n });\n }\n\n async clearVrfSession(): Promise<void> {\n // In cross-origin dev, skip local worker init; wallet iframe handles PM_LOGOUT\n if (typeof window !== 'undefined' && this.workerBaseOrigin !== window.location.origin) {\n return;\n }\n return await this.vrfWorkerManager.clearVrfSession();\n }\n\n /**\n * Check VRF worker status\n */\n async checkVrfStatus(): Promise<{\n active: boolean;\n nearAccountId: AccountId | null;\n sessionDuration?: number\n }> {\n return this.vrfWorkerManager.checkVrfStatus();\n }\n\n /**\n * Mint/refresh a VRF-owned warm signing session using an already-collected WebAuthn credential.\n *\n * This is used to avoid a second TouchID prompt during login flows when we already\n * performed an authentication ceremony (e.g., to unlock the VRF keypair).\n *\n * Notes:\n * - This method does not initiate a WebAuthn prompt.\n * - Contract verification is optional and only performed when `contractId` + `nearRpcUrl` are provided.\n */\n async mintSigningSessionFromCredential(args: {\n nearAccountId: AccountId;\n credential: WebAuthnAuthenticationCredential;\n remainingUses?: number;\n ttlMs?: number;\n contractId?: string;\n nearRpcUrl?: string;\n }): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n }> {\n const nearAccountId = toAccountId(args.nearAccountId);\n const sessionId = this.getOrCreateActiveSigningSessionId(nearAccountId);\n\n // Ensure VRF keypair is active and bound to the same account.\n const vrfStatus = await this.vrfWorkerManager.checkVrfStatus();\n if (!vrfStatus.active) {\n throw new Error('VRF keypair not active in memory. Please log in again.');\n }\n if (!vrfStatus.nearAccountId || String(vrfStatus.nearAccountId) !== String(nearAccountId)) {\n throw new Error('VRF keypair active but bound to a different account. Please log in again.');\n }\n\n // Fetch wrapKeySalt from vault so the derived WrapKeySeed can decrypt the stored NEAR keys.\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, IndexedDBManager.clientDB);\n const encryptedKeyData = await IndexedDBManager.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account ${nearAccountId} device ${deviceNumber}`);\n }\n const wrapKeySalt = encryptedKeyData.wrapKeySalt || '';\n if (!wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n // Extract PRF.first_auth from the already-collected credential.\n const { ttlMs, remainingUses } = this.resolveSigningSessionPolicy(args);\n\n await this.vrfWorkerManager.mintSessionKeysAndSendToSigner({\n sessionId,\n wrapKeySalt,\n contractId: args.contractId,\n nearRpcUrl: args.nearRpcUrl,\n ttlMs,\n remainingUses,\n credential: args.credential,\n });\n\n return await this.vrfWorkerManager.checkSessionStatus({ sessionId });\n }\n\n /**\n * Introspect the VRF-owned signing session for UI (no prompt, metadata only).\n * Session usage (`remainingUses`) is decremented on `DISPENSE_SESSION_KEY` calls.\n */\n async getWarmSigningSessionStatus(nearAccountId: AccountId): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n }> {\n const sessionId = this.getOrCreateActiveSigningSessionId(nearAccountId);\n return await this.vrfWorkerManager.checkSessionStatus({ sessionId });\n }\n\n /**\n * Fetch Shamir server key info to support proactive refresh.\n */\n async getShamirKeyInfo(): Promise<{\n currentKeyId: string | null;\n p_b64u: string | null;\n graceKeyIds?: string[]\n } | null> {\n try {\n const relayUrl = this.tatchiPasskeyConfigs?.vrfWorkerConfigs?.shamir3pass?.relayServerUrl;\n if (!relayUrl) return null;\n const res = await fetch(`${relayUrl}/shamir/key-info`, { method: 'GET' });\n if (!res.ok) return null;\n const data = await res.json();\n return {\n currentKeyId: data?.currentKeyId ?? null,\n p_b64u: data?.p_b64u ?? null,\n graceKeyIds: Array.isArray(data?.graceKeyIds) ? data.graceKeyIds : undefined,\n };\n } catch {\n return null;\n }\n }\n\n /**\n * If server key changed and VRF is unlocked in memory, re-encrypt under the new server key.\n * Returns true if refreshed, false otherwise.\n */\n async maybeProactiveShamirRefresh(nearAccountId: AccountId): Promise<boolean> {\n try {\n const relayUrl = this.tatchiPasskeyConfigs?.vrfWorkerConfigs?.shamir3pass?.relayServerUrl;\n if (!relayUrl) return false;\n const userData = await this.getLastUser();\n const stored = userData?.serverEncryptedVrfKeypair;\n if (!stored || !stored.kek_s_b64u || !stored.ciphertextVrfB64u || !stored.serverKeyId) return false;\n\n const keyInfo = await this.getShamirKeyInfo();\n const currentKeyId = keyInfo?.currentKeyId;\n if (!currentKeyId || currentKeyId === stored.serverKeyId) return false;\n\n const status = await this.checkVrfStatus();\n const active = status.active && status.nearAccountId === nearAccountId;\n if (!active) return false;\n\n const refreshed = await this.shamir3PassEncryptCurrentVrfKeypair();\n await this.updateServerEncryptedVrfKeypair(nearAccountId, refreshed);\n return true;\n } catch {\n return false;\n }\n }\n\n ///////////////////////////////////////\n // INDEXEDDB OPERATIONS\n ///////////////////////////////////////\n\n async storeUserData(userData: StoreUserDataInput): Promise<void> {\n await IndexedDBManager.clientDB.storeWebAuthnUserData({\n ...userData,\n deviceNumber: userData.deviceNumber ?? 1,\n version: userData.version || 2,\n });\n }\n\n async getAllUsers(): Promise<ClientUserData[]> {\n return await IndexedDBManager.clientDB.getAllUsers();\n }\n\n async getUserByDevice(nearAccountId: AccountId, deviceNumber: number): Promise<ClientUserData | null> {\n return await IndexedDBManager.clientDB.getUserByDevice(nearAccountId, deviceNumber);\n }\n\n async getLastUser(): Promise<ClientUserData | null> {\n return await IndexedDBManager.clientDB.getLastUser();\n }\n\n async getAuthenticatorsByUser(nearAccountId: AccountId): Promise<ClientAuthenticatorData[]> {\n return await IndexedDBManager.clientDB.getAuthenticatorsByUser(nearAccountId);\n }\n\n async updateLastLogin(nearAccountId: AccountId): Promise<void> {\n return await IndexedDBManager.clientDB.updateLastLogin(nearAccountId);\n }\n\n /**\n * Set the last logged-in user\n * @param nearAccountId - The account ID of the user\n * @param deviceNumber - The device number (defaults to 1)\n */\n async setLastUser(nearAccountId: AccountId, deviceNumber: number = 1): Promise<void> {\n return await IndexedDBManager.clientDB.setLastUser(nearAccountId, deviceNumber);\n }\n\n\n /**\n * Initialize current user authentication state\n * This should be called after VRF keypair is successfully unlocked in memory\n * to ensure the user is properly logged in and can perform transactions\n *\n * @param nearAccountId - The NEAR account ID to initialize\n * @param nearClient - The NEAR client for nonce prefetching\n */\n async initializeCurrentUser(\n nearAccountId: AccountId,\n nearClient?: NearClient,\n ): Promise<void> {\n const accountId = toAccountId(nearAccountId);\n\n // Set as last user for future sessions, preserving the current deviceNumber\n // when it is already known for this account.\n let deviceNumberToUse: number | null = null;\n const lastUser = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (\n lastUser &&\n toAccountId(lastUser.nearAccountId) === accountId &&\n Number.isFinite(lastUser.deviceNumber)\n ) {\n deviceNumberToUse = lastUser.deviceNumber;\n }\n\n if (deviceNumberToUse === null) {\n const userForAccount = await IndexedDBManager.clientDB\n .getUserByDevice(accountId, 1)\n .catch(() => null);\n if (userForAccount && Number.isFinite(userForAccount.deviceNumber)) {\n deviceNumberToUse = userForAccount.deviceNumber;\n }\n }\n\n if (deviceNumberToUse === null) {\n deviceNumberToUse = 1;\n }\n\n await this.setLastUser(accountId, deviceNumberToUse);\n\n // Set as current user for immediate use\n this.userPreferencesManager.setCurrentUser(accountId);\n // Ensure confirmation preferences are loaded before callers read them (best-effort)\n await this.userPreferencesManager.reloadUserSettings().catch(() => undefined);\n\n // Initialize NonceManager with the selected user's public key (best-effort)\n const userData = await IndexedDBManager.clientDB\n .getUserByDevice(accountId, deviceNumberToUse)\n .catch(() => null);\n if (userData && userData.clientNearPublicKey) {\n this.nonceManager.initializeUser(accountId, userData.clientNearPublicKey);\n }\n\n // Prefetch block height for better UX (non-fatal if it fails and nearClient is provided)\n if (nearClient) {\n await this.nonceManager\n .prefetchBlockheight(nearClient)\n .catch((prefetchErr) => console.debug('Nonce prefetch after authentication state initialization failed (non-fatal):', prefetchErr));\n }\n }\n\n async registerUser(storeUserData: StoreUserDataInput): Promise<ClientUserData> {\n return await IndexedDBManager.clientDB.registerUser(storeUserData);\n }\n\n async storeAuthenticator(authenticatorData: {\n credentialId: string;\n credentialPublicKey: Uint8Array;\n transports?: string[];\n name?: string;\n nearAccountId: AccountId;\n registered: string;\n syncedAt: string;\n vrfPublicKey: string;\n deviceNumber?: number;\n }): Promise<void> {\n const deviceNumber = Number(authenticatorData.deviceNumber);\n const normalizedDeviceNumber = Number.isSafeInteger(deviceNumber) && deviceNumber >= 1 ? deviceNumber : 1;\n const authData = {\n ...authenticatorData,\n nearAccountId: toAccountId(authenticatorData.nearAccountId),\n deviceNumber: normalizedDeviceNumber, // Default to device 1 (1-indexed)\n };\n return await IndexedDBManager.clientDB.storeAuthenticator(authData);\n }\n\n extractUsername(nearAccountId: AccountId): string {\n return IndexedDBManager.clientDB.extractUsername(nearAccountId);\n }\n\n async atomicOperation<T>(callback: (db: any) => Promise<T>): Promise<T> {\n return await IndexedDBManager.clientDB.atomicOperation(callback);\n }\n\n async rollbackUserRegistration(nearAccountId: AccountId): Promise<void> {\n return await IndexedDBManager.clientDB.rollbackUserRegistration(nearAccountId);\n }\n\n async hasPasskeyCredential(nearAccountId: AccountId): Promise<boolean> {\n return await IndexedDBManager.clientDB.hasPasskeyCredential(nearAccountId);\n }\n\n /**\n * Atomically store all registration data (user, authenticator, VRF credentials)\n */\n async atomicStoreRegistrationData({\n nearAccountId,\n credential,\n publicKey,\n encryptedVrfKeypair,\n vrfPublicKey,\n serverEncryptedVrfKeypair,\n }: {\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n publicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfPublicKey: string;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }): Promise<void> {\n await this.atomicOperation(async (db) => {\n // Store credential for authentication\n const credentialId: string = credential.rawId;\n const attestationB64u: string = credential.response.attestationObject;\n const transports: string[] = credential.response?.transports;\n\n await this.storeAuthenticator({\n nearAccountId: nearAccountId,\n credentialId: credentialId,\n credentialPublicKey: await this.extractCosePublicKey(attestationB64u),\n transports,\n name: `VRF Passkey for ${this.extractUsername(nearAccountId)}`,\n registered: new Date().toISOString(),\n syncedAt: new Date().toISOString(),\n vrfPublicKey: vrfPublicKey,\n });\n\n // Store WebAuthn user data with encrypted VRF credentials\n await this.storeUserData({\n nearAccountId,\n deviceNumber: 1,\n clientNearPublicKey: publicKey,\n lastUpdated: Date.now(),\n passkeyCredential: {\n id: credential.id,\n rawId: credentialId\n },\n encryptedVrfKeypair: {\n encryptedVrfDataB64u: encryptedVrfKeypair.encryptedVrfDataB64u,\n chacha20NonceB64u: encryptedVrfKeypair.chacha20NonceB64u,\n },\n version: 2,\n serverEncryptedVrfKeypair: serverEncryptedVrfKeypair ? {\n ciphertextVrfB64u: serverEncryptedVrfKeypair?.ciphertextVrfB64u,\n kek_s_b64u: serverEncryptedVrfKeypair?.kek_s_b64u,\n serverKeyId: serverEncryptedVrfKeypair?.serverKeyId,\n updatedAt: Date.now(),\n } : undefined,\n });\n\n return true;\n });\n }\n\n ///////////////////////////////////////\n // SIGNER WASM WORKER OPERATIONS\n ///////////////////////////////////////\n\n /**\n * Transaction signing with contract verification and progress updates.\n * Demonstrates the \"streaming\" worker pattern similar to SSE.\n *\n * Requires a successful TouchID/biometric prompt before transaction signing in wasm worker\n * Automatically verifies the authentication with the web3authn contract.\n *\n * @param transactions - Transaction payload containing:\n * - receiverId: NEAR account ID receiving the transaction\n * - actions: Array of NEAR actions to execute\n * @param rpcCall: RpcCallPayload containing:\n * - contractId: Web3Authn contract ID for verification\n * - nearRpcUrl: NEAR RPC endpoint URL\n * - nearAccountId: NEAR account ID performing the transaction\n * @param confirmationConfigOverride: Optional confirmation configuration override\n * @param onEvent: Optional callback for progress updates during signing\n * @param onEvent - Optional callback for progress updates during signing\n */\n async signTransactionsWithActions({\n transactions,\n rpcCall,\n confirmationConfigOverride,\n title,\n body,\n onEvent,\n }: {\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload,\n // Accept partial override; merging happens in handlers layer\n confirmationConfigOverride?: Partial<ConfirmationConfig>,\n title?: string;\n body?: string;\n onEvent?: (update: onProgressEvents) => void,\n }): Promise<SignTransactionResult[]> {\n\n\t if (transactions.length === 0) {\n\t throw new Error('No payloads provided for signing');\n\t }\n\t const activeSessionId = this.getOrCreateActiveSigningSessionId(toAccountId(rpcCall.nearAccountId));\n\t return this.withSigningSession({\n\t sessionId: activeSessionId,\n\t handler: (sessionId) =>\n\t this.signerWorkerManager.signTransactionsWithActions({\n\t transactions,\n\t rpcCall,\n\t confirmationConfigOverride,\n\t title,\n\t body,\n\t onEvent,\n\t sessionId,\n\t }),\n\t });\n\t }\n\n async signDelegateAction({\n delegate,\n rpcCall,\n confirmationConfigOverride,\n title,\n body,\n onEvent,\n }: {\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n // Accept partial override; merging happens in handlers layer\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n onEvent?: (update: onProgressEvents) => void;\n }): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n }> {\n const nearAccountId = toAccountId(rpcCall.nearAccountId || delegate.senderId);\n const normalizedRpcCall: RpcCallPayload = {\n contractId: rpcCall.contractId || this.tatchiPasskeyConfigs.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl || this.tatchiPasskeyConfigs.nearRpcUrl,\n nearAccountId,\n };\n\n\t try {\n\t const activeSessionId = this.getOrCreateActiveSigningSessionId(nearAccountId);\n\t return await this.withSigningSession({ sessionId: activeSessionId, handler: (sessionId) => {\n\t // eslint-disable-next-line no-console\n\t console.debug('[WebAuthnManager][delegate] session created', { sessionId });\n\t return this.signerWorkerManager.signDelegateAction({\n\t delegate,\n\t rpcCall: normalizedRpcCall,\n\t confirmationConfigOverride,\n\t title,\n\t body,\n\t onEvent,\n\t sessionId,\n\t });\n\t }});\n\t } catch (err) {\n\t // eslint-disable-next-line no-console\n\t console.error('[WebAuthnManager][delegate] failed', err);\n\t throw err;\n\t }\n }\n\n async signNEP413Message(payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string | null;\n accountId: AccountId;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n }): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n }> {\n\t try {\n\t const activeSessionId = this.getOrCreateActiveSigningSessionId(payload.accountId);\n\t const contractId = this.tatchiPasskeyConfigs.contractId;\n\t const nearRpcUrl = (this.tatchiPasskeyConfigs.nearRpcUrl.split(',')[0] || this.tatchiPasskeyConfigs.nearRpcUrl);\n\t const result = await this.withSigningSession({\n\t sessionId: activeSessionId,\n handler: (sessionId) =>\n this.signerWorkerManager.signNep413Message({ ...payload, sessionId, contractId, nearRpcUrl }),\n });\n\t if (result.success) {\n\t return result;\n\t } else {\n throw new Error(`NEP-413 signing failed: ${result.error || 'Unknown error'}`);\n }\n } catch (error: any) {\n console.error('WebAuthnManager: NEP-413 signing error:', error);\n return {\n success: false,\n accountId: '',\n publicKey: '',\n signature: '',\n error: error.message || 'Unknown error'\n };\n }\n }\n\n // === COSE OPERATIONS ===\n\n /**\n * Extract COSE public key from WebAuthn attestation object using WASM worker\n */\n async extractCosePublicKey(attestationObjectBase64url: string): Promise<Uint8Array> {\n return await this.signerWorkerManager.extractCosePublicKey(attestationObjectBase64url);\n }\n\n ///////////////////////////////////////\n // PRIVATE KEY EXPORT (Drawer/Modal in sandboxed iframe)\n ///////////////////////////////////////\n\n /** Worker-driven export: two-phase V2 (collect PRF → decrypt → show UI) */\n\t async exportNearKeypairWithUIWorkerDriven(\n\t nearAccountId: AccountId,\n\t options?: { variant?: 'drawer'|'modal', theme?: 'dark'|'light' }\n\t ): Promise<void> {\n\t await this.withSigningSession({ prefix: 'export-session', handler: async (sessionId) => {\n\t // Phase 1: collect PRF via LocalOnly(DECRYPT_PRIVATE_KEY_WITH_PRF) inside VRF worker\n\t // and derive WrapKeySeed with the vault-provided wrapKeySalt.\n\t await this.confirmDecryptAndDeriveWrapKeySeed({ nearAccountId, sessionId });\n\n // Phase 2 + 3: decrypt inside signer worker using the reserved session,\n // then show the export viewer UI.\n\t return this.signerWorkerManager.exportNearKeypairUi({\n\t nearAccountId,\n\t variant: options?.variant,\n\t theme: options?.theme,\n\t sessionId,\n\t });\n\t }});\n\t }\n\n async exportNearKeypairWithUI(\n nearAccountId: AccountId,\n options?: {\n variant?: 'drawer' | 'modal';\n theme?: 'dark' | 'light'\n }\n ): Promise<{ accountId: string; publicKey: string; privateKey: string }>{\n // Route to worker-driven two-phase flow. UI is shown inside the wallet host; no secrets are returned.\n await this.exportNearKeypairWithUIWorkerDriven(nearAccountId, options);\n // Surface the freshest device key for this account to the caller.\n // Prefer last user when it matches the account, else pick the most recently\n // updated user record for this account.\n let userData = await this.getLastUser();\n if (!userData || userData.nearAccountId !== nearAccountId) {\n userData = await IndexedDBManager.clientDB.getLastDBUpdatedUser(nearAccountId);\n }\n return {\n accountId: String(nearAccountId),\n publicKey: String(userData?.clientNearPublicKey || ''),\n privateKey: '',\n };\n }\n\n ///////////////////////////////////////\n // REGISTRATION\n ///////////////////////////////////////\n\n async checkCanRegisterUser({\n contractId,\n credential,\n vrfChallenge,\n authenticatorOptions,\n onEvent,\n }: {\n contractId: string,\n credential: WebAuthnRegistrationCredential,\n vrfChallenge: VRFChallenge,\n authenticatorOptions?: AuthenticatorOptions;\n onEvent?: (update: onProgressEvents) => void\n }): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: any;\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n }> {\n return await this.signerWorkerManager.checkCanRegisterUser({\n contractId,\n credential,\n vrfChallenge,\n authenticatorOptions,\n onEvent,\n nearRpcUrl: this.tatchiPasskeyConfigs.nearRpcUrl,\n });\n }\n\n ///////////////////////////////////////\n // ACCOUNT RECOVERY\n ///////////////////////////////////////\n\n /**\n * Recover keypair from authentication credential for account recovery\n * Uses dual PRF outputs to re-derive the same NEAR keypair and re-encrypt it\n * @param challenge - Random challenge for WebAuthn authentication ceremony\n * @param authenticationCredential - The authentication credential with dual PRF outputs\n * @param accountIdHint - Optional account ID hint for recovery\n * @returns Public key and encrypted private key for secure storage\n */\n async recoverKeypairFromPasskey(\n authenticationCredential: WebAuthnAuthenticationCredential,\n accountIdHint?: string,\n ): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n stored?: boolean;\n }> {\n try {\n // Verify we have an authentication credential (not registration)\n if (!authenticationCredential) {\n throw new Error(\n 'Authentication credential required for account recovery. ' +\n 'Use an existing credential with dual PRF outputs to re-derive the same NEAR keypair.'\n );\n }\n\n // Verify dual PRF outputs are available\n const prfResults = authenticationCredential.clientExtensionResults?.prf?.results;\n if (!prfResults?.first || !prfResults?.second) {\n throw new Error('Dual PRF outputs required for account recovery - both AES and Ed25519 PRF outputs must be available');\n }\n\n\t // Extract PRF.first for WrapKeySeed derivation\n\t // Orchestrate a VRF-owned signing session with WrapKeySeed derivation, then ask\n\t // the signer to recover and re-encrypt the NEAR keypair.\n\t const result = await this.withSigningSession({\n\t prefix: 'recover',\n\t options: { credential: authenticationCredential },\n\t handler: (sessionId) =>\n\t this.signerWorkerManager.recoverKeypairFromPasskey({\n\t credential: authenticationCredential,\n\t accountIdHint,\n\t sessionId,\n\t }),\n\t });\n\t return result;\n\n } catch (error: any) {\n console.error('WebAuthnManager: Deterministic keypair derivation error:', error);\n throw new Error(`Deterministic keypair derivation failed: ${error.message}`);\n }\n }\n\n async getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId,\n challenge,\n credentialIds,\n }: {\n nearAccountId: AccountId;\n challenge: VRFChallenge,\n credentialIds: string[];\n }): Promise<WebAuthnAuthenticationCredential> {\n // Same as getAuthenticationCredentialsSerialized but returns both PRF outputs (PRF.first + PRF.second).\n return this.touchIdPrompt.getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId,\n challenge,\n allowCredentials: credentialIds.map(id => ({\n id: id,\n type: 'public-key',\n transports: ['internal', 'hybrid', 'usb', 'ble'] as AuthenticatorTransport[]\n })),\n });\n }\n\n /**\n * Sign transaction with raw private key\n * for key replacement in device linking\n * No TouchID/PRF required - uses provided private key directly\n */\n async signTransactionWithKeyPair({\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash,\n actions\n }: {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n }): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n }> {\n return await this.signerWorkerManager.signTransactionWithKeyPair({\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash,\n actions\n });\n }\n\n // ==============================\n // USER SETTINGS\n // ==============================\n\n /** * Get user preferences manager */\n getUserPreferences(): UserPreferencesManager {\n return this.userPreferencesManager;\n }\n\n /** * Clean up resources */\n destroy(): void {\n if (this.userPreferencesManager) {\n this.userPreferencesManager.destroy();\n }\n if (this.nonceManager) {\n this.nonceManager.clear();\n }\n this.activeSigningSessionIds.clear();\n }\n\n}\n","/**\n * Offline Export App (minimal, zero-config)\n *\n * Runs under `/offline-export/` on the wallet origin and reuses the\n * WebAuthnManager.exportNearKeypairWithUI() VRF-driven flow to decrypt and\n * display the private key export viewer. No network requests are made.\n *\n * See `docs/vrf2-refactor-export-keys.md` for the canonical export flow design.\n */\nimport { IndexedDBManager } from '../IndexedDBManager';\nimport { MinimalNearClient } from '../NearClient';\nimport { toAccountId } from '../types/accountIds';\nimport { OFFLINE_EXPORT_DONE, OFFLINE_EXPORT_ERROR } from './messages';\nimport type { TatchiConfigsInput } from '../types/tatchi';\nimport { WebAuthnManager } from '../WebAuthnManager';\nimport { TouchIdPrompt } from '../WebAuthnManager/touchIdPrompt';\nimport { createRandomVRFChallenge, type VRFChallenge } from '../types/vrf-worker';\nimport { buildConfigsFromEnv } from '../defaultConfigs';\n\nasync function registerServiceWorker(): Promise<void> {\n if (!('serviceWorker' in navigator)) return;\n // Register and await ready() only in this route; SW is in-scope here\n await navigator.serviceWorker\n .register('/offline-export/sw.js', { scope: '/offline-export/' })\n .catch(() => {});\n await navigator.serviceWorker.ready.catch(() => {});\n}\n\nasync function prewarmSdkAssets(): Promise<void> {\n // Only attempt network warm-up when online; SW will cache responses\n if (!navigator.onLine) return\n try {\n const resp = await fetch('/offline-export/precache.manifest.json', { cache: 'no-cache' })\n const all: string[] = resp.ok ? (await resp.json()) : []\n const priority = new Set<string>([\n '/offline-export/offline-export-app.js',\n '/sdk/offline-export-app.js',\n '/sdk/offline-export.css',\n '/sdk/export-private-key-viewer.js',\n '/sdk/iframe-export-bootstrap.js',\n '/sdk/export-viewer.css',\n '/sdk/export-iframe.css',\n '/offline-export/workers/web3authn-signer.worker.js',\n '/offline-export/workers/web3authn-vrf.worker.js',\n '/offline-export/workers/wasm_signer_worker_bg.wasm',\n '/offline-export/workers/wasm_vrf_worker_bg.wasm',\n '/sdk/workers/web3authn-signer.worker.js',\n '/sdk/workers/web3authn-vrf.worker.js',\n '/sdk/workers/wasm_signer_worker_bg.wasm',\n '/sdk/workers/wasm_vrf_worker_bg.wasm',\n ])\n const pri = Array.from(priority)\n const rest = all.filter((u) => !priority.has(u))\n await Promise.allSettled(pri.map((u) => fetch(u).then(() => void 0)))\n // Warm the remaining entries opportunistically\n const schedule = () => void Promise.allSettled(rest.map((u) => fetch(u).then(() => void 0)))\n try { (window as any).requestIdleCallback ? (window as any).requestIdleCallback(schedule, { timeout: 8000 }) : setTimeout(schedule, 800) } catch { setTimeout(schedule, 800) }\n } catch {}\n\n // Fallback: proactively cache any /sdk/* scripts that the offline page\n // already loaded as part of its initial bundle (e.g. common-*.js vendor chunks).\n // These are requested before the SW takes control, so we re-fetch them once\n // the SW is ready to ensure they are present in the offline cache.\n try {\n const origin = window.location.origin;\n const scriptPaths = Array.from(document.querySelectorAll('script[src]'))\n .map((el) => (el as HTMLScriptElement).src)\n .filter((src) => typeof src === 'string' && src.startsWith(origin + '/sdk/'))\n .map((src) => new URL(src).pathname);\n if (scriptPaths.length > 0) {\n await Promise.allSettled(\n scriptPaths.map((p) => fetch(p).then(() => void 0))\n );\n }\n } catch {}\n}\n\nfunction autoStartIfSingleUser(users: any[], selectedAccount: string, startExport: (acc: string) => Promise<void>): void {\n if (Array.isArray(users) && users.length === 1 && typeof selectedAccount === 'string' && selectedAccount) {\n setTimeout(() => { void startExport(selectedAccount) }, 0)\n }\n}\n\nfunction renderShell(message: string, canExport = false): HTMLButtonElement | null {\n document.documentElement.classList.add('w3a-transparent');\n document.body.classList.add('w3a-transparent');\n const root = document.createElement('div');\n root.className = 'offline-root'\n const h = document.createElement('h1');\n h.textContent = 'Offline Export';\n h.className = 'offline-title'\n const p = document.createElement('p');\n p.textContent = message;\n p.className = 'offline-desc'\n const info = document.createElement('div');\n info.className = 'offline-info';\n try {\n const tick = document.createElement('span');\n tick.className = 'offline-info-tick';\n tick.textContent = '✓';\n const label = document.createElement('span');\n label.textContent = ' Wallet origin: ';\n const url = document.createElement('a');\n url.className = 'offline-info-url';\n const origin = window.location.origin;\n url.href = origin;\n url.textContent = origin;\n url.target = '_blank';\n url.rel = 'noopener noreferrer';\n info.appendChild(tick);\n info.appendChild(label);\n info.appendChild(url);\n } catch {\n info.textContent = '✓ Wallet origin: (unknown)';\n }\n const btn = document.createElement('button');\n btn.textContent = 'Export My Key';\n btn.className = 'offline-btn'\n btn.disabled = !canExport;\n root.appendChild(h);\n root.appendChild(p);\n root.appendChild(info);\n root.appendChild(btn);\n document.body.appendChild(root);\n return canExport ? btn : null;\n}\n\nasync function main(): Promise<void> {\n await registerServiceWorker();\n // Best-effort: warm critical SDK assets so offline flow is reliable.\n // Do not block first paint — fire-and-forget.\n void prewarmSdkAssets();\n try {\n // Ensure worker scripts resolve under SW scope so their subresource fetches (WASM) are controlled\n (window as any).__W3A_SIGNER_WORKER_URL__ = '/offline-export/workers/web3authn-signer.worker.js'\n ;(window as any).__W3A_VRF_WORKER_URL__ = '/offline-export/workers/web3authn-vrf.worker.js'\n const rpOverrideFromMeta = (() => {\n const m = document.querySelector('meta[name=\"tatchi-rpid-base\"]') as HTMLMetaElement | null;\n const v = (m?.content || '').trim();\n return v || undefined;\n })();\n const deriveBaseDomain = (host: string): string | undefined => {\n const parts = (host || '').split('.');\n // Heuristic: use registrable suffix for dev hosts like wallet.example.localhost\n return parts.length >= 3 ? parts.slice(1).join('.') : undefined;\n };\n const inferredBase = deriveBaseDomain(window.location.hostname);\n const effectiveRpIdOverride = rpOverrideFromMeta || inferredBase;\n // Detect last user (same origin IndexedDB)\n const last = await IndexedDBManager.clientDB.getLastUser();\n const users = await IndexedDBManager.clientDB.getAllUsers().catch(() => []);\n\n // Optional preselected account via query string\n const qs = new URLSearchParams((window.location && window.location.search) || '')\n const qsAccountRaw = (qs.get('accountId') || '').trim()\n const qsAccount = qsAccountRaw ? String(toAccountId(qsAccountRaw)) : ''\n\n // Container: message + optional account selector + button + status line\n const defaultAccount = qsAccount || (last?.nearAccountId || '')\n if (!defaultAccount) {\n renderShell('No local account found on this device. Open the wallet once online on this device to prime offline export.');\n return;\n }\n const btn = renderShell('Authenticate with Touch ID/biometrics to export keys offline.', true);\n if (!btn) return;\n const container = btn.parentElement as HTMLDivElement;\n\n // Optional account selector when multiple local users exist\n let selectedAccount = defaultAccount as string;\n if (Array.isArray(users) && users.length > 1) {\n const label = document.createElement('label');\n label.textContent = 'Choose account:';\n label.className = 'offline-label'\n const sel = document.createElement('select');\n sel.className = 'offline-select'\n for (const u of users) {\n const opt = document.createElement('option');\n opt.value = (u as any).nearAccountId;\n opt.textContent = (u as any).nearAccountId;\n if ((u as any).nearAccountId === selectedAccount) opt.selected = true;\n sel.appendChild(opt);\n }\n sel.addEventListener('change', () => { selectedAccount = sel.value; statusEl.textContent = ''; });\n container.insertBefore(sel, btn);\n container.insertBefore(label, sel);\n }\n\n // Status line for inline errors/info\n const statusEl = document.createElement('div');\n statusEl.className = 'offline-status'\n container.appendChild(statusEl);\n\n // Pre-flight: soft-check for local authenticators (do not block)\n async function ensureLocalAuthenticators(acc: string): Promise<any[]> {\n try {\n const authenticators = await IndexedDBManager.clientDB.getAuthenticatorsByUser(acc as any);\n if (!Array.isArray(authenticators) || authenticators.length === 0) {\n console.warn('[offline-export] No local passkeys in IndexedDB; proceeding (resident credentials may still be available)');\n statusEl.textContent = 'Tip: open the wallet on this device once online to prime offline export. If a passkey exists on this device, you can still proceed.';\n return [];\n }\n return authenticators;\n } catch (e) {\n console.warn('[offline-export] Failed to read authenticators; proceeding anyway', e);\n return [];\n }\n }\n\n let started = false;\n const defaultBtnLabel = btn.textContent || 'Export My Key';\n const startExport = async (account: string) => {\n if (started) return;\n started = true;\n btn.disabled = true;\n btn.classList.add('loading');\n try { btn.textContent = 'Exporting…'; btn.setAttribute('aria-busy', 'true'); } catch {}\n statusEl.textContent = '';\n try {\n // Soft-check (non-blocking) — we may still have resident credentials\n const authenticators = await ensureLocalAuthenticators(account);\n\n // Instantiate WebAuthnManager with minimal offline configs. No network RPC is used in export flow.\n const near = new MinimalNearClient('https://rpc.invalid.local');\n const offlineConfigsInput: TatchiConfigsInput = {\n nearRpcUrl: 'https://rpc.invalid.local',\n nearNetwork: 'testnet',\n contractId: 'w3a-v1.testnet',\n walletTheme: 'dark',\n iframeWallet: effectiveRpIdOverride ? { rpIdOverride: effectiveRpIdOverride } : undefined,\n relayer: {\n url: 'https://rpc.invalid.local',\n },\n };\n const offlineConfigs = buildConfigsFromEnv(offlineConfigsInput);\n const webAuthnManager = new WebAuthnManager(offlineConfigs, near);\n console.debug('[offline-export] rpId (hostname):', window.location.hostname);\n if (effectiveRpIdOverride) {\n console.debug('[offline-export] rpIdOverride:', effectiveRpIdOverride);\n }\n try {\n // Attempt direct export using WebAuthnManager's worker-driven flow\n await webAuthnManager.exportNearKeypairWithUI(toAccountId(account), {\n variant: 'drawer',\n theme: 'dark',\n });\n } catch (err: any) {\n const msg = String(err?.message || err || '');\n const isMissingLocalKeyMaterial = msg.includes('Missing local key material for export');\n const isAeadDecryptMismatch =\n msg.includes('Decryption failed: Decryption error: aead::Error') || msg.includes('aead::Error');\n\n if (isMissingLocalKeyMaterial || isAeadDecryptMismatch) {\n // Attempt local recovery of key material from passkey, then retry\n statusEl.textContent = isAeadDecryptMismatch\n ? 'Decryption failed. Attempting recovery with your passkey…'\n : 'Missing local key material. Attempting recovery with your passkey…';\n const tip = new TouchIdPrompt(effectiveRpIdOverride);\n const challenge = createRandomVRFChallenge() as VRFChallenge;\n const allowCredentials = Array.isArray(authenticators) && authenticators.length > 0\n ? authenticators.map((a: any) => ({ id: a.credentialId, type: 'public-key', transports: a.transports as any }))\n : [];\n const authCred = await tip.getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId: account,\n challenge,\n allowCredentials,\n });\n // Recover NEAR keypair using WebAuthnManager's recovery flow\n const rec = await webAuthnManager.recoverKeypairFromPasskey(authCred, account);\n if (!rec.wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in recovered key material; re-register to upgrade vault format.');\n }\n // Store encrypted key locally for this device. Prefer the last logged-in\n // device for this account; fall back to device 1 for legacy cases.\n const accountId = toAccountId(account);\n const [last, latest] = await Promise.all([\n IndexedDBManager.clientDB.getLastUser().catch(() => null),\n IndexedDBManager.clientDB.getLastDBUpdatedUser(accountId).catch(() => null),\n ]);\n const deviceNumber =\n (last && last.nearAccountId === accountId && typeof last.deviceNumber === 'number')\n ? last.deviceNumber\n : (latest && latest.nearAccountId === accountId && typeof latest.deviceNumber === 'number')\n ? latest.deviceNumber\n : 1;\n\n // Safety check: only overwrite local vault material if the recovered public key\n // matches what we already have for this account/device.\n const existing = await IndexedDBManager.clientDB.getUserByDevice(accountId, deviceNumber).catch(() => null);\n if (isAeadDecryptMismatch && !existing) {\n throw new Error(\n `Decryption failed and no local user record was found for '${account}'. ` +\n 'Open the wallet once online on this device to restore local vault state, then retry offline export.'\n );\n }\n const expectedPublicKey = String(existing?.clientNearPublicKey || '');\n if (expectedPublicKey && expectedPublicKey !== rec.publicKey) {\n throw new Error(\n `Selected passkey does not match the existing key for '${account}'. ` +\n 'Please select the correct passkey for this account and try again.'\n );\n }\n\n await IndexedDBManager.nearKeysDB.storeEncryptedKey({\n nearAccountId: account,\n deviceNumber,\n encryptedData: rec.encryptedPrivateKey,\n chacha20NonceB64u: rec.chacha20NonceB64u,\n wrapKeySalt: rec.wrapKeySalt,\n version: 2,\n timestamp: Date.now(),\n });\n // Upsert public key if missing for this device\n if (!existing?.clientNearPublicKey) {\n try { await IndexedDBManager.clientDB.updateUser(accountId, { clientNearPublicKey: rec.publicKey }); } catch {}\n }\n statusEl.textContent = 'Recovered local key material. Opening export viewer…';\n await webAuthnManager.exportNearKeypairWithUI(toAccountId(account), {\n variant: 'drawer',\n theme: 'dark',\n });\n } else {\n throw err;\n }\n }\n // Notify parent (overlay controllers) that the export UI has been shown\n window.parent?.postMessage?.({ type: OFFLINE_EXPORT_DONE, nearAccountId: account }, '*');\n } catch (e: any) {\n console.error('[offline-export] export failed', e);\n const msg = String(e?.message || e || '');\n if (msg.includes('User cancelled secure confirm request')) {\n // Differentiate common NotAllowedError path vs explicit cancel\n statusEl.textContent = `No matching passkeys for this origin or the prompt was cancelled. Ensure this device has a passkey for '${account}' on ${window.location.hostname}, then try again.`;\n } else if (msg.includes('NotAllowedError')) {\n statusEl.textContent = `No matching passkeys available for '${account}' on this device.`;\n } else if (msg.includes('Missing local key material')) {\n statusEl.textContent = 'Missing local key material for export. Open the wallet on this device once online to prime offline export.';\n } else {\n statusEl.textContent = 'Export failed: ' + msg;\n }\n window.parent?.postMessage?.({ type: OFFLINE_EXPORT_ERROR, error: msg }, '*');\n } finally {\n btn.disabled = false;\n btn.classList.remove('loading');\n try { btn.textContent = defaultBtnLabel; btn.removeAttribute('aria-busy'); } catch {}\n started = false;\n }\n };\n\n // Click handler uses current selected account\n btn.addEventListener('click', async () => { await startExport(selectedAccount); });\n } catch (e) {\n console.error('[offline-export] bootstrap failed', e);\n renderShell('Failed to initialize offline export on this device.');\n }\n}\n\nif (document.readyState === 'loading') {\n document.addEventListener('DOMContentLoaded', () => void main());\n} else {\n void main();\n}\n\nexport {}\n"],"x_google_ignoreList":[0,6,7],"mappings":";;;;;;AAAA,MAAM,iBAAiB,QAAQ,iBAAiB,aAAa,MAAM,MAAM,kBAAkB;AAE3F,IAAI;AACJ,IAAI;AAEJ,SAAS,uBAAuB;AAC5B,QAAQ,sBACH,oBAAoB;EACjB;EACA;EACA;EACA;EACA;;;AAIZ,SAAS,0BAA0B;AAC/B,QAAQ,yBACH,uBAAuB;EACpB,UAAU,UAAU;EACpB,UAAU,UAAU;EACpB,UAAU,UAAU;;;AAGhC,MAAM,qCAAqB,IAAI;AAC/B,MAAM,iCAAiB,IAAI;AAC3B,MAAM,wCAAwB,IAAI;AAClC,SAAS,iBAAiB,SAAS;CAC/B,MAAM,UAAU,IAAI,SAAS,SAAS,WAAW;EAC7C,MAAM,iBAAiB;AACnB,WAAQ,oBAAoB,WAAW;AACvC,WAAQ,oBAAoB,SAAS;;EAEzC,MAAM,gBAAgB;AAClB,WAAQ,KAAK,QAAQ;AACrB;;EAEJ,MAAM,cAAc;AAChB,UAAO,QAAQ;AACf;;AAEJ,UAAQ,iBAAiB,WAAW;AACpC,UAAQ,iBAAiB,SAAS;;AAItC,uBAAsB,IAAI,SAAS;AACnC,QAAO;;AAEX,SAAS,+BAA+B,IAAI;AAExC,KAAI,mBAAmB,IAAI,IACvB;CACJ,MAAM,OAAO,IAAI,SAAS,SAAS,WAAW;EAC1C,MAAM,iBAAiB;AACnB,MAAG,oBAAoB,YAAY;AACnC,MAAG,oBAAoB,SAAS;AAChC,MAAG,oBAAoB,SAAS;;EAEpC,MAAM,iBAAiB;AACnB;AACA;;EAEJ,MAAM,cAAc;AAChB,UAAO,GAAG,SAAS,IAAI,aAAa,cAAc;AAClD;;AAEJ,KAAG,iBAAiB,YAAY;AAChC,KAAG,iBAAiB,SAAS;AAC7B,KAAG,iBAAiB,SAAS;;AAGjC,oBAAmB,IAAI,IAAI;;AAE/B,IAAI,gBAAgB;CAChB,IAAI,QAAQ,MAAM,UAAU;AACxB,MAAI,kBAAkB,gBAAgB;AAElC,OAAI,SAAS,OACT,QAAO,mBAAmB,IAAI;AAElC,OAAI,SAAS,QACT,QAAO,SAAS,iBAAiB,KAC3B,SACA,SAAS,YAAY,SAAS,iBAAiB;;AAI7D,SAAO,KAAK,OAAO;;CAEvB,IAAI,QAAQ,MAAM,OAAO;AACrB,SAAO,QAAQ;AACf,SAAO;;CAEX,IAAI,QAAQ,MAAM;AACd,MAAI,kBAAkB,mBACjB,SAAS,UAAU,SAAS,SAC7B,QAAO;AAEX,SAAO,QAAQ;;;AAGvB,SAAS,aAAa,UAAU;AAC5B,iBAAgB,SAAS;;AAE7B,SAAS,aAAa,MAAM;AAQxB,KAAI,0BAA0B,SAAS,MACnC,QAAO,SAAU,GAAG,MAAM;AAGtB,OAAK,MAAM,OAAO,OAAO;AACzB,SAAO,KAAK,KAAK;;AAGzB,QAAO,SAAU,GAAG,MAAM;AAGtB,SAAO,KAAK,KAAK,MAAM,OAAO,OAAO;;;AAG7C,SAAS,uBAAuB,OAAO;AACnC,KAAI,OAAO,UAAU,WACjB,QAAO,aAAa;AAGxB,KAAI,iBAAiB,eACjB,gCAA+B;AACnC,KAAI,cAAc,OAAO,wBACrB,QAAO,IAAI,MAAM,OAAO;AAE5B,QAAO;;AAEX,SAAS,KAAK,OAAO;AAGjB,KAAI,iBAAiB,WACjB,QAAO,iBAAiB;AAG5B,KAAI,eAAe,IAAI,OACnB,QAAO,eAAe,IAAI;CAC9B,MAAM,WAAW,uBAAuB;AAGxC,KAAI,aAAa,OAAO;AACpB,iBAAe,IAAI,OAAO;AAC1B,wBAAsB,IAAI,UAAU;;AAExC,QAAO;;AAEX,MAAM,UAAU,UAAU,sBAAsB,IAAI;;;;;;;;AASpD,SAAS,OAAO,MAAM,SAAS,EAAE,SAAS,SAAS,UAAU,eAAe,IAAI;CAC5E,MAAM,UAAU,UAAU,KAAK,MAAM;CACrC,MAAM,cAAc,KAAK;AACzB,KAAI,QACA,SAAQ,iBAAiB,kBAAkB,UAAU;AACjD,UAAQ,KAAK,QAAQ,SAAS,MAAM,YAAY,MAAM,YAAY,KAAK,QAAQ,cAAc;;AAGrG,KAAI,QACA,SAAQ,iBAAiB,YAAY,UAAU,QAE/C,MAAM,YAAY,MAAM,YAAY;AAExC,aACK,MAAM,OAAO;AACd,MAAI,WACA,IAAG,iBAAiB,eAAe;AACvC,MAAI,SACA,IAAG,iBAAiB,kBAAkB,UAAU,SAAS,MAAM,YAAY,MAAM,YAAY;IAGhG,YAAY;AACjB,QAAO;;AAiBX,MAAM,cAAc;CAAC;CAAO;CAAU;CAAU;CAAc;;AAC9D,MAAM,eAAe;CAAC;CAAO;CAAO;CAAU;;AAC9C,MAAM,gCAAgB,IAAI;AAC1B,SAAS,UAAU,QAAQ,MAAM;AAC7B,KAAI,EAAE,kBAAkB,eACpB,EAAE,QAAQ,WACV,OAAO,SAAS,UAChB;AAEJ,KAAI,cAAc,IAAI,MAClB,QAAO,cAAc,IAAI;CAC7B,MAAM,iBAAiB,KAAK,QAAQ,cAAc;CAClD,MAAM,WAAW,SAAS;CAC1B,MAAM,UAAU,aAAa,SAAS;AACtC,KAEA,EAAE,mBAAmB,WAAW,WAAW,gBAAgB,cACvD,EAAE,WAAW,YAAY,SAAS,iBAClC;CAEJ,MAAM,SAAS,eAAgB,WAAW,GAAG,MAAM;EAE/C,MAAM,KAAK,KAAK,YAAY,WAAW,UAAU,cAAc;EAC/D,IAAIA,WAAS,GAAG;AAChB,MAAI,SACA,YAASA,SAAO,MAAM,KAAK;AAM/B,UAAQ,MAAM,QAAQ,IAAI,CACtBA,SAAO,gBAAgB,GAAG,OAC1B,WAAW,GAAG,QACd;;AAER,eAAc,IAAI,MAAM;AACxB,QAAO;;AAEX,cAAc,cAAc;CACxB,GAAG;CACH,MAAM,QAAQ,MAAM,aAAa,UAAU,QAAQ,SAAS,SAAS,IAAI,QAAQ,MAAM;CACvF,MAAM,QAAQ,SAAS,CAAC,CAAC,UAAU,QAAQ,SAAS,SAAS,IAAI,QAAQ;;AAG7E,MAAM,qBAAqB;CAAC;CAAY;CAAsB;;AAC9D,MAAM,YAAY;AAClB,MAAM,iCAAiB,IAAI;AAC3B,MAAM,mDAAmC,IAAI;AAC7C,MAAM,sBAAsB,EACxB,IAAI,QAAQ,MAAM;AACd,KAAI,CAAC,mBAAmB,SAAS,MAC7B,QAAO,OAAO;CAClB,IAAI,aAAa,UAAU;AAC3B,KAAI,CAAC,WACD,cAAa,UAAU,QAAQ,SAAU,GAAG,MAAM;AAC9C,iBAAe,IAAI,MAAM,iCAAiC,IAAI,MAAM,MAAM,GAAG;;AAGrF,QAAO;;AAGf,gBAAgB,QAAQ,GAAG,MAAM;CAE7B,IAAI,SAAS;AACb,KAAI,EAAE,kBAAkB,WACpB,UAAS,MAAM,OAAO,WAAW,GAAG;AAExC,KAAI,CAAC,OACD;AACJ,UAAS;CACT,MAAM,gBAAgB,IAAI,MAAM,QAAQ;AACxC,kCAAiC,IAAI,eAAe;AAEpD,uBAAsB,IAAI,eAAe,OAAO;AAChD,QAAO,QAAQ;AACX,QAAM;AAEN,WAAS,OAAO,eAAe,IAAI,kBAAkB,OAAO;AAC5D,iBAAe,OAAO;;;AAG9B,SAAS,eAAe,QAAQ,MAAM;AAClC,QAAS,SAAS,OAAO,iBACrB,cAAc,QAAQ;EAAC;EAAU;EAAgB;OAChD,SAAS,aAAa,cAAc,QAAQ,CAAC,UAAU;;AAEhE,cAAc,cAAc;CACxB,GAAG;CACH,IAAI,QAAQ,MAAM,UAAU;AACxB,MAAI,eAAe,QAAQ,MACvB,QAAO;AACX,SAAO,SAAS,IAAI,QAAQ,MAAM;;CAEtC,IAAI,QAAQ,MAAM;AACd,SAAO,eAAe,QAAQ,SAAS,SAAS,IAAI,QAAQ;;;;;;AC5SpE,IAAI;AAaJ,MAAM,oBAAqB,OAAO,gBAAgB,cAAc,IAAI,YAAY,WAAW,EAAE,cAAc;AAAE,OAAM,MAAM;;AAEzH,MAAM,eAAgB,OAAO,kBAAkB,eAAe,aACxD,SAAU,KAAK,MAAM;AACvB,QAAO,kBAAkB,WAAW,KAAK;IAEvC,SAAU,KAAK,MAAM;CACvB,MAAM,MAAM,kBAAkB,OAAO;AACrC,MAAK,IAAI;AACT,QAAO;EACH,MAAM,IAAI;EACV,SAAS,IAAI;;;AAmErB,MAAM,oBAAqB,OAAO,gBAAgB,cAAc,IAAI,YAAY,SAAS;CAAE,WAAW;CAAM,OAAO;KAAU,EAAE,cAAc;AAAE,OAAM,MAAM;;AAE3J,IAAI,OAAO,gBAAgB,YAAe,mBAAkB;AAW5D,MAAM,gBAAiB,OAAO,yBAAyB,cACjD;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,UAAS;AACpC,MAAK,oBAAoB,IAAI,MAAM,MAAM,MAAM,GAAG,MAAM;;;;;;AA8L5D,MAAa,uBAAuB,OAAO,OAAO;CAC9C,cAAc;CAAG,KAAK;CACtB,aAAa;CAAG,KAAK;;;;;;AAMzB,MAAa,qBAAqB,OAAO,OAAO;CAC5C,MAAM;CAAG,KAAK;CACd,OAAO;CAAG,KAAK;CACf,QAAQ;CAAG,KAAK;;;;;;;;;AASpB,MAAa,sBAAsB,OAAO,OAAO;CAC7C,sBAAsB;CAAI,MAAM;CAChC,sBAAsB;CAAI,MAAM;CAChC,wBAAwB;CAAI,MAAM;CAClC,wBAAwB;CAAI,MAAM;;;;;;;AAOtC,MAAa,eAAe,OAAO,OAAO;CACtC,aAAa;CAAK,OAAO;CACzB,kBAAkB;CAAK,OAAO;CAC9B,wBAAwB;CAAK,OAAO;CACpC,wBAAwB;CAAK,OAAO;CACpC,4BAA4B;CAAK,OAAO;CACxC,4BAA4B;CAAK,OAAO;CACxC,OAAO;CAAK,OAAO;;;;;;AAMvB,MAAaC,2BAAyB,OAAO,OAAO;CAChD,UAAU;CAAG,KAAK;CAClB,WAAW;CAAG,KAAK;CACnB,aAAa;CAAG,KAAK;;;;;AAKzB,MAAa,oBAAoB,OAAO,OAAO;CAC3C,6BAA6B;CAAG,KAAK;CACrC,2BAA2B;CAAG,KAAK;CACnC,0BAA0B;CAAG,KAAK;CAClC,6BAA6B;CAAG,KAAK;CACrC,sBAAsB;CAAG,KAAK;CAC9B,4BAA4B;CAAG,KAAK;CACpC,mBAAmB;CAAG,KAAK;CAC3B,+BAA+B;CAAG,KAAK;CACvC,oBAAoB;CAAG,KAAK;;;;;;AAMhC,MAAa,qBAAqB,OAAO,OAAO;CAC5C,oCAAoC;CAAG,KAAK;CAC5C,kCAAkC;CAAG,KAAK;CAC1C,iCAAiC;CAAG,KAAK;CACzC,oCAAoC;CAAG,KAAK;CAC5C,6BAA6B;CAAG,KAAK;CACrC,mCAAmC;CAAG,KAAK;CAC3C,0BAA0B;CAAG,KAAK;CAClC,sCAAsC;CAAG,KAAK;CAC9C,2BAA2B;CAAG,KAAK;CACnC,oCAAoC;CAAG,KAAK;CAC5C,kCAAkC;CAAI,MAAM;CAC5C,iCAAiC;CAAI,MAAM;CAC3C,oCAAoC;CAAI,MAAM;CAC9C,6BAA6B;CAAI,MAAM;CACvC,mCAAmC;CAAI,MAAM;CAC7C,0BAA0B;CAAI,MAAM;CACpC,sCAAsC;CAAI,MAAM;CAChD,2BAA2B;CAAI,MAAM;CACrC,sBAAsB;CAAI,MAAM;CAChC,sBAAsB;CAAI,MAAM;CAChC,wBAAwB;CAAI,MAAM;CAClC,wBAAwB;CAAI,MAAM;;AAGtC,MAAM,qCAAsC,OAAO,yBAAyB,cACtE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,kCAAkC,QAAQ,GAAG;AAkHxF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AA0DtF,MAAM,qCAAsC,OAAO,yBAAyB,cACtE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,kCAAkC,QAAQ,GAAG;AAwCxF,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAsFpF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAkCtF,MAAM,uCAAwC,OAAO,yBAAyB,cACxE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,oCAAoC,QAAQ,GAAG;AAmI1F,MAAM,sCAAuC,OAAO,yBAAyB,cACvE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,mCAAmC,QAAQ,GAAG;AA6EzF,MAAM,gCAAiC,OAAO,yBAAyB,cACjE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6BAA6B,QAAQ,GAAG;AAmFnF,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAsJpF,MAAM,iDAAkD,OAAO,yBAAyB,cAClF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8CAA8C,QAAQ,GAAG;AAgGpG,MAAM,gDAAiD,OAAO,yBAAyB,cACjF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6CAA6C,QAAQ,GAAG;AAuLnG,MAAM,wCAAyC,OAAO,yBAAyB,cACzE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,qCAAqC,QAAQ,GAAG;AAwF3F,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAwCpF,MAAM,8BAA+B,OAAO,yBAAyB,cAC/D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,2BAA2B,QAAQ,GAAG;AAiIjF,MAAM,gCAAiC,OAAO,yBAAyB,cACjE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6BAA6B,QAAQ,GAAG;AA2EnF,MAAM,yBAA0B,OAAO,yBAAyB,cAC1D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,sBAAsB,QAAQ,GAAG;AAiE5E,MAAM,yBAA0B,OAAO,yBAAyB,cAC1D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,sBAAsB,QAAQ,GAAG;AAwC5E,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;AA2EvF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAwJtF,MAAM,mDAAoD,OAAO,yBAAyB,cACpF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gDAAgD,QAAQ,GAAG;AAgHtG,MAAM,kDAAmD,OAAO,yBAAyB,cACnF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,+CAA+C,QAAQ,GAAG;AA+JrG,MAAM,kCAAmC,OAAO,yBAAyB,cACnE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,+BAA+B,QAAQ,GAAG;AAyIrF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAwFtF,MAAM,6BAA8B,OAAO,yBAAyB,cAC9D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,0BAA0B,QAAQ,GAAG;AAyFhF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAgJtF,MAAM,+CAAgD,OAAO,yBAAyB,cAChF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,4CAA4C,QAAQ,GAAG;AAgJlG,MAAM,gCAAiC,OAAO,yBAAyB,cACjE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6BAA6B,QAAQ,GAAG;AAwMnF,MAAM,+BAAgC,OAAO,yBAAyB,cAChE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,4BAA4B,QAAQ,GAAG;AA8HlF,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAgHpF,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;AAsJvF,MAAM,2BAA4B,OAAO,yBAAyB,cAC5D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,wBAAwB,QAAQ,GAAG;AAyM9E,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AA6HpF,MAAM,4BAA6B,OAAO,yBAAyB,cAC7D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,yBAAyB,QAAQ,GAAG;AAmE/E,MAAM,4BAA6B,OAAO,yBAAyB,cAC7D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,yBAAyB,QAAQ,GAAG;AAmE/E,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAqGpF,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;AAgGvF,MAAM,8BAA+B,OAAO,yBAAyB,cAC/D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,2BAA2B,QAAQ,GAAG;AAuJjF,MAAM,qDAAsD,OAAO,yBAAyB,cACtF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,kDAAkD,QAAQ,GAAG;AAmOxG,MAAM,mDAAoD,OAAO,yBAAyB,cACpF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gDAAgD,QAAQ,GAAG;AAgOtG,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;;;;ACrnJvF,MAAaC,8BAAkD;CAC7D,QAAQ;CACR,UAAU;CACV,kBAAkB;CAClB,OAAO;;AAgLT,SAAgB,iBACd,UACoC;AACpC,QACE,SAAS,SAAS,mBAAmB,wBACrC,SAAS,SAAS,mBAAmB,wBACrC,SAAS,SAAS,mBAAmB,0BACrC,SAAS,SAAS,mBAAmB;;AAIzC,SAAgB,gBACd,UACsC;AACtC,QACE,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,oCACrC,SAAS,SAAS,mBAAmB,mCACrC,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,6BACrC,SAAS,SAAS,mBAAmB,+BACrC,SAAS,SAAS,mBAAmB,qCACrC,SAAS,SAAS,mBAAmB,4BACrC,SAAS,SAAS,mBAAmB;;AAIzC,SAAgB,cACd,UACiC;AACjC,QACE,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,oCACrC,SAAS,SAAS,mBAAmB,mCACrC,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,6BACrC,SAAS,SAAS,mBAAmB,+BACrC,SAAS,SAAS,mBAAmB,qCACrC,SAAS,SAAS,mBAAmB,4BACrC,SAAS,SAAS,mBAAmB;;AAMzC,SAAgB,qCAAqC,UAAuH;AAC1K,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,mCAAmC,UAAmH;AACpK,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,qCAAqC,UAAwH;AAC3K,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,4BAA4B,UAAgH;AAC1J,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,kCAAkC,UAAoH;AACpK,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,8BAA8B,UAAoH;AAChK,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,2BAA2B,UAAgH;AACzJ,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,uCACd,UAC2F;AAC3F,QAAO,SAAS,SAAS,mBAAmB;;;;;ACvU9C,MAAMC,cAAmC;CACvC,QAAQ;CACR,WAAW;CACX,WAAW;CACX,eAAe;CACf,oBAAoB;CACpB,qBAAqB;CACrB,oBAAoB;;AAiDtB,IAAa,yBAAb,MAAoC;CAClC,AAAQ;CACR,AAAQ,KAA0B;CAClC,AAAQ,WAAW;CACnB,AAAQ,iCAAuD,IAAI;CAEnE,YAAY,SAAgCC,aAAW;AACrD,OAAK,SAAS;;CAGhB,YAAoB;AAClB,SAAO,KAAK,OAAO;;CAGrB,UAAU,QAAsB;EAC9B,MAAM,OAAO,OAAO,UAAU,IAAI;AAClC,MAAI,CAAC,QAAQ,SAAS,KAAK,OAAO,OAAQ;AAC1C,MAAI;AAAE,GAAC,KAAK,IAAY;UAAmB;AAC3C,OAAK,KAAK;AACV,OAAK,SAAS;GAAE,GAAG,KAAK;GAAQ,QAAQ;;;CAG1C,aAAsB;AACpB,SAAO,KAAK;;CAGd,YAAY,UAAyB;EACnC,MAAM,OAAO,CAAC,CAAC;AACf,MAAI,SAAS,KAAK,SAAU;AAC5B,OAAK,WAAW;AAChB,MAAI,MAAM;AACR,OAAI;AAAE,IAAC,KAAK,IAAY;WAAmB;AAC3C,QAAK,KAAK;;;CAMd,SAAS,UAAuD;AAC9D,OAAK,eAAe,IAAI;AACxB,eAAa;AACX,QAAK,eAAe,OAAO;;;CAI/B,AAAQ,UAAU,OAA6B;AAC7C,OAAK,eAAe,SAAQ,aAAY;AACtC,OAAI;AACF,aAAS;YACF,OAAO;AACd,YAAQ,KAAK,gDAAgD;;;;CAKnE,MAAc,QAA+B;AAC3C,MAAI,KAAK,SACP,OAAM,IAAI,MAAM;AAElB,MAAI,KAAK,GACP,QAAO,KAAK;AAGd,MAAI;AACF,QAAK,KAAK,MAAM,OAAO,KAAK,OAAO,QAAQ,KAAK,OAAO,WAAW;IAClE,UAAU,IAAI,YAAY,aAAa,iBAAuB;AAE1D,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,YAAY;MAEtD,MAAM,YAAY,GAAG,kBAAkBA,YAAU,WAAW,EAAE,SAAS,CAAC,iBAAiB;AACzF,gBAAU,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;;AAEpE,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,eAC1C,IAAG,kBAAkBA,YAAU,eAAe,EAAE,SAAS;AAE3D,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,qBAAqB;MAE/D,MAAM,YAAY,GAAG,kBAAkBA,YAAU,oBAAoB,EAAE,SAAS;OAAC;OAAiB;OAAgB;;AAClH,gBAAU,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;;AAEpE,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,sBAAsB;MAEhE,MAAM,SAAS,GAAG,kBAAkBA,YAAU,qBAAqB,EAAE,SAAS;OAAC;OAAiB;OAAc;;AAC9G,UAAI;AAAE,cAAO,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;cAAkB;;AAEzF,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,qBAAqB;MAE/D,MAAM,SAAS,GAAG,kBAAkBA,YAAU,oBAAoB,EAAE,SAAS,CAAC,iBAAiB;AAC/F,UAAI;AAAE,cAAO,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;cAAkB;;;IAG3F,UAAU;AACR,aAAQ,KAAK;;IAEf,WAAW;AACT,aAAQ,KAAK;;IAEf,kBAAkB;AAChB,aAAQ,KAAK;AACb,UAAK,KAAK;;;AAKd,OAAI;AAAE,UAAM,KAAK,sBAAsB,KAAK;WAAa;WAElDC,KAAU;GACjB,MAAM,MAAM,OAAO,KAAK,WAAW;AACnC,OAAI,KAAK,SAAS,kBAAkB,kCAAkC,KAAK,KAEzE,KAAI;AACF,YAAQ,KAAK;AACb,SAAK,KAAK,MAAM,OAAO,KAAK,OAAO;YAC5B,GAAG;AACV,UAAM;;OAGR,OAAM;;AAIV,SAAO,KAAK;;CAGd,MAAc,sBAAsB,KAAkC;CAMtE,MAAM,YAAyB,KAAqC;EAClE,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,SAAS,MAAM,GAAG,IAAID,YAAU,eAAe;AACrD,SAAO,QAAQ;;CAGjB,MAAM,YAAyB,KAAa,OAAyB;EACnE,MAAM,KAAK,MAAM,KAAK;EACtB,MAAME,QAA0B;GAAE;GAAK;;AACvC,QAAM,GAAG,IAAIF,YAAU,eAAe;;;;;;CASxC,sBAAsB,eAA4C;AAChE,SAAO,sBAAsB;;;;;CAM/B,gBAAgB,eAAkC;EAChD,MAAM,aAAa,sBAAsB;AACzC,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,4BAA4B,WAAW;AAEzD,SAAO,cAAc,MAAM,KAAK;;;;;;;;CASlC,sBAAsB,UAAkB,QAAwB;EAC9D,MAAM,gBAAgB,SACnB,cACA,QAAQ,kBAAkB,IAC1B,UAAU,GAAG;AAChB,SAAO,GAAG,cAAc,GAAG;;CAK7B,MAAM,QAAQ,eAA0B,cAAuD;AAC7F,MAAI,CAAC,cAAe,QAAO;EAE3B,MAAM,aAAa,KAAK,sBAAsB;AAC9C,MAAI,CAAC,WAAW,OAAO;AACrB,WAAQ,KAAK,8BAA8B;AAC3C,UAAO;;EAGT,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;AAE9B,MAAI,OAAO,iBAAiB,UAAU;GACpC,MAAM,MAAM,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW;AAC1D,OAAI,CAAC,IAAK,QAAO;AACjB,UAAO,MAAM,KAAK,0BAA0B,KAAyC;;EAGvF,MAAM,QAAQ,GAAG,YAAYA,YAAU,WAAW,MAAM,MAAM;EAC9D,MAAM,UAAU,MAAM,MAAM,OAAO;AACnC,MAAI,QAAQ,WAAW,EACrB,QAAO;AAGT,MAAI,QAAQ,SAAS,GAAG;AACtB,WAAQ,KACN,uCAAuC,UAAU;AAGnD,WAAQ,IAAI;GACZ,MAAM,gBAAgB,MAAM,KAAK,YAAoC,qBAAqB,YAAY;AACtG,OAAI,iBAAiB,YAAY,cAAc,eAAe,WAAW;IACvE,MAAM,QAAQ,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW,cAAc;AAC1E,QAAI,MACF,QAAO,MAAM,KAAK,0BAChB,OACA,cAAc;;;EAMtB,MAAM,QAAQ,QAAQ;AACtB,MAAI,CAAC,MAAO,QAAO;AACnB,SAAO,MAAM,KAAK,0BAA0B,OAAO;;;;;;CAOrD,MAAM,cAA8C;EAClD,MAAM,gBAAgB,MAAM,KAAK,YAAoC;AACrE,MAAI,CAAC,cAAe,QAAO;EAC3B,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY,cAAc;EAE5C,MAAM,SAAS,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW,cAAc;AAC3E,MAAI,OAAQ,QAAO;AAEnB,SAAO,KAAK,QAAQ;;;CAItB,MAAM,gBAAgB,eAA0B,cAAsD;EACpG,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;EAC9B,MAAM,MAAM,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW;AAC1D,SAAO,OAAyB;;;;;;;;;;CAWlC,MAAM,qBAAqB,eAA0D;EACnF,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI;GACF,MAAM,MAAM,GAAG,YAAYA,YAAU,WAAW,MAAM,MAAM;GAC5D,MAAM,MAAM,MAAM,IAAI,OAAO,YAAY;AACzC,OAAI,MAAM,QAAQ,QAAQ,IAAI,SAAS,GAAG;IACxC,MAAM,SAAU,IAAyB,QAAQ,GAAG,OACjD,EAAE,eAAe,OAAO,EAAE,eAAe,KAAK,IAAI;AAErD,WAAO;;UAEH;AAGR,SAAO;;CAGT,MAAM,qBAAqB,eAA4C;EACrE,MAAM,iBAAiB,MAAM,KAAK,wBAAwB;AAC1D,SAAO,CAAC,CAAC,eAAe,IAAI;;;;;;;;;;;;;;CAe9B,MAAM,qBACJ,eACA,gBACA,yBAIC;AACD,MAAI,eAAe,UAAU,EAC3B,QAAO,EAAE,yBAAyB;EAGpC,MAAM,sBAAsB,YAAY;EACxC,MAAM,WAAW,MAAM,KAAK,cAAc,YAAY;AACtD,MAAI,CAAC,YAAY,SAAS,kBAAkB,oBAC1C,QAAO,EAAE,yBAAyB;EAGpC,MAAM,uBAAuB,SAAS;EACtC,MAAM,iBAAiB,eAAe,QAAO,MAAK,EAAE,iBAAiB;EAIrE,IAAI,uBAAuB,SAAS,kBAAkB;AACtD,MAAI,eAAe,SAAS,KAAK,CAAC,eAAe,MAAK,MAAK,EAAE,iBAAiB,sBAC5E,wBAAuB,eAAe,GAAG;EAK3C,MAAM,iBAAiB,eAAe,QAAO,MAAK,EAAE,iBAAiB;EACrE,MAAM,0BACJ,eAAe,SAAS,IACpB,iBACC,eAAe,SAAS,IAAI,iBAAiB;EAEpD,MAAM,oBACJ,2BAA2B,4BAA4B,uBAEnD,0DAA0D,oBAAoB,uIAG9E;AAEN,SAAO;GAAE;GAAyB;;;;;;;;CAQpC,MAAM,aAAa,eAA4D;EAE7E,MAAM,aAAa,KAAK,sBAAsB,cAAc;AAC5D,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,iDAAiD,WAAW;EAG9E,MAAM,MAAM,KAAK;EAEjB,MAAMG,WAA2B;GAC/B,eAAe,YAAY,cAAc;GACzC,cAAc,cAAc,gBAAgB;GAC5C,SAAS,cAAc,WAAW;GAClC,cAAc;GACd,WAAW;GACX,aAAa;GACb,qBAAqB,cAAc;GACnC,mBAAmB,cAAc;GACjC,aAAa;IACX,YAAY;IACZ,YAAY;IACZ,oBAAoB;;GAGtB,qBAAqB,cAAc;GACnC,2BAA2B,cAAc;;AAG3C,QAAM,KAAK,UAAU;AACrB,SAAO;;CAGT,MAAM,WAAW,eAA0B,SAAiD;EAC1F,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,MAAI,MAAM;GACR,MAAM,cAAc;IAClB,GAAG;IACH,GAAG;IACH,aAAa,KAAK;;AAEpB,SAAM,KAAK,UAAU;AAGrB,QAAK,UAAU;IACb,MAAM;IACN,WAAW;IACX,MAAM;KAAE;KAAS;;;;;CAKvB,MAAM,gBAAgB,eAAyC;AAC7D,QAAM,KAAK,WAAW,eAAe,EAAE,WAAW,KAAK;;;;;;;CAQzD,MAAM,YAAY,eAA0B,eAAuB,GAAkB;EACnF,MAAMC,gBAAwC;GAC5C,WAAW;GACX;;AAEF,QAAM,KAAK,YAAY,qBAAqB;;CAG9C,MAAM,kBACJ,eACA,aACe;EACf,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,MAAI,MAAM;GACR,MAAM,qBAAqB;IACzB,GAAG,KAAK;IACR,GAAG;;AAEL,SAAM,KAAK,WAAW,eAAe,EAAE,aAAa;AAGpD,QAAK,UAAU;IACb,MAAM;IACN,WAAW;IACX,MAAM,EAAE,aAAa;;;;CAK3B,MAAc,0BACZ,MACA,qBACyB;EACzB,MAAM,iBACJ,OAAO,KAAK,iBAAiB,YAAY,OAAO,SAAS,KAAK;AAChE,MAAI,eACF,QAAO;EAGT,MAAM,eAAe;EACrB,MAAMC,QAAwB;GAC5B,GAAI;GACJ;;AAEF,QAAM,KAAK,UAAU;AACrB,SAAO;;CAGT,MAAc,UAAU,UAAyC;EAC/D,MAAM,aAAa,KAAK,sBAAsB,SAAS;AACvD,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,8CAA8C,WAAW;EAG3E,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,IAAIL,YAAU,WAAW;EAGlC,MAAMI,gBAAwC;GAC5C,WAAW,SAAS;GACpB,cAAc,SAAS;;AAGzB,QAAM,KAAK,YAAY,qBAAqB;;;;;;CAO9C,MAAM,sBAAsB,UAAqD;EAC/E,MAAM,aAAa,KAAK,sBAAsB,SAAS;AACvD,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,sDAAsD,WAAW;EAGnF,MAAM,YAAY,YAAY,SAAS;EACvC,MAAM,eAAe,SAAS;EAC9B,IAAI,OAAO,MAAM,KAAK,QAAQ,WAAW;AAEzC,MAAI,CAAC,KACH,QAAO,MAAM,KAAK,aAAa;GAC7B,eAAe;GACf;GACA,qBAAqB,SAAS;GAC9B,mBAAmB,SAAS;GAC5B,qBAAqB,SAAS;GAC9B,SAAS,SAAS,WAAW;GAC7B,2BAA2B,SAAS;;EAIxC,MAAME,cAA8B;GAClC,GAAG;GACH,qBAAqB,SAAS;GAC9B,mBAAmB,SAAS;GAC5B,qBAAqB,SAAS;GAC9B,2BAA2B,SAAS,6BAA6B,KAAK;GACtE,SAAS,SAAS,WAAW,KAAK;GAClC,aAAa,SAAS,eAAe,KAAK;;AAG5C,QAAM,KAAK,UAAU;AACrB,OAAK,UAAU;GACb,MAAM;GACN;GACA,MAAM,EAAE;;;CAIZ,MAAM,cAAyC;EAC7C,MAAM,KAAK,MAAM,KAAK;AACtB,SAAO,GAAG,OAAON,YAAU;;CAG7B,MAAM,WAAW,eAAyC;EACxD,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,OAAOA,YAAU,WAAW;AAErC,QAAM,KAAK,2BAA2B;;CAGxC,MAAM,gBAA+B;EACnC,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,MAAMA,YAAU;;CAG3B,MAAM,mBAAkC;EACtC,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,MAAMA,YAAU;;;;;CAM3B,MAAM,mBAAmB,mBAA2D;EAClF,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,IAAIA,YAAU,oBAAoB;;;;;CAM7C,MAAM,wBAAwB,eAA8D;EAC1F,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;EACvC,MAAM,YAAY,YAAY;EAG9B,MAAM,QAAQ,MAAM,MAAM;AAC1B,SAAO,MAAM,MAAM,OAAO;;;;;CAM5B,MAAM,+BACJ,eACA,cACyC;EACzC,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;EACvC,MAAM,YAAY,YAAY;EAK9B,MAAM,QAAQ,MAAM,MAAM;EAC1B,MAAM,MAAM,MAAM,MAAM,OAAO;EAC/B,MAAM,QAAQ,IAAI,MAAM,SAAc,KAAK,iBAAiB,iBAAiB;AAC7E,SAAO;;;;;CAMT,MAAM,2BAA2B,eAAyC;EACxE,MAAM,iBAAiB,MAAM,KAAK,wBAAwB;EAC1D,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;AAEvC,OAAK,MAAM,QAAQ,eAEjB,OAAM,MAAM,OAAO;GAAC;GAAe,KAAK;GAAc,KAAK;;;;;;CAO/D,MAAM,+BACJ,eACA,wBASe;AAEf,QAAM,KAAK,2BAA2B;EAGtC,MAAM,4BAAW,IAAI,QAAO;AAC5B,OAAK,MAAM,QAAQ,wBAAwB;GAEzC,MAAM,gBAAgB,KAAK,cAAc;GACzC,MAAM,kBAAkB,cAAc,QAAQ,cAC5C,cAAc,UAAa,cAAc,QAAQ,OAAO,cAAc;GAIxE,MAAM,aAAa,gBAAgB,SAAS,IAAI,kBAAkB,CAAC;GAEnE,MAAMO,aAAsC;IAC1C,cAAc,KAAK;IACnB,qBAAqB,KAAK;IAC1B;IACA,MAAM,KAAK;IACX,eAAe,YAAY;IAC3B,cAAc,KAAK,gBAAgB;IACnC,YAAY,KAAK;IACP;IACV,cAAc,KAAK;;AAErB,SAAM,KAAK,mBAAmB;;;;;;CASlC,MAAM,+BAA+B,eAAyC;EAC5E,MAAM,iBAAiB,MAAM,KAAK,wBAAwB;AAE1D,MAAI,eAAe,WAAW,GAAG;AAC/B,WAAQ,KAAK,oCAAoC;AACjD;;EAGF,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYP,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;AAEvC,OAAK,MAAM,QAAQ,eAEjB,OAAM,MAAM,OAAO;GAAC;GAAe,KAAK;GAAc,KAAK;;AAG7D,UAAQ,MAAM,WAAW,eAAe,OAAO,2BAA2B;;;;;;;CAQ5E,MAAM,sBAAsB,eAAuD;EACjF,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,SAAO,MAAM,aAAa,sBAAsB;;;;;;;CAQlD,MAAM,SAAS,eAA4D;EACzE,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,SAAO,MAAM,aAAa,mBAAmB,SAAS;;;;;;;CAQxD,MAAM,SAAS,eAA0B,OAAwC;EAC/E,MAAM,iBAAiB,MAAM,KAAK,sBAAsB;EACxD,MAAM,qBAAqB;GAAE,GAAG;GAAgB;;AAChD,QAAM,KAAK,kBAAkB,eAAe,EAAE;;;;;;;CAQhD,MAAM,kBAAkB,eAAqD;EAC3E,MAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,SAAO,SAAS;;;;;;;CAQlB,MAAM,YAAY,eAAqD;EACrE,MAAM,eAAe,MAAM,KAAK,kBAAkB;EAClD,MAAM,WAAW,iBAAiB,SAAS,UAAU;AACrD,QAAM,KAAK,SAAS,eAAe;AACnC,SAAO;;;;;CAQT,MAAM,kBAAkB,eAA0B,MAA4E;AAC5H,MAAI,CAAC,iBAAiB,CAAC,MAAM,cAAc,CAAC,MAAM,QAAQ,CAAC,MAAM,QAAS;EAC1E,MAAM,aAAa,KAAK,sBAAsB;AAC9C,MAAI,CAAC,WAAW,MAAO;EACvB,MAAMQ,MAA4B;GAChC,eAAe,YAAY;GAC3B,YAAY,OAAO,KAAK;GACxB,MAAM,OAAO,KAAK;GAClB,SAAS,OAAO,KAAK;GACrB,WAAW,KAAK;;EAElB,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,IAAIR,YAAU,qBAAqB;;;;;CAM9C,MAAM,wBAAwB,eAA0B,MAAkF;AACxI,MAAI,CAAC,iBAAiB,CAAC,MAAM,cAAc,CAAC,MAAM,KAAM,QAAO;EAC/D,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,MAAM,MAAM,GAAG,IAAIA,YAAU,qBAAqB;GAAC,YAAY;GAAgB,OAAO,KAAK;GAAa,OAAO,KAAK;;AAC1H,SAAQ,OAAgC;;;;;CAM1C,MAAM,kBAAkB,eAA0B,MAAoE;EACpH,MAAM,MAAM,MAAM,KAAK,wBAAwB,eAAe;AAC9D,SAAO,KAAK,WAAW;;;;;;CASzB,MAAM,qBACJ,eACA,SACe;AACf,MAAI,CAAC,iBAAiB,CAAC,SAAS,OAAQ;EACxC,MAAM,aAAa,KAAK,sBAAsB;AAC9C,MAAI,CAAC,WAAW,MAAO;EAEvB,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;EAC9B,MAAM,MAAM,KAAK;AAEjB,OAAK,MAAM,SAAS,SAAS;GAC3B,MAAM,UAAU,OAAO,OAAO,WAAW,IAAI;GAC7C,MAAM,QAAQ,OAAO,OAAO,SAAS,IAAI;AACzC,OAAI,CAAC,WAAW,CAAC,MAAO;GAExB,MAAMS,MAA2B;IAC/B,eAAe;IACf;IACA;IACA,SAAS;;AAEX,SAAM,GAAG,IAAIT,YAAU,oBAAoB;;;;;;CAO/C,MAAM,kBAAkB,eAA0D;AAChF,MAAI,CAAC,cAAe,QAAO;EAC3B,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;EAC9B,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;EACvC,MAAM,QAAQ,MAAM,MAAM;EAC1B,MAAM,SAAS,MAAM,MAAM,OAAO;AAClC,SAAQ,UAAoC;;;;;;CAO9C,MAAM,gBAAmB,WAAyD;EAChF,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI;GACF,MAAM,SAAS,MAAM,UAAU;AAC/B,UAAO;WACA,OAAO;AACd,WAAQ,MAAM,4BAA4B;AAC1C,SAAM;;;;;;;CAQV,MAAM,yBAAyB,eAAyC;AACtE,UAAQ,MAAM,sCAAsC;AAEpD,QAAM,KAAK,gBAAgB,OAAO,OAAO;AAEvC,SAAM,KAAK,+BAA+B;AAG1C,SAAM,GAAG,OAAOA,YAAU,WAAW;GAGrC,MAAM,kBAAkB,MAAM,KAAK,YAAoB;AACvD,OAAI,oBAAoB,cACtB,OAAM,KAAK,YAAY,qBAAqB;AAG9C,WAAQ,MAAM,yCAAyC;AACvD,UAAO;;;;;;;ACz+Bb,MAAMU,YAAqC;CACzC,QAAQ;CACR,WAAW;CACX,WAAW;CACX,SAAS,CAAC,iBAAiB;;AA4B7B,IAAa,2BAAb,MAAsC;CACpC,AAAQ;CACR,AAAQ,KAA0B;CAClC,AAAQ,WAAW;CAEnB,YAAY,SAAkC,WAAW;AACvD,OAAK,SAAS;;CAGhB,YAAoB;AAClB,SAAO,KAAK,OAAO;;CAGrB,UAAU,QAAsB;EAC9B,MAAM,OAAO,OAAO,UAAU,IAAI;AAClC,MAAI,CAAC,QAAQ,SAAS,KAAK,OAAO,OAAQ;AAC1C,MAAI;AAAE,GAAC,KAAK,IAAY;UAAmB;AAC3C,OAAK,KAAK;AACV,OAAK,SAAS;GAAE,GAAG,KAAK;GAAQ,QAAQ;;;CAG1C,aAAsB;AACpB,SAAO,KAAK;;CAGd,YAAY,UAAyB;EACnC,MAAM,OAAO,CAAC,CAAC;AACf,MAAI,SAAS,KAAK,SAAU;AAC5B,OAAK,WAAW;AAChB,MAAI,MAAM;AACR,OAAI;AAAE,IAAC,KAAK,IAAY;WAAmB;AAC3C,QAAK,KAAK;;;;;;CAOd,MAAc,QAA+B;AAC3C,MAAI,KAAK,SACP,OAAM,IAAI,MAAM;AAElB,MAAI,KAAK,GACP,QAAO,KAAK;AAGd,OAAK,KAAK,MAAM,OAAO,KAAK,OAAO,QAAQ,KAAK,OAAO,WAAW;GAChE,QAAQ,IAAU;AAEhB,QAAI;AAAE,SAAI,GAAG,iBAAiB,SAAS,UAAU,WAAY,IAAG,kBAAkB,UAAU;YAAoB;IAChH,MAAM,QAAQ,GAAG,kBAAkB,UAAU,WAAW,EAAE,SAAS,UAAU;AAC7E,QAAI;AAAE,WAAM,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;YAAkB;;GAExF,UAAU;AACR,YAAQ,KAAK;;GAEf,WAAW;AACT,YAAQ,KAAK;;GAEf,kBAAkB;AAChB,YAAQ,KAAK;AACb,SAAK,KAAK;;;AAId,SAAO,KAAK;;;;;CAMd,MAAM,kBAAkB,MAAuC;EAC7D,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI,CAAC,KAAK,kBACR,OAAM,IAAI,MAAM;AAElB,QAAM,GAAG,IAAI,KAAK,OAAO,WAAW;;;;;CAMtC,MAAM,gBAAgB,eAAuB,cAAwD;EACnG,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,QAAsC;AACtD,OAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,kBAAmB,QAAO;AAC3D,UAAO;IACL,eAAe,IAAI;IACnB,cAAc,IAAI;IAClB,eAAe,IAAI;IACnB,mBAAmB,IAAI;IACvB,aAAa,IAAI;IACjB,SAAS,IAAI;IACb,WAAW,IAAI;;;AAInB,MAAI,OAAO,iBAAiB,UAAU;GACpC,MAAM,MAAM,MAAM,GAAG,IAAI,KAAK,OAAO,WAAW,CAAC,eAAe;GAChE,MAAM,SAAS,SAAS;AACxB,OAAI,OAAQ,QAAO;AAEnB,OAAI,kBAAkB,cACpB,SAAQ,KAAK,6DAA6D,cAAc;AAE1F,OAAI;IACF,MAAM,MAAM,GAAG,YAAY,KAAK,OAAO,WAAW,MAAM,MAAM;IAC9D,MAAM,MAAM,MAAM,IAAI,OAAO;AAC7B,QAAI,MAAM,QAAQ,QAAQ,IAAI,SAAS,GAAG;KAExC,MAAM,SAAU,IAAc,QAAQ,GAAG,MAAO,EAAE,aAAa,EAAE,YAAY,IAAI;AACjF,YAAO,SAAS;;WAEZ;AACR,UAAO;;AAGT,MAAI;GACF,MAAM,MAAM,GAAG,YAAY,KAAK,OAAO,WAAW,MAAM,MAAM;GAE9D,MAAM,MAAM,MAAM,IAAI,OAAO;AAC7B,OAAI,MAAM,QAAQ,QAAQ,IAAI,SAAS,GAAG;IACxC,MAAM,SAAU,IAAc,QAAQ,GAAG,MAAO,EAAE,aAAa,EAAE,YAAY,IAAI;AACjF,WAAO,SAAS;;UAEZ;AACR,SAAO;;;;;CAMT,MAAM,iBAAiB,eAAuB,cAAwC;EACpF,MAAM,eAAe,MAAM,KAAK,gBAAgB,eAAe;AAC/D,SAAO,CAAC,CAAC;;;;;CAMX,MAAM,mBAAmB,eAAuB,cAAsC;EACpF,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI,OAAO,iBAAiB,SAC1B,OAAM,GAAG,OAAO,KAAK,OAAO,WAAW,CAAC,eAAe;OAClD;GAEL,MAAM,KAAK,GAAG,YAAY,KAAK,OAAO,WAAW;GACjD,MAAM,MAAM,GAAG,MAAM,MAAM;GAC3B,IAAI,SAAS,MAAM,IAAI,WAAW,YAAY,KAAK;AACnD,UAAO,QAAQ;AACb,UAAM,GAAG,MAAM,OAAO,OAAO;AAC7B,aAAS,MAAM,OAAO;;AAExB,SAAM,GAAG;;AAEX,UAAQ,MAAM;;;;;CAMhB,MAAM,sBAAmD;EACvD,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,MAAM,MAAM,GAAG,OAAO,KAAK,OAAO;AACxC,SAAQ,IACL,KAAK,QAAQ;AACZ,OAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,kBAAmB,QAAO;AAC3D,UAAO;IACL,eAAe,IAAI;IACnB,cAAc,IAAI;IAClB,eAAe,IAAI;IACnB,mBAAmB,IAAI;IACvB,aAAa,IAAI;IACjB,SAAS,IAAI;IACb,WAAW,IAAI;;KAGlB,QAAQ,QAAiC,QAAQ;;;;;CAMtD,MAAM,gBAAgB,eAAuB,cAAwC;EACnF,MAAM,UAAU,MAAM,KAAK,gBAAgB,eAAe;AAC1D,SAAO,CAAC,CAAC;;;;;;ACpMb,MAAa,kBAAkB,IAAI;AACnC,MAAa,oBAAoB,IAAI;;;;;AA8DrC,IAAa,0BAAb,MAAqC;CACnC,AAAgB;CAChB,AAAgB;CAChB,AAAQ,eAAe;CAEvB,cAAc;AACZ,OAAK,WAAW;AAChB,OAAK,aAAa;;;;;;CAOpB,MAAM,aAA4B;AAChC,MAAI,KAAK,aACP;AAGF,MAAI;AACF,OAAI,KAAK,SAAS,gBAAgB,KAAK,WAAW,cAAc;AAC9D,SAAK,eAAe;AACpB;;AAIF,SAAM,QAAQ,IAAI,CAChB,KAAK,SAAS,YAAY,gBAC1B,KAAK,WAAW,gBAAgB,eAAe;AAGjD,QAAK,eAAe;WACb,OAAO;AACd,WAAQ,KAAK,6CAA6C;;;;;;CAQ9D,IAAI,gBAAyB;AAC3B,SAAO,KAAK;;;;;CAQd,MAAM,gBAAgB,eAInB;EACD,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,WAAW,QAAQ,KAAK,kBAAkB,gBAC5C,OACA,MAAM,KAAK,SAAS,gBAAgB,eAAe;EACvD,MAAM,eAAgB,QAAQ,KAAK,kBAAkB,gBACjD,KAAK,eACL,UAAU;EACd,MAAM,CAAC,SAAS,WAAW,MAAM,QAAQ,IAAI,CAC3C,KAAK,WAAW,gBAAgB,eAAe,eAC/C,KAAK,WAAW,gBAAgB,eAAe;AAGjD,SAAO;GACL;GACA;GACA,SAAS,UAAU,UAAU;;;CAKjC,MAAM,kBACJ,eACA,MACe;AACf,SAAO,KAAK,SAAS,kBAAkB,eAAe;;CAGxD,MAAM,wBACJ,eACA,MACkE;AAClE,SAAO,KAAK,SAAS,wBAAwB,eAAe;;CAG9D,MAAM,kBACJ,eACA,MACwB;AACxB,SAAO,KAAK,SAAS,kBAAkB,eAAe;;CAIxD,MAAM,qBACJ,eACA,SACe;AACf,SAAO,KAAK,SAAS,qBAAqB,eAAe;;CAG3D,MAAM,kBAAkB,eAAsF;AAC5G,SAAO,KAAK,SAAS,kBAAkB;;;AAK3C,MAAa,mBAAmB,IAAI;;;;AC/LpC,SAAS,KAAM,YAAU;AACvB,KAAIC,WAAS,UAAU,IAAO,OAAM,IAAI,UAAU;CAClD,MAAM,WAAW,IAAI,WAAW;AAChC,MAAK,IAAI,IAAI,GAAG,IAAI,SAAS,QAAQ,IACnC,UAAS,KAAK;AAEhB,MAAK,IAAI,IAAI,GAAG,IAAIA,WAAS,QAAQ,KAAK;EACxC,MAAM,IAAIA,WAAS,OAAO;EAC1B,MAAM,KAAK,EAAE,WAAW;AACxB,MAAI,SAAS,QAAQ,IAAO,OAAM,IAAI,UAAU,IAAI;AACpD,WAAS,MAAM;;CAEjB,MAAM,OAAOA,WAAS;CACtB,MAAM,SAASA,WAAS,OAAO;CAC/B,MAAM,SAAS,KAAK,IAAI,QAAQ,KAAK,IAAI;CACzC,MAAM,UAAU,KAAK,IAAI,OAAO,KAAK,IAAI;CACzC,SAAS,OAAQ,QAAQ;AAEvB,MAAI,kBAAkB,YAAY,YAAa,YAAY,OAAO,QAChE,UAAS,IAAI,WAAW,OAAO,QAAQ,OAAO,YAAY,OAAO;WACxD,MAAM,QAAQ,QACvB,UAAS,WAAW,KAAK;AAE3B,MAAI,EAAE,kBAAkB,YAAe,OAAM,IAAI,UAAU;AAC3D,MAAI,OAAO,WAAW,EAAK,QAAO;EAElC,IAAI,SAAS;EACb,IAAI,SAAS;EACb,IAAI,SAAS;EACb,MAAM,OAAO,OAAO;AACpB,SAAO,WAAW,QAAQ,OAAO,YAAY,GAAG;AAC9C;AACA;;EAGF,MAAM,QAAS,OAAO,UAAU,UAAU,MAAO;EACjD,MAAM,MAAM,IAAI,WAAW;AAE3B,SAAO,WAAW,MAAM;GACtB,IAAI,QAAQ,OAAO;GAEnB,IAAI,IAAI;AACR,QAAK,IAAI,MAAM,OAAO,IAAI,UAAU,KAAK,IAAI,WAAY,QAAQ,IAAK,OAAO,KAAK;AAChF,aAAU,MAAM,IAAI,SAAU;AAC9B,QAAI,OAAQ,QAAQ,SAAU;AAC9B,YAAS,QAAQ,SAAU;;AAE7B,OAAI,UAAU,EAAK,OAAM,IAAI,MAAM;AACnC,YAAS;AACT;;EAGF,IAAI,MAAM,OAAO;AACjB,SAAO,QAAQ,QAAQ,IAAI,SAAS,EAClC;EAGF,IAAI,MAAM,OAAO,OAAO;AACxB,SAAO,MAAM,MAAM,EAAE,IAAO,QAAOA,WAAS,OAAO,IAAI;AACvD,SAAO;;CAET,SAAS,aAAc,QAAQ;AAC7B,MAAI,OAAO,WAAW,SAAY,OAAM,IAAI,UAAU;AACtD,MAAI,OAAO,WAAW,EAAK,QAAO,IAAI;EACtC,IAAI,MAAM;EAEV,IAAI,SAAS;EACb,IAAI,SAAS;AACb,SAAO,OAAO,SAAS,QAAQ;AAC7B;AACA;;EAGF,MAAM,QAAU,OAAO,SAAS,OAAO,SAAU,MAAO;EACxD,MAAM,OAAO,IAAI,WAAW;AAE5B,SAAO,MAAM,OAAO,QAAQ;GAE1B,MAAM,WAAW,OAAO,WAAW;AAEnC,OAAI,WAAW,IAAO;GAEtB,IAAI,QAAQ,SAAS;AAErB,OAAI,UAAU,IAAO;GACrB,IAAI,IAAI;AACR,QAAK,IAAI,MAAM,OAAO,IAAI,UAAU,KAAK,IAAI,WAAY,QAAQ,IAAK,OAAO,KAAK;AAChF,aAAU,OAAO,KAAK,SAAU;AAChC,SAAK,OAAQ,QAAQ,QAAS;AAC9B,YAAS,QAAQ,QAAS;;AAE5B,OAAI,UAAU,EAAK,OAAM,IAAI,MAAM;AACnC,YAAS;AACT;;EAGF,IAAI,MAAM,OAAO;AACjB,SAAO,QAAQ,QAAQ,KAAK,SAAS,EACnC;EAEF,MAAM,MAAM,IAAI,WAAW,UAAU,OAAO;EAC5C,IAAI,IAAI;AACR,SAAO,QAAQ,KACb,KAAI,OAAO,KAAK;AAElB,SAAO;;CAET,SAAS,OAAQ,QAAQ;EACvB,MAAM,SAAS,aAAa;AAC5B,MAAI,OAAU,QAAO;AACrB,QAAM,IAAI,MAAM,aAAa,OAAO;;AAEtC,QAAO;EACL;EACA;EACA;;;AAGJ,oBAAe;;;;AC1Hf,IAAI,WAAW;AACf,kBAAeC,cAAM;;;;;;;;;;;ACOrB,MAAa,gBAAgB,SAAsD;AACjF,KAAI,gBAAgB,YAClB,QAAOC,YAAK,OAAO,IAAI,WAAW;AAEpC,KAAI,MAAM,QAAQ,MAChB,QAAOA,YAAK,OAAO,IAAI,WAAW;AAEpC,QAAOA,YAAK,OAAO;;;;;;;;ACNrB,MAAa,yBAAqC;CAEhD,MAAM,YAAY,UAAU,UAAU;CACtC,MAAM,aAAa,sDAAsD,KAAK;CAC9E,MAAM,aAAa,oCAAoC,KAAK;CAG5D,MAAM,gBAAgB,UAAU,iBAAiB;CACjD,MAAM,cAAc,OAAO,OAAO;CAClC,MAAM,gBAAgB,eAAe;CACrC,MAAM,iBAAiB,eAAe;CAGtC,MAAM,iBAAiB,iBAAiB;AAGxC,KAAI,cAAe,iBAAiB,cAClC,QAAO;AAGT,KAAI,cAAe,iBAAiB,kBAAkB,eACpD,QAAO;AAGT,QAAO;;;;;;AAOT,MAAa,iBAA0B;AACrC,KAAI;EACF,MAAM,KAAK,UAAU;EACrB,MAAM,iBAAiB,UAAU,KAAK,OAAO,CAAC,uDAAuD,KAAK;AAC1G,SAAO;SACD;AACN,SAAO;;;;;;;AAQX,MAAa,cAAuB;AAClC,KAAI;EACF,MAAM,KAAK,UAAU;EACrB,MAAM,WAAY,UAAkB,YAAY;EAChD,MAAM,WAAW,OAAO,UAAU,kBAAkB;EACpD,MAAM,QAAQ,mBAAmB,KAAK;EACtC,MAAM,gBAAgB,YAAY,KAAK,OAAO,WAAW;EACzD,MAAM,cAAc,mBAAmB,KAAK;AAC5C,SAAO,SAAS,iBAAiB;SAC3B;AACN,SAAO;;;;;;;AAyBX,MAAa,gCAAyC;AACpD,KAAI;EACF,MAAM,KAAM,UAAkB;AAC9B,SAAO,CAAC,EAAE,MAAM,OAAO,GAAG,aAAa,aAAa,GAAG;SACjD;AACN,SAAO;;;;;;;AAQX,MAAa,gCAAyC;AACpD,KAAI;AACF,MAAI,0BAA2B,QAAO;AACtC,SAAO,WAAW,oBAAoB;SAChC;AAEN,SAAO;;;;;;AA2BX,MAAa,uBAAgC;AAC3C,QAAO,uBAAuB;;;;;ACrIhC,SAAS,MAAM,GAA0C;AACvD,QAAO,CAAC,CAAC,KAAK,OAAO,MAAM,YAAY,CAAC,MAAM,QAAQ;;AAGxD,SAAS,SAAS,GAA4D;AAC5E,KAAI,CAAC,EAAG,QAAO;CACf,MAAM,OAAO,OAAO,KAAK;AACzB,QAAO,KAAK,SAAS,KAAK,KAAK;;AAGjC,IAAa,eAAb,MAAa,qBAAqB,MAAM;CACtC;CACA;CACA;CACA;CACA;CACA;CACA;CAEA,YAAY,QAUT;AACD,QAAM,OAAO;AACb,OAAK,OAAO,OAAO,QAAQ;AAC3B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,OAAO,QAAQ;AAC3B,OAAK,OAAO,OAAO;AACnB,OAAK,QAAQ,OAAO;AACpB,OAAK,QAAQ,OAAO;AACpB,OAAK,UAAU,OAAO;AACtB,OAAK,YAAY,OAAO;;CAG1B,OAAO,gBAAgB,eAAuB,KAAgC;EAC5E,MAAM,MAAM,IAAI,SAAS;EACzB,MAAM,UAAU,IAAI;EAEpB,MAAM,EAAE,SAAS,MAAM,MAAM,OAAO,UAAU,gBAAgB,eAAe;AAE7E,SAAO,IAAI,aAAa;GACtB,SAAS,WAAW,IAAI,WAAW,GAAG,cAAc;GACpD,OAAO,SAAS,QAAQ;GACxB,MAAM,QAAQ;GACd;GACA;GACA,MAAM,IAAI;GACV,MAAM,IAAI,QAAQ;GAClB,WAAW;GACX;;;CAIJ,OAAO,YAAY,eAAuB,SAAc,SAA4B;EAClF,MAAM,EAAE,SAAS,MAAM,MAAM,OAAO,UAAU,gBAAgB,eAAe;AAC7E,SAAO,IAAI,aAAa;GACtB,SAAS,WAAW,GAAG,cAAc;GACrC,OAAO,SAAS,QAAQ;GACxB,MAAM,QAAQ;GACd;GACA;GACA,MAAM;GACN,WAAW;GACX,SAAS;IAAE,SAAS;IAAS;;;;;AAKnC,SAAS,gBAAgB,eAAuB,SAM9C;CACA,MAAM,IAAI,MAAM,WAAW,UAAU;CACrC,MAAM,SAAS,MAAM,GAAG,oBAAqB,EAAG,mBAA+C;AAC/F,KAAI,CAAC,QAAQ;EACX,MAAM,UAAU,IAAI,aAAa,KAAK,UAAU,OAAO;AACvD,SAAO,EAAE,SAAS,GAAG,cAAc,aAAa;;AAElD,QAAO,oBAAoB,eAAe;;AAG5C,SAAS,gBAAgB,eAAuB,SAM9C;CACA,MAAM,IAAI,MAAM,WAAY,UAAsC;AAClE,KAAI,CAAC,EACH,QAAO,EAAE,SAAS,GAAG,cAAc;AAGrC,QAAO,oBAAoB,eAAe;;AAG5C,SAAS,oBAAoB,eAAuB,MAMlD;AAEA,KAAI,MAAM,KAAK,iBAAiB;EAC9B,MAAM,MAAM,KAAK;EACjB,IAAI,OAAO,SAAS,QAAQ;AAC5B,MAAI,MAAM,IAAI,mBACZ,QAAO,qBAAqB,SAAS,IAAI;EAE3C,MAAM,QAAQ,KAAK,WAAW,wBAC1B,mBAAmB,KAAK,MAAM,KAAK,MAAM,wBACzC,mBAAmB;AACvB,SAAO;GACL,SAAS,GAAG,cAAc,2BAA2B,KAAK;GAC1D,MAAM;GACN;GACA;;;AAKJ,KAAI,MAAM,KAAK,cAAc;EAC3B,MAAM,KAAK,KAAK;EAChB,MAAM,MAAM,OAAQ,GAAG,UAAsB,WAAY,GAAG,QAAmB;EAC/E,MAAM,OAAO,MAAM,GAAG,QAAS,GAAG,OAAmC;EACrE,MAAM,OAAO,SAAS,SAAS;EAC/B,MAAM,SAAS,OAAO,QAAQ,WAAW,cAAc,QAAQ;EAC/D,MAAM,QAAQ,gBAAgB;AAC9B,SAAO;GACL,SAAS,GAAG,cAAc,SAAS,OAAO,iBAAiB,KAAK;GAChE,MAAM;GACN;GACA,OAAO;GACP;;;AAKJ,QAAO;EACL,SAAS,GAAG,cAAc;EAC1B,MAAM;EACN,MAAM;EACN,OAAO;;;;;;AC3JX,MAAa,sBAAsB;CACjC,eAAe;CACf,kBAAkB;CAClB,mBAAmB;CACnB,0BAA0B;CAC1B,qBAAqB;CACpB,wBAAwB;;;;;AC2C3B,IAAY,sDAAL;AACL;AACA;AACA;AACA;AACA;;;AAGF,IAAa,oBAAb,MAAa,kBAAkB;CAC7B;CACA;CACA;CAEA,YAAY,MAIT;AACD,OAAK,cAAc,KAAK;AACxB,OAAK,YAAY,KAAK;AACtB,OAAK,cAAc,KAAK;;CAG1B,OAAO,UAAU,OAA+F;AAC9G,SAAO,IAAI,kBAAkB;GAC3B,aAAa,MAAM;GACnB,WAAW,MAAM;GACjB,aAAa,MAAM;;;CAIvB,SAAsB;AAEpB,SAAQ,IAAI,WAAW,KAAK,aAAc;;CAG5C,eAAuB;AACrB,SAAO,aAAa,KAAK;;CAG3B,OAAO,OAAO,OAAsC;AAElD,QAAM,IAAI,MAAM;;;AA6BpB,SAAgB,8BACd,OACwC;AACxC,KAAI,CAAC,MAAO,QAAO;AAGnB,KAAI,MAAM,QAAQ,OAChB,QAAO,IAAI,WAAW,OAAmB;AAI3C,KAAI,YAAY,OAAO,QAAQ;EAC7B,MAAM,OAAO;AACb,SAAO,KAAK,OAAO,MAAM,KAAK,YAAY,KAAK,aAAa,KAAK;;AAInE,KAAI,iBAAiB,YACnB,QAAO;AAGT,QAAO;;AAGT,SAAgB,8BAA8B,QAAmC;CAG/E,MAAM,cAAe,QAAgB;CACrC,MAAMC,YACJ,eAAe,OAAO,gBAAgB,WACjC,cACD;CAIN,MAAM,cAAe,UAAyC;AAC9D,KAAI,WAAW,aACb,QAAQ,YAA6B,KAAK;CAI5C,MAAM,cAAe,UAAmC;AACxD,KAAI,WAAW,cAAc;EAC3B,MAAM,MAAO,YAAkC,KAAK;AACpD,SAAO,aAAa;;CAMtB,MAAM,WAAW,8BACd,UAAwC;AAE3C,KAAI,SACF,QAAO,aAAa;CAGtB,MAAM,WAAW,8BACd,UAAuC;AAE1C,KAAI,SACF,QAAO,aAAa;AAGtB,OAAM,IAAI,MAAM;;AA8BlB,IAAa,oBAAb,MAAa,kBAAwC;CACnD,AAAiB;CAEjB,YAAY,QAA2B;AACrC,OAAK,UAAU,kBAAkB,iBAAiB;;CAGpD,OAAe,iBAAiB,OAAoC;EAClE,MAAM,OAAO,MAAM,QAAQ,SACvB,QACA,MACG,MAAM,UACN,KAAI,QAAO,IAAI,QACf,OAAO;EAEd,MAAM,aAAa,KAAK,KAAI,QAAO;AACjC,OAAI;AACF,WAAO,IAAI,IAAI,KAAK;YACb,KAAK;IACZ,MAAM,UAAU,aAAa,QAAQ,yBAAyB;AAC9D,UAAM,IAAI,MAAM;;;AAIpB,MAAI,CAAC,WAAW,OACd,OAAM,IAAI,MAAM;AAGlB,SAAO,MAAM,KAAK,IAAI,IAAI;;;CAQ5B,AAAQ,iBAAoB,QAAgB,QAAmB;AAC7D,SAAO,KAAK,UAAU;GACpB,SAAS;GACT,IAAI,OAAO;GACX;GACA;;;;CAKJ,MAAc,SAAS,KAAa,aAA2C;EAC7E,MAAM,WAAW,MAAM,MAAM,KAAK;GAChC,QAAQ;GACR,SAAS,EAAE,gBAAgB;GAC3B,MAAM;;AAGR,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,uBAAuB,SAAS,OAAO,GAAG,SAAS;EAGrE,MAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,MAAM,OACT,OAAM,IAAI,MAAM;AAGlB,SAAO,KAAK,MAAM;;;CAIpB,MAAc,oBAAoB,aAA2C;EAC3E,IAAIC;AACJ,OAAK,MAAM,CAAC,OAAO,QAAQ,KAAK,QAAQ,UACtC,KAAI;GACF,MAAM,SAAS,MAAM,KAAK,SAAS,KAAK;AACxC,OAAI,QAAQ,EAAG,SAAQ,KAAK,4CAA4C;AACxE,UAAO;WACA,KAAK;AACZ,eAAY;GACZ,MAAM,YAAY,QAAQ,KAAK,QAAQ,SAAS;AAChD,WAAQ,KAAK,4BAA4B,IAAI,SAAS,YAAY,kBAAkB,GAAG,IAAI,aAAa,QAAQ;AAChH,OAAI,CAAC,UAAW,OAAM,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO;;AAGxE,QAAM,IAAI,MAAM,aAAa,cAAc;;;CAI7C,AAAQ,gBAAmB,KAAkB,eAA0B;AACrE,MAAI,IAAI,MACN,OAAM,aAAa,gBAAgB,eAAe;EAEpD,MAAM,SAAS,IAAI;AAEnB,MAAI,QAAQ,OAAO;GACjB,MAAM,MAAM,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ,KAAK,UAAU,OAAO;AACpF,SAAM,IAAI,aAAa;IAAE,SAAS,GAAG,cAAc,UAAU;IAAO,OAAO;IAAY,MAAM;;;AAE/F,SAAO,IAAI;;;;;CAMb,MAAc,YACZ,QACA,QACA,eACY;EACZ,MAAM,cAAc,KAAK,iBAAiB,QAAQ;EAClD,MAAM,MAAM,MAAM,KAAK,oBAAoB;AAC3C,SAAO,KAAK,gBAAmB,KAAK;;CAOtC,MAAM,MAAmC,QAAqC;AAC5E,SAAO,KAAK,YAAgC,YAAY,OAAO,QAAQ;;CAGzE,MAAM,cAAc,WAAmB,WAAmB,eAA2D;EACnH,MAAM,eAAe;EACrB,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;GACZ,YAAY;;AAEd,SAAO,KAAK,YACV,YAAY,OACZ,QACA;;CAIJ,MAAM,kBAAkB,WAAmB,eAA2D;EACpG,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;;AAEd,SAAO,KAAK,YAA0C,YAAY,OAAO,QAAQ;;CAGnF,MAAM,YAAY,WAAyC;EACzD,MAAM,SAAS;GACb,cAAc;GACd,UAAU;GACV,YAAY;;AAEd,SAAO,KAAK,YAAwC,YAAY,OAAO,QAAQ;;CAGjF,MAAM,SAAS,WAAmB,eAAwD;EACxF,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACd;GACA,YAAY;;EAEd,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,QACA;EAEF,MAAM,aAAa,QAAQ;AAC3B,MAAI,OAAO,eAAe,YAAY,CAAC,WAAW,OAChD,OAAM,IAAI,MAAM;AAElB,SAAO,aAAa;;CAGtB,MAAM,UAAU,QAA8C;AAC5D,SAAO,KAAK,YAAyC,YAAY,OAAO,QAAQ;;CAGlF,MAAM,gBACJ,mBACA,YAA+B,oBAAoB,eACnB;EAChC,MAAM,SAAS;GACb,kBAAkB,8BAA8B;GAChD,YAAY;;EAId,MAAM,cAAc;EACpB,IAAIA,YAAqB;AACzB,OAAK,IAAI,UAAU,GAAG,WAAW,aAAa,UAC5C,KAAI;GACF,MAAM,UAAU,MAAM,KAAK,YAAkD,YAAY,MAAM,QAAQ;GAEvG,MAAM,SAAU,SAAiB;AACjC,OAAI,UAAU,OAAO,WAAW,YAAY,aAAa,QAAQ;IAC/D,MAAM,UAAW,OAAe;AAChC,UAAM,aAAa,YAAY,oBAAoB,SAAS;;AAE9D,UAAO;WACAC,KAAc;AACrB,eAAY;GACZ,MAAM,MAAM,aAAa;GACzB,MAAM,YAAY,wGAAwG,KAAK,OAAO;AACtI,OAAI,CAAC,aAAa,YAAY,YAC5B,OAAM;GAGR,MAAMC,SAAO,MAAM,KAAK,IAAI,GAAG,UAAU;GACzC,MAAM,SAAS,KAAK,MAAM,KAAK,WAAW;AAC1C,SAAM,IAAI,SAAQ,MAAK,WAAW,GAAGA,SAAO;;AAIhD,QAAM,qBAAqB,QAAQ,YAAY,IAAI,MAAM,OAAO;;CAKlE,MAAM,aACJ,YACA,QACA,MACA,YACY;EACZ,MAAM,YAAY;GAChB,cAAc;GACd,UAAU;GACV,YAAY;GACZ,aAAa;GACb,aAAa,aAAa,IAAI,cAAc,OAAO,KAAK,UAAU,OAAO;;EAE3E,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,WACA;EAIF,MAAM,cAAc,OAAO;AAE3B,MAAI,CAAC,MAAM,QAAQ,aAEjB,QAAO;EAGT,MAAM,eAAe,OAAO,aAAa,GAAG;AAE5C,MAAI,CAAC,aAAa,OAChB,QAAO;AAGT,MAAI;GACF,MAAM,SAAS,KAAK,MAAM;AAC1B,UAAO;WACA,YAAY;AACnB,WAAQ,KAAK,wDAAwD;AACrE,WAAQ,KAAK,sBAAsB;GAEnC,MAAM,cAAc,aAAa,QAAQ,UAAU;AACnD,UAAO;;;CAIX,MAAM,KAAW,QAAkE;AACjF,SAAO,KAAK,aAAmB,OAAO,SAAS,OAAO,QAAQ,OAAO;;CAGvE,MAAM,cAAc,EAAE,SAAS,YAG5B;EAED,MAAMC,SAAkC;GACtC,cAAc;GACd,YAAY;GACZ,UAAU;;AAIZ,MAAI,UAAU;AACZ,UAAO,WAAW;AAClB,UAAO,OAAO;;EAIhB,MAAM,gBAAgB,MAAM,KAAK,YAC/B,YAAY,OACZ,QACA;EAIF,MAAMC,iBAAkC;EACxC,MAAMC,yBAAkD;AAGxD,OAAK,MAAM,OAAO,cAAc,KAC9B,KAAI,IAAI,WAAW,eAAe,aAEhC,gBAAe,KAAK;WACX,IAAI,WAAW,cAAc,OAAO,IAAI,WAAW,eAAe,YAAY,kBAAkB,IAAI,WAAW,WAExH,wBAAuB,KAAK;AAIhC,SAAO;GACL;GACA;;;;;;;AC3gBN,MAAa,sBAAsB;AACnC,MAAa,uBAAuB;;;;ACEpC,MAAa,cAAc;CAEzB,OAAO;EACL,MAAM;EACN,SAAS;EACT,KAAK;EACL,KAAK;EACL,OAAO;;CAIT,QAAQ;EACN,MAAM;EACN,MAAM;EACN,aAAa;EACb,UAAU;EACV,eAAe;GACb;GACA;GACA;;;CAKJ,UAAU;EACR,MAAM;EACN,KAAK;EACL,SAAS;;CAIX,SAAS;EACP,UAAU;EACV,cAAc;EACd,YAAY;EACZ,eAAe;;CAIjB,SAAS;EACP,KAAK;EACL,QAAQ;EACR,YAAY;EACZ,aAAa;EACb,eAAe;EACf,gBAAgB;EAChB,kBAAkB;;CAIpB,cAAc;EACZ,KAAK;EACL,QAAQ;EACR,aAAa;EACb,eAAe;EACf,gBAAgB;EAChB,kBAAkB;;;;;;ACxDtB,MAAa,+BAA+B;CAC1C,UAAU;EACR,SAAS;EACT,aAAa;EACb,cAAc;;CAEhB,QAAQ;EACN,KAAK,YAAY,QAAQ;EACzB,MAAM;EACN,MAAM;;CAER,OAAO;EACL,cAAc;EACd,YAAY;;;AAKhB,MAAa,wBAAwB;CACnC,UAAU;EACR,oBAAoB,MAAU;EAC9B,uBAAuB,MAAU;EACjC,qBAAqB,MAAU;EAC/B,qBAAqB;EACrB,6BAA6B;;CAE/B,OAAO,EACL,2BAA2B;;;;;;;;;;;;;;ACrB/B,SAAgB,0BAAkC;CAChD,IAAI,SAAS;AACb,KAAI,OAAO,WAAW,eAAe,OAAO,UAAU,OACpD,UAAS,OAAO,SAAS;AAE3B,KAAI;EACF,MAAM,eAAgB,QAAgB;AACtC,MAAI,aACF,UAAS,IAAI,IAAI,cAAc,UAAU,yBAAyB;SAE9D;AACR,QAAO;;AAiBT,SAAgB,iBACd,OACA,MACQ;CACR,MAAM,SAAS,KAAK;CACpB,MAAM,aAAa,KAAK,cAAc,8BAA8B,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS,OAAO;AACpI,KAAI;EAEF,MAAM,QAAS,OAAO,WAAW,cAAe,SAAiB;EACjE,MAAM,WAAW,WAAW,WAAW,MAAM,4BAA4B,MAAM;EAC/E,MAAM,YAAa,OAAO,aAAa,YAAY,WAAY,WAAY,SAAS,kBAAkB;AACtG,MAAI,gBAAgB,KAAK,WACvB,QAAO,IAAI,IAAI,WAAW;AAE5B,SAAO,IAAI,IAAI,WAAW,YAAY;SAChC;AACN,MAAI;AAAE,UAAO,IAAI,IAAI,SAAS,kBAAkB,SAAS,YAAY;UAAmB;AACxF,SAAO,SAAS,kBAAkB;;;AAQtC,SAAS,kBAAkB,QAAkC;AAC3D,QAAO,WAAW,WAAW,4CAA4C;;;;;;;;;;;;;ACvD3E,MAAa,uBAAuB;CAClC,2BAA2B;CAC3B,8BAA8B;CAC9B,iCAAiC;CACjC,cAAc;;;;;;;;ACsChB,SAAgB,6BAA6B,KAAiD;AAC5F,KAAI,CAACC,WAAS,QAAQ,OAAQ,IAAY,SAAS,SACjD,QAAO;CAET,MAAM,OAAQ,IAAY;AAC1B,QAAO,SAAS,qBAAqB,gCAChC,SAAS,qBAAqB,mCAC9B,SAAS,qBAAqB;;AAGrC,SAASA,WAAS,OAAkD;AAClE,QAAO,OAAO,UAAU,YAAY,UAAU;;;;;;;;;;AAahD,SAAgB,sBACd,QACA,SAYe;CACf,MAAM,EACJ,aACA,WACA,WACA,YAAY,KACZ,cACE;CAEJ,MAAM,eAAe,MAAM,QAAQ,eAAe,cAAc,CAAC;AAEjE,QAAO,IAAI,SAAe,SAAS,WAAW;EAC5C,MAAM,UAAU,iBAAiB;AAC/B;AACA,0BAAO,IAAI,MACT,wCAAwC,aAAa,KAAK,KAAK,GAAG,YAAY,gBAAgB,cAAc;KAE7G;EAEH,MAAM,kBAAkB,UAAwB;GAC9C,MAAM,MAAM,MAAM;AAGlB,OAAI,CAAC,OAAO,OAAO,IAAI,SAAS,SAC9B;AAIF,OAAI,aAAa,IAAI,cAAc,UACjC;AAIF,OAAI,aAAa,IAAI,SAAS,WAAW;AACvC;IACA,MAAM,QAAQ,IAAI,SAAS;AAC3B,2BAAO,IAAI,MAAM,0BAA0B;AAC3C;;AAIF,OAAI,aAAa,SAAS,IAAI,OAAO;AAEnC,QAAI,UACF,KAAI;KACF,MAAM,gBAAgB,UAAU;AAChC,SAAI,CAAC,cACH;aAEK,KAAK;AACZ;AACA,YAAO;AACP;;AAIJ;AACA;;;EAIJ,MAAM,gBAAgB;AACpB,gBAAa;AACb,UAAO,oBAAoB,WAAW;;AAGxC,SAAO,iBAAiB,WAAW;;;;;;;;;;;;AAavC,SAAgB,yBACd,QACA,WACA,YAAoB,KACL;AACf,QAAO,sBAAsB,QAAQ;EACnC,aAAa,qBAAqB;EAClC,WAAW,qBAAqB;EAChC;EACA;;;;;;;;;;;;;AC8VJ,eAAsB,iCAAiC,EACrD,YACA,YACA,cACA,YACA,wBAOsC;AACtC,KAAI;EACF,MAAM,UAAU;GACd,gBAAgB,MAAM,KAAK,gBAAgB,aAAa;GACxD,YAAY,MAAM,KAAK,gBAAgB,aAAa;GACpD,WAAW,MAAM,KAAK,gBAAgB,aAAa;GACnD,YAAY,MAAM,KAAK,gBAAgB,aAAa;GACpD,SAAS,aAAa;GACtB,OAAO,aAAa;GACpB,cAAc,OAAO,aAAa;GAClC,YAAY,MAAM,KAAK,gBAAgB,aAAa;;EAGtD,MAAM,OAAO;GACX,UAAU;GACV,uBAAuB;GACvB,uBAAuB;;EAGzB,MAAM,WAAW,MAAM,WAAW,aAChC,YACA,2BACA;EAGF,MAAM,WAAW,CAAC,CAAC,UAAU;AAC7B,SAAO;GACL,SAAS;GACT;GACA,MAAM;GACN,OAAO,WAAW,SAAY;;UAEzBC,KAAc;AACrB,SAAO;GACL,SAAS;GACT,UAAU;GACV,MAAM;GACN,OAAO,aAAa,QAAQ;;;;;;;ACjjBlC,eAAsB,qBAAqB,EACzC,KACA,cACA,YACA,YACA,YACA,sBACA,WAqBC;AACD,KAAI;EAEF,MAAM,gBAAgB,SAA0D;AAC9E,OAAI,CAAC,SAAS,MAAO,QAAO;GAC5B,MAAM,OAAQ,KAAgC;AAC9C,OAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,UAAO,SAAU,KAAsC,mBAClD,SAAU,KAAyC;;EAG1D,MAAMC,uBAAuD,aAAa,cACtE,aACA,uCAAuC,EAAc;EAGzD,MAAM,qBAAqB,cAAc,gCAAgC;AAEzE,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ;GACR,SAAS;;EAKX,MAAM,qBAAqB,qBAAqD;EAEhF,MAAMC,SAAqC,MAAM,iCAAiC;GAChF,YAAY,IAAI;GAChB,YAAY;GACZ;GACA,YAAY;GACZ;;AAGF,MAAI,CAAC,OAAO,QACV,OAAM,IAAI,MAAM,OAAO,SAAS;EAGlC,MAAM,aAAa;GACjB,UAAU,OAAO;GACjB,kBAAkB;GAClB,MAAM,OAAO;GACb,OAAO,OAAO;;AAGhB,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ,OAAO,WAAW,YAAmB;GAC7C,SAAS,OAAO,WAAW,qCAAsC,OAAO,SAAS;;AAGnF,SAAO;GACL,SAAS;GACT,UAAU,WAAW;GACrB,kBAAkB,WAAW;GAC7B,MAAM,WAAW;GACjB,OAAO,WAAW;;UAGbC,OAAgB;AAEvB,UAAQ,MAAM,gCAAgC;AAC9C,SAAO;GACL,SAAS;GACT,UAAU;GACV,OAAO,aAAa,UAAU;GAC9B,MAAM;;;;;;;;;;;;;;;;;;;;;;AC/FZ,IAAY,4EAAL;AACL;AACA;AACA;;;AAaF,MAAa,gCAAgC,qBAA4F;AACvI,SAAQ,kBAAR;EACE,KAAK,uBAAuB,SAC1B,iCAAOC;EACT,KAAK,uBAAuB,UAC1B,iCAAOC;EACT,KAAK,uBAAuB,YAC1B,iCAAOC;EACT,QACE,iCAAOD;;;;;;AAYb,MAAaE,gCAAsD;CACjE,kBAAkB,uBAAuB;CACzC,cAAc;EACZ,QAAQ;EACR,gBAAgB;EAChB,UAAU;;;;;;AC1Dd,SAAgB,cACd,WACA,SAC2B;AAE3B,KAAI,CAAC,UACH,OAAM,IAAI,MAAM;CAGlB,MAAM,WAAY,SAAiB;AACnC,KAAI,YAAY,aAAa,UAC3B,OAAM,IAAI,MACR,qCAAqC,SAAS,uCAAuC,UAAU;AAInG,QAAO;EAAE,GAAG;EAAS;;;;;;;;;;ACCvB,eAAsB,0CAA0C,EAC9D,KACA,YACA,eACA,SACA,aAoBC;AACD,KAAI;AAGF,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAEhC,MAAM,WAAW,MAAM,IAAI,YAA2D;GACpF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KACjB;KACf;KACA,sBAAsB,SAAS,uBAAuB;MACpD,kBAAkB,6BAA6B,QAAQ,qBAAqB;MAC5E,cAAc,QAAQ,qBAAqB;SACzC;;;;AAKV,MAAI,CAAC,qCAAqC,UACxC,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;EAC5B,MAAM,UAAW,WAAmB,WAAW;EAC/C,MAAM,uBAAuB,WAAW;EAExC,MAAM,eAAgB,OAAO,SAAS,iBAAiB,WACnD,QAAS,eACT,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACnE,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GACjB;GACf;GACA,eAAe,WAAW;GAC1B;GACA,aAAa;GACb;GACA,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,SAAO;GACL,SAAS;GACT,eAAe,YAAY,WAAW;GACtC,WAAW,WAAW;GACtB;GACA,aAAa;;UAERC,OAAgB;AACvB,UAAQ,MAAM,qEAAqE;EACnF,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT;GACA,WAAW;GACX,OAAO;;;;;;;AC3Fb,eAAsB,yBAAyB,EAC7C,KACA,eACA,gBACA,aAMqE;AACrE,KAAI;AACF,UAAQ,KAAK;EAEb,MAAM,eAAe,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;EAGzD,MAAM,WAAW,MAAM,IAAI,YAAY;GACrC;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KACjB;KACf,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAAC,kCAAkC,WAAW;AAChD,WAAQ,MAAM,4DAA4D;GAC1E,MAAM,eAAe,SAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAElC,SAAO;GACL,qBAAqB,SAAS,QAAQ;GACtC,eAAe,YAAY,SAAS,QAAQ;;UAEvCC,OAAgB;AACvB,UAAQ,MAAM,2DAA2D;AACzE,QAAM;;;;;;;;;;;;;;;;;;;;;ACpBV,eAAsB,kBACpB,QACA,WACA,YACA,YAAoB,KACL;CAEf,MAAM,cAAc,yBAAyB,QAAQ,WAAW;AAGhE,QAAO,YACL;EAAE,MAAM,qBAAqB;EAA2B;IACxD,CAAC;AAIH,OAAM;;AAGR,MAAa,0BAAkC;AAC7C,QAAQ,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAClE,OAAO,eACP,gBAAgB,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;;;;;;;;;ACnCrE,eAAsB,4BAA4B,EAChD,KACA,cACA,SACA,SACA,4BACA,OACA,MACA,WAAW,qBAeT;AACF,KAAI;AACF,MAAI,aAAa,WAAW,EAC1B,OAAM,IAAI,MAAM;EAGlB,MAAM,YAAY,qBAAqB;EACvC,MAAM,gBAAgB,QAAQ;AAG9B,eAAa,SAAS,WAAW,YAAY;AAC3C,aAAU,QAAQ,SAAS,QAAQ,gBAAgB;AACjD,QAAI;AACF,4BAAuB;aAChB,OAAO;AACd,WAAM,IAAI,MAAM,eAAe,QAAQ,WAAW,YAAY,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU;;;;AAMnI,UAAQ,MAAM,yEAAyE;EACvF,MAAM,eAAe,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AAEvF,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;EAIzD,MAAM,kBAAkB;GACtB,YAAY,QAAQ,cAAc,gCAAgC;GAClE,YAAY,QAAQ,cAAe,gCAAgC,WAAW,MAAM,KAAK,MAAM,gCAAgC;GAC/H,eAAe,QAAQ;;AAMzB,MAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;EAElB,MAAM,eAAe,MAAM,IAAI,iBAAiB,gCAAgC;GAC9E;GACA;GACA,MAAM;GACN,mBAAmB;GACnB,SAAS;GACT;GACA;GACA;;EAGF,MAAM,eAAe,aAAa;EAClC,MAAM,qBAAqB,aAAa;EACxC,MAAM,aAAa,aAAa,aAAa,KAAK,UAAU,aAAa,cAAc;EAIvF,MAAMC,oBAA0C,aAAa,KAAI,QAAO;GACtE,eAAe,QAAQ;GACvB,YAAY,GAAG;GACf,SAAS,GAAG;;EAId,MAAM,WAAW,MAAM,IAAI,YAAY;GACrC;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS;KACP,SAAS;KACT,WAAW,KAAK;KAChB,YAAY;MACV,yBAAyB,iBAAiB;MAC1C,sCAAsC,iBAAiB;;KAEtC;KACnB;KACA;KACA;;;GAGJ;;AAGF,MAAI,CAAC,qCAAqC,WAAW;AACnD,WAAQ,MAAM,sDAAsD;GACpE,MAAM,eAAe,SAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAElC,MAAI,CAAC,SAAS,QAAQ,QACpB,OAAM,IAAI,MAAM,SAAS,QAAQ,SAAS;EAG5C,MAAM,qBAAqB,SAAS,QAAQ,sBAAsB;AAClE,MAAI,mBAAmB,WAAW,aAAa,OAC7C,OAAM,IAAI,MAAM,YAAY,aAAa,OAAO,oCAAoC,mBAAmB;EAIzG,MAAM,UAAU,mBAAmB,KAAK,UAAU,UAAU;AAC1D,OAAI,CAAC,YAAY,CAAC,SAAS,eAAe,CAAC,SAAS,UAClD,OAAM,IAAI,MAAM,+DAA+D,QAAQ;AAEzF,UAAO;IACL,mBAAmB,IAAI,kBAAkB;KACvC,aAAa,SAAS;KACtB,WAAW,SAAS;KACpB,aAAa,MAAM,KAAK,SAAS,cAAc;;IAEjD,eAAe,YAAY;IAC3B,MAAM,SAAS,QAAQ;;;AAI3B,SAAO;UAEAC,OAAgB;AACvB,UAAQ,MAAM,qDAAqD;AACnE,QAAM;;;;;;ACnJV,SAAS,gCAAgC,OAAgD;AACvF,KAAI,SAAS,KAAM,QAAO;AAC1B,KAAI,CAAC,SAAS,OACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,kBACA,WACA,eACA,aACA,kBACE;CASJ,MAAM,6BAA6B,aACjC,kBACA;CAEF,MAAM,sBAAsB,aAAa,WAAW;CACpD,MAAM,0BAA0B,aAC9B,eACA;CAEF,MAAM,wBAAwB,aAAa,aAAa;CAExD,IAAI,0BAA0B;AAC9B,KAAI,2BAA2B,QAAQ,CAAC,SAAS,yBAC/C,OAAM,IAAI,MAAM;AAElB,KAAI,2BAA2B,KAE7B,2BAA0B,EAAE,OAAO;AAGrC,QAAO;EACL,kBAAkB;EAClB,WAAW;EACX,eAAe;EACf,aAAa;EACb,eAAe;;;AAInB,SAAS,wBAAwB,OAA4D;AAC3F,KAAI,SAAS,KAAM,QAAO;CAE1B,MAAM,OAAO,gCAAgC;AAC7C,KAAI,KAAK,SAAS,aAChB,OAAM,IAAI,MAAM;CAGlB,MAAM,EAAE,IAAI,OAAO,UAAU,4BAA4B;AAQzD,cAAa,IAAI;AACjB,cAAa,OAAO;AAEpB,KAAI,CAAC,SAAS,UACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,gBACA,mBACA,eACE;AAMJ,cAAa,gBAAgB;AAC7B,cAAa,mBAAmB;AAEhC,KAAI,CAAC,MAAM,QAAQ,YACjB,OAAM,IAAI,MAAM;AAElB,MAAK,MAAM,KAAK,WACd,KAAI,OAAO,MAAM,SACf,OAAM,IAAI,MAAM;AAIpB,KAAI,2BAA2B,QAAQ,OAAO,4BAA4B,SACxE,OAAM,IAAI,MAAM;AAOlB,QAAO;;AAGT,SAAS,0BAA0B,OAA0C;AAC3E,KAAI,SAAS,KAAM,QAAO;AAC1B,QAAO,qBAAqB;;AAG9B,SAAgB,0DACd,SAC2C;AAE3C,KAAI,CAAC,SAAS,SACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,WACA,WACA,cACA,YACA,cACA,oBACA,UACE;CAUJ,MAAM,sBAAsB,aAAa,WAAW;CAGpD,MAAM,yBACJ,gBAAgB,OAAO,KAAK,aAAa,cAAc;CAEzD,MAAM,uBACJ,cAAc,OAAO,wBAAwB,cAAc;AAE7D,KAAI,CAAC,qBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,yBACJ,gBAAgB,OAAO,0BAA0B,gBAAgB;AAEnE,KAAI,CAAC,uBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,+BACJ,sBAAsB,OAAO,gCAAgC,sBAAsB;CAErF,MAAM,kBACJ,SAAS,OAAO,SAAY,aAAa,OAAO;AAElD,QAAO;EACL,WAAW,CAAC,CAAC;EACb,WAAW;EACX,cAAc;EACd,YAAY;EACZ,cAAc;EACd,oBAAoB;EACpB,OAAO;;;AAIX,MAAa,uBAAuB,UAAkB;AACpD,QAAO,MAAM,WAAW,cAAc,QAAQ,WAAW;;AAG3D,MAAa,qBAAqB,OAAiD;AACjF,KAAI,OAAO,OAAO,SAChB,QAAO;AAET,QAAO,oBAAoB,aAAa,GAAG;;;;;ACtL7C,eAAsB,mBAAmB,EACvC,KACA,UACA,SACA,SACA,4BACA,OACA,MACA,WAAW,qBAeV;CACD,MAAM,YAAY,qBAAqB;CACvC,MAAM,gBAAgB,QAAQ,iBAAiB,SAAS;CAExD,MAAM,kBAAkB;EACtB,YAAY,QAAQ,cAAc,gCAAgC;EAClE,YAAY,QAAQ,cAAe,gCAAgC,WAAW,MAAM,KAAK,MAAM,gCAAgC;EAC/H;;CAGF,MAAM,cAAc,SAAS,QAAQ,IAAI;AACzC,aAAY,SAAS,QAAQ,gBAAgB;AAC3C,MAAI;AACF,0BAAuB;WAChB,OAAO;AACd,SAAM,IAAI,MACR,mBAAmB,YAAY,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO;;;CAK3G,MAAM,eAAe,MAAM,4BAA4B,eAAe,IAAI,UAAU;CACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;AAEzD,KAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;CAGlB,MAAM,eAAe,MAAM,IAAI,iBAAiB,gCAAgC;EAC9E;EACA;EACA,MAAM;EACN;EACA,UAAU;GACR,UAAU,SAAS,YAAY;GAC/B,YAAY,SAAS;GACrB,SAAS;GACT,OAAO,SAAS;GAChB,gBAAgB,SAAS;;EAE3B,SAAS;EACT;EACA;EACA;;CAGF,MAAM,eAAe,aAAa;CAClC,MAAM,qBAAqB,aAAa;CACxC,MAAM,aAAa,aAAa,aAAa,KAAK,UAAU,aAAa,cAAc;CAEvF,MAAM,WAAW,MAAM,IAAI,YAAY;EACrC;EACA,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS;IACP,SAAS;IACT,WAAW,KAAK;IAChB,YAAY;KACV,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;IAEzD,UAAU;KACR,UAAU,SAAS,YAAY;KAC/B,YAAY,SAAS;KACrB,SAAS;KACT,OAAO,SAAS,MAAM;KACtB,gBAAgB,SAAS,eAAe;KACxC,WAAW,kBAAkB,SAAS;;IAExC;IACA;IACA;;;EAGJ;;AAIF,SAAQ,MAAM,mDAAmD;AAEjE,KAAI,CAAC,4BAA4B,WAAW;AAE1C,UAAQ,MAAM,2DAA2D;EACzE,MAAM,eAAgB,UAAkB,SAAS;AACjD,QAAM,IAAI,MAAM,gBAAgB;;CAGlC,MAAM,UAAU,SAAS;AACzB,KAAI,CAAC,QAAQ,WAAW,CAAC,QAAQ,kBAAkB,CAAC,QAAQ,MAAM;AAEhE,UAAQ,MAAM,wDAAwD;AACtE,QAAM,IAAI,MAAM,QAAQ,SAAS;;AAGnC,QAAO;EACL,gBAAgB,QAAQ;EACxB,MAAM,QAAQ;EACd,eAAe,YAAY;EAC3B,MAAM,QAAQ;;;;;;;;;;AClIlB,eAAsB,0BAA0B,EAC9C,KACA,YACA,eACA,aAeC;AACD,KAAI;AACF,UAAQ,KAAK;AAIb,MACE,CAAC,WAAW,wBAAwB,KAAK,SAAS,SAClD,CAAC,WAAW,wBAAwB,KAAK,SAAS,OAElD,OAAM,IAAI,MAAM;AAGlB,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAGhC,MAAM,WAAW,MAAM,IAAI,YAAyD;GAClF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KAChC;KACA;;;;AAMN,MAAI,CAAC,mCAAmC,UACtC,OAAM,IAAI,MAAM;EAGlB,MAAM,oBAAoB,SAAS,QAAQ;AAC3C,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;AAElB,SAAO;GACL,WAAW,SAAS,QAAQ;GAC5B,qBAAqB,SAAS,QAAQ;GACtC;GACA,eAAe,SAAS,QAAQ;GAChC,aAAa,SAAS,QAAQ;;UAGzBC,OAAgB;AACvB,UAAQ,MAAM,yDAAyD;AACvE,QAAM;;;;;;;;;;ACpEV,eAAsB,qBAAqB,EAAE,KAAK,8BAG1B;AACtB,KAAI;EACF,MAAM,WAAW,MAAM,IAAI,YAAoD,EAC7E,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS,EACP;;AAKN,MAAI,8BAA8B,UAChC,QAAO,SAAS,QAAQ;MAExB,OAAM,IAAI,MAAM;UAEXC,OAAgB;AACvB,QAAM;;;;;;;;;;ACfV,eAAsB,2BAA2B,EAC/C,KACA,gBACA,iBACA,YACA,OACA,WACA,WAYC;AACD,KAAI;AACF,UAAQ,KAAK;AAGb,UAAQ,SAAS,QAAQ,UAAU;AACjC,OAAI;AACF,2BAAuB;YAChB,OAAO;AACd,UAAM,IAAI,MAAM,UAAU,MAAM,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU;;;EAInG,MAAM,WAAW,MAAM,IAAI,YAA0D,EACnF,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS;IACP;IACA;IACA;IACA;IACW;IACF;;;AAKf,MAAI,SAAS,SAAS,mBAAmB,mCAAmC;AAC1E,WAAQ,MAAM,qEAAqE;AACnF,SAAM,IAAI,MAAM;;EAGlB,MAAM,aAAa,SAAS;AAC5B,MAAI,CAAC,WAAW,QACd,OAAM,IAAI,MAAM,WAAW,SAAS;EAGtC,MAAM,qBAAqB,WAAW,sBAAsB;AAC5D,MAAI,mBAAmB,WAAW,EAChC,OAAM,IAAI,MAAM,8CAA8C,mBAAmB;EAEnF,MAAM,WAAW,mBAAmB;AACpC,MAAI,CAAC,YAAY,CAAC,SAAS,eAAe,CAAC,SAAS,UAClD,OAAM,IAAI,MAAM;EAGlB,MAAM,SAAS;GACb,mBAAmB,IAAI,kBAAkB;IACvC,aAAa,SAAS;IACtB,WAAW,SAAS;IACpB,aAAa,MAAM,KAAK,SAAS,cAAc;;GAEjD,MAAM,WAAW;;AAGnB,UAAQ,MAAM;AACd,SAAO;UAEAC,OAAgB;AACvB,UAAQ,MAAM,oEAAoE;AAClF,QAAM;;;;;;;;;;;;AC/EV,eAAsB,kBAAkB,EAAE,KAAK,WAsB5C;AACD,KAAI;EACF,MAAM,eAAe,MAAM,4BAA4B,QAAQ,WAAW,IAAI,UAAU;EACxF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,QAAQ,WAAW;AAC3F,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC,QAAQ;EAIjE,MAAM,YAAY,QAAQ,aAAa;AAEvC,MAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;AAGlB,QAAM,IAAI,iBAAiB,gCAAgC;GACzD;GACA;GACA,MAAM;GACN,eAAe,QAAQ;GACvB,SAAS,QAAQ;GACjB,WAAW,QAAQ;GACnB,OAAO,QAAQ;GACf,MAAM,QAAQ;GACd,4BAA4B,QAAQ;GACpC,YAAY,QAAQ;GACpB,YAAY,QAAQ;;EAGtB,MAAM,WAAW,MAAM,IAAI,YAAiD;GAC1E;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS;KACP,SAAS,QAAQ;KACjB,WAAW,QAAQ;KACnB,OAAO,QAAQ;KACf,OAAO,QAAQ,SAAS;KACxB,WAAW,QAAQ;KACnB,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAAC,2BAA2B,WAAW;AACzC,WAAQ,MAAM,gDAAgD;GAC9D,MAAM,eAAe,SAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAGlC,SAAO;GACL,SAAS;GACT,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,OAAO,SAAS,QAAQ,SAAS;;UAG5BC,OAAgB;AACvB,UAAQ,MAAM,+CAA+C;AAC7D,SAAO;GACL,SAAS;GACT,WAAW;GACX,WAAW;GACX,WAAW;GACX,OAAQ,SAAS,OAAQ,MAAgC,YAAY,WAChE,MAA8B,UAC/B;;;;;;;;;;;;;;;;;;;;;;AC3EV,eAAsB,8BAA8B,EAClD,KACA,WACA,eACA,YACA,cACA,oBACA,YACA,aACA,cACA,6BAuBC;AACD,KAAI;AACF,MAAI,CAAC,UACH,OAAM,IAAI,MAAM;AAGlB,UAAQ,MAAM,gEAAgE;GAC5E;GACA;GACA;;EAIF,MAAM,cAAc,MAAoC;AACtD,OAAI,CAAC,EAAG,QAAO;AACf,UAAO,MAAM,KAAK,gBAAgB;;EAIpC,MAAM,oBAAoB;GACxB,UAAU;IACR,gBAAgB,WAAW,aAAa;IACxC,YAAY,WAAW,aAAa;IACpC,WAAW,WAAW,aAAa;IACnC,YAAY,WAAW,aAAa;IACpC,SAAS,aAAa;IACtB,OAAO,aAAa;IACpB,cAAc,OAAO,aAAa;IAClC,YAAY,WAAW,aAAa;;GAEtC,uBAAuB;GACvB,8BAA8B,WAAW;GACzC,uBAAuB;IACrB,kBAAkB,6BAA6B,uBAAuB;IACtE,cAAc;KACZ,QAAQ;KACR,gBAAgB;KAChB,UAAU;;;;EAMhB,MAAM,WAAW,MAAM,IAAI,YAA6D;GACtF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KAChC;KACA;KACA,oBAAoB;MAClB,aAAa,mBAAmB;MAChC,eAAe,mBAAmB;MAClC,WAAW,mBAAmB;;KAEhC;KACA,kBAAkB,KAAK,UAAU;;;;AAKvC,MAAI,CAAC,uCAAuC,UAC1C,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;AAE5B,UAAQ,MAAM;EAGd,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GAChC;GACA,cAAc,gBAAgB;GAC9B,eAAe,WAAW;GAC1B;GACA,aAAa,WAAW;GACxB,SAAS;GACT,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,UAAQ,MAAM;AAEd,SAAO;GACL,SAAS;GACT,WAAW,WAAW;GACtB,mBAAmB,WAAW;GAC9B,aAAa,WAAW;GACxB,eAAe,WAAW;GAC1B;;UAEKC,OAAgB;AACvB,UAAQ,MAAM,8DAA8D;EAC5E,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT,WAAW;GACX,mBAAmB;GACnB,aAAa;GACb,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;AC3Ib,SAAgB,4BACd,KACA,SACoB;CAKpB,MAAM,aAAa,IAAI,uBAAuB;CAC9C,MAAM,cAAe,SAAS,sBAAsB;CACpD,MAAM,kBAAkB,OAAO,YAC7B,OAAO,QAAQ,aAAa,QAAQ,GAAG,OAAO,MAAM,UAAa,MAAM;CAEzE,IAAIC,MAA0B;EAAE,GAAG;EAAY,GAAG;;AAGlD,OAAM;EAAE,GAAG;EAAK,OAAO,IAAI,SAAS;;AAIpC,KAAI,SAAS,SAAS,uBAAuB,6BAC3C,QAAO;EACL,QAAQ;EACR,UAAU,IAAI;EACd,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;CAKxB,MAAM,kBAAkB,OAAO,SAAS,OAAO;AAO/C,KAAI,2BAA2B;EAC7B,MAAMC,YAA2C,IAAI,WAAW,SAAU,WAAW,IAAI;AACzF,QAAM;GACJ,GAAG;GACH,QAAQ;GACR,UAAU;;;AAMd,KACE,YACA,SAAS,SACR,QAAQ,SAAS,uBAAuB,oBAAoB,QAAQ,SAAS,uBAAuB,aAIrG,QAAO;EACL,QAAQ;EACR,UAAU;EACV,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;AAKxB,QAAO;;;;;;;;;AClFT,SAAgB,6BAA6B,OAAsC;AACjF,KAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,SAAS,OAAQ,OAAM,IAAI,MAAM;CACtC,MAAM,IAAI;AAOV,KAAI,EAAE,kBAAkB,EAAG,OAAM,IAAI,MAAM;AAC3C,KAAI,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,UAAW,OAAM,IAAI,MAAM;AAC5D,KAAI,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,KAAM,OAAM,IAAI,MAAM;AAClD,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,QAAO;;AAGT,SAAgB,0CAA0C,SAAqC;AAC7F,KACE,QAAQ,SAAS,uBAAuB,oBACrC,QAAQ,SAAS,uBAAuB,oBAE3C;CAGF,MAAMC,UAAgB,QAAgB,WAAW;AACjD,KAAI,QAAQ,cAAc,OACxB,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,WAAW,OACrB,OAAM,IAAI,MAAM;;;;;;;;;;AChBpB,eAAsB,sCACpB,KACA,SAIA,QACe;CAGf,IAAIC;CACJ,IAAIC;CACJ,IAAIC;AAEJ,KAAI;AAEF,YAAU,6BAA6B,QAAQ;AAC/C,4CAA0C;AAC1C,uBAAqB,4BAA4B,KAAK;EAEtD,MAAM,gBAAgB,wBAAwB,QAAQ;EACtD,MAAM,eAAe,gBAAgB;AAErC,uBAAqB,uBAAuB;GAC1C,GAAG;GACH,GAAI,eAAe,EAAE,iBAAiB;;UAGjCC,GAAY;AAEnB,UAAQ,MAAM,wDAAwD;AAEtE,MAAI;GACF,MAAM,OAAO,SAAS,OAAc;AACpC,OAAI,OAAO,QAAQ,YAAY,KAAK;AAClC,wBAAoB,QAAQ;KAC1B,WAAW;KACX,WAAW;KACX,OAAO,aAAa,MAAM;;AAE5B;;WAEKC,MAAe;AACtB,SAAM,QAAQ;;AAEhB,QAAM,QAAQ;;CAGhB,MAAM,UAAU,SAAS,QAAQ;AACjC,KAAI,CAAC,SAAS;AAEZ,sBAAoB,QAAQ;GAC1B,WAAW,QAAQ;GACnB,WAAW;GACX,OAAO;;AAET;;AAGF,OAAM,QAAQ;EAAE;EAAK;EAAS;EAAQ;EAAoB;;;AAa5D,eAAe,WAAc,OAAe,QAAsC;AAChF,KAAI;AACF,SAAO,MAAM;UACN,GAAG;AACV,UAAQ,MAAM,0CAA0C,MAAM,eAAe;AAC7E,QAAM;;;AAIV,MAAMC,WAA6D;EAChE,uBAAuB,+BAA+B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACjI,MAAM,EAAE,wBAAwB,MAAM,WAAW,mBAAmB,OAAO;AAC3E,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExG,uBAAuB,6BAA6B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAC/H,MAAM,EAAE,wBAAwB,MAAM,WAAW,mBAAmB,OAAO;AAC3E,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExG,uBAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,2BAA2B,MAAM,WAAW,sBAAsB,OAAO;AACjF,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9G,uBAAuB,cAAc,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAChH,MAAM,EAAE,2BAA2B,MAAM,WAAW,sBAAsB,OAAO;AACjF,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9G,uBAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,iCAAiC,MAAM,WAAW,sBAAsB,OAAO;AACvF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB;;;EAE/G,uBAAuB,sBAAsB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACxH,MAAM,EAAE,iCAAiC,MAAM,WAAW,sBAAsB,OAAO;AACvF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB;;;;;;;;;;;;;ACzHlH,eAAsB,iBACpB,KACA,SACgC;AAChC,QAAO,IAAI,SAAgC,SAAS,WAAW;EAE7D,MAAM,SAAS,EACb,cAAc,QAAa;AACzB,OAAI,KAAK,SAAS,yBAAyB,8BACzC,SAAQ,IAAI;;AAKlB,wCACE,KACA;GAAE,MAAM,yBAAyB;GAAuC,MAAM;KAC9E,QACA,MAAM;;;;;;;;;;;;ACfZ,eAAsB,oBAAoB,EACxC,KACA,eACA,SACA,OACA,aAOgB;CAChB,MAAM,YAAY,YAAY;CAG9B,MAAM,eAAe,MAAM,4BAA4B,WAAW,IAAI,UAAU;CAChF,MAAM,CAAC,SAAS,QAAQ,MAAM,QAAQ,IAAI,CACxC,IAAI,UAAU,WAAW,gBAAgB,WAAW,eACpD,IAAI,UAAU,SAAS,gBAAgB,WAAW;CAEpD,MAAM,YAAY,MAAM,uBAAuB;AAC/C,KAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,MAAM;CAIlB,MAAM,WAAW,MAAM,IAAI,YAAwD;EACjF;EACA,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS;IACP,eAAe;IACf,yBAAyB,QAAQ;IACjC,sCAAsC,QAAQ;;;;AAKpD,KAAI,CAAC,kCAAkC,WAAW;AAChD,UAAQ,MAAM,2CAA2C;EACzD,MAAM,eAAe,SAAS,UAAU,YAAY,UAAU,SAAS;EACvE,MAAM,MAAM,OAAO,gBAAgB;AACnC,QAAM,IAAI,MAAM;;CAGlB,MAAM,aAAa,SAAS,QAAQ;CAGpC,MAAM,UAAU;EACd,eAAe;EACf,WAAW;EACX,MAAM,uBAAuB;EAC7B,SAAS;GACP,WAAW;GACX;GACA;GACA,SAAS;;EAEX,SAAS;GACP,eAAe;GACf;GACA;GACA;GACA;;;AAGJ,OAAM,iBAAiB,KAAK;;;;;;;;;;;ACK9B,IAAa,sBAAb,MAAiC;CAE/B,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,kBACA,YACA,wBACA,cACA,cACA,8CAAuD,MACvD,iBACA;AACA,OAAK,YAAY;AACjB,OAAK,gBAAgB,IAAI,cAAc,cAAc;AACrD,OAAK,mBAAmB;AACxB,OAAK,aAAa;AAClB,OAAK,yBAAyB;AAC9B,OAAK,eAAe;AACpB,OAAK,kBAAkB;;CAGzB,oBAAoB,QAAkC;AACpD,OAAK,mBAAmB;;CAG1B,aAAyC;AACvC,SAAO;GACL,aAAa,KAAK,YAAY,KAAK;GACnC,WAAW,KAAK;GAChB,eAAe,KAAK;GACpB,kBAAkB,KAAK;GACvB,YAAY,KAAK;GACjB,wBAAwB,KAAK;GAC7B,cAAc,KAAK;GACnB,cAAc,KAAK,cAAc;GACjC,iBAAiB,KAAK;;;CAI1B,qBAA6B;EAC3B,MAAM,eAAe,iBACnB,6BAA6B,OAAO,KACpC;GAAE,QAAQ;GAAU,YAAY,KAAK;;AAEvC,MAAI;GACF,MAAM,SAAS,IAAI,OAAO,cAAc;IACtC,MAAM,6BAA6B,OAAO;IAC1C,MAAM,6BAA6B,OAAO;;AAG5C,UAAO,gBAAgB;AACvB,UAAO;WACA,OAAO;GAId,MAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO;AAC5D,SAAM,IAAI,MAAM,mCAAmC;;;;;;;;;;;;;;;CAgBvD,AAAQ,aAAuB;CAC/B,AAAiB,uBAAuB;CAExC,AAAQ,kCAAoD,IAAI;CAChE,AAAiB,6BAA6B,MAAS;CAEvD,AAAQ,oBAA4B;AAClC,MAAI,KAAK,WAAW,SAAS,EAC3B,QAAO,KAAK,WAAW;AAEzB,SAAO,KAAK;;CAGd,AAAQ,0BAA0B,QAAsB;AAEtD,SAAO;AAEP,OAAK;;;;;;;;;;;;;;;;;;;;;CAsBP,MAAM,2BAA2B,WAAmB,MAAmH;AACrK,MAAI,KAAK,gBAAgB,IAAI,WAC3B,OAAM,IAAI,MAAM,0CAA0C;EAG5D,MAAM,SAAS,KAAK;EACpB,IAAI,aAAa,MAAM;EACvB,IAAIC;AACJ,MAAI,CAAC,YAAY;GAIf,MAAM,UAAU,IAAI;AACpB,gBAAa,QAAQ;AACrB,aAAU,QAAQ;;AAIpB,MAAI;AACF,OAAI,CAAC,WACH,OAAM,IAAI,MAAM;AAIlB,SAAM,kBAAkB,QAAQ,WAAW;AAI3C,QAAK,gBAAgB,IAAI,WAAW;IAClC;IACA,iBAAiB;IACjB,WAAW,KAAK;;WAGX,KAAK;AACZ,WAAQ,MAAM,6EAA6E;AAE3F,OAAI;AAAE,gBAAY;WAAiB;AACnC,OAAI;AAAE,aAAS;WAAiB;AAChC,QAAK,0BAA0B;AAC/B,QAAK,gBAAgB,OAAO;AAC5B,SAAM;;AAER,SAAO;GAAE;GAAQ;GAAY;;;;;;CAM/B,sBAAsB,WAAyB;EAC7C,MAAM,QAAQ,KAAK,gBAAgB,IAAI;AACvC,MAAI,CAAC,MAAO;AACZ,MAAI;AAAE,SAAM,iBAAiB;UAAgB;AAC7C,MAAI;AAAE,QAAK,0BAA0B,MAAM;UAAgB;AAC3D,OAAK,gBAAgB,OAAO;;;;;CAM9B,8BAAoC;EAClC,MAAM,MAAM,KAAK;AACjB,OAAK,MAAM,CAAC,WAAW,UAAU,KAAK,gBAAgB,UACpD,KAAI,MAAM,MAAM,YAAY,KAAK,2BAC/B,MAAK,sBAAsB;;CAKjC,MAAc,0BAAyC;AACrD,MAAI;GACF,MAAM,SAAS,KAAK;GAGpB,MAAM,gBAAgB,IAAI,SAAe,SAAS,WAAW;IAC3D,MAAM,UAAU,iBAAiB,uBAAO,IAAI,MAAM,0BAA0B;IAE5E,MAAM,aAAa,UAAwB;AACzC,SAAI,MAAM,MAAM,SAAS,qBAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,mBAAa;AACb;;;AAIJ,WAAO,iBAAiB,WAAW;AACnC,WAAO,gBAAgB;AACrB,YAAO,oBAAoB,WAAW;AACtC,kBAAa;AACb,4BAAO,IAAI,MAAM;;;AAIrB,SAAM;AAEN,OAAI,KAAK,WAAW,SAAS,KAAK,qBAChC,MAAK,WAAW,KAAK;OAErB,QAAO;WAEFC,OAAgB;AACvB,WAAQ,KAAK,6DAA6D;;;;;;;CAQ9E,MAAM,oBAAmC;EACvC,MAAMC,WAA4B;AAElC,OAAK,IAAI,IAAI,GAAG,IAAI,KAAK,sBAAsB,IAC7C,UAAS,KACP,IAAI,SAAe,SAAS,WAAW;AACrC,OAAI;IACF,MAAM,SAAS,KAAK;IAGpB,MAAM,WAAW,UAAwB;AACvC,SAAI,MAAM,MAAM,SAAS,qBAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,WAAK,0BAA0B;AAC/B;;;AAIJ,WAAO,iBAAiB,WAAW;AAGnC,WAAO,WAAW,UAAU;AAC1B,YAAO,oBAAoB,WAAW;AACtC,aAAQ,MAAM,2BAA2B,IAAI,EAAE,oBAAoB;AACnE,YAAO;;AAIT,qBAAiB;AACf,YAAO,oBAAoB,WAAW;AAGtC,4BAAO,IAAI,MAAM;OAChB;YAEID,OAAgB;AACvB,YAAQ,MAAM,4CAA4C,IAAI,EAAE,IAAI;AACpE,WAAO,QAAQ;;;AAMvB,MAAI;AACF,SAAM,QAAQ,WAAW;WAClBA,OAAgB;AACvB,WAAQ,KAAK,qDAAqD;;;CAItE,MAAc,YAAyC,EACrD,WACA,SACA,SACA,YAAY,6BAA6B,SAAS,WAMX;AAGvC,OAAK;EAEL,MAAM,mBAAoB,QAAQ,SAAiB;AACnD,MAAI,aAAa,oBAAoB,qBAAqB,UACxD,OAAM,IAAI,MACR,mCAAmC,iBAAiB,uCAAuC,UAAU;EAIzG,MAAM,qBAAqB,aAAa;EACxC,MAAM,eAAe,qBAAqB,KAAK,gBAAgB,IAAI,sBAAsB;AACzF,MAAI,sBAAsB,CAAC,aACzB,OAAM,IAAI,MAAM,qCAAqC;EAIvD,MAAM,eAAe,qBACjB,cAAc,oBAAoB,QAAQ,WACzC,QAAQ;EAEb,MAAM,SAAS,eAAe,aAAa,SAAS,KAAK;EACzD,MAAM,kBAAkB,CAAC,CAAC;AAE1B,SAAO,IAAI,SAAS,SAAS,WAAW;GACtC,MAAM,YAAY,iBAAiB;AACjC,QAAI;AACF,SAAI,mBAAmB,mBAErB,MAAK,sBAAsB;SAE3B,MAAK,0BAA0B;YAE3B;AAER,QAAI;KACF,MAAM,UAAU,KAAK,MAAM,YAAY;AACvC,YAAO,YAAY;MAAE,MAAM;MAAiB,SAAS,mBAAmB,QAAQ;QAAiB;YAC3F;AACR,2BAAO,IAAI,MAAM,oCAAoC,UAAU;MAC9D;GAEH,MAAME,YAA2C;AAEjD,UAAO,YAAY,OAAO,UAAU;AAClC,QAAI;AAEF,SAAI,6BAA6B,OAAO,MACtC;AAGF,SAAI,OAAO,MAAM,SAAS,qBAAqB,gBAAgB,OAAO,MAAM,MAC1E;KAGF,MAAM,WAAW,MAAM;AACvB,eAAU,KAAK;AAGf,SAAI,iBAAiB,WAAW;MAC9B,MAAM,mBAAmB;AACzB,gBAAU,iBAAiB;AAC3B;;AAIF,SAAI,cAAc,WAAW;AAC3B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;MACrD,MAAM,gBAAgB;AACtB,cAAQ,MAAM,0BAA0B;AACxC,aAAO,IAAI,MAAM,cAAc,QAAQ;AACvC;;AAIF,SAAI,gBAAgB,WAAW;AAC7B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ;AACR;;AAIF,aAAQ,MAAM,sCAAsC,EAClD;AAIF,SAAI,SAAS,aAAa,aAAa,YAAY,WAAW,UAAU;AACtE,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ,MAAM,qCAAqC;AACnD,6BAAO,IAAI,MAAM,8BAA+B,SAAmB;AACnE;;AAIF,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,4BAAO,IAAI,MAAM,mCAAmC,KAAK,UAAU;aAC5DF,OAAgB;AACvB,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,aAAQ,MAAM,oCAAoC;KAClD,MAAM,MAAM,QAAQ;AACpB,4BAAO,IAAI,MAAM,oCAAoC,IAAI;;;AAI7D,UAAO,WAAW,UAAU;AAC1B,iBAAa;AACb,QAAI,CAAC,gBAAiB,MAAK,0BAA0B;IACrD,MAAMG,iBAAe,MAAM,OAAO,WAAW,MAAM,WAAW;AAC9D,YAAQ,MAAM,oCAAoC;KAChD,SAASA;KACT,UAAU,MAAM;KAChB,QAAQ,MAAM;KACd,OAAO,MAAM;KACb,OAAO,MAAM;;AAEf,2BAAO,IAAI,MAAM,iBAAiBA;;GAIpC,MAAM,mBAAmB;IACvB,MAAM,QAAQ;IACd,SAAS;;AAGX,UAAO,YAAY;;;;;;CAOvB,MAAM,0CAA0C,MAiB7C;AACD,SAAO,0CAA0C;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;CAMhF,MAAM,yBAAyB,MAO5B;AACD,SAAO,yBAAyB;GAAE,KAAK,KAAK;GAAc,GAAG;;;CAG/D,MAAM,qBAAqB,MAcxB;AACD,SAAO,qBAAqB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;;CAU3D,MAAM,8BAA8B,MAqBjC;AACD,SAAO,8BAA8B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CASpE,MAAM,4BAA4B,MAY9B;AACF,SAAO,4BAA4B;GACjC,KAAK,KAAK;GACV,GAAG;;;CAIP,MAAM,mBAAmB,MAatB;AACD,SAAO,mBAAmB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOzD,MAAM,0BAA0B,MAW7B;AACD,SAAO,0BAA0B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOhE,MAAM,qBAAqB,4BAAyD;AAClF,SAAO,qBAAqB;GAAE,KAAK,KAAK;GAAc;;;;;;;CAOxD,MAAM,2BAA2B,MAU9B;AACD,SAAO,2BAA2B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;CASjE,MAAM,kBAAkB,SAmBrB;AACD,SAAO,kBAAkB;GACvB,KAAK,KAAK;GACV;;;;;;;;;CAUJ,MAAM,oBAAoB,MAKR;AAChB,SAAO,oBAAoB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;;;;;ACntB5D,eAAsB,eAAe,KAA+D;AAClG,KAAI;AACF,QAAM,IAAI;SACJ;AAEN,SAAO;GAAE,QAAQ;GAAO,eAAe;;;AAGzC,KAAI;EACF,MAAMC,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,WAAW,SAAS,MAAM;GACrC,MAAM,OAAO,SAAS;GACtB,MAAM,UAAU,IAAI;AACpB,UAAO;IACL,QAAQ,KAAK;IACb,eAAe,UAAU,YAAY,WAAW;IAChD,iBAAiB,KAAK;;;AAI1B,SAAO;GAAE,QAAQ;GAAO,eAAe;;UAChC,OAAO;AACd,UAAQ,KAAK,0CAA0C;AACvD,SAAO;GAAE,QAAQ;GAAO,eAAe;;;;;;;;;;;;;;;;;AC3B3C,eAAsB,aACpB,KACA,MAMC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAAqD;EACzD,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAAqC;AAChE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wBAAwB,SAAS;AAEnD,QAAQ,SAAS,QAAgB;EAC/B,WAAW,KAAK;EAChB,gBAAgB;EAChB,kBAAkB;EAClB,aAAa;;;;;;;;;;;;AC7BjB,eAAsB,gBAAgB,KAAoD;AACxF,SAAQ,MAAM;AAEd,OAAM,IAAI;AAEV,KAAI;EACF,MAAMC,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,SAAS;AAEpB,OAAI,uBAAuB;AAC3B,WAAQ,MAAM;QAEd,SAAQ,KAAK,mCAAmC,SAAS;UAEpD,OAAO;AACd,UAAQ,KAAK,iCAAiC;;;;;;;;;;;;;;AChBlD,eAAsB,2CACpB,KACA,QAqBC;AACD,OAAM,IAAI,kBAAkB;CAE5B,MAAMC,UAAmE;EACvE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,OAAO;GAClB,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,YAAY,OAAO;GACnB,YAAY,OAAO;GACnB,aAAa,OAAO,eAAe;;;CAKvC,MAAM,WAAW,MAAM,IAAI,YAAmD;AAE9E,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wCAAwC,SAAS;CAGnE,MAAM,OAAO,SAAS;AAEtB,KAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM,KAAK,SAAS;AAGhC,KAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,aACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,YACR,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL,WAAW;EACX,WAAW,KAAK;EAChB,YAAY,KAAK;EACjB,cAAc,KAAK;EACnB,oBAAoB,KAAK;EACzB,aAAa,KAAK;EAClB,WAAW,KAAK;EAChB,cAAc,KAAK;EACnB,2BAA2B,KAAK;EAChC,qBAAqB,KAAK;;;;;;;;;;;;;ACd9B,eAAsB,gCACpB,YACA,QACgD;CAChD,MAAM,EAAE,cAAc;CAEtB,IAAIC;CACJ,IAAIC;AAEJ,SAAQ,OAAO,MAAf;EACE,KAAK,eAAe;GAClB,MAAM,oBAAoB,OAAO;AACjC,kBAAe,MAAM,6BACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAI;;GAI5B,MAAMC,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAM,uBAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;;IAElB,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,YAAY;GACf,MAAMC,oBAA4C,CAAC;IACjD,YAAY,OAAO,SAAS;IAC5B,SAAS,OAAO,SAAS;;AAG3B,kBAAe,MAAM,6BACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAI;;GAI5B,MAAMD,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;IAClD,UAAU;KACR,UAAU,OAAO,SAAS;KAC1B,YAAY,OAAO,SAAS;KAC5B,OAAO,OAAO,OAAO,SAAS;KAC9B,gBAAgB,OAAO,OAAO,SAAS;;;AAI3C,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAM,uBAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;;IAElB,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,UAAU;AACb,kBAAe,GAAG,OAAO,cAAc,GAAG,OAAO,UAAU,GAAG,OAAO;GACrE,MAAMA,UAA8B;IAClC;IACA,QAAQ;IACR,YAAY,OAAO;IACnB,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAM,uBAAuB;IAC7B;IACA,SAAS;KACP,eAAe,OAAO;KACtB,SAAS,OAAO;KAChB,WAAW,OAAO;KAClB,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;KAC5D,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;;IAE9D,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,QAIE,OAAM,IAAI,MAAM;;AAIpB,OAAM,WAAW,kBAAkB;CACnC,MAAME,UAAwE;EAC5E,MAAM;EACN,IAAI,WAAW;EACf,SAAS,EACP;;CAGJ,MAAM,WAAW,MAAM,WAAW,YAAwD;AAC1F,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,2CAA2C,SAAS;CAGtE,MAAM,WAAW,SAAS;AAQ1B,KAAI,CAAC,UAAU,UACb,OAAM,IAAI,MAAM,UAAU,SAAS;AAErC,KAAI,CAAC,SAAS,oBACZ,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL;EACA,oBAAoB,SAAS;EAC7B,cAAc,SAAS,iBAAiB;EACxC,YAAY,SAAS;;;AAIzB,SAAS,wBAAwB,mBAA+D;AAC9F,KAAI;EACF,IAAI,QAAQ,OAAO;AACnB,OAAK,MAAM,MAAM,kBACf,MAAK,MAAM,UAAU,GAAG,QACtB,SAAQ,OAAO,aAAf;GACE,KAAK,WAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAK,WAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAK,WAAW;AACd,aAAS,OAAO,OAAO,SAAS;AAChC;GACF,QACE;;AAIR,SAAO,QAAQ,OAAO,KAAK,MAAM,aAAa;SACxC;AACN,SAAO;;;;;;;;;;;;;;ACpPX,eAAsB,4BACpB,KACA,WACsB;AACtB,OAAM,IAAI,kBAAkB;CAC5B,MAAM,UAAU,IAAI;AACpB,KAAI;AACF,MAAI,aACF;GAAE,MAAM,qBAAqB;GAA2B;KACxD,CAAC,QAAQ;UAEJ,KAAK;AACZ,UAAQ,MAAM,sEAAsE;AACpF,QAAM;;AAER,QAAO,QAAQ;;;;;;;;ACXjB,eAAsB,wBACpB,KACA,MAWC;CACD,MAAM,eAAe,KAAK,gBAAgB;AAC1C,OAAM,IAAI;CAEV,MAAM,eAAe,KAAK;CAC1B,MAAM,kBAAkB,cAAc,aACjC,cAAc,eACd,cAAc,UACd,cAAc;CAEnB,MAAMC,UAAgE;EACpE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,YAAY,KAAK;GACjB,eAAe,KAAK;GACpB;GACA,cAAc,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,MAAM,aAAa;IACnB,aAAa,OAAO,aAAa;IACjC,WAAW,aAAa;OACtB;;;CAIR,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,kCAAkC,SAAS;CAE7D,MAAM,OAAO,SAAS;CAOtB,MAAM,eAAe,KAAK,gBAAgB,KAAK,kBAAkB;AACjE,KAAI,CAAC,aACH,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,oBACR,OAAM,IAAI,MAAM;CAGlB,MAAM,eAAe,KAAK,mBACtB,qBAAqB;EACrB,UAAU,KAAK,iBAAiB;EAChC,WAAW,KAAK,iBAAiB;EACjC,UAAU,KAAK,iBAAiB;EAChC,cAAc,KAAK,iBAAiB;EACpC,QAAQ,KAAK,iBAAiB;EAC9B,MAAM,KAAK,iBAAiB;EAC5B,aAAa,KAAK,iBAAiB;EACnC,WAAW,KAAK,iBAAiB;MAEjC;AAEJ,KAAI,cAAc;AAChB,MAAI,uBAAuB,KAAK;AAChC,UAAQ,MAAM,iDAAiD,KAAK;;AAGtE,QAAO;EACL;EACA;EACA,qBAAqB,KAAK;EAC1B,2BAA2B,KAAK,6BAA6B;;;;;;;;;;;;;;;;;;;AC5EjE,eAAsB,+BACpB,KACA,MASqD;AACrD,OAAM,IAAI,kBAAkB;CAE5B,MAAMC,UAAuE;EAC3E,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,KAAK;GAEhB,aAAa,KAAK,eAAe;GACjC,YAAY,KAAK;GACjB,YAAY,KAAK;GACjB,OAAO,KAAK;GACZ,eAAe,KAAK;GACpB,YAAY,KAAK;;;CAGrB,MAAM,WAAW,MAAM,IAAI,YAAuD;AAClF,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,0CAA0C,SAAS;CAKrE,MAAM,OAAQ,SAAS;CACvB,MAAM,cAAc,MAAM,eAAe,KAAK,eAAe;AAC7D,KAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAElB,QAAO;EAAE,WAAW,MAAM,aAAa,KAAK;EAAW;;;;;;;;;;;;ACnDzD,eAAsB,mBACpB,KACA,MAKC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA2D;EAC/D,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,KAAK;GAChB,MAAM,KAAK;;;CAGf,MAAM,WAAW,MAAM,IAAI,YAA2C;AACtE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,8BAA8B,SAAS;AAEzD,QAAQ,SAAS,QAAgB,EAAE,WAAW,KAAK;;;;;;;;;;;AChBrD,eAAsB,+BACpB,KACA,WACA,WACuB;AACvB,QAAO,6BAA6B,KAAK,WAAW;;;;;;;AAQtD,eAAsB,yBACpB,KACA,WACuB;AACvB,QAAO,6BAA6B,KAAK;;AAG3C,eAAe,6BACb,KACA,WACA,WACuB;AACvB,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA6D;EACjE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP;GACA,cAAc;IACZ,QAAQ,UAAU;IAClB,MAAM,UAAU;IAChB,aAAa,OAAO,UAAU;IAC9B,WAAW,UAAU;;;;CAK3B,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,oCAAoC,SAAS;CAG/D,MAAM,OAAO,SAAS;AACtB,SAAQ,MAAM;AACd,QAAO,qBAAqB;;;;;;;;;;;;;ACjD9B,eAAsB,4BACpB,KACA,MAQC;AACD,OAAM,IAAI;AACV,KAAI;EACF,MAAMC,UAAoE;GACxE,MAAM;GACN,IAAI,IAAI;GACR,SAAS;IAEP,WAAW,KAAK;IAChB,cAAc,KAAK,eACf;KACE,QAAQ,KAAK,aAAa;KAC1B,MAAM,KAAK,aAAa;KACxB,aAAa,OAAO,KAAK,aAAa;KACtC,WAAW,KAAK,aAAa;QAE/B;;;EAIR,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,4CAA4C,SAAS;EAEvE,MAAM,OAAO,SAAS;EACtB,MAAM,gBAAgB,KAAK;AAC3B,MAAI,CAAC,cACH,OAAM,IAAI,MAAM;EAElB,MAAM,eAAe,KAAK,gBAAgB,cAAc;AACxD,MAAI,CAAC,aACH,OAAM,IAAI,MAAM;AAElB,MAAI,KAAK,gBAAgB,KAAK,aAE5B,KAAI,uBAAuB,KAAK,aAAa;AAI/C,SAAO;GACL;GACA,cAAc,qBAAqB;IACjC,UAAU,cAAc;IACxB,WAAW,cAAc;IACzB,UAAU,cAAc;IACxB,cAAc,cAAc;IAC5B,QAAQ,cAAc;IACtB,MAAM,cAAc;IACpB,aAAa,cAAc;IAC3B,WAAW,cAAc;;;UAItBC,OAAY;AACnB,UAAQ,MAAM,yDAAyD;AACvE,QAAM,IAAI,MAAM,6CAA6C,MAAM;;;;;;;;;;;;ACtEvE,eAAsB,mBACpB,KACA,MAOC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA2D;EAC/D,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAA2C;AACtE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,8BAA8B,SAAS;AAEzD,QACG,SAAS,QAAgB;EACxB,WAAW,KAAK;EAChB,QAAQ;;;;;;;;;;;;ACxBd,eAAsB,sBACpB,KACA,MAce;AACf,KAAI,CAAC,KAAK,YACR,OAAM,IAAI,MAAM;AAElB,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAAiC;EACrC,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;GAC3B,aAAa,KAAK;GAClB,qBAAqB,KAAK;GAC1B,sBAAsB,KAAK;;;AAG/B,KAAI;AACF,UAAQ,MAAM,sCAAsC;GAClD,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;;EAE7B,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,MAAI,CAAC,SAAS,SAAS;AACrB,WAAQ,MAAM,wDAAwD;IACpE,WAAW,KAAK;IAChB,eAAe,OAAO,KAAK;IAC3B,OAAO,SAAS;;AAElB,SAAM,IAAI,MAAM,iCAAiC,SAAS;;AAE5D,UAAQ,MAAM,wCAAwC;GACpD,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;;UAEtB,OAAO;AACd,UAAQ,MAAM,sCAAsC;GAClD,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;GAC3B;;AAEF,QAAM;;;;;;ACpDV,eAAsBC,4CAA0C,EAC9D,KACA,eACA,cACA,eACA,YACA,YACA,sBASqD;CAGrD,MAAM,qBAAqB,cAAc,gCAAgC;CAEzE,MAAM,qBAAqB,cACrB,gCAAgC,WAAW,MAAM,KAAK,MAAM,gCAAgC;CAElG,MAAM,YAAa,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAC7E,OAAO,eACP,YAAY,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;CAE/D,MAAM,QAAQ,eAAe;CAC7B,MAAM,OAAO,eAAe;CAC5B,MAAMC,UAIoB;EACxB,eAAe;EACf;EACA,MAAM,uBAAuB;EAC7B,SAAS;GACP;GACA;GACA,YAAY;GACZ,GAAI,SAAS,OAAO,EAAE,UAAU;GAChC,GAAI,QAAQ,OAAO,EAAE,SAAS;;EAEhC,SAAS;GACP;GACA;GACA,SAAS;IACP,YAAY;IACZ,YAAY;IACZ;;;EAGJ;EACA,cAAc,YAAY,cAAc,GAAG;;CAG7C,MAAM,WAAW,MAAM,iBAAiB,KAAK;AAE7C,QAAO,0DAA0D;EAC/D,WAAW,SAAS;EACpB;EACA,cAAc,SAAS,gBAAgB;EACvC,YAAY,SAAS;EACrB,cAAc,SAAS;EACvB,oBAAoB,SAAS;EAC7B,OAAO,SAAS;;;;;;;;;;;;ACtEpB,eAAsB,0CACpB,KACA,QAQoD;CACpD,MAAM,UAAU,IAAI;CACpB,MAAM,WAAW,MAAMC,4CAA8C;EACnE,KAAK;EACL,eAAe,OAAO;EACtB,cAAc,OAAO;EACrB,eAAe,OAAO;EACtB,YAAY,OAAO;EACnB,YAAY,OAAO;EAEnB,oBAAoB,OAAO;;AAG7B,KAAI,CAAC,SAAS,UACZ,OAAM,IAAI,MAAM,SAAS,SAAS;AAEpC,KAAI,CAAC,SAAS,WACZ,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,SAAS,aACZ,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,SAAS,mBACZ,OAAM,IAAI,MAAM;AAGlB,QAAO;;;;;;;;;;AClCT,eAAsB,6BACpB,KACA,MAM4B;AAC5B,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA2E;EAC/E,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,eAAe,KAAK;GACpB,YAAY,KAAK;GACjB,mBAAmB,KAAK;GAExB,OAAO,KAAK;;;CAGhB,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,KAAI,SAAS,QACX,KAAI,uBAAuB,KAAK;AAElC,QAAO;;;;;;;;;;AC9BT,eAAsB,oCACpB,KAKC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAAsD;EAC1D,MAAM;EACN,IAAI,IAAI;EACR,SAAS;;CAEX,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,+BAA+B,SAAS;CAE1D,MAAM,EAAE,mBAAmB,YAAY,gBAAgB,SAAS;AAKhE,KAAI,CAAC,qBAAqB,CAAC,WACzB,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAElB,QAAO;EAAE;EAAmB;EAAY;;;;;;;;;;;;ACpB1C,eAAsB,iBACpB,KACA,MAM4B;AAC5B,OAAM,IAAI,kBAAkB;AAE5B,MAAK,UAAU;EACb,MAAM;EACN,MAAM;GACJ,MAAM;GACN,SAAS;;;CAIb,MAAMC,UAAyD;EAC7D,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,eAAe,KAAK;GACpB,qBAAqB,KAAK;GAC1B,YAAY,KAAK;;;CAIrB,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,KAAI,SAAS,SAAS;AAEpB,MAAI,uBAAuB,KAAK;AAChC,UAAQ,MAAM,yCAAyC,KAAK;QACvD;AACL,UAAQ,MAAM,8CAA8C,SAAS;AACrE,UAAQ,MAAM,+BAA+B,KAAK,UAAU,UAAU,MAAM;AAC5E,UAAQ,MAAM,uCAAuC,KAAK,UAAU,SAAS,MAAM;;AAGrF,QAAO;;;;;;;;;;;;;;ACwGT,IAAa,mBAAb,MAA8B;CAC5B,AAAQ,YAA2B;CACnC,AAAQ,wBAA8C;CACtD,AAAQ,YAAY;CACpB,AAAQ;CACR,AAAQ,sBAAqC;CAC7C,AAAQ;CACR,AAAQ;CAER,YAAY,QAAgC,SAAkC;AAC5E,OAAK,SAAS;GAEZ,cAAc,YAAY,QAAQ;GAClC,eAAe;GACf,OAAO;GACP,GAAG;;AAGL,OAAK,UAAU;GACb,GAAG;GACH,kBAAkB;;;;;;CAOtB,aAAsC;AACpC,SAAO,KAAK;;CAGd,AAAQ,oBAAoD;AAC1D,SAAO;GACL,mBAAmB,KAAK,kBAAkB,KAAK;GAC/C,aAAa,KAAK,YAAY,KAAK;GACnC,mBAAmB,KAAK,kBAAkB,KAAK;GAC/C,YAAY,KAAK,WAAW,KAAK;GACjC,eAAe,SAAkB,aAA8B;AAC7D,QAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM;AAElB,SAAK,UAAU,YAAY,SAAS;;GAEtC,8BAA8B,KAAK;GACnC,yBAAyB,SAAwB;AAC/C,SAAK,sBAAsB;;;;;;;;CASjC,MAAM,4BAA4B,WAAyC;AACzE,SAAO,4BAA4B,KAAK,qBAAqB;;;;;;CAO/D,MAAM,+BAA+B,MAamB;AACtD,SAAO,+BAA+B,KAAK,qBAAqB;;;;;;;;CASlE,MAAM,mBAAmB,MAOtB;AACD,SAAO,mBAAmB,KAAK,qBAAqB;;;;;;CAOtD,MAAM,mBAAmB,MAQtB;AACD,SAAO,mBAAmB,KAAK,qBAAqB;;;;;;CAOtD,MAAM,aAAa,MAOhB;AACD,SAAO,aAAa,KAAK,qBAAqB;;;;;;;;CAShD,MAAM,sBAAsB,MAMV;AAChB,SAAO,sBAAsB,KAAK,qBAAqB;;;;;;;;CASzD,MAAM,gCAAgC,QA0CnC;AACD,SAAO,gCAAgC,KAAK,qBAAqB;;;;;;;;CASnE,MAAM,0CAA0C,QAOO;AACrD,SAAO,0CAA0C,KAAK,qBAAqB;;;;;;;;;;;;;CAc7E,MAAM,2CAA2C,QAoB9C;AACD,SAAO,2CAA2C,KAAK,qBAAqB;;CAG9E,oBAAoB,QAAkC;AACpD,OAAK,mBAAmB;;;;;;CAO1B,MAAc,kBAAkB,qBAAqB,OAAsB;AACzE,MAAI,KAAK,sBACP,OAAM,KAAK;WACF,CAAC,KAAK,UACf,OAAM,KAAK;AAEb,MAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM;AAGlB,MAAI,mBACF,KAAI;GACF,MAAM,iBAAiB,MAAM,KAAK,YAAY;IAC5C,MAAM;IACN,IAAI,KAAK;IACT,SAAS;MACR;AAEH,OAAI,CAAC,eAAe,QAClB,OAAM,IAAI,MAAM;WAEX,OAAO;AACd,WAAQ,MAAM,qCAAqC;AACnD,SAAM,IAAI,MAAM;;;;;;CAQtB,MAAM,aAA4B;AAChC,MAAI,KAAK,sBACP,QAAO,KAAK;AAQd,OAAK,wBAAwB,KAAK,kBAAkB,OAAM,UAAS;AACjE,WAAQ,MAAM,uCAAuC;AACrD,WAAQ,MAAM,+BAA+B;IAC3C,SAAS,MAAM;IACf,OAAO,MAAM;IACb,MAAM,MAAM;;AAGd,QAAK,wBAAwB;AAC7B,SAAM;;EAGR,MAAM,SAAS,MAAM,KAAK;AAC1B,SAAO;;;;;CAMT,MAAc,kBAAiC;AAC7C,MAAI;GACF,MAAM,eAAe,KAAK,OAAO,gBAAgB,YAAY,QAAQ;GACrE,MAAM,YAAY,iBAAiB,cAAc;IAAE,QAAQ;IAAO,YAAY,KAAK;;AACnF,WAAQ,MAAM,4BAA4B;AAE1C,QAAK,YAAY,IAAI,OAAO,WAAW;IACrC,MAAM;IACN,MAAM;;AAGR,QAAK,UAAU,WAAW,UAAU;AAClC,YAAQ,MAAM,kCAAkC;;AAGlD,SAAM,KAAK;AAGX,OAAI,KAAK,OAAO,aAAa;IAC3B,MAAM,OAAO,MAAM,KAAK,YAA2C;KACjE,MAAM;KACN,IAAI,KAAK;KACT,SAAS,EAAE,QAAQ,KAAK,OAAO;;AAEjC,QAAI,CAAC,KAAK,QACR,OAAM,IAAI,MAAM,iCAAiC,KAAK;;AAK1D,OAAI,KAAK,OAAO,kBAAkB,KAAK,OAAO,wBAAwB,KAAK,OAAO,uBAAuB;IACvG,MAAM,QAAQ,MAAM,KAAK,YAAoD;KAC3E,MAAM;KACN,IAAI,KAAK;KACT,SAAS;MACP,gBAAgB,KAAK,OAAO;MAC5B,gBAAgB,KAAK,OAAO;MAC5B,iBAAiB,KAAK,OAAO;;;AAGjC,QAAI,CAAC,MAAM,QACT,OAAM,IAAI,MAAM,2CAA2C,MAAM;;WAI9DC,OAAY;AACnB,SAAM,IAAI,MAAM,yCAAyC,MAAM;;;;;;CAOnE,MAAc,YACZ,SACA,eAC4B;AAC5B,SAAO,IAAI,SAAS,SAAS,WAAW;AACtC,OAAI,CAAC,KAAK,WAAW;AACnB,2BAAO,IAAI,MAAM;AACjB;;GAGF,MAAM,YAAa,iBAAiB,KAAK,OAAO,iBAAiB;GACjE,MAAM,UAAU,iBAAiB;AAC/B,2BAAO,IAAI,MAAM,yCAAyC,UAAU,wBAAwB,QAAQ;MACnG;GAEH,MAAM,iBAAiB,UAAwB;IAC7C,MAAM,UAAU,MAAM;AAUtB,QAAK,SAAiB,SAAS,yBAAyB,uCAAuC;KAC7F,MAAM,MAAM;KAIZ,MAAM,MAAM,KAAK;AACjB,SAAI,CAAC,KAAK,WAAW;AACnB,cAAQ,MAAM;AACd;;AAEF,KAAK,sCAAsC,KAAK,KAAK,KAAK;AAC1D;;IAGF,MAAM,WAAW;AACjB,QAAI,SAAS,OAAO,QAAQ,IAAI;AAC9B,kBAAa;AACb,UAAK,UAAW,oBAAoB,WAAW;AAC/C,aAAQ;;;AAIZ,QAAK,UAAU,iBAAiB,WAAW;AAC3C,QAAK,UAAU,YAAY;;;;;;CAO/B,AAAQ,oBAA4B;AAClC,SAAO,OAAO,KAAK,MAAM,GAAG,EAAE,KAAK;;;;;;CAOrC,MAAM,iBAAiB,MAKQ;AAC7B,SAAO,iBAAiB,KAAK,qBAAqB;;CAGpD,MAAM,+BAA+B,WAAyB,WAA0C;AACtG,SAAO,+BAA+B,KAAK,qBAAqB,WAAW;;CAG7E,MAAM,yBAAyB,WAAgD;AAC7E,SAAO,yBAAyB,KAAK,qBAAqB;;;;;CAM5D,MAAM,iBAA2C;AAC/C,SAAO,eAAe,KAAK;;;;;CAM7B,MAAM,kBAAiC;AACrC,SAAO,gBAAgB,KAAK;;;;;;;CAQ9B,uBAAuB,eAAgC;AACrD,OAAK,sBAAsB;AAC3B,UAAQ,MAAM,8CAA8C;;;;;;;;;;;CAY9D,MAAM,4BAA4B,MAO/B;AACD,SAAO,4BAA4B,KAAK,qBAAqB;;;;;;;;;;;;CAa/D,MAAM,wBAAwB,MAU3B;AACD,SAAO,wBAAwB,KAAK,qBAAqB;;;;;;CAO3D,MAAM,6BAA6B,MAKJ;AAC7B,SAAO,6BAA6B,KAAK,qBAAqB;;;;;;;CAQhE,MAAM,sCAIH;AACD,SAAO,oCAAoC,KAAK;;;;;CAMlD,MAAc,6BAA4C;AACxD,MAAI;GACF,MAAM,YAAY;GAClB,MAAM,eAAe,MAAM,KAAK,YAAY;IAC1C,MAAM;IACN,IAAI,KAAK;IACT,SAAS;MACR;AACH,OAAI,CAAC,aAAa,QAChB,OAAM,IAAI,MAAM,+BAA+B,aAAa;AAE9D;WACOA,OAAY;AACnB,WAAQ,KAAK,oDAAoD,MAAM;;;;;;;AC1sB7E,IAAa,yBAAb,MAAoC;CAClC,AAAQ,uCAA+D,IAAI;CAC3E,AAAQ,oDAA+E,IAAI;CAC3F,AAAQ;CACR,AAAQ,qBAAyC;CAEjD,AAAQ,sBAA+C;CAEvD,AAAQ,2BAA2B;CAEnC,cAAc;AAEZ,OAAK;;;;;;;;;CAUP,qBAAqB,OAAgC;AACnD,MAAI,UAAU,UAAU,UAAU,QAAS;AAC3C,OAAK,sBAAsB;AAE3B,OAAK,2BAA2B;AAChC,MAAI,KAAK,mBAAmB,UAAU,OAAO;AAC3C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR;;AAEF,QAAK,+BAA+B,KAAK;AACzC,QAAK,kBAAkB;;;;;;CAO3B,cAAc,UAAyD;AACrE,OAAK,qBAAqB,IAAI;AAC9B,eAAa;AACX,QAAK,qBAAqB,OAAO;;;;;;;CAQrC,2BAA2B,UAA4D;AACrF,OAAK,kCAAkC,IAAI;AAC3C,eAAa;AACX,QAAK,kCAAkC,OAAO;;;;;;CAOlD,AAAQ,kBAAkB,OAA+B;AACvD,MAAI,KAAK,qBAAqB,SAAS,GAAG;AAGxC,WAAQ,MAAM;AACd;;EAGF,IAAI,QAAQ;AACZ,OAAK,qBAAqB,SAAS,aAAa;AAC9C;AACA,OAAI;AACF,aAAS;YACFC,OAAY;;;CAKzB,AAAQ,+BAA+B,QAAkC;AACvE,MAAI,KAAK,kCAAkC,SAAS,EAAG;AACvD,OAAK,kCAAkC,SAAS,aAAa;AAC3D,OAAI;AACF,aAAS;WACH;;;;;;;;;CAUZ,MAAM,oBAAmC;AACvC,MAAI;AACF,SAAM,KAAK;WACJ,OAAO;AACd,WAAQ,KAAK,0DAA0D;;;;;;CAQ3E,AAAQ,8BAAoC;AAE1C,OAAK,2BAA2B,iBAAiB,SAAS,UAAU,UAAU;AAC5E,QAAK,qBAAqB;;;;;;;CAQ9B,MAAc,qBAAqB,OAAsC;AACvE,MAAI;AACF,WAAQ,MAAM,MAAd;IACE,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;IAEF,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;IAEF,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,sBAAsB;AACjD,WAAK,uBAAuB;AAC5B,WAAK,qBAAqB;;AAE5B;;WAEG,OAAO;AACd,WAAQ,KAAK,sDAAsD;;;;;;CAOvE,AAAQ;;;;CAKR,UAAgB;AACd,MAAI,KAAK,0BAA0B;AACjC,QAAK;AACL,QAAK,2BAA2B;;AAGlC,OAAK,qBAAqB;AAC1B,OAAK,kCAAkC;;CAGzC,0BAAqC;AACnC,MAAI,CAAC,KAAK,sBAAsB;AAC9B,WAAQ,MAAM;AAGd,UAAO;;AAET,SAAO,KAAK;;CAGd,wBAA4C;AAC1C,SAAO,KAAK;;;;;;CAOd,kCAAkC,MAGzB;EACP,MAAM,EAAE,eAAe,uBAAuB,QAAS;EACvD,MAAM,YAAY,KAAK,mBAAmB;EAC1C,MAAMC,OAA2B;GAC/B,GAAG;GACH,GAAI,sBAAsB;;AAG5B,MAAI,cACF,MAAK,uBAAuB;AAI9B,OAAK,2BAA2B;AAEhC,OAAK,qBAAqB;AAC1B,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;CAInD,eAAe,eAAgC;AAC7C,OAAK,uBAAuB;AAG5B,MAAI,CAAC,iBAAiB,SAAS,aAC7B,CAAK,KAAK,oBAAoB,eAAe,YAAY;AAK3D,MAAI,CAAC,iBAAiB,SAAS,gBAAgB,CAAC,KAAK,4BAA4B,CAAC,KAAK,qBAAqB;GAC1G,IAAIC,WAAoC;GACxC,MAAM,SAAU,YAAoB,UAAU,iBAAiB,WAAW,WAAW;AACrF,OAAI,OAAO,WAAW,UAAW,YAAW,SAAS,SAAS;AAC9D,OAAI,CAAC,SACH,KAAI;IACF,MAAM,SAAU,YAAoB,cAAc,UAAU;AAC5D,QAAI,WAAW,UAAU,WAAW,QAAS,YAAW;WAClD;AAIV,OAAI,YAAY,aAAa,KAAK,mBAAmB,MAEnD,CAAK,KAAK,aAAa;AAEzB,QAAK,2BAA2B;;;;;;CAOpC,MAAc,oBAAoB,eAAyC;AACzE,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,CAAC,QAAQ,KAAK,kBAAkB,cAAe;AACnD,MAAI,MAAM,aAAa,oBAAoB;GACzC,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR,GAAG,KAAK,YAAY;;AAEtB,QAAK,+BAA+B,KAAK;AACzC,OAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;;;;;CAQrD,MAAM,qBAAoC;AACxC,QAAM,KAAK,oBAAoB,KAAK;;;;;CAMtC,mBAAmB,UAAgD;AACjE,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAEF,OAAK,+BAA+B,KAAK;AACzC,OAAK;;;;;CAMP,sBAAsB,QAAkC;EACtD,MAAM,YAAY,KAAK,mBAAmB;AAC1C,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR,GAAG;;AAEL,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;AAEjD,OAAK;;;;;CAMP,MAAM,mBAAkC;AACtC,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,MAAM;GACR,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,uBAAuB,KAAK;AAEjC,OAAI,KAAK,aAAa,oBAAoB;AACxC,SAAK,qBAAqB;KACxB,GAAG,KAAK;KACR,GAAG,KAAK,YAAY;;AAEtB,SAAK,+BAA+B,KAAK;AACzC,QAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;SAGjD,SAAQ,MAAM;QAGhB,SAAQ,MAAM;;;;;CAOlB,MAAM,mBAAkC;AACtC,MAAI;GACF,IAAIC,YAAmC,KAAK,wBAAwB;AACpE,OAAI,CAAC,WAAW;IACd,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,gBAAa,MAAc;;AAG7B,OAAI,CAAC,WAAW;AACd,YAAQ,KAAK;AACb;;AAIF,SAAM,iBAAiB,SAAS,kBAAkB,WAAW,EAC3D,oBAAoB,KAAK;WAEpB,OAAO;AACd,WAAQ,KAAK,oDAAoD;;;;;;CAOrE,MAAM,+BAAiE;EACrE,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI,QAAO;AAChB,MAAI;AACF,UAAO,MAAM,iBAAiB,SAAS,SAAS;WACzC,OAAO;AACd,WAAQ,MAAM,oDAAoD;AAClE,UAAO;;;CAIX,eAAiC;AAC/B,SAAO,KAAK,mBAAmB;;;;;CAMjC,MAAM,aAAa,OAAwC;EACzD,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI;AAET,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAGF,OAAK,+BAA+B,KAAK;AACzC,OAAK,kBAAkB;AACvB,MAAI;AACF,SAAM,iBAAiB,SAAS,SAAS,IAAI;WACtC,OAAO;AACd,WAAQ,KAAK,wDAAwD;;;;AAM3E,MAAM,0BAA0B,IAAI;AACpC,8BAAe;;;;;;;;;;;;ACxXf,IAAa,eAAb,MAAa,aAAa;CACxB,OAAe,WAAgC;CAE/C,AAAO,kBAAiC;CACxC,AAAO,wBAAuC;CAC9C,AAAO,gBAAkC;CACzC,AAAO,mBAAkC;CACzC,AAAO,qBAAgD;CACvD,AAAQ,gBAAoD;CAE5D,AAAQ,aAAqB;CAC7B,AAAQ,eAAqD;CAC7D,AAAQ,gBAAsD;CAG9D,AAAQ,iCAA8B,IAAI;CAC1C,AAAQ,oBAAmC;CAI3C,AAAiB,4BAA4B,IAAI;CACjD,AAAiB,4BAA4B,KAAK;CAClD,AAAiB,uBAAuB;CAGxC,AAAQ,cAAc;;;;CAKtB,OAAc,cAA4B;AACxC,MAAI,CAAC,aAAa,SAChB,cAAa,WAAW,IAAI;AAE9B,SAAO,aAAa;;;;;;;CAQtB,MAAa,oBAAoB,YAAuC;AACtE,MAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,iBAAkB;AAEnD,OAAK;AACL,OAAK,gBAAgB,WAAW,YAAY;AAC1C,QAAK,gBAAgB;AACrB,OAAI,KAAK,cAAe;GAExB,MAAM,MAAM,KAAK;GACjB,MAAM,eAAe,CAAC,KAAK,yBAA0B,MAAM,KAAK,yBAA0B,KAAK;GAC/F,MAAM,iBAAiB,CAAC,KAAK;AAC7B,OAAI,CAAC,gBAAgB,CAAC,eAAgB;AAEtC,OAAI;AACF,UAAM,KAAK,eAAe;YACnB,GAAG;AAEV,YAAQ,MAAM,sDAAsD;;KAErE,KAAK;;;;;CAMV,AAAO,eAAe,eAA0B,kBAAgC;AAC9E,OAAK,gBAAgB;AACrB,OAAK,mBAAmB;AACxB,OAAK;;;;;CAMP,AAAO,QAAc;AACnB,OAAK,kBAAkB;AACvB,OAAK,wBAAwB;AAC7B,OAAK,gBAAgB;AACrB,OAAK,mBAAmB;AACxB,OAAK,qBAAqB;AAC1B,OAAK;AACL,OAAK;AACL,OAAK,gBAAgB;AACrB,OAAK,eAAe;AACpB,OAAK,oBAAoB;;;;;;CAO3B,MAAa,2BAA2B,YAAwB,MAAyD;AAGvH,MAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,iBAC/B,OAAM,IAAI,MAAM;EAGlB,MAAM,QAAQ,MAAM,UAAU;AAC9B,SAAO,MAAM,KAAK,eAAe,YAAY;;;;;CAM/C,AAAQ,+BAA+B,YAA8B;AACnE,MAAI,CAAC,KAAK,mBAAmB,CAAC,KAAK,sBAAuB;AAC1D,MAAI,KAAK,cAAe;EAExB,MAAM,MAAM,KAAK;EACjB,MAAM,WAAW,MAAM,KAAK;EAC5B,MAAM,WAAW,MAAM,KAAK;EAE5B,MAAM,eAAe,KAAK,4BAA4B;EACtD,MAAM,eAAe,KAAK,4BAA4B;AAGtD,MAAI,YAAY,gBAAgB,YAAY,cAAc;AACxD,QAAK;AAEL,GAAK,KAAK,eAAe,YACtB,OAAO,UAAU,QAAQ,KAAK,8CAA8C;AAC/E;;EAIF,MAAM,mBAAmB,KAAK,IAAI,GAAG,eAAe;EACpD,MAAM,mBAAmB,KAAK,IAAI,GAAG,eAAe;EACpD,MAAM,QAAQ,KAAK,IAAI,kBAAkB;AAGzC,OAAK;AACL,OAAK,eAAe,iBAAiB;AACnC,QAAK,eAAe;AACpB,OAAI,KAAK,cAAe;AACxB,GAAK,KAAK,eAAe,YACtB,OAAO,UAAU,QAAQ,KAAK,8CAA8C;KAC9E;;;;;CAML,MAAc,eAAe,YAAwB,QAAiB,OAAoC;AAGxG,MAAI,KAAK,iBAAiB,CAAC,MACzB,QAAO,KAAK;EAGd,MAAM,oBAAoB,KAAK;EAC/B,MAAM,oBAAoB,KAAK;EAE/B,MAAM,YAAa,EAAE,KAAK;EAC1B,MAAM,gBAAgB,YAAY;AAChC,OAAI;IAEF,MAAM,MAAM,KAAK;IACjB,MAAM,eAAe,SAAS,CAAC,KAAK,mBAAoB,MAAM,KAAK,mBAAoB,KAAK;IAC5F,MAAM,eAAe,SAAS,CAAC,KAAK,yBAA0B,MAAM,KAAK,yBAA0B,KAAK;IAExG,IAAI,gBAAgB,KAAK,oBAAoB;IAC7C,IAAI,gBAAgB,KAAK,oBAAoB;IAC7C,IAAI,cAAc,KAAK,oBAAoB;IAE3C,MAAM,iBAAiB,gBAAgB,CAAC;IACxC,MAAM,aAAa,gBAAgB,CAAC,iBAAiB,CAAC;IAGtD,IAAIC,iBAA0B,iBAAiB;IAC/C,IAAIC,aAAsB;IAG1B,IAAIC,iBAA0B;IAC9B,IAAIC,aAAsB;IAC1B,MAAMC,QAAyB;AAE/B,QAAI,eACF,OAAM,MAAM,YAAY;AACtB,SAAI;AACF,uBAAiB,MAAM,WAAW,cAAc,mBAAoB;cAC7DC,OAAgB;MACvB,MAAM,MAAM,aAAa;MACzB,MAAM,YAAY,IAAI,SAAS,mCAC1B,IAAI,SAAS,2BACb,IAAI,SAAS,yBACb,IAAI,SAAS;AAClB,UAAI,WAAW;AAEb,eAAQ,MAAM;AACd,wBAAiB;YAEjB,kBAAiB;;;AAMzB,QAAI,WACF,OAAM,MAAM,YAAY;AACtB,SAAI;AACF,mBAAa,MAAM,WAAW,UAAU,EAAE,UAAU;cAC7CC,KAAc;AAErB,mBAAa;;;AAKnB,QAAI,MAAM,SAAS,EACjB,OAAM,QAAQ,IAAI;AAGpB,QAAI,eACF,OAAM;AAER,QAAI,WACF,OAAM;AAIR,QAAI,eACF,KAAI,gBAAgB,gBAClB,iBAAgB;QAGhB,iBAAgB,KAAK,oBAAoB,iBAAiB;AAI9D,QAAI,YAAY;AACd,SAAI,CAAC,cAAc,YACjB,OAAM,IAAI,MAAM;AAElB,qBAAgB,OAAO,WAAW,OAAO;AACzC,mBAAc,WAAW,OAAO;;IAIlC,IAAI,gBAAgB,KAAK,UACvB,eAAe,UAAU,SAAa,OAAO,cAAc,SAAS,KAAM,IAC1E,KAAK,oBAAoB,YAAY,OAAO,KAAK,mBAAmB,aAAa,IACjF,KAAK,oBAAoB,OAAO,KAAK,qBAAqB,KAAK;AAEjE,QAAI,iBAAiB,GAAI,iBAAgB;IACzC,MAAM,YAAY,cAAc;IAEhC,MAAMC,qBAAyC;KAC7C,kBAAkB;KACH;KACf;KACe;KACF;;AAKf,QACE,sBAAsB,KAAK,iBAC3B,sBAAsB,KAAK,oBAC3B,cAAc,KAAK,YACnB;AACA,UAAK,qBAAqB;KAC1B,MAAMC,QAAM,KAAK;AACjB,SAAI,eAAgB,MAAK,kBAAkBA;AAC3C,SAAI,WAAY,MAAK,wBAAwBA;;AAY/C,WAAO;YACA,OAAO;AACd,YAAQ,MAAM,8DAA8D;AAC5E,UAAM;aACE;AAER,QAAI,cAAc,KAAK,WACrB,MAAK,gBAAgB;;;AAK3B,OAAK,gBAAgB;AACrB,SAAO;;;;;;CAOT,AAAO,wBAA4C;AACjD,MAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;EAIlB,MAAM,MAAM,KAAK;EACjB,MAAM,SAAS,KAAK;AAEpB,MAAI,KAAK,mBAAoB,MAAM,KAAK,kBAAmB,OACzD,SAAQ,KAAK;AAGf,SAAO,KAAK;;;;;CAMd,AAAO,8BAA8B,WAAmB,KAAgB;AACtE,MAAI,CAAC,KAAK,sBAAsB,CAAC,KAAK,gBACpC,QAAO;EAGT,MAAM,MAAM,KAAK;AACjB,SAAQ,MAAM,KAAK,mBAAoB;;;;;CAMzC,AAAO,0BAAgC;AACrC,OAAK,qBAAqB;AAC1B,OAAK,kBAAkB;AACvB,OAAK,wBAAwB;AAC7B,OAAK;AACL,OAAK;AACL,OAAK,gBAAgB;AACrB,OAAK,eAAe;AACpB,OAAK,oBAAoB;;;;;;;CAQ3B,MAAa,WAAW,YAAwB,MAAqE;AACnH,MAAI,MAAM,kBACR,KAAI;AAAE,QAAK;UAA4B;AAEzC,SAAO,MAAM,KAAK,eAAe,YAAY;;;;;;;;CAS/C,AAAO,cAAc,QAAgB,GAAa;AAChD,MAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;AAGlB,MAAI,SAAS,EAAG,QAAO;EAEvB,MAAM,QAAQ,KAAK,oBACf,OAAO,KAAK,qBAAqB,KACjC,OAAO,KAAK,mBAAmB;EAGnC,MAAMC,UAAoB;AAC1B,OAAK,IAAI,IAAI,GAAG,IAAI,OAAO,KAAK;GAC9B,MAAM,aAAa,QAAQ,OAAO,IAAI;AACtC,OAAI,KAAK,eAAe,IAAI,WAC1B,OAAM,IAAI,MAAM,SAAS,UAAU;AAErC,WAAQ,KAAK;;EAIf,MAAM,SAAS,IAAI,IAAI,KAAK;AAC5B,OAAK,MAAM,KAAK,QAAS,QAAO,IAAI;AACpC,OAAK,iBAAiB;AACtB,OAAK,oBAAoB,QAAQ,QAAQ,SAAS;AAElD,UAAQ,MAAM,4BAA4B,MAAM,WAAW;AAC3D,SAAO;;;;;;CAOT,AAAO,aAAa,OAAqB;AACvC,MAAI,KAAK,eAAe,IAAI,QAAQ;AAClC,QAAK,eAAe,OAAO;AAC3B,WAAQ,MAAM,kCAAkC;;;;;;CAOpD,AAAO,mBAAyB;EAC9B,MAAM,QAAQ,KAAK,eAAe;AAClC,OAAK,eAAe;AACpB,OAAK,oBAAoB;AACzB,UAAQ,MAAM,gCAAgC,MAAM;;;;;;;;CAStD,MAAa,0BAA0B,YAAwB,aAAoC;AACjG,MAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,iBAC/B,OAAM,IAAI,MAAM;AAGlB,MAAI;GAEF,MAAM,gBAAgB,MAAM,WAAW,cAAc,KAAK,eAAe,KAAK;AAE9E,OAAI,CAAC,iBAAiB,cAAc,UAAU,OAC5C,OAAM,IAAI,MAAM,+CAA+C,KAAK;GAGtE,MAAM,mBAAmB,OAAO,cAAc;GAC9C,MAAM,oBAAoB,OAAO;AAKjC,OAAI,mBAAmB,oBAAoB,OAAO,GAChD,SAAQ,KACN,gCAAgC,iBAAiB,qBAAqB,oBAAoB,OAAO,GAAG;GAOxG,MAAM,gBAAgB,KAAK,UACzB,mBAAmB,IACnB,oBAAoB,IACpB,KAAK,oBAAoB,YAAY,OAAO,KAAK,mBAAmB,aAAa,IACjF,KAAK,oBAAoB,OAAO,KAAK,qBAAqB,KAAK;AAIjE,OAAI,KAAK,oBAAoB;AAC3B,SAAK,mBAAmB,gBAAgB;AACxC,SAAK,mBAAmB,YAAY,cAAc;SAGlD,MAAK,qBAAqB;IACxB,kBAAkB,KAAK;IACR;IACf,WAAW,cAAc;IAEzB,eAAe;IACf,aAAa;;AAGjB,QAAK,kBAAkB,KAAK;AAG5B,QAAK,aAAa;AAGlB,OAAI,KAAK,eAAe,OAAO,GAAG;IAChC,MAAM,EAAE,KAAK,WAAW,iBAAiB,KAAK,cAAc,kBAAkB,KAAK;AACnF,SAAK,iBAAiB;AACtB,SAAK,oBAAoB;;AAG3B,WAAQ,MACN,4CAA4C,iBAAiB,UAAU,kBAAkB,QAAQ,KAAK,mBAAoB;WAGnHC,OAAgB;GACvB,MAAM,MAAM,aAAa;AAEzB,OAAI,IAAI,SAAS,mCAAmC,IAAI,SAAS,wBAC/D,KAAI;IACF,MAAM,oBAAoB,OAAO;IACjC,MAAM,gBAAgB,KAAK,UACzB,oBAAoB,IACpB,KAAK,oBAAoB,YAAY,OAAO,KAAK,mBAAmB,aAAa,IACjF,KAAK,oBAAoB,OAAO,KAAK,qBAAqB,KAAK;AAEjE,QAAI,KAAK,mBACP,MAAK,mBAAmB,YAAY,cAAc;QAEpD,MAAK,qBAAqB;KACxB,kBAAkB,KAAK;KACvB,eAAe;KACf,WAAW,cAAc;KACzB,eAAe;KACf,aAAa;;AAGjB,SAAK,kBAAkB,KAAK;AAC5B,YAAQ,MAAM,4EAA4E,KAAK,oBAAoB;AACnH;WACM;AAEV,WAAQ,KAAK,2DAA2D;;;;;;;;CAU5E,AAAO,eAAuB;EAC5B,MAAM,SAAS,KAAK,cAAc;AAClC,SAAO,OAAO;;CAGhB,AAAQ,oBAA0B;AAChC,MAAI,KAAK,cAAc;AACrB,gBAAa,KAAK;AAClB,QAAK,eAAe;;;CAGxB,AAAQ,qBAA2B;AACjC,MAAI,KAAK,eAAe;AACtB,gBAAa,KAAK;AAClB,QAAK,gBAAgB;;;CAKzB,AAAQ,UAAU,GAAG,QAA0B;AAC7C,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,SAAO,OAAO,QAAQ,GAAG,MAAO,IAAI,IAAI,IAAI;;CAI9C,AAAQ,cAAc,kBAA0B,UAA0E;EACxH,MAAM,yBAAS,IAAI;EACnB,IAAIC,UAAyB;AAC7B,OAAK,MAAM,KAAK,SACd,KAAI;GACF,MAAM,KAAK,OAAO;AAClB,OAAI,KAAK,kBAAkB;AACzB,WAAO,IAAI;AACX,QAAI,YAAY,QAAQ,KAAK,QAAS,WAAU;;UAE5C;AAIV,SAAO;GACL,KAAK;GACL,cAAc,UAAU,QAAQ,aAAa;;;;AAOnD,SAAS,gBAAgB,GAAgC;AACvD,KAAI,CAAC,SAAS,GAAI,QAAO;AAEzB,QAAO,SAAU,EAA0B;;AAG7C,SAAS,cAAc,GAA8B;AACnD,KAAI,CAAC,SAAS,GAAI,QAAO;CACzB,MAAM,IAAK,EAA2B;AACtC,KAAI,CAAC,SAAS,GAAI,QAAO;CACzB,MAAM,SAAU,EAA2B;CAC3C,MAAM,OAAQ,EAAyB;AACvC,QAAO,SAAS,WAAW,SAAS;;AAGtC,SAAS,2BAA0C;AACjD,QAAO;EACL,OAAO,OAAO;EACd,YAAY;EACZ,YAAY;EACZ,cAAc;;;AAKlB,MAAM,uBAAuB,aAAa;AAC1C,2BAAe;;;;ACjmBf,IAAI,wBAAwB;AAM5B,SAAgB,2BAAoC;AAClD,QAAO;;;;;;;;;;;;;;AC0CT,IAAa,kBAAb,MAA6B;CAC3B,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAQ,mBAA2B;CAEnC,AAAQ,0CAA+C,IAAI;CAE3D,AAAS;CAET,YAAY,sBAAqC,YAAwB;AACvE,OAAK,uBAAuB;AAC5B,OAAK,aAAa;AAElB,OAAK,gBAAgB,IAAI,cACvB,qBAAqB,cAAc,cACnC;AAEF,OAAK,yBAAyBC;AAE9B,MAAI;AACF,QAAK,uBAAuB,uBAAuB,qBAAqB;UAClE;AACR,OAAK,eAAeC;EACpB,MAAM,EAAE,qBAAqB;AAE7B,OAAK,mBAAmB,IAAI,iBAC1B;GACE,aAAa,kBAAkB,aAAa;GAC5C,gBAAgB,kBAAkB,aAAa;GAC/C,sBAAsB,kBAAkB,aAAa;GACrD,uBAAuB,kBAAkB,aAAa;KAExD;GACE,eAAe,KAAK;GACpB,YAAY,KAAK;GACjB,WAAW;GACX,wBAAwB,KAAK;GAC7B,cAAc,KAAK;GACnB,cAAc,KAAK,cAAc;GACjC,iBAAiB,qBAAqB;;AAG1C,OAAK,sBAAsB,IAAI,oBAC7B,KAAK,kBACL,YACA,KAAK,wBACL,KAAK,cACL,qBAAqB,cAAc,cACnC,MACA,qBAAqB;AAKvB,OAAK,mBAAmB,8BAA8B,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS;AAC/G,OAAK,oBAAoB,oBAAoB,KAAK;AAClD,OAAK,iBAAiB,sBAAsB,KAAK;AAGjD,MAAI,OAAO,WAAW,YACpB,uBAAsB,QAAQ;GAC5B,MAAM,SAAS,IAAI,IAAI,KAAK,OAAO,SAAS,QAAQ;AACpD,OAAI,UAAU,WAAW,KAAK,kBAAkB;AAC9C,SAAK,mBAAmB;AACxB,SAAK,oBAAoB,oBAAoB;AAC7C,SAAK,iBAAiB,sBAAsB;;;EAOlD,MAAM,gCACJ,CAAC,CAAC,qBAAqB,cAAc,gBAAgB,CAAC;AACxD,MAAI,CAAC,8BACH,CAAK,KAAK,uBAAuB,oBAAoB,YAAY;;;;;;CAQrE,uBAA6B;AAC3B,MAAI,OAAO,WAAW,eAAe,OAAQ,OAAe,WAAW,YAAa;AAEpF,MAAI,KAAK,oBAAoB,KAAK,qBAAqB,OAAO,SAAS,OAAQ;AAC/E,OAAK,oBAAoB,oBAAoB,YAAY;;;;;;;;;CAU3D,MAAM,sBAAsB,eAAuC;AAEjE,MAAI,cACF,OAAM,KAAK,sBAAsB,YAAY,gBAAgB,KAAK,YAAY,YAAY;AAG5F,QAAM,KAAK,aAAa,oBAAoB,KAAK,YAAY,YAAY;AAEzE,MAAI,cACF,OAAM,iBAAiB,gBAAgB,YAAY,gBAAgB,YAAY;AAGjF,OAAK;;;;;;CAOP,UAAkB;AAChB,SAAO,KAAK,cAAc;;;CAI5B,kBAAgC;AAC9B,SAAO,KAAK;;;;;;;;;;;CAYd,AAAQ,kBAAkB,QAAwB;AAChD,SAAQ,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAClE,OAAO,eACP,GAAG,OAAO,GAAG,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;;CAGlE,AAAQ,iBAAiB,OAAoC;AAC3D,MAAI,OAAO,UAAU,YAAY,CAAC,OAAO,SAAS,UAAU,QAAQ,EAAG,QAAO;AAC9E,SAAO,KAAK,MAAM;;CAGpB,AAAQ,4BAA4B,MAMlC;EACA,MAAM,QAAQ,KAAK,iBAAiB,KAAK,UAClC,KAAK,qBAAqB,uBAAuB;EACxD,MAAM,gBAAgB,KAAK,iBAAiB,KAAK,kBAC1C,KAAK,qBAAqB,uBAAuB;AACxD,SAAO;GAAE;GAAO;;;CAGlB,AAAQ,kCAAkC,eAAkC;EAC1E,MAAM,MAAM,OAAO,YAAY;EAC/B,MAAM,WAAW,KAAK,wBAAwB,IAAI;AAClD,MAAI,SAAU,QAAO;EACrB,MAAM,YAAY,KAAK,kBAAkB;AACzC,OAAK,wBAAwB,IAAI,KAAK;AACtC,SAAO;;CAGT,MAAc,mBAAsB,MAKrB;AACb,MAAI,OAAO,KAAK,YAAY,WAC1B,OAAM,IAAI,MAAM;EAElB,MAAM,aAAa,KAAK,aAAa,IAAI,WAAW,KAAK,SAAS,KAAK,kBAAkB,KAAK,UAAU;AACxG,MAAI,CAAC,UACH,OAAM,IAAI,MAAM;AAElB,SAAO,MAAM,KAAK,2BAA2B;GAAE;GAAW,SAAS,KAAK;GAAS,SAAS,KAAK;;;CAGjG,MAAc,2BAA8B,MAI7B;EACb,MAAM,aAAa,MAAM,KAAK,iBAAiB,4BAA4B,KAAK;AAChF,QAAM,KAAK,oBAAoB,2BAA2B,KAAK,WAAW,EAAE;AAC5E,MAAI;AAIF,OAAI,KAAK,QACP,OAAM,KAAK,iBAAiB,+BAA+B;IACzD,WAAW,KAAK;IAChB,YAAY,KAAK,QAAQ;;AAG7B,UAAO,MAAM,KAAK,QAAQ,KAAK;YACvB;AACR,QAAK,oBAAoB,sBAAsB,KAAK;;;;;;;;;;CAWxD,MAAM,0CAA0C,QAKO;AACrD,SAAO,KAAK,iBAAiB,0CAA0C;GACrE,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,eAAe,OAAO;GACtB,4BAA4B,OAAO;GACnC,YAAY,KAAK,qBAAqB;GACtC,YAAY,KAAK,qBAAqB;;;;;;;;;CAU1C,MAAc,mCAAmC,MAG/B;EAChB,MAAM,gBAAgB,YAAY,KAAK;EAIvC,MAAM,CAAC,MAAM,UAAU,MAAM,QAAQ,IAAI,CACvC,iBAAiB,SAAS,cAAc,YAAY,OACpD,iBAAiB,SAAS,qBAAqB,eAAe,YAAY;EAG5E,MAAM,eACH,QAAQ,KAAK,kBAAkB,iBAAiB,OAAO,KAAK,iBAAiB,WAC1E,KAAK,eACJ,UAAU,OAAO,OAAO,iBAAiB,WACxC,OAAO,eACP;AAER,MAAI,iBAAiB,KACnB,OAAM,IAAI,MAAM,qCAAqC,cAAc;EAKrE,MAAM,gBAAgB,MAAM,iBAAiB,SAAS,gBAAgB,eAAe,cAAc,YAAY;EAC/G,MAAM,sBAAsB,eAAe;EAG3C,MAAM,mBAAmB,MAAM,iBAAiB,WAAW,gBAAgB,eAAe;AAC1F,MAAI,CAAC,kBAAkB;AACrB,WAAQ,MAAM,+DAA+D;IAC3E,eAAe,OAAO;IACtB;;AAEF,SAAM,IAAI,MAAM,uCAAuC;;EAGzD,MAAM,cAAc,iBAAiB,eAAe;AACpD,MAAI,CAAC,aAAa;AAChB,WAAQ,MAAM,qEAAqE;IACjF,eAAe,OAAO;IACtB;;AAEF,SAAM,IAAI,MAAM;;AAGlB,MAAI;AACF,SAAM,KAAK,iBAAiB,sBAAsB;IAChD,WAAW,KAAK;IAChB;IACA;IACA;;WAEK,OAAO;AACd,WAAQ,MAAM,+CAA+C;IAC3D,eAAe,OAAO;IACtB,WAAW,KAAK;IAChB;;AAEF,SAAM;;;CAIV,uCAAuC,EACrC,eACA,WACA,oBAK4C;AAC5C,SAAO,KAAK,cAAc,uCAAuC;GAC/D;GACA;GACA;;;;;;;;CAaJ,MAAM,+BACJ,WACA,cACuB;AACvB,SAAO,KAAK,iBAAiB,+BAA+B,cAAc;;;;;;;CAQ5E,MAAM,yBAAyB,cAAmD;AAChF,SAAO,KAAK,iBAAiB,yBAAyB;;;;;;;;;;;CAYxD,MAAM,4BAA4B,MAO/B;AACD,SAAO,KAAK,iBAAiB,4BAA4B;GACvD,cAAc,KAAK;GACnB,cAAc,KAAK;GACnB,WAAW,KAAK;;;;;;CAOpB,MAAM,0CAA0C,EAC9C,YACA,eACA,WAeA;AACA,SAAO,KAAK,mBAAmB;GAC7B,QAAQ;GACR,SAAS,EAAE;GACX,UAAU,cACR,KAAK,oBAAoB,0CAA0C;IACjE;IACA,eAAe,YAAY;IAC3B;IACA;;;;;;;;;;;;;;;;;;;;;;;CAyBR,MAAM,qCAAqC,MAWxC;EACD,MAAM,EAAE,eAAe,YAAY,cAAc,cAAc,8BAA8B;EAC7F,MAAM,aAAa,KAAK,qBAAqB;AAE7C,MAAI;GAEF,MAAM,YAAY,gBAAgB,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM,GAAG;GAGpF,MAAM,mBAAmB,MAAM,iBAAiB,WAAW,gBACzD,eACA;AAEF,OAAI,CAAC,iBACH,OAAM,IAAI,MAAM,sCAAsC,cAAc,UAAU;GAGhF,MAAM,cAAc,iBAAiB;AACrC,OAAI,CAAC,YACH,OAAM,IAAI,MAAM,mCAAmC,cAAc,UAAU;GAI7E,MAAM,aAAa,MAAM,KAAK,iBAAiB,4BAA4B;AAC3E,SAAM,KAAK,oBAAoB,2BAA2B,WAAW,EAAE;AAKvE,SAAM,KAAK,iBAAiB,+BAA+B;IACzD;IACA;IACA;;GAIF,MAAM,qBAAqB,MAAM,KAAK,aAAa,2BAA2B,KAAK;GAInF,IAAI,eAAe;GAEnB,MAAM,oBAAoB,gBAAgB,aAAa;GAIvD,MAAM,eAAe,MAAM,KAAK,oBAAoB,8BAA8B;IAChF;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,2BAA2B;;AAG7B,UAAO;IACL,SAAS;IACT,WAAW,aAAa;IACxB,mBAAmB,aAAa;;WAG3BC,OAAY;AACnB,WAAQ,MAAM,0EAA0E;AACxF,UAAO;IACL,SAAS;IACT,OAAO,MAAM,WAAW,OAAO;;;;;;;;;;;;;;;CAgBrC,MAAM,iBAAiB,EACrB,YACA,eACA,cACA,eAAe,QAYd;AACD,MAAI;GACF,MAAM,YAAY,MAAM,KAAK,iBAAiB,wBAAwB;IACpE;IACA;IACA;IACA;;GAGF,MAAMC,SAMF;IACF,SAAS;IACT,cAAc,UAAU;IACxB,qBAAqB,UAAU;IAC/B,cAAc,UAAU;IACxB,2BAA2B,UAAU;;AAGvC,UAAO;WAEAD,OAAY;AACnB,WAAQ,MAAM,kDAAkD;AAChE,SAAM,IAAI,MAAM,iCAAiC,MAAM;;;;;;;CAQ3D,MAAM,iBAAiB,EACrB,eACA,qBACA,cAKgD;AAChD,MAAI;GACF,MAAM,eAAe,MAAM,KAAK,iBAAiB,iBAAiB;IAChE;IACA;IACA;;AAGF,OAAI,CAAC,aAAa,SAAS;AACzB,YAAQ,MAAM;AACd,WAAO;KAAE,SAAS;KAAO,OAAO;;;AAIlC,QAAK,oBAAoB,oBAAoB,YAAY;AAEzD,UAAO,EAAE,SAAS;WAEXA,OAAY;AACnB,WAAQ,MAAM,+CAA+C,MAAM;AACnE,UAAO;IAAE,SAAS;IAAO,OAAO,MAAM;;;;;;;;;;CAU1C,MAAM,6BAA6B,EACjC,eACA,YACA,mBACA,eAMgD;EAChD,MAAM,SAAS,MAAM,KAAK,iBAAiB,6BAA6B;GACtE;GACA;GACA;GACA;;AAGF,SAAO;GACL,SAAS,OAAO;GAChB,OAAO,OAAO;;;;;;;CAQlB,MAAM,sCAA0E;EAC9E,MAAM,MAAM,MAAM,KAAK,iBAAiB;AACxC,SAAO;GACL,mBAAmB,IAAI;GACvB,YAAY,IAAI;GAChB,aAAa,IAAI;;;;;;CAOrB,MAAM,gCACJ,eACA,iBACe;AACf,QAAM,iBAAiB,SAAS,WAAW,eAAe,EACxD,2BAA2B;GACzB,mBAAmB,gBAAgB;GACnC,YAAY,gBAAgB;GAC5B,aAAa,gBAAgB;GAC7B,WAAW,KAAK;;;CAKtB,MAAM,kBAAiC;AAErC,MAAI,OAAO,WAAW,eAAe,KAAK,qBAAqB,OAAO,SAAS,OAC7E;AAEF,SAAO,MAAM,KAAK,iBAAiB;;;;;CAMrC,MAAM,iBAIH;AACD,SAAO,KAAK,iBAAiB;;;;;;;;;;;;CAa/B,MAAM,iCAAiC,MAapC;EACD,MAAM,gBAAgB,YAAY,KAAK;EACvC,MAAM,YAAY,KAAK,kCAAkC;EAGzD,MAAM,YAAY,MAAM,KAAK,iBAAiB;AAC9C,MAAI,CAAC,UAAU,OACb,OAAM,IAAI,MAAM;AAElB,MAAI,CAAC,UAAU,iBAAiB,OAAO,UAAU,mBAAmB,OAAO,eACzE,OAAM,IAAI,MAAM;EAIlB,MAAM,eAAe,MAAM,4BAA4B,eAAe,iBAAiB;EACvF,MAAM,mBAAmB,MAAM,iBAAiB,WAAW,gBAAgB,eAAe;AAC1F,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,sCAAsC,cAAc,UAAU;EAEhF,MAAM,cAAc,iBAAiB,eAAe;AACpD,MAAI,CAAC,YACH,OAAM,IAAI,MAAM;EAIlB,MAAM,EAAE,OAAO,kBAAkB,KAAK,4BAA4B;AAElE,QAAM,KAAK,iBAAiB,+BAA+B;GACzD;GACA;GACA,YAAY,KAAK;GACjB,YAAY,KAAK;GACjB;GACA;GACA,YAAY,KAAK;;AAGnB,SAAO,MAAM,KAAK,iBAAiB,mBAAmB,EAAE;;;;;;CAO1D,MAAM,4BAA4B,eAM/B;EACD,MAAM,YAAY,KAAK,kCAAkC;AACzD,SAAO,MAAM,KAAK,iBAAiB,mBAAmB,EAAE;;;;;CAM1D,MAAM,mBAII;AACR,MAAI;GACF,MAAM,WAAW,KAAK,sBAAsB,kBAAkB,aAAa;AAC3E,OAAI,CAAC,SAAU,QAAO;GACtB,MAAM,MAAM,MAAM,MAAM,GAAG,SAAS,mBAAmB,EAAE,QAAQ;AACjE,OAAI,CAAC,IAAI,GAAI,QAAO;GACpB,MAAM,OAAO,MAAM,IAAI;AACvB,UAAO;IACL,cAAc,MAAM,gBAAgB;IACpC,QAAQ,MAAM,UAAU;IACxB,aAAa,MAAM,QAAQ,MAAM,eAAe,KAAK,cAAc;;UAE/D;AACN,UAAO;;;;;;;CAQX,MAAM,4BAA4B,eAA4C;AAC5E,MAAI;GACF,MAAM,WAAW,KAAK,sBAAsB,kBAAkB,aAAa;AAC3E,OAAI,CAAC,SAAU,QAAO;GACtB,MAAM,WAAW,MAAM,KAAK;GAC5B,MAAM,SAAS,UAAU;AACzB,OAAI,CAAC,UAAU,CAAC,OAAO,cAAc,CAAC,OAAO,qBAAqB,CAAC,OAAO,YAAa,QAAO;GAE9F,MAAM,UAAU,MAAM,KAAK;GAC3B,MAAM,eAAe,SAAS;AAC9B,OAAI,CAAC,gBAAgB,iBAAiB,OAAO,YAAa,QAAO;GAEjE,MAAM,SAAS,MAAM,KAAK;GAC1B,MAAM,SAAS,OAAO,UAAU,OAAO,kBAAkB;AACzD,OAAI,CAAC,OAAQ,QAAO;GAEpB,MAAM,YAAY,MAAM,KAAK;AAC7B,SAAM,KAAK,gCAAgC,eAAe;AAC1D,UAAO;UACD;AACN,UAAO;;;CAQX,MAAM,cAAc,UAA6C;AAC/D,QAAM,iBAAiB,SAAS,sBAAsB;GACpD,GAAG;GACH,cAAc,SAAS,gBAAgB;GACvC,SAAS,SAAS,WAAW;;;CAIjC,MAAM,cAAyC;AAC7C,SAAO,MAAM,iBAAiB,SAAS;;CAGzC,MAAM,gBAAgB,eAA0B,cAAsD;AACpG,SAAO,MAAM,iBAAiB,SAAS,gBAAgB,eAAe;;CAGxE,MAAM,cAA8C;AAClD,SAAO,MAAM,iBAAiB,SAAS;;CAGzC,MAAM,wBAAwB,eAA8D;AAC1F,SAAO,MAAM,iBAAiB,SAAS,wBAAwB;;CAGjE,MAAM,gBAAgB,eAAyC;AAC7D,SAAO,MAAM,iBAAiB,SAAS,gBAAgB;;;;;;;CAQzD,MAAM,YAAY,eAA0B,eAAuB,GAAkB;AACnF,SAAO,MAAM,iBAAiB,SAAS,YAAY,eAAe;;;;;;;;;;CAYpE,MAAM,sBACJ,eACA,YACe;EACf,MAAM,YAAY,YAAY;EAI9B,IAAIE,oBAAmC;EACvC,MAAM,WAAW,MAAM,iBAAiB,SAAS,cAAc,YAAY;AAC3E,MACE,YACA,YAAY,SAAS,mBAAmB,aACxC,OAAO,SAAS,SAAS,cAEzB,qBAAoB,SAAS;AAG/B,MAAI,sBAAsB,MAAM;GAC9B,MAAM,iBAAiB,MAAM,iBAAiB,SAC3C,gBAAgB,WAAW,GAC3B,YAAY;AACf,OAAI,kBAAkB,OAAO,SAAS,eAAe,cACnD,qBAAoB,eAAe;;AAIvC,MAAI,sBAAsB,KACxB,qBAAoB;AAGtB,QAAM,KAAK,YAAY,WAAW;AAGlC,OAAK,uBAAuB,eAAe;AAE3C,QAAM,KAAK,uBAAuB,qBAAqB,YAAY;EAGnE,MAAM,WAAW,MAAM,iBAAiB,SACrC,gBAAgB,WAAW,mBAC3B,YAAY;AACf,MAAI,YAAY,SAAS,oBACvB,MAAK,aAAa,eAAe,WAAW,SAAS;AAIvD,MAAI,WACF,OAAM,KAAK,aACR,oBAAoB,YACpB,OAAO,gBAAgB,QAAQ,MAAM,gFAAgF;;CAI5H,MAAM,aAAa,eAA4D;AAC7E,SAAO,MAAM,iBAAiB,SAAS,aAAa;;CAGtD,MAAM,mBAAmB,mBAUP;EAChB,MAAM,eAAe,OAAO,kBAAkB;EAC9C,MAAM,yBAAyB,OAAO,cAAc,iBAAiB,gBAAgB,IAAI,eAAe;EACxG,MAAM,WAAW;GACf,GAAG;GACH,eAAe,YAAY,kBAAkB;GAC7C,cAAc;;AAEhB,SAAO,MAAM,iBAAiB,SAAS,mBAAmB;;CAG5D,gBAAgB,eAAkC;AAChD,SAAO,iBAAiB,SAAS,gBAAgB;;CAGnD,MAAM,gBAAmB,UAA+C;AACtE,SAAO,MAAM,iBAAiB,SAAS,gBAAgB;;CAGzD,MAAM,yBAAyB,eAAyC;AACtE,SAAO,MAAM,iBAAiB,SAAS,yBAAyB;;CAGlE,MAAM,qBAAqB,eAA4C;AACrE,SAAO,MAAM,iBAAiB,SAAS,qBAAqB;;;;;CAM9D,MAAM,4BAA4B,EAChC,eACA,YACA,WACA,qBACA,cACA,6BAQgB;AAChB,QAAM,KAAK,gBAAgB,OAAO,OAAO;GAEvC,MAAMC,eAAuB,WAAW;GACxC,MAAMC,kBAA0B,WAAW,SAAS;GACpD,MAAMC,aAAuB,WAAW,UAAU;AAElD,SAAM,KAAK,mBAAmB;IACb;IACD;IACd,qBAAqB,MAAM,KAAK,qBAAqB;IACrD;IACA,MAAM,mBAAmB,KAAK,gBAAgB;IAC9C,6BAAY,IAAI,QAAO;IACvB,2BAAU,IAAI,QAAO;IACP;;AAIhB,SAAM,KAAK,cAAc;IACvB;IACA,cAAc;IACd,qBAAqB;IACrB,aAAa,KAAK;IAClB,mBAAmB;KACjB,IAAI,WAAW;KACf,OAAO;;IAET,qBAAqB;KACnB,sBAAsB,oBAAoB;KAC1C,mBAAmB,oBAAoB;;IAEzC,SAAS;IACT,2BAA2B,4BAA4B;KACrD,mBAAmB,2BAA2B;KAC9C,YAAY,2BAA2B;KACvC,aAAa,2BAA2B;KACxC,WAAW,KAAK;QACd;;AAGN,UAAO;;;;;;;;;;;;;;;;;;;;;CA0BX,MAAM,4BAA4B,EAChC,cACA,SACA,4BACA,OACA,MACA,WASmC;AAElC,MAAI,aAAa,WAAW,EAC1B,OAAM,IAAI,MAAM;EAElB,MAAM,kBAAkB,KAAK,kCAAkC,YAAY,QAAQ;AACnF,SAAO,KAAK,mBAAmB;GAC7B,WAAW;GACX,UAAU,cACR,KAAK,oBAAoB,4BAA4B;IACnD;IACA;IACA;IACA;IACA;IACA;IACA;;;;CAKT,MAAM,mBAAmB,EACvB,UACA,SACA,4BACA,OACA,MACA,WAcC;EACD,MAAM,gBAAgB,YAAY,QAAQ,iBAAiB,SAAS;EACpE,MAAMC,oBAAoC;GACxC,YAAY,QAAQ,cAAc,KAAK,qBAAqB;GAC5D,YAAY,QAAQ,cAAc,KAAK,qBAAqB;GAC5D;;AAGD,MAAI;GACF,MAAM,kBAAkB,KAAK,kCAAkC;AAC/D,UAAO,MAAM,KAAK,mBAAmB;IAAE,WAAW;IAAiB,UAAU,cAAc;AAEzF,aAAQ,MAAM,+CAA+C,EAAE;AAC/D,YAAO,KAAK,oBAAoB,mBAAmB;MACjD;MACA,SAAS;MACT;MACA;MACA;MACA;MACA;;;;WAGG,KAAK;AAEZ,WAAQ,MAAM,sCAAsC;AACpD,SAAM;;;CAIX,MAAM,kBAAkB,SAgBrB;AACA,MAAI;GACF,MAAM,kBAAkB,KAAK,kCAAkC,QAAQ;GACvE,MAAM,aAAa,KAAK,qBAAqB;GAC7C,MAAM,aAAc,KAAK,qBAAqB,WAAW,MAAM,KAAK,MAAM,KAAK,qBAAqB;GACpG,MAAM,SAAS,MAAM,KAAK,mBAAmB;IAC3C,WAAW;IACZ,UAAU,cACR,KAAK,oBAAoB,kBAAkB;KAAE,GAAG;KAAS;KAAW;KAAY;;;AAEnF,OAAI,OAAO,QACT,QAAO;OAER,OAAM,IAAI,MAAM,2BAA2B,OAAO,SAAS;WAEtDN,OAAY;AACnB,WAAQ,MAAM,2CAA2C;AACzD,UAAO;IACL,SAAS;IACT,WAAW;IACX,WAAW;IACX,WAAW;IACX,OAAO,MAAM,WAAW;;;;;;;CAU9B,MAAM,qBAAqB,4BAAyD;AAClF,SAAO,MAAM,KAAK,oBAAoB,qBAAqB;;;CAQ5D,MAAM,oCACJ,eACA,SACe;AACf,QAAM,KAAK,mBAAmB;GAAE,QAAQ;GAAkB,SAAS,OAAO,cAAc;AAGtF,UAAM,KAAK,mCAAmC;KAAE;KAAe;;AAI/D,WAAO,KAAK,oBAAoB,oBAAoB;KAClD;KACA,SAAS,SAAS;KAClB,OAAO,SAAS;KAChB;;;;;CAKP,MAAM,wBACJ,eACA,SAIsE;AAEtE,QAAM,KAAK,oCAAoC,eAAe;EAI9D,IAAI,WAAW,MAAM,KAAK;AAC1B,MAAI,CAAC,YAAY,SAAS,kBAAkB,cAC1C,YAAW,MAAM,iBAAiB,SAAS,qBAAqB;AAElE,SAAO;GACL,WAAW,OAAO;GAClB,WAAW,OAAO,UAAU,uBAAuB;GACnD,YAAY;;;CAQhB,MAAM,qBAAqB,EACzB,YACA,YACA,cACA,sBACA,WAcC;AACD,SAAO,MAAM,KAAK,oBAAoB,qBAAqB;GACzD;GACA;GACA;GACA;GACA;GACA,YAAY,KAAK,qBAAqB;;;;;;;;;;;CAgB1C,MAAM,0BACJ,0BACA,eAWC;AACD,MAAI;AAEF,OAAI,CAAC,yBACH,OAAM,IAAI,MACR;GAMJ,MAAM,aAAa,yBAAyB,wBAAwB,KAAK;AACzE,OAAI,CAAC,YAAY,SAAS,CAAC,YAAY,OACrC,OAAM,IAAI,MAAM;GAMjB,MAAM,SAAS,MAAM,KAAK,mBAAmB;IAC3C,QAAQ;IACR,SAAS,EAAE,YAAY;IACvB,UAAU,cACR,KAAK,oBAAoB,0BAA0B;KACjD,YAAY;KACZ;KACA;;;AAGN,UAAO;WAEDA,OAAY;AACnB,WAAQ,MAAM,4DAA4D;AAC1E,SAAM,IAAI,MAAM,4CAA4C,MAAM;;;CAItE,MAAM,8CAA8C,EAClD,eACA,WACA,iBAK4C;AAE5C,SAAO,KAAK,cAAc,8CAA8C;GACtE;GACA;GACA,kBAAkB,cAAc,KAAI,QAAO;IACrC;IACJ,MAAM;IACN,YAAY;KAAC;KAAY;KAAU;KAAO;;;;;;;;;;CAUhD,MAAM,2BAA2B,EAC/B,gBACA,iBACA,YACA,OACA,WACA,WAWC;AACD,SAAO,MAAM,KAAK,oBAAoB,2BAA2B;GAC/D;GACA;GACA;GACA;GACA;GACA;;;;CASJ,qBAA6C;AAC3C,SAAO,KAAK;;;CAId,UAAgB;AACd,MAAI,KAAK,uBACP,MAAK,uBAAuB;AAE9B,MAAI,KAAK,aACP,MAAK,aAAa;AAEpB,OAAK,wBAAwB;;;;;;ACj5CjC,eAAe,wBAAuC;AACpD,KAAI,EAAE,mBAAmB,WAAY;AAErC,OAAM,UAAU,cACb,SAAS,yBAAyB,EAAE,OAAO,sBAC3C,YAAY;AACf,OAAM,UAAU,cAAc,MAAM,YAAY;;AAGlD,eAAe,mBAAkC;AAE/C,KAAI,CAAC,UAAU,OAAQ;AACvB,KAAI;EACF,MAAM,OAAO,MAAM,MAAM,0CAA0C,EAAE,OAAO;EAC5E,MAAMO,MAAgB,KAAK,KAAM,MAAM,KAAK,SAAU;EACtD,MAAM,WAAW,IAAI,IAAY;GAC/B;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;;EAEF,MAAM,MAAM,MAAM,KAAK;EACvB,MAAM,OAAO,IAAI,QAAQ,MAAM,CAAC,SAAS,IAAI;AAC7C,QAAM,QAAQ,WAAW,IAAI,KAAK,MAAM,MAAM,GAAG,WAAW,KAAK;EAEjE,MAAM,iBAAiB,KAAK,QAAQ,WAAW,KAAK,KAAK,MAAM,MAAM,GAAG,WAAW,KAAK;AACxF,MAAI;AAAE,GAAC,OAAe,sBAAuB,OAAe,oBAAoB,UAAU,EAAE,SAAS,SAAU,WAAW,UAAU;UAAa;AAAE,cAAW,UAAU;;SAClK;AAMR,KAAI;EACF,MAAM,SAAS,OAAO,SAAS;EAC/B,MAAM,cAAc,MAAM,KAAK,SAAS,iBAAiB,gBACtD,KAAK,OAAQ,GAAyB,KACtC,QAAQ,QAAQ,OAAO,QAAQ,YAAY,IAAI,WAAW,SAAS,UACnE,KAAK,QAAQ,IAAI,IAAI,KAAK;AAC7B,MAAI,YAAY,SAAS,EACvB,OAAM,QAAQ,WACZ,YAAY,KAAK,MAAM,MAAM,GAAG,WAAW,KAAK;SAG9C;;AASV,SAAS,YAAY,SAAiB,YAAY,OAAiC;AACjF,UAAS,gBAAgB,UAAU,IAAI;AACvC,UAAS,KAAK,UAAU,IAAI;CAC5B,MAAM,OAAO,SAAS,cAAc;AACpC,MAAK,YAAY;CACjB,MAAM,IAAI,SAAS,cAAc;AACjC,GAAE,cAAc;AAChB,GAAE,YAAY;CACd,MAAM,IAAI,SAAS,cAAc;AACjC,GAAE,cAAc;AAChB,GAAE,YAAY;CACd,MAAM,OAAO,SAAS,cAAc;AACpC,MAAK,YAAY;AACjB,KAAI;EACF,MAAM,OAAO,SAAS,cAAc;AACpC,OAAK,YAAY;AACjB,OAAK,cAAc;EACnB,MAAM,QAAQ,SAAS,cAAc;AACrC,QAAM,cAAc;EACpB,MAAM,MAAM,SAAS,cAAc;AACnC,MAAI,YAAY;EAChB,MAAM,SAAS,OAAO,SAAS;AAC/B,MAAI,OAAO;AACX,MAAI,cAAc;AAClB,MAAI,SAAS;AACb,MAAI,MAAM;AACV,OAAK,YAAY;AACjB,OAAK,YAAY;AACjB,OAAK,YAAY;SACX;AACN,OAAK,cAAc;;CAErB,MAAM,MAAM,SAAS,cAAc;AACnC,KAAI,cAAc;AAClB,KAAI,YAAY;AAChB,KAAI,WAAW,CAAC;AAChB,MAAK,YAAY;AACjB,MAAK,YAAY;AACjB,MAAK,YAAY;AACjB,MAAK,YAAY;AACjB,UAAS,KAAK,YAAY;AAC1B,QAAO,YAAY,MAAM;;AAG3B,eAAe,OAAsB;AACnC,OAAM;AAGN,CAAK;AACL,KAAI;AAEF,EAAC,OAAe,4BAA4B;AAC3C,EAAC,OAAe,yBAAyB;EAC1C,MAAM,4BAA4B;GAChC,MAAM,IAAI,SAAS,cAAc;GACjC,MAAM,KAAK,GAAG,WAAW,IAAI;AAC7B,UAAO,KAAK;;EAEd,MAAM,oBAAoB,SAAqC;GAC7D,MAAM,SAAS,QAAQ,IAAI,MAAM;AAEjC,UAAO,MAAM,UAAU,IAAI,MAAM,MAAM,GAAG,KAAK,OAAO;;EAExD,MAAM,eAAe,iBAAiB,OAAO,SAAS;EACtD,MAAM,wBAAwB,sBAAsB;EAEpD,MAAM,OAAO,MAAM,iBAAiB,SAAS;EAC7C,MAAM,QAAQ,MAAM,iBAAiB,SAAS,cAAc,YAAY;EAGxE,MAAM,KAAK,IAAI,gBAAiB,OAAO,YAAY,OAAO,SAAS,UAAW;EAC9E,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,IAAI;EACjD,MAAM,YAAY,eAAe,OAAO,YAAY,iBAAiB;EAGrE,MAAM,iBAAiB,aAAc,MAAM,iBAAiB;AAC5D,MAAI,CAAC,gBAAgB;AACnB,eAAY;AACZ;;EAEF,MAAM,MAAM,YAAY,iEAAiE;AACzF,MAAI,CAAC,IAAK;EACV,MAAM,YAAY,IAAI;EAGtB,IAAI,kBAAkB;AACtB,MAAI,MAAM,QAAQ,UAAU,MAAM,SAAS,GAAG;GAC5C,MAAM,QAAQ,SAAS,cAAc;AACrC,SAAM,cAAc;AACpB,SAAM,YAAY;GAClB,MAAM,MAAM,SAAS,cAAc;AACnC,OAAI,YAAY;AAChB,QAAK,MAAM,KAAK,OAAO;IACrB,MAAM,MAAM,SAAS,cAAc;AACnC,QAAI,QAAS,EAAU;AACvB,QAAI,cAAe,EAAU;AAC7B,QAAK,EAAU,kBAAkB,gBAAiB,KAAI,WAAW;AACjE,QAAI,YAAY;;AAElB,OAAI,iBAAiB,gBAAgB;AAAE,sBAAkB,IAAI;AAAO,aAAS,cAAc;;AAC3F,aAAU,aAAa,KAAK;AAC5B,aAAU,aAAa,OAAO;;EAIhC,MAAM,WAAW,SAAS,cAAc;AACxC,WAAS,YAAY;AACrB,YAAU,YAAY;EAGtB,eAAe,0BAA0B,KAA6B;AACpE,OAAI;IACF,MAAM,iBAAiB,MAAM,iBAAiB,SAAS,wBAAwB;AAC/E,QAAI,CAAC,MAAM,QAAQ,mBAAmB,eAAe,WAAW,GAAG;AACjE,aAAQ,KAAK;AACb,cAAS,cAAc;AACvB,YAAO;;AAET,WAAO;YACA,GAAG;AACV,YAAQ,KAAK,qEAAqE;AAClF,WAAO;;;EAIX,IAAI,UAAU;EACd,MAAM,kBAAkB,IAAI,eAAe;EAC3C,MAAM,cAAc,OAAO,YAAoB;AAC7C,OAAI,QAAS;AACb,aAAU;AACV,OAAI,WAAW;AACf,OAAI,UAAU,IAAI;AAClB,OAAI;AAAE,QAAI,cAAc;AAAc,QAAI,aAAa,aAAa;WAAiB;AACrF,YAAS,cAAc;AACvB,OAAI;IAEF,MAAM,iBAAiB,MAAM,0BAA0B;IAGvD,MAAM,OAAO,IAAI,kBAAkB;IACnC,MAAMC,sBAA0C;KAC9C,YAAY;KACZ,aAAa;KACb,YAAY;KACZ,aAAa;KACb,cAAc,wBAAwB,EAAE,cAAc,0BAA0B;KAChF,SAAS,EACP,KAAK;;IAGT,MAAM,iBAAiB,oBAAoB;IAC3C,MAAM,kBAAkB,IAAI,gBAAgB,gBAAgB;AAC5D,YAAQ,MAAM,qCAAqC,OAAO,SAAS;AACnE,QAAI,sBACF,SAAQ,MAAM,kCAAkC;AAElD,QAAI;AAEF,WAAM,gBAAgB,wBAAwB,YAAY,UAAU;MAClE,SAAS;MACT,OAAO;;aAEFC,KAAU;KACjB,MAAM,MAAM,OAAO,KAAK,WAAW,OAAO;KAC1C,MAAM,4BAA4B,IAAI,SAAS;KAC/C,MAAM,wBACJ,IAAI,SAAS,uDAAuD,IAAI,SAAS;AAEnF,SAAI,6BAA6B,uBAAuB;AAEtD,eAAS,cAAc,wBACnB,8DACA;MACJ,MAAM,MAAM,IAAI,cAAc;MAC9B,MAAM,YAAY;MAClB,MAAM,mBAAmB,MAAM,QAAQ,mBAAmB,eAAe,SAAS,IAC9E,eAAe,KAAK,OAAY;OAAE,IAAI,EAAE;OAAc,MAAM;OAAc,YAAY,EAAE;YACxF;MACJ,MAAM,WAAW,MAAM,IAAI,8CAA8C;OACvE,eAAe;OACf;OACA;;MAGF,MAAM,MAAM,MAAM,gBAAgB,0BAA0B,UAAU;AACtE,UAAI,CAAC,IAAI,YACP,OAAM,IAAI,MAAM;MAIlB,MAAM,YAAY,YAAY;MAC9B,MAAM,CAACC,QAAM,UAAU,MAAM,QAAQ,IAAI,CACvC,iBAAiB,SAAS,cAAc,YAAY,OACpD,iBAAiB,SAAS,qBAAqB,WAAW,YAAY;MAExE,MAAM,eACHA,UAAQA,OAAK,kBAAkB,aAAa,OAAOA,OAAK,iBAAiB,WACtEA,OAAK,eACJ,UAAU,OAAO,kBAAkB,aAAa,OAAO,OAAO,iBAAiB,WAC9E,OAAO,eACP;MAIR,MAAM,WAAW,MAAM,iBAAiB,SAAS,gBAAgB,WAAW,cAAc,YAAY;AACtG,UAAI,yBAAyB,CAAC,SAC5B,OAAM,IAAI,MACR,6DAA6D,QAAQ;MAIzE,MAAM,oBAAoB,OAAO,UAAU,uBAAuB;AAClE,UAAI,qBAAqB,sBAAsB,IAAI,UACjD,OAAM,IAAI,MACR,yDAAyD,QAAQ;AAKrE,YAAM,iBAAiB,WAAW,kBAAkB;OAClD,eAAe;OACf;OACA,eAAe,IAAI;OACnB,mBAAmB,IAAI;OACvB,aAAa,IAAI;OACjB,SAAS;OACT,WAAW,KAAK;;AAGlB,UAAI,CAAC,UAAU,oBACb,KAAI;AAAE,aAAM,iBAAiB,SAAS,WAAW,WAAW,EAAE,qBAAqB,IAAI;cAAsB;AAE/G,eAAS,cAAc;AACvB,YAAM,gBAAgB,wBAAwB,YAAY,UAAU;OAClE,SAAS;OACT,OAAO;;WAGT,OAAM;;AAIV,WAAO,QAAQ,cAAc;KAAE,MAAM;KAAqB,eAAe;OAAW;YAC7EC,GAAQ;AACf,YAAQ,MAAM,kCAAkC;IAChD,MAAM,MAAM,OAAO,GAAG,WAAW,KAAK;AACtC,QAAI,IAAI,SAAS,yCAEf,UAAS,cAAc,2GAA2G,QAAQ,OAAO,OAAO,SAAS,SAAS;aACjK,IAAI,SAAS,mBACtB,UAAS,cAAc,uCAAuC,QAAQ;aAC7D,IAAI,SAAS,8BACtB,UAAS,cAAc;QAEvB,UAAS,cAAc,oBAAoB;AAE7C,WAAO,QAAQ,cAAc;KAAE,MAAM;KAAsB,OAAO;OAAO;aACjE;AACR,QAAI,WAAW;AACf,QAAI,UAAU,OAAO;AACrB,QAAI;AAAE,SAAI,cAAc;AAAiB,SAAI,gBAAgB;YAAsB;AACnF,cAAU;;;AAKd,MAAI,iBAAiB,SAAS,YAAY;AAAE,SAAM,YAAY;;UACvD,GAAG;AACV,UAAQ,MAAM,qCAAqC;AACnD,cAAY;;;AAIhB,IAAI,SAAS,eAAe,UAC1B,UAAS,iBAAiB,0BAA0B,KAAK;IAEzD,CAAK"}
1
+ {"version":3,"file":"offline-export-app.js","names":["target","UserVerificationPolicy","DEFAULT_CONFIRMATION_CONFIG: ConfirmationConfig","DB_CONFIG: PasskeyClientDBConfig","DB_CONFIG","err: any","entry: AppStateEntry<T>","userData: ClientUserData","lastUserState: LastUserAccountIdState","fixed: ClientUserData","updatedUser: ClientUserData","clientAuth: ClientAuthenticatorData","rec: DerivedAddressRecord","rec: RecoveryEmailRecord","DB_CONFIG: PasskeyNearKeysDBConfig","ALPHABET","basex","bs58","txPayload: EncodableSignedTx","lastError: unknown","err: unknown","base","params: Record<string, unknown>","fullAccessKeys: FullAccessKey[]","functionCallAccessKeys: FunctionCallAccessKey[]","isObject","err: unknown","serializedCredential: WebAuthnRegistrationCredential","result: CheckCanRegisterUserResult","error: unknown","wasmModule.UserVerificationPolicy.Required","wasmModule.UserVerificationPolicy.Preferred","wasmModule.UserVerificationPolicy.Discouraged","DEFAULT_AUTHENTICATOR_OPTIONS: AuthenticatorOptions","keyData: EncryptedKeyData","error: unknown","error: unknown","txSigningRequests: TransactionPayload[]","error: unknown","error: unknown","error: unknown","error: unknown","error: unknown","keyData: EncryptedKeyData","error: unknown","cfg: ConfirmationConfig","newUiMode: ConfirmationConfig['uiMode']","payload: any","request: SecureConfirmRequest","confirmationConfig: ConfirmationConfig","transactionSummary: TransactionSummary","e: unknown","_err: unknown","HANDLERS: Partial<Record<SecureConfirmationType, Handler>>","vrfPort: MessagePort | undefined","error: unknown","promises: Promise<void>[]","responses: WorkerResponseForRequest<T>[]","errorMessage","message: VRFWorkerMessage<WasmVrfWorkerRequestType>","message: VRFWorkerMessage<WasmClearSessionRequest>","message: VRFWorkerMessage<WasmVrfWorkerRequestType>","message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest>","intentDigest: string","request: SecureConfirmRequest<SignTransactionPayload | SignNep413Payload, TransactionSummary>","summary: TransactionSummary","txSigningRequests: TransactionInputWasm[]","message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest>","message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest>","message: VRFWorkerMessage<WasmMintSessionKeysAndSendToSignerRequest>","message: VRFWorkerMessage<WasmDispenseSessionKeyRequest>","message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest>","message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest>","error: any","message: VRFWorkerMessage<WasmCheckSessionStatusRequest>","message: VRFWorkerMessage<any>","requestRegistrationCredentialConfirmation","request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary>","requestRegistrationCredentialConfirmationFlow","message: VRFWorkerMessage<WasmShamir3PassClientDecryptVrfKeypairRequest>","message: VRFWorkerMessage<WasmVrfWorkerRequestType>","message: VRFWorkerMessage<WasmUnlockVrfKeypairRequest>","error: any","error: any","next: ConfirmationConfig","envTheme: 'dark' | 'light' | null","accountId: AccountId | undefined","maybeAccessKey: unknown","maybeBlock: unknown","accessKeyError: unknown","blockError: unknown","tasks: Promise<void>[]","akErr: unknown","err: unknown","transactionContext: TransactionContext","now","planned: string[]","error: unknown","newLast: bigint | null","UserPreferencesInstance","NonceManagerInstance","error: any","result: {\n success: boolean;\n vrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfChallenge: VRFChallenge | null;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }","deviceNumberToUse: number | null","credentialId: string","attestationB64u: string","transports: string[]","normalizedRpcCall: RpcCallPayload","all: string[]","offlineConfigsInput: TatchiConfigsInput","err: any","last","e: any"],"sources":["../../../../node_modules/.pnpm/idb@8.0.3/node_modules/idb/build/index.js","../../../src/wasm_signer_worker/pkg/wasm_signer_worker.js","../../../src/core/types/signer-worker.ts","../../../src/core/IndexedDBManager/passkeyClientDB.ts","../../../src/core/IndexedDBManager/passkeyNearKeysDB.ts","../../../src/core/IndexedDBManager/index.ts","../../../../node_modules/.pnpm/base-x@5.0.1/node_modules/base-x/src/esm/index.js","../../../../node_modules/.pnpm/bs58@6.0.0/node_modules/bs58/src/esm/index.js","../../../src/utils/base58.ts","../../../src/react/deviceDetection.ts","../../../src/core/NearRpcError.ts","../../../src/core/types/rpc.ts","../../../src/core/NearClient.ts","../../../src/core/OfflineExport/messages.ts","../../../build-paths.ts","../../../src/config.ts","../../../src/core/sdkPaths/workers.ts","../../../src/core/workerControlMessages.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/sessionMessages.ts","../../../src/core/rpcCalls.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.ts","../../../src/core/types/authenticatorOptions.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/session.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/sessionHandshake.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/recoverKeypairFromPasskey.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/extractCosePublicKey.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionWithKeyPair.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/requestAdapter.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/handleSecureConfirmRequest.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/secureConfirmBridge.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.ts","../../../src/core/WebAuthnManager/SignerWorkerManager/index.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkVrfStatus.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/clearVrf.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndDeriveDevice2RegistrationSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/confirmAndPrepareSigningSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/createSigningSessionChannel.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/mintSessionKeysAndSendToSigner.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/dispenseSessionKey.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/checkSessionStatus.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/prepareDecryptSession.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/requestRegistrationCredentialConfirmation.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/requestRegistrationCredentialConfirmation.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/shamir3PassDecryptVrfKeypair.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/shamir3PassEncryptCurrentVrfKeypair.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/unlockVrfKeypair.ts","../../../src/core/WebAuthnManager/VrfWorkerManager/index.ts","../../../src/core/WebAuthnManager/userPreferences.ts","../../../src/core/nonceManager.ts","../../../src/core/WalletIframe/host-mode.ts","../../../src/core/WebAuthnManager/index.ts","../../../src/core/OfflineExport/offline-export-app.ts"],"sourcesContent":["const instanceOfAny = (object, constructors) => constructors.some((c) => object instanceof c);\n\nlet idbProxyableTypes;\nlet cursorAdvanceMethods;\n// This is a function to prevent it throwing up in node environments.\nfunction getIdbProxyableTypes() {\n return (idbProxyableTypes ||\n (idbProxyableTypes = [\n IDBDatabase,\n IDBObjectStore,\n IDBIndex,\n IDBCursor,\n IDBTransaction,\n ]));\n}\n// This is a function to prevent it throwing up in node environments.\nfunction getCursorAdvanceMethods() {\n return (cursorAdvanceMethods ||\n (cursorAdvanceMethods = [\n IDBCursor.prototype.advance,\n IDBCursor.prototype.continue,\n IDBCursor.prototype.continuePrimaryKey,\n ]));\n}\nconst transactionDoneMap = new WeakMap();\nconst transformCache = new WeakMap();\nconst reverseTransformCache = new WeakMap();\nfunction promisifyRequest(request) {\n const promise = new Promise((resolve, reject) => {\n const unlisten = () => {\n request.removeEventListener('success', success);\n request.removeEventListener('error', error);\n };\n const success = () => {\n resolve(wrap(request.result));\n unlisten();\n };\n const error = () => {\n reject(request.error);\n unlisten();\n };\n request.addEventListener('success', success);\n request.addEventListener('error', error);\n });\n // This mapping exists in reverseTransformCache but doesn't exist in transformCache. This\n // is because we create many promises from a single IDBRequest.\n reverseTransformCache.set(promise, request);\n return promise;\n}\nfunction cacheDonePromiseForTransaction(tx) {\n // Early bail if we've already created a done promise for this transaction.\n if (transactionDoneMap.has(tx))\n return;\n const done = new Promise((resolve, reject) => {\n const unlisten = () => {\n tx.removeEventListener('complete', complete);\n tx.removeEventListener('error', error);\n tx.removeEventListener('abort', error);\n };\n const complete = () => {\n resolve();\n unlisten();\n };\n const error = () => {\n reject(tx.error || new DOMException('AbortError', 'AbortError'));\n unlisten();\n };\n tx.addEventListener('complete', complete);\n tx.addEventListener('error', error);\n tx.addEventListener('abort', error);\n });\n // Cache it for later retrieval.\n transactionDoneMap.set(tx, done);\n}\nlet idbProxyTraps = {\n get(target, prop, receiver) {\n if (target instanceof IDBTransaction) {\n // Special handling for transaction.done.\n if (prop === 'done')\n return transactionDoneMap.get(target);\n // Make tx.store return the only store in the transaction, or undefined if there are many.\n if (prop === 'store') {\n return receiver.objectStoreNames[1]\n ? undefined\n : receiver.objectStore(receiver.objectStoreNames[0]);\n }\n }\n // Else transform whatever we get back.\n return wrap(target[prop]);\n },\n set(target, prop, value) {\n target[prop] = value;\n return true;\n },\n has(target, prop) {\n if (target instanceof IDBTransaction &&\n (prop === 'done' || prop === 'store')) {\n return true;\n }\n return prop in target;\n },\n};\nfunction replaceTraps(callback) {\n idbProxyTraps = callback(idbProxyTraps);\n}\nfunction wrapFunction(func) {\n // Due to expected object equality (which is enforced by the caching in `wrap`), we\n // only create one new func per func.\n // Cursor methods are special, as the behaviour is a little more different to standard IDB. In\n // IDB, you advance the cursor and wait for a new 'success' on the IDBRequest that gave you the\n // cursor. It's kinda like a promise that can resolve with many values. That doesn't make sense\n // with real promises, so each advance methods returns a new promise for the cursor object, or\n // undefined if the end of the cursor has been reached.\n if (getCursorAdvanceMethods().includes(func)) {\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n func.apply(unwrap(this), args);\n return wrap(this.request);\n };\n }\n return function (...args) {\n // Calling the original function with the proxy as 'this' causes ILLEGAL INVOCATION, so we use\n // the original object.\n return wrap(func.apply(unwrap(this), args));\n };\n}\nfunction transformCachableValue(value) {\n if (typeof value === 'function')\n return wrapFunction(value);\n // This doesn't return, it just creates a 'done' promise for the transaction,\n // which is later returned for transaction.done (see idbObjectHandler).\n if (value instanceof IDBTransaction)\n cacheDonePromiseForTransaction(value);\n if (instanceOfAny(value, getIdbProxyableTypes()))\n return new Proxy(value, idbProxyTraps);\n // Return the same value back if we're not going to transform it.\n return value;\n}\nfunction wrap(value) {\n // We sometimes generate multiple promises from a single IDBRequest (eg when cursoring), because\n // IDB is weird and a single IDBRequest can yield many responses, so these can't be cached.\n if (value instanceof IDBRequest)\n return promisifyRequest(value);\n // If we've already transformed this value before, reuse the transformed value.\n // This is faster, but it also provides object equality.\n if (transformCache.has(value))\n return transformCache.get(value);\n const newValue = transformCachableValue(value);\n // Not all types are transformed.\n // These may be primitive types, so they can't be WeakMap keys.\n if (newValue !== value) {\n transformCache.set(value, newValue);\n reverseTransformCache.set(newValue, value);\n }\n return newValue;\n}\nconst unwrap = (value) => reverseTransformCache.get(value);\n\n/**\n * Open a database.\n *\n * @param name Name of the database.\n * @param version Schema version.\n * @param callbacks Additional callbacks.\n */\nfunction openDB(name, version, { blocked, upgrade, blocking, terminated } = {}) {\n const request = indexedDB.open(name, version);\n const openPromise = wrap(request);\n if (upgrade) {\n request.addEventListener('upgradeneeded', (event) => {\n upgrade(wrap(request.result), event.oldVersion, event.newVersion, wrap(request.transaction), event);\n });\n }\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event.newVersion, event));\n }\n openPromise\n .then((db) => {\n if (terminated)\n db.addEventListener('close', () => terminated());\n if (blocking) {\n db.addEventListener('versionchange', (event) => blocking(event.oldVersion, event.newVersion, event));\n }\n })\n .catch(() => { });\n return openPromise;\n}\n/**\n * Delete a database.\n *\n * @param name Name of the database.\n */\nfunction deleteDB(name, { blocked } = {}) {\n const request = indexedDB.deleteDatabase(name);\n if (blocked) {\n request.addEventListener('blocked', (event) => blocked(\n // Casting due to https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/1405\n event.oldVersion, event));\n }\n return wrap(request).then(() => undefined);\n}\n\nconst readMethods = ['get', 'getKey', 'getAll', 'getAllKeys', 'count'];\nconst writeMethods = ['put', 'add', 'delete', 'clear'];\nconst cachedMethods = new Map();\nfunction getMethod(target, prop) {\n if (!(target instanceof IDBDatabase &&\n !(prop in target) &&\n typeof prop === 'string')) {\n return;\n }\n if (cachedMethods.get(prop))\n return cachedMethods.get(prop);\n const targetFuncName = prop.replace(/FromIndex$/, '');\n const useIndex = prop !== targetFuncName;\n const isWrite = writeMethods.includes(targetFuncName);\n if (\n // Bail if the target doesn't exist on the target. Eg, getAll isn't in Edge.\n !(targetFuncName in (useIndex ? IDBIndex : IDBObjectStore).prototype) ||\n !(isWrite || readMethods.includes(targetFuncName))) {\n return;\n }\n const method = async function (storeName, ...args) {\n // isWrite ? 'readwrite' : undefined gzipps better, but fails in Edge :(\n const tx = this.transaction(storeName, isWrite ? 'readwrite' : 'readonly');\n let target = tx.store;\n if (useIndex)\n target = target.index(args.shift());\n // Must reject if op rejects.\n // If it's a write operation, must reject if tx.done rejects.\n // Must reject with op rejection first.\n // Must resolve with op value.\n // Must handle both promises (no unhandled rejections)\n return (await Promise.all([\n target[targetFuncName](...args),\n isWrite && tx.done,\n ]))[0];\n };\n cachedMethods.set(prop, method);\n return method;\n}\nreplaceTraps((oldTraps) => ({\n ...oldTraps,\n get: (target, prop, receiver) => getMethod(target, prop) || oldTraps.get(target, prop, receiver),\n has: (target, prop) => !!getMethod(target, prop) || oldTraps.has(target, prop),\n}));\n\nconst advanceMethodProps = ['continue', 'continuePrimaryKey', 'advance'];\nconst methodMap = {};\nconst advanceResults = new WeakMap();\nconst ittrProxiedCursorToOriginalProxy = new WeakMap();\nconst cursorIteratorTraps = {\n get(target, prop) {\n if (!advanceMethodProps.includes(prop))\n return target[prop];\n let cachedFunc = methodMap[prop];\n if (!cachedFunc) {\n cachedFunc = methodMap[prop] = function (...args) {\n advanceResults.set(this, ittrProxiedCursorToOriginalProxy.get(this)[prop](...args));\n };\n }\n return cachedFunc;\n },\n};\nasync function* iterate(...args) {\n // tslint:disable-next-line:no-this-assignment\n let cursor = this;\n if (!(cursor instanceof IDBCursor)) {\n cursor = await cursor.openCursor(...args);\n }\n if (!cursor)\n return;\n cursor = cursor;\n const proxiedCursor = new Proxy(cursor, cursorIteratorTraps);\n ittrProxiedCursorToOriginalProxy.set(proxiedCursor, cursor);\n // Map this double-proxy back to the original, so other cursor methods work.\n reverseTransformCache.set(proxiedCursor, unwrap(cursor));\n while (cursor) {\n yield proxiedCursor;\n // If one of the advancing methods was not called, call continue().\n cursor = await (advanceResults.get(proxiedCursor) || cursor.continue());\n advanceResults.delete(proxiedCursor);\n }\n}\nfunction isIteratorProp(target, prop) {\n return ((prop === Symbol.asyncIterator &&\n instanceOfAny(target, [IDBIndex, IDBObjectStore, IDBCursor])) ||\n (prop === 'iterate' && instanceOfAny(target, [IDBIndex, IDBObjectStore])));\n}\nreplaceTraps((oldTraps) => ({\n ...oldTraps,\n get(target, prop, receiver) {\n if (isIteratorProp(target, prop))\n return iterate;\n return oldTraps.get(target, prop, receiver);\n },\n has(target, prop) {\n return isIteratorProp(target, prop) || oldTraps.has(target, prop);\n },\n}));\n\nexport { deleteDB, openDB, unwrap, wrap };\n","let wasm;\n\nlet WASM_VECTOR_LEN = 0;\n\nlet cachedUint8ArrayMemory0 = null;\n\nfunction getUint8ArrayMemory0() {\n if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {\n cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);\n }\n return cachedUint8ArrayMemory0;\n}\n\nconst cachedTextEncoder = (typeof TextEncoder !== 'undefined' ? new TextEncoder('utf-8') : { encode: () => { throw Error('TextEncoder not available') } } );\n\nconst encodeString = (typeof cachedTextEncoder.encodeInto === 'function'\n ? function (arg, view) {\n return cachedTextEncoder.encodeInto(arg, view);\n}\n : function (arg, view) {\n const buf = cachedTextEncoder.encode(arg);\n view.set(buf);\n return {\n read: arg.length,\n written: buf.length\n };\n});\n\nfunction passStringToWasm0(arg, malloc, realloc) {\n\n if (realloc === undefined) {\n const buf = cachedTextEncoder.encode(arg);\n const ptr = malloc(buf.length, 1) >>> 0;\n getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);\n WASM_VECTOR_LEN = buf.length;\n return ptr;\n }\n\n let len = arg.length;\n let ptr = malloc(len, 1) >>> 0;\n\n const mem = getUint8ArrayMemory0();\n\n let offset = 0;\n\n for (; offset < len; offset++) {\n const code = arg.charCodeAt(offset);\n if (code > 0x7F) break;\n mem[ptr + offset] = code;\n }\n\n if (offset !== len) {\n if (offset !== 0) {\n arg = arg.slice(offset);\n }\n ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;\n const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);\n const ret = encodeString(arg, view);\n\n offset += ret.written;\n ptr = realloc(ptr, len, offset, 1) >>> 0;\n }\n\n WASM_VECTOR_LEN = offset;\n return ptr;\n}\n\nlet cachedDataViewMemory0 = null;\n\nfunction getDataViewMemory0() {\n if (cachedDataViewMemory0 === null || cachedDataViewMemory0.buffer.detached === true || (cachedDataViewMemory0.buffer.detached === undefined && cachedDataViewMemory0.buffer !== wasm.memory.buffer)) {\n cachedDataViewMemory0 = new DataView(wasm.memory.buffer);\n }\n return cachedDataViewMemory0;\n}\n\nfunction addToExternrefTable0(obj) {\n const idx = wasm.__externref_table_alloc();\n wasm.__wbindgen_export_4.set(idx, obj);\n return idx;\n}\n\nfunction handleError(f, args) {\n try {\n return f.apply(this, args);\n } catch (e) {\n const idx = addToExternrefTable0(e);\n wasm.__wbindgen_exn_store(idx);\n }\n}\n\nconst cachedTextDecoder = (typeof TextDecoder !== 'undefined' ? new TextDecoder('utf-8', { ignoreBOM: true, fatal: true }) : { decode: () => { throw Error('TextDecoder not available') } } );\n\nif (typeof TextDecoder !== 'undefined') { cachedTextDecoder.decode(); };\n\nfunction getStringFromWasm0(ptr, len) {\n ptr = ptr >>> 0;\n return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));\n}\n\nfunction isLikeNone(x) {\n return x === undefined || x === null;\n}\n\nconst CLOSURE_DTORS = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(state => {\n wasm.__wbindgen_export_5.get(state.dtor)(state.a, state.b)\n});\n\nfunction makeMutClosure(arg0, arg1, dtor, f) {\n const state = { a: arg0, b: arg1, cnt: 1, dtor };\n const real = (...args) => {\n // First up with a closure we increment the internal reference\n // count. This ensures that the Rust closure environment won't\n // be deallocated while we're invoking it.\n state.cnt++;\n const a = state.a;\n state.a = 0;\n try {\n return f(a, state.b, ...args);\n } finally {\n if (--state.cnt === 0) {\n wasm.__wbindgen_export_5.get(state.dtor)(a, state.b);\n CLOSURE_DTORS.unregister(state);\n } else {\n state.a = a;\n }\n }\n };\n real.original = state;\n CLOSURE_DTORS.register(real, state, state);\n return real;\n}\n\nfunction debugString(val) {\n // primitive types\n const type = typeof val;\n if (type == 'number' || type == 'boolean' || val == null) {\n return `${val}`;\n }\n if (type == 'string') {\n return `\"${val}\"`;\n }\n if (type == 'symbol') {\n const description = val.description;\n if (description == null) {\n return 'Symbol';\n } else {\n return `Symbol(${description})`;\n }\n }\n if (type == 'function') {\n const name = val.name;\n if (typeof name == 'string' && name.length > 0) {\n return `Function(${name})`;\n } else {\n return 'Function';\n }\n }\n // objects\n if (Array.isArray(val)) {\n const length = val.length;\n let debug = '[';\n if (length > 0) {\n debug += debugString(val[0]);\n }\n for(let i = 1; i < length; i++) {\n debug += ', ' + debugString(val[i]);\n }\n debug += ']';\n return debug;\n }\n // Test for built-in\n const builtInMatches = /\\[object ([^\\]]+)\\]/.exec(toString.call(val));\n let className;\n if (builtInMatches && builtInMatches.length > 1) {\n className = builtInMatches[1];\n } else {\n // Failed to match the standard '[object ClassName]'\n return toString.call(val);\n }\n if (className == 'Object') {\n // we're a user defined class or Object\n // JSON.stringify avoids problems with cycles, and is generally much\n // easier than looping through ownProperties of `val`.\n try {\n return 'Object(' + JSON.stringify(val) + ')';\n } catch (_) {\n return 'Object';\n }\n }\n // errors\n if (val instanceof Error) {\n return `${val.name}: ${val.message}\\n${val.stack}`;\n }\n // TODO we could test for more things here, like `Set`s and `Map`s.\n return className;\n}\n\nfunction _assertClass(instance, klass) {\n if (!(instance instanceof klass)) {\n throw new Error(`expected instance of ${klass.name}`);\n }\n}\n\nfunction getArrayU8FromWasm0(ptr, len) {\n ptr = ptr >>> 0;\n return getUint8ArrayMemory0().subarray(ptr / 1, ptr / 1 + len);\n}\n\nfunction passArray8ToWasm0(arg, malloc) {\n const ptr = malloc(arg.length * 1, 1) >>> 0;\n getUint8ArrayMemory0().set(arg, ptr / 1);\n WASM_VECTOR_LEN = arg.length;\n return ptr;\n}\n\nfunction getArrayJsValueFromWasm0(ptr, len) {\n ptr = ptr >>> 0;\n const mem = getDataViewMemory0();\n const result = [];\n for (let i = ptr; i < ptr + 4 * len; i += 4) {\n result.push(wasm.__wbindgen_export_4.get(mem.getUint32(i, true)));\n }\n wasm.__externref_drop_slice(ptr, len);\n return result;\n}\n\nfunction passArrayJsValueToWasm0(array, malloc) {\n const ptr = malloc(array.length * 4, 4) >>> 0;\n for (let i = 0; i < array.length; i++) {\n const add = addToExternrefTable0(array[i]);\n getDataViewMemory0().setUint32(ptr + 4 * i, add, true);\n }\n WASM_VECTOR_LEN = array.length;\n return ptr;\n}\n\nfunction takeFromExternrefTable0(idx) {\n const value = wasm.__wbindgen_export_4.get(idx);\n wasm.__externref_table_dealloc(idx);\n return value;\n}\n\nexport function init_worker() {\n wasm.init_wasm_signer_worker();\n}\n\n/**\n * Alias for init_worker to maintain compatibility with bundlers that auto-generate\n * imports based on the module name (e.g., Rolldown)\n */\nexport function init_wasm_signer_worker() {\n wasm.init_wasm_signer_worker();\n}\n\n/**\n * Attach a MessagePort for a signing session and store WrapKeySeed material in Rust.\n * JS shim should transfer the port; all parsing/caching lives here.\n * @param {string} session_id\n * @param {any} port_val\n */\nexport function attach_wrap_key_seed_port(session_id, port_val) {\n const ptr0 = passStringToWasm0(session_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.attach_wrap_key_seed_port(ptr0, len0, port_val);\n}\n\n/**\n * Unified message handler for all signer worker operations\n * This replaces the TypeScript-based message dispatching with a Rust-based approach\n * for better type safety and performance\n * @param {any} message_val\n * @returns {Promise<any>}\n */\nexport function handle_signer_message(message_val) {\n const ret = wasm.handle_signer_message(message_val);\n return ret;\n}\n\nfunction __wbg_adapter_52(arg0, arg1, arg2) {\n wasm.closure7_externref_shim(arg0, arg1, arg2);\n}\n\nfunction __wbg_adapter_55(arg0, arg1) {\n wasm._dyn_core__ops__function__FnMut_____Output___R_as_wasm_bindgen__closure__WasmClosure___describe__invoke__h34a15fa9267e5503(arg0, arg1);\n}\n\nfunction __wbg_adapter_483(arg0, arg1, arg2, arg3) {\n wasm.closure75_externref_shim(arg0, arg1, arg2, arg3);\n}\n\n/**\n * Behavior mode for confirmation flow\n * @enum {0 | 1}\n */\nexport const ConfirmationBehavior = Object.freeze({\n RequireClick: 0, \"0\": \"RequireClick\",\n AutoProceed: 1, \"1\": \"AutoProceed\",\n});\n/**\n * UI mode for confirmation display\n * @enum {0 | 1 | 2}\n */\nexport const ConfirmationUIMode = Object.freeze({\n Skip: 0, \"0\": \"Skip\",\n Modal: 1, \"1\": \"Modal\",\n Drawer: 2, \"2\": \"Drawer\",\n});\n/**\n * Progress message types that can be sent during WASM operations.\n * Values MUST align with the progress variants of WorkerResponseType in\n * `worker_messages.rs` so that TypeScript can treat them as progress\n * responses (not success/failure) based on the shared numeric codes.\n * @enum {18 | 19 | 20 | 21}\n */\nexport const ProgressMessageType = Object.freeze({\n RegistrationProgress: 18, \"18\": \"RegistrationProgress\",\n RegistrationComplete: 19, \"19\": \"RegistrationComplete\",\n ExecuteActionsProgress: 20, \"20\": \"ExecuteActionsProgress\",\n ExecuteActionsComplete: 21, \"21\": \"ExecuteActionsComplete\",\n});\n/**\n * Progress step identifiers for different phases of operations\n * Values start at 100 to avoid conflicts with WorkerResponseType enum\n * @enum {100 | 101 | 102 | 103 | 104 | 105 | 106}\n */\nexport const ProgressStep = Object.freeze({\n Preparation: 100, \"100\": \"Preparation\",\n UserConfirmation: 101, \"101\": \"UserConfirmation\",\n WebauthnAuthentication: 102, \"102\": \"WebauthnAuthentication\",\n AuthenticationComplete: 103, \"103\": \"AuthenticationComplete\",\n TransactionSigningProgress: 104, \"104\": \"TransactionSigningProgress\",\n TransactionSigningComplete: 105, \"105\": \"TransactionSigningComplete\",\n Error: 106, \"106\": \"Error\",\n});\n/**\n * User verification policy for WebAuthn authenticators\n * @enum {0 | 1 | 2}\n */\nexport const UserVerificationPolicy = Object.freeze({\n Required: 0, \"0\": \"Required\",\n Preferred: 1, \"1\": \"Preferred\",\n Discouraged: 2, \"2\": \"Discouraged\",\n});\n/**\n * @enum {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8}\n */\nexport const WorkerRequestType = Object.freeze({\n DeriveNearKeypairAndEncrypt: 0, \"0\": \"DeriveNearKeypairAndEncrypt\",\n RecoverKeypairFromPasskey: 1, \"1\": \"RecoverKeypairFromPasskey\",\n DecryptPrivateKeyWithPrf: 2, \"2\": \"DecryptPrivateKeyWithPrf\",\n SignTransactionsWithActions: 3, \"3\": \"SignTransactionsWithActions\",\n ExtractCosePublicKey: 4, \"4\": \"ExtractCosePublicKey\",\n SignTransactionWithKeyPair: 5, \"5\": \"SignTransactionWithKeyPair\",\n SignNep413Message: 6, \"6\": \"SignNep413Message\",\n RegisterDevice2WithDerivedKey: 7, \"7\": \"RegisterDevice2WithDerivedKey\",\n SignDelegateAction: 8, \"8\": \"SignDelegateAction\",\n});\n/**\n * Worker response types enum - corresponds to TypeScript WorkerResponseType\n * @enum {0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21}\n */\nexport const WorkerResponseType = Object.freeze({\n DeriveNearKeypairAndEncryptSuccess: 0, \"0\": \"DeriveNearKeypairAndEncryptSuccess\",\n RecoverKeypairFromPasskeySuccess: 1, \"1\": \"RecoverKeypairFromPasskeySuccess\",\n DecryptPrivateKeyWithPrfSuccess: 2, \"2\": \"DecryptPrivateKeyWithPrfSuccess\",\n SignTransactionsWithActionsSuccess: 3, \"3\": \"SignTransactionsWithActionsSuccess\",\n ExtractCosePublicKeySuccess: 4, \"4\": \"ExtractCosePublicKeySuccess\",\n SignTransactionWithKeyPairSuccess: 5, \"5\": \"SignTransactionWithKeyPairSuccess\",\n SignNep413MessageSuccess: 6, \"6\": \"SignNep413MessageSuccess\",\n RegisterDevice2WithDerivedKeySuccess: 7, \"7\": \"RegisterDevice2WithDerivedKeySuccess\",\n SignDelegateActionSuccess: 8, \"8\": \"SignDelegateActionSuccess\",\n DeriveNearKeypairAndEncryptFailure: 9, \"9\": \"DeriveNearKeypairAndEncryptFailure\",\n RecoverKeypairFromPasskeyFailure: 10, \"10\": \"RecoverKeypairFromPasskeyFailure\",\n DecryptPrivateKeyWithPrfFailure: 11, \"11\": \"DecryptPrivateKeyWithPrfFailure\",\n SignTransactionsWithActionsFailure: 12, \"12\": \"SignTransactionsWithActionsFailure\",\n ExtractCosePublicKeyFailure: 13, \"13\": \"ExtractCosePublicKeyFailure\",\n SignTransactionWithKeyPairFailure: 14, \"14\": \"SignTransactionWithKeyPairFailure\",\n SignNep413MessageFailure: 15, \"15\": \"SignNep413MessageFailure\",\n RegisterDevice2WithDerivedKeyFailure: 16, \"16\": \"RegisterDevice2WithDerivedKeyFailure\",\n SignDelegateActionFailure: 17, \"17\": \"SignDelegateActionFailure\",\n RegistrationProgress: 18, \"18\": \"RegistrationProgress\",\n RegistrationComplete: 19, \"19\": \"RegistrationComplete\",\n ExecuteActionsProgress: 20, \"20\": \"ExecuteActionsProgress\",\n ExecuteActionsComplete: 21, \"21\": \"ExecuteActionsComplete\",\n});\n\nconst AuthenticationResponseFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_authenticationresponse_free(ptr >>> 0, 1));\n\nexport class AuthenticationResponse {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(AuthenticationResponse.prototype);\n obj.__wbg_ptr = ptr;\n AuthenticationResponseFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n AuthenticationResponseFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_authenticationresponse_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get clientDataJSON() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_authenticationresponse_clientDataJSON(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set clientDataJSON(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get authenticatorData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_authenticationresponse_authenticatorData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set authenticatorData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get signature() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_authenticationresponse_signature(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signature(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get userHandle() {\n const ret = wasm.__wbg_get_authenticationresponse_userHandle(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set userHandle(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst AuthenticatorOptionsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_authenticatoroptions_free(ptr >>> 0, 1));\n/**\n * Options for configuring WebAuthn authenticator behavior during registration\n */\nexport class AuthenticatorOptions {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(AuthenticatorOptions.prototype);\n obj.__wbg_ptr = ptr;\n AuthenticatorOptionsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n AuthenticatorOptionsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_authenticatoroptions_free(ptr, 0);\n }\n /**\n * @returns {UserVerificationPolicy | undefined}\n */\n get userVerification() {\n const ret = wasm.__wbg_get_authenticatoroptions_userVerification(this.__wbg_ptr);\n return ret === 3 ? undefined : ret;\n }\n /**\n * @param {UserVerificationPolicy | null} [arg0]\n */\n set userVerification(arg0) {\n wasm.__wbg_set_authenticatoroptions_userVerification(this.__wbg_ptr, isLikeNone(arg0) ? 3 : arg0);\n }\n /**\n * @returns {OriginPolicyInput | undefined}\n */\n get originPolicy() {\n const ret = wasm.__wbg_get_authenticatoroptions_originPolicy(this.__wbg_ptr);\n return ret === 0 ? undefined : OriginPolicyInput.__wrap(ret);\n }\n /**\n * @param {OriginPolicyInput | null} [arg0]\n */\n set originPolicy(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, OriginPolicyInput);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_authenticatoroptions_originPolicy(this.__wbg_ptr, ptr0);\n }\n}\n\nconst ClientExtensionResultsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_clientextensionresults_free(ptr >>> 0, 1));\n\nexport class ClientExtensionResults {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(ClientExtensionResults.prototype);\n obj.__wbg_ptr = ptr;\n ClientExtensionResultsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n ClientExtensionResultsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_clientextensionresults_free(ptr, 0);\n }\n /**\n * @returns {PrfResults}\n */\n get prf() {\n const ret = wasm.__wbg_get_clientextensionresults_prf(this.__wbg_ptr);\n return PrfResults.__wrap(ret);\n }\n /**\n * @param {PrfResults} arg0\n */\n set prf(arg0) {\n _assertClass(arg0, PrfResults);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_clientextensionresults_prf(this.__wbg_ptr, ptr0);\n }\n}\n\nconst ConfirmationConfigFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_confirmationconfig_free(ptr >>> 0, 1));\n/**\n * Unified confirmation configuration passed from main thread to WASM worker\n */\nexport class ConfirmationConfig {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n ConfirmationConfigFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_confirmationconfig_free(ptr, 0);\n }\n /**\n * Type of UI to display for confirmation\n * @returns {ConfirmationUIMode}\n */\n get uiMode() {\n const ret = wasm.__wbg_get_confirmationconfig_uiMode(this.__wbg_ptr);\n return ret;\n }\n /**\n * Type of UI to display for confirmation\n * @param {ConfirmationUIMode} arg0\n */\n set uiMode(arg0) {\n wasm.__wbg_set_confirmationconfig_uiMode(this.__wbg_ptr, arg0);\n }\n /**\n * How the confirmation UI behaves\n * @returns {ConfirmationBehavior}\n */\n get behavior() {\n const ret = wasm.__wbg_get_confirmationconfig_behavior(this.__wbg_ptr);\n return ret;\n }\n /**\n * How the confirmation UI behaves\n * @param {ConfirmationBehavior} arg0\n */\n set behavior(arg0) {\n wasm.__wbg_set_confirmationconfig_behavior(this.__wbg_ptr, arg0);\n }\n /**\n * Delay in milliseconds before auto-proceeding (only used with autoProceedWithDelay)\n * @returns {number | undefined}\n */\n get autoProceedDelay() {\n const ret = wasm.__wbg_get_confirmationconfig_autoProceedDelay(this.__wbg_ptr);\n return ret === 0x100000001 ? undefined : ret;\n }\n /**\n * Delay in milliseconds before auto-proceeding (only used with autoProceedWithDelay)\n * @param {number | null} [arg0]\n */\n set autoProceedDelay(arg0) {\n wasm.__wbg_set_confirmationconfig_autoProceedDelay(this.__wbg_ptr, isLikeNone(arg0) ? 0x100000001 : (arg0) >>> 0);\n }\n /**\n * UI theme preference (dark/light)\n * @returns {string | undefined}\n */\n get theme() {\n const ret = wasm.__wbg_get_confirmationconfig_theme(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * UI theme preference (dark/light)\n * @param {string | null} [arg0]\n */\n set theme(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_confirmationconfig_theme(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst CoseExtractionResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_coseextractionresult_free(ptr >>> 0, 1));\n\nexport class CoseExtractionResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n CoseExtractionResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_coseextractionresult_free(ptr, 0);\n }\n /**\n * @returns {Uint8Array}\n */\n get cosePublicKeyBytes() {\n const ret = wasm.__wbg_get_coseextractionresult_cosePublicKeyBytes(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set cosePublicKeyBytes(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_coseextractionresult_cosePublicKeyBytes(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst DecryptPrivateKeyRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_decryptprivatekeyrequest_free(ptr >>> 0, 1));\n\nexport class DecryptPrivateKeyRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DecryptPrivateKeyRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_decryptprivatekeyrequest_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedPrivateKeyData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_encryptedPrivateKeyData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedPrivateKeyData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @returns {string}\n */\n get encryptedPrivateKeyChacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @param {string} arg0\n */\n set encryptedPrivateKeyChacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} near_account_id\n * @param {string} encrypted_private_key_data\n * @param {string} encrypted_private_key_chacha20_nonce_b64u\n * @param {string} session_id\n */\n constructor(near_account_id, encrypted_private_key_data, encrypted_private_key_chacha20_nonce_b64u, session_id) {\n const ptr0 = passStringToWasm0(near_account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_private_key_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(encrypted_private_key_chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(session_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n const ret = wasm.decryptprivatekeyrequest_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n DecryptPrivateKeyRequestFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst DecryptPrivateKeyResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_decryptprivatekeyresult_free(ptr >>> 0, 1));\n\nexport class DecryptPrivateKeyResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DecryptPrivateKeyResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_decryptprivatekeyresult_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get privateKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyresult_privateKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set privateKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptprivatekeyresult_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} private_key\n * @param {string} near_account_id\n */\n constructor(private_key, near_account_id) {\n const ptr0 = passStringToWasm0(private_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(near_account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.decryptionpayload_new(ptr0, len0, ptr1, len1);\n this.__wbg_ptr = ret >>> 0;\n DecryptPrivateKeyResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst DecryptionPayloadFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_decryptionpayload_free(ptr >>> 0, 1));\n/**\n * Decryption payload (consolidated for deserialization and WASM binding)\n */\nexport class DecryptionPayload {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DecryptionPayloadFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_decryptionpayload_free(ptr, 0);\n }\n /**\n * Encrypted NEAR private key\n * @returns {string}\n */\n get encryptedPrivateKeyData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptionpayload_encryptedPrivateKeyData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Encrypted NEAR private key\n * @param {string} arg0\n */\n set encryptedPrivateKeyData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @returns {string}\n */\n get encryptedPrivateKeyChacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_decryptionpayload_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @param {string} arg0\n */\n set encryptedPrivateKeyChacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} encrypted_private_key_data\n * @param {string} encrypted_private_key_chacha20_nonce_b64u\n */\n constructor(encrypted_private_key_data, encrypted_private_key_chacha20_nonce_b64u) {\n const ptr0 = passStringToWasm0(encrypted_private_key_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_private_key_chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.decryptionpayload_new(ptr0, len0, ptr1, len1);\n this.__wbg_ptr = ret >>> 0;\n DecryptionPayloadFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst DelegateSignResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_delegatesignresult_free(ptr >>> 0, 1));\n\nexport class DelegateSignResult {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(DelegateSignResult.prototype);\n obj.__wbg_ptr = ptr;\n DelegateSignResultFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DelegateSignResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_delegatesignresult_free(ptr, 0);\n }\n /**\n * @returns {boolean}\n */\n get success() {\n const ret = wasm.__wbg_get_delegatesignresult_success(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set success(arg0) {\n wasm.__wbg_set_delegatesignresult_success(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string | undefined}\n */\n get hash() {\n const ret = wasm.__wbg_get_delegatesignresult_hash(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set hash(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_hash(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmSignedDelegate | undefined}\n */\n get signedDelegate() {\n const ret = wasm.__wbg_get_delegatesignresult_signedDelegate(this.__wbg_ptr);\n return ret === 0 ? undefined : WasmSignedDelegate.__wrap(ret);\n }\n /**\n * @param {WasmSignedDelegate | null} [arg0]\n */\n set signedDelegate(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, WasmSignedDelegate);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_delegatesignresult_signedDelegate(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string[]}\n */\n get logs() {\n const ret = wasm.