npm - @volr/sdk-core - Versions diffs - 0.1.132 → 0.1.134 - Mend

@volr/sdk-core 0.1.132 → 0.1.134

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.cjs.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../src/core/errors.ts","../src/core/crypto/hkdf.ts","../src/core/crypto/rng.ts","../src/core/crypto/aes-gcm.ts","../src/core/crypto/zeroize.ts","../src/master-key/encryption.ts","../src/master-key/mnemonic.ts","../src/master-key/provider.ts","../src/master-key/policies/prf.ts","../src/chains/evm/crypto/hdWallet.ts","../src/chains/evm/crypto/address.ts","../src/chains/evm/crypto/signer.ts","../src/wallet/signers/secp256k1.ts","../src/wallet/signers/passkey-p256.ts","../src/wallet/signers/external-wallet-errors.ts","../src/wallet/signers/external-wallet.ts","../src/storage/blobs.ts","../src/chains/evm/constants.ts","../src/builders/callHash.ts","../src/chains/evm/eip712/session.ts","../src/chains/evm/eip7702/authorization.ts","../src/chains/evm/nonce.ts","../src/chains/evm/providers/passkeyProvider.ts","../src/chains/evm/providers/mpcProvider.ts","../src/chains/evm/signers/selectSigner.ts","../src/wallet/signer.ts"],"names":["hkdf","sha256","entropyToMnemonic","wordlist","validateMnemonic","mnemonicToEntropy","mnemonicToSeed","HDKey","secp256k1","keccak_256","TypedDataEncoder","EIP1193ErrorCode","message","axios","AbiCoder","keccak256","hashAuthorization","getBytes","ProviderBackedSigner","selectSigner"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAGO,IAAM,SAAA,GAAN,MAAM,UAAA,SAAkB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AACZ,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,UAAA,CAAU,SAAS,CAAA;AAAA,EACjD;AACF;AAKO,IAAM,iBAAA,GAAoB;AAC1B,IAAM,eAAA,GAAkB;AACxB,IAAM,gBAAA,GAAmB;AACzB,IAAM,cAAA,GAAiB;AACvB,IAAM,eAAA,GAAkB;AACxB,IAAM,kBAAA,GAAqB;;;ACF3B,SAAS,UAAA,CACd,GAAA,EACA,IAAA,EACA,IAAA,EACA,MAAc,EAAA,EACF;AACZ,EAAA,IAAI,CAAC,IAAA,IAAQ,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC9B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,sBAAA,CAAwB,CAAA;AAAA,EAC9D;AAEA,EAAA,IAAI,GAAA,GAAM,CAAA,IAAK,GAAA,GAAM,GAAA,GAAM,EAAA,EAAI;AAC7B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,EAA+B,GAAA,GAAM,EAAE,CAAA,CAAE,CAAA;AAAA,EAC/E;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,UAAUA,SAAA,CAAKC,aAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,MAAM,GAAG,CAAA;AACjD,IAAA,OAAO,OAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,KAAA,YAAiB,KAAA,GAAQ,MAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA,CAAE,CAAA;AAAA,EACrG;AACF;;;ACjCO,SAAS,eAAe,GAAA,EAAyB;AACtD,EAAA,IAAI,GAAA,GAAM,CAAA,IAAK,GAAA,GAAM,KAAA,EAAO;AAC1B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gBAAA,EAAmB,GAAG,CAAA,CAAE,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,GAAG,CAAA;AAG9B,EAAA,IAAI,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,CAAO,eAAA,EAAiB;AAC3D,IAAA,MAAA,CAAO,gBAAgB,GAAG,CAAA;AAC1B,IAAA,OAAO,GAAA;AAAA,EACT;AAGA,EAAA,IAAI,OAAO,cAAY,WAAA,EAAa;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,UAAQ,QAAQ,CAAA;AACnC,MAAA,IAAI,UAAA,CAAW,SAAA,IAAa,UAAA,CAAW,SAAA,CAAU,eAAA,EAAiB;AAChE,QAAA,UAAA,CAAW,SAAA,CAAU,gBAAgB,GAAG,CAAA;AACxC,QAAA,OAAO,GAAA;AAAA,MACT;AAEA,MAAA,MAAM,WAAA,GAAc,UAAA,CAAW,WAAA,CAAY,GAAG,CAAA;AAC9C,MAAA,GAAA,CAAI,IAAI,WAAW,CAAA;AACnB,MAAA,OAAO,GAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AACrD;;;ACNO,SAAS,aAAA,GAA4B;AAC1C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAI/B,EAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AAC9C,EAAA,MAAM,IAAA,GAAO,IAAI,QAAA,CAAS,KAAA,CAAM,MAAM,CAAA;AACtC,EAAA,IAAA,CAAK,SAAA,CAAU,CAAA,EAAG,SAAA,EAAW,KAAK,CAAA;AAGlC,EAAA,MAAM,MAAA,GAAS,eAAe,CAAC,CAAA;AAC/B,EAAA,KAAA,CAAM,GAAA,CAAI,QAAQ,CAAC,CAAA;AAEnB,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,eAAA,GAAgC;AACvC,EAAA,IAAI,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,CAAO,MAAA,EAAQ;AAClD,IAAA,OAAO,MAAA,CAAO,MAAA;AAAA,EAChB;AAGA,EAAA,IAAI,OAAO,cAAY,WAAA,EAAa;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,UAAQ,QAAQ,CAAA;AACnC,MAAA,IAAI,UAAA,CAAW,SAAA,IAAa,UAAA,CAAW,SAAA,CAAU,MAAA,EAAQ;AACvD,QAAA,OAAO,WAAW,SAAA,CAAU,MAAA;AAAA,MAC9B;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,eAAe,CAAA,6BAAA,CAA+B,CAAA;AACnE;AAiBA,eAAsB,aAAA,CACpB,OACA,MAAA,EACoD;AACpD,EAAA,MAAM,EAAE,GAAA,EAAK,KAAA,EAAO,aAAA,EAAe,KAAI,GAAI,MAAA;AAE3C,EAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,EAA+B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,EACjF;AAGA,EAAA,MAAM,KAAA,GAAQ,iBAAiB,aAAA,EAAc;AAC7C,EAAA,IAAI,KAAA,CAAM,WAAW,EAAA,EAAI;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,cAAc,CAAA,8BAAA,EAAiC,KAAA,CAAM,MAAM,CAAA,CAAE,CAAA;AAAA,EAClF;AAEA,EAAA,MAAM,SAAS,eAAA,EAAgB;AAE/B,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,SAAA;AAAA,MAC/B,KAAA;AAAA,MACA,GAAA;AAAA,MACA,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,OAAA;AAAA,MAC7B;AAAA,QACE,IAAA,EAAM,SAAA;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,cAAA,EAAgB,GAAA;AAAA,QAChB,SAAA,EAAW;AAAA;AAAA,OACb;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAI,UAAA,CAAW,SAAS,CAAA;AAAA,MAChC;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,EAAG,eAAe,CAAA,qBAAA,EAAwB,KAAA,YAAiB,QAAQ,KAAA,CAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,KAClG;AAAA,EACF;AACF;AAeA,eAAsB,aAAA,CACpB,QACA,MAAA,EACqB;AACrB,EAAA,MAAM,EAAE,GAAA,EAAK,KAAA,EAAO,GAAA,EAAI,GAAI,MAAA;AAE5B,EAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,EAA+B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,EACjF;AAEA,EAAA,IAAI,KAAA,CAAM,WAAW,EAAA,EAAI;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,cAAc,CAAA,8BAAA,EAAiC,KAAA,CAAM,MAAM,CAAA,CAAE,CAAA;AAAA,EAClF;AAEA,EAAA,MAAM,SAAS,eAAA,EAAgB;AAE/B,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,SAAA;AAAA,MAC/B,KAAA;AAAA,MACA,GAAA;AAAA,MACA,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,OAAA;AAAA,MAC7B;AAAA,QACE,IAAA,EAAM,SAAA;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,cAAA,EAAgB,GAAA;AAAA,QAChB,SAAA,EAAW;AAAA,OACb;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,OAAO,IAAI,WAAW,SAAS,CAAA;AAAA,EACjC,SAAS,KAAA,EAAO;AAEd,IAAA,MAAM,UAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AACrE,IAAA,IAAI,QAAQ,QAAA,CAAS,YAAY,KAAK,OAAA,CAAQ,QAAA,CAAS,gBAAgB,CAAA,EAAG;AACxE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,gBAAgB,CAAA,sCAAA,CAAwC,CAAA;AAAA,IAC7E;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,eAAe,CAAA,qBAAA,EAAwB,OAAO,CAAA,CAAE,CAAA;AAAA,EACrE;AACF;;;AC5LO,SAAS,QAAQ,GAAA,EAAqC;AAC3D,EAAA,IAAI,IAAA;AAEJ,EAAA,IAAI,eAAe,WAAA,EAAa;AAC9B,IAAA,IAAA,GAAO,IAAI,WAAW,GAAG,CAAA;AAAA,EAC3B,CAAA,MAAO;AACL,IAAA,IAAA,GAAO,GAAA;AAAA,EACT;AAGA,EAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AAIX,EAAA,IAAA,CAAK,MAAA;AACP;;;ACFA,eAAsB,cAAA,CACpB,UAAA,EACA,OAAA,EACA,GAAA,EACoD;AACpD,EAAA,OAAO,cAAc,UAAA,EAAY,EAAE,GAAA,EAAK,OAAA,EAAS,KAAK,CAAA;AACxD;AAmBA,eAAsB,gBAAA,CACpB,MAAA,EACA,OAAA,EACA,GAAA,EACA,KAAA,EACqB;AACrB,EAAA,MAAM,SAAA,GAAY,MAAM,aAAA,CAAc,MAAA,EAAQ,EAAE,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,KAAA,EAAO,CAAA;AAC1E,EAAA,OAAO,SAAA;AACT;ACjBO,SAAS,eAAA,GAA2B;AACzC,EAAA,OAAO,eAAe,EAAE,CAAA;AAC1B;AAQO,SAAS,gBAAgB,OAAA,EAA2B;AACzD,EAAA,OAAO,OAAA,YAAmB,UAAA,IAAc,OAAA,CAAQ,MAAA,KAAW,EAAA;AAC7D;AAWO,SAAS,wBAAwB,OAAA,EAA0B;AAChE,EAAA,OAAOC,uBAAA,CAAkB,SAASC,gBAAQ,CAAA;AAC5C;AASO,SAAS,wBAAwB,QAAA,EAA2B;AACjE,EAAA,IAAI,CAACC,sBAAA,CAAiB,QAAA,EAAUD,gBAAQ,CAAA,EAAG;AACzC,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AACA,EAAA,OAAOE,uBAAA,CAAkB,UAAUF,gBAAQ,CAAA;AAC7C;AAYA,eAAsB,cAAc,OAAA,EAAuC;AACzE,EAAA,MAAM,QAAA,GAAWD,uBAAA,CAAkB,OAAA,EAASC,gBAAQ,CAAA;AACpD,EAAA,MAAM,IAAA,GAAO,MAAMG,oBAAA,CAAe,QAAQ,CAAA;AAE1C,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AACzB;;;ACjCA,eAAe,aAAa,OAAA,EAA4C;AACtE,EAAA,MAAM,IAAA,GAAO,MAAM,aAAA,CAAc,OAAO,CAAA;AAExC,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,IAAA;AAAA,IACA,WAAA,GAAc;AACZ,MAAA,OAAO,wBAAwB,OAAO,CAAA;AAAA,IACxC,CAAA;AAAA,IACA,OAAA,GAAU;AACR,MAAA,OAAA,CAAQ,OAAO,CAAA;AACf,MAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,IACd;AAAA,GACF;AACF;AAsBO,SAAS,uBAAA,GAA6C;AAC3D,EAAA,OAAO;AAAA,IACL,MAAM,cAAA,CAAe,IAAA,EAAM,OAAA,EAAS;AAGlC,MAAA,MAAM,UAAW,MAAM,gBAAA;AAAA,QACrB,IAAA,CAAK,MAAA;AAAA,QACL,OAAA;AAAA,QACA,IAAA,CAAK,GAAA;AAAA,QACL,IAAA,CAAK;AAAA,OACP;AAEA,MAAA,OAAO,aAAa,OAAO,CAAA;AAAA,IAC7B,CAAA;AAAA,IAEA,MAAM,QAAA,GAAW;AACf,MAAA,MAAM,UAAU,eAAA,EAAgB;AAChC,MAAA,OAAO,aAAa,OAAO,CAAA;AAAA,IAC7B;AAAA,GACF;AACF;ACnEO,SAAS,cAAc,KAAA,EAA0B;AACtD,EAAA,MAAM,EAAE,SAAA,EAAW,IAAA,EAAK,GAAI,KAAA;AAI5B,EAAA,MAAM,gBAAgB,IAAI,WAAA,GAAc,MAAA,CAAO,CAAA,KAAA,EAAQ,SAAS,CAAA,CAAE,CAAA;AAClE,EAAA,MAAM,SAAA,GAAYL,cAAO,aAAa,CAAA;AAGtC,EAAA,MAAM,cAAc,IAAA,IAAQA,aAAAA;AAAA,IAC1B,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,CAAA,UAAA,EAAa,SAAS,CAAA,CAAE;AAAA,GACnD;AAGA,EAAA,MAAM,IAAA,GAAO,oBAAoB,SAAS,CAAA,CAAA;AAG1C,EAAA,MAAM,OAAA,GAAU,UAAA,CAAW,SAAA,EAAW,WAAA,EAAa,MAAM,EAAE,CAAA;AAE3D,EAAA,OAAO,OAAA;AACT;AC1DO,IAAM,gBAAA,GAAmB;AAwCzB,SAAS,aAAa,IAAA,EAA8B;AACzD,EAAA,MAAM,EAAE,UAAA,EAAY,IAAA,GAAO,gBAAA,EAAiB,GAAI,IAAA;AAGhD,EAAA,MAAM,KAAA,GAAQM,WAAA,CAAM,cAAA,CAAe,UAAU,CAAA;AAG7C,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA;AAEjC,EAAA,IAAI,CAAC,QAAQ,UAAA,EAAY;AACvB,IAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,EAChD;AAGA,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,OAAA,CAAQ,UAAU,CAAA;AAGpD,EAAA,MAAM,YAAY,OAAA,CAAQ,SAAA;AAC1B,EAAA,IAAI,CAAC,SAAA,IAAa,SAAA,CAAU,MAAA,KAAW,EAAA,EAAI;AACzC,IAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,EAC7C;AAGA,EAAA,MAAM,WAAA,GAAcC,mBAAA,CAAU,eAAA,CAAgB,OAAA,CAAQ,SAAS,CAAA;AAC/D,EAAA,MAAM,kBAAA,GAAqB,WAAA,CAAY,UAAA,CAAW,KAAK,CAAA;AAGvD,EAAA,MAAM,mBAAA,GAAsB,kBAAA,CAAmB,KAAA,CAAM,CAAC,CAAA;AACtD,EAAA,MAAM,IAAA,GAAOC,gBAAW,mBAAmB,CAAA;AAC3C,EAAA,MAAM,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,EAAE,CAAA;AAClC,EAAA,MAAM,UAAW,IAAA,GAAO,KAAA,CAAM,KAAK,YAAY,CAAA,CAC5C,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAEV,EAAA,OAAO;AAAA,IACL,UAAA;AAAA,IACA,SAAA,EAAW,kBAAA;AAAA,IACX,OAAA;AAAA,IACA;AAAA,GACF;AACF;ACtEO,SAAS,kBAAkB,IAAA,EAAoC;AACpE,EAAA,IAAI,CAAC,IAAA,CAAK,UAAA,CAAW,IAAI,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,CAA8B,CAAA;AAAA,EACpE;AAEA,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,CAAC,EAAE,WAAA,EAAY;AAE1C,EAAA,IAAI,OAAA,CAAQ,WAAW,EAAA,EAAI;AACzB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,8CAAA,CAAgD,CAAA;AAAA,EACtF;AAGA,EAAA,IAAI,CAAC,gBAAA,CAAiB,IAAA,CAAK,OAAO,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yCAAA,CAA2C,CAAA;AAAA,EACjF;AAGA,EAAA,MAAM,YAAA,GAAe,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AACrD,EAAA,MAAM,IAAA,GAAOA,gBAAW,YAAY,CAAA;AAGpC,EAAA,IAAI,WAAA,GAAc,IAAA;AAClB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AACtB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA;AACjC,IAAA,MAAM,UAAA,GAAa,CAAA,GAAI,CAAA,KAAM,CAAA,GAAK,IAAA,CAAK,QAAQ,CAAA,IAAK,CAAA,GAAM,IAAA,CAAK,QAAQ,CAAA,GAAI,EAAA;AAG3E,IAAA,WAAA,IAAe,UAAA,IAAc,CAAA,GAAI,IAAA,CAAK,WAAA,EAAY,GAAI,IAAA;AAAA,EACxD;AAEA,EAAA,OAAO,WAAA;AACT;AClBO,SAAS,OAAA,CAAQ,SAAqB,SAAA,EAA4B;AACvE,EAAA,IAAI,OAAA,CAAQ,WAAW,EAAA,EAAI;AACzB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,oCAAA,EAAuC,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AAAA,EAC7F;AAEA,EAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,EAChG;AAGA,EAAA,MAAM,SAAA,GAAYD,mBAAAA,CAAU,IAAA,CAAK,SAAA,EAAW,OAAA,EAAS;AAAA,IACnD,IAAA,EAAM;AAAA;AAAA,GACP,CAAA;AAGD,EAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AACpB,EAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AAGpB,EAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,EAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAGhC,EAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAC5C,EAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAE5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AACrD,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,EACvD;AAKA,EAAA,MAAM,OAAA,GAAW,UAAU,QAAA,GAAW,CAAA;AAEtC,EAAA,OAAO;AAAA,IACL,CAAA,EAAG,MAAA;AAAA,IACH,CAAA,EAAG,MAAA;AAAA,IACH;AAAA,GACF;AACF;AC9CO,IAAM,0BAAN,MAAoD;AAAA,EACzD,YAAoB,UAAA,EAAwB;AAAxB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAClB,IAAA,IAAI,UAAA,CAAW,WAAW,EAAA,EAAI;AAC5B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,oCAAA,EAAuC,UAAA,CAAW,MAAM,CAAA,CAAE,CAAA;AAAA,IAChG;AAGA,IAAA,IAAI,UAAA,CAAW,KAAA,CAAM,CAAA,CAAA,KAAK,CAAA,KAAM,CAAC,CAAA,EAAG;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,CAA8B,CAAA;AAAA,IACpE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAA,GAAoC;AACxC,IAAA,MAAM,WAAA,GAAcA,mBAAAA,CAAU,YAAA,CAAa,IAAA,CAAK,YAAY,KAAK,CAAA;AACjE,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AACZ,IAAA,MAAA,CAAO,GAAA,CAAI,WAAA,CAAY,KAAA,CAAM,CAAC,GAAG,CAAC,CAAA;AAClC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,IAChG;AAGA,IAAA,MAAM,SAAA,GAAYA,mBAAAA,CAAU,IAAA,CAAK,SAAA,EAAW,KAAK,UAAA,EAAY;AAAA,MAC3D,IAAA,EAAM;AAAA;AAAA,KACP,CAAA;AAGD,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AACpB,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AAGpB,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAGhC,IAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAC5C,IAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAE5C,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,MAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AACrD,MAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,IACvD;AAGA,IAAA,MAAM,OAAA,GAAW,UAAU,QAAA,GAAW,CAAA;AAEtC,IAAA,OAAO;AAAA,MACL,CAAA,EAAG,MAAA;AAAA,MACH,CAAA,EAAG,MAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,MAAA,EAIf;AAGD,IAAA,OAAO,IAAA,CAAK,YAAY,MAAM,CAAA;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,IAAA,EAKW;AACvB,IAAA,MAAM,IAAA,GAAOE,wBAAiB,IAAA,CAAK,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA,EAAO,KAAK,OAAO,CAAA;AAExE,IAAA,MAAM,OAAA,GAAU,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,CAAC,CAAA,EAAG,KAAK,CAAC,CAAA;AAChE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,WAAA,CAAY,OAAO,CAAA;AAI1C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,CAAA,GAAA,CAAK,IAAI,OAAA,GAAU,EAAA,EAAI,SAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAA;AAEzD,IAAA,OAAO,CAAA,EAAA,EAAK,IAAI,CAAA,EAAG,IAAI,GAAG,CAAC,CAAA,CAAA;AAAA,EAC/B;AACF;AAmBO,SAAS,SAAA,CACd,kBAAA,EACA,SAAA,EACA,GAAA,EACS;AACT,EAAA,IAAI,mBAAmB,MAAA,KAAW,EAAA,IAAM,kBAAA,CAAmB,CAAC,MAAM,CAAA,EAAM;AACtE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wDAAA,CAA0D,CAAA;AAAA,EAChG;AAEA,EAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,EAChG;AAEA,EAAA,IAAI,IAAI,CAAA,CAAE,MAAA,KAAW,MAAM,GAAA,CAAI,CAAA,CAAE,WAAW,EAAA,EAAI;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yCAAA,CAA2C,CAAA;AAAA,EACjF;AAGA,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,GAAA,CAAI,CAAC,EAC3C,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,IAAA,CAAK,EAAE,CAAC,CAAA;AAGX,EAAA,MAAM,CAAA,GAAIF,oBAAU,KAAA,CAAM,CAAA;AAC1B,EAAA,MAAM,QAAQ,CAAA,GAAI,EAAA;AAClB,EAAA,IAAI,UAAU,KAAA,EAAO;AACnB,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,CAAA,GAAI,kBAAA,CAAmB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AACxC,EAAA,MAAM,CAAA,GAAI,kBAAA,CAAmB,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AACzC,EAAA,MAAM,WAAA,GAAcA,mBAAAA,CAAU,eAAA,CAAgB,UAAA,CAAW;AAAA,IACvD,CAAA,EAAG,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,CAAC,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAAA,IACjF,CAAA,EAAG,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,CAAC,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC;AAAA,GAClF,CAAA;AACD,EAAA,MAAM,gBAAA,GAAmB,WAAA,CAAY,UAAA,CAAW,IAAI,CAAA;AAKpD,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,CAAC,GAAG,IAAI,CAAA,EAAG,GAAG,GAAA,CAAI,CAAC,CAAC,CAAA;AACtD,IAAA,OAAOA,mBAAAA,CAAU,MAAA,CAAO,UAAA,EAAY,SAAA,EAAW,gBAAgB,CAAA;AAAA,EACjE,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AC/LO,IAAM,oBAAN,MAA8C;AAAA,EACnD,YAAoB,QAAA,EAA+B;AAA/B,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EAAgC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOpD,MAAM,YAAA,GAAoC;AACxC,IAAA,MAAM,EAAE,CAAA,EAAG,CAAA,KAAM,MAAM,IAAA,CAAK,SAAS,YAAA,EAAa;AAElD,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,EAAA,IAAM,CAAA,CAAE,WAAW,EAAA,EAAI;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,8CAAA,CAAgD,CAAA;AAAA,IACtF;AAGA,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AACZ,IAAA,MAAA,CAAO,GAAA,CAAI,GAAG,CAAC,CAAA;AACf,IAAA,MAAA,CAAO,GAAA,CAAI,GAAG,EAAE,CAAA;AAEhB,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,IAChG;AAGA,IAAA,MAAM,EAAE,GAAG,CAAA,EAAE,GAAI,MAAM,IAAA,CAAK,QAAA,CAAS,SAAS,SAAS,CAAA;AAEvD,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,EAAA,IAAM,CAAA,CAAE,WAAW,EAAA,EAAI;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yCAAA,CAA2C,CAAA;AAAA,IACjF;AAGA,IAAA,MAAM,EAAE,CAAA,EAAE,GAAI,MAAM,IAAA,CAAK,SAAS,YAAA,EAAa;AAG/C,IAAA,MAAM,OAAA,GAAW,CAAA,CAAE,CAAA,CAAE,MAAA,GAAS,CAAC,CAAA,GAAI,CAAA;AAEnC,IAAA,OAAO;AAAA,MACL,CAAA;AAAA,MACA,CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,OAAA,EAIf;AAED,IAAA,MAAM,IAAI,MAAM,iGAAiG,CAAA;AAAA,EACnH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,IAAA,EAKW;AACvB,IAAA,MAAM,IAAA,GAAOE,wBAAiB,IAAA,CAAK,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA,EAAO,KAAK,OAAO,CAAA;AAExE,IAAA,MAAM,OAAA,GAAU,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,CAAC,CAAA,EAAG,KAAK,CAAC,CAAA;AAChE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,WAAA,CAAY,OAAO,CAAA;AAa1C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,CAAA,GAAI,IAAI,OAAA,CAAQ,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAA;AAElD,IAAA,OAAO,CAAA,EAAA,EAAK,IAAI,CAAA,EAAG,IAAI,GAAG,CAAC,CAAA,CAAA;AAAA,EAC/B;AACF;;;ACtHO,IAAK,gBAAA,qBAAAC,iBAAAA,KAAL;AACL,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,mBAAgB,IAAA,CAAA,GAAhB,eAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,kBAAe,IAAA,CAAA,GAAf,cAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,IAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,kBAAe,IAAA,CAAA,GAAf,cAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,IAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,IAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,0BAAuB,MAAA,CAAA,GAAvB,sBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,MAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,mBAAgB,KAAA,CAAA,GAAhB,eAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,oBAAiB,MAAA,CAAA,GAAjB,gBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,qBAAkB,MAAA,CAAA,GAAlB,iBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,sBAAmB,MAAA,CAAA,GAAnB,kBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,oBAAiB,MAAA,CAAA,GAAjB,gBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,iBAAc,MAAA,CAAA,GAAd,aAAA;AAdU,EAAA,OAAAA,iBAAAA;AAAA,CAAA,EAAA,gBAAA,IAAA,EAAA;AAoBL,IAAM,WAAA,GAAN,cAA0B,KAAA,CAAM;AAAA,EACrC,WAAA,CACE,OAAA,EACgB,IAAA,EACA,aAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AAAA,EACd;AACF;AAEO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EACjD,WAAA,CAAY,OAAA,GAAU,2BAAA,EAA6B,aAAA,EAAyB;AAC1E,IAAA,KAAA,CAAM,OAAA,EAAS,0BAAgC,aAAa,CAAA;AAC5D,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAEO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EACjD,WAAA,CAAY,OAAA,GAAU,qCAAA,EAAuC,aAAA,EAAyB;AACpF,IAAA,KAAA,CAAM,OAAA,EAAS,yBAA+B,aAAa,CAAA;AAC3D,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAEO,IAAM,sBAAA,GAAN,cAAqC,WAAA,CAAY;AAAA,EACtD,WAAA,CAAY,OAAA,GAAU,gCAAA,EAAkC,aAAA,EAAyB;AAC/E,IAAA,KAAA,CAAM,OAAA,EAAS,+BAAqC,aAAa,CAAA;AACjE,IAAA,IAAA,CAAK,IAAA,GAAO,wBAAA;AAAA,EACd;AACF;AAEO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EACjD,WAAA,CACE,OAAA,GAAU,eAAA,EACM,eAAA,EACA,eAChB,aAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,+BAAqC,aAAa,CAAA;AAJjD,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AAIhB,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAEO,IAAM,kBAAA,GAAN,cAAiC,WAAA,CAAY;AAAA,EAClD,WAAA,CAAY,OAAA,GAAU,2BAAA,EAA6B,aAAA,EAAyB;AAC1E,IAAA,KAAA,CAAM,OAAA,EAAS,+BAAqC,aAAa,CAAA;AACjE,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF;AAEO,IAAM,mBAAA,GAAN,cAAkC,WAAA,CAAY;AAAA,EACnD,WAAA,CAAY,OAAA,GAAU,mCAAA,EAAqC,aAAA,EAAyB;AAClF,IAAA,KAAA,CAAM,OAAA,EAAS,mCAAuC,aAAa,CAAA;AACnE,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AAAA,EACd;AACF;AAKO,SAAS,qBAAqB,KAAA,EAA6B;AAChE,EAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,IAAA,MAAM,GAAA,GAAM,KAAA;AACZ,IAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,IAAA,MAAMC,QAAAA,GAAU,IAAI,OAAA,IAAW,sBAAA;AAE/B,IAAA,QAAQ,IAAA;AAAM,MACZ,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,iBAAA,CAAkBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE7C,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,iBAAA,CAAkBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE7C,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,sBAAA,CAAuBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAElD,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,kBAAA,CAAmBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE9C,KAAK,MAAA;AACH,QAAA,OAAO,IAAI,mBAAA,CAAoBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE/C;AACE,QAAA,OAAO,IAAI,WAAA,CAAYA,QAAAA,EAAS,IAAA,IAAQ,IAAI,KAAK,CAAA;AAAA;AACrD,EACF;AAGA,EAAA,MAAM,UAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AACrE,EAAA,OAAO,IAAI,WAAA,CAAY,OAAA,EAAS,EAAA,EAAI,KAAK,CAAA;AAC3C;;;ACxFO,IAAM,uBAAN,MAAiD;AAAA,EACtD,WAAA,CACmB,QAAA,EACA,eAAA,EACA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMH,MAAc,aAAA,GAA+B;AAC3C,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,QAC7C,MAAA,EAAQ;AAAA,OACT,CAAA;AAED,MAAA,MAAM,aAAA,GAAgB,QAAA,CAAS,UAAA,EAAY,EAAE,CAAA;AAE7C,MAAA,IAAI,aAAA,KAAkB,KAAK,eAAA,EAAiB;AAC1C,QAAA,MAAM,IAAI,iBAAA;AAAA,UACR,CAAA,yBAAA,EAA4B,IAAA,CAAK,eAAe,CAAA,OAAA,EAAU,aAAa,CAAA,CAAA;AAAA,UACvE,IAAA,CAAK,eAAA;AAAA,UACL;AAAA,SACF;AAAA,MACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,iBAAA,EAAmB;AACtC,QAAA,MAAM,KAAA;AAAA,MACR;AACA,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,GAAqC;AACzC,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,YAAA,GAAoC;AAIxC,IAAA,OAAO,IAAI,WAAW,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,IAAI;AAEF,MAAA,MAAM,KAAK,aAAA,EAAc;AAGzB,MAAA,MAAM,aAAa,IAAA,GAAO,KAAA,CAAM,KAAK,SAAS,CAAA,CAC3C,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAGV,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,QAC5C,MAAA,EAAQ,eAAA;AAAA,QACR,MAAA,EAAQ,CAAC,UAAA,EAAY,IAAA,CAAK,OAAO;AAAA,OAClC,CAAA;AAGD,MAAA,MAAM,GAAA,GAAM,UAAU,UAAA,CAAW,IAAI,IAAI,SAAA,CAAU,KAAA,CAAM,CAAC,CAAA,GAAI,SAAA;AAE9D,MAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACtB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAC3B,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAE3B,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAC/C,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,EAAA,GAAK,CAAA,GAAI,CAAA,EAAG,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,CAAC,GAAG,EAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,IAAI,QAAA,CAAS,GAAA,CAAI,MAAM,GAAA,EAAK,GAAG,GAAG,EAAE,CAAA;AAC1C,MAAA,MAAM,OAAA,GAAU,CAAA,KAAM,EAAA,GAAK,CAAA,GAAI,CAAA;AAE/B,MAAA,OAAO,EAAE,CAAA,EAAG,CAAA,EAAG,OAAA,EAA0B;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,YAAY,MAAA,EAIf;AACD,IAAA,IAAI;AAEF,MAAA,MAAM,KAAK,aAAA,EAAc;AAGzB,MAAA,MAAM,YAAY,IAAA,GAAO,KAAA,CAAM,KAAK,MAAM,CAAA,CACvC,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAIV,MAAA,IAAI,SAAA;AACJ,MAAA,IAAI;AACF,QAAA,SAAA,GAAY,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,UACtC,MAAA,EAAQ,UAAA;AAAA,UACR,MAAA,EAAQ,CAAC,IAAA,CAAK,OAAA,EAAS,SAAS;AAAA,SACjC,CAAA;AAAA,MACH,SAAS,YAAA,EAAmB;AAE1B,QAAA,IAAI,YAAA,EAAc,IAAA,KAAS,CAAA,KAAA,IAAU,YAAA,EAAc,SAAS,IAAA,EAAM;AAChE,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,oSAAA,IAKsB,cAAc,OAAA,IAAW,wBAAA;AAAA,WACjD;AAAA,QACF,CAAA,MAAO;AACL,UAAA,MAAM,YAAA;AAAA,QACR;AAAA,MACF;AAGA,MAAA,MAAM,GAAA,GAAM,UAAU,UAAA,CAAW,IAAI,IAAI,SAAA,CAAU,KAAA,CAAM,CAAC,CAAA,GAAI,SAAA;AAE9D,MAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACtB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAC3B,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAE3B,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAC/C,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,EAAA,GAAK,CAAA,GAAI,CAAA,EAAG,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,CAAC,GAAG,EAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,IAAI,QAAA,CAAS,GAAA,CAAI,MAAM,GAAA,EAAK,GAAG,GAAG,EAAE,CAAA;AAE1C,MAAA,MAAM,OAAA,GAAW,CAAA,KAAM,EAAA,IAAM,CAAA,KAAM,IAAK,CAAA,GAAI,CAAA;AAE5C,MAAA,OAAO,EAAE,CAAA,EAAG,CAAA,EAAG,OAAA,EAA0B;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,KAAA,EAAwC;AACtD,IAAA,IAAI;AAEF,MAAA,MAAM,KAAK,aAAA,EAAc;AAEzB,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,QAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,MACzD;AAEA,MAAA,MAAM,KAAA,GAAQ,KAAA;AAGd,MAAA,IAAI,CAAC,MAAM,MAAA,IAAU,CAAC,MAAM,KAAA,IAAS,CAAC,MAAM,OAAA,EAAS;AACnD,QAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,MACzE;AAGA,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,QAC5C,MAAA,EAAQ,sBAAA;AAAA,QACR,QAAQ,CAAC,IAAA,CAAK,SAAS,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC;AAAA,OAC7C,CAAA;AAED,MAAA,OAAO,SAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAA,GAAkC;AACtC,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,IAAA,GAAO,IAAA,CAAK,eAAA,CAAgB,SAAS,EAAE,CAAA;AAE1D,MAAA,MAAM,IAAA,CAAK,SAAS,OAAA,CAAQ;AAAA,QAC1B,MAAA,EAAQ,4BAAA;AAAA,QACR,MAAA,EAAQ,CAAC,EAAE,OAAA,EAAS,YAAY;AAAA,OACjC,CAAA;AAED,MAAA,OAAO,IAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,UAAA,GAAa,qBAAqB,KAAK,CAAA;AAI7C,MAAA,IAAI,UAAA,CAAW,SAAS,IAAA,EAAM;AAC5B,QAAA,OAAO,KAAA;AAAA,MACT;AAGA,MAAA,IAAI,UAAA,CAAW,SAAS,IAAA,EAAM;AAC5B,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,WAAA,EAUI;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,SAAS,OAAA,CAAQ;AAAA,QAC1B,MAAA,EAAQ,yBAAA;AAAA,QACR,MAAA,EAAQ,CAAC,WAAW;AAAA,OACrB,CAAA;AAED,MAAA,OAAO,IAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,UAAA,GAAa,qBAAqB,KAAK,CAAA;AAG7C,MAAA,IAAI,UAAA,CAAW,SAAS,IAAA,EAAM;AAC5B,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AACF;AC1SA,SAAS,aAAa,IAAA,EAAwD;AAC5E,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,IAAA,IAAI,IAAA,YAAgB,UAAA,IAAc,IAAA,YAAgB,WAAA,EAAa;AAC7D,MAAA,MAAM,QAAQ,IAAA,YAAgB,UAAA,GAAa,IAAA,GAAO,IAAI,WAAW,IAAI,CAAA;AACrE,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,YAAA,CAAa,GAAG,KAAK,CAAA;AAC3C,MAAA,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAC,CAAA;AAAA,IACtB,CAAA,MAAA,IAAW,gBAAgB,IAAA,EAAM;AAC/B,MAAA,MAAM,MAAA,GAAS,IAAI,UAAA,EAAW;AAC9B,MAAA,MAAA,CAAO,YAAY,MAAM;AACvB,QAAA,MAAM,MAAA,GAAU,OAAO,MAAA,CAAkB,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,KAAM,MAAA,CAAO,MAAA;AAClE,QAAA,OAAA,CAAQ,MAAM,CAAA;AAAA,MAChB,CAAA;AACA,MAAA,MAAA,CAAO,OAAA,GAAU,MAAA;AACjB,MAAA,MAAA,CAAO,cAAc,IAAI,CAAA;AAAA,IAC3B,CAAA,MAAO;AACL,MAAA,MAAA,CAAO,IAAI,KAAA,CAAM,uBAAuB,CAAC,CAAA;AAAA,IAC3C;AAAA,EACF,CAAC,CAAA;AACH;AASA,eAAsB,WACpB,OAAA,EAC0B;AAC1B,EAAA,MAAM;AAAA,IACJ,OAAA;AAAA,IACA,MAAA;AAAA,IACA,WAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GAAI,OAAA;AAGJ,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AAAA,EACtC;AACA,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AAGA,EAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAa,IAAI,CAAA;AAGvC,EAAA,IAAI,WAAA;AACJ,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,WAAA,GAAc,aAAA;AAAA,EAChB,CAAA,MAAO;AACL,IAAA,WAAA,GAAcC,uBAAM,MAAA,CAAO;AAAA,MACzB,OAAA,EAAS,OAAA,CAAQ,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AAAA,MACnC,eAAA,EAAiB,IAAA;AAAA,MACjB,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,kBAAA;AAAA,QAChB,WAAA,EAAa,OAAO,MAAM,CAAA;AAAA,QAC1B,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACD,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,IAAA,CAA0E,cAAA,EAAgB;AAAA,IAC3H;AAAA,GACD,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,IAAA,EAAM,EAAA,IAAM,CAAC,QAAA,CAAS,IAAA,EAAM,MAAM,GAAA,EAAK;AACnD,IAAA,MAAM,YAAA,GAAgB,QAAA,CAAS,IAAA,EAAc,KAAA,EAAO,OAAA,IAAW,uBAAA;AAC/D,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,QAAA,CAAS,IAAA,CAAK,KAAK,GAAA,EAAI;AACvC;AAqBA,SAAS,mBAAmB,CAAA,EAAmB;AAC7C,EAAA,OAAO,CAAA,CAAE,SAAS,GAAG,CAAA,GAAI,EAAE,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,CAAA;AAC5C;AASA,eAAsB,qBACpB,OAAA,EACyC;AACzC,EAAA,MAAM;AAAA,IACJ,OAAA;AAAA,IACA,MAAA;AAAA,IACA,WAAA;AAAA,IACA,IAAA;AAAA,IACA,WAAA,GAAc,0BAAA;AAAA,IACd;AAAA,GACF,GAAI,OAAA;AAEJ,EAAA,MAAM,CAAA,GAA8B,WAAY,UAAA,CAAmB,KAAA;AACnE,EAAA,IAAI,OAAO,MAAM,UAAA,EAAY;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,IAAA,GAAO,mBAAmB,OAAO,CAAA;AAGvC,EAAA,MAAM,UAAA,GAAa,MAAM,CAAA,CAAE,CAAA,EAAG,IAAI,CAAA,aAAA,CAAA,EAAiB;AAAA,IACjD,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAI,SAAS,EAAE,WAAA,EAAa,OAAO,MAAM,CAAA,KAAM,EAAC;AAAA,MAChD,GAAI,cAAc,EAAE,aAAA,EAAe,UAAU,WAAW,CAAA,CAAA,KAAO;AAAC,KAClE;AAAA;AAAA,IAEA,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,EAAA,EAAI,KAAA,EAAO,aAAa,CAAA;AAAA;AAAA,IAE/C,WAAA,EAAa;AAAA,GACd,CAAA;AAED,EAAA,MAAM,WAAA,GAAmB,MAAM,UAAA,CAAW,IAAA,EAAK;AAC/C,EAAA,IAAI,CAAC,UAAA,CAAW,EAAA,IAAO,WAAA,IAAe,WAAA,CAAY,OAAO,KAAA,EAAQ;AAC/D,IAAA,MAAM,GAAA,GACH,eAAe,WAAA,CAAY,KAAA,IAAS,YAAY,KAAA,CAAM,OAAA,IACvD,CAAA,2BAAA,EAA8B,UAAA,CAAW,MAAM,CAAA,CAAA;AACjD,IAAA,MAAM,IAAI,KAAA,CAAM,OAAO,GAAA,KAAQ,QAAA,GAAW,MAAM,gBAAgB,CAAA;AAAA,EAClE;AACA,EAAA,MAAM,GAAA,GAAc,WAAA,EAAa,IAAA,EAAM,GAAA,IAAO,WAAA,EAAa,GAAA;AAC3D,EAAA,MAAM,KAAA,GAAgB,WAAA,EAAa,IAAA,EAAM,WAAA,IAAe,WAAA,EAAa,KAAA;AACrE,EAAA,IAAI,CAAC,GAAA,IAAO,CAAC,KAAA,EAAO;AAClB,IAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,EAClE;AAGA,EAAA,MAAM,UAAA,GAAqC;AAAA,IACzC,cAAA,EAAgB,WAAA;AAAA,IAChB,8BAAA,EAAgC;AAAA,GAClC;AAEA,EAAA,MAAM,OACJ,OAAO,IAAA,KAAS,WAAA,IAAgB,IAAA,YAAwB,OAAQ,IAAA,GAAgB,IAAA;AAElF,EAAA,MAAM,MAAA,GAAS,MAAM,CAAA,CAAE,GAAA,EAAK;AAAA,IAC1B,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS,UAAA;AAAA,IACT,IAAA;AAAA;AAAA;AAAA,IAGA,IAAA,EAAM;AAAA,GACP,CAAA;AAED,EAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,IAAA,MAAM,OAAO,MAAM,MAAA,CAAO,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC/C,IAAA,MAAM,IAAI,MAAM,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,GAAA,EAAM,IAAA,IAAQ,MAAA,CAAO,UAAU,CAAA,CAAE,CAAA;AAAA,EACrF;AAEA,EAAA,OAAO,EAAE,OAAO,GAAA,EAAI;AACtB;;;AChMO,IAAM,SAAA,GAAY;AAKlB,IAAM,YAAA,GAAe;ACVrB,SAAS,iBAAiB,KAAA,EAA8B;AAG7D,EAAA,MAAM,KAAA,GAAQC,gBAAS,eAAA,EAAgB;AACvC,EAAA,MAAM,SAAA,GAAY,wCAAA;AAClB,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,CAAC,MAAM,CAAC,CAAA,CAAE,MAAA,EAAQ,CAAA,CAAE,KAAA,EAAO,CAAA,CAAE,IAAA,EAAM,CAAA,CAAE,QAAQ,CAAC,CAAA;AACvE,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,CAAC,SAAS,CAAA,EAAG,CAAC,MAAM,CAAC,CAAA;AAClD,EAAA,OAAOC,iBAAU,OAAgC,CAAA;AACnD;;;ACHO,IAAM,MAAA,GAAS,CAAC,OAAA,EAAiB,iBAAA,MAAsC;AAAA,EAC5E,IAAA,EAAM,MAAA;AAAA,EACN,OAAA,EAAS,GAAA;AAAA,EACT,OAAA;AAAA,EACA;AACF,CAAA;AAGO,IAAM,aAAA,GAAgB;AAEtB,IAAM,KAAA,GAAQ;AAAA,EACnB,IAAA,EAAM;AAAA,IACJ,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,SAAA,EAAU;AAAA,IAClC,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAQ;AAAA,IAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,IACjC,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,SAAA;AAAU,GACtC;AAAA,EACA,WAAA,EAAa;AAAA,IACX,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AAAA,IACnC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,IACtC,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,QAAA,EAAS;AAAA,IACpC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,QAAA,EAAS;AAAA,IAChC,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,QAAA,EAAS;AAAA,IACpC,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,SAAA,EAAU;AAAA,IACpC,EAAE,IAAA,EAAM,oBAAA,EAAsB,IAAA,EAAM,SAAA,EAAU;AAAA,IAC9C,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,IACvC,EAAE,IAAA,EAAM,cAAA,EAAgB,IAAA,EAAM,SAAA,EAAU;AAAA,IACxC,EAAE,IAAA,EAAM,sBAAA,EAAwB,IAAA,EAAM,SAAA,EAAU;AAAA,IAChD,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA;AAAU,GACzC;AAAA,EACA,WAAA,EAAa;AAAA,IACX,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,aAAA,EAAc;AAAA,IACpC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,QAAA,EAAS;AAAA,IAChC,EAAE,IAAA,EAAM,cAAA,EAAgB,IAAA,EAAM,MAAA,EAAO;AAAA,IACrC,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,SAAA;AAAU;AAEzC;AAQO,SAAS,wBAAwB,KAAA,EAetC;AACA,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,KAAA,CAAM,KAAK,CAAA;AAC9C,EAAA,MAAM,MAAA,GAAS,OAAO,MAAA,CAAO,KAAA,CAAM,KAAK,OAAO,CAAA,EAAG,MAAM,cAAc,CAAA;AAGtE,EAAA,MAAM,SAAA,GAAY,CAAC,GAAA,KAAiB,GAAA,CAAI,WAAW,IAAI,CAAA,GAAI,GAAA,GAAM,CAAA,EAAA,EAAK,GAAG,CAAA,CAAA;AAIzE,EAAA,MAAM,UAAA,GAAa;AAAA,IACjB,OAAA,EAAS,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAClC,UAAA,EAAY,SAAA,CAAU,KAAA,CAAM,IAAA,CAAK,UAAU,CAAA;AAAA,IAC3C,SAAA,EAAW,MAAM,IAAA,CAAK,SAAA;AAAA,IACtB,KAAA,EAAO,MAAM,IAAA,CAAK,KAAA;AAAA,IAClB,SAAA,EAAW,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA;AAAA,IACtC,QAAA,EAAU,SAAA,CAAU,KAAA,CAAM,IAAA,CAAK,QAAQ,CAAA;AAAA,IACvC,kBAAA,EAAoB,SAAA,CAAU,KAAA,CAAM,IAAA,CAAK,kBAAkB,CAAA;AAAA,IAC3D,WAAA,EAAa,MAAM,IAAA,CAAK,WAAA;AAAA,IACxB,YAAA,EAAc,MAAM,IAAA,CAAK,YAAA;AAAA,IACzB,oBAAA,EAAsB,MAAM,IAAA,CAAK,oBAAA;AAAA,IACjC,WAAA,EAAa,MAAM,IAAA,CAAK;AAAA,GAC1B;AAGA,EAAA,MAAM,WAAA,GAAc,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU;AAAA,IAC7C,MAAA,EAAQ,SAAA,CAAU,IAAA,CAAK,MAAM,CAAA;AAAA,IAC7B,IAAA,EAAM,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA;AAAA,IACzB,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,UAAU,IAAA,CAAK;AAAA,GACjB,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,WAAA,EAAa,aAAA;AAAA,IACb,OAAA,EAAS;AAAA,MACP,IAAA,EAAM,UAAA;AAAA,MACN,KAAA,EAAO,WAAA;AAAA,MACP,YAAA,EAAc,MAAM,YAAA,IAAgB,IAAA;AAAA,MACpC;AAAA,KACF;AAAA,IACA;AAAA,GACF;AACF;AAKA,eAAsB,YAAY,KAAA,EAS/B;AAED,EAAA,IAAI,KAAA,CAAM,KAAK,WAAA,EAAY,KAAM,MAAM,IAAA,CAAK,UAAA,CAAW,aAAY,EAAG;AACpE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,iBAAiB,KAAA,CAAM,IAAI,CAAA,6BAAA,EAAgC,KAAA,CAAM,KAAK,UAAU,CAAA,CAAA;AAAA,KAClF;AAAA,EACF;AAGA,EAAA,MAAM,UAAU,uBAAA,CAAwB;AAAA,IACtC,MAAM,KAAA,CAAM,IAAA;AAAA,IACZ,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,gBAAgB,KAAA,CAAM;AAAA,GACvB,CAAA;AAGD,EAAA,IAAI,CAAC,KAAA,CAAM,MAAA,CAAO,SAAA,EAAW;AAC3B,IAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,EACrE;AAGA,EAAA,MAAM,SAAA,GAAY;AAAA,IAChB,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,KAAA,EAAO,KAAA;AAAA,IACP,aAAa,OAAA,CAAQ,WAAA;AAAA,IACrB,SAAS,OAAA,CAAQ;AAAA,GACnB;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,KAAA,CAAM,MAAA,CAAO,UAAU,SAAS,CAAA;AAEzD,EAAA,OAAO;AAAA,IACL,UAAA;AAAA,IACA,WAAW,OAAA,CAAQ;AAAA,GACrB;AACF;AC1IA,eAAsB,kBAAkB,KAAA,EAKR;AAC9B,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,OAAA,EAAS,OAAM,GAAI,KAAA;AAG5C,EAAA,IAAI,YAAY,CAAA,EAAG;AACjB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,6CAAA,CAA+C,CAAA;AAAA,EACrF;AAEA,EAAA,IAAI,QAAQ,EAAA,EAAI;AACd,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,oBAAA,CAAsB,CAAA;AAAA,EAC5D;AAEA,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,IAAI,CAAA,IAAK,OAAA,CAAQ,WAAW,EAAA,EAAI;AACtD,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wCAAA,CAA0C,CAAA;AAAA,EAChF;AASA,EAAA,MAAM,SAASC,wBAAA,CAAkB;AAAA,IAC/B,OAAA,EAAS,OAAO,OAAO,CAAA;AAAA,IACvB,OAAA,EAAS,QAAQ,WAAA,EAAY;AAAA,IAC7B;AAAA,GACD,CAAA;AAGD,EAAA,MAAM,WAAA,GAAcC,gBAAS,MAAM,CAAA;AAKnC,EAAA,IAAI,GAAA,GAAM,MAAM,MAAA,CAAO,WAAA,CAAY,WAAW,CAAA;AAI9C,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,GAAA,CAAI,CAAC,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAClG,EAAA,MAAM,WAAA,GAAcT,oBAAU,KAAA,CAAM,CAAA;AACpC,EAAA,MAAM,QAAQ,WAAA,GAAc,EAAA;AAE5B,EAAA,IAAI,SAAS,GAAA,CAAI,CAAA;AACjB,EAAA,IAAI,eAAe,GAAA,CAAI,OAAA;AAEvB,EAAA,IAAI,UAAU,KAAA,EAAO;AAEnB,IAAA,MAAM,cAAc,WAAA,GAAc,OAAA;AAClC,IAAA,MAAM,iBAAiB,WAAA,CAAY,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAGhE,IAAA,MAAA,GAAS,IAAI,WAAW,EAAE,CAAA;AAC1B,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,MAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,cAAA,CAAe,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,IACjE;AAGA,IAAA,YAAA,GAAe,YAAA,KAAiB,IAAI,CAAA,GAAI,CAAA;AAAA,EAE1C;AAGA,EAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC,CAAA,CAC1B,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACV,EAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA,CAC3B,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AAEV,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,OAAA,EAAS,QAAQ,WAAA,EAAY;AAAA,IAC7B,KAAA;AAAA,IACA,OAAA,EAAS,YAAA;AAAA,IACT,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA;AAAA,IACZ,CAAA,EAAG,KAAK,IAAI,CAAA;AAAA,GACd;AACF;;;AC9EA,eAAsB,YAAA,CACpB,MAAA,EACA,IAAA,EACA,IAAA,EACiB;AACjB,EAAA,IAAI,CAAC,OAAO,mBAAA,EAAqB;AAC/B,IAAA,MAAM,IAAI,MAAM,8EAA8E,CAAA;AAAA,EAChG;AAIA,EAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,mBAAA,CAAoB,MAAM,QAAQ,CAAA;AAG7D,EAAA,IAAI,SAAS,MAAA,EAAQ;AACnB,IAAA,OAAO,KAAA,GAAQ,EAAA;AAAA,EACjB,CAAA,MAAO;AAEL,IAAA,OAAO,KAAA;AAAA,EACT;AACF;ACcO,SAAS,qBAAA,CACd,SACA,OAAA,EACoB;AACpB,EAAA,IAAI,gBAAA,GAIO,IAAA;AAKX,EAAA,MAAM,YAAA,GAAe,QAAQ,YAAA,IAAgB,CAAA;AAC7C,EAAA,IAAI,gBAAA,GAAkC,IAAA;AACtC,EAAA,IAAI,SAAA,GAAkD,IAAA;AAEtD,EAAA,MAAM,mBAAmB,MAAe;AAGtC,IAAA,IAAI,YAAA,IAAgB,GAAG,OAAO,KAAA;AAC9B,IAAA,IAAI,CAAC,kBAAkB,OAAO,IAAA;AAC9B,IAAA,OAAO,IAAA,CAAK,KAAI,IAAK,gBAAA;AAAA,EACvB,CAAA;AAEA,EAAA,MAAM,oBAAoB,MAAY;AACpC,IAAA,IAAI,gBAAgB,CAAA,EAAG;AAGvB,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,YAAA,CAAa,SAAS,CAAA;AACtB,MAAA,SAAA,GAAY,IAAA;AAAA,IACd;AAGA,IAAA,gBAAA,GAAmB,IAAA,CAAK,KAAI,GAAI,YAAA;AAGhC,IAAA,SAAA,GAAY,WAAW,YAAY;AACjC,MAAA,MAAM,IAAA,EAAK;AAAA,IACb,GAAG,YAAY,CAAA;AAAA,EACjB,CAAA;AAEA,EAAA,MAAM,OAAO,YAA2B;AACtC,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,YAAA,CAAa,SAAS,CAAA;AACtB,MAAA,SAAA,GAAY,IAAA;AAAA,IACd;AACA,IAAA,gBAAA,GAAmB,IAAA;AAEnB,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,OAAA,CAAQ,iBAAiB,UAAU,CAAA;AACnC,MAAA,OAAA,CAAQ,iBAAiB,SAAS,CAAA;AAClC,MAAA,gBAAA,GAAmB,IAAA;AAAA,IACrB;AAAA,EACF,CAAA;AAEA,EAAA,MAAM,aAAA,GAAgB,OAAO,IAAA,KAAqE;AAEhG,IAAA,IAAI,IAAA,EAAM,SAAS,gBAAA,EAAkB;AACnC,MAAA,MAAM,IAAA,EAAK;AAAA,IACb;AAGA,IAAA,IAAI,gBAAA,IAAoB,CAAC,gBAAA,EAAiB,EAAG;AAC3C,MAAA,iBAAA,EAAkB;AAClB,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,gBAAA,IAAoB,kBAAiB,EAAG;AAC1C,MAAA,MAAM,IAAA,EAAK;AAAA,IACb;AAGA,IAAA,MAAM,OAAA,GAAU,aAAA,CAAc,OAAA,CAAQ,QAAQ,CAAA;AAG9C,IAAA,MAAM,EAAE,SAAA,EAAU,GAAI,MAAM,QAAQ,YAAA,CAAa;AAAA,MAC/C,IAAA,EAAM,OAAA;AAAA,MACN,YAAA,EAAc,QAAQ,QAAA,CAAS;AAAA,KAChC,CAAA;AAGD,IAAA,MAAM,OAAA,GAAU,SAAA;AAGhB,IAAA,MAAM,MAAM,OAAA,CAAQ,GAAA,IAAO,IAAI,WAAA,EAAY,CAAE,OAAO,qBAAqB,CAAA;AACzE,IAAA,MAAM,UAAW,MAAM,gBAAA;AAAA,MACrB,QAAQ,aAAA,CAAc,MAAA;AAAA,MACtB,OAAA;AAAA,MACA,GAAA;AAAA,MACA,QAAQ,aAAA,CAAc;AAAA,KACxB;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,aAAA,CAAc,OAAO,CAAA;AAG9C,IAAA,MAAM,OAAA,GAAU,YAAA,CAAa,EAAE,UAAA,EAAY,CAAA;AAG3C,IAAA,OAAA,CAAQ,OAAO,CAAA;AAGf,IAAA,gBAAA,GAAmB;AAAA,MACjB,YAAY,OAAA,CAAQ,UAAA;AAAA,MACpB,WAAW,OAAA,CAAQ,SAAA;AAAA,MACnB,SAAS,OAAA,CAAQ;AAAA,KACnB;AAGA,IAAA,OAAA,CAAQ,UAAU,CAAA;AAClB,IAAA,OAAA,CAAQ,OAAO,CAAA;AACf,IAAA,OAAA,CAAQ,OAAO,CAAA;AAGf,IAAA,iBAAA,EAAkB;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,aAAa,YAAoC;AACrD,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AACzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,iBAAA,CAAkB,iBAAiB,OAAO,CAAA;AAAA,EACnD,CAAA;AAEA,EAAA,MAAM,WAAA,GAAc,OAAO,MAAA,KAIrB;AACJ,IAAA,IAAI,MAAA,CAAO,WAAW,EAAA,EAAI;AACxB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,MAAA,CAAO,MAAM,CAAA,CAAE,CAAA;AAAA,IAC7F;AAGA,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AAEzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,gBAAA,CAAiB,UAAA,EAAY,MAAM,CAAA;AAEvD,IAAA,OAAO;AAAA,MACL,GAAG,GAAA,CAAI,CAAA;AAAA,MACP,GAAG,GAAA,CAAI,CAAA;AAAA,MACP,SAAS,GAAA,CAAI;AAAA,KACf;AAAA,EACF,CAAA;AAEA,EAAA,MAAM,aAAA,GAAgB,OAAO,KAAA,KAAkD;AAE7E,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AAEzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AAMA,IAAA,MAAM,IAAA,GAAOE,wBAAiB,IAAA,CAAK,KAAA,CAAM,QAAQ,KAAA,CAAM,KAAA,EAAO,MAAM,OAAO,CAAA;AAC3E,IAAA,MAAM,OAAA,GAAU,IAAA;AAGhB,IAAA,MAAM,YAAA,GAAe,IAAI,UAAA,CAAW,EAAE,CAAA;AACtC,IAAA,MAAM,GAAA,GAAM,QAAQ,UAAA,CAAW,IAAI,IAAI,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA,GAAI,OAAA;AAC1D,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,MAAA,YAAA,CAAa,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,IAC5D;AAGA,IAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,gBAAA,CAAiB,UAAA,EAAY,YAAY,CAAA;AAG7D,IAAA,MAAM,CAAA,GAAI,IAAI,OAAA,GAAU,EAAA;AACxB,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC,CAAA,CAC1B,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACV,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC,CAAA,CAC1B,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACV,IAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAA;AAE3C,IAAA,OAAO,CAAA,EAAA,EAAK,IAAI,CAAA,EAAG,IAAI,GAAG,IAAI,CAAA,CAAA;AAAA,EAChC,CAAA;AAEA,EAAA,MAAM,eAAe,YAAiC;AACpD,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AACzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,IAAI,UAAA,CAAW,gBAAA,CAAiB,SAAS,CAAA;AAAA,EAClD,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,cAAA,EAAgB,SAAA;AAAA,IAChB,aAAA;AAAA,IACA,UAAA;AAAA,IACA,WAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,IAAA;AAAA,IACA,YAAA,EAAc;AAAA,MACZ,SAAA,EAAW,IAAA;AAAA,MACX,IAAA,EAAM;AAAA;AAAA;AACR,GACF;AACF;;;AC1PO,SAAS,kBAAkB,SAAA,EAA6C;AAC7E,EAAA,OAAO;AAAA,IACL,cAAA,EAAgB,KAAA;AAAA,IAChB,aAAA,EAAe,MAAM,SAAA,CAAU,aAAA,EAAc;AAAA,IAC7C,UAAA,EAAY,MAAM,SAAA,CAAU,UAAA,EAAW;AAAA,IACvC,WAAA,EAAa,CAAC,MAAA,KAAW,SAAA,CAAU,YAAY,MAAM,CAAA;AAAA,IACrD,aAAA,EAAe,CAAC,KAAA,KAAU,SAAA,CAAU,cAAc,KAAK,CAAA;AAAA,IACvD,cAAc,SAAA,CAAU,YAAA,GAAe,MAAM,SAAA,CAAU,cAAc,GAAI,MAAA;AAAA,IACzE,YAAA,EAAc;AAAA,MACZ,SAAA,EAAW,IAAA;AAAA,MACX,IAAA,EAAM;AAAA;AAAA;AACR,GACF;AACF;;;ACOA,eAAsB,aAAa,GAAA,EAA+C;AAChF,EAAA,MAAM,EAAE,UAAS,GAAI,GAAA;AAKrB,EAAA,IAAI,SAAS,YAAA,EAAc;AACzB,IAAA,OAAO,IAAI,qBAAqB,QAAQ,CAAA;AAAA,EAC1C;AAIA,EAAA,MAAM,IAAI,KAAA;AAAA,IACR,GAAG,iBAAiB,CAAA,uIAAA;AAAA,GAEtB;AACF;AAMA,IAAM,uBAAN,MAAiD;AAAA,EAC/C,YAAoB,QAAA,EAA8B;AAA9B,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAClB,IAAA,IAAI,CAAC,SAAS,YAAA,EAAc;AAC1B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wCAAA,CAA0C,CAAA;AAAA,IAChF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,GAAoC;AACxC,IAAA,OAAO,IAAA,CAAK,SAAS,YAAA,EAAc;AAAA,EACrC;AAAA,EAEA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,WAAA,CAAY,SAAS,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,YAAY,MAAA,EAIf;AAGD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,WAAA,CAAY,MAAM,CAAA;AAAA,EACzC;AAAA,EAEA,MAAM,UAAW,KAAA,EAAwC;AACvD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,MAAA,MAAM,KAAA,GAAQ,KAAA;AACd,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,aAAA,CAAc,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,0BAAA,CAA4B,CAAA;AAAA,EAClE;AACF,CAAA;;;ACvFA,IAAMQ,wBAAN,MAAiD;AAAA,EAC/C,YAAoB,QAAA,EAA8B;AAA9B,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAClB,IAAA,IAAI,CAAC,SAAS,YAAA,EAAc;AAC1B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wCAAA,CAA0C,CAAA;AAAA,IAChF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,GAAoC;AACxC,IAAA,OAAO,IAAA,CAAK,SAAS,YAAA,EAAc;AAAA,EACrC;AAAA,EAEA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,WAAA,CAAY,SAAS,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,YAAY,OAAA,EAIf;AAGD,IAAA,MAAM,IAAI,MAAM,uGAAuG,CAAA;AAAA,EACzH;AAAA,EAEA,MAAM,UAAW,KAAA,EAAwC;AACvD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,MAAA,MAAM,KAAA,GAAQ,KAAA;AACd,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,aAAA,CAAc,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,0BAAA,CAA4B,CAAA;AAAA,EAClE;AACF,CAAA;AAyBA,eAAsBC,cACpB,GAAA,EACmD;AACnD,EAAA,MAAM,EAAE,QAAA,EAAU,OAAA,EAAQ,GAAI,GAAA;AAG9B,EAAA,IAAI,QAAA,EAAU;AAEZ,IAAA,IAAI,CAAC,SAAS,YAAA,EAAc;AAC1B,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,GAAG,iBAAiB,CAAA,0IAAA;AAAA,OAEtB;AAAA,IACF;AAGA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,WAAA;AAAA;AAAA,MACN,MAAA,EAAQ,IAAID,qBAAAA,CAAqB,QAAQ;AAAA,KAC3C;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,WAAA;AAAA,MACN,MAAA,EAAQ,IAAI,uBAAA,CAAwB,OAAO;AAAA,KAC7C;AAAA,EACF;AAGA,EAAA,MAAM,IAAI,KAAA;AAAA,IACR,GAAG,iBAAiB,CAAA,sGAAA;AAAA,GACtB;AACF","file":"index.cjs","sourcesContent":["/*\n Base error class for Volr SDK\n /\nexport class VolrError extends Error {\n constructor(\n public readonly code: string,\n message: string,\n public readonly cause?: Error\n ) {\n super(message);\n this.name = 'VolrError';\n Object.setPrototypeOf(this, VolrError.prototype);\n }\n}\n\n/\n Error codes\n /\nexport const ERR_INVALID_PARAM = 'ERR_INVALID_PARAM';\nexport const ERR_CRYPTO_FAIL = 'ERR_CRYPTO_FAIL';\nexport const ERR_AAD_MISMATCH = 'ERR_AAD_MISMATCH';\nexport const ERR_NONCE_SIZE = 'ERR_NONCE_SIZE';\nexport const ERR_LOW_ENTROPY = 'ERR_LOW_ENTROPY';\nexport const ERR_CHAIN_MISMATCH = 'ERR_CHAIN_MISMATCH';\n\n","import { hkdf } from '@noble/hashes/hkdf';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n HKDF-SHA256 key derivation\n * \n * @param ikm - Input Key Material (32 bytes recommended)\n * @param salt - Salt (can be empty, but 32 bytes recommended)\n * @param info - Application-specific info string\n * @param len - Output length in bytes (default: 32)\n * @returns Derived key material\n * @throws VolrError if info is empty or other validation fails\n * \n * @example\n * ```ts\n * const ikm = new Uint8Array(32).fill(0x01);\n * const salt = new Uint8Array(32).fill(0x02);\n * const key = hkdfSha256(ikm, salt, 'volr/wrap-key/v1', 32);\n * ```\n /\nexport function hkdfSha256(\n ikm: Uint8Array,\n salt: Uint8Array,\n info: string,\n len: number = 32\n): Uint8Array {\n if (!info \|\| info.length === 0) {\n throw new Error(`${ERR_INVALID_PARAM}: info cannot be empty`);\n }\n\n if (len < 1 \|\| len > 255 32) {\n throw new Error(`${ERR_INVALID_PARAM}: len must be between 1 and ${255 * 32}`);\n }\n\n try {\n const derived = hkdf(sha256, ikm, salt, info, len);\n return derived;\n } catch (error) {\n throw new Error(`HKDF derivation failed: ${error instanceof Error ? error.message : String(error)}`);\n }\n}\n\n","/*\n Get secure random bytes using WebCrypto API\n * Falls back to Node.js crypto.webcrypto if WebCrypto is not available\n * \n * @param len - Number of bytes to generate\n * @returns Uint8Array of random bytes\n * @throws VolrError if random generation fails\n /\nexport function getRandomBytes(len: number): Uint8Array {\n if (len < 0 \|\| len > 65536) {\n throw new Error(`Invalid length: ${len}`);\n }\n\n const arr = new Uint8Array(len);\n \n // Try WebCrypto first (browser or Node 18+)\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(arr);\n return arr;\n }\n\n // Fallback to Node.js crypto.webcrypto\n if (typeof require !== 'undefined') {\n try {\n const nodeCrypto = require('crypto');\n if (nodeCrypto.webcrypto && nodeCrypto.webcrypto.getRandomValues) {\n nodeCrypto.webcrypto.getRandomValues(arr);\n return arr;\n }\n // Fallback to randomBytes for older Node versions\n const randomBytes = nodeCrypto.randomBytes(len);\n arr.set(randomBytes);\n return arr;\n } catch {\n // Ignore\n }\n }\n\n throw new Error('No secure random source available');\n}\n\n","import { ERR_INVALID_PARAM, ERR_CRYPTO_FAIL, ERR_AAD_MISMATCH, ERR_NONCE_SIZE } from '@/core/errors';\nimport { getRandomBytes } from '@/core/crypto/rng';\n\n/\n AES-GCM encryption parameters\n /\nexport type AesGcmParams = {\n /* 32-byte encryption key /\n key: Uint8Array;\n /* 12-byte nonce (optional, will be generated if not provided) /\n nonce?: Uint8Array;\n /* Additional Authenticated Data (optional) /\n aad?: Uint8Array;\n};\n\n/\n Generate a unique 12-byte nonce for AES-GCM\n * \n * Format: [4 bytes timestamp] + [8 bytes random]\n * \n * This hybrid approach provides:\n * 1. Timestamp component: Reduces collision probability across different times\n * 2. Random component: Reduces collision probability at the same time\n * \n * Collision analysis:\n * - With purely random 96-bit nonces: 2^32 encryptions before 50% collision probability\n * - With timestamp + 64-bit random: Collisions require same second + same random (2^64 per second)\n * \n * Note: This is belt-and-suspenders - in practice, master seeds are encrypted\n * only once per enrollment, so collisions are extremely unlikely either way.\n * \n * @returns 12-byte Uint8Array nonce\n /\nexport function generateNonce(): Uint8Array {\n const nonce = new Uint8Array(12);\n \n // First 4 bytes: timestamp (seconds since epoch, big-endian)\n // This gives us ~136 years of unique timestamps\n const timestamp = Math.floor(Date.now() / 1000);\n const view = new DataView(nonce.buffer);\n view.setUint32(0, timestamp, false); // big-endian\n \n // Last 8 bytes: random\n const random = getRandomBytes(8);\n nonce.set(random, 4);\n \n return nonce;\n}\n\n/\n Get WebCrypto SubtleCrypto API\n /\nfunction getSubtleCrypto(): SubtleCrypto {\n if (typeof crypto !== 'undefined' && crypto.subtle) {\n return crypto.subtle;\n }\n\n // Node.js fallback\n if (typeof require !== 'undefined') {\n try {\n const nodeCrypto = require('crypto');\n if (nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle) {\n return nodeCrypto.webcrypto.subtle;\n }\n } catch {\n // Ignore\n }\n }\n\n throw new Error(`${ERR_CRYPTO_FAIL}: WebCrypto API not available`);\n}\n\n/\n AES-256-GCM encryption\n * \n * @param plain - Plaintext to encrypt\n * @param params - Encryption parameters (key, optional nonce, optional AAD)\n * @returns Object containing ciphertext and nonce\n * @throws VolrError if key is not 32 bytes, nonce is not 12 bytes, or encryption fails\n * \n * @example\n * ```ts\n * const key = getRandomBytes(32);\n * const plaintext = new TextEncoder().encode('secret data');\n * const { cipher, nonce } = await aesGcmEncrypt(plaintext, { key });\n * ```\n /\nexport async function aesGcmEncrypt(\n plain: Uint8Array,\n params: AesGcmParams\n): Promise<{ cipher: Uint8Array; nonce: Uint8Array }> {\n const { key, nonce: providedNonce, aad } = params;\n\n if (key.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: key must be 32 bytes, got ${key.length}`);\n }\n\n // Use timestamp + random nonce generation for better collision resistance\n const nonce = providedNonce \|\| generateNonce();\n if (nonce.length !== 12) {\n throw new Error(`${ERR_NONCE_SIZE}: nonce must be 12 bytes, got ${nonce.length}`);\n }\n\n const subtle = getSubtleCrypto();\n\n try {\n const keyMaterial = await subtle.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['encrypt']\n );\n\n const encrypted = await subtle.encrypt(\n {\n name: 'AES-GCM',\n iv: nonce as BufferSource,\n additionalData: aad as BufferSource \| undefined,\n tagLength: 128, // 16 bytes authentication tag\n },\n keyMaterial,\n plain as BufferSource\n );\n\n return {\n cipher: new Uint8Array(encrypted),\n nonce,\n };\n } catch (error) {\n throw new Error(\n `${ERR_CRYPTO_FAIL}: Encryption failed: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n}\n\n/\n AES-256-GCM decryption\n * \n * @param cipher - Ciphertext to decrypt\n * @param params - Decryption parameters (key, nonce, optional AAD)\n * @returns Decrypted plaintext\n * @throws VolrError if decryption fails (wrong key, wrong AAD, corrupted data)\n * \n * @example\n * ```ts\n * const plaintext = await aesGcmDecrypt(cipher, { key, nonce });\n * ```\n /\nexport async function aesGcmDecrypt(\n cipher: Uint8Array,\n params: AesGcmParams & { nonce: Uint8Array }\n): Promise<Uint8Array> {\n const { key, nonce, aad } = params;\n\n if (key.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: key must be 32 bytes, got ${key.length}`);\n }\n\n if (nonce.length !== 12) {\n throw new Error(`${ERR_NONCE_SIZE}: nonce must be 12 bytes, got ${nonce.length}`);\n }\n\n const subtle = getSubtleCrypto();\n\n try {\n const keyMaterial = await subtle.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['decrypt']\n );\n\n const decrypted = await subtle.decrypt(\n {\n name: 'AES-GCM',\n iv: nonce as BufferSource,\n additionalData: aad as BufferSource \| undefined,\n tagLength: 128,\n },\n keyMaterial,\n cipher as BufferSource\n );\n\n return new Uint8Array(decrypted);\n } catch (error) {\n // AAD mismatch or wrong key will throw here\n const message = error instanceof Error ? error.message : String(error);\n if (message.includes('decryption') \|\| message.includes('authentication')) {\n throw new Error(`${ERR_AAD_MISMATCH}: Decryption failed - wrong key or AAD`);\n }\n throw new Error(`${ERR_CRYPTO_FAIL}: Decryption failed: ${message}`);\n }\n}\n\n","/\n Zeroize (overwrite with zeros) a buffer in place\n * This helps prevent sensitive data from remaining in memory\n * \n * @param buf - Uint8Array or ArrayBuffer to zeroize\n /\nexport function zeroize(buf: Uint8Array \| ArrayBuffer): void {\n let view: Uint8Array;\n \n if (buf instanceof ArrayBuffer) {\n view = new Uint8Array(buf);\n } else {\n view = buf;\n }\n\n // Overwrite with zeros\n view.fill(0);\n \n // Try to prevent compiler optimizations\n // eslint-disable-next-line @typescript-eslint/no-unused-expressions\n view.length;\n}\n\n","import { aesGcmEncrypt, aesGcmDecrypt } from '@/core/crypto/aes-gcm';\nimport type { WrapKey, MasterSeed } from './types';\n\n/\n Seal (encrypt) master seed with wrap key\n * \n * @param masterSeed - 32-byte master seed to encrypt\n * @param wrapKey - 32-byte wrap key\n * @param aad - Additional Authenticated Data\n * @returns Object containing ciphertext and nonce\n * \n * @example\n * ```ts\n * const masterSeed = getRandomBytes(32);\n * const wrapKey = deriveWrapKey({ origin, projectId, credentialId });\n * const aad = new TextEncoder().encode('volr/master-seed/v1');\n * const { cipher, nonce } = await sealMasterSeed(masterSeed, wrapKey, aad);\n * ```\n /\nexport async function sealMasterSeed(\n masterSeed: Uint8Array,\n wrapKey: WrapKey,\n aad: Uint8Array\n): Promise<{ cipher: Uint8Array; nonce: Uint8Array }> {\n return aesGcmEncrypt(masterSeed, { key: wrapKey, aad });\n}\n\n/\n Unseal (decrypt) master seed with wrap key\n * \n * @param cipher - Encrypted master seed\n * @param wrapKey - 32-byte wrap key\n * @param aad - Additional Authenticated Data (must match encryption)\n * @param nonce - 12-byte nonce used during encryption\n * @returns Decrypted master seed (32 bytes)\n * @throws Error if decryption fails (wrong key, wrong AAD, corrupted data)\n * \n * @example\n * ```ts\n * const masterSeed = await unsealMasterSeed(cipher, wrapKey, aad, nonce);\n * // Use masterSeed, then zeroize it\n * zeroize(masterSeed);\n * ```\n /\nexport async function unsealMasterSeed(\n cipher: Uint8Array,\n wrapKey: WrapKey,\n aad: Uint8Array,\n nonce: Uint8Array\n): Promise<MasterSeed> {\n const decrypted = await aesGcmDecrypt(cipher, { key: wrapKey, aad, nonce });\n return decrypted as MasterSeed;\n}\n\n","/\n BIP-39 Mnemonic utilities\n \n Provides functions to generate entropy, convert to/from mnemonic strings,\n * and derive seeds for key generation.\n \n Security Note:\n * - Entropy (Uint8Array) can be zeroized after use\n * - Mnemonic strings cannot be zeroized (JavaScript strings are immutable)\n * - Only convert to mnemonic string when absolutely necessary (e.g., export)\n /\n\nimport {\n entropyToMnemonic,\n mnemonicToEntropy,\n mnemonicToSeed,\n validateMnemonic,\n} from '@scure/bip39';\nimport { wordlist } from '@scure/bip39/wordlists/english';\nimport { getRandomBytes } from '@/core/crypto/rng';\nimport type { Entropy, MasterSeed } from './types';\n\n/\n Generate random entropy for BIP-39 mnemonic (256 bits = 24 words)\n \n @returns 32-byte entropy that can be converted to a 24-word mnemonic\n \n @example\n * ```ts\n * const entropy = generateEntropy();\n * const mnemonic = entropyToMnemonicString(entropy);\n * // ... use mnemonic for export\n * zeroize(entropy);\n * ```\n /\nexport function generateEntropy(): Entropy {\n return getRandomBytes(32) as Entropy;\n}\n\n/\n Validate entropy has correct length for 24-word mnemonic\n \n @param entropy - Entropy to validate\n * @returns true if entropy is valid (32 bytes)\n /\nexport function validateEntropy(entropy: Entropy): boolean {\n return entropy instanceof Uint8Array && entropy.length === 32;\n}\n\n/\n Convert entropy to BIP-39 mnemonic string (24 words)\n \n WARNING: Returned string cannot be zeroized. Minimize retention time.\n * Only call this function when the user explicitly requests to export their wallet.\n \n @param entropy - 32-byte entropy\n * @returns 24-word mnemonic phrase (space-separated)\n /\nexport function entropyToMnemonicString(entropy: Entropy): string {\n return entropyToMnemonic(entropy, wordlist);\n}\n\n/\n Convert BIP-39 mnemonic string back to entropy\n \n @param mnemonic - 24-word mnemonic phrase (space-separated)\n * @returns 32-byte entropy\n * @throws Error if mnemonic is invalid\n /\nexport function mnemonicStringToEntropy(mnemonic: string): Entropy {\n if (!validateMnemonic(mnemonic, wordlist)) {\n throw new Error('Invalid mnemonic phrase');\n }\n return mnemonicToEntropy(mnemonic, wordlist) as Entropy;\n}\n\n/\n Derive BIP-39 seed from entropy\n \n This function internally converts entropy to a mnemonic string (temporarily),\n * then uses PBKDF2 to derive the seed. The mnemonic string exists only within\n * this function's scope.\n \n @param entropy - 32-byte entropy\n * @returns 32-byte master seed for BIP-32 key derivation\n /\nexport async function entropyToSeed(entropy: Entropy): Promise<MasterSeed> {\n const mnemonic = entropyToMnemonic(entropy, wordlist);\n const seed = await mnemonicToSeed(mnemonic);\n // Use first 32 bytes as master seed (standard for BIP-32)\n return seed.slice(0, 32) as MasterSeed;\n}\n\n","import { zeroize } from '@/core/crypto/zeroize';\nimport { unsealMasterSeed } from '@/master-key/encryption';\nimport {\n generateEntropy,\n entropyToMnemonicString,\n entropyToSeed,\n} from '@/master-key/mnemonic';\nimport type { Entropy, MasterSeed, WrapKey } from './types';\n\n/\n Handle to master key material\n * Provides controlled access to entropy and seed, with secure cleanup\n /\nexport type MasterKeyHandle = {\n /* 32-byte entropy for BIP-39 mnemonic generation /\n readonly entropy: Entropy;\n /* 32-byte seed for BIP-32 key derivation /\n readonly seed: MasterSeed;\n /\n Get mnemonic phrase for export (24 words)\n \n WARNING: Returned string cannot be zeroized.\n * Only call this when user explicitly requests wallet export.\n * Minimize retention time of the returned string.\n /\n getMnemonic(): string;\n /* Destroy the handle and zeroize all sensitive data /\n destroy(): void;\n};\n\n/\n Master key provider interface\n * Handles generation and unsealing of master keys\n /\nexport interface MasterKeyProvider {\n /\n Unseal entropy from encrypted blob and derive seed\n \n @param blob - Encrypted blob containing ciphertext, nonce, and AAD\n * @param wrapKey - Wrap key for decryption\n * @returns Handle to unsealed master key\n /\n unsealFromBlob(\n blob: { cipher: Uint8Array; nonce: Uint8Array; aad: Uint8Array },\n wrapKey: WrapKey\n ): Promise<MasterKeyHandle>;\n\n /\n Generate a new master key (entropy + derived seed)\n \n @returns Handle to newly generated master key\n /\n generate(): Promise<MasterKeyHandle>;\n}\n\n/\n Create a master key handle from entropy\n /\nasync function createHandle(entropy: Entropy): Promise<MasterKeyHandle> {\n const seed = await entropyToSeed(entropy);\n\n return {\n entropy,\n seed,\n getMnemonic() {\n return entropyToMnemonicString(entropy);\n },\n destroy() {\n zeroize(entropy);\n zeroize(seed);\n },\n };\n}\n\n/\n Create a master key provider instance\n \n @returns MasterKeyProvider instance\n \n @example\n * ```ts\n * const provider = createMasterKeyProvider();\n * const handle = await provider.generate();\n \n // Use handle.seed for key derivation\n * const keypair = deriveEvmKey({ masterSeed: handle.seed });\n \n // Export mnemonic when user requests (only for backup/migration)\n * const mnemonic = handle.getMnemonic();\n \n // Cleanup\n * handle.destroy();\n * ```\n /\nexport function createMasterKeyProvider(): MasterKeyProvider {\n return {\n async unsealFromBlob(blob, wrapKey) {\n // unsealMasterSeed returns Uint8Array (typed as MasterSeed for legacy reasons)\n // In the new architecture, we store entropy, so cast through unknown\n const entropy = (await unsealMasterSeed(\n blob.cipher,\n wrapKey,\n blob.aad,\n blob.nonce\n )) as unknown as Entropy;\n\n return createHandle(entropy);\n },\n\n async generate() {\n const entropy = generateEntropy();\n return createHandle(entropy);\n },\n };\n}\n","import { hkdfSha256 } from '@/core/crypto/hkdf';\nimport { sha256 } from '@noble/hashes/sha256';\nimport type { WrapKey } from '../types';\n\n/\n PRF input parameters for wrap key derivation\n * \n * Note: origin is NOT included in PrfInput because:\n * - Different domains should be able to share the same wallet\n * - WebAuthn rpId binding already provides domain security\n * - Including origin would prevent cross-domain wallet usage\n /\nexport type PrfInput = {\n /* Project ID /\n projectId: string;\n /* Credential ID from WebAuthn /\n credentialId: string;\n /* Optional salt (defaults to SHA256 of projectId) /\n salt?: Uint8Array;\n};\n\n/\n Derive wrap key from PRF inputs using HKDF\n * \n * Salt derivation uses only projectId to enable cross-domain wallet sharing.\n * WebAuthn's rpId binding already provides domain-level security.\n * \n * Note: credentialId is NOT included in salt derivation because:\n * - During enrollment, actual credentialId is not known until after credential creation\n * - Using credentialId would create different salts for enrollment vs authentication\n * - This would cause PRF to return different outputs, breaking decryption\n * \n * This function maps PRF output (from WebAuthn) to a 32-byte wrap key.\n * In the real implementation, the PRF output would come from WebAuthn PRF API.\n * For now, we simulate it by using SHA256 of the inputs.