__wbg_get_delegatesignresult_logs(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set logs(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_logs(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get error() {\n const ret = wasm.__wbg_get_delegatesignresult_error(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set error(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_error(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {boolean} success\n * @param {string | null | undefined} hash\n * @param {WasmSignedDelegate | null | undefined} signed_delegate\n * @param {string[]} logs\n * @param {string | null} [error]\n */\n constructor(success, hash, signed_delegate, logs, error) {\n var ptr0 = isLikeNone(hash) ? 0 : passStringToWasm0(hash, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n let ptr1 = 0;\n if (!isLikeNone(signed_delegate)) {\n _assertClass(signed_delegate, WasmSignedDelegate);\n ptr1 = signed_delegate.__destroy_into_raw();\n }\n const ptr2 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(error) ? 0 : passStringToWasm0(error, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.delegatesignresult_new(success, ptr0, len0, ptr1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n DelegateSignResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n /**\n * @param {string[]} logs\n * @param {string} error_msg\n * @returns {DelegateSignResult}\n */\n static failed(logs, error_msg) {\n const ptr0 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(error_msg, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.delegatesignresult_failed(ptr0, len0, ptr1, len1);\n return DelegateSignResult.__wrap(ret);\n }\n}\n\nconst DeriveNearKeypairAndEncryptRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_derivenearkeypairandencryptrequest_free(ptr >>> 0, 1));\n\nexport class DeriveNearKeypairAndEncryptRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DeriveNearKeypairAndEncryptRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_derivenearkeypairandencryptrequest_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {SerializedRegistrationCredential}\n */\n get credential() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr);\n return SerializedRegistrationCredential.__wrap(ret);\n }\n /**\n * @param {SerializedRegistrationCredential} arg0\n */\n set credential(arg0) {\n _assertClass(arg0, SerializedRegistrationCredential);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {AuthenticatorOptions | undefined}\n */\n get authenticatorOptions() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_authenticatorOptions(this.__wbg_ptr);\n return ret === 0 ? undefined : AuthenticatorOptions.__wrap(ret);\n }\n /**\n * @param {AuthenticatorOptions | null} [arg0]\n */\n set authenticatorOptions(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, AuthenticatorOptions);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_derivenearkeypairandencryptrequest_authenticatorOptions(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst DeriveNearKeypairAndEncryptResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_derivenearkeypairandencryptresult_free(ptr >>> 0, 1));\n\nexport class DeriveNearKeypairAndEncryptResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n DeriveNearKeypairAndEncryptResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_derivenearkeypairandencryptresult_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_encryptedData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get chacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_chacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set chacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get wrapKeySalt() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set wrapKeySalt(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {number}\n */\n get version() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_version(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set version(arg0) {\n wasm.__wbg_set_derivenearkeypairandencryptresult_version(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {boolean}\n */\n get stored() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptresult_stored(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set stored(arg0) {\n wasm.__wbg_set_derivenearkeypairandencryptresult_stored(this.__wbg_ptr, arg0);\n }\n /**\n * @param {string} near_account_id\n * @param {string} public_key\n * @param {string} encrypted_data\n * @param {string} chacha20_nonce_b64u\n * @param {string} wrap_key_salt\n * @param {number} version\n * @param {boolean} stored\n */\n constructor(near_account_id, public_key, encrypted_data, chacha20_nonce_b64u, wrap_key_salt, version, stored) {\n const ptr0 = passStringToWasm0(near_account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(encrypted_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n const ptr4 = passStringToWasm0(wrap_key_salt, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len4 = WASM_VECTOR_LEN;\n const ret = wasm.derivenearkeypairandencryptresult_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4, version, stored);\n this.__wbg_ptr = ret >>> 0;\n DeriveNearKeypairAndEncryptResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst Device2TransactionContextFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_device2transactioncontext_free(ptr >>> 0, 1));\n/**\n * Transaction context from NEAR RPC\n */\nexport class Device2TransactionContext {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n Device2TransactionContextFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_device2transactioncontext_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get txBlockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_device2transactioncontext_txBlockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get txBlockHeight() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_device2transactioncontext_txBlockHeight(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHeight(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get baseNonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_device2transactioncontext_baseNonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set baseNonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst ExtractCoseRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_extractcoserequest_free(ptr >>> 0, 1));\n\nexport class ExtractCoseRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n ExtractCoseRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_extractcoserequest_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get attestationObjectBase64url() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_extractcoserequest_attestationObjectBase64url(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set attestationObjectBase64url(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_coseextractionresult_cosePublicKeyBytes(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst KeyActionResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_keyactionresult_free(ptr >>> 0, 1));\n\nexport class KeyActionResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n KeyActionResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_keyactionresult_free(ptr, 0);\n }\n /**\n * @returns {boolean}\n */\n get success() {\n const ret = wasm.__wbg_get_delegatesignresult_success(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set success(arg0) {\n wasm.__wbg_set_delegatesignresult_success(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string | undefined}\n */\n get transactionHash() {\n const ret = wasm.__wbg_get_keyactionresult_transactionHash(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set transactionHash(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_hash(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmSignedTransaction | undefined}\n */\n get signedTransaction() {\n const ret = wasm.__wbg_get_keyactionresult_signedTransaction(this.__wbg_ptr);\n return ret === 0 ? undefined : WasmSignedTransaction.__wrap(ret);\n }\n /**\n * @param {WasmSignedTransaction | null} [arg0]\n */\n set signedTransaction(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, WasmSignedTransaction);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_keyactionresult_signedTransaction(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string[]}\n */\n get logs() {\n const ret = wasm.__wbg_get_keyactionresult_logs(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set logs(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_logs(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get error() {\n const ret = wasm.__wbg_get_keyactionresult_error(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set error(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_delegatesignresult_error(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {boolean} success\n * @param {string | null | undefined} transaction_hash\n * @param {WasmSignedTransaction | null | undefined} signed_transaction\n * @param {string[]} logs\n * @param {string | null} [error]\n */\n constructor(success, transaction_hash, signed_transaction, logs, error) {\n var ptr0 = isLikeNone(transaction_hash) ? 0 : passStringToWasm0(transaction_hash, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n let ptr1 = 0;\n if (!isLikeNone(signed_transaction)) {\n _assertClass(signed_transaction, WasmSignedTransaction);\n ptr1 = signed_transaction.__destroy_into_raw();\n }\n const ptr2 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(error) ? 0 : passStringToWasm0(error, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.keyactionresult_new(success, ptr0, len0, ptr1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n KeyActionResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst OriginPolicyInputFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_originpolicyinput_free(ptr >>> 0, 1));\n/**\n * Origin policy input for WebAuthn registration (user-provided)\n */\nexport class OriginPolicyInput {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(OriginPolicyInput.prototype);\n obj.__wbg_ptr = ptr;\n OriginPolicyInputFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n OriginPolicyInputFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_originpolicyinput_free(ptr, 0);\n }\n /**\n * Exactly one of these should be set\n * @returns {boolean | undefined}\n */\n get single() {\n const ret = wasm.__wbg_get_originpolicyinput_single(this.__wbg_ptr);\n return ret === 0xFFFFFF ? undefined : ret !== 0;\n }\n /**\n * Exactly one of these should be set\n * @param {boolean | null} [arg0]\n */\n set single(arg0) {\n wasm.__wbg_set_originpolicyinput_single(this.__wbg_ptr, isLikeNone(arg0) ? 0xFFFFFF : arg0 ? 1 : 0);\n }\n /**\n * @returns {boolean | undefined}\n */\n get all_subdomains() {\n const ret = wasm.__wbg_get_originpolicyinput_all_subdomains(this.__wbg_ptr);\n return ret === 0xFFFFFF ? undefined : ret !== 0;\n }\n /**\n * @param {boolean | null} [arg0]\n */\n set all_subdomains(arg0) {\n wasm.__wbg_set_originpolicyinput_all_subdomains(this.__wbg_ptr, isLikeNone(arg0) ? 0xFFFFFF : arg0 ? 1 : 0);\n }\n /**\n * @returns {string[] | undefined}\n */\n get multiple() {\n const ret = wasm.__wbg_get_originpolicyinput_multiple(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {string[] | null} [arg0]\n */\n set multiple(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_originpolicyinput_multiple(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst PrfOutputsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_prfoutputs_free(ptr >>> 0, 1));\n\nexport class PrfOutputs {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(PrfOutputs.prototype);\n obj.__wbg_ptr = ptr;\n PrfOutputsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n PrfOutputsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_prfoutputs_free(ptr, 0);\n }\n /**\n * @returns {string | undefined}\n */\n get first() {\n const ret = wasm.__wbg_get_prfoutputs_first(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set first(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_prfoutputs_first(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get second() {\n const ret = wasm.__wbg_get_prfoutputs_second(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set second(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_prfoutputs_second(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst PrfResultsFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_prfresults_free(ptr >>> 0, 1));\n\nexport class PrfResults {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(PrfResults.prototype);\n obj.__wbg_ptr = ptr;\n PrfResultsFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n PrfResultsFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_prfresults_free(ptr, 0);\n }\n /**\n * @returns {PrfOutputs}\n */\n get results() {\n const ret = wasm.__wbg_get_clientextensionresults_prf(this.__wbg_ptr);\n return PrfOutputs.__wrap(ret);\n }\n /**\n * @param {PrfOutputs} arg0\n */\n set results(arg0) {\n _assertClass(arg0, PrfOutputs);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_clientextensionresults_prf(this.__wbg_ptr, ptr0);\n }\n}\n\nconst RecoverKeypairRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_recoverkeypairrequest_free(ptr >>> 0, 1));\n\nexport class RecoverKeypairRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RecoverKeypairRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_recoverkeypairrequest_free(ptr, 0);\n }\n /**\n * @returns {SerializedCredential}\n */\n get credential() {\n const ret = wasm.__wbg_get_recoverkeypairrequest_credential(this.__wbg_ptr);\n return SerializedCredential.__wrap(ret);\n }\n /**\n * @param {SerializedCredential} arg0\n */\n set credential(arg0) {\n _assertClass(arg0, SerializedCredential);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_recoverkeypairrequest_credential(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {string | undefined}\n */\n get accountIdHint() {\n const ret = wasm.__wbg_get_recoverkeypairrequest_accountIdHint(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set accountIdHint(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_recoverkeypairrequest_accountIdHint(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst RecoverKeypairResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_recoverkeypairresult_free(ptr >>> 0, 1));\n\nexport class RecoverKeypairResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RecoverKeypairResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_recoverkeypairresult_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_encryptedData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get chacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_chacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set chacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get wrapKeySalt() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_recoverkeypairresult_wrapKeySalt(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set wrapKeySalt(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get accountIdHint() {\n const ret = wasm.__wbg_get_recoverkeypairresult_accountIdHint(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set accountIdHint(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_recoverkeypairresult_accountIdHint(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} public_key\n * @param {string} encrypted_data\n * @param {string} chacha20_nonce_b64u\n * @param {string} wrap_key_salt\n * @param {string | null} [account_id_hint]\n */\n constructor(public_key, encrypted_data, chacha20_nonce_b64u, wrap_key_salt, account_id_hint) {\n const ptr0 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(wrap_key_salt, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n var ptr4 = isLikeNone(account_id_hint) ? 0 : passStringToWasm0(account_id_hint, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len4 = WASM_VECTOR_LEN;\n const ret = wasm.recoverkeypairresult_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4);\n this.__wbg_ptr = ret >>> 0;\n RecoverKeypairResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst RegisterDevice2WithDerivedKeyRequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registerdevice2withderivedkeyrequest_free(ptr >>> 0, 1));\n/**\n * Request for combined Device2 registration flow.\n * Assumes WrapKeySeed and PRF.second have already been delivered to the signer worker via MessagePort.\n */\nexport class RegisterDevice2WithDerivedKeyRequest {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegisterDevice2WithDerivedKeyRequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registerdevice2withderivedkeyrequest_free(ptr, 0);\n }\n /**\n * Session ID (identifies the MessagePort session where WrapKeySeed and PRF.second were delivered)\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyrequest_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Session ID (identifies the MessagePort session where WrapKeySeed and PRF.second were delivered)\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Serialized registration credential (contains PRF.second in client extension results)\n * @returns {SerializedRegistrationCredential}\n */\n get credential() {\n const ret = wasm.__wbg_get_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr);\n return SerializedRegistrationCredential.__wrap(ret);\n }\n /**\n * Serialized registration credential (contains PRF.second in client extension results)\n * @param {SerializedRegistrationCredential} arg0\n */\n set credential(arg0) {\n _assertClass(arg0, SerializedRegistrationCredential);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_derivenearkeypairandencryptrequest_credential(this.__wbg_ptr, ptr0);\n }\n /**\n * NEAR account ID for Device2\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyrequest_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * NEAR account ID for Device2\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Contract ID (Receiver ID for the transaction)\n * @returns {string}\n */\n get contractId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyrequest_contractId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Contract ID (Receiver ID for the transaction)\n * @param {string} arg0\n */\n set contractId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyrequest_contractId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst RegisterDevice2WithDerivedKeyResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registerdevice2withderivedkeyresult_free(ptr >>> 0, 1));\n/**\n * Result of combined Device2 registration\n */\nexport class RegisterDevice2WithDerivedKeyResult {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegisterDevice2WithDerivedKeyResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registerdevice2withderivedkeyresult_free(ptr, 0);\n }\n /**\n * Derived NEAR public key (ed25519, base58-encoded)\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Derived NEAR public key (ed25519, base58-encoded)\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_publicKey(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Encrypted NEAR private key (base64url-encoded)\n * @returns {string}\n */\n get encryptedData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_encryptedData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * Encrypted NEAR private key (base64url-encoded)\n * @param {string} arg0\n */\n set encryptedData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_encryptedData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce used for encryption (base64url-encoded)\n * @returns {string}\n */\n get chacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_chacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce used for encryption (base64url-encoded)\n * @param {string} arg0\n */\n set chacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_chacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * WrapKeySalt used for KEK derivation (base64url-encoded)\n * @returns {string}\n */\n get wrapKeySalt() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_wrapKeySalt(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * WrapKeySalt used for KEK derivation (base64url-encoded)\n * @param {string} arg0\n */\n set wrapKeySalt(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registerdevice2withderivedkeyresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * Signed registration transaction (borsh-serialized, base64url-encoded)\n * @returns {WasmSignedTransaction}\n */\n get signedTransaction() {\n const ret = wasm.__wbg_get_registerdevice2withderivedkeyresult_signedTransaction(this.__wbg_ptr);\n return WasmSignedTransaction.__wrap(ret);\n }\n /**\n * Signed registration transaction (borsh-serialized, base64url-encoded)\n * @param {WasmSignedTransaction} arg0\n */\n set signedTransaction(arg0) {\n _assertClass(arg0, WasmSignedTransaction);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_registerdevice2withderivedkeyresult_signedTransaction(this.__wbg_ptr, ptr0);\n }\n /**\n * @param {string} public_key\n * @param {string} encrypted_data\n * @param {string} chacha20_nonce_b64u\n * @param {string} wrap_key_salt\n * @param {WasmSignedTransaction} signed_transaction\n */\n constructor(public_key, encrypted_data, chacha20_nonce_b64u, wrap_key_salt, signed_transaction) {\n const ptr0 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(encrypted_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(chacha20_nonce_b64u, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(wrap_key_salt, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n _assertClass(signed_transaction, WasmSignedTransaction);\n var ptr4 = signed_transaction.__destroy_into_raw();\n const ret = wasm.registerdevice2withderivedkeyresult_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4);\n this.__wbg_ptr = ret >>> 0;\n RegisterDevice2WithDerivedKeyResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst RegistrationPayloadFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registrationpayload_free(ptr >>> 0, 1));\n\nexport class RegistrationPayload {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegistrationPayloadFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registrationpayload_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationpayload_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationpayload_nonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get blockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationpayload_blockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set blockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get deterministicVrfPublicKey() {\n const ret = wasm.__wbg_get_registrationpayload_deterministicVrfPublicKey(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set deterministicVrfPublicKey(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {number | undefined}\n */\n get deviceNumber() {\n const ret = wasm.__wbg_get_registrationpayload_deviceNumber(this.__wbg_ptr);\n return ret === 0xFFFFFF ? undefined : ret;\n }\n /**\n * @param {number | null} [arg0]\n */\n set deviceNumber(arg0) {\n wasm.__wbg_set_registrationpayload_deviceNumber(this.__wbg_ptr, isLikeNone(arg0) ? 0xFFFFFF : arg0);\n }\n /**\n * @returns {AuthenticatorOptions | undefined}\n */\n get authenticatorOptions() {\n const ret = wasm.__wbg_get_registrationpayload_authenticatorOptions(this.__wbg_ptr);\n return ret === 0 ? undefined : AuthenticatorOptions.__wrap(ret);\n }\n /**\n * @param {AuthenticatorOptions | null} [arg0]\n */\n set authenticatorOptions(arg0) {\n let ptr0 = 0;\n if (!isLikeNone(arg0)) {\n _assertClass(arg0, AuthenticatorOptions);\n ptr0 = arg0.__destroy_into_raw();\n }\n wasm.__wbg_set_registrationpayload_authenticatorOptions(this.__wbg_ptr, ptr0);\n }\n}\n\nconst RegistrationResponseFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_registrationresponse_free(ptr >>> 0, 1));\n\nexport class RegistrationResponse {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(RegistrationResponse.prototype);\n obj.__wbg_ptr = ptr;\n RegistrationResponseFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RegistrationResponseFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_registrationresponse_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get clientDataJSON() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationresponse_clientDataJSON(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set clientDataJSON(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get attestationObject() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_registrationresponse_attestationObject(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set attestationObject(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string[]}\n */\n get transports() {\n const ret = wasm.__wbg_get_registrationresponse_transports(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set transports(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_registrationresponse_transports(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst RpcCallPayloadFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_rpccallpayload_free(ptr >>> 0, 1));\n/**\n * RPC call parameters for NEAR operations and VRF generation\n * Used to pass essential parameters for background operations\n */\nexport class RpcCallPayload {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n RpcCallPayloadFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_rpccallpayload_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get contractId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_rpccallpayload_contractId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set contractId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nearRpcUrl() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_rpccallpayload_nearRpcUrl(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearRpcUrl(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nearAccountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_rpccallpayload_nearAccountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearAccountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst SerializedCredentialFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_serializedcredential_free(ptr >>> 0, 1));\n\nexport class SerializedCredential {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(SerializedCredential.prototype);\n obj.__wbg_ptr = ptr;\n SerializedCredentialFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SerializedCredentialFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_serializedcredential_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedcredential_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get rawId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedcredential_rawId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set rawId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedcredential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticatorAttachment() {\n const ret = wasm.__wbg_get_serializedcredential_authenticatorAttachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticatorAttachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {AuthenticationResponse}\n */\n get response() {\n const ret = wasm.__wbg_get_serializedcredential_response(this.__wbg_ptr);\n return AuthenticationResponse.__wrap(ret);\n }\n /**\n * @param {AuthenticationResponse} arg0\n */\n set response(arg0) {\n _assertClass(arg0, AuthenticationResponse);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedcredential_response(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {ClientExtensionResults}\n */\n get clientExtensionResults() {\n const ret = wasm.__wbg_get_serializedcredential_clientExtensionResults(this.__wbg_ptr);\n return ClientExtensionResults.__wrap(ret);\n }\n /**\n * @param {ClientExtensionResults} arg0\n */\n set clientExtensionResults(arg0) {\n _assertClass(arg0, ClientExtensionResults);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedcredential_clientExtensionResults(this.__wbg_ptr, ptr0);\n }\n}\n\nconst SerializedRegistrationCredentialFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_serializedregistrationcredential_free(ptr >>> 0, 1));\n\nexport class SerializedRegistrationCredential {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(SerializedRegistrationCredential.prototype);\n obj.__wbg_ptr = ptr;\n SerializedRegistrationCredentialFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SerializedRegistrationCredentialFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_serializedregistrationcredential_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedregistrationcredential_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get rawId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedregistrationcredential_rawId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set rawId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_serializedregistrationcredential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticatorAttachment() {\n const ret = wasm.__wbg_get_serializedregistrationcredential_authenticatorAttachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticatorAttachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedregistrationcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {RegistrationResponse}\n */\n get response() {\n const ret = wasm.__wbg_get_serializedregistrationcredential_response(this.__wbg_ptr);\n return RegistrationResponse.__wrap(ret);\n }\n /**\n * @param {RegistrationResponse} arg0\n */\n set response(arg0) {\n _assertClass(arg0, RegistrationResponse);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedregistrationcredential_response(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {ClientExtensionResults}\n */\n get clientExtensionResults() {\n const ret = wasm.__wbg_get_serializedregistrationcredential_clientExtensionResults(this.__wbg_ptr);\n return ClientExtensionResults.__wrap(ret);\n }\n /**\n * @param {ClientExtensionResults} arg0\n */\n set clientExtensionResults(arg0) {\n _assertClass(arg0, ClientExtensionResults);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_serializedregistrationcredential_clientExtensionResults(this.__wbg_ptr, ptr0);\n }\n}\n\nconst SignNep413RequestFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_signnep413request_free(ptr >>> 0, 1));\n\nexport class SignNep413Request {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SignNep413RequestFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_signnep413request_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get message() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_message(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set message(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get recipient() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_recipient(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set recipient(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_nonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get state() {\n const ret = wasm.__wbg_get_signnep413request_state(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set state(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get accountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_accountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set accountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get encryptedPrivateKeyData() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_encryptedPrivateKeyData(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set encryptedPrivateKeyData(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @returns {string}\n */\n get encryptedPrivateKeyChacha20NonceB64u() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * ChaCha20-Poly1305 nonce (base64url) for `encryptedPrivateKeyData`.\n * @param {string} arg0\n */\n set encryptedPrivateKeyChacha20NonceB64u(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get sessionId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413request_sessionId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set sessionId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst SignNep413ResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_signnep413result_free(ptr >>> 0, 1));\n\nexport class SignNep413Result {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n SignNep413ResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_signnep413result_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get accountId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413result_accountId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set accountId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get publicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413result_publicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set publicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get signature() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_signnep413result_signature(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signature(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get state() {\n const ret = wasm.__wbg_get_signnep413result_state(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set state(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} account_id\n * @param {string} public_key\n * @param {string} signature\n * @param {string | null} [state]\n */\n constructor(account_id, public_key, signature, state) {\n const ptr0 = passStringToWasm0(account_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(public_key, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(signature, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(state) ? 0 : passStringToWasm0(state, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.signnep413result_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n SignNep413ResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst TransactionContextFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_transactioncontext_free(ptr >>> 0, 1));\n/**\n * Transaction context containing NEAR blockchain data\n * Computed in the main thread confirmation flow\n */\nexport class TransactionContext {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n TransactionContextFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_transactioncontext_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get nearPublicKeyStr() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_nearPublicKeyStr(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nearPublicKeyStr(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get nextNonce() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_nextNonce(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set nextNonce(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get txBlockHeight() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_txBlockHeight(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHeight(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get txBlockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_transactioncontext_txBlockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set txBlockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst TransactionSignResultFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_transactionsignresult_free(ptr >>> 0, 1));\n\nexport class TransactionSignResult {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(TransactionSignResult.prototype);\n obj.__wbg_ptr = ptr;\n TransactionSignResultFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n TransactionSignResultFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_transactionsignresult_free(ptr, 0);\n }\n /**\n * @returns {boolean}\n */\n get success() {\n const ret = wasm.__wbg_get_transactionsignresult_success(this.__wbg_ptr);\n return ret !== 0;\n }\n /**\n * @param {boolean} arg0\n */\n set success(arg0) {\n wasm.__wbg_set_transactionsignresult_success(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string[] | undefined}\n */\n get transactionHashes() {\n const ret = wasm.__wbg_get_transactionsignresult_transactionHashes(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {string[] | null} [arg0]\n */\n set transactionHashes(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_transactionsignresult_transactionHashes(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmSignedTransaction[] | undefined}\n */\n get signedTransactions() {\n const ret = wasm.__wbg_get_transactionsignresult_signedTransactions(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {WasmSignedTransaction[] | null} [arg0]\n */\n set signedTransactions(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_transactionsignresult_signedTransactions(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string[]}\n */\n get logs() {\n const ret = wasm.__wbg_get_transactionsignresult_logs(this.__wbg_ptr);\n var v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n return v1;\n }\n /**\n * @param {string[]} arg0\n */\n set logs(arg0) {\n const ptr0 = passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_transactionsignresult_logs(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get error() {\n const ret = wasm.__wbg_get_transactionsignresult_error(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set error(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_userHandle(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {boolean} success\n * @param {string[] | null | undefined} transaction_hashes\n * @param {WasmSignedTransaction[] | null | undefined} signed_transactions\n * @param {string[]} logs\n * @param {string | null} [error]\n */\n constructor(success, transaction_hashes, signed_transactions, logs, error) {\n var ptr0 = isLikeNone(transaction_hashes) ? 0 : passArrayJsValueToWasm0(transaction_hashes, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n var ptr1 = isLikeNone(signed_transactions) ? 0 : passArrayJsValueToWasm0(signed_transactions, wasm.__wbindgen_malloc);\n var len1 = WASM_VECTOR_LEN;\n const ptr2 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(error) ? 0 : passStringToWasm0(error, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ret = wasm.transactionsignresult_new(success, ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3);\n this.__wbg_ptr = ret >>> 0;\n TransactionSignResultFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n /**\n * Helper function to create a failed TransactionSignResult\n * @param {string[]} logs\n * @param {string} error_msg\n * @returns {TransactionSignResult}\n */\n static failed(logs, error_msg) {\n const ptr0 = passArrayJsValueToWasm0(logs, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(error_msg, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ret = wasm.transactionsignresult_failed(ptr0, len0, ptr1, len1);\n return TransactionSignResult.__wrap(ret);\n }\n}\n\nconst VrfChallengeFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_vrfchallenge_free(ptr >>> 0, 1));\n\nexport class VrfChallenge {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n VrfChallengeFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_vrfchallenge_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get vrfInput() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfInput(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfInput(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get vrfOutput() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfOutput(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfOutput(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get vrfProof() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfProof(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfProof(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get vrfPublicKey() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_vrfPublicKey(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set vrfPublicKey(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get userId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_userId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set userId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get rpId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_rpId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set rpId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get blockHeight() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_blockHeight(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set blockHeight(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get blockHash() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_vrfchallenge_blockHash(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set blockHash(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_vrfchallenge_blockHash(this.__wbg_ptr, ptr0, len0);\n }\n}\n\nconst WasmDelegateActionFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmdelegateaction_free(ptr >>> 0, 1));\n\nexport class WasmDelegateAction {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmDelegateAction.prototype);\n obj.__wbg_ptr = ptr;\n WasmDelegateActionFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmDelegateActionFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmdelegateaction_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get senderId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmdelegateaction_senderId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set senderId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_senderId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get receiverId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmdelegateaction_receiverId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set receiverId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_receiverId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {any}\n */\n get actions() {\n const ret = wasm.__wbg_get_wasmdelegateaction_actions(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {any} arg0\n */\n set actions(arg0) {\n wasm.__wbg_set_wasmdelegateaction_actions(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {bigint}\n */\n get nonce() {\n const ret = wasm.__wbg_get_wasmdelegateaction_nonce(this.__wbg_ptr);\n return BigInt.asUintN(64, ret);\n }\n /**\n * @param {bigint} arg0\n */\n set nonce(arg0) {\n wasm.__wbg_set_wasmdelegateaction_nonce(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {bigint}\n */\n get maxBlockHeight() {\n const ret = wasm.__wbg_get_wasmdelegateaction_maxBlockHeight(this.__wbg_ptr);\n return BigInt.asUintN(64, ret);\n }\n /**\n * @param {bigint} arg0\n */\n set maxBlockHeight(arg0) {\n wasm.__wbg_set_wasmdelegateaction_maxBlockHeight(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {WasmPublicKey}\n */\n get publicKey() {\n const ret = wasm.__wbg_get_wasmdelegateaction_publicKey(this.__wbg_ptr);\n return WasmPublicKey.__wrap(ret);\n }\n /**\n * @param {WasmPublicKey} arg0\n */\n set publicKey(arg0) {\n _assertClass(arg0, WasmPublicKey);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmdelegateaction_publicKey(this.__wbg_ptr, ptr0);\n }\n}\n\nconst WasmPublicKeyFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmpublickey_free(ptr >>> 0, 1));\n\nexport class WasmPublicKey {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmPublicKey.prototype);\n obj.__wbg_ptr = ptr;\n WasmPublicKeyFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmPublicKeyFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmpublickey_free(ptr, 0);\n }\n /**\n * @returns {number}\n */\n get keyType() {\n const ret = wasm.__wbg_get_wasmpublickey_keyType(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set keyType(arg0) {\n wasm.__wbg_set_wasmpublickey_keyType(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {Uint8Array}\n */\n get keyData() {\n const ret = wasm.__wbg_get_wasmpublickey_keyData(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set keyData(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {number} keyType\n * @param {Uint8Array} keyData\n */\n constructor(keyType, keyData) {\n const ptr0 = passArray8ToWasm0(keyData, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ret = wasm.wasmpublickey_new(keyType, ptr0, len0);\n this.__wbg_ptr = ret >>> 0;\n WasmPublicKeyFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WasmSignatureFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmsignature_free(ptr >>> 0, 1));\n\nexport class WasmSignature {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmSignature.prototype);\n obj.__wbg_ptr = ptr;\n WasmSignatureFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmSignatureFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmsignature_free(ptr, 0);\n }\n /**\n * @returns {number}\n */\n get keyType() {\n const ret = wasm.__wbg_get_wasmpublickey_keyType(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set keyType(arg0) {\n wasm.__wbg_set_wasmpublickey_keyType(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {Uint8Array}\n */\n get signatureData() {\n const ret = wasm.__wbg_get_wasmsignature_signatureData(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set signatureData(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {number} keyType\n * @param {Uint8Array} signatureData\n */\n constructor(keyType, signatureData) {\n const ptr0 = passArray8ToWasm0(signatureData, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n const ret = wasm.wasmpublickey_new(keyType, ptr0, len0);\n this.__wbg_ptr = ret >>> 0;\n WasmSignatureFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WasmSignedDelegateFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmsigneddelegate_free(ptr >>> 0, 1));\n\nexport class WasmSignedDelegate {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmSignedDelegate.prototype);\n obj.__wbg_ptr = ptr;\n WasmSignedDelegateFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmSignedDelegateFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmsigneddelegate_free(ptr, 0);\n }\n /**\n * @returns {WasmDelegateAction}\n */\n get delegateAction() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_delegateAction(this.__wbg_ptr);\n return WasmDelegateAction.__wrap(ret);\n }\n /**\n * @param {WasmDelegateAction} arg0\n */\n set delegateAction(arg0) {\n _assertClass(arg0, WasmDelegateAction);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsigneddelegate_delegateAction(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {WasmSignature}\n */\n get signature() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_signature(this.__wbg_ptr);\n return WasmSignature.__wrap(ret);\n }\n /**\n * @param {WasmSignature} arg0\n */\n set signature(arg0) {\n _assertClass(arg0, WasmSignature);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsigneddelegate_signature(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {Uint8Array}\n */\n get borshBytes() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_borshBytes(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set borshBytes(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmsigneddelegate_borshBytes(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {WasmDelegateAction} delegateAction\n * @param {WasmSignature} signature\n * @param {Uint8Array} borshBytes\n */\n constructor(delegateAction, signature, borshBytes) {\n _assertClass(delegateAction, WasmDelegateAction);\n var ptr0 = delegateAction.__destroy_into_raw();\n _assertClass(signature, WasmSignature);\n var ptr1 = signature.__destroy_into_raw();\n const ptr2 = passArray8ToWasm0(borshBytes, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n const ret = wasm.wasmsigneddelegate_new(ptr0, ptr1, ptr2, len2);\n this.__wbg_ptr = ret >>> 0;\n WasmSignedDelegateFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n /**\n * @returns {Uint8Array}\n */\n to_borsh_bytes() {\n const ret = wasm.wasmsigneddelegate_to_borsh_bytes(this.__wbg_ptr);\n if (ret[3]) {\n throw takeFromExternrefTable0(ret[2]);\n }\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n}\n\nconst WasmSignedTransactionFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmsignedtransaction_free(ptr >>> 0, 1));\n\nexport class WasmSignedTransaction {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmSignedTransaction.prototype);\n obj.__wbg_ptr = ptr;\n WasmSignedTransactionFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n static __unwrap(jsValue) {\n if (!(jsValue instanceof WasmSignedTransaction)) {\n return 0;\n }\n return jsValue.__destroy_into_raw();\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmSignedTransactionFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmsignedtransaction_free(ptr, 0);\n }\n /**\n * @returns {WasmTransaction}\n */\n get transaction() {\n const ret = wasm.__wbg_get_wasmsignedtransaction_transaction(this.__wbg_ptr);\n return WasmTransaction.__wrap(ret);\n }\n /**\n * @param {WasmTransaction} arg0\n */\n set transaction(arg0) {\n _assertClass(arg0, WasmTransaction);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsignedtransaction_transaction(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {WasmSignature}\n */\n get signature() {\n const ret = wasm.__wbg_get_wasmsigneddelegate_signature(this.__wbg_ptr);\n return WasmSignature.__wrap(ret);\n }\n /**\n * @param {WasmSignature} arg0\n */\n set signature(arg0) {\n _assertClass(arg0, WasmSignature);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmsigneddelegate_signature(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {Uint8Array}\n */\n get borshBytes() {\n const ret = wasm.__wbg_get_wasmsignedtransaction_borshBytes(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set borshBytes(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmsigneddelegate_borshBytes(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {WasmTransaction} transaction\n * @param {WasmSignature} signature\n * @param {Uint8Array} borshBytes\n */\n constructor(transaction, signature, borshBytes) {\n _assertClass(transaction, WasmTransaction);\n var ptr0 = transaction.__destroy_into_raw();\n _assertClass(signature, WasmSignature);\n var ptr1 = signature.__destroy_into_raw();\n const ptr2 = passArray8ToWasm0(borshBytes, wasm.__wbindgen_malloc);\n const len2 = WASM_VECTOR_LEN;\n const ret = wasm.wasmsigneddelegate_new(ptr0, ptr1, ptr2, len2);\n this.__wbg_ptr = ret >>> 0;\n WasmSignedTransactionFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WasmTransactionFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_wasmtransaction_free(ptr >>> 0, 1));\n\nexport class WasmTransaction {\n\n static __wrap(ptr) {\n ptr = ptr >>> 0;\n const obj = Object.create(WasmTransaction.prototype);\n obj.__wbg_ptr = ptr;\n WasmTransactionFinalization.register(obj, obj.__wbg_ptr, obj);\n return obj;\n }\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WasmTransactionFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_wasmtransaction_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get signerId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmtransaction_signerId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signerId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmtransaction_signerId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {WasmPublicKey}\n */\n get publicKey() {\n const ret = wasm.__wbg_get_wasmdelegateaction_publicKey(this.__wbg_ptr);\n return WasmPublicKey.__wrap(ret);\n }\n /**\n * @param {WasmPublicKey} arg0\n */\n set publicKey(arg0) {\n _assertClass(arg0, WasmPublicKey);\n var ptr0 = arg0.__destroy_into_raw();\n wasm.__wbg_set_wasmdelegateaction_publicKey(this.__wbg_ptr, ptr0);\n }\n /**\n * @returns {bigint}\n */\n get nonce() {\n const ret = wasm.__wbg_get_wasmdelegateaction_nonce(this.__wbg_ptr);\n return BigInt.asUintN(64, ret);\n }\n /**\n * @param {bigint} arg0\n */\n set nonce(arg0) {\n wasm.__wbg_set_wasmdelegateaction_nonce(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string}\n */\n get receiverId() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_wasmtransaction_receiverId(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set receiverId(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmtransaction_receiverId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {Uint8Array}\n */\n get blockHash() {\n const ret = wasm.__wbg_get_wasmtransaction_blockHash(this.__wbg_ptr);\n var v1 = getArrayU8FromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n return v1;\n }\n /**\n * @param {Uint8Array} arg0\n */\n set blockHash(arg0) {\n const ptr0 = passArray8ToWasm0(arg0, wasm.__wbindgen_malloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmtransaction_blockHash(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {any}\n */\n get actions() {\n const ret = wasm.__wbg_get_wasmtransaction_actions(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {any} arg0\n */\n set actions(arg0) {\n wasm.__wbg_set_wasmtransaction_actions(this.__wbg_ptr, arg0);\n }\n /**\n * @param {string} signerId\n * @param {WasmPublicKey} publicKey\n * @param {bigint} nonce\n * @param {string} receiverId\n * @param {Uint8Array} blockHash\n * @param {any} actions\n */\n constructor(signerId, publicKey, nonce, receiverId, blockHash, actions) {\n const ptr0 = passStringToWasm0(signerId, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n _assertClass(publicKey, WasmPublicKey);\n var ptr1 = publicKey.__destroy_into_raw();\n const ptr2 = passStringToWasm0(receiverId, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passArray8ToWasm0(blockHash, wasm.__wbindgen_malloc);\n const len3 = WASM_VECTOR_LEN;\n const ret = wasm.wasmtransaction_new(ptr0, len0, ptr1, nonce, ptr2, len2, ptr3, len3, actions);\n this.__wbg_ptr = ret >>> 0;\n WasmTransactionFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WebAuthnAuthenticationCredentialStructFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_webauthnauthenticationcredentialstruct_free(ptr >>> 0, 1));\n\nexport class WebAuthnAuthenticationCredentialStruct {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WebAuthnAuthenticationCredentialStructFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_webauthnauthenticationcredentialstruct_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get raw_id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_raw_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set raw_id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get credential_type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_credential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set credential_type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticator_attachment() {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_authenticator_attachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticator_attachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedregistrationcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get client_data_json() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_client_data_json(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set client_data_json(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get authenticator_data() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_authenticator_data(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set authenticator_data(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get signature() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_signature(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set signature(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_signnep413request_encryptedPrivateKeyChacha20NonceB64u(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get user_handle() {\n const ret = wasm.__wbg_get_webauthnauthenticationcredentialstruct_user_handle(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set user_handle(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} id\n * @param {string} raw_id\n * @param {string} credential_type\n * @param {string | null | undefined} authenticator_attachment\n * @param {string} client_data_json\n * @param {string} authenticator_data\n * @param {string} signature\n * @param {string | null} [user_handle]\n */\n constructor(id, raw_id, credential_type, authenticator_attachment, client_data_json, authenticator_data, signature, user_handle) {\n const ptr0 = passStringToWasm0(id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(raw_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(credential_type, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(authenticator_attachment) ? 0 : passStringToWasm0(authenticator_attachment, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ptr4 = passStringToWasm0(client_data_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len4 = WASM_VECTOR_LEN;\n const ptr5 = passStringToWasm0(authenticator_data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len5 = WASM_VECTOR_LEN;\n const ptr6 = passStringToWasm0(signature, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len6 = WASM_VECTOR_LEN;\n var ptr7 = isLikeNone(user_handle) ? 0 : passStringToWasm0(user_handle, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len7 = WASM_VECTOR_LEN;\n const ret = wasm.webauthnauthenticationcredentialstruct_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4, ptr5, len5, ptr6, len6, ptr7, len7);\n this.__wbg_ptr = ret >>> 0;\n WebAuthnAuthenticationCredentialStructFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WebAuthnRegistrationCredentialStructFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_webauthnregistrationcredentialstruct_free(ptr >>> 0, 1));\n\nexport class WebAuthnRegistrationCredentialStruct {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WebAuthnRegistrationCredentialStructFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_webauthnregistrationcredentialstruct_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_clientDataJSON(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get raw_id() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_raw_id(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set raw_id(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_authenticatorData(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get credential_type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_credential_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set credential_type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_authenticationresponse_signature(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get authenticator_attachment() {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_authenticator_attachment(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set authenticator_attachment(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_webauthnregistrationcredentialstruct_authenticator_attachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get client_data_json() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_client_data_json(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set client_data_json(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_decryptprivatekeyrequest_sessionId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get attestation_object() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_attestation_object(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set attestation_object(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_derivenearkeypairandencryptresult_wrapKeySalt(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string[] | undefined}\n */\n get transports() {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_transports(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getArrayJsValueFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 4, 4);\n }\n return v1;\n }\n /**\n * @param {string[] | null} [arg0]\n */\n set transports(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passArrayJsValueToWasm0(arg0, wasm.__wbindgen_malloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_webauthnregistrationcredentialstruct_transports(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string | undefined}\n */\n get ed25519_prf_output() {\n const ret = wasm.__wbg_get_webauthnregistrationcredentialstruct_ed25519_prf_output(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set ed25519_prf_output(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_serializedcredential_authenticatorAttachment(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} id\n * @param {string} raw_id\n * @param {string} credential_type\n * @param {string | null | undefined} authenticator_attachment\n * @param {string} client_data_json\n * @param {string} attestation_object\n * @param {string[] | null} [transports]\n * @param {string | null} [ed25519_prf_output]\n */\n constructor(id, raw_id, credential_type, authenticator_attachment, client_data_json, attestation_object, transports, ed25519_prf_output) {\n const ptr0 = passStringToWasm0(id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(raw_id, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(credential_type, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n var ptr3 = isLikeNone(authenticator_attachment) ? 0 : passStringToWasm0(authenticator_attachment, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len3 = WASM_VECTOR_LEN;\n const ptr4 = passStringToWasm0(client_data_json, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len4 = WASM_VECTOR_LEN;\n const ptr5 = passStringToWasm0(attestation_object, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len5 = WASM_VECTOR_LEN;\n var ptr6 = isLikeNone(transports) ? 0 : passArrayJsValueToWasm0(transports, wasm.__wbindgen_malloc);\n var len6 = WASM_VECTOR_LEN;\n var ptr7 = isLikeNone(ed25519_prf_output) ? 0 : passStringToWasm0(ed25519_prf_output, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len7 = WASM_VECTOR_LEN;\n const ret = wasm.webauthnregistrationcredentialstruct_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, ptr4, len4, ptr5, len5, ptr6, len6, ptr7, len7);\n this.__wbg_ptr = ret >>> 0;\n WebAuthnRegistrationCredentialStructFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nconst WorkerProgressMessageFinalization = (typeof FinalizationRegistry === 'undefined')\n ? { register: () => {}, unregister: () => {} }\n : new FinalizationRegistry(ptr => wasm.__wbg_workerprogressmessage_free(ptr >>> 0, 1));\n/**\n * Base progress message structure sent from WASM to TypeScript\n * Auto-generates TypeScript interface: WorkerProgressMessage\n */\nexport class WorkerProgressMessage {\n\n __destroy_into_raw() {\n const ptr = this.__wbg_ptr;\n this.__wbg_ptr = 0;\n WorkerProgressMessageFinalization.unregister(this);\n return ptr;\n }\n\n free() {\n const ptr = this.__destroy_into_raw();\n wasm.__wbg_workerprogressmessage_free(ptr, 0);\n }\n /**\n * @returns {string}\n */\n get message_type() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_message_type(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set message_type(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_workerprogressmessage_message_type(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get step() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_step(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set step(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_workerprogressmessage_step(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get message() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_message(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set message(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_senderId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {string}\n */\n get status() {\n let deferred1_0;\n let deferred1_1;\n try {\n const ret = wasm.__wbg_get_workerprogressmessage_status(this.__wbg_ptr);\n deferred1_0 = ret[0];\n deferred1_1 = ret[1];\n return getStringFromWasm0(ret[0], ret[1]);\n } finally {\n wasm.__wbindgen_free(deferred1_0, deferred1_1, 1);\n }\n }\n /**\n * @param {string} arg0\n */\n set status(arg0) {\n const ptr0 = passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_wasmdelegateaction_receiverId(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @returns {number}\n */\n get timestamp() {\n const ret = wasm.__wbg_get_workerprogressmessage_timestamp(this.__wbg_ptr);\n return ret;\n }\n /**\n * @param {number} arg0\n */\n set timestamp(arg0) {\n wasm.__wbg_set_workerprogressmessage_timestamp(this.__wbg_ptr, arg0);\n }\n /**\n * @returns {string | undefined}\n */\n get data() {\n const ret = wasm.__wbg_get_workerprogressmessage_data(this.__wbg_ptr);\n let v1;\n if (ret[0] !== 0) {\n v1 = getStringFromWasm0(ret[0], ret[1]).slice();\n wasm.__wbindgen_free(ret[0], ret[1] * 1, 1);\n }\n return v1;\n }\n /**\n * @param {string | null} [arg0]\n */\n set data(arg0) {\n var ptr0 = isLikeNone(arg0) ? 0 : passStringToWasm0(arg0, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len0 = WASM_VECTOR_LEN;\n wasm.__wbg_set_workerprogressmessage_data(this.__wbg_ptr, ptr0, len0);\n }\n /**\n * @param {string} message_type\n * @param {string} step\n * @param {string} message\n * @param {string} status\n * @param {number} timestamp\n * @param {string | null} [data]\n */\n constructor(message_type, step, message, status, timestamp, data) {\n const ptr0 = passStringToWasm0(message_type, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len0 = WASM_VECTOR_LEN;\n const ptr1 = passStringToWasm0(step, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n const ptr2 = passStringToWasm0(message, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len2 = WASM_VECTOR_LEN;\n const ptr3 = passStringToWasm0(status, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len3 = WASM_VECTOR_LEN;\n var ptr4 = isLikeNone(data) ? 0 : passStringToWasm0(data, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len4 = WASM_VECTOR_LEN;\n const ret = wasm.workerprogressmessage_new(ptr0, len0, ptr1, len1, ptr2, len2, ptr3, len3, timestamp, ptr4, len4);\n this.__wbg_ptr = ret >>> 0;\n WorkerProgressMessageFinalization.register(this, this.__wbg_ptr, this);\n return this;\n }\n}\n\nasync function __wbg_load(module, imports) {\n if (typeof Response === 'function' && module instanceof Response) {\n if (typeof WebAssembly.instantiateStreaming === 'function') {\n try {\n return await WebAssembly.instantiateStreaming(module, imports);\n\n } catch (e) {\n if (module.headers.get('Content-Type') != 'application/wasm') {\n console.warn(\"`WebAssembly.instantiateStreaming` failed because your server does not serve Wasm with `application/wasm` MIME type. Falling back to `WebAssembly.instantiate` which is slower. Original error:\\n\", e);\n\n } else {\n throw e;\n }\n }\n }\n\n const bytes = await module.arrayBuffer();\n return await WebAssembly.instantiate(bytes, imports);\n\n } else {\n const instance = await WebAssembly.instantiate(module, imports);\n\n if (instance instanceof WebAssembly.Instance) {\n return { instance, module };\n\n } else {\n return instance;\n }\n }\n}\n\nfunction __wbg_get_imports() {\n const imports = {};\n imports.wbg = {};\n imports.wbg.__wbg_String_8f0eb39a4a4c2f66 = function(arg0, arg1) {\n const ret = String(arg1);\n const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);\n };\n imports.wbg.__wbg_buffer_609cc3eee51ed158 = function(arg0) {\n const ret = arg0.buffer;\n return ret;\n };\n imports.wbg.__wbg_call_672a4d21634d4a24 = function() { return handleError(function (arg0, arg1) {\n const ret = arg0.call(arg1);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_call_7cccdd69e0791ae2 = function() { return handleError(function (arg0, arg1, arg2) {\n const ret = arg0.call(arg1, arg2);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_call_833bed5770ea2041 = function() { return handleError(function (arg0, arg1, arg2, arg3) {\n const ret = arg0.call(arg1, arg2, arg3);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_close_414b379454494b29 = function(arg0) {\n arg0.close();\n };\n imports.wbg.__wbg_crypto_574e78ad8b13b65f = function(arg0) {\n const ret = arg0.crypto;\n return ret;\n };\n imports.wbg.__wbg_done_769e5ede4b31c67b = function(arg0) {\n const ret = arg0.done;\n return ret;\n };\n imports.wbg.__wbg_entries_3265d4158b33e5dc = function(arg0) {\n const ret = Object.entries(arg0);\n return ret;\n };\n imports.wbg.__wbg_getRandomValues_b8f5dbd5f3995a9e = function() { return handleError(function (arg0, arg1) {\n arg0.getRandomValues(arg1);\n }, arguments) };\n imports.wbg.__wbg_get_67b2ba62fc30de12 = function() { return handleError(function (arg0, arg1) {\n const ret = Reflect.get(arg0, arg1);\n return ret;\n }, arguments) };\n imports.wbg.__wbg_get_b9b93047fe3cf45b = function(arg0, arg1) {\n const ret = arg0[arg1 >>> 0];\n return ret;\n };\n imports.wbg.__wbg_getwithrefkey_1dc361bd10053bfe = function(arg0, arg1) {\n const ret = arg0[arg1];\n return ret;\n };\n imports.wbg.__wbg_instanceof_ArrayBuffer_e14585432e3737fc = function(arg0) {\n let result;\n try {\n result = arg0 instanceof ArrayBuffer;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_instanceof_Map_f3469ce2244d2430 = function(arg0) {\n let result;\n try {\n result = arg0 instanceof Map;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_instanceof_MessagePort_17e6fe07f7e99f84 = function(arg0) {\n let result;\n try {\n result = arg0 instanceof MessagePort;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_instanceof_Uint8Array_17156bcf118086a9 = function(arg0) {\n let result;\n try {\n result = arg0 instanceof Uint8Array;\n } catch (_) {\n result = false;\n }\n const ret = result;\n return ret;\n };\n imports.wbg.__wbg_isArray_a1eab7e0d067391b = function(arg0) {\n const ret = Array.isArray(arg0);\n return ret;\n };\n imports.wbg.__wbg_isSafeInteger_343e2beeeece1bb0 = function(arg0) {\n const ret = Number.isSafeInteger(arg0);\n return ret;\n };\n imports.wbg.__wbg_iterator_9a24c88df860dc65 = function() {\n const ret = Symbol.iterator;\n return ret;\n };\n imports.wbg.__wbg_length_a446193dc22c12f8 = function(arg0) {\n const ret = arg0.length;\n return ret;\n };\n imports.wbg.__wbg_length_e2d2a49132c1b256 = function(arg0) {\n const ret = arg0.length;\n return ret;\n };\n imports.wbg.__wbg_msCrypto_a61aeb35a24c1329 = function(arg0) {\n const ret = arg0.msCrypto;\n return ret;\n };\n imports.wbg.__wbg_new_23a2665fac83c611 = function(arg0, arg1) {\n try {\n var state0 = {a: arg0, b: arg1};\n var cb0 = (arg0, arg1) => {\n const a = state0.a;\n state0.a = 0;\n try {\n return __wbg_adapter_483(a, state0.b, arg0, arg1);\n } finally {\n state0.a = a;\n }\n };\n const ret = new Promise(cb0);\n return ret;\n } finally {\n state0.a = state0.b = 0;\n }\n };\n imports.wbg.__wbg_new_405e22f390576ce2 = function() {\n const ret = new Object();\n return ret;\n };\n imports.wbg.__wbg_new_78feb108b6472713 = function() {\n const ret = new Array();\n return ret;\n };\n imports.wbg.__wbg_new_a12002a7f91c75be = function(arg0) {\n const ret = new Uint8Array(arg0);\n return ret;\n };\n imports.wbg.__wbg_newnoargs_105ed471475aaf50 = function(arg0, arg1) {\n const ret = new Function(getStringFromWasm0(arg0, arg1));\n return ret;\n };\n imports.wbg.__wbg_newwithbyteoffsetandlength_d97e637ebe145a9a = function(arg0, arg1, arg2) {\n const ret = new Uint8Array(arg0, arg1 >>> 0, arg2 >>> 0);\n return ret;\n };\n imports.wbg.__wbg_newwithlength_a381634e90c276d4 = function(arg0) {\n const ret = new Uint8Array(arg0 >>> 0);\n return ret;\n };\n imports.wbg.__wbg_next_25feadfc0913fea9 = function(arg0) {\n const ret = arg0.next;\n return ret;\n };\n imports.wbg.__wbg_next_6574e1a8a62d1055 = function() { return handleError(function (arg0) {\n const ret = arg0.next();\n return ret;\n }, arguments) };\n imports.wbg.__wbg_node_905d3e251edff8a2 = function(arg0) {\n const ret = arg0.node;\n return ret;\n };\n imports.wbg.__wbg_now_807e54c39636c349 = function() {\n const ret = Date.now();\n return ret;\n };\n imports.wbg.__wbg_parse_def2e24ef1252aff = function() { return handleError(function (arg0, arg1) {\n const ret = JSON.parse(getStringFromWasm0(arg0, arg1));\n return ret;\n }, arguments) };\n imports.wbg.__wbg_process_dc0fbacc7c1c06f7 = function(arg0) {\n const ret = arg0.process;\n return ret;\n };\n imports.wbg.__wbg_push_737cfc8c1432c2c6 = function(arg0, arg1) {\n const ret = arg0.push(arg1);\n return ret;\n };\n imports.wbg.__wbg_queueMicrotask_97d92b4fcc8a61c5 = function(arg0) {\n queueMicrotask(arg0);\n };\n imports.wbg.__wbg_queueMicrotask_d3219def82552485 = function(arg0) {\n const ret = arg0.queueMicrotask;\n return ret;\n };\n imports.wbg.__wbg_race_ace53f9902587e09 = function(arg0) {\n const ret = Promise.race(arg0);\n return ret;\n };\n imports.wbg.__wbg_randomFillSync_ac0988aba3254290 = function() { return handleError(function (arg0, arg1) {\n arg0.randomFillSync(arg1);\n }, arguments) };\n imports.wbg.__wbg_require_60cc747a6bc5215a = function() { return handleError(function () {\n const ret = module.require;\n return ret;\n }, arguments) };\n imports.wbg.__wbg_resolve_4851785c9c5f573d = function(arg0) {\n const ret = Promise.resolve(arg0);\n return ret;\n };\n imports.wbg.__wbg_sendProgressMessage_10ef7504101ae634 = function(arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) {\n sendProgressMessage(arg0 >>> 0, getStringFromWasm0(arg1, arg2), arg3 >>> 0, getStringFromWasm0(arg4, arg5), getStringFromWasm0(arg6, arg7), arg8, arg9);\n };\n imports.wbg.__wbg_set_37837023f3d740e8 = function(arg0, arg1, arg2) {\n arg0[arg1 >>> 0] = arg2;\n };\n imports.wbg.__wbg_set_3f1d0b984ed272ed = function(arg0, arg1, arg2) {\n arg0[arg1] = arg2;\n };\n imports.wbg.__wbg_set_65595bdd868b3009 = function(arg0, arg1, arg2) {\n arg0.set(arg1, arg2 >>> 0);\n };\n imports.wbg.__wbg_setonmessage_23d122da701b8ddb = function(arg0, arg1) {\n arg0.onmessage = arg1;\n };\n imports.wbg.__wbg_start_2c099369ce831bf1 = function(arg0) {\n arg0.start();\n };\n imports.wbg.__wbg_static_accessor_GLOBAL_88a902d13a557d07 = function() {\n const ret = typeof global === 'undefined' ? null : global;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_static_accessor_GLOBAL_THIS_56578be7e9f832b0 = function() {\n const ret = typeof globalThis === 'undefined' ? null : globalThis;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_static_accessor_SELF_37c5d418e4bf5819 = function() {\n const ret = typeof self === 'undefined' ? null : self;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_static_accessor_WINDOW_5de37043a91a9c40 = function() {\n const ret = typeof window === 'undefined' ? null : window;\n return isLikeNone(ret) ? 0 : addToExternrefTable0(ret);\n };\n imports.wbg.__wbg_subarray_aa9065fa9dc5df96 = function(arg0, arg1, arg2) {\n const ret = arg0.subarray(arg1 >>> 0, arg2 >>> 0);\n return ret;\n };\n imports.wbg.__wbg_then_44b73946d2fb3e7d = function(arg0, arg1) {\n const ret = arg0.then(arg1);\n return ret;\n };\n imports.wbg.__wbg_then_48b406749878a531 = function(arg0, arg1, arg2) {\n const ret = arg0.then(arg1, arg2);\n return ret;\n };\n imports.wbg.__wbg_value_cd1ffa7b1ab794f1 = function(arg0) {\n const ret = arg0.value;\n return ret;\n };\n imports.wbg.__wbg_versions_c01dfd4722a88165 = function(arg0) {\n const ret = arg0.versions;\n return ret;\n };\n imports.wbg.__wbg_wasmsignedtransaction_new = function(arg0) {\n const ret = WasmSignedTransaction.__wrap(arg0);\n return ret;\n };\n imports.wbg.__wbg_wasmsignedtransaction_unwrap = function(arg0) {\n const ret = WasmSignedTransaction.__unwrap(arg0);\n return ret;\n };\n imports.wbg.__wbindgen_as_number = function(arg0) {\n const ret = +arg0;\n return ret;\n };\n imports.wbg.__wbindgen_bigint_from_i64 = function(arg0) {\n const ret = arg0;\n return ret;\n };\n imports.wbg.__wbindgen_bigint_from_u64 = function(arg0) {\n const ret = BigInt.asUintN(64, arg0);\n return ret;\n };\n imports.wbg.__wbindgen_bigint_get_as_i64 = function(arg0, arg1) {\n const v = arg1;\n const ret = typeof(v) === 'bigint' ? v : undefined;\n getDataViewMemory0().setBigInt64(arg0 + 8 * 1, isLikeNone(ret) ? BigInt(0) : ret, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, !isLikeNone(ret), true);\n };\n imports.wbg.__wbindgen_boolean_get = function(arg0) {\n const v = arg0;\n const ret = typeof(v) === 'boolean' ? (v ? 1 : 0) : 2;\n return ret;\n };\n imports.wbg.__wbindgen_cb_drop = function(arg0) {\n const obj = arg0.original;\n if (obj.cnt-- == 1) {\n obj.a = 0;\n return true;\n }\n const ret = false;\n return ret;\n };\n imports.wbg.__wbindgen_closure_wrapper181 = function(arg0, arg1, arg2) {\n const ret = makeMutClosure(arg0, arg1, 8, __wbg_adapter_52);\n return ret;\n };\n imports.wbg.__wbindgen_closure_wrapper183 = function(arg0, arg1, arg2) {\n const ret = makeMutClosure(arg0, arg1, 8, __wbg_adapter_55);\n return ret;\n };\n imports.wbg.__wbindgen_closure_wrapper2154 = function(arg0, arg1, arg2) {\n const ret = makeMutClosure(arg0, arg1, 85, __wbg_adapter_52);\n return ret;\n };\n imports.wbg.__wbindgen_debug_string = function(arg0, arg1) {\n const ret = debugString(arg1);\n const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n const len1 = WASM_VECTOR_LEN;\n getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);\n };\n imports.wbg.__wbindgen_error_new = function(arg0, arg1) {\n const ret = new Error(getStringFromWasm0(arg0, arg1));\n return ret;\n };\n imports.wbg.__wbindgen_in = function(arg0, arg1) {\n const ret = arg0 in arg1;\n return ret;\n };\n imports.wbg.__wbindgen_init_externref_table = function() {\n const table = wasm.__wbindgen_export_4;\n const offset = table.grow(4);\n table.set(0, undefined);\n table.set(offset + 0, undefined);\n table.set(offset + 1, null);\n table.set(offset + 2, true);\n table.set(offset + 3, false);\n ;\n };\n imports.wbg.__wbindgen_is_bigint = function(arg0) {\n const ret = typeof(arg0) === 'bigint';\n return ret;\n };\n imports.wbg.__wbindgen_is_function = function(arg0) {\n const ret = typeof(arg0) === 'function';\n return ret;\n };\n imports.wbg.__wbindgen_is_object = function(arg0) {\n const val = arg0;\n const ret = typeof(val) === 'object' && val !== null;\n return ret;\n };\n imports.wbg.__wbindgen_is_string = function(arg0) {\n const ret = typeof(arg0) === 'string';\n return ret;\n };\n imports.wbg.__wbindgen_is_undefined = function(arg0) {\n const ret = arg0 === undefined;\n return ret;\n };\n imports.wbg.__wbindgen_jsval_eq = function(arg0, arg1) {\n const ret = arg0 === arg1;\n return ret;\n };\n imports.wbg.__wbindgen_jsval_loose_eq = function(arg0, arg1) {\n const ret = arg0 == arg1;\n return ret;\n };\n imports.wbg.__wbindgen_memory = function() {\n const ret = wasm.memory;\n return ret;\n };\n imports.wbg.__wbindgen_number_get = function(arg0, arg1) {\n const obj = arg1;\n const ret = typeof(obj) === 'number' ? obj : undefined;\n getDataViewMemory0().setFloat64(arg0 + 8 * 1, isLikeNone(ret) ? 0 : ret, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, !isLikeNone(ret), true);\n };\n imports.wbg.__wbindgen_number_new = function(arg0) {\n const ret = arg0;\n return ret;\n };\n imports.wbg.__wbindgen_string_get = function(arg0, arg1) {\n const obj = arg1;\n const ret = typeof(obj) === 'string' ? obj : undefined;\n var ptr1 = isLikeNone(ret) ? 0 : passStringToWasm0(ret, wasm.__wbindgen_malloc, wasm.__wbindgen_realloc);\n var len1 = WASM_VECTOR_LEN;\n getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);\n getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);\n };\n imports.wbg.__wbindgen_string_new = function(arg0, arg1) {\n const ret = getStringFromWasm0(arg0, arg1);\n return ret;\n };\n imports.wbg.__wbindgen_throw = function(arg0, arg1) {\n throw new Error(getStringFromWasm0(arg0, arg1));\n };\n\n return imports;\n}\n\nfunction __wbg_init_memory(imports, memory) {\n\n}\n\nfunction __wbg_finalize_init(instance, module) {\n wasm = instance.exports;\n __wbg_init.__wbindgen_wasm_module = module;\n cachedDataViewMemory0 = null;\n cachedUint8ArrayMemory0 = null;\n\n\n wasm.__wbindgen_start();\n return wasm;\n}\n\nfunction initSync(module) {\n if (wasm !== undefined) return wasm;\n\n\n if (typeof module !== 'undefined') {\n if (Object.getPrototypeOf(module) === Object.prototype) {\n ({module} = module)\n } else {\n console.warn('using deprecated parameters for `initSync()`; pass a single object instead')\n }\n }\n\n const imports = __wbg_get_imports();\n\n __wbg_init_memory(imports);\n\n if (!(module instanceof WebAssembly.Module)) {\n module = new WebAssembly.Module(module);\n }\n\n const instance = new WebAssembly.Instance(module, imports);\n\n return __wbg_finalize_init(instance, module);\n}\n\nasync function __wbg_init(module_or_path) {\n if (wasm !== undefined) return wasm;\n\n\n if (typeof module_or_path !== 'undefined') {\n if (Object.getPrototypeOf(module_or_path) === Object.prototype) {\n ({module_or_path} = module_or_path)\n } else {\n console.warn('using deprecated parameters for the initialization function; pass a single object instead')\n }\n }\n\n if (typeof module_or_path === 'undefined') {\n module_or_path = new URL('wasm_signer_worker_bg.wasm', import.meta.url);\n }\n const imports = __wbg_get_imports();\n\n if (typeof module_or_path === 'string' || (typeof Request === 'function' && module_or_path instanceof Request) || (typeof URL === 'function' && module_or_path instanceof URL)) {\n module_or_path = fetch(module_or_path);\n }\n\n __wbg_init_memory(imports);\n\n const { instance, module } = await __wbg_load(await module_or_path, imports);\n\n return __wbg_finalize_init(instance, module);\n}\n\nexport { initSync };\nexport default __wbg_init;\n","\n// === IMPORT AUTO-GENERATED WASM TYPES ===\n// These are the source of truth generated from Rust structs via wasm-bindgen\n// Import as instance types from the WASM module classes\nimport * as wasmModule from '../../wasm_signer_worker/pkg/wasm_signer_worker.js';\nimport { WorkerRequestType, WorkerResponseType } from '../../wasm_signer_worker/pkg/wasm_signer_worker.js';\nexport { WorkerRequestType, WorkerResponseType }; // Export the WASM enums directly\n\nimport { StripFree } from \"./index.js\";\nimport type { onProgressEvents } from \"./sdkSentEvents.js\";\nimport type { TransactionContext } from './rpc.js';\nimport type { VRFChallenge } from './vrf-worker.js';\nimport type { ActionArgsWasm } from './actions.js';\n\nexport type WasmTransaction = wasmModule.WasmTransaction;\nexport type WasmSignature = wasmModule.WasmSignature;\n\nexport interface TransactionPayload {\n nearAccountId: string;\n receiverId: string;\n actions: ActionArgsWasm[];\n}\nexport type RpcCallPayload = StripFree<wasmModule.RpcCallPayload>;\n/**\n * RPC call parameters for NEAR operations and VRF generation\n * Used to pass essential parameters for background operations\n * export interface RpcCallPayload {\n * contractId: string; // Web3Authn contract ID for verification\n * nearRpcUrl: string; // NEAR RPC endpoint URL\n * nearAccountId: string; // Account ID for VRF challenge generation\n * }\n */\n\nexport type WasmDeriveNearKeypairAndEncryptRequest = StripFree<wasmModule.DeriveNearKeypairAndEncryptRequest>;\nexport type WasmRecoverKeypairRequest = StripFree<wasmModule.RecoverKeypairRequest>;\nexport interface WasmSignTransactionsWithActionsRequest {\n rpcCall: RpcCallPayload;\n sessionId: string;\n createdAt?: number;\n decryption: StripFree<wasmModule.DecryptionPayload>;\n txSigningRequests: TransactionPayload[];\n intentDigest?: string;\n transactionContext?: TransactionContext;\n vrfChallenge?: VRFChallenge;\n credential?: string;\n}\nexport interface WasmSignDelegateActionRequest {\n rpcCall: RpcCallPayload;\n sessionId: string;\n createdAt?: number;\n decryption: StripFree<wasmModule.DecryptionPayload>;\n delegate: DelegatePayload;\n intentDigest?: string;\n transactionContext?: TransactionContext;\n credential?: string;\n}\nexport interface DelegatePayload {\n senderId: string;\n receiverId: string;\n actions: ActionArgsWasm[];\n nonce: string;\n maxBlockHeight: string;\n publicKey: string;\n}\nexport type WasmDecryptPrivateKeyRequest = StripFree<wasmModule.DecryptPrivateKeyRequest>;\nexport type WasmExtractCosePublicKeyRequest = StripFree<wasmModule.ExtractCoseRequest>;\nexport type WasmSignNep413MessageRequest = StripFree<wasmModule.SignNep413Request>;\nexport interface WasmSignTransactionWithKeyPairRequest {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n}\n// Combined Device2 registration handler (derive + sign in one step)\nexport type WasmRegisterDevice2WithDerivedKeyRequest = StripFree<wasmModule.RegisterDevice2WithDerivedKeyRequest>;\n\nexport type WasmRequestPayload = WasmDeriveNearKeypairAndEncryptRequest\n | WasmRecoverKeypairRequest\n | WasmSignTransactionsWithActionsRequest\n | WasmSignDelegateActionRequest\n | WasmDecryptPrivateKeyRequest\n | WasmExtractCosePublicKeyRequest\n | WasmSignNep413MessageRequest\n | WasmSignTransactionWithKeyPairRequest\n | WasmRegisterDevice2WithDerivedKeyRequest;\n\n// WASM Worker Response Types\nexport type WasmRecoverKeypairResult = InstanceType<typeof wasmModule.RecoverKeypairResult>;\nexport type WasmSignedTransaction = InstanceType<typeof wasmModule.WasmSignedTransaction>;\nexport type WasmSignedDelegate = wasmModule.WasmSignedDelegate;\nexport type WasmDelegateAction = wasmModule.WasmDelegateAction;\nexport type WasmTransactionSignResult = InstanceType<typeof wasmModule.TransactionSignResult>;\nexport type WasmDelegateSignResult = wasmModule.DelegateSignResult;\nexport type WasmDecryptPrivateKeyResult = InstanceType<typeof wasmModule.DecryptPrivateKeyResult>;\nexport type WasmDeriveNearKeypairAndEncryptResult = InstanceType<typeof wasmModule.DeriveNearKeypairAndEncryptResult>;\n// wasm-bindgen generates some classes with private constructors, which breaks\n// `InstanceType<typeof Class>`. Use the class name directly for the instance type.\nexport type WasmRegisterDevice2WithDerivedKeyResult = InstanceType<typeof wasmModule.RegisterDevice2WithDerivedKeyResult>;\n\n// === WORKER REQUEST TYPE MAPPING ===\n// Define the complete type mapping for each worker request\nexport interface WorkerRequestTypeMap {\n [WorkerRequestType.DeriveNearKeypairAndEncrypt]: {\n type: WorkerRequestType.DeriveNearKeypairAndEncrypt;\n request: WasmDeriveNearKeypairAndEncryptRequest;\n result: WasmDeriveNearKeypairAndEncryptResult;\n };\n [WorkerRequestType.RecoverKeypairFromPasskey]: {\n type: WorkerRequestType.RecoverKeypairFromPasskey;\n request: WasmRecoverKeypairRequest;\n result: WasmRecoverKeypairResult;\n };\n [WorkerRequestType.SignTransactionsWithActions]: {\n type: WorkerRequestType.SignTransactionsWithActions;\n request: WasmSignTransactionsWithActionsRequest;\n result: WasmTransactionSignResult;\n };\n [WorkerRequestType.SignDelegateAction]: {\n type: WorkerRequestType.SignDelegateAction;\n request: WasmSignDelegateActionRequest;\n result: WasmDelegateSignResult;\n };\n [WorkerRequestType.DecryptPrivateKeyWithPrf]: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf;\n request: WasmDecryptPrivateKeyRequest;\n result: WasmDecryptPrivateKeyResult;\n };\n [WorkerRequestType.ExtractCosePublicKey]: {\n type: WorkerRequestType.ExtractCosePublicKey;\n request: WasmExtractCosePublicKeyRequest;\n result: wasmModule.CoseExtractionResult;\n };\n [WorkerRequestType.SignTransactionWithKeyPair]: {\n type: WorkerRequestType.SignTransactionWithKeyPair;\n request: WasmSignTransactionWithKeyPairRequest;\n result: WasmTransactionSignResult;\n };\n [WorkerRequestType.SignNep413Message]: {\n type: WorkerRequestType.SignNep413Message;\n request: WasmSignNep413MessageRequest;\n result: wasmModule.SignNep413Result;\n };\n [WorkerRequestType.RegisterDevice2WithDerivedKey]: {\n type: WorkerRequestType.RegisterDevice2WithDerivedKey;\n request: WasmRegisterDevice2WithDerivedKeyRequest;\n result: WasmRegisterDevice2WithDerivedKeyResult;\n };\n}\n\n/**\n * Validation rules for ConfirmationConfig to ensure behavior conforms to UI mode:\n *\n * - uiMode: 'skip' → behavior is ignored, autoProceedDelay is ignored\n * - uiMode: 'modal' | 'drawer' → behavior: 'requireClick' | 'autoProceed', autoProceedDelay only used with 'autoProceed'\n *\n * The WASM worker automatically validates and overrides these settings:\n * - For 'skip' mode: behavior is set to 'autoProceed' with autoProceedDelay: 0\n * - For 'modal' and 'drawer' modes: behavior and autoProceedDelay are used as specified\n *\n * The actual type would be the following, but we use the flat interface for simplicity:\n * export interface ConfirmationConfig {\n * uiMode: 'skip' | 'modal' | 'drawer'\n *\n * }\n */\nexport type ConfirmationUIMode = 'skip' | 'modal' | 'drawer';\nexport type ConfirmationBehavior = 'requireClick' | 'autoProceed';\nexport interface ConfirmationConfig {\n /** Type of UI to display for confirmation: 'skip' | 'modal' | 'drawer' */\n uiMode: ConfirmationUIMode;\n /** How the confirmation UI behaves: 'requireClick' | 'autoProceed' */\n behavior: ConfirmationBehavior;\n /** Delay in milliseconds before auto-proceeding (only used with autoProceed) */\n autoProceedDelay?: number;\n /** Theme for the confirmation UI: 'dark' | 'light' */\n theme: 'dark' | 'light';\n}\n\nexport const DEFAULT_CONFIRMATION_CONFIG: ConfirmationConfig = {\n uiMode: 'modal',\n behavior: 'requireClick',\n autoProceedDelay: 0,\n theme: 'dark',\n};\n\n// WASM enum types for confirmation configuration\nexport type WasmConfirmationUIMode = wasmModule.ConfirmationUIMode;\nexport type WasmConfirmationBehavior = wasmModule.ConfirmationBehavior;\n\n// Mapping functions to convert string literals to numeric enum values\nexport const mapUIModeToWasm = (uiMode: ConfirmationUIMode): number => {\n switch (uiMode) {\n case 'skip': return wasmModule.ConfirmationUIMode.Skip;\n case 'modal': return wasmModule.ConfirmationUIMode.Modal;\n // Drawer now has a dedicated WASM enum variant\n case 'drawer': return (wasmModule as any).ConfirmationUIMode.Drawer ?? wasmModule.ConfirmationUIMode.Modal;\n default: return wasmModule.ConfirmationUIMode.Modal;\n }\n};\n\nexport const mapBehaviorToWasm = (behavior: ConfirmationBehavior): number => {\n switch (behavior) {\n case 'requireClick': return wasmModule.ConfirmationBehavior.RequireClick;\n case 'autoProceed': return wasmModule.ConfirmationBehavior.AutoProceed;\n default: return wasmModule.ConfirmationBehavior.RequireClick;\n }\n};\nexport type WasmRequestResult = WasmRecoverKeypairResult\n | WasmSignedTransaction\n | WasmSignedDelegate\n | WasmTransactionSignResult\n | WasmDelegateSignResult\n | WasmDecryptPrivateKeyResult\n\nexport interface SignerWorkerMessage<T extends WorkerRequestType, R extends WasmRequestPayload> {\n type: T;\n payload: R;\n}\n\n/**\n * =============================\n * Worker Progress Message Types\n * =============================\n *\n * 1. PROGRESS MESSAGES (During Operation):\n * Rust WASM → send_typed_progress_message() → TypeScript sendProgressMessage() → postMessage() → Main Thread\n * - Used for real-time updates during long operations\n * - Multiple progress messages can be sent per operation\n * - Does not affect the final result\n * - Types: ProgressMessageType, ProgressStep, ProgressStatus (auto-generated from Rust)\n *\n * 2. FINAL RESULTS (Operation Complete):\n * Rust WASM → return value from handle_signer_message() → TypeScript worker → postMessage() → Main Thread\n * - Contains the actual operation result (success/error)\n * - Only one result message per operation\n * - This is what the main thread awaits for completion\n */\n\n// === PROGRESS MESSAGE TYPES ===\n\n// Basic interface for development - actual types are auto-generated from Rust\nexport type ProgressMessage = wasmModule.WorkerProgressMessage;\n\n// Type guard for basic progress message validation during development\nexport function isProgressMessage(obj: unknown): obj is ProgressMessage {\n return (\n typeof obj === 'object' &&\n obj !