\n * \n * @param input - PRF input parameters\n * @returns 32-byte wrap key\n * \n * @example\n * ```ts\n * const wrapKey = deriveWrapKey({\n * projectId: 'project-123',\n * credentialId: 'cred-456' // stored for authentication, but not used in salt derivation\n * });\n * ```\n /\nexport function deriveWrapKey(input: PrfInput): WrapKey {\n const { projectId, salt } = input;\n\n // PRF input domain: projectId only (origin excluded for cross-domain support)\n // WebAuthn rpId binding already provides domain security\n const prfInputBytes = new TextEncoder().encode(`volr\|${projectId}`);\n const prfOutput = sha256(prfInputBytes);\n\n // Default salt: SHA256 of projectId (no origin)\n const defaultSalt = salt \|\| sha256(\n new TextEncoder().encode(`volr/salt\|${projectId}`)\n );\n\n // HKDF info format: \"volr/wrap-key/v1\|projectId\"\n const info = `volr/wrap-key/v1\|${projectId}`;\n\n // Derive 32-byte wrap key\n const wrapKey = hkdfSha256(prfOutput, defaultSalt, info, 32);\n\n return wrapKey as WrapKey;\n}\n","import { HDKey } from '@scure/bip32';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { keccak_256 } from '@noble/hashes/sha3';\n\n/\n Default BIP-32 derivation path for Ethereum\n * m / purpose' / coin_type' / account' / change / address_index\n * 60' = Ethereum coin type\n /\nexport const DEFAULT_EVM_PATH = \"m/60'/0'/0'/0/0\";\n\n/\n Arguments for EVM key derivation\n /\nexport type DeriveArgs = {\n /* Master seed (32 bytes recommended) /\n masterSeed: Uint8Array;\n /* BIP-32 derivation path (default: m/60'/0'/0'/0/0) /\n path?: string;\n};\n\n/\n EVM keypair derived from master seed\n /\nexport type EvmKeypair = {\n /* 32-byte private key /\n privateKey: Uint8Array;\n /* 65-byte uncompressed public key (0x04 prefix) /\n publicKey: Uint8Array;\n /* 20-byte EOA address (checksummed) /\n address: `0x${string}`;\n /* Derivation path used /\n path: string;\n};\n\n/\n Derive EVM keypair from master seed using BIP-32\n * \n * @param args - Derivation arguments\n * @returns EVM keypair with private key, public key, and address\n * \n * @example\n * ```ts\n * const masterSeed = getRandomBytes(32);\n * const keypair = deriveEvmKey({ masterSeed });\n * // Use keypair.privateKey for signing\n * // Use keypair.address as EOA address\n * ```\n /\nexport function deriveEvmKey(args: DeriveArgs): EvmKeypair {\n const { masterSeed, path = DEFAULT_EVM_PATH } = args;\n\n // Create HD key from master seed\n const hdKey = HDKey.fromMasterSeed(masterSeed);\n\n // Derive key at specified path\n const derived = hdKey.derive(path);\n\n if (!derived.privateKey) {\n throw new Error('Failed to derive private key');\n }\n\n // Get private key (32 bytes)\n const privateKey = new Uint8Array(derived.privateKey);\n\n // Get public key (uncompressed, 65 bytes with 0x04 prefix)\n const publicKey = derived.publicKey;\n if (!publicKey \|\| publicKey.length !== 33) {\n throw new Error('Invalid public key length');\n }\n\n // Convert compressed public key to uncompressed\n const pubKeyPoint = secp256k1.ProjectivePoint.fromHex(publicKey);\n const uncompressedPubKey = pubKeyPoint.toRawBytes(false); // Returns 65 bytes with 0x04 prefix\n\n // Derive EOA address: keccak256(publicKey without prefix)[12:]\n const pubKeyWithoutPrefix = uncompressedPubKey.slice(1); // Remove 0x04 prefix\n const hash = keccak_256(pubKeyWithoutPrefix);\n const addressBytes = hash.slice(12); // Last 20 bytes\n const address = ('0x' + Array.from(addressBytes)\n .map(b => b.toString(16).padStart(2, '0'))\n .join('')) as `0x${string}`;\n\n return {\n privateKey,\n publicKey: uncompressedPubKey,\n address,\n path,\n };\n}\n\n","import { keccak_256 } from '@noble/hashes/sha3';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n Convert Ethereum address to EIP-55 checksum format\n * \n * EIP-55: Mixed-case checksum address encoding\n * https://eips.ethereum.org/EIPS/eip-55\n * \n * @param addr - Lowercase Ethereum address (0x prefix required)\n * @returns Checksummed address\n * @throws Error if address is invalid (wrong length, non-hex, missing 0x prefix)\n * \n * @example\n * ```ts\n * const checksummed = toChecksumAddress('0x742d35cc6634c0532925a3b844bc9e7595f0bebd');\n * // Returns: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEbD'\n * ```\n /\nexport function toChecksumAddress(addr: `0x${string}`): `0x${string}` {\n if (!addr.startsWith('0x')) {\n throw new Error(`${ERR_INVALID_PARAM}: Address must start with 0x`);\n }\n\n const address = addr.slice(2).toLowerCase();\n\n if (address.length !== 40) {\n throw new Error(`${ERR_INVALID_PARAM}: Address must be 40 hex characters (20 bytes)`);\n }\n\n // Validate hex characters\n if (!/^[0-9a-f]{40}$/.test(address)) {\n throw new Error(`${ERR_INVALID_PARAM}: Address contains invalid hex characters`);\n }\n\n // Compute keccak256 hash of lowercase address (as bytes)\n const addressBytes = new TextEncoder().encode(address);\n const hash = keccak_256(addressBytes);\n\n // Build checksummed address\n let checksummed = '0x';\n for (let i = 0; i < address.length; i++) {\n const char = address[i];\n const hashByte = Math.floor(i / 2);\n const hashNibble = i % 2 === 0 ? (hash[hashByte] >> 4) : (hash[hashByte] & 0x0f);\n\n // If hash nibble >= 8, uppercase the character\n checksummed += hashNibble >= 8 ? char.toUpperCase() : char;\n }\n\n return checksummed as `0x${string}`;\n}\n\n","import { secp256k1 } from '@noble/curves/secp256k1';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n EVM signature structure\n /\nexport type Sig = {\n /* 32-byte r value /\n r: Uint8Array;\n /* 32-byte s value (low-S canonicalized) /\n s: Uint8Array;\n /* y-parity (0 or 1) /\n yParity: 0 \| 1;\n};\n\n/\n Sign a message hash with secp256k1 private key\n * \n * Produces deterministic, low-S canonicalized signatures compatible with EVM.\n * \n * @param privKey - 32-byte private key\n * @param msgHash32 - 32-byte message hash\n * @returns Signature with r, s, and yParity\n * @throws Error if private key or message hash is invalid\n * \n * @example\n * ```ts\n * const privateKey = getRandomBytes(32);\n * const msgHash = sha256(new TextEncoder().encode('Hello'));\n * const sig = evmSign(privateKey, msgHash);\n * // Use sig.r, sig.s, sig.yParity for transaction signing\n * ```\n /\nexport function evmSign(privKey: Uint8Array, msgHash32: Uint8Array): Sig {\n if (privKey.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Private key must be 32 bytes, got ${privKey.length}`);\n }\n\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n // Sign with deterministic nonce (RFC 6979)\n const signature = secp256k1.sign(msgHash32, privKey, {\n lowS: true, // Enforce low-S canonicalization\n });\n\n // Extract r and s (both 32 bytes)\n const r = signature.r;\n const s = signature.s;\n\n // Convert r and s to Uint8Array\n const rBytes = new Uint8Array(32);\n const sBytes = new Uint8Array(32);\n\n // Convert bigint to bytes (big-endian)\n const rHex = r.toString(16).padStart(64, '0');\n const sHex = s.toString(16).padStart(64, '0');\n\n for (let i = 0; i < 32; i++) {\n rBytes[i] = parseInt(rHex.slice(i 2, i * 2 + 2), 16);\n sBytes[i] = parseInt(sHex.slice(i * 2, i * 2 + 2), 16);\n }\n\n // yParity: recovery ID (0 or 1 for EVM)\n // secp256k1.recoverPublicKey uses recovery ID 0-3, but EVM uses yParity 0-1\n // recovery ID % 2 gives us yParity\n const yParity = (signature.recovery % 2) as 0 \| 1;\n\n return {\n r: rBytes,\n s: sBytes,\n yParity,\n };\n}\n\n/*\n Verify a signature against a public key and message hash\n * \n * @param pubKey - 65-byte uncompressed public key (0x04 prefix)\n * @param msgHash32 - 32-byte message hash\n * @param sig - Signature to verify\n * @returns true if signature is valid, false otherwise\n * @throws Error if public key or message hash is invalid\n * \n * @example\n * ```ts\n * const isValid = evmVerify(publicKey, msgHash, sig);\n * if (isValid) {\n * console.log('Signature is valid');\n * }\n * ```\n /\nexport function evmVerify(\n pubKey: Uint8Array,\n msgHash32: Uint8Array,\n sig: Sig\n): boolean {\n if (pubKey.length !== 65 \|\| pubKey[0] !== 0x04) {\n throw new Error(`${ERR_INVALID_PARAM}: Public key must be 65 bytes uncompressed (0x04 prefix)`);\n }\n\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n if (sig.r.length !== 32 \|\| sig.s.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Signature r and s must be 32 bytes each`);\n }\n\n // Convert s bytes to bigint for low-S check\n const sBigInt = BigInt('0x' + Array.from(sig.s)\n .map(b => b.toString(16).padStart(2, '0'))\n .join(''));\n\n // Verify s is low-S\n const n = secp256k1.CURVE.n;\n const nHalf = n / 2n;\n if (sBigInt > nHalf) {\n return false;\n }\n\n // Use secp256k1.verify for signature verification\n // Convert public key from uncompressed (65 bytes) to compressed (33 bytes) for verification\n // pubKey.slice(1) gives us 64 bytes (x, y coordinates)\n // We need to create a point from x and y, then get compressed format\n const x = pubKey.slice(1, 33); // First 32 bytes (x coordinate)\n const y = pubKey.slice(33, 65); // Next 32 bytes (y coordinate)\n const pubKeyPoint = secp256k1.ProjectivePoint.fromAffine({\n x: BigInt('0x' + Array.from(x).map(b => b.toString(16).padStart(2, '0')).join('')),\n y: BigInt('0x' + Array.from(y).map(b => b.toString(16).padStart(2, '0')).join(''))\n });\n const compressedPubKey = pubKeyPoint.toRawBytes(true); // Compressed format\n\n // Verify signature\n // secp256k1.verify expects (signature, msgHash, publicKey)\n // Use compact bytes format for signature\n try {\n const compactSig = new Uint8Array([...sig.r, ...sig.s]);\n return secp256k1.verify(compactSig, msgHash32, compressedPubKey);\n } catch {\n return false;\n }\n}\n\n","import { secp256k1 } from '@noble/curves/secp256k1';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\nimport type { SignerPort } from '@/wallet/types';\nimport { TypedDataEncoder } from 'ethers';\n\n/\n EVM signature structure\n /\nexport type Sig = {\n /* 32-byte r value /\n r: Uint8Array;\n /* 32-byte s value (low-S canonicalized) /\n s: Uint8Array;\n /* y-parity (0 or 1) /\n yParity: 0 \| 1;\n};\n\n/\n Secp256k1 software signer implementation\n * Uses existing master-key → BIP-32 → secp256k1 derivation path\n * \n * @example\n * ```ts\n * const privateKey = getRandomBytes(32);\n * const signer = new Secp256k1SoftwareSigner(privateKey);\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport class Secp256k1SoftwareSigner implements SignerPort {\n constructor(private privateKey: Uint8Array) {\n if (privateKey.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Private key must be 32 bytes, got ${privateKey.length}`);\n }\n\n // Check if key is zero\n if (privateKey.every(b => b === 0)) {\n throw new Error(`${ERR_INVALID_PARAM}: Private key cannot be zero`);\n }\n }\n\n /\n Get uncompressed public key (65 bytes)\n * \n * @returns Uncompressed public key with 0x04 prefix\n /\n async getPublicKey(): Promise<Uint8Array> {\n const pubKeyPoint = secp256k1.getPublicKey(this.privateKey, false);\n const pubKey = new Uint8Array(65);\n pubKey[0] = 0x04;\n pubKey.set(pubKeyPoint.slice(1), 1);\n return pubKey;\n }\n\n /\n Sign message hash with deterministic, low-S canonicalization\n * \n * @param msgHash32 - 32-byte message hash\n * @returns Signature with r, s, and yParity\n * @throws Error if message hash is invalid\n /\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n // Sign with deterministic nonce (RFC 6979)\n const signature = secp256k1.sign(msgHash32, this.privateKey, {\n lowS: true, // Enforce low-S canonicalization\n });\n\n // Extract r and s (both 32 bytes)\n const r = signature.r;\n const s = signature.s;\n\n // Convert r and s to Uint8Array\n const rBytes = new Uint8Array(32);\n const sBytes = new Uint8Array(32);\n\n // Convert bigint to bytes (big-endian)\n const rHex = r.toString(16).padStart(64, '0');\n const sHex = s.toString(16).padStart(64, '0');\n\n for (let i = 0; i < 32; i++) {\n rBytes[i] = parseInt(rHex.slice(i 2, i * 2 + 2), 16);\n sBytes[i] = parseInt(sHex.slice(i * 2, i * 2 + 2), 16);\n }\n\n // yParity: recovery ID (0 or 1 for EVM)\n const yParity = (signature.recovery % 2) as 0 \| 1;\n\n return {\n r: rBytes,\n s: sBytes,\n yParity,\n };\n }\n\n /*\n Sign raw hash without EIP-191 prefix (for EIP-7702)\n * \n * @param digest - 32-byte digest to sign\n * @returns Signature with r, s, and yParity\n * @throws Error if digest is invalid\n /\n async signRawHash(digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // For secp256k1, signMessage already does raw signing (no prefix)\n // So we can reuse the same logic\n return this.signMessage(digest);\n }\n\n /\n Sign EIP-712 typed data\n /\n async signTyped(data: {\n domain: any;\n types: any;\n primaryType: string;\n message: any;\n }): Promise<`0x${string}`> {\n const hash = TypedDataEncoder.hash(data.domain, data.types, data.message);\n // Convert hex hash to Uint8Array\n const msgHash = new Uint8Array(Buffer.from(hash.slice(2), 'hex'));\n const sig = await this.signMessage(msgHash);\n \n // Return signature as 0x-hex string (r + s + v)\n // v = yParity + 27\n const rHex = Buffer.from(sig.r).toString('hex');\n const sHex = Buffer.from(sig.s).toString('hex');\n const v = (sig.yParity + 27).toString(16).padStart(2, '0');\n \n return `0x${rHex}${sHex}${v}` as `0x${string}`;\n }\n}\n\n/\n Verify a secp256k1 signature against a public key and message hash\n * \n * @param pubKeyUncompressed - 65-byte uncompressed public key (0x04 prefix)\n * @param msgHash32 - 32-byte message hash\n * @param sig - Signature to verify\n * @returns true if signature is valid, false otherwise\n * @throws Error if public key or message hash is invalid\n * \n * @example\n * ```ts\n * const isValid = evmVerify(publicKey, msgHash, sig);\n * if (isValid) {\n * console.log('Signature is valid');\n * }\n * ```\n /\nexport function evmVerify(\n pubKeyUncompressed: Uint8Array,\n msgHash32: Uint8Array,\n sig: Sig\n): boolean {\n if (pubKeyUncompressed.length !== 65 \|\| pubKeyUncompressed[0] !== 0x04) {\n throw new Error(`${ERR_INVALID_PARAM}: Public key must be 65 bytes uncompressed (0x04 prefix)`);\n }\n\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n if (sig.r.length !== 32 \|\| sig.s.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Signature r and s must be 32 bytes each`);\n }\n\n // Convert s bytes to bigint for low-S check\n const sBigInt = BigInt('0x' + Array.from(sig.s)\n .map(b => b.toString(16).padStart(2, '0'))\n .join(''));\n\n // Verify s is low-S\n const n = secp256k1.CURVE.n;\n const nHalf = n / 2n;\n if (sBigInt > nHalf) {\n return false;\n }\n\n // Convert public key from uncompressed (65 bytes) to compressed (33 bytes) for verification\n const x = pubKeyUncompressed.slice(1, 33); // First 32 bytes (x coordinate)\n const y = pubKeyUncompressed.slice(33, 65); // Next 32 bytes (y coordinate)\n const pubKeyPoint = secp256k1.ProjectivePoint.fromAffine({\n x: BigInt('0x' + Array.from(x).map(b => b.toString(16).padStart(2, '0')).join('')),\n y: BigInt('0x' + Array.from(y).map(b => b.toString(16).padStart(2, '0')).join(''))\n });\n const compressedPubKey = pubKeyPoint.toRawBytes(true); // Compressed format\n\n // Verify signature\n // secp256k1.verify expects (signature, msgHash, publicKey)\n // Use compact bytes format for signature\n try {\n const compactSig = new Uint8Array([...sig.r, ...sig.s]);\n return secp256k1.verify(compactSig, msgHash32, compressedPubKey);\n } catch {\n return false;\n }\n}\n","import { ERR_INVALID_PARAM } from '@/core/errors';\nimport type { SignerPort, PasskeyProviderPort } from '@/wallet/types';\nimport { TypedDataEncoder } from 'ethers';\n\n/\n Passkey P-256 signer implementation\n * Uses device TEE/passkey for signing (P-256 curve)\n * \n * @example\n * ```ts\n * const passkeyProvider = createPasskeyProvider();\n * const signer = new PasskeyP256Signer(passkeyProvider);\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport class PasskeyP256Signer implements SignerPort {\n constructor(private provider: PasskeyProviderPort) {}\n\n /\n Get uncompressed P-256 public key (65 bytes)\n * \n * @returns Uncompressed public key with 0x04 prefix\n /\n async getPublicKey(): Promise<Uint8Array> {\n const { x, y } = await this.provider.getPublicKey();\n\n if (x.length !== 32 \|\| y.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Public key coordinates must be 32 bytes each`);\n }\n\n // Return uncompressed format: 0x04 \|\| x \|\| y\n const pubKey = new Uint8Array(65);\n pubKey[0] = 0x04;\n pubKey.set(x, 1);\n pubKey.set(y, 33);\n\n return pubKey;\n }\n\n /\n Sign message hash using P-256 passkey\n * \n * @param msgHash32 - 32-byte message hash\n * @returns Signature with r, s, and yParity\n * @throws Error if message hash is invalid\n /\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n // Get signature from provider\n const { r, s } = await this.provider.signP256(msgHash32);\n\n if (r.length !== 32 \|\| s.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Signature r and s must be 32 bytes each`);\n }\n\n // Get public key to compute yParity\n const { y } = await this.provider.getPublicKey();\n \n // yParity is the LSB of the y coordinate\n const yParity = (y[y.length - 1] & 1) as 0 \| 1;\n\n return {\n r,\n s,\n yParity,\n };\n }\n\n /\n Sign raw hash without EIP-191 prefix (for EIP-7702)\n * \n * @param _digest - 32-byte digest to sign\n * @returns Signature with r, s, and yParity\n * @throws Error - P-256 cannot be used for EIP-7702\n /\n async signRawHash(_digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // P-256 passkey cannot be used for EIP-7702 (secp256k1 only)\n throw new Error('EIP-7702 authorization requires secp256k1, not P-256. Use Secp256k1SoftwareSigner for EIP-7702.');\n }\n\n /\n Sign EIP-712 typed data\n /\n async signTyped(data: {\n domain: any;\n types: any;\n primaryType: string;\n message: any;\n }): Promise<`0x${string}`> {\n const hash = TypedDataEncoder.hash(data.domain, data.types, data.message);\n // Convert hex hash to Uint8Array\n const msgHash = new Uint8Array(Buffer.from(hash.slice(2), 'hex'));\n const sig = await this.signMessage(msgHash);\n \n // Return signature as 0x-hex string (r + s + v)\n // For P-256 on EVM (via 7212), v is usually not 27/28 but just 0/1 or specific format\n // BUT, wait, if we are using Passkeys for EIP-712, are we verifying on-chain with P-256?\n // The user said \"we derive secp256k1 keys from Passkeys\", but `PasskeyP256Signer` uses `provider.signP256`.\n // If we are using derived secp256k1, we should use `Secp256k1SoftwareSigner`.\n // If this class exists, it implies direct P-256 usage.\n // Assuming this is for P-256 verification (EIP-7212) which we removed?\n // Ah, the user said \"remove all 7212 related code\". \n // If `PasskeyP256Signer` is for direct P-256 signing, it might be dead code if we only use derived keys.\n // However, implementing `signTyped` satisfies the interface for now.\n \n const rHex = Buffer.from(sig.r).toString('hex');\n const sHex = Buffer.from(sig.s).toString('hex');\n const v = sig.yParity.toString(16).padStart(2, '0'); // or 27/28 if mimicing\n \n return `0x${rHex}${sHex}${v}` as `0x${string}`;\n }\n}\n","/\n EIP-1193 Provider Error Codes\n * https://eips.ethereum.org/EIPS/eip-1193#provider-errors\n /\nexport enum EIP1193ErrorCode {\n USER_REJECTED = 4001,\n UNAUTHORIZED = 4100,\n UNSUPPORTED_METHOD = 4200,\n DISCONNECTED = 4900,\n CHAIN_DISCONNECTED = 4901,\n UNRECOGNIZED_CHAIN = 4902,\n RESOURCE_UNAVAILABLE = -32002,\n RESOURCE_NOT_FOUND = -32001,\n INVALID_INPUT = -32000,\n INTERNAL_ERROR = -32603,\n INVALID_REQUEST = -32600,\n METHOD_NOT_FOUND = -32601,\n INVALID_PARAMS = -32602,\n PARSE_ERROR = -32700,\n}\n\n/\n Normalized wallet error types\n /\nexport class WalletError extends Error {\n constructor(\n message: string,\n public readonly code: EIP1193ErrorCode \| number,\n public readonly originalError?: unknown\n ) {\n super(message);\n this.name = 'WalletError';\n }\n}\n\nexport class UserRejectedError extends WalletError {\n constructor(message = 'User rejected the request', originalError?: unknown) {\n super(message, EIP1193ErrorCode.USER_REJECTED, originalError);\n this.name = 'UserRejectedError';\n }\n}\n\nexport class UnauthorizedError extends WalletError {\n constructor(message = 'Unauthorized to perform this action', originalError?: unknown) {\n super(message, EIP1193ErrorCode.UNAUTHORIZED, originalError);\n this.name = 'UnauthorizedError';\n }\n}\n\nexport class UnsupportedMethodError extends WalletError {\n constructor(message = 'Method not supported by wallet', originalError?: unknown) {\n super(message, EIP1193ErrorCode.UNSUPPORTED_METHOD, originalError);\n this.name = 'UnsupportedMethodError';\n }\n}\n\nexport class WrongNetworkError extends WalletError {\n constructor(\n message = 'Wrong network',\n public readonly expectedChainId?: number,\n public readonly actualChainId?: number,\n originalError?: unknown\n ) {\n super(message, EIP1193ErrorCode.UNRECOGNIZED_CHAIN, originalError);\n this.name = 'WrongNetworkError';\n }\n}\n\nexport class ChainNotAddedError extends WalletError {\n constructor(message = 'Chain not added to wallet', originalError?: unknown) {\n super(message, EIP1193ErrorCode.UNRECOGNIZED_CHAIN, originalError);\n this.name = 'ChainNotAddedError';\n }\n}\n\nexport class RequestPendingError extends WalletError {\n constructor(message = 'Request already pending in wallet', originalError?: unknown) {\n super(message, EIP1193ErrorCode.RESOURCE_UNAVAILABLE, originalError);\n this.name = 'RequestPendingError';\n }\n}\n\n/\n Normalize EIP-1193 provider errors to typed error classes\n /\nexport function normalizeWalletError(error: unknown): WalletError {\n if (error instanceof WalletError) {\n return error;\n }\n\n // Handle EIP-1193 provider errors\n if (typeof error === 'object' && error !== null) {\n const err = error as any;\n const code = err.code;\n const message = err.message \|\| 'Unknown wallet error';\n\n switch (code) {\n case EIP1193ErrorCode.USER_REJECTED:\n return new UserRejectedError(message, error);\n\n case EIP1193ErrorCode.UNAUTHORIZED:\n return new UnauthorizedError(message, error);\n\n case EIP1193ErrorCode.UNSUPPORTED_METHOD:\n return new UnsupportedMethodError(message, error);\n\n case EIP1193ErrorCode.UNRECOGNIZED_CHAIN:\n return new ChainNotAddedError(message, error);\n\n case EIP1193ErrorCode.RESOURCE_UNAVAILABLE:\n return new RequestPendingError(message, error);\n\n default:\n return new WalletError(message, code \|\| -1, error);\n }\n }\n\n // Fallback for non-standard errors\n const message = error instanceof Error ? error.message : String(error);\n return new WalletError(message, -1, error);\n}\n\n\n","import type { SignerPort } from '../types';\nimport { normalizeWalletError, WrongNetworkError } from './external-wallet-errors';\n\n/\n EIP-1193 Provider interface\n * https://eips.ethereum.org/EIPS/eip-1193\n /\nexport interface EIP1193Provider {\n request(args: { method: string; params?: unknown[] \| object }): Promise<unknown>;\n on?(event: string, listener: (...args: any[]) => void): void;\n removeListener?(event: string, listener: (...args: any[]) => void): void;\n}\n\n/\n External Wallet Signer\n * \n * Uses an external wallet (MetaMask, WalletConnect, etc.) via EIP-1193 provider\n * for signing operations. This signer performs network validation before each\n * signing operation to prevent cross-chain replay attacks.\n * \n * Security features:\n * - Network validation before signing\n * - Error normalization for consistent error handling\n * - Support for EIP-712 typed data signing\n * \n * @example\n * ```ts\n * const provider = window.ethereum;\n * const signer = new ExternalWalletSigner(provider, 1, '0xAbC...');\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport class ExternalWalletSigner implements SignerPort {\n constructor(\n private readonly provider: EIP1193Provider,\n private readonly expectedChainId: number,\n private readonly address: string\n ) {}\n\n /\n Verify that the wallet is on the correct network\n * @throws WrongNetworkError if network mismatch\n /\n private async verifyNetwork(): Promise<void> {\n try {\n const chainIdHex = await this.provider.request({\n method: 'eth_chainId',\n }) as string;\n\n const actualChainId = parseInt(chainIdHex, 16);\n\n if (actualChainId !== this.expectedChainId) {\n throw new WrongNetworkError(\n `Wrong network. Expected: ${this.expectedChainId}, Got: ${actualChainId}`,\n this.expectedChainId,\n actualChainId\n );\n }\n } catch (error) {\n if (error instanceof WrongNetworkError) {\n throw error;\n }\n throw normalizeWalletError(error);\n }\n }\n\n /\n Get the wallet address\n /\n async getAddress(): Promise<`0x${string}`> {\n return this.address as `0x${string}`;\n }\n\n /\n Get public key - not directly supported by EIP-1193\n * Returns a placeholder as external wallets don't expose raw public keys\n * \n * For external wallets, we rely on address-based verification instead\n /\n async getPublicKey(): Promise<Uint8Array> {\n // External wallets don't expose public keys directly\n // Return empty array as placeholder\n // The actual verification will be done via address recovery\n return new Uint8Array(65);\n }\n\n /\n Sign a message hash using personal_sign\n * \n * Note: personal_sign automatically adds EIP-191 prefix\n * \n * @param msgHash32 - 32-byte message hash\n * @returns Signature components (r, s, yParity)\n /\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n try {\n // Verify network before signing\n await this.verifyNetwork();\n\n // Convert to hex string\n const msgHashHex = '0x' + Array.from(msgHash32)\n .map(b => b.toString(16).padStart(2, '0'))\n .join('');\n\n // Use personal_sign (adds EIP-191 prefix automatically)\n const signature = await this.provider.request({\n method: 'personal_sign',\n params: [msgHashHex, this.address],\n }) as string;\n\n // Parse signature (65 bytes: r(32) + s(32) + v(1))\n const sig = signature.startsWith('0x') ? signature.slice(2) : signature;\n \n if (sig.length !== 130) {\n throw new Error(`Invalid signature length: ${sig.length}`);\n }\n\n const r = new Uint8Array(32);\n const s = new Uint8Array(32);\n \n for (let i = 0; i < 32; i++) {\n r[i] = parseInt(sig.slice(i 2, i * 2 + 2), 16);\n s[i] = parseInt(sig.slice(64 + i * 2, 64 + i * 2 + 2), 16);\n }\n\n const v = parseInt(sig.slice(128, 130), 16);\n const yParity = v === 27 ? 0 : 1;\n\n return { r, s, yParity: yParity as 0 \| 1 };\n } catch (error) {\n throw normalizeWalletError(error);\n }\n }\n\n /*\n Sign raw hash for EIP-7702 authorization\n * \n * External wallets don't support raw hash signing directly (eth_sign is deprecated/disabled).\n * Instead, we use personal_sign which adds EIP-191 prefix, then we need to account for this\n * when verifying the signature on-chain.\n * \n * ⚠️ IMPORTANT: This creates a signature over the EIP-191 prefixed message, NOT the raw digest.\n * The backend/contract must verify accordingly.\n * \n * Alternative approach: Use EIP-712 typed data for authorization (more wallet-friendly)\n * \n * @param digest - 32-byte digest to sign\n * @returns Signature components (r, s, yParity)\n * @throws WalletError if signing fails\n /\n async signRawHash(digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n try {\n // Verify network before signing\n await this.verifyNetwork();\n\n // Convert to hex string\n const digestHex = '0x' + Array.from(digest)\n .map(b => b.toString(16).padStart(2, '0'))\n .join('');\n\n // Try eth_sign first (raw signature, no prefix)\n // This is the correct method for EIP-7702 but many wallets disable it\n let signature: string;\n try {\n signature = await this.provider.request({\n method: 'eth_sign',\n params: [this.address, digestHex],\n }) as string;\n } catch (ethSignError: any) {\n // If eth_sign is not supported (-32004 or 4200), provide helpful error\n if (ethSignError?.code === -32004 \|\| ethSignError?.code === 4200) {\n throw new Error(\n 'eth_sign is required for EIP-7702 authorization but is disabled in your wallet. \\n\\n' +\n 'To enable eth_sign in MetaMask:\\n' +\n '1. Go to Settings → Advanced\\n' +\n '2. Enable \"Eth_sign requests\"\\n\\n' +\n 'Note: eth_sign can be dangerous if used carelessly. Only enable it for trusted dApps.\\n\\n' +\n 'Original error: ' + (ethSignError?.message \|\| 'eth_sign not supported')\n );\n } else {\n throw ethSignError;\n }\n }\n\n // Parse signature (65 bytes: r(32) + s(32) + v(1))\n const sig = signature.startsWith('0x') ? signature.slice(2) : signature;\n \n if (sig.length !== 130) {\n throw new Error(`Invalid signature length: ${sig.length}`);\n }\n\n const r = new Uint8Array(32);\n const s = new Uint8Array(32);\n \n for (let i = 0; i < 32; i++) {\n r[i] = parseInt(sig.slice(i 2, i * 2 + 2), 16);\n s[i] = parseInt(sig.slice(64 + i * 2, 64 + i * 2 + 2), 16);\n }\n\n const v = parseInt(sig.slice(128, 130), 16);\n // Handle both v=27/28 and v=0/1 formats\n const yParity = (v === 27 \|\| v === 0) ? 0 : 1;\n\n return { r, s, yParity: yParity as 0 \| 1 };\n } catch (error) {\n throw normalizeWalletError(error);\n }\n }\n\n /*\n Sign typed data (EIP-712)\n * \n * @param typed - Typed data structure with domain, types, and message\n * @returns Signature hex string\n /\n async signTyped(typed: unknown): Promise<`0x${string}`> {\n try {\n // Verify network before signing\n await this.verifyNetwork();\n\n if (typeof typed !== 'object' \|\| typed === null) {\n throw new Error('Invalid typed data: must be an object');\n }\n\n const input = typed as { domain: any; types: any; message: any };\n\n // Validate required fields\n if (!input.domain \|\| !input.types \|\| !input.message) {\n throw new Error('Invalid typed data: missing domain, types, or message');\n }\n\n // Use eth_signTypedData_v4 (most widely supported)\n const signature = await this.provider.request({\n method: 'eth_signTypedData_v4',\n params: [this.address, JSON.stringify(input)],\n }) as string;\n\n return signature as `0x${string}`;\n } catch (error) {\n throw normalizeWalletError(error);\n }\n }\n\n /\n Switch to the expected network\n * \n * @returns true if switch successful, false if user rejected\n * @throws Error if switch fails for other reasons\n /\n async switchNetwork(): Promise<boolean> {\n try {\n const chainIdHex = '0x' + this.expectedChainId.toString(16);\n\n await this.provider.request({\n method: 'wallet_switchEthereumChain',\n params: [{ chainId: chainIdHex }],\n });\n\n return true;\n } catch (error) {\n const normalized = normalizeWalletError(error);\n \n // If chain not added (4902), we can't auto-add without chain config\n // Caller should handle this by calling addNetwork with full config\n if (normalized.code === 4902) {\n return false;\n }\n\n // User rejected\n if (normalized.code === 4001) {\n return false;\n }\n\n throw normalized;\n }\n }\n\n /\n Add a new network to the wallet\n * \n * @param chainConfig - Network configuration\n * @returns true if add successful, false if user rejected\n /\n async addNetwork(chainConfig: {\n chainId: string;\n chainName: string;\n nativeCurrency: {\n name: string;\n symbol: string;\n decimals: number;\n };\n rpcUrls: string[];\n blockExplorerUrls?: string[];\n }): Promise<boolean> {\n try {\n await this.provider.request({\n method: 'wallet_addEthereumChain',\n params: [chainConfig],\n });\n\n return true;\n } catch (error) {\n const normalized = normalizeWalletError(error);\n\n // User rejected\n if (normalized.code === 4001) {\n return false;\n }\n\n throw normalized;\n }\n }\n}\n\n\n","/\n Cross‑platform helper to upload an encrypted blob via backend (backend handles S3 upload).\n * Uses axios for consistent error handling and request/response interceptors.\n /\nimport axios, { AxiosInstance } from 'axios';\n\nexport interface UploadBlobOptions {\n /* Backend base URL, e.g. https://api.example.com /\n baseUrl: string;\n /* Project API key to send as X-API-Key header /\n apiKey: string;\n /* Bearer token for Authorization header /\n accessToken: string;\n /* Blob or binary content to upload /\n blob: Blob \| ArrayBuffer \| Uint8Array;\n /* Optional axios instance (if you want to reuse an existing instance with interceptors) /\n axiosInstance?: AxiosInstance;\n}\n\n/\n Convert blob to base64 string\n /\nfunction blobToBase64(blob: Blob \| ArrayBuffer \| Uint8Array): Promise<string> {\n return new Promise((resolve, reject) => {\n if (blob instanceof Uint8Array \|\| blob instanceof ArrayBuffer) {\n const bytes = blob instanceof Uint8Array ? blob : new Uint8Array(blob);\n const binary = String.fromCharCode(...bytes);\n resolve(btoa(binary));\n } else if (blob instanceof Blob) {\n const reader = new FileReader();\n reader.onloadend = () => {\n const base64 = (reader.result as string).split(',')[1] \|\| (reader.result as string);\n resolve(base64);\n };\n reader.onerror = reject;\n reader.readAsDataURL(blob);\n } else {\n reject(new Error('Unsupported blob type'));\n }\n });\n}\n\n/\n Uploads blob to backend, which handles S3 upload directly.\n * Returns `{ key: string }` (S3 key) on success.\n \n This helper intentionally lives in @volr/sdk-core (not UI, not backend) so it can be reused\n * by web, React Native, Node, etc. It uses axios for consistent error handling.\n /\nexport async function uploadBlob(\n options: UploadBlobOptions\n): Promise<{ key: string }> {\n const {\n baseUrl,\n apiKey,\n accessToken,\n blob,\n axiosInstance,\n } = options;\n\n // Validate required parameters\n if (!apiKey) {\n throw new Error('apiKey is required');\n }\n if (!accessToken) {\n throw new Error('accessToken is required');\n }\n\n // Convert blob to base64\n const blobB64 = await blobToBase64(blob);\n\n // Create axios instance or use provided one\n let axiosClient: AxiosInstance;\n if (axiosInstance) {\n axiosClient = axiosInstance;\n } else {\n axiosClient = axios.create({\n baseURL: baseUrl.replace(/\\/+$/, ''),\n withCredentials: true,\n headers: {\n 'Content-Type': 'application/json',\n 'X-API-Key': String(apiKey),\n Authorization: `Bearer ${accessToken}`,\n },\n });\n }\n\n // Upload via backend\n const response = await axiosClient.post<{ ok: boolean; data: { key: string }; error?: { message: string } }>('/blob/upload', {\n blobB64,\n });\n\n if (!response.data?.ok \|\| !response.data?.data?.key) {\n const errorMessage = (response.data as any)?.error?.message \|\| 'Failed to upload blob';\n throw new Error(errorMessage);\n }\n\n return { key: response.data.data.key };\n}\n\n/\n Cross‑platform helper to upload an encrypted blob via S3 presigned PUT.\n * Runs in browsers (uses global fetch) and in Node 18+ (built‑in fetch).\n /\nexport interface UploadViaPresignOptions {\n /* Backend base URL, e.g. https://api.example.com /\n baseUrl: string;\n /* Project API key to send as X-API-Key header (optional if backend not requiring it) /\n apiKey?: string \| null;\n /* Bearer token for Authorization header (optional if cookie-based auth is sufficient) /\n accessToken?: string \| null;\n /* Blob or binary content to upload /\n blob: Blob \| ArrayBuffer \| Uint8Array;\n /* MIME type for the uploaded object; defaults to application/octet-stream /\n contentType?: string;\n /* Optional fetch implementation override (e.g. pass global fetch in RN) /\n fetchFn?: typeof fetch;\n}\n\nfunction stripTrailingSlash(u: string): string {\n return u.endsWith('/') ? u.slice(0, -1) : u;\n}\n\n/\n Calls backend `/blob/presign` with `{ op:'put', contentType }`, then uploads `blob`\n * to the returned S3 presigned URL. Returns `{ s3Key, url }` on success.\n \n This helper intentionally lives in @volr/sdk-core (not UI, not backend) so it can be reused\n * by web, React Native, Node, etc. It uses fetch instead of axios to avoid extra deps.\n /\nexport async function uploadBlobViaPresign(\n options: UploadViaPresignOptions\n): Promise<{ s3Key: string; url: string }> {\n const {\n baseUrl,\n apiKey,\n accessToken,\n blob,\n contentType = 'application/octet-stream',\n fetchFn,\n } = options;\n\n const f: typeof fetch \| undefined = fetchFn ?? (globalThis as any).fetch;\n if (typeof f !== 'function') {\n throw new Error('Global fetch is not available; provide options.fetchFn');\n }\n\n const base = stripTrailingSlash(baseUrl);\n\n // 1) Request presigned PUT URL from backend\n const presignRes = await f(`${base}/blob/presign`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n ...(apiKey ? { 'X-API-Key': String(apiKey) } : {}),\n ...(accessToken ? { Authorization: `Bearer ${accessToken}` } : {}),\n },\n // backend expects { op: 'put', contentType }\n body: JSON.stringify({ op: 'put', contentType }),\n // include cookies if backend also uses cookie-based sessions\n credentials: 'include',\n });\n\n const presignJson: any = await presignRes.json();\n if (!presignRes.ok \|\| (presignJson && presignJson.ok === false)) {\n const msg =\n (presignJson && presignJson.error && presignJson.error.message) \|\|\n `presign failed with status ${presignRes.status}`;\n throw new Error(typeof msg === 'string' ? msg : 'Presign failed');\n }\n const url: string = presignJson?.data?.url ?? presignJson?.url;\n const s3Key: string = presignJson?.data?.proposedKey ?? presignJson?.s3Key;\n if (!url \|\| !s3Key) {\n throw new Error('Invalid presign response: missing url or s3Key');\n }\n\n // 2) Upload to S3 with the exact headers included in the signature\n const putHeaders: Record<string, string> = {\n 'Content-Type': contentType,\n 'x-amz-server-side-encryption': 'AES256',\n };\n\n const body: any =\n typeof Blob !== 'undefined' && (blob as any) instanceof Blob ? (blob as any) : (blob as any);\n\n const putRes = await f(url, {\n method: 'PUT',\n headers: putHeaders,\n body,\n // allow browser CORS preflight to succeed\n // (ignored in Node >= 18 where fetch is not CORS-restricted)\n mode: 'cors' as RequestMode,\n });\n\n if (!putRes.ok) {\n const text = await putRes.text().catch(() => '');\n throw new Error(`S3 upload failed (${putRes.status}): ${text \|\| putRes.statusText}`);\n }\n\n return { s3Key, url };\n}\n\n\n","/\n EVM constants\n /\n\n/\n Zero hash (32 bytes of zeros)\n * Equivalent to ethers.ZeroHash or keccak256(\"\")\n /\nexport const ZERO_HASH = '0x0000000000000000000000000000000000000000000000000000000000000000' as `0x${string}`;\n\n/\n Zero address (20 bytes of zeros)\n /\nexport const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000' as `0x${string}`;\n\n\n\n\n\n\n\n\n\n\n\n","import type { Call } from '@/chains/evm/types.public';\nimport { keccak256, AbiCoder } from 'ethers';\n\nexport function computeCallsHash(calls: Call[]): `0x${string}` {\n // Mirror solidity exactly: keccak256(abi.encode(calls)),\n // where struct Call is (address target, uint256 value, bytes data, uint256 gasLimit)\n const coder = AbiCoder.defaultAbiCoder();\n const tupleType = 'tuple(address,uint256,bytes,uint256)[]';\n const values = calls.map((c) => [c.target, c.value, c.data, c.gasLimit]);\n const encoded = coder.encode([tupleType], [values]);\n return keccak256(encoded as unknown as Uint8Array) as `0x${string}`;\n}\n\n\n","// EIP-712 typed-data helpers (policySnapshotHash + gas caps + sessionId)\n// Note: Call and SessionAuth types are exported from types.public.ts\n// TYPES object defines the EIP-712 structure for signing\n\nimport type { SessionAuth, Call } from \"../types.public\";\nimport type { SignerPort } from \"@/wallet/types\";\nimport { computeCallsHash } from \"@/builders/callHash\";\n\nexport const DOMAIN = (chainId: number, verifyingContract: `0x${string}`) => ({\n name: \"volr\",\n version: \"1\",\n chainId,\n verifyingContract,\n});\n\n// Alias for backward compatibility\nexport const EIP712_DOMAIN = DOMAIN;\n\nexport const TYPES = {\n Call: [\n { name: \"target\", type: \"address\" },\n { name: \"data\", type: \"bytes\" },\n { name: \"value\", type: \"uint256\" },\n { name: \"gasLimit\", type: \"uint256\" },\n ],\n SessionAuth: [\n { name: \"chainId\", type: \"uint256\" },\n { name: \"sessionKey\", type: \"address\" },\n { name: \"sessionId\", type: \"uint64\" },\n { name: \"nonce\", type: \"uint64\" },\n { name: \"expiresAt\", type: \"uint64\" },\n { name: \"policyId\", type: \"bytes32\" },\n { name: \"policySnapshotHash\", type: \"bytes32\" },\n { name: \"gasLimitMax\", type: \"uint256\" },\n { name: \"maxFeePerGas\", type: \"uint256\" },\n { name: \"maxPriorityFeePerGas\", type: \"uint256\" },\n { name: \"totalGasCap\", type: \"uint256\" },\n ],\n SignedBatch: [\n { name: \"auth\", type: \"SessionAuth\" },\n { name: \"calls\", type: \"Call[]\" },\n { name: \"revertOnFail\", type: \"bool\" },\n { name: \"callsHash\", type: \"bytes32\" },\n ],\n} as const;\n\n// SessionAuthExtended is now just an alias since SessionAuth includes all fields\nexport type SessionAuthExtended = SessionAuth;\n\n/\n Build EIP-712 signed batch message\n /\nexport function buildSignedBatchMessage(input: {\n auth: SessionAuthExtended;\n calls: Call[];\n revertOnFail?: boolean;\n invokerAddress: `0x${string}`; // Required to bind domain\n}): {\n domain: ReturnType<typeof DOMAIN>;\n primaryType: \"SignedBatch\";\n message: {\n auth: any; // Using any for now to avoid recursive type issues with Ethers\n calls: Call[];\n revertOnFail: boolean;\n callsHash: `0x${string}`;\n };\n callsHash: `0x${string}`;\n} {\n const callsHash = computeCallsHash(input.calls);\n const domain = DOMAIN(Number(input.auth.chainId), input.invokerAddress);\n \n // Helper to ensure 0x prefix\n const ensureHex = (val: string) => (val.startsWith('0x') ? val : `0x${val}`) as `0x${string}`;\n\n // Convert SessionAuth to EIP-712 format (all fields are now required in SessionAuth)\n // Ensure all values are properly typed for EIP-712 encoding\n const eip712Auth = {\n chainId: BigInt(input.auth.chainId),\n sessionKey: ensureHex(input.auth.sessionKey),\n sessionId: input.auth.sessionId,\n nonce: input.auth.nonce,\n expiresAt: BigInt(input.auth.expiresAt),\n policyId: ensureHex(input.auth.policyId),\n policySnapshotHash: ensureHex(input.auth.policySnapshotHash),\n gasLimitMax: input.auth.gasLimitMax,\n maxFeePerGas: input.auth.maxFeePerGas,\n maxPriorityFeePerGas: input.auth.maxPriorityFeePerGas,\n totalGasCap: input.auth.totalGasCap,\n };\n\n // Convert calls to EIP-712 format (ensure all values are properly typed)\n const eip712Calls = input.calls.map((call) => ({\n target: ensureHex(call.target),\n data: ensureHex(call.data),\n value: call.value,\n gasLimit: call.gasLimit,\n }));\n\n return {\n domain,\n primaryType: \"SignedBatch\",\n message: {\n auth: eip712Auth,\n calls: eip712Calls,\n revertOnFail: input.revertOnFail ?? true,\n callsHash,\n },\n callsHash,\n };\n}\n\n/\n Sign EIP-712 session\n /\nexport async function signSession(input: {\n signer: SignerPort;\n from: `0x${string}`;\n auth: SessionAuthExtended;\n calls: Call[];\n invokerAddress: `0x${string}`; // Required\n}): Promise<{\n sessionSig: `0x${string}`;\n callsHash: `0x${string}`;\n}> {\n // Validate that from matches sessionKey\n if (input.from.toLowerCase() !== input.auth.sessionKey.toLowerCase()) {\n throw new Error(\n `from address (${input.from}) does not match sessionKey (${input.auth.sessionKey})`\n );\n }\n\n // Build the message\n const message = buildSignedBatchMessage({\n auth: input.auth,\n calls: input.calls,\n invokerAddress: input.invokerAddress,\n });\n\n // Check if signer supports signTyped\n if (!input.signer.signTyped) {\n throw new Error(\"Signer must support signTyped for EIP-712 signing\");\n }\n\n // Sign the typed data\n const typedData = {\n domain: message.domain,\n types: TYPES,\n primaryType: message.primaryType,\n message: message.message,\n };\n\n const sessionSig = await input.signer.signTyped(typedData);\n\n return {\n sessionSig,\n callsHash: message.callsHash,\n };\n}\n\n// Re-export computeCallsHash for convenience\nexport { computeCallsHash };\n","/\n EIP-7702 authorization tuple signing\n /\n\nimport type { SignerPort } from '@/wallet/types';\nimport type { AuthorizationTuple } from '@/chains/evm/types.public';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { hashAuthorization, getBytes } from 'ethers';\n\n/\n Sign EIP-7702 authorization tuple\n * \n * Authorization tuple signs: chainId \|\| address \|\| nonce\n * This is separate from session signature\n * \n * @param input - Signing parameters\n * @returns Authorization tuple with signature\n /\nexport async function signAuthorization(input: {\n signer: SignerPort; // Same EOA key as session (MUST be secp256k1 for 7702)\n chainId: number; // Current chain (chainId=0 is forbidden by default)\n address: `0x${string}`; // Invoker on that chain\n nonce: bigint; // >= 0\n}): Promise<AuthorizationTuple> {\n const { signer, chainId, address, nonce } = input;\n\n // Validate inputs\n if (chainId === 0) {\n throw new Error(`${ERR_INVALID_PARAM}: chainId cannot be 0 (use specific chain ID)`);\n }\n\n if (nonce < 0n) {\n throw new Error(`${ERR_INVALID_PARAM}: nonce must be >= 0`);\n }\n\n if (!address.startsWith('0x') \|\| address.length !== 42) {\n throw new Error(`${ERR_INVALID_PARAM}: address must be valid Ethereum address`);\n }\n\n // Note: signAuthorization always uses secp256k1 (EIP-7702 requirement)\n // P-256 is only used for session signatures, not authorization tuples\n\n // ✅ EIP-7702 spec: keccak256(MAGIC \|\| rlp([chain_id, address, nonce]))\n // MAGIC = 0x05 (EIP-7702 identifier)\n // Must use RLP encoding, NOT ABI encoding!\n // Use ethers.js v6.14+ built-in helper\n const digest = hashAuthorization({\n chainId: BigInt(chainId),\n address: address.toLowerCase() as `0x${string}`,\n nonce: nonce,\n });\n\n // Convert digest to bytes for signing\n const digestBytes = getBytes(digest);\n\n // ✅ Raw ECDSA signature (no EIP-191 prefix!)\n // signMessage adds \"\\x19Ethereum Signed Message:\\n32\" prefix - we DON'T want that\n // We need raw secp256k1 signature over the digest\n let sig = await signer.signRawHash(digestBytes);\n\n // ⚠️ CRITICAL: Enforce low-S (EIP-2 requirement for EIP-7702)\n // If s > n/2, normalize to s' = n - s and flip yParity\n const sBigInt = BigInt('0x' + Array.from(sig.s).map(b => b.toString(16).padStart(2, '0')).join(''));\n const SECP256K1_N = secp256k1.CURVE.n;\n const nHalf = SECP256K1_N / 2n;\n \n let finalS = sig.s;\n let finalYParity = sig.yParity;\n \n if (sBigInt > nHalf) {\n // Normalize to low-S\n const normalizedS = SECP256K1_N - sBigInt;\n const normalizedSHex = normalizedS.toString(16).padStart(64, '0');\n \n // Convert hex string to Uint8Array\n finalS = new Uint8Array(32);\n for (let i = 0; i < 32; i++) {\n finalS[i] = parseInt(normalizedSHex.slice(i 2, i * 2 + 2), 16);\n }\n \n // Flip yParity\n finalYParity = finalYParity === 0 ? 1 : 0;\n \n }\n\n // Convert signature components to hex strings\n const rHex = Array.from(sig.r)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n const sHex = Array.from(finalS)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n\n return {\n chainId,\n address: address.toLowerCase() as `0x${string}`,\n nonce,\n yParity: finalYParity,\n r: `0x${rHex}` as `0x${string}`,\n s: `0x${sHex}` as `0x${string}`,\n };\n}\n\n","/*\n Authorization nonce utilities for EIP-7702\n /\n\n/\n Relay mode for nonce calculation\n /\nexport type RelayMode = 'self' \| 'sponsored';\n\n/\n Get authorization nonce based on relay mode\n * \n * Rules (EIP-7702):\n * - self: getTransactionCount(latest) + 1\n * - sponsored: getTransactionCount(latest)\n * \n * Note: 'latest' is safer than 'pending' for sponsored mode to avoid race conditions.\n * The nonce MUST exactly match the user EOA's current account nonce for Authorization validation.\n * \n * @param client - Extended RPC client with getTransactionCount method\n * @param from - EOA address\n * @param mode - Relay mode\n * @returns Authorization nonce\n /\nexport async function getAuthNonce(\n client: ExtendedRPCClient,\n from: `0x${string}`,\n mode: RelayMode\n): Promise<bigint> {\n if (!client.getTransactionCount) {\n throw new Error('RPC client must implement getTransactionCount method. Use ExtendedRPCClient.');\n }\n\n // Use 'latest' instead of 'pending' for EIP-7702 Authorization\n // 'pending' can cause race conditions in sponsored mode\n const nonce = await client.getTransactionCount(from, 'latest');\n\n // Apply mode rule\n if (mode === 'self') {\n return nonce + 1n;\n } else {\n // sponsored: use EOA's current account nonce exactly\n return nonce;\n }\n}\n\n/\n Extended RPC client interface with transaction count method\n * This should be implemented by the actual RPC client in React SDK\n /\nexport interface ExtendedRPCClient {\n /\n Low-level eth_call (optional, not required here)\n /\n call?: (args: { to: `0x${string}`; data: `0x${string}` }) => Promise<`0x${string}`>;\n /\n Get transaction count for an address\n * \n * @param address - Address to query\n * @param blockTag - Block tag ('pending', 'latest', etc.)\n * @returns Transaction count as bigint\n /\n getTransactionCount(address: `0x${string}`, blockTag?: 'pending' \| 'latest'): Promise<bigint>;\n}\n\n","/\n Passkey provider implementation\n * Uses PRF/HKDF to unwrap master seed and derive secp256k1 key\n /\n\nimport type { PasskeyProviderPort } from '@/wallet/types';\nimport type { WalletProviderPort, TypedDataInput } from './types';\nimport { deriveWrapKey, type PrfInput } from '@/master-key/policies/prf';\nimport { unsealMasterSeed } from '@/master-key/encryption';\nimport type { Entropy, WrapKey } from '@/master-key/types';\nimport { entropyToSeed } from '@/master-key/mnemonic';\nimport { deriveEvmKey } from '@/chains/evm/crypto/hdWallet';\nimport { toChecksumAddress } from '@/chains/evm/crypto/address';\nimport { evmSign } from '@/chains/evm/crypto/signer';\nimport { zeroize } from '@/core/crypto/zeroize';\nimport { TypedDataEncoder } from 'ethers';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n Options for passkey provider\n /\nexport type PasskeyProviderOptions = {\n /* PRF input parameters /\n prfInput: PrfInput;\n /* Encrypted master seed blob /\n encryptedBlob: {\n cipher: Uint8Array;\n nonce: Uint8Array;\n };\n /* Additional Authenticated Data for unwrapping /\n aad?: Uint8Array;\n /\n Session TTL in milliseconds.\n * - 0 (default): No caching - requires WebAuthn authentication for every signature (most secure)\n * - >0: Cache private key in memory for this duration (less secure, better UX)\n * \n * @default 0\n /\n sessionTtlMs?: number;\n};\n\n/\n Create passkey provider\n * \n * @param passkey - Passkey provider port (for WebAuthn PRF authentication)\n * @param options - Provider options (PRF input, encrypted blob)\n * @returns Wallet provider port\n * \n * @example\n * ```ts\n * const provider = createPasskeyProvider(passkeyAdapter, {\n * prfInput: { projectId, credentialId },\n * encryptedBlob: { cipher, nonce }\n * });\n * await provider.ensureSession({ interactive: true, force: true });\n * const address = await provider.getAddress();\n * ```\n /\nexport function createPasskeyProvider(\n passkey: PasskeyProviderPort,\n options: PasskeyProviderOptions\n): WalletProviderPort {\n let unwrappedKeypair: {\n privateKey: Uint8Array;\n publicKey: Uint8Array;\n address: `0x${string}`;\n } \| null = null;\n\n // Session TTL management\n // Note: sessionTtlMs is available for future use but currently not actively used\n // The default behavior is to keep the session alive until explicit lock() call\n const sessionTtlMs = options.sessionTtlMs ?? 0;\n let sessionExpiresAt: number \| null = null;\n let lockTimer: ReturnType<typeof setTimeout> \| null = null;\n\n const isSessionExpired = (): boolean => {\n // If TTL is 0 or not set, session never expires automatically\n // User must call lock() explicitly to end session\n if (sessionTtlMs <= 0) return false;\n if (!sessionExpiresAt) return true;\n return Date.now() >= sessionExpiresAt;\n };\n\n const resetSessionTimer = (): void => {\n if (sessionTtlMs <= 0) return; // No timer for TTL=0\n\n // Clear existing timer\n if (lockTimer) {\n clearTimeout(lockTimer);\n lockTimer = null;\n }\n\n // Set expiration time\n sessionExpiresAt = Date.now() + sessionTtlMs;\n\n // Set auto-lock timer\n lockTimer = setTimeout(async () => {\n await lock();\n }, sessionTtlMs);\n };\n\n const lock = async (): Promise<void> => {\n if (lockTimer) {\n clearTimeout(lockTimer);\n lockTimer = null;\n }\n sessionExpiresAt = null;\n\n if (unwrappedKeypair) {\n zeroize(unwrappedKeypair.privateKey);\n zeroize(unwrappedKeypair.publicKey);\n unwrappedKeypair = null;\n }\n };\n\n const ensureSession = async (opts?: { interactive?: boolean; force?: boolean }): Promise<void> => {\n // If force=true, zeroize existing session and re-authenticate\n if (opts?.force && unwrappedKeypair) {\n await lock();\n }\n\n // If session already exists and not expired, reuse it\n if (unwrappedKeypair && !isSessionExpired()) {\n resetSessionTimer(); // Extend session on activity\n return;\n }\n\n // Session expired - need to re-authenticate\n if (unwrappedKeypair && isSessionExpired()) {\n await lock();\n }\n\n // Compute PRF salt from prfInput\n const prfSalt = deriveWrapKey(options.prfInput);\n\n // Trigger WebAuthn with PRF extension\n const { prfOutput } = await passkey.authenticate({\n salt: prfSalt,\n credentialId: options.prfInput.credentialId,\n });\n\n // Use PRF output as wrap key (cast to WrapKey brand type)\n const wrapKey = prfOutput as WrapKey;\n\n // Unwrap entropy (stored as encrypted blob)\n const aad = options.aad \|\| new TextEncoder().encode('volr/master-seed/v1');\n const entropy = (await unsealMasterSeed(\n options.encryptedBlob.cipher,\n wrapKey,\n aad,\n options.encryptedBlob.nonce\n )) as unknown as Entropy;\n\n // Derive seed from entropy (BIP-39 PBKDF2)\n const masterSeed = await entropyToSeed(entropy);\n\n // Derive EVM keypair from seed\n const keypair = deriveEvmKey({ masterSeed });\n\n // Zeroize entropy after use\n zeroize(entropy);\n\n // Store unwrapped keypair\n unwrappedKeypair = {\n privateKey: keypair.privateKey,\n publicKey: keypair.publicKey,\n address: keypair.address,\n };\n\n // Zeroize sensitive data immediately\n zeroize(masterSeed);\n zeroize(wrapKey);\n zeroize(prfSalt);\n\n // Start session timer (only for TTL > 0)\n resetSessionTimer();\n };\n\n const getAddress = async (): Promise<`0x${string}`> => {\n await ensureSession({ interactive: true });\n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n return toChecksumAddress(unwrappedKeypair.address);\n };\n\n const signMessage = async (hash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> => {\n if (hash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${hash32.length}`);\n }\n\n // Ensure session is active (will prompt for WebAuthn if not)\n await ensureSession({ interactive: true });\n \n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n\n // Sign with secp256k1\n const sig = evmSign(unwrappedKeypair.privateKey, hash32);\n\n return {\n r: sig.r,\n s: sig.s,\n yParity: sig.yParity,\n };\n };\n\n const signTypedData = async (input: TypedDataInput): Promise<`0x${string}`> => {\n // Ensure session is active (will prompt for WebAuthn if not)\n await ensureSession({ interactive: true });\n \n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n\n\n // Compute EIP-712 hash\n // Use ethers TypedDataEncoder for consistency with other signers\n // Note: TypedDataEncoder.hash expects types WITHOUT EIP712Domain\n const hash = TypedDataEncoder.hash(input.domain, input.types, input.message);\n const msgHash = hash; // TypedDataEncoder.hash returns hex string\n\n // Convert hex string to Uint8Array\n const msgHashBytes = new Uint8Array(32);\n const hex = msgHash.startsWith('0x') ? msgHash.slice(2) : msgHash;\n for (let i = 0; i < 32; i++) {\n msgHashBytes[i] = parseInt(hex.slice(i 2, i * 2 + 2), 16);\n }\n\n // Sign message hash\n const sig = evmSign(unwrappedKeypair.privateKey, msgHashBytes);\n\n // Convert to hex string (r \|\| s \|\| v)\n const v = sig.yParity + 27;\n const rHex = Array.from(sig.r)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n const sHex = Array.from(sig.s)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n const vHex = v.toString(16).padStart(2, '0');\n\n return `0x${rHex}${sHex}${vHex}` as `0x${string}`;\n };\n\n const getPublicKey = async (): Promise<Uint8Array> => {\n await ensureSession({ interactive: true });\n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n return new Uint8Array(unwrappedKeypair.publicKey);\n };\n\n return {\n keyStorageType: 'passkey',\n ensureSession,\n getAddress,\n signMessage,\n signTypedData,\n getPublicKey,\n lock,\n capabilities: {\n secp256k1: true,\n p256: false, // Passkey provider uses secp256k1 after unwrapping\n },\n };\n}\n\n","/*\n MPC provider implementation\n * Delegates to backend proxy via transport\n /\n\nimport type { WalletProviderPort, MpcTransport } from './types';\n\n/\n Create MPC provider\n * \n * @param transport - MPC transport interface (backend proxy)\n * @returns Wallet provider port\n * \n * @example\n * ```ts\n * const transport = createMpcTransport({ backendUrl: '...' });\n * const provider = createMpcProvider(transport);\n * await provider.ensureSession();\n * const address = await provider.getAddress();\n * ```\n /\nexport function createMpcProvider(transport: MpcTransport): WalletProviderPort {\n return {\n keyStorageType: 'mpc',\n ensureSession: () => transport.ensureSession(),\n getAddress: () => transport.getAddress(),\n signMessage: (hash32) => transport.signMessage(hash32),\n signTypedData: (input) => transport.signTypedData(input),\n getPublicKey: transport.getPublicKey ? () => transport.getPublicKey!() : undefined,\n capabilities: {\n secp256k1: true,\n p256: false, // MPC uses secp256k1 via backend\n },\n };\n}\n\n","/\n Provider-based signer selection (simplified, no 7212 probing)\n * Always uses secp256k1 path today.\n /\n\nimport type { WalletProviderPort } from '../providers/types';\nimport type { SignerPort } from '@/wallet/types';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n Context for signer selection\n /\nexport type SelectSignerContext = {\n /* Wallet provider /\n provider: WalletProviderPort;\n /* Chain ID /\n chainId: number;\n};\n\n/\n Select appropriate signer based on provider\n * \n * Routing logic:\n * 1. Provider-backed signer (delegates to provider, secp256k1)\n * \n * Note: 7702 authorization always uses secp256k1\n * \n * @param ctx - Selection context\n * @returns Signer port\n * @throws Error if provider cannot provide required signing capability\n * \n * @example\n * ```ts\n * const signer = await selectSigner({\n * provider: passkeyProvider,\n * chainId: 10,\n * client: rpcClient\n * });\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport async function selectSigner(ctx: SelectSignerContext): Promise<SignerPort> {\n const { provider } = ctx;\n\n // Route: secp256k1 (default for both passkey and MPC providers)\n // Create a wrapper signer that delegates to provider\n // Provider must implement getPublicKey() for this to work\n if (provider.getPublicKey) {\n return new ProviderBackedSigner(provider);\n }\n\n // If provider doesn't expose getPublicKey, we can't create a signer\n // This is a limitation - in practice, providers should expose getPublicKey()\n throw new Error(\n `${ERR_INVALID_PARAM}: Provider must expose getPublicKey() for signer creation. ` +\n `Use provider.signMessage() directly or implement getPublicKey() in provider.`\n );\n}\n\n/\n Signer that delegates to wallet provider\n * Used when provider already implements secp256k1 signing\n /\nclass ProviderBackedSigner implements SignerPort {\n constructor(private provider: WalletProviderPort) {\n if (!provider.getPublicKey) {\n throw new Error(`${ERR_INVALID_PARAM}: Provider must implement getPublicKey()`);\n }\n }\n\n async getPublicKey(): Promise<Uint8Array> {\n return this.provider.getPublicKey!();\n }\n\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n return this.provider.signMessage(msgHash32);\n }\n\n async signRawHash(digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // Provider.signMessage already does raw hash signing (no prefix)\n // PasskeyProvider unwraps to secp256k1, so this works for EIP-7702\n return this.provider.signMessage(digest);\n }\n\n async signTyped?(typed: unknown): Promise<`0x${string}`> {\n if (typeof typed === 'object' && typed !== null) {\n const input = typed as { domain: any; types: any; message: any };\n return this.provider.signTypedData(input);\n }\n throw new Error(`${ERR_INVALID_PARAM}: Invalid typed data input`);\n }\n}\n\n","import { ERR_INVALID_PARAM } from '@/core/errors';\nimport { Secp256k1SoftwareSigner } from '@/wallet/signers/secp256k1';\nimport type { SignerPort, SignerKind, SignerContext } from '@/wallet/types';\nimport type { WalletProviderPort } from '@/chains/evm/providers/types';\n\n// Re-export types for convenience\nexport type { SignerPort, SignerKind, SignerContext } from '@/wallet/types';\n\n/\n Signer that delegates to wallet provider\n * Used when provider already implements secp256k1 signing\n /\nclass ProviderBackedSigner implements SignerPort {\n constructor(private provider: WalletProviderPort) {\n if (!provider.getPublicKey) {\n throw new Error(`${ERR_INVALID_PARAM}: Provider must implement getPublicKey()`);\n }\n }\n\n async getPublicKey(): Promise<Uint8Array> {\n return this.provider.getPublicKey!();\n }\n\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n return this.provider.signMessage(msgHash32);\n }\n\n async signRawHash(_digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // Provider-backed signer must support EIP-7702 directly\n // Most wallets block raw hash signing\n throw new Error('EIP-7702 raw hash signing not supported by wallet provider. Use Secp256k1SoftwareSigner for EIP-7702.');\n }\n\n async signTyped?(typed: unknown): Promise<`0x${string}`> {\n if (typeof typed === 'object' && typed !== null) {\n const input = typed as { domain: any; types: any; message: any };\n return this.provider.signTypedData(input);\n }\n throw new Error(`${ERR_INVALID_PARAM}: Invalid typed data input`);\n }\n}\n\n/\n Select appropriate signer based on chain capabilities and available inputs\n * \n * Routing logic:\n * 1. If provider provided → ProviderBackedSigner (delegates to provider)\n * 2. Else if secpKey provided → Secp256k1SoftwareSigner\n * 3. Else → throw error\n * \n * @param ctx - Signer context\n * @returns Selected signer with kind identifier\n * @throws VolrError if no signer input is available\n * \n * @example\n * ```ts\n * const ctx = {\n * client: rpcClient,\n * chainId: 10,\n * provider: walletProvider,\n * };\n * const { kind, signer } = await selectSigner(ctx);\n * const sig = await signer.signMessage(msgHash);\n * ```\n */\nexport async function selectSigner(\n ctx: SignerContext\n): Promise<{ kind: SignerKind; signer: SignerPort }> {\n const { provider, secpKey } = ctx;\n\n // Route 1: Provider-based routing (highest priority)\n if (provider) {\n // Ensure provider has getPublicKey for signer creation\n if (!provider.getPublicKey) {\n throw new Error(\n `${ERR_INVALID_PARAM}: Provider must implement getPublicKey() for signer creation. ` +\n `Use provider.signMessage() directly or implement getPublicKey() in provider.`\n );\n }\n\n // Use provider-backed signer (delegates to provider.signMessage)\n return {\n kind: 'secp256k1', // Provider signs with secp256k1\n signer: new ProviderBackedSigner(provider),\n };\n }\n\n // Route 2: Fallback to secp256k1\n if (secpKey) {\n return {\n kind: 'secp256k1',\n signer: new Secp256k1SoftwareSigner(secpKey),\n };\n }\n\n // No signer input available\n throw new Error(\n `${ERR_INVALID_PARAM}: No signer input available. Provide either provider, passkey (for P-256), or secpKey (for secp256k1).`\n );\n}\n\n"]}