== null &&\n typeof (obj as { message_type?: unknown }).message_type === 'string' &&\n typeof (obj as { step?: unknown }).step === 'string' &&\n typeof (obj as { message?: unknown }).message === 'string' &&\n typeof (obj as { status?: unknown }).status === 'string'\n );\n}\n\nexport enum ProgressMessageType {\n REGISTRATION_PROGRESS = 'REGISTRATION_PROGRESS',\n REGISTRATION_COMPLETE = 'REGISTRATION_COMPLETE',\n EXECUTE_ACTIONS_PROGRESS = 'EXECUTE_ACTIONS_PROGRESS',\n EXECUTE_ACTIONS_COMPLETE = 'EXECUTE_ACTIONS_COMPLETE',\n}\n\n// Step identifiers for progress tracking\n// This enum exactly matches the Rust WASM ProgressStep enum from:\n// packages/passkey/src/wasm_signer_worker/src/types/progress.rs\n// The string values come from the progress_step_name() function in that file\nexport enum ProgressStep {\n PREPARATION = 'preparation', // Rust: Preparation\n WEBAUTHN_AUTHENTICATION = 'webauthn-authentication', // Rust: WebauthnAuthentication\n AUTHENTICATION_COMPLETE = 'authentication-complete', // Rust: AuthenticationComplete\n TRANSACTION_SIGNING_PROGRESS = 'transaction-signing-progress', // Rust: TransactionSigningProgress\n TRANSACTION_SIGNING_COMPLETE = 'transaction-signing-complete', // Rust: TransactionSigningComplete\n ERROR = 'error', // Rust: Error\n}\n\nexport interface ProgressStepMap {\n [wasmModule.ProgressStep.Preparation]: ProgressStep.PREPARATION;\n [wasmModule.ProgressStep.WebauthnAuthentication]: ProgressStep.WEBAUTHN_AUTHENTICATION;\n [wasmModule.ProgressStep.AuthenticationComplete]: ProgressStep.AUTHENTICATION_COMPLETE;\n [wasmModule.ProgressStep.TransactionSigningProgress]: ProgressStep.TRANSACTION_SIGNING_PROGRESS;\n [wasmModule.ProgressStep.TransactionSigningComplete]: ProgressStep.TRANSACTION_SIGNING_COMPLETE;\n [wasmModule.ProgressStep.Error]: ProgressStep.ERROR;\n}\n\n// === RESPONSE MESSAGE INTERFACES ===\n\n// Base interface for all worker responses\nexport interface BaseWorkerResponse {\n type: WorkerResponseType;\n payload: unknown;\n}\n\n// Map request types to their expected success response payloads (WASM types)\nexport interface RequestResponseMap {\n [WorkerRequestType.DeriveNearKeypairAndEncrypt]: WasmDeriveNearKeypairAndEncryptResult;\n [WorkerRequestType.RecoverKeypairFromPasskey]: WasmRecoverKeypairResult;\n [WorkerRequestType.DecryptPrivateKeyWithPrf]: WasmDecryptPrivateKeyResult;\n [WorkerRequestType.SignTransactionsWithActions]: WasmTransactionSignResult;\n [WorkerRequestType.SignDelegateAction]: WasmDelegateSignResult;\n [WorkerRequestType.ExtractCosePublicKey]: wasmModule.CoseExtractionResult;\n [WorkerRequestType.SignTransactionWithKeyPair]: WasmTransactionSignResult;\n [WorkerRequestType.SignNep413Message]: wasmModule.SignNep413Result;\n [WorkerRequestType.RegisterDevice2WithDerivedKey]: WasmRegisterDevice2WithDerivedKeyResult;\n}\n\n// Generic success response type that uses WASM types\nexport interface WorkerSuccessResponse<T extends WorkerRequestType> extends BaseWorkerResponse {\n type: WorkerResponseType;\n payload: RequestResponseMap[T];\n}\n\n// Generic error response type\nexport interface WorkerErrorResponse extends BaseWorkerResponse {\n type: WorkerResponseType;\n payload: {\n error: string;\n errorCode?: WorkerErrorCode;\n context?: Record<string, unknown>;\n };\n}\n\nexport enum WorkerErrorCode {\n WASM_INIT_FAILED = 'WASM_INIT_FAILED',\n INVALID_REQUEST = 'INVALID_REQUEST',\n TIMEOUT = 'TIMEOUT',\n ENCRYPTION_FAILED = 'ENCRYPTION_FAILED',\n DECRYPTION_FAILED = 'DECRYPTION_FAILED',\n SIGNING_FAILED = 'SIGNING_FAILED',\n STORAGE_FAILED = 'STORAGE_FAILED',\n UNKNOWN_ERROR = 'UNKNOWN_ERROR',\n}\n\nexport interface WorkerProgressResponse extends BaseWorkerResponse {\n type: WorkerResponseType;\n payload: onProgressEvents\n}\n\n// === MAIN RESPONSE TYPE ===\n\ntype RequestTypeKey = keyof RequestResponseMap;\n\nexport type WorkerResponseForRequest<T extends RequestTypeKey> =\n | WorkerSuccessResponse<T>\n | WorkerErrorResponse\n | WorkerProgressResponse;\n\n// === CONVENIENCE TYPE ALIASES ===\n\nexport type EncryptionResponse = WorkerResponseForRequest<typeof WorkerRequestType.DeriveNearKeypairAndEncrypt>;\nexport type RecoveryResponse = WorkerResponseForRequest<typeof WorkerRequestType.RecoverKeypairFromPasskey>;\nexport type TransactionResponse = WorkerResponseForRequest<typeof WorkerRequestType.SignTransactionsWithActions>;\nexport type DelegateSignResponse = WorkerResponseForRequest<typeof WorkerRequestType.SignDelegateAction>;\nexport type DecryptionResponse = WorkerResponseForRequest<typeof WorkerRequestType.DecryptPrivateKeyWithPrf>;\nexport type CoseExtractionResponse = WorkerResponseForRequest<typeof WorkerRequestType.ExtractCosePublicKey>;\nexport type Nep413SigningResponse = WorkerResponseForRequest<typeof WorkerRequestType.SignNep413Message>;\n\n// === TYPE GUARDS FOR GENERIC RESPONSES ===\n\nexport function isWorkerProgress<T extends RequestTypeKey>(\n response: WorkerResponseForRequest<T>\n): response is WorkerProgressResponse {\n return (\n response.type === WorkerResponseType.RegistrationProgress ||\n response.type === WorkerResponseType.RegistrationComplete ||\n response.type === WorkerResponseType.ExecuteActionsProgress ||\n response.type === WorkerResponseType.ExecuteActionsComplete\n );\n}\n\nexport function isWorkerSuccess<T extends RequestTypeKey>(\n response: WorkerResponseForRequest<T>\n): response is WorkerSuccessResponse<T> {\n return (\n response.type === WorkerResponseType.DeriveNearKeypairAndEncryptSuccess ||\n response.type === WorkerResponseType.RecoverKeypairFromPasskeySuccess ||\n response.type === WorkerResponseType.DecryptPrivateKeyWithPrfSuccess ||\n response.type === WorkerResponseType.SignTransactionsWithActionsSuccess ||\n response.type === WorkerResponseType.SignDelegateActionSuccess ||\n response.type === WorkerResponseType.ExtractCosePublicKeySuccess ||\n response.type === WorkerResponseType.SignTransactionWithKeyPairSuccess ||\n response.type === WorkerResponseType.SignNep413MessageSuccess ||\n response.type === WorkerResponseType.RegisterDevice2WithDerivedKeySuccess\n );\n}\n\nexport function isWorkerError<T extends RequestTypeKey>(\n response: WorkerResponseForRequest<T>\n): response is WorkerErrorResponse {\n return (\n response.type === WorkerResponseType.DeriveNearKeypairAndEncryptFailure ||\n response.type === WorkerResponseType.RecoverKeypairFromPasskeyFailure ||\n response.type === WorkerResponseType.DecryptPrivateKeyWithPrfFailure ||\n response.type === WorkerResponseType.SignTransactionsWithActionsFailure ||\n response.type === WorkerResponseType.SignDelegateActionFailure ||\n response.type === WorkerResponseType.ExtractCosePublicKeyFailure ||\n response.type === WorkerResponseType.SignTransactionWithKeyPairFailure ||\n response.type === WorkerResponseType.SignNep413MessageFailure ||\n response.type === WorkerResponseType.RegisterDevice2WithDerivedKeyFailure\n );\n}\n\n// === SPECIFIC TYPE GUARDS FOR COMMON OPERATIONS ===\n\nexport function isDeriveNearKeypairAndEncryptSuccess(response: EncryptionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.DeriveNearKeypairAndEncrypt> {\n return response.type === WorkerResponseType.DeriveNearKeypairAndEncryptSuccess;\n}\n\nexport function isRecoverKeypairFromPasskeySuccess(response: RecoveryResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.RecoverKeypairFromPasskey> {\n return response.type === WorkerResponseType.RecoverKeypairFromPasskeySuccess;\n}\n\nexport function isSignTransactionsWithActionsSuccess(response: TransactionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.SignTransactionsWithActions> {\n return response.type === WorkerResponseType.SignTransactionsWithActionsSuccess;\n}\n\nexport function isSignDelegateActionSuccess(response: DelegateSignResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.SignDelegateAction> {\n return response.type === WorkerResponseType.SignDelegateActionSuccess;\n}\n\nexport function isDecryptPrivateKeyWithPrfSuccess(response: DecryptionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.DecryptPrivateKeyWithPrf> {\n return response.type === WorkerResponseType.DecryptPrivateKeyWithPrfSuccess;\n}\n\nexport function isExtractCosePublicKeySuccess(response: CoseExtractionResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.ExtractCosePublicKey> {\n return response.type === WorkerResponseType.ExtractCosePublicKeySuccess;\n}\n\nexport function isSignNep413MessageSuccess(response: Nep413SigningResponse): response is WorkerSuccessResponse<typeof WorkerRequestType.SignNep413Message> {\n return response.type === WorkerResponseType.SignNep413MessageSuccess;\n}\n\nexport function isRegisterDevice2WithDerivedKeySuccess(\n response: WorkerResponseForRequest<typeof WorkerRequestType.RegisterDevice2WithDerivedKey>\n): response is WorkerSuccessResponse<typeof WorkerRequestType.RegisterDevice2WithDerivedKey> {\n return response.type === WorkerResponseType.RegisterDevice2WithDerivedKeySuccess;\n}\n","import { openDB, type IDBPDatabase } from 'idb';\nimport { type ValidationResult, validateNearAccountId } from '../../utils/validation';\nimport type { AccountId } from '../types/accountIds';\nimport { toAccountId } from '../types/accountIds';\nimport { ConfirmationConfig, DEFAULT_CONFIRMATION_CONFIG } from '../types/signer-worker'\n\n\nexport interface ClientUserData {\n // Primary key - now uses AccountId + deviceNumber for unique identification\n nearAccountId: AccountId;\n deviceNumber: number; // Device number for multi-device support (1-indexed)\n version?: number;\n\n // User metadata\n registeredAt?: number;\n lastLogin?: number;\n lastUpdated?: number;\n\n // WebAuthn/Passkey data (merged from WebAuthnManager)\n clientNearPublicKey: string;\n passkeyCredential: {\n id: string;\n rawId: string;\n };\n\n // VRF credentials for stateless authentication\n encryptedVrfKeypair: {\n encryptedVrfDataB64u: string;\n chacha20NonceB64u: string;\n };\n // Server-assisted auto-login (VRF key session): Shamir 3-pass fields\n // Stores relayer-blinded KEK and the VRF ciphertext; server never sees plaintext VRF or KEK\n serverEncryptedVrfKeypair?: {\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n // Metadata for proactive refresh\n serverKeyId: string;\n updatedAt?: number;\n };\n\n // User preferences\n preferences?: UserPreferences;\n}\n\nexport type StoreUserDataInput = Omit<ClientUserData, 'deviceNumber' | 'lastLogin' | 'registeredAt'>\n & {\n deviceNumber?: number;\n serverEncryptedVrfKeypair?: ClientUserData['serverEncryptedVrfKeypair'];\n version?: number;\n };\n\nexport type StoreWebAuthnUserDataInput = {\n nearAccountId: AccountId;\n deviceNumber: number;\n clientNearPublicKey: string;\n lastUpdated?: number;\n version?: number;\n passkeyCredential: ClientUserData['passkeyCredential'];\n encryptedVrfKeypair: ClientUserData['encryptedVrfKeypair'];\n serverEncryptedVrfKeypair?: ClientUserData['serverEncryptedVrfKeypair'];\n};\n\nexport interface UserPreferences {\n useRelayer: boolean;\n useNetwork: 'testnet' | 'mainnet';\n confirmationConfig: ConfirmationConfig;\n // User preferences can be extended here as needed\n}\n\n// Authenticator cache\nexport interface ClientAuthenticatorData {\n credentialId: string;\n credentialPublicKey: Uint8Array;\n transports?: string[]; // AuthenticatorTransport[]\n name?: string;\n nearAccountId: AccountId; // FK reference using AccountId\n deviceNumber: number; // Device number for this authenticator (1-indexed)\n registered: string; // ISO date string\n syncedAt: string; // When this cache entry was last synced with contract\n vrfPublicKey: string; // Base64-encoded VRF public key (1:1 relationship on client)\n}\n\ninterface AppStateEntry<T = unknown> {\n key: string;\n value: T;\n}\n\n// Internal helper: legacy user records may be missing deviceNumber.\ntype ClientUserDataWithOptionalDevice =\n | ClientUserData\n | (Omit<ClientUserData, 'deviceNumber'> & { deviceNumber?: number });\n\n// Special type for lastUserAccountId app state entry\nexport interface LastUserAccountIdState {\n accountId: AccountId;\n deviceNumber: number;\n}\n\ninterface PasskeyClientDBConfig {\n dbName: string;\n dbVersion: number;\n userStore: string;\n appStateStore: string;\n authenticatorStore: string;\n derivedAddressStore: string;\n recoveryEmailStore: string;\n}\n\n// === CONSTANTS ===\nconst DB_CONFIG: PasskeyClientDBConfig = {\n dbName: 'PasskeyClientDB',\n dbVersion: 15, // v15: add recoveryEmails store\n userStore: 'users',\n appStateStore: 'appState',\n authenticatorStore: 'authenticators',\n derivedAddressStore: 'derivedAddresses',\n recoveryEmailStore: 'recoveryEmails'\n} as const;\n\nexport interface IndexedDBEvent {\n type: 'user-updated' | 'preferences-updated' | 'user-deleted';\n accountId: AccountId;\n data?: Record<string, unknown>;\n}\n\n// Persisted mapping of derived (e.g., EVM) addresses tied to an account\n/**\n * Persisted mapping of derived (e.g., EVM/Solana/Zcash) addresses tied to an account.\n *\n * Notes on multi-chain support:\n * - The composite primary key is [nearAccountId, contractId, path]. To support\n * different chains and chain IDs, encode them in the `path` string, e.g.:\n * - EVM: `evm:<chainId>:<derivationPath>` → `evm:84532:ethereum-1`\n * - Solana: `solana:<derivationPath>`\n * - Zcash: `zcash:<derivationPath>`\n * - Additional descriptive fields like `namespace` and `chainRef` are optional metadata\n * and are not part of the key.\n */\nexport interface DerivedAddressRecord {\n nearAccountId: AccountId;\n contractId: string; // MPC/Derivation contract on NEAR\n path: string; // Composite path (may include namespace/chainId); see docs above\n address: string; // Derived address (e.g., 0x...)\n updatedAt: number;\n // Optional metadata (not used in the key)\n namespace?: string; // e.g., 'evm', 'solana', 'zcash'\n chainRef?: string; // e.g., chainId '84532' or a named network slug\n}\n\n/**\n * Persisted mapping of recovery email hashes to canonical email addresses for an account.\n *\n * Notes:\n * - Composite primary key is [nearAccountId, hashHex].\n * - `hashHex` is the 0x-prefixed hex encoding of the 32-byte hash:\n * SHA256(canonical_email || \"|\" || account_id)\n * - `email` is the canonical form: \"local@domain\", lowercased.\n */\nexport interface RecoveryEmailRecord {\n nearAccountId: AccountId;\n hashHex: string;\n email: string;\n addedAt: number;\n}\n\nexport class PasskeyClientDBManager {\n private config: PasskeyClientDBConfig;\n private db: IDBPDatabase | null = null;\n private disabled = false;\n private eventListeners: Set<(event: IndexedDBEvent) => void> = new Set();\n\n constructor(config: PasskeyClientDBConfig = DB_CONFIG) {\n this.config = config;\n }\n\n getDbName(): string {\n return this.config.dbName;\n }\n\n setDbName(dbName: string): void {\n const next = String(dbName || '').trim();\n if (!next || next === this.config.dbName) return;\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n this.config = { ...this.config, dbName: next };\n }\n\n isDisabled(): boolean {\n return this.disabled;\n }\n\n setDisabled(disabled: boolean): void {\n const next = !!disabled;\n if (next === this.disabled) return;\n this.disabled = next;\n if (next) {\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n }\n }\n\n // === EVENT SYSTEM ===\n\n onChange(listener: (event: IndexedDBEvent) => void): () => void {\n this.eventListeners.add(listener);\n return () => {\n this.eventListeners.delete(listener);\n };\n }\n\n private emitEvent(event: IndexedDBEvent): void {\n this.eventListeners.forEach(listener => {\n try {\n listener(event);\n } catch (error) {\n console.warn('[IndexedDBManager]: Error in event listener:', error);\n }\n });\n }\n\n private async getDB(): Promise<IDBPDatabase> {\n if (this.disabled) {\n throw new Error('[PasskeyClientDBManager] IndexedDB is disabled in this environment.');\n }\n if (this.db) {\n return this.db;\n }\n\n try {\n this.db = await openDB(this.config.dbName, this.config.dbVersion, {\n upgrade: (db, oldVersion, _newVersion, _transaction): void => {\n // Create stores if they don't exist\n if (!db.objectStoreNames.contains(DB_CONFIG.userStore)) {\n // Users table: composite key of [nearAccountId, deviceNumber]\n const userStore = db.createObjectStore(DB_CONFIG.userStore, { keyPath: ['nearAccountId', 'deviceNumber'] });\n userStore.createIndex('nearAccountId', 'nearAccountId', { unique: false });\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.appStateStore)) {\n db.createObjectStore(DB_CONFIG.appStateStore, { keyPath: 'key' });\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.authenticatorStore)) {\n // Authenticators table: composite key of [nearAccountId, deviceNumber, credentialId]\n const authStore = db.createObjectStore(DB_CONFIG.authenticatorStore, { keyPath: ['nearAccountId', 'deviceNumber', 'credentialId'] });\n authStore.createIndex('nearAccountId', 'nearAccountId', { unique: false });\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.derivedAddressStore)) {\n // Derived addresses: composite key of [nearAccountId, contractId, path]\n const dStore = db.createObjectStore(DB_CONFIG.derivedAddressStore, { keyPath: ['nearAccountId', 'contractId', 'path'] });\n try { dStore.createIndex('nearAccountId', 'nearAccountId', { unique: false }); } catch {}\n }\n if (!db.objectStoreNames.contains(DB_CONFIG.recoveryEmailStore)) {\n // Recovery emails: composite key of [nearAccountId, hashHex]\n const rStore = db.createObjectStore(DB_CONFIG.recoveryEmailStore, { keyPath: ['nearAccountId', 'hashHex'] });\n try { rStore.createIndex('nearAccountId', 'nearAccountId', { unique: false }); } catch {}\n }\n },\n blocked() {\n console.warn('PasskeyClientDB connection is blocked.');\n },\n blocking() {\n console.warn('PasskeyClientDB connection is blocking another connection.');\n },\n terminated: () => {\n console.warn('PasskeyClientDB connection has been terminated.');\n this.db = null;\n },\n });\n\n // Post-open migrations (non-blocking)\n try { await this.runMigrationsIfNeeded(this.db); } catch {}\n\n } catch (err: any) {\n const msg = String(err?.message || '');\n if (err?.name === 'VersionError' || /less than the existing version/i.test(msg)) {\n // Mixed-version contexts (host/app) — open without version to adopt existing DB\n try {\n console.warn('PasskeyClientDB: opening existing DB without version due to VersionError');\n this.db = await openDB(this.config.dbName);\n } catch (e) {\n throw err;\n }\n } else {\n throw err;\n }\n }\n\n return this.db;\n }\n\n private async runMigrationsIfNeeded(_db: IDBPDatabase): Promise<void> {\n return;\n }\n\n // === APP STATE METHODS ===\n\n async getAppState<T = unknown>(key: string): Promise<T | undefined> {\n const db = await this.getDB();\n const result = await db.get(DB_CONFIG.appStateStore, key);\n return result?.value as T | undefined;\n }\n\n async setAppState<T = unknown>(key: string, value: T): Promise<void> {\n const db = await this.getDB();\n const entry: AppStateEntry<T> = { key, value };\n await db.put(DB_CONFIG.appStateStore, entry);\n }\n\n // === ACCOUNT ID VALIDATION AND UTILITIES ===\n\n /**\n * Validate that a NEAR account ID is in the expected format\n * Supports both <username>.<relayerAccountId> and <username>.testnet formats\n */\n validateNearAccountId(nearAccountId: AccountId): ValidationResult {\n return validateNearAccountId(nearAccountId);\n }\n\n /**\n * Extract username from NEAR account ID\n */\n extractUsername(nearAccountId: AccountId): string {\n const validation = validateNearAccountId(nearAccountId);\n if (!validation.valid) {\n throw new Error(`Invalid NEAR account ID: ${validation.error}`);\n }\n return nearAccountId.split('.')[0];\n }\n\n /**\n * Generate a NEAR account ID from a username and domain\n * @param username - The username to use for the account ID\n * @param domain - The domain to use for the account ID\n * @returns The generated NEAR account ID\n */\n generateNearAccountId(username: string, domain: string): string {\n const sanitizedName = username\n .toLowerCase()\n .replace(/[^a-z0-9_\\\\-]/g, '')\n .substring(0, 32);\n return `${sanitizedName}.${domain}`;\n }\n\n // === USER MANAGEMENT METHODS ===\n\n async getUser(nearAccountId: AccountId, deviceNumber?: number): Promise<ClientUserData | null> {\n if (!nearAccountId) return null;\n\n const validation = this.validateNearAccountId(nearAccountId);\n if (!validation.valid) {\n console.warn(`Invalid account ID format: ${nearAccountId}`);\n return null;\n }\n\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n\n if (typeof deviceNumber === 'number') {\n const rec = await db.get(DB_CONFIG.userStore, [accountId, deviceNumber]);\n if (!rec) return null;\n return await this.normalizeUserDeviceNumber(rec as ClientUserDataWithOptionalDevice, deviceNumber);\n }\n\n const index = db.transaction(DB_CONFIG.userStore).store.index('nearAccountId');\n const results = await index.getAll(accountId);\n if (results.length === 0) {\n return null;\n }\n\n if (results.length > 1) {\n console.warn(\n `Multiple passkeys found for account ${accountId}, deviceNumber not provided; ` +\n 'defaulting to last logged-in user.'\n );\n console.log('defaulting to last used user deviceNumber');\n const lastUserState = await this.getAppState<LastUserAccountIdState>('lastUserAccountId').catch(() => null);\n if (lastUserState && toAccountId(lastUserState.accountId) === accountId) {\n const keyed = await db.get(DB_CONFIG.userStore, [accountId, lastUserState.deviceNumber]);\n if (keyed) {\n return await this.normalizeUserDeviceNumber(\n keyed as ClientUserDataWithOptionalDevice,\n lastUserState.deviceNumber\n );\n }\n }\n }\n\n const first = results[0] as ClientUserDataWithOptionalDevice;\n if (!first) return null;\n return await this.normalizeUserDeviceNumber(first, 1);\n }\n\n /**\n * Get the current/last user\n * This is maintained via app state and updated whenever a user is stored or updated\n */\n async getLastUser(): Promise<ClientUserData | null> {\n const lastUserState = await this.getAppState<LastUserAccountIdState>('lastUserAccountId');\n if (!lastUserState) return null;\n const db = await this.getDB();\n const accountId = toAccountId(lastUserState.accountId);\n // Prefer exact device match using composite primary key\n const record = await db.get(DB_CONFIG.userStore, [accountId, lastUserState.deviceNumber]);\n if (record) return record as ClientUserData;\n // Fallback: return any user for account\n return this.getUser(accountId);\n }\n\n /** Get user record by composite key (nearAccountId, deviceNumber) */\n async getUserByDevice(nearAccountId: AccountId, deviceNumber: number): Promise<ClientUserData | null> {\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n const rec = await db.get(DB_CONFIG.userStore, [accountId, deviceNumber]);\n return rec as ClientUserData || null;\n }\n\n /**\n * Get the most recently updated user record for a given account.\n * Useful when deviceNumber is unknown but we need the freshest key for the account.\n */\n /**\n * Get the most recently updated user record for a given account.\n * Useful when deviceNumber is unknown but we need the freshest key for the account.\n */\n async getLastDBUpdatedUser(nearAccountId: AccountId): Promise<ClientUserData | null> {\n const db = await this.getDB();\n try {\n const idx = db.transaction(DB_CONFIG.userStore).store.index('nearAccountId');\n const all = await idx.getAll(toAccountId(nearAccountId));\n if (Array.isArray(all) && all.length > 0) {\n const latest = (all as ClientUserData[]).reduce((a, b) =>\n (a.lastUpdated ?? 0) >= (b.lastUpdated ?? 0) ? a : b\n );\n return latest;\n }\n } catch {\n // fall through\n }\n return null;\n }\n\n async hasPasskeyCredential(nearAccountId: AccountId): Promise<boolean> {\n const authenticators = await this.getAuthenticatorsByUser(nearAccountId);\n return !!authenticators[0]?.credentialId;\n }\n\n /**\n * Ensure the current passkey selection is aligned with the last logged-in device.\n *\n * - When multiple authenticators exist for an account and no deviceNumber is specified,\n * this helper prefers authenticators whose deviceNumber matches the last logged-in user.\n * - Optionally validates that a selected credential (by rawId) also matches the last-user device.\n *\n * @param nearAccountId - Account ID for which the operation is being performed\n * @param authenticators - All authenticators stored for the account\n * @param selectedCredentialRawId - Optional rawId of the credential chosen by WebAuthn\n * @returns filtered authenticators for allowCredentials, plus optional wrongPasskeyError\n */\n async ensureCurrentPasskey(\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n selectedCredentialRawId?: string,\n ): Promise<{\n authenticatorsForPrompt: ClientAuthenticatorData[];\n wrongPasskeyError?: string;\n }> {\n if (authenticators.length <= 1) {\n return { authenticatorsForPrompt: authenticators };\n }\n\n const accountIdNormalized = toAccountId(nearAccountId);\n const lastUser = await this.getLastUser().catch(() => null);\n if (!lastUser || lastUser.nearAccountId !== accountIdNormalized) {\n return { authenticatorsForPrompt: authenticators };\n }\n\n const expectedDeviceNumber = lastUser.deviceNumber;\n const byDeviceNumber = authenticators.filter(a => a.deviceNumber === expectedDeviceNumber);\n\n // Prefer the credentialId for the last-user deviceNumber; use the stored last-user rawId\n // only when it matches an authenticator for that device (or when we have no device match).\n let expectedCredentialId = lastUser.passkeyCredential.rawId;\n if (byDeviceNumber.length > 0 && !byDeviceNumber.some(a => a.credentialId === expectedCredentialId)) {\n expectedCredentialId = byDeviceNumber[0].credentialId;\n }\n\n // Preference: restrict allowCredentials to the last-user credentialId.\n // Fallback: if the local authenticator cache is missing that entry, prefer the last-user deviceNumber.\n const byCredentialId = authenticators.filter(a => a.credentialId === expectedCredentialId);\n const authenticatorsForPrompt =\n byCredentialId.length > 0\n ? byCredentialId\n : (byDeviceNumber.length > 0 ? byDeviceNumber : authenticators);\n\n const wrongPasskeyError =\n selectedCredentialRawId && selectedCredentialRawId !== expectedCredentialId\n ? (\n `You have multiple passkeys (deviceNumbers) for account ${accountIdNormalized}, ` +\n 'but used a different passkey than the most recently logged-in one. Please use the passkey for the most recently logged-in device.'\n )\n : undefined;\n\n return { authenticatorsForPrompt, wrongPasskeyError };\n }\n\n /**\n * Register a new user with the given NEAR account ID\n * @param nearAccountId - Full NEAR account ID (e.g., \"username.testnet\" or \"username.relayer.testnet\")\n * @param additionalData - Additional user data to store\n */\n async registerUser(storeUserData: StoreUserDataInput): Promise<ClientUserData> {\n\n const validation = this.validateNearAccountId(storeUserData.nearAccountId);\n if (!validation.valid) {\n throw new Error(`Cannot register user with invalid account ID: ${validation.error}`);\n }\n\n const now = Date.now();\n\n const userData: ClientUserData = {\n nearAccountId: toAccountId(storeUserData.nearAccountId),\n deviceNumber: storeUserData.deviceNumber || 1, // Default to device 1 (1-indexed)\n version: storeUserData.version || 2,\n registeredAt: now,\n lastLogin: now,\n lastUpdated: now,\n clientNearPublicKey: storeUserData.clientNearPublicKey,\n passkeyCredential: storeUserData.passkeyCredential,\n preferences: {\n useRelayer: false,\n useNetwork: 'testnet',\n confirmationConfig: DEFAULT_CONFIRMATION_CONFIG,\n // Default preferences can be set here\n },\n encryptedVrfKeypair: storeUserData.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: storeUserData.serverEncryptedVrfKeypair,\n };\n\n await this.storeUser(userData);\n return userData;\n }\n\n async updateUser(nearAccountId: AccountId, updates: Partial<ClientUserData>): Promise<void> {\n const user = await this.getUser(nearAccountId);\n if (user) {\n const updatedUser = {\n ...user,\n ...updates,\n lastUpdated: Date.now()\n };\n await this.storeUser(updatedUser); // This will update the app state lastUserAccountId\n\n // Emit event for user updates\n this.emitEvent({\n type: 'user-updated',\n accountId: nearAccountId,\n data: { updates, updatedUser }\n });\n }\n }\n\n async updateLastLogin(nearAccountId: AccountId): Promise<void> {\n await this.updateUser(nearAccountId, { lastLogin: Date.now() });\n }\n\n /**\n * Set the last logged-in user\n * @param nearAccountId - The account ID of the user\n * @param deviceNumber - The device number (defaults to 1)\n */\n async setLastUser(nearAccountId: AccountId, deviceNumber: number = 1): Promise<void> {\n const lastUserState: LastUserAccountIdState = {\n accountId: nearAccountId,\n deviceNumber,\n };\n await this.setAppState('lastUserAccountId', lastUserState);\n }\n\n async updatePreferences(\n nearAccountId: AccountId,\n preferences: Partial<UserPreferences>\n ): Promise<void> {\n const user = await this.getUser(nearAccountId);\n if (user) {\n const updatedPreferences = {\n ...user.preferences,\n ...preferences\n } as UserPreferences;\n await this.updateUser(nearAccountId, { preferences: updatedPreferences });\n\n // Emit event for preference changes\n this.emitEvent({\n type: 'preferences-updated',\n accountId: nearAccountId,\n data: { preferences: updatedPreferences }\n });\n }\n }\n\n private async normalizeUserDeviceNumber(\n user: ClientUserDataWithOptionalDevice,\n defaultDeviceNumber: number\n ): Promise<ClientUserData> {\n const hasValidDevice =\n typeof user.deviceNumber === 'number' && Number.isFinite(user.deviceNumber);\n if (hasValidDevice) {\n return user as ClientUserData;\n }\n\n const deviceNumber = defaultDeviceNumber;\n const fixed: ClientUserData = {\n ...(user as Omit<ClientUserData, 'deviceNumber'>),\n deviceNumber,\n };\n await this.storeUser(fixed);\n return fixed;\n }\n\n private async storeUser(userData: ClientUserData): Promise<void> {\n const validation = this.validateNearAccountId(userData.nearAccountId);\n if (!validation.valid) {\n throw new Error(`Cannot store user with invalid account ID: ${validation.error}`);\n }\n\n const db = await this.getDB();\n await db.put(DB_CONFIG.userStore, userData);\n\n // Update lastUserAccountId with new format including device info\n const lastUserState: LastUserAccountIdState = {\n accountId: userData.nearAccountId,\n deviceNumber: userData.deviceNumber,\n };\n\n await this.setAppState('lastUserAccountId', lastUserState);\n }\n\n /**\n * Store WebAuthn user data (compatibility with WebAuthnManager)\n * @param userData - User data with nearAccountId as primary identifier\n */\n async storeWebAuthnUserData(userData: StoreWebAuthnUserDataInput): Promise<void> {\n const validation = this.validateNearAccountId(userData.nearAccountId);\n if (!validation.valid) {\n throw new Error(`Cannot store WebAuthn data for invalid account ID: ${validation.error}`);\n }\n\n const accountId = toAccountId(userData.nearAccountId);\n const deviceNumber = userData.deviceNumber;\n let user = await this.getUser(accountId, deviceNumber);\n\n if (!user) {\n user = await this.registerUser({\n nearAccountId: accountId,\n deviceNumber,\n clientNearPublicKey: userData.clientNearPublicKey,\n passkeyCredential: userData.passkeyCredential,\n encryptedVrfKeypair: userData.encryptedVrfKeypair,\n version: userData.version || 2,\n serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair,\n });\n }\n\n const updatedUser: ClientUserData = {\n ...user,\n clientNearPublicKey: userData.clientNearPublicKey,\n passkeyCredential: userData.passkeyCredential,\n encryptedVrfKeypair: userData.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair ?? user.serverEncryptedVrfKeypair,\n version: userData.version ?? user.version,\n lastUpdated: userData.lastUpdated ?? Date.now(),\n };\n\n await this.storeUser(updatedUser);\n this.emitEvent({\n type: 'user-updated',\n accountId,\n data: { updatedUser }\n });\n }\n\n async getAllUsers(): Promise<ClientUserData[]> {\n const db = await this.getDB();\n return db.getAll(DB_CONFIG.userStore);\n }\n\n async deleteUser(nearAccountId: AccountId): Promise<void> {\n const db = await this.getDB();\n await db.delete(DB_CONFIG.userStore, nearAccountId);\n // Also clean up related authenticators\n await this.clearAuthenticatorsForUser(nearAccountId);\n }\n\n async clearAllUsers(): Promise<void> {\n const db = await this.getDB();\n await db.clear(DB_CONFIG.userStore);\n }\n\n async clearAllAppState(): Promise<void> {\n const db = await this.getDB();\n await db.clear(DB_CONFIG.appStateStore);\n }\n\n /**\n * Store authenticator data for a user\n */\n async storeAuthenticator(authenticatorData: ClientAuthenticatorData): Promise<void> {\n const db = await this.getDB();\n await db.put(DB_CONFIG.authenticatorStore, authenticatorData);\n }\n\n /**\n * Get all authenticators for a user (optionally for a specific device)\n */\n async getAuthenticatorsByUser(nearAccountId: AccountId): Promise<ClientAuthenticatorData[]> {\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readonly');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n const accountId = toAccountId(nearAccountId);\n\n // Get all authenticators for this account across all devices\n const index = store.index('nearAccountId');\n return await index.getAll(accountId);\n }\n\n /**\n * Get a specific authenticator by credential ID\n */\n async getAuthenticatorByCredentialId(\n nearAccountId: AccountId,\n credentialId: string\n ): Promise<ClientAuthenticatorData | null> {\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readonly');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n const accountId = toAccountId(nearAccountId);\n\n // Primary key is [nearAccountId, deviceNumber, credentialId], so we cannot\n // look up by [nearAccountId, credentialId] directly. Use the nearAccountId\n // index and filter by credentialId.\n const index = store.index('nearAccountId');\n const all = await index.getAll(accountId);\n const match = all.find((auth: any) => auth.credentialId === credentialId) || null;\n return match;\n }\n\n /**\n * Clear all authenticators for a user\n */\n async clearAuthenticatorsForUser(nearAccountId: AccountId): Promise<void> {\n const authenticators = await this.getAuthenticatorsByUser(nearAccountId);\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readwrite');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n\n for (const auth of authenticators) {\n // Composite PK is [nearAccountId, deviceNumber, credentialId]\n await store.delete([nearAccountId, auth.deviceNumber, auth.credentialId]);\n }\n }\n\n /**\n * Sync authenticators from contract data\n */\n async syncAuthenticatorsFromContract(\n nearAccountId: AccountId,\n contractAuthenticators: Array<{\n credentialId: string;\n credentialPublicKey: Uint8Array;\n transports?: string[];\n name?: string;\n registered: string;\n vrfPublicKey: string;\n deviceNumber?: number; // Device number from contract\n }>\n ): Promise<void> {\n // Clear existing cache for this user\n await this.clearAuthenticatorsForUser(nearAccountId);\n\n // Add all contract authenticators to cache\n const syncedAt = new Date().toISOString();\n for (const auth of contractAuthenticators) {\n // Fix transport processing: filter out undefined values and provide fallback\n const rawTransports = auth.transports || [];\n const validTransports = rawTransports.filter((transport: any) =>\n transport !== undefined && transport !== null && typeof transport === 'string'\n );\n\n // If no valid transports, default to 'internal' for platform authenticators\n const transports = validTransports.length > 0 ? validTransports : ['internal'];\n\n const clientAuth: ClientAuthenticatorData = {\n credentialId: auth.credentialId,\n credentialPublicKey: auth.credentialPublicKey,\n transports,\n name: auth.name,\n nearAccountId: toAccountId(nearAccountId),\n deviceNumber: auth.deviceNumber || 1, // Default to device 1 (1-indexed)\n registered: auth.registered,\n syncedAt: syncedAt,\n vrfPublicKey: auth.vrfPublicKey,\n };\n await this.storeAuthenticator(clientAuth);\n }\n }\n\n // === ATOMIC OPERATIONS AND ROLLBACK METHODS ===\n\n /**\n * Delete all authenticators for a user\n */\n async deleteAllAuthenticatorsForUser(nearAccountId: AccountId): Promise<void> {\n const authenticators = await this.getAuthenticatorsByUser(nearAccountId);\n\n if (authenticators.length === 0) {\n console.warn(`No authenticators found for user ${nearAccountId}`);\n return;\n }\n\n const db = await this.getDB();\n const tx = db.transaction(DB_CONFIG.authenticatorStore, 'readwrite');\n const store = tx.objectStore(DB_CONFIG.authenticatorStore);\n\n for (const auth of authenticators) {\n // Composite PK is [nearAccountId, deviceNumber, credentialId]\n await store.delete([nearAccountId, auth.deviceNumber, auth.credentialId]);\n }\n\n console.debug(`Deleted ${authenticators.length} authenticators for user ${nearAccountId}`);\n }\n\n /**\n * Get user's confirmation config from IndexedDB\n * @param nearAccountId - The user's account ID\n * @returns ConfirmationConfig or undefined\n */\n async getConfirmationConfig(nearAccountId: AccountId): Promise<ConfirmationConfig> {\n const user = await this.getUser(nearAccountId);\n return user?.preferences?.confirmationConfig || DEFAULT_CONFIRMATION_CONFIG;\n }\n\n /**\n * Get user's theme preference from IndexedDB\n * @param nearAccountId - The user's account ID\n * @returns 'dark' | 'light' | null\n */\n async getTheme(nearAccountId: AccountId): Promise<'dark' | 'light' | null> {\n const user = await this.getUser(nearAccountId);\n return user?.preferences?.confirmationConfig.theme || null;\n }\n\n /**\n * Set user's theme preference in IndexedDB\n * @param nearAccountId - The user's account ID\n * @param theme - The theme to set ('dark' | 'light')\n */\n async setTheme(nearAccountId: AccountId, theme: 'dark' | 'light'): Promise<void> {\n const existingConfig = await this.getConfirmationConfig(nearAccountId);\n const confirmationConfig = { ...existingConfig, theme };\n await this.updatePreferences(nearAccountId, { confirmationConfig });\n }\n\n /**\n * Get user's theme with fallback to 'dark'\n * @param nearAccountId - The user's account ID\n * @returns 'dark' | 'light'\n */\n async getThemeOrDefault(nearAccountId: AccountId): Promise<'dark' | 'light'> {\n const theme = await this.getTheme(nearAccountId);\n return theme || 'dark';\n }\n\n /**\n * Toggle between dark and light theme for a user\n * @param nearAccountId - The user's account ID\n * @returns The new theme that was set\n */\n async toggleTheme(nearAccountId: AccountId): Promise<'dark' | 'light'> {\n const currentTheme = await this.getThemeOrDefault(nearAccountId);\n const newTheme = currentTheme === 'dark' ? 'light' : 'dark';\n await this.setTheme(nearAccountId, newTheme);\n return newTheme;\n }\n\n // === DERIVED ADDRESS METHODS ===\n\n /**\n * Store a derived address for a given NEAR account + contract + path\n */\n async setDerivedAddress(nearAccountId: AccountId, args: { contractId: string; path: string; address: string }): Promise<void> {\n if (!nearAccountId || !args?.contractId || !args?.path || !args?.address) return;\n const validation = this.validateNearAccountId(nearAccountId);\n if (!validation.valid) return;\n const rec: DerivedAddressRecord = {\n nearAccountId: toAccountId(nearAccountId),\n contractId: String(args.contractId),\n path: String(args.path),\n address: String(args.address),\n updatedAt: Date.now(),\n };\n const db = await this.getDB();\n await db.put(DB_CONFIG.derivedAddressStore, rec);\n }\n\n /**\n * Fetch a derived address record; returns null if not found\n */\n async getDerivedAddressRecord(nearAccountId: AccountId, args: { contractId: string; path: string }): Promise<DerivedAddressRecord | null> {\n if (!nearAccountId || !args?.contractId || !args?.path) return null;\n const db = await this.getDB();\n const rec = await db.get(DB_CONFIG.derivedAddressStore, [toAccountId(nearAccountId), String(args.contractId), String(args.path)]);\n return (rec as DerivedAddressRecord) || null;\n }\n\n /**\n * Get only the derived address string; returns null if not set\n */\n async getDerivedAddress(nearAccountId: AccountId, args: { contractId: string; path: string }): Promise<string | null> {\n const rec = await this.getDerivedAddressRecord(nearAccountId, args);\n return rec?.address || null;\n }\n\n // === RECOVERY EMAIL METHODS ===\n\n /**\n * Upsert recovery email records for an account.\n * Merges by hashHex, preferring the most recent email.\n */\n async upsertRecoveryEmails(\n nearAccountId: AccountId,\n entries: Array<{ hashHex: string; email: string }>\n ): Promise<void> {\n if (!nearAccountId || !entries?.length) return;\n const validation = this.validateNearAccountId(nearAccountId);\n if (!validation.valid) return;\n\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n const now = Date.now();\n\n for (const entry of entries) {\n const hashHex = String(entry?.hashHex || '').trim();\n const email = String(entry?.email || '').trim();\n if (!hashHex || !email) continue;\n\n const rec: RecoveryEmailRecord = {\n nearAccountId: accountId,\n hashHex,\n email,\n addedAt: now,\n };\n await db.put(DB_CONFIG.recoveryEmailStore, rec);\n }\n }\n\n /**\n * Fetch all recovery email records for an account.\n */\n async getRecoveryEmails(nearAccountId: AccountId): Promise<RecoveryEmailRecord[]> {\n if (!nearAccountId) return [];\n const db = await this.getDB();\n const accountId = toAccountId(nearAccountId);\n const tx = db.transaction(DB_CONFIG.recoveryEmailStore, 'readonly');\n const store = tx.objectStore(DB_CONFIG.recoveryEmailStore);\n const index = store.index('nearAccountId');\n const result = await index.getAll(accountId);\n return (result as RecoveryEmailRecord[]) || [];\n }\n\n /**\n * Atomic operation wrapper for multiple IndexedDB operations\n * Either all operations succeed or all are rolled back\n */\n async atomicOperation<T>(operation: (db: IDBPDatabase) => Promise<T>): Promise<T> {\n const db = await this.getDB();\n try {\n const result = await operation(db);\n return result;\n } catch (error) {\n console.error('Atomic operation failed:', error);\n throw error;\n }\n }\n\n /**\n * Complete rollback of user registration data\n * Deletes user, authenticators, and WebAuthn data atomically\n */\n async rollbackUserRegistration(nearAccountId: AccountId): Promise<void> {\n console.debug(`Rolling back registration data for ${nearAccountId}`);\n\n await this.atomicOperation(async (db) => {\n // Delete all authenticators for this user\n await this.deleteAllAuthenticatorsForUser(nearAccountId);\n\n // Delete user record\n await db.delete(DB_CONFIG.userStore, nearAccountId);\n\n // Clear from app state if this was the last user\n const lastUserAccount = await this.getAppState<string>('lastUserAccountId');\n if (lastUserAccount === nearAccountId) {\n await this.setAppState('lastUserAccountId', null);\n }\n\n console.debug(`Rolled back all registration data for ${nearAccountId}`);\n return true;\n });\n }\n}\n","import { openDB, type IDBPDatabase } from 'idb';\n\nconst DB_CONFIG: PasskeyNearKeysDBConfig = {\n dbName: 'PasskeyNearKeys',\n dbVersion: 2,\n storeName: 'encryptedKeys',\n keyPath: ['nearAccountId', 'deviceNumber']\n} as const;\n\nexport interface EncryptedKeyData {\n nearAccountId: string;\n deviceNumber: number; // 1-indexed device number\n encryptedData: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for `encryptedData`.\n */\n chacha20NonceB64u: string;\n /**\n * HKDF salt used alongside WrapKeySeed for KEK derivation.\n * Required for v2+ vaults; entries missing `wrapKeySalt` are considered invalid\n * and require re-registration to upgrade the vault format.\n */\n wrapKeySalt?: string;\n version?: number;\n timestamp: number;\n}\n\ninterface PasskeyNearKeysDBConfig {\n dbName: string;\n dbVersion: number;\n storeName: string;\n keyPath: string | [string, string];\n}\n\nexport class PasskeyNearKeysDBManager {\n private config: PasskeyNearKeysDBConfig;\n private db: IDBPDatabase | null = null;\n private disabled = false;\n\n constructor(config: PasskeyNearKeysDBConfig = DB_CONFIG) {\n this.config = config;\n }\n\n getDbName(): string {\n return this.config.dbName;\n }\n\n setDbName(dbName: string): void {\n const next = String(dbName || '').trim();\n if (!next || next === this.config.dbName) return;\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n this.config = { ...this.config, dbName: next };\n }\n\n isDisabled(): boolean {\n return this.disabled;\n }\n\n setDisabled(disabled: boolean): void {\n const next = !!disabled;\n if (next === this.disabled) return;\n this.disabled = next;\n if (next) {\n try { (this.db as any)?.close?.(); } catch {}\n this.db = null;\n }\n }\n\n /**\n * Get database connection, initializing if necessary\n */\n private async getDB(): Promise<IDBPDatabase> {\n if (this.disabled) {\n throw new Error('[PasskeyNearKeysDBManager] IndexedDB is disabled in this environment.');\n }\n if (this.db) {\n return this.db;\n }\n\n this.db = await openDB(this.config.dbName, this.config.dbVersion, {\n upgrade(db): void {\n // Always recreate store with composite key; no migration\n try { if (db.objectStoreNames.contains(DB_CONFIG.storeName)) db.deleteObjectStore(DB_CONFIG.storeName); } catch {}\n const store = db.createObjectStore(DB_CONFIG.storeName, { keyPath: DB_CONFIG.keyPath });\n try { store.createIndex('nearAccountId', 'nearAccountId', { unique: false }); } catch {}\n },\n blocked() {\n console.warn('PasskeyNearKeysDB connection is blocked.');\n },\n blocking() {\n console.warn('PasskeyNearKeysDB connection is blocking another connection.');\n },\n terminated: () => {\n console.warn('PasskeyNearKeysDB connection has been terminated.');\n this.db = null;\n },\n });\n\n return this.db;\n }\n\n /**\n * Store encrypted key data\n */\n async storeEncryptedKey(data: EncryptedKeyData): Promise<void> {\n const db = await this.getDB();\n if (!data.chacha20NonceB64u) {\n throw new Error('PasskeyNearKeysDB: Missing chacha20NonceB64u');\n }\n await db.put(this.config.storeName, data);\n }\n\n /**\n * Retrieve encrypted key data\n */\n async getEncryptedKey(nearAccountId: string, deviceNumber: number): Promise<EncryptedKeyData | null> {\n const db = await this.getDB();\n const sanitize = (rec: any): EncryptedKeyData | null => {\n if (!rec?.encryptedData || !rec?.chacha20NonceB64u) return null;\n return {\n nearAccountId: rec.nearAccountId,\n deviceNumber: rec.deviceNumber,\n encryptedData: rec.encryptedData,\n chacha20NonceB64u: rec.chacha20NonceB64u,\n wrapKeySalt: rec.wrapKeySalt,\n version: rec.version,\n timestamp: rec.timestamp,\n };\n };\n\n if (typeof deviceNumber === 'number') {\n const res = await db.get(this.config.storeName, [nearAccountId, deviceNumber]);\n const direct = sanitize(res);\n if (direct) return direct;\n // Fallback: if specific device key missing, return the most recent key for the account\n if (nearAccountId !== '_init_check') {\n console.warn('PasskeyNearKeysDB: getEncryptedKey - No result for device', deviceNumber, '→ falling back to any key for account');\n }\n try {\n const idx = db.transaction(this.config.storeName).store.index('nearAccountId');\n const all = await idx.getAll(nearAccountId);\n if (Array.isArray(all) && all.length > 0) {\n // Choose the most recently stored entry by timestamp\n const latest = (all as any[]).reduce((a, b) => (a.timestamp >= b.timestamp ? a : b));\n return sanitize(latest);\n }\n } catch {}\n return null;\n }\n // Fallback: pick the first entry for this account (non-deterministic order)\n try {\n const idx = db.transaction(this.config.storeName).store.index('nearAccountId');\n // Prefer all+latest even in generic path for consistency\n const all = await idx.getAll(nearAccountId);\n if (Array.isArray(all) && all.length > 0) {\n const latest = (all as any[]).reduce((a, b) => (a.timestamp >= b.timestamp ? a : b));\n return sanitize(latest);\n }\n } catch {}\n return null;\n }\n\n /**\n * Verify key storage by attempting retrieval\n */\n async verifyKeyStorage(nearAccountId: string, deviceNumber: number): Promise<boolean> {\n const retrievedKey = await this.getEncryptedKey(nearAccountId, deviceNumber);\n return !!retrievedKey;\n }\n\n /**\n * Delete encrypted key data for a specific account\n */\n async deleteEncryptedKey(nearAccountId: string, deviceNumber?: number): Promise<void> {\n const db = await this.getDB();\n if (typeof deviceNumber === 'number') {\n await db.delete(this.config.storeName, [nearAccountId, deviceNumber]);\n } else {\n // Delete all keys for this account if device unspecified\n const tx = db.transaction(this.config.storeName, 'readwrite');\n const idx = tx.store.index('nearAccountId');\n let cursor = await idx.openCursor(IDBKeyRange.only(nearAccountId));\n while (cursor) {\n await tx.store.delete(cursor.primaryKey);\n cursor = await cursor.continue();\n }\n await tx.done;\n }\n console.debug('PasskeyNearKeysDB: deleteEncryptedKey - Successfully deleted');\n }\n\n /**\n * Get all encrypted keys (for migration or debugging purposes)\n */\n async getAllEncryptedKeys(): Promise<EncryptedKeyData[]> {\n const db = await this.getDB();\n const all = await db.getAll(this.config.storeName);\n return (all as any[])\n .map((rec) => {\n if (!rec?.encryptedData || !rec?.chacha20NonceB64u) return null;\n return {\n nearAccountId: rec.nearAccountId,\n deviceNumber: rec.deviceNumber,\n encryptedData: rec.encryptedData,\n chacha20NonceB64u: rec.chacha20NonceB64u,\n wrapKeySalt: rec.wrapKeySalt,\n version: rec.version,\n timestamp: rec.timestamp,\n } as EncryptedKeyData;\n })\n .filter((rec): rec is EncryptedKeyData => rec !== null);\n }\n\n /**\n * Check if a key exists for the given account\n */\n async hasEncryptedKey(nearAccountId: string, deviceNumber: number): Promise<boolean> {\n const keyData = await this.getEncryptedKey(nearAccountId, deviceNumber);\n return !!keyData;\n }\n}\n","export { PasskeyClientDBManager } from './passkeyClientDB';\nexport { PasskeyNearKeysDBManager } from './passkeyNearKeysDB';\n\nexport type {\n ClientUserData,\n UserPreferences,\n ClientAuthenticatorData,\n IndexedDBEvent,\n DerivedAddressRecord,\n RecoveryEmailRecord\n} from './passkeyClientDB';\n\nexport type {\n EncryptedKeyData\n} from './passkeyNearKeysDB';\n\nimport { AccountId } from '../types/accountIds';\n\n// === SINGLETON INSTANCES ===\nimport { PasskeyClientDBManager, type ClientUserData } from './passkeyClientDB';\nimport { PasskeyNearKeysDBManager, type EncryptedKeyData } from './passkeyNearKeysDB';\n\n// Export singleton instances for backward compatibility with existing code\nexport const passkeyClientDB = new PasskeyClientDBManager();\nexport const passkeyNearKeysDB = new PasskeyNearKeysDBManager();\n\nexport type IndexedDBMode = 'legacy' | 'wallet' | 'disabled';\n\nconst DB_CONFIG_BY_MODE: Record<IndexedDBMode, { clientDbName: string; nearKeysDbName: string; disabled: boolean }> = {\n legacy: { clientDbName: 'PasskeyClientDB', nearKeysDbName: 'PasskeyNearKeys', disabled: false },\n wallet: { clientDbName: 'PasskeyClientDB', nearKeysDbName: 'PasskeyNearKeys', disabled: false },\n // When running the SDK on the app origin with a wallet iframe configured, we disable IndexedDB entirely\n // to ensure no SDK tables are created and nothing can accidentally persist there.\n disabled: { clientDbName: 'PasskeyClientDB', nearKeysDbName: 'PasskeyNearKeys', disabled: true },\n};\n\nlet configured: { mode: IndexedDBMode; clientDbName: string; nearKeysDbName: string; disabled: boolean } | null = null;\n\n/**\n * Configure IndexedDB database names for the current runtime.\n *\n * Call this once, early (before any IndexedDB access).\n * - Wallet iframe host should use `mode: 'wallet'`.\n * - App origin should use `mode: 'disabled'` when wallet-iframe mode is enabled.\n * - Non-iframe apps should use `mode: 'legacy'`.\n */\nexport function configureIndexedDB(args: { mode: IndexedDBMode }): { clientDbName: string; nearKeysDbName: string } {\n const mode = args?.mode;\n const next = DB_CONFIG_BY_MODE[mode];\n if (!next) {\n throw new Error(`[IndexedDBManager] Unknown IndexedDBMode: ${String(mode)}`);\n }\n\n if (configured) {\n const isSame =\n configured.clientDbName === next.clientDbName\n && configured.nearKeysDbName === next.nearKeysDbName\n && configured.disabled === next.disabled;\n if (!isSame) {\n console.warn('[IndexedDBManager] configureIndexedDB called multiple times; ignoring subsequent configuration', {\n configured,\n requested: next,\n });\n }\n return { clientDbName: configured.clientDbName, nearKeysDbName: configured.nearKeysDbName };\n }\n\n configured = { mode, ...next };\n passkeyClientDB.setDbName(next.clientDbName);\n passkeyNearKeysDB.setDbName(next.nearKeysDbName);\n passkeyClientDB.setDisabled(next.disabled);\n passkeyNearKeysDB.setDisabled(next.disabled);\n return { clientDbName: configured.clientDbName, nearKeysDbName: configured.nearKeysDbName };\n}\n\nexport function getIndexedDBNames(): { clientDbName: string; nearKeysDbName: string } {\n return configured || {\n clientDbName: passkeyClientDB.getDbName(),\n nearKeysDbName: passkeyNearKeysDB.getDbName(),\n };\n}\n\n/**\n * Unified IndexedDB interface providing access to both databases\n * This allows centralized access while maintaining separation of concerns\n */\nexport class UnifiedIndexedDBManager {\n public readonly clientDB: PasskeyClientDBManager;\n public readonly nearKeysDB: PasskeyNearKeysDBManager;\n private _initialized = false;\n\n constructor() {\n this.clientDB = passkeyClientDB;\n this.nearKeysDB = passkeyNearKeysDB;\n }\n\n /**\n * Initialize both databases proactively\n * This ensures both databases are created and ready for use\n */\n async initialize(): Promise<void> {\n if (this._initialized) {\n return;\n }\n\n try {\n if (this.clientDB.isDisabled() || this.nearKeysDB.isDisabled()) {\n this._initialized = true;\n return;\n }\n // Initialize both databases by calling a simple operation\n // This will trigger the getDB() method in both managers and ensure databases are created\n await Promise.all([\n this.clientDB.getAppState('_init_check'),\n this.nearKeysDB.hasEncryptedKey('_init_check', 1)\n ]);\n\n this._initialized = true;\n } catch (error) {\n console.warn('Failed to initialize IndexedDB databases:', error);\n // Don't throw - allow the SDK to continue working, databases will be initialized on first use\n }\n }\n\n /**\n * Check if databases have been initialized\n */\n get isInitialized(): boolean {\n return this._initialized;\n }\n\n // === CONVENIENCE METHODS ===\n\n /**\n * Get user data and check if they have encrypted NEAR keys\n */\n async getUserWithKeys(nearAccountId: AccountId): Promise<{\n userData: ClientUserData | null;\n hasKeys: boolean;\n keyData?: EncryptedKeyData | null;\n }> {\n const last = await this.clientDB.getLastUser();\n const userData = last && last.nearAccountId === nearAccountId\n ? last\n : await this.clientDB.getUserByDevice(nearAccountId, 1);\n const deviceNumber = (last && last.nearAccountId === nearAccountId)\n ? last.deviceNumber\n : userData?.deviceNumber!;\n const [hasKeys, keyData] = await Promise.all([\n this.nearKeysDB.hasEncryptedKey(nearAccountId, deviceNumber),\n this.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber)\n ]);\n\n return {\n userData,\n hasKeys,\n keyData: hasKeys ? keyData : undefined\n };\n }\n\n // === Derived addresses convenience ===\n async setDerivedAddress(\n nearAccountId: AccountId,\n args: { contractId: string; path: string; address: string }\n ): Promise<void> {\n return this.clientDB.setDerivedAddress(nearAccountId, args);\n }\n\n async getDerivedAddressRecord(\n nearAccountId: AccountId,\n args: { contractId: string; path: string }\n ): Promise<import('./passkeyClientDB').DerivedAddressRecord | null> {\n return this.clientDB.getDerivedAddressRecord(nearAccountId, args);\n }\n\n async getDerivedAddress(\n nearAccountId: AccountId,\n args: { contractId: string; path: string }\n ): Promise<string | null> {\n return this.clientDB.getDerivedAddress(nearAccountId, args);\n }\n\n // === Recovery emails convenience ===\n async upsertRecoveryEmails(\n nearAccountId: AccountId,\n entries: Array<{ hashHex: string; email: string }>\n ): Promise<void> {\n return this.clientDB.upsertRecoveryEmails(nearAccountId, entries);\n }\n\n async getRecoveryEmails(nearAccountId: AccountId): Promise<import('./passkeyClientDB').RecoveryEmailRecord[]> {\n return this.clientDB.getRecoveryEmails(nearAccountId);\n }\n}\n\n// Export singleton instance of unified manager\nexport const IndexedDBManager = new UnifiedIndexedDBManager();\n","// base-x encoding / decoding\n// Copyright (c) 2018 base-x contributors\n// Copyright (c) 2014-2018 The Bitcoin Core developers (base58.cpp)\n// Distributed under the MIT software license, see the accompanying\n// file LICENSE or http://www.opensource.org/licenses/mit-license.php.\nfunction base (ALPHABET) {\n if (ALPHABET.length >= 255) { throw new TypeError('Alphabet too long') }\n const BASE_MAP = new Uint8Array(256)\n for (let j = 0; j < BASE_MAP.length; j++) {\n BASE_MAP[j] = 255\n }\n for (let i = 0; i < ALPHABET.length; i++) {\n const x = ALPHABET.charAt(i)\n const xc = x.charCodeAt(0)\n if (BASE_MAP[xc] !== 255) { throw new TypeError(x + ' is ambiguous') }\n BASE_MAP[xc] = i\n }\n const BASE = ALPHABET.length\n const LEADER = ALPHABET.charAt(0)\n const FACTOR = Math.log(BASE) / Math.log(256) // log(BASE) / log(256), rounded up\n const iFACTOR = Math.log(256) / Math.log(BASE) // log(256) / log(BASE), rounded up\n function encode (source) {\n // eslint-disable-next-line no-empty\n if (source instanceof Uint8Array) { } else if (ArrayBuffer.isView(source)) {\n source = new Uint8Array(source.buffer, source.byteOffset, source.byteLength)\n } else if (Array.isArray(source)) {\n source = Uint8Array.from(source)\n }\n if (!(source instanceof Uint8Array)) { throw new TypeError('Expected Uint8Array') }\n if (source.length === 0) { return '' }\n // Skip & count leading zeroes.\n let zeroes = 0\n let length = 0\n let pbegin = 0\n const pend = source.length\n while (pbegin !== pend && source[pbegin] === 0) {\n pbegin++\n zeroes++\n }\n // Allocate enough space in big-endian base58 representation.\n const size = ((pend - pbegin) * iFACTOR + 1) >>> 0\n const b58 = new Uint8Array(size)\n // Process the bytes.\n while (pbegin !== pend) {\n let carry = source[pbegin]\n // Apply \"b58 = b58 * 256 + ch\".\n let i = 0\n for (let it1 = size - 1; (carry !== 0 || i < length) && (it1 !== -1); it1--, i++) {\n carry += (256 * b58[it1]) >>> 0\n b58[it1] = (carry % BASE) >>> 0\n carry = (carry / BASE) >>> 0\n }\n if (carry !== 0) { throw new Error('Non-zero carry') }\n length = i\n pbegin++\n }\n // Skip leading zeroes in base58 result.\n let it2 = size - length\n while (it2 !== size && b58[it2] === 0) {\n it2++\n }\n // Translate the result into a string.\n let str = LEADER.repeat(zeroes)\n for (; it2 < size; ++it2) { str += ALPHABET.charAt(b58[it2]) }\n return str\n }\n function decodeUnsafe (source) {\n if (typeof source !== 'string') { throw new TypeError('Expected String') }\n if (source.length === 0) { return new Uint8Array() }\n let psz = 0\n // Skip and count leading '1's.\n let zeroes = 0\n let length = 0\n while (source[psz] === LEADER) {\n zeroes++\n psz++\n }\n // Allocate enough space in big-endian base256 representation.\n const size = (((source.length - psz) * FACTOR) + 1) >>> 0 // log(58) / log(256), rounded up.\n const b256 = new Uint8Array(size)\n // Process the characters.\n while (psz < source.length) {\n // Find code of next character\n const charCode = source.charCodeAt(psz)\n // Base map can not be indexed using char code\n if (charCode > 255) { return }\n // Decode character\n let carry = BASE_MAP[charCode]\n // Invalid character\n if (carry === 255) { return }\n let i = 0\n for (let it3 = size - 1; (carry !== 0 || i < length) && (it3 !== -1); it3--, i++) {\n carry += (BASE * b256[it3]) >>> 0\n b256[it3] = (carry % 256) >>> 0\n carry = (carry / 256) >>> 0\n }\n if (carry !== 0) { throw new Error('Non-zero carry') }\n length = i\n psz++\n }\n // Skip leading zeroes in b256.\n let it4 = size - length\n while (it4 !== size && b256[it4] === 0) {\n it4++\n }\n const vch = new Uint8Array(zeroes + (size - it4))\n let j = zeroes\n while (it4 !== size) {\n vch[j++] = b256[it4++]\n }\n return vch\n }\n function decode (string) {\n const buffer = decodeUnsafe(string)\n if (buffer) { return buffer }\n throw new Error('Non-base' + BASE + ' character')\n }\n return {\n encode,\n decodeUnsafe,\n decode\n }\n}\nexport default base\n","import basex from 'base-x';\nvar ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';\nexport default basex(ALPHABET);\n","import bs58 from 'bs58';\n\n/**\n * Encodes binary data to base58 string using Bitcoin's base58 alphabet.\n * Used extensively in NEAR for account IDs, public keys, hashes, and signatures.\n *\n * @param data - Binary data to encode (Uint8Array, ArrayBuffer, or number[])\n * @returns Base58-encoded string\n */\nexport const base58Encode = (data: Uint8Array | ArrayBuffer | number[]): string => {\n if (data instanceof ArrayBuffer) {\n return bs58.encode(new Uint8Array(data));\n }\n if (Array.isArray(data)) {\n return bs58.encode(new Uint8Array(data));\n }\n return bs58.encode(data);\n};\n\n/**\n * Decodes a base58 string to binary data using Bitcoin's base58 alphabet.\n * Returns a Uint8Array containing the decoded bytes.\n *\n * @param base58String - Base58-encoded string to decode\n * @returns Uint8Array containing the decoded bytes\n * @throws Error if input contains invalid base58 characters\n */\nexport const base58Decode = (base58String: string): Uint8Array => {\n return bs58.decode(base58String);\n};\n\n","/**\n * Device detection utilities for camera and UI optimization\n */\n\nexport type DeviceType = 'mobile' | 'tablet' | 'desktop';\nexport type CameraFacingMode = 'user' | 'environment';\n\n/**\n * Detects the current device type based on multiple indicators\n */\nexport const detectDeviceType = (): DeviceType => {\n // Method 1: User agent detection\n const userAgent = navigator.userAgent.toLowerCase();\n const isMobileUA = /android|iphone|ipod|blackberry|iemobile|opera mini/i.test(userAgent);\n const isTabletUA = /ipad|tablet|kindle|playbook|silk/i.test(userAgent);\n\n // Method 2: Touch and screen size detection\n const isTouchDevice = navigator.maxTouchPoints > 0;\n const screenWidth = window.screen.width;\n const isSmallScreen = screenWidth <= 480;\n const isMediumScreen = screenWidth <= 1024;\n\n // Method 3: Orientation support (mobile/tablet indicator)\n const hasOrientation = 'orientation' in window;\n\n // Determine device type with priority: mobile > tablet > desktop\n if (isMobileUA || (isTouchDevice && isSmallScreen)) {\n return 'mobile';\n }\n\n if (isTabletUA || (isTouchDevice && isMediumScreen && hasOrientation)) {\n return 'tablet';\n }\n\n return 'desktop';\n};\n\n/**\n * Basic Safari detection (desktop Safari). Note: all iOS browsers use WebKit,\n * so use isIOS() to capture iOS Safari-like restrictions.\n */\nexport const isSafari = (): boolean => {\n try {\n const ua = navigator.userAgent;\n const isSafariEngine = /safari/i.test(ua) && !/chrome|crios|crmo|chromium|edg|edge|opr|opera|brave/i.test(ua);\n return isSafariEngine;\n } catch {\n return false;\n }\n};\n\n/**\n * Detect iOS (covers iPhone/iPad/iPod and iPadOS with desktop UA).\n * iOS has WebAuthn user-activation quirks that are shared by all iOS browsers.\n */\nexport const isIOS = (): boolean => {\n try {\n const ua = navigator.userAgent;\n const platform = (navigator as any).platform || '';\n const maxTouch = Number(navigator.maxTouchPoints || 0);\n const iOSUA = /iPad|iPhone|iPod/.test(ua);\n const iPadOSMacLike = /Macintosh/.test(ua) && maxTouch > 1; // iPadOS masquerading as Mac\n const iOSPlatform = /iPad|iPhone|iPod/.test(platform);\n return iOSUA || iPadOSMacLike || iOSPlatform;\n } catch {\n return false;\n }\n};\n\n/**\n * Detect Mobile Safari (iOS Safari specifically). Chrome/Firefox on iOS still use WebKit,\n * so for WebAuthn activation rules, prefer checking isIOS() as well.\n */\nexport const isMobileSafari = (): boolean => {\n try {\n const ua = navigator.userAgent;\n if (!isIOS()) return false;\n // Exclude Chrome/Firefox/Edge branded iOS browsers (still WebKit underneath)\n const branded = /crios|fxios|edgios|opios|mercury/i.test(ua);\n const safariToken = /safari/i.test(ua);\n return safariToken && !branded;\n } catch {\n return false;\n }\n};\n\n/**\n * Returns true when the page currently has a transient user activation\n * (click/tap/key within the allowed time window).\n */\nexport const hasActiveUserActivation = (): boolean => {\n try {\n const ua = (navigator as any).userActivation;\n return !!(ua && typeof ua.isActive === 'boolean' && ua.isActive);\n } catch {\n return false;\n }\n};\n\n/**\n * Heuristic: when on Safari/iOS or on a mobile device AND no active user\n * activation, we should surface a clickable UI to capture activation.\n */\nexport const needsExplicitActivation = (): boolean => {\n try {\n if (hasActiveUserActivation()) return false;\n return isIOS() || isMobileDevice() || isSafari();\n } catch {\n // In non-browser or SSR/test environments, avoid forcing UI changes\n return false;\n }\n};\n\n/**\n * Determines optimal camera facing mode based on device type\n * - Mobile/Tablet: Back camera (environment) for QR scanning\n * - Desktop/Laptop: Front camera (user) for video calls/selfies\n */\nexport const getOptimalCameraFacingMode = (): CameraFacingMode => {\n const deviceType = detectDeviceType();\n\n switch (deviceType) {\n case 'mobile':\n case 'tablet':\n console.log(`${deviceType} device detected - using back camera (environment)`);\n return 'environment';\n\n case 'desktop':\n default:\n return 'user';\n }\n};\n\n/**\n * Check if the current device is likely mobile\n */\nexport const isMobileDevice = (): boolean => {\n return detectDeviceType() === 'mobile';\n};\n\n/**\n * Check if the current device supports touch\n */\nexport const isTouchDevice = (): boolean => {\n return navigator.maxTouchPoints > 0;\n};\n\n/**\n * Get device capabilities for camera constraints\n */\nexport const getDeviceCapabilities = () => {\n const deviceType = detectDeviceType();\n const isTouch = isTouchDevice();\n const facingMode = getOptimalCameraFacingMode();\n\n return {\n deviceType,\n isTouch,\n recommendedFacingMode: facingMode,\n // Recommended camera constraints based on device\n cameraConstraints: {\n video: {\n facingMode,\n width: deviceType === 'mobile' ? { ideal: 720, min: 480 } : { ideal: 1280, min: 720 },\n height: deviceType === 'mobile' ? { ideal: 720, min: 480 } : { ideal: 720, min: 480 },\n aspectRatio: deviceType === 'mobile' ? { ideal: 1.0 } : { ideal: 16/9 }\n }\n }\n };\n};\n","import { RpcResponse } from './types/rpc';\n\ntype NearRpcErrorType = 'InvalidTxError' | 'ActionError' | 'TxExecutionError' | 'RpcError' | 'Failure' | 'Unknown';\n\nfunction isObj(v: unknown): v is Record<string, unknown> {\n return !!v && typeof v === 'object' && !Array.isArray(v);\n}\n\nfunction firstKey(o: Record<string, unknown> | undefined): string | undefined {\n if (!o) return undefined;\n const keys = Object.keys(o);\n return keys.length ? keys[0] : undefined;\n}\n\nexport class NearRpcError extends Error {\n code?: number;\n type: NearRpcErrorType;\n kind?: string;\n index?: number;\n short: string;\n details?: unknown;\n operation?: string;\n\n constructor(params: {\n message: string;\n short: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n code?: number;\n name?: string;\n operation?: string;\n details?: unknown;\n }) {\n super(params.message);\n this.name = params.name || 'NearRpcError';\n this.code = params.code;\n this.type = params.type || 'Unknown';\n this.kind = params.kind;\n this.index = params.index;\n this.short = params.short;\n this.details = params.details;\n this.operation = params.operation;\n }\n\n static fromRpcResponse(operationName: string, rpc: RpcResponse): NearRpcError {\n const err = rpc.error || {};\n const details = err.data as unknown;\n\n const { message, type, kind, index, short } = describeDetails(operationName, details);\n\n return new NearRpcError({\n message: message || err.message || `${operationName} RPC error`,\n short: short || kind || 'RPC error',\n type: type || 'RpcError',\n kind,\n index,\n code: err.code,\n name: err.name || 'NearRpcError',\n operation: operationName,\n details,\n });\n }\n\n static fromOutcome(operationName: string, outcome: any, failure: any): NearRpcError {\n const { message, type, kind, index, short } = describeFailure(operationName, failure);\n return new NearRpcError({\n message: message || `${operationName} failed`,\n short: short || kind || 'TxExecutionError',\n type: type || 'Failure',\n kind,\n index,\n name: 'TxExecutionFailure',\n operation: operationName,\n details: { Failure: failure, outcome },\n });\n }\n}\n\nfunction describeDetails(operationName: string, details: unknown): {\n message: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n short?: string;\n} {\n const d = isObj(details) ? details : undefined;\n const txExec = isObj(d?.TxExecutionError) ? (d!.TxExecutionError as Record<string, unknown>) : undefined;\n if (!txExec) {\n const dataStr = d ? ` Details: ${JSON.stringify(d)}` : '';\n return { message: `${operationName} RPC error.${dataStr}` };\n }\n return describeTxExecution(operationName, txExec);\n}\n\nfunction describeFailure(operationName: string, failure: any): {\n message: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n short?: string;\n} {\n const f = isObj(failure) ? (failure as Record<string, unknown>) : undefined;\n if (!f) {\n return { message: `${operationName} failed (Unknown Failure)` };\n }\n // Reuse TxExecutionError shape if available\n return describeTxExecution(operationName, f as Record<string, unknown>);\n}\n\nfunction describeTxExecution(operationName: string, exec: Record<string, unknown>): {\n message: string;\n type?: NearRpcErrorType;\n kind?: string;\n index?: number;\n short?: string;\n} {\n // InvalidTxError\n if (isObj(exec.InvalidTxError)) {\n const inv = exec.InvalidTxError as Record<string, unknown>;\n let kind = firstKey(inv) || 'InvalidTxError';\n if (isObj(inv.ActionsValidation)) {\n kind = `ActionsValidation.${firstKey(inv.ActionsValidation as Record<string, unknown>)}`;\n }\n const short = kind.startsWith('ActionsValidation.')\n ? `InvalidTxError: ${kind.split('.')[1] || 'ActionsValidation'}`\n : `InvalidTxError: ${kind}`;\n return {\n message: `${operationName} failed (InvalidTxError: ${kind})`,\n type: 'InvalidTxError',\n kind,\n short,\n };\n }\n\n // ActionError\n if (isObj(exec.ActionError)) {\n const ae = exec.ActionError as Record<string, unknown>;\n const idx = typeof (ae.index as unknown) === 'number' ? (ae.index as number) : undefined;\n const kobj = isObj(ae.kind) ? (ae.kind as Record<string, unknown>) : undefined;\n const kind = firstKey(kobj) || 'ActionError';\n const idxStr = typeof idx === 'number' ? ` at action ${idx}` : '';\n const short = `ActionError: ${kind}`;\n return {\n message: `${operationName} failed${idxStr} (ActionError: ${kind})`,\n type: 'ActionError',\n kind,\n index: idx,\n short,\n };\n }\n\n // Fallback TxExecutionError without specifics\n return {\n message: `${operationName} failed (TxExecutionError)`,\n type: 'TxExecutionError',\n kind: 'TxExecutionError',\n short: 'TxExecutionError',\n };\n}\n","import type { AccessKeyView, TxExecutionStatus } from \"@near-js/types\";\n\nexport const DEFAULT_WAIT_STATUS = {\n executeAction: \"EXECUTED_OPTIMISTIC\" as TxExecutionStatus,\n linkDeviceAddKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n linkDeviceSwapKey: \"FINAL\" as TxExecutionStatus,\n linkDeviceAccountMapping: \"INCLUDED_FINAL\" as TxExecutionStatus,\n linkDeviceDeleteKey: \"INCLUDED_FINAL\" as TxExecutionStatus,\n linkDeviceRegistration: \"FINAL\" as TxExecutionStatus,\n // See default finality settings:\n // https://github.com/near/near-api-js/blob/99f34864317725467a097dc3c7a3cc5f7a5b43d4/packages/accounts/src/account.ts#L68\n}\n\n// Transaction and Signature types - defined as TypeScript interfaces since they're handled as JSON\nexport interface TransactionStruct {\n signerAccount: string;\n publicKey: {\n keyType: number;\n keyData: number[];\n };\n nonce: number;\n receiverAccount: string;\n blockHash: number[];\n actions: any[]; // Actions are complex, handled as JSON\n}\n\nexport interface SignatureStruct {\n keyType: number;\n signatureData: number[];\n}\n\nexport interface NearRpcCallParams {\n jsonrpc: string;\n id: string;\n method: string;\n params: {\n signed_tx_base64: string;\n wait_until: TxExecutionStatus;\n }\n}\n\nexport interface TransactionContext {\n nearPublicKeyStr: string;\n accessKeyInfo: AccessKeyView;\n nextNonce: string;\n txBlockHeight: string;\n txBlockHash: string;\n}\n\nexport interface BlockInfo {\n header: {\n hash: string;\n height: number;\n };\n}\nexport interface RpcErrorData {\n // NEAR error payloads vary; keep flexible but preserve common fields\n // Top-level helper message if present\n message?: string;\n // Anything else from the node (TxExecutionError, ActionError, etc.)\n [key: string]: any;\n}\n\nexport interface RpcError {\n code?: number;\n name?: string;\n data?: RpcErrorData;\n message?: string;\n}\n\nexport interface RpcResponse {\n error?: RpcError;\n result?: any;\n}\n","/**\n * Minimal NEAR RPC client that replaces @near-js/providers\n * Only includes the methods actually used by TatchiPasskey\n *\n * If needed, we can just wrap @near-js if we require more complex\n * functionality and type definitions\n */\n\nimport type {\n FinalExecutionOutcome,\n QueryResponseKind,\n TxExecutionStatus,\n AccessKeyView,\n AccessKeyInfoView,\n AccessKeyList,\n FunctionCallPermissionView,\n AccountView,\n BlockResult,\n BlockReference,\n RpcQueryRequest,\n FinalityReference,\n} from \"@near-js/types\";\nimport { base64Encode, base64Decode } from \"../utils\";\nimport { errorMessage } from \"../utils/errors\";\nimport { NearRpcError } from \"./NearRpcError\";\nimport { DEFAULT_WAIT_STATUS, RpcResponse } from \"./types/rpc\";\nimport { isFunction } from './WalletIframe/validation';\nimport {\n WasmTransaction,\n WasmSignature,\n} from \"../wasm_signer_worker/pkg/wasm_signer_worker.js\";\n\n// re-export near-js types\nexport type { AccessKeyList } from \"@near-js/types\";\n\nexport interface ViewAccountParams {\n account: string;\n block_id?: string;\n}\n\nexport type FullAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n & { access_key: Omit<AccessKeyView, 'permission'> & { permission: 'FullAccess' } }\n\nexport type FunctionCallAccessKey = Omit<AccessKeyInfoView, 'access_key'>\n & { access_key: Omit<AccessKeyView, 'permission'> & { permission: FunctionCallPermissionView } }\n\nexport interface ContractResult<T> extends QueryResponseKind {\n result?: T | string | number;\n logs: string[];\n}\n\nexport enum RpcCallType {\n Query = \"query\",\n View = \"view\",\n Send = \"send_tx\",\n Block = \"block\",\n Call = \"call_function\",\n}\n\nexport class SignedTransaction {\n transaction: WasmTransaction;\n signature: WasmSignature;\n borsh_bytes: number[];\n\n constructor(data: {\n transaction: WasmTransaction;\n signature: WasmSignature;\n borsh_bytes: number[]\n }) {\n this.transaction = data.transaction;\n this.signature = data.signature;\n this.borsh_bytes = data.borsh_bytes;\n }\n\n static fromPlain(input: { transaction: unknown; signature: unknown; borsh_bytes: number[] }): SignedTransaction {\n return new SignedTransaction({\n transaction: input.transaction as WasmTransaction,\n signature: input.signature as WasmSignature,\n borsh_bytes: input.borsh_bytes,\n });\n }\n\n encode(): ArrayBuffer {\n // If borsh_bytes are already available, use them\n return (new Uint8Array(this.borsh_bytes)).buffer;\n }\n\n base64Encode(): string {\n return base64Encode(this.encode());\n }\n\n static decode(bytes: Uint8Array): SignedTransaction {\n // This would need borsh deserialization\n throw new Error('SignedTransaction.decode(): borsh deserialization not implemented');\n }\n}\n\n/**\n * Serialize a signed transaction-like object to base64.\n * Accepts either our SignedTransaction instance or a plain object\n * with borsh bytes (borsh_bytes | borshBytes) from cross-origin RPC.\n *\n * Implementation notes / pitfalls:\n * - We always bind `this` correctly when calling .base64Encode() / .encode()\n * so methods defined on SignedTransaction can safely call this.encode().\n * - The underlying base64Encode() helper is implemented to avoid spreading large\n * Uint8Arrays into String.fromCharCode(...), which can overflow the JS call\n * stack for big WASM binaries or large transactions.\n * - As a fallback, we accept raw borsh bytes in multiple shapes to keep the\n * serializer resilient to different runtimes (plain objects, typed arrays, etc.).\n */\nexport type EncodableSignedTx =\n | SignedTransaction\n | {\n // Borsh bytes in various shapes from different runtimes\n borsh_bytes?: unknown;\n borshBytes?: unknown;\n // Optional helper methods from some callers\n encode?: () => ArrayBuffer;\n base64Encode?: () => string;\n };\n\nexport function toArrayBufferFromUnknownBytes(\n bytes: unknown\n): ArrayBuffer | SharedArrayBuffer | null {\n if (!bytes) return null;\n\n // Plain number[]\n if (Array.isArray(bytes)) {\n return new Uint8Array(bytes as number[]).buffer;\n }\n\n // Typed arrays / DataView\n if (ArrayBuffer.isView(bytes)) {\n const view = bytes as ArrayBufferView;\n return view.buffer.slice(view.byteOffset, view.byteOffset + view.byteLength);\n }\n\n // Raw ArrayBuffer\n if (bytes instanceof ArrayBuffer) {\n return bytes;\n }\n\n return null;\n}\n\nexport function encodeSignedTransactionBase64(signed: EncodableSignedTx): string {\n // Some call sites wrap the actual SignedTransaction in a { signedTransaction } envelope.\n // Normalize that here so the rest of the function always works with a concrete tx-like object.\n const maybeSigned = (signed as any)?.signedTransaction;\n const txPayload: EncodableSignedTx =\n maybeSigned && typeof maybeSigned === 'object'\n ? (maybeSigned as EncodableSignedTx)\n : signed;\n\n // 1) If the payload exposes a .base64Encode() helper (our SignedTransaction class),\n // use it directly. Bind `this` so the method can safely call this.encode().\n const maybeBase64 = (txPayload as { base64Encode?: unknown }).base64Encode;\n if (isFunction(maybeBase64)) {\n return (maybeBase64 as () => string).call(txPayload);\n }\n\n // 2) Otherwise, fall back to a generic encode() → ArrayBuffer method if present.\n const maybeEncode = (txPayload as { encode?: unknown }).encode;\n if (isFunction(maybeEncode)) {\n const buf = (maybeEncode as () => ArrayBuffer).call(txPayload);\n return base64Encode(buf);\n }\n\n // 3) Finally, accept raw borsh bytes in multiple shapes / field names.\n // This keeps the serializer resilient across runtimes that may not\n // hydrate SignedTransaction instances but still provide borsh_bytes/Bytes.\n const snakeBuf = toArrayBufferFromUnknownBytes(\n (txPayload as { borsh_bytes?: unknown }).borsh_bytes\n );\n if (snakeBuf) {\n return base64Encode(snakeBuf);\n }\n\n const camelBuf = toArrayBufferFromUnknownBytes(\n (txPayload as { borshBytes?: unknown }).borshBytes\n );\n if (camelBuf) {\n return base64Encode(camelBuf);\n }\n\n throw new Error('Invalid signed transaction payload: cannot serialize to base64');\n}\n\n/**\n * MinimalNearClient provides a simplified interface for NEAR protocol interactions\n */\nexport interface NearClient {\n viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView>;\n viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList>;\n viewAccount(accountId: string): Promise<AccountView>;\n viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array>;\n viewBlock(params: BlockReference): Promise<BlockResult>;\n sendTransaction(\n signedTransaction: SignedTransaction,\n waitUntil?: TxExecutionStatus\n ): Promise<FinalExecutionOutcome>;\n query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T>;\n callFunction<A, T>(\n contractId: string,\n method: string,\n args: A,\n blockQuery?: BlockReference\n ): Promise<T>;\n view<A, T>(params: { account: string; method: string; args: A }): Promise<T>;\n getAccessKeys(params: ViewAccountParams): Promise<{\n fullAccessKeys: FullAccessKey[];\n functionCallAccessKeys: FunctionCallAccessKey[];\n }>;\n}\n\nexport class MinimalNearClient implements NearClient {\n private readonly rpcUrls: string[];\n\n constructor(rpcUrl: string | string[]) {\n this.rpcUrls = MinimalNearClient.normalizeRpcUrls(rpcUrl);\n }\n\n private static normalizeRpcUrls(input: string | string[]): string[] {\n const urls = Array.isArray(input)\n ? input\n : input\n .split(/[\\s,]+/)\n .map(url => url.trim())\n .filter(Boolean);\n\n const normalized = urls.map(url => {\n try {\n return new URL(url).toString();\n } catch (err) {\n const message = errorMessage(err) || `Invalid NEAR RPC URL: ${url}`;\n throw new Error(message);\n }\n });\n\n if (!normalized.length) {\n throw new Error('NEAR RPC URL cannot be empty');\n }\n\n return Array.from(new Set(normalized));\n }\n\n // ===========================\n // PRIVATE HELPER FUNCTIONS\n // ===========================\n\n /** Build a JSON-RPC 2.0 POST body (stringified). */\n private buildRequestBody<P>(method: string, params: P): string {\n return JSON.stringify({\n jsonrpc: '2.0',\n id: crypto.randomUUID(),\n method,\n params\n });\n }\n\n /** Perform a single POST to one endpoint and return parsed RpcResponse. */\n private async postOnce(url: string, requestBody: string): Promise<RpcResponse> {\n const response = await fetch(url, {\n method: 'POST',\n headers: { 'Content-Type': 'application/json' },\n body: requestBody\n });\n\n if (!response.ok) {\n throw new Error(`RPC request failed: ${response.status} ${response.statusText}`);\n }\n\n const text = await response.text();\n if (!text?.trim()) {\n throw new Error('Empty response from RPC server');\n }\n\n return JSON.parse(text) as RpcResponse;\n }\n\n /** Try each configured RPC endpoint in order and return the first successful RpcResponse. */\n private async requestWithFallback(requestBody: string): Promise<RpcResponse> {\n let lastError: unknown;\n for (const [index, url] of this.rpcUrls.entries()) {\n try {\n const result = await this.postOnce(url, requestBody);\n if (index > 0) console.warn(`[NearClient] RPC succeeded via fallback: ${url}`);\n return result;\n } catch (err) {\n lastError = err;\n const remaining = index < this.rpcUrls.length - 1;\n console.warn(`[NearClient] RPC call to ${url} failed${remaining ? ', trying next' : ''}: ${errorMessage(err) || 'RPC request failed'}`);\n if (!remaining) throw err instanceof Error ? err : new Error(String(err));\n }\n }\n throw new Error(errorMessage(lastError) || 'RPC request failed');\n }\n\n /** Validate and unwrap RpcResponse into the typed result with rich error forwarding. */\n private unwrapRpcResult<T>(rpc: RpcResponse, operationName: string): T {\n if (rpc.error) {\n throw NearRpcError.fromRpcResponse(operationName, rpc);\n }\n const result = rpc.result as any;\n // Some providers return a wrapped error in `result.error`\n if (result?.error) {\n const msg = typeof result.error === 'string' ? result.error : JSON.stringify(result.error);\n throw new NearRpcError({ message: `${operationName} Error: ${msg}`, short: 'RpcError', type: 'RpcError' });\n }\n return rpc.result as T;\n }\n\n /**\n * Execute RPC call with proper error handling and result extraction\n */\n private async makeRpcCall<P, T>(\n method: string,\n params: P,\n operationName: string\n ): Promise<T> {\n const requestBody = this.buildRequestBody(method, params);\n const rpc = await this.requestWithFallback(requestBody);\n return this.unwrapRpcResult<T>(rpc, operationName);\n }\n\n // ===========================\n // PUBLIC API METHODS\n // ===========================\n\n async query<T extends QueryResponseKind>(params: RpcQueryRequest): Promise<T> {\n return this.makeRpcCall<RpcQueryRequest, T>(RpcCallType.Query, params, 'Query');\n }\n\n async viewAccessKey(accountId: string, publicKey: string, finalityQuery?: FinalityReference): Promise<AccessKeyView> {\n const publicKeyStr = publicKey;\n const finality = finalityQuery?.finality || 'final';\n const params = {\n request_type: 'view_access_key',\n finality: finality,\n account_id: accountId,\n public_key: publicKeyStr\n };\n return this.makeRpcCall<typeof params, AccessKeyView>(\n RpcCallType.Query,\n params,\n 'View Access Key'\n );\n }\n\n async viewAccessKeyList(accountId: string, finalityQuery?: FinalityReference): Promise<AccessKeyList> {\n const finality = finalityQuery?.finality || 'final';\n const params = {\n request_type: 'view_access_key_list',\n finality: finality,\n account_id: accountId\n };\n return this.makeRpcCall<typeof params, AccessKeyList>(RpcCallType.Query, params, 'View Access Key List');\n }\n\n async viewAccount(accountId: string): Promise<AccountView> {\n const params = {\n request_type: 'view_account',\n finality: 'final',\n account_id: accountId\n };\n return this.makeRpcCall<typeof params, AccountView>(RpcCallType.Query, params, 'View Account');\n }\n\n async viewCode(accountId: string, finalityQuery?: FinalityReference): Promise<Uint8Array> {\n const finality = finalityQuery?.finality || 'final';\n const params = {\n request_type: 'view_code',\n finality,\n account_id: accountId\n };\n const result = await this.makeRpcCall<typeof params, any>(\n RpcCallType.Query,\n params,\n 'View Code'\n );\n const codeBase64 = result?.code_base64;\n if (typeof codeBase64 !== 'string' || !codeBase64.length) {\n throw new Error('Invalid View Code response: missing code_base64');\n }\n return base64Decode(codeBase64);\n }\n\n async viewBlock(params: BlockReference): Promise<BlockResult> {\n return this.makeRpcCall<BlockReference, BlockResult>(RpcCallType.Block, params, 'View Block');\n }\n\n async sendTransaction(\n signedTransaction: SignedTransaction,\n waitUntil: TxExecutionStatus = DEFAULT_WAIT_STATUS.executeAction\n ): Promise<FinalExecutionOutcome> {\n const params = {\n signed_tx_base64: encodeSignedTransactionBase64(signedTransaction),\n wait_until: waitUntil\n };\n\n // Retry on transient RPC errors commonly seen with shared/public nodes\n const maxAttempts = 5;\n let lastError: unknown = null;\n for (let attempt = 1; attempt <= maxAttempts; attempt++) {\n try {\n const outcome = await this.makeRpcCall<typeof params, FinalExecutionOutcome>(RpcCallType.Send, params, 'Send Transaction');\n // near-api-js throws on Failure; replicate that for clearer UX\n const status = (outcome as any)?.status;\n if (status && typeof status === 'object' && 'Failure' in status) {\n const failure = (status as any).Failure;\n throw NearRpcError.fromOutcome('Send Transaction', outcome, failure);\n }\n return outcome;\n } catch (err: unknown) {\n lastError = err;\n const msg = errorMessage(err);\n const retryable = /server error|internal|temporar|timeout|too many requests|429|unavailable|bad gateway|gateway timeout/i.test(msg || '');\n if (!retryable || attempt === maxAttempts) {\n throw err;\n }\n // Exponential backoff with jitter (200–1200ms approx across attempts)\n const base = 200 * Math.pow(2, attempt - 1);\n const jitter = Math.floor(Math.random() * 150);\n await new Promise(r => setTimeout(r, base + jitter));\n }\n }\n // Should be unreachable\n throw lastError instanceof Error ? lastError : new Error(String(lastError));\n }\n\n // legacy helpers removed in favor of NearRpcError\n\n async callFunction<A, T>(\n contractId: string,\n method: string,\n args: A,\n blockQuery?: BlockReference\n ): Promise<T> {\n const rpcParams = {\n request_type: 'call_function',\n finality: 'final',\n account_id: contractId,\n method_name: method,\n args_base64: base64Encode(new TextEncoder().encode(JSON.stringify(args)).buffer)\n };\n const result = await this.makeRpcCall<typeof rpcParams, ContractResult<T>>(\n RpcCallType.Query,\n rpcParams,\n 'View Function'\n );\n\n // Parse result bytes to string/JSON\n const resultBytes = result.result;\n\n if (!Array.isArray(resultBytes)) {\n // If result is not bytes array, it might already be parsed\n return result as unknown as T;\n }\n\n const resultString = String.fromCharCode(...resultBytes);\n\n if (!resultString.trim()) {\n return null as T;\n }\n\n try {\n const parsed = JSON.parse(resultString);\n return parsed as T;\n } catch (parseError) {\n console.warn('Failed to parse result as JSON, returning as string:', parseError);\n console.warn('Raw result string:', resultString);\n // Return the string value if it's not valid JSON\n const cleanString = resultString.replace(/^\"|\"$/g, ''); // Remove quotes\n return cleanString as T;\n }\n }\n\n async view<A, T>(params: { account: string; method: string; args: A }): Promise<T> {\n return this.callFunction<A, T>(params.account, params.method, params.args);\n }\n\n async getAccessKeys({ account, block_id }: ViewAccountParams): Promise<{\n fullAccessKeys: FullAccessKey[];\n functionCallAccessKeys: FunctionCallAccessKey[];\n }> {\n // Build RPC parameters similar to the official implementation\n const params: Record<string, unknown> = {\n request_type: 'view_access_key_list',\n account_id: account,\n finality: 'final'\n };\n\n // Add block_id if provided (for specific block queries)\n if (block_id) {\n params.block_id = block_id;\n delete params.finality; // block_id takes precedence over finality\n }\n\n // Make the RPC call directly to match the official implementation\n const accessKeyList = await this.makeRpcCall<typeof params, AccessKeyList>(\n RpcCallType.Query,\n params,\n 'View Access Key List'\n );\n\n // Separate full access keys and function call access keys\n const fullAccessKeys: FullAccessKey[] = [];\n const functionCallAccessKeys: FunctionCallAccessKey[] = [];\n\n // Process each access key (matching the official categorization logic)\n for (const key of accessKeyList.keys) {\n if (key.access_key.permission === 'FullAccess') {\n // Full Access Keys: Keys with FullAccess permission\n fullAccessKeys.push(key as FullAccessKey);\n } else if (key.access_key.permission && typeof key.access_key.permission === 'object' && 'FunctionCall' in key.access_key.permission) {\n // Function Call Keys: Keys with limited permissions for specific contract calls\n functionCallAccessKeys.push(key as FunctionCallAccessKey);\n }\n }\n\n return {\n fullAccessKeys,\n functionCallAccessKeys\n };\n }\n}\n","export const OFFLINE_EXPORT_DONE = 'OFFLINE_EXPORT_DONE';\nexport const OFFLINE_EXPORT_ERROR = 'OFFLINE_EXPORT_ERROR';\n\n// Posted by wallet host to request parent fallback to the offline route\nexport const OFFLINE_EXPORT_FALLBACK = 'OFFLINE_EXPORT_FALLBACK';\n\n// Reused wallet-iframe close notification\nexport const WALLET_UI_CLOSED = 'WALLET_UI_CLOSED';\n\n// Export UI: user explicitly cancelled TouchID/FaceID during key export\nexport const EXPORT_NEAR_KEYPAIR_CANCELLED = 'EXPORT_NEAR_KEYPAIR_CANCELLED';\n\nexport type OfflineExportDoneMsg = { type: typeof OFFLINE_EXPORT_DONE; nearAccountId: string };\nexport type OfflineExportErrorMsg = { type: typeof OFFLINE_EXPORT_ERROR; error: string };\nexport type WalletUiClosedMsg = { type: typeof WALLET_UI_CLOSED };\n\n// No inbound handshake is required in the new-tab flow\nexport type OfflineExportInboundMsg = never;\nexport type OfflineExportOutboundMsg =\n | OfflineExportDoneMsg\n | OfflineExportErrorMsg\n | WalletUiClosedMsg;\n","// Centralized build configuration\n// This file defines all paths used across the build system\n\nexport const BUILD_PATHS = {\n // Build output directories\n BUILD: {\n ROOT: 'dist',\n WORKERS: 'dist/workers',\n ESM: 'dist/esm',\n CJS: 'dist/cjs',\n TYPES: 'dist/types'\n },\n\n // Source directories\n SOURCE: {\n ROOT: 'src',\n CORE: 'src/core',\n WASM_SIGNER: 'src/wasm_signer_worker',\n WASM_VRF: 'src/wasm_vrf_worker',\n CRITICAL_DIRS: [\n 'src/core',\n 'src/wasm_signer_worker',\n 'src/wasm_vrf_worker'\n ]\n },\n\n // Frontend deployment paths\n FRONTEND: {\n ROOT: '../examples/vite/public',\n SDK: '../examples/vite/public/sdk',\n WORKERS: '../examples/vite/public/sdk/workers'\n },\n\n // Runtime paths (used by workers and tests)\n RUNTIME: {\n SDK_BASE: '/sdk',\n WORKERS_BASE: '/sdk/workers',\n VRF_WORKER: '/sdk/workers/web3authn-vrf.worker.js',\n SIGNER_WORKER: '/sdk/workers/web3authn-signer.worker.js'\n },\n\n // Worker file names\n WORKERS: {\n VRF: 'web3authn-vrf.worker.js',\n SIGNER: 'web3authn-signer.worker.js',\n OFFLINE_SW: 'offline-export-sw.js',\n WASM_VRF_JS: 'wasm_vrf_worker.js',\n WASM_VRF_WASM: 'wasm_vrf_worker_bg.wasm',\n WASM_SIGNER_JS: 'wasm_signer_worker.js',\n WASM_SIGNER_WASM: 'wasm_signer_worker_bg.wasm'\n },\n\n // Test worker file paths (for test files)\n TEST_WORKERS: {\n VRF: '/sdk/workers/web3authn-vrf.worker.js',\n SIGNER: '/sdk/workers/web3authn-signer.worker.js',\n WASM_VRF_JS: '/sdk/workers/wasm_vrf_worker.js',\n WASM_VRF_WASM: '/sdk/workers/wasm_vrf_worker_bg.wasm',\n WASM_SIGNER_JS: '/sdk/workers/wasm_signer_worker.js',\n WASM_SIGNER_WASM: '/sdk/workers/wasm_signer_worker_bg.wasm'\n }\n} as const;\n\n// Helper functions\nexport const getWorkerPath = (workerName: string): string => `${BUILD_PATHS.BUILD.WORKERS}/${workerName}`;\nexport const getRuntimeWorkerPath = (workerName: string): string => `${BUILD_PATHS.RUNTIME.WORKERS_BASE}/${workerName}`;\nexport const getFrontendWorkerPath = (workerName: string): string => `${BUILD_PATHS.FRONTEND.WORKERS}/${workerName}`;\n\n// Default export for easier importing\nexport default BUILD_PATHS;\n","import { BUILD_PATHS } from '../build-paths.js';\n\n// === CONFIGURATION ===\nexport const SIGNER_WORKER_MANAGER_CONFIG = {\n TIMEOUTS: {\n DEFAULT: 60_000, // 60s default fallback for worker operations\n TRANSACTION: 60_000, // 60s for contract verification + signing\n REGISTRATION: 60_000, // 60s for registration operations\n },\n WORKER: {\n URL: BUILD_PATHS.RUNTIME.SIGNER_WORKER,\n TYPE: 'module' as const,\n NAME: 'Web3AuthnSignerWorker',\n },\n RETRY: {\n MAX_ATTEMPTS: 3,\n BACKOFF_MS: 1000,\n }\n} as const;\n\n// === DEVICE LINKING CONFIGURATION ===\nexport const DEVICE_LINKING_CONFIG = {\n TIMEOUTS: {\n QR_CODE_MAX_AGE_MS: 15 * 60 * 1000, // 15 minutes - QR code expiration\n SESSION_EXPIRATION_MS: 15 * 60 * 1000, // 15 minutes - Device linking session timeout\n TEMP_KEY_CLEANUP_MS: 15 * 60 * 1000, // 15 minutes - Automatic cleanup of temporary keys\n POLLING_INTERVAL_MS: 3000, // 3 seconds - AddKey polling interval\n REGISTRATION_RETRY_DELAY_MS: 2000, // 2 seconds - Delay between registration retries\n },\n RETRY: {\n MAX_REGISTRATION_ATTEMPTS: 5, // Maximum registration retry attempts\n }\n} as const;\n","/**\n * Resolve the base origin for worker scripts.