1	+ {"version":3,"sources":["../src/core/errors.ts","../src/core/crypto/hkdf.ts","../src/core/crypto/rng.ts","../src/core/crypto/aes-gcm.ts","../src/core/crypto/zeroize.ts","../src/master-key/encryption.ts","../src/master-key/mnemonic.ts","../src/master-key/provider.ts","../src/master-key/policies/prf.ts","../src/chains/evm/crypto/hdWallet.ts","../src/chains/evm/crypto/address.ts","../src/chains/evm/crypto/signer.ts","../src/wallet/signers/secp256k1.ts","../src/wallet/signers/passkey-p256.ts","../src/wallet/signers/external-wallet-errors.ts","../src/wallet/signers/external-wallet.ts","../src/storage/blobs.ts","../src/chains/evm/constants.ts","../src/builders/callHash.ts","../src/chains/evm/eip712/session.ts","../src/chains/evm/eip7702/authorization.ts","../src/chains/evm/nonce.ts","../src/chains/evm/providers/passkeyProvider.ts","../src/chains/evm/providers/mpcProvider.ts","../src/chains/evm/signers/selectSigner.ts","../src/wallet/signer.ts"],"names":["hkdf","sha256","entropyToMnemonic","wordlist","validateMnemonic","mnemonicToEntropy","mnemonicToSeed","HDKey","secp256k1","keccak_256","TypedDataEncoder","EIP1193ErrorCode","message","axios","AbiCoder","keccak256","hashAuthorization","getBytes","ProviderBackedSigner","selectSigner"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAGO,IAAM,SAAA,GAAN,MAAM,UAAA,SAAkB,KAAA,CAAM;AAAA,EACnC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,KAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AACZ,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,UAAA,CAAU,SAAS,CAAA;AAAA,EACjD;AACF;AAKO,IAAM,iBAAA,GAAoB;AAC1B,IAAM,eAAA,GAAkB;AACxB,IAAM,gBAAA,GAAmB;AACzB,IAAM,cAAA,GAAiB;AACvB,IAAM,eAAA,GAAkB;AACxB,IAAM,kBAAA,GAAqB;;;ACF3B,SAAS,UAAA,CACd,GAAA,EACA,IAAA,EACA,IAAA,EACA,MAAc,EAAA,EACF;AACZ,EAAA,IAAI,CAAC,IAAA,IAAQ,IAAA,CAAK,MAAA,KAAW,CAAA,EAAG;AAC9B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,sBAAA,CAAwB,CAAA;AAAA,EAC9D;AAEA,EAAA,IAAI,GAAA,GAAM,CAAA,IAAK,GAAA,GAAM,GAAA,GAAM,EAAA,EAAI;AAC7B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,EAA+B,GAAA,GAAM,EAAE,CAAA,CAAE,CAAA;AAAA,EAC/E;AAEA,EAAA,IAAI;AACF,IAAA,MAAM,UAAUA,SAAA,CAAKC,aAAA,EAAQ,GAAA,EAAK,IAAA,EAAM,MAAM,GAAG,CAAA;AACjD,IAAA,OAAO,OAAA;AAAA,EACT,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,wBAAA,EAA2B,KAAA,YAAiB,KAAA,GAAQ,MAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA,CAAE,CAAA;AAAA,EACrG;AACF;;;ACjCO,SAAS,eAAe,GAAA,EAAyB;AACtD,EAAA,IAAI,GAAA,GAAM,CAAA,IAAK,GAAA,GAAM,KAAA,EAAO;AAC1B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gBAAA,EAAmB,GAAG,CAAA,CAAE,CAAA;AAAA,EAC1C;AAEA,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,GAAG,CAAA;AAG9B,EAAA,IAAI,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,CAAO,eAAA,EAAiB;AAC3D,IAAA,MAAA,CAAO,gBAAgB,GAAG,CAAA;AAC1B,IAAA,OAAO,GAAA;AAAA,EACT;AAGA,EAAA,IAAI,OAAO,cAAY,WAAA,EAAa;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,UAAQ,QAAQ,CAAA;AACnC,MAAA,IAAI,UAAA,CAAW,SAAA,IAAa,UAAA,CAAW,SAAA,CAAU,eAAA,EAAiB;AAChE,QAAA,UAAA,CAAW,SAAA,CAAU,gBAAgB,GAAG,CAAA;AACxC,QAAA,OAAO,GAAA;AAAA,MACT;AAEA,MAAA,MAAM,WAAA,GAAc,UAAA,CAAW,WAAA,CAAY,GAAG,CAAA;AAC9C,MAAA,GAAA,CAAI,IAAI,WAAW,CAAA;AACnB,MAAA,OAAO,GAAA;AAAA,IACT,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AACrD;;;ACNO,SAAS,aAAA,GAA4B;AAC1C,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAI/B,EAAA,MAAM,YAAY,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AAC9C,EAAA,MAAM,IAAA,GAAO,IAAI,QAAA,CAAS,KAAA,CAAM,MAAM,CAAA;AACtC,EAAA,IAAA,CAAK,SAAA,CAAU,CAAA,EAAG,SAAA,EAAW,KAAK,CAAA;AAGlC,EAAA,MAAM,MAAA,GAAS,eAAe,CAAC,CAAA;AAC/B,EAAA,KAAA,CAAM,GAAA,CAAI,QAAQ,CAAC,CAAA;AAEnB,EAAA,OAAO,KAAA;AACT;AAKA,SAAS,eAAA,GAAgC;AACvC,EAAA,IAAI,OAAO,MAAA,KAAW,WAAA,IAAe,MAAA,CAAO,MAAA,EAAQ;AAClD,IAAA,OAAO,MAAA,CAAO,MAAA;AAAA,EAChB;AAGA,EAAA,IAAI,OAAO,cAAY,WAAA,EAAa;AAClC,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,UAAQ,QAAQ,CAAA;AACnC,MAAA,IAAI,UAAA,CAAW,SAAA,IAAa,UAAA,CAAW,SAAA,CAAU,MAAA,EAAQ;AACvD,QAAA,OAAO,WAAW,SAAA,CAAU,MAAA;AAAA,MAC9B;AAAA,IACF,CAAA,CAAA,MAAQ;AAAA,IAER;AAAA,EACF;AAEA,EAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,eAAe,CAAA,6BAAA,CAA+B,CAAA;AACnE;AAiBA,eAAsB,aAAA,CACpB,OACA,MAAA,EACoD;AACpD,EAAA,MAAM,EAAE,GAAA,EAAK,KAAA,EAAO,aAAA,EAAe,KAAI,GAAI,MAAA;AAE3C,EAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,EAA+B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,EACjF;AAGA,EAAA,MAAM,KAAA,GAAQ,iBAAiB,aAAA,EAAc;AAC7C,EAAA,IAAI,KAAA,CAAM,WAAW,EAAA,EAAI;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,cAAc,CAAA,8BAAA,EAAiC,KAAA,CAAM,MAAM,CAAA,CAAE,CAAA;AAAA,EAClF;AAEA,EAAA,MAAM,SAAS,eAAA,EAAgB;AAE/B,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,SAAA;AAAA,MAC/B,KAAA;AAAA,MACA,GAAA;AAAA,MACA,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,OAAA;AAAA,MAC7B;AAAA,QACE,IAAA,EAAM,SAAA;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,cAAA,EAAgB,GAAA;AAAA,QAChB,SAAA,EAAW;AAAA;AAAA,OACb;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,OAAO;AAAA,MACL,MAAA,EAAQ,IAAI,UAAA,CAAW,SAAS,CAAA;AAAA,MAChC;AAAA,KACF;AAAA,EACF,SAAS,KAAA,EAAO;AACd,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,CAAA,EAAG,eAAe,CAAA,qBAAA,EAAwB,KAAA,YAAiB,QAAQ,KAAA,CAAM,OAAA,GAAU,MAAA,CAAO,KAAK,CAAC,CAAA;AAAA,KAClG;AAAA,EACF;AACF;AAeA,eAAsB,aAAA,CACpB,QACA,MAAA,EACqB;AACrB,EAAA,MAAM,EAAE,GAAA,EAAK,KAAA,EAAO,GAAA,EAAI,GAAI,MAAA;AAE5B,EAAA,IAAI,GAAA,CAAI,WAAW,EAAA,EAAI;AACrB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,EAA+B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,EACjF;AAEA,EAAA,IAAI,KAAA,CAAM,WAAW,EAAA,EAAI;AACvB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,cAAc,CAAA,8BAAA,EAAiC,KAAA,CAAM,MAAM,CAAA,CAAE,CAAA;AAAA,EAClF;AAEA,EAAA,MAAM,SAAS,eAAA,EAAgB;AAE/B,EAAA,IAAI;AACF,IAAA,MAAM,WAAA,GAAc,MAAM,MAAA,CAAO,SAAA;AAAA,MAC/B,KAAA;AAAA,MACA,GAAA;AAAA,MACA,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,OAAA;AAAA,MAC7B;AAAA,QACE,IAAA,EAAM,SAAA;AAAA,QACN,EAAA,EAAI,KAAA;AAAA,QACJ,cAAA,EAAgB,GAAA;AAAA,QAChB,SAAA,EAAW;AAAA,OACb;AAAA,MACA,WAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,OAAO,IAAI,WAAW,SAAS,CAAA;AAAA,EACjC,SAAS,KAAA,EAAO;AAEd,IAAA,MAAM,UAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AACrE,IAAA,IAAI,QAAQ,QAAA,CAAS,YAAY,KAAK,OAAA,CAAQ,QAAA,CAAS,gBAAgB,CAAA,EAAG;AACxE,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,gBAAgB,CAAA,sCAAA,CAAwC,CAAA;AAAA,IAC7E;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,eAAe,CAAA,qBAAA,EAAwB,OAAO,CAAA,CAAE,CAAA;AAAA,EACrE;AACF;;;AC5LO,SAAS,QAAQ,GAAA,EAAqC;AAC3D,EAAA,IAAI,IAAA;AAEJ,EAAA,IAAI,eAAe,WAAA,EAAa;AAC9B,IAAA,IAAA,GAAO,IAAI,WAAW,GAAG,CAAA;AAAA,EAC3B,CAAA,MAAO;AACL,IAAA,IAAA,GAAO,GAAA;AAAA,EACT;AAGA,EAAA,IAAA,CAAK,KAAK,CAAC,CAAA;AAIX,EAAA,IAAA,CAAK,MAAA;AACP;;;ACFA,eAAsB,cAAA,CACpB,UAAA,EACA,OAAA,EACA,GAAA,EACoD;AACpD,EAAA,OAAO,cAAc,UAAA,EAAY,EAAE,GAAA,EAAK,OAAA,EAAS,KAAK,CAAA;AACxD;AAmBA,eAAsB,gBAAA,CACpB,MAAA,EACA,OAAA,EACA,GAAA,EACA,KAAA,EACqB;AACrB,EAAA,MAAM,SAAA,GAAY,MAAM,aAAA,CAAc,MAAA,EAAQ,EAAE,GAAA,EAAK,OAAA,EAAS,GAAA,EAAK,KAAA,EAAO,CAAA;AAC1E,EAAA,OAAO,SAAA;AACT;ACjBO,SAAS,eAAA,GAA2B;AACzC,EAAA,OAAO,eAAe,EAAE,CAAA;AAC1B;AAQO,SAAS,gBAAgB,OAAA,EAA2B;AACzD,EAAA,OAAO,OAAA,YAAmB,UAAA,IAAc,OAAA,CAAQ,MAAA,KAAW,EAAA;AAC7D;AAWO,SAAS,wBAAwB,OAAA,EAA0B;AAChE,EAAA,OAAOC,uBAAA,CAAkB,SAASC,gBAAQ,CAAA;AAC5C;AASO,SAAS,wBAAwB,QAAA,EAA2B;AACjE,EAAA,IAAI,CAACC,sBAAA,CAAiB,QAAA,EAAUD,gBAAQ,CAAA,EAAG;AACzC,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AACA,EAAA,OAAOE,uBAAA,CAAkB,UAAUF,gBAAQ,CAAA;AAC7C;AAYA,eAAsB,cAAc,OAAA,EAAuC;AACzE,EAAA,MAAM,QAAA,GAAWD,uBAAA,CAAkB,OAAA,EAASC,gBAAQ,CAAA;AACpD,EAAA,MAAM,IAAA,GAAO,MAAMG,oBAAA,CAAe,QAAQ,CAAA;AAE1C,EAAA,OAAO,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AACzB;;;ACjCA,eAAe,aAAa,OAAA,EAA4C;AACtE,EAAA,MAAM,IAAA,GAAO,MAAM,aAAA,CAAc,OAAO,CAAA;AAExC,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,IAAA;AAAA,IACA,WAAA,GAAc;AACZ,MAAA,OAAO,wBAAwB,OAAO,CAAA;AAAA,IACxC,CAAA;AAAA,IACA,OAAA,GAAU;AACR,MAAA,OAAA,CAAQ,OAAO,CAAA;AACf,MAAA,OAAA,CAAQ,IAAI,CAAA;AAAA,IACd;AAAA,GACF;AACF;AAsBO,SAAS,uBAAA,GAA6C;AAC3D,EAAA,OAAO;AAAA,IACL,MAAM,cAAA,CAAe,IAAA,EAAM,OAAA,EAAS;AAGlC,MAAA,MAAM,UAAW,MAAM,gBAAA;AAAA,QACrB,IAAA,CAAK,MAAA;AAAA,QACL,OAAA;AAAA,QACA,IAAA,CAAK,GAAA;AAAA,QACL,IAAA,CAAK;AAAA,OACP;AAEA,MAAA,OAAO,aAAa,OAAO,CAAA;AAAA,IAC7B,CAAA;AAAA,IAEA,MAAM,QAAA,GAAW;AACf,MAAA,MAAM,UAAU,eAAA,EAAgB;AAChC,MAAA,OAAO,aAAa,OAAO,CAAA;AAAA,IAC7B;AAAA,GACF;AACF;ACnEO,SAAS,cAAc,KAAA,EAA0B;AACtD,EAAA,MAAM,EAAE,SAAA,EAAW,IAAA,EAAK,GAAI,KAAA;AAI5B,EAAA,MAAM,gBAAgB,IAAI,WAAA,GAAc,MAAA,CAAO,CAAA,KAAA,EAAQ,SAAS,CAAA,CAAE,CAAA;AAClE,EAAA,MAAM,SAAA,GAAYL,cAAO,aAAa,CAAA;AAGtC,EAAA,MAAM,cAAc,IAAA,IAAQA,aAAAA;AAAA,IAC1B,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,CAAA,UAAA,EAAa,SAAS,CAAA,CAAE;AAAA,GACnD;AAGA,EAAA,MAAM,IAAA,GAAO,oBAAoB,SAAS,CAAA,CAAA;AAG1C,EAAA,MAAM,OAAA,GAAU,UAAA,CAAW,SAAA,EAAW,WAAA,EAAa,MAAM,EAAE,CAAA;AAE3D,EAAA,OAAO,OAAA;AACT;AC1DO,IAAM,gBAAA,GAAmB;AAwCzB,SAAS,aAAa,IAAA,EAA8B;AACzD,EAAA,MAAM,EAAE,UAAA,EAAY,IAAA,GAAO,gBAAA,EAAiB,GAAI,IAAA;AAGhD,EAAA,MAAM,KAAA,GAAQM,WAAA,CAAM,cAAA,CAAe,UAAU,CAAA;AAG7C,EAAA,MAAM,OAAA,GAAU,KAAA,CAAM,MAAA,CAAO,IAAI,CAAA;AAEjC,EAAA,IAAI,CAAC,QAAQ,UAAA,EAAY;AACvB,IAAA,MAAM,IAAI,MAAM,8BAA8B,CAAA;AAAA,EAChD;AAGA,EAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,OAAA,CAAQ,UAAU,CAAA;AAGpD,EAAA,MAAM,YAAY,OAAA,CAAQ,SAAA;AAC1B,EAAA,IAAI,CAAC,SAAA,IAAa,SAAA,CAAU,MAAA,KAAW,EAAA,EAAI;AACzC,IAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,EAC7C;AAGA,EAAA,MAAM,WAAA,GAAcC,mBAAA,CAAU,eAAA,CAAgB,OAAA,CAAQ,SAAS,CAAA;AAC/D,EAAA,MAAM,kBAAA,GAAqB,WAAA,CAAY,UAAA,CAAW,KAAK,CAAA;AAGvD,EAAA,MAAM,mBAAA,GAAsB,kBAAA,CAAmB,KAAA,CAAM,CAAC,CAAA;AACtD,EAAA,MAAM,IAAA,GAAOC,gBAAW,mBAAmB,CAAA;AAC3C,EAAA,MAAM,YAAA,GAAe,IAAA,CAAK,KAAA,CAAM,EAAE,CAAA;AAClC,EAAA,MAAM,UAAW,IAAA,GAAO,KAAA,CAAM,KAAK,YAAY,CAAA,CAC5C,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAEV,EAAA,OAAO;AAAA,IACL,UAAA;AAAA,IACA,SAAA,EAAW,kBAAA;AAAA,IACX,OAAA;AAAA,IACA;AAAA,GACF;AACF;ACtEO,SAAS,kBAAkB,IAAA,EAAoC;AACpE,EAAA,IAAI,CAAC,IAAA,CAAK,UAAA,CAAW,IAAI,CAAA,EAAG;AAC1B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,CAA8B,CAAA;AAAA,EACpE;AAEA,EAAA,MAAM,OAAA,GAAU,IAAA,CAAK,KAAA,CAAM,CAAC,EAAE,WAAA,EAAY;AAE1C,EAAA,IAAI,OAAA,CAAQ,WAAW,EAAA,EAAI;AACzB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,8CAAA,CAAgD,CAAA;AAAA,EACtF;AAGA,EAAA,IAAI,CAAC,gBAAA,CAAiB,IAAA,CAAK,OAAO,CAAA,EAAG;AACnC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yCAAA,CAA2C,CAAA;AAAA,EACjF;AAGA,EAAA,MAAM,YAAA,GAAe,IAAI,WAAA,EAAY,CAAE,OAAO,OAAO,CAAA;AACrD,EAAA,MAAM,IAAA,GAAOA,gBAAW,YAAY,CAAA;AAGpC,EAAA,IAAI,WAAA,GAAc,IAAA;AAClB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,IAAA,MAAM,IAAA,GAAO,QAAQ,CAAC,CAAA;AACtB,IAAA,MAAM,QAAA,GAAW,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAC,CAAA;AACjC,IAAA,MAAM,UAAA,GAAa,CAAA,GAAI,CAAA,KAAM,CAAA,GAAK,IAAA,CAAK,QAAQ,CAAA,IAAK,CAAA,GAAM,IAAA,CAAK,QAAQ,CAAA,GAAI,EAAA;AAG3E,IAAA,WAAA,IAAe,UAAA,IAAc,CAAA,GAAI,IAAA,CAAK,WAAA,EAAY,GAAI,IAAA;AAAA,EACxD;AAEA,EAAA,OAAO,WAAA;AACT;AClBO,SAAS,OAAA,CAAQ,SAAqB,SAAA,EAA4B;AACvE,EAAA,IAAI,OAAA,CAAQ,WAAW,EAAA,EAAI;AACzB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,oCAAA,EAAuC,OAAA,CAAQ,MAAM,CAAA,CAAE,CAAA;AAAA,EAC7F;AAEA,EAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,EAChG;AAGA,EAAA,MAAM,SAAA,GAAYD,mBAAAA,CAAU,IAAA,CAAK,SAAA,EAAW,OAAA,EAAS;AAAA,IACnD,IAAA,EAAM;AAAA;AAAA,GACP,CAAA;AAGD,EAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AACpB,EAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AAGpB,EAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,EAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAGhC,EAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAC5C,EAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAE5C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AACrD,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,EACvD;AAKA,EAAA,MAAM,OAAA,GAAW,UAAU,QAAA,GAAW,CAAA;AAEtC,EAAA,OAAO;AAAA,IACL,CAAA,EAAG,MAAA;AAAA,IACH,CAAA,EAAG,MAAA;AAAA,IACH;AAAA,GACF;AACF;AC9CO,IAAM,0BAAN,MAAoD;AAAA,EACzD,YAAoB,UAAA,EAAwB;AAAxB,IAAA,IAAA,CAAA,UAAA,GAAA,UAAA;AAClB,IAAA,IAAI,UAAA,CAAW,WAAW,EAAA,EAAI;AAC5B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,oCAAA,EAAuC,UAAA,CAAW,MAAM,CAAA,CAAE,CAAA;AAAA,IAChG;AAGA,IAAA,IAAI,UAAA,CAAW,KAAA,CAAM,CAAA,CAAA,KAAK,CAAA,KAAM,CAAC,CAAA,EAAG;AAClC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,4BAAA,CAA8B,CAAA;AAAA,IACpE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAA,GAAoC;AACxC,IAAA,MAAM,WAAA,GAAcA,mBAAAA,CAAU,YAAA,CAAa,IAAA,CAAK,YAAY,KAAK,CAAA;AACjE,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AACZ,IAAA,MAAA,CAAO,GAAA,CAAI,WAAA,CAAY,KAAA,CAAM,CAAC,GAAG,CAAC,CAAA;AAClC,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,IAChG;AAGA,IAAA,MAAM,SAAA,GAAYA,mBAAAA,CAAU,IAAA,CAAK,SAAA,EAAW,KAAK,UAAA,EAAY;AAAA,MAC3D,IAAA,EAAM;AAAA;AAAA,KACP,CAAA;AAGD,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AACpB,IAAA,MAAM,IAAI,SAAA,CAAU,CAAA;AAGpB,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAGhC,IAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAC5C,IAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAE5C,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,MAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AACrD,MAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,IAAA,CAAK,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,IACvD;AAGA,IAAA,MAAM,OAAA,GAAW,UAAU,QAAA,GAAW,CAAA;AAEtC,IAAA,OAAO;AAAA,MACL,CAAA,EAAG,MAAA;AAAA,MACH,CAAA,EAAG,MAAA;AAAA,MACH;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,MAAA,EAIf;AAGD,IAAA,OAAO,IAAA,CAAK,YAAY,MAAM,CAAA;AAAA,EAChC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,IAAA,EAKW;AACvB,IAAA,MAAM,IAAA,GAAOE,wBAAiB,IAAA,CAAK,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA,EAAO,KAAK,OAAO,CAAA;AAExE,IAAA,MAAM,OAAA,GAAU,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,CAAC,CAAA,EAAG,KAAK,CAAC,CAAA;AAChE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,WAAA,CAAY,OAAO,CAAA;AAI1C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,CAAA,GAAA,CAAK,IAAI,OAAA,GAAU,EAAA,EAAI,SAAS,EAAE,CAAA,CAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAA;AAEzD,IAAA,OAAO,CAAA,EAAA,EAAK,IAAI,CAAA,EAAG,IAAI,GAAG,CAAC,CAAA,CAAA;AAAA,EAC/B;AACF;AAmBO,SAAS,SAAA,CACd,kBAAA,EACA,SAAA,EACA,GAAA,EACS;AACT,EAAA,IAAI,mBAAmB,MAAA,KAAW,EAAA,IAAM,kBAAA,CAAmB,CAAC,MAAM,CAAA,EAAM;AACtE,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wDAAA,CAA0D,CAAA;AAAA,EAChG;AAEA,EAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,EAChG;AAEA,EAAA,IAAI,IAAI,CAAA,CAAE,MAAA,KAAW,MAAM,GAAA,CAAI,CAAA,CAAE,WAAW,EAAA,EAAI;AAC9C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yCAAA,CAA2C,CAAA;AAAA,EACjF;AAGA,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,GAAA,CAAI,CAAC,EAC3C,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,IAAA,CAAK,EAAE,CAAC,CAAA;AAGX,EAAA,MAAM,CAAA,GAAIF,oBAAU,KAAA,CAAM,CAAA;AAC1B,EAAA,MAAM,QAAQ,CAAA,GAAI,EAAA;AAClB,EAAA,IAAI,UAAU,KAAA,EAAO;AACnB,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,MAAM,CAAA,GAAI,kBAAA,CAAmB,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA;AACxC,EAAA,MAAM,CAAA,GAAI,kBAAA,CAAmB,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AACzC,EAAA,MAAM,WAAA,GAAcA,mBAAAA,CAAU,eAAA,CAAgB,UAAA,CAAW;AAAA,IACvD,CAAA,EAAG,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,CAAC,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAAA,IACjF,CAAA,EAAG,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,CAAC,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC;AAAA,GAClF,CAAA;AACD,EAAA,MAAM,gBAAA,GAAmB,WAAA,CAAY,UAAA,CAAW,IAAI,CAAA;AAKpD,EAAA,IAAI;AACF,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,CAAC,GAAG,IAAI,CAAA,EAAG,GAAG,GAAA,CAAI,CAAC,CAAC,CAAA;AACtD,IAAA,OAAOA,mBAAAA,CAAU,MAAA,CAAO,UAAA,EAAY,SAAA,EAAW,gBAAgB,CAAA;AAAA,EACjE,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AC/LO,IAAM,oBAAN,MAA8C;AAAA,EACnD,YAAoB,QAAA,EAA+B;AAA/B,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAAA,EAAgC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOpD,MAAM,YAAA,GAAoC;AACxC,IAAA,MAAM,EAAE,CAAA,EAAG,CAAA,KAAM,MAAM,IAAA,CAAK,SAAS,YAAA,EAAa;AAElD,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,EAAA,IAAM,CAAA,CAAE,WAAW,EAAA,EAAI;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,8CAAA,CAAgD,CAAA;AAAA,IACtF;AAGA,IAAA,MAAM,MAAA,GAAS,IAAI,UAAA,CAAW,EAAE,CAAA;AAChC,IAAA,MAAA,CAAO,CAAC,CAAA,GAAI,CAAA;AACZ,IAAA,MAAA,CAAO,GAAA,CAAI,GAAG,CAAC,CAAA;AACf,IAAA,MAAA,CAAO,GAAA,CAAI,GAAG,EAAE,CAAA;AAEhB,IAAA,OAAO,MAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,IAAI,SAAA,CAAU,WAAW,EAAA,EAAI;AAC3B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,SAAA,CAAU,MAAM,CAAA,CAAE,CAAA;AAAA,IAChG;AAGA,IAAA,MAAM,EAAE,GAAG,CAAA,EAAE,GAAI,MAAM,IAAA,CAAK,QAAA,CAAS,SAAS,SAAS,CAAA;AAEvD,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,EAAA,IAAM,CAAA,CAAE,WAAW,EAAA,EAAI;AACtC,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yCAAA,CAA2C,CAAA;AAAA,IACjF;AAGA,IAAA,MAAM,EAAE,CAAA,EAAE,GAAI,MAAM,IAAA,CAAK,SAAS,YAAA,EAAa;AAG/C,IAAA,MAAM,OAAA,GAAW,CAAA,CAAE,CAAA,CAAE,MAAA,GAAS,CAAC,CAAA,GAAI,CAAA;AAEnC,IAAA,OAAO;AAAA,MACL,CAAA;AAAA,MACA,CAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,YAAY,OAAA,EAIf;AAED,IAAA,MAAM,IAAI,MAAM,iGAAiG,CAAA;AAAA,EACnH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAU,IAAA,EAKW;AACvB,IAAA,MAAM,IAAA,GAAOE,wBAAiB,IAAA,CAAK,IAAA,CAAK,QAAQ,IAAA,CAAK,KAAA,EAAO,KAAK,OAAO,CAAA;AAExE,IAAA,MAAM,OAAA,GAAU,IAAI,UAAA,CAAW,MAAA,CAAO,IAAA,CAAK,KAAK,KAAA,CAAM,CAAC,CAAA,EAAG,KAAK,CAAC,CAAA;AAChE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,WAAA,CAAY,OAAO,CAAA;AAa1C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,SAAS,KAAK,CAAA;AAC9C,IAAA,MAAM,CAAA,GAAI,IAAI,OAAA,CAAQ,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAA;AAElD,IAAA,OAAO,CAAA,EAAA,EAAK,IAAI,CAAA,EAAG,IAAI,GAAG,CAAC,CAAA,CAAA;AAAA,EAC/B;AACF;;;ACtHO,IAAK,gBAAA,qBAAAC,iBAAAA,KAAL;AACL,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,mBAAgB,IAAA,CAAA,GAAhB,eAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,kBAAe,IAAA,CAAA,GAAf,cAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,IAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,kBAAe,IAAA,CAAA,GAAf,cAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,IAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,IAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,0BAAuB,MAAA,CAAA,GAAvB,sBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,wBAAqB,MAAA,CAAA,GAArB,oBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,mBAAgB,KAAA,CAAA,GAAhB,eAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,oBAAiB,MAAA,CAAA,GAAjB,gBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,qBAAkB,MAAA,CAAA,GAAlB,iBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,sBAAmB,MAAA,CAAA,GAAnB,kBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,oBAAiB,MAAA,CAAA,GAAjB,gBAAA;AACA,EAAAA,iBAAAA,CAAAA,iBAAAA,CAAA,iBAAc,MAAA,CAAA,GAAd,aAAA;AAdU,EAAA,OAAAA,iBAAAA;AAAA,CAAA,EAAA,gBAAA,IAAA,EAAA;AAoBL,IAAM,WAAA,GAAN,cAA0B,KAAA,CAAM;AAAA,EACrC,WAAA,CACE,OAAA,EACgB,IAAA,EACA,aAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAHG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AAAA,EACd;AACF;AAEO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EACjD,WAAA,CAAY,OAAA,GAAU,2BAAA,EAA6B,aAAA,EAAyB;AAC1E,IAAA,KAAA,CAAM,OAAA,EAAS,0BAAgC,aAAa,CAAA;AAC5D,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAEO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EACjD,WAAA,CAAY,OAAA,GAAU,qCAAA,EAAuC,aAAA,EAAyB;AACpF,IAAA,KAAA,CAAM,OAAA,EAAS,yBAA+B,aAAa,CAAA;AAC3D,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAEO,IAAM,sBAAA,GAAN,cAAqC,WAAA,CAAY;AAAA,EACtD,WAAA,CAAY,OAAA,GAAU,gCAAA,EAAkC,aAAA,EAAyB;AAC/E,IAAA,KAAA,CAAM,OAAA,EAAS,+BAAqC,aAAa,CAAA;AACjE,IAAA,IAAA,CAAK,IAAA,GAAO,wBAAA;AAAA,EACd;AACF;AAEO,IAAM,iBAAA,GAAN,cAAgC,WAAA,CAAY;AAAA,EACjD,WAAA,CACE,OAAA,GAAU,eAAA,EACM,eAAA,EACA,eAChB,aAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAA,EAAS,+BAAqC,aAAa,CAAA;AAJjD,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA;AACA,IAAA,IAAA,CAAA,aAAA,GAAA,aAAA;AAIhB,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAEO,IAAM,kBAAA,GAAN,cAAiC,WAAA,CAAY;AAAA,EAClD,WAAA,CAAY,OAAA,GAAU,2BAAA,EAA6B,aAAA,EAAyB;AAC1E,IAAA,KAAA,CAAM,OAAA,EAAS,+BAAqC,aAAa,CAAA;AACjE,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF;AAEO,IAAM,mBAAA,GAAN,cAAkC,WAAA,CAAY;AAAA,EACnD,WAAA,CAAY,OAAA,GAAU,mCAAA,EAAqC,aAAA,EAAyB;AAClF,IAAA,KAAA,CAAM,OAAA,EAAS,mCAAuC,aAAa,CAAA;AACnE,IAAA,IAAA,CAAK,IAAA,GAAO,qBAAA;AAAA,EACd;AACF;AAKO,SAAS,qBAAqB,KAAA,EAA6B;AAChE,EAAA,IAAI,iBAAiB,WAAA,EAAa;AAChC,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,IAAA,MAAM,GAAA,GAAM,KAAA;AACZ,IAAA,MAAM,OAAO,GAAA,CAAI,IAAA;AACjB,IAAA,MAAMC,QAAAA,GAAU,IAAI,OAAA,IAAW,sBAAA;AAE/B,IAAA,QAAQ,IAAA;AAAM,MACZ,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,iBAAA,CAAkBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE7C,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,iBAAA,CAAkBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE7C,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,sBAAA,CAAuBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAElD,KAAK,IAAA;AACH,QAAA,OAAO,IAAI,kBAAA,CAAmBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE9C,KAAK,MAAA;AACH,QAAA,OAAO,IAAI,mBAAA,CAAoBA,QAAAA,EAAS,KAAK,CAAA;AAAA,MAE/C;AACE,QAAA,OAAO,IAAI,WAAA,CAAYA,QAAAA,EAAS,IAAA,IAAQ,IAAI,KAAK,CAAA;AAAA;AACrD,EACF;AAGA,EAAA,MAAM,UAAU,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AACrE,EAAA,OAAO,IAAI,WAAA,CAAY,OAAA,EAAS,EAAA,EAAI,KAAK,CAAA;AAC3C;;;ACxFO,IAAM,uBAAN,MAAiD;AAAA,EACtD,WAAA,CACmB,QAAA,EACA,eAAA,EACA,OAAA,EACjB;AAHiB,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AACA,IAAA,IAAA,CAAA,eAAA,GAAA,eAAA;AACA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAChB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMH,MAAc,aAAA,GAA+B;AAC3C,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,QAC7C,MAAA,EAAQ;AAAA,OACT,CAAA;AAED,MAAA,MAAM,aAAA,GAAgB,QAAA,CAAS,UAAA,EAAY,EAAE,CAAA;AAE7C,MAAA,IAAI,aAAA,KAAkB,KAAK,eAAA,EAAiB;AAC1C,QAAA,MAAM,IAAI,iBAAA;AAAA,UACR,CAAA,yBAAA,EAA4B,IAAA,CAAK,eAAe,CAAA,OAAA,EAAU,aAAa,CAAA,CAAA;AAAA,UACvE,IAAA,CAAK,eAAA;AAAA,UACL;AAAA,SACF;AAAA,MACF;AAAA,IACF,SAAS,KAAA,EAAO;AACd,MAAA,IAAI,iBAAiB,iBAAA,EAAmB;AACtC,QAAA,MAAM,KAAA;AAAA,MACR;AACA,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,UAAA,GAAqC;AACzC,IAAA,OAAO,IAAA,CAAK,OAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,YAAA,GAAoC;AAIxC,IAAA,OAAO,IAAI,WAAW,EAAE,CAAA;AAAA,EAC1B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,IAAI;AAEF,MAAA,MAAM,KAAK,aAAA,EAAc;AAGzB,MAAA,MAAM,aAAa,IAAA,GAAO,KAAA,CAAM,KAAK,SAAS,CAAA,CAC3C,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAGV,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,QAC5C,MAAA,EAAQ,eAAA;AAAA,QACR,MAAA,EAAQ,CAAC,UAAA,EAAY,IAAA,CAAK,OAAO;AAAA,OAClC,CAAA;AAGD,MAAA,MAAM,GAAA,GAAM,UAAU,UAAA,CAAW,IAAI,IAAI,SAAA,CAAU,KAAA,CAAM,CAAC,CAAA,GAAI,SAAA;AAE9D,MAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACtB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAC3B,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAE3B,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAC/C,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,EAAA,GAAK,CAAA,GAAI,CAAA,EAAG,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,CAAC,GAAG,EAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,IAAI,QAAA,CAAS,GAAA,CAAI,MAAM,GAAA,EAAK,GAAG,GAAG,EAAE,CAAA;AAC1C,MAAA,MAAM,OAAA,GAAU,CAAA,KAAM,EAAA,GAAK,CAAA,GAAI,CAAA;AAE/B,MAAA,OAAO,EAAE,CAAA,EAAG,CAAA,EAAG,OAAA,EAA0B;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBA,MAAM,YAAY,MAAA,EAIf;AACD,IAAA,IAAI;AAEF,MAAA,MAAM,KAAK,aAAA,EAAc;AAGzB,MAAA,MAAM,YAAY,IAAA,GAAO,KAAA,CAAM,KAAK,MAAM,CAAA,CACvC,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,KAAK,EAAE,CAAA;AAIV,MAAA,IAAI,SAAA;AACJ,MAAA,IAAI;AACF,QAAA,SAAA,GAAY,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,UACtC,MAAA,EAAQ,UAAA;AAAA,UACR,MAAA,EAAQ,CAAC,IAAA,CAAK,OAAA,EAAS,SAAS;AAAA,SACjC,CAAA;AAAA,MACH,SAAS,YAAA,EAAmB;AAE1B,QAAA,IAAI,YAAA,EAAc,IAAA,KAAS,CAAA,KAAA,IAAU,YAAA,EAAc,SAAS,IAAA,EAAM;AAChE,UAAA,MAAM,IAAI,KAAA;AAAA,YACR,oSAAA,IAKsB,cAAc,OAAA,IAAW,wBAAA;AAAA,WACjD;AAAA,QACF,CAAA,MAAO;AACL,UAAA,MAAM,YAAA;AAAA,QACR;AAAA,MACF;AAGA,MAAA,MAAM,GAAA,GAAM,UAAU,UAAA,CAAW,IAAI,IAAI,SAAA,CAAU,KAAA,CAAM,CAAC,CAAA,GAAI,SAAA;AAE9D,MAAA,IAAI,GAAA,CAAI,WAAW,GAAA,EAAK;AACtB,QAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0BAAA,EAA6B,GAAA,CAAI,MAAM,CAAA,CAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAC3B,MAAA,MAAM,CAAA,GAAI,IAAI,UAAA,CAAW,EAAE,CAAA;AAE3B,MAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAC/C,QAAA,CAAA,CAAE,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,EAAA,GAAK,CAAA,GAAI,CAAA,EAAG,EAAA,GAAK,CAAA,GAAI,CAAA,GAAI,CAAC,GAAG,EAAE,CAAA;AAAA,MAC3D;AAEA,MAAA,MAAM,IAAI,QAAA,CAAS,GAAA,CAAI,MAAM,GAAA,EAAK,GAAG,GAAG,EAAE,CAAA;AAE1C,MAAA,MAAM,OAAA,GAAW,CAAA,KAAM,EAAA,IAAM,CAAA,KAAM,IAAK,CAAA,GAAI,CAAA;AAE5C,MAAA,OAAO,EAAE,CAAA,EAAG,CAAA,EAAG,OAAA,EAA0B;AAAA,IAC3C,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,UAAU,KAAA,EAAwC;AACtD,IAAA,IAAI;AAEF,MAAA,MAAM,KAAK,aAAA,EAAc;AAEzB,MAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,QAAA,MAAM,IAAI,MAAM,uCAAuC,CAAA;AAAA,MACzD;AAEA,MAAA,MAAM,KAAA,GAAQ,KAAA;AAGd,MAAA,IAAI,CAAC,MAAM,MAAA,IAAU,CAAC,MAAM,KAAA,IAAS,CAAC,MAAM,OAAA,EAAS;AACnD,QAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,MACzE;AAGA,MAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ;AAAA,QAC5C,MAAA,EAAQ,sBAAA;AAAA,QACR,QAAQ,CAAC,IAAA,CAAK,SAAS,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC;AAAA,OAC7C,CAAA;AAED,MAAA,OAAO,SAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,qBAAqB,KAAK,CAAA;AAAA,IAClC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,aAAA,GAAkC;AACtC,IAAA,IAAI;AACF,MAAA,MAAM,UAAA,GAAa,IAAA,GAAO,IAAA,CAAK,eAAA,CAAgB,SAAS,EAAE,CAAA;AAE1D,MAAA,MAAM,IAAA,CAAK,SAAS,OAAA,CAAQ;AAAA,QAC1B,MAAA,EAAQ,4BAAA;AAAA,QACR,MAAA,EAAQ,CAAC,EAAE,OAAA,EAAS,YAAY;AAAA,OACjC,CAAA;AAED,MAAA,OAAO,IAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,UAAA,GAAa,qBAAqB,KAAK,CAAA;AAI7C,MAAA,IAAI,UAAA,CAAW,SAAS,IAAA,EAAM;AAC5B,QAAA,OAAO,KAAA;AAAA,MACT;AAGA,MAAA,IAAI,UAAA,CAAW,SAAS,IAAA,EAAM;AAC5B,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,WAAW,WAAA,EAUI;AACnB,IAAA,IAAI;AACF,MAAA,MAAM,IAAA,CAAK,SAAS,OAAA,CAAQ;AAAA,QAC1B,MAAA,EAAQ,yBAAA;AAAA,QACR,MAAA,EAAQ,CAAC,WAAW;AAAA,OACrB,CAAA;AAED,MAAA,OAAO,IAAA;AAAA,IACT,SAAS,KAAA,EAAO;AACd,MAAA,MAAM,UAAA,GAAa,qBAAqB,KAAK,CAAA;AAG7C,MAAA,IAAI,UAAA,CAAW,SAAS,IAAA,EAAM;AAC5B,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,MAAM,UAAA;AAAA,IACR;AAAA,EACF;AACF;AC1SA,SAAS,aAAa,IAAA,EAAwD;AAC5E,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,IAAA,IAAI,IAAA,YAAgB,UAAA,IAAc,IAAA,YAAgB,WAAA,EAAa;AAC7D,MAAA,MAAM,QAAQ,IAAA,YAAgB,UAAA,GAAa,IAAA,GAAO,IAAI,WAAW,IAAI,CAAA;AACrE,MAAA,MAAM,MAAA,GAAS,MAAA,CAAO,YAAA,CAAa,GAAG,KAAK,CAAA;AAC3C,MAAA,OAAA,CAAQ,IAAA,CAAK,MAAM,CAAC,CAAA;AAAA,IACtB,CAAA,MAAA,IAAW,gBAAgB,IAAA,EAAM;AAC/B,MAAA,MAAM,MAAA,GAAS,IAAI,UAAA,EAAW;AAC9B,MAAA,MAAA,CAAO,YAAY,MAAM;AACvB,QAAA,MAAM,MAAA,GAAU,OAAO,MAAA,CAAkB,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,KAAM,MAAA,CAAO,MAAA;AAClE,QAAA,OAAA,CAAQ,MAAM,CAAA;AAAA,MAChB,CAAA;AACA,MAAA,MAAA,CAAO,OAAA,GAAU,MAAA;AACjB,MAAA,MAAA,CAAO,cAAc,IAAI,CAAA;AAAA,IAC3B,CAAA,MAAO;AACL,MAAA,MAAA,CAAO,IAAI,KAAA,CAAM,uBAAuB,CAAC,CAAA;AAAA,IAC3C;AAAA,EACF,CAAC,CAAA;AACH;AASA,eAAsB,WACpB,OAAA,EAC0B;AAC1B,EAAA,MAAM;AAAA,IACJ,OAAA;AAAA,IACA,MAAA;AAAA,IACA,WAAA;AAAA,IACA,IAAA;AAAA,IACA;AAAA,GACF,GAAI,OAAA;AAGJ,EAAA,IAAI,CAAC,MAAA,EAAQ;AACX,IAAA,MAAM,IAAI,MAAM,oBAAoB,CAAA;AAAA,EACtC;AACA,EAAA,IAAI,CAAC,WAAA,EAAa;AAChB,IAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,EAC3C;AAGA,EAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAa,IAAI,CAAA;AAGvC,EAAA,IAAI,WAAA;AACJ,EAAA,IAAI,aAAA,EAAe;AACjB,IAAA,WAAA,GAAc,aAAA;AAAA,EAChB,CAAA,MAAO;AACL,IAAA,WAAA,GAAcC,uBAAM,MAAA,CAAO;AAAA,MACzB,OAAA,EAAS,OAAA,CAAQ,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AAAA,MACnC,eAAA,EAAiB,IAAA;AAAA,MACjB,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,kBAAA;AAAA,QAChB,WAAA,EAAa,OAAO,MAAM,CAAA;AAAA,QAC1B,aAAA,EAAe,UAAU,WAAW,CAAA;AAAA;AACtC,KACD,CAAA;AAAA,EACH;AAGA,EAAA,MAAM,QAAA,GAAW,MAAM,WAAA,CAAY,IAAA,CAA0E,cAAA,EAAgB;AAAA,IAC3H;AAAA,GACD,CAAA;AAED,EAAA,IAAI,CAAC,SAAS,IAAA,EAAM,EAAA,IAAM,CAAC,QAAA,CAAS,IAAA,EAAM,MAAM,GAAA,EAAK;AACnD,IAAA,MAAM,YAAA,GAAgB,QAAA,CAAS,IAAA,EAAc,KAAA,EAAO,OAAA,IAAW,uBAAA;AAC/D,IAAA,MAAM,IAAI,MAAM,YAAY,CAAA;AAAA,EAC9B;AAEA,EAAA,OAAO,EAAE,GAAA,EAAK,QAAA,CAAS,IAAA,CAAK,KAAK,GAAA,EAAI;AACvC;AAqBA,SAAS,mBAAmB,CAAA,EAAmB;AAC7C,EAAA,OAAO,CAAA,CAAE,SAAS,GAAG,CAAA,GAAI,EAAE,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,GAAI,CAAA;AAC5C;AASA,eAAsB,qBACpB,OAAA,EACyC;AACzC,EAAA,MAAM;AAAA,IACJ,OAAA;AAAA,IACA,MAAA;AAAA,IACA,WAAA;AAAA,IACA,IAAA;AAAA,IACA,WAAA,GAAc,0BAAA;AAAA,IACd;AAAA,GACF,GAAI,OAAA;AAEJ,EAAA,MAAM,CAAA,GAA8B,WAAY,UAAA,CAAmB,KAAA;AACnE,EAAA,IAAI,OAAO,MAAM,UAAA,EAAY;AAC3B,IAAA,MAAM,IAAI,MAAM,wDAAwD,CAAA;AAAA,EAC1E;AAEA,EAAA,MAAM,IAAA,GAAO,mBAAmB,OAAO,CAAA;AAGvC,EAAA,MAAM,UAAA,GAAa,MAAM,CAAA,CAAE,CAAA,EAAG,IAAI,CAAA,aAAA,CAAA,EAAiB;AAAA,IACjD,MAAA,EAAQ,MAAA;AAAA,IACR,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,kBAAA;AAAA,MAChB,GAAI,SAAS,EAAE,WAAA,EAAa,OAAO,MAAM,CAAA,KAAM,EAAC;AAAA,MAChD,GAAI,cAAc,EAAE,aAAA,EAAe,UAAU,WAAW,CAAA,CAAA,KAAO;AAAC,KAClE;AAAA;AAAA,IAEA,MAAM,IAAA,CAAK,SAAA,CAAU,EAAE,EAAA,EAAI,KAAA,EAAO,aAAa,CAAA;AAAA;AAAA,IAE/C,WAAA,EAAa;AAAA,GACd,CAAA;AAED,EAAA,MAAM,WAAA,GAAmB,MAAM,UAAA,CAAW,IAAA,EAAK;AAC/C,EAAA,IAAI,CAAC,UAAA,CAAW,EAAA,IAAO,WAAA,IAAe,WAAA,CAAY,OAAO,KAAA,EAAQ;AAC/D,IAAA,MAAM,GAAA,GACH,eAAe,WAAA,CAAY,KAAA,IAAS,YAAY,KAAA,CAAM,OAAA,IACvD,CAAA,2BAAA,EAA8B,UAAA,CAAW,MAAM,CAAA,CAAA;AACjD,IAAA,MAAM,IAAI,KAAA,CAAM,OAAO,GAAA,KAAQ,QAAA,GAAW,MAAM,gBAAgB,CAAA;AAAA,EAClE;AACA,EAAA,MAAM,GAAA,GAAc,WAAA,EAAa,IAAA,EAAM,GAAA,IAAO,WAAA,EAAa,GAAA;AAC3D,EAAA,MAAM,KAAA,GAAgB,WAAA,EAAa,IAAA,EAAM,WAAA,IAAe,WAAA,EAAa,KAAA;AACrE,EAAA,IAAI,CAAC,GAAA,IAAO,CAAC,KAAA,EAAO;AAClB,IAAA,MAAM,IAAI,MAAM,gDAAgD,CAAA;AAAA,EAClE;AAGA,EAAA,MAAM,UAAA,GAAqC;AAAA,IACzC,cAAA,EAAgB,WAAA;AAAA,IAChB,8BAAA,EAAgC;AAAA,GAClC;AAEA,EAAA,MAAM,OACJ,OAAO,IAAA,KAAS,WAAA,IAAgB,IAAA,YAAwB,OAAQ,IAAA,GAAgB,IAAA;AAElF,EAAA,MAAM,MAAA,GAAS,MAAM,CAAA,CAAE,GAAA,EAAK;AAAA,IAC1B,MAAA,EAAQ,KAAA;AAAA,IACR,OAAA,EAAS,UAAA;AAAA,IACT,IAAA;AAAA;AAAA;AAAA,IAGA,IAAA,EAAM;AAAA,GACP,CAAA;AAED,EAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,IAAA,MAAM,OAAO,MAAM,MAAA,CAAO,MAAK,CAAE,KAAA,CAAM,MAAM,EAAE,CAAA;AAC/C,IAAA,MAAM,IAAI,MAAM,CAAA,kBAAA,EAAqB,MAAA,CAAO,MAAM,CAAA,GAAA,EAAM,IAAA,IAAQ,MAAA,CAAO,UAAU,CAAA,CAAE,CAAA;AAAA,EACrF;AAEA,EAAA,OAAO,EAAE,OAAO,GAAA,EAAI;AACtB;;;AChMO,IAAM,SAAA,GAAY;AAKlB,IAAM,YAAA,GAAe;ACVrB,SAAS,iBAAiB,KAAA,EAA8B;AAG7D,EAAA,MAAM,KAAA,GAAQC,gBAAS,eAAA,EAAgB;AACvC,EAAA,MAAM,SAAA,GAAY,wCAAA;AAClB,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,GAAA,CAAI,CAAC,MAAM,CAAC,CAAA,CAAE,MAAA,EAAQ,CAAA,CAAE,KAAA,EAAO,CAAA,CAAE,IAAA,EAAM,CAAA,CAAE,QAAQ,CAAC,CAAA;AACvE,EAAA,MAAM,OAAA,GAAU,MAAM,MAAA,CAAO,CAAC,SAAS,CAAA,EAAG,CAAC,MAAM,CAAC,CAAA;AAClD,EAAA,OAAOC,iBAAU,OAAgC,CAAA;AACnD;;;ACHO,IAAM,MAAA,GAAS,CAAC,OAAA,EAAiB,iBAAA,MAAsC;AAAA,EAC5E,IAAA,EAAM,MAAA;AAAA,EACN,OAAA,EAAS,GAAA;AAAA,EACT,OAAA;AAAA,EACA;AACF,CAAA;AAGO,IAAM,aAAA,GAAgB;AAEtB,IAAM,KAAA,GAAQ;AAAA,EACnB,IAAA,EAAM;AAAA,IACJ,EAAE,IAAA,EAAM,QAAA,EAAU,IAAA,EAAM,SAAA,EAAU;AAAA,IAClC,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,OAAA,EAAQ;AAAA,IAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,IACjC,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,SAAA;AAAU,GACtC;AAAA,EACA,WAAA,EAAa;AAAA,IACX,EAAE,IAAA,EAAM,SAAA,EAAW,IAAA,EAAM,SAAA,EAAU;AAAA,IACnC