\n * Priority:\n * 1) window.__W3A_WALLET_SDK_BASE__ (absolute `${walletOrigin}${sdkBasePath}/`) → take its origin\n * 2) window.location.origin (host/app origin)\n *\n * @returns The origin (protocol + host [+ port]) used to resolve worker script URLs.\n * Prefers the wallet SDK base origin; falls back to the current window origin.\n */\nexport function resolveWorkerBaseOrigin(): string {\n let origin = ''\n if (typeof window !== 'undefined' && window.location?.origin) {\n origin = window.location.origin\n }\n try {\n const embeddedBase = (window as any)?.__W3A_WALLET_SDK_BASE__ as string | undefined\n if (embeddedBase) {\n origin = new URL(embeddedBase, origin || 'https://invalid.local').origin\n }\n } catch {}\n return origin\n}\n\n/**\n * Build an absolute worker script URL from a path or absolute URL.\n * If `input` is a path (e.g., `/sdk/workers/foo.js`), it will be resolved\n * against the wallet origin (from `__W3A_WALLET_SDK_BASE__`) when available,\n * otherwise against the host origin.\n *\n * @param input - Absolute URL or path (e.g., `/sdk/workers/web3authn-signer.worker.js`).\n * @returns Absolute URL to the worker script, resolved against the wallet origin when available,\n * otherwise against the current window origin.\n */\nexport function resolveWorkerScriptUrl(input: string): string {\n return resolveWorkerUrl(input, { worker: detectWorkerFromPath(input) })\n}\n\nexport function resolveWorkerUrl(\n input: string | undefined,\n opts: { worker: 'signer' | 'vrf'; baseOrigin?: string }\n): string {\n const worker = opts.worker\n const baseOrigin = opts.baseOrigin || resolveWorkerBaseOrigin() || (typeof window !== 'undefined' ? window.location.origin : '') || 'https://invalid.local'\n try {\n // Prefer explicit per-worker URL override\n const ovAny = (typeof window !== 'undefined' ? (window as any) : {}) as any\n const override = worker === 'signer' ? ovAny.__W3A_SIGNER_WORKER_URL__ : ovAny.__W3A_VRF_WORKER_URL__\n const candidate = (typeof override === 'string' && override) ? override : (input || defaultWorkerPath(worker))\n if (/^https?:\\/\\//i.test(candidate)) {\n return new URL(candidate).toString()\n }\n return new URL(candidate, baseOrigin).toString()\n } catch {\n try { return new URL(input || defaultWorkerPath(worker), baseOrigin).toString() } catch {}\n return input || defaultWorkerPath(worker)\n }\n}\n\nfunction detectWorkerFromPath(p: string): 'signer' | 'vrf' {\n return /web3authn-signer\\.worker\\.js(?:$|\\?)/.test(p) ? 'signer' : 'vrf'\n}\n\nfunction defaultWorkerPath(worker: 'signer' | 'vrf'): string {\n return worker === 'signer' ? '/sdk/workers/web3authn-signer.worker.js' : '/sdk/workers/web3authn-vrf.worker.js'\n}\n","/**\n * Control messages exchanged between worker shims and the main thread.\n *\n * These messages are JS-only and do NOT go through the Rust WASM JSON request/response pipeline.\n * They are used for:\n * - MessagePort attachment handshakes (WrapKeySeed delivery)\n * - Readiness signals (worker pool health checks)\n */\nexport const WorkerControlMessage = {\n ATTACH_WRAP_KEY_SEED_PORT: 'ATTACH_WRAP_KEY_SEED_PORT',\n ATTACH_WRAP_KEY_SEED_PORT_OK: 'ATTACH_WRAP_KEY_SEED_PORT_OK',\n ATTACH_WRAP_KEY_SEED_PORT_ERROR: 'ATTACH_WRAP_KEY_SEED_PORT_ERROR',\n WORKER_READY: 'WORKER_READY',\n} as const;\n\nexport type WorkerControlMessageType =\n (typeof WorkerControlMessage)[keyof typeof WorkerControlMessage];\n","/**\n * Session Message Handling for Signer Worker\n *\n * This module provides helpers for waiting on session lifecycle messages from the signer worker.\n * Session messages are JS-only messages that never go through the Rust JSON pipeline\n * and are used for worker lifecycle management and session setup.\n */\n\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\n// === SESSION MESSAGE TYPES ===\n\n/**\n * Control message sent by the signer worker after successfully attaching\n * a WrapKeySeed MessagePort for a signing session.\n */\nexport interface AttachWrapKeySeedPortOkMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK;\n sessionId: string;\n}\n\n/**\n * Control message sent by the signer worker when attaching a WrapKeySeed\n * MessagePort fails.\n */\nexport interface AttachWrapKeySeedPortErrorMessage {\n type: typeof WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR;\n sessionId: string;\n error: string;\n}\n\n/**\n * Control message sent by the signer worker when it's ready to receive messages.\n */\nexport interface WorkerReadyMessage {\n type: typeof WorkerControlMessage.WORKER_READY;\n ready: boolean;\n}\n\n/**\n * All control messages that can be sent by the signer worker.\n */\nexport type SignerWorkerControlMessage =\n | AttachWrapKeySeedPortOkMessage\n | AttachWrapKeySeedPortErrorMessage\n | WorkerReadyMessage;\n\n/**\n * Type guard to check if a message is a control message.\n */\nexport function isSignerWorkerControlMessage(msg: unknown): msg is SignerWorkerControlMessage {\n if (!isObject(msg) || typeof (msg as any).type !== 'string') {\n return false;\n }\n const type = (msg as any).type;\n return type === WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK\n || type === WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR\n || type === WorkerControlMessage.WORKER_READY;\n}\n\nfunction isObject(value: unknown): value is Record<string, unknown> {\n return typeof value === 'object' && value !== null;\n}\n\n// === SESSION MESSAGE HELPERS ===\n\n/**\n * Generic helper for waiting on session messages from a worker.\n * Registers a listener, sends no message (caller handles that), and waits for a matching response.\n *\n * @param worker - The worker to listen to\n * @param options - Configuration for what to wait for\n * @returns Promise that resolves when the expected message arrives, rejects on timeout or error\n */\nexport function waitForSessionMessage(\n worker: Worker,\n options: {\n /** Message type(s) to wait for (success) */\n successType: string | string[];\n /** Optional error type to reject on */\n errorType?: string;\n /** Session ID to match (if applicable) */\n sessionId?: string;\n /** Timeout in milliseconds */\n timeoutMs?: number;\n /** Custom message validator - return true to resolve, false to ignore, throw to reject */\n validator?: (msg: any) => boolean;\n }\n): Promise<void> {\n const {\n successType,\n errorType,\n sessionId,\n timeoutMs = 2000,\n validator,\n } = options;\n\n const successTypes = Array.isArray(successType) ? successType : [successType];\n\n return new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => {\n cleanup();\n reject(new Error(\n `Timeout waiting for session message (${successTypes.join('|')})${sessionId ? ` for session ${sessionId}` : ''}`\n ));\n }, timeoutMs);\n\n const messageHandler = (event: MessageEvent) => {\n const msg = event.data;\n\n // Skip if message doesn't have a type\n if (!msg || typeof msg.type !== 'string') {\n return;\n }\n\n // Check if sessionId matches (if specified)\n if (sessionId && msg.sessionId !== sessionId) {\n return;\n }\n\n // Check for error type\n if (errorType && msg.type === errorType) {\n cleanup();\n const error = msg.error || 'Unknown error';\n reject(new Error(`Session message error: ${error}`));\n return;\n }\n\n // Check for success type\n if (successTypes.includes(msg.type)) {\n // Run custom validator if provided\n if (validator) {\n try {\n const shouldResolve = validator(msg);\n if (!shouldResolve) {\n return; // Validator said to ignore this message\n }\n } catch (err) {\n cleanup();\n reject(err);\n return;\n }\n }\n\n cleanup();\n resolve();\n }\n };\n\n const cleanup = () => {\n clearTimeout(timeout);\n worker.removeEventListener('message', messageHandler);\n };\n\n worker.addEventListener('message', messageHandler);\n });\n}\n\n/**\n * Wait for the worker to acknowledge successful attachment of the WrapKeySeed port.\n * This provides early detection of attach failures instead of only seeing late WASM errors.\n *\n * @param worker - The worker that should send the ACK\n * @param sessionId - The session ID to match\n * @param timeoutMs - How long to wait before rejecting (default: 2000ms)\n * @returns Promise that resolves on success ACK, rejects on error or timeout\n */\nexport function waitForWrapKeyPortAttach(\n worker: Worker,\n sessionId: string,\n timeoutMs: number = 2000\n): Promise<void> {\n return waitForSessionMessage(worker, {\n successType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_OK,\n errorType: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT_ERROR,\n sessionId,\n timeoutMs,\n });\n}\n","/**\n * Consolidated NEAR Contract Calls\n *\n * This file contains all the NEAR contract calls made to the web3authn contract\n * throughout the passkey SDK. It provides a centralized location for all\n * contract interactions and makes it easier to maintain and update contract\n * call patterns.\n */\n\nimport type { FinalExecutionOutcome } from '@near-js/types';\nimport type { NearClient, SignedTransaction } from './NearClient';\nimport type { ContractStoredAuthenticator } from './TatchiPasskey/recoverAccount';\nimport type { PasskeyManagerContext } from './TatchiPasskey';\nimport type { AccountId } from './types/accountIds';\nimport type { DeviceLinkingSSEEvent } from './types/sdkSentEvents';\nimport type {\n StoredAuthenticator,\n WebAuthnRegistrationCredential,\n WebAuthnAuthenticationCredential\n} from './types/webauthn';\n\nimport { ActionPhase, DeviceLinkingPhase, DeviceLinkingStatus } from './types/sdkSentEvents';\nimport { ActionType, type ActionArgs } from './types/actions';\nimport { VRFChallenge } from './types/vrf-worker';\nimport { DEFAULT_WAIT_STATUS, TransactionContext } from './types/rpc';\nimport type { AuthenticatorOptions } from './types/authenticatorOptions';\nimport type { ConfirmationConfig } from './types/signer-worker';\nimport { base64UrlDecode, base64UrlEncode } from '../utils/encoders';\nimport { errorMessage } from '../utils/errors';\nimport type { EmailRecoveryContracts } from './types/tatchi';\nimport { DEFAULT_EMAIL_RECOVERY_CONTRACTS } from './defaultConfigs';\n\n// ===========================\n// CONTRACT CALL RESPONSES\n// ===========================\n\nexport interface DeviceLinkingResult {\n linkedAccountId: string;\n deviceNumber: number;\n}\n\nexport interface CredentialIdsResult {\n credentialIds: string[];\n}\n\nexport interface AuthenticatorsResult {\n authenticators: Array<[string, ContractStoredAuthenticator]>;\n}\n\nexport type EmailRecoveryVerificationResult = {\n verified: boolean;\n account_id?: string;\n new_public_key?: string;\n transaction_hash?: string;\n error_code?: string;\n error_message?: string;\n};\n\nexport async function getEmailRecoveryVerificationResult(\n nearClient: NearClient,\n dkimVerifierAccountId: string,\n verificationViewMethod: string,\n requestId: string\n): Promise<EmailRecoveryVerificationResult | null> {\n return await nearClient.view<{ request_id: string }, EmailRecoveryVerificationResult | null>({\n account: dkimVerifierAccountId,\n method: verificationViewMethod,\n args: { request_id: requestId },\n });\n}\n\n// ===========================\n// DEVICE LINKING CONTRACT CALLS\n// ===========================\n\n/**\n * Query the contract to get the account linked to a device public key\n * Used in device linking flow to check if a device key has been added\n *\n * NEAR does not provide a way to lookup the AccountID an access key has access to.\n * So we store a temporary mapping in the contract to lookup pubkey -> account ID.\n */\nexport async function getDeviceLinkingAccountContractCall(\n nearClient: NearClient,\n contractId: string,\n devicePublicKey: string\n): Promise<DeviceLinkingResult | null> {\n try {\n const result = await nearClient.callFunction<\n { device_public_key: string },\n [string, number | string]\n >(\n contractId,\n 'get_device_linking_account',\n { device_public_key: devicePublicKey }\n );\n\n // Handle different result formats\n if (result && Array.isArray(result) && result.length >= 2) {\n const [linkedAccountId, deviceNumberRaw] = result;\n const deviceNumber = Number(deviceNumberRaw);\n if (!Number.isSafeInteger(deviceNumber) || deviceNumber < 0) {\n console.warn(\n 'Invalid deviceNumber returned from get_device_linking_account:',\n deviceNumberRaw\n );\n return null;\n }\n return {\n linkedAccountId,\n deviceNumber\n };\n }\n\n return null;\n } catch (error: any) {\n console.warn('Failed to get device linking account:', error.message);\n return null;\n }\n}\n\n// ===========================\n// DEVICE LINKING TRANSACTION CALLS\n// ===========================\n\n/**\n * Execute device1's linking transactions (AddKey + Contract mapping)\n * This function signs and broadcasts both transactions required for device linking\n */\nexport async function executeDeviceLinkingContractCalls({\n context,\n device1AccountId,\n device2PublicKey,\n nextNonce,\n nextNextNonce,\n nextNextNextNonce,\n txBlockHash,\n vrfChallenge,\n onEvent,\n confirmationConfigOverride,\n confirmerText,\n}: {\n context: PasskeyManagerContext,\n device1AccountId: AccountId,\n device2PublicKey: string,\n nextNonce: string,\n nextNextNonce: string,\n nextNextNextNonce: string,\n txBlockHash: string,\n vrfChallenge: VRFChallenge,\n onEvent?: (event: DeviceLinkingSSEEvent) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n confirmerText?: { title?: string; body?: string };\n}): Promise<{\n addKeyTxResult: FinalExecutionOutcome;\n storeDeviceLinkingTxResult: FinalExecutionOutcome;\n signedDeleteKeyTransaction: SignedTransaction\n}> {\n\n // Sign three transactions with one PRF authentication\n const signedTransactions = await context.webAuthnManager.signTransactionsWithActions({\n rpcCall: {\n contractId: context.webAuthnManager.tatchiPasskeyConfigs.contractId,\n nearRpcUrl: context.webAuthnManager.tatchiPasskeyConfigs.nearRpcUrl,\n nearAccountId: device1AccountId\n },\n confirmationConfigOverride,\n title: confirmerText?.title,\n body: confirmerText?.body,\n transactions: [\n // Transaction 1: AddKey - Add Device2's key to Device1's account\n {\n receiverId: device1AccountId,\n actions: [{\n action_type: ActionType.AddKey,\n public_key: device2PublicKey,\n access_key: JSON.stringify({\n // NEAR-style AccessKey JSON shape, matching near-api-js:\n // { nonce: number, permission: { FullAccess: {} } }\n nonce: 0,\n permission: { FullAccess: {} },\n }),\n }],\n nonce: nextNonce,\n },\n // Transaction 2: Store temporary mapping in contract so Device2 can lookup Device1's accountID.\n {\n receiverId: context.webAuthnManager.tatchiPasskeyConfigs.contractId,\n actions: [{\n action_type: ActionType.FunctionCall,\n method_name: 'store_device_linking_mapping',\n args: JSON.stringify({\n device_public_key: device2PublicKey,\n target_account_id: device1AccountId,\n }),\n gas: '30000000000000', // 30 TGas for device linking with yield promise automatic cleanup\n deposit: '0'\n }],\n nonce: nextNextNonce,\n },\n // Transaction 3: Remove Device2's temporary key if it fails to complete linking after a timeout\n {\n receiverId: device1AccountId,\n actions: [{\n action_type: ActionType.DeleteKey,\n public_key: device2PublicKey\n }],\n nonce: nextNextNextNonce,\n }\n ],\n onEvent: (progress) => {\n // Bridge all action progress events to the parent so the wallet iframe overlay\n // can expand during user confirmation in wallet-iframe mode.\n try { onEvent?.(progress as any); } catch { }\n // Keep existing mapping for device linking semantics; surface signing as a loading state\n if (progress.phase == ActionPhase.STEP_6_TRANSACTION_SIGNING_COMPLETE) {\n onEvent?.({\n step: 3,\n phase: DeviceLinkingPhase.STEP_3_AUTHORIZATION,\n status: DeviceLinkingStatus.PROGRESS,\n message: progress.message || 'Transaction signing in progress...'\n })\n }\n }\n });\n\n if (!signedTransactions[0].signedTransaction) {\n throw new Error('AddKey transaction signing failed');\n }\n if (!signedTransactions[1].signedTransaction) {\n throw new Error('Contract mapping transaction signing failed');\n }\n if (!signedTransactions[2].signedTransaction) {\n throw new Error('DeleteKey transaction signing failed');\n }\n\n // Broadcast just the first 2 transactions: addKey and store device linking mapping\n let addKeyTxResult: FinalExecutionOutcome;\n let storeDeviceLinkingTxResult: FinalExecutionOutcome;\n try {\n console.debug('LinkDeviceFlow: AddKey transaction details:', {\n receiverId: signedTransactions[0].signedTransaction.transaction.receiverId,\n actions: signedTransactions[0].signedTransaction.transaction.actions || [],\n transactionKeys: Object.keys(signedTransactions[0].signedTransaction.transaction),\n });\n\n addKeyTxResult = await context.nearClient.sendTransaction(\n signedTransactions[0].signedTransaction,\n DEFAULT_WAIT_STATUS.linkDeviceAddKey\n );\n console.log('LinkDeviceFlow: AddKey transaction result:', addKeyTxResult?.transaction?.hash);\n\n // Send success events immediately after AddKey succeeds\n onEvent?.({\n step: 3,\n phase: DeviceLinkingPhase.STEP_3_AUTHORIZATION,\n status: DeviceLinkingStatus.SUCCESS,\n message: `AddKey transaction completed successfully!`\n });\n\n // Check if contract mapping transaction is valid before attempting to broadcast\n const contractTx = signedTransactions[1].signedTransaction;\n console.log('LinkDeviceFlow: Contract mapping transaction details:', {\n receiverId: contractTx.transaction.receiverId,\n actions: (contractTx.transaction.actions || []).length\n });\n\n // Standard timeout since nonce conflict should be resolved by the 2s delay\n storeDeviceLinkingTxResult = await context.nearClient.sendTransaction(\n contractTx,\n DEFAULT_WAIT_STATUS.linkDeviceAccountMapping\n );\n\n } catch (txError: any) {\n console.error('LinkDeviceFlow: Transaction broadcasting failed:', txError);\n throw new Error(`Transaction broadcasting failed: ${txError.message}`);\n }\n\n onEvent?.({\n step: 6,\n phase: DeviceLinkingPhase.STEP_6_REGISTRATION,\n status: DeviceLinkingStatus.SUCCESS,\n message: `Device linking completed successfully!`\n });\n\n return {\n addKeyTxResult,\n storeDeviceLinkingTxResult,\n signedDeleteKeyTransaction: signedTransactions[2].signedTransaction\n };\n}\n\n// ===========================\n// ACCOUNT RECOVERY CONTRACT CALLS\n// ===========================\n\n/**\n * Get credential IDs associated with an account from the contract\n * Used in account recovery to discover available credentials\n */\nexport async function getCredentialIdsContractCall(\n nearClient: NearClient,\n contractId: string,\n accountId: AccountId\n): Promise<string[]> {\n try {\n const credentialIds = await nearClient.callFunction<{ account_id: AccountId }, string[]>(\n contractId,\n 'get_credential_ids_by_account',\n { account_id: accountId }\n );\n return credentialIds || [];\n } catch (error: any) {\n console.warn('Failed to fetch credential IDs from contract:', error.message);\n return [];\n }\n}\n\n/**\n * Get all authenticators stored for a user from the contract\n * Used in account recovery to sync authenticator data\n */\nexport async function getAuthenticatorsByUser(\n nearClient: NearClient,\n contractId: string,\n accountId: AccountId\n): Promise<[string, ContractStoredAuthenticator][]> {\n try {\n const authenticatorsResult = await nearClient.view<{ user_id: AccountId }, [string, ContractStoredAuthenticator][]>({\n account: contractId,\n method: 'get_authenticators_by_user',\n args: { user_id: accountId }\n });\n\n if (authenticatorsResult && Array.isArray(authenticatorsResult)) {\n return authenticatorsResult;\n }\n return [];\n } catch (error: any) {\n console.warn('Failed to fetch authenticators from contract:', error.message);\n return [];\n }\n}\n\nexport async function syncAuthenticatorsContractCall(\n nearClient: NearClient,\n contractId: string,\n accountId: AccountId\n): Promise<Array<{ credentialId: string, authenticator: StoredAuthenticator }>> {\n try {\n const authenticatorsResult = await getAuthenticatorsByUser(nearClient, contractId, accountId);\n if (authenticatorsResult && Array.isArray(authenticatorsResult)) {\n return authenticatorsResult.map(([credentialId, contractAuthenticator]) => {\n console.log(`Contract authenticator device_number for ${credentialId}:`, contractAuthenticator.device_number);\n\n const transports = Array.isArray(contractAuthenticator.transports)\n ? contractAuthenticator.transports\n : [];\n\n const registered = (() => {\n const raw = String((contractAuthenticator as any).registered ?? '');\n if (!raw) return new Date(0);\n if (/^\\d+$/.test(raw)) {\n const ts = Number(raw);\n return Number.isFinite(ts) ? new Date(ts) : new Date(0);\n }\n const d = new Date(raw);\n return Number.isFinite(d.getTime()) ? d : new Date(0);\n })();\n\n const vrfPublicKeys = (() => {\n const raw = (contractAuthenticator as any).vrf_public_keys;\n if (!raw) return undefined;\n if (Array.isArray(raw) && raw.length > 0 && typeof raw[0] === 'string') {\n return raw as string[];\n }\n if (Array.isArray(raw)) {\n return raw\n .map((entry: unknown) => {\n if (!entry) return null;\n if (entry instanceof Uint8Array) return base64UrlEncode(entry);\n if (Array.isArray(entry)) return base64UrlEncode(new Uint8Array(entry));\n return null;\n })\n .filter((x): x is string => typeof x === 'string' && x.length > 0);\n }\n return undefined;\n })();\n\n return {\n credentialId,\n authenticator: {\n credentialId,\n credentialPublicKey: new Uint8Array(contractAuthenticator.credential_public_key),\n transports,\n userId: accountId,\n name: `Device ${contractAuthenticator.device_number} Authenticator`,\n registered,\n // Store the actual device number from contract (no fallback)\n deviceNumber: contractAuthenticator.device_number,\n vrfPublicKeys\n }\n };\n });\n }\n return [];\n } catch (error: any) {\n console.warn('Failed to fetch authenticators from contract:', error.message);\n return [];\n }\n}\n\n// ===========================\n// RECOVERY EMAIL CONTRACT CALLS\n// ===========================\n\n/**\n * Fetch on-chain recovery email hashes from the per-account contract.\n * Returns [] when no contract is deployed or on failure.\n */\nexport async function getRecoveryEmailHashesContractCall(\n nearClient: NearClient,\n accountId: AccountId\n): Promise<number[][]> {\n try {\n const code = await nearClient.viewCode(accountId);\n const hasContract = !!code && code.byteLength > 0;\n if (!hasContract) return [];\n\n const hashes = await nearClient.view<Record<string, never>, number[][]>({\n account: accountId,\n method: 'get_recovery_emails',\n args: {} as Record<string, never>,\n });\n\n return Array.isArray(hashes) ? (hashes as number[][]) : [];\n } catch (error) {\n console.error('[rpcCalls] Failed to fetch recovery email hashes', error);\n return [];\n }\n}\n\n/**\n * Build action args to update on-chain recovery emails for an account.\n * If the per-account contract is missing, deploy/attach the global recoverer via `init_email_recovery`.\n */\nexport async function buildSetRecoveryEmailsActions(\n nearClient: NearClient,\n accountId: AccountId,\n recoveryEmailHashes: number[][],\n contracts: EmailRecoveryContracts = DEFAULT_EMAIL_RECOVERY_CONTRACTS\n): Promise<ActionArgs[]> {\n let hasContract = false;\n try {\n const code = await nearClient.viewCode(accountId);\n hasContract = !!code && code.byteLength > 0;\n } catch {\n hasContract = false;\n }\n\n const {\n emailRecovererGlobalContract,\n zkEmailVerifierContract,\n emailDkimVerifierContract,\n } = contracts;\n\n return hasContract\n ? [\n {\n type: ActionType.UseGlobalContract,\n accountId: emailRecovererGlobalContract,\n },\n {\n type: ActionType.FunctionCall,\n methodName: 'set_recovery_emails',\n args: {\n recovery_emails: recoveryEmailHashes,\n },\n gas: '80000000000000',\n deposit: '0',\n },\n ]\n : [\n {\n type: ActionType.UseGlobalContract,\n accountId: emailRecovererGlobalContract,\n },\n {\n type: ActionType.FunctionCall,\n methodName: 'init_email_recovery',\n args: {\n zk_email_verifier: zkEmailVerifierContract,\n email_dkim_verifier: emailDkimVerifierContract,\n policy: null,\n recovery_emails: recoveryEmailHashes,\n },\n gas: '80000000000000',\n deposit: '0',\n },\n ];\n}\n\nexport async function fetchNonceBlockHashAndHeight({ nearClient, nearPublicKeyStr, nearAccountId }: {\n nearClient: NearClient,\n nearPublicKeyStr: string,\n nearAccountId: AccountId\n}): Promise<TransactionContext> {\n // Get access key and transaction block info concurrently\n const [accessKeyInfo, txBlockInfo] = await Promise.all([\n nearClient.viewAccessKey(nearAccountId, nearPublicKeyStr)\n .catch(e => { throw new Error(`Failed to fetch Access Key`) }),\n nearClient.viewBlock({ finality: 'final' })\n .catch(e => { throw new Error(`Failed to fetch Block Info`) })\n ]);\n if (!accessKeyInfo || accessKeyInfo.nonce === undefined) {\n throw new Error(`Access key not found or invalid for account ${nearAccountId} with public key ${nearPublicKeyStr}. Response: ${JSON.stringify(accessKeyInfo)}`);\n }\n const nextNonce = (BigInt(accessKeyInfo.nonce) + BigInt(1)).toString();\n const txBlockHeight = String(txBlockInfo.header.height);\n const txBlockHash = txBlockInfo.header.hash; // Keep original base58 string\n\n return {\n nearPublicKeyStr,\n accessKeyInfo,\n nextNonce,\n txBlockHeight,\n txBlockHash,\n };\n}\n\n// ===========================\n// REGISTRATION PRE-CHECK CALL\n// ===========================\n\nexport interface CheckCanRegisterUserResult {\n success: boolean;\n verified: boolean;\n logs: string[];\n error?: string;\n}\n\n/**\n * View-only registration pre-check.\n *\n * Calls the contract's `check_can_register_user` view method with VRF data\n * derived from the provided VRF challenge and a serialized WebAuthn\n * registration credential (typically with PRF outputs embedded).\n */\nexport async function checkCanRegisterUserContractCall({\n nearClient,\n contractId,\n vrfChallenge,\n credential,\n authenticatorOptions,\n}: {\n nearClient: NearClient;\n contractId: string;\n vrfChallenge: VRFChallenge;\n credential: WebAuthnRegistrationCredential;\n authenticatorOptions?: AuthenticatorOptions;\n}): Promise<CheckCanRegisterUserResult> {\n try {\n const vrfData = {\n vrf_input_data: Array.from(base64UrlDecode(vrfChallenge.vrfInput)),\n vrf_output: Array.from(base64UrlDecode(vrfChallenge.vrfOutput)),\n vrf_proof: Array.from(base64UrlDecode(vrfChallenge.vrfProof)),\n public_key: Array.from(base64UrlDecode(vrfChallenge.vrfPublicKey)),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight),\n block_hash: Array.from(base64UrlDecode(vrfChallenge.blockHash)),\n };\n\n const args = {\n vrf_data: vrfData,\n webauthn_registration: credential,\n authenticator_options: authenticatorOptions,\n };\n\n const response = await nearClient.callFunction<typeof args, any>(\n contractId,\n 'check_can_register_user',\n args,\n );\n\n const verified = !!response?.verified;\n return {\n success: true,\n verified,\n logs: [],\n error: verified ? undefined : 'Contract registration check failed',\n };\n } catch (err: unknown) {\n return {\n success: false,\n verified: false,\n logs: [],\n error: errorMessage(err) || 'Failed to call check_can_register_user',\n };\n }\n}\n\n\n/**\n * Verify authentication response through relay server\n * Routes the request to relay server which calls the web3authn contract for verification\n * and issues a JWT or session credential\n */\nexport async function verifyAuthenticationResponse(\n relayServerUrl: string,\n routePath: string,\n sessionKind: 'jwt' | 'cookie',\n vrfChallenge: VRFChallenge,\n webauthnAuthentication: WebAuthnAuthenticationCredential\n): Promise<{\n success: boolean;\n verified?: boolean;\n jwt?: string;\n sessionCredential?: any;\n error?: string;\n contractResponse?: any;\n}> {\n try {\n // Map VRFChallenge into server ContractVrfData shape (number arrays)\n const toBytes = (b64u: string | undefined): number[] => {\n if (!b64u) return [];\n return Array.from(base64UrlDecode(b64u));\n };\n const vrf_data = {\n vrf_input_data: toBytes(vrfChallenge.vrfInput),\n vrf_output: toBytes(vrfChallenge.vrfOutput),\n vrf_proof: toBytes(vrfChallenge.vrfProof),\n public_key: toBytes(vrfChallenge.vrfPublicKey),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight || 0),\n block_hash: toBytes(vrfChallenge.blockHash),\n };\n\n // Normalize authenticatorAttachment and userHandle to null for server schema\n const webauthn_authentication = {\n ...webauthnAuthentication,\n authenticatorAttachment: webauthnAuthentication.authenticatorAttachment ?? null,\n response: {\n ...webauthnAuthentication.response,\n userHandle: webauthnAuthentication.response.userHandle ?? null,\n }\n };\n\n const url = `${relayServerUrl.replace(/\\/$/, '')}${routePath.startsWith('/') ? routePath : `/${routePath}`}`;\n const response = await fetch(url, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n },\n credentials: sessionKind === 'cookie' ? 'include' : 'omit',\n body: JSON.stringify({\n sessionKind: sessionKind,\n vrf_data,\n webauthn_authentication,\n }),\n });\n\n if (!response.ok) {\n const errorText = await response.text();\n return {\n success: false,\n error: `HTTP ${response.status}: ${errorText}`,\n };\n }\n\n const result = await response.json();\n return {\n success: true,\n verified: result.verified,\n jwt: result.jwt,\n sessionCredential: result.sessionCredential,\n contractResponse: result.contractResponse,\n };\n } catch (error: any) {\n return {\n success: false,\n error: error.message || 'Failed to verify authentication response',\n };\n }\n}\n","\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from \"../../../defaultConfigs\";\nimport type { CheckCanRegisterUserResult } from '../../../rpcCalls';\nimport { checkCanRegisterUserContractCall } from '../../../rpcCalls';\nimport { serializeRegistrationCredentialWithPRF, removePrfOutputGuard } from '../../credentialsHelpers';\nimport { VRFChallenge } from '../../../types/vrf-worker';\nimport type { onProgressEvents } from '../../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { errorMessage } from '@/utils/errors';\nimport { isObject, isString } from '../../../WalletIframe/validation';\n\n\nexport async function checkCanRegisterUser({\n ctx,\n vrfChallenge,\n credential,\n contractId,\n nearRpcUrl,\n authenticatorOptions,\n onEvent,\n}: {\n ctx: SignerWorkerManagerContext,\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n}): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: {\n credentialId: Uint8Array;\n credentialPublicKey: Uint8Array;\n userId: string;\n vrfPublicKey: Uint8Array | undefined;\n };\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n}> {\n try {\n // Accept either a real PublicKeyCredential or an already-serialized credential\n const isSerialized = (cred: unknown): cred is WebAuthnRegistrationCredential => {\n if (!isObject(cred)) return false;\n const resp = (cred as { response?: unknown }).response;\n if (!isObject(resp)) return false;\n return isString((resp as { clientDataJSON?: unknown }).clientDataJSON)\n && isString((resp as { attestationObject?: unknown }).attestationObject);\n };\n\n const serializedCredential: WebAuthnRegistrationCredential = isSerialized(credential)\n ? credential\n : serializeRegistrationCredentialWithPRF({ credential: credential });\n\n // Ensure required fields are present; avoid undefined which gets dropped by JSON.stringify in the worker\n const resolvedContractId = contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: 'PROGRESS' as any,\n message: 'Calling check_can_register_user on contract...',\n });\n\n // PRF outputs must never be sent over the network. Strip them before\n // calling the contract while preserving the rest of the credential shape.\n const strippedCredential = removePrfOutputGuard<WebAuthnRegistrationCredential>(serializedCredential);\n\n const result: CheckCanRegisterUserResult = await checkCanRegisterUserContractCall({\n nearClient: ctx.nearClient,\n contractId: resolvedContractId,\n vrfChallenge,\n credential: strippedCredential,\n authenticatorOptions,\n });\n\n if (!result.success) {\n throw new Error(result.error || 'Registration pre-check RPC failed');\n }\n\n const wasmResult = {\n verified: result.verified,\n registrationInfo: undefined,\n logs: result.logs,\n error: result.error,\n };\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: result.verified ? 'SUCCESS' as any : 'ERROR' as any,\n message: result.verified ? 'Registration pre-check succeeded' : (result.error || 'Registration pre-check failed'),\n });\n\n return {\n success: true,\n verified: wasmResult.verified,\n registrationInfo: wasmResult.registrationInfo,\n logs: wasmResult.logs,\n error: wasmResult.error,\n };\n\n } catch (error: unknown) {\n // Preserve the detailed error message instead of converting to generic error\n console.error('checkCanRegisterUser failed:', error);\n return {\n success: false,\n verified: false,\n error: errorMessage(error) || 'Unknown error occurred',\n logs: [],\n };\n }\n}\n","import * as wasmModule from '../../wasm_signer_worker/pkg/wasm_signer_worker.js';\n\n/**\n * User verification policy for WebAuthn authenticators\n *\n * @example\n * ```typescript\n * // Require user verification (PIN, fingerprint, etc.)\n * UserVerificationPolicy.Required\n *\n * // Prefer user verification but don't require it\n * UserVerificationPolicy.Preferred\n *\n * // Discourage user verification (for performance)\n * UserVerificationPolicy.Discouraged\n * ```\n */\nexport enum UserVerificationPolicy {\n Required = 'required',\n Preferred = 'preferred',\n Discouraged = 'discouraged'\n}\n\n/**\n * Origin policy input for WebAuthn registration (matches WASM OriginPolicyInput struct)\n * Note: choose only one of the fields: single, all_subdomains, multiple\n */\nexport interface OriginPolicyInput {\n single: boolean | undefined;\n all_subdomains: boolean | undefined;\n multiple: string[] | undefined;\n}\n\nexport const toEnumUserVerificationPolicy = (userVerification: UserVerificationPolicy | undefined): wasmModule.UserVerificationPolicy => {\n switch (userVerification) {\n case UserVerificationPolicy.Required:\n return wasmModule.UserVerificationPolicy.Required;\n case UserVerificationPolicy.Preferred:\n return wasmModule.UserVerificationPolicy.Preferred;\n case UserVerificationPolicy.Discouraged:\n return wasmModule.UserVerificationPolicy.Discouraged;\n default:\n return wasmModule.UserVerificationPolicy.Preferred;\n }\n};\n\nexport interface AuthenticatorOptions {\n userVerification: UserVerificationPolicy;\n originPolicy: OriginPolicyInput;\n}\n\n/**\n * Default authenticator options (matches contract defaults)\n */\nexport const DEFAULT_AUTHENTICATOR_OPTIONS: AuthenticatorOptions = {\n userVerification: UserVerificationPolicy.Preferred,\n originPolicy: {\n single: undefined,\n all_subdomains: true,\n multiple: undefined\n }\n};\n","\nexport function withSessionId<T>(\n sessionId: string,\n payload: T,\n): T & { sessionId: string } {\n\n if (!sessionId) {\n throw new Error('withSessionId: sessionId is required');\n }\n\n const existing = (payload as any)?.sessionId as string | undefined;\n if (existing && existing !== sessionId) {\n throw new Error(\n `withSessionId: payload.sessionId (${existing}) does not match provided sessionId (${sessionId})`,\n );\n }\n\n return { ...payload, sessionId };\n}\n","\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport {\n WorkerRequestType,\n isDeriveNearKeypairAndEncryptSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport { toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\nimport { withSessionId } from './session';\n\n/**\n * Derive NEAR keypair and encrypt it from a serialized WebAuthn registration credential\n * (shape compatible with SerializedRegistrationCredential from WASM) by extracting PRF outputs from it.\n */\nexport async function deriveNearKeypairAndEncryptFromSerialized({\n ctx,\n credential,\n nearAccountId,\n options,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId,\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n}): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n error?: string;\n}> {\n try {\n // PRF outputs are now extracted by VRF worker and delivered to signer worker via MessagePort\n // No need to extract or send them through main thread\n if (!sessionId) throw new Error('Missing sessionId for registration WrapKeySeed delivery');\n\n const response = await ctx.sendMessage<WorkerRequestType.DeriveNearKeypairAndEncrypt>({\n sessionId,\n message: {\n type: WorkerRequestType.DeriveNearKeypairAndEncrypt,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n credential,\n authenticatorOptions: options?.authenticatorOptions ? {\n userVerification: toEnumUserVerificationPolicy(options.authenticatorOptions.userVerification),\n originPolicy: options.authenticatorOptions.originPolicy,\n } : undefined,\n })\n },\n });\n\n if (!isDeriveNearKeypairAndEncryptSuccess(response)) {\n throw new Error('Dual PRF registration (from serialized) failed');\n }\n\n const wasmResult = response.payload;\n const version = (wasmResult as any).version ?? 2;\n const wrapKeySaltPersisted = wasmResult.wrapKeySalt;\n // Prefer explicitly provided deviceNumber, else derive from IndexedDB state\n const deviceNumber = (typeof options?.deviceNumber === 'number')\n ? options!.deviceNumber!\n : await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in deriveNearKeypairAndEncrypt result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId: nearAccountId,\n deviceNumber,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n version,\n timestamp: Date.now()\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n return {\n success: true,\n nearAccountId: toAccountId(wasmResult.nearAccountId),\n publicKey: wasmResult.publicKey,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: deriveNearKeypairAndEncryptFromSerialized error:', error);\n const message = String((error as { message?: unknown })?.message || error || '');\n return {\n success: false,\n nearAccountId,\n publicKey: '',\n error: message\n };\n }\n}\n","\nimport { ClientAuthenticatorData } from '../../../IndexedDBManager';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\n\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { withSessionId } from './session';\n\nexport async function decryptPrivateKeyWithPrf({\n ctx,\n nearAccountId,\n authenticators,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n}): Promise<{ decryptedPrivateKey: string; nearAccountId: AccountId }> {\n try {\n console.info('WebAuthnManager: Starting private key decryption with dual PRF (local operation)');\n // Retrieve encrypted key data from IndexedDB in main thread\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n })\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Dual PRF private key decryption failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError || 'Private key decryption failed');\n }\n return {\n decryptedPrivateKey: response.payload.privateKey,\n nearAccountId: toAccountId(response.payload.nearAccountId)\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: Dual PRF private key decryption error:', error);\n throw error;\n }\n}\n","/**\n * Session Handshake Orchestration for Signer Worker\n *\n * This module provides high-level functions for setting up and validating\n * signing sessions with the signer worker. It orchestrates the complete\n * handshake flow for port attachment so the VRF worker can deliver WrapKeySeed\n * to the signer worker over a session MessagePort.\n */\n\nimport { waitForWrapKeyPortAttach } from './sessionMessages.js';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '../txDigest';\nimport type { NearClient } from '../../NearClient';\nimport type { NonceManager } from '../../nonceManager';\nimport type { TransactionContext } from '../../types/rpc';\nimport type { TransactionInputWasm } from '../../types/actions';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\ntype VrfSessionKeyDispenser = {\n dispenseSessionKey: (args: { sessionId: string; uses?: number }) => Promise<unknown>;\n};\n\n/**\n * Attach a WrapKeySeed MessagePort to the signer worker and wait for acknowledgment.\n * This ensures the port is successfully attached before proceeding.\n *\n * Flow:\n * 1. Register ACK listener (avoids race where worker responds before we listen)\n * 2. Send ATTACH_WRAP_KEY_SEED_PORT message with port transfer\n * 3. Wait for ATTACH_WRAP_KEY_SEED_PORT_OK acknowledgment\n *\n * @param worker - The signer worker to attach the port to\n * @param sessionId - The signing session ID\n * @param signerPort - The MessagePort for receiving WrapKeySeed material\n * @param timeoutMs - How long to wait for ACK (default: 2000ms)\n * @throws Error if attachment fails or times out\n */\nexport async function attachSessionPort(\n worker: Worker,\n sessionId: string,\n signerPort: MessagePort,\n timeoutMs: number = 2000\n): Promise<void> {\n // Register the ACK listener BEFORE sending the message to avoid race condition\n const waitPromise = waitForWrapKeyPortAttach(worker, sessionId, timeoutMs);\n\n // Send the attach command (transfer the port)\n worker.postMessage(\n { type: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT, sessionId },\n [signerPort]\n );\n\n // Wait for the worker to acknowledge successful attachment\n await waitPromise;\n}\n\nexport const generateSessionId = (): string => {\n return (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `sign-session-${Date.now()}-${Math.random().toString(16).slice(2)}`\n}\n\nexport function isWarmSessionUnavailableError(err: unknown): boolean {\n const msg = err instanceof Error ? err.message : String(err);\n return (\n msg.includes('SESSION_NOT_FOUND') ||\n msg.includes('SESSION_EXPIRED') ||\n msg.includes('SESSION_EXHAUSTED')\n );\n}\n\nfunction releaseNoncesBestEffort(nonceManager: NonceManager, nonces: string[]): void {\n for (const n of nonces) {\n try { nonceManager.releaseNonce(n); } catch {}\n }\n}\n\n/**\n * Warm signing helper for transaction-like operations.\n *\n * - Computes canonical `intentDigest` for UI/signer validation\n * - Reserves nonces for `txCount` to avoid collisions\n * - Attempts VRF session key dispense (WrapKeySeed + wrapKeySalt) without prompting\n *\n * Returns null when the VRF session is missing/expired/exhausted so callers can\n * fall back to full confirmTxFlow.\n */\nexport async function tryPrepareWarmSigningContext(args: {\n nearClient: NearClient;\n nonceManager: NonceManager;\n txInputsForDigest: TransactionInputWasm[];\n sessionId: string;\n vrfWorkerManager: VrfSessionKeyDispenser;\n nonceCount?: number;\n uses?: number;\n}): Promise<{ intentDigest: string; transactionContext: TransactionContext } | null> {\n const baseCtx = await args.nonceManager.getNonceBlockHashAndHeight(args.nearClient);\n const txCount = Math.max(1, args.nonceCount ?? args.txInputsForDigest.length ?? 1);\n const reservedNonces = args.nonceManager.reserveNonces(txCount);\n\n let keepReservations = false;\n try {\n const transactionContext: TransactionContext = {\n ...baseCtx,\n nextNonce: reservedNonces[0] ?? baseCtx.nextNonce,\n };\n\n const intentDigest = await computeUiIntentDigestFromTxs(\n args.txInputsForDigest.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const uses = Math.max(1, args.uses ?? txCount);\n try {\n await args.vrfWorkerManager.dispenseSessionKey({ sessionId: args.sessionId, uses });\n } catch (err) {\n if (isWarmSessionUnavailableError(err)) {\n return null;\n }\n throw err;\n }\n\n keepReservations = true;\n return { intentDigest, transactionContext };\n } finally {\n if (!keepReservations) {\n releaseNoncesBestEffort(args.nonceManager, reservedNonces);\n }\n }\n}\n","\nimport { SignedTransaction } from '../../../NearClient';\nimport { TransactionInputWasm, validateActionArgsWasm } from '../../../types/actions';\nimport { type onProgressEvents } from '../../../types/sdkSentEvents';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport {\n WorkerRequestType,\n TransactionPayload,\n isSignTransactionsWithActionsSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId } from \"../../../types/accountIds\";\nimport { SignerWorkerManagerContext } from '..';\nimport { RpcCallPayload } from '../../../types/signer-worker';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../defaultConfigs';\nimport { toAccountId } from '../../../types/accountIds';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { generateSessionId } from '../sessionHandshake.js';\n\n/**\n * Sign multiple transactions with shared VRF challenge and credential\n * Efficiently processes multiple transactions with one PRF authentication\n */\nexport async function signTransactionsWithActions({\n ctx,\n transactions,\n rpcCall,\n onEvent,\n confirmationConfigOverride,\n title,\n body,\n sessionId: providedSessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n // Allow callers to pass a partial override (e.g., { uiMode: 'drawer' })\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId?: string;\n}): Promise<Array<{\n signedTransaction: SignedTransaction;\n nearAccountId: AccountId;\n logs?: string[]\n}>> {\n try {\n if (transactions.length === 0) {\n throw new Error('No transactions provided for batch signing');\n }\n\n const sessionId = providedSessionId ?? generateSessionId();\n const nearAccountId = rpcCall.nearAccountId;\n\n // Validate all actions in all payloads\n transactions.forEach((txPayload, txIndex) => {\n txPayload.actions.forEach((action, actionIndex) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(`Transaction ${txIndex}, Action ${actionIndex} validation failed: ${error instanceof Error ? error.message : 'Unknown error'}`);\n }\n });\n });\n\n // Retrieve encrypted key data from IndexedDB in main thread\n console.debug('WebAuthnManager: Retrieving encrypted key from IndexedDB for account:', nearAccountId);\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n\n // Normalize rpcCall to ensure required fields are present\n const resolvedRpcCall = {\n contractId: rpcCall.contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl || (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl),\n nearAccountId: rpcCall.nearAccountId,\n } as RpcCallPayload;\n\n // Confirm via VRF-driven flow before sending anything to the signer worker.\n // WrapKeySeed derivation is handled inside confirmTxFlow (handleTransactionSigningFlow),\n // which uses the same sessionId/requestId and delivers WrapKeySeed over the reserved port.\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for signing');\n }\n const confirmation = await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'transaction',\n txSigningRequests: transactions,\n rpcCall: resolvedRpcCall,\n confirmationConfigOverride,\n title,\n body,\n });\n\n const intentDigest = confirmation.intentDigest;\n const transactionContext = confirmation.transactionContext;\n const credential = confirmation.credential ? JSON.stringify(confirmation.credential) : undefined;\n\n // Create transaction signing requests\n // NOTE: nonce and blockHash are computed in confirmation flow, not here\n const txSigningRequests: TransactionPayload[] = transactions.map(tx => ({\n nearAccountId: rpcCall.nearAccountId,\n receiverId: tx.receiverId,\n actions: tx.actions\n }));\n\n // Send batch signing request to WASM worker\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.SignTransactionsWithActions,\n payload: {\n rpcCall: resolvedRpcCall,\n createdAt: Date.now(),\n decryption: {\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n },\n txSigningRequests: txSigningRequests,\n intentDigest,\n transactionContext,\n credential,\n }\n },\n onEvent,\n });\n\n if (!isSignTransactionsWithActionsSuccess(response)) {\n console.error('WebAuthnManager: Batch transaction signing failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError || 'Batch transaction signing failed');\n }\n if (!response.payload.success) {\n throw new Error(response.payload.error || 'Batch transaction signing failed');\n }\n // Extract arrays from the single result - wasmResult contains arrays of all transactions\n const signedTransactions = response.payload.signedTransactions || [];\n if (signedTransactions.length !== transactions.length) {\n throw new Error(`Expected ${transactions.length} signed transactions but received ${signedTransactions.length}`);\n }\n\n // Process results for each transaction using WASM types directly\n const results = signedTransactions.map((signedTx, index) => {\n if (!signedTx || !signedTx.transaction || !signedTx.signature) {\n throw new Error(`Incomplete signed transaction data received for transaction ${index + 1}`);\n }\n return {\n signedTransaction: new SignedTransaction({\n transaction: signedTx.transaction,\n signature: signedTx.signature,\n borsh_bytes: Array.from(signedTx.borshBytes || [])\n }),\n nearAccountId: toAccountId(nearAccountId),\n logs: response.payload.logs\n };\n });\n\n return results;\n\n } catch (error: unknown) {\n console.error('WebAuthnManager: Batch transaction signing error:', error);\n throw error;\n }\n}\n","import { normalizeRegistrationCredential } from '../../credentialsHelpers';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { isObject, assertString } from '../../../WalletIframe/validation';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { base58Encode } from '../../../../utils/base58';\n\n// Strongly typed payload expected from the WASM → JS boundary\nexport interface RegistrationCredentialConfirmationPayload {\n confirmed: boolean;\n requestId: string;\n intentDigest: string;\n credential: WebAuthnRegistrationCredential; // serialized PublicKeyCredential (no methods)\n vrfChallenge: VRFChallenge;\n transactionContext?: TransactionContext;\n error?: string;\n}\n\nfunction validateTransactionContextMaybe(input: unknown): TransactionContext | undefined {\n if (input == null) return undefined;\n if (!isObject(input)) {\n throw new Error('Invalid transactionContext: expected object');\n }\n\n const {\n nearPublicKeyStr,\n nextNonce,\n txBlockHeight,\n txBlockHash,\n accessKeyInfo,\n } = input as {\n nearPublicKeyStr?: unknown;\n nextNonce?: unknown;\n txBlockHeight?: unknown;\n txBlockHash?: unknown;\n accessKeyInfo?: unknown;\n };\n\n // Minimal structural validation; AccessKeyView is complex. Be tolerant because the WASM struct omits it.\n const normalizedNearPublicKeyStr = assertString(\n nearPublicKeyStr,\n 'transactionContext.nearPublicKeyStr',\n );\n const normalizedNextNonce = assertString(nextNonce, 'transactionContext.nextNonce');\n const normalizedTxBlockHeight = assertString(\n txBlockHeight,\n 'transactionContext.txBlockHeight',\n );\n const normalizedTxBlockHash = assertString(txBlockHash, 'transactionContext.txBlockHash');\n\n let normalizedAccessKeyInfo = accessKeyInfo as TransactionContext['accessKeyInfo'] | undefined;\n if (normalizedAccessKeyInfo != null && !isObject(normalizedAccessKeyInfo)) {\n throw new Error('Invalid transactionContext.accessKeyInfo: expected object');\n }\n if (normalizedAccessKeyInfo == null) {\n // Synthesize a minimal placeholder; not used by registration flows consuming this payload\n normalizedAccessKeyInfo = { nonce: 0 } as unknown as TransactionContext['accessKeyInfo'];\n }\n\n return {\n nearPublicKeyStr: normalizedNearPublicKeyStr,\n nextNonce: normalizedNextNonce,\n txBlockHeight: normalizedTxBlockHeight,\n txBlockHash: normalizedTxBlockHash,\n accessKeyInfo: normalizedAccessKeyInfo,\n };\n}\n\nfunction validateCredentialMaybe(input: unknown): WebAuthnRegistrationCredential | undefined {\n if (input == null) return undefined;\n\n const cred = normalizeRegistrationCredential(input);\n if (cred.type !== 'public-key') {\n throw new Error('Invalid credential.type: expected \"public-key\"');\n }\n\n const { id, rawId, response, authenticatorAttachment } = cred as {\n id?: unknown;\n rawId?: unknown;\n response?: unknown;\n authenticatorAttachment?: unknown;\n };\n\n // Core field/type validation (serialized shapes should be base64url strings)\n assertString(id, 'credential.id');\n assertString(rawId, 'credential.rawId');\n\n if (!isObject(response)) {\n throw new Error('Invalid credential.response: expected object');\n }\n\n const {\n clientDataJSON,\n attestationObject,\n transports,\n } = response as {\n clientDataJSON?: unknown;\n attestationObject?: unknown;\n transports?: unknown;\n };\n\n assertString(clientDataJSON, 'credential.response.clientDataJSON');\n assertString(attestationObject, 'credential.response.attestationObject');\n\n if (!Array.isArray(transports)) {\n throw new Error('Invalid credential.response.transports: expected string[]');\n }\n for (const t of transports) {\n if (typeof t !== 'string') {\n throw new Error('Invalid credential.response.transports item: expected string');\n }\n }\n\n if (authenticatorAttachment != null && typeof authenticatorAttachment !== 'string') {\n throw new Error('Invalid credential.authenticatorAttachment: expected string | undefined');\n }\n\n // Note: prf.results may be undefined/null here. We intentionally do NOT\n // require them at the boundary; internal callers that need PRF (e.g. key\n // derivation) will extract/compute them separately. Contract payloads must\n // not include PRF values.\n return cred;\n}\n\nfunction validateVrfChallengeMaybe(input: unknown): VRFChallenge | undefined {\n if (input == null) return undefined;\n return validateVRFChallenge(input as Parameters<typeof validateVRFChallenge>[0]);\n}\n\nexport function parseAndValidateRegistrationCredentialConfirmationPayload(\n payload: unknown,\n): RegistrationCredentialConfirmationPayload {\n\n if (!isObject(payload)) {\n throw new Error('Invalid response payload: expected object');\n }\n\n const {\n confirmed,\n requestId,\n intentDigest,\n credential,\n vrfChallenge,\n transactionContext,\n error,\n } = payload as {\n confirmed?: unknown;\n requestId?: unknown;\n intentDigest?: unknown;\n credential?: unknown;\n vrfChallenge?: unknown;\n transactionContext?: unknown;\n error?: unknown;\n };\n\n const normalizedRequestId = assertString(requestId, 'requestId');\n\n // intentDigest is only used for TX signing requests, not registration or link device requests\n const normalizedIntentDigest =\n intentDigest == null ? '' : assertString(intentDigest, 'intentDigest');\n\n const normalizedCredential =\n credential != null ? validateCredentialMaybe(credential) : undefined;\n\n if (!normalizedCredential) {\n throw new Error('Missing registration credential');\n }\n\n const normalizedVrfChallenge =\n vrfChallenge != null ? validateVrfChallengeMaybe(vrfChallenge) : undefined;\n\n if (!normalizedVrfChallenge) {\n throw new Error('Missing VRF Challenge');\n }\n\n const normalizedTransactionContext =\n transactionContext != null ? validateTransactionContextMaybe(transactionContext) : undefined;\n\n const normalizedError =\n error == null ? undefined : assertString(error, 'error');\n\n return {\n confirmed: !!confirmed,\n requestId: normalizedRequestId,\n intentDigest: normalizedIntentDigest,\n credential: normalizedCredential,\n vrfChallenge: normalizedVrfChallenge,\n transactionContext: normalizedTransactionContext,\n error: normalizedError,\n };\n}\n\nexport const ensureEd25519Prefix = (value: string) => {\n return value.startsWith('ed25519:') ? value : `ed25519:${value}`\n}\n\nexport const toPublicKeyString = (pk: DelegateActionInput['publicKey']): string => {\n if (typeof pk === 'string') {\n return pk;\n }\n return ensureEd25519Prefix(base58Encode(pk.keyData));\n};","import { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../defaultConfigs';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport { toActionArgsWasm, validateActionArgsWasm } from '../../../types/actions';\nimport { DelegateActionInput } from '../../../types/delegate';\nimport { type onProgressEvents } from '../../../types/sdkSentEvents';\nimport {\n ConfirmationConfig,\n RpcCallPayload,\n WorkerRequestType,\n isSignDelegateActionSuccess,\n WasmDelegateSignResult,\n WasmSignedDelegate,\n} from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { generateSessionId } from '../sessionHandshake.js';\nimport { toPublicKeyString } from './validation';\n\n\nexport async function signDelegateAction({\n ctx,\n delegate,\n rpcCall,\n onEvent,\n confirmationConfigOverride,\n title,\n body,\n sessionId: providedSessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId?: string;\n}): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n}> {\n const sessionId = providedSessionId ?? generateSessionId();\n const nearAccountId = rpcCall.nearAccountId || delegate.senderId;\n\n const resolvedRpcCall = {\n contractId: rpcCall.contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl || (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl),\n nearAccountId,\n } as RpcCallPayload;\n\n const actionsWasm = delegate.actions.map(toActionArgsWasm);\n actionsWasm.forEach((action, actionIndex) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(\n `Delegate action ${actionIndex} validation failed: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n });\n\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for delegate signing');\n }\n\n const confirmation = await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'delegate',\n nearAccountId,\n delegate: {\n senderId: delegate.senderId || nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce,\n maxBlockHeight: delegate.maxBlockHeight,\n },\n rpcCall: resolvedRpcCall,\n confirmationConfigOverride,\n title,\n body,\n });\n\n const intentDigest = confirmation.intentDigest;\n const transactionContext = confirmation.transactionContext;\n const credential = confirmation.credential ? JSON.stringify(confirmation.credential) : undefined;\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.SignDelegateAction,\n payload: {\n rpcCall: resolvedRpcCall,\n createdAt: Date.now(),\n decryption: {\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n },\n delegate: {\n senderId: delegate.senderId || nearAccountId,\n receiverId: delegate.receiverId,\n actions: actionsWasm,\n nonce: delegate.nonce.toString(),\n maxBlockHeight: delegate.maxBlockHeight.toString(),\n publicKey: toPublicKeyString(delegate.publicKey),\n },\n intentDigest,\n transactionContext,\n credential,\n },\n },\n onEvent,\n });\n\n // eslint-disable-next-line no-console\n console.debug('[WebAuthnManager][delegate] raw worker response', response);\n\n if (!isSignDelegateActionSuccess(response)) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] non-success worker response', response);\n const payloadError = (response as any)?.payload?.error;\n throw new Error(payloadError || 'Delegate action signing failed');\n }\n\n const payload = response.payload as WasmDelegateSignResult;\n if (!payload.success || !payload.signedDelegate || !payload.hash) {\n // eslint-disable-next-line no-console\n console.error('[WebAuthnManager][delegate] invalid delegate payload', payload);\n throw new Error(payload.error || 'Delegate action signing failed');\n }\n\n return {\n signedDelegate: payload.signedDelegate,\n hash: payload.hash,\n nearAccountId: toAccountId(nearAccountId),\n logs: payload.logs,\n };\n}\n","import {\n WorkerRequestType, // from wasm worker\n isRecoverKeypairFromPasskeySuccess,\n} from '../../../types/signer-worker';\nimport type { WebAuthnAuthenticationCredential } from '../../../types/webauthn';\nimport { SignerWorkerManagerContext } from '..';\nimport { withSessionId } from './session';\n\n/**\n * Recover keypair from authentication credential for account recovery\n * Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption\n */\nexport async function recoverKeypairFromPasskey({\n ctx,\n credential,\n accountIdHint,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n credential: WebAuthnAuthenticationCredential;\n accountIdHint?: string;\n sessionId: string;\n}): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n}> {\n try {\n console.info('SignerWorkerManager: Starting dual PRF-based keypair recovery from authentication credential');\n // Accept either live PublicKeyCredential or already-serialized auth credential\n\n // Verify dual PRF outputs are available\n if (\n !credential.clientExtensionResults?.prf?.results?.first ||\n !credential.clientExtensionResults?.prf?.results?.second\n ) {\n throw new Error('Dual PRF outputs required for account recovery - both ChaCha20 and Ed25519 PRF outputs must be available');\n }\n\n if (!sessionId) throw new Error('Missing sessionId for recovery WrapKeySeed delivery');\n\n // Use generic sendMessage with specific request type for better type safety\n const response = await ctx.sendMessage<WorkerRequestType.RecoverKeypairFromPasskey>({\n sessionId,\n message: {\n type: WorkerRequestType.RecoverKeypairFromPasskey,\n payload: withSessionId(sessionId, {\n credential,\n accountIdHint,\n })\n },\n });\n\n // response is RecoverKeypairSuccessResponse | RecoverKeypairFailureResponse\n if (!isRecoverKeypairFromPasskeySuccess(response)) {\n throw new Error('Dual PRF keypair recovery failed in WASM worker');\n }\n\n const chacha20NonceB64u = response.payload.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in recovery result');\n }\n return {\n publicKey: response.payload.publicKey,\n encryptedPrivateKey: response.payload.encryptedData,\n chacha20NonceB64u,\n accountIdHint: response.payload.accountIdHint,\n wrapKeySalt: response.payload.wrapKeySalt,\n };\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: Dual PRF keypair recovery error:', error);\n throw error;\n }\n}\n","\nimport { WorkerRequestType, isExtractCosePublicKeySuccess } from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\n\n\n/**\n * Extract COSE public key from WebAuthn attestation object\n * Simple operation that doesn't require TouchID or progress updates\n */\nexport async function extractCosePublicKey({ ctx, attestationObjectBase64url }: {\n ctx: SignerWorkerManagerContext;\n attestationObjectBase64url: string;\n}): Promise<Uint8Array> {\n try {\n const response = await ctx.sendMessage<WorkerRequestType.ExtractCosePublicKey>({\n message: {\n type: WorkerRequestType.ExtractCosePublicKey,\n payload: {\n attestationObjectBase64url\n }\n }\n });\n\n if (isExtractCosePublicKeySuccess(response)) {\n return response.payload.cosePublicKeyBytes;\n } else {\n throw new Error('COSE public key extraction failed in WASM worker');\n }\n } catch (error: unknown) {\n throw error;\n }\n}\n","\nimport { SignedTransaction } from '../../../NearClient';\nimport { type ActionArgsWasm, validateActionArgsWasm } from '../../../types/actions';\nimport {\n WorkerRequestType,\n WorkerResponseType,\n WasmTransactionSignResult,\n} from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\n\n/**\n * Sign transaction with raw private key (for key replacement in Option D device linking)\n * No TouchID/PRF required - uses provided private key directly\n */\nexport async function signTransactionWithKeyPair({\n ctx,\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash,\n actions\n}: {\n ctx: SignerWorkerManagerContext;\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n}): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n}> {\n try {\n console.info('SignerWorkerManager: Starting transaction signing with provided private key');\n\n // Validate actions\n actions.forEach((action, index) => {\n try {\n validateActionArgsWasm(action);\n } catch (error) {\n throw new Error(`Action ${index} validation failed: ${error instanceof Error ? error.message : 'Unknown error'}`);\n }\n });\n\n const response = await ctx.sendMessage<WorkerRequestType.SignTransactionWithKeyPair>({\n message: {\n type: WorkerRequestType.SignTransactionWithKeyPair,\n payload: {\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash: blockHash,\n actions: actions\n }\n }\n });\n\n if (response.type !== WorkerResponseType.SignTransactionWithKeyPairSuccess) {\n console.error('SignerWorkerManager: Transaction signing with private key failed:', response);\n throw new Error('Transaction signing with private key failed');\n }\n\n const wasmResult = response.payload as WasmTransactionSignResult;\n if (!wasmResult.success) {\n throw new Error(wasmResult.error || 'Transaction signing failed');\n }\n // Extract the signed transaction\n const signedTransactions = wasmResult.signedTransactions || [];\n if (signedTransactions.length !== 1) {\n throw new Error(`Expected 1 signed transaction but received ${signedTransactions.length}`);\n }\n const signedTx = signedTransactions[0];\n if (!signedTx || !signedTx.transaction || !signedTx.signature) {\n throw new Error('Incomplete signed transaction data received');\n }\n\n const result = {\n signedTransaction: new SignedTransaction({\n transaction: signedTx.transaction,\n signature: signedTx.signature,\n borsh_bytes: Array.from(signedTx.borshBytes || [])\n }),\n logs: wasmResult.logs\n };\n\n console.debug('SignerWorkerManager: Transaction signing with private key successful');\n return result;\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: Transaction signing with private key error:', error);\n throw error;\n }\n}\n","\nimport { WorkerRequestType, isSignNep413MessageSuccess } from '../../../types/signer-worker';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { generateSessionId } from '../sessionHandshake.js';\n\n/**\n * Sign a NEP-413 message using the user's passkey-derived private key\n *\n * @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n */\nexport async function signNep413Message({ ctx, payload }: {\n ctx: SignerWorkerManagerContext;\n payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string | null;\n accountId: string;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId?: string;\n contractId?: string;\n nearRpcUrl?: string;\n };\n}): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n}> {\n try {\n const deviceNumber = await getLastLoggedInDeviceNumber(payload.accountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(payload.accountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${payload.accountId}`);\n }\n\n // Expect caller (SignerWorkerManager) to reserve a session and wire ports; just use provided sessionId\n const sessionId = payload.sessionId ?? generateSessionId();\n\n if (!ctx.vrfWorkerManager) {\n throw new Error('VrfWorkerManager not available for NEP-413 signing');\n }\n\n await ctx.vrfWorkerManager.confirmAndPrepareSigningSession({\n ctx,\n sessionId,\n kind: 'nep413',\n nearAccountId: payload.accountId,\n message: payload.message,\n recipient: payload.recipient,\n title: payload.title,\n body: payload.body,\n confirmationConfigOverride: payload.confirmationConfigOverride,\n contractId: payload.contractId,\n nearRpcUrl: payload.nearRpcUrl,\n });\n\n const response = await ctx.sendMessage<WorkerRequestType.SignNep413Message>({\n sessionId,\n message: {\n type: WorkerRequestType.SignNep413Message,\n payload: {\n message: payload.message,\n recipient: payload.recipient,\n nonce: payload.nonce,\n state: payload.state || undefined,\n accountId: payload.accountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n }\n },\n });\n\n if (!isSignNep413MessageSuccess(response)) {\n console.error('SignerWorkerManager: NEP-413 signing failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError || 'NEP-413 signing failed');\n }\n\n return {\n success: true,\n accountId: response.payload.accountId,\n publicKey: response.payload.publicKey,\n signature: response.payload.signature,\n state: response.payload.state || undefined\n };\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: NEP-413 signing error:', error);\n return {\n success: false,\n accountId: '',\n publicKey: '',\n signature: '',\n error: (error && typeof (error as { message?: unknown }).message === 'string')\n ? (error as { message: string }).message\n : 'Unknown error'\n };\n }\n}\n","import { base64UrlDecode } from '../../../../utils';\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport {\n WorkerRequestType,\n isRegisterDevice2WithDerivedKeySuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { withSessionId } from './session';\nimport { UserVerificationPolicy, toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\n\n/**\n * Combined Device2 registration flow: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n *\n * This handler orchestrates:\n * 1. Retrieving PRF.second and WrapKeySeed from session storage (delivered via MessagePort)\n * 2. Deriving NEAR ed25519 keypair from PRF.second\n * 3. Encrypting the NEAR private key with KEK (derived from WrapKeySeed + wrapKeySalt)\n * 4. Building the Device2 registration transaction (`link_device_register_user`)\n * 5. Signing the transaction with the derived NEAR keypair\n * 6. Storing encrypted key data in IndexedDB\n *\n * Security: PRF.second and WrapKeySeed never traverse the main thread - they're delivered\n * directly from VRF worker to Signer worker via MessagePort.\n */\nexport async function registerDevice2WithDerivedKey({\n ctx,\n sessionId,\n nearAccountId,\n credential,\n vrfChallenge,\n transactionContext,\n contractId,\n wrapKeySalt,\n deviceNumber,\n deterministicVrfPublicKey,\n}: {\n ctx: SignerWorkerManagerContext;\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey?: string;\n}): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n error?: string;\n}> {\n try {\n if (!sessionId) {\n throw new Error('Missing sessionId for Device2 registration');\n }\n\n console.debug('[SignerWorkerManager] Starting Device2 combined registration', {\n nearAccountId,\n sessionId,\n deviceNumber,\n });\n\n // Helper to convert base64url string to byte array (number[])\n const b64ToBytes = (s: string | undefined): number[] => {\n if (!s) return [];\n return Array.from(base64UrlDecode(s));\n };\n // Construct contractArgs in TypeScript and use JSON.stringify() here.\n // This is native to JS, extremely fast, and means the Rust worker just receives a \"dumb\" string that it can blindly convert to bytes\n const finalContractArgs = {\n vrf_data: {\n vrf_input_data: b64ToBytes(vrfChallenge.vrfInput),\n vrf_output: b64ToBytes(vrfChallenge.vrfOutput),\n vrf_proof: b64ToBytes(vrfChallenge.vrfProof),\n public_key: b64ToBytes(vrfChallenge.vrfPublicKey),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight),\n block_hash: b64ToBytes(vrfChallenge.blockHash),\n },\n webauthn_registration: credential,\n deterministic_vrf_public_key: b64ToBytes(deterministicVrfPublicKey),\n authenticator_options: {\n userVerification: toEnumUserVerificationPolicy(UserVerificationPolicy.Preferred),\n originPolicy: {\n single: undefined,\n all_subdomains: true,\n multiple: undefined,\n },\n },\n };\n\n // Build request payload for combined Device2 registration\n const response = await ctx.sendMessage<WorkerRequestType.RegisterDevice2WithDerivedKey>({\n sessionId,\n message: {\n type: WorkerRequestType.RegisterDevice2WithDerivedKey,\n payload: withSessionId(sessionId, {\n credential,\n nearAccountId,\n transactionContext: {\n txBlockHash: transactionContext.txBlockHash,\n txBlockHeight: transactionContext.txBlockHeight,\n baseNonce: transactionContext.nextNonce,\n },\n contractId,\n contractArgsJson: JSON.stringify(finalContractArgs),\n }),\n },\n });\n\n if (!isRegisterDevice2WithDerivedKeySuccess(response)) {\n throw new Error('Device2 combined registration failed');\n }\n\n const wasmResult = response.payload;\n\n console.debug('[SignerWorkerManager] Device2 registration complete, storing encrypted key');\n\n // Store encrypted NEAR key in IndexedDB\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in Device2 registration result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId,\n deviceNumber: deviceNumber ?? 2, // Default to device 2\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wasmResult.wrapKeySalt,\n version: 2,\n timestamp: Date.now(),\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n console.debug('[SignerWorkerManager] Device2 encrypted key stored successfully');\n\n return {\n success: true,\n publicKey: wasmResult.publicKey,\n signedTransaction: wasmResult.signedTransaction,\n wrapKeySalt: wasmResult.wrapKeySalt,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n };\n } catch (error: unknown) {\n console.error('[SignerWorkerManager] registerDevice2WithDerivedKey error:', error);\n const message = String((error as { message?: unknown })?.message || error || '');\n return {\n success: false,\n publicKey: '',\n signedTransaction: null,\n wrapKeySalt: '',\n error: message,\n };\n }\n}\n","import type { ConfirmationConfig } from '../../../types/signer-worker';\nimport type { VrfWorkerManagerContext } from '../';\nimport type { SecureConfirmRequest } from './types';\nimport { SecureConfirmationType } from './types';\nimport { needsExplicitActivation } from '@/utils';\n\n/**\n * determineConfirmationConfig\n *\n * Computes the effective confirmation UI behavior used by the secure‑confirmation\n * flow by merging inputs and applying safe runtime rules.\n *\n * Order of precedence (highest → lowest):\n * 1) Request‑level override (request.confirmationConfig), when explicitly set.\n * 2) User preferences stored in the wallet host (from IndexedDB via ctx.userPreferencesManager).\n * 3) Runtime safety rules (wallet‑iframe registration/link flows) that may clamp behavior.\n *\n * Wallet‑iframe registration/link safety rule:\n * - When running inside the wallet-iframe host context, always clamp registration/link flows to\n * `{ uiMode: 'modal', behavior: 'requireClick' }` so the user activation happens inside the iframe.\n * This intentionally overrides both user preferences and request-level overrides.\n *\n * Notes\n * - The function is pure (does not mutate the input object) and safe to call multiple times.\n * - Theme and unrelated visual options are preserved in all cases.\n */\nexport function determineConfirmationConfig(\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest | undefined,\n): ConfirmationConfig {\n\n // Merge request‑level override over user preferences\n // Important: drop undefined/null fields from the override so they don't clobber\n // persisted preferences (e.g., behavior) with an undefined value.\n const configBase = ctx.userPreferencesManager.getConfirmationConfig();\n const rawOverride = (request?.confirmationConfig || {}) as Partial<ConfirmationConfig>;\n const cleanedOverride = Object.fromEntries(\n Object.entries(rawOverride).filter(([, v]) => v !== undefined && v !== null)\n ) as Partial<ConfirmationConfig>;\n let cfg: ConfirmationConfig = { ...configBase, ...cleanedOverride } as ConfirmationConfig;\n\n // Normalize theme default\n cfg = { ...cfg, theme: cfg.theme || 'dark' } as ConfirmationConfig;\n // Default decrypt-private-key confirmations to 'skip' UI. The flow collects\n // WebAuthn credentials silently and the worker may follow up with a\n // SHOW_SECURE_PRIVATE_KEY_UI request to display the key.\n if (request?.type === SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF) {\n return {\n uiMode: 'skip',\n behavior: cfg.behavior,\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme || 'dark',\n // container selection handled by uiMode only\n } as ConfirmationConfig;\n }\n // Detect if running inside an iframe (wallet host context)\n const inIframe = (() => window.self !== window.top)();\n\n // On Safari/iOS or mobile devices without a fresh user activation,\n // clamp to a clickable UI to reliably satisfy WebAuthn requirements.\n // - If caller/user set uiMode: 'skip', promote to 'modal' + requireClick\n // - If behavior is 'autoProceed', upgrade to 'requireClick'\n // Use shared heuristic to decide if explicit activation is necessary\n if (needsExplicitActivation()) {\n const newUiMode: ConfirmationConfig['uiMode'] = (cfg.uiMode === 'skip') ? 'drawer' : cfg.uiMode;\n cfg = {\n ...cfg,\n uiMode: newUiMode,\n behavior: 'requireClick',\n } as ConfirmationConfig;\n }\n\n // In wallet‑iframe host context: registration/link flows default to an explicit click.\n // However, if the effective config explicitly opts into auto‑proceed (or skip), honor it.\n if (\n inIframe &&\n request?.type &&\n (request.type === SecureConfirmationType.REGISTER_ACCOUNT || request.type === SecureConfirmationType.LINK_DEVICE)\n ) {\n // Cross‑origin registration/link flows: always require a visible, clickable confirmation\n // so the click lands inside the wallet iframe and satisfies WebAuthn activation.\n return {\n uiMode: 'modal',\n behavior: 'requireClick',\n autoProceedDelay: cfg.autoProceedDelay,\n theme: cfg.theme || 'dark',\n } as ConfirmationConfig;\n }\n\n // Otherwise honor caller/user configuration\n return cfg;\n}\n","import type { SecureConfirmRequest } from '../types';\nimport { SecureConfirmationType } from '../types';\nimport { isObject, isString } from '@/core/WalletIframe/validation';\n\n/**\n * Validates secure-confirm requests (V2 only).\n * This deliberately does not accept JSON strings or shorthand/legacy shapes.\n */\nexport function validateSecureConfirmRequest(input: unknown): SecureConfirmRequest {\n if (typeof input === 'string') {\n throw new Error('Invalid secure confirm request: expected an object (JSON strings are not supported)');\n }\n if (!isObject(input)) throw new Error('parsed is not an object');\n const p = input as {\n schemaVersion?: unknown;\n requestId?: unknown;\n type?: unknown;\n summary?: unknown;\n payload?: unknown;\n };\n if (p.schemaVersion !== 2) throw new Error('schemaVersion must be 2');\n if (!isString(p.requestId) || !p.requestId) throw new Error('missing requestId');\n if (!isString(p.type) || !p.type) throw new Error('missing type');\n if (p.summary === undefined || p.summary === null) throw new Error('missing summary');\n if (p.payload === undefined || p.payload === null) throw new Error('missing payload');\n return input as unknown as SecureConfirmRequest;\n}\n\nexport function assertNoForbiddenMainThreadSigningSecrets(request: SecureConfirmRequest): void {\n if (\n request.type !== SecureConfirmationType.SIGN_TRANSACTION\n && request.type !== SecureConfirmationType.SIGN_NEP413_MESSAGE\n ) {\n return;\n }\n\n const payload: any = (request as any).payload || {};\n if (payload.prfOutput !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field prfOutput');\n }\n if (payload.wrapKeySeed !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySeed');\n }\n if (payload.wrapKeySalt !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field wrapKeySalt');\n }\n if (payload.vrf_sk !== undefined) {\n throw new Error('Invalid secure confirm request: forbidden signing payload field vrf_sk');\n }\n}\n","import type { VrfWorkerManagerContext } from '../';\nimport type { ConfirmationConfig } from '../../../types/signer-worker';\nimport { determineConfirmationConfig } from './determineConfirmationConfig';\nimport {\n TransactionSummary,\n SecureConfirmMessageType,\n SecureConfirmRequest,\n SecureConfirmationType,\n} from './types';\nimport { errorMessage, toError } from '../../../../utils/errors';\nimport {\n parseTransactionSummary,\n getIntentDigest,\n sendConfirmResponse,\n sanitizeForPostMessage,\n} from './flows';\nimport {\n assertNoForbiddenMainThreadSigningSecrets,\n validateSecureConfirmRequest,\n} from './adapters/requestAdapter';\nimport type {\n LocalOnlySecureConfirmRequest,\n RegistrationSecureConfirmRequest,\n SigningSecureConfirmRequest,\n} from './types';\n\n/**\n * Handles secure confirmation requests from the worker with robust error handling\n * => SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD\n * and proper data validation. Supports both transaction and registration confirmation flows.\n */\nexport async function handlePromptUserConfirmInJsMainThread(\n ctx: VrfWorkerManagerContext,\n message: {\n type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD,\n data: SecureConfirmRequest,\n },\n worker: Worker\n): Promise<void> {\n\n // 1. Validate and parse request\n let request: SecureConfirmRequest;\n let confirmationConfig: ConfirmationConfig;\n let transactionSummary: TransactionSummary;\n\n try {\n\n request = validateSecureConfirmRequest(message.data);\n assertNoForbiddenMainThreadSigningSecrets(request);\n confirmationConfig = determineConfirmationConfig(ctx, request);\n\n const parsedSummary = parseTransactionSummary(request.summary);\n const intentDigest = getIntentDigest(request);\n\n transactionSummary = sanitizeForPostMessage({\n ...parsedSummary,\n ...(intentDigest ? { intentDigest } : {}),\n }) as TransactionSummary;\n\n } catch (e: unknown) {\n\n console.error('[SecureConfirm][Host] validateAndParseRequest failed', e);\n // Attempt to send a structured error back to the worker to avoid hard failure\n try {\n const rid = (message?.data as any)?.requestId;\n if (typeof rid === 'string' && rid) {\n sendConfirmResponse(worker, {\n requestId: rid,\n confirmed: false,\n error: errorMessage(e) || 'Invalid secure confirm request',\n });\n return;\n }\n } catch (_err: unknown) {\n throw toError(e);\n }\n throw toError(e);\n }\n\n const handler = HANDLERS[request.type];\n if (!handler) {\n // Unsupported type fallback: return structured error to worker.\n sendConfirmResponse(worker, {\n requestId: request.requestId,\n confirmed: false,\n error: 'Unsupported secure confirmation type'\n });\n return;\n }\n\n await handler({ ctx, request, worker, confirmationConfig, transactionSummary });\n}\n\ntype HandlerArgs = {\n ctx: VrfWorkerManagerContext;\n request: SecureConfirmRequest;\n worker: Worker;\n confirmationConfig: ConfirmationConfig;\n transactionSummary: TransactionSummary;\n};\n\ntype Handler = (args: HandlerArgs) => Promise<void>;\n\nasync function importFlow<T>(label: string, loader: () => Promise<T>): Promise<T> {\n try {\n return await loader();\n } catch (e) {\n console.error(`[SecureConfirm][Host] failed to import ${label} flow module`, e);\n throw e;\n }\n}\n\nconst HANDLERS: Partial<Record<SecureConfirmationType, Handler>> = {\n [SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleLocalOnlyFlow } = await importFlow('localOnly', () => import('./flows/localOnly'));\n await handleLocalOnlyFlow(ctx, request as LocalOnlySecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.REGISTER_ACCOUNT]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.LINK_DEVICE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleRegistrationFlow } = await importFlow('registration', () => import('./flows/registration'));\n await handleRegistrationFlow(ctx, request as RegistrationSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_TRANSACTION]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n [SecureConfirmationType.SIGN_NEP413_MESSAGE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {\n const { handleTransactionSigningFlow } = await importFlow('transactions', () => import('./flows/transactions'));\n await handleTransactionSigningFlow(ctx, request as SigningSecureConfirmRequest, worker, { confirmationConfig, transactionSummary });\n },\n};\n","import {\n SecureConfirmMessageType,\n SecureConfirmRequest,\n SecureConfirmDecision,\n} from './confirmTxFlow/types';\nimport { handlePromptUserConfirmInJsMainThread } from './confirmTxFlow';\nimport type { VrfWorkerManagerContext } from '.';\n\n/**\n * VRF-side helper to run confirmTxFlow directly from JS without going through a worker.\n * Useful while VRF-driven flows migrate off the signer worker.\n *\n * Returns the USER_PASSKEY_CONFIRM_RESPONSE data once the flow completes.\n */\nexport async function runSecureConfirm(\n ctx: VrfWorkerManagerContext,\n request: SecureConfirmRequest\n): Promise<SecureConfirmDecision> {\n return new Promise<SecureConfirmDecision>((resolve, reject) => {\n // Minimal Worker-like object to capture the response\n const worker = {\n postMessage: (msg: any) => {\n if (msg?.type === SecureConfirmMessageType.USER_PASSKEY_CONFIRM_RESPONSE) {\n resolve(msg.data as SecureConfirmDecision);\n }\n }\n } as unknown as Worker;\n\n handlePromptUserConfirmInJsMainThread(\n ctx,\n { type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD, data: request },\n worker\n ).catch(reject);\n });\n}\n","import { isObject } from '../../../WalletIframe/validation';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { runSecureConfirm } from '../../VrfWorkerManager/secureConfirmBridge';\nimport { SecureConfirmationType } from '../../VrfWorkerManager/confirmTxFlow/types';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\n\n/**\n * Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker\n * - Decrypt inside signer worker (session-bound)\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\nexport async function exportNearKeypairUi({\n ctx,\n nearAccountId,\n variant,\n theme,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n nearAccountId: AccountId;\n variant?: 'drawer' | 'modal';\n theme?: 'dark' | 'light';\n sessionId: string;\n}): Promise<void> {\n const accountId = toAccountId(nearAccountId);\n\n // Gather encrypted key + ChaCha20 nonce and public key from IndexedDB\n const deviceNumber = await getLastLoggedInDeviceNumber(accountId, ctx.indexedDB.clientDB);\n const [keyData, user] = await Promise.all([\n ctx.indexedDB.nearKeysDB.getEncryptedKey(accountId, deviceNumber),\n ctx.indexedDB.clientDB.getUserByDevice(accountId, deviceNumber),\n ]);\n const publicKey = user?.clientNearPublicKey || '';\n if (!keyData || !publicKey) {\n throw new Error('Missing local key material for export. Re-register to upgrade vault.');\n }\n\n // Decrypt inside signer worker using the reserved session\n const response = await ctx.sendMessage<WorkerRequestType.DecryptPrivateKeyWithPrf>({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: {\n nearAccountId: accountId,\n encryptedPrivateKeyData: keyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: keyData.chacha20NonceB64u,\n },\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Export decrypt failed:', response);\n const payloadError = isObject(response?.payload) && response?.payload?.error;\n const msg = String(payloadError || 'Export decrypt failed');\n throw new Error(msg);\n }\n\n const privateKey = response.payload.privateKey;\n\n // Phase 2: show secure UI (VRF-driven viewer)\n const showReq = {\n schemaVersion: 2 as const,\n requestId: sessionId,\n type: SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI,\n summary: {\n operation: 'Export Private Key' as const,\n accountId,\n publicKey,\n warning: 'Anyone with your private key can fully control your account. Never share it.',\n },\n payload: {\n nearAccountId: accountId,\n publicKey,\n privateKey,\n variant,\n theme,\n },\n };\n await runSecureConfirm(ctx, showReq);\n}\n","import { SIGNER_WORKER_MANAGER_CONFIG } from \"../../../config\";\nimport { ClientAuthenticatorData, UnifiedIndexedDBManager } from '../../IndexedDBManager';\nimport { IndexedDBManager } from '../../IndexedDBManager';\nimport { SignedTransaction, type NearClient } from '../../NearClient';\nimport { isObject } from '../../WalletIframe/validation';\nimport { resolveWorkerUrl } from '../../sdkPaths';\nimport {\n WorkerRequestType,\n WorkerResponseForRequest,\n isWorkerProgress,\n isWorkerError,\n isWorkerSuccess,\n WorkerProgressResponse,\n WorkerErrorResponse,\n WorkerRequestTypeMap,\n} from '../../types/signer-worker';\nimport { VrfWorkerManager } from '../VrfWorkerManager';\nimport { VRFChallenge } from '../../types/vrf-worker';\nimport type { ActionArgsWasm, TransactionInputWasm } from '../../types/actions';\nimport type { DelegateActionInput } from '../../types/delegate';\nimport type { onProgressEvents } from '../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../types/authenticatorOptions';\nimport { AccountId } from \"../../types/accountIds\";\nimport { TransactionContext } from '../../types/rpc';\nimport {\n ConfirmationConfig,\n WasmSignedDelegate,\n} from '../../types/signer-worker';\nimport { TouchIdPrompt } from \"../touchIdPrompt\";\nimport { isSignerWorkerControlMessage } from './sessionMessages';\nimport { WorkerControlMessage } from '../../workerControlMessages';\n\nimport {\n decryptPrivateKeyWithPrf,\n checkCanRegisterUser,\n signTransactionsWithActions,\n recoverKeypairFromPasskey,\n extractCosePublicKey,\n signTransactionWithKeyPair,\n signNep413Message,\n deriveNearKeypairAndEncryptFromSerialized,\n signDelegateAction,\n registerDevice2WithDerivedKey,\n exportNearKeypairUi,\n} from './handlers';\nimport { RpcCallPayload } from '../../types/signer-worker';\nimport { UserPreferencesManager } from '../userPreferences';\nimport { NonceManager } from '../../nonceManager';\nimport { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../types';\nimport { toError } from '@/utils/errors';\nimport { withSessionId } from './handlers/session';\nimport { attachSessionPort } from './sessionHandshake.js';\n\ntype WithOptionalSessionId<T> = T extends { sessionId: string }\n ? Omit<T, 'sessionId'> & { sessionId?: string }\n : T;\n\ntype SigningSessionEntry = {\n worker: Worker;\n wrapKeySeedPort?: MessagePort;\n createdAt: number;\n};\n\nexport interface SignerWorkerManagerContext {\n touchIdPrompt: TouchIdPrompt;\n nearClient: NearClient;\n indexedDB: UnifiedIndexedDBManager;\n userPreferencesManager: UserPreferencesManager;\n nonceManager: NonceManager;\n rpIdOverride?: string;\n nearExplorerUrl?: string;\n vrfWorkerManager?: VrfWorkerManager;\n sendMessage: <T extends keyof WorkerRequestTypeMap>(args: {\n message: {\n type: T;\n payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']>;\n };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n sessionId?: string;\n }) => Promise<WorkerResponseForRequest<T>>;\n};\n\n/**\n * WebAuthnWorkers handles PRF, workers, and COSE operations\n *\n * Note: Challenge store removed as VRF provides cryptographic freshness\n * without needing centralized challenge management\n */\nexport class SignerWorkerManager {\n\n private indexedDB: UnifiedIndexedDBManager;\n private touchIdPrompt: TouchIdPrompt;\n private vrfWorkerManager: VrfWorkerManager;\n private nearClient: NearClient;\n private userPreferencesManager: UserPreferencesManager;\n private nonceManager: NonceManager;\n private workerBaseOrigin: string | undefined;\n private nearExplorerUrl?: string;\n\n constructor(\n vrfWorkerManager: VrfWorkerManager,\n nearClient: NearClient,\n userPreferencesManager: UserPreferencesManager,\n nonceManager: NonceManager,\n rpIdOverride?: string,\n enableSafariGetWebauthnRegistrationFallback: boolean = true,\n nearExplorerUrl?: string,\n ) {\n this.indexedDB = IndexedDBManager;\n this.touchIdPrompt = new TouchIdPrompt(rpIdOverride, enableSafariGetWebauthnRegistrationFallback);\n this.vrfWorkerManager = vrfWorkerManager;\n this.nearClient = nearClient;\n this.userPreferencesManager = userPreferencesManager;\n this.nonceManager = nonceManager;\n this.nearExplorerUrl = nearExplorerUrl;\n }\n\n setWorkerBaseOrigin(origin: string | undefined): void {\n this.workerBaseOrigin = origin;\n }\n\n getContext(): SignerWorkerManagerContext {\n return {\n sendMessage: this.sendMessage.bind(this), // bind to access this.createSecureWorker\n indexedDB: this.indexedDB,\n touchIdPrompt: this.touchIdPrompt,\n vrfWorkerManager: this.vrfWorkerManager,\n nearClient: this.nearClient,\n userPreferencesManager: this.userPreferencesManager,\n nonceManager: this.nonceManager,\n rpIdOverride: this.touchIdPrompt.getRpId(),\n nearExplorerUrl: this.nearExplorerUrl,\n };\n }\n\n createSecureWorker(): Worker {\n const workerUrlStr = resolveWorkerUrl(\n SIGNER_WORKER_MANAGER_CONFIG.WORKER.URL,\n { worker: 'signer', baseOrigin: this.workerBaseOrigin }\n )\n try {\n const worker = new Worker(workerUrlStr, {\n type: SIGNER_WORKER_MANAGER_CONFIG.WORKER.TYPE,\n name: SIGNER_WORKER_MANAGER_CONFIG.WORKER.NAME\n });\n // minimal error handler in tests; avoid noisy logs\n worker.onerror = () => {};\n return worker;\n } catch (error) {\n // Do not silently downgrade to same‑origin. Cross‑origin workers must be\n // resolvable under the configured wallet origin with proper headers.\n // Surface a precise error so tests assert the real path.\n const msg = error instanceof Error ? error.message : String(error);\n throw new Error(`Failed to create secure worker: ${msg}`);\n }\n }\n\n /**\n * Executes a worker operation by sending a message to the secure worker.\n * Handles progress updates via onEvent callback, supports both single and multiple response patterns.\n * Intercepts secure confirmation handshake messages for pluggable UI.\n * Resolves with the final worker response or rejects on error/timeout.\n *\n * @template T - Worker request type.\n * @param params.message - The message to send to the worker.\n * @param params.onEvent - Optional callback for progress events.\n * @param params.timeoutMs - Optional timeout in milliseconds.\n * @returns Promise resolving to the worker response for the request.