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,IACtC,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,QAAA,EAAS;AAAA,IACpC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,QAAA,EAAS;AAAA,IAChC,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,QAAA,EAAS;AAAA,IACpC,EAAE,IAAA,EAAM,UAAA,EAAY,IAAA,EAAM,SAAA,EAAU;AAAA,IACpC,EAAE,IAAA,EAAM,oBAAA,EAAsB,IAAA,EAAM,SAAA,EAAU;AAAA,IAC9C,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,IACvC,EAAE,IAAA,EAAM,cAAA,EAAgB,IAAA,EAAM,SAAA,EAAU;AAAA,IACxC,EAAE,IAAA,EAAM,sBAAA,EAAwB,IAAA,EAAM,SAAA,EAAU;AAAA,IAChD,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA;AAAU,GACzC;AAAA,EACA,WAAA,EAAa;AAAA,IACX,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,aAAA,EAAc;AAAA,IACpC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,QAAA,EAAS;AAAA,IAChC,EAAE,IAAA,EAAM,cAAA,EAAgB,IAAA,EAAM,MAAA,EAAO;AAAA,IACrC,EAAE,IAAA,EAAM,WAAA,EAAa,IAAA,EAAM,SAAA;AAAU;AAEzC;AAQO,SAAS,wBAAwB,KAAA,EAetC;AACA,EAAA,MAAM,SAAA,GAAY,gBAAA,CAAiB,KAAA,CAAM,KAAK,CAAA;AAC9C,EAAA,MAAM,MAAA,GAAS,OAAO,MAAA,CAAO,KAAA,CAAM,KAAK,OAAO,CAAA,EAAG,MAAM,cAAc,CAAA;AAGtE,EAAA,MAAM,SAAA,GAAY,CAAC,GAAA,KAAiB,GAAA,CAAI,WAAW,IAAI,CAAA,GAAI,GAAA,GAAM,CAAA,EAAA,EAAK,GAAG,CAAA,CAAA;AAIzE,EAAA,MAAM,UAAA,GAAa;AAAA,IACjB,OAAA,EAAS,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAClC,UAAA,EAAY,SAAA,CAAU,KAAA,CAAM,IAAA,CAAK,UAAU,CAAA;AAAA,IAC3C,SAAA,EAAW,MAAM,IAAA,CAAK,SAAA;AAAA,IACtB,KAAA,EAAO,MAAM,IAAA,CAAK,KAAA;AAAA,IAClB,SAAA,EAAW,MAAA,CAAO,KAAA,CAAM,IAAA,CAAK,SAAS,CAAA;AAAA,IACtC,QAAA,EAAU,SAAA,CAAU,KAAA,CAAM,IAAA,CAAK,QAAQ,CAAA;AAAA,IACvC,kBAAA,EAAoB,SAAA,CAAU,KAAA,CAAM,IAAA,CAAK,kBAAkB,CAAA;AAAA,IAC3D,WAAA,EAAa,MAAM,IAAA,CAAK,WAAA;AAAA,IACxB,YAAA,EAAc,MAAM,IAAA,CAAK,YAAA;AAAA,IACzB,oBAAA,EAAsB,MAAM,IAAA,CAAK,oBAAA;AAAA,IACjC,WAAA,EAAa,MAAM,IAAA,CAAK;AAAA,GAC1B;AAGA,EAAA,MAAM,WAAA,GAAc,KAAA,CAAM,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU;AAAA,IAC7C,MAAA,EAAQ,SAAA,CAAU,IAAA,CAAK,MAAM,CAAA;AAAA,IAC7B,IAAA,EAAM,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA;AAAA,IACzB,OAAO,IAAA,CAAK,KAAA;AAAA,IACZ,UAAU,IAAA,CAAK;AAAA,GACjB,CAAE,CAAA;AAEF,EAAA,OAAO;AAAA,IACL,MAAA;AAAA,IACA,WAAA,EAAa,aAAA;AAAA,IACb,OAAA,EAAS;AAAA,MACP,IAAA,EAAM,UAAA;AAAA,MACN,KAAA,EAAO,WAAA;AAAA,MACP,YAAA,EAAc,MAAM,YAAA,IAAgB,IAAA;AAAA,MACpC;AAAA,KACF;AAAA,IACA;AAAA,GACF;AACF;AAKA,eAAsB,YAAY,KAAA,EAS/B;AAED,EAAA,IAAI,KAAA,CAAM,KAAK,WAAA,EAAY,KAAM,MAAM,IAAA,CAAK,UAAA,CAAW,aAAY,EAAG;AACpE,IAAA,MAAM,IAAI,KAAA;AAAA,MACR,iBAAiB,KAAA,CAAM,IAAI,CAAA,6BAAA,EAAgC,KAAA,CAAM,KAAK,UAAU,CAAA,CAAA;AAAA,KAClF;AAAA,EACF;AAGA,EAAA,MAAM,UAAU,uBAAA,CAAwB;AAAA,IACtC,MAAM,KAAA,CAAM,IAAA;AAAA,IACZ,OAAO,KAAA,CAAM,KAAA;AAAA,IACb,gBAAgB,KAAA,CAAM;AAAA,GACvB,CAAA;AAGD,EAAA,IAAI,CAAC,KAAA,CAAM,MAAA,CAAO,SAAA,EAAW;AAC3B,IAAA,MAAM,IAAI,MAAM,mDAAmD,CAAA;AAAA,EACrE;AAGA,EAAA,MAAM,SAAA,GAAY;AAAA,IAChB,QAAQ,OAAA,CAAQ,MAAA;AAAA,IAChB,KAAA,EAAO,KAAA;AAAA,IACP,aAAa,OAAA,CAAQ,WAAA;AAAA,IACrB,SAAS,OAAA,CAAQ;AAAA,GACnB;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,KAAA,CAAM,MAAA,CAAO,UAAU,SAAS,CAAA;AAEzD,EAAA,OAAO;AAAA,IACL,UAAA;AAAA,IACA,WAAW,OAAA,CAAQ;AAAA,GACrB;AACF;AC1IA,eAAsB,kBAAkB,KAAA,EAKR;AAC9B,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,OAAA,EAAS,OAAM,GAAI,KAAA;AAG5C,EAAA,IAAI,YAAY,CAAA,EAAG;AACjB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,6CAAA,CAA+C,CAAA;AAAA,EACrF;AAEA,EAAA,IAAI,QAAQ,EAAA,EAAI;AACd,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,oBAAA,CAAsB,CAAA;AAAA,EAC5D;AAEA,EAAA,IAAI,CAAC,OAAA,CAAQ,UAAA,CAAW,IAAI,CAAA,IAAK,OAAA,CAAQ,WAAW,EAAA,EAAI;AACtD,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wCAAA,CAA0C,CAAA;AAAA,EAChF;AASA,EAAA,MAAM,SAASC,wBAAA,CAAkB;AAAA,IAC/B,OAAA,EAAS,OAAO,OAAO,CAAA;AAAA,IACvB,OAAA,EAAS,QAAQ,WAAA,EAAY;AAAA,IAC7B;AAAA,GACD,CAAA;AAGD,EAAA,MAAM,WAAA,GAAcC,gBAAS,MAAM,CAAA;AAKnC,EAAA,IAAI,GAAA,GAAM,MAAM,MAAA,CAAO,WAAA,CAAY,WAAW,CAAA;AAI9C,EAAA,MAAM,OAAA,GAAU,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,GAAA,CAAI,CAAC,EAAE,GAAA,CAAI,CAAA,CAAA,KAAK,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAClG,EAAA,MAAM,WAAA,GAAcT,oBAAU,KAAA,CAAM,CAAA;AACpC,EAAA,MAAM,QAAQ,WAAA,GAAc,EAAA;AAE5B,EAAA,IAAI,SAAS,GAAA,CAAI,CAAA;AACjB,EAAA,IAAI,eAAe,GAAA,CAAI,OAAA;AAEvB,EAAA,IAAI,UAAU,KAAA,EAAO;AAEnB,IAAA,MAAM,cAAc,WAAA,GAAc,OAAA;AAClC,IAAA,MAAM,iBAAiB,WAAA,CAAY,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,IAAI,GAAG,CAAA;AAGhE,IAAA,MAAA,GAAS,IAAI,WAAW,EAAE,CAAA;AAC1B,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,MAAA,MAAA,CAAO,CAAC,CAAA,GAAI,QAAA,CAAS,cAAA,CAAe,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,IACjE;AAGA,IAAA,YAAA,GAAe,YAAA,KAAiB,IAAI,CAAA,GAAI,CAAA;AAAA,EAE1C;AAGA,EAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC,CAAA,CAC1B,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACV,EAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,MAAM,CAAA,CAC3B,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AAEV,EAAA,OAAO;AAAA,IACL,OAAA;AAAA,IACA,OAAA,EAAS,QAAQ,WAAA,EAAY;AAAA,IAC7B,KAAA;AAAA,IACA,OAAA,EAAS,YAAA;AAAA,IACT,CAAA,EAAG,KAAK,IAAI,CAAA,CAAA;AAAA,IACZ,CAAA,EAAG,KAAK,IAAI,CAAA;AAAA,GACd;AACF;;;AC9EA,eAAsB,YAAA,CACpB,MAAA,EACA,IAAA,EACA,IAAA,EACiB;AACjB,EAAA,IAAI,CAAC,OAAO,mBAAA,EAAqB;AAC/B,IAAA,MAAM,IAAI,MAAM,8EAA8E,CAAA;AAAA,EAChG;AAIA,EAAA,MAAM,KAAA,GAAQ,MAAM,MAAA,CAAO,mBAAA,CAAoB,MAAM,QAAQ,CAAA;AAG7D,EAAA,IAAI,SAAS,MAAA,EAAQ;AACnB,IAAA,OAAO,KAAA,GAAQ,EAAA;AAAA,EACjB,CAAA,MAAO;AAEL,IAAA,OAAO,KAAA;AAAA,EACT;AACF;ACcO,SAAS,qBAAA,CACd,SACA,OAAA,EACoB;AACpB,EAAA,IAAI,gBAAA,GAIO,IAAA;AAKX,EAAA,MAAM,YAAA,GAAe,QAAQ,YAAA,IAAgB,CAAA;AAC7C,EAAA,IAAI,gBAAA,GAAkC,IAAA;AACtC,EAAA,IAAI,SAAA,GAAkD,IAAA;AAEtD,EAAA,MAAM,mBAAmB,MAAe;AAGtC,IAAA,IAAI,YAAA,IAAgB,GAAG,OAAO,KAAA;AAC9B,IAAA,IAAI,CAAC,kBAAkB,OAAO,IAAA;AAC9B,IAAA,OAAO,IAAA,CAAK,KAAI,IAAK,gBAAA;AAAA,EACvB,CAAA;AAEA,EAAA,MAAM,oBAAoB,MAAY;AACpC,IAAA,IAAI,gBAAgB,CAAA,EAAG;AAGvB,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,YAAA,CAAa,SAAS,CAAA;AACtB,MAAA,SAAA,GAAY,IAAA;AAAA,IACd;AAGA,IAAA,gBAAA,GAAmB,IAAA,CAAK,KAAI,GAAI,YAAA;AAGhC,IAAA,SAAA,GAAY,WAAW,YAAY;AACjC,MAAA,MAAM,IAAA,EAAK;AAAA,IACb,GAAG,YAAY,CAAA;AAAA,EACjB,CAAA;AAEA,EAAA,MAAM,OAAO,YAA2B;AACtC,IAAA,IAAI,SAAA,EAAW;AACb,MAAA,YAAA,CAAa,SAAS,CAAA;AACtB,MAAA,SAAA,GAAY,IAAA;AAAA,IACd;AACA,IAAA,gBAAA,GAAmB,IAAA;AAEnB,IAAA,IAAI,gBAAA,EAAkB;AACpB,MAAA,OAAA,CAAQ,iBAAiB,UAAU,CAAA;AACnC,MAAA,OAAA,CAAQ,iBAAiB,SAAS,CAAA;AAClC,MAAA,gBAAA,GAAmB,IAAA;AAAA,IACrB;AAAA,EACF,CAAA;AAEA,EAAA,MAAM,aAAA,GAAgB,OAAO,IAAA,KAAqE;AAEhG,IAAA,IAAI,IAAA,EAAM,SAAS,gBAAA,EAAkB;AACnC,MAAA,MAAM,IAAA,EAAK;AAAA,IACb;AAGA,IAAA,IAAI,gBAAA,IAAoB,CAAC,gBAAA,EAAiB,EAAG;AAC3C,MAAA,iBAAA,EAAkB;AAClB,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,gBAAA,IAAoB,kBAAiB,EAAG;AAC1C,MAAA,MAAM,IAAA,EAAK;AAAA,IACb;AAGA,IAAA,MAAM,OAAA,GAAU,aAAA,CAAc,OAAA,CAAQ,QAAQ,CAAA;AAG9C,IAAA,MAAM,EAAE,SAAA,EAAU,GAAI,MAAM,QAAQ,YAAA,CAAa;AAAA,MAC/C,IAAA,EAAM,OAAA;AAAA,MACN,YAAA,EAAc,QAAQ,QAAA,CAAS;AAAA,KAChC,CAAA;AAGD,IAAA,MAAM,OAAA,GAAU,SAAA;AAGhB,IAAA,MAAM,MAAM,OAAA,CAAQ,GAAA,IAAO,IAAI,WAAA,EAAY,CAAE,OAAO,qBAAqB,CAAA;AACzE,IAAA,MAAM,UAAW,MAAM,gBAAA;AAAA,MACrB,QAAQ,aAAA,CAAc,MAAA;AAAA,MACtB,OAAA;AAAA,MACA,GAAA;AAAA,MACA,QAAQ,aAAA,CAAc;AAAA,KACxB;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,aAAA,CAAc,OAAO,CAAA;AAG9C,IAAA,MAAM,OAAA,GAAU,YAAA,CAAa,EAAE,UAAA,EAAY,CAAA;AAG3C,IAAA,OAAA,CAAQ,OAAO,CAAA;AAGf,IAAA,gBAAA,GAAmB;AAAA,MACjB,YAAY,OAAA,CAAQ,UAAA;AAAA,MACpB,WAAW,OAAA,CAAQ,SAAA;AAAA,MACnB,SAAS,OAAA,CAAQ;AAAA,KACnB;AAGA,IAAA,OAAA,CAAQ,UAAU,CAAA;AAClB,IAAA,OAAA,CAAQ,OAAO,CAAA;AACf,IAAA,OAAA,CAAQ,OAAO,CAAA;AAGf,IAAA,iBAAA,EAAkB;AAAA,EACpB,CAAA;AAEA,EAAA,MAAM,aAAa,YAAoC;AACrD,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AACzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,iBAAA,CAAkB,iBAAiB,OAAO,CAAA;AAAA,EACnD,CAAA;AAEA,EAAA,MAAM,WAAA,GAAc,OAAO,MAAA,KAIrB;AACJ,IAAA,IAAI,MAAA,CAAO,WAAW,EAAA,EAAI;AACxB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,qCAAA,EAAwC,MAAA,CAAO,MAAM,CAAA,CAAE,CAAA;AAAA,IAC7F;AAGA,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AAEzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AAGA,IAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,gBAAA,CAAiB,UAAA,EAAY,MAAM,CAAA;AAEvD,IAAA,OAAO;AAAA,MACL,GAAG,GAAA,CAAI,CAAA;AAAA,MACP,GAAG,GAAA,CAAI,CAAA;AAAA,MACP,SAAS,GAAA,CAAI;AAAA,KACf;AAAA,EACF,CAAA;AAEA,EAAA,MAAM,aAAA,GAAgB,OAAO,KAAA,KAAkD;AAE7E,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AAEzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AAMA,IAAA,MAAM,IAAA,GAAOE,wBAAiB,IAAA,CAAK,KAAA,CAAM,QAAQ,KAAA,CAAM,KAAA,EAAO,MAAM,OAAO,CAAA;AAC3E,IAAA,MAAM,OAAA,GAAU,IAAA;AAGhB,IAAA,MAAM,YAAA,GAAe,IAAI,UAAA,CAAW,EAAE,CAAA;AACtC,IAAA,MAAM,GAAA,GAAM,QAAQ,UAAA,CAAW,IAAI,IAAI,OAAA,CAAQ,KAAA,CAAM,CAAC,CAAA,GAAI,OAAA;AAC1D,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,MAAA,YAAA,CAAa,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,IAC5D;AAGA,IAAA,MAAM,GAAA,GAAM,OAAA,CAAQ,gBAAA,CAAiB,UAAA,EAAY,YAAY,CAAA;AAG7D,IAAA,MAAM,CAAA,GAAI,IAAI,OAAA,GAAU,EAAA;AACxB,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC,CAAA,CAC1B,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACV,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA,CAAK,IAAI,CAAC,CAAA,CAC1B,IAAI,CAAC,CAAA,KAAM,EAAE,QAAA,CAAS,EAAE,EAAE,QAAA,CAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAC1C,KAAK,EAAE,CAAA;AACV,IAAA,MAAM,OAAO,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,QAAA,CAAS,GAAG,GAAG,CAAA;AAE3C,IAAA,OAAO,CAAA,EAAA,EAAK,IAAI,CAAA,EAAG,IAAI,GAAG,IAAI,CAAA,CAAA;AAAA,EAChC,CAAA;AAEA,EAAA,MAAM,eAAe,YAAiC;AACpD,IAAA,MAAM,aAAA,CAAc,EAAoB,CAAC,CAAA;AACzC,IAAA,IAAI,CAAC,gBAAA,EAAkB;AACrB,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,yBAAA,CAA2B,CAAA;AAAA,IACjE;AACA,IAAA,OAAO,IAAI,UAAA,CAAW,gBAAA,CAAiB,SAAS,CAAA;AAAA,EAClD,CAAA;AAEA,EAAA,OAAO;AAAA,IACL,cAAA,EAAgB,SAAA;AAAA,IAChB,aAAA;AAAA,IACA,UAAA;AAAA,IACA,WAAA;AAAA,IACA,aAAA;AAAA,IACA,YAAA;AAAA,IACA,IAAA;AAAA,IACA,YAAA,EAAc;AAAA,MACZ,SAAA,EAAW,IAAA;AAAA,MACX,IAAA,EAAM;AAAA;AAAA;AACR,GACF;AACF;;;AC1PO,SAAS,kBAAkB,SAAA,EAA6C;AAC7E,EAAA,OAAO;AAAA,IACL,cAAA,EAAgB,KAAA;AAAA,IAChB,aAAA,EAAe,MAAM,SAAA,CAAU,aAAA,EAAc;AAAA,IAC7C,UAAA,EAAY,MAAM,SAAA,CAAU,UAAA,EAAW;AAAA,IACvC,WAAA,EAAa,CAAC,MAAA,KAAW,SAAA,CAAU,YAAY,MAAM,CAAA;AAAA,IACrD,aAAA,EAAe,CAAC,KAAA,KAAU,SAAA,CAAU,cAAc,KAAK,CAAA;AAAA,IACvD,cAAc,SAAA,CAAU,YAAA,GAAe,MAAM,SAAA,CAAU,cAAc,GAAI,MAAA;AAAA,IACzE,YAAA,EAAc;AAAA,MACZ,SAAA,EAAW,IAAA;AAAA,MACX,IAAA,EAAM;AAAA;AAAA;AACR,GACF;AACF;;;ACOA,eAAsB,aAAa,GAAA,EAA+C;AAChF,EAAA,MAAM,EAAE,UAAS,GAAI,GAAA;AAKrB,EAAA,IAAI,SAAS,YAAA,EAAc;AACzB,IAAA,OAAO,IAAI,qBAAqB,QAAQ,CAAA;AAAA,EAC1C;AAIA,EAAA,MAAM,IAAI,KAAA;AAAA,IACR,GAAG,iBAAiB,CAAA,uIAAA;AAAA,GAEtB;AACF;AAMA,IAAM,uBAAN,MAAiD;AAAA,EAC/C,YAAoB,QAAA,EAA8B;AAA9B,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAClB,IAAA,IAAI,CAAC,SAAS,YAAA,EAAc;AAC1B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wCAAA,CAA0C,CAAA;AAAA,IAChF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,GAAoC;AACxC,IAAA,OAAO,IAAA,CAAK,SAAS,YAAA,EAAc;AAAA,EACrC;AAAA,EAEA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,WAAA,CAAY,SAAS,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,YAAY,MAAA,EAIf;AAGD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,WAAA,CAAY,MAAM,CAAA;AAAA,EACzC;AAAA,EAEA,MAAM,UAAW,KAAA,EAAwC;AACvD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,MAAA,MAAM,KAAA,GAAQ,KAAA;AACd,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,aAAA,CAAc,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,0BAAA,CAA4B,CAAA;AAAA,EAClE;AACF,CAAA;;;ACvFA,IAAMQ,wBAAN,MAAiD;AAAA,EAC/C,YAAoB,QAAA,EAA8B;AAA9B,IAAA,IAAA,CAAA,QAAA,GAAA,QAAA;AAClB,IAAA,IAAI,CAAC,SAAS,YAAA,EAAc;AAC1B,MAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,wCAAA,CAA0C,CAAA;AAAA,IAChF;AAAA,EACF;AAAA,EAEA,MAAM,YAAA,GAAoC;AACxC,IAAA,OAAO,IAAA,CAAK,SAAS,YAAA,EAAc;AAAA,EACrC;AAAA,EAEA,MAAM,YAAY,SAAA,EAIf;AACD,IAAA,OAAO,IAAA,CAAK,QAAA,CAAS,WAAA,CAAY,SAAS,CAAA;AAAA,EAC5C;AAAA,EAEA,MAAM,YAAY,OAAA,EAIf;AAGD,IAAA,MAAM,IAAI,MAAM,uGAAuG,CAAA;AAAA,EACzH;AAAA,EAEA,MAAM,UAAW,KAAA,EAAwC;AACvD,IAAA,IAAI,OAAO,KAAA,KAAU,QAAA,IAAY,KAAA,KAAU,IAAA,EAAM;AAC/C,MAAA,MAAM,KAAA,GAAQ,KAAA;AACd,MAAA,OAAO,IAAA,CAAK,QAAA,CAAS,aAAA,CAAc,KAAK,CAAA;AAAA,IAC1C;AACA,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,iBAAiB,CAAA,0BAAA,CAA4B,CAAA;AAAA,EAClE;AACF,CAAA;AAyBA,eAAsBC,cACpB,GAAA,EACmD;AACnD,EAAA,MAAM,EAAE,QAAA,EAAU,OAAA,EAAQ,GAAI,GAAA;AAG9B,EAAA,IAAI,QAAA,EAAU;AAEZ,IAAA,IAAI,CAAC,SAAS,YAAA,EAAc;AAC1B,MAAA,MAAM,IAAI,KAAA;AAAA,QACR,GAAG,iBAAiB,CAAA,0IAAA;AAAA,OAEtB;AAAA,IACF;AAGA,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,WAAA;AAAA;AAAA,MACN,MAAA,EAAQ,IAAID,qBAAAA,CAAqB,QAAQ;AAAA,KAC3C;AAAA,EACF;AAGA,EAAA,IAAI,OAAA,EAAS;AACX,IAAA,OAAO;AAAA,MACL,IAAA,EAAM,WAAA;AAAA,MACN,MAAA,EAAQ,IAAI,uBAAA,CAAwB,OAAO;AAAA,KAC7C;AAAA,EACF;AAGA,EAAA,MAAM,IAAI,KAAA;AAAA,IACR,GAAG,iBAAiB,CAAA,sGAAA;AAAA,GACtB;AACF","file":"index.cjs","sourcesContent":["/*\n Base error class for Volr SDK\n /\nexport class VolrError extends Error {\n constructor(\n public readonly code: string,\n message: string,\n public readonly cause?: Error\n ) {\n super(message);\n this.name = 'VolrError';\n Object.setPrototypeOf(this, VolrError.prototype);\n }\n}\n\n/\n Error codes\n /\nexport const ERR_INVALID_PARAM = 'ERR_INVALID_PARAM';\nexport const ERR_CRYPTO_FAIL = 'ERR_CRYPTO_FAIL';\nexport const ERR_AAD_MISMATCH = 'ERR_AAD_MISMATCH';\nexport const ERR_NONCE_SIZE = 'ERR_NONCE_SIZE';\nexport const ERR_LOW_ENTROPY = 'ERR_LOW_ENTROPY';\nexport const ERR_CHAIN_MISMATCH = 'ERR_CHAIN_MISMATCH';\n\n","import { hkdf } from '@noble/hashes/hkdf';\nimport { sha256 } from '@noble/hashes/sha256';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n HKDF-SHA256 key derivation\n * \n * @param ikm - Input Key Material (32 bytes recommended)\n * @param salt - Salt (can be empty, but 32 bytes recommended)\n * @param info - Application-specific info string\n * @param len - Output length in bytes (default: 32)\n * @returns Derived key material\n * @throws VolrError if info is empty or other validation fails\n * \n * @example\n * ```ts\n * const ikm = new Uint8Array(32).fill(0x01);\n * const salt = new Uint8Array(32).fill(0x02);\n * const key = hkdfSha256(ikm, salt, 'volr/wrap-key/v1', 32);\n * ```\n /\nexport function hkdfSha256(\n ikm: Uint8Array,\n salt: Uint8Array,\n info: string,\n len: number = 32\n): Uint8Array {\n if (!info \|\| info.length === 0) {\n throw new Error(`${ERR_INVALID_PARAM}: info cannot be empty`);\n }\n\n if (len < 1 \|\| len > 255 32) {\n throw new Error(`${ERR_INVALID_PARAM}: len must be between 1 and ${255 * 32}`);\n }\n\n try {\n const derived = hkdf(sha256, ikm, salt, info, len);\n return derived;\n } catch (error) {\n throw new Error(`HKDF derivation failed: ${error instanceof Error ? error.message : String(error)}`);\n }\n}\n\n","/*\n Get secure random bytes using WebCrypto API\n * Falls back to Node.js crypto.webcrypto if WebCrypto is not available\n * \n * @param len - Number of bytes to generate\n * @returns Uint8Array of random bytes\n * @throws VolrError if random generation fails\n /\nexport function getRandomBytes(len: number): Uint8Array {\n if (len < 0 \|\| len > 65536) {\n throw new Error(`Invalid length: ${len}`);\n }\n\n const arr = new Uint8Array(len);\n \n // Try WebCrypto first (browser or Node 18+)\n if (typeof crypto !== 'undefined' && crypto.getRandomValues) {\n crypto.getRandomValues(arr);\n return arr;\n }\n\n // Fallback to Node.js crypto.webcrypto\n if (typeof require !== 'undefined') {\n try {\n const nodeCrypto = require('crypto');\n if (nodeCrypto.webcrypto && nodeCrypto.webcrypto.getRandomValues) {\n nodeCrypto.webcrypto.getRandomValues(arr);\n return arr;\n }\n // Fallback to randomBytes for older Node versions\n const randomBytes = nodeCrypto.randomBytes(len);\n arr.set(randomBytes);\n return arr;\n } catch {\n // Ignore\n }\n }\n\n throw new Error('No secure random source available');\n}\n\n","import { ERR_INVALID_PARAM, ERR_CRYPTO_FAIL, ERR_AAD_MISMATCH, ERR_NONCE_SIZE } from '@/core/errors';\nimport { getRandomBytes } from '@/core/crypto/rng';\n\n/\n AES-GCM encryption parameters\n /\nexport type AesGcmParams = {\n /* 32-byte encryption key /\n key: Uint8Array;\n /* 12-byte nonce (optional, will be generated if not provided) /\n nonce?: Uint8Array;\n /* Additional Authenticated Data (optional) /\n aad?: Uint8Array;\n};\n\n/\n Generate a unique 12-byte nonce for AES-GCM\n * \n * Format: [4 bytes timestamp] + [8 bytes random]\n * \n * This hybrid approach provides:\n * 1. Timestamp component: Reduces collision probability across different times\n * 2. Random component: Reduces collision probability at the same time\n * \n * Collision analysis:\n * - With purely random 96-bit nonces: 2^32 encryptions before 50% collision probability\n * - With timestamp + 64-bit random: Collisions require same second + same random (2^64 per second)\n * \n * Note: This is belt-and-suspenders - in practice, master seeds are encrypted\n * only once per enrollment, so collisions are extremely unlikely either way.\n * \n * @returns 12-byte Uint8Array nonce\n /\nexport function generateNonce(): Uint8Array {\n const nonce = new Uint8Array(12);\n \n // First 4 bytes: timestamp (seconds since epoch, big-endian)\n // This gives us ~136 years of unique timestamps\n const timestamp = Math.floor(Date.now() / 1000);\n const view = new DataView(nonce.buffer);\n view.setUint32(0, timestamp, false); // big-endian\n \n // Last 8 bytes: random\n const random = getRandomBytes(8);\n nonce.set(random, 4);\n \n return nonce;\n}\n\n/\n Get WebCrypto SubtleCrypto API\n /\nfunction getSubtleCrypto(): SubtleCrypto {\n if (typeof crypto !== 'undefined' && crypto.subtle) {\n return crypto.subtle;\n }\n\n // Node.js fallback\n if (typeof require !== 'undefined') {\n try {\n const nodeCrypto = require('crypto');\n if (nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle) {\n return nodeCrypto.webcrypto.subtle;\n }\n } catch {\n // Ignore\n }\n }\n\n throw new Error(`${ERR_CRYPTO_FAIL}: WebCrypto API not available`);\n}\n\n/\n AES-256-GCM encryption\n * \n * @param plain - Plaintext to encrypt\n * @param params - Encryption parameters (key, optional nonce, optional AAD)\n * @returns Object containing ciphertext and nonce\n * @throws VolrError if key is not 32 bytes, nonce is not 12 bytes, or encryption fails\n * \n * @example\n * ```ts\n * const key = getRandomBytes(32);\n * const plaintext = new TextEncoder().encode('secret data');\n * const { cipher, nonce } = await aesGcmEncrypt(plaintext, { key });\n * ```\n /\nexport async function aesGcmEncrypt(\n plain: Uint8Array,\n params: AesGcmParams\n): Promise<{ cipher: Uint8Array; nonce: Uint8Array }> {\n const { key, nonce: providedNonce, aad } = params;\n\n if (key.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: key must be 32 bytes, got ${key.length}`);\n }\n\n // Use timestamp + random nonce generation for better collision resistance\n const nonce = providedNonce \|\| generateNonce();\n if (nonce.length !== 12) {\n throw new Error(`${ERR_NONCE_SIZE}: nonce must be 12 bytes, got ${nonce.length}`);\n }\n\n const subtle = getSubtleCrypto();\n\n try {\n const keyMaterial = await subtle.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['encrypt']\n );\n\n const encrypted = await subtle.encrypt(\n {\n name: 'AES-GCM',\n iv: nonce as BufferSource,\n additionalData: aad as BufferSource \| undefined,\n tagLength: 128, // 16 bytes authentication tag\n },\n keyMaterial,\n plain as BufferSource\n );\n\n return {\n cipher: new Uint8Array(encrypted),\n nonce,\n };\n } catch (error) {\n throw new Error(\n `${ERR_CRYPTO_FAIL}: Encryption failed: ${error instanceof Error ? error.message : String(error)}`\n );\n }\n}\n\n/\n AES-256-GCM decryption\n * \n * @param cipher - Ciphertext to decrypt\n * @param params - Decryption parameters (key, nonce, optional AAD)\n * @returns Decrypted plaintext\n * @throws VolrError if decryption fails (wrong key, wrong AAD, corrupted data)\n * \n * @example\n * ```ts\n * const plaintext = await aesGcmDecrypt(cipher, { key, nonce });\n * ```\n /\nexport async function aesGcmDecrypt(\n cipher: Uint8Array,\n params: AesGcmParams & { nonce: Uint8Array }\n): Promise<Uint8Array> {\n const { key, nonce, aad } = params;\n\n if (key.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: key must be 32 bytes, got ${key.length}`);\n }\n\n if (nonce.length !== 12) {\n throw new Error(`${ERR_NONCE_SIZE}: nonce must be 12 bytes, got ${nonce.length}`);\n }\n\n const subtle = getSubtleCrypto();\n\n try {\n const keyMaterial = await subtle.importKey(\n 'raw',\n key as BufferSource,\n { name: 'AES-GCM' },\n false,\n ['decrypt']\n );\n\n const decrypted = await subtle.decrypt(\n {\n name: 'AES-GCM',\n iv: nonce as BufferSource,\n additionalData: aad as BufferSource \| undefined,\n tagLength: 128,\n },\n keyMaterial,\n cipher as BufferSource\n );\n\n return new Uint8Array(decrypted);\n } catch (error) {\n // AAD mismatch or wrong key will throw here\n const message = error instanceof Error ? error.message : String(error);\n if (message.includes('decryption') \|\| message.includes('authentication')) {\n throw new Error(`${ERR_AAD_MISMATCH}: Decryption failed - wrong key or AAD`);\n }\n throw new Error(`${ERR_CRYPTO_FAIL}: Decryption failed: ${message}`);\n }\n}\n\n","/\n Zeroize (overwrite with zeros) a buffer in place\n * This helps prevent sensitive data from remaining in memory\n * \n * @param buf - Uint8Array or ArrayBuffer to zeroize\n /\nexport function zeroize(buf: Uint8Array \| ArrayBuffer): void {\n let view: Uint8Array;\n \n if (buf instanceof ArrayBuffer) {\n view = new Uint8Array(buf);\n } else {\n view = buf;\n }\n\n // Overwrite with zeros\n view.fill(0);\n \n // Try to prevent compiler optimizations\n // eslint-disable-next-line @typescript-eslint/no-unused-expressions\n view.length;\n}\n\n","import { aesGcmEncrypt, aesGcmDecrypt } from '@/core/crypto/aes-gcm';\nimport type { WrapKey, MasterSeed } from './types';\n\n/\n Seal (encrypt) master seed with wrap key\n * \n * @param masterSeed - 32-byte master seed to encrypt\n * @param wrapKey - 32-byte wrap key\n * @param aad - Additional Authenticated Data\n * @returns Object containing ciphertext and nonce\n * \n * @example\n * ```ts\n * const masterSeed = getRandomBytes(32);\n * const wrapKey = deriveWrapKey({ origin, projectId, credentialId });\n * const aad = new TextEncoder().encode('volr/master-seed/v1');\n * const { cipher, nonce } = await sealMasterSeed(masterSeed, wrapKey, aad);\n * ```\n /\nexport async function sealMasterSeed(\n masterSeed: Uint8Array,\n wrapKey: WrapKey,\n aad: Uint8Array\n): Promise<{ cipher: Uint8Array; nonce: Uint8Array }> {\n return aesGcmEncrypt(masterSeed, { key: wrapKey, aad });\n}\n\n/\n Unseal (decrypt) master seed with wrap key\n * \n * @param cipher - Encrypted master seed\n * @param wrapKey - 32-byte wrap key\n * @param aad - Additional Authenticated Data (must match encryption)\n * @param nonce - 12-byte nonce used during encryption\n * @returns Decrypted master seed (32 bytes)\n * @throws Error if decryption fails (wrong key, wrong AAD, corrupted data)\n * \n * @example\n * ```ts\n * const masterSeed = await unsealMasterSeed(cipher, wrapKey, aad, nonce);\n * // Use masterSeed, then zeroize it\n * zeroize(masterSeed);\n * ```\n /\nexport async function unsealMasterSeed(\n cipher: Uint8Array,\n wrapKey: WrapKey,\n aad: Uint8Array,\n nonce: Uint8Array\n): Promise<MasterSeed> {\n const decrypted = await aesGcmDecrypt(cipher, { key: wrapKey, aad, nonce });\n return decrypted as MasterSeed;\n}\n\n","/\n BIP-39 Mnemonic utilities\n \n Provides functions to generate entropy, convert to/from mnemonic strings,\n * and derive seeds for key generation.\n \n Security Note:\n * - Entropy (Uint8Array) can be zeroized after use\n * - Mnemonic strings cannot be zeroized (JavaScript strings are immutable)\n * - Only convert to mnemonic string when absolutely necessary (e.g., export)\n /\n\nimport {\n entropyToMnemonic,\n mnemonicToEntropy,\n mnemonicToSeed,\n validateMnemonic,\n} from '@scure/bip39';\nimport { wordlist } from '@scure/bip39/wordlists/english';\nimport { getRandomBytes } from '@/core/crypto/rng';\nimport type { Entropy, MasterSeed } from './types';\n\n/\n Generate random entropy for BIP-39 mnemonic (256 bits = 24 words)\n \n @returns 32-byte entropy that can be converted to a 24-word mnemonic\n \n @example\n * ```ts\n * const entropy = generateEntropy();\n * const mnemonic = entropyToMnemonicString(entropy);\n * // ... use mnemonic for export\n * zeroize(entropy);\n * ```\n /\nexport function generateEntropy(): Entropy {\n return getRandomBytes(32) as Entropy;\n}\n\n/\n Validate entropy has correct length for 24-word mnemonic\n \n @param entropy - Entropy to validate\n * @returns true if entropy is valid (32 bytes)\n /\nexport function validateEntropy(entropy: Entropy): boolean {\n return entropy instanceof Uint8Array && entropy.length === 32;\n}\n\n/\n Convert entropy to BIP-39 mnemonic string (24 words)\n \n WARNING: Returned string cannot be zeroized. Minimize retention time.\n * Only call this function when the user explicitly requests to export their wallet.\n \n @param entropy - 32-byte entropy\n * @returns 24-word mnemonic phrase (space-separated)\n /\nexport function entropyToMnemonicString(entropy: Entropy): string {\n return entropyToMnemonic(entropy, wordlist);\n}\n\n/\n Convert BIP-39 mnemonic string back to entropy\n \n @param mnemonic - 24-word mnemonic phrase (space-separated)\n * @returns 32-byte entropy\n * @throws Error if mnemonic is invalid\n /\nexport function mnemonicStringToEntropy(mnemonic: string): Entropy {\n if (!validateMnemonic(mnemonic, wordlist)) {\n throw new Error('Invalid mnemonic phrase');\n }\n return mnemonicToEntropy(mnemonic, wordlist) as Entropy;\n}\n\n/\n Derive BIP-39 seed from entropy\n \n This function internally converts entropy to a mnemonic string (temporarily),\n * then uses PBKDF2 to derive the seed. The mnemonic string exists only within\n * this function's scope.\n \n @param entropy - 32-byte entropy\n * @returns 32-byte master seed for BIP-32 key derivation\n /\nexport async function entropyToSeed(entropy: Entropy): Promise<MasterSeed> {\n const mnemonic = entropyToMnemonic(entropy, wordlist);\n const seed = await mnemonicToSeed(mnemonic);\n // Use first 32 bytes as master seed (standard for BIP-32)\n return seed.slice(0, 32) as MasterSeed;\n}\n\n\n\n","import { zeroize } from '@/core/crypto/zeroize';\nimport { unsealMasterSeed } from '@/master-key/encryption';\nimport {\n generateEntropy,\n entropyToMnemonicString,\n entropyToSeed,\n} from '@/master-key/mnemonic';\nimport type { Entropy, MasterSeed, WrapKey } from './types';\n\n/\n Handle to master key material\n * Provides controlled access to entropy and seed, with secure cleanup\n /\nexport type MasterKeyHandle = {\n /* 32-byte entropy for BIP-39 mnemonic generation /\n readonly entropy: Entropy;\n /* 32-byte seed for BIP-32 key derivation /\n readonly seed: MasterSeed;\n /\n Get mnemonic phrase for export (24 words)\n \n WARNING: Returned string cannot be zeroized.\n * Only call this when user explicitly requests wallet export.\n * Minimize retention time of the returned string.\n /\n getMnemonic(): string;\n /* Destroy the handle and zeroize all sensitive data /\n destroy(): void;\n};\n\n/\n Master key provider interface\n * Handles generation and unsealing of master keys\n /\nexport interface MasterKeyProvider {\n /\n Unseal entropy from encrypted blob and derive seed\n \n @param blob - Encrypted blob containing ciphertext, nonce, and AAD\n * @param wrapKey - Wrap key for decryption\n * @returns Handle to unsealed master key\n /\n unsealFromBlob(\n blob: { cipher: Uint8Array; nonce: Uint8Array; aad: Uint8Array },\n wrapKey: WrapKey\n ): Promise<MasterKeyHandle>;\n\n /\n Generate a new master key (entropy + derived seed)\n \n @returns Handle to newly generated master key\n /\n generate(): Promise<MasterKeyHandle>;\n}\n\n/\n Create a master key handle from entropy\n /\nasync function createHandle(entropy: Entropy): Promise<MasterKeyHandle> {\n const seed = await entropyToSeed(entropy);\n\n return {\n entropy,\n seed,\n getMnemonic() {\n return entropyToMnemonicString(entropy);\n },\n destroy() {\n zeroize(entropy);\n zeroize(seed);\n },\n };\n}\n\n/\n Create a master key provider instance\n \n @returns MasterKeyProvider instance\n \n @example\n * ```ts\n * const provider = createMasterKeyProvider();\n * const handle = await provider.generate();\n \n // Use handle.seed for key derivation\n * const keypair = deriveEvmKey({ masterSeed: handle.seed });\n \n // Export mnemonic when user requests (only for backup/migration)\n * const mnemonic = handle.getMnemonic();\n \n // Cleanup\n * handle.destroy();\n * ```\n /\nexport function createMasterKeyProvider(): MasterKeyProvider {\n return {\n async unsealFromBlob(blob, wrapKey) {\n // unsealMasterSeed returns Uint8Array (typed as MasterSeed for legacy reasons)\n // In the new architecture, we store entropy, so cast through unknown\n const entropy = (await unsealMasterSeed(\n blob.cipher,\n wrapKey,\n blob.aad,\n blob.nonce\n )) as unknown as Entropy;\n\n return createHandle(entropy);\n },\n\n async generate() {\n const entropy = generateEntropy();\n return createHandle(entropy);\n },\n };\n}\n","import { hkdfSha256 } from '@/core/crypto/hkdf';\nimport { sha256 } from '@noble/hashes/sha256';\nimport type { WrapKey } from '../types';\n\n/\n PRF input parameters for wrap key derivation\n * \n * Note: origin is NOT included in PrfInput because:\n * - Different domains should be able to share the same wallet\n * - WebAuthn rpId binding already provides domain security\n * - Including origin would prevent cross-domain wallet usage\n /\nexport type PrfInput = {\n /* Project ID /\n projectId: string;\n /* Credential ID from WebAuthn /\n credentialId: string;\n /* Optional salt (defaults to SHA256 of projectId) /\n salt?: Uint8Array;\n};\n\n/\n Derive wrap key from PRF inputs using HKDF\n * \n * Salt derivation uses only projectId to enable cross-domain wallet sharing.\n * WebAuthn's rpId binding already provides domain-level security.\n * \n * Note: credentialId is NOT included in salt derivation because:\n * - During enrollment, actual credentialId is not known until after credential creation\n * - Using credentialId would create different salts for enrollment vs authentication\n * - This would cause PRF to return different outputs, breaking decryption\n * \n * This function maps PRF output (from WebAuthn) to a 32-byte wrap key.\n * In the real implementation, the PRF output would come from WebAuthn PRF API.\n * For now, we simulate it by using SHA256 of the inputs.