\n */\n private workerPool: Worker[] = [];\n private readonly MAX_WORKER_POOL_SIZE = 3; // Increased for security model\n // Map of active signing sessions to reserved workers and optional WrapKeySeed ports\n private signingSessions: Map<string, SigningSessionEntry> = new Map();\n private readonly SIGNING_SESSION_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes\n\n private getWorkerFromPool(): Worker {\n if (this.workerPool.length > 0) {\n return this.workerPool.pop()!;\n }\n return this.createSecureWorker();\n }\n\n private terminateAndReplaceWorker(worker: Worker): void {\n // Always terminate workers to clear memory\n worker.terminate();\n // Asynchronously create a replacement worker for the pool\n this.createReplacementWorker();\n }\n\n /**\n * Reserve a signer worker \"session\"\n *\n * What this does:\n * - Reserves a specific `Worker` instance from the pool and pins it to `sessionId`.\n * - Ensures the signer worker has a dedicated `MessagePort` attached for receiving `WrapKeySeed`\n * from the VRF worker (VRF → Signer channel).\n *\n * Port wiring:\n * - The VRF worker retains one end of a `MessageChannel` and the signer worker receives the other.\n * - This method attaches the signer-facing port via a control message (`ATTACH_WRAP_KEY_SEED_PORT`)\n * and waits for an ACK (`ATTACH_WRAP_KEY_SEED_PORT_OK`) before exposing the session.\n *\n * @param sessionId - Session identifier used to correlate MessagePorts + ready signals.\n * @param opts.signerPort - Optional signer-facing `MessagePort` created/owned by the caller (VRF-created channel).\n * If omitted, this method creates a fresh `MessageChannel` and returns `vrfPort` so the\n * caller can transfer it to the VRF worker.\n * @returns `{ worker, signerPort, vrfPort }` where `vrfPort` is only present when we created the channel here.\n */\n async reserveSignerWorkerSession(sessionId: string, opts?: { signerPort?: MessagePort }): Promise<{ worker: Worker; signerPort?: MessagePort; vrfPort?: MessagePort }> {\n if (this.signingSessions.has(sessionId)) {\n throw new Error(`Signing session already exists for id: ${sessionId}`);\n }\n // Reserve a worker from the pool for this sessionId.\n const worker = this.getWorkerFromPool();\n let signerPort = opts?.signerPort;\n let vrfPort: MessagePort | undefined;\n if (!signerPort) {\n // If caller did not provide a signer-facing port, create a channel.\n // - port1 => signer worker (receiver)\n // - port2 => VRF worker (sender) returned to caller\n const channel = new MessageChannel();\n signerPort = channel.port1;\n vrfPort = channel.port2;\n }\n\n // Attach the signerPort to the worker and wait for ACK before adding to signingSessions\n try {\n if (!signerPort) {\n throw new Error('Missing signerPort for signing session');\n }\n\n // Use centralized handshake logic (registers listener, sends message, waits for ACK)\n await attachSessionPort(worker, sessionId, signerPort);\n\n // Only add to signingSessions after successful attachment\n // (prevents callers from observing a session that can't receive WrapKeySeed yet).\n this.signingSessions.set(sessionId, {\n worker,\n wrapKeySeedPort: signerPort,\n createdAt: Date.now(),\n });\n\n } catch (err) {\n console.error('[SignerWorkerManager]: Failed to attach WrapKeySeed port to signer worker', err);\n // Best-effort cleanup\n try { signerPort?.close(); } catch {}\n try { vrfPort?.close(); } catch {}\n this.terminateAndReplaceWorker(worker);\n this.signingSessions.delete(sessionId);\n throw err;\n }\n return { worker, signerPort, vrfPort };\n }\n\n /**\n * Release a signing session: close ports and terminate/replace the worker to zeroize state.\n */\n releaseSigningSession(sessionId: string): void {\n const entry = this.signingSessions.get(sessionId);\n if (!entry) return;\n try { entry.wrapKeySeedPort?.close() } catch {}\n try { this.terminateAndReplaceWorker(entry.worker) } catch {}\n this.signingSessions.delete(sessionId);\n }\n\n /**\n * Sweep expired signing sessions based on createdAt and timeout.\n */\n sweepExpiredSigningSessions(): void {\n const now = Date.now();\n for (const [sessionId, entry] of this.signingSessions.entries()) {\n if (now - entry.createdAt > this.SIGNING_SESSION_TIMEOUT_MS) {\n this.releaseSigningSession(sessionId);\n }\n }\n }\n\n private async createReplacementWorker(): Promise<void> {\n try {\n const worker = this.createSecureWorker();\n\n // Simple health check\n const healthPromise = new Promise<void>((resolve, reject) => {\n const timeout = setTimeout(() => reject(new Error('Health check timeout')), 5000);\n\n const onMessage = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY || event.data?.ready) {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n resolve();\n }\n };\n\n worker.addEventListener('message', onMessage);\n worker.onerror = () => {\n worker.removeEventListener('message', onMessage);\n clearTimeout(timeout);\n reject(new Error('Worker error during health check'));\n };\n });\n\n await healthPromise;\n\n if (this.workerPool.length < this.MAX_WORKER_POOL_SIZE) {\n this.workerPool.push(worker);\n } else {\n worker.terminate();\n }\n } catch (error: unknown) {\n console.warn('SignerWorkerManager: Failed to create replacement worker:', error);\n }\n }\n\n /**\n * Pre-warm worker pool by creating and initializing workers in advance\n * This reduces latency for the first transaction by having workers ready\n */\n async preWarmWorkerPool(): Promise<void> {\n const promises: Promise<void>[] = [];\n\n for (let i = 0; i < this.MAX_WORKER_POOL_SIZE; i++) {\n promises.push(\n new Promise<void>((resolve, reject) => {\n try {\n const worker = this.createSecureWorker();\n\n // Set up one-time ready handler\n const onReady = (event: MessageEvent) => {\n if (event.data?.type === WorkerControlMessage.WORKER_READY || event.data?.ready) {\n worker.removeEventListener('message', onReady);\n this.terminateAndReplaceWorker(worker);\n resolve();\n }\n };\n\n worker.addEventListener('message', onReady);\n\n // Set up error handler\n worker.onerror = (error) => {\n worker.removeEventListener('message', onReady);\n console.error(`WebAuthnManager: Worker ${i + 1} pre-warm failed:`, error);\n reject(error);\n };\n\n // Timeout after 5 seconds\n setTimeout(() => {\n worker.removeEventListener('message', onReady);\n // Pre-warm timeouts are benign; workers will be created on-demand later.\n // console.debug(`WebAuthnManager: Worker ${i + 1} pre-warm timeout`);\n reject(new Error('Pre-warm timeout'));\n }, 5000);\n\n } catch (error: unknown) {\n console.error(`WebAuthnManager: Failed to create worker ${i + 1}:`, error);\n reject(toError(error));\n }\n })\n );\n }\n\n try {\n await Promise.allSettled(promises);\n } catch (error: unknown) {\n console.warn('WebAuthnManager: Some workers failed to pre-warm:', error);\n }\n }\n\n private async sendMessage<T extends WorkerRequestType>({\n sessionId,\n message,\n onEvent,\n timeoutMs = SIGNER_WORKER_MANAGER_CONFIG.TIMEOUTS.DEFAULT, // 60s\n }: {\n sessionId?: string;\n message: { type: T; payload: WithOptionalSessionId<WorkerRequestTypeMap[T]['request']> };\n onEvent?: (update: onProgressEvents) => void;\n timeoutMs?: number;\n }): Promise<WorkerResponseForRequest<T>> {\n\n // Clean up any expired signing sessions before allocating a worker\n this.sweepExpiredSigningSessions();\n\n const payloadSessionId = (message.payload as any)?.sessionId as string | undefined;\n if (sessionId && payloadSessionId && payloadSessionId !== sessionId) {\n throw new Error(\n `sendMessage: payload.sessionId (${payloadSessionId}) does not match provided sessionId (${sessionId})`\n );\n }\n\n const effectiveSessionId = sessionId || payloadSessionId;\n const sessionEntry = effectiveSessionId ? this.signingSessions.get(effectiveSessionId) : undefined;\n if (effectiveSessionId && !sessionEntry) {\n throw new Error(`Signing session not found for id: ${effectiveSessionId}`);\n }\n\n // Normalize/inject sessionId into payload once to avoid duplication at call sites.\n const finalPayload = effectiveSessionId\n ? withSessionId(effectiveSessionId, message.payload)\n : (message.payload);\n\n const worker = sessionEntry ? sessionEntry.worker : this.getWorkerFromPool();\n const isSessionWorker = !!sessionEntry;\n\n return new Promise((resolve, reject) => {\n const timeoutId = setTimeout(() => {\n try {\n if (isSessionWorker && effectiveSessionId) {\n // Release reserved session to avoid leaking worker/port\n this.releaseSigningSession(effectiveSessionId);\n } else {\n this.terminateAndReplaceWorker(worker);\n }\n } catch {}\n // Notify any open modal host to transition to error state\n try {\n const seconds = Math.round(timeoutMs / 1000);\n window.postMessage({ type: 'MODAL_TIMEOUT', payload: `Timed out after ${seconds}s, try again` }, '*');\n } catch {}\n reject(new Error(`Worker operation timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n\n const responses: WorkerResponseForRequest<T>[] = [];\n\n worker.onmessage = async (event) => {\n try {\n // Ignore control messages (lifecycle/session setup) – they are handled elsewhere.\n if (isSignerWorkerControlMessage(event?.data)) {\n return;\n }\n // Ignore readiness pings that can arrive if a worker was just spawned\n if (event?.data?.type === WorkerControlMessage.WORKER_READY || event?.data?.ready) {\n return; // not a response to an operation\n }\n // Use strong typing from WASM-generated types\n const response = event.data as WorkerResponseForRequest<T>;\n responses.push(response);\n\n // Handle progress updates using WASM-generated numeric enum values\n if (isWorkerProgress(response)) {\n const progressResponse = response as WorkerProgressResponse;\n onEvent?.(progressResponse.payload as onProgressEvents);\n return; // Continue listening for more messages\n }\n\n // Handle errors using WASM-generated enum\n if (isWorkerError(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorResponse = response as WorkerErrorResponse;\n console.error('Worker error response:', errorResponse);\n reject(new Error(errorResponse.payload.error));\n return;\n }\n\n // Handle successful completion types using strong typing\n if (isWorkerSuccess(response)) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n resolve(response as WorkerResponseForRequest<T>);\n return;\n }\n\n // If we reach here, the response doesn't match any expected type\n console.error('Unexpected worker response format:', {\n response,\n });\n\n // Check if it's a generic Error object\n if (isObject(response) && 'message' in response && 'stack' in response) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Worker sent generic Error object:', response);\n reject(new Error(`Worker sent generic error: ${(response as Error).message}`));\n return;\n }\n\n // Unknown response format\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n reject(new Error(`Unknown worker response format: ${JSON.stringify(response)}`));\n } catch (error: unknown) {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n console.error('Error processing worker message:', error);\n const err = toError(error);\n reject(new Error(`Worker message processing error: ${err.message}`));\n }\n };\n\n worker.onerror = (event) => {\n clearTimeout(timeoutId);\n if (!isSessionWorker) this.terminateAndReplaceWorker(worker);\n const errorMessage = event.error?.message || event.message || 'Unknown worker error';\n console.error('Worker error details (progress):', {\n message: errorMessage,\n filename: event.filename,\n lineno: event.lineno,\n colno: event.colno,\n error: event.error\n });\n reject(new Error(`Worker error: ${errorMessage}`));\n };\n\n // Format message for Rust SignerWorkerMessage structure using WASM types\n const formattedMessage = {\n type: message.type, // Numeric enum value from WorkerRequestType\n payload: finalPayload,\n };\n\n worker.postMessage(formattedMessage);\n });\n }\n\n /**\n * Derive NEAR keypair from a serialized WebAuthn registration credential\n */\n async deriveNearKeypairAndEncryptFromSerialized(args: {\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId;\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n }): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n }> {\n return deriveNearKeypairAndEncryptFromSerialized({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Secure private key decryption with dual PRF\n */\n async decryptPrivateKeyWithPrf(args: {\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n }): Promise<{\n decryptedPrivateKey: string;\n nearAccountId: AccountId\n }> {\n return decryptPrivateKeyWithPrf({ ctx: this.getContext(), ...args });\n }\n\n async checkCanRegisterUser(args: {\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n }): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: unknown;\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n }> {\n return checkCanRegisterUser({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Combined Device2 registration: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n *\n * This replaces the old two-step flow (register → authenticate → sign).\n * PRF.second and WrapKeySeed are already in the signer worker via MessagePort.\n */\n async registerDevice2WithDerivedKey(args: {\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey: string;\n }): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n error?: string;\n }> {\n return registerDevice2WithDerivedKey({ ctx: this.getContext(), ...args });\n }\n\n // === ACTION-BASED SIGNING METHODS ===\n\n /**\n * Sign multiple transactions with shared VRF challenge and credential\n * Efficiently processes multiple transactions with one PRF authentication\n */\n async signTransactionsWithActions(args: {\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload,\n onEvent?: (update: onProgressEvents) => void,\n confirmationConfigOverride?: Partial<ConfirmationConfig>,\n title?: string;\n body?: string;\n sessionId: string,\n }): Promise<Array<{\n signedTransaction: SignedTransaction;\n nearAccountId: AccountId;\n logs?: string[]\n }>> {\n return signTransactionsWithActions({\n ctx: this.getContext(),\n ...args\n });\n }\n\n async signDelegateAction(args: {\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n onEvent?: (update: onProgressEvents) => void;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n sessionId: string;\n }): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n }> {\n return signDelegateAction({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Recover keypair from authentication credential for account recovery\n * Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption\n */\n async recoverKeypairFromPasskey(args: {\n credential: WebAuthnAuthenticationCredential;\n accountIdHint?: string;\n sessionId: string,\n }): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /** Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for encrypted key */\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n }> {\n return recoverKeypairFromPasskey({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Extract COSE public key from WebAuthn attestation object\n * Simple operation that doesn't require TouchID or progress updates\n */\n async extractCosePublicKey(attestationObjectBase64url: string): Promise<Uint8Array> {\n return extractCosePublicKey({ ctx: this.getContext(), attestationObjectBase64url });\n }\n\n /**\n * Sign transaction with raw private key (for key replacement in Option D device linking)\n * No TouchID/PRF required - uses provided private key directly\n */\n async signTransactionWithKeyPair(args: {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n }): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n }> {\n return signTransactionWithKeyPair({ ctx: this.getContext(), ...args });\n }\n\n /**\n * Sign a NEP-413 message using the user's passkey-derived private key\n *\n * @param payload - NEP-413 signing parameters including message, recipient, nonce, and state\n * @returns Promise resolving to signing result with account ID, public key, and signature\n */\n async signNep413Message(payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string | null;\n accountId: string;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n sessionId: string;\n contractId?: string;\n nearRpcUrl?: string;\n }): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n }> {\n return signNep413Message({\n ctx: this.getContext(),\n payload\n });\n }\n\n /**\n * Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip')\n * - Decrypt inside worker\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\n async exportNearKeypairUi(args: {\n nearAccountId: AccountId,\n variant?: 'drawer'|'modal',\n theme?: 'dark'|'light',\n sessionId: string,\n }): Promise<void> {\n return exportNearKeypairUi({ ctx: this.getContext(), ...args });\n }\n\n}\n","import type { VRFWorkerMessage, VRFWorkerStatus, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport { toAccountId } from '../../../types/accountIds';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * \"Global\" VRF status: is the VRF keypair currently unlocked/active inside the VRF worker?\n *\n * This is NOT the same as a signing session status (WrapKeySeed session gating).\n * For per-`sessionId` signing-session status, use `checkSessionStatus`.\n */\nexport async function checkVrfStatus(ctx: VrfWorkerManagerHandlerContext): Promise<VRFWorkerStatus> {\n try {\n await ctx.ensureWorkerReady();\n } catch {\n // If initialization fails, return inactive status\n return { active: false, nearAccountId: null };\n }\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CHECK_VRF_STATUS',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success && response.data) {\n const data = response.data as { active: boolean; sessionDuration?: number };\n const current = ctx.getCurrentVrfAccountId();\n return {\n active: data.active,\n nearAccountId: current ? toAccountId(current) : null,\n sessionDuration: data.sessionDuration\n };\n }\n\n return { active: false, nearAccountId: null };\n } catch (error) {\n console.warn('VRF Manager: Failed to get VRF status:', error);\n return { active: false, nearAccountId: null };\n }\n}\n","import type { VRFWorkerMessage, WasmClearSessionRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Best-effort cleanup for a single VRF-owned signing session.\n *\n * Clears any VRF worker state bound to `sessionId`:\n * - cached WrapKeySeed session material (TTL/uses),\n * - cached VRF challenge (used for contract verification),\n * - and any attached WrapKeySeed MessagePort.\n *\n * Used by UI \"Lock\" actions and as a safety valve for session lifecycle cleanup.\n */\nexport async function clearSession(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n clearedSession: boolean;\n clearedChallenge: boolean;\n clearedPort: boolean;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmClearSessionRequest> = {\n type: 'CLEAR_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmClearSessionRequest>(message);\n if (!response.success) {\n throw new Error(`clearSession failed: ${response.error}`);\n }\n return (response.data as any) || {\n sessionId: args.sessionId,\n clearedSession: false,\n clearedChallenge: false,\n clearedPort: false,\n };\n}\n","import type { VRFWorkerMessage, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Full VRF logout: zeroize the in-memory VRF keypair and clear all VRF worker caches.\n *\n * This differs from `clearSession`, which only clears a single signing session (`sessionId`).\n * Use this when the user explicitly logs out / locks the VRF keypair.\n */\nexport async function clearVrfSession(ctx: VrfWorkerManagerHandlerContext): Promise<void> {\n console.debug('VRF Manager: Clearing VRF session...');\n\n await ctx.ensureWorkerReady();\n\n try {\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'CLEAR_VRF',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n };\n\n const response = await ctx.sendMessage(message);\n\n if (response.success) {\n // Clear the TypeScript-tracked account ID\n ctx.setCurrentVrfAccountId(null);\n console.debug('VRF Manager: VRF session cleared (key material zeroized)');\n } else {\n console.warn('️VRF Manager: Clear VRF failed:', response.error);\n }\n } catch (error) {\n console.warn('VRF Manager: Clear VRF error:', error);\n }\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type { EncryptedVRFKeypair, VRFWorkerMessage, WasmDevice2RegistrationSessionRequest } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Kick off the SecureConfirm flow for Device2 registration (\"link device\") and return the confirmed result.\n *\n * This is a bundled orchestration that can:\n * - collect a registration credential (PRF-capable),\n * - derive a deterministic VRF keypair for the new device,\n * - and return the data needed for storage + subsequent signing steps (tx context, VRF challenge, etc.).\n */\nexport async function confirmAndDeriveDevice2RegistrationSession(\n ctx: VrfWorkerManagerHandlerContext,\n params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }\n): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n}> {\n await ctx.ensureWorkerReady(true);\n\n const message: VRFWorkerMessage<WasmDevice2RegistrationSessionRequest> = {\n type: 'DEVICE2_REGISTRATION_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: params.sessionId,\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n contractId: params.contractId,\n nearRpcUrl: params.nearRpcUrl,\n wrapKeySalt: params.wrapKeySalt || '',\n // No confirmationConfig override for now; can add later if needed\n }\n };\n\n const response = await ctx.sendMessage<WasmDevice2RegistrationSessionRequest>(message);\n\n if (!response.success) {\n throw new Error(`Device2 registration session failed: ${response.error}`);\n }\n\n const data = response.data as any;\n\n if (!data.confirmed) {\n throw new Error(data.error || 'User rejected Device2 registration');\n }\n\n if (!data.credential) {\n throw new Error('Missing credential from Device2 registration session');\n }\n if (!data.vrfChallenge) {\n throw new Error('Missing vrfChallenge from Device2 registration session');\n }\n if (!data.transactionContext) {\n throw new Error('Missing transactionContext from Device2 registration session');\n }\n if (!data.wrapKeySalt) {\n throw new Error('Missing wrapKeySalt from Device2 registration session');\n }\n\n return {\n confirmed: true,\n sessionId: data.sessionId,\n credential: data.credential,\n vrfChallenge: data.vrfChallenge,\n transactionContext: data.transactionContext,\n wrapKeySalt: data.wrapKeySalt,\n requestId: data.requestId,\n intentDigest: data.intentDigest,\n deterministicVrfPublicKey: data.deterministicVrfPublicKey,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n };\n}\n","import type { TransactionInputWasm } from '../../../types/actions';\nimport { ActionType } from '../../../types/actions';\nimport type { RpcCallPayload, ConfirmationConfig } from '../../../types/signer-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { computeUiIntentDigestFromTxs, orderActionForDigest } from '../../txDigest';\nimport {\n SecureConfirmationType,\n type SecureConfirmRequest,\n type SignTransactionPayload,\n type TransactionSummary,\n type SerializableCredential,\n} from '../confirmTxFlow/types';\nimport type { SignNep413Payload } from '../confirmTxFlow/types';\nimport type { VrfWorkerManagerContext } from '..';\nimport type { VrfWorkerManagerHandlerContext } from './types';\nimport type { VRFWorkerMessage, WasmConfirmAndPrepareSigningSessionRequest } from '../../../types/vrf-worker';\n\nexport interface ConfirmAndPrepareSigningSessionBaseParams {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n}\n\nexport interface ConfirmAndPrepareSigningSessionTransactionParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'transaction';\n txSigningRequests: TransactionInputWasm[];\n rpcCall: RpcCallPayload;\n title?: string;\n body?: string;\n}\n\nexport interface ConfirmAndPrepareSigningSessionDelegateParams extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'delegate';\n nearAccountId: string;\n title?: string;\n body?: string;\n delegate: {\n senderId: string;\n receiverId: string;\n actions: TransactionInputWasm['actions'];\n nonce: string | number | bigint;\n maxBlockHeight: string | number | bigint;\n };\n rpcCall: RpcCallPayload;\n}\n\nexport interface ConfirmAndPrepareSigningSessionNep413Params extends ConfirmAndPrepareSigningSessionBaseParams {\n kind: 'nep413';\n nearAccountId: string;\n message: string;\n recipient: string;\n title?: string;\n body?: string;\n contractId?: string;\n nearRpcUrl?: string;\n}\n\nexport type ConfirmAndPrepareSigningSessionParams =\n | ConfirmAndPrepareSigningSessionTransactionParams\n | ConfirmAndPrepareSigningSessionDelegateParams\n | ConfirmAndPrepareSigningSessionNep413Params;\n\nexport interface ConfirmAndPrepareSigningSessionResult {\n sessionId: string;\n transactionContext: TransactionContext;\n intentDigest: string;\n credential?: SerializableCredential;\n}\n\n/**\n * Kick off the SecureConfirm signing flow inside the VRF worker.\n *\n * This creates a schemaVersion=2 `SecureConfirmRequest` (tx / delegate / NEP-413) and sends it to the\n * VRF worker, which will render UI, collect a WebAuthn credential when needed, and return the\n * `transactionContext` (reserved nonces, block hash/height) needed by the signer worker.\n */\nexport async function confirmAndPrepareSigningSession(\n handlerCtx: VrfWorkerManagerHandlerContext,\n params: ConfirmAndPrepareSigningSessionParams\n): Promise<ConfirmAndPrepareSigningSessionResult> {\n const { sessionId } = params;\n\n let intentDigest: string;\n let request: SecureConfirmRequest<SignTransactionPayload | SignNep413Payload, TransactionSummary>;\n\n switch (params.kind) {\n case 'transaction': {\n const txSigningRequests = params.txSigningRequests;\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'transaction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'delegate': {\n const txSigningRequests: TransactionInputWasm[] = [{\n receiverId: params.delegate.receiverId,\n actions: params.delegate.actions,\n } as TransactionInputWasm];\n\n intentDigest = await computeUiIntentDigestFromTxs(\n txSigningRequests.map(tx => ({\n receiverId: tx.receiverId,\n actions: tx.actions.map(orderActionForDigest),\n })) as TransactionInputWasm[]\n );\n\n const summary: TransactionSummary = {\n intentDigest,\n receiverId: txSigningRequests[0]?.receiverId,\n totalAmount: computeTotalAmountYocto(txSigningRequests),\n type: 'delegateAction',\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n delegate: {\n senderId: params.delegate.senderId,\n receiverId: params.delegate.receiverId,\n nonce: String(params.delegate.nonce),\n maxBlockHeight: String(params.delegate.maxBlockHeight),\n },\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_TRANSACTION,\n summary,\n payload: {\n txSigningRequests,\n intentDigest,\n rpcCall: params.rpcCall,\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n case 'nep413': {\n intentDigest = `${params.nearAccountId}:${params.recipient}:${params.message}`;\n const summary: TransactionSummary = {\n intentDigest,\n method: 'NEP-413',\n receiverId: params.recipient,\n ...(params.title != null ? { title: params.title } : {}),\n ...(params.body != null ? { body: params.body } : {}),\n };\n\n request = {\n schemaVersion: 2,\n requestId: sessionId,\n type: SecureConfirmationType.SIGN_NEP413_MESSAGE,\n summary,\n payload: {\n nearAccountId: params.nearAccountId,\n message: params.message,\n recipient: params.recipient,\n ...(params.contractId ? { contractId: params.contractId } : {}),\n ...(params.nearRpcUrl ? { nearRpcUrl: params.nearRpcUrl } : {}),\n },\n confirmationConfig: params.confirmationConfigOverride,\n intentDigest,\n };\n break;\n }\n default: {\n // Exhaustiveness guard\n // eslint-disable-next-line @typescript-eslint/no-unused-vars\n const _exhaustive: never = params;\n throw new Error('Unsupported signing session kind');\n }\n }\n\n await handlerCtx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmConfirmAndPrepareSigningSessionRequest> = {\n type: 'CONFIRM_AND_PREPARE_SIGNING_SESSION',\n id: handlerCtx.generateMessageId(),\n payload: {\n request,\n },\n };\n const response = await handlerCtx.sendMessage<WasmConfirmAndPrepareSigningSessionRequest>(message);\n if (!response.success) {\n throw new Error(`confirmAndPrepareSigningSession failed: ${response.error}`);\n }\n\n const decision = response.data as {\n confirmed?: boolean;\n error?: string;\n intent_digest?: string;\n transaction_context?: TransactionContext;\n credential?: SerializableCredential;\n };\n\n if (!decision?.confirmed) {\n throw new Error(decision?.error || 'User rejected signing request');\n }\n if (!decision.transaction_context) {\n throw new Error('Missing transactionContext from confirmation flow');\n }\n\n return {\n sessionId,\n transactionContext: decision.transaction_context,\n intentDigest: decision.intent_digest || intentDigest,\n credential: decision.credential,\n };\n}\n\nfunction computeTotalAmountYocto(txSigningRequests: TransactionInputWasm[]): string | undefined {\n try {\n let total = BigInt(0);\n for (const tx of txSigningRequests) {\n for (const action of tx.actions) {\n switch (action.action_type) {\n case ActionType.Transfer:\n total += BigInt(action.deposit || '0');\n break;\n case ActionType.FunctionCall:\n total += BigInt(action.deposit || '0');\n break;\n case ActionType.Stake:\n total += BigInt(action.stake || '0');\n break;\n default:\n break;\n }\n }\n }\n return total > BigInt(0) ? total.toString() : undefined;\n } catch {\n return undefined;\n }\n}\n","import { WorkerControlMessage } from '../../../workerControlMessages';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Create a VRF-owned MessageChannel for signing and return the signer-facing port.\n * VRF retains the sibling port for WrapKeySeed delivery.\n *\n * This is the first step in the VRF ↔ Signer \"warm session\" handshake:\n * - transfer Port1 to the VRF worker (sender),\n * - return Port2 so the caller can transfer it to the signer worker (receiver).\n */\nexport async function createSigningSessionChannel(\n ctx: VrfWorkerManagerHandlerContext,\n sessionId: string\n): Promise<MessagePort> {\n await ctx.ensureWorkerReady(true);\n const channel = new MessageChannel();\n try {\n ctx.postToWorker(\n { type: WorkerControlMessage.ATTACH_WRAP_KEY_SEED_PORT, sessionId },\n [channel.port1],\n );\n } catch (err) {\n console.error('[VrfWorkerManager] Failed to attach WrapKeySeed port to VRF worker', err);\n throw err;\n }\n return channel.port2;\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type {\n EncryptedVRFKeypair,\n ServerEncryptedVrfKeypair,\n VRFInputData,\n VRFWorkerMessage,\n WasmDeriveVrfKeypairFromPrfRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.\n */\nexport async function deriveVrfKeypairFromPrf(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData;\n saveInMemory?: boolean;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge | null;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n}> {\n const saveInMemory = args.saveInMemory ?? true;\n await ctx.ensureWorkerReady();\n\n const vrfInputData = args.vrfInputData;\n const hasVrfInputData = vrfInputData?.blockHash\n && vrfInputData?.blockHeight\n && vrfInputData?.userId\n && vrfInputData?.rpId;\n\n const message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest> = {\n type: 'DERIVE_VRF_KEYPAIR_FROM_PRF',\n id: ctx.generateMessageId(),\n payload: {\n credential: args.credential,\n nearAccountId: args.nearAccountId,\n saveInMemory,\n vrfInputData: hasVrfInputData ? {\n userId: vrfInputData.userId,\n rpId: vrfInputData.rpId,\n blockHeight: String(vrfInputData.blockHeight),\n blockHash: vrfInputData.blockHash,\n } : undefined,\n }\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF keypair derivation failed: ${response.error}`);\n }\n const data = response.data as {\n vrfPublicKey?: string;\n vrfChallengeData?: VRFChallenge;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair?: ServerEncryptedVrfKeypair | null;\n };\n\n const vrfPublicKey = data.vrfPublicKey || data.vrfChallengeData?.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key not found in response');\n }\n if (!data.encryptedVrfKeypair) {\n throw new Error('Encrypted VRF keypair not found in response');\n }\n\n const vrfChallenge = data.vrfChallengeData\n ? validateVRFChallenge({\n vrfInput: data.vrfChallengeData.vrfInput,\n vrfOutput: data.vrfChallengeData.vrfOutput,\n vrfProof: data.vrfChallengeData.vrfProof,\n vrfPublicKey: data.vrfChallengeData.vrfPublicKey,\n userId: data.vrfChallengeData.userId,\n rpId: data.vrfChallengeData.rpId,\n blockHeight: data.vrfChallengeData.blockHeight,\n blockHash: data.vrfChallengeData.blockHash,\n })\n : null;\n\n if (saveInMemory) {\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n console.debug(`VRF Manager: VRF keypair loaded in memory for ${args.nearAccountId}`);\n }\n\n return {\n vrfPublicKey,\n vrfChallenge,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: data.serverEncryptedVrfKeypair || null,\n };\n}\n","import type {\n VRFWorkerMessage,\n WasmMintSessionKeysAndSendToSignerRequest,\n} from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Mint/refresh a VRF-owned signing session and deliver WrapKey material to the signer worker.\n *\n * VRF WASM will:\n * - (optionally) gate on `verify_authentication_response` when `contractId` + `nearRpcUrl` are provided,\n * - derive WrapKeySeed from PRF.first_auth + the in-memory VRF secret key,\n * - choose/generate `wrapKeySalt` (when omitted/empty),\n * - upsert session metadata (TTL + remaining uses),\n * - and send `{ wrap_key_seed, wrapKeySalt, prfSecond? }` to the signer worker over the attached MessagePort.\n *\n * The main thread never receives WrapKeySeed; it only receives `wrapKeySalt` metadata.\n * This expects `createSigningSessionChannel` + signer port attachment to have happened for `sessionId`.\n */\nexport async function mintSessionKeysAndSendToSigner(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n sessionId: string;\n wrapKeySalt?: string;\n contractId?: string;\n nearRpcUrl?: string;\n ttlMs?: number;\n remainingUses?: number;\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n }\n): Promise<{ sessionId: string; wrapKeySalt: string }> {\n await ctx.ensureWorkerReady(true);\n\n const message: VRFWorkerMessage<WasmMintSessionKeysAndSendToSignerRequest> = {\n type: 'MINT_SESSION_KEYS_AND_SEND_TO_SIGNER',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n // Use empty string as a sentinel to tell the VRF worker to generate wrapKeySalt when none is provided.\n wrapKeySalt: args.wrapKeySalt ?? '',\n contractId: args.contractId,\n nearRpcUrl: args.nearRpcUrl,\n ttlMs: args.ttlMs,\n remainingUses: args.remainingUses,\n credential: args.credential,\n }\n };\n const response = await ctx.sendMessage<WasmMintSessionKeysAndSendToSignerRequest>(message);\n if (!response.success) {\n throw new Error(`mintSessionKeysAndSendToSigner failed: ${response.error}`);\n }\n // VRF WASM now delivers WrapKeySeed + wrapKeySalt directly to the signer worker via the\n // attached MessagePort; TS only needs to know that the session is prepared and\n // what wrapKeySalt was actually used (for new vault entries).\n const data = (response.data as unknown) as { sessionId: string; wrapKeySalt?: string } | undefined;\n const wrapKeySalt = data?.wrapKeySalt ?? args.wrapKeySalt ?? '';\n if (!wrapKeySalt) {\n throw new Error('mintSessionKeysAndSendToSigner: VRF worker did not return wrapKeySalt');\n }\n return { sessionId: data?.sessionId ?? args.sessionId, wrapKeySalt };\n}\n","import type { VRFWorkerMessage, WasmDispenseSessionKeyRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * \"Warm session\" path: dispense an existing VRF-owned session key to the signer worker.\n *\n * VRF WASM enforces TTL/usage limits for `sessionId`, then sends `{ wrap_key_seed, wrapKeySalt }`\n * over the attached MessagePort to the signer worker. This does not prompt for WebAuthn.\n */\nexport async function dispenseSessionKey(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string; uses?: number }\n): Promise<{\n sessionId: string;\n remainingUses?: number;\n expiresAtMs?: number;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmDispenseSessionKeyRequest> = {\n type: 'DISPENSE_SESSION_KEY',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n uses: args.uses,\n } as any,\n };\n const response = await ctx.sendMessage<WasmDispenseSessionKeyRequest>(message);\n if (!response.success) {\n throw new Error(`dispenseSessionKey failed: ${response.error}`);\n }\n return (response.data as any) || { sessionId: args.sessionId };\n}\n","import type {\n VRFInputData,\n VRFWorkerMessage,\n WasmGenerateVrfChallengeRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Generate a VRF challenge and cache it under `sessionId` inside the VRF worker.\n *\n * This is used by SecureConfirm flows so later steps (e.g. contract verification) can rely on\n * worker-owned challenge data instead of JS-provided state.\n */\nexport async function generateVrfChallengeForSession(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId: string\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData, sessionId);\n}\n\n/**\n * Generate a one-off VRF challenge without caching it in the VRF worker.\n *\n * Used for standalone WebAuthn prompts where we don't need to later look up the challenge by `sessionId`.\n */\nexport async function generateVrfChallengeOnce(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData);\n}\n\nasync function generateVrfChallengeInternal(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId?: string\n): Promise<VRFChallenge> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest> = {\n type: 'GENERATE_VRF_CHALLENGE',\n id: ctx.generateMessageId(),\n payload: {\n sessionId,\n vrfInputData: {\n userId: inputData.userId,\n rpId: inputData.rpId,\n blockHeight: String(inputData.blockHeight),\n blockHash: inputData.blockHash,\n },\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF challenge generation failed: ${response.error}`);\n }\n\n const data = response.data as unknown as VRFChallenge;\n console.debug('VRF Manager: VRF challenge generated successfully');\n return validateVRFChallenge(data);\n}\n","import type { VRFInputData } from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VRFWorkerMessage, WasmGenerateVrfKeypairBootstrapRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Registration bootstrap: generate a fresh random VRF keypair in the VRF worker and (optionally)\n * generate a VRF challenge from it.\n *\n * This solves the \"chicken-and-egg\" problem during registration where you need a VRF challenge\n * before you have PRF outputs to encrypt the VRF keypair. The generated VRF keypair lives in\n * VRF worker memory until it is later encrypted with PRF output.\n */\nexport async function generateVrfKeypairBootstrap(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId?: string;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n}> {\n await ctx.ensureWorkerReady();\n try {\n const message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest> = {\n type: 'GENERATE_VRF_KEYPAIR_BOOTSTRAP',\n id: ctx.generateMessageId(),\n payload: {\n // Include VRF input data if provided for challenge generation\n sessionId: args.sessionId,\n vrfInputData: args.vrfInputData\n ? {\n userId: args.vrfInputData.userId,\n rpId: args.vrfInputData.rpId,\n blockHeight: String(args.vrfInputData.blockHeight),\n blockHash: args.vrfInputData.blockHash,\n }\n : undefined,\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF bootstrap keypair generation failed: ${response.error}`);\n }\n const data = response.data as { vrf_challenge_data?: VRFChallenge; vrfPublicKey?: string };\n const challengeData = data.vrf_challenge_data as VRFChallenge | undefined;\n if (!challengeData) {\n throw new Error('VRF challenge data failed to be generated');\n }\n const vrfPublicKey = data.vrfPublicKey || challengeData.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key missing in bootstrap response');\n }\n if (args.vrfInputData && args.saveInMemory) {\n // Track the account ID for this VRF session if saving in memory\n ctx.setCurrentVrfAccountId(args.vrfInputData.userId);\n }\n\n // TODO: strong types generated by Rust wasm-bindgen\n return {\n vrfPublicKey,\n vrfChallenge: validateVRFChallenge({\n vrfInput: challengeData.vrfInput,\n vrfOutput: challengeData.vrfOutput,\n vrfProof: challengeData.vrfProof,\n vrfPublicKey: challengeData.vrfPublicKey,\n userId: challengeData.userId,\n rpId: challengeData.rpId,\n blockHeight: challengeData.blockHeight,\n blockHash: challengeData.blockHash,\n })\n }\n\n } catch (error: any) {\n console.error('VRF Manager: Bootstrap VRF keypair generation failed:', error);\n throw new Error(`Failed to generate bootstrap VRF keypair: ${error.message}`);\n }\n}\n","import type { VRFWorkerMessage, WasmCheckSessionStatusRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Per-`sessionId` signing-session status (WrapKeySeed session gating).\n *\n * This is NOT the same as the \"global\" VRF unlock status (whether the VRF keypair is active).\n * For VRF keypair unlock status, use `checkVrfStatus`.\n */\nexport async function checkSessionStatus(\n ctx: VrfWorkerManagerHandlerContext,\n args: { sessionId: string }\n): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmCheckSessionStatusRequest> = {\n type: 'CHECK_SESSION_STATUS',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n } as any,\n };\n const response = await ctx.sendMessage<WasmCheckSessionStatusRequest>(message);\n if (!response.success) {\n throw new Error(`checkSessionStatus failed: ${response.error}`);\n }\n return (\n (response.data as any) || {\n sessionId: args.sessionId,\n status: 'not_found',\n }\n );\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type { EncryptedVRFKeypair, VRFWorkerMessage } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Prepare an export/decrypt session by having the VRF worker derive and deliver WrapKeySeed\n * to the signer worker, using the VRF-owned confirmation flow.\n *\n * This is used by \"offline export\" / decrypt flows where secrets must not touch the main thread.\n */\nexport async function prepareDecryptSession(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n sessionId: string;\n nearAccountId: AccountId;\n wrapKeySalt: string;\n /**\n * Optional: local encrypted VRF keypair for this account/device.\n * Supplying this lets the VRF worker unlock the correct VRF secret in offline mode.\n */\n encryptedVrfKeypair?: EncryptedVRFKeypair;\n /**\n * Optional: expected VRF public key (base64url) for sanity checking/fallback derivation.\n */\n expectedVrfPublicKey?: string;\n }\n): Promise<void> {\n if (!args.wrapKeySalt) {\n throw new Error('wrapKeySalt is required for decrypt session');\n }\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<any> = {\n type: 'DECRYPT_SESSION',\n id: ctx.generateMessageId(),\n payload: {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n wrapKeySalt: args.wrapKeySalt,\n encryptedVrfKeypair: args.encryptedVrfKeypair,\n expectedVrfPublicKey: args.expectedVrfPublicKey,\n },\n };\n try {\n console.debug('[VRF] prepareDecryptSession: start', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n });\n const response = await ctx.sendMessage(message);\n if (!response.success) {\n console.error('[VRF] prepareDecryptSession: worker reported failure', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n error: response.error,\n });\n throw new Error(`prepareDecryptSession failed: ${response.error}`);\n }\n console.debug('[VRF] prepareDecryptSession: success', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n });\n } catch (error) {\n console.error('[VRF] prepareDecryptSession: error', {\n sessionId: args.sessionId,\n nearAccountId: String(args.nearAccountId),\n error,\n });\n throw error;\n }\n}\n","import type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport type { VrfWorkerManagerContext } from '../../';\nimport { runSecureConfirm } from '../../secureConfirmBridge';\nimport {\n SecureConfirmationType,\n type RegistrationSummary,\n type SecureConfirmRequest,\n} from '../types';\nimport {\n parseAndValidateRegistrationCredentialConfirmationPayload,\n type RegistrationCredentialConfirmationPayload,\n} from '../../../SignerWorkerManager/handlers/validation';\n\nexport async function requestRegistrationCredentialConfirmation({\n ctx,\n nearAccountId,\n deviceNumber,\n confirmerText,\n contractId,\n nearRpcUrl,\n confirmationConfig,\n}: {\n ctx: VrfWorkerManagerContext,\n nearAccountId: string,\n deviceNumber: number,\n confirmerText?: { title?: string; body?: string };\n contractId: string,\n nearRpcUrl: string,\n confirmationConfig?: Partial<ConfirmationConfig>,\n}): Promise<RegistrationCredentialConfirmationPayload> {\n\n // Ensure required fields are present; JSON.stringify drops undefined causing Rust parse failure\n const resolvedContractId = contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n // Use the first URL if defaults include a failover list\n const resolvedNearRpcUrl = nearRpcUrl\n || (PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl.split(',')[0] || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl);\n\n const requestId = (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `register-${Date.now()}-${Math.random().toString(16).slice(2)}`;\n\n const title = confirmerText?.title;\n const body = confirmerText?.body;\n const request: SecureConfirmRequest<{\n nearAccountId: string;\n deviceNumber: number;\n rpcCall: { contractId: string; nearRpcUrl: string; nearAccountId: string };\n }, RegistrationSummary> = {\n schemaVersion: 2,\n requestId,\n type: SecureConfirmationType.REGISTER_ACCOUNT,\n summary: {\n nearAccountId,\n deviceNumber,\n contractId: resolvedContractId,\n ...(title != null ? { title } : {}),\n ...(body != null ? { body } : {}),\n },\n payload: {\n nearAccountId,\n deviceNumber,\n rpcCall: {\n contractId: resolvedContractId,\n nearRpcUrl: resolvedNearRpcUrl,\n nearAccountId,\n },\n },\n confirmationConfig,\n intentDigest: `register:${nearAccountId}:${deviceNumber}`,\n };\n\n const decision = await runSecureConfirm(ctx, request);\n\n return parseAndValidateRegistrationCredentialConfirmationPayload({\n confirmed: decision.confirmed,\n requestId,\n intentDigest: decision.intentDigest || '',\n credential: decision.credential,\n vrfChallenge: decision.vrfChallenge,\n transactionContext: decision.transactionContext,\n error: decision.error,\n });\n}\n","import type { ConfirmationConfig } from '../../../types/signer-worker';\nimport type { RegistrationCredentialConfirmationPayload } from '../../SignerWorkerManager/handlers/validation';\nimport { requestRegistrationCredentialConfirmation as requestRegistrationCredentialConfirmationFlow } from '../confirmTxFlow/flows/requestRegistrationCredentialConfirmation';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Kick off the SecureConfirm UI flow for account registration and return the confirmed decision.\n *\n * This is used when the host (main thread) needs a registration credential + VRF challenge + NEAR context,\n * but the UI/confirmation orchestration lives in the VRF worker confirmation flow.\n */\nexport async function requestRegistrationCredentialConfirmation(\n ctx: VrfWorkerManagerHandlerContext,\n params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n contractId: string;\n nearRpcUrl: string;\n }\n): Promise<RegistrationCredentialConfirmationPayload> {\n const hostCtx = ctx.getContext();\n const decision = await requestRegistrationCredentialConfirmationFlow({\n ctx: hostCtx,\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n confirmerText: params.confirmerText,\n contractId: params.contractId,\n nearRpcUrl: params.nearRpcUrl,\n // Flow expects `confirmationConfig` on the request envelope; forward the override.\n confirmationConfig: params.confirmationConfigOverride,\n });\n\n if (!decision.confirmed) {\n throw new Error(decision.error || 'User rejected registration request');\n }\n if (!decision.credential) {\n throw new Error('Missing credential from registration confirmation');\n }\n if (!decision.vrfChallenge) {\n throw new Error('Missing vrfChallenge from registration confirmation');\n }\n if (!decision.transactionContext) {\n throw new Error('Missing transactionContext from registration confirmation');\n }\n\n return decision;\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type {\n VRFWorkerMessage,\n VRFWorkerResponse,\n WasmShamir3PassClientDecryptVrfKeypairRequest\n} from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Shamir 3-pass (client): decrypt/unlock a VRF keypair using a server-protected envelope.\n *\n * On success, the VRF keypair becomes active in the VRF worker and is bound (in TS state) to `nearAccountId`.\n */\nexport async function shamir3PassDecryptVrfKeypair(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n nearAccountId: AccountId;\n kek_s_b64u: string;\n ciphertextVrfB64u: string;\n serverKeyId: string;\n }\n): Promise<VRFWorkerResponse> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmShamir3PassClientDecryptVrfKeypairRequest> = {\n type: 'SHAMIR3PASS_CLIENT_DECRYPT_VRF_KEYPAIR',\n id: ctx.generateMessageId(),\n payload: {\n nearAccountId: args.nearAccountId,\n kek_s_b64u: args.kek_s_b64u,\n ciphertextVrfB64u: args.ciphertextVrfB64u,\n // Required key for server selection\n keyId: args.serverKeyId,\n },\n };\n const response = await ctx.sendMessage(message);\n if (response.success) {\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n }\n return response;\n}\n","import type { VRFWorkerMessage, WasmVrfWorkerRequestType } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Shamir 3-pass (client): encrypt the currently-unlocked VRF keypair for server lock flows.\n *\n * Returns ciphertext + client key share (`kek_s_b64u`) + server key id for subsequent unlock.\n */\nexport async function shamir3PassEncryptCurrentVrfKeypair(\n ctx: VrfWorkerManagerHandlerContext,\n): Promise<{\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n serverKeyId: string;\n}> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmVrfWorkerRequestType> = {\n type: 'SHAMIR3PASS_CLIENT_ENCRYPT_CURRENT_VRF_KEYPAIR',\n id: ctx.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType,\n };\n const response = await ctx.sendMessage(message);\n if (!response.success || !response.data) {\n throw new Error(`VRF encrypt-current failed: ${response.error}`);\n }\n const { ciphertextVrfB64u, kek_s_b64u, serverKeyId } = response.data as {\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n serverKeyId: string;\n };\n if (!ciphertextVrfB64u || !kek_s_b64u) {\n throw new Error('Invalid encrypt-current response');\n }\n if (!serverKeyId) {\n throw new Error('Server did not return keyId from apply-server-lock');\n }\n return { ciphertextVrfB64u, kek_s_b64u, serverKeyId };\n}\n","import type { AccountId } from '../../../types/accountIds';\nimport type {\n EncryptedVRFKeypair,\n VRFWorkerMessage,\n VRFWorkerResponse,\n WasmUnlockVrfKeypairRequest,\n} from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Unlock/load the VRF keypair into VRF worker memory using a WebAuthn authentication credential.\n *\n * This is the \"login\" / \"unlock\" path: the VRF worker decrypts the stored encrypted VRF keypair\n * using PRF output, and keeps it active in-memory for subsequent operations (challenge gen, sessions, etc.).\n */\nexport async function unlockVrfKeypair(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n credential: WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n onEvent?: (event: { type: string; data: { step: string; message: string } }) => void;\n }\n): Promise<VRFWorkerResponse> {\n await ctx.ensureWorkerReady(true);\n\n args.onEvent?.({\n type: 'loginProgress',\n data: {\n step: 'verifying-server',\n message: 'TouchId success! Unlocking VRF keypair...'\n }\n });\n\n const message: VRFWorkerMessage<WasmUnlockVrfKeypairRequest> = {\n type: 'UNLOCK_VRF_KEYPAIR',\n id: ctx.generateMessageId(),\n payload: {\n nearAccountId: args.nearAccountId,\n encryptedVrfKeypair: args.encryptedVrfKeypair,\n credential: args.credential,\n }\n };\n\n const response = await ctx.sendMessage(message);\n if (response.success) {\n // Track the current VRF session account at TypeScript level\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n console.debug(`VRF Manager: VRF keypair unlocked for ${args.nearAccountId}`);\n } else {\n console.error('VRF Manager: Failed to unlock VRF keypair:', response.error);\n console.error('VRF Manager: Full response:', JSON.stringify(response, null, 2));\n console.error('VRF Manager: Message that was sent:', JSON.stringify(message, null, 2));\n }\n\n return response;\n}\n","/**\n * VRF Manager\n * Uses Web Workers for VRF keypair management with client-hosted worker files.\n */\n\nimport type {\n VRFWorkerStatus,\n VrfWorkerManagerConfig,\n EncryptedVRFKeypair,\n VRFInputData,\n VRFWorkerMessage,\n VRFWorkerResponse,\n ServerEncryptedVrfKeypair,\n WasmVrfWorkerRequestType,\n WasmShamir3PassConfigPRequest,\n WasmShamir3PassConfigServerUrlsRequest,\n} from '../../types/vrf-worker';\nimport type { VRFChallenge } from '../../types/vrf-worker';\nimport { BUILD_PATHS } from '../../../../build-paths.js';\nimport { resolveWorkerUrl } from '../../sdkPaths';\nimport type { AccountId } from '../../types/accountIds';\nimport type { TouchIdPrompt } from '../touchIdPrompt';\nimport type { NearClient } from '../../NearClient';\nimport type { UnifiedIndexedDBManager } from '../../IndexedDBManager';\nimport type { UserPreferencesManager } from '../userPreferences';\nimport type { NonceManager } from '../../nonceManager';\nimport {\n SecureConfirmMessageType,\n type SecureConfirmRequest,\n type SerializableCredential,\n} from './confirmTxFlow/types';\nimport type { TransactionInputWasm } from '../../types/actions';\nimport type { RpcCallPayload, ConfirmationConfig } from '../../types/signer-worker';\nimport type { TransactionContext } from '../../types/rpc';\nimport type { RegistrationCredentialConfirmationPayload } from '../SignerWorkerManager/handlers/validation';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../types/webauthn';\nimport { handlePromptUserConfirmInJsMainThread } from './confirmTxFlow';\nimport type { VrfWorkerManagerHandlerContext } from './handlers/types';\nimport {\n checkVrfStatus,\n clearSession,\n clearVrfSession,\n confirmAndDeriveDevice2RegistrationSession,\n confirmAndPrepareSigningSession,\n createSigningSessionChannel,\n deriveVrfKeypairFromPrf,\n mintSessionKeysAndSendToSigner,\n dispenseSessionKey,\n generateVrfChallengeForSession,\n generateVrfChallengeOnce,\n generateVrfKeypairBootstrap,\n checkSessionStatus,\n prepareDecryptSession,\n requestRegistrationCredentialConfirmation,\n shamir3PassDecryptVrfKeypair,\n shamir3PassEncryptCurrentVrfKeypair,\n unlockVrfKeypair,\n} from './handlers';\n\n/**\n * VRF-owned host context passed into confirmTxFlow.\n */\nexport interface VrfWorkerManagerContext {\n touchIdPrompt: TouchIdPrompt;\n nearClient: NearClient;\n indexedDB: UnifiedIndexedDBManager;\n userPreferencesManager: UserPreferencesManager;\n nonceManager: NonceManager;\n rpIdOverride?: string;\n nearExplorerUrl?: string;\n vrfWorkerManager?: SessionVrfWorkerManager;\n}\n\n/**\n * Narrow VRF manager surface used by confirmTxFlow. This interface only exposes\n * session-bound operations so confirm flows cannot accidentally call the\n * low-level helpers that take an optional sessionId.\n */\nexport interface SessionVrfWorkerManager {\n generateVrfKeypairBootstrap(args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId: string;\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n }>;\n\n generateVrfChallengeForSession(inputData: VRFInputData, sessionId: string): Promise<VRFChallenge>;\n\n mintSessionKeysAndSendToSigner(args: {\n sessionId: string;\n wrapKeySalt?: string;\n contractId?: string;\n nearRpcUrl?: string;\n ttlMs?: number;\n remainingUses?: number;\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n }): Promise<{ sessionId: string; wrapKeySalt: string }>;\n\n dispenseSessionKey(args: {\n sessionId: string;\n uses?: number;\n }): Promise<{\n sessionId: string;\n remainingUses?: number;\n expiresAtMs?: number;\n }>;\n\n prepareDecryptSession(args: {\n sessionId: string;\n nearAccountId: AccountId;\n wrapKeySalt: string;\n encryptedVrfKeypair?: EncryptedVRFKeypair;\n expectedVrfPublicKey?: string;\n }): Promise<void>;\n\n requestRegistrationCredentialConfirmation(params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n contractId: string;\n nearRpcUrl: string;\n }): Promise<RegistrationCredentialConfirmationPayload>;\n\n confirmAndDeriveDevice2RegistrationSession(params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n }>;\n\n checkVrfStatus(): Promise<VRFWorkerStatus>;\n}\n\n/**\n * VRF Worker Manager\n *\n * This class manages VRF operations using Web Workers for:\n * - VRF keypair unlocking (login)\n * - VRF challenge generation (authentication)\n * - Session management (browser session only)\n * - Client-hosted worker files\n */\nexport class VrfWorkerManager {\n private vrfWorker: Worker | null = null;\n private initializationPromise: Promise<void> | null = null;\n private messageId = 0;\n private config: VrfWorkerManagerConfig;\n private currentVrfAccountId: string | null = null;\n private workerBaseOrigin: string | undefined;\n private context: VrfWorkerManagerContext;\n\n constructor(config: VrfWorkerManagerConfig, context: VrfWorkerManagerContext) {\n this.config = {\n // Default to client-hosted worker file using centralized config\n vrfWorkerUrl: BUILD_PATHS.RUNTIME.VRF_WORKER,\n workerTimeout: 60_000,\n debug: false,\n ...config\n };\n // Attach a self-reference so confirmTxFlow helpers can call back into VRF APIs.\n this.context = {\n ...context,\n vrfWorkerManager: this,\n };\n }\n\n /**\n * Context used by confirmTxFlow for VRF-driven flows.\n */\n getContext(): VrfWorkerManagerContext {\n return this.context;\n }\n\n private getHandlerContext(): VrfWorkerManagerHandlerContext {\n return {\n ensureWorkerReady: this.ensureWorkerReady.bind(this),\n sendMessage: this.sendMessage.bind(this),\n generateMessageId: this.generateMessageId.bind(this),\n getContext: this.getContext.bind(this),\n postToWorker: (message: unknown, transfer?: Transferable[]) => {\n if (!this.vrfWorker) {\n throw new Error('VRF Web Worker not available');\n }\n this.vrfWorker.postMessage(message, transfer as any);\n },\n getCurrentVrfAccountId: () => this.currentVrfAccountId,\n setCurrentVrfAccountId: (next: string | null) => {\n this.currentVrfAccountId = next;\n },\n };\n }\n\n /**\n * Create a VRF-owned MessageChannel for signing and return the signer-facing port.\n * VRF retains the sibling port for WrapKeySeed delivery.\n */\n async createSigningSessionChannel(sessionId: string): Promise<MessagePort> {\n return createSigningSessionChannel(this.getHandlerContext(), sessionId);\n }\n\n /**\n * Derive WrapKeySeed in the VRF worker and deliver it (along with PRF.second if credential provided)\n * to the signer worker via the registered port.\n */\n async mintSessionKeysAndSendToSigner(args: {\n sessionId: string;\n // Optional vault wrapKeySalt. When omitted or empty, VRF worker will generate a fresh wrapKeySalt.\n wrapKeySalt?: string;\n // Optional contract verification context; when provided, VRF Rust will call\n // verify_authentication_response before deriving WrapKeySeed.\n contractId?: string;\n nearRpcUrl?: string;\n // Optional signing-session config. When omitted, VRF worker uses defaults.\n ttlMs?: number;\n remainingUses?: number;\n // Optional credential for PRF.second extraction (registration or authentication)\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n }): Promise<{ sessionId: string; wrapKeySalt: string }> {\n return mintSessionKeysAndSendToSigner(this.getHandlerContext(), args);\n }\n\n /**\n * Dispense an existing VRF-owned session key (WrapKeySeed + wrapKeySalt) over the\n * attached MessagePort for `sessionId`, enforcing TTL/usage in the VRF worker.\n *\n * This is the primitive needed for \"warm\" signing sessions: 1 VRF worker → N one-shot signer workers.\n */\n async dispenseSessionKey(args: {\n sessionId: string;\n uses?: number;\n }): Promise<{\n sessionId: string;\n remainingUses?: number;\n expiresAtMs?: number;\n }> {\n return dispenseSessionKey(this.getHandlerContext(), args);\n }\n\n /**\n * Query VRF-owned signing session status for UI introspection.\n * This does not prompt and does not reveal secrets; it only returns metadata.\n */\n async checkSessionStatus(args: {\n sessionId: string;\n }): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n }> {\n return checkSessionStatus(this.getHandlerContext(), args);\n }\n\n /**\n * Clear VRF-owned signing session material for a given `sessionId`.\n * Intended for explicit \"Lock\" actions or lifecycle cleanup.\n */\n async clearSession(args: {\n sessionId: string;\n }): Promise<{\n sessionId: string;\n clearedSession: boolean;\n clearedChallenge: boolean;\n clearedPort: boolean;\n }> {\n return clearSession(this.getHandlerContext(), args);\n }\n\n /**\n * VRF-driven decrypt session for export flows.\n * Kicks off a LocalOnly DECRYPT_PRIVATE_KEY_WITH_PRF confirm via VRF Rust and derives\n * WrapKeySeed using the vault-provided wrapKeySalt. WrapKeySeed + wrapKeySalt are sent to the signer over\n * the dedicated MessagePort for the given sessionId.\n */\n async prepareDecryptSession(args: {\n sessionId: string;\n nearAccountId: AccountId;\n wrapKeySalt: string;\n encryptedVrfKeypair?: EncryptedVRFKeypair;\n expectedVrfPublicKey?: string;\n }): Promise<void> {\n return prepareDecryptSession(this.getHandlerContext(), args);\n }\n\n /**\n * VRF-driven confirmation + WrapKeySeed derivation for signing flows.\n * Runs confirmTxFlow on the main thread, derives WrapKeySeed in the VRF worker, and returns\n * the session metadata needed by the signer worker. WrapKeySeed itself travels only over the\n * reserved MessagePort registered via registerSignerWrapKeySeedPort.\n */\n async confirmAndPrepareSigningSession(params: {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n kind: 'transaction';\n txSigningRequests: TransactionInputWasm[];\n rpcCall: RpcCallPayload;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n } | {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n kind: 'delegate';\n nearAccountId: string;\n title?: string;\n body?: string;\n delegate: {\n senderId: string;\n receiverId: string;\n actions: TransactionInputWasm['actions'];\n nonce: string | number | bigint;\n maxBlockHeight: string | number | bigint;\n };\n rpcCall: RpcCallPayload;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n } | {\n ctx: VrfWorkerManagerContext;\n sessionId: string;\n kind: 'nep413';\n nearAccountId: string;\n message: string;\n recipient: string;\n title?: string;\n body?: string;\n contractId?: string;\n nearRpcUrl?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n }): Promise<{\n sessionId: string;\n transactionContext: TransactionContext;\n intentDigest: string;\n credential?: SerializableCredential;\n }> {\n return confirmAndPrepareSigningSession(this.getHandlerContext(), params);\n }\n\n /**\n * VRF-driven helper for registration confirmation.\n * Runs confirmTxFlow on the main thread and returns registration artifacts.\n * WrapKeySeed derivation is handled later when we call into signing/derivation\n * flows with PRF + withSigningSession.\n */\n async requestRegistrationCredentialConfirmation(params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n contractId: string;\n nearRpcUrl: string;\n }): Promise<RegistrationCredentialConfirmationPayload> {\n return requestRegistrationCredentialConfirmation(this.getHandlerContext(), params);\n }\n\n /**\n * Combined Device2 registration session: single WebAuthn ceremony for credential + WrapKeySeed derivation.\n *\n * This method orchestrates the complete Device2 registration flow:\n * 1. Runs a VRF-driven registration confirmation (single TouchID prompt)\n * 2. Extracts PRF.first from the credential and derives WrapKeySeed\n * 3. Sends WrapKeySeed to signer worker via MessagePort (never exposed to JS)\n * 4. Returns credential (with PRF.second embedded), vrfChallenge, transactionContext, wrapKeySalt\n *\n * The signer worker can then use PRF.second for NEAR key derivation and WrapKeySeed for encryption.\n */\n async confirmAndDeriveDevice2RegistrationSession(params: {\n sessionId: string;\n nearAccountId: AccountId;\n deviceNumber: number;\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: object;\n wrapKeySalt?: string;\n }): Promise<{\n confirmed: boolean;\n sessionId: string;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n wrapKeySalt: string;\n requestId: string;\n intentDigest: string;\n deterministicVrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n error?: string;\n }> {\n return confirmAndDeriveDevice2RegistrationSession(this.getHandlerContext(), params);\n }\n\n setWorkerBaseOrigin(origin: string | undefined): void {\n this.workerBaseOrigin = origin;\n }\n\n /**\n * Ensure VRF worker is ready for operations\n * @param requireHealthCheck - Whether to perform health check after initialization\n */\n private async ensureWorkerReady(requireHealthCheck = false): Promise<void> {\n if (this.initializationPromise) {\n await this.initializationPromise;\n } else if (!this.vrfWorker) {\n await this.initialize();\n }\n if (!this.vrfWorker) {\n throw new Error('VRF Worker failed to initialize');\n }\n // Optional health check for critical operations\n if (requireHealthCheck) {\n try {\n const healthResponse = await this.sendMessage({\n type: 'PING',\n id: this.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n }, 3000);\n\n if (!healthResponse.success) {\n throw new Error('VRF Worker failed health check');\n }\n } catch (error) {\n console.error('VRF Manager: Health check failed:', error);\n throw new Error('VRF Worker failed health check');\n }\n }\n }\n\n /**\n * Initialize VRF functionality using Web Workers\n */\n async initialize(): Promise<void> {\n if (this.initializationPromise) {\n return this.initializationPromise;\n }\n // =============================================================\n // This improved error handling ensures that:\n // 1. Initialization failures are properly logged with full details\n // 2. Errors are re-thrown to callers (no silent swallowing)\n // 3. Failed initialization promise is reset for retry\n // 4. Debug logs actually appear in test output\n this.initializationPromise = this.createVrfWorker().catch(error => {\n console.error('VRF Manager: Initialization failed:', error);\n console.error('VRF Manager: Error details:', {\n message: error.message,\n stack: error.stack,\n name: error.name\n });\n // Reset promise so initialization can be retried\n this.initializationPromise = null;\n throw error; // Re-throw so callers know it failed\n });\n\n const result = await this.initializationPromise;\n return result;\n }\n\n /**\n * Initialize Web Worker with client-hosted VRF worker\n */\n private async createVrfWorker(): Promise<void> {\n try {\n const relativePath = this.config.vrfWorkerUrl || BUILD_PATHS.RUNTIME.VRF_WORKER;\n const vrfUrlStr = resolveWorkerUrl(relativePath, { worker: 'vrf', baseOrigin: this.workerBaseOrigin })\n console.debug('VRF Manager: Worker URL:', vrfUrlStr);\n // Create Web Worker from resolved URL\n this.vrfWorker = new Worker(vrfUrlStr, {\n type: 'module',\n name: 'Web3AuthnVRFWorker'\n });\n // Set up error handling\n this.vrfWorker.onerror = (error) => {\n console.error('VRF Manager: Web Worker error:', error);\n };\n // Test communication with the Web Worker\n await this.testWebWorkerCommunication();\n\n // Configure Shamir P if provided\n if (this.config.shamirPB64u) {\n const resp = await this.sendMessage<WasmShamir3PassConfigPRequest>({\n type: 'SHAMIR3PASS_CONFIG_P',\n id: this.generateMessageId(),\n payload: { p_b64u: this.config.shamirPB64u }\n });\n if (!resp.success) {\n throw new Error(`Failed to configure Shamir P: ${resp.error}`);\n }\n }\n\n // Configure relay server URLs if provided\n if (this.config.relayServerUrl && this.config.applyServerLockRoute && this.config.removeServerLockRoute) {\n const resp2 = await this.sendMessage<WasmShamir3PassConfigServerUrlsRequest>({\n type: 'SHAMIR3PASS_CONFIG_SERVER_URLS',\n id: this.generateMessageId(),\n payload: {\n relayServerUrl: this.config.relayServerUrl,\n applyLockRoute: this.config.applyServerLockRoute,\n removeLockRoute: this.config.removeServerLockRoute,\n }\n });\n if (!resp2.success) {\n throw new Error(`Failed to configure Shamir server URLs: ${resp2.error}`);\n }\n }\n\n } catch (error: any) {\n throw new Error(`VRF Web Worker initialization failed: ${error.message}`);\n }\n }\n\n /**\n * Send message to Web Worker and wait for response\n */\n private async sendMessage<T extends WasmVrfWorkerRequestType>(\n message: VRFWorkerMessage<T>,\n customTimeout?: number\n ): Promise<VRFWorkerResponse> {\n return new Promise((resolve, reject) => {\n if (!this.vrfWorker) {\n reject(new Error('VRF Web Worker not available'));\n return;\n }\n\n const timeoutMs = (customTimeout ?? this.config.workerTimeout ?? 60_000);\n const timeout = setTimeout(() => {\n reject(new Error(`VRF Web Worker communication timeout (${timeoutMs}ms) for message type: ${message.type}`));\n }, timeoutMs);\n\n const handleMessage = (event: MessageEvent) => {\n const payload = event.data as VRFWorkerResponse | {\n type?: unknown;\n data?: unknown;\n };\n\n // Intercept SecureConfirm handshake messages from the VRF worker and\n // dispatch them through confirmTxFlow on the main thread. The decision\n // is sent back to the worker as USER_PASSKEY_CONFIRM_RESPONSE and\n // consumed by awaitSecureConfirmationV2; this should not resolve the\n // original VRF request promise.\n if ((payload as any)?.type === SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD) {\n const env = payload as {\n type: SecureConfirmMessageType.PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD;\n data: SecureConfirmRequest;\n };\n const ctx = this.getContext();\n if (!this.vrfWorker) {\n console.error('[VRF] SecureConfirm: vrfWorker missing for PROMPT_USER_CONFIRM_IN_JS_MAIN_THREAD');\n return;\n }\n void handlePromptUserConfirmInJsMainThread(ctx, env, this.vrfWorker);\n return;\n }\n\n const response = payload as VRFWorkerResponse;\n if (response.id === message.id) {\n clearTimeout(timeout);\n this.vrfWorker!.removeEventListener('message', handleMessage);\n resolve(response);\n }\n };\n\n this.vrfWorker.addEventListener('message', handleMessage);\n this.vrfWorker.postMessage(message);\n });\n }\n\n /**\n * Generate unique message ID\n */\n private generateMessageId(): string {\n return `vrf_${Date.now()}_${++this.messageId}`;\n }\n\n /**\n * Unlock VRF keypair in Web Worker memory using PRF output\n * This is called during login to decrypt and load the VRF keypair in-memory\n */\n async unlockVrfKeypair(args: {\n credential: WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n onEvent?: (event: { type: string; data: { step: string; message: string } }) => void;\n }): Promise<VRFWorkerResponse> {\n return unlockVrfKeypair(this.getHandlerContext(), args);\n }\n\n async generateVrfChallengeForSession(inputData: VRFInputData, sessionId: string): Promise<VRFChallenge> {\n return generateVrfChallengeForSession(this.getHandlerContext(), inputData, sessionId);\n }\n\n async generateVrfChallengeOnce(inputData: VRFInputData): Promise<VRFChallenge> {\n return generateVrfChallengeOnce(this.getHandlerContext(), inputData);\n }\n\n /**\n * Get current VRF session status\n */\n async checkVrfStatus(): Promise<VRFWorkerStatus> {\n return checkVrfStatus(this.getHandlerContext());\n }\n\n /**\n * Logout and clear VRF session\n */\n async clearVrfSession(): Promise<void> {\n return clearVrfSession(this.getHandlerContext());\n }\n\n /**\n * Set the current VRF account ID at the TypeScript level\n * Used after VRF keypair is loaded in WASM memory (e.g., after deriveVrfKeypairFromPrf)\n * to track which account has an active VRF session\n */\n setCurrentVrfAccountId(nearAccountId: AccountId): void {\n this.currentVrfAccountId = nearAccountId;\n console.debug(`VRF Manager: Current VRF account ID set to ${nearAccountId}`);\n }\n\n /**\n * Generate VRF keypair for bootstrapping - stores in memory unencrypted temporarily\n * This is used during registration to generate a VRF keypair that will be used for\n * WebAuthn ceremony and later encrypted with the real PRF output\n *\n * @param saveInMemory - Always true for bootstrap (VRF keypair stored in memory)\n * @param vrfInputParams - Optional parameters to generate VRF challenge/proof in same call\n * @returns VRF public key and optionally VRF challenge data\n */\n async generateVrfKeypairBootstrap(args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId?: string;\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n }> {\n return generateVrfKeypairBootstrap(this.getHandlerContext(), args);\n }\n\n /**\n * Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.\n * Optionally generates VRF challenge if input parameters are provided\n * This enables deterministic VRF key derivation without needing stored VRF keypairs\n *\n * @param credential - WebAuthn credential containing PRF outputs\n * @param nearAccountId - NEAR account ID for key derivation salt\n * @param vrfInputParams - Optional VRF input parameters for challenge generation\n * @returns Deterministic VRF public key, optional VRF challenge, and encrypted VRF keypair for storage\n */\n async deriveVrfKeypairFromPrf(args: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData; // optional, for challenge generation\n saveInMemory?: boolean; // optional, whether to save in worker memory\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge | null;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }> {\n return deriveVrfKeypairFromPrf(this.getHandlerContext(), args);\n }\n\n /**\n * This securely decrypts the shamir3Pass encrypted VRF keypair and loads it into memory\n * It performs Shamir-3-Pass commutative decryption within WASM worker with the relay-server\n */\n async shamir3PassDecryptVrfKeypair(args: {\n nearAccountId: AccountId;\n kek_s_b64u: string;\n ciphertextVrfB64u: string;\n serverKeyId: string;\n }): Promise<VRFWorkerResponse> {\n return shamir3PassDecryptVrfKeypair(this.getHandlerContext(), args);\n }\n\n /**\n * Shamir 3-pass: encrypt the currently unlocked VRF keypair under the server key\n * Returns a fresh serverEncryptedVrfKeypair blob for IndexedDB.\n * Requires: current VRF keypair is unlocked and present in worker memory.\n */\n async shamir3PassEncryptCurrentVrfKeypair(): Promise<{\n ciphertextVrfB64u: string;\n kek_s_b64u: string;\n serverKeyId: string;\n }> {\n return shamir3PassEncryptCurrentVrfKeypair(this.getHandlerContext());\n }\n\n /**\n * Test Web Worker communication\n */\n private async testWebWorkerCommunication(): Promise<void> {\n try {\n const timeoutMs = 2000;\n const pingResponse = await this.sendMessage({\n type: 'PING',\n id: this.generateMessageId(),\n payload: {} as WasmVrfWorkerRequestType\n }, timeoutMs);\n if (!pingResponse.success) {\n throw new Error(`VRF Web Worker PING failed: ${pingResponse.error}`);\n }\n return;\n } catch (error: any) {\n console.warn(`️VRF Manager: testWebWorkerCommunication failed:`, error.message);\n }\n }\n}\n","import { ConfirmationConfig, DEFAULT_CONFIRMATION_CONFIG } from '../types/signer-worker';\nimport type { AccountId } from '../types/accountIds';\nimport { IndexedDBManager, type IndexedDBEvent } from '../IndexedDBManager';\n\n\nexport class UserPreferencesManager {\n private themeChangeListeners: Set<(theme: 'dark' | 'light') => void> = new Set();\n private confirmationConfigChangeListeners: Set<(config: ConfirmationConfig) => void> = new Set();\n private currentUserAccountId: AccountId | undefined;\n private confirmationConfig: ConfirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n // Optional app-provided default theme (e.g., configs.walletTheme). This is NOT a per-user preference.\n private walletThemeOverride: 'dark' | 'light' | null = null;\n // Prevent multiple one-time environment syncs per session\n private envThemeSyncedForSession = false;\n\n constructor() {\n // Subscribe to IndexedDB change events for automatic sync\n this.subscribeToIndexedDBChanges();\n }\n\n /**\n * Apply an app-provided default theme (e.g., `configs.walletTheme`) without\n * persisting it as a per-user preference in IndexedDB.\n *\n * This also disables the one-time environment theme sync so host appearance\n * (e.g., VitePress `html.dark`) cannot override an explicit config.\n */\n configureWalletTheme(theme?: 'dark' | 'light'): void {\n if (theme !== 'dark' && theme !== 'light') return;\n this.walletThemeOverride = theme;\n // If integrator explicitly configured a theme, do not auto-sync from environment.\n this.envThemeSyncedForSession = true;\n if (this.confirmationConfig.theme !== theme) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme,\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n }\n }\n\n /**\n * Register a callback for theme change events\n */\n onThemeChange(callback: (theme: 'dark' | 'light') => void): () => void {\n this.themeChangeListeners.add(callback);\n return () => {\n this.themeChangeListeners.delete(callback);\n };\n }\n\n /**\n * Register a callback for confirmation config changes.\n * Used to keep app UI in sync with the wallet host in wallet-iframe mode.\n */\n onConfirmationConfigChange(callback: (config: ConfirmationConfig) => void): () => void {\n this.confirmationConfigChangeListeners.add(callback);\n return () => {\n this.confirmationConfigChangeListeners.delete(callback);\n };\n }\n\n /**\n * Notify all registered listeners of theme changes\n */\n private notifyThemeChange(theme: 'dark' | 'light'): void {\n if (this.themeChangeListeners.size === 0) {\n // In many environments (e.g., wallet iframe host), there may be no UI subscribers.\n // Use debug to avoid noisy warnings while still being helpful during development.\n console.debug(`[UserPreferencesManager]: No listeners registered, theme change will not propagate.`);\n return;\n }\n\n let index = 0;\n this.themeChangeListeners.forEach((listener) => {\n index++;\n try {\n listener(theme);\n } catch (error: any) {\n }\n });\n }\n\n private notifyConfirmationConfigChange(config: ConfirmationConfig): void {\n if (this.confirmationConfigChangeListeners.size === 0) return;\n this.confirmationConfigChangeListeners.forEach((listener) => {\n try {\n listener(config);\n } catch {}\n });\n }\n\n /**\n * Best-effort async initialization from IndexedDB.\n *\n * Callers decide when to invoke this so environments that must avoid\n * app-origin IndexedDB (wallet-iframe mode) can skip it entirely.\n */\n async initFromIndexedDB(): Promise<void> {\n try {\n await this.loadUserSettings();\n } catch (error) {\n console.warn('[WebAuthnManager]: Failed to initialize user settings:', error);\n // Keep default settings if loading fails\n }\n }\n\n /**\n * Subscribe to IndexedDB change events for automatic synchronization\n */\n private subscribeToIndexedDBChanges(): void {\n // Subscribe to IndexedDB change events\n this.unsubscribeFromIndexedDB = IndexedDBManager.clientDB.onChange((event) => {\n this.handleIndexedDBEvent(event);\n });\n }\n\n /**\n * Handle IndexedDB change events.\n * @param event - The IndexedDBEvent: `user-updated`, `preferences-updated`, `user-deleted` to handle.\n */\n private async handleIndexedDBEvent(event: IndexedDBEvent): Promise<void> {\n try {\n switch (event.type) {\n case 'preferences-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-updated':\n // Check if this affects the current user\n if (event.accountId === this.currentUserAccountId) {\n await this.reloadUserSettings();\n }\n break;\n\n case 'user-deleted':\n // Check if the deleted user was the current user\n if (event.accountId === this.currentUserAccountId) {\n this.currentUserAccountId = undefined;\n this.confirmationConfig = DEFAULT_CONFIRMATION_CONFIG;\n }\n break;\n }\n } catch (error) {\n console.warn('[WebAuthnManager]: Error handling IndexedDB event:', error);\n }\n }\n\n /**\n * Unsubscribe function for IndexedDB events\n */\n private unsubscribeFromIndexedDB?: () => void;\n\n /**\n * Clean up resources and unsubscribe from events\n */\n destroy(): void {\n if (this.unsubscribeFromIndexedDB) {\n this.unsubscribeFromIndexedDB();\n this.unsubscribeFromIndexedDB = undefined;\n }\n // Clear all theme change listeners\n this.themeChangeListeners.clear();\n this.confirmationConfigChangeListeners.clear();\n }\n\n getCurrentUserAccountId(): AccountId {\n if (!this.currentUserAccountId) {\n console.debug('[UserPreferencesManager]: getCurrentUserAccountId called with no current user; returning empty id');\n // Return an empty string to keep callers defensive; most consumers\n // already treat falsy accountIds as \"no-op\"/logged‑out.\n return '' as AccountId;\n }\n return this.currentUserAccountId;\n }\n\n getConfirmationConfig(): ConfirmationConfig {\n return this.confirmationConfig;\n }\n\n /**\n * Apply an authoritative confirmation config snapshot from the wallet-iframe host.\n * This updates in-memory state only; persistence remains owned by the wallet origin.\n */\n applyWalletHostConfirmationConfig(args: {\n nearAccountId?: AccountId | null;\n confirmationConfig: ConfirmationConfig;\n }): void {\n const { nearAccountId, confirmationConfig } = args || ({} as any);\n const prevTheme = this.confirmationConfig.theme;\n const next: ConfirmationConfig = {\n ...DEFAULT_CONFIRMATION_CONFIG,\n ...(confirmationConfig || {}),\n } as ConfirmationConfig;\n\n if (nearAccountId) {\n this.currentUserAccountId = nearAccountId;\n }\n\n // Prevent environment heuristics on the app origin from overriding wallet-host state.\n this.envThemeSyncedForSession = true;\n\n this.confirmationConfig = next;\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n\n setCurrentUser(nearAccountId: AccountId): void {\n this.currentUserAccountId = nearAccountId;\n // Load settings for the new user (best-effort). In wallet-iframe mode on the app origin,\n // IndexedDB is intentionally disabled to avoid creating any tables.\n if (!IndexedDBManager.clientDB.isDisabled()) {\n void this.loadSettingsForUser(nearAccountId).catch(() => undefined);\n }\n\n // One-time: align user theme to current host appearance (e.g., VitePress html.dark)\n // In wallet-iframe mode (app origin), the wallet host owns preferences; do not override.\n if (!IndexedDBManager.clientDB.isDisabled() && !this.envThemeSyncedForSession && !this.walletThemeOverride) {\n let envTheme: 'dark' | 'light' | null = null;\n const isDark = (globalThis as any)?.document?.documentElement?.classList?.contains?.('dark');\n if (typeof isDark === 'boolean') envTheme = isDark ? 'dark' : 'light';\n if (!envTheme) {\n try {\n const stored = (globalThis as any)?.localStorage?.getItem?.('vitepress-theme-appearance');\n if (stored === 'dark' || stored === 'light') envTheme = stored;\n } catch {\n // Storage may be blocked by the environment (e.g., third-party iframes)\n }\n }\n if (envTheme && envTheme !== this.confirmationConfig.theme) {\n // Fire-and-forget; listeners will propagate the change\n void this.setUserTheme(envTheme);\n }\n this.envThemeSyncedForSession = true;\n }\n }\n\n /**\n * Load settings for a specific user\n */\n private async loadSettingsForUser(nearAccountId: AccountId): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (!user || user.nearAccountId !== nearAccountId) return;\n if (user?.preferences?.confirmationConfig) {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n }\n }\n\n /**\n * Reload current user settings from IndexedDB\n */\n async reloadUserSettings(): Promise<void> {\n await this.loadSettingsForUser(this.getCurrentUserAccountId());\n }\n\n /**\n * Set confirmation behavior\n */\n setConfirmBehavior(behavior: 'requireClick' | 'autoProceed'): void {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n behavior\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.saveUserSettings();\n }\n\n /**\n * Set confirmation configuration\n */\n setConfirmationConfig(config: ConfirmationConfig): void {\n const prevTheme = this.confirmationConfig.theme;\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...config\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n this.saveUserSettings();\n }\n\n /**\n * Load user confirmation settings from IndexedDB\n */\n async loadUserSettings(): Promise<void> {\n if (IndexedDBManager.clientDB.isDisabled()) return;\n const user = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (user) {\n const prevTheme = this.confirmationConfig.theme;\n this.currentUserAccountId = user.nearAccountId;\n // Load user's confirmation config if it exists, otherwise keep existing settings/defaults\n if (user.preferences?.confirmationConfig) {\n this.confirmationConfig = {\n ...this.confirmationConfig,\n ...user.preferences.confirmationConfig\n };\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n if (this.confirmationConfig.theme !== prevTheme) {\n this.notifyThemeChange(this.confirmationConfig.theme);\n }\n } else {\n console.debug('[WebAuthnManager]: No user preferences found, using defaults');\n }\n } else {\n console.debug('[WebAuthnManager]: No last user found, using default settings');\n }\n }\n\n /**\n * Save current confirmation settings to IndexedDB\n */\n async saveUserSettings(): Promise<void> {\n try {\n let accountId: AccountId | undefined = this.currentUserAccountId ?? undefined;\n if (!accountId) {\n const last = await IndexedDBManager.clientDB.getLastUser().catch(() => undefined as any);\n accountId = (last as any)?.nearAccountId;\n }\n\n if (!accountId) {\n console.warn('[UserPreferences]: No current user set; keeping confirmation config in memory only');\n return;\n }\n\n // Save confirmation config (which includes theme)\n await IndexedDBManager.clientDB.updatePreferences(accountId, {\n confirmationConfig: this.confirmationConfig,\n });\n } catch (error) {\n console.warn('[WebAuthnManager]: Failed to save user settings:', error);\n }\n }\n\n /**\n * Get user theme preference from IndexedDB\n */\n async getCurrentUserAccountIdTheme(): Promise<'dark' | 'light' | null> {\n const id = this.currentUserAccountId;\n if (!id) return null;\n try {\n return await IndexedDBManager.clientDB.getTheme(id);\n } catch (error) {\n console.debug('[WebAuthnManager]: getCurrentUserAccountIdTheme:', error);\n return null;\n }\n }\n\n getUserTheme(): 'dark' | 'light' {\n return this.confirmationConfig.theme;\n }\n\n /**\n * Set user theme preference in IndexedDB\n */\n async setUserTheme(theme: 'dark' | 'light'): Promise<void> {\n const id = this.currentUserAccountId;\n if (!id) return; // No-op when no user is set (logged-out state)\n // Always update local UI state immediately; persistence is best-effort.\n this.confirmationConfig = {\n ...this.confirmationConfig,\n theme\n };\n // Notify all listeners of theme change\n this.notifyConfirmationConfigChange(this.confirmationConfig);\n this.notifyThemeChange(theme);\n try {\n await IndexedDBManager.clientDB.setTheme(id, theme);\n } catch (error) {\n console.warn('[UserPreferencesManager]: Failed to save user theme:', error);\n }\n }\n}\n\n// Create and export singleton instance\nconst UserPreferencesInstance = new UserPreferencesManager();\nexport default UserPreferencesInstance;\n","import type { NearClient } from './NearClient';\nimport type { AccountId } from './types/accountIds';\nimport { fetchNonceBlockHashAndHeight } from './rpcCalls';\nimport type { TransactionContext } from './types/rpc';\nimport type { AccessKeyView, BlockResult } from '@near-js/types';\nimport { isObject, isNumber, isString } from './WalletIframe/validation';\nimport { errorMessage } from '../utils/errors';\n\n/**\n * NonceManager - Singleton for managing NEAR transaction context\n *\n * This class pre-fetches nonce and block height asynchronously at the start\n * of executeAction calls to avoid blocking renderUserConfirmUI().\n *\n * The manager is cleared on logout and instantiated with new user on login.\n */\nexport class NonceManager {\n private static instance: NonceManager | null = null;\n\n public lastNonceUpdate: number | null = null;\n public lastBlockHeightUpdate: number | null = null;\n public nearAccountId: AccountId | null = null;\n public nearPublicKeyStr: string | null = null;\n public transactionContext: TransactionContext | null = null;\n private inflightFetch: Promise<TransactionContext> | null = null;\n // Monotonic identifier to disambiguate concurrent fetches and prevent stale commits/clears\n private inflightId: number = 0;\n private refreshTimer: ReturnType<typeof setTimeout> | null = null;\n private prefetchTimer: ReturnType<typeof setTimeout> | null = null;\n\n // Nonce reservation system for batch transactions\n private reservedNonces: Set<string> = new Set();\n private lastReservedNonce: string | null = null;\n\n // Freshness thresholds (ms)\n // Treat context older than 5s as stale enough to refetch\n private readonly NONCE_FRESHNESS_THRESHOLD = 5 * 1000; // 5 seconds\n private readonly BLOCK_FRESHNESS_THRESHOLD = 20 * 1000; // 20 seconds (less frequent block refreshes)\n private readonly PREFETCH_DEBOUNCE_MS = 400; // less aggressive prefetch debounce to reduce churn\n\n // Private constructor for singleton pattern\n private constructor() {}\n\n /**\n * Get singleton instance\n */\n public static getInstance(): NonceManager {\n if (!NonceManager.instance) {\n NonceManager.instance = new NonceManager();\n }\n return NonceManager.instance;\n }\n\n /**\n * Prefetch block height/hash (and nonce if missing) in the background.\n * - If block info is stale or context missing, triggers a non-blocking refresh.\n * - Safe to call frequently (coalesces concurrent fetches).\n */\n public async prefetchBlockheight(nearClient: NearClient): Promise<void> {\n if (!this.nearAccountId || !this.nearPublicKeyStr) return;\n // Debounce prefetch to avoid repeated calls on quick hover/focus toggles\n this.clearPrefetchTimer();\n this.prefetchTimer = setTimeout(async () => {\n this.prefetchTimer = null;\n if (this.inflightFetch) return; // already fetching\n\n const now = Date.now();\n const isBlockStale = !this.lastBlockHeightUpdate || (now - this.lastBlockHeightUpdate) >= this.BLOCK_FRESHNESS_THRESHOLD;\n const missingContext = !this.transactionContext;\n if (!isBlockStale && !missingContext) return;\n\n try {\n await this.fetchFreshData(nearClient);\n } catch (e) {\n // Swallow errors during prefetch; runtime path will retry as needed\n console.debug('[NonceManager]: prefetchBlockheight ignored error:', e);\n }\n }, this.PREFETCH_DEBOUNCE_MS);\n }\n\n /**\n * Initialize or update the manager with user information\n */\n public initializeUser(nearAccountId: AccountId, nearPublicKeyStr: string): void {\n this.nearAccountId = nearAccountId;\n this.nearPublicKeyStr = nearPublicKeyStr;\n this.clearTransactionContext();\n }\n\n /**\n * Clear all data when user logs out\n */\n public clear(): void {\n this.lastNonceUpdate = null;\n this.lastBlockHeightUpdate = null;\n this.nearAccountId = null;\n this.nearPublicKeyStr = null;\n this.transactionContext = null;\n this.clearRefreshTimer();\n this.clearPrefetchTimer();\n this.inflightFetch = null;\n this.reservedNonces.clear();\n this.lastReservedNonce = null;\n }\n\n /**\n * Smart caching method for nonce and block height data\n * Returns cached data if fresh, otherwise fetches synchronously\n */\n public async getNonceBlockHashAndHeight(nearClient: NearClient, opts?: { force?: boolean }): Promise<TransactionContext> {\n // Always prefer a fresh fetch for critical paths; coalesced by fetchFreshData.\n // This minimizes subtle cache bugs after key rotations/linking and across devices.\n if (!this.nearAccountId || !this.nearPublicKeyStr) {\n throw new Error('NonceManager not initialized with user data');\n }\n // Respect caller's intent to force or use freshness thresholds\n const force = opts?.force === true;\n return await this.fetchFreshData(nearClient, force);\n }\n\n /**\n * Schedule an asynchronous refresh of the transaction context\n */\n private maybeScheduleBackgroundRefresh(nearClient: NearClient): void {\n if (!this.lastNonceUpdate || !this.lastBlockHeightUpdate) return;\n if (this.inflightFetch) return; // already fetching\n\n const now = Date.now();\n const nonceAge = now - this.lastNonceUpdate;\n const blockAge = now - this.lastBlockHeightUpdate;\n\n const halfNonceTtl = this.NONCE_FRESHNESS_THRESHOLD / 2;\n const halfBlockTtl = this.BLOCK_FRESHNESS_THRESHOLD / 2;\n\n // If we're past the half-life for either value, refresh NOW in background\n if (nonceAge >= halfNonceTtl || blockAge >= halfBlockTtl) {\n this.clearRefreshTimer();\n // Fire-and-forget refresh to keep cache warm\n void this.fetchFreshData(nearClient)\n .catch((error) => console.warn('[NonceManager]: Background refresh failed:', error));\n return;\n }\n\n // Otherwise, schedule a refresh for when the earliest metric hits half-life\n const delayToHalfNonce = Math.max(0, halfNonceTtl - nonceAge);\n const delayToHalfBlock = Math.max(0, halfBlockTtl - blockAge);\n const delay = Math.min(delayToHalfNonce, delayToHalfBlock);\n\n // Avoid multiple timers\n this.clearRefreshTimer();\n this.refreshTimer = setTimeout(() => {\n this.refreshTimer = null;\n if (this.inflightFetch) return;\n void this.fetchFreshData(nearClient)\n .catch((error) => console.warn('[NonceManager]: Background refresh failed:', error));\n }, delay);\n }\n\n /**\n * Fetch fresh transaction context data from NEAR RPC\n */\n private async fetchFreshData(nearClient: NearClient, force: boolean = false): Promise<TransactionContext> {\n // Coalesce concurrent refreshes when not forced to reduce redundant network calls.\n // Force=true is used by latency-critical paths (e.g., JIT VRF refresh) to guarantee a fresh block height.\n if (this.inflightFetch && !force) {\n return this.inflightFetch;\n }\n\n const capturedAccountId = this.nearAccountId;\n const capturedPublicKey = this.nearPublicKeyStr;\n // Start a new fetch; assign a unique id to guard commit and cleanup\n const requestId = (++this.inflightId);\n const fetchPromise = (async () => {\n try {\n // Determine what is actually stale so we only fetch what we need\n const now = Date.now();\n const isNonceStale = force || !this.lastNonceUpdate || (now - this.lastNonceUpdate) >= this.NONCE_FRESHNESS_THRESHOLD;\n const isBlockStale = force || !this.lastBlockHeightUpdate || (now - this.lastBlockHeightUpdate) >= this.BLOCK_FRESHNESS_THRESHOLD;\n\n let accessKeyInfo = this.transactionContext?.accessKeyInfo;\n let txBlockHeight = this.transactionContext?.txBlockHeight;\n let txBlockHash = this.transactionContext?.txBlockHash;\n\n const fetchAccessKey = isNonceStale || !accessKeyInfo;\n const fetchBlock = isBlockStale || !txBlockHeight || !txBlockHash;\n\n // Fetch required parts with tolerance for missing access key just after creation\n let maybeAccessKey: unknown = accessKeyInfo ?? null;\n let maybeBlock: unknown = null;\n\n // Run RPC calls in parallel where applicable, while preserving tolerant error handling\n let accessKeyError: unknown = null;\n let blockError: unknown = null;\n const tasks: Promise<void>[] = [];\n\n if (fetchAccessKey) {\n tasks.push((async () => {\n try {\n maybeAccessKey = await nearClient.viewAccessKey(capturedAccountId!, capturedPublicKey!);\n } catch (akErr: unknown) {\n const msg = errorMessage(akErr);\n const missingAk = msg.includes('does not exist while viewing')\n || msg.includes('Access key not found')\n || msg.includes('unknown public key')\n || msg.includes('does not exist');\n if (missingAk) {\n // Non-fatal: proceed without live AK; compute nextNonce conservatively\n console.debug('[NonceManager]: Access key missing during fetch; proceeding with block-only context');\n maybeAccessKey = null;\n } else {\n accessKeyError = akErr;\n }\n }\n })());\n }\n\n if (fetchBlock) {\n tasks.push((async () => {\n try {\n maybeBlock = await nearClient.viewBlock({ finality: 'final' });\n } catch (err: unknown) {\n // Block info is required\n blockError = err;\n }\n })());\n }\n\n if (tasks.length > 0) {\n await Promise.all(tasks);\n }\n\n if (accessKeyError) {\n throw accessKeyError;\n }\n if (blockError) {\n throw blockError;\n }\n\n // Commit results\n if (fetchAccessKey) {\n if (isAccessKeyView(maybeAccessKey)) {\n accessKeyInfo = maybeAccessKey;\n } else {\n // Keep previous accessKeyInfo if present; else set minimal placeholder\n accessKeyInfo = this.transactionContext?.accessKeyInfo || makePlaceholderAccessKey();\n }\n }\n\n if (fetchBlock) {\n if (!isBlockResult(maybeBlock)) {\n throw new Error('Failed to fetch Block Info');\n }\n txBlockHeight = String(maybeBlock.header.height);\n txBlockHash = maybeBlock.header.hash;\n }\n\n // Derive nextNonce from access key info + current context + reservations\n let nextCandidate = this.maxBigInt(\n accessKeyInfo?.nonce !== undefined ? (BigInt(accessKeyInfo.nonce) + 1n) : 0n,\n this.transactionContext?.nextNonce ? BigInt(this.transactionContext.nextNonce) : 0n,\n this.lastReservedNonce ? BigInt(this.lastReservedNonce) + 1n : 0n\n );\n if (nextCandidate <= 0n) nextCandidate = 1n; // never use 0\n const nextNonce = nextCandidate.toString();\n\n const transactionContext: TransactionContext = {\n nearPublicKeyStr: capturedPublicKey!,\n accessKeyInfo: accessKeyInfo!,\n nextNonce,\n txBlockHeight: txBlockHeight!,\n txBlockHash: txBlockHash!,\n };\n\n // Only commit if identity did not change AND this fetch is still the latest.\n // This guards against stale commits from races when a forced refresh overtakes a cached one.\n if (\n capturedAccountId === this.nearAccountId &&\n capturedPublicKey === this.nearPublicKeyStr &&\n requestId === this.inflightId\n ) {\n this.transactionContext = transactionContext;\n const now = Date.now();\n if (fetchAccessKey) this.lastNonceUpdate = now;\n if (fetchBlock) this.lastBlockHeightUpdate = now;\n // console.debug('[NonceManager]: committed context', {\n // nextNonce: transactionContext.nextNonce,\n // txBlockHeight: transactionContext.txBlockHeight,\n // txBlockHash: transactionContext.txBlockHash,\n // lastNonceUpdate: this.lastNonceUpdate,\n // lastBlockHeightUpdate: this.lastBlockHeightUpdate,\n // });\n } else {\n // Discard results from outdated or identity-mismatched fetches; a newer fetch has already committed.\n }\n\n return transactionContext;\n } catch (error) {\n console.error('[NonceManager]: Failed to fetch fresh transaction context:', error);\n throw error;\n } finally {\n // Only clear inflight if this promise is still the latest.\n if (requestId === this.inflightId) {\n this.inflightFetch = null;\n }\n }\n })();\n\n this.inflightFetch = fetchPromise;\n return fetchPromise;\n }\n\n /**\n * Get the current transaction context\n * Throws if data is not available or stale\n */\n public getTransactionContext(): TransactionContext {\n if (!this.transactionContext) {\n throw new Error('Transaction context not available - call getNonceBlockHashAndHeight() first');\n }\n\n // Check if data is stale (more than 30 seconds old)\n const now = Date.now();\n const maxAge = 30 * 1000; // 30 seconds\n\n if (this.lastNonceUpdate && (now - this.lastNonceUpdate) > maxAge) {\n console.warn('[NonceManager]: Transaction context is stale, consider refreshing');\n }\n\n return this.transactionContext;\n }\n\n /**\n * Check if transaction context is available and not stale\n */\n public isTransactionContextAvailable(maxAgeMs: number = 30000): boolean {\n if (!this.transactionContext || !this.lastNonceUpdate) {\n return false;\n }\n\n const now = Date.now();\n return (now - this.lastNonceUpdate) <= maxAgeMs;\n }\n\n /**\n * Clear transaction context (useful when nonce might be invalidated)\n */\n public clearTransactionContext(): void {\n this.transactionContext = null;\n this.lastNonceUpdate = null;\n this.lastBlockHeightUpdate = null;\n this.clearRefreshTimer();\n this.clearPrefetchTimer();\n this.inflightFetch = null;\n this.reservedNonces.clear();\n this.lastReservedNonce = null;\n }\n\n /**\n * Force a synchronous refresh of nonce + block context.\n * Useful after key rotations (e.g., link-device) or when encountering INVALID_NONCE.\n * Optionally clears any locally reserved nonces to avoid collisions.\n */\n public async refreshNow(nearClient: NearClient, opts?: { clearReservations?: boolean }): Promise<TransactionContext> {\n if (opts?.clearReservations) {\n try { this.releaseAllNonces(); } catch {}\n }\n return await this.fetchFreshData(nearClient, true);\n }\n\n /**\n * Reserve a nonce for batch transactions\n * This increments the nonce locally to prevent conflicts in batch operations\n * @param count - Number of nonces to reserve (default: 1)\n * @returns Array of reserved nonces\n */\n public reserveNonces(count: number = 1): string[] {\n if (!this.transactionContext) {\n throw new Error('Transaction context not available - call getNonceBlockHashAndHeight() first');\n }\n\n if (count <= 0) return [];\n\n const start = this.lastReservedNonce\n ? BigInt(this.lastReservedNonce) + 1n\n : BigInt(this.transactionContext.nextNonce);\n\n // Plan reservations first (pure), then commit atomically\n const planned: string[] = [];\n for (let i = 0; i < count; i++) {\n const candidate = (start + BigInt(i)).toString();\n if (this.reservedNonces.has(candidate)) {\n throw new Error(`Nonce ${candidate} is already reserved`);\n }\n planned.push(candidate);\n }\n\n // Commit: extend set and bump lastReservedNonce\n const newSet = new Set(this.reservedNonces);\n for (const n of planned) newSet.add(n);\n this.reservedNonces = newSet;\n this.lastReservedNonce = planned[planned.length - 1];\n\n console.debug(`[NonceManager]: Reserved ${count} nonces:`, planned);\n return planned;\n }\n\n /**\n * Release a reserved nonce (call when transaction is completed or failed)\n * @param nonce - The nonce to release\n */\n public releaseNonce(nonce: string): void {\n if (this.reservedNonces.has(nonce)) {\n this.reservedNonces.delete(nonce);\n console.debug(`[NonceManager]: Released nonce ${nonce}`);\n }\n }\n\n /**\n * Release all reserved nonces\n */\n public releaseAllNonces(): void {\n const count = this.reservedNonces.size;\n this.reservedNonces.clear();\n this.lastReservedNonce = null;\n console.debug(`[NonceManager]: Released all ${count} reserved nonces`);\n }\n\n /**\n * Update nonce from blockchain after transaction completion\n * This should be called after a transaction is successfully broadcasted\n * @param nearClient - NEAR client for RPC calls\n * @param actualNonce - The actual nonce used in the completed transaction\n */\n public async updateNonceFromBlockchain(nearClient: NearClient, actualNonce: string): Promise<void> {\n if (!this.nearAccountId || !this.nearPublicKeyStr) {\n throw new Error('NonceManager not initialized with user data');\n }\n\n try {\n // Fetch fresh access key info to get the latest nonce\n const accessKeyInfo = await nearClient.viewAccessKey(this.nearAccountId, this.nearPublicKeyStr);\n\n if (!accessKeyInfo || accessKeyInfo.nonce === undefined) {\n throw new Error(`Access key not found or invalid for account ${this.nearAccountId}`);\n }\n\n const chainNonceBigInt = BigInt(accessKeyInfo.nonce);\n const actualNonceBigInt = BigInt(actualNonce);\n\n // Tolerate both pre- and post-final states:\n // - pre-final: chainNonce == actualNonce - 1\n // - post-final: chainNonce >= actualNonce\n if (chainNonceBigInt < actualNonceBigInt - BigInt(1)) {\n console.warn(\n `[NonceManager]: Chain nonce (${chainNonceBigInt}) behind expected (${actualNonceBigInt - BigInt(1)}). Proceeding with tolerant update.`\n );\n }\n\n // Compute next usable nonce using maxBigInt for clarity\n // Include (actualNonce + 1) to immediately advance locally after broadcast,\n // even if chain finality has not reflected the new nonce yet.\n const candidateNext = this.maxBigInt(\n chainNonceBigInt + 1n,\n actualNonceBigInt + 1n,\n this.transactionContext?.nextNonce ? BigInt(this.transactionContext.nextNonce) : 0n,\n this.lastReservedNonce ? BigInt(this.lastReservedNonce) + 1n : 0n,\n );\n\n // Update cached context with fresh access key info and computed next nonce\n if (this.transactionContext) {\n this.transactionContext.accessKeyInfo = accessKeyInfo;\n this.transactionContext.nextNonce = candidateNext.toString();\n } else {\n // If no context exists (should be rare here), construct a minimal one\n this.transactionContext = {\n nearPublicKeyStr: this.nearPublicKeyStr!,\n accessKeyInfo: accessKeyInfo,\n nextNonce: candidateNext.toString(),\n // Block values are unknown here; leave stale ones to be refreshed later\n txBlockHeight: '0',\n txBlockHash: '',\n } as TransactionContext; // We'll refresh these via fetchFreshData when needed\n }\n this.lastNonceUpdate = Date.now();\n\n // Release the used nonce (idempotent)\n this.releaseNonce(actualNonce);\n\n // Prune any reserved nonces that are now <= chain nonce (already used or invalid)\n if (this.reservedNonces.size > 0) {\n const { set: prunedSet, lastReserved } = this.pruneReserved(chainNonceBigInt, this.reservedNonces);\n this.reservedNonces = prunedSet;\n this.lastReservedNonce = lastReserved;\n }\n\n console.debug(\n `[NonceManager]: Updated from chain nonce=${chainNonceBigInt} actual=${actualNonceBigInt} next=${this.transactionContext!.nextNonce}`\n );\n\n } catch (error: unknown) {\n const msg = errorMessage(error);\n // Tolerate missing/rotated keys: avoid noisy error and advance nextNonce optimistically\n if (msg.includes('does not exist while viewing') || msg.includes('Access key not found')) {\n try {\n const actualNonceBigInt = BigInt(actualNonce);\n const candidateNext = this.maxBigInt(\n actualNonceBigInt + 1n,\n this.transactionContext?.nextNonce ? BigInt(this.transactionContext.nextNonce) : 0n,\n this.lastReservedNonce ? BigInt(this.lastReservedNonce) + 1n : 0n,\n );\n if (this.transactionContext) {\n this.transactionContext.nextNonce = candidateNext.toString();\n } else {\n this.transactionContext = {\n nearPublicKeyStr: this.nearPublicKeyStr!,\n accessKeyInfo: makePlaceholderAccessKey(),\n nextNonce: candidateNext.toString(),\n txBlockHeight: '0',\n txBlockHash: '',\n } as TransactionContext;\n }\n this.lastNonceUpdate = Date.now();\n console.debug('[NonceManager]: Access key missing; advanced nextNonce optimistically to', this.transactionContext?.nextNonce);\n return;\n } catch {}\n }\n console.warn('[NonceManager]: Failed to update nonce from blockchain:', error);\n // Don't throw - this is a best-effort update\n }\n }\n\n /**\n * Get the next available nonce for a single transaction\n * This is a convenience method that reserves exactly one nonce\n * @returns The next nonce to use\n */\n public getNextNonce(): string {\n const nonces = this.reserveNonces(1);\n return nonces[0];\n }\n\n private clearRefreshTimer(): void {\n if (this.refreshTimer) {\n clearTimeout(this.refreshTimer);\n this.refreshTimer = null;\n }\n }\n private clearPrefetchTimer(): void {\n if (this.prefetchTimer) {\n clearTimeout(this.prefetchTimer);\n this.prefetchTimer = null;\n }\n }\n\n // Small helper to get max of BigInt values elegantly\n private maxBigInt(...values: bigint[]): bigint {\n if (values.length === 0) return 0n;\n return values.reduce((a, b) => (a > b ? a : b));\n }\n\n // Return a new reserved set that excludes entries <= chain nonce, and compute new lastReserved\n private pruneReserved(chainNonceBigInt: bigint, reserved: Set<string>): { set: Set<string>, lastReserved: string | null } {\n const newSet = new Set<string>();\n let newLast: bigint | null = null;\n for (const r of reserved) {\n try {\n const rb = BigInt(r);\n if (rb > chainNonceBigInt) {\n newSet.add(r);\n if (newLast === null || rb > newLast) newLast = rb;\n }\n } catch {\n // skip malformed entries\n }\n }\n return {\n set: newSet,\n lastReserved: newLast ? newLast.toString() : null\n };\n }\n\n}\n\n// ===== Type guards for NEAR RPC return shapes =====\nfunction isAccessKeyView(x: unknown): x is AccessKeyView {\n if (!isObject(x)) return false;\n // Only validate the fields we actually use\n return isNumber((x as { nonce?: unknown }).nonce);\n}\n\nfunction isBlockResult(x: unknown): x is BlockResult {\n if (!isObject(x)) return false;\n const h = (x as { header?: unknown }).header;\n if (!isObject(h)) return false;\n const height = (h as { height?: unknown }).height;\n const hash = (h as { hash?: unknown }).hash;\n return isNumber(height) && isString(hash);\n}\n\nfunction makePlaceholderAccessKey(): AccessKeyView {\n return {\n nonce: BigInt(0),\n permission: 'FullAccess',\n block_hash: '',\n block_height: 0\n }\n}\n\n// Create and export singleton instance\nconst NonceManagerInstance = NonceManager.getInstance();\nexport default NonceManagerInstance;\n","// Internal process-wide flag to mark wallet iframe host mode\nlet IS_WALLET_IFRAME_HOST = false;\n\nexport function __setWalletIframeHostMode(enabled: boolean = true): void {\n IS_WALLET_IFRAME_HOST = !!enabled;\n}\n\nexport function __isWalletIframeHostMode(): boolean {\n return IS_WALLET_IFRAME_HOST;\n}\n\n","import {\n IndexedDBManager,\n type ClientUserData,\n type ClientAuthenticatorData,\n type UnifiedIndexedDBManager,\n} from '../IndexedDBManager';\nimport { StoreUserDataInput } from '../IndexedDBManager/passkeyClientDB';\nimport { type NearClient, SignedTransaction } from '../NearClient';\nimport { SignerWorkerManager } from './SignerWorkerManager';\nimport { VrfWorkerManager } from './VrfWorkerManager';\nimport { AllowCredential, TouchIdPrompt, authenticatorsToAllowCredentials } from './touchIdPrompt';\nimport { toAccountId } from '../types/accountIds';\nimport { UserPreferencesManager } from './userPreferences';\nimport UserPreferencesInstance from './userPreferences';\nimport { NonceManager } from '../nonceManager';\nimport NonceManagerInstance from '../nonceManager';\nimport {\n EncryptedVRFKeypair,\n ServerEncryptedVrfKeypair,\n VRFInputData,\n VRFChallenge\n} from '../types/vrf-worker';\nimport type { ActionArgsWasm, TransactionInputWasm } from '../types/actions';\nimport type { RegistrationHooksOptions, RegistrationSSEEvent, onProgressEvents } from '../types/sdkSentEvents';\nimport type { SignTransactionResult, TatchiConfigs } from '../types/tatchi';\nimport type { AccountId } from '../types/accountIds';\nimport type { AuthenticatorOptions } from '../types/authenticatorOptions';\nimport type { DelegateActionInput } from '../types/delegate';\nimport type { ConfirmationConfig, RpcCallPayload, WasmSignedDelegate } from '../types/signer-worker';\nimport { WebAuthnRegistrationCredential, WebAuthnAuthenticationCredential } from '../types';\nimport { RegistrationCredentialConfirmationPayload } from './SignerWorkerManager/handlers/validation';\nimport { resolveWorkerBaseOrigin, onEmbeddedBaseChange } from '../sdkPaths';\nimport { DEFAULT_WAIT_STATUS } from '../types/rpc';\nimport { getLastLoggedInDeviceNumber } from './SignerWorkerManager/getDeviceNumber';\nimport { __isWalletIframeHostMode } from '../WalletIframe/host-mode';\n\ntype SigningSessionOptions = {\n /** PRF-bearing credential; VRF worker extracts PRF outputs internally */\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n};\n\n/**\n * WebAuthnManager - Main orchestrator for WebAuthn operations\n *\n * Architecture:\n * - index.ts (this file): Main class orchestrating everything\n * - signerWorkerManager: NEAR transaction signing, and VRF Web3Authn verification RPC calls\n * - vrfWorkerManager: VRF keypair generation, challenge generation\n * - touchIdPrompt: TouchID prompt for biometric authentication\n */\nexport class WebAuthnManager {\n private readonly vrfWorkerManager: VrfWorkerManager;\n private readonly signerWorkerManager: SignerWorkerManager;\n private readonly touchIdPrompt: TouchIdPrompt;\n private readonly userPreferencesManager: UserPreferencesManager;\n private readonly nearClient: NearClient;\n private readonly nonceManager: NonceManager;\n private workerBaseOrigin: string = '';\n // VRF-owned signing session id per account (warm session reuse).\n private activeSigningSessionIds: Map<string, string> = new Map();\n\n readonly tatchiPasskeyConfigs: TatchiConfigs;\n\n constructor(tatchiPasskeyConfigs: TatchiConfigs, nearClient: NearClient) {\n this.tatchiPasskeyConfigs = tatchiPasskeyConfigs;\n this.nearClient = nearClient;\n // Respect rpIdOverride. Safari get() bridge fallback is always enabled.\n this.touchIdPrompt = new TouchIdPrompt(\n tatchiPasskeyConfigs.iframeWallet?.rpIdOverride,\n true,\n );\n this.userPreferencesManager = UserPreferencesInstance;\n // Apply integrator-provided default UI theme (in-memory only; user preferences may override later).\n try {\n this.userPreferencesManager.configureWalletTheme?.(tatchiPasskeyConfigs.walletTheme);\n } catch {}\n this.nonceManager = NonceManagerInstance;\n const { vrfWorkerConfigs } = tatchiPasskeyConfigs;\n // Group VRF worker configuration and pass context\n this.vrfWorkerManager = new VrfWorkerManager(\n {\n shamirPB64u: vrfWorkerConfigs?.shamir3pass?.p,\n relayServerUrl: vrfWorkerConfigs?.shamir3pass?.relayServerUrl,\n applyServerLockRoute: vrfWorkerConfigs?.shamir3pass?.applyServerLockRoute,\n removeServerLockRoute: vrfWorkerConfigs?.shamir3pass?.removeServerLockRoute,\n },\n {\n touchIdPrompt: this.touchIdPrompt,\n nearClient: this.nearClient,\n indexedDB: IndexedDBManager,\n userPreferencesManager: this.userPreferencesManager,\n nonceManager: this.nonceManager,\n rpIdOverride: this.touchIdPrompt.getRpId(),\n nearExplorerUrl: tatchiPasskeyConfigs.nearExplorerUrl,\n }\n );\n this.signerWorkerManager = new SignerWorkerManager(\n this.vrfWorkerManager,\n nearClient,\n this.userPreferencesManager,\n this.nonceManager,\n tatchiPasskeyConfigs.iframeWallet?.rpIdOverride,\n true,\n tatchiPasskeyConfigs.nearExplorerUrl,\n );\n // VRF worker initializes on-demand with proper error propagation\n\n // Compute initial worker base origin once\n this.workerBaseOrigin = resolveWorkerBaseOrigin() || (typeof window !== 'undefined' ? window.location.origin : '');\n this.signerWorkerManager.setWorkerBaseOrigin(this.workerBaseOrigin);\n this.vrfWorkerManager.setWorkerBaseOrigin?.(this.workerBaseOrigin as any);\n\n // Keep base origin updated if the wallet sets a new embedded base\n if (typeof window !== 'undefined') {\n onEmbeddedBaseChange((url) => {\n const origin = new URL(url, window.location.origin).origin;\n if (origin && origin !== this.workerBaseOrigin) {\n this.workerBaseOrigin = origin;\n this.signerWorkerManager.setWorkerBaseOrigin(origin);\n this.vrfWorkerManager.setWorkerBaseOrigin?.(origin as any);\n }\n });\n }\n\n // Best-effort: load persisted preferences unless we are in app-origin iframe mode,\n // where the wallet origin owns persistence and the app should avoid IndexedDB.\n const shouldAvoidAppOriginIndexedDB =\n !!tatchiPasskeyConfigs.iframeWallet?.walletOrigin && !__isWalletIframeHostMode();\n if (!shouldAvoidAppOriginIndexedDB) {\n void this.userPreferencesManager.initFromIndexedDB().catch(() => undefined);\n }\n }\n\n /**\n * Public pre-warm hook to initialize signer workers ahead of time.\n * Safe to call multiple times; errors are non-fatal.\n */\n prewarmSignerWorkers(): void {\n if (typeof window === 'undefined' || typeof (window as any).Worker === 'undefined') return;\n // Avoid noisy SecurityError in cross‑origin dev: only prewarm when same‑origin\n if (this.workerBaseOrigin && this.workerBaseOrigin !== window.location.origin) return;\n this.signerWorkerManager.preWarmWorkerPool().catch(() => {});\n }\n\n /**\n * Warm critical resources to reduce first-action latency.\n * - Initialize current user (sets up NonceManager and local state)\n * - Prefetch latest block context (and nonce if missing)\n * - Pre-open IndexedDB and warm encrypted key for the active account (best-effort)\n * - Pre-warm signer workers in the background\n */\n async warmCriticalResources(nearAccountId?: string): Promise<void> {\n // Initialize current user first (best-effort)\n if (nearAccountId) {\n await this.initializeCurrentUser(toAccountId(nearAccountId), this.nearClient).catch(() => null);\n }\n // Prefetch latest block/nonce context (best-effort)\n await this.nonceManager.prefetchBlockheight(this.nearClient).catch(() => null);\n // Best-effort: open IndexedDB and warm key data for the account\n if (nearAccountId) {\n await IndexedDBManager.getUserWithKeys(toAccountId(nearAccountId)).catch(() => null);\n }\n // Warm signer workers in background\n this.prewarmSignerWorkers();\n }\n\n /**\n * Resolve the effective rpId used for WebAuthn operations.\n * Delegates to TouchIdPrompt to centralize rpId selection logic.\n */\n getRpId(): string {\n return this.touchIdPrompt.getRpId();\n }\n\n /** Getter for NonceManager instance */\n getNonceManager(): NonceManager {\n return this.nonceManager;\n }\n\n /**\n * WebAuthnManager-level orchestrator for VRF-owned signing sessions.\n * Creates sessionId, wires MessagePort between VRF and signer workers, and ensures cleanup.\n *\n * Overload 1: plain signing session (no WrapKeySeed derivation).\n * Overload 2: signing session with WrapKeySeed derivation, when `SigningSessionOptions`\n * (PRF.first_auth) are provided. wrapKeySalt is generated inside the VRF worker\n * when a new vault entry is being created.\n */\n private generateSessionId(prefix: string): string {\n return (typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function')\n ? crypto.randomUUID()\n : `${prefix}-${Date.now()}-${Math.random().toString(16).slice(2)}`;\n }\n\n private toNonNegativeInt(value: unknown): number | undefined {\n if (typeof value !== 'number' || !Number.isFinite(value) || value < 0) return undefined;\n return Math.floor(value);\n }\n\n private resolveSigningSessionPolicy(args: {\n ttlMs?: number;\n remainingUses?: number;\n }): {\n ttlMs: number;\n remainingUses: number;\n } {\n const ttlMs = this.toNonNegativeInt(args.ttlMs)\n ?? this.tatchiPasskeyConfigs.signingSessionDefaults.ttlMs;\n const remainingUses = this.toNonNegativeInt(args.remainingUses)\n ?? this.tatchiPasskeyConfigs.signingSessionDefaults.remainingUses;\n return { ttlMs, remainingUses };\n }\n\n private getOrCreateActiveSigningSessionId(nearAccountId: AccountId): string {\n const key = String(toAccountId(nearAccountId));\n const existing = this.activeSigningSessionIds.get(key);\n if (existing) return existing;\n const sessionId = this.generateSessionId('signing-session');\n this.activeSigningSessionIds.set(key, sessionId);\n return sessionId;\n }\n\n private async withSigningSession<T>(args: {\n sessionId?: string;\n prefix?: string;\n options?: SigningSessionOptions;\n handler: (sessionId: string) => Promise<T>;\n }): Promise<T> {\n if (typeof args.handler !== 'function') {\n throw new Error('withSigningSession requires a handler function');\n }\n const sessionId = (args.sessionId || '').trim() || (args.prefix ? this.generateSessionId(args.prefix) : '');\n if (!sessionId) {\n throw new Error('withSigningSession requires a sessionId or prefix');\n }\n return await this.withSigningSessionInternal({ sessionId, options: args.options, handler: args.handler });\n }\n\n private async withSigningSessionInternal<T>(args: {\n sessionId: string;\n options?: SigningSessionOptions;\n handler: (sessionId: string) => Promise<T>;\n }): Promise<T> {\n const signerPort = await this.vrfWorkerManager.createSigningSessionChannel(args.sessionId);\n await this.signerWorkerManager.reserveSignerWorkerSession(args.sessionId, { signerPort });\n try {\n // If PRF is provided, derive WrapKeySeed in VRF worker and deliver it\n // (along with PRF.second if credential is provided) to the signer worker\n // via the reserved MessagePort before invoking the handler.\n if (args.options) {\n await this.vrfWorkerManager.mintSessionKeysAndSendToSigner({\n sessionId: args.sessionId,\n credential: args.options.credential,\n });\n }\n return await args.handler(args.sessionId);\n } finally {\n this.signerWorkerManager.releaseSigningSession(args.sessionId);\n }\n }\n\n /**\n * VRF-driven registration confirmation helper.\n * Runs confirmTxFlow and returns registration artifacts.\n *\n * SecureConfirm wrapper for link-device / registration: prompts user in-iframe to create a\n * new passkey (device N), returning artifacts for subsequent derivation.\n */\n async requestRegistrationCredentialConfirmation(params: {\n nearAccountId: string;\n deviceNumber: number;\n confirmerText?: { title?: string; body?: string };\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n }): Promise<RegistrationCredentialConfirmationPayload> {\n return this.vrfWorkerManager.requestRegistrationCredentialConfirmation({\n nearAccountId: params.nearAccountId,\n deviceNumber: params.deviceNumber,\n confirmerText: params.confirmerText,\n confirmationConfigOverride: params.confirmationConfigOverride,\n contractId: this.tatchiPasskeyConfigs.contractId,\n nearRpcUrl: this.tatchiPasskeyConfigs.nearRpcUrl,\n });\n }\n\n /**\n * Helper for export/decrypt flows:\n * - Read vault wrapKeySalt\n * - Ask VRF worker to run LocalOnly(DECRYPT_PRIVATE_KEY_WITH_PRF) + derive WrapKeySeed\n * - WrapKeySeed travels only over the VRF→Signer MessagePort\n */\n private async confirmDecryptAndDeriveWrapKeySeed(args: {\n nearAccountId: AccountId;\n sessionId: string;\n }): Promise<void> {\n const nearAccountId = toAccountId(args.nearAccountId);\n // Resolve deviceNumber consistently with signer paths so both VRF and signer\n // operate on the same vault entry. Prefer the last logged-in device for this\n // account; if unavailable, fall back to the most recently updated user row.\n const [last, latest] = await Promise.all([\n IndexedDBManager.clientDB.getLastUser().catch(() => null),\n IndexedDBManager.clientDB.getLastDBUpdatedUser(nearAccountId).catch(() => null)\n ]);\n\n const deviceNumber =\n (last && last.nearAccountId === nearAccountId && typeof last.deviceNumber === 'number')\n ? last.deviceNumber\n : (latest && typeof latest.deviceNumber === 'number')\n ? latest.deviceNumber\n : null;\n\n if (deviceNumber === null) {\n throw new Error(`No deviceNumber found for account ${nearAccountId} (decrypt session)`);\n }\n\n // Load VRF material for this device so the VRF worker can unlock the correct\n // VRF keypair in a fresh/offline worker instance.\n const userForDevice = await IndexedDBManager.clientDB.getUserByDevice(nearAccountId, deviceNumber).catch(() => null);\n const encryptedVrfKeypair = userForDevice?.encryptedVrfKeypair;\n\n // Gather encrypted key + wrapKeySalt and public key from IndexedDB for this device\n const encryptedKeyData = await IndexedDBManager.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n console.error('WebAuthnManager: No encrypted key found for decrypt session', {\n nearAccountId: String(nearAccountId),\n deviceNumber,\n });\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n // For v2+ vaults, wrapKeySalt is the canonical salt.\n const wrapKeySalt = encryptedKeyData.wrapKeySalt || '';\n if (!wrapKeySalt) {\n console.error('WebAuthnManager: Missing wrapKeySalt in vault for decrypt session', {\n nearAccountId: String(nearAccountId),\n deviceNumber,\n });\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n try {\n await this.vrfWorkerManager.prepareDecryptSession({\n sessionId: args.sessionId,\n nearAccountId,\n wrapKeySalt,\n encryptedVrfKeypair,\n });\n } catch (error) {\n console.error('WebAuthnManager: VRF decrypt session failed', {\n nearAccountId: String(nearAccountId),\n sessionId: args.sessionId,\n error,\n });\n throw error;\n }\n }\n\n getAuthenticationCredentialsSerialized({\n nearAccountId,\n challenge,\n allowCredentials\n }: {\n nearAccountId: AccountId;\n challenge: VRFChallenge;\n allowCredentials: AllowCredential[];\n }): Promise<WebAuthnAuthenticationCredential> {\n return this.touchIdPrompt.getAuthenticationCredentialsSerialized({\n nearAccountId,\n challenge,\n allowCredentials\n });\n }\n\n ///////////////////////////////////////\n // VRF MANAGER FUNCTIONS\n ///////////////////////////////////////\n\n /**\n * Generate a VRF challenge bound to a specific signing/confirm session.\n * The challenge will be cached in the VRF worker under this sessionId so\n * later contract verification (MINT_SESSION_KEYS_AND_SEND_TO_SIGNER) can look it up.\n */\n async generateVrfChallengeForSession(\n sessionId: string,\n vrfInputData: VRFInputData,\n ): Promise<VRFChallenge> {\n return this.vrfWorkerManager.generateVrfChallengeForSession(vrfInputData, sessionId);\n }\n\n /**\n * Generate a one-off VRF challenge without caching it in the VRF worker.\n * Use this for flows that don't perform contract verification or derive\n * wrap keys via MINT_SESSION_KEYS_AND_SEND_TO_SIGNER.\n */\n async generateVrfChallengeOnce(vrfInputData: VRFInputData): Promise<VRFChallenge> {\n return this.vrfWorkerManager.generateVrfChallengeOnce(vrfInputData);\n }\n\n /**\n * Generate VRF keypair for bootstrapping - stores in memory unencrypted temporarily\n * This is used during registration to generate a VRF keypair that will be used for\n * WebAuthn ceremony and later encrypted with the real PRF output\n *\n * @param saveInMemory - Whether to persist the generated VRF keypair in WASM worker memory\n * @param vrfInputParams - Optional parameters to generate VRF challenge/proof in same call\n * @returns VRF public key and optionally VRF challenge data\n */\n async generateVrfKeypairBootstrap(args: {\n saveInMemory: boolean;\n vrfInputData: VRFInputData;\n sessionId?: string;\n }): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n }> {\n return this.vrfWorkerManager.generateVrfKeypairBootstrap({\n vrfInputData: args.vrfInputData,\n saveInMemory: args.saveInMemory,\n sessionId: args.sessionId,\n });\n }\n\n /**\n * Derive NEAR keypair directly from a serialized WebAuthn registration credential\n */\n async deriveNearKeypairAndEncryptFromSerialized({\n credential,\n nearAccountId,\n options,\n }: {\n credential: WebAuthnRegistrationCredential;\n nearAccountId: string;\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n }): Promise<{\n success: boolean;\n nearAccountId: string;\n publicKey: string;\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n error?: string;\n }>{\n return this.withSigningSession({\n prefix: 'reg',\n options: { credential },\n handler: (sessionId) =>\n this.signerWorkerManager.deriveNearKeypairAndEncryptFromSerialized({\n credential,\n nearAccountId: toAccountId(nearAccountId),\n options,\n sessionId,\n }),\n });\n }\n\n\n /**\n * **Sign Device2 registration transaction with already-stored key (no prompt)**\n *\n * Used by linkDevice flow after key swap to sign the registration transaction\n * without prompting the user again. Reuses the credential collected earlier.\n *\n * Flow:\n * 1. Extract PRF.first from the provided credential\n * 2. Create new MessagePort session for WrapKeySeed delivery\n * 3. VRF worker re-derives WrapKeySeed and sends to signer (with PRF.second)\n * 4. Signer worker retrieves encrypted key from IndexedDB\n * 5. Signer worker decrypts key and signs registration transaction\n *\n * @param nearAccountId - NEAR account ID for Device2\n * @param credential - WebAuthn registration credential from earlier prompt\n * @param vrfChallenge - VRF challenge from earlier prompt\n * @param deviceNumber - Device number for Device2\n * @returns Signed registration transaction ready for submission\n */\n async signDevice2RegistrationWithStoredKey(args: {\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n deviceNumber: number;\n deterministicVrfPublicKey: string;\n }): Promise<{\n success: boolean;\n publicKey?: string;\n signedTransaction?: any;\n error?: string;\n }> {\n const { nearAccountId, credential, vrfChallenge, deviceNumber, deterministicVrfPublicKey } = args;\n const contractId = this.tatchiPasskeyConfigs.contractId;\n\n try {\n // Generate new session ID for this signing operation\n const sessionId = `device2-sign-${Date.now()}-${Math.random().toString(36).slice(2, 11)}`;\n\n // Retrieve encrypted key data and wrapKeySalt from IndexedDB\n const encryptedKeyData = await IndexedDBManager.nearKeysDB.getEncryptedKey(\n nearAccountId,\n deviceNumber\n );\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account ${nearAccountId} device ${deviceNumber}`);\n }\n\n const wrapKeySalt = encryptedKeyData.wrapKeySalt;\n if (!wrapKeySalt) {\n throw new Error(`Missing wrapKeySalt for account ${nearAccountId} device ${deviceNumber}`);\n }\n\n // === STEP 1: Create MessagePort session for WrapKeySeed delivery ===\n const signerPort = await this.vrfWorkerManager.createSigningSessionChannel(sessionId);\n await this.signerWorkerManager.reserveSignerWorkerSession(sessionId, { signerPort });\n\n // === STEP 2: VRF worker re-derives WrapKeySeed and sends to signer ===\n // This extracts PRF.second from the credential and delivers both WrapKeySeed + PRF.second\n // to the signer worker via MessagePort\n await this.vrfWorkerManager.mintSessionKeysAndSendToSigner({\n sessionId,\n wrapKeySalt,\n credential, // VRF will extract PRF.second from this\n });\n\n // === STEP 4: Get transaction context for registration ===\n const transactionContext = await this.nonceManager.getNonceBlockHashAndHeight(this.nearClient);\n\n // === STEP 5: Determine deterministic VRF public key ===\n // Try: provided parameter → authenticator table → fallback to ephemeral VRF from challenge\n let vrfPublicKey = deterministicVrfPublicKey;\n // Fallback to ephemeral VRF public key from challenge if still not found\n const finalVrfPublicKey = vrfPublicKey || vrfChallenge.vrfPublicKey;\n\n // === STEP 6: Signer worker signs registration transaction ===\n // WrapKeySeed and PRF.second are already in signer worker via MessagePort\n const signerResult = await this.signerWorkerManager.registerDevice2WithDerivedKey({\n sessionId,\n nearAccountId,\n credential,\n vrfChallenge,\n transactionContext,\n contractId,\n wrapKeySalt,\n deviceNumber,\n deterministicVrfPublicKey: finalVrfPublicKey,\n });\n\n return {\n success: true,\n publicKey: signerResult.publicKey,\n signedTransaction: signerResult.signedTransaction,\n };\n\n } catch (error: any) {\n console.error('[WebAuthnManager] Failed to sign Device2 registration with stored key:', error);\n return {\n success: false,\n error: error.message || String(error),\n };\n }\n }\n\n /**\n * Derive deterministic VRF keypair from PRF output for recovery\n * Optionally generates VRF challenge if input parameters are provided\n * This enables deterministic VRF key derivation from WebAuthn credentials\n *\n * @param credential - WebAuthn credential containing PRF outputs\n * @param nearAccountId - NEAR account ID for key derivation salt\n * @param vrfInputParams - Optional VRF inputs, if provided will generate a challenge\n * @param saveInMemory - Whether to save the derived VRF keypair in worker memory for immediate use\n * @returns Deterministic VRF public key, optional VRF challenge, and encrypted VRF keypair for storage\n */\n async deriveVrfKeypair({\n credential,\n nearAccountId,\n vrfInputData,\n saveInMemory = true,\n }: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData; // optional, for challenge generation\n saveInMemory?: boolean; // optional, whether to save in worker memory\n }): Promise<{\n success: boolean;\n vrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfChallenge: VRFChallenge | null;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }> {\n try {\n const vrfResult = await this.vrfWorkerManager.deriveVrfKeypairFromPrf({\n credential,\n nearAccountId,\n vrfInputData,\n saveInMemory,\n });\n\n const result: {\n success: boolean;\n vrfPublicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfChallenge: VRFChallenge | null;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n } = {\n success: true,\n vrfPublicKey: vrfResult.vrfPublicKey,\n encryptedVrfKeypair: vrfResult.encryptedVrfKeypair,\n vrfChallenge: vrfResult.vrfChallenge,\n serverEncryptedVrfKeypair: vrfResult.serverEncryptedVrfKeypair,\n };\n\n return result;\n\n } catch (error: any) {\n console.error('WebAuthnManager: VRF keypair derivation error:', error);\n throw new Error(`VRF keypair derivation failed ${error.message}`);\n }\n }\n\n /**\n * Unlock VRF keypair in memory using PRF output\n * This is called during login to decrypt and load the VRF keypair in-memory\n */\n async unlockVRFKeypair({\n nearAccountId,\n encryptedVrfKeypair,\n credential,\n }: {\n nearAccountId: AccountId;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n credential: WebAuthnAuthenticationCredential;\n }): Promise<{ success: boolean; error?: string }> {\n try {\n const unlockResult = await this.vrfWorkerManager.unlockVrfKeypair({\n credential,\n nearAccountId,\n encryptedVrfKeypair,\n });\n\n if (!unlockResult.success) {\n console.error('WebAuthnManager: VRF keypair unlock failed');\n return { success: false, error: 'VRF keypair unlock failed' };\n }\n\n // Warm up signer workers after a successful unlock to minimize first-use latency\n this.signerWorkerManager.preWarmWorkerPool().catch(() => {});\n\n return { success: true };\n\n } catch (error: any) {\n console.error('WebAuthnManager: VRF keypair unlock failed:', error.message);\n return { success: false, error: error.message };\n }\n }\n\n /**\n * Perform Shamir 3-pass commutative decryption within WASM worker\n * This securely decrypts a server-encrypted KEK (key encryption key)\n * which the wasm worker uses to unlock a key to decrypt the VRF keypair and loads it into memory\n * The server never knows the real value of the KEK, nor the VRF keypair\n */\n async shamir3PassDecryptVrfKeypair({\n nearAccountId,\n kek_s_b64u,\n ciphertextVrfB64u,\n serverKeyId,\n }: {\n nearAccountId: AccountId;\n kek_s_b64u: string;\n ciphertextVrfB64u: string;\n serverKeyId: string;\n }): Promise<{ success: boolean; error?: string }> {\n const result = await this.vrfWorkerManager.shamir3PassDecryptVrfKeypair({\n nearAccountId,\n kek_s_b64u,\n ciphertextVrfB64u,\n serverKeyId,\n });\n\n return {\n success: result.success,\n error: result.error\n };\n }\n\n /**\n * Shamir 3-pass: encrypt the unlocked VRF keypair under the server key\n * Returns a fresh blob to store in IndexedDB for future auto-login.\n */\n async shamir3PassEncryptCurrentVrfKeypair(): Promise<ServerEncryptedVrfKeypair> {\n const res = await this.vrfWorkerManager.shamir3PassEncryptCurrentVrfKeypair();\n return {\n ciphertextVrfB64u: res.ciphertextVrfB64u,\n kek_s_b64u: res.kek_s_b64u,\n serverKeyId: res.serverKeyId,\n };\n }\n\n /**\n * Persist refreshed server-encrypted VRF keypair in IndexedDB.\n */\n async updateServerEncryptedVrfKeypair(\n nearAccountId: AccountId,\n serverEncrypted: ServerEncryptedVrfKeypair\n ): Promise<void> {\n await IndexedDBManager.clientDB.updateUser(nearAccountId, {\n serverEncryptedVrfKeypair: {\n ciphertextVrfB64u: serverEncrypted.ciphertextVrfB64u,\n kek_s_b64u: serverEncrypted.kek_s_b64u,\n serverKeyId: serverEncrypted.serverKeyId,\n updatedAt: Date.now(),\n }\n });\n }\n\n async clearVrfSession(): Promise<void> {\n // In cross-origin dev, skip local worker init; wallet iframe handles PM_LOGOUT\n if (typeof window !== 'undefined' && this.workerBaseOrigin !== window.location.origin) {\n return;\n }\n return await this.vrfWorkerManager.clearVrfSession();\n }\n\n /**\n * Check VRF worker status\n */\n async checkVrfStatus(): Promise<{\n active: boolean;\n nearAccountId: AccountId | null;\n sessionDuration?: number\n }> {\n return this.vrfWorkerManager.checkVrfStatus();\n }\n\n /**\n * Mint/refresh a VRF-owned warm signing session using an already-collected WebAuthn credential.\n *\n * This is used to avoid a second TouchID prompt during login flows when we already\n * performed an authentication ceremony (e.g., to unlock the VRF keypair).\n *\n * Notes:\n * - This method does not initiate a WebAuthn prompt.\n * - Contract verification is optional and only performed when `contractId` + `nearRpcUrl` are provided.\n */\n async mintSigningSessionFromCredential(args: {\n nearAccountId: AccountId;\n credential: WebAuthnAuthenticationCredential;\n remainingUses?: number;\n ttlMs?: number;\n contractId?: string;\n nearRpcUrl?: string;\n }): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n }> {\n const nearAccountId = toAccountId(args.nearAccountId);\n const sessionId = this.getOrCreateActiveSigningSessionId(nearAccountId);\n\n // Ensure VRF keypair is active and bound to the same account.\n const vrfStatus = await this.vrfWorkerManager.checkVrfStatus();\n if (!vrfStatus.active) {\n throw new Error('VRF keypair not active in memory. Please log in again.');\n }\n if (!vrfStatus.nearAccountId || String(vrfStatus.nearAccountId) !== String(nearAccountId)) {\n throw new Error('VRF keypair active but bound to a different account. Please log in again.');\n }\n\n // Fetch wrapKeySalt from vault so the derived WrapKeySeed can decrypt the stored NEAR keys.\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, IndexedDBManager.clientDB);\n const encryptedKeyData = await IndexedDBManager.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account ${nearAccountId} device ${deviceNumber}`);\n }\n const wrapKeySalt = encryptedKeyData.wrapKeySalt || '';\n if (!wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n // Extract PRF.first_auth from the already-collected credential.\n const { ttlMs, remainingUses } = this.resolveSigningSessionPolicy(args);\n\n await this.vrfWorkerManager.mintSessionKeysAndSendToSigner({\n sessionId,\n wrapKeySalt,\n contractId: args.contractId,\n nearRpcUrl: args.nearRpcUrl,\n ttlMs,\n remainingUses,\n credential: args.credential,\n });\n\n return await this.vrfWorkerManager.checkSessionStatus({ sessionId });\n }\n\n /**\n * Introspect the VRF-owned signing session for UI (no prompt, metadata only).\n * Session usage (`remainingUses`) is decremented on `DISPENSE_SESSION_KEY` calls.\n */\n async getWarmSigningSessionStatus(nearAccountId: AccountId): Promise<{\n sessionId: string;\n status: 'active' | 'exhausted' | 'expired' | 'not_found';\n remainingUses?: number;\n expiresAtMs?: number;\n createdAtMs?: number;\n }> {\n const sessionId = this.getOrCreateActiveSigningSessionId(nearAccountId);\n return await this.vrfWorkerManager.checkSessionStatus({ sessionId });\n }\n\n /**\n * Fetch Shamir server key info to support proactive refresh.\n */\n async getShamirKeyInfo(): Promise<{\n currentKeyId: string | null;\n p_b64u: string | null;\n graceKeyIds?: string[]\n } | null> {\n try {\n const relayUrl = this.tatchiPasskeyConfigs?.vrfWorkerConfigs?.shamir3pass?.relayServerUrl;\n if (!relayUrl) return null;\n const res = await fetch(`${relayUrl}/shamir/key-info`, { method: 'GET' });\n if (!res.ok) return null;\n const data = await res.json();\n return {\n currentKeyId: data?.currentKeyId ?? null,\n p_b64u: data?.p_b64u ?? null,\n graceKeyIds: Array.isArray(data?.graceKeyIds) ? data.graceKeyIds : undefined,\n };\n } catch {\n return null;\n }\n }\n\n /**\n * If server key changed and VRF is unlocked in memory, re-encrypt under the new server key.\n * Returns true if refreshed, false otherwise.\n */\n async maybeProactiveShamirRefresh(nearAccountId: AccountId): Promise<boolean> {\n try {\n const relayUrl = this.tatchiPasskeyConfigs?.vrfWorkerConfigs?.shamir3pass?.relayServerUrl;\n if (!relayUrl) return false;\n const userData = await this.getLastUser();\n const stored = userData?.serverEncryptedVrfKeypair;\n if (!stored || !stored.kek_s_b64u || !stored.ciphertextVrfB64u || !stored.serverKeyId) return false;\n\n const keyInfo = await this.getShamirKeyInfo();\n const currentKeyId = keyInfo?.currentKeyId;\n if (!currentKeyId || currentKeyId === stored.serverKeyId) return false;\n\n const status = await this.checkVrfStatus();\n const active = status.active && status.nearAccountId === nearAccountId;\n if (!active) return false;\n\n const refreshed = await this.shamir3PassEncryptCurrentVrfKeypair();\n await this.updateServerEncryptedVrfKeypair(nearAccountId, refreshed);\n return true;\n } catch {\n return false;\n }\n }\n\n ///////////////////////////////////////\n // INDEXEDDB OPERATIONS\n ///////////////////////////////////////\n\n async storeUserData(userData: StoreUserDataInput): Promise<void> {\n await IndexedDBManager.clientDB.storeWebAuthnUserData({\n ...userData,\n deviceNumber: userData.deviceNumber ?? 1,\n version: userData.version || 2,\n });\n }\n\n async getAllUsers(): Promise<ClientUserData[]> {\n return await IndexedDBManager.clientDB.getAllUsers();\n }\n\n async getUserByDevice(nearAccountId: AccountId, deviceNumber: number): Promise<ClientUserData | null> {\n return await IndexedDBManager.clientDB.getUserByDevice(nearAccountId, deviceNumber);\n }\n\n async getLastUser(): Promise<ClientUserData | null> {\n return await IndexedDBManager.clientDB.getLastUser();\n }\n\n async getAuthenticatorsByUser(nearAccountId: AccountId): Promise<ClientAuthenticatorData[]> {\n return await IndexedDBManager.clientDB.getAuthenticatorsByUser(nearAccountId);\n }\n\n async updateLastLogin(nearAccountId: AccountId): Promise<void> {\n return await IndexedDBManager.clientDB.updateLastLogin(nearAccountId);\n }\n\n /**\n * Set the last logged-in user\n * @param nearAccountId - The account ID of the user\n * @param deviceNumber - The device number (defaults to 1)\n */\n async setLastUser(nearAccountId: AccountId, deviceNumber: number = 1): Promise<void> {\n return await IndexedDBManager.clientDB.setLastUser(nearAccountId, deviceNumber);\n }\n\n\n /**\n * Initialize current user authentication state\n * This should be called after VRF keypair is successfully unlocked in memory\n * to ensure the user is properly logged in and can perform transactions\n *\n * @param nearAccountId - The NEAR account ID to initialize\n * @param nearClient - The NEAR client for nonce prefetching\n */\n async initializeCurrentUser(\n nearAccountId: AccountId,\n nearClient?: NearClient,\n ): Promise<void> {\n const accountId = toAccountId(nearAccountId);\n\n // Set as last user for future sessions, preserving the current deviceNumber\n // when it is already known for this account.\n let deviceNumberToUse: number | null = null;\n const lastUser = await IndexedDBManager.clientDB.getLastUser().catch(() => null);\n if (\n lastUser &&\n toAccountId(lastUser.nearAccountId) === accountId &&\n Number.isFinite(lastUser.deviceNumber)\n ) {\n deviceNumberToUse = lastUser.deviceNumber;\n }\n\n if (deviceNumberToUse === null) {\n const userForAccount = await IndexedDBManager.clientDB\n .getUserByDevice(accountId, 1)\n .catch(() => null);\n if (userForAccount && Number.isFinite(userForAccount.deviceNumber)) {\n deviceNumberToUse = userForAccount.deviceNumber;\n }\n }\n\n if (deviceNumberToUse === null) {\n deviceNumberToUse = 1;\n }\n\n await this.setLastUser(accountId, deviceNumberToUse);\n\n // Set as current user for immediate use\n this.userPreferencesManager.setCurrentUser(accountId);\n // Ensure confirmation preferences are loaded before callers read them (best-effort)\n await this.userPreferencesManager.reloadUserSettings().catch(() => undefined);\n\n // Initialize NonceManager with the selected user's public key (best-effort)\n const userData = await IndexedDBManager.clientDB\n .getUserByDevice(accountId, deviceNumberToUse)\n .catch(() => null);\n if (userData && userData.clientNearPublicKey) {\n this.nonceManager.initializeUser(accountId, userData.clientNearPublicKey);\n }\n\n // Prefetch block height for better UX (non-fatal if it fails and nearClient is provided)\n if (nearClient) {\n await this.nonceManager\n .prefetchBlockheight(nearClient)\n .catch((prefetchErr) => console.debug('Nonce prefetch after authentication state initialization failed (non-fatal):', prefetchErr));\n }\n }\n\n async registerUser(storeUserData: StoreUserDataInput): Promise<ClientUserData> {\n return await IndexedDBManager.clientDB.registerUser(storeUserData);\n }\n\n async storeAuthenticator(authenticatorData: {\n credentialId: string;\n credentialPublicKey: Uint8Array;\n transports?: string[];\n name?: string;\n nearAccountId: AccountId;\n registered: string;\n syncedAt: string;\n vrfPublicKey: string;\n deviceNumber?: number;\n }): Promise<void> {\n const deviceNumber = Number(authenticatorData.deviceNumber);\n const normalizedDeviceNumber = Number.isSafeInteger(deviceNumber) && deviceNumber >= 1 ? deviceNumber : 1;\n const authData = {\n ...authenticatorData,\n nearAccountId: toAccountId(authenticatorData.nearAccountId),\n deviceNumber: normalizedDeviceNumber, // Default to device 1 (1-indexed)\n };\n return await IndexedDBManager.clientDB.storeAuthenticator(authData);\n }\n\n extractUsername(nearAccountId: AccountId): string {\n return IndexedDBManager.clientDB.extractUsername(nearAccountId);\n }\n\n async atomicOperation<T>(callback: (db: any) => Promise<T>): Promise<T> {\n return await IndexedDBManager.clientDB.atomicOperation(callback);\n }\n\n async rollbackUserRegistration(nearAccountId: AccountId): Promise<void> {\n return await IndexedDBManager.clientDB.rollbackUserRegistration(nearAccountId);\n }\n\n async hasPasskeyCredential(nearAccountId: AccountId): Promise<boolean> {\n return await IndexedDBManager.clientDB.hasPasskeyCredential(nearAccountId);\n }\n\n /**\n * Atomically store all registration data (user, authenticator, VRF credentials)\n */\n async atomicStoreRegistrationData({\n nearAccountId,\n credential,\n publicKey,\n encryptedVrfKeypair,\n vrfPublicKey,\n serverEncryptedVrfKeypair,\n }: {\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n publicKey: string;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n vrfPublicKey: string;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n }): Promise<void> {\n await this.atomicOperation(async (db) => {\n // Store credential for authentication\n const credentialId: string = credential.rawId;\n const attestationB64u: string = credential.response.attestationObject;\n const transports: string[] = credential.response?.transports;\n\n await this.storeAuthenticator({\n nearAccountId: nearAccountId,\n credentialId: credentialId,\n credentialPublicKey: await this.extractCosePublicKey(attestationB64u),\n transports,\n name: `VRF Passkey for ${this.extractUsername(nearAccountId)}`,\n registered: new Date().toISOString(),\n syncedAt: new Date().toISOString(),\n vrfPublicKey: vrfPublicKey,\n });\n\n // Store WebAuthn user data with encrypted VRF credentials\n await this.storeUserData({\n nearAccountId,\n deviceNumber: 1,\n clientNearPublicKey: publicKey,\n lastUpdated: Date.now(),\n passkeyCredential: {\n id: credential.id,\n rawId: credentialId\n },\n encryptedVrfKeypair: {\n encryptedVrfDataB64u: encryptedVrfKeypair.encryptedVrfDataB64u,\n chacha20NonceB64u: encryptedVrfKeypair.chacha20NonceB64u,\n },\n version: 2,\n serverEncryptedVrfKeypair: serverEncryptedVrfKeypair ? {\n ciphertextVrfB64u: serverEncryptedVrfKeypair?.ciphertextVrfB64u,\n kek_s_b64u: serverEncryptedVrfKeypair?.kek_s_b64u,\n serverKeyId: serverEncryptedVrfKeypair?.serverKeyId,\n updatedAt: Date.now(),\n } : undefined,\n });\n\n return true;\n });\n }\n\n ///////////////////////////////////////\n // SIGNER WASM WORKER OPERATIONS\n ///////////////////////////////////////\n\n /**\n * Transaction signing with contract verification and progress updates.\n * Demonstrates the \"streaming\" worker pattern similar to SSE.\n *\n * Requires a successful TouchID/biometric prompt before transaction signing in wasm worker\n * Automatically verifies the authentication with the web3authn contract.\n *\n * @param transactions - Transaction payload containing:\n * - receiverId: NEAR account ID receiving the transaction\n * - actions: Array of NEAR actions to execute\n * @param rpcCall: RpcCallPayload containing:\n * - contractId: Web3Authn contract ID for verification\n * - nearRpcUrl: NEAR RPC endpoint URL\n * - nearAccountId: NEAR account ID performing the transaction\n * @param confirmationConfigOverride: Optional confirmation configuration override\n * @param onEvent: Optional callback for progress updates during signing\n * @param onEvent - Optional callback for progress updates during signing\n */\n async signTransactionsWithActions({\n transactions,\n rpcCall,\n confirmationConfigOverride,\n title,\n body,\n onEvent,\n }: {\n transactions: TransactionInputWasm[],\n rpcCall: RpcCallPayload,\n // Accept partial override; merging happens in handlers layer\n confirmationConfigOverride?: Partial<ConfirmationConfig>,\n title?: string;\n body?: string;\n onEvent?: (update: onProgressEvents) => void,\n }): Promise<SignTransactionResult[]> {\n\n\t if (transactions.length === 0) {\n\t throw new Error('No payloads provided for signing');\n\t }\n\t const activeSessionId = this.getOrCreateActiveSigningSessionId(toAccountId(rpcCall.nearAccountId));\n\t return this.withSigningSession({\n\t sessionId: activeSessionId,\n\t handler: (sessionId) =>\n\t this.signerWorkerManager.signTransactionsWithActions({\n\t transactions,\n\t rpcCall,\n\t confirmationConfigOverride,\n\t title,\n\t body,\n\t onEvent,\n\t sessionId,\n\t }),\n\t });\n\t }\n\n async signDelegateAction({\n delegate,\n rpcCall,\n confirmationConfigOverride,\n title,\n body,\n onEvent,\n }: {\n delegate: DelegateActionInput;\n rpcCall: RpcCallPayload;\n // Accept partial override; merging happens in handlers layer\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n title?: string;\n body?: string;\n onEvent?: (update: onProgressEvents) => void;\n }): Promise<{\n signedDelegate: WasmSignedDelegate;\n hash: string;\n nearAccountId: AccountId;\n logs?: string[];\n }> {\n const nearAccountId = toAccountId(rpcCall.nearAccountId || delegate.senderId);\n const normalizedRpcCall: RpcCallPayload = {\n contractId: rpcCall.contractId || this.tatchiPasskeyConfigs.contractId,\n nearRpcUrl: rpcCall.nearRpcUrl || this.tatchiPasskeyConfigs.nearRpcUrl,\n nearAccountId,\n };\n\n\t try {\n\t const activeSessionId = this.getOrCreateActiveSigningSessionId(nearAccountId);\n\t return await this.withSigningSession({ sessionId: activeSessionId, handler: (sessionId) => {\n\t // eslint-disable-next-line no-console\n\t console.debug('[WebAuthnManager][delegate] session created', { sessionId });\n\t return this.signerWorkerManager.signDelegateAction({\n\t delegate,\n\t rpcCall: normalizedRpcCall,\n\t confirmationConfigOverride,\n\t title,\n\t body,\n\t onEvent,\n\t sessionId,\n\t });\n\t }});\n\t } catch (err) {\n\t // eslint-disable-next-line no-console\n\t console.error('[WebAuthnManager][delegate] failed', err);\n\t throw err;\n\t }\n }\n\n async signNEP413Message(payload: {\n message: string;\n recipient: string;\n nonce: string;\n state: string | null;\n accountId: AccountId;\n title?: string;\n body?: string;\n confirmationConfigOverride?: Partial<ConfirmationConfig>;\n }): Promise<{\n success: boolean;\n accountId: string;\n publicKey: string;\n signature: string;\n state?: string;\n error?: string;\n }> {\n\t try {\n\t const activeSessionId = this.getOrCreateActiveSigningSessionId(payload.accountId);\n\t const contractId = this.tatchiPasskeyConfigs.contractId;\n\t const nearRpcUrl = (this.tatchiPasskeyConfigs.nearRpcUrl.split(',')[0] || this.tatchiPasskeyConfigs.nearRpcUrl);\n\t const result = await this.withSigningSession({\n\t sessionId: activeSessionId,\n handler: (sessionId) =>\n this.signerWorkerManager.signNep413Message({ ...payload, sessionId, contractId, nearRpcUrl }),\n });\n\t if (result.success) {\n\t return result;\n\t } else {\n throw new Error(`NEP-413 signing failed: ${result.error || 'Unknown error'}`);\n }\n } catch (error: any) {\n console.error('WebAuthnManager: NEP-413 signing error:', error);\n return {\n success: false,\n accountId: '',\n publicKey: '',\n signature: '',\n error: error.message || 'Unknown error'\n };\n }\n }\n\n // === COSE OPERATIONS ===\n\n /**\n * Extract COSE public key from WebAuthn attestation object using WASM worker\n */\n async extractCosePublicKey(attestationObjectBase64url: string): Promise<Uint8Array> {\n return await this.signerWorkerManager.extractCosePublicKey(attestationObjectBase64url);\n }\n\n ///////////////////////////////////////\n // PRIVATE KEY EXPORT (Drawer/Modal in sandboxed iframe)\n ///////////////////////////////////////\n\n /** Worker-driven export: two-phase V2 (collect PRF → decrypt → show UI) */\n\t async exportNearKeypairWithUIWorkerDriven(\n\t nearAccountId: AccountId,\n\t options?: { variant?: 'drawer'|'modal', theme?: 'dark'|'light' }\n\t ): Promise<void> {\n\t await this.withSigningSession({ prefix: 'export-session', handler: async (sessionId) => {\n\t // Phase 1: collect PRF via LocalOnly(DECRYPT_PRIVATE_KEY_WITH_PRF) inside VRF worker\n\t // and derive WrapKeySeed with the vault-provided wrapKeySalt.\n\t await this.confirmDecryptAndDeriveWrapKeySeed({ nearAccountId, sessionId });\n\n // Phase 2 + 3: decrypt inside signer worker using the reserved session,\n // then show the export viewer UI.\n\t return this.signerWorkerManager.exportNearKeypairUi({\n\t nearAccountId,\n\t variant: options?.variant,\n\t theme: options?.theme,\n\t sessionId,\n\t });\n\t }});\n\t }\n\n async exportNearKeypairWithUI(\n nearAccountId: AccountId,\n options?: {\n variant?: 'drawer' | 'modal';\n theme?: 'dark' | 'light'\n }\n ): Promise<{ accountId: string; publicKey: string; privateKey: string }>{\n // Route to worker-driven two-phase flow. UI is shown inside the wallet host; no secrets are returned.\n await this.exportNearKeypairWithUIWorkerDriven(nearAccountId, options);\n // Surface the freshest device key for this account to the caller.\n // Prefer last user when it matches the account, else pick the most recently\n // updated user record for this account.\n let userData = await this.getLastUser();\n if (!userData || userData.nearAccountId !== nearAccountId) {\n userData = await IndexedDBManager.clientDB.getLastDBUpdatedUser(nearAccountId);\n }\n return {\n accountId: String(nearAccountId),\n publicKey: String(userData?.clientNearPublicKey || ''),\n privateKey: '',\n };\n }\n\n ///////////////////////////////////////\n // REGISTRATION\n ///////////////////////////////////////\n\n async checkCanRegisterUser({\n contractId,\n credential,\n vrfChallenge,\n authenticatorOptions,\n onEvent,\n }: {\n contractId: string,\n credential: WebAuthnRegistrationCredential,\n vrfChallenge: VRFChallenge,\n authenticatorOptions?: AuthenticatorOptions;\n onEvent?: (update: onProgressEvents) => void\n }): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: any;\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n }> {\n return await this.signerWorkerManager.checkCanRegisterUser({\n contractId,\n credential,\n vrfChallenge,\n authenticatorOptions,\n onEvent,\n nearRpcUrl: this.tatchiPasskeyConfigs.nearRpcUrl,\n });\n }\n\n ///////////////////////////////////////\n // ACCOUNT RECOVERY\n ///////////////////////////////////////\n\n /**\n * Recover keypair from authentication credential for account recovery\n * Uses dual PRF outputs to re-derive the same NEAR keypair and re-encrypt it\n * @param challenge - Random challenge for WebAuthn authentication ceremony\n * @param authenticationCredential - The authentication credential with dual PRF outputs\n * @param accountIdHint - Optional account ID hint for recovery\n * @returns Public key and encrypted private key for secure storage\n */\n async recoverKeypairFromPasskey(\n authenticationCredential: WebAuthnAuthenticationCredential,\n accountIdHint?: string,\n ): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n stored?: boolean;\n }> {\n try {\n // Verify we have an authentication credential (not registration)\n if (!authenticationCredential) {\n throw new Error(\n 'Authentication credential required for account recovery. ' +\n 'Use an existing credential with dual PRF outputs to re-derive the same NEAR keypair.'\n );\n }\n\n // Verify dual PRF outputs are available\n const prfResults = authenticationCredential.clientExtensionResults?.prf?.results;\n if (!prfResults?.first || !prfResults?.second) {\n throw new Error('Dual PRF outputs required for account recovery - both AES and Ed25519 PRF outputs must be available');\n }\n\n\t // Extract PRF.first for WrapKeySeed derivation\n\t // Orchestrate a VRF-owned signing session with WrapKeySeed derivation, then ask\n\t // the signer to recover and re-encrypt the NEAR keypair.\n\t const result = await this.withSigningSession({\n\t prefix: 'recover',\n\t options: { credential: authenticationCredential },\n\t handler: (sessionId) =>\n\t this.signerWorkerManager.recoverKeypairFromPasskey({\n\t credential: authenticationCredential,\n\t accountIdHint,\n\t sessionId,\n\t }),\n\t });\n\t return result;\n\n } catch (error: any) {\n console.error('WebAuthnManager: Deterministic keypair derivation error:', error);\n throw new Error(`Deterministic keypair derivation failed: ${error.message}`);\n }\n }\n\n async getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId,\n challenge,\n credentialIds,\n }: {\n nearAccountId: AccountId;\n challenge: VRFChallenge,\n credentialIds: string[];\n }): Promise<WebAuthnAuthenticationCredential> {\n // Same as getAuthenticationCredentialsSerialized but returns both PRF outputs (PRF.first + PRF.second).\n return this.touchIdPrompt.getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId,\n challenge,\n allowCredentials: credentialIds.map(id => ({\n id: id,\n type: 'public-key',\n transports: ['internal', 'hybrid', 'usb', 'ble'] as AuthenticatorTransport[]\n })),\n });\n }\n\n /**\n * Sign transaction with raw private key\n * for key replacement in device linking\n * No TouchID/PRF required - uses provided private key directly\n */\n async signTransactionWithKeyPair({\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash,\n actions\n }: {\n nearPrivateKey: string;\n signerAccountId: string;\n receiverId: string;\n nonce: string;\n blockHash: string;\n actions: ActionArgsWasm[];\n }): Promise<{\n signedTransaction: SignedTransaction;\n logs?: string[];\n }> {\n return await this.signerWorkerManager.signTransactionWithKeyPair({\n nearPrivateKey,\n signerAccountId,\n receiverId,\n nonce,\n blockHash,\n actions\n });\n }\n\n // ==============================\n // USER SETTINGS\n // ==============================\n\n /** * Get user preferences manager */\n getUserPreferences(): UserPreferencesManager {\n return this.userPreferencesManager;\n }\n\n /** * Clean up resources */\n destroy(): void {\n if (this.userPreferencesManager) {\n this.userPreferencesManager.destroy();\n }\n if (this.nonceManager) {\n this.nonceManager.clear();\n }\n this.activeSigningSessionIds.clear();\n }\n\n}\n","/**\n * Offline Export App (minimal, zero-config)\n *\n * Runs under `/offline-export/` on the wallet origin and reuses the\n * WebAuthnManager.exportNearKeypairWithUI() VRF-driven flow to decrypt and\n * display the private key export viewer. No network requests are made.\n *\n * See `docs/vrf2-refactor-export-keys.md` for the canonical export flow design.\n */\nimport { IndexedDBManager } from '../IndexedDBManager';\nimport { MinimalNearClient } from '../NearClient';\nimport { toAccountId } from '../types/accountIds';\nimport { OFFLINE_EXPORT_DONE, OFFLINE_EXPORT_ERROR } from './messages';\nimport type { TatchiConfigsInput } from '../types/tatchi';\nimport { WebAuthnManager } from '../WebAuthnManager';\nimport { TouchIdPrompt } from '../WebAuthnManager/touchIdPrompt';\nimport { createRandomVRFChallenge, type VRFChallenge } from '../types/vrf-worker';\nimport { buildConfigsFromEnv } from '../defaultConfigs';\n\nasync function registerServiceWorker(): Promise<void> {\n if (!('serviceWorker' in navigator)) return;\n // Register and await ready() only in this route; SW is in-scope here\n await navigator.serviceWorker\n .register('/offline-export/sw.js', { scope: '/offline-export/' })\n .catch(() => {});\n await navigator.serviceWorker.ready.catch(() => {});\n}\n\nasync function prewarmSdkAssets(): Promise<void> {\n // Only attempt network warm-up when online; SW will cache responses\n if (!navigator.onLine) return\n try {\n const resp = await fetch('/offline-export/precache.manifest.json', { cache: 'no-cache' })\n const all: string[] = resp.ok ? (await resp.json()) : []\n const priority = new Set<string>([\n '/offline-export/offline-export-app.js',\n '/sdk/offline-export-app.js',\n '/sdk/offline-export.css',\n '/sdk/export-private-key-viewer.js',\n '/sdk/iframe-export-bootstrap.js',\n '/sdk/export-viewer.css',\n '/sdk/export-iframe.css',\n '/offline-export/workers/web3authn-signer.worker.js',\n '/offline-export/workers/web3authn-vrf.worker.js',\n '/offline-export/workers/wasm_signer_worker_bg.wasm',\n '/offline-export/workers/wasm_vrf_worker_bg.wasm',\n '/sdk/workers/web3authn-signer.worker.js',\n '/sdk/workers/web3authn-vrf.worker.js',\n '/sdk/workers/wasm_signer_worker_bg.wasm',\n '/sdk/workers/wasm_vrf_worker_bg.wasm',\n ])\n const pri = Array.from(priority)\n const rest = all.filter((u) => !priority.has(u))\n await Promise.allSettled(pri.map((u) => fetch(u).then(() => void 0)))\n // Warm the remaining entries opportunistically\n const schedule = () => void Promise.allSettled(rest.map((u) => fetch(u).then(() => void 0)))\n try { (window as any).requestIdleCallback ? (window as any).requestIdleCallback(schedule, { timeout: 8000 }) : setTimeout(schedule, 800) } catch { setTimeout(schedule, 800) }\n } catch {}\n\n // Fallback: proactively cache any /sdk/* scripts that the offline page\n // already loaded as part of its initial bundle (e.g. common-*.js vendor chunks).\n // These are requested before the SW takes control, so we re-fetch them once\n // the SW is ready to ensure they are present in the offline cache.\n try {\n const origin = window.location.origin;\n const scriptPaths = Array.from(document.querySelectorAll('script[src]'))\n .map((el) => (el as HTMLScriptElement).src)\n .filter((src) => typeof src === 'string' && src.startsWith(origin + '/sdk/'))\n .map((src) => new URL(src).pathname);\n if (scriptPaths.length > 0) {\n await Promise.allSettled(\n scriptPaths.map((p) => fetch(p).then(() => void 0))\n );\n }\n } catch {}\n}\n\nfunction autoStartIfSingleUser(users: any[], selectedAccount: string, startExport: (acc: string) => Promise<void>): void {\n if (Array.isArray(users) && users.length === 1 && typeof selectedAccount === 'string' && selectedAccount) {\n setTimeout(() => { void startExport(selectedAccount) }, 0)\n }\n}\n\nfunction renderShell(message: string, canExport = false): HTMLButtonElement | null {\n document.documentElement.classList.add('w3a-transparent');\n document.body.classList.add('w3a-transparent');\n const root = document.createElement('div');\n root.className = 'offline-root'\n const h = document.createElement('h1');\n h.textContent = 'Offline Export';\n h.className = 'offline-title'\n const p = document.createElement('p');\n p.textContent = message;\n p.className = 'offline-desc'\n const info = document.createElement('div');\n info.className = 'offline-info';\n try {\n const tick = document.createElement('span');\n tick.className = 'offline-info-tick';\n tick.textContent = '✓';\n const label = document.createElement('span');\n label.textContent = ' Wallet origin: ';\n const url = document.createElement('a');\n url.className = 'offline-info-url';\n const origin = window.location.origin;\n url.href = origin;\n url.textContent = origin;\n url.target = '_blank';\n url.rel = 'noopener noreferrer';\n info.appendChild(tick);\n info.appendChild(label);\n info.appendChild(url);\n } catch {\n info.textContent = '✓ Wallet origin: (unknown)';\n }\n const btn = document.createElement('button');\n btn.textContent = 'Export My Key';\n btn.className = 'offline-btn'\n btn.disabled = !canExport;\n root.appendChild(h);\n root.appendChild(p);\n root.appendChild(info);\n root.appendChild(btn);\n document.body.appendChild(root);\n return canExport ? btn : null;\n}\n\nasync function main(): Promise<void> {\n await registerServiceWorker();\n // Best-effort: warm critical SDK assets so offline flow is reliable.\n // Do not block first paint — fire-and-forget.\n void prewarmSdkAssets();\n try {\n // Ensure worker scripts resolve under SW scope so their subresource fetches (WASM) are controlled\n (window as any).__W3A_SIGNER_WORKER_URL__ = '/offline-export/workers/web3authn-signer.worker.js'\n ;(window as any).__W3A_VRF_WORKER_URL__ = '/offline-export/workers/web3authn-vrf.worker.js'\n const rpOverrideFromMeta = (() => {\n const m = document.querySelector('meta[name=\"tatchi-rpid-base\"]') as HTMLMetaElement | null;\n const v = (m?.content || '').trim();\n return v || undefined;\n })();\n const deriveBaseDomain = (host: string): string | undefined => {\n const parts = (host || '').split('.');\n // Heuristic: use registrable suffix for dev hosts like wallet.example.localhost\n return parts.length >= 3 ? parts.slice(1).join('.') : undefined;\n };\n const inferredBase = deriveBaseDomain(window.location.hostname);\n const effectiveRpIdOverride = rpOverrideFromMeta || inferredBase;\n // Detect last user (same origin IndexedDB)\n const last = await IndexedDBManager.clientDB.getLastUser();\n const users = await IndexedDBManager.clientDB.getAllUsers().catch(() => []);\n\n // Optional preselected account via query string\n const qs = new URLSearchParams((window.location && window.location.search) || '')\n const qsAccountRaw = (qs.get('accountId') || '').trim()\n const qsAccount = qsAccountRaw ? String(toAccountId(qsAccountRaw)) : ''\n\n // Container: message + optional account selector + button + status line\n const defaultAccount = qsAccount || (last?.nearAccountId || '')\n if (!defaultAccount) {\n renderShell('No local account found on this device. Open the wallet once online on this device to prime offline export.');\n return;\n }\n const btn = renderShell('Authenticate with Touch ID/biometrics to export keys offline.', true);\n if (!btn) return;\n const container = btn.parentElement as HTMLDivElement;\n\n // Optional account selector when multiple local users exist\n let selectedAccount = defaultAccount as string;\n if (Array.isArray(users) && users.length > 1) {\n const label = document.createElement('label');\n label.textContent = 'Choose account:';\n label.className = 'offline-label'\n const sel = document.createElement('select');\n sel.className = 'offline-select'\n for (const u of users) {\n const opt = document.createElement('option');\n opt.value = (u as any).nearAccountId;\n opt.textContent = (u as any).nearAccountId;\n if ((u as any).nearAccountId === selectedAccount) opt.selected = true;\n sel.appendChild(opt);\n }\n sel.addEventListener('change', () => { selectedAccount = sel.value; statusEl.textContent = ''; });\n container.insertBefore(sel, btn);\n container.insertBefore(label, sel);\n }\n\n // Status line for inline errors/info\n const statusEl = document.createElement('div');\n statusEl.className = 'offline-status'\n container.appendChild(statusEl);\n\n // Pre-flight: soft-check for local authenticators (do not block)\n async function ensureLocalAuthenticators(acc: string): Promise<any[]> {\n try {\n const authenticators = await IndexedDBManager.clientDB.getAuthenticatorsByUser(acc as any);\n if (!Array.isArray(authenticators) || authenticators.length === 0) {\n console.warn('[offline-export] No local passkeys in IndexedDB; proceeding (resident credentials may still be available)');\n statusEl.textContent = 'Tip: open the wallet on this device once online to prime offline export. If a passkey exists on this device, you can still proceed.';\n return [];\n }\n return authenticators;\n } catch (e) {\n console.warn('[offline-export] Failed to read authenticators; proceeding anyway', e);\n return [];\n }\n }\n\n let started = false;\n const defaultBtnLabel = btn.textContent || 'Export My Key';\n const startExport = async (account: string) => {\n if (started) return;\n started = true;\n btn.disabled = true;\n btn.classList.add('loading');\n try { btn.textContent = 'Exporting…'; btn.setAttribute('aria-busy', 'true'); } catch {}\n statusEl.textContent = '';\n try {\n // Soft-check (non-blocking) — we may still have resident credentials\n const authenticators = await ensureLocalAuthenticators(account);\n\n // Instantiate WebAuthnManager with minimal offline configs. No network RPC is used in export flow.\n const near = new MinimalNearClient('https://rpc.invalid.local');\n const offlineConfigsInput: TatchiConfigsInput = {\n nearRpcUrl: 'https://rpc.invalid.local',\n nearNetwork: 'testnet',\n contractId: 'w3a-v1.testnet',\n walletTheme: 'dark',\n iframeWallet: effectiveRpIdOverride ? { rpIdOverride: effectiveRpIdOverride } : undefined,\n relayer: {\n url: 'https://rpc.invalid.local',\n },\n };\n const offlineConfigs = buildConfigsFromEnv(offlineConfigsInput);\n const webAuthnManager = new WebAuthnManager(offlineConfigs, near);\n console.debug('[offline-export] rpId (hostname):', window.location.hostname);\n if (effectiveRpIdOverride) {\n console.debug('[offline-export] rpIdOverride:', effectiveRpIdOverride);\n }\n try {\n // Attempt direct export using WebAuthnManager's worker-driven flow\n await webAuthnManager.exportNearKeypairWithUI(toAccountId(account), {\n variant: 'drawer',\n theme: 'dark',\n });\n } catch (err: any) {\n const msg = String(err?.message || err || '');\n const isMissingLocalKeyMaterial = msg.includes('Missing local key material for export');\n const isAeadDecryptMismatch =\n msg.includes('Decryption failed: Decryption error: aead::Error') || msg.includes('aead::Error');\n\n if (isMissingLocalKeyMaterial || isAeadDecryptMismatch) {\n // Attempt local recovery of key material from passkey, then retry\n statusEl.textContent = isAeadDecryptMismatch\n ? 'Decryption failed. Attempting recovery with your passkey…'\n : 'Missing local key material. Attempting recovery with your passkey…';\n const tip = new TouchIdPrompt(effectiveRpIdOverride);\n const challenge = createRandomVRFChallenge() as VRFChallenge;\n const allowCredentials = Array.isArray(authenticators) && authenticators.length > 0\n ? authenticators.map((a: any) => ({ id: a.credentialId, type: 'public-key', transports: a.transports as any }))\n : [];\n const authCred = await tip.getAuthenticationCredentialsSerializedDualPrf({\n nearAccountId: account,\n challenge,\n allowCredentials,\n });\n // Recover NEAR keypair using WebAuthnManager's recovery flow\n const rec = await webAuthnManager.recoverKeypairFromPasskey(authCred, account);\n if (!rec.wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in recovered key material; re-register to upgrade vault format.');\n }\n // Store encrypted key locally for this device. Prefer the last logged-in\n // device for this account; fall back to device 1 for legacy cases.\n const accountId = toAccountId(account);\n const [last, latest] = await Promise.all([\n IndexedDBManager.clientDB.getLastUser().catch(() => null),\n IndexedDBManager.clientDB.getLastDBUpdatedUser(accountId).catch(() => null),\n ]);\n const deviceNumber =\n (last && last.nearAccountId === accountId && typeof last.deviceNumber === 'number')\n ? last.deviceNumber\n : (latest && latest.nearAccountId === accountId && typeof latest.deviceNumber === 'number')\n ? latest.deviceNumber\n : 1;\n\n // Safety check: only overwrite local vault material if the recovered public key\n // matches what we already have for this account/device.\n const existing = await IndexedDBManager.clientDB.getUserByDevice(accountId, deviceNumber).catch(() => null);\n if (isAeadDecryptMismatch && !existing) {\n throw new Error(\n `Decryption failed and no local user record was found for '${account}'. ` +\n 'Open the wallet once online on this device to restore local vault state, then retry offline export.'\n );\n }\n const expectedPublicKey = String(existing?.clientNearPublicKey || '');\n if (expectedPublicKey && expectedPublicKey !== rec.publicKey) {\n throw new Error(\n `Selected passkey does not match the existing key for '${account}'. ` +\n 'Please select the correct passkey for this account and try again.'\n );\n }\n\n await IndexedDBManager.nearKeysDB.storeEncryptedKey({\n nearAccountId: account,\n deviceNumber,\n encryptedData: rec.encryptedPrivateKey,\n chacha20NonceB64u: rec.chacha20NonceB64u,\n wrapKeySalt: rec.wrapKeySalt,\n version: 2,\n timestamp: Date.now(),\n });\n // Upsert public key if missing for this device\n if (!existing?.clientNearPublicKey) {\n try { await IndexedDBManager.clientDB.updateUser(accountId, { clientNearPublicKey: rec.publicKey }); } catch {}\n }\n statusEl.textContent = 'Recovered local key material. Opening export viewer…';\n await webAuthnManager.exportNearKeypairWithUI(toAccountId(account), {\n variant: 'drawer',\n theme: 'dark',\n });\n } else {\n throw err;\n }\n }\n // Notify parent (overlay controllers) that the export UI has been shown\n window.parent?.postMessage?.({ type: OFFLINE_EXPORT_DONE, nearAccountId: account }, '*');\n } catch (e: any) {\n console.error('[offline-export] export failed', e);\n const msg = String(e?.message || e || '');\n if (msg.includes('User cancelled secure confirm request')) {\n // Differentiate common NotAllowedError path vs explicit cancel\n statusEl.textContent = `No matching passkeys for this origin or the prompt was cancelled. Ensure this device has a passkey for '${account}' on ${window.location.hostname}, then try again.`;\n } else if (msg.includes('NotAllowedError')) {\n statusEl.textContent = `No matching passkeys available for '${account}' on this device.`;\n } else if (msg.includes('Missing local key material')) {\n statusEl.textContent = 'Missing local key material for export. Open the wallet on this device once online to prime offline export.';\n } else {\n statusEl.textContent = 'Export failed: ' + msg;\n }\n window.parent?.postMessage?.({ type: OFFLINE_EXPORT_ERROR, error: msg }, '*');\n } finally {\n btn.disabled = false;\n btn.classList.remove('loading');\n try { btn.textContent = defaultBtnLabel; btn.removeAttribute('aria-busy'); } catch {}\n started = false;\n }\n };\n\n // Click handler uses current selected account\n btn.addEventListener('click', async () => { await startExport(selectedAccount); });\n } catch (e) {\n console.error('[offline-export] bootstrap failed', e);\n renderShell('Failed to initialize offline export on this device.');\n }\n}\n\nif (document.readyState === 'loading') {\n document.addEventListener('DOMContentLoaded', () => void main());\n} else {\n void main();\n}\n\nexport {}\n"],"x_google_ignoreList":[0,6,7],"mappings":";;;;;;AAAA,MAAM,iBAAiB,QAAQ,iBAAiB,aAAa,MAAM,MAAM,kBAAkB;AAE3F,IAAI;AACJ,IAAI;AAEJ,SAAS,uBAAuB;AAC5B,QAAQ,sBACH,oBAAoB;EACjB;EACA;EACA;EACA;EACA;;;AAIZ,SAAS,0BAA0B;AAC/B,QAAQ,yBACH,uBAAuB;EACpB,UAAU,UAAU;EACpB,UAAU,UAAU;EACpB,UAAU,UAAU;;;AAGhC,MAAM,qCAAqB,IAAI;AAC/B,MAAM,iCAAiB,IAAI;AAC3B,MAAM,wCAAwB,IAAI;AAClC,SAAS,iBAAiB,SAAS;CAC/B,MAAM,UAAU,IAAI,SAAS,SAAS,WAAW;EAC7C,MAAM,iBAAiB;AACnB,WAAQ,oBAAoB,WAAW;AACvC,WAAQ,oBAAoB,SAAS;;EAEzC,MAAM,gBAAgB;AAClB,WAAQ,KAAK,QAAQ;AACrB;;EAEJ,MAAM,cAAc;AAChB,UAAO,QAAQ;AACf;;AAEJ,UAAQ,iBAAiB,WAAW;AACpC,UAAQ,iBAAiB,SAAS;;AAItC,uBAAsB,IAAI,SAAS;AACnC,QAAO;;AAEX,SAAS,+BAA+B,IAAI;AAExC,KAAI,mBAAmB,IAAI,IACvB;CACJ,MAAM,OAAO,IAAI,SAAS,SAAS,WAAW;EAC1C,MAAM,iBAAiB;AACnB,MAAG,oBAAoB,YAAY;AACnC,MAAG,oBAAoB,SAAS;AAChC,MAAG,oBAAoB,SAAS;;EAEpC,MAAM,iBAAiB;AACnB;AACA;;EAEJ,MAAM,cAAc;AAChB,UAAO,GAAG,SAAS,IAAI,aAAa,cAAc;AAClD;;AAEJ,KAAG,iBAAiB,YAAY;AAChC,KAAG,iBAAiB,SAAS;AAC7B,KAAG,iBAAiB,SAAS;;AAGjC,oBAAmB,IAAI,IAAI;;AAE/B,IAAI,gBAAgB;CAChB,IAAI,QAAQ,MAAM,UAAU;AACxB,MAAI,kBAAkB,gBAAgB;AAElC,OAAI,SAAS,OACT,QAAO,mBAAmB,IAAI;AAElC,OAAI,SAAS,QACT,QAAO,SAAS,iBAAiB,KAC3B,SACA,SAAS,YAAY,SAAS,iBAAiB;;AAI7D,SAAO,KAAK,OAAO;;CAEvB,IAAI,QAAQ,MAAM,OAAO;AACrB,SAAO,QAAQ;AACf,SAAO;;CAEX,IAAI,QAAQ,MAAM;AACd,MAAI,kBAAkB,mBACjB,SAAS,UAAU,SAAS,SAC7B,QAAO;AAEX,SAAO,QAAQ;;;AAGvB,SAAS,aAAa,UAAU;AAC5B,iBAAgB,SAAS;;AAE7B,SAAS,aAAa,MAAM;AAQxB,KAAI,0BAA0B,SAAS,MACnC,QAAO,SAAU,GAAG,MAAM;AAGtB,OAAK,MAAM,OAAO,OAAO;AACzB,SAAO,KAAK,KAAK;;AAGzB,QAAO,SAAU,GAAG,MAAM;AAGtB,SAAO,KAAK,KAAK,MAAM,OAAO,OAAO;;;AAG7C,SAAS,uBAAuB,OAAO;AACnC,KAAI,OAAO,UAAU,WACjB,QAAO,aAAa;AAGxB,KAAI,iBAAiB,eACjB,gCAA+B;AACnC,KAAI,cAAc,OAAO,wBACrB,QAAO,IAAI,MAAM,OAAO;AAE5B,QAAO;;AAEX,SAAS,KAAK,OAAO;AAGjB,KAAI,iBAAiB,WACjB,QAAO,iBAAiB;AAG5B,KAAI,eAAe,IAAI,OACnB,QAAO,eAAe,IAAI;CAC9B,MAAM,WAAW,uBAAuB;AAGxC,KAAI,aAAa,OAAO;AACpB,iBAAe,IAAI,OAAO;AAC1B,wBAAsB,IAAI,UAAU;;AAExC,QAAO;;AAEX,MAAM,UAAU,UAAU,sBAAsB,IAAI;;;;;;;;AASpD,SAAS,OAAO,MAAM,SAAS,EAAE,SAAS,SAAS,UAAU,eAAe,IAAI;CAC5E,MAAM,UAAU,UAAU,KAAK,MAAM;CACrC,MAAM,cAAc,KAAK;AACzB,KAAI,QACA,SAAQ,iBAAiB,kBAAkB,UAAU;AACjD,UAAQ,KAAK,QAAQ,SAAS,MAAM,YAAY,MAAM,YAAY,KAAK,QAAQ,cAAc;;AAGrG,KAAI,QACA,SAAQ,iBAAiB,YAAY,UAAU,QAE/C,MAAM,YAAY,MAAM,YAAY;AAExC,aACK,MAAM,OAAO;AACd,MAAI,WACA,IAAG,iBAAiB,eAAe;AACvC,MAAI,SACA,IAAG,iBAAiB,kBAAkB,UAAU,SAAS,MAAM,YAAY,MAAM,YAAY;IAGhG,YAAY;AACjB,QAAO;;AAiBX,MAAM,cAAc;CAAC;CAAO;CAAU;CAAU;CAAc;;AAC9D,MAAM,eAAe;CAAC;CAAO;CAAO;CAAU;;AAC9C,MAAM,gCAAgB,IAAI;AAC1B,SAAS,UAAU,QAAQ,MAAM;AAC7B,KAAI,EAAE,kBAAkB,eACpB,EAAE,QAAQ,WACV,OAAO,SAAS,UAChB;AAEJ,KAAI,cAAc,IAAI,MAClB,QAAO,cAAc,IAAI;CAC7B,MAAM,iBAAiB,KAAK,QAAQ,cAAc;CAClD,MAAM,WAAW,SAAS;CAC1B,MAAM,UAAU,aAAa,SAAS;AACtC,KAEA,EAAE,mBAAmB,WAAW,WAAW,gBAAgB,cACvD,EAAE,WAAW,YAAY,SAAS,iBAClC;CAEJ,MAAM,SAAS,eAAgB,WAAW,GAAG,MAAM;EAE/C,MAAM,KAAK,KAAK,YAAY,WAAW,UAAU,cAAc;EAC/D,IAAIA,WAAS,GAAG;AAChB,MAAI,SACA,YAASA,SAAO,MAAM,KAAK;AAM/B,UAAQ,MAAM,QAAQ,IAAI,CACtBA,SAAO,gBAAgB,GAAG,OAC1B,WAAW,GAAG,QACd;;AAER,eAAc,IAAI,MAAM;AACxB,QAAO;;AAEX,cAAc,cAAc;CACxB,GAAG;CACH,MAAM,QAAQ,MAAM,aAAa,UAAU,QAAQ,SAAS,SAAS,IAAI,QAAQ,MAAM;CACvF,MAAM,QAAQ,SAAS,CAAC,CAAC,UAAU,QAAQ,SAAS,SAAS,IAAI,QAAQ;;AAG7E,MAAM,qBAAqB;CAAC;CAAY;CAAsB;;AAC9D,MAAM,YAAY;AAClB,MAAM,iCAAiB,IAAI;AAC3B,MAAM,mDAAmC,IAAI;AAC7C,MAAM,sBAAsB,EACxB,IAAI,QAAQ,MAAM;AACd,KAAI,CAAC,mBAAmB,SAAS,MAC7B,QAAO,OAAO;CAClB,IAAI,aAAa,UAAU;AAC3B,KAAI,CAAC,WACD,cAAa,UAAU,QAAQ,SAAU,GAAG,MAAM;AAC9C,iBAAe,IAAI,MAAM,iCAAiC,IAAI,MAAM,MAAM,GAAG;;AAGrF,QAAO;;AAGf,gBAAgB,QAAQ,GAAG,MAAM;CAE7B,IAAI,SAAS;AACb,KAAI,EAAE,kBAAkB,WACpB,UAAS,MAAM,OAAO,WAAW,GAAG;AAExC,KAAI,CAAC,OACD;AACJ,UAAS;CACT,MAAM,gBAAgB,IAAI,MAAM,QAAQ;AACxC,kCAAiC,IAAI,eAAe;AAEpD,uBAAsB,IAAI,eAAe,OAAO;AAChD,QAAO,QAAQ;AACX,QAAM;AAEN,WAAS,OAAO,eAAe,IAAI,kBAAkB,OAAO;AAC5D,iBAAe,OAAO;;;AAG9B,SAAS,eAAe,QAAQ,MAAM;AAClC,QAAS,SAAS,OAAO,iBACrB,cAAc,QAAQ;EAAC;EAAU;EAAgB;OAChD,SAAS,aAAa,cAAc,QAAQ,CAAC,UAAU;;AAEhE,cAAc,cAAc;CACxB,GAAG;CACH,IAAI,QAAQ,MAAM,UAAU;AACxB,MAAI,eAAe,QAAQ,MACvB,QAAO;AACX,SAAO,SAAS,IAAI,QAAQ,MAAM;;CAEtC,IAAI,QAAQ,MAAM;AACd,SAAO,eAAe,QAAQ,SAAS,SAAS,IAAI,QAAQ;;;;;;AC5SpE,IAAI;AAaJ,MAAM,oBAAqB,OAAO,gBAAgB,cAAc,IAAI,YAAY,WAAW,EAAE,cAAc;AAAE,OAAM,MAAM;;AAEzH,MAAM,eAAgB,OAAO,kBAAkB,eAAe,aACxD,SAAU,KAAK,MAAM;AACvB,QAAO,kBAAkB,WAAW,KAAK;IAEvC,SAAU,KAAK,MAAM;CACvB,MAAM,MAAM,kBAAkB,OAAO;AACrC,MAAK,IAAI;AACT,QAAO;EACH,MAAM,IAAI;EACV,SAAS,IAAI;;;AAmErB,MAAM,oBAAqB,OAAO,gBAAgB,cAAc,IAAI,YAAY,SAAS;CAAE,WAAW;CAAM,OAAO;KAAU,EAAE,cAAc;AAAE,OAAM,MAAM;;AAE3J,IAAI,OAAO,gBAAgB,YAAe,mBAAkB;AAW5D,MAAM,gBAAiB,OAAO,yBAAyB,cACjD;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,UAAS;AACpC,MAAK,oBAAoB,IAAI,MAAM,MAAM,MAAM,GAAG,MAAM;;;;;;AA8L5D,MAAa,uBAAuB,OAAO,OAAO;CAC9C,cAAc;CAAG,KAAK;CACtB,aAAa;CAAG,KAAK;;;;;;AAMzB,MAAa,qBAAqB,OAAO,OAAO;CAC5C,MAAM;CAAG,KAAK;CACd,OAAO;CAAG,KAAK;CACf,QAAQ;CAAG,KAAK;;;;;;;;;AASpB,MAAa,sBAAsB,OAAO,OAAO;CAC7C,sBAAsB;CAAI,MAAM;CAChC,sBAAsB;CAAI,MAAM;CAChC,wBAAwB;CAAI,MAAM;CAClC,wBAAwB;CAAI,MAAM;;;;;;;AAOtC,MAAa,eAAe,OAAO,OAAO;CACtC,aAAa;CAAK,OAAO;CACzB,kBAAkB;CAAK,OAAO;CAC9B,wBAAwB;CAAK,OAAO;CACpC,wBAAwB;CAAK,OAAO;CACpC,4BAA4B;CAAK,OAAO;CACxC,4BAA4B;CAAK,OAAO;CACxC,OAAO;CAAK,OAAO;;;;;;AAMvB,MAAaC,2BAAyB,OAAO,OAAO;CAChD,UAAU;CAAG,KAAK;CAClB,WAAW;CAAG,KAAK;CACnB,aAAa;CAAG,KAAK;;;;;AAKzB,MAAa,oBAAoB,OAAO,OAAO;CAC3C,6BAA6B;CAAG,KAAK;CACrC,2BAA2B;CAAG,KAAK;CACnC,0BAA0B;CAAG,KAAK;CAClC,6BAA6B;CAAG,KAAK;CACrC,sBAAsB;CAAG,KAAK;CAC9B,4BAA4B;CAAG,KAAK;CACpC,mBAAmB;CAAG,KAAK;CAC3B,+BAA+B;CAAG,KAAK;CACvC,oBAAoB;CAAG,KAAK;;;;;;AAMhC,MAAa,qBAAqB,OAAO,OAAO;CAC5C,oCAAoC;CAAG,KAAK;CAC5C,kCAAkC;CAAG,KAAK;CAC1C,iCAAiC;CAAG,KAAK;CACzC,oCAAoC;CAAG,KAAK;CAC5C,6BAA6B;CAAG,KAAK;CACrC,mCAAmC;CAAG,KAAK;CAC3C,0BAA0B;CAAG,KAAK;CAClC,sCAAsC;CAAG,KAAK;CAC9C,2BAA2B;CAAG,KAAK;CACnC,oCAAoC;CAAG,KAAK;CAC5C,kCAAkC;CAAI,MAAM;CAC5C,iCAAiC;CAAI,MAAM;CAC3C,oCAAoC;CAAI,MAAM;CAC9C,6BAA6B;CAAI,MAAM;CACvC,mCAAmC;CAAI,MAAM;CAC7C,0BAA0B;CAAI,MAAM;CACpC,sCAAsC;CAAI,MAAM;CAChD,2BAA2B;CAAI,MAAM;CACrC,sBAAsB;CAAI,MAAM;CAChC,sBAAsB;CAAI,MAAM;CAChC,wBAAwB;CAAI,MAAM;CAClC,wBAAwB;CAAI,MAAM;;AAGtC,MAAM,qCAAsC,OAAO,yBAAyB,cACtE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,kCAAkC,QAAQ,GAAG;AAkHxF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AA0DtF,MAAM,qCAAsC,OAAO,yBAAyB,cACtE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,kCAAkC,QAAQ,GAAG;AAwCxF,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAsFpF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAkCtF,MAAM,uCAAwC,OAAO,yBAAyB,cACxE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,oCAAoC,QAAQ,GAAG;AAmI1F,MAAM,sCAAuC,OAAO,yBAAyB,cACvE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,mCAAmC,QAAQ,GAAG;AA6EzF,MAAM,gCAAiC,OAAO,yBAAyB,cACjE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6BAA6B,QAAQ,GAAG;AAmFnF,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAsJpF,MAAM,iDAAkD,OAAO,yBAAyB,cAClF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8CAA8C,QAAQ,GAAG;AAgGpG,MAAM,gDAAiD,OAAO,yBAAyB,cACjF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6CAA6C,QAAQ,GAAG;AAuLnG,MAAM,wCAAyC,OAAO,yBAAyB,cACzE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,qCAAqC,QAAQ,GAAG;AAwF3F,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAwCpF,MAAM,8BAA+B,OAAO,yBAAyB,cAC/D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,2BAA2B,QAAQ,GAAG;AAiIjF,MAAM,gCAAiC,OAAO,yBAAyB,cACjE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6BAA6B,QAAQ,GAAG;AA2EnF,MAAM,yBAA0B,OAAO,yBAAyB,cAC1D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,sBAAsB,QAAQ,GAAG;AAiE5E,MAAM,yBAA0B,OAAO,yBAAyB,cAC1D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,sBAAsB,QAAQ,GAAG;AAwC5E,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;AA2EvF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAwJtF,MAAM,mDAAoD,OAAO,yBAAyB,cACpF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gDAAgD,QAAQ,GAAG;AAgHtG,MAAM,kDAAmD,OAAO,yBAAyB,cACnF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,+CAA+C,QAAQ,GAAG;AA+JrG,MAAM,kCAAmC,OAAO,yBAAyB,cACnE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,+BAA+B,QAAQ,GAAG;AAyIrF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAwFtF,MAAM,6BAA8B,OAAO,yBAAyB,cAC9D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,0BAA0B,QAAQ,GAAG;AAyFhF,MAAM,mCAAoC,OAAO,yBAAyB,cACpE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gCAAgC,QAAQ,GAAG;AAgJtF,MAAM,+CAAgD,OAAO,yBAAyB,cAChF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,4CAA4C,QAAQ,GAAG;AAgJlG,MAAM,gCAAiC,OAAO,yBAAyB,cACjE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,6BAA6B,QAAQ,GAAG;AAwMnF,MAAM,+BAAgC,OAAO,yBAAyB,cAChE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,4BAA4B,QAAQ,GAAG;AA8HlF,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAgHpF,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;AAsJvF,MAAM,2BAA4B,OAAO,yBAAyB,cAC5D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,wBAAwB,QAAQ,GAAG;AAyM9E,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AA6HpF,MAAM,4BAA6B,OAAO,yBAAyB,cAC7D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,yBAAyB,QAAQ,GAAG;AAmE/E,MAAM,4BAA6B,OAAO,yBAAyB,cAC7D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,yBAAyB,QAAQ,GAAG;AAmE/E,MAAM,iCAAkC,OAAO,yBAAyB,cAClE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,8BAA8B,QAAQ,GAAG;AAqGpF,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;AAgGvF,MAAM,8BAA+B,OAAO,yBAAyB,cAC/D;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,2BAA2B,QAAQ,GAAG;AAuJjF,MAAM,qDAAsD,OAAO,yBAAyB,cACtF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,kDAAkD,QAAQ,GAAG;AAmOxG,MAAM,mDAAoD,OAAO,yBAAyB,cACpF;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,gDAAgD,QAAQ,GAAG;AAgOtG,MAAM,oCAAqC,OAAO,yBAAyB,cACrE;CAAE,gBAAgB;CAAI,kBAAkB;IACxC,IAAI,sBAAqB,QAAO,KAAK,iCAAiC,QAAQ,GAAG;;;;ACrnJvF,MAAaC,8BAAkD;CAC7D,QAAQ;CACR,UAAU;CACV,kBAAkB;CAClB,OAAO;;AAgLT,SAAgB,iBACd,UACoC;AACpC,QACE,SAAS,SAAS,mBAAmB,wBACrC,SAAS,SAAS,mBAAmB,wBACrC,SAAS,SAAS,mBAAmB,0BACrC,SAAS,SAAS,mBAAmB;;AAIzC,SAAgB,gBACd,UACsC;AACtC,QACE,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,oCACrC,SAAS,SAAS,mBAAmB,mCACrC,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,6BACrC,SAAS,SAAS,mBAAmB,+BACrC,SAAS,SAAS,mBAAmB,qCACrC,SAAS,SAAS,mBAAmB,4BACrC,SAAS,SAAS,mBAAmB;;AAIzC,SAAgB,cACd,UACiC;AACjC,QACE,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,oCACrC,SAAS,SAAS,mBAAmB,mCACrC,SAAS,SAAS,mBAAmB,sCACrC,SAAS,SAAS,mBAAmB,6BACrC,SAAS,SAAS,mBAAmB,+BACrC,SAAS,SAAS,mBAAmB,qCACrC,SAAS,SAAS,mBAAmB,4BACrC,SAAS,SAAS,mBAAmB;;AAMzC,SAAgB,qCAAqC,UAAuH;AAC1K,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,mCAAmC,UAAmH;AACpK,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,qCAAqC,UAAwH;AAC3K,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,4BAA4B,UAAgH;AAC1J,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,kCAAkC,UAAoH;AACpK,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,8BAA8B,UAAoH;AAChK,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,2BAA2B,UAAgH;AACzJ,QAAO,SAAS,SAAS,mBAAmB;;AAG9C,SAAgB,uCACd,UAC2F;AAC3F,QAAO,SAAS,SAAS,mBAAmB;;;;;ACvU9C,MAAMC,cAAmC;CACvC,QAAQ;CACR,WAAW;CACX,WAAW;CACX,eAAe;CACf,oBAAoB;CACpB,qBAAqB;CACrB,oBAAoB;;AAiDtB,IAAa,yBAAb,MAAoC;CAClC,AAAQ;CACR,AAAQ,KAA0B;CAClC,AAAQ,WAAW;CACnB,AAAQ,iCAAuD,IAAI;CAEnE,YAAY,SAAgCC,aAAW;AACrD,OAAK,SAAS;;CAGhB,YAAoB;AAClB,SAAO,KAAK,OAAO;;CAGrB,UAAU,QAAsB;EAC9B,MAAM,OAAO,OAAO,UAAU,IAAI;AAClC,MAAI,CAAC,QAAQ,SAAS,KAAK,OAAO,OAAQ;AAC1C,MAAI;AAAE,GAAC,KAAK,IAAY;UAAmB;AAC3C,OAAK,KAAK;AACV,OAAK,SAAS;GAAE,GAAG,KAAK;GAAQ,QAAQ;;;CAG1C,aAAsB;AACpB,SAAO,KAAK;;CAGd,YAAY,UAAyB;EACnC,MAAM,OAAO,CAAC,CAAC;AACf,MAAI,SAAS,KAAK,SAAU;AAC5B,OAAK,WAAW;AAChB,MAAI,MAAM;AACR,OAAI;AAAE,IAAC,KAAK,IAAY;WAAmB;AAC3C,QAAK,KAAK;;;CAMd,SAAS,UAAuD;AAC9D,OAAK,eAAe,IAAI;AACxB,eAAa;AACX,QAAK,eAAe,OAAO;;;CAI/B,AAAQ,UAAU,OAA6B;AAC7C,OAAK,eAAe,SAAQ,aAAY;AACtC,OAAI;AACF,aAAS;YACF,OAAO;AACd,YAAQ,KAAK,gDAAgD;;;;CAKnE,MAAc,QAA+B;AAC3C,MAAI,KAAK,SACP,OAAM,IAAI,MAAM;AAElB,MAAI,KAAK,GACP,QAAO,KAAK;AAGd,MAAI;AACF,QAAK,KAAK,MAAM,OAAO,KAAK,OAAO,QAAQ,KAAK,OAAO,WAAW;IAClE,UAAU,IAAI,YAAY,aAAa,iBAAuB;AAE1D,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,YAAY;MAEtD,MAAM,YAAY,GAAG,kBAAkBA,YAAU,WAAW,EAAE,SAAS,CAAC,iBAAiB;AACzF,gBAAU,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;;AAEpE,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,eAC1C,IAAG,kBAAkBA,YAAU,eAAe,EAAE,SAAS;AAE3D,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,qBAAqB;MAE/D,MAAM,YAAY,GAAG,kBAAkBA,YAAU,oBAAoB,EAAE,SAAS;OAAC;OAAiB;OAAgB;;AAClH,gBAAU,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;;AAEpE,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,sBAAsB;MAEhE,MAAM,SAAS,GAAG,kBAAkBA,YAAU,qBAAqB,EAAE,SAAS;OAAC;OAAiB;OAAc;;AAC9G,UAAI;AAAE,cAAO,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;cAAkB;;AAEzF,SAAI,CAAC,GAAG,iBAAiB,SAASA,YAAU,qBAAqB;MAE/D,MAAM,SAAS,GAAG,kBAAkBA,YAAU,oBAAoB,EAAE,SAAS,CAAC,iBAAiB;AAC/F,UAAI;AAAE,cAAO,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;cAAkB;;;IAG3F,UAAU;AACR,aAAQ,KAAK;;IAEf,WAAW;AACT,aAAQ,KAAK;;IAEf,kBAAkB;AAChB,aAAQ,KAAK;AACb,UAAK,KAAK;;;AAKd,OAAI;AAAE,UAAM,KAAK,sBAAsB,KAAK;WAAa;WAElDC,KAAU;GACjB,MAAM,MAAM,OAAO,KAAK,WAAW;AACnC,OAAI,KAAK,SAAS,kBAAkB,kCAAkC,KAAK,KAEzE,KAAI;AACF,YAAQ,KAAK;AACb,SAAK,KAAK,MAAM,OAAO,KAAK,OAAO;YAC5B,GAAG;AACV,UAAM;;OAGR,OAAM;;AAIV,SAAO,KAAK;;CAGd,MAAc,sBAAsB,KAAkC;CAMtE,MAAM,YAAyB,KAAqC;EAClE,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,SAAS,MAAM,GAAG,IAAID,YAAU,eAAe;AACrD,SAAO,QAAQ;;CAGjB,MAAM,YAAyB,KAAa,OAAyB;EACnE,MAAM,KAAK,MAAM,KAAK;EACtB,MAAME,QAA0B;GAAE;GAAK;;AACvC,QAAM,GAAG,IAAIF,YAAU,eAAe;;;;;;CASxC,sBAAsB,eAA4C;AAChE,SAAO,sBAAsB;;;;;CAM/B,gBAAgB,eAAkC;EAChD,MAAM,aAAa,sBAAsB;AACzC,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,4BAA4B,WAAW;AAEzD,SAAO,cAAc,MAAM,KAAK;;;;;;;;CASlC,sBAAsB,UAAkB,QAAwB;EAC9D,MAAM,gBAAgB,SACnB,cACA,QAAQ,kBAAkB,IAC1B,UAAU,GAAG;AAChB,SAAO,GAAG,cAAc,GAAG;;CAK7B,MAAM,QAAQ,eAA0B,cAAuD;AAC7F,MAAI,CAAC,cAAe,QAAO;EAE3B,MAAM,aAAa,KAAK,sBAAsB;AAC9C,MAAI,CAAC,WAAW,OAAO;AACrB,WAAQ,KAAK,8BAA8B;AAC3C,UAAO;;EAGT,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;AAE9B,MAAI,OAAO,iBAAiB,UAAU;GACpC,MAAM,MAAM,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW;AAC1D,OAAI,CAAC,IAAK,QAAO;AACjB,UAAO,MAAM,KAAK,0BAA0B,KAAyC;;EAGvF,MAAM,QAAQ,GAAG,YAAYA,YAAU,WAAW,MAAM,MAAM;EAC9D,MAAM,UAAU,MAAM,MAAM,OAAO;AACnC,MAAI,QAAQ,WAAW,EACrB,QAAO;AAGT,MAAI,QAAQ,SAAS,GAAG;AACtB,WAAQ,KACN,uCAAuC,UAAU;AAGnD,WAAQ,IAAI;GACZ,MAAM,gBAAgB,MAAM,KAAK,YAAoC,qBAAqB,YAAY;AACtG,OAAI,iBAAiB,YAAY,cAAc,eAAe,WAAW;IACvE,MAAM,QAAQ,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW,cAAc;AAC1E,QAAI,MACF,QAAO,MAAM,KAAK,0BAChB,OACA,cAAc;;;EAMtB,MAAM,QAAQ,QAAQ;AACtB,MAAI,CAAC,MAAO,QAAO;AACnB,SAAO,MAAM,KAAK,0BAA0B,OAAO;;;;;;CAOrD,MAAM,cAA8C;EAClD,MAAM,gBAAgB,MAAM,KAAK,YAAoC;AACrE,MAAI,CAAC,cAAe,QAAO;EAC3B,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY,cAAc;EAE5C,MAAM,SAAS,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW,cAAc;AAC3E,MAAI,OAAQ,QAAO;AAEnB,SAAO,KAAK,QAAQ;;;CAItB,MAAM,gBAAgB,eAA0B,cAAsD;EACpG,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;EAC9B,MAAM,MAAM,MAAM,GAAG,IAAIA,YAAU,WAAW,CAAC,WAAW;AAC1D,SAAO,OAAyB;;;;;;;;;;CAWlC,MAAM,qBAAqB,eAA0D;EACnF,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI;GACF,MAAM,MAAM,GAAG,YAAYA,YAAU,WAAW,MAAM,MAAM;GAC5D,MAAM,MAAM,MAAM,IAAI,OAAO,YAAY;AACzC,OAAI,MAAM,QAAQ,QAAQ,IAAI,SAAS,GAAG;IACxC,MAAM,SAAU,IAAyB,QAAQ,GAAG,OACjD,EAAE,eAAe,OAAO,EAAE,eAAe,KAAK,IAAI;AAErD,WAAO;;UAEH;AAGR,SAAO;;CAGT,MAAM,qBAAqB,eAA4C;EACrE,MAAM,iBAAiB,MAAM,KAAK,wBAAwB;AAC1D,SAAO,CAAC,CAAC,eAAe,IAAI;;;;;;;;;;;;;;CAe9B,MAAM,qBACJ,eACA,gBACA,yBAIC;AACD,MAAI,eAAe,UAAU,EAC3B,QAAO,EAAE,yBAAyB;EAGpC,MAAM,sBAAsB,YAAY;EACxC,MAAM,WAAW,MAAM,KAAK,cAAc,YAAY;AACtD,MAAI,CAAC,YAAY,SAAS,kBAAkB,oBAC1C,QAAO,EAAE,yBAAyB;EAGpC,MAAM,uBAAuB,SAAS;EACtC,MAAM,iBAAiB,eAAe,QAAO,MAAK,EAAE,iBAAiB;EAIrE,IAAI,uBAAuB,SAAS,kBAAkB;AACtD,MAAI,eAAe,SAAS,KAAK,CAAC,eAAe,MAAK,MAAK,EAAE,iBAAiB,sBAC5E,wBAAuB,eAAe,GAAG;EAK3C,MAAM,iBAAiB,eAAe,QAAO,MAAK,EAAE,iBAAiB;EACrE,MAAM,0BACJ,eAAe,SAAS,IACpB,iBACC,eAAe,SAAS,IAAI,iBAAiB;EAEpD,MAAM,oBACJ,2BAA2B,4BAA4B,uBAEnD,0DAA0D,oBAAoB,uIAG9E;AAEN,SAAO;GAAE;GAAyB;;;;;;;;CAQpC,MAAM,aAAa,eAA4D;EAE7E,MAAM,aAAa,KAAK,sBAAsB,cAAc;AAC5D,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,iDAAiD,WAAW;EAG9E,MAAM,MAAM,KAAK;EAEjB,MAAMG,WAA2B;GAC/B,eAAe,YAAY,cAAc;GACzC,cAAc,cAAc,gBAAgB;GAC5C,SAAS,cAAc,WAAW;GAClC,cAAc;GACd,WAAW;GACX,aAAa;GACb,qBAAqB,cAAc;GACnC,mBAAmB,cAAc;GACjC,aAAa;IACX,YAAY;IACZ,YAAY;IACZ,oBAAoB;;GAGtB,qBAAqB,cAAc;GACnC,2BAA2B,cAAc;;AAG3C,QAAM,KAAK,UAAU;AACrB,SAAO;;CAGT,MAAM,WAAW,eAA0B,SAAiD;EAC1F,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,MAAI,MAAM;GACR,MAAM,cAAc;IAClB,GAAG;IACH,GAAG;IACH,aAAa,KAAK;;AAEpB,SAAM,KAAK,UAAU;AAGrB,QAAK,UAAU;IACb,MAAM;IACN,WAAW;IACX,MAAM;KAAE;KAAS;;;;;CAKvB,MAAM,gBAAgB,eAAyC;AAC7D,QAAM,KAAK,WAAW,eAAe,EAAE,WAAW,KAAK;;;;;;;CAQzD,MAAM,YAAY,eAA0B,eAAuB,GAAkB;EACnF,MAAMC,gBAAwC;GAC5C,WAAW;GACX;;AAEF,QAAM,KAAK,YAAY,qBAAqB;;CAG9C,MAAM,kBACJ,eACA,aACe;EACf,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,MAAI,MAAM;GACR,MAAM,qBAAqB;IACzB,GAAG,KAAK;IACR,GAAG;;AAEL,SAAM,KAAK,WAAW,eAAe,EAAE,aAAa;AAGpD,QAAK,UAAU;IACb,MAAM;IACN,WAAW;IACX,MAAM,EAAE,aAAa;;;;CAK3B,MAAc,0BACZ,MACA,qBACyB;EACzB,MAAM,iBACJ,OAAO,KAAK,iBAAiB,YAAY,OAAO,SAAS,KAAK;AAChE,MAAI,eACF,QAAO;EAGT,MAAM,eAAe;EACrB,MAAMC,QAAwB;GAC5B,GAAI;GACJ;;AAEF,QAAM,KAAK,UAAU;AACrB,SAAO;;CAGT,MAAc,UAAU,UAAyC;EAC/D,MAAM,aAAa,KAAK,sBAAsB,SAAS;AACvD,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,8CAA8C,WAAW;EAG3E,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,IAAIL,YAAU,WAAW;EAGlC,MAAMI,gBAAwC;GAC5C,WAAW,SAAS;GACpB,cAAc,SAAS;;AAGzB,QAAM,KAAK,YAAY,qBAAqB;;;;;;CAO9C,MAAM,sBAAsB,UAAqD;EAC/E,MAAM,aAAa,KAAK,sBAAsB,SAAS;AACvD,MAAI,CAAC,WAAW,MACd,OAAM,IAAI,MAAM,sDAAsD,WAAW;EAGnF,MAAM,YAAY,YAAY,SAAS;EACvC,MAAM,eAAe,SAAS;EAC9B,IAAI,OAAO,MAAM,KAAK,QAAQ,WAAW;AAEzC,MAAI,CAAC,KACH,QAAO,MAAM,KAAK,aAAa;GAC7B,eAAe;GACf;GACA,qBAAqB,SAAS;GAC9B,mBAAmB,SAAS;GAC5B,qBAAqB,SAAS;GAC9B,SAAS,SAAS,WAAW;GAC7B,2BAA2B,SAAS;;EAIxC,MAAME,cAA8B;GAClC,GAAG;GACH,qBAAqB,SAAS;GAC9B,mBAAmB,SAAS;GAC5B,qBAAqB,SAAS;GAC9B,2BAA2B,SAAS,6BAA6B,KAAK;GACtE,SAAS,SAAS,WAAW,KAAK;GAClC,aAAa,SAAS,eAAe,KAAK;;AAG5C,QAAM,KAAK,UAAU;AACrB,OAAK,UAAU;GACb,MAAM;GACN;GACA,MAAM,EAAE;;;CAIZ,MAAM,cAAyC;EAC7C,MAAM,KAAK,MAAM,KAAK;AACtB,SAAO,GAAG,OAAON,YAAU;;CAG7B,MAAM,WAAW,eAAyC;EACxD,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,OAAOA,YAAU,WAAW;AAErC,QAAM,KAAK,2BAA2B;;CAGxC,MAAM,gBAA+B;EACnC,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,MAAMA,YAAU;;CAG3B,MAAM,mBAAkC;EACtC,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,MAAMA,YAAU;;;;;CAM3B,MAAM,mBAAmB,mBAA2D;EAClF,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,IAAIA,YAAU,oBAAoB;;;;;CAM7C,MAAM,wBAAwB,eAA8D;EAC1F,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;EACvC,MAAM,YAAY,YAAY;EAG9B,MAAM,QAAQ,MAAM,MAAM;AAC1B,SAAO,MAAM,MAAM,OAAO;;;;;CAM5B,MAAM,+BACJ,eACA,cACyC;EACzC,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;EACvC,MAAM,YAAY,YAAY;EAK9B,MAAM,QAAQ,MAAM,MAAM;EAC1B,MAAM,MAAM,MAAM,MAAM,OAAO;EAC/B,MAAM,QAAQ,IAAI,MAAM,SAAc,KAAK,iBAAiB,iBAAiB;AAC7E,SAAO;;;;;CAMT,MAAM,2BAA2B,eAAyC;EACxE,MAAM,iBAAiB,MAAM,KAAK,wBAAwB;EAC1D,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;AAEvC,OAAK,MAAM,QAAQ,eAEjB,OAAM,MAAM,OAAO;GAAC;GAAe,KAAK;GAAc,KAAK;;;;;;CAO/D,MAAM,+BACJ,eACA,wBASe;AAEf,QAAM,KAAK,2BAA2B;EAGtC,MAAM,4BAAW,IAAI,QAAO;AAC5B,OAAK,MAAM,QAAQ,wBAAwB;GAEzC,MAAM,gBAAgB,KAAK,cAAc;GACzC,MAAM,kBAAkB,cAAc,QAAQ,cAC5C,cAAc,UAAa,cAAc,QAAQ,OAAO,cAAc;GAIxE,MAAM,aAAa,gBAAgB,SAAS,IAAI,kBAAkB,CAAC;GAEnE,MAAMO,aAAsC;IAC1C,cAAc,KAAK;IACnB,qBAAqB,KAAK;IAC1B;IACA,MAAM,KAAK;IACX,eAAe,YAAY;IAC3B,cAAc,KAAK,gBAAgB;IACnC,YAAY,KAAK;IACP;IACV,cAAc,KAAK;;AAErB,SAAM,KAAK,mBAAmB;;;;;;CASlC,MAAM,+BAA+B,eAAyC;EAC5E,MAAM,iBAAiB,MAAM,KAAK,wBAAwB;AAE1D,MAAI,eAAe,WAAW,GAAG;AAC/B,WAAQ,KAAK,oCAAoC;AACjD;;EAGF,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,KAAK,GAAG,YAAYP,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;AAEvC,OAAK,MAAM,QAAQ,eAEjB,OAAM,MAAM,OAAO;GAAC;GAAe,KAAK;GAAc,KAAK;;AAG7D,UAAQ,MAAM,WAAW,eAAe,OAAO,2BAA2B;;;;;;;CAQ5E,MAAM,sBAAsB,eAAuD;EACjF,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,SAAO,MAAM,aAAa,sBAAsB;;;;;;;CAQlD,MAAM,SAAS,eAA4D;EACzE,MAAM,OAAO,MAAM,KAAK,QAAQ;AAChC,SAAO,MAAM,aAAa,mBAAmB,SAAS;;;;;;;CAQxD,MAAM,SAAS,eAA0B,OAAwC;EAC/E,MAAM,iBAAiB,MAAM,KAAK,sBAAsB;EACxD,MAAM,qBAAqB;GAAE,GAAG;GAAgB;;AAChD,QAAM,KAAK,kBAAkB,eAAe,EAAE;;;;;;;CAQhD,MAAM,kBAAkB,eAAqD;EAC3E,MAAM,QAAQ,MAAM,KAAK,SAAS;AAClC,SAAO,SAAS;;;;;;;CAQlB,MAAM,YAAY,eAAqD;EACrE,MAAM,eAAe,MAAM,KAAK,kBAAkB;EAClD,MAAM,WAAW,iBAAiB,SAAS,UAAU;AACrD,QAAM,KAAK,SAAS,eAAe;AACnC,SAAO;;;;;CAQT,MAAM,kBAAkB,eAA0B,MAA4E;AAC5H,MAAI,CAAC,iBAAiB,CAAC,MAAM,cAAc,CAAC,MAAM,QAAQ,CAAC,MAAM,QAAS;EAC1E,MAAM,aAAa,KAAK,sBAAsB;AAC9C,MAAI,CAAC,WAAW,MAAO;EACvB,MAAMQ,MAA4B;GAChC,eAAe,YAAY;GAC3B,YAAY,OAAO,KAAK;GACxB,MAAM,OAAO,KAAK;GAClB,SAAS,OAAO,KAAK;GACrB,WAAW,KAAK;;EAElB,MAAM,KAAK,MAAM,KAAK;AACtB,QAAM,GAAG,IAAIR,YAAU,qBAAqB;;;;;CAM9C,MAAM,wBAAwB,eAA0B,MAAkF;AACxI,MAAI,CAAC,iBAAiB,CAAC,MAAM,cAAc,CAAC,MAAM,KAAM,QAAO;EAC/D,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,MAAM,MAAM,GAAG,IAAIA,YAAU,qBAAqB;GAAC,YAAY;GAAgB,OAAO,KAAK;GAAa,OAAO,KAAK;;AAC1H,SAAQ,OAAgC;;;;;CAM1C,MAAM,kBAAkB,eAA0B,MAAoE;EACpH,MAAM,MAAM,MAAM,KAAK,wBAAwB,eAAe;AAC9D,SAAO,KAAK,WAAW;;;;;;CASzB,MAAM,qBACJ,eACA,SACe;AACf,MAAI,CAAC,iBAAiB,CAAC,SAAS,OAAQ;EACxC,MAAM,aAAa,KAAK,sBAAsB;AAC9C,MAAI,CAAC,WAAW,MAAO;EAEvB,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;EAC9B,MAAM,MAAM,KAAK;AAEjB,OAAK,MAAM,SAAS,SAAS;GAC3B,MAAM,UAAU,OAAO,OAAO,WAAW,IAAI;GAC7C,MAAM,QAAQ,OAAO,OAAO,SAAS,IAAI;AACzC,OAAI,CAAC,WAAW,CAAC,MAAO;GAExB,MAAMS,MAA2B;IAC/B,eAAe;IACf;IACA;IACA,SAAS;;AAEX,SAAM,GAAG,IAAIT,YAAU,oBAAoB;;;;;;CAO/C,MAAM,kBAAkB,eAA0D;AAChF,MAAI,CAAC,cAAe,QAAO;EAC3B,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,YAAY;EAC9B,MAAM,KAAK,GAAG,YAAYA,YAAU,oBAAoB;EACxD,MAAM,QAAQ,GAAG,YAAYA,YAAU;EACvC,MAAM,QAAQ,MAAM,MAAM;EAC1B,MAAM,SAAS,MAAM,MAAM,OAAO;AAClC,SAAQ,UAAoC;;;;;;CAO9C,MAAM,gBAAmB,WAAyD;EAChF,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI;GACF,MAAM,SAAS,MAAM,UAAU;AAC/B,UAAO;WACA,OAAO;AACd,WAAQ,MAAM,4BAA4B;AAC1C,SAAM;;;;;;;CAQV,MAAM,yBAAyB,eAAyC;AACtE,UAAQ,MAAM,sCAAsC;AAEpD,QAAM,KAAK,gBAAgB,OAAO,OAAO;AAEvC,SAAM,KAAK,+BAA+B;AAG1C,SAAM,GAAG,OAAOA,YAAU,WAAW;GAGrC,MAAM,kBAAkB,MAAM,KAAK,YAAoB;AACvD,OAAI,oBAAoB,cACtB,OAAM,KAAK,YAAY,qBAAqB;AAG9C,WAAQ,MAAM,yCAAyC;AACvD,UAAO;;;;;;;ACz+Bb,MAAMU,YAAqC;CACzC,QAAQ;CACR,WAAW;CACX,WAAW;CACX,SAAS,CAAC,iBAAiB;;AA4B7B,IAAa,2BAAb,MAAsC;CACpC,AAAQ;CACR,AAAQ,KAA0B;CAClC,AAAQ,WAAW;CAEnB,YAAY,SAAkC,WAAW;AACvD,OAAK,SAAS;;CAGhB,YAAoB;AAClB,SAAO,KAAK,OAAO;;CAGrB,UAAU,QAAsB;EAC9B,MAAM,OAAO,OAAO,UAAU,IAAI;AAClC,MAAI,CAAC,QAAQ,SAAS,KAAK,OAAO,OAAQ;AAC1C,MAAI;AAAE,GAAC,KAAK,IAAY;UAAmB;AAC3C,OAAK,KAAK;AACV,OAAK,SAAS;GAAE,GAAG,KAAK;GAAQ,QAAQ;;;CAG1C,aAAsB;AACpB,SAAO,KAAK;;CAGd,YAAY,UAAyB;EACnC,MAAM,OAAO,CAAC,CAAC;AACf,MAAI,SAAS,KAAK,SAAU;AAC5B,OAAK,WAAW;AAChB,MAAI,MAAM;AACR,OAAI;AAAE,IAAC,KAAK,IAAY;WAAmB;AAC3C,QAAK,KAAK;;;;;;CAOd,MAAc,QAA+B;AAC3C,MAAI,KAAK,SACP,OAAM,IAAI,MAAM;AAElB,MAAI,KAAK,GACP,QAAO,KAAK;AAGd,OAAK,KAAK,MAAM,OAAO,KAAK,OAAO,QAAQ,KAAK,OAAO,WAAW;GAChE,QAAQ,IAAU;AAEhB,QAAI;AAAE,SAAI,GAAG,iBAAiB,SAAS,UAAU,WAAY,IAAG,kBAAkB,UAAU;YAAoB;IAChH,MAAM,QAAQ,GAAG,kBAAkB,UAAU,WAAW,EAAE,SAAS,UAAU;AAC7E,QAAI;AAAE,WAAM,YAAY,iBAAiB,iBAAiB,EAAE,QAAQ;YAAkB;;GAExF,UAAU;AACR,YAAQ,KAAK;;GAEf,WAAW;AACT,YAAQ,KAAK;;GAEf,kBAAkB;AAChB,YAAQ,KAAK;AACb,SAAK,KAAK;;;AAId,SAAO,KAAK;;;;;CAMd,MAAM,kBAAkB,MAAuC;EAC7D,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI,CAAC,KAAK,kBACR,OAAM,IAAI,MAAM;AAElB,QAAM,GAAG,IAAI,KAAK,OAAO,WAAW;;;;;CAMtC,MAAM,gBAAgB,eAAuB,cAAwD;EACnG,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,YAAY,QAAsC;AACtD,OAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,kBAAmB,QAAO;AAC3D,UAAO;IACL,eAAe,IAAI;IACnB,cAAc,IAAI;IAClB,eAAe,IAAI;IACnB,mBAAmB,IAAI;IACvB,aAAa,IAAI;IACjB,SAAS,IAAI;IACb,WAAW,IAAI;;;AAInB,MAAI,OAAO,iBAAiB,UAAU;GACpC,MAAM,MAAM,MAAM,GAAG,IAAI,KAAK,OAAO,WAAW,CAAC,eAAe;GAChE,MAAM,SAAS,SAAS;AACxB,OAAI,OAAQ,QAAO;AAEnB,OAAI,kBAAkB,cACpB,SAAQ,KAAK,6DAA6D,cAAc;AAE1F,OAAI;IACF,MAAM,MAAM,GAAG,YAAY,KAAK,OAAO,WAAW,MAAM,MAAM;IAC9D,MAAM,MAAM,MAAM,IAAI,OAAO;AAC7B,QAAI,MAAM,QAAQ,QAAQ,IAAI,SAAS,GAAG;KAExC,MAAM,SAAU,IAAc,QAAQ,GAAG,MAAO,EAAE,aAAa,EAAE,YAAY,IAAI;AACjF,YAAO,SAAS;;WAEZ;AACR,UAAO;;AAGT,MAAI;GACF,MAAM,MAAM,GAAG,YAAY,KAAK,OAAO,WAAW,MAAM,MAAM;GAE9D,MAAM,MAAM,MAAM,IAAI,OAAO;AAC7B,OAAI,MAAM,QAAQ,QAAQ,IAAI,SAAS,GAAG;IACxC,MAAM,SAAU,IAAc,QAAQ,GAAG,MAAO,EAAE,aAAa,EAAE,YAAY,IAAI;AACjF,WAAO,SAAS;;UAEZ;AACR,SAAO;;;;;CAMT,MAAM,iBAAiB,eAAuB,cAAwC;EACpF,MAAM,eAAe,MAAM,KAAK,gBAAgB,eAAe;AAC/D,SAAO,CAAC,CAAC;;;;;CAMX,MAAM,mBAAmB,eAAuB,cAAsC;EACpF,MAAM,KAAK,MAAM,KAAK;AACtB,MAAI,OAAO,iBAAiB,SAC1B,OAAM,GAAG,OAAO,KAAK,OAAO,WAAW,CAAC,eAAe;OAClD;GAEL,MAAM,KAAK,GAAG,YAAY,KAAK,OAAO,WAAW;GACjD,MAAM,MAAM,GAAG,MAAM,MAAM;GAC3B,IAAI,SAAS,MAAM,IAAI,WAAW,YAAY,KAAK;AACnD,UAAO,QAAQ;AACb,UAAM,GAAG,MAAM,OAAO,OAAO;AAC7B,aAAS,MAAM,OAAO;;AAExB,SAAM,GAAG;;AAEX,UAAQ,MAAM;;;;;CAMhB,MAAM,sBAAmD;EACvD,MAAM,KAAK,MAAM,KAAK;EACtB,MAAM,MAAM,MAAM,GAAG,OAAO,KAAK,OAAO;AACxC,SAAQ,IACL,KAAK,QAAQ;AACZ,OAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,kBAAmB,QAAO;AAC3D,UAAO;IACL,eAAe,IAAI;IACnB,cAAc,IAAI;IAClB,eAAe,IAAI;IACnB,mBAAmB,IAAI;IACvB,aAAa,IAAI;IACjB,SAAS,IAAI;IACb,WAAW,IAAI;;KAGlB,QAAQ,QAAiC,QAAQ;;;;;CAMtD,MAAM,gBAAgB,eAAuB,cAAwC;EACnF,MAAM,UAAU,MAAM,KAAK,gBAAgB,eAAe;AAC1D,SAAO,CAAC,CAAC;;;;;;ACpMb,MAAa,kBAAkB,IAAI;AACnC,MAAa,oBAAoB,IAAI;;;;;AA8DrC,IAAa,0BAAb,MAAqC;CACnC,AAAgB;CAChB,AAAgB;CAChB,AAAQ,eAAe;CAEvB,cAAc;AACZ,OAAK,WAAW;AAChB,OAAK,aAAa;;;;;;CAOpB,MAAM,aAA4B;AAChC,MAAI,KAAK,aACP;AAGF,MAAI;AACF,OAAI,KAAK,SAAS,gBAAgB,KAAK,WAAW,cAAc;AAC9D,SAAK,eAAe;AACpB;;AAIF,SAAM,QAAQ,IAAI,CAChB,KAAK,SAAS,YAAY,gBAC1B,KAAK,WAAW,gBAAgB,eAAe;AAGjD,QAAK,eAAe;WACb,OAAO;AACd,WAAQ,KAAK,6CAA6C;;;;;;CAQ9D,IAAI,gBAAyB;AAC3B,SAAO,KAAK;;;;;CAQd,MAAM,gBAAgB,eAInB;EACD,MAAM,OAAO,MAAM,KAAK,SAAS;EACjC,MAAM,WAAW,QAAQ,KAAK,kBAAkB,gBAC5C,OACA,MAAM,KAAK,SAAS,gBAAgB,eAAe;EACvD,MAAM,eAAgB,QAAQ,KAAK,kBAAkB,gBACjD,KAAK,eACL,UAAU;EACd,MAAM,CAAC,SAAS,WAAW,MAAM,QAAQ,IAAI,CAC3C,KAAK,WAAW,gBAAgB,eAAe,eAC/C,KAAK,WAAW,gBAAgB,eAAe;AAGjD,SAAO;GACL;GACA;GACA,SAAS,UAAU,UAAU;;;CAKjC,MAAM,kBACJ,eACA,MACe;AACf,SAAO,KAAK,SAAS,kBAAkB,eAAe;;CAGxD,MAAM,wBACJ,eACA,MACkE;AAClE,SAAO,KAAK,SAAS,wBAAwB,eAAe;;CAG9D,MAAM,kBACJ,eACA,MACwB;AACxB,SAAO,KAAK,SAAS,kBAAkB,eAAe;;CAIxD,MAAM,qBACJ,eACA,SACe;AACf,SAAO,KAAK,SAAS,qBAAqB,eAAe;;CAG3D,MAAM,kBAAkB,eAAsF;AAC5G,SAAO,KAAK,SAAS,kBAAkB;;;AAK3C,MAAa,mBAAmB,IAAI;;;;AC/LpC,SAAS,KAAM,YAAU;AACvB,KAAIC,WAAS,UAAU,IAAO,OAAM,IAAI,UAAU;CAClD,MAAM,WAAW,IAAI,WAAW;AAChC,MAAK,IAAI,IAAI,GAAG,IAAI,SAAS,QAAQ,IACnC,UAAS,KAAK;AAEhB,MAAK,IAAI,IAAI,GAAG,IAAIA,WAAS,QAAQ,KAAK;EACxC,MAAM,IAAIA,WAAS,OAAO;EAC1B,MAAM,KAAK,EAAE,WAAW;AACxB,MAAI,SAAS,QAAQ,IAAO,OAAM,IAAI,UAAU,IAAI;AACpD,WAAS,MAAM;;CAEjB,MAAM,OAAOA,WAAS;CACtB,MAAM,SAASA,WAAS,OAAO;CAC/B,MAAM,SAAS,KAAK,IAAI,QAAQ,KAAK,IAAI;CACzC,MAAM,UAAU,KAAK,IAAI,OAAO,KAAK,IAAI;CACzC,SAAS,OAAQ,QAAQ;AAEvB,MAAI,kBAAkB,YAAY,YAAa,YAAY,OAAO,QAChE,UAAS,IAAI,WAAW,OAAO,QAAQ,OAAO,YAAY,OAAO;WACxD,MAAM,QAAQ,QACvB,UAAS,WAAW,KAAK;AAE3B,MAAI,EAAE,kBAAkB,YAAe,OAAM,IAAI,UAAU;AAC3D,MAAI,OAAO,WAAW,EAAK,QAAO;EAElC,IAAI,SAAS;EACb,IAAI,SAAS;EACb,IAAI,SAAS;EACb,MAAM,OAAO,OAAO;AACpB,SAAO,WAAW,QAAQ,OAAO,YAAY,GAAG;AAC9C;AACA;;EAGF,MAAM,QAAS,OAAO,UAAU,UAAU,MAAO;EACjD,MAAM,MAAM,IAAI,WAAW;AAE3B,SAAO,WAAW,MAAM;GACtB,IAAI,QAAQ,OAAO;GAEnB,IAAI,IAAI;AACR,QAAK,IAAI,MAAM,OAAO,IAAI,UAAU,KAAK,IAAI,WAAY,QAAQ,IAAK,OAAO,KAAK;AAChF,aAAU,MAAM,IAAI,SAAU;AAC9B,QAAI,OAAQ,QAAQ,SAAU;AAC9B,YAAS,QAAQ,SAAU;;AAE7B,OAAI,UAAU,EAAK,OAAM,IAAI,MAAM;AACnC,YAAS;AACT;;EAGF,IAAI,MAAM,OAAO;AACjB,SAAO,QAAQ,QAAQ,IAAI,SAAS,EAClC;EAGF,IAAI,MAAM,OAAO,OAAO;AACxB,SAAO,MAAM,MAAM,EAAE,IAAO,QAAOA,WAAS,OAAO,IAAI;AACvD,SAAO;;CAET,SAAS,aAAc,QAAQ;AAC7B,MAAI,OAAO,WAAW,SAAY,OAAM,IAAI,UAAU;AACtD,MAAI,OAAO,WAAW,EAAK,QAAO,IAAI;EACtC,IAAI,MAAM;EAEV,IAAI,SAAS;EACb,IAAI,SAAS;AACb,SAAO,OAAO,SAAS,QAAQ;AAC7B;AACA;;EAGF,MAAM,QAAU,OAAO,SAAS,OAAO,SAAU,MAAO;EACxD,MAAM,OAAO,IAAI,WAAW;AAE5B,SAAO,MAAM,OAAO,QAAQ;GAE1B,MAAM,WAAW,OAAO,WAAW;AAEnC,OAAI,WAAW,IAAO;GAEtB,IAAI,QAAQ,SAAS;AAErB,OAAI,UAAU,IAAO;GACrB,IAAI,IAAI;AACR,QAAK,IAAI,MAAM,OAAO,IAAI,UAAU,KAAK,IAAI,WAAY,QAAQ,IAAK,OAAO,KAAK;AAChF,aAAU,OAAO,KAAK,SAAU;AAChC,SAAK,OAAQ,QAAQ,QAAS;AAC9B,YAAS,QAAQ,QAAS;;AAE5B,OAAI,UAAU,EAAK,OAAM,IAAI,MAAM;AACnC,YAAS;AACT;;EAGF,IAAI,MAAM,OAAO;AACjB,SAAO,QAAQ,QAAQ,KAAK,SAAS,EACnC;EAEF,MAAM,MAAM,IAAI,WAAW,UAAU,OAAO;EAC5C,IAAI,IAAI;AACR,SAAO,QAAQ,KACb,KAAI,OAAO,KAAK;AAElB,SAAO;;CAET,SAAS,OAAQ,QAAQ;EACvB,MAAM,SAAS,aAAa;AAC5B,MAAI,OAAU,QAAO;AACrB,QAAM,IAAI,MAAM,aAAa,OAAO;;AAEtC,QAAO;EACL;EACA;EACA;;;AAGJ,oBAAe;;;;AC1Hf,IAAI,WAAW;AACf,kBAAeC,cAAM;;;;;;;;;;;ACOrB,MAAa,gBAAgB,SAAsD;AACjF,KAAI,gBAAgB,YAClB,QAAOC,YAAK,OAAO,IAAI,WAAW;AAEpC,KAAI,MAAM,QAAQ,MAChB,QAAOA,YAAK,OAAO,IAAI,WAAW;AAEpC,QAAOA,YAAK,OAAO;;;;;;;;ACNrB,MAAa,yBAAqC;CAEhD,MAAM,YAAY,UAAU,UAAU;CACtC,MAAM,aAAa,sDAAsD,KAAK;CAC9E,MAAM,aAAa,oCAAoC,KAAK;CAG5D,MAAM,gBAAgB,UAAU,iBAAiB;CACjD,MAAM,cAAc,OAAO,OAAO;CAClC,MAAM,gBAAgB,eAAe;CACrC,MAAM,iBAAiB,eAAe;CAGtC,MAAM,iBAAiB,iBAAiB;AAGxC,KAAI,cAAe,iBAAiB,cAClC,QAAO;AAGT,KAAI,cAAe,iBAAiB,kBAAkB,eACpD,QAAO;AAGT,QAAO;;;;;;AAOT,MAAa,iBAA0B;AACrC,KAAI;EACF,MAAM,KAAK,UAAU;EACrB,MAAM,iBAAiB,UAAU,KAAK,OAAO,CAAC,uDAAuD,KAAK;AAC1G,SAAO;SACD;AACN,SAAO;;;;;;;AAQX,MAAa,cAAuB;AAClC,KAAI;EACF,MAAM,KAAK,UAAU;EACrB,MAAM,WAAY,UAAkB,YAAY;EAChD,MAAM,WAAW,OAAO,UAAU,kBAAkB;EACpD,MAAM,QAAQ,mBAAmB,KAAK;EACtC,MAAM,gBAAgB,YAAY,KAAK,OAAO,WAAW;EACzD,MAAM,cAAc,mBAAmB,KAAK;AAC5C,SAAO,SAAS,iBAAiB;SAC3B;AACN,SAAO;;;;;;;AAyBX,MAAa,gCAAyC;AACpD,KAAI;EACF,MAAM,KAAM,UAAkB;AAC9B,SAAO,CAAC,EAAE,MAAM,OAAO,GAAG,aAAa,aAAa,GAAG;SACjD;AACN,SAAO;;;;;;;AAQX,MAAa,gCAAyC;AACpD,KAAI;AACF,MAAI,0BAA2B,QAAO;AACtC,SAAO,WAAW,oBAAoB;SAChC;AAEN,SAAO;;;;;;AA2BX,MAAa,uBAAgC;AAC3C,QAAO,uBAAuB;;;;;ACrIhC,SAAS,MAAM,GAA0C;AACvD,QAAO,CAAC,CAAC,KAAK,OAAO,MAAM,YAAY,CAAC,MAAM,QAAQ;;AAGxD,SAAS,SAAS,GAA4D;AAC5E,KAAI,CAAC,EAAG,QAAO;CACf,MAAM,OAAO,OAAO,KAAK;AACzB,QAAO,KAAK,SAAS,KAAK,KAAK;;AAGjC,IAAa,eAAb,MAAa,qBAAqB,MAAM;CACtC;CACA;CACA;CACA;CACA;CACA;CACA;CAEA,YAAY,QAUT;AACD,QAAM,OAAO;AACb,OAAK,OAAO,OAAO,QAAQ;AAC3B,OAAK,OAAO,OAAO;AACnB,OAAK,OAAO,OAAO,QAAQ;AAC3B,OAAK,OAAO,OAAO;AACnB,OAAK,QAAQ,OAAO;AACpB,OAAK,QAAQ,OAAO;AACpB,OAAK,UAAU,OAAO;AACtB,OAAK,YAAY,OAAO;;CAG1B,OAAO,gBAAgB,eAAuB,KAAgC;EAC5E,MAAM,MAAM,IAAI,SAAS;EACzB,MAAM,UAAU,IAAI;EAEpB,MAAM,EAAE,SAAS,MAAM,MAAM,OAAO,UAAU,gBAAgB,eAAe;AAE7E,SAAO,IAAI,aAAa;GACtB,SAAS,WAAW,IAAI,WAAW,GAAG,cAAc;GACpD,OAAO,SAAS,QAAQ;GACxB,MAAM,QAAQ;GACd;GACA;GACA,MAAM,IAAI;GACV,MAAM,IAAI,QAAQ;GAClB,WAAW;GACX;;;CAIJ,OAAO,YAAY,eAAuB,SAAc,SAA4B;EAClF,MAAM,EAAE,SAAS,MAAM,MAAM,OAAO,UAAU,gBAAgB,eAAe;AAC7E,SAAO,IAAI,aAAa;GACtB,SAAS,WAAW,GAAG,cAAc;GACrC,OAAO,SAAS,QAAQ;GACxB,MAAM,QAAQ;GACd;GACA;GACA,MAAM;GACN,WAAW;GACX,SAAS;IAAE,SAAS;IAAS;;;;;AAKnC,SAAS,gBAAgB,eAAuB,SAM9C;CACA,MAAM,IAAI,MAAM,WAAW,UAAU;CACrC,MAAM,SAAS,MAAM,GAAG,oBAAqB,EAAG,mBAA+C;AAC/F,KAAI,CAAC,QAAQ;EACX,MAAM,UAAU,IAAI,aAAa,KAAK,UAAU,OAAO;AACvD,SAAO,EAAE,SAAS,GAAG,cAAc,aAAa;;AAElD,QAAO,oBAAoB,eAAe;;AAG5C,SAAS,gBAAgB,eAAuB,SAM9C;CACA,MAAM,IAAI,MAAM,WAAY,UAAsC;AAClE,KAAI,CAAC,EACH,QAAO,EAAE,SAAS,GAAG,cAAc;AAGrC,QAAO,oBAAoB,eAAe;;AAG5C,SAAS,oBAAoB,eAAuB,MAMlD;AAEA,KAAI,MAAM,KAAK,iBAAiB;EAC9B,MAAM,MAAM,KAAK;EACjB,IAAI,OAAO,SAAS,QAAQ;AAC5B,MAAI,MAAM,IAAI,mBACZ,QAAO,qBAAqB,SAAS,IAAI;EAE3C,MAAM,QAAQ,KAAK,WAAW,wBAC1B,mBAAmB,KAAK,MAAM,KAAK,MAAM,wBACzC,mBAAmB;AACvB,SAAO;GACL,SAAS,GAAG,cAAc,2BAA2B,KAAK;GAC1D,MAAM;GACN;GACA;;;AAKJ,KAAI,MAAM,KAAK,cAAc;EAC3B,MAAM,KAAK,KAAK;EAChB,MAAM,MAAM,OAAQ,GAAG,UAAsB,WAAY,GAAG,QAAmB;EAC/E,MAAM,OAAO,MAAM,GAAG,QAAS,GAAG,OAAmC;EACrE,MAAM,OAAO,SAAS,SAAS;EAC/B,MAAM,SAAS,OAAO,QAAQ,WAAW,cAAc,QAAQ;EAC/D,MAAM,QAAQ,gBAAgB;AAC9B,SAAO;GACL,SAAS,GAAG,cAAc,SAAS,OAAO,iBAAiB,KAAK;GAChE,MAAM;GACN;GACA,OAAO;GACP;;;AAKJ,QAAO;EACL,SAAS,GAAG,cAAc;EAC1B,MAAM;EACN,MAAM;EACN,OAAO;;;;;;AC3JX,MAAa,sBAAsB;CACjC,eAAe;CACf,kBAAkB;CAClB,mBAAmB;CACnB,0BAA0B;CAC1B,qBAAqB;CACpB,wBAAwB;;;;;AC2C3B,IAAY,sDAAL;AACL;AACA;AACA;AACA;AACA;;;AAGF,IAAa,oBAAb,MAAa,kBAAkB;CAC7B;CACA;CACA;CAEA,YAAY,MAIT;AACD,OAAK,cAAc,KAAK;AACxB,OAAK,YAAY,KAAK;AACtB,OAAK,cAAc,KAAK;;CAG1B,OAAO,UAAU,OAA+F;AAC9G,SAAO,IAAI,kBAAkB;GAC3B,aAAa,MAAM;GACnB,WAAW,MAAM;GACjB,aAAa,MAAM;;;CAIvB,SAAsB;AAEpB,SAAQ,IAAI,WAAW,KAAK,aAAc;;CAG5C,eAAuB;AACrB,SAAO,aAAa,KAAK;;CAG3B,OAAO,OAAO,OAAsC;AAElD,QAAM,IAAI,MAAM;;;AA6BpB,SAAgB,8BACd,OACwC;AACxC,KAAI,CAAC,MAAO,QAAO;AAGnB,KAAI,MAAM,QAAQ,OAChB,QAAO,IAAI,WAAW,OAAmB;AAI3C,KAAI,YAAY,OAAO,QAAQ;EAC7B,MAAM,OAAO;AACb,SAAO,KAAK,OAAO,MAAM,KAAK,YAAY,KAAK,aAAa,KAAK;;AAInE,KAAI,iBAAiB,YACnB,QAAO;AAGT,QAAO;;AAGT,SAAgB,8BAA8B,QAAmC;CAG/E,MAAM,cAAe,QAAgB;CACrC,MAAMC,YACJ,eAAe,OAAO,gBAAgB,WACjC,cACD;CAIN,MAAM,cAAe,UAAyC;AAC9D,KAAI,WAAW,aACb,QAAQ,YAA6B,KAAK;CAI5C,MAAM,cAAe,UAAmC;AACxD,KAAI,WAAW,cAAc;EAC3B,MAAM,MAAO,YAAkC,KAAK;AACpD,SAAO,aAAa;;CAMtB,MAAM,WAAW,8BACd,UAAwC;AAE3C,KAAI,SACF,QAAO,aAAa;CAGtB,MAAM,WAAW,8BACd,UAAuC;AAE1C,KAAI,SACF,QAAO,aAAa;AAGtB,OAAM,IAAI,MAAM;;AA8BlB,IAAa,oBAAb,MAAa,kBAAwC;CACnD,AAAiB;CAEjB,YAAY,QAA2B;AACrC,OAAK,UAAU,kBAAkB,iBAAiB;;CAGpD,OAAe,iBAAiB,OAAoC;EAClE,MAAM,OAAO,MAAM,QAAQ,SACvB,QACA,MACG,MAAM,UACN,KAAI,QAAO,IAAI,QACf,OAAO;EAEd,MAAM,aAAa,KAAK,KAAI,QAAO;AACjC,OAAI;AACF,WAAO,IAAI,IAAI,KAAK;YACb,KAAK;IACZ,MAAM,UAAU,aAAa,QAAQ,yBAAyB;AAC9D,UAAM,IAAI,MAAM;;;AAIpB,MAAI,CAAC,WAAW,OACd,OAAM,IAAI,MAAM;AAGlB,SAAO,MAAM,KAAK,IAAI,IAAI;;;CAQ5B,AAAQ,iBAAoB,QAAgB,QAAmB;AAC7D,SAAO,KAAK,UAAU;GACpB,SAAS;GACT,IAAI,OAAO;GACX;GACA;;;;CAKJ,MAAc,SAAS,KAAa,aAA2C;EAC7E,MAAM,WAAW,MAAM,MAAM,KAAK;GAChC,QAAQ;GACR,SAAS,EAAE,gBAAgB;GAC3B,MAAM;;AAGR,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,MAAM,uBAAuB,SAAS,OAAO,GAAG,SAAS;EAGrE,MAAM,OAAO,MAAM,SAAS;AAC5B,MAAI,CAAC,MAAM,OACT,OAAM,IAAI,MAAM;AAGlB,SAAO,KAAK,MAAM;;;CAIpB,MAAc,oBAAoB,aAA2C;EAC3E,IAAIC;AACJ,OAAK,MAAM,CAAC,OAAO,QAAQ,KAAK,QAAQ,UACtC,KAAI;GACF,MAAM,SAAS,MAAM,KAAK,SAAS,KAAK;AACxC,OAAI,QAAQ,EAAG,SAAQ,KAAK,4CAA4C;AACxE,UAAO;WACA,KAAK;AACZ,eAAY;GACZ,MAAM,YAAY,QAAQ,KAAK,QAAQ,SAAS;AAChD,WAAQ,KAAK,4BAA4B,IAAI,SAAS,YAAY,kBAAkB,GAAG,IAAI,aAAa,QAAQ;AAChH,OAAI,CAAC,UAAW,OAAM,eAAe,QAAQ,MAAM,IAAI,MAAM,OAAO;;AAGxE,QAAM,IAAI,MAAM,aAAa,cAAc;;;CAI7C,AAAQ,gBAAmB,KAAkB,eAA0B;AACrE,MAAI,IAAI,MACN,OAAM,aAAa,gBAAgB,eAAe;EAEpD,MAAM,SAAS,IAAI;AAEnB,MAAI,QAAQ,OAAO;GACjB,MAAM,MAAM,OAAO,OAAO,UAAU,WAAW,OAAO,QAAQ,KAAK,UAAU,OAAO;AACpF,SAAM,IAAI,aAAa;IAAE,SAAS,GAAG,cAAc,UAAU;IAAO,OAAO;IAAY,MAAM;;;AAE/F,SAAO,IAAI;;;;;CAMb,MAAc,YACZ,QACA,QACA,eACY;EACZ,MAAM,cAAc,KAAK,iBAAiB,QAAQ;EAClD,MAAM,MAAM,MAAM,KAAK,oBAAoB;AAC3C,SAAO,KAAK,gBAAmB,KAAK;;CAOtC,MAAM,MAAmC,QAAqC;AAC5E,SAAO,KAAK,YAAgC,YAAY,OAAO,QAAQ;;CAGzE,MAAM,cAAc,WAAmB,WAAmB,eAA2D;EACnH,MAAM,eAAe;EACrB,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;GACZ,YAAY;;AAEd,SAAO,KAAK,YACV,YAAY,OACZ,QACA;;CAIJ,MAAM,kBAAkB,WAAmB,eAA2D;EACpG,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACJ;GACV,YAAY;;AAEd,SAAO,KAAK,YAA0C,YAAY,OAAO,QAAQ;;CAGnF,MAAM,YAAY,WAAyC;EACzD,MAAM,SAAS;GACb,cAAc;GACd,UAAU;GACV,YAAY;;AAEd,SAAO,KAAK,YAAwC,YAAY,OAAO,QAAQ;;CAGjF,MAAM,SAAS,WAAmB,eAAwD;EACxF,MAAM,WAAW,eAAe,YAAY;EAC5C,MAAM,SAAS;GACb,cAAc;GACd;GACA,YAAY;;EAEd,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,QACA;EAEF,MAAM,aAAa,QAAQ;AAC3B,MAAI,OAAO,eAAe,YAAY,CAAC,WAAW,OAChD,OAAM,IAAI,MAAM;AAElB,SAAO,aAAa;;CAGtB,MAAM,UAAU,QAA8C;AAC5D,SAAO,KAAK,YAAyC,YAAY,OAAO,QAAQ;;CAGlF,MAAM,gBACJ,mBACA,YAA+B,oBAAoB,eACnB;EAChC,MAAM,SAAS;GACb,kBAAkB,8BAA8B;GAChD,YAAY;;EAId,MAAM,cAAc;EACpB,IAAIA,YAAqB;AACzB,OAAK,IAAI,UAAU,GAAG,WAAW,aAAa,UAC5C,KAAI;GACF,MAAM,UAAU,MAAM,KAAK,YAAkD,YAAY,MAAM,QAAQ;GAEvG,MAAM,SAAU,SAAiB;AACjC,OAAI,UAAU,OAAO,WAAW,YAAY,aAAa,QAAQ;IAC/D,MAAM,UAAW,OAAe;AAChC,UAAM,aAAa,YAAY,oBAAoB,SAAS;;AAE9D,UAAO;WACAC,KAAc;AACrB,eAAY;GACZ,MAAM,MAAM,aAAa;GACzB,MAAM,YAAY,wGAAwG,KAAK,OAAO;AACtI,OAAI,CAAC,aAAa,YAAY,YAC5B,OAAM;GAGR,MAAMC,SAAO,MAAM,KAAK,IAAI,GAAG,UAAU;GACzC,MAAM,SAAS,KAAK,MAAM,KAAK,WAAW;AAC1C,SAAM,IAAI,SAAQ,MAAK,WAAW,GAAGA,SAAO;;AAIhD,QAAM,qBAAqB,QAAQ,YAAY,IAAI,MAAM,OAAO;;CAKlE,MAAM,aACJ,YACA,QACA,MACA,YACY;EACZ,MAAM,YAAY;GAChB,cAAc;GACd,UAAU;GACV,YAAY;GACZ,aAAa;GACb,aAAa,aAAa,IAAI,cAAc,OAAO,KAAK,UAAU,OAAO;;EAE3E,MAAM,SAAS,MAAM,KAAK,YACxB,YAAY,OACZ,WACA;EAIF,MAAM,cAAc,OAAO;AAE3B,MAAI,CAAC,MAAM,QAAQ,aAEjB,QAAO;EAGT,MAAM,eAAe,OAAO,aAAa,GAAG;AAE5C,MAAI,CAAC,aAAa,OAChB,QAAO;AAGT,MAAI;GACF,MAAM,SAAS,KAAK,MAAM;AAC1B,UAAO;WACA,YAAY;AACnB,WAAQ,KAAK,wDAAwD;AACrE,WAAQ,KAAK,sBAAsB;GAEnC,MAAM,cAAc,aAAa,QAAQ,UAAU;AACnD,UAAO;;;CAIX,MAAM,KAAW,QAAkE;AACjF,SAAO,KAAK,aAAmB,OAAO,SAAS,OAAO,QAAQ,OAAO;;CAGvE,MAAM,cAAc,EAAE,SAAS,YAG5B;EAED,MAAMC,SAAkC;GACtC,cAAc;GACd,YAAY;GACZ,UAAU;;AAIZ,MAAI,UAAU;AACZ,UAAO,WAAW;AAClB,UAAO,OAAO;;EAIhB,MAAM,gBAAgB,MAAM,KAAK,YAC/B,YAAY,OACZ,QACA;EAIF,MAAMC,iBAAkC;EACxC,MAAMC,yBAAkD;AAGxD,OAAK,MAAM,OAAO,cAAc,KAC9B,KAAI,IAAI,WAAW,eAAe,aAEhC,gBAAe,KAAK;WACX,IAAI,WAAW,cAAc,OAAO,IAAI,WAAW,eAAe,YAAY,kBAAkB,IAAI,WAAW,WAExH,wBAAuB,KAAK;AAIhC,SAAO;GACL;GACA;;;;;;;AC3gBN,MAAa,sBAAsB;AACnC,MAAa,uBAAuB;;;;ACEpC,MAAa,cAAc;CAEzB,OAAO;EACL,MAAM;EACN,SAAS;EACT,KAAK;EACL,KAAK;EACL,OAAO;;CAIT,QAAQ;EACN,MAAM;EACN,MAAM;EACN,aAAa;EACb,UAAU;EACV,eAAe;GACb;GACA;GACA;;;CAKJ,UAAU;EACR,MAAM;EACN,KAAK;EACL,SAAS;;CAIX,SAAS;EACP,UAAU;EACV,cAAc;EACd,YAAY;EACZ,eAAe;;CAIjB,SAAS;EACP,KAAK;EACL,QAAQ;EACR,YAAY;EACZ,aAAa;EACb,eAAe;EACf,gBAAgB;EAChB,kBAAkB;;CAIpB,cAAc;EACZ,KAAK;EACL,QAAQ;EACR,aAAa;EACb,eAAe;EACf,gBAAgB;EAChB,kBAAkB;;;;;;ACxDtB,MAAa,+BAA+B;CAC1C,UAAU;EACR,SAAS;EACT,aAAa;EACb,cAAc;;CAEhB,QAAQ;EACN,KAAK,YAAY,QAAQ;EACzB,MAAM;EACN,MAAM;;CAER,OAAO;EACL,cAAc;EACd,YAAY;;;AAKhB,MAAa,wBAAwB;CACnC,UAAU;EACR,oBAAoB,MAAU;EAC9B,uBAAuB,MAAU;EACjC,qBAAqB,MAAU;EAC/B,qBAAqB;EACrB,6BAA6B;;CAE/B,OAAO,EACL,2BAA2B;;;;;;;;;;;;;;ACrB/B,SAAgB,0BAAkC;CAChD,IAAI,SAAS;AACb,KAAI,OAAO,WAAW,eAAe,OAAO,UAAU,OACpD,UAAS,OAAO,SAAS;AAE3B,KAAI;EACF,MAAM,eAAgB,QAAgB;AACtC,MAAI,aACF,UAAS,IAAI,IAAI,cAAc,UAAU,yBAAyB;SAE9D;AACR,QAAO;;AAiBT,SAAgB,iBACd,OACA,MACQ;CACR,MAAM,SAAS,KAAK;CACpB,MAAM,aAAa,KAAK,cAAc,8BAA8B,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS,OAAO;AACpI,KAAI;EAEF,MAAM,QAAS,OAAO,WAAW,cAAe,SAAiB;EACjE,MAAM,WAAW,WAAW,WAAW,MAAM,4BAA4B,MAAM;EAC/E,MAAM,YAAa,OAAO,aAAa,YAAY,WAAY,WAAY,SAAS,kBAAkB;AACtG,MAAI,gBAAgB,KAAK,WACvB,QAAO,IAAI,IAAI,WAAW;AAE5B,SAAO,IAAI,IAAI,WAAW,YAAY;SAChC;AACN,MAAI;AAAE,UAAO,IAAI,IAAI,SAAS,kBAAkB,SAAS,YAAY;UAAmB;AACxF,SAAO,SAAS,kBAAkB;;;AAQtC,SAAS,kBAAkB,QAAkC;AAC3D,QAAO,WAAW,WAAW,4CAA4C;;;;;;;;;;;;;ACvD3E,MAAa,uBAAuB;CAClC,2BAA2B;CAC3B,8BAA8B;CAC9B,iCAAiC;CACjC,cAAc;;;;;;;;ACsChB,SAAgB,6BAA6B,KAAiD;AAC5F,KAAI,CAACC,WAAS,QAAQ,OAAQ,IAAY,SAAS,SACjD,QAAO;CAET,MAAM,OAAQ,IAAY;AAC1B,QAAO,SAAS,qBAAqB,gCAChC,SAAS,qBAAqB,mCAC9B,SAAS,qBAAqB;;AAGrC,SAASA,WAAS,OAAkD;AAClE,QAAO,OAAO,UAAU,YAAY,UAAU;;;;;;;;;;AAahD,SAAgB,sBACd,QACA,SAYe;CACf,MAAM,EACJ,aACA,WACA,WACA,YAAY,KACZ,cACE;CAEJ,MAAM,eAAe,MAAM,QAAQ,eAAe,cAAc,CAAC;AAEjE,QAAO,IAAI,SAAe,SAAS,WAAW;EAC5C,MAAM,UAAU,iBAAiB;AAC/B;AACA,0BAAO,IAAI,MACT,wCAAwC,aAAa,KAAK,KAAK,GAAG,YAAY,gBAAgB,cAAc;KAE7G;EAEH,MAAM,kBAAkB,UAAwB;GAC9C,MAAM,MAAM,MAAM;AAGlB,OAAI,CAAC,OAAO,OAAO,IAAI,SAAS,SAC9B;AAIF,OAAI,aAAa,IAAI,cAAc,UACjC;AAIF,OAAI,aAAa,IAAI,SAAS,WAAW;AACvC;IACA,MAAM,QAAQ,IAAI,SAAS;AAC3B,2BAAO,IAAI,MAAM,0BAA0B;AAC3C;;AAIF,OAAI,aAAa,SAAS,IAAI,OAAO;AAEnC,QAAI,UACF,KAAI;KACF,MAAM,gBAAgB,UAAU;AAChC,SAAI,CAAC,cACH;aAEK,KAAK;AACZ;AACA,YAAO;AACP;;AAIJ;AACA;;;EAIJ,MAAM,gBAAgB;AACpB,gBAAa;AACb,UAAO,oBAAoB,WAAW;;AAGxC,SAAO,iBAAiB,WAAW;;;;;;;;;;;;AAavC,SAAgB,yBACd,QACA,WACA,YAAoB,KACL;AACf,QAAO,sBAAsB,QAAQ;EACnC,aAAa,qBAAqB;EAClC,WAAW,qBAAqB;EAChC;EACA;;;;;;;;;;;;;ACoXJ,eAAsB,iCAAiC,EACrD,YACA,YACA,cACA,YACA,wBAOsC;AACtC,KAAI;EACF,MAAM,UAAU;GACd,gBAAgB,MAAM,KAAK,gBAAgB,aAAa;GACxD,YAAY,MAAM,KAAK,gBAAgB,aAAa;GACpD,WAAW,MAAM,KAAK,gBAAgB,aAAa;GACnD,YAAY,MAAM,KAAK,gBAAgB,aAAa;GACpD,SAAS,aAAa;GACtB,OAAO,aAAa;GACpB,cAAc,OAAO,aAAa;GAClC,YAAY,MAAM,KAAK,gBAAgB,aAAa;;EAGtD,MAAM,OAAO;GACX,UAAU;GACV,uBAAuB;GACvB,uBAAuB;;EAGzB,MAAM,WAAW,MAAM,WAAW,aAChC,YACA,2BACA;EAGF,MAAM,WAAW,CAAC,CAAC,UAAU;AAC7B,SAAO;GACL,SAAS;GACT;GACA,MAAM;GACN,OAAO,WAAW,SAAY;;UAEzBC,KAAc;AACrB,SAAO;GACL,SAAS;GACT,UAAU;GACV,MAAM;GACN,OAAO,aAAa,QAAQ;;;;;;;ACvkBlC,eAAsB,qBAAqB,EACzC,KACA,cACA,YACA,YACA,YACA,sBACA,WAqBC;AACD,KAAI;EAEF,MAAM,gBAAgB,SAA0D;AAC9E,OAAI,CAAC,SAAS,MAAO,QAAO;GAC5B,MAAM,OAAQ,KAAgC;AAC9C,OAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,UAAO,SAAU,KAAsC,mBAClD,SAAU,KAAyC;;EAG1D,MAAMC,uBAAuD,aAAa,cACtE,aACA,uCAAuC,EAAc;EAGzD,MAAM,qBAAqB,cAAc,gCAAgC;AAEzE,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ;GACR,SAAS;;EAKX,MAAM,qBAAqB,qBAAqD;EAEhF,MAAMC,SAAqC,MAAM,iCAAiC;GAChF,YAAY,IAAI;GAChB,YAAY;GACZ;GACA,YAAY;GACZ;;AAGF,MAAI,CAAC,OAAO,QACV,OAAM,IAAI,MAAM,OAAO,SAAS;EAGlC,MAAM,aAAa;GACjB,UAAU,OAAO;GACjB,kBAAkB;GAClB,MAAM,OAAO;GACb,OAAO,OAAO;;AAGhB,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ,OAAO,WAAW,YAAmB;GAC7C,SAAS,OAAO,WAAW,qCAAsC,OAAO,SAAS;;AAGnF,SAAO;GACL,SAAS;GACT,UAAU,WAAW;GACrB,kBAAkB,WAAW;GAC7B,MAAM,WAAW;GACjB,OAAO,WAAW;;UAGbC,OAAgB;AAEvB,UAAQ,MAAM,gCAAgC;AAC9C,SAAO;GACL,SAAS;GACT,UAAU;GACV,OAAO,aAAa,UAAU;GAC9B,MAAM;;;;;;;;;;;;;;;;;;;;;;AC/FZ,IAAY,4EAAL;AACL;AACA;AACA;;;AAaF,MAAa,gCAAgC,qBAA4F;AACvI,SAAQ,kBAAR;EACE,KAAK,uBAAuB,SAC1B,iCAAOC;EACT,KAAK,uBAAuB,UAC1B,iCAAOC;EACT,KAAK,uBAAuB,YAC1B,iCAAOC;EACT,QACE,iCAAOD;;;;;;AAYb,MAAaE,gCAAsD;CACjE,kBAAkB,uBAAuB;CACzC,cAAc;EACZ,QAAQ;EACR,gBAAgB;EAChB,UAAU;;;;;;AC1Dd,SAAgB,cACd,WACA,SAC2B;AAE3B,KAAI,CAAC,UACH,OAAM,IAAI,MAAM;CAGlB,MAAM,WAAY,SAAiB;AACnC,KAAI,YAAY,aAAa,UAC3B,OAAM,IAAI,MACR,qCAAqC,SAAS,uCAAuC,UAAU;AAInG,QAAO;EAAE,GAAG;EAAS;;;;;;;;;;ACCvB,eAAsB,0CAA0C,EAC9D,KACA,YACA,eACA,SACA,aAoBC;AACD,KAAI;AAGF,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAEhC,MAAM,WAAW,MAAM,IAAI,YAA2D;GACpF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KACjB;KACf;KACA,sBAAsB,SAAS,uBAAuB;MACpD,kBAAkB,6BAA6B,QAAQ,qBAAqB;MAC5E,cAAc,QAAQ,qBAAqB;SACzC;;;;AAKV,MAAI,CAAC,qCAAqC,UACxC,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;EAC5B,MAAM,UAAW,WAAmB,WAAW;EAC/C,MAAM,uBAAuB,WAAW;EAExC,MAAM,eAAgB,OAAO,SAAS,iBAAiB,WACnD,QAAS,eACT,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACnE,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GACjB;GACf;GACA,eAAe,WAAW;GAC1B;GACA,aAAa;GACb;GACA,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,SAAO;GACL,SAAS;GACT,eAAe,YAAY,WAAW;GACtC,WAAW,WAAW;GACtB;GACA,aAAa;;UAERC,OAAgB;AACvB,UAAQ,MAAM,qEAAqE;EACnF,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT;GACA,WAAW;GACX,OAAO;;;;;;;AC3Fb,eAAsB,yBAAyB,EAC7C,KACA,eACA,gBACA,aAMqE;AACrE,KAAI;AACF,UAAQ,KAAK;EAEb,MAAM,eAAe,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;EAGzD,MAAM,WAAW,MAAM,IAAI,YAAY;GACrC;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KACjB;KACf,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAAC,kCAAkC,WAAW;AAChD,WAAQ,MAAM,4DAA4D;GAC1E,MAAM,eAAe,SAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAElC,SAAO;GACL,qBAAqB,SAAS,QAAQ;GACtC,eAAe,YAAY,SAAS,QAAQ;;UAEvCC,OAAgB;AACvB,UAAQ,MAAM,2DAA2D;AACzE,QAAM;;;;;;;;;;;;;;;;;;;;;ACpBV,eAAsB,kBACpB,QACA,WACA,YACA,YAAoB,KACL;CAEf,MAAM,cAAc,yBAAyB,QAAQ,WAAW;AAGhE,QAAO,YACL;EAAE,MAAM,qBAAqB;EAA2B;IACxD,CAAC;AAIH,OAAM;;AAGR,MAAa,0BAAkC;AAC7C,QAAQ,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAClE,OAAO,eACP,gBAAgB,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;;;;;;;;;ACnCrE,eAAsB,4BAA4B,EAChD,KACA,cACA,SACA,SACA,4BACA,OACA,MACA,WAAW,qBAeT;AACF,KAAI;AACF,MAAI,aAAa,WAAW,EAC1B,OAAM,IAAI,MAAM;EAGlB,MAAM,YAAY,qBAAqB;EACvC,MAAM,gBAAgB,QAAQ;AAG9B,eAAa,SAAS,WAAW,YAAY;AAC3C,aAAU,QAAQ,SAAS,QAAQ,gBAAgB;AACjD,QAAI;AACF,4BAAuB;aAChB,OAAO;AACd,WAAM,IAAI,MAAM,eAAe,QAAQ,WAAW,YAAY,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU;;;;AAMnI,UAAQ,MAAM,yEAAyE;EACvF,MAAM,eAAe,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AAEvF,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;EAIzD,MAAM,kBAAkB;GACtB,YAAY,QAAQ,cAAc,gCAAgC;GAClE,YAAY,QAAQ,cAAe,gCAAgC,WAAW,MAAM,KAAK,MAAM,gCAAgC;GAC/H,eAAe,QAAQ;;AAMzB,MAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;EAElB,MAAM,eAAe,MAAM,IAAI,iBAAiB,gCAAgC;GAC9E;GACA;GACA,MAAM;GACN,mBAAmB;GACnB,SAAS;GACT;GACA;GACA;;EAGF,MAAM,eAAe,aAAa;EAClC,MAAM,qBAAqB,aAAa;EACxC,MAAM,aAAa,aAAa,aAAa,KAAK,UAAU,aAAa,cAAc;EAIvF,MAAMC,oBAA0C,aAAa,KAAI,QAAO;GACtE,eAAe,QAAQ;GACvB,YAAY,GAAG;GACf,SAAS,GAAG;;EAId,MAAM,WAAW,MAAM,IAAI,YAAY;GACrC;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS;KACP,SAAS;KACT,WAAW,KAAK;KAChB,YAAY;MACV,yBAAyB,iBAAiB;MAC1C,sCAAsC,iBAAiB;;KAEtC;KACnB;KACA;KACA;;;GAGJ;;AAGF,MAAI,CAAC,qCAAqC,WAAW;AACnD,WAAQ,MAAM,sDAAsD;GACpE,MAAM,eAAe,SAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAElC,MAAI,CAAC,SAAS,QAAQ,QACpB,OAAM,IAAI,MAAM,SAAS,QAAQ,SAAS;EAG5C,MAAM,qBAAqB,SAAS,QAAQ,sBAAsB;AAClE,MAAI,mBAAmB,WAAW,aAAa,OAC7C,OAAM,IAAI,MAAM,YAAY,aAAa,OAAO,oCAAoC,mBAAmB;EAIzG,MAAM,UAAU,mBAAmB,KAAK,UAAU,UAAU;AAC1D,OAAI,CAAC,YAAY,CAAC,SAAS,eAAe,CAAC,SAAS,UAClD,OAAM,IAAI,MAAM,+DAA+D,QAAQ;AAEzF,UAAO;IACL,mBAAmB,IAAI,kBAAkB;KACvC,aAAa,SAAS;KACtB,WAAW,SAAS;KACpB,aAAa,MAAM,KAAK,SAAS,cAAc;;IAEjD,eAAe,YAAY;IAC3B,MAAM,SAAS,QAAQ;;;AAI3B,SAAO;UAEAC,OAAgB;AACvB,UAAQ,MAAM,qDAAqD;AACnE,QAAM;;;;;;ACnJV,SAAS,gCAAgC,OAAgD;AACvF,KAAI,SAAS,KAAM,QAAO;AAC1B,KAAI,CAAC,SAAS,OACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,kBACA,WACA,eACA,aACA,kBACE;CASJ,MAAM,6BAA6B,aACjC,kBACA;CAEF,MAAM,sBAAsB,aAAa,WAAW;CACpD,MAAM,0BAA0B,aAC9B,eACA;CAEF,MAAM,wBAAwB,aAAa,aAAa;CAExD,IAAI,0BAA0B;AAC9B,KAAI,2BAA2B,QAAQ,CAAC,SAAS,yBAC/C,OAAM,IAAI,MAAM;AAElB,KAAI,2BAA2B,KAE7B,2BAA0B,EAAE,OAAO;AAGrC,QAAO;EACL,kBAAkB;EAClB,WAAW;EACX,eAAe;EACf,aAAa;EACb,eAAe;;;AAInB,SAAS,wBAAwB,OAA4D;AAC3F,KAAI,SAAS,KAAM,QAAO;CAE1B,MAAM,OAAO,gCAAgC;AAC7C,KAAI,KAAK,SAAS,aAChB,OAAM,IAAI,MAAM;CAGlB,MAAM,EAAE,IAAI,OAAO,UAAU,4BAA4B;AAQzD,cAAa,IAAI;AACjB,cAAa,OAAO;AAEpB,KAAI,CAAC,SAAS,UACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,gBACA,mBACA,eACE;AAMJ,cAAa,gBAAgB;AAC7B,cAAa,mBAAmB;AAEhC,KAAI,CAAC,MAAM,QAAQ,YACjB,OAAM,IAAI,MAAM;AAElB,MAAK,MAAM,KAAK,WACd,KAAI,OAAO,MAAM,SACf,OAAM,IAAI,MAAM;AAIpB,KAAI,2BAA2B,QAAQ,OAAO,4BAA4B,SACxE,OAAM,IAAI,MAAM;AAOlB,QAAO;;AAGT,SAAS,0BAA0B,OAA0C;AAC3E,KAAI,SAAS,KAAM,QAAO;AAC1B,QAAO,qBAAqB;;AAG9B,SAAgB,0DACd,SAC2C;AAE3C,KAAI,CAAC,SAAS,SACZ,OAAM,IAAI,MAAM;CAGlB,MAAM,EACJ,WACA,WACA,cACA,YACA,cACA,oBACA,UACE;CAUJ,MAAM,sBAAsB,aAAa,WAAW;CAGpD,MAAM,yBACJ,gBAAgB,OAAO,KAAK,aAAa,cAAc;CAEzD,MAAM,uBACJ,cAAc,OAAO,wBAAwB,cAAc;AAE7D,KAAI,CAAC,qBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,yBACJ,gBAAgB,OAAO,0BAA0B,gBAAgB;AAEnE,KAAI,CAAC,uBACH,OAAM,IAAI,MAAM;CAGlB,MAAM,+BACJ,sBAAsB,OAAO,gCAAgC,sBAAsB;CAErF,MAAM,kBACJ,SAAS,OAAO,SAAY,aAAa,OAAO;AAElD,QAAO;EACL,WAAW,CAAC,CAAC;EACb,WAAW;EACX,cAAc;EACd,YAAY;EACZ,cAAc;EACd,oBAAoB;EACpB,OAAO;;;AAIX,MAAa,uBAAuB,UAAkB;AACpD,QAAO,MAAM,WAAW,cAAc,QAAQ,WAAW;;AAG3D,MAAa,qBAAqB,OAAiD;AACjF,KAAI,OAAO,OAAO,SAChB,QAAO;AAET,QAAO,oBAAoB,aAAa,GAAG;;;;;ACtL7C,eAAsB,mBAAmB,EACvC,KACA,UACA,SACA,SACA,4BACA,OACA,MACA,WAAW,qBAeV;CACD,MAAM,YAAY,qBAAqB;CACvC,MAAM,gBAAgB,QAAQ,iBAAiB,SAAS;CAExD,MAAM,kBAAkB;EACtB,YAAY,QAAQ,cAAc,gCAAgC;EAClE,YAAY,QAAQ,cAAe,gCAAgC,WAAW,MAAM,KAAK,MAAM,gCAAgC;EAC/H;;CAGF,MAAM,cAAc,SAAS,QAAQ,IAAI;AACzC,aAAY,SAAS,QAAQ,gBAAgB;AAC3C,MAAI;AACF,0BAAuB;WAChB,OAAO;AACd,SAAM,IAAI,MACR,mBAAmB,YAAY,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU,OAAO;;;CAK3G,MAAM,eAAe,MAAM,4BAA4B,eAAe,IAAI,UAAU;CACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,KAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;AAEzD,KAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;CAGlB,MAAM,eAAe,MAAM,IAAI,iBAAiB,gCAAgC;EAC9E;EACA;EACA,MAAM;EACN;EACA,UAAU;GACR,UAAU,SAAS,YAAY;GAC/B,YAAY,SAAS;GACrB,SAAS;GACT,OAAO,SAAS;GAChB,gBAAgB,SAAS;;EAE3B,SAAS;EACT;EACA;EACA;;CAGF,MAAM,eAAe,aAAa;CAClC,MAAM,qBAAqB,aAAa;CACxC,MAAM,aAAa,aAAa,aAAa,KAAK,UAAU,aAAa,cAAc;CAEvF,MAAM,WAAW,MAAM,IAAI,YAAY;EACrC;EACA,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS;IACP,SAAS;IACT,WAAW,KAAK;IAChB,YAAY;KACV,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;IAEzD,UAAU;KACR,UAAU,SAAS,YAAY;KAC/B,YAAY,SAAS;KACrB,SAAS;KACT,OAAO,SAAS,MAAM;KACtB,gBAAgB,SAAS,eAAe;KACxC,WAAW,kBAAkB,SAAS;;IAExC;IACA;IACA;;;EAGJ;;AAIF,SAAQ,MAAM,mDAAmD;AAEjE,KAAI,CAAC,4BAA4B,WAAW;AAE1C,UAAQ,MAAM,2DAA2D;EACzE,MAAM,eAAgB,UAAkB,SAAS;AACjD,QAAM,IAAI,MAAM,gBAAgB;;CAGlC,MAAM,UAAU,SAAS;AACzB,KAAI,CAAC,QAAQ,WAAW,CAAC,QAAQ,kBAAkB,CAAC,QAAQ,MAAM;AAEhE,UAAQ,MAAM,wDAAwD;AACtE,QAAM,IAAI,MAAM,QAAQ,SAAS;;AAGnC,QAAO;EACL,gBAAgB,QAAQ;EACxB,MAAM,QAAQ;EACd,eAAe,YAAY;EAC3B,MAAM,QAAQ;;;;;;;;;;AClIlB,eAAsB,0BAA0B,EAC9C,KACA,YACA,eACA,aAeC;AACD,KAAI;AACF,UAAQ,KAAK;AAIb,MACE,CAAC,WAAW,wBAAwB,KAAK,SAAS,SAClD,CAAC,WAAW,wBAAwB,KAAK,SAAS,OAElD,OAAM,IAAI,MAAM;AAGlB,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAGhC,MAAM,WAAW,MAAM,IAAI,YAAyD;GAClF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KAChC;KACA;;;;AAMN,MAAI,CAAC,mCAAmC,UACtC,OAAM,IAAI,MAAM;EAGlB,MAAM,oBAAoB,SAAS,QAAQ;AAC3C,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;AAElB,SAAO;GACL,WAAW,SAAS,QAAQ;GAC5B,qBAAqB,SAAS,QAAQ;GACtC;GACA,eAAe,SAAS,QAAQ;GAChC,aAAa,SAAS,QAAQ;;UAGzBC,OAAgB;AACvB,UAAQ,MAAM,yDAAyD;AACvE,QAAM;;;;;;;;;;ACpEV,eAAsB,qBAAqB,EAAE,KAAK,8BAG1B;AACtB,KAAI;EACF,MAAM,WAAW,MAAM,IAAI,YAAoD,EAC7E,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS,EACP;;AAKN,MAAI,8BAA8B,UAChC,QAAO,SAAS,QAAQ;MAExB,OAAM,IAAI,MAAM;UAEXC,OAAgB;AACvB,QAAM;;;;;;;;;;ACfV,eAAsB,2BAA2B,EAC/C,KACA,gBACA,iBACA,YACA,OACA,WACA,WAYC;AACD,KAAI;AACF,UAAQ,KAAK;AAGb,UAAQ,SAAS,QAAQ,UAAU;AACjC,OAAI;AACF,2BAAuB;YAChB,OAAO;AACd,UAAM,IAAI,MAAM,UAAU,MAAM,sBAAsB,iBAAiB,QAAQ,MAAM,UAAU;;;EAInG,MAAM,WAAW,MAAM,IAAI,YAA0D,EACnF,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS;IACP;IACA;IACA;IACA;IACW;IACF;;;AAKf,MAAI,SAAS,SAAS,mBAAmB,mCAAmC;AAC1E,WAAQ,MAAM,qEAAqE;AACnF,SAAM,IAAI,MAAM;;EAGlB,MAAM,aAAa,SAAS;AAC5B,MAAI,CAAC,WAAW,QACd,OAAM,IAAI,MAAM,WAAW,SAAS;EAGtC,MAAM,qBAAqB,WAAW,sBAAsB;AAC5D,MAAI,mBAAmB,WAAW,EAChC,OAAM,IAAI,MAAM,8CAA8C,mBAAmB;EAEnF,MAAM,WAAW,mBAAmB;AACpC,MAAI,CAAC,YAAY,CAAC,SAAS,eAAe,CAAC,SAAS,UAClD,OAAM,IAAI,MAAM;EAGlB,MAAM,SAAS;GACb,mBAAmB,IAAI,kBAAkB;IACvC,aAAa,SAAS;IACtB,WAAW,SAAS;IACpB,aAAa,MAAM,KAAK,SAAS,cAAc;;GAEjD,MAAM,WAAW;;AAGnB,UAAQ,MAAM;AACd,SAAO;UAEAC,OAAgB;AACvB,UAAQ,MAAM,oEAAoE;AAClF,QAAM;;;;;;;;;;;;AC/EV,eAAsB,kBAAkB,EAAE,KAAK,WAsB5C;AACD,KAAI;EACF,MAAM,eAAe,MAAM,4BAA4B,QAAQ,WAAW,IAAI,UAAU;EACxF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,QAAQ,WAAW;AAC3F,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC,QAAQ;EAIjE,MAAM,YAAY,QAAQ,aAAa;AAEvC,MAAI,CAAC,IAAI,iBACP,OAAM,IAAI,MAAM;AAGlB,QAAM,IAAI,iBAAiB,gCAAgC;GACzD;GACA;GACA,MAAM;GACN,eAAe,QAAQ;GACvB,SAAS,QAAQ;GACjB,WAAW,QAAQ;GACnB,OAAO,QAAQ;GACf,MAAM,QAAQ;GACd,4BAA4B,QAAQ;GACpC,YAAY,QAAQ;GACpB,YAAY,QAAQ;;EAGtB,MAAM,WAAW,MAAM,IAAI,YAAiD;GAC1E;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS;KACP,SAAS,QAAQ;KACjB,WAAW,QAAQ;KACnB,OAAO,QAAQ;KACf,OAAO,QAAQ,SAAS;KACxB,WAAW,QAAQ;KACnB,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAAC,2BAA2B,WAAW;AACzC,WAAQ,MAAM,gDAAgD;GAC9D,MAAM,eAAe,SAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAGlC,SAAO;GACL,SAAS;GACT,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,WAAW,SAAS,QAAQ;GAC5B,OAAO,SAAS,QAAQ,SAAS;;UAG5BC,OAAgB;AACvB,UAAQ,MAAM,+CAA+C;AAC7D,SAAO;GACL,SAAS;GACT,WAAW;GACX,WAAW;GACX,WAAW;GACX,OAAQ,SAAS,OAAQ,MAAgC,YAAY,WAChE,MAA8B,UAC/B;;;;;;;;;;;;;;;;;;;;;;AC3EV,eAAsB,8BAA8B,EAClD,KACA,WACA,eACA,YACA,cACA,oBACA,YACA,aACA,cACA,6BAuBC;AACD,KAAI;AACF,MAAI,CAAC,UACH,OAAM,IAAI,MAAM;AAGlB,UAAQ,MAAM,gEAAgE;GAC5E;GACA;GACA;;EAIF,MAAM,cAAc,MAAoC;AACtD,OAAI,CAAC,EAAG,QAAO;AACf,UAAO,MAAM,KAAK,gBAAgB;;EAIpC,MAAM,oBAAoB;GACxB,UAAU;IACR,gBAAgB,WAAW,aAAa;IACxC,YAAY,WAAW,aAAa;IACpC,WAAW,WAAW,aAAa;IACnC,YAAY,WAAW,aAAa;IACpC,SAAS,aAAa;IACtB,OAAO,aAAa;IACpB,cAAc,OAAO,aAAa;IAClC,YAAY,WAAW,aAAa;;GAEtC,uBAAuB;GACvB,8BAA8B,WAAW;GACzC,uBAAuB;IACrB,kBAAkB,6BAA6B,uBAAuB;IACtE,cAAc;KACZ,QAAQ;KACR,gBAAgB;KAChB,UAAU;;;;EAMhB,MAAM,WAAW,MAAM,IAAI,YAA6D;GACtF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KAChC;KACA;KACA,oBAAoB;MAClB,aAAa,mBAAmB;MAChC,eAAe,mBAAmB;MAClC,WAAW,mBAAmB;;KAEhC;KACA,kBAAkB,KAAK,UAAU;;;;AAKvC,MAAI,CAAC,uCAAuC,UAC1C,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;AAE5B,UAAQ,MAAM;EAGd,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMC,UAA4B;GAChC;GACA,cAAc,gBAAgB;GAC9B,eAAe,WAAW;GAC1B;GACA,aAAa,WAAW;GACxB,SAAS;GACT,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,UAAQ,MAAM;AAEd,SAAO;GACL,SAAS;GACT,WAAW,WAAW;GACtB,mBAAmB,WAAW;GAC9B,aAAa,WAAW;GACxB,eAAe,WAAW;GAC1B;;UAEKC,OAAgB;AACvB,UAAQ,MAAM,8DAA8D;EAC5E,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT,WAAW;GACX,mBAAmB;GACnB,aAAa;GACb,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;AC3Ib,SAAgB,4BACd,KACA,SACoB;CAKpB,MAAM,aAAa,IAAI,uBAAuB;CAC9C,MAAM,cAAe,SAAS,sBAAsB;CACpD,MAAM,kBAAkB,OAAO,YAC7B,OAAO,QAAQ,aAAa,QAAQ,GAAG,OAAO,MAAM,UAAa,MAAM;CAEzE,IAAIC,MAA0B;EAAE,GAAG;EAAY,GAAG;;AAGlD,OAAM;EAAE,GAAG;EAAK,OAAO,IAAI,SAAS;;AAIpC,KAAI,SAAS,SAAS,uBAAuB,6BAC3C,QAAO;EACL,QAAQ;EACR,UAAU,IAAI;EACd,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;CAKxB,MAAM,kBAAkB,OAAO,SAAS,OAAO;AAO/C,KAAI,2BAA2B;EAC7B,MAAMC,YAA2C,IAAI,WAAW,SAAU,WAAW,IAAI;AACzF,QAAM;GACJ,GAAG;GACH,QAAQ;GACR,UAAU;;;AAMd,KACE,YACA,SAAS,SACR,QAAQ,SAAS,uBAAuB,oBAAoB,QAAQ,SAAS,uBAAuB,aAIrG,QAAO;EACL,QAAQ;EACR,UAAU;EACV,kBAAkB,IAAI;EACtB,OAAO,IAAI,SAAS;;AAKxB,QAAO;;;;;;;;;AClFT,SAAgB,6BAA6B,OAAsC;AACjF,KAAI,OAAO,UAAU,SACnB,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,SAAS,OAAQ,OAAM,IAAI,MAAM;CACtC,MAAM,IAAI;AAOV,KAAI,EAAE,kBAAkB,EAAG,OAAM,IAAI,MAAM;AAC3C,KAAI,CAAC,SAAS,EAAE,cAAc,CAAC,EAAE,UAAW,OAAM,IAAI,MAAM;AAC5D,KAAI,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,KAAM,OAAM,IAAI,MAAM;AAClD,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,KAAI,EAAE,YAAY,UAAa,EAAE,YAAY,KAAM,OAAM,IAAI,MAAM;AACnE,QAAO;;AAGT,SAAgB,0CAA0C,SAAqC;AAC7F,KACE,QAAQ,SAAS,uBAAuB,oBACrC,QAAQ,SAAS,uBAAuB,oBAE3C;CAGF,MAAMC,UAAgB,QAAgB,WAAW;AACjD,KAAI,QAAQ,cAAc,OACxB,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,gBAAgB,OAC1B,OAAM,IAAI,MAAM;AAElB,KAAI,QAAQ,WAAW,OACrB,OAAM,IAAI,MAAM;;;;;;;;;;AChBpB,eAAsB,sCACpB,KACA,SAIA,QACe;CAGf,IAAIC;CACJ,IAAIC;CACJ,IAAIC;AAEJ,KAAI;AAEF,YAAU,6BAA6B,QAAQ;AAC/C,4CAA0C;AAC1C,uBAAqB,4BAA4B,KAAK;EAEtD,MAAM,gBAAgB,wBAAwB,QAAQ;EACtD,MAAM,eAAe,gBAAgB;AAErC,uBAAqB,uBAAuB;GAC1C,GAAG;GACH,GAAI,eAAe,EAAE,iBAAiB;;UAGjCC,GAAY;AAEnB,UAAQ,MAAM,wDAAwD;AAEtE,MAAI;GACF,MAAM,OAAO,SAAS,OAAc;AACpC,OAAI,OAAO,QAAQ,YAAY,KAAK;AAClC,wBAAoB,QAAQ;KAC1B,WAAW;KACX,WAAW;KACX,OAAO,aAAa,MAAM;;AAE5B;;WAEKC,MAAe;AACtB,SAAM,QAAQ;;AAEhB,QAAM,QAAQ;;CAGhB,MAAM,UAAU,SAAS,QAAQ;AACjC,KAAI,CAAC,SAAS;AAEZ,sBAAoB,QAAQ;GAC1B,WAAW,QAAQ;GACnB,WAAW;GACX,OAAO;;AAET;;AAGF,OAAM,QAAQ;EAAE;EAAK;EAAS;EAAQ;EAAoB;;;AAa5D,eAAe,WAAc,OAAe,QAAsC;AAChF,KAAI;AACF,SAAO,MAAM;UACN,GAAG;AACV,UAAQ,MAAM,0CAA0C,MAAM,eAAe;AAC7E,QAAM;;;AAIV,MAAMC,WAA6D;EAChE,uBAAuB,+BAA+B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACjI,MAAM,EAAE,wBAAwB,MAAM,WAAW,mBAAmB,OAAO;AAC3E,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExG,uBAAuB,6BAA6B,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAC/H,MAAM,EAAE,wBAAwB,MAAM,WAAW,mBAAmB,OAAO;AAC3E,QAAM,oBAAoB,KAAK,SAA0C,QAAQ;GAAE;GAAoB;;;EAExG,uBAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,2BAA2B,MAAM,WAAW,sBAAsB,OAAO;AACjF,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9G,uBAAuB,cAAc,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EAChH,MAAM,EAAE,2BAA2B,MAAM,WAAW,sBAAsB,OAAO;AACjF,QAAM,uBAAuB,KAAK,SAA6C,QAAQ;GAAE;GAAoB;;;EAE9G,uBAAuB,mBAAmB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACrH,MAAM,EAAE,iCAAiC,MAAM,WAAW,sBAAsB,OAAO;AACvF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB;;;EAE/G,uBAAuB,sBAAsB,OAAO,EAAE,KAAK,SAAS,QAAQ,oBAAoB,yBAAyB;EACxH,MAAM,EAAE,iCAAiC,MAAM,WAAW,sBAAsB,OAAO;AACvF,QAAM,6BAA6B,KAAK,SAAwC,QAAQ;GAAE;GAAoB;;;;;;;;;;;;;ACzHlH,eAAsB,iBACpB,KACA,SACgC;AAChC,QAAO,IAAI,SAAgC,SAAS,WAAW;EAE7D,MAAM,SAAS,EACb,cAAc,QAAa;AACzB,OAAI,KAAK,SAAS,yBAAyB,8BACzC,SAAQ,IAAI;;AAKlB,wCACE,KACA;GAAE,MAAM,yBAAyB;GAAuC,MAAM;KAC9E,QACA,MAAM;;;;;;;;;;;;ACfZ,eAAsB,oBAAoB,EACxC,KACA,eACA,SACA,OACA,aAOgB;CAChB,MAAM,YAAY,YAAY;CAG9B,MAAM,eAAe,MAAM,4BAA4B,WAAW,IAAI,UAAU;CAChF,MAAM,CAAC,SAAS,QAAQ,MAAM,QAAQ,IAAI,CACxC,IAAI,UAAU,WAAW,gBAAgB,WAAW,eACpD,IAAI,UAAU,SAAS,gBAAgB,WAAW;CAEpD,MAAM,YAAY,MAAM,uBAAuB;AAC/C,KAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,MAAM;CAIlB,MAAM,WAAW,MAAM,IAAI,YAAwD;EACjF;EACA,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS;IACP,eAAe;IACf,yBAAyB,QAAQ;IACjC,sCAAsC,QAAQ;;;;AAKpD,KAAI,CAAC,kCAAkC,WAAW;AAChD,UAAQ,MAAM,2CAA2C;EACzD,MAAM,eAAe,SAAS,UAAU,YAAY,UAAU,SAAS;EACvE,MAAM,MAAM,OAAO,gBAAgB;AACnC,QAAM,IAAI,MAAM;;CAGlB,MAAM,aAAa,SAAS,QAAQ;CAGpC,MAAM,UAAU;EACd,eAAe;EACf,WAAW;EACX,MAAM,uBAAuB;EAC7B,SAAS;GACP,WAAW;GACX;GACA;GACA,SAAS;;EAEX,SAAS;GACP,eAAe;GACf;GACA;GACA;GACA;;;AAGJ,OAAM,iBAAiB,KAAK;;;;;;;;;;;ACK9B,IAAa,sBAAb,MAAiC;CAE/B,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CACR,AAAQ;CAER,YACE,kBACA,YACA,wBACA,cACA,cACA,8CAAuD,MACvD,iBACA;AACA,OAAK,YAAY;AACjB,OAAK,gBAAgB,IAAI,cAAc,cAAc;AACrD,OAAK,mBAAmB;AACxB,OAAK,aAAa;AAClB,OAAK,yBAAyB;AAC9B,OAAK,eAAe;AACpB,OAAK,kBAAkB;;CAGzB,oBAAoB,QAAkC;AACpD,OAAK,mBAAmB;;CAG1B,aAAyC;AACvC,SAAO;GACL,aAAa,KAAK,YAAY,KAAK;GACnC,WAAW,KAAK;GAChB,eAAe,KAAK;GACpB,kBAAkB,KAAK;GACvB,YAAY,KAAK;GACjB,wBAAwB,KAAK;GAC7B,cAAc,KAAK;GACnB,cAAc,KAAK,cAAc;GACjC,iBAAiB,KAAK;;;CAI1B,qBAA6B;EAC3B,MAAM,eAAe,iBACnB,6BAA6B,OAAO,KACpC;GAAE,QAAQ;GAAU,YAAY,KAAK;;AAEvC,MAAI;GACF,MAAM,SAAS,IAAI,OAAO,cAAc;IACtC,MAAM,6BAA6B,OAAO;IAC1C,MAAM,6BAA6B,OAAO;;AAG5C,UAAO,gBAAgB;AACvB,UAAO;WACA,OAAO;GAId,MAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO;AAC5D,SAAM,IAAI,MAAM,mCAAmC;;;;;;;;;;;;;;;CAgBvD,AAAQ,aAAuB;CAC/B,AAAiB,uBAAuB;CAExC,AAAQ,kCAAoD,IAAI;CAChE,AAAiB,6BAA6B,MAAS;CAEvD,AAAQ,oBAA4B;AAClC,MAAI,KAAK,WAAW,SAAS,EAC3B,QAAO,KAAK,WAAW;AAEzB,SAAO,KAAK;;CAGd,AAAQ,0BAA0B,QAAsB;AAEtD,SAAO;AAEP,OAAK;;;;;;;;;;;;;;;;;;;;;CAsBP,MAAM,2BAA2B,WAAmB,MAAmH;AACrK,MAAI,KAAK,gBAAgB,IAAI,WAC3B,OAAM,IAAI,MAAM,0CAA0C;EAG5D,MAAM,SAAS,KAAK;EACpB,IAAI,aAAa,MAAM;EACvB,IAAIC;AACJ,MAAI,CAAC,YAAY;GAIf,MAAM,UAAU,IAAI;AACpB,gBAAa,QAAQ;AACrB,aAAU,QAAQ;;AAIpB,MAAI;AACF,OAAI,CAAC,WACH,OAAM,IAAI,MAAM;AAIlB,SAAM,kBAAkB,QAAQ,WAAW;AAI3C,QAAK,gBAAgB,IAAI,WAAW;IAClC;IACA,iBAAiB;IACjB,WAAW,KAAK;;WAGX,KAAK;AACZ,WAAQ,MAAM,6EAA6E;AAE3F,OAAI;AAAE,gBAAY;WAAiB;AACnC,OAAI;AAAE,aAAS;WAAiB;AAChC,QAAK,0BAA0B;AAC/B,QAAK,gBAAgB,OAAO;AAC5B,SAAM;;AAER,SAAO;GAAE;GAAQ;GAAY;;;;;;CAM/B,sBAAsB,WAAyB;EAC7C,MAAM,QAAQ,KAAK,gBAAgB,IAAI;AACvC,MAAI,CAAC,MAAO;AACZ,MAAI;AAAE,SAAM,iBAAiB;UAAgB;AAC7C,MAAI;AAAE,QAAK,0BAA0B,MAAM;UAAgB;AAC3D,OAAK,gBAAgB,OAAO;;;;;CAM9B,8BAAoC;EAClC,MAAM,MAAM,KAAK;AACjB,OAAK,MAAM,CAAC,WAAW,UAAU,KAAK,gBAAgB,UACpD,KAAI,MAAM,MAAM,YAAY,KAAK,2BAC/B,MAAK,sBAAsB;;CAKjC,MAAc,0BAAyC;AACrD,MAAI;GACF,MAAM,SAAS,KAAK;GAGpB,MAAM,gBAAgB,IAAI,SAAe,SAAS,WAAW;IAC3D,MAAM,UAAU,iBAAiB,uBAAO,IAAI,MAAM,0BAA0B;IAE5E,MAAM,aAAa,UAAwB;AACzC,SAAI,MAAM,MAAM,SAAS,qBAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,mBAAa;AACb;;;AAIJ,WAAO,iBAAiB,WAAW;AACnC,WAAO,gBAAgB;AACrB,YAAO,oBAAoB,WAAW;AACtC,kBAAa;AACb,4BAAO,IAAI,MAAM;;;AAIrB,SAAM;AAEN,OAAI,KAAK,WAAW,SAAS,KAAK,qBAChC,MAAK,WAAW,KAAK;OAErB,QAAO;WAEFC,OAAgB;AACvB,WAAQ,KAAK,6DAA6D;;;;;;;CAQ9E,MAAM,oBAAmC;EACvC,MAAMC,WAA4B;AAElC,OAAK,IAAI,IAAI,GAAG,IAAI,KAAK,sBAAsB,IAC7C,UAAS,KACP,IAAI,SAAe,SAAS,WAAW;AACrC,OAAI;IACF,MAAM,SAAS,KAAK;IAGpB,MAAM,WAAW,UAAwB;AACvC,SAAI,MAAM,MAAM,SAAS,qBAAqB,gBAAgB,MAAM,MAAM,OAAO;AAC/E,aAAO,oBAAoB,WAAW;AACtC,WAAK,0BAA0B;AAC/B;;;AAIJ,WAAO,iBAAiB,WAAW;AAGnC,WAAO,WAAW,UAAU;AAC1B,YAAO,oBAAoB,WAAW;AACtC,aAAQ,MAAM,2BAA2B,IAAI,EAAE,oBAAoB;AACnE,YAAO;;AAIT,qBAAiB;AACf,YAAO,oBAAoB,WAAW;AAGtC,4BAAO,IAAI,MAAM;OAChB;YAEID,OAAgB;AACvB,YAAQ,MAAM,4CAA4C,IAAI,EAAE,IAAI;AACpE,WAAO,QAAQ;;;AAMvB,MAAI;AACF,SAAM,QAAQ,WAAW;WAClBA,OAAgB;AACvB,WAAQ,KAAK,qDAAqD;;;CAItE,MAAc,YAAyC,EACrD,WACA,SACA,SACA,YAAY,6BAA6B,SAAS,WAMX;AAGvC,OAAK;EAEL,MAAM,mBAAoB,QAAQ,SAAiB;AACnD,MAAI,aAAa,oBAAoB,qBAAqB,UACxD,OAAM,IAAI,MACR,mCAAmC,iBAAiB,uCAAuC,UAAU;EAIzG,MAAM,qBAAqB,aAAa;EACxC,MAAM,eAAe,qBAAqB,KAAK,gBAAgB,IAAI,sBAAsB;AACzF,MAAI,sBAAsB,CAAC,aACzB,OAAM,IAAI,MAAM,qCAAqC;EAIvD,MAAM,eAAe,qBACjB,cAAc,oBAAoB,QAAQ,WACzC,QAAQ;EAEb,MAAM,SAAS,eAAe,aAAa,SAAS,KAAK;EACzD,MAAM,kBAAkB,CAAC,CAAC;AAE1B,SAAO,IAAI,SAAS,SAAS,WAAW;GACtC,MAAM,YAAY,iBAAiB;AACjC,QAAI;AACF,SAAI,mBAAmB,mBAErB,MAAK,sBAAsB;SAE3B,MAAK,0BAA0B;YAE3B;AAER,QAAI;KACF,MAAM,UAAU,KAAK,MAAM,YAAY;AACvC,YAAO,YAAY;MAAE,MAAM;MAAiB,SAAS,mBAAmB,QAAQ;QAAiB;YAC3F;AACR,2BAAO,IAAI,MAAM,oCAAoC,UAAU;MAC9D;GAEH,MAAME,YAA2C;AAEjD,UAAO,YAAY,OAAO,UAAU;AAClC,QAAI;AAEF,SAAI,6BAA6B,OAAO,MACtC;AAGF,SAAI,OAAO,MAAM,SAAS,qBAAqB,gBAAgB,OAAO,MAAM,MAC1E;KAGF,MAAM,WAAW,MAAM;AACvB,eAAU,KAAK;AAGf,SAAI,iBAAiB,WAAW;MAC9B,MAAM,mBAAmB;AACzB,gBAAU,iBAAiB;AAC3B;;AAIF,SAAI,cAAc,WAAW;AAC3B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;MACrD,MAAM,gBAAgB;AACtB,cAAQ,MAAM,0BAA0B;AACxC,aAAO,IAAI,MAAM,cAAc,QAAQ;AACvC;;AAIF,SAAI,gBAAgB,WAAW;AAC7B,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ;AACR;;AAIF,aAAQ,MAAM,sCAAsC,EAClD;AAIF,SAAI,SAAS,aAAa,aAAa,YAAY,WAAW,UAAU;AACtE,mBAAa;AACb,UAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,cAAQ,MAAM,qCAAqC;AACnD,6BAAO,IAAI,MAAM,8BAA+B,SAAmB;AACnE;;AAIF,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,4BAAO,IAAI,MAAM,mCAAmC,KAAK,UAAU;aAC5DF,OAAgB;AACvB,kBAAa;AACb,SAAI,CAAC,gBAAiB,MAAK,0BAA0B;AACrD,aAAQ,MAAM,oCAAoC;KAClD,MAAM,MAAM,QAAQ;AACpB,4BAAO,IAAI,MAAM,oCAAoC,IAAI;;;AAI7D,UAAO,WAAW,UAAU;AAC1B,iBAAa;AACb,QAAI,CAAC,gBAAiB,MAAK,0BAA0B;IACrD,MAAMG,iBAAe,MAAM,OAAO,WAAW,MAAM,WAAW;AAC9D,YAAQ,MAAM,oCAAoC;KAChD,SAASA;KACT,UAAU,MAAM;KAChB,QAAQ,MAAM;KACd,OAAO,MAAM;KACb,OAAO,MAAM;;AAEf,2BAAO,IAAI,MAAM,iBAAiBA;;GAIpC,MAAM,mBAAmB;IACvB,MAAM,QAAQ;IACd,SAAS;;AAGX,UAAO,YAAY;;;;;;CAOvB,MAAM,0CAA0C,MAiB7C;AACD,SAAO,0CAA0C;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;CAMhF,MAAM,yBAAyB,MAO5B;AACD,SAAO,yBAAyB;GAAE,KAAK,KAAK;GAAc,GAAG;;;CAG/D,MAAM,qBAAqB,MAcxB;AACD,SAAO,qBAAqB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;;CAU3D,MAAM,8BAA8B,MAqBjC;AACD,SAAO,8BAA8B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CASpE,MAAM,4BAA4B,MAY9B;AACF,SAAO,4BAA4B;GACjC,KAAK,KAAK;GACV,GAAG;;;CAIP,MAAM,mBAAmB,MAatB;AACD,SAAO,mBAAmB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOzD,MAAM,0BAA0B,MAW7B;AACD,SAAO,0BAA0B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;CAOhE,MAAM,qBAAqB,4BAAyD;AAClF,SAAO,qBAAqB;GAAE,KAAK,KAAK;GAAc;;;;;;;CAOxD,MAAM,2BAA2B,MAU9B;AACD,SAAO,2BAA2B;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;CASjE,MAAM,kBAAkB,SAmBrB;AACD,SAAO,kBAAkB;GACvB,KAAK,KAAK;GACV;;;;;;;;;CAUJ,MAAM,oBAAoB,MAKR;AAChB,SAAO,oBAAoB;GAAE,KAAK,KAAK;GAAc,GAAG;;;;;;;;;;;;;ACntB5D,eAAsB,eAAe,KAA+D;AAClG,KAAI;AACF,QAAM,IAAI;SACJ;AAEN,SAAO;GAAE,QAAQ;GAAO,eAAe;;;AAGzC,KAAI;EACF,MAAMC,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,WAAW,SAAS,MAAM;GACrC,MAAM,OAAO,SAAS;GACtB,MAAM,UAAU,IAAI;AACpB,UAAO;IACL,QAAQ,KAAK;IACb,eAAe,UAAU,YAAY,WAAW;IAChD,iBAAiB,KAAK;;;AAI1B,SAAO;GAAE,QAAQ;GAAO,eAAe;;UAChC,OAAO;AACd,UAAQ,KAAK,0CAA0C;AACvD,SAAO;GAAE,QAAQ;GAAO,eAAe;;;;;;;;;;;;;;;;;AC3B3C,eAAsB,aACpB,KACA,MAMC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAAqD;EACzD,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAAqC;AAChE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wBAAwB,SAAS;AAEnD,QAAQ,SAAS,QAAgB;EAC/B,WAAW,KAAK;EAChB,gBAAgB;EAChB,kBAAkB;EAClB,aAAa;;;;;;;;;;;;AC7BjB,eAAsB,gBAAgB,KAAoD;AACxF,SAAQ,MAAM;AAEd,OAAM,IAAI;AAEV,KAAI;EACF,MAAMC,UAAsD;GAC1D,MAAM;GACN,IAAI,IAAI;GACR,SAAS;;EAGX,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,SAAS,SAAS;AAEpB,OAAI,uBAAuB;AAC3B,WAAQ,MAAM;QAEd,SAAQ,KAAK,mCAAmC,SAAS;UAEpD,OAAO;AACd,UAAQ,KAAK,iCAAiC;;;;;;;;;;;;;;AChBlD,eAAsB,2CACpB,KACA,QAqBC;AACD,OAAM,IAAI,kBAAkB;CAE5B,MAAMC,UAAmE;EACvE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,OAAO;GAClB,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,YAAY,OAAO;GACnB,YAAY,OAAO;GACnB,aAAa,OAAO,eAAe;;;CAKvC,MAAM,WAAW,MAAM,IAAI,YAAmD;AAE9E,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,wCAAwC,SAAS;CAGnE,MAAM,OAAO,SAAS;AAEtB,KAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM,KAAK,SAAS;AAGhC,KAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,aACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,YACR,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL,WAAW;EACX,WAAW,KAAK;EAChB,YAAY,KAAK;EACjB,cAAc,KAAK;EACnB,oBAAoB,KAAK;EACzB,aAAa,KAAK;EAClB,WAAW,KAAK;EAChB,cAAc,KAAK;EACnB,2BAA2B,KAAK;EAChC,qBAAqB,KAAK;;;;;;;;;;;;;ACd9B,eAAsB,gCACpB,YACA,QACgD;CAChD,MAAM,EAAE,cAAc;CAEtB,IAAIC;CACJ,IAAIC;AAEJ,SAAQ,OAAO,MAAf;EACE,KAAK,eAAe;GAClB,MAAM,oBAAoB,OAAO;AACjC,kBAAe,MAAM,6BACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAI;;GAI5B,MAAMC,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAM,uBAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;;IAElB,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,YAAY;GACf,MAAMC,oBAA4C,CAAC;IACjD,YAAY,OAAO,SAAS;IAC5B,SAAS,OAAO,SAAS;;AAG3B,kBAAe,MAAM,6BACnB,kBAAkB,KAAI,QAAO;IAC3B,YAAY,GAAG;IACf,SAAS,GAAG,QAAQ,IAAI;;GAI5B,MAAMD,UAA8B;IAClC;IACA,YAAY,kBAAkB,IAAI;IAClC,aAAa,wBAAwB;IACrC,MAAM;IACN,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;IAClD,UAAU;KACR,UAAU,OAAO,SAAS;KAC1B,YAAY,OAAO,SAAS;KAC5B,OAAO,OAAO,OAAO,SAAS;KAC9B,gBAAgB,OAAO,OAAO,SAAS;;;AAI3C,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAM,uBAAuB;IAC7B;IACA,SAAS;KACP;KACA;KACA,SAAS,OAAO;;IAElB,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,KAAK,UAAU;AACb,kBAAe,GAAG,OAAO,cAAc,GAAG,OAAO,UAAU,GAAG,OAAO;GACrE,MAAMA,UAA8B;IAClC;IACA,QAAQ;IACR,YAAY,OAAO;IACnB,GAAI,OAAO,SAAS,OAAO,EAAE,OAAO,OAAO,UAAU;IACrD,GAAI,OAAO,QAAQ,OAAO,EAAE,MAAM,OAAO,SAAS;;AAGpD,aAAU;IACR,eAAe;IACf,WAAW;IACX,MAAM,uBAAuB;IAC7B;IACA,SAAS;KACP,eAAe,OAAO;KACtB,SAAS,OAAO;KAChB,WAAW,OAAO;KAClB,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;KAC5D,GAAI,OAAO,aAAa,EAAE,YAAY,OAAO,eAAe;;IAE9D,oBAAoB,OAAO;IAC3B;;AAEF;;EAEF,QAIE,OAAM,IAAI,MAAM;;AAIpB,OAAM,WAAW,kBAAkB;CACnC,MAAME,UAAwE;EAC5E,MAAM;EACN,IAAI,WAAW;EACf,SAAS,EACP;;CAGJ,MAAM,WAAW,MAAM,WAAW,YAAwD;AAC1F,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,2CAA2C,SAAS;CAGtE,MAAM,WAAW,SAAS;AAQ1B,KAAI,CAAC,UAAU,UACb,OAAM,IAAI,MAAM,UAAU,SAAS;AAErC,KAAI,CAAC,SAAS,oBACZ,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL;EACA,oBAAoB,SAAS;EAC7B,cAAc,SAAS,iBAAiB;EACxC,YAAY,SAAS;;;AAIzB,SAAS,wBAAwB,mBAA+D;AAC9F,KAAI;EACF,IAAI,QAAQ,OAAO;AACnB,OAAK,MAAM,MAAM,kBACf,MAAK,MAAM,UAAU,GAAG,QACtB,SAAQ,OAAO,aAAf;GACE,KAAK,WAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAK,WAAW;AACd,aAAS,OAAO,OAAO,WAAW;AAClC;GACF,KAAK,WAAW;AACd,aAAS,OAAO,OAAO,SAAS;AAChC;GACF,QACE;;AAIR,SAAO,QAAQ,OAAO,KAAK,MAAM,aAAa;SACxC;AACN,SAAO;;;;;;;;;;;;;;ACpPX,eAAsB,4BACpB,KACA,WACsB;AACtB,OAAM,IAAI,kBAAkB;CAC5B,MAAM,UAAU,IAAI;AACpB,KAAI;AACF,MAAI,aACF;GAAE,MAAM,qBAAqB;GAA2B;KACxD,CAAC,QAAQ;UAEJ,KAAK;AACZ,UAAQ,MAAM,sEAAsE;AACpF,QAAM;;AAER,QAAO,QAAQ;;;;;;;;ACXjB,eAAsB,wBACpB,KACA,MAWC;CACD,MAAM,eAAe,KAAK,gBAAgB;AAC1C,OAAM,IAAI;CAEV,MAAM,eAAe,KAAK;CAC1B,MAAM,kBAAkB,cAAc,aACjC,cAAc,eACd,cAAc,UACd,cAAc;CAEnB,MAAMC,UAAgE;EACpE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,YAAY,KAAK;GACjB,eAAe,KAAK;GACpB;GACA,cAAc,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,MAAM,aAAa;IACnB,aAAa,OAAO,aAAa;IACjC,WAAW,aAAa;OACtB;;;CAIR,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,kCAAkC,SAAS;CAE7D,MAAM,OAAO,SAAS;CAOtB,MAAM,eAAe,KAAK,gBAAgB,KAAK,kBAAkB;AACjE,KAAI,CAAC,aACH,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,oBACR,OAAM,IAAI,MAAM;CAGlB,MAAM,eAAe,KAAK,mBACtB,qBAAqB;EACrB,UAAU,KAAK,iBAAiB;EAChC,WAAW,KAAK,iBAAiB;EACjC,UAAU,KAAK,iBAAiB;EAChC,cAAc,KAAK,iBAAiB;EACpC,QAAQ,KAAK,iBAAiB;EAC9B,MAAM,KAAK,iBAAiB;EAC5B,aAAa,KAAK,iBAAiB;EACnC,WAAW,KAAK,iBAAiB;MAEjC;AAEJ,KAAI,cAAc;AAChB,MAAI,uBAAuB,KAAK;AAChC,UAAQ,MAAM,iDAAiD,KAAK;;AAGtE,QAAO;EACL;EACA;EACA,qBAAqB,KAAK;EAC1B,2BAA2B,KAAK,6BAA6B;;;;;;;;;;;;;;;;;;;AC5EjE,eAAsB,+BACpB,KACA,MASqD;AACrD,OAAM,IAAI,kBAAkB;CAE5B,MAAMC,UAAuE;EAC3E,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,KAAK;GAEhB,aAAa,KAAK,eAAe;GACjC,YAAY,KAAK;GACjB,YAAY,KAAK;GACjB,OAAO,KAAK;GACZ,eAAe,KAAK;GACpB,YAAY,KAAK;;;CAGrB,MAAM,WAAW,MAAM,IAAI,YAAuD;AAClF,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,0CAA0C,SAAS;CAKrE,MAAM,OAAQ,SAAS;CACvB,MAAM,cAAc,MAAM,eAAe,KAAK,eAAe;AAC7D,KAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAElB,QAAO;EAAE,WAAW,MAAM,aAAa,KAAK;EAAW;;;;;;;;;;;;ACnDzD,eAAsB,mBACpB,KACA,MAKC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA2D;EAC/D,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,KAAK;GAChB,MAAM,KAAK;;;CAGf,MAAM,WAAW,MAAM,IAAI,YAA2C;AACtE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,8BAA8B,SAAS;AAEzD,QAAQ,SAAS,QAAgB,EAAE,WAAW,KAAK;;;;;;;;;;;AChBrD,eAAsB,+BACpB,KACA,WACA,WACuB;AACvB,QAAO,6BAA6B,KAAK,WAAW;;;;;;;AAQtD,eAAsB,yBACpB,KACA,WACuB;AACvB,QAAO,6BAA6B,KAAK;;AAG3C,eAAe,6BACb,KACA,WACA,WACuB;AACvB,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA6D;EACjE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP;GACA,cAAc;IACZ,QAAQ,UAAU;IAClB,MAAM,UAAU;IAChB,aAAa,OAAO,UAAU;IAC9B,WAAW,UAAU;;;;CAK3B,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,oCAAoC,SAAS;CAG/D,MAAM,OAAO,SAAS;AACtB,SAAQ,MAAM;AACd,QAAO,qBAAqB;;;;;;;;;;;;;ACjD9B,eAAsB,4BACpB,KACA,MAQC;AACD,OAAM,IAAI;AACV,KAAI;EACF,MAAMC,UAAoE;GACxE,MAAM;GACN,IAAI,IAAI;GACR,SAAS;IAEP,WAAW,KAAK;IAChB,cAAc,KAAK,eACf;KACE,QAAQ,KAAK,aAAa;KAC1B,MAAM,KAAK,aAAa;KACxB,aAAa,OAAO,KAAK,aAAa;KACtC,WAAW,KAAK,aAAa;QAE/B;;;EAIR,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,4CAA4C,SAAS;EAEvE,MAAM,OAAO,SAAS;EACtB,MAAM,gBAAgB,KAAK;AAC3B,MAAI,CAAC,cACH,OAAM,IAAI,MAAM;EAElB,MAAM,eAAe,KAAK,gBAAgB,cAAc;AACxD,MAAI,CAAC,aACH,OAAM,IAAI,MAAM;AAElB,MAAI,KAAK,gBAAgB,KAAK,aAE5B,KAAI,uBAAuB,KAAK,aAAa;AAI/C,SAAO;GACL;GACA,cAAc,qBAAqB;IACjC,UAAU,cAAc;IACxB,WAAW,cAAc;IACzB,UAAU,cAAc;IACxB,cAAc,cAAc;IAC5B,QAAQ,cAAc;IACtB,MAAM,cAAc;IACpB,aAAa,cAAc;IAC3B,WAAW,cAAc;;;UAItBC,OAAY;AACnB,UAAQ,MAAM,yDAAyD;AACvE,QAAM,IAAI,MAAM,6CAA6C,MAAM;;;;;;;;;;;;ACtEvE,eAAsB,mBACpB,KACA,MAOC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA2D;EAC/D,MAAM;EACN,IAAI,IAAI;EACR,SAAS,EACP,WAAW,KAAK;;CAGpB,MAAM,WAAW,MAAM,IAAI,YAA2C;AACtE,KAAI,CAAC,SAAS,QACZ,OAAM,IAAI,MAAM,8BAA8B,SAAS;AAEzD,QACG,SAAS,QAAgB;EACxB,WAAW,KAAK;EAChB,QAAQ;;;;;;;;;;;;ACxBd,eAAsB,sBACpB,KACA,MAce;AACf,KAAI,CAAC,KAAK,YACR,OAAM,IAAI,MAAM;AAElB,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAAiC;EACrC,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;GAC3B,aAAa,KAAK;GAClB,qBAAqB,KAAK;GAC1B,sBAAsB,KAAK;;;AAG/B,KAAI;AACF,UAAQ,MAAM,sCAAsC;GAClD,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;;EAE7B,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,MAAI,CAAC,SAAS,SAAS;AACrB,WAAQ,MAAM,wDAAwD;IACpE,WAAW,KAAK;IAChB,eAAe,OAAO,KAAK;IAC3B,OAAO,SAAS;;AAElB,SAAM,IAAI,MAAM,iCAAiC,SAAS;;AAE5D,UAAQ,MAAM,wCAAwC;GACpD,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;;UAEtB,OAAO;AACd,UAAQ,MAAM,sCAAsC;GAClD,WAAW,KAAK;GAChB,eAAe,OAAO,KAAK;GAC3B;;AAEF,QAAM;;;;;;ACpDV,eAAsBC,4CAA0C,EAC9D,KACA,eACA,cACA,eACA,YACA,YACA,sBASqD;CAGrD,MAAM,qBAAqB,cAAc,gCAAgC;CAEzE,MAAM,qBAAqB,cACrB,gCAAgC,WAAW,MAAM,KAAK,MAAM,gCAAgC;CAElG,MAAM,YAAa,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAC7E,OAAO,eACP,YAAY,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;CAE/D,MAAM,QAAQ,eAAe;CAC7B,MAAM,OAAO,eAAe;CAC5B,MAAMC,UAIoB;EACxB,eAAe;EACf;EACA,MAAM,uBAAuB;EAC7B,SAAS;GACP;GACA;GACA,YAAY;GACZ,GAAI,SAAS,OAAO,EAAE,UAAU;GAChC,GAAI,QAAQ,OAAO,EAAE,SAAS;;EAEhC,SAAS;GACP;GACA;GACA,SAAS;IACP,YAAY;IACZ,YAAY;IACZ;;;EAGJ;EACA,cAAc,YAAY,cAAc,GAAG;;CAG7C,MAAM,WAAW,MAAM,iBAAiB,KAAK;AAE7C,QAAO,0DAA0D;EAC/D,WAAW,SAAS;EACpB;EACA,cAAc,SAAS,gBAAgB;EACvC,YAAY,SAAS;EACrB,cAAc,SAAS;EACvB,oBAAoB,SAAS;EAC7B,OAAO,SAAS;;;;;;;;;;;;ACtEpB,eAAsB,0CACpB,KACA,QAQoD;CACpD,MAAM,UAAU,IAAI;CACpB,MAAM,WAAW,MAAMC,4CAA8C;EACnE,KAAK;EACL,eAAe,OAAO;EACtB,cAAc,OAAO;EACrB,eAAe,OAAO;EACtB,YAAY,OAAO;EACnB,YAAY,OAAO;EAEnB,oBAAoB,OAAO;;AAG7B,KAAI,CAAC,SAAS,UACZ,OAAM,IAAI,MAAM,SAAS,SAAS;AAEpC,KAAI,CAAC,SAAS,WACZ,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,SAAS,aACZ,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,SAAS,mBACZ,OAAM,IAAI,MAAM;AAGlB,QAAO;;;;;;;;;;AClCT,eAAsB,6BACpB,KACA,MAM4B;AAC5B,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAA2E;EAC/E,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,eAAe,KAAK;GACpB,YAAY,KAAK;GACjB,mBAAmB,KAAK;GAExB,OAAO,KAAK;;;CAGhB,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,KAAI,SAAS,QACX,KAAI,uBAAuB,KAAK;AAElC,QAAO;;;;;;;;;;AC9BT,eAAsB,oCACpB,KAKC;AACD,OAAM,IAAI,kBAAkB;CAC5B,MAAMC,UAAsD;EAC1D,MAAM;EACN,IAAI,IAAI;EACR,SAAS;;CAEX,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,+BAA+B,SAAS;CAE1D,MAAM,EAAE,mBAAmB,YAAY,gBAAgB,SAAS;AAKhE,KAAI,CAAC,qBAAqB,CAAC,WACzB,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAElB,QAAO;EAAE;EAAmB;EAAY;;;;;;;;;;;;ACpB1C,eAAsB,iBACpB,KACA,MAM4B;AAC5B,OAAM,IAAI,kBAAkB;AAE5B,MAAK,UAAU;EACb,MAAM;EACN,MAAM;GACJ,MAAM;GACN,SAAS;;;CAIb,MAAMC,UAAyD;EAC7D,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,eAAe,KAAK;GACpB,qBAAqB,KAAK;GAC1B,YAAY,KAAK;;;CAIrB,MAAM,WAAW,MAAM,IAAI,YAAY;AACvC,KAAI,SAAS,SAAS;AAEpB,MAAI,uBAAuB,KAAK;AAChC,UAAQ,MAAM,yCAAyC,KAAK;QACvD;AACL,UAAQ,MAAM,8CAA8C,SAAS;AACrE,UAAQ,MAAM,+BAA+B,KAAK,UAAU,UAAU,MAAM;AAC5E,UAAQ,MAAM,uCAAuC,KAAK,UAAU,SAAS,MAAM;;AAGrF,QAAO;;;;;;;;;;;;;;ACwGT,IAAa,mBAAb,MAA8B;CAC5B,AAAQ,YAA2B;CACnC,AAAQ,wBAA8C;CACtD,AAAQ,YAAY;CACpB,AAAQ;CACR,AAAQ,sBAAqC;CAC7C,AAAQ;CACR,AAAQ;CAER,YAAY,QAAgC,SAAkC;AAC5E,OAAK,SAAS;GAEZ,cAAc,YAAY,QAAQ;GAClC,eAAe;GACf,OAAO;GACP,GAAG;;AAGL,OAAK,UAAU;GACb,GAAG;GACH,kBAAkB;;;;;;CAOtB,aAAsC;AACpC,SAAO,KAAK;;CAGd,AAAQ,oBAAoD;AAC1D,SAAO;GACL,mBAAmB,KAAK,kBAAkB,KAAK;GAC/C,aAAa,KAAK,YAAY,KAAK;GACnC,mBAAmB,KAAK,kBAAkB,KAAK;GAC/C,YAAY,KAAK,WAAW,KAAK;GACjC,eAAe,SAAkB,aAA8B;AAC7D,QAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM;AAElB,SAAK,UAAU,YAAY,SAAS;;GAEtC,8BAA8B,KAAK;GACnC,yBAAyB,SAAwB;AAC/C,SAAK,sBAAsB;;;;;;;;CASjC,MAAM,4BAA4B,WAAyC;AACzE,SAAO,4BAA4B,KAAK,qBAAqB;;;;;;CAO/D,MAAM,+BAA+B,MAamB;AACtD,SAAO,+BAA+B,KAAK,qBAAqB;;;;;;;;CASlE,MAAM,mBAAmB,MAOtB;AACD,SAAO,mBAAmB,KAAK,qBAAqB;;;;;;CAOtD,MAAM,mBAAmB,MAQtB;AACD,SAAO,mBAAmB,KAAK,qBAAqB;;;;;;CAOtD,MAAM,aAAa,MAOhB;AACD,SAAO,aAAa,KAAK,qBAAqB;;;;;;;;CAShD,MAAM,sBAAsB,MAMV;AAChB,SAAO,sBAAsB,KAAK,qBAAqB;;;;;;;;CASzD,MAAM,gCAAgC,QA0CnC;AACD,SAAO,gCAAgC,KAAK,qBAAqB;;;;;;;;CASnE,MAAM,0CAA0C,QAOO;AACrD,SAAO,0CAA0C,KAAK,qBAAqB;;;;;;;;;;;;;CAc7E,MAAM,2CAA2C,QAoB9C;AACD,SAAO,2CAA2C,KAAK,qBAAqB;;CAG9E,oBAAoB,QAAkC;AACpD,OAAK,mBAAmB;;;;;;CAO1B,MAAc,kBAAkB,qBAAqB,OAAsB;AACzE,MAAI,KAAK,sBACP,OAAM,KAAK;WACF,CAAC,KAAK,UACf,OAAM,KAAK;AAEb,MAAI,CAAC,KAAK,UACR,OAAM,IAAI,MAAM;AAGlB,MAAI,mBACF,KAAI;GACF,MAAM,iBAAiB,MAAM,KAAK,YAAY;IAC5C,MAAM;IACN,IAAI,KAAK;IACT,SAAS;MACR;AAEH,OAAI,CAAC,eAAe,QAClB,OAAM,IAAI,MAAM;WAEX,OAAO;AACd,WAAQ,MAAM,qCAAqC;AACnD,SAAM,IAAI,MAAM;;;;;;CAQtB,MAAM,aAA4B;AAChC,MAAI,KAAK,sBACP,QAAO,KAAK;AAQd,OAAK,wBAAwB,KAAK,kBAAkB,OAAM,UAAS;AACjE,WAAQ,MAAM,uCAAuC;AACrD,WAAQ,MAAM,+BAA+B;IAC3C,SAAS,MAAM;IACf,OAAO,MAAM;IACb,MAAM,MAAM;;AAGd,QAAK,wBAAwB;AAC7B,SAAM;;EAGR,MAAM,SAAS,MAAM,KAAK;AAC1B,SAAO;;;;;CAMT,MAAc,kBAAiC;AAC7C,MAAI;GACF,MAAM,eAAe,KAAK,OAAO,gBAAgB,YAAY,QAAQ;GACrE,MAAM,YAAY,iBAAiB,cAAc;IAAE,QAAQ;IAAO,YAAY,KAAK;;AACnF,WAAQ,MAAM,4BAA4B;AAE1C,QAAK,YAAY,IAAI,OAAO,WAAW;IACrC,MAAM;IACN,MAAM;;AAGR,QAAK,UAAU,WAAW,UAAU;AAClC,YAAQ,MAAM,kCAAkC;;AAGlD,SAAM,KAAK;AAGX,OAAI,KAAK,OAAO,aAAa;IAC3B,MAAM,OAAO,MAAM,KAAK,YAA2C;KACjE,MAAM;KACN,IAAI,KAAK;KACT,SAAS,EAAE,QAAQ,KAAK,OAAO;;AAEjC,QAAI,CAAC,KAAK,QACR,OAAM,IAAI,MAAM,iCAAiC,KAAK;;AAK1D,OAAI,KAAK,OAAO,kBAAkB,KAAK,OAAO,wBAAwB,KAAK,OAAO,uBAAuB;IACvG,MAAM,QAAQ,MAAM,KAAK,YAAoD;KAC3E,MAAM;KACN,IAAI,KAAK;KACT,SAAS;MACP,gBAAgB,KAAK,OAAO;MAC5B,gBAAgB,KAAK,OAAO;MAC5B,iBAAiB,KAAK,OAAO;;;AAGjC,QAAI,CAAC,MAAM,QACT,OAAM,IAAI,MAAM,2CAA2C,MAAM;;WAI9DC,OAAY;AACnB,SAAM,IAAI,MAAM,yCAAyC,MAAM;;;;;;CAOnE,MAAc,YACZ,SACA,eAC4B;AAC5B,SAAO,IAAI,SAAS,SAAS,WAAW;AACtC,OAAI,CAAC,KAAK,WAAW;AACnB,2BAAO,IAAI,MAAM;AACjB;;GAGF,MAAM,YAAa,iBAAiB,KAAK,OAAO,iBAAiB;GACjE,MAAM,UAAU,iBAAiB;AAC/B,2BAAO,IAAI,MAAM,yCAAyC,UAAU,wBAAwB,QAAQ;MACnG;GAEH,MAAM,iBAAiB,UAAwB;IAC7C,MAAM,UAAU,MAAM;AAUtB,QAAK,SAAiB,SAAS,yBAAyB,uCAAuC;KAC7F,MAAM,MAAM;KAIZ,MAAM,MAAM,KAAK;AACjB,SAAI,CAAC,KAAK,WAAW;AACnB,cAAQ,MAAM;AACd;;AAEF,KAAK,sCAAsC,KAAK,KAAK,KAAK;AAC1D;;IAGF,MAAM,WAAW;AACjB,QAAI,SAAS,OAAO,QAAQ,IAAI;AAC9B,kBAAa;AACb,UAAK,UAAW,oBAAoB,WAAW;AAC/C,aAAQ;;;AAIZ,QAAK,UAAU,iBAAiB,WAAW;AAC3C,QAAK,UAAU,YAAY;;;;;;CAO/B,AAAQ,oBAA4B;AAClC,SAAO,OAAO,KAAK,MAAM,GAAG,EAAE,KAAK;;;;;;CAOrC,MAAM,iBAAiB,MAKQ;AAC7B,SAAO,iBAAiB,KAAK,qBAAqB;;CAGpD,MAAM,+BAA+B,WAAyB,WAA0C;AACtG,SAAO,+BAA+B,KAAK,qBAAqB,WAAW;;CAG7E,MAAM,yBAAyB,WAAgD;AAC7E,SAAO,yBAAyB,KAAK,qBAAqB;;;;;CAM5D,MAAM,iBAA2C;AAC/C,SAAO,eAAe,KAAK;;;;;CAM7B,MAAM,kBAAiC;AACrC,SAAO,gBAAgB,KAAK;;;;;;;CAQ9B,uBAAuB,eAAgC;AACrD,OAAK,sBAAsB;AAC3B,UAAQ,MAAM,8CAA8C;;;;;;;;;;;CAY9D,MAAM,4BAA4B,MAO/B;AACD,SAAO,4BAA4B,KAAK,qBAAqB;;;;;;;;;;;;CAa/D,MAAM,wBAAwB,MAU3B;AACD,SAAO,wBAAwB,KAAK,qBAAqB;;;;;;CAO3D,MAAM,6BAA6B,MAKJ;AAC7B,SAAO,6BAA6B,KAAK,qBAAqB;;;;;;;CAQhE,MAAM,sCAIH;AACD,SAAO,oCAAoC,KAAK;;;;;CAMlD,MAAc,6BAA4C;AACxD,MAAI;GACF,MAAM,YAAY;GAClB,MAAM,eAAe,MAAM,KAAK,YAAY;IAC1C,MAAM;IACN,IAAI,KAAK;IACT,SAAS;MACR;AACH,OAAI,CAAC,aAAa,QAChB,OAAM,IAAI,MAAM,+BAA+B,aAAa;AAE9D;WACOA,OAAY;AACnB,WAAQ,KAAK,oDAAoD,MAAM;;;;;;;AC1sB7E,IAAa,yBAAb,MAAoC;CAClC,AAAQ,uCAA+D,IAAI;CAC3E,AAAQ,oDAA+E,IAAI;CAC3F,AAAQ;CACR,AAAQ,qBAAyC;CAEjD,AAAQ,sBAA+C;CAEvD,AAAQ,2BAA2B;CAEnC,cAAc;AAEZ,OAAK;;;;;;;;;CAUP,qBAAqB,OAAgC;AACnD,MAAI,UAAU,UAAU,UAAU,QAAS;AAC3C,OAAK,sBAAsB;AAE3B,OAAK,2BAA2B;AAChC,MAAI,KAAK,mBAAmB,UAAU,OAAO;AAC3C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR;;AAEF,QAAK,+BAA+B,KAAK;AACzC,QAAK,kBAAkB;;;;;;CAO3B,cAAc,UAAyD;AACrE,OAAK,qBAAqB,IAAI;AAC9B,eAAa;AACX,QAAK,qBAAqB,OAAO;;;;;;;CAQrC,2BAA2B,UAA4D;AACrF,OAAK,kCAAkC,IAAI;AAC3C,eAAa;AACX,QAAK,kCAAkC,OAAO;;;;;;CAOlD,AAAQ,kBAAkB,OAA+B;AACvD,MAAI,KAAK,qBAAqB,SAAS,GAAG;AAGxC,WAAQ,MAAM;AACd;;EAGF,IAAI,QAAQ;AACZ,OAAK,qBAAqB,SAAS,aAAa;AAC9C;AACA,OAAI;AACF,aAAS;YACFC,OAAY;;;CAKzB,AAAQ,+BAA+B,QAAkC;AACvE,MAAI,KAAK,kCAAkC,SAAS,EAAG;AACvD,OAAK,kCAAkC,SAAS,aAAa;AAC3D,OAAI;AACF,aAAS;WACH;;;;;;;;;CAUZ,MAAM,oBAAmC;AACvC,MAAI;AACF,SAAM,KAAK;WACJ,OAAO;AACd,WAAQ,KAAK,0DAA0D;;;;;;CAQ3E,AAAQ,8BAAoC;AAE1C,OAAK,2BAA2B,iBAAiB,SAAS,UAAU,UAAU;AAC5E,QAAK,qBAAqB;;;;;;;CAQ9B,MAAc,qBAAqB,OAAsC;AACvE,MAAI;AACF,WAAQ,MAAM,MAAd;IACE,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;IAEF,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,qBAC3B,OAAM,KAAK;AAEb;IAEF,KAAK;AAEH,SAAI,MAAM,cAAc,KAAK,sBAAsB;AACjD,WAAK,uBAAuB;AAC5B,WAAK,qBAAqB;;AAE5B;;WAEG,OAAO;AACd,WAAQ,KAAK,sDAAsD;;;;;;CAOvE,AAAQ;;;;CAKR,UAAgB;AACd,MAAI,KAAK,0BAA0B;AACjC,QAAK;AACL,QAAK,2BAA2B;;AAGlC,OAAK,qBAAqB;AAC1B,OAAK,kCAAkC;;CAGzC,0BAAqC;AACnC,MAAI,CAAC,KAAK,sBAAsB;AAC9B,WAAQ,MAAM;AAGd,UAAO;;AAET,SAAO,KAAK;;CAGd,wBAA4C;AAC1C,SAAO,KAAK;;;;;;CAOd,kCAAkC,MAGzB;EACP,MAAM,EAAE,eAAe,uBAAuB,QAAS;EACvD,MAAM,YAAY,KAAK,mBAAmB;EAC1C,MAAMC,OAA2B;GAC/B,GAAG;GACH,GAAI,sBAAsB;;AAG5B,MAAI,cACF,MAAK,uBAAuB;AAI9B,OAAK,2BAA2B;AAEhC,OAAK,qBAAqB;AAC1B,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;CAInD,eAAe,eAAgC;AAC7C,OAAK,uBAAuB;AAG5B,MAAI,CAAC,iBAAiB,SAAS,aAC7B,CAAK,KAAK,oBAAoB,eAAe,YAAY;AAK3D,MAAI,CAAC,iBAAiB,SAAS,gBAAgB,CAAC,KAAK,4BAA4B,CAAC,KAAK,qBAAqB;GAC1G,IAAIC,WAAoC;GACxC,MAAM,SAAU,YAAoB,UAAU,iBAAiB,WAAW,WAAW;AACrF,OAAI,OAAO,WAAW,UAAW,YAAW,SAAS,SAAS;AAC9D,OAAI,CAAC,SACH,KAAI;IACF,MAAM,SAAU,YAAoB,cAAc,UAAU;AAC5D,QAAI,WAAW,UAAU,WAAW,QAAS,YAAW;WAClD;AAIV,OAAI,YAAY,aAAa,KAAK,mBAAmB,MAEnD,CAAK,KAAK,aAAa;AAEzB,QAAK,2BAA2B;;;;;;CAOpC,MAAc,oBAAoB,eAAyC;AACzE,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,CAAC,QAAQ,KAAK,kBAAkB,cAAe;AACnD,MAAI,MAAM,aAAa,oBAAoB;GACzC,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,qBAAqB;IACxB,GAAG,KAAK;IACR,GAAG,KAAK,YAAY;;AAEtB,QAAK,+BAA+B,KAAK;AACzC,OAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;;;;;;CAQrD,MAAM,qBAAoC;AACxC,QAAM,KAAK,oBAAoB,KAAK;;;;;CAMtC,mBAAmB,UAAgD;AACjE,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAEF,OAAK,+BAA+B,KAAK;AACzC,OAAK;;;;;CAMP,sBAAsB,QAAkC;EACtD,MAAM,YAAY,KAAK,mBAAmB;AAC1C,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR,GAAG;;AAEL,OAAK,+BAA+B,KAAK;AACzC,MAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;AAEjD,OAAK;;;;;CAMP,MAAM,mBAAkC;AACtC,MAAI,iBAAiB,SAAS,aAAc;EAC5C,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,MAAI,MAAM;GACR,MAAM,YAAY,KAAK,mBAAmB;AAC1C,QAAK,uBAAuB,KAAK;AAEjC,OAAI,KAAK,aAAa,oBAAoB;AACxC,SAAK,qBAAqB;KACxB,GAAG,KAAK;KACR,GAAG,KAAK,YAAY;;AAEtB,SAAK,+BAA+B,KAAK;AACzC,QAAI,KAAK,mBAAmB,UAAU,UACpC,MAAK,kBAAkB,KAAK,mBAAmB;SAGjD,SAAQ,MAAM;QAGhB,SAAQ,MAAM;;;;;CAOlB,MAAM,mBAAkC;AACtC,MAAI;GACF,IAAIC,YAAmC,KAAK,wBAAwB;AACpE,OAAI,CAAC,WAAW;IACd,MAAM,OAAO,MAAM,iBAAiB,SAAS,cAAc,YAAY;AACvE,gBAAa,MAAc;;AAG7B,OAAI,CAAC,WAAW;AACd,YAAQ,KAAK;AACb;;AAIF,SAAM,iBAAiB,SAAS,kBAAkB,WAAW,EAC3D,oBAAoB,KAAK;WAEpB,OAAO;AACd,WAAQ,KAAK,oDAAoD;;;;;;CAOrE,MAAM,+BAAiE;EACrE,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI,QAAO;AAChB,MAAI;AACF,UAAO,MAAM,iBAAiB,SAAS,SAAS;WACzC,OAAO;AACd,WAAQ,MAAM,oDAAoD;AAClE,UAAO;;;CAIX,eAAiC;AAC/B,SAAO,KAAK,mBAAmB;;;;;CAMjC,MAAM,aAAa,OAAwC;EACzD,MAAM,KAAK,KAAK;AAChB,MAAI,CAAC,GAAI;AAET,OAAK,qBAAqB;GACxB,GAAG,KAAK;GACR;;AAGF,OAAK,+BAA+B,KAAK;AACzC,OAAK,kBAAkB;AACvB,MAAI;AACF,SAAM,iBAAiB,SAAS,SAAS,IAAI;WACtC,OAAO;AACd,WAAQ,KAAK,wDAAwD;;;;AAM3E,MAAM,0BAA0B,IAAI;AACpC,8BAAe;;;;;;;;;;;;ACxXf,IAAa,eAAb,MAAa,aAAa;CACxB,OAAe,WAAgC;CAE/C,AAAO,kBAAiC;CACxC,AAAO,wBAAuC;CAC9C,AAAO,gBAAkC;CACzC,AAAO,mBAAkC;CACzC,AAAO,qBAAgD;CACvD,AAAQ,gBAAoD;CAE5D,AAAQ,aAAqB;CAC7B,AAAQ,eAAqD;CAC7D,AAAQ,gBAAsD;CAG9D,AAAQ,iCAA8B,IAAI;CAC1C,AAAQ,oBAAmC;CAI3C,AAAiB,4BAA4B,IAAI;CACjD,AAAiB,4BAA4B,KAAK;CAClD,AAAiB,uBAAuB;CAGxC,AAAQ,cAAc;;;;CAKtB,OAAc,cAA4B;AACxC,MAAI,CAAC,aAAa,SAChB,cAAa,WAAW,IAAI;AAE9B,SAAO,aAAa;;;;;;;CAQtB,MAAa,oBAAoB,YAAuC;AACtE,MAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,iBAAkB;AAEnD,OAAK;AACL,OAAK,gBAAgB,WAAW,YAAY;AAC1C,QAAK,gBAAgB;AACrB,OAAI,KAAK,cAAe;GAExB,MAAM,MAAM,KAAK;GACjB,MAAM,eAAe,CAAC,KAAK,yBAA0B,MAAM,KAAK,yBAA0B,KAAK;GAC/F,MAAM,iBAAiB,CAAC,KAAK;AAC7B,OAAI,CAAC,gBAAgB,CAAC,eAAgB;AAEtC,OAAI;AACF,UAAM,KAAK,eAAe;YACnB,GAAG;AAEV,YAAQ,MAAM,sDAAsD;;KAErE,KAAK;;;;;CAMV,AAAO,eAAe,eAA0B,kBAAgC;AAC9E,OAAK,gBAAgB;AACrB,OAAK,mBAAmB;AACxB,OAAK;;;;;CAMP,AAAO,QAAc;AACnB,OAAK,kBAAkB;AACvB,OAAK,wBAAwB;AAC7B,OAAK,gBAAgB;AACrB,OAAK,mBAAmB;AACxB,OAAK,qBAAqB;AAC1B,OAAK;AACL,OAAK;AACL,OAAK,gBAAgB;AACrB,OAAK,eAAe;AACpB,OAAK,oBAAoB;;;;;;CAO3B,MAAa,2BAA2B,YAAwB,MAAyD;AAGvH,MAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,iBAC/B,OAAM,IAAI,MAAM;EAGlB,MAAM,QAAQ,MAAM,UAAU;AAC9B,SAAO,MAAM,KAAK,eAAe,YAAY;;;;;CAM/C,AAAQ,+BAA+B,YAA8B;AACnE,MAAI,CAAC,KAAK,mBAAmB,CAAC,KAAK,sBAAuB;AAC1D,MAAI,KAAK,cAAe;EAExB,MAAM,MAAM,KAAK;EACjB,MAAM,WAAW,MAAM,KAAK;EAC5B,MAAM,WAAW,MAAM,KAAK;EAE5B,MAAM,eAAe,KAAK,4BAA4B;EACtD,MAAM,eAAe,KAAK,4BAA4B;AAGtD,MAAI,YAAY,gBAAgB,YAAY,cAAc;AACxD,QAAK;AAEL,GAAK,KAAK,eAAe,YACtB,OAAO,UAAU,QAAQ,KAAK,8CAA8C;AAC/E;;EAIF,MAAM,mBAAmB,KAAK,IAAI,GAAG,eAAe;EACpD,MAAM,mBAAmB,KAAK,IAAI,GAAG,eAAe;EACpD,MAAM,QAAQ,KAAK,IAAI,kBAAkB;AAGzC,OAAK;AACL,OAAK,eAAe,iBAAiB;AACnC,QAAK,eAAe;AACpB,OAAI,KAAK,cAAe;AACxB,GAAK,KAAK,eAAe,YACtB,OAAO,UAAU,QAAQ,KAAK,8CAA8C;KAC9E;;;;;CAML,MAAc,eAAe,YAAwB,QAAiB,OAAoC;AAGxG,MAAI,KAAK,iBAAiB,CAAC,MACzB,QAAO,KAAK;EAGd,MAAM,oBAAoB,KAAK;EAC/B,MAAM,oBAAoB,KAAK;EAE/B,MAAM,YAAa,EAAE,KAAK;EAC1B,MAAM,gBAAgB,YAAY;AAChC,OAAI;IAEF,MAAM,MAAM,KAAK;IACjB,MAAM,eAAe,SAAS,CAAC,KAAK,mBAAoB,MAAM,KAAK,mBAAoB,KAAK;IAC5F,MAAM,eAAe,SAAS,CAAC,KAAK,yBAA0B,MAAM,KAAK,yBAA0B,KAAK;IAExG,IAAI,gBAAgB,KAAK,oBAAoB;IAC7C,IAAI,gBAAgB,KAAK,oBAAoB;IAC7C,IAAI,cAAc,KAAK,oBAAoB;IAE3C,MAAM,iBAAiB,gBAAgB,CAAC;IACxC,MAAM,aAAa,gBAAgB,CAAC,iBAAiB,CAAC;IAGtD,IAAIC,iBAA0B,iBAAiB;IAC/C,IAAIC,aAAsB;IAG1B,IAAIC,iBAA0B;IAC9B,IAAIC,aAAsB;IAC1B,MAAMC,QAAyB;AAE/B,QAAI,eACF,OAAM,MAAM,YAAY;AACtB,SAAI;AACF,uBAAiB,MAAM,WAAW,cAAc,mBAAoB;cAC7DC,OAAgB;MACvB,MAAM,MAAM,aAAa;MACzB,MAAM,YAAY,IAAI,SAAS,mCAC1B,IAAI,SAAS,2BACb,IAAI,SAAS,yBACb,IAAI,SAAS;AAClB,UAAI,WAAW;AAEb,eAAQ,MAAM;AACd,wBAAiB;YAEjB,kBAAiB;;;AAMzB,QAAI,WACF,OAAM,MAAM,YAAY;AACtB,SAAI;AACF,mBAAa,MAAM,WAAW,UAAU,EAAE,UAAU;cAC7CC,KAAc;AAErB,mBAAa;;;AAKnB,QAAI,MAAM,SAAS,EACjB,OAAM,QAAQ,IAAI;AAGpB,QAAI,eACF,OAAM;AAER,QAAI,WACF,OAAM;AAIR,QAAI,eACF,KAAI,gBAAgB,gBAClB,iBAAgB;QAGhB,iBAAgB,KAAK,oBAAoB,iBAAiB;AAI9D,QAAI,YAAY;AACd,SAAI,CAAC,cAAc,YACjB,OAAM,IAAI,MAAM;AAElB,qBAAgB,OAAO,WAAW,OAAO;AACzC,mBAAc,WAAW,OAAO;;IAIlC,IAAI,gBAAgB,KAAK,UACvB,eAAe,UAAU,SAAa,OAAO,cAAc,SAAS,KAAM,IAC1E,KAAK,oBAAoB,YAAY,OAAO,KAAK,mBAAmB,aAAa,IACjF,KAAK,oBAAoB,OAAO,KAAK,qBAAqB,KAAK;AAEjE,QAAI,iBAAiB,GAAI,iBAAgB;IACzC,MAAM,YAAY,cAAc;IAEhC,MAAMC,qBAAyC;KAC7C,kBAAkB;KACH;KACf;KACe;KACF;;AAKf,QACE,sBAAsB,KAAK,iBAC3B,sBAAsB,KAAK,oBAC3B,cAAc,KAAK,YACnB;AACA,UAAK,qBAAqB;KAC1B,MAAMC,QAAM,KAAK;AACjB,SAAI,eAAgB,MAAK,kBAAkBA;AAC3C,SAAI,WAAY,MAAK,wBAAwBA;;AAY/C,WAAO;YACA,OAAO;AACd,YAAQ,MAAM,8DAA8D;AAC5E,UAAM;aACE;AAER,QAAI,cAAc,KAAK,WACrB,MAAK,gBAAgB;;;AAK3B,OAAK,gBAAgB;AACrB,SAAO;;;;;;CAOT,AAAO,wBAA4C;AACjD,MAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;EAIlB,MAAM,MAAM,KAAK;EACjB,MAAM,SAAS,KAAK;AAEpB,MAAI,KAAK,mBAAoB,MAAM,KAAK,kBAAmB,OACzD,SAAQ,KAAK;AAGf,SAAO,KAAK;;;;;CAMd,AAAO,8BAA8B,WAAmB,KAAgB;AACtE,MAAI,CAAC,KAAK,sBAAsB,CAAC,KAAK,gBACpC,QAAO;EAGT,MAAM,MAAM,KAAK;AACjB,SAAQ,MAAM,KAAK,mBAAoB;;;;;CAMzC,AAAO,0BAAgC;AACrC,OAAK,qBAAqB;AAC1B,OAAK,kBAAkB;AACvB,OAAK,wBAAwB;AAC7B,OAAK;AACL,OAAK;AACL,OAAK,gBAAgB;AACrB,OAAK,eAAe;AACpB,OAAK,oBAAoB;;;;;;;CAQ3B,MAAa,WAAW,YAAwB,MAAqE;AACnH,MAAI,MAAM,kBACR,KAAI;AAAE,QAAK;UAA4B;AAEzC,SAAO,MAAM,KAAK,eAAe,YAAY;;;;;;;;CAS/C,AAAO,cAAc,QAAgB,GAAa;AAChD,MAAI,CAAC,KAAK,mBACR,OAAM,IAAI,MAAM;AAGlB,MAAI,SAAS,EAAG,QAAO;EAEvB,MAAM,QAAQ,KAAK,oBACf,OAAO,KAAK,qBAAqB,KACjC,OAAO,KAAK,mBAAmB;EAGnC,MAAMC,UAAoB;AAC1B,OAAK,IAAI,IAAI,GAAG,IAAI,OAAO,KAAK;GAC9B,MAAM,aAAa,QAAQ,OAAO,IAAI;AACtC,OAAI,KAAK,eAAe,IAAI,WAC1B,OAAM,IAAI,MAAM,SAAS,UAAU;AAErC,WAAQ,KAAK;;EAIf,MAAM,SAAS,IAAI,IAAI,KAAK;AAC5B,OAAK,MAAM,KAAK,QAAS,QAAO,IAAI;AACpC,OAAK,iBAAiB;AACtB,OAAK,oBAAoB,QAAQ,QAAQ,SAAS;AAElD,UAAQ,MAAM,4BAA4B,MAAM,WAAW;AAC3D,SAAO;;;;;;CAOT,AAAO,aAAa,OAAqB;AACvC,MAAI,KAAK,eAAe,IAAI,QAAQ;AAClC,QAAK,eAAe,OAAO;AAC3B,WAAQ,MAAM,kCAAkC;;;;;;CAOpD,AAAO,mBAAyB;EAC9B,MAAM,QAAQ,KAAK,eAAe;AAClC,OAAK,eAAe;AACpB,OAAK,oBAAoB;AACzB,UAAQ,MAAM,gCAAgC,MAAM;;;;;;;;CAStD,MAAa,0BAA0B,YAAwB,aAAoC;AACjG,MAAI,CAAC,KAAK,iBAAiB,CAAC,KAAK,iBAC/B,OAAM,IAAI,MAAM;AAGlB,MAAI;GAEF,MAAM,gBAAgB,MAAM,WAAW,cAAc,KAAK,eAAe,KAAK;AAE9E,OAAI,CAAC,iBAAiB,cAAc,UAAU,OAC5C,OAAM,IAAI,MAAM,+CAA+C,KAAK;GAGtE,MAAM,mBAAmB,OAAO,cAAc;GAC9C,MAAM,oBAAoB,OAAO;AAKjC,OAAI,mBAAmB,oBAAoB,OAAO,GAChD,SAAQ,KACN,gCAAgC,iBAAiB,qBAAqB,oBAAoB,OAAO,GAAG;GAOxG,MAAM,gBAAgB,KAAK,UACzB,mBAAmB,IACnB,oBAAoB,IACpB,KAAK,oBAAoB,YAAY,OAAO,KAAK,mBAAmB,aAAa,IACjF,KAAK,oBAAoB,OAAO,KAAK,qBAAqB,KAAK;AAIjE,OAAI,KAAK,oBAAoB;AAC3B,SAAK,mBAAmB,gBAAgB;AACxC,SAAK,mBAAmB,YAAY,cAAc;SAGlD,MAAK,qBAAqB;IACxB,kBAAkB,KAAK;IACR;IACf,WAAW,cAAc;IAEzB,eAAe;IACf,aAAa;;AAGjB,QAAK,kBAAkB,KAAK;AAG5B,QAAK,aAAa;AAGlB,OAAI,KAAK,eAAe,OAAO,GAAG;IAChC,MAAM,EAAE,KAAK,WAAW,iBAAiB,KAAK,cAAc,kBAAkB,KAAK;AACnF,SAAK,iBAAiB;AACtB,SAAK,oBAAoB;;AAG3B,WAAQ,MACN,4CAA4C,iBAAiB,UAAU,kBAAkB,QAAQ,KAAK,mBAAoB;WAGnHC,OAAgB;GACvB,MAAM,MAAM,aAAa;AAEzB,OAAI,IAAI,SAAS,mCAAmC,IAAI,SAAS,wBAC/D,KAAI;IACF,MAAM,oBAAoB,OAAO;IACjC,MAAM,gBAAgB,KAAK,UACzB,oBAAoB,IACpB,KAAK,oBAAoB,YAAY,OAAO,KAAK,mBAAmB,aAAa,IACjF,KAAK,oBAAoB,OAAO,KAAK,qBAAqB,KAAK;AAEjE,QAAI,KAAK,mBACP,MAAK,mBAAmB,YAAY,cAAc;QAEpD,MAAK,qBAAqB;KACxB,kBAAkB,KAAK;KACvB,eAAe;KACf,WAAW,cAAc;KACzB,eAAe;KACf,aAAa;;AAGjB,SAAK,kBAAkB,KAAK;AAC5B,YAAQ,MAAM,4EAA4E,KAAK,oBAAoB;AACnH;WACM;AAEV,WAAQ,KAAK,2DAA2D;;;;;;;;CAU5E,AAAO,eAAuB;EAC5B,MAAM,SAAS,KAAK,cAAc;AAClC,SAAO,OAAO;;CAGhB,AAAQ,oBAA0B;AAChC,MAAI,KAAK,cAAc;AACrB,gBAAa,KAAK;AAClB,QAAK,eAAe;;;CAGxB,AAAQ,qBAA2B;AACjC,MAAI,KAAK,eAAe;AACtB,gBAAa,KAAK;AAClB,QAAK,gBAAgB;;;CAKzB,AAAQ,UAAU,GAAG,QAA0B;AAC7C,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,SAAO,OAAO,QAAQ,GAAG,MAAO,IAAI,IAAI,IAAI;;CAI9C,AAAQ,cAAc,kBAA0B,UAA0E;EACxH,MAAM,yBAAS,IAAI;EACnB,IAAIC,UAAyB;AAC7B,OAAK,MAAM,KAAK,SACd,KAAI;GACF,MAAM,KAAK,OAAO;AAClB,OAAI,KAAK,kBAAkB;AACzB,WAAO,IAAI;AACX,QAAI,YAAY,QAAQ,KAAK,QAAS,WAAU;;UAE5C;AAIV,SAAO;GACL,KAAK;GACL,cAAc,UAAU,QAAQ,aAAa;;;;AAOnD,SAAS,gBAAgB,GAAgC;AACvD,KAAI,CAAC,SAAS,GAAI,QAAO;AAEzB,QAAO,SAAU,EAA0B;;AAG7C,SAAS,cAAc,GAA8B;AACnD,KAAI,CAAC,SAAS,GAAI,QAAO;CACzB,MAAM,IAAK,EAA2B;AACtC,KAAI,CAAC,SAAS,GAAI,QAAO;CACzB,MAAM,SAAU,EAA2B;CAC3C,MAAM,OAAQ,EAAyB;AACvC,QAAO,SAAS,WAAW,SAAS;;AAGtC,SAAS,2BAA0C;AACjD,QAAO;EACL,OAAO,OAAO;EACd,YAAY;EACZ,YAAY;EACZ,cAAc;;;AAKlB,MAAM,uBAAuB,aAAa;AAC1C,2BAAe;;;;ACjmBf,IAAI,wBAAwB;AAM5B,SAAgB,2BAAoC;AAClD,QAAO;;;;;;;;;;;;;;AC0CT,IAAa,kBAAb,MAA6B;CAC3B,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAiB;CACjB,AAAQ,mBAA2B;CAEnC,AAAQ,0CAA+C,IAAI;CAE3D,AAAS;CAET,YAAY,sBAAqC,YAAwB;AACvE,OAAK,uBAAuB;AAC5B,OAAK,aAAa;AAElB,OAAK,gBAAgB,IAAI,cACvB,qBAAqB,cAAc,cACnC;AAEF,OAAK,yBAAyBC;AAE9B,MAAI;AACF,QAAK,uBAAuB,uBAAuB,qBAAqB;UAClE;AACR,OAAK,eAAeC;EACpB,MAAM,EAAE,qBAAqB;AAE7B,OAAK,mBAAmB,IAAI,iBAC1B;GACE,aAAa,kBAAkB,aAAa;GAC5C,gBAAgB,kBAAkB,aAAa;GAC/C,sBAAsB,kBAAkB,aAAa;GACrD,uBAAuB,kBAAkB,aAAa;KAExD;GACE,eAAe,KAAK;GACpB,YAAY,KAAK;GACjB,WAAW;GACX,wBAAwB,KAAK;GAC7B,cAAc,KAAK;GACnB,cAAc,KAAK,cAAc;GACjC,iBAAiB,qBAAqB;;AAG1C,OAAK,sBAAsB,IAAI,oBAC7B,KAAK,kBACL,YACA,KAAK,wBACL,KAAK,cACL,qBAAqB,cAAc,cACnC,MACA,qBAAqB;AAKvB,OAAK,mBAAmB,8BAA8B,OAAO,WAAW,cAAc,OAAO,SAAS,SAAS;AAC/G,OAAK,oBAAoB,oBAAoB,KAAK;AAClD,OAAK,iBAAiB,sBAAsB,KAAK;AAGjD,MAAI,OAAO,WAAW,YACpB,uBAAsB,QAAQ;GAC5B,MAAM,SAAS,IAAI,IAAI,KAAK,OAAO,SAAS,QAAQ;AACpD,OAAI,UAAU,WAAW,KAAK,kBAAkB;AAC9C,SAAK,mBAAmB;AACxB,SAAK,oBAAoB,oBAAoB;AAC7C,SAAK,iBAAiB,sBAAsB;;;EAOlD,MAAM,gCACJ,CAAC,CAAC,qBAAqB,cAAc,gBAAgB,CAAC;AACxD,MAAI,CAAC,8BACH,CAAK,KAAK,uBAAuB,oBAAoB,YAAY;;;;;;CAQrE,uBAA6B;AAC3B,MAAI,OAAO,WAAW,eAAe,OAAQ,OAAe,WAAW,YAAa;AAEpF,MAAI,KAAK,oBAAoB,KAAK,qBAAqB,OAAO,SAAS,OAAQ;AAC/E,OAAK,oBAAoB,oBAAoB,YAAY;;;;;;;;;CAU3D,MAAM,sBAAsB,eAAuC;AAEjE,MAAI,cACF,OAAM,KAAK,sBAAsB,YAAY,gBAAgB,KAAK,YAAY,YAAY;AAG5F,QAAM,KAAK,aAAa,oBAAoB,KAAK,YAAY,YAAY;AAEzE,MAAI,cACF,OAAM,iBAAiB,gBAAgB,YAAY,gBAAgB,YAAY;AAGjF,OAAK;;;;;;CAOP,UAAkB;AAChB,SAAO,KAAK,cAAc;;;CAI5B,kBAAgC;AAC9B,SAAO,KAAK;;;;;;;;;;;CAYd,AAAQ,kBAAkB,QAAwB;AAChD,SAAQ,OAAO,WAAW,eAAe,OAAO,OAAO,eAAe,aAClE,OAAO,eACP,GAAG,OAAO,GAAG,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;;CAGlE,AAAQ,iBAAiB,OAAoC;AAC3D,MAAI,OAAO,UAAU,YAAY,CAAC,OAAO,SAAS,UAAU,QAAQ,EAAG,QAAO;AAC9E,SAAO,KAAK,MAAM;;CAGpB,AAAQ,4BAA4B,MAMlC;EACA,MAAM,QAAQ,KAAK,iBAAiB,KAAK,UAClC,KAAK,qBAAqB,uBAAuB;EACxD,MAAM,gBAAgB,KAAK,iBAAiB,KAAK,kBAC1C,KAAK,qBAAqB,uBAAuB;AACxD,SAAO;GAAE;GAAO;;;CAGlB,AAAQ,kCAAkC,eAAkC;EAC1E,MAAM,MAAM,OAAO,YAAY;EAC/B,MAAM,WAAW,KAAK,wBAAwB,IAAI;AAClD,MAAI,SAAU,QAAO;EACrB,MAAM,YAAY,KAAK,kBAAkB;AACzC,OAAK,wBAAwB,IAAI,KAAK;AACtC,SAAO;;CAGT,MAAc,mBAAsB,MAKrB;AACb,MAAI,OAAO,KAAK,YAAY,WAC1B,OAAM,IAAI,MAAM;EAElB,MAAM,aAAa,KAAK,aAAa,IAAI,WAAW,KAAK,SAAS,KAAK,kBAAkB,KAAK,UAAU;AACxG,MAAI,CAAC,UACH,OAAM,IAAI,MAAM;AAElB,SAAO,MAAM,KAAK,2BAA2B;GAAE;GAAW,SAAS,KAAK;GAAS,SAAS,KAAK;;;CAGjG,MAAc,2BAA8B,MAI7B;EACb,MAAM,aAAa,MAAM,KAAK,iBAAiB,4BAA4B,KAAK;AAChF,QAAM,KAAK,oBAAoB,2BAA2B,KAAK,WAAW,EAAE;AAC5E,MAAI;AAIF,OAAI,KAAK,QACP,OAAM,KAAK,iBAAiB,+BAA+B;IACzD,WAAW,KAAK;IAChB,YAAY,KAAK,QAAQ;;AAG7B,UAAO,MAAM,KAAK,QAAQ,KAAK;YACvB;AACR,QAAK,oBAAoB,sBAAsB,KAAK;;;;;;;;;;CAWxD,MAAM,0CAA0C,QAKO;AACrD,SAAO,KAAK,iBAAiB,0CAA0C;GACrE,eAAe,OAAO;GACtB,cAAc,OAAO;GACrB,eAAe,OAAO;GACtB,4BAA4B,OAAO;GACnC,YAAY,KAAK,qBAAqB;GACtC,YAAY,KAAK,qBAAqB;;;;;;;;;CAU1C,MAAc,mCAAmC,MAG/B;EAChB,MAAM,gBAAgB,YAAY,KAAK;EAIvC,MAAM,CAAC,MAAM,UAAU,MAAM,QAAQ,IAAI,CACvC,iBAAiB,SAAS,cAAc,YAAY,OACpD,iBAAiB,SAAS,qBAAqB,eAAe,YAAY;EAG5E,MAAM,eACH,QAAQ,KAAK,kBAAkB,iBAAiB,OAAO,KAAK,iBAAiB,WAC1E,KAAK,eACJ,UAAU,OAAO,OAAO,iBAAiB,WACxC,OAAO,eACP;AAER,MAAI,iBAAiB,KACnB,OAAM,IAAI,MAAM,qCAAqC,cAAc;EAKrE,MAAM,gBAAgB,MAAM,iBAAiB,SAAS,gBAAgB,eAAe,cAAc,YAAY;EAC/G,MAAM,sBAAsB,eAAe;EAG3C,MAAM,mBAAmB,MAAM,iBAAiB,WAAW,gBAAgB,eAAe;AAC1F,MAAI,CAAC,kBAAkB;AACrB,WAAQ,MAAM,+DAA+D;IAC3E,eAAe,OAAO;IACtB;;AAEF,SAAM,IAAI,MAAM,uCAAuC;;EAGzD,MAAM,cAAc,iBAAiB,eAAe;AACpD,MAAI,CAAC,aAAa;AAChB,WAAQ,MAAM,qEAAqE;IACjF,eAAe,OAAO;IACtB;;AAEF,SAAM,IAAI,MAAM;;AAGlB,MAAI;AACF,SAAM,KAAK,iBAAiB,sBAAsB;IAChD,WAAW,KAAK;IAChB;IACA;IACA;;WAEK,OAAO;AACd,WAAQ,MAAM,+CAA+C;IAC3D,eAAe,OAAO;IACtB,WAAW,KAAK;IAChB;;AAEF,SAAM;;;CAIV,uCAAuC,EACrC,eACA,WACA,oBAK4C;AAC5C,SAAO,KAAK,cAAc,uCAAuC;GAC/D;GACA;GACA;;;;;;;;CAaJ,MAAM,+BACJ,WACA,cACuB;AACvB,SAAO,KAAK,iBAAiB,+BAA+B,cAAc;;;;;;;CAQ5E,MAAM,yBAAyB,cAAmD;AAChF,SAAO,KAAK,iBAAiB,yBAAyB;;;;;;;;;;;CAYxD,MAAM,4BAA4B,MAO/B;AACD,SAAO,KAAK,iBAAiB,4BAA4B;GACvD,cAAc,KAAK;GACnB,cAAc,KAAK;GACnB,WAAW,KAAK;;;;;;CAOpB,MAAM,0CAA0C,EAC9C,YACA,eACA,WAeA;AACA,SAAO,KAAK,mBAAmB;GAC7B,QAAQ;GACR,SAAS,EAAE;GACX,UAAU,cACR,KAAK,oBAAoB,0CAA0C;IACjE;IACA,eAAe,YAAY;IAC3B;IACA;;;;;;;;;;;;;;;;;;;;;;;CAyBR,MAAM,qCAAqC,MAWxC;EACD,MAAM,EAAE,eAAe,YAAY,cAAc,cAAc,8BAA8B;EAC7F,MAAM,aAAa,KAAK,qBAAqB;AAE7C,MAAI;GAEF,MAAM,YAAY,gBAAgB,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM,GAAG;GAGpF,MAAM,mBAAmB,MAAM,iBAAiB,WAAW,gBACzD,eACA;AAEF,OAAI,CAAC,iBACH,OAAM,IAAI,MAAM,sCAAsC,cAAc,UAAU;GAGhF,MAAM,cAAc,iBAAiB;AACrC,OAAI,CAAC,YACH,OAAM,IAAI,MAAM,mCAAmC,cAAc,UAAU;GAI7E,MAAM,aAAa,MAAM,KAAK,iBAAiB,4BAA4B;AAC3E,SAAM,KAAK,oBAAoB,2BAA2B,WAAW,EAAE;AAKvE,SAAM,KAAK,iBAAiB,+BAA+B;IACzD;IACA;IACA;;GAIF,MAAM,qBAAqB,MAAM,KAAK,aAAa,2BAA2B,KAAK;GAInF,IAAI,eAAe;GAEnB,MAAM,oBAAoB,gBAAgB,aAAa;GAIvD,MAAM,eAAe,MAAM,KAAK,oBAAoB,8BAA8B;IAChF;IACA;IACA;IACA;IACA;IACA;IACA;IACA;IACA,2BAA2B;;AAG7B,UAAO;IACL,SAAS;IACT,WAAW,aAAa;IACxB,mBAAmB,aAAa;;WAG3BC,OAAY;AACnB,WAAQ,MAAM,0EAA0E;AACxF,UAAO;IACL,SAAS;IACT,OAAO,MAAM,WAAW,OAAO;;;;;;;;;;;;;;;CAgBrC,MAAM,iBAAiB,EACrB,YACA,eACA,cACA,eAAe,QAYd;AACD,MAAI;GACF,MAAM,YAAY,MAAM,KAAK,iBAAiB,wBAAwB;IACpE;IACA;IACA;IACA;;GAGF,MAAMC,SAMF;IACF,SAAS;IACT,cAAc,UAAU;IACxB,qBAAqB,UAAU;IAC/B,cAAc,UAAU;IACxB,2BAA2B,UAAU;;AAGvC,UAAO;WAEAD,OAAY;AACnB,WAAQ,MAAM,kDAAkD;AAChE,SAAM,IAAI,MAAM,iCAAiC,MAAM;;;;;;;CAQ3D,MAAM,iBAAiB,EACrB,eACA,qBACA,cAKgD;AAChD,MAAI;GACF,MAAM,eAAe,MAAM,KAAK,iBAAiB,iBAAiB;IAChE;IACA;IACA;;AAGF,OAAI,CAAC,aAAa,SAAS;AACzB,YAAQ,MAAM;AACd,WAAO;KAAE,SAAS;KAAO,OAAO;;;AAIlC,QAAK,oBAAoB,oBAAoB,YAAY;AAEzD,UAAO,EAAE,SAAS;WAEXA,OAAY;AACnB,WAAQ,MAAM,+CAA+C,MAAM;AACnE,UAAO;IAAE,SAAS;IAAO,OAAO,MAAM;;;;;;;;;;CAU1C,MAAM,6BAA6B,EACjC,eACA,YACA,mBACA,eAMgD;EAChD,MAAM,SAAS,MAAM,KAAK,iBAAiB,6BAA6B;GACtE;GACA;GACA;GACA;;AAGF,SAAO;GACL,SAAS,OAAO;GAChB,OAAO,OAAO;;;;;;;CAQlB,MAAM,sCAA0E;EAC9E,MAAM,MAAM,MAAM,KAAK,iBAAiB;AACxC,SAAO;GACL,mBAAmB,IAAI;GACvB,YAAY,IAAI;GAChB,aAAa,IAAI;;;;;;CAOrB,MAAM,gCACJ,eACA,iBACe;AACf,QAAM,iBAAiB,SAAS,WAAW,eAAe,EACxD,2BAA2B;GACzB,mBAAmB,gBAAgB;GACnC,YAAY,gBAAgB;GAC5B,aAAa,gBAAgB;GAC7B,WAAW,KAAK;;;CAKtB,MAAM,kBAAiC;AAErC,MAAI,OAAO,WAAW,eAAe,KAAK,qBAAqB,OAAO,SAAS,OAC7E;AAEF,SAAO,MAAM,KAAK,iBAAiB;;;;;CAMrC,MAAM,iBAIH;AACD,SAAO,KAAK,iBAAiB;;;;;;;;;;;;CAa/B,MAAM,iCAAiC,MAapC;EACD,MAAM,gBAAgB,YAAY,KAAK;EACvC,MAAM,YAAY,KAAK,kCAAkC;EAGzD,MAAM,YAAY,MAAM,KAAK,iBAAiB;AAC9C,MAAI,CAAC,UAAU,OACb,OAAM,IAAI,MAAM;AAElB,MAAI,CAAC,UAAU,iBAAiB,OAAO,UAAU,mBAAmB,OAAO,eACzE,OAAM,IAAI,MAAM;EAIlB,MAAM,eAAe,MAAM,4BAA4B,eAAe,iBAAiB;EACvF,MAAM,mBAAmB,MAAM,iBAAiB,WAAW,gBAAgB,eAAe;AAC1F,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,sCAAsC,cAAc,UAAU;EAEhF,MAAM,cAAc,iBAAiB,eAAe;AACpD,MAAI,CAAC,YACH,OAAM,IAAI,MAAM;EAIlB,MAAM,EAAE,OAAO,kBAAkB,KAAK,4BAA4B;AAElE,QAAM,KAAK,iBAAiB,+BAA+B;GACzD;GACA;GACA,YAAY,KAAK;GACjB,YAAY,KAAK;GACjB;GACA;GACA,YAAY,KAAK;;AAGnB,SAAO,MAAM,KAAK,iBAAiB,mBAAmB,EAAE;;;;;;CAO1D,MAAM,4BAA4B,eAM/B;EACD,MAAM,YAAY,KAAK,kCAAkC;AACzD,SAAO,MAAM,KAAK,iBAAiB,mBAAmB,EAAE;;;;;CAM1D,MAAM,mBAII;AACR,MAAI;GACF,MAAM,WAAW,KAAK,sBAAsB,kBAAkB,aAAa;AAC3E,OAAI,CAAC,SAAU,QAAO;GACtB,MAAM,MAAM,MAAM,MAAM,GAAG,SAAS,mBAAmB,EAAE,QAAQ;AACjE,OAAI,CAAC,IAAI,GAAI,QAAO;GACpB,MAAM,OAAO,MAAM,IAAI;AACvB,UAAO;IACL,cAAc,MAAM,gBAAgB;IACpC,QAAQ,MAAM,UAAU;IACxB,aAAa,MAAM,QAAQ,MAAM,eAAe,KAAK,cAAc;;UAE/D;AACN,UAAO;;;;;;;CAQX,MAAM,4BAA4B,eAA4C;AAC5E,MAAI;GACF,MAAM,WAAW,KAAK,sBAAsB,kBAAkB,aAAa;AAC3E,OAAI,CAAC,SAAU,QAAO;GACtB,MAAM,WAAW,MAAM,KAAK;GAC5B,MAAM,SAAS,UAAU;AACzB,OAAI,CAAC,UAAU,CAAC,OAAO,cAAc,CAAC,OAAO,qBAAqB,CAAC,OAAO,YAAa,QAAO;GAE9F,MAAM,UAAU,MAAM,KAAK;GAC3B,MAAM,eAAe,SAAS;AAC9B,OAAI,CAAC,gBAAgB,iBAAiB,OAAO,YAAa,QAAO;GAEjE,MAAM,SAAS,MAAM,KAAK;GAC1B,MAAM,SAAS,OAAO,UAAU,OAAO,kBAAkB;AACzD,OAAI,CAAC,OAAQ,QAAO;GAEpB,MAAM,YAAY,MAAM,KAAK;AAC7B,SAAM,KAAK,gCAAgC,eAAe;AAC1D,UAAO;UACD;AACN,UAAO;;;CAQX,MAAM,cAAc,UAA6C;AAC/D,QAAM,iBAAiB,SAAS,sBAAsB;GACpD,GAAG;GACH,cAAc,SAAS,gBAAgB;GACvC,SAAS,SAAS,WAAW;;;CAIjC,MAAM,cAAyC;AAC7C,SAAO,MAAM,iBAAiB,SAAS;;CAGzC,MAAM,gBAAgB,eAA0B,cAAsD;AACpG,SAAO,MAAM,iBAAiB,SAAS,gBAAgB,eAAe;;CAGxE,MAAM,cAA8C;AAClD,SAAO,MAAM,iBAAiB,SAAS;;CAGzC,MAAM,wBAAwB,eAA8D;AAC1F,SAAO,MAAM,iBAAiB,SAAS,wBAAwB;;CAGjE,MAAM,gBAAgB,eAAyC;AAC7D,SAAO,MAAM,iBAAiB,SAAS,gBAAgB;;;;;;;CAQzD,MAAM,YAAY,eAA0B,eAAuB,GAAkB;AACnF,SAAO,MAAM,iBAAiB,SAAS,YAAY,eAAe;;;;;;;;;;CAYpE,MAAM,sBACJ,eACA,YACe;EACf,MAAM,YAAY,YAAY;EAI9B,IAAIE,oBAAmC;EACvC,MAAM,WAAW,MAAM,iBAAiB,SAAS,cAAc,YAAY;AAC3E,MACE,YACA,YAAY,SAAS,mBAAmB,aACxC,OAAO,SAAS,SAAS,cAEzB,qBAAoB,SAAS;AAG/B,MAAI,sBAAsB,MAAM;GAC9B,MAAM,iBAAiB,MAAM,iBAAiB,SAC3C,gBAAgB,WAAW,GAC3B,YAAY;AACf,OAAI,kBAAkB,OAAO,SAAS,eAAe,cACnD,qBAAoB,eAAe;;AAIvC,MAAI,sBAAsB,KACxB,qBAAoB;AAGtB,QAAM,KAAK,YAAY,WAAW;AAGlC,OAAK,uBAAuB,eAAe;AAE3C,QAAM,KAAK,uBAAuB,qBAAqB,YAAY;EAGnE,MAAM,WAAW,MAAM,iBAAiB,SACrC,gBAAgB,WAAW,mBAC3B,YAAY;AACf,MAAI,YAAY,SAAS,oBACvB,MAAK,aAAa,eAAe,WAAW,SAAS;AAIvD,MAAI,WACF,OAAM,KAAK,aACR,oBAAoB,YACpB,OAAO,gBAAgB,QAAQ,MAAM,gFAAgF;;CAI5H,MAAM,aAAa,eAA4D;AAC7E,SAAO,MAAM,iBAAiB,SAAS,aAAa;;CAGtD,MAAM,mBAAmB,mBAUP;EAChB,MAAM,eAAe,OAAO,kBAAkB;EAC9C,MAAM,yBAAyB,OAAO,cAAc,iBAAiB,gBAAgB,IAAI,eAAe;EACxG,MAAM,WAAW;GACf,GAAG;GACH,eAAe,YAAY,kBAAkB;GAC7C,cAAc;;AAEhB,SAAO,MAAM,iBAAiB,SAAS,mBAAmB;;CAG5D,gBAAgB,eAAkC;AAChD,SAAO,iBAAiB,SAAS,gBAAgB;;CAGnD,MAAM,gBAAmB,UAA+C;AACtE,SAAO,MAAM,iBAAiB,SAAS,gBAAgB;;CAGzD,MAAM,yBAAyB,eAAyC;AACtE,SAAO,MAAM,iBAAiB,SAAS,yBAAyB;;CAGlE,MAAM,qBAAqB,eAA4C;AACrE,SAAO,MAAM,iBAAiB,SAAS,qBAAqB;;;;;CAM9D,MAAM,4BAA4B,EAChC,eACA,YACA,WACA,qBACA,cACA,6BAQgB;AAChB,QAAM,KAAK,gBAAgB,OAAO,OAAO;GAEvC,MAAMC,eAAuB,WAAW;GACxC,MAAMC,kBAA0B,WAAW,SAAS;GACpD,MAAMC,aAAuB,WAAW,UAAU;AAElD,SAAM,KAAK,mBAAmB;IACb;IACD;IACd,qBAAqB,MAAM,KAAK,qBAAqB;IACrD;IACA,MAAM,mBAAmB,KAAK,gBAAgB;IAC9C,6BAAY,IAAI,QAAO;IACvB,2BAAU,IAAI,QAAO;IACP;;AAIhB,SAAM,KAAK,cAAc;IACvB;IACA,cAAc;IACd,qBAAqB;IACrB,aAAa,KAAK;IAClB,mBAAmB;KACjB,IAAI,WAAW;KACf,OAAO;;IAET,qBAAqB;KACnB,sBAAsB,oBAAoB;KAC1C,mBAAmB,oBAAoB;;IAEzC,SAAS;IACT,2BAA2B,4BAA4B;KACrD,mBAAmB,2BAA2B;KAC9C,YAAY,2BAA2B;KACvC,aAAa,2BAA2B;KACxC,WAAW,KAAK;QACd;;AAGN,UAAO;;;;;;;;;;;;;;;;;;;;;CA0BX,MAAM,4BAA4B,EAChC,cACA,SACA,4BACA,OACA,MACA,WASmC;AAElC,MAAI,aAAa,WAAW,EAC1B,OAAM,IAAI,MAAM;EAElB,MAAM,kBAAkB,KAAK,kCAAkC,YAAY,QAAQ;AACnF,SAAO,KAAK,mBAAmB;GAC7B,WAAW;GACX,UAAU,cACR,KAAK,oBAAoB,4BAA4B;IACnD;IACA;IACA;IACA;IACA;IACA;IACA;;;;CAKT,MAAM,mBAAmB,EACvB,UACA,SACA,4BACA,OACA,MACA,WAcC;EACD,MAAM,gBAAgB,YAAY,QAAQ,iBAAiB,SAAS;EACpE,MAAMC,oBAAoC;GACxC,YAAY,QAAQ,cAAc,KAAK,qBAAqB;GAC5D,YAAY,QAAQ,cAAc,KAAK,qBAAqB;GAC5D;;AAGD,MAAI;GACF,MAAM,kBAAkB,KAAK,kCAAkC;AAC/D,UAAO,MAAM,KAAK,mBAAmB;IAAE,WAAW;IAAiB,UAAU,cAAc;AAEzF,aAAQ,MAAM,+CAA+C,EAAE;AAC/D,YAAO,KAAK,oBAAoB,mBAAmB;MACjD;MACA,SAAS;MACT;MACA;MACA;MACA;MACA;;;;WAGG,KAAK;AAEZ,WAAQ,MAAM,sCAAsC;AACpD,SAAM;;;CAIX,MAAM,kBAAkB,SAgBrB;AACA,MAAI;GACF,MAAM,kBAAkB,KAAK,kCAAkC,QAAQ;GACvE,MAAM,aAAa,KAAK,qBAAqB;GAC7C,MAAM,aAAc,KAAK,qBAAqB,WAAW,MAAM,KAAK,MAAM,KAAK,qBAAqB;GACpG,MAAM,SAAS,MAAM,KAAK,mBAAmB;IAC3C,WAAW;IACZ,UAAU,cACR,KAAK,oBAAoB,kBAAkB;KAAE,GAAG;KAAS;KAAW;KAAY;;;AAEnF,OAAI,OAAO,QACT,QAAO;OAER,OAAM,IAAI,MAAM,2BAA2B,OAAO,SAAS;WAEtDN,OAAY;AACnB,WAAQ,MAAM,2CAA2C;AACzD,UAAO;IACL,SAAS;IACT,WAAW;IACX,WAAW;IACX,WAAW;IACX,OAAO,MAAM,WAAW;;;;;;;CAU9B,MAAM,qBAAqB,4BAAyD;AAClF,SAAO,MAAM,KAAK,oBAAoB,qBAAqB;;;CAQ5D,MAAM,oCACJ,eACA,SACe;AACf,QAAM,KAAK,mBAAmB;GAAE,QAAQ;GAAkB,SAAS,OAAO,cAAc;AAGtF,UAAM,KAAK,mCAAmC;KAAE;KAAe;;AAI/D,WAAO,KAAK,oBAAoB,oBAAoB;KAClD;KACA,SAAS,SAAS;KAClB,OAAO,SAAS;KAChB;;;;;CAKP,MAAM,wBACJ,eACA,SAIsE;AAEtE,QAAM,KAAK,oCAAoC,eAAe;EAI9D,IAAI,WAAW,MAAM,KAAK;AAC1B,MAAI,CAAC,YAAY,SAAS,kBAAkB,cAC1C,YAAW,MAAM,iBAAiB,SAAS,qBAAqB;AAElE,SAAO;GACL,WAAW,OAAO;GAClB,WAAW,OAAO,UAAU,uBAAuB;GACnD,YAAY;;;CAQhB,MAAM,qBAAqB,EACzB,YACA,YACA,cACA,sBACA,WAcC;AACD,SAAO,MAAM,KAAK,oBAAoB,qBAAqB;GACzD;GACA;GACA;GACA;GACA;GACA,YAAY,KAAK,qBAAqB;;;;;;;;;;;CAgB1C,MAAM,0BACJ,0BACA,eAWC;AACD,MAAI;AAEF,OAAI,CAAC,yBACH,OAAM,IAAI,MACR;GAMJ,MAAM,aAAa,yBAAyB,wBAAwB,KAAK;AACzE,OAAI,CAAC,YAAY,SAAS,CAAC,YAAY,OACrC,OAAM,IAAI,MAAM;GAMjB,MAAM,SAAS,MAAM,KAAK,mBAAmB;IAC3C,QAAQ;IACR,SAAS,EAAE,YAAY;IACvB,UAAU,cACR,KAAK,oBAAoB,0BAA0B;KACjD,YAAY;KACZ;KACA;;;AAGN,UAAO;WAEDA,OAAY;AACnB,WAAQ,MAAM,4DAA4D;AAC1E,SAAM,IAAI,MAAM,4CAA4C,MAAM;;;CAItE,MAAM,8CAA8C,EAClD,eACA,WACA,iBAK4C;AAE5C,SAAO,KAAK,cAAc,8CAA8C;GACtE;GACA;GACA,kBAAkB,cAAc,KAAI,QAAO;IACrC;IACJ,MAAM;IACN,YAAY;KAAC;KAAY;KAAU;KAAO;;;;;;;;;;CAUhD,MAAM,2BAA2B,EAC/B,gBACA,iBACA,YACA,OACA,WACA,WAWC;AACD,SAAO,MAAM,KAAK,oBAAoB,2BAA2B;GAC/D;GACA;GACA;GACA;GACA;GACA;;;;CASJ,qBAA6C;AAC3C,SAAO,KAAK;;;CAId,UAAgB;AACd,MAAI,KAAK,uBACP,MAAK,uBAAuB;AAE9B,MAAI,KAAK,aACP,MAAK,aAAa;AAEpB,OAAK,wBAAwB;;;;;;ACj5CjC,eAAe,wBAAuC;AACpD,KAAI,EAAE,mBAAmB,WAAY;AAErC,OAAM,UAAU,cACb,SAAS,yBAAyB,EAAE,OAAO,sBAC3C,YAAY;AACf,OAAM,UAAU,cAAc,MAAM,YAAY;;AAGlD,eAAe,mBAAkC;AAE/C,KAAI,CAAC,UAAU,OAAQ;AACvB,KAAI;EACF,MAAM,OAAO,MAAM,MAAM,0CAA0C,EAAE,OAAO;EAC5E,MAAMO,MAAgB,KAAK,KAAM,MAAM,KAAK,SAAU;EACtD,MAAM,WAAW,IAAI,IAAY;GAC/B;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;GACA;;EAEF,MAAM,MAAM,MAAM,KAAK;EACvB,MAAM,OAAO,IAAI,QAAQ,MAAM,CAAC,SAAS,IAAI;AAC7C,QAAM,QAAQ,WAAW,IAAI,KAAK,MAAM,MAAM,GAAG,WAAW,KAAK;EAEjE,MAAM,iBAAiB,KAAK,QAAQ,WAAW,KAAK,KAAK,MAAM,MAAM,GAAG,WAAW,KAAK;AACxF,MAAI;AAAE,GAAC,OAAe,sBAAuB,OAAe,oBAAoB,UAAU,EAAE,SAAS,SAAU,WAAW,UAAU;UAAa;AAAE,cAAW,UAAU;;SAClK;AAMR,KAAI;EACF,MAAM,SAAS,OAAO,SAAS;EAC/B,MAAM,cAAc,MAAM,KAAK,SAAS,iBAAiB,gBACtD,KAAK,OAAQ,GAAyB,KACtC,QAAQ,QAAQ,OAAO,QAAQ,YAAY,IAAI,WAAW,SAAS,UACnE,KAAK,QAAQ,IAAI,IAAI,KAAK;AAC7B,MAAI,YAAY,SAAS,EACvB,OAAM,QAAQ,WACZ,YAAY,KAAK,MAAM,MAAM,GAAG,WAAW,KAAK;SAG9C;;AASV,SAAS,YAAY,SAAiB,YAAY,OAAiC;AACjF,UAAS,gBAAgB,UAAU,IAAI;AACvC,UAAS,KAAK,UAAU,IAAI;CAC5B,MAAM,OAAO,SAAS,cAAc;AACpC,MAAK,YAAY;CACjB,MAAM,IAAI,SAAS,cAAc;AACjC,GAAE,cAAc;AAChB,GAAE,YAAY;CACd,MAAM,IAAI,SAAS,cAAc;AACjC,GAAE,cAAc;AAChB,GAAE,YAAY;CACd,MAAM,OAAO,SAAS,cAAc;AACpC,MAAK,YAAY;AACjB,KAAI;EACF,MAAM,OAAO,SAAS,cAAc;AACpC,OAAK,YAAY;AACjB,OAAK,cAAc;EACnB,MAAM,QAAQ,SAAS,cAAc;AACrC,QAAM,cAAc;EACpB,MAAM,MAAM,SAAS,cAAc;AACnC,MAAI,YAAY;EAChB,MAAM,SAAS,OAAO,SAAS;AAC/B,MAAI,OAAO;AACX,MAAI,cAAc;AAClB,MAAI,SAAS;AACb,MAAI,MAAM;AACV,OAAK,YAAY;AACjB,OAAK,YAAY;AACjB,OAAK,YAAY;SACX;AACN,OAAK,cAAc;;CAErB,MAAM,MAAM,SAAS,cAAc;AACnC,KAAI,cAAc;AAClB,KAAI,YAAY;AAChB,KAAI,WAAW,CAAC;AAChB,MAAK,YAAY;AACjB,MAAK,YAAY;AACjB,MAAK,YAAY;AACjB,MAAK,YAAY;AACjB,UAAS,KAAK,YAAY;AAC1B,QAAO,YAAY,MAAM;;AAG3B,eAAe,OAAsB;AACnC,OAAM;AAGN,CAAK;AACL,KAAI;AAEF,EAAC,OAAe,4BAA4B;AAC3C,EAAC,OAAe,yBAAyB;EAC1C,MAAM,4BAA4B;GAChC,MAAM,IAAI,SAAS,cAAc;GACjC,MAAM,KAAK,GAAG,WAAW,IAAI;AAC7B,UAAO,KAAK;;EAEd,MAAM,oBAAoB,SAAqC;GAC7D,MAAM,SAAS,QAAQ,IAAI,MAAM;AAEjC,UAAO,MAAM,UAAU,IAAI,MAAM,MAAM,GAAG,KAAK,OAAO;;EAExD,MAAM,eAAe,iBAAiB,OAAO,SAAS;EACtD,MAAM,wBAAwB,sBAAsB;EAEpD,MAAM,OAAO,MAAM,iBAAiB,SAAS;EAC7C,MAAM,QAAQ,MAAM,iBAAiB,SAAS,cAAc,YAAY;EAGxE,MAAM,KAAK,IAAI,gBAAiB,OAAO,YAAY,OAAO,SAAS,UAAW;EAC9E,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,IAAI;EACjD,MAAM,YAAY,eAAe,OAAO,YAAY,iBAAiB;EAGrE,MAAM,iBAAiB,aAAc,MAAM,iBAAiB;AAC5D,MAAI,CAAC,gBAAgB;AACnB,eAAY;AACZ;;EAEF,MAAM,MAAM,YAAY,iEAAiE;AACzF,MAAI,CAAC,IAAK;EACV,MAAM,YAAY,IAAI;EAGtB,IAAI,kBAAkB;AACtB,MAAI,MAAM,QAAQ,UAAU,MAAM,SAAS,GAAG;GAC5C,MAAM,QAAQ,SAAS,cAAc;AACrC,SAAM,cAAc;AACpB,SAAM,YAAY;GAClB,MAAM,MAAM,SAAS,cAAc;AACnC,OAAI,YAAY;AAChB,QAAK,MAAM,KAAK,OAAO;IACrB,MAAM,MAAM,SAAS,cAAc;AACnC,QAAI,QAAS,EAAU;AACvB,QAAI,cAAe,EAAU;AAC7B,QAAK,EAAU,kBAAkB,gBAAiB,KAAI,WAAW;AACjE,QAAI,YAAY;;AAElB,OAAI,iBAAiB,gBAAgB;AAAE,sBAAkB,IAAI;AAAO,aAAS,cAAc;;AAC3F,aAAU,aAAa,KAAK;AAC5B,aAAU,aAAa,OAAO;;EAIhC,MAAM,WAAW,SAAS,cAAc;AACxC,WAAS,YAAY;AACrB,YAAU,YAAY;EAGtB,eAAe,0BAA0B,KAA6B;AACpE,OAAI;IACF,MAAM,iBAAiB,MAAM,iBAAiB,SAAS,wBAAwB;AAC/E,QAAI,CAAC,MAAM,QAAQ,mBAAmB,eAAe,WAAW,GAAG;AACjE,aAAQ,KAAK;AACb,cAAS,cAAc;AACvB,YAAO;;AAET,WAAO;YACA,GAAG;AACV,YAAQ,KAAK,qEAAqE;AAClF,WAAO;;;EAIX,IAAI,UAAU;EACd,MAAM,kBAAkB,IAAI,eAAe;EAC3C,MAAM,cAAc,OAAO,YAAoB;AAC7C,OAAI,QAAS;AACb,aAAU;AACV,OAAI,WAAW;AACf,OAAI,UAAU,IAAI;AAClB,OAAI;AAAE,QAAI,cAAc;AAAc,QAAI,aAAa,aAAa;WAAiB;AACrF,YAAS,cAAc;AACvB,OAAI;IAEF,MAAM,iBAAiB,MAAM,0BAA0B;IAGvD,MAAM,OAAO,IAAI,kBAAkB;IACnC,MAAMC,sBAA0C;KAC9C,YAAY;KACZ,aAAa;KACb,YAAY;KACZ,aAAa;KACb,cAAc,wBAAwB,EAAE,cAAc,0BAA0B;KAChF,SAAS,EACP,KAAK;;IAGT,MAAM,iBAAiB,oBAAoB;IAC3C,MAAM,kBAAkB,IAAI,gBAAgB,gBAAgB;AAC5D,YAAQ,MAAM,qCAAqC,OAAO,SAAS;AACnE,QAAI,sBACF,SAAQ,MAAM,kCAAkC;AAElD,QAAI;AAEF,WAAM,gBAAgB,wBAAwB,YAAY,UAAU;MAClE,SAAS;MACT,OAAO;;aAEFC,KAAU;KACjB,MAAM,MAAM,OAAO,KAAK,WAAW,OAAO;KAC1C,MAAM,4BAA4B,IAAI,SAAS;KAC/C,MAAM,wBACJ,IAAI,SAAS,uDAAuD,IAAI,SAAS;AAEnF,SAAI,6BAA6B,uBAAuB;AAEtD,eAAS,cAAc,wBACnB,8DACA;MACJ,MAAM,MAAM,IAAI,cAAc;MAC9B,MAAM,YAAY;MAClB,MAAM,mBAAmB,MAAM,QAAQ,mBAAmB,eAAe,SAAS,IAC9E,eAAe,KAAK,OAAY;OAAE,IAAI,EAAE;OAAc,MAAM;OAAc,YAAY,EAAE;YACxF;MACJ,MAAM,WAAW,MAAM,IAAI,8CAA8C;OACvE,eAAe;OACf;OACA;;MAGF,MAAM,MAAM,MAAM,gBAAgB,0BAA0B,UAAU;AACtE,UAAI,CAAC,IAAI,YACP,OAAM,IAAI,MAAM;MAIlB,MAAM,YAAY,YAAY;MAC9B,MAAM,CAACC,QAAM,UAAU,MAAM,QAAQ,IAAI,CACvC,iBAAiB,SAAS,cAAc,YAAY,OACpD,iBAAiB,SAAS,qBAAqB,WAAW,YAAY;MAExE,MAAM,eACHA,UAAQA,OAAK,kBAAkB,aAAa,OAAOA,OAAK,iBAAiB,WACtEA,OAAK,eACJ,UAAU,OAAO,kBAAkB,aAAa,OAAO,OAAO,iBAAiB,WAC9E,OAAO,eACP;MAIR,MAAM,WAAW,MAAM,iBAAiB,SAAS,gBAAgB,WAAW,cAAc,YAAY;AACtG,UAAI,yBAAyB,CAAC,SAC5B,OAAM,IAAI,MACR,6DAA6D,QAAQ;MAIzE,MAAM,oBAAoB,OAAO,UAAU,uBAAuB;AAClE,UAAI,qBAAqB,sBAAsB,IAAI,UACjD,OAAM,IAAI,MACR,yDAAyD,QAAQ;AAKrE,YAAM,iBAAiB,WAAW,kBAAkB;OAClD,eAAe;OACf;OACA,eAAe,IAAI;OACnB,mBAAmB,IAAI;OACvB,aAAa,IAAI;OACjB,SAAS;OACT,WAAW,KAAK;;AAGlB,UAAI,CAAC,UAAU,oBACb,KAAI;AAAE,aAAM,iBAAiB,SAAS,WAAW,WAAW,EAAE,qBAAqB,IAAI;cAAsB;AAE/G,eAAS,cAAc;AACvB,YAAM,gBAAgB,wBAAwB,YAAY,UAAU;OAClE,SAAS;OACT,OAAO;;WAGT,OAAM;;AAIV,WAAO,QAAQ,cAAc;KAAE,MAAM;KAAqB,eAAe;OAAW;YAC7EC,GAAQ;AACf,YAAQ,MAAM,kCAAkC;IAChD,MAAM,MAAM,OAAO,GAAG,WAAW,KAAK;AACtC,QAAI,IAAI,SAAS,yCAEf,UAAS,cAAc,2GAA2G,QAAQ,OAAO,OAAO,SAAS,SAAS;aACjK,IAAI,SAAS,mBACtB,UAAS,cAAc,uCAAuC,QAAQ;aAC7D,IAAI,SAAS,8BACtB,UAAS,cAAc;QAEvB,UAAS,cAAc,oBAAoB;AAE7C,WAAO,QAAQ,cAAc;KAAE,MAAM;KAAsB,OAAO;OAAO;aACjE;AACR,QAAI,WAAW;AACf,QAAI,UAAU,OAAO;AACrB,QAAI;AAAE,SAAI,cAAc;AAAiB,SAAI,gBAAgB;YAAsB;AACnF,cAAU;;;AAKd,MAAI,iBAAiB,SAAS,YAAY;AAAE,SAAM,YAAY;;UACvD,GAAG;AACV,UAAQ,MAAM,qCAAqC;AACnD,cAAY;;;AAIhB,IAAI,SAAS,eAAe,UAC1B,UAAS,iBAAiB,0BAA0B,KAAK;IAEzD,CAAK"}