\n * \n * @param input - PRF input parameters\n * @returns 32-byte wrap key\n * \n * @example\n * ```ts\n * const wrapKey = deriveWrapKey({\n * projectId: 'project-123',\n * credentialId: 'cred-456' // stored for authentication, but not used in salt derivation\n * });\n * ```\n /\nexport function deriveWrapKey(input: PrfInput): WrapKey {\n const { projectId, salt } = input;\n\n // PRF input domain: projectId only (origin excluded for cross-domain support)\n // WebAuthn rpId binding already provides domain security\n const prfInputBytes = new TextEncoder().encode(`volr\|${projectId}`);\n const prfOutput = sha256(prfInputBytes);\n\n // Default salt: SHA256 of projectId (no origin)\n const defaultSalt = salt \|\| sha256(\n new TextEncoder().encode(`volr/salt\|${projectId}`)\n );\n\n // HKDF info format: \"volr/wrap-key/v1\|projectId\"\n const info = `volr/wrap-key/v1\|${projectId}`;\n\n // Derive 32-byte wrap key\n const wrapKey = hkdfSha256(prfOutput, defaultSalt, info, 32);\n\n return wrapKey as WrapKey;\n}\n","import { HDKey } from '@scure/bip32';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { keccak_256 } from '@noble/hashes/sha3';\n\n/\n Default BIP-32 derivation path for Ethereum\n * m / purpose' / coin_type' / account' / change / address_index\n * 60' = Ethereum coin type\n /\nexport const DEFAULT_EVM_PATH = \"m/60'/0'/0'/0/0\";\n\n/\n Arguments for EVM key derivation\n /\nexport type DeriveArgs = {\n /* Master seed (32 bytes recommended) /\n masterSeed: Uint8Array;\n /* BIP-32 derivation path (default: m/60'/0'/0'/0/0) /\n path?: string;\n};\n\n/\n EVM keypair derived from master seed\n /\nexport type EvmKeypair = {\n /* 32-byte private key /\n privateKey: Uint8Array;\n /* 65-byte uncompressed public key (0x04 prefix) /\n publicKey: Uint8Array;\n /* 20-byte EOA address (checksummed) /\n address: `0x${string}`;\n /* Derivation path used /\n path: string;\n};\n\n/\n Derive EVM keypair from master seed using BIP-32\n * \n * @param args - Derivation arguments\n * @returns EVM keypair with private key, public key, and address\n * \n * @example\n * ```ts\n * const masterSeed = getRandomBytes(32);\n * const keypair = deriveEvmKey({ masterSeed });\n * // Use keypair.privateKey for signing\n * // Use keypair.address as EOA address\n * ```\n /\nexport function deriveEvmKey(args: DeriveArgs): EvmKeypair {\n const { masterSeed, path = DEFAULT_EVM_PATH } = args;\n\n // Create HD key from master seed\n const hdKey = HDKey.fromMasterSeed(masterSeed);\n\n // Derive key at specified path\n const derived = hdKey.derive(path);\n\n if (!derived.privateKey) {\n throw new Error('Failed to derive private key');\n }\n\n // Get private key (32 bytes)\n const privateKey = new Uint8Array(derived.privateKey);\n\n // Get public key (uncompressed, 65 bytes with 0x04 prefix)\n const publicKey = derived.publicKey;\n if (!publicKey \|\| publicKey.length !== 33) {\n throw new Error('Invalid public key length');\n }\n\n // Convert compressed public key to uncompressed\n const pubKeyPoint = secp256k1.ProjectivePoint.fromHex(publicKey);\n const uncompressedPubKey = pubKeyPoint.toRawBytes(false); // Returns 65 bytes with 0x04 prefix\n\n // Derive EOA address: keccak256(publicKey without prefix)[12:]\n const pubKeyWithoutPrefix = uncompressedPubKey.slice(1); // Remove 0x04 prefix\n const hash = keccak_256(pubKeyWithoutPrefix);\n const addressBytes = hash.slice(12); // Last 20 bytes\n const address = ('0x' + Array.from(addressBytes)\n .map(b => b.toString(16).padStart(2, '0'))\n .join('')) as `0x${string}`;\n\n return {\n privateKey,\n publicKey: uncompressedPubKey,\n address,\n path,\n };\n}\n\n","import { keccak_256 } from '@noble/hashes/sha3';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n Convert Ethereum address to EIP-55 checksum format\n * \n * EIP-55: Mixed-case checksum address encoding\n * https://eips.ethereum.org/EIPS/eip-55\n * \n * @param addr - Lowercase Ethereum address (0x prefix required)\n * @returns Checksummed address\n * @throws Error if address is invalid (wrong length, non-hex, missing 0x prefix)\n * \n * @example\n * ```ts\n * const checksummed = toChecksumAddress('0x742d35cc6634c0532925a3b844bc9e7595f0bebd');\n * // Returns: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEbD'\n * ```\n /\nexport function toChecksumAddress(addr: `0x${string}`): `0x${string}` {\n if (!addr.startsWith('0x')) {\n throw new Error(`${ERR_INVALID_PARAM}: Address must start with 0x`);\n }\n\n const address = addr.slice(2).toLowerCase();\n\n if (address.length !== 40) {\n throw new Error(`${ERR_INVALID_PARAM}: Address must be 40 hex characters (20 bytes)`);\n }\n\n // Validate hex characters\n if (!/^[0-9a-f]{40}$/.test(address)) {\n throw new Error(`${ERR_INVALID_PARAM}: Address contains invalid hex characters`);\n }\n\n // Compute keccak256 hash of lowercase address (as bytes)\n const addressBytes = new TextEncoder().encode(address);\n const hash = keccak_256(addressBytes);\n\n // Build checksummed address\n let checksummed = '0x';\n for (let i = 0; i < address.length; i++) {\n const char = address[i];\n const hashByte = Math.floor(i / 2);\n const hashNibble = i % 2 === 0 ? (hash[hashByte] >> 4) : (hash[hashByte] & 0x0f);\n\n // If hash nibble >= 8, uppercase the character\n checksummed += hashNibble >= 8 ? char.toUpperCase() : char;\n }\n\n return checksummed as `0x${string}`;\n}\n\n","import { secp256k1 } from '@noble/curves/secp256k1';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n EVM signature structure\n /\nexport type Sig = {\n /* 32-byte r value /\n r: Uint8Array;\n /* 32-byte s value (low-S canonicalized) /\n s: Uint8Array;\n /* y-parity (0 or 1) /\n yParity: 0 \| 1;\n};\n\n/\n Sign a message hash with secp256k1 private key\n * \n * Produces deterministic, low-S canonicalized signatures compatible with EVM.\n * \n * @param privKey - 32-byte private key\n * @param msgHash32 - 32-byte message hash\n * @returns Signature with r, s, and yParity\n * @throws Error if private key or message hash is invalid\n * \n * @example\n * ```ts\n * const privateKey = getRandomBytes(32);\n * const msgHash = sha256(new TextEncoder().encode('Hello'));\n * const sig = evmSign(privateKey, msgHash);\n * // Use sig.r, sig.s, sig.yParity for transaction signing\n * ```\n /\nexport function evmSign(privKey: Uint8Array, msgHash32: Uint8Array): Sig {\n if (privKey.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Private key must be 32 bytes, got ${privKey.length}`);\n }\n\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n // Sign with deterministic nonce (RFC 6979)\n const signature = secp256k1.sign(msgHash32, privKey, {\n lowS: true, // Enforce low-S canonicalization\n });\n\n // Extract r and s (both 32 bytes)\n const r = signature.r;\n const s = signature.s;\n\n // Convert r and s to Uint8Array\n const rBytes = new Uint8Array(32);\n const sBytes = new Uint8Array(32);\n\n // Convert bigint to bytes (big-endian)\n const rHex = r.toString(16).padStart(64, '0');\n const sHex = s.toString(16).padStart(64, '0');\n\n for (let i = 0; i < 32; i++) {\n rBytes[i] = parseInt(rHex.slice(i 2, i * 2 + 2), 16);\n sBytes[i] = parseInt(sHex.slice(i * 2, i * 2 + 2), 16);\n }\n\n // yParity: recovery ID (0 or 1 for EVM)\n // secp256k1.recoverPublicKey uses recovery ID 0-3, but EVM uses yParity 0-1\n // recovery ID % 2 gives us yParity\n const yParity = (signature.recovery % 2) as 0 \| 1;\n\n return {\n r: rBytes,\n s: sBytes,\n yParity,\n };\n}\n\n/*\n Verify a signature against a public key and message hash\n * \n * @param pubKey - 65-byte uncompressed public key (0x04 prefix)\n * @param msgHash32 - 32-byte message hash\n * @param sig - Signature to verify\n * @returns true if signature is valid, false otherwise\n * @throws Error if public key or message hash is invalid\n * \n * @example\n * ```ts\n * const isValid = evmVerify(publicKey, msgHash, sig);\n * if (isValid) {\n * console.log('Signature is valid');\n * }\n * ```\n /\nexport function evmVerify(\n pubKey: Uint8Array,\n msgHash32: Uint8Array,\n sig: Sig\n): boolean {\n if (pubKey.length !== 65 \|\| pubKey[0] !== 0x04) {\n throw new Error(`${ERR_INVALID_PARAM}: Public key must be 65 bytes uncompressed (0x04 prefix)`);\n }\n\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n if (sig.r.length !== 32 \|\| sig.s.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Signature r and s must be 32 bytes each`);\n }\n\n // Convert s bytes to bigint for low-S check\n const sBigInt = BigInt('0x' + Array.from(sig.s)\n .map(b => b.toString(16).padStart(2, '0'))\n .join(''));\n\n // Verify s is low-S\n const n = secp256k1.CURVE.n;\n const nHalf = n / 2n;\n if (sBigInt > nHalf) {\n return false;\n }\n\n // Use secp256k1.verify for signature verification\n // Convert public key from uncompressed (65 bytes) to compressed (33 bytes) for verification\n // pubKey.slice(1) gives us 64 bytes (x, y coordinates)\n // We need to create a point from x and y, then get compressed format\n const x = pubKey.slice(1, 33); // First 32 bytes (x coordinate)\n const y = pubKey.slice(33, 65); // Next 32 bytes (y coordinate)\n const pubKeyPoint = secp256k1.ProjectivePoint.fromAffine({\n x: BigInt('0x' + Array.from(x).map(b => b.toString(16).padStart(2, '0')).join('')),\n y: BigInt('0x' + Array.from(y).map(b => b.toString(16).padStart(2, '0')).join(''))\n });\n const compressedPubKey = pubKeyPoint.toRawBytes(true); // Compressed format\n\n // Verify signature\n // secp256k1.verify expects (signature, msgHash, publicKey)\n // Use compact bytes format for signature\n try {\n const compactSig = new Uint8Array([...sig.r, ...sig.s]);\n return secp256k1.verify(compactSig, msgHash32, compressedPubKey);\n } catch {\n return false;\n }\n}\n\n","import { secp256k1 } from '@noble/curves/secp256k1';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\nimport type { SignerPort } from '@/wallet/types';\nimport { TypedDataEncoder } from 'ethers';\n\n/\n EVM signature structure\n /\nexport type Sig = {\n /* 32-byte r value /\n r: Uint8Array;\n /* 32-byte s value (low-S canonicalized) /\n s: Uint8Array;\n /* y-parity (0 or 1) /\n yParity: 0 \| 1;\n};\n\n/\n Secp256k1 software signer implementation\n * Uses existing master-key → BIP-32 → secp256k1 derivation path\n * \n * @example\n * ```ts\n * const privateKey = getRandomBytes(32);\n * const signer = new Secp256k1SoftwareSigner(privateKey);\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport class Secp256k1SoftwareSigner implements SignerPort {\n constructor(private privateKey: Uint8Array) {\n if (privateKey.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Private key must be 32 bytes, got ${privateKey.length}`);\n }\n\n // Check if key is zero\n if (privateKey.every(b => b === 0)) {\n throw new Error(`${ERR_INVALID_PARAM}: Private key cannot be zero`);\n }\n }\n\n /\n Get uncompressed public key (65 bytes)\n * \n * @returns Uncompressed public key with 0x04 prefix\n /\n async getPublicKey(): Promise<Uint8Array> {\n const pubKeyPoint = secp256k1.getPublicKey(this.privateKey, false);\n const pubKey = new Uint8Array(65);\n pubKey[0] = 0x04;\n pubKey.set(pubKeyPoint.slice(1), 1);\n return pubKey;\n }\n\n /\n Sign message hash with deterministic, low-S canonicalization\n * \n * @param msgHash32 - 32-byte message hash\n * @returns Signature with r, s, and yParity\n * @throws Error if message hash is invalid\n /\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n // Sign with deterministic nonce (RFC 6979)\n const signature = secp256k1.sign(msgHash32, this.privateKey, {\n lowS: true, // Enforce low-S canonicalization\n });\n\n // Extract r and s (both 32 bytes)\n const r = signature.r;\n const s = signature.s;\n\n // Convert r and s to Uint8Array\n const rBytes = new Uint8Array(32);\n const sBytes = new Uint8Array(32);\n\n // Convert bigint to bytes (big-endian)\n const rHex = r.toString(16).padStart(64, '0');\n const sHex = s.toString(16).padStart(64, '0');\n\n for (let i = 0; i < 32; i++) {\n rBytes[i] = parseInt(rHex.slice(i 2, i * 2 + 2), 16);\n sBytes[i] = parseInt(sHex.slice(i * 2, i * 2 + 2), 16);\n }\n\n // yParity: recovery ID (0 or 1 for EVM)\n const yParity = (signature.recovery % 2) as 0 \| 1;\n\n return {\n r: rBytes,\n s: sBytes,\n yParity,\n };\n }\n\n /*\n Sign raw hash without EIP-191 prefix (for EIP-7702)\n * \n * @param digest - 32-byte digest to sign\n * @returns Signature with r, s, and yParity\n * @throws Error if digest is invalid\n /\n async signRawHash(digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // For secp256k1, signMessage already does raw signing (no prefix)\n // So we can reuse the same logic\n return this.signMessage(digest);\n }\n\n /\n Sign EIP-712 typed data\n /\n async signTyped(data: {\n domain: any;\n types: any;\n primaryType: string;\n message: any;\n }): Promise<`0x${string}`> {\n const hash = TypedDataEncoder.hash(data.domain, data.types, data.message);\n // Convert hex hash to Uint8Array\n const msgHash = new Uint8Array(Buffer.from(hash.slice(2), 'hex'));\n const sig = await this.signMessage(msgHash);\n \n // Return signature as 0x-hex string (r + s + v)\n // v = yParity + 27\n const rHex = Buffer.from(sig.r).toString('hex');\n const sHex = Buffer.from(sig.s).toString('hex');\n const v = (sig.yParity + 27).toString(16).padStart(2, '0');\n \n return `0x${rHex}${sHex}${v}` as `0x${string}`;\n }\n}\n\n/\n Verify a secp256k1 signature against a public key and message hash\n * \n * @param pubKeyUncompressed - 65-byte uncompressed public key (0x04 prefix)\n * @param msgHash32 - 32-byte message hash\n * @param sig - Signature to verify\n * @returns true if signature is valid, false otherwise\n * @throws Error if public key or message hash is invalid\n * \n * @example\n * ```ts\n * const isValid = evmVerify(publicKey, msgHash, sig);\n * if (isValid) {\n * console.log('Signature is valid');\n * }\n * ```\n /\nexport function evmVerify(\n pubKeyUncompressed: Uint8Array,\n msgHash32: Uint8Array,\n sig: Sig\n): boolean {\n if (pubKeyUncompressed.length !== 65 \|\| pubKeyUncompressed[0] !== 0x04) {\n throw new Error(`${ERR_INVALID_PARAM}: Public key must be 65 bytes uncompressed (0x04 prefix)`);\n }\n\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n if (sig.r.length !== 32 \|\| sig.s.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Signature r and s must be 32 bytes each`);\n }\n\n // Convert s bytes to bigint for low-S check\n const sBigInt = BigInt('0x' + Array.from(sig.s)\n .map(b => b.toString(16).padStart(2, '0'))\n .join(''));\n\n // Verify s is low-S\n const n = secp256k1.CURVE.n;\n const nHalf = n / 2n;\n if (sBigInt > nHalf) {\n return false;\n }\n\n // Convert public key from uncompressed (65 bytes) to compressed (33 bytes) for verification\n const x = pubKeyUncompressed.slice(1, 33); // First 32 bytes (x coordinate)\n const y = pubKeyUncompressed.slice(33, 65); // Next 32 bytes (y coordinate)\n const pubKeyPoint = secp256k1.ProjectivePoint.fromAffine({\n x: BigInt('0x' + Array.from(x).map(b => b.toString(16).padStart(2, '0')).join('')),\n y: BigInt('0x' + Array.from(y).map(b => b.toString(16).padStart(2, '0')).join(''))\n });\n const compressedPubKey = pubKeyPoint.toRawBytes(true); // Compressed format\n\n // Verify signature\n // secp256k1.verify expects (signature, msgHash, publicKey)\n // Use compact bytes format for signature\n try {\n const compactSig = new Uint8Array([...sig.r, ...sig.s]);\n return secp256k1.verify(compactSig, msgHash32, compressedPubKey);\n } catch {\n return false;\n }\n}\n","import { ERR_INVALID_PARAM } from '@/core/errors';\nimport type { SignerPort, PasskeyProviderPort } from '@/wallet/types';\nimport { TypedDataEncoder } from 'ethers';\n\n/\n Passkey P-256 signer implementation\n * Uses device TEE/passkey for signing (P-256 curve)\n * \n * @example\n * ```ts\n * const passkeyProvider = createPasskeyProvider();\n * const signer = new PasskeyP256Signer(passkeyProvider);\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport class PasskeyP256Signer implements SignerPort {\n constructor(private provider: PasskeyProviderPort) {}\n\n /\n Get uncompressed P-256 public key (65 bytes)\n * \n * @returns Uncompressed public key with 0x04 prefix\n /\n async getPublicKey(): Promise<Uint8Array> {\n const { x, y } = await this.provider.getPublicKey();\n\n if (x.length !== 32 \|\| y.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Public key coordinates must be 32 bytes each`);\n }\n\n // Return uncompressed format: 0x04 \|\| x \|\| y\n const pubKey = new Uint8Array(65);\n pubKey[0] = 0x04;\n pubKey.set(x, 1);\n pubKey.set(y, 33);\n\n return pubKey;\n }\n\n /\n Sign message hash using P-256 passkey\n * \n * @param msgHash32 - 32-byte message hash\n * @returns Signature with r, s, and yParity\n * @throws Error if message hash is invalid\n /\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n if (msgHash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${msgHash32.length}`);\n }\n\n // Get signature from provider\n const { r, s } = await this.provider.signP256(msgHash32);\n\n if (r.length !== 32 \|\| s.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Signature r and s must be 32 bytes each`);\n }\n\n // Get public key to compute yParity\n const { y } = await this.provider.getPublicKey();\n \n // yParity is the LSB of the y coordinate\n const yParity = (y[y.length - 1] & 1) as 0 \| 1;\n\n return {\n r,\n s,\n yParity,\n };\n }\n\n /\n Sign raw hash without EIP-191 prefix (for EIP-7702)\n * \n * @param _digest - 32-byte digest to sign\n * @returns Signature with r, s, and yParity\n * @throws Error - P-256 cannot be used for EIP-7702\n /\n async signRawHash(_digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // P-256 passkey cannot be used for EIP-7702 (secp256k1 only)\n throw new Error('EIP-7702 authorization requires secp256k1, not P-256. Use Secp256k1SoftwareSigner for EIP-7702.');\n }\n\n /\n Sign EIP-712 typed data\n /\n async signTyped(data: {\n domain: any;\n types: any;\n primaryType: string;\n message: any;\n }): Promise<`0x${string}`> {\n const hash = TypedDataEncoder.hash(data.domain, data.types, data.message);\n // Convert hex hash to Uint8Array\n const msgHash = new Uint8Array(Buffer.from(hash.slice(2), 'hex'));\n const sig = await this.signMessage(msgHash);\n \n // Return signature as 0x-hex string (r + s + v)\n // For P-256 on EVM (via 7212), v is usually not 27/28 but just 0/1 or specific format\n // BUT, wait, if we are using Passkeys for EIP-712, are we verifying on-chain with P-256?\n // The user said \"we derive secp256k1 keys from Passkeys\", but `PasskeyP256Signer` uses `provider.signP256`.\n // If we are using derived secp256k1, we should use `Secp256k1SoftwareSigner`.\n // If this class exists, it implies direct P-256 usage.\n // Assuming this is for P-256 verification (EIP-7212) which we removed?\n // Ah, the user said \"remove all 7212 related code\". \n // If `PasskeyP256Signer` is for direct P-256 signing, it might be dead code if we only use derived keys.\n // However, implementing `signTyped` satisfies the interface for now.\n \n const rHex = Buffer.from(sig.r).toString('hex');\n const sHex = Buffer.from(sig.s).toString('hex');\n const v = sig.yParity.toString(16).padStart(2, '0'); // or 27/28 if mimicing\n \n return `0x${rHex}${sHex}${v}` as `0x${string}`;\n }\n}\n","/\n EIP-1193 Provider Error Codes\n * https://eips.ethereum.org/EIPS/eip-1193#provider-errors\n /\nexport enum EIP1193ErrorCode {\n USER_REJECTED = 4001,\n UNAUTHORIZED = 4100,\n UNSUPPORTED_METHOD = 4200,\n DISCONNECTED = 4900,\n CHAIN_DISCONNECTED = 4901,\n UNRECOGNIZED_CHAIN = 4902,\n RESOURCE_UNAVAILABLE = -32002,\n RESOURCE_NOT_FOUND = -32001,\n INVALID_INPUT = -32000,\n INTERNAL_ERROR = -32603,\n INVALID_REQUEST = -32600,\n METHOD_NOT_FOUND = -32601,\n INVALID_PARAMS = -32602,\n PARSE_ERROR = -32700,\n}\n\n/\n Normalized wallet error types\n /\nexport class WalletError extends Error {\n constructor(\n message: string,\n public readonly code: EIP1193ErrorCode \| number,\n public readonly originalError?: unknown\n ) {\n super(message);\n this.name = 'WalletError';\n }\n}\n\nexport class UserRejectedError extends WalletError {\n constructor(message = 'User rejected the request', originalError?: unknown) {\n super(message, EIP1193ErrorCode.USER_REJECTED, originalError);\n this.name = 'UserRejectedError';\n }\n}\n\nexport class UnauthorizedError extends WalletError {\n constructor(message = 'Unauthorized to perform this action', originalError?: unknown) {\n super(message, EIP1193ErrorCode.UNAUTHORIZED, originalError);\n this.name = 'UnauthorizedError';\n }\n}\n\nexport class UnsupportedMethodError extends WalletError {\n constructor(message = 'Method not supported by wallet', originalError?: unknown) {\n super(message, EIP1193ErrorCode.UNSUPPORTED_METHOD, originalError);\n this.name = 'UnsupportedMethodError';\n }\n}\n\nexport class WrongNetworkError extends WalletError {\n constructor(\n message = 'Wrong network',\n public readonly expectedChainId?: number,\n public readonly actualChainId?: number,\n originalError?: unknown\n ) {\n super(message, EIP1193ErrorCode.UNRECOGNIZED_CHAIN, originalError);\n this.name = 'WrongNetworkError';\n }\n}\n\nexport class ChainNotAddedError extends WalletError {\n constructor(message = 'Chain not added to wallet', originalError?: unknown) {\n super(message, EIP1193ErrorCode.UNRECOGNIZED_CHAIN, originalError);\n this.name = 'ChainNotAddedError';\n }\n}\n\nexport class RequestPendingError extends WalletError {\n constructor(message = 'Request already pending in wallet', originalError?: unknown) {\n super(message, EIP1193ErrorCode.RESOURCE_UNAVAILABLE, originalError);\n this.name = 'RequestPendingError';\n }\n}\n\n/\n Normalize EIP-1193 provider errors to typed error classes\n /\nexport function normalizeWalletError(error: unknown): WalletError {\n if (error instanceof WalletError) {\n return error;\n }\n\n // Handle EIP-1193 provider errors\n if (typeof error === 'object' && error !== null) {\n const err = error as any;\n const code = err.code;\n const message = err.message \|\| 'Unknown wallet error';\n\n switch (code) {\n case EIP1193ErrorCode.USER_REJECTED:\n return new UserRejectedError(message, error);\n\n case EIP1193ErrorCode.UNAUTHORIZED:\n return new UnauthorizedError(message, error);\n\n case EIP1193ErrorCode.UNSUPPORTED_METHOD:\n return new UnsupportedMethodError(message, error);\n\n case EIP1193ErrorCode.UNRECOGNIZED_CHAIN:\n return new ChainNotAddedError(message, error);\n\n case EIP1193ErrorCode.RESOURCE_UNAVAILABLE:\n return new RequestPendingError(message, error);\n\n default:\n return new WalletError(message, code \|\| -1, error);\n }\n }\n\n // Fallback for non-standard errors\n const message = error instanceof Error ? error.message : String(error);\n return new WalletError(message, -1, error);\n}\n\n\n","import type { SignerPort } from '../types';\nimport { normalizeWalletError, WrongNetworkError } from './external-wallet-errors';\n\n/\n EIP-1193 Provider interface\n * https://eips.ethereum.org/EIPS/eip-1193\n /\nexport interface EIP1193Provider {\n request(args: { method: string; params?: unknown[] \| object }): Promise<unknown>;\n on?(event: string, listener: (...args: any[]) => void): void;\n removeListener?(event: string, listener: (...args: any[]) => void): void;\n}\n\n/\n External Wallet Signer\n * \n * Uses an external wallet (MetaMask, WalletConnect, etc.) via EIP-1193 provider\n * for signing operations. This signer performs network validation before each\n * signing operation to prevent cross-chain replay attacks.\n * \n * Security features:\n * - Network validation before signing\n * - Error normalization for consistent error handling\n * - Support for EIP-712 typed data signing\n * \n * @example\n * ```ts\n * const provider = window.ethereum;\n * const signer = new ExternalWalletSigner(provider, 1, '0xAbC...');\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport class ExternalWalletSigner implements SignerPort {\n constructor(\n private readonly provider: EIP1193Provider,\n private readonly expectedChainId: number,\n private readonly address: string\n ) {}\n\n /\n Verify that the wallet is on the correct network\n * @throws WrongNetworkError if network mismatch\n /\n private async verifyNetwork(): Promise<void> {\n try {\n const chainIdHex = await this.provider.request({\n method: 'eth_chainId',\n }) as string;\n\n const actualChainId = parseInt(chainIdHex, 16);\n\n if (actualChainId !== this.expectedChainId) {\n throw new WrongNetworkError(\n `Wrong network. Expected: ${this.expectedChainId}, Got: ${actualChainId}`,\n this.expectedChainId,\n actualChainId\n );\n }\n } catch (error) {\n if (error instanceof WrongNetworkError) {\n throw error;\n }\n throw normalizeWalletError(error);\n }\n }\n\n /\n Get the wallet address\n /\n async getAddress(): Promise<`0x${string}`> {\n return this.address as `0x${string}`;\n }\n\n /\n Get public key - not directly supported by EIP-1193\n * Returns a placeholder as external wallets don't expose raw public keys\n * \n * For external wallets, we rely on address-based verification instead\n /\n async getPublicKey(): Promise<Uint8Array> {\n // External wallets don't expose public keys directly\n // Return empty array as placeholder\n // The actual verification will be done via address recovery\n return new Uint8Array(65);\n }\n\n /\n Sign a message hash using personal_sign\n * \n * Note: personal_sign automatically adds EIP-191 prefix\n * \n * @param msgHash32 - 32-byte message hash\n * @returns Signature components (r, s, yParity)\n /\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n try {\n // Verify network before signing\n await this.verifyNetwork();\n\n // Convert to hex string\n const msgHashHex = '0x' + Array.from(msgHash32)\n .map(b => b.toString(16).padStart(2, '0'))\n .join('');\n\n // Use personal_sign (adds EIP-191 prefix automatically)\n const signature = await this.provider.request({\n method: 'personal_sign',\n params: [msgHashHex, this.address],\n }) as string;\n\n // Parse signature (65 bytes: r(32) + s(32) + v(1))\n const sig = signature.startsWith('0x') ? signature.slice(2) : signature;\n \n if (sig.length !== 130) {\n throw new Error(`Invalid signature length: ${sig.length}`);\n }\n\n const r = new Uint8Array(32);\n const s = new Uint8Array(32);\n \n for (let i = 0; i < 32; i++) {\n r[i] = parseInt(sig.slice(i 2, i * 2 + 2), 16);\n s[i] = parseInt(sig.slice(64 + i * 2, 64 + i * 2 + 2), 16);\n }\n\n const v = parseInt(sig.slice(128, 130), 16);\n const yParity = v === 27 ? 0 : 1;\n\n return { r, s, yParity: yParity as 0 \| 1 };\n } catch (error) {\n throw normalizeWalletError(error);\n }\n }\n\n /*\n Sign raw hash for EIP-7702 authorization\n * \n * External wallets don't support raw hash signing directly (eth_sign is deprecated/disabled).\n * Instead, we use personal_sign which adds EIP-191 prefix, then we need to account for this\n * when verifying the signature on-chain.\n * \n * ⚠️ IMPORTANT: This creates a signature over the EIP-191 prefixed message, NOT the raw digest.\n * The backend/contract must verify accordingly.\n * \n * Alternative approach: Use EIP-712 typed data for authorization (more wallet-friendly)\n * \n * @param digest - 32-byte digest to sign\n * @returns Signature components (r, s, yParity)\n * @throws WalletError if signing fails\n /\n async signRawHash(digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n try {\n // Verify network before signing\n await this.verifyNetwork();\n\n // Convert to hex string\n const digestHex = '0x' + Array.from(digest)\n .map(b => b.toString(16).padStart(2, '0'))\n .join('');\n\n // Try eth_sign first (raw signature, no prefix)\n // This is the correct method for EIP-7702 but many wallets disable it\n let signature: string;\n try {\n signature = await this.provider.request({\n method: 'eth_sign',\n params: [this.address, digestHex],\n }) as string;\n } catch (ethSignError: any) {\n // If eth_sign is not supported (-32004 or 4200), provide helpful error\n if (ethSignError?.code === -32004 \|\| ethSignError?.code === 4200) {\n throw new Error(\n 'eth_sign is required for EIP-7702 authorization but is disabled in your wallet. \\n\\n' +\n 'To enable eth_sign in MetaMask:\\n' +\n '1. Go to Settings → Advanced\\n' +\n '2. Enable \"Eth_sign requests\"\\n\\n' +\n 'Note: eth_sign can be dangerous if used carelessly. Only enable it for trusted dApps.\\n\\n' +\n 'Original error: ' + (ethSignError?.message \|\| 'eth_sign not supported')\n );\n } else {\n throw ethSignError;\n }\n }\n\n // Parse signature (65 bytes: r(32) + s(32) + v(1))\n const sig = signature.startsWith('0x') ? signature.slice(2) : signature;\n \n if (sig.length !== 130) {\n throw new Error(`Invalid signature length: ${sig.length}`);\n }\n\n const r = new Uint8Array(32);\n const s = new Uint8Array(32);\n \n for (let i = 0; i < 32; i++) {\n r[i] = parseInt(sig.slice(i 2, i * 2 + 2), 16);\n s[i] = parseInt(sig.slice(64 + i * 2, 64 + i * 2 + 2), 16);\n }\n\n const v = parseInt(sig.slice(128, 130), 16);\n // Handle both v=27/28 and v=0/1 formats\n const yParity = (v === 27 \|\| v === 0) ? 0 : 1;\n\n return { r, s, yParity: yParity as 0 \| 1 };\n } catch (error) {\n throw normalizeWalletError(error);\n }\n }\n\n /*\n Sign typed data (EIP-712)\n * \n * @param typed - Typed data structure with domain, types, and message\n * @returns Signature hex string\n /\n async signTyped(typed: unknown): Promise<`0x${string}`> {\n try {\n // Verify network before signing\n await this.verifyNetwork();\n\n if (typeof typed !== 'object' \|\| typed === null) {\n throw new Error('Invalid typed data: must be an object');\n }\n\n const input = typed as { domain: any; types: any; message: any };\n\n // Validate required fields\n if (!input.domain \|\| !input.types \|\| !input.message) {\n throw new Error('Invalid typed data: missing domain, types, or message');\n }\n\n // Use eth_signTypedData_v4 (most widely supported)\n const signature = await this.provider.request({\n method: 'eth_signTypedData_v4',\n params: [this.address, JSON.stringify(input)],\n }) as string;\n\n return signature as `0x${string}`;\n } catch (error) {\n throw normalizeWalletError(error);\n }\n }\n\n /\n Switch to the expected network\n * \n * @returns true if switch successful, false if user rejected\n * @throws Error if switch fails for other reasons\n /\n async switchNetwork(): Promise<boolean> {\n try {\n const chainIdHex = '0x' + this.expectedChainId.toString(16);\n\n await this.provider.request({\n method: 'wallet_switchEthereumChain',\n params: [{ chainId: chainIdHex }],\n });\n\n return true;\n } catch (error) {\n const normalized = normalizeWalletError(error);\n \n // If chain not added (4902), we can't auto-add without chain config\n // Caller should handle this by calling addNetwork with full config\n if (normalized.code === 4902) {\n return false;\n }\n\n // User rejected\n if (normalized.code === 4001) {\n return false;\n }\n\n throw normalized;\n }\n }\n\n /\n Add a new network to the wallet\n * \n * @param chainConfig - Network configuration\n * @returns true if add successful, false if user rejected\n /\n async addNetwork(chainConfig: {\n chainId: string;\n chainName: string;\n nativeCurrency: {\n name: string;\n symbol: string;\n decimals: number;\n };\n rpcUrls: string[];\n blockExplorerUrls?: string[];\n }): Promise<boolean> {\n try {\n await this.provider.request({\n method: 'wallet_addEthereumChain',\n params: [chainConfig],\n });\n\n return true;\n } catch (error) {\n const normalized = normalizeWalletError(error);\n\n // User rejected\n if (normalized.code === 4001) {\n return false;\n }\n\n throw normalized;\n }\n }\n}\n\n\n","/\n Cross‑platform helper to upload an encrypted blob via backend (backend handles S3 upload).\n * Uses axios for consistent error handling and request/response interceptors.\n /\nimport axios, { AxiosInstance } from 'axios';\n\nexport interface UploadBlobOptions {\n /* Backend base URL, e.g. https://api.example.com /\n baseUrl: string;\n /* Project API key to send as X-API-Key header /\n apiKey: string;\n /* Bearer token for Authorization header /\n accessToken: string;\n /* Blob or binary content to upload /\n blob: Blob \| ArrayBuffer \| Uint8Array;\n /* Optional axios instance (if you want to reuse an existing instance with interceptors) /\n axiosInstance?: AxiosInstance;\n}\n\n/\n Convert blob to base64 string\n /\nfunction blobToBase64(blob: Blob \| ArrayBuffer \| Uint8Array): Promise<string> {\n return new Promise((resolve, reject) => {\n if (blob instanceof Uint8Array \|\| blob instanceof ArrayBuffer) {\n const bytes = blob instanceof Uint8Array ? blob : new Uint8Array(blob);\n const binary = String.fromCharCode(...bytes);\n resolve(btoa(binary));\n } else if (blob instanceof Blob) {\n const reader = new FileReader();\n reader.onloadend = () => {\n const base64 = (reader.result as string).split(',')[1] \|\| (reader.result as string);\n resolve(base64);\n };\n reader.onerror = reject;\n reader.readAsDataURL(blob);\n } else {\n reject(new Error('Unsupported blob type'));\n }\n });\n}\n\n/\n Uploads blob to backend, which handles S3 upload directly.\n * Returns `{ key: string }` (S3 key) on success.\n \n This helper intentionally lives in @volr/sdk-core (not UI, not backend) so it can be reused\n * by web, React Native, Node, etc. It uses axios for consistent error handling.\n /\nexport async function uploadBlob(\n options: UploadBlobOptions\n): Promise<{ key: string }> {\n const {\n baseUrl,\n apiKey,\n accessToken,\n blob,\n axiosInstance,\n } = options;\n\n // Validate required parameters\n if (!apiKey) {\n throw new Error('apiKey is required');\n }\n if (!accessToken) {\n throw new Error('accessToken is required');\n }\n\n // Convert blob to base64\n const blobB64 = await blobToBase64(blob);\n\n // Create axios instance or use provided one\n let axiosClient: AxiosInstance;\n if (axiosInstance) {\n axiosClient = axiosInstance;\n } else {\n axiosClient = axios.create({\n baseURL: baseUrl.replace(/\\/+$/, ''),\n withCredentials: true,\n headers: {\n 'Content-Type': 'application/json',\n 'X-API-Key': String(apiKey),\n Authorization: `Bearer ${accessToken}`,\n },\n });\n }\n\n // Upload via backend\n const response = await axiosClient.post<{ ok: boolean; data: { key: string }; error?: { message: string } }>('/blob/upload', {\n blobB64,\n });\n\n if (!response.data?.ok \|\| !response.data?.data?.key) {\n const errorMessage = (response.data as any)?.error?.message \|\| 'Failed to upload blob';\n throw new Error(errorMessage);\n }\n\n return { key: response.data.data.key };\n}\n\n/\n Cross‑platform helper to upload an encrypted blob via S3 presigned PUT.\n * Runs in browsers (uses global fetch) and in Node 18+ (built‑in fetch).\n /\nexport interface UploadViaPresignOptions {\n /* Backend base URL, e.g. https://api.example.com /\n baseUrl: string;\n /* Project API key to send as X-API-Key header (optional if backend not requiring it) /\n apiKey?: string \| null;\n /* Bearer token for Authorization header (optional if cookie-based auth is sufficient) /\n accessToken?: string \| null;\n /* Blob or binary content to upload /\n blob: Blob \| ArrayBuffer \| Uint8Array;\n /* MIME type for the uploaded object; defaults to application/octet-stream /\n contentType?: string;\n /* Optional fetch implementation override (e.g. pass global fetch in RN) /\n fetchFn?: typeof fetch;\n}\n\nfunction stripTrailingSlash(u: string): string {\n return u.endsWith('/') ? u.slice(0, -1) : u;\n}\n\n/\n Calls backend `/blob/presign` with `{ op:'put', contentType }`, then uploads `blob`\n * to the returned S3 presigned URL. Returns `{ s3Key, url }` on success.\n \n This helper intentionally lives in @volr/sdk-core (not UI, not backend) so it can be reused\n * by web, React Native, Node, etc. It uses fetch instead of axios to avoid extra deps.\n /\nexport async function uploadBlobViaPresign(\n options: UploadViaPresignOptions\n): Promise<{ s3Key: string; url: string }> {\n const {\n baseUrl,\n apiKey,\n accessToken,\n blob,\n contentType = 'application/octet-stream',\n fetchFn,\n } = options;\n\n const f: typeof fetch \| undefined = fetchFn ?? (globalThis as any).fetch;\n if (typeof f !== 'function') {\n throw new Error('Global fetch is not available; provide options.fetchFn');\n }\n\n const base = stripTrailingSlash(baseUrl);\n\n // 1) Request presigned PUT URL from backend\n const presignRes = await f(`${base}/blob/presign`, {\n method: 'POST',\n headers: {\n 'Content-Type': 'application/json',\n ...(apiKey ? { 'X-API-Key': String(apiKey) } : {}),\n ...(accessToken ? { Authorization: `Bearer ${accessToken}` } : {}),\n },\n // backend expects { op: 'put', contentType }\n body: JSON.stringify({ op: 'put', contentType }),\n // include cookies if backend also uses cookie-based sessions\n credentials: 'include',\n });\n\n const presignJson: any = await presignRes.json();\n if (!presignRes.ok \|\| (presignJson && presignJson.ok === false)) {\n const msg =\n (presignJson && presignJson.error && presignJson.error.message) \|\|\n `presign failed with status ${presignRes.status}`;\n throw new Error(typeof msg === 'string' ? msg : 'Presign failed');\n }\n const url: string = presignJson?.data?.url ?? presignJson?.url;\n const s3Key: string = presignJson?.data?.proposedKey ?? presignJson?.s3Key;\n if (!url \|\| !s3Key) {\n throw new Error('Invalid presign response: missing url or s3Key');\n }\n\n // 2) Upload to S3 with the exact headers included in the signature\n const putHeaders: Record<string, string> = {\n 'Content-Type': contentType,\n 'x-amz-server-side-encryption': 'AES256',\n };\n\n const body: any =\n typeof Blob !== 'undefined' && (blob as any) instanceof Blob ? (blob as any) : (blob as any);\n\n const putRes = await f(url, {\n method: 'PUT',\n headers: putHeaders,\n body,\n // allow browser CORS preflight to succeed\n // (ignored in Node >= 18 where fetch is not CORS-restricted)\n mode: 'cors' as RequestMode,\n });\n\n if (!putRes.ok) {\n const text = await putRes.text().catch(() => '');\n throw new Error(`S3 upload failed (${putRes.status}): ${text \|\| putRes.statusText}`);\n }\n\n return { s3Key, url };\n}\n\n\n","/\n EVM constants\n /\n\n/\n Zero hash (32 bytes of zeros)\n * Equivalent to ethers.ZeroHash or keccak256(\"\")\n /\nexport const ZERO_HASH = '0x0000000000000000000000000000000000000000000000000000000000000000' as `0x${string}`;\n\n/\n Zero address (20 bytes of zeros)\n /\nexport const ZERO_ADDRESS = '0x0000000000000000000000000000000000000000' as `0x${string}`;\n\n\n\n\n\n\n\n\n\n\n\n","import type { Call } from '@/chains/evm/types.public';\nimport { keccak256, AbiCoder } from 'ethers';\n\nexport function computeCallsHash(calls: Call[]): `0x${string}` {\n // Mirror solidity exactly: keccak256(abi.encode(calls)),\n // where struct Call is (address target, uint256 value, bytes data, uint256 gasLimit)\n const coder = AbiCoder.defaultAbiCoder();\n const tupleType = 'tuple(address,uint256,bytes,uint256)[]';\n const values = calls.map((c) => [c.target, c.value, c.data, c.gasLimit]);\n const encoded = coder.encode([tupleType], [values]);\n return keccak256(encoded as unknown as Uint8Array) as `0x${string}`;\n}\n\n\n","// EIP-712 typed-data helpers (policySnapshotHash + gas caps + sessionId)\n// Note: Call and SessionAuth types are exported from types.public.ts\n// TYPES object defines the EIP-712 structure for signing\n\nimport type { SessionAuth, Call } from \"../types.public\";\nimport type { SignerPort } from \"@/wallet/types\";\nimport { computeCallsHash } from \"@/builders/callHash\";\n\nexport const DOMAIN = (chainId: number, verifyingContract: `0x${string}`) => ({\n name: \"volr\",\n version: \"1\",\n chainId,\n verifyingContract,\n});\n\n// Alias for backward compatibility\nexport const EIP712_DOMAIN = DOMAIN;\n\nexport const TYPES = {\n Call: [\n { name: \"target\", type: \"address\" },\n { name: \"data\", type: \"bytes\" },\n { name: \"value\", type: \"uint256\" },\n { name: \"gasLimit\", type: \"uint256\" },\n ],\n SessionAuth: [\n { name: \"chainId\", type: \"uint256\" },\n { name: \"sessionKey\", type: \"address\" },\n { name: \"sessionId\", type: \"uint64\" },\n { name: \"nonce\", type: \"uint64\" },\n { name: \"expiresAt\", type: \"uint64\" },\n { name: \"policyId\", type: \"bytes32\" },\n { name: \"policySnapshotHash\", type: \"bytes32\" },\n { name: \"gasLimitMax\", type: \"uint256\" },\n { name: \"maxFeePerGas\", type: \"uint256\" },\n { name: \"maxPriorityFeePerGas\", type: \"uint256\" },\n { name: \"totalGasCap\", type: \"uint256\" },\n ],\n SignedBatch: [\n { name: \"auth\", type: \"SessionAuth\" },\n { name: \"calls\", type: \"Call[]\" },\n { name: \"revertOnFail\", type: \"bool\" },\n { name: \"callsHash\", type: \"bytes32\" },\n ],\n} as const;\n\n// SessionAuthExtended is now just an alias since SessionAuth includes all fields\nexport type SessionAuthExtended = SessionAuth;\n\n/\n Build EIP-712 signed batch message\n /\nexport function buildSignedBatchMessage(input: {\n auth: SessionAuthExtended;\n calls: Call[];\n revertOnFail?: boolean;\n invokerAddress: `0x${string}`; // Required to bind domain\n}): {\n domain: ReturnType<typeof DOMAIN>;\n primaryType: \"SignedBatch\";\n message: {\n auth: any; // Using any for now to avoid recursive type issues with Ethers\n calls: Call[];\n revertOnFail: boolean;\n callsHash: `0x${string}`;\n };\n callsHash: `0x${string}`;\n} {\n const callsHash = computeCallsHash(input.calls);\n const domain = DOMAIN(Number(input.auth.chainId), input.invokerAddress);\n \n // Helper to ensure 0x prefix\n const ensureHex = (val: string) => (val.startsWith('0x') ? val : `0x${val}`) as `0x${string}`;\n\n // Convert SessionAuth to EIP-712 format (all fields are now required in SessionAuth)\n // Ensure all values are properly typed for EIP-712 encoding\n const eip712Auth = {\n chainId: BigInt(input.auth.chainId),\n sessionKey: ensureHex(input.auth.sessionKey),\n sessionId: input.auth.sessionId,\n nonce: input.auth.nonce,\n expiresAt: BigInt(input.auth.expiresAt),\n policyId: ensureHex(input.auth.policyId),\n policySnapshotHash: ensureHex(input.auth.policySnapshotHash),\n gasLimitMax: input.auth.gasLimitMax,\n maxFeePerGas: input.auth.maxFeePerGas,\n maxPriorityFeePerGas: input.auth.maxPriorityFeePerGas,\n totalGasCap: input.auth.totalGasCap,\n };\n\n // Convert calls to EIP-712 format (ensure all values are properly typed)\n const eip712Calls = input.calls.map((call) => ({\n target: ensureHex(call.target),\n data: ensureHex(call.data),\n value: call.value,\n gasLimit: call.gasLimit,\n }));\n\n return {\n domain,\n primaryType: \"SignedBatch\",\n message: {\n auth: eip712Auth,\n calls: eip712Calls,\n revertOnFail: input.revertOnFail ?? true,\n callsHash,\n },\n callsHash,\n };\n}\n\n/\n Sign EIP-712 session\n /\nexport async function signSession(input: {\n signer: SignerPort;\n from: `0x${string}`;\n auth: SessionAuthExtended;\n calls: Call[];\n invokerAddress: `0x${string}`; // Required\n}): Promise<{\n sessionSig: `0x${string}`;\n callsHash: `0x${string}`;\n}> {\n // Validate that from matches sessionKey\n if (input.from.toLowerCase() !== input.auth.sessionKey.toLowerCase()) {\n throw new Error(\n `from address (${input.from}) does not match sessionKey (${input.auth.sessionKey})`\n );\n }\n\n // Build the message\n const message = buildSignedBatchMessage({\n auth: input.auth,\n calls: input.calls,\n invokerAddress: input.invokerAddress,\n });\n\n // Check if signer supports signTyped\n if (!input.signer.signTyped) {\n throw new Error(\"Signer must support signTyped for EIP-712 signing\");\n }\n\n // Sign the typed data\n const typedData = {\n domain: message.domain,\n types: TYPES,\n primaryType: message.primaryType,\n message: message.message,\n };\n\n const sessionSig = await input.signer.signTyped(typedData);\n\n return {\n sessionSig,\n callsHash: message.callsHash,\n };\n}\n\n// Re-export computeCallsHash for convenience\nexport { computeCallsHash };\n","/\n EIP-7702 authorization tuple signing\n /\n\nimport type { SignerPort } from '@/wallet/types';\nimport type { AuthorizationTuple } from '@/chains/evm/types.public';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\nimport { secp256k1 } from '@noble/curves/secp256k1';\nimport { hashAuthorization, getBytes } from 'ethers';\n\n/\n Sign EIP-7702 authorization tuple\n * \n * Authorization tuple signs: chainId \|\| address \|\| nonce\n * This is separate from session signature\n * \n * @param input - Signing parameters\n * @returns Authorization tuple with signature\n /\nexport async function signAuthorization(input: {\n signer: SignerPort; // Same EOA key as session (MUST be secp256k1 for 7702)\n chainId: number; // Current chain (chainId=0 is forbidden by default)\n address: `0x${string}`; // Invoker on that chain\n nonce: bigint; // >= 0\n}): Promise<AuthorizationTuple> {\n const { signer, chainId, address, nonce } = input;\n\n // Validate inputs\n if (chainId === 0) {\n throw new Error(`${ERR_INVALID_PARAM}: chainId cannot be 0 (use specific chain ID)`);\n }\n\n if (nonce < 0n) {\n throw new Error(`${ERR_INVALID_PARAM}: nonce must be >= 0`);\n }\n\n if (!address.startsWith('0x') \|\| address.length !== 42) {\n throw new Error(`${ERR_INVALID_PARAM}: address must be valid Ethereum address`);\n }\n\n // Note: signAuthorization always uses secp256k1 (EIP-7702 requirement)\n // P-256 is only used for session signatures, not authorization tuples\n\n // ✅ EIP-7702 spec: keccak256(MAGIC \|\| rlp([chain_id, address, nonce]))\n // MAGIC = 0x05 (EIP-7702 identifier)\n // Must use RLP encoding, NOT ABI encoding!\n // Use ethers.js v6.14+ built-in helper\n const digest = hashAuthorization({\n chainId: BigInt(chainId),\n address: address.toLowerCase() as `0x${string}`,\n nonce: nonce,\n });\n\n // Convert digest to bytes for signing\n const digestBytes = getBytes(digest);\n\n // ✅ Raw ECDSA signature (no EIP-191 prefix!)\n // signMessage adds \"\\x19Ethereum Signed Message:\\n32\" prefix - we DON'T want that\n // We need raw secp256k1 signature over the digest\n let sig = await signer.signRawHash(digestBytes);\n\n // ⚠️ CRITICAL: Enforce low-S (EIP-2 requirement for EIP-7702)\n // If s > n/2, normalize to s' = n - s and flip yParity\n const sBigInt = BigInt('0x' + Array.from(sig.s).map(b => b.toString(16).padStart(2, '0')).join(''));\n const SECP256K1_N = secp256k1.CURVE.n;\n const nHalf = SECP256K1_N / 2n;\n \n let finalS = sig.s;\n let finalYParity = sig.yParity;\n \n if (sBigInt > nHalf) {\n // Normalize to low-S\n const normalizedS = SECP256K1_N - sBigInt;\n const normalizedSHex = normalizedS.toString(16).padStart(64, '0');\n \n // Convert hex string to Uint8Array\n finalS = new Uint8Array(32);\n for (let i = 0; i < 32; i++) {\n finalS[i] = parseInt(normalizedSHex.slice(i 2, i * 2 + 2), 16);\n }\n \n // Flip yParity\n finalYParity = finalYParity === 0 ? 1 : 0;\n \n }\n\n // Convert signature components to hex strings\n const rHex = Array.from(sig.r)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n const sHex = Array.from(finalS)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n\n return {\n chainId,\n address: address.toLowerCase() as `0x${string}`,\n nonce,\n yParity: finalYParity,\n r: `0x${rHex}` as `0x${string}`,\n s: `0x${sHex}` as `0x${string}`,\n };\n}\n\n","/*\n Authorization nonce utilities for EIP-7702\n /\n\n/\n Relay mode for nonce calculation\n /\nexport type RelayMode = 'self' \| 'sponsored';\n\n/\n Get authorization nonce based on relay mode\n * \n * Rules (EIP-7702):\n * - self: getTransactionCount(latest) + 1\n * - sponsored: getTransactionCount(latest)\n * \n * Note: 'latest' is safer than 'pending' for sponsored mode to avoid race conditions.\n * The nonce MUST exactly match the user EOA's current account nonce for Authorization validation.\n * \n * @param client - Extended RPC client with getTransactionCount method\n * @param from - EOA address\n * @param mode - Relay mode\n * @returns Authorization nonce\n /\nexport async function getAuthNonce(\n client: ExtendedRPCClient,\n from: `0x${string}`,\n mode: RelayMode\n): Promise<bigint> {\n if (!client.getTransactionCount) {\n throw new Error('RPC client must implement getTransactionCount method. Use ExtendedRPCClient.');\n }\n\n // Use 'latest' instead of 'pending' for EIP-7702 Authorization\n // 'pending' can cause race conditions in sponsored mode\n const nonce = await client.getTransactionCount(from, 'latest');\n\n // Apply mode rule\n if (mode === 'self') {\n return nonce + 1n;\n } else {\n // sponsored: use EOA's current account nonce exactly\n return nonce;\n }\n}\n\n/\n Extended RPC client interface with transaction count method\n * This should be implemented by the actual RPC client in React SDK\n /\nexport interface ExtendedRPCClient {\n /\n Low-level eth_call (optional, not required here)\n /\n call?: (args: { to: `0x${string}`; data: `0x${string}` }) => Promise<`0x${string}`>;\n /\n Get transaction count for an address\n * \n * @param address - Address to query\n * @param blockTag - Block tag ('pending', 'latest', etc.)\n * @returns Transaction count as bigint\n /\n getTransactionCount(address: `0x${string}`, blockTag?: 'pending' \| 'latest'): Promise<bigint>;\n}\n\n","/\n Passkey provider implementation\n * Uses PRF/HKDF to unwrap master seed and derive secp256k1 key\n /\n\nimport type { PasskeyProviderPort } from '@/wallet/types';\nimport type { WalletProviderPort, TypedDataInput } from './types';\nimport { deriveWrapKey, type PrfInput } from '@/master-key/policies/prf';\nimport { unsealMasterSeed } from '@/master-key/encryption';\nimport type { Entropy, WrapKey } from '@/master-key/types';\nimport { entropyToSeed } from '@/master-key/mnemonic';\nimport { deriveEvmKey } from '@/chains/evm/crypto/hdWallet';\nimport { toChecksumAddress } from '@/chains/evm/crypto/address';\nimport { evmSign } from '@/chains/evm/crypto/signer';\nimport { zeroize } from '@/core/crypto/zeroize';\nimport { TypedDataEncoder } from 'ethers';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n Options for passkey provider\n /\nexport type PasskeyProviderOptions = {\n /* PRF input parameters /\n prfInput: PrfInput;\n /* Encrypted master seed blob /\n encryptedBlob: {\n cipher: Uint8Array;\n nonce: Uint8Array;\n };\n /* Additional Authenticated Data for unwrapping /\n aad?: Uint8Array;\n /\n Session TTL in milliseconds.\n * - 0 (default): No caching - requires WebAuthn authentication for every signature (most secure)\n * - >0: Cache private key in memory for this duration (less secure, better UX)\n * \n * @default 0\n /\n sessionTtlMs?: number;\n};\n\n/\n Create passkey provider\n * \n * @param passkey - Passkey provider port (for WebAuthn PRF authentication)\n * @param options - Provider options (PRF input, encrypted blob)\n * @returns Wallet provider port\n * \n * @example\n * ```ts\n * const provider = createPasskeyProvider(passkeyAdapter, {\n * prfInput: { projectId, credentialId },\n * encryptedBlob: { cipher, nonce }\n * });\n * await provider.ensureSession({ interactive: true, force: true });\n * const address = await provider.getAddress();\n * ```\n /\nexport function createPasskeyProvider(\n passkey: PasskeyProviderPort,\n options: PasskeyProviderOptions\n): WalletProviderPort {\n let unwrappedKeypair: {\n privateKey: Uint8Array;\n publicKey: Uint8Array;\n address: `0x${string}`;\n } \| null = null;\n\n // Session TTL management\n // Note: sessionTtlMs is available for future use but currently not actively used\n // The default behavior is to keep the session alive until explicit lock() call\n const sessionTtlMs = options.sessionTtlMs ?? 0;\n let sessionExpiresAt: number \| null = null;\n let lockTimer: ReturnType<typeof setTimeout> \| null = null;\n\n const isSessionExpired = (): boolean => {\n // If TTL is 0 or not set, session never expires automatically\n // User must call lock() explicitly to end session\n if (sessionTtlMs <= 0) return false;\n if (!sessionExpiresAt) return true;\n return Date.now() >= sessionExpiresAt;\n };\n\n const resetSessionTimer = (): void => {\n if (sessionTtlMs <= 0) return; // No timer for TTL=0\n\n // Clear existing timer\n if (lockTimer) {\n clearTimeout(lockTimer);\n lockTimer = null;\n }\n\n // Set expiration time\n sessionExpiresAt = Date.now() + sessionTtlMs;\n\n // Set auto-lock timer\n lockTimer = setTimeout(async () => {\n await lock();\n }, sessionTtlMs);\n };\n\n const lock = async (): Promise<void> => {\n if (lockTimer) {\n clearTimeout(lockTimer);\n lockTimer = null;\n }\n sessionExpiresAt = null;\n\n if (unwrappedKeypair) {\n zeroize(unwrappedKeypair.privateKey);\n zeroize(unwrappedKeypair.publicKey);\n unwrappedKeypair = null;\n }\n };\n\n const ensureSession = async (opts?: { interactive?: boolean; force?: boolean }): Promise<void> => {\n // If force=true, zeroize existing session and re-authenticate\n if (opts?.force && unwrappedKeypair) {\n await lock();\n }\n\n // If session already exists and not expired, reuse it\n if (unwrappedKeypair && !isSessionExpired()) {\n resetSessionTimer(); // Extend session on activity\n return;\n }\n\n // Session expired - need to re-authenticate\n if (unwrappedKeypair && isSessionExpired()) {\n await lock();\n }\n\n // Compute PRF salt from prfInput\n const prfSalt = deriveWrapKey(options.prfInput);\n\n // Trigger WebAuthn with PRF extension\n const { prfOutput } = await passkey.authenticate({\n salt: prfSalt,\n credentialId: options.prfInput.credentialId,\n });\n\n // Use PRF output as wrap key (cast to WrapKey brand type)\n const wrapKey = prfOutput as WrapKey;\n\n // Unwrap entropy (stored as encrypted blob)\n const aad = options.aad \|\| new TextEncoder().encode('volr/master-seed/v1');\n const entropy = (await unsealMasterSeed(\n options.encryptedBlob.cipher,\n wrapKey,\n aad,\n options.encryptedBlob.nonce\n )) as unknown as Entropy;\n\n // Derive seed from entropy (BIP-39 PBKDF2)\n const masterSeed = await entropyToSeed(entropy);\n\n // Derive EVM keypair from seed\n const keypair = deriveEvmKey({ masterSeed });\n\n // Zeroize entropy after use\n zeroize(entropy);\n\n // Store unwrapped keypair\n unwrappedKeypair = {\n privateKey: keypair.privateKey,\n publicKey: keypair.publicKey,\n address: keypair.address,\n };\n\n // Zeroize sensitive data immediately\n zeroize(masterSeed);\n zeroize(wrapKey);\n zeroize(prfSalt);\n\n // Start session timer (only for TTL > 0)\n resetSessionTimer();\n };\n\n const getAddress = async (): Promise<`0x${string}`> => {\n await ensureSession({ interactive: true });\n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n return toChecksumAddress(unwrappedKeypair.address);\n };\n\n const signMessage = async (hash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> => {\n if (hash32.length !== 32) {\n throw new Error(`${ERR_INVALID_PARAM}: Message hash must be 32 bytes, got ${hash32.length}`);\n }\n\n // Ensure session is active (will prompt for WebAuthn if not)\n await ensureSession({ interactive: true });\n \n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n\n // Sign with secp256k1\n const sig = evmSign(unwrappedKeypair.privateKey, hash32);\n\n return {\n r: sig.r,\n s: sig.s,\n yParity: sig.yParity,\n };\n };\n\n const signTypedData = async (input: TypedDataInput): Promise<`0x${string}`> => {\n // Ensure session is active (will prompt for WebAuthn if not)\n await ensureSession({ interactive: true });\n \n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n\n\n // Compute EIP-712 hash\n // Use ethers TypedDataEncoder for consistency with other signers\n // Note: TypedDataEncoder.hash expects types WITHOUT EIP712Domain\n const hash = TypedDataEncoder.hash(input.domain, input.types, input.message);\n const msgHash = hash; // TypedDataEncoder.hash returns hex string\n\n // Convert hex string to Uint8Array\n const msgHashBytes = new Uint8Array(32);\n const hex = msgHash.startsWith('0x') ? msgHash.slice(2) : msgHash;\n for (let i = 0; i < 32; i++) {\n msgHashBytes[i] = parseInt(hex.slice(i 2, i * 2 + 2), 16);\n }\n\n // Sign message hash\n const sig = evmSign(unwrappedKeypair.privateKey, msgHashBytes);\n\n // Convert to hex string (r \|\| s \|\| v)\n const v = sig.yParity + 27;\n const rHex = Array.from(sig.r)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n const sHex = Array.from(sig.s)\n .map((b) => b.toString(16).padStart(2, '0'))\n .join('');\n const vHex = v.toString(16).padStart(2, '0');\n\n return `0x${rHex}${sHex}${vHex}` as `0x${string}`;\n };\n\n const getPublicKey = async (): Promise<Uint8Array> => {\n await ensureSession({ interactive: true });\n if (!unwrappedKeypair) {\n throw new Error(`${ERR_INVALID_PARAM}: Session not established`);\n }\n return new Uint8Array(unwrappedKeypair.publicKey);\n };\n\n return {\n keyStorageType: 'passkey',\n ensureSession,\n getAddress,\n signMessage,\n signTypedData,\n getPublicKey,\n lock,\n capabilities: {\n secp256k1: true,\n p256: false, // Passkey provider uses secp256k1 after unwrapping\n },\n };\n}\n\n","/*\n MPC provider implementation\n * Delegates to backend proxy via transport\n /\n\nimport type { WalletProviderPort, MpcTransport } from './types';\n\n/\n Create MPC provider\n * \n * @param transport - MPC transport interface (backend proxy)\n * @returns Wallet provider port\n * \n * @example\n * ```ts\n * const transport = createMpcTransport({ backendUrl: '...' });\n * const provider = createMpcProvider(transport);\n * await provider.ensureSession();\n * const address = await provider.getAddress();\n * ```\n /\nexport function createMpcProvider(transport: MpcTransport): WalletProviderPort {\n return {\n keyStorageType: 'mpc',\n ensureSession: () => transport.ensureSession(),\n getAddress: () => transport.getAddress(),\n signMessage: (hash32) => transport.signMessage(hash32),\n signTypedData: (input) => transport.signTypedData(input),\n getPublicKey: transport.getPublicKey ? () => transport.getPublicKey!() : undefined,\n capabilities: {\n secp256k1: true,\n p256: false, // MPC uses secp256k1 via backend\n },\n };\n}\n\n","/\n Provider-based signer selection (simplified, no 7212 probing)\n * Always uses secp256k1 path today.\n /\n\nimport type { WalletProviderPort } from '../providers/types';\nimport type { SignerPort } from '@/wallet/types';\nimport { ERR_INVALID_PARAM } from '@/core/errors';\n\n/\n Context for signer selection\n /\nexport type SelectSignerContext = {\n /* Wallet provider /\n provider: WalletProviderPort;\n /* Chain ID /\n chainId: number;\n};\n\n/\n Select appropriate signer based on provider\n * \n * Routing logic:\n * 1. Provider-backed signer (delegates to provider, secp256k1)\n * \n * Note: 7702 authorization always uses secp256k1\n * \n * @param ctx - Selection context\n * @returns Signer port\n * @throws Error if provider cannot provide required signing capability\n * \n * @example\n * ```ts\n * const signer = await selectSigner({\n * provider: passkeyProvider,\n * chainId: 10,\n * client: rpcClient\n * });\n * const sig = await signer.signMessage(msgHash);\n * ```\n /\nexport async function selectSigner(ctx: SelectSignerContext): Promise<SignerPort> {\n const { provider } = ctx;\n\n // Route: secp256k1 (default for both passkey and MPC providers)\n // Create a wrapper signer that delegates to provider\n // Provider must implement getPublicKey() for this to work\n if (provider.getPublicKey) {\n return new ProviderBackedSigner(provider);\n }\n\n // If provider doesn't expose getPublicKey, we can't create a signer\n // This is a limitation - in practice, providers should expose getPublicKey()\n throw new Error(\n `${ERR_INVALID_PARAM}: Provider must expose getPublicKey() for signer creation. ` +\n `Use provider.signMessage() directly or implement getPublicKey() in provider.`\n );\n}\n\n/\n Signer that delegates to wallet provider\n * Used when provider already implements secp256k1 signing\n /\nclass ProviderBackedSigner implements SignerPort {\n constructor(private provider: WalletProviderPort) {\n if (!provider.getPublicKey) {\n throw new Error(`${ERR_INVALID_PARAM}: Provider must implement getPublicKey()`);\n }\n }\n\n async getPublicKey(): Promise<Uint8Array> {\n return this.provider.getPublicKey!();\n }\n\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n return this.provider.signMessage(msgHash32);\n }\n\n async signRawHash(digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // Provider.signMessage already does raw hash signing (no prefix)\n // PasskeyProvider unwraps to secp256k1, so this works for EIP-7702\n return this.provider.signMessage(digest);\n }\n\n async signTyped?(typed: unknown): Promise<`0x${string}`> {\n if (typeof typed === 'object' && typed !== null) {\n const input = typed as { domain: any; types: any; message: any };\n return this.provider.signTypedData(input);\n }\n throw new Error(`${ERR_INVALID_PARAM}: Invalid typed data input`);\n }\n}\n\n","import { ERR_INVALID_PARAM } from '@/core/errors';\nimport { Secp256k1SoftwareSigner } from '@/wallet/signers/secp256k1';\nimport type { SignerPort, SignerKind, SignerContext } from '@/wallet/types';\nimport type { WalletProviderPort } from '@/chains/evm/providers/types';\n\n// Re-export types for convenience\nexport type { SignerPort, SignerKind, SignerContext } from '@/wallet/types';\n\n/\n Signer that delegates to wallet provider\n * Used when provider already implements secp256k1 signing\n /\nclass ProviderBackedSigner implements SignerPort {\n constructor(private provider: WalletProviderPort) {\n if (!provider.getPublicKey) {\n throw new Error(`${ERR_INVALID_PARAM}: Provider must implement getPublicKey()`);\n }\n }\n\n async getPublicKey(): Promise<Uint8Array> {\n return this.provider.getPublicKey!();\n }\n\n async signMessage(msgHash32: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n return this.provider.signMessage(msgHash32);\n }\n\n async signRawHash(_digest: Uint8Array): Promise<{\n r: Uint8Array;\n s: Uint8Array;\n yParity: 0 \| 1;\n }> {\n // Provider-backed signer must support EIP-7702 directly\n // Most wallets block raw hash signing\n throw new Error('EIP-7702 raw hash signing not supported by wallet provider. Use Secp256k1SoftwareSigner for EIP-7702.');\n }\n\n async signTyped?(typed: unknown): Promise<`0x${string}`> {\n if (typeof typed === 'object' && typed !== null) {\n const input = typed as { domain: any; types: any; message: any };\n return this.provider.signTypedData(input);\n }\n throw new Error(`${ERR_INVALID_PARAM}: Invalid typed data input`);\n }\n}\n\n/\n Select appropriate signer based on chain capabilities and available inputs\n * \n * Routing logic:\n * 1. If provider provided → ProviderBackedSigner (delegates to provider)\n * 2. Else if secpKey provided → Secp256k1SoftwareSigner\n * 3. Else → throw error\n * \n * @param ctx - Signer context\n * @returns Selected signer with kind identifier\n * @throws VolrError if no signer input is available\n * \n * @example\n * ```ts\n * const ctx = {\n * client: rpcClient,\n * chainId: 10,\n * provider: walletProvider,\n * };\n * const { kind, signer } = await selectSigner(ctx);\n * const sig = await signer.signMessage(msgHash);\n * ```\n */\nexport async function selectSigner(\n ctx: SignerContext\n): Promise<{ kind: SignerKind; signer: SignerPort }> {\n const { provider, secpKey } = ctx;\n\n // Route 1: Provider-based routing (highest priority)\n if (provider) {\n // Ensure provider has getPublicKey for signer creation\n if (!provider.getPublicKey) {\n throw new Error(\n `${ERR_INVALID_PARAM}: Provider must implement getPublicKey() for signer creation. ` +\n `Use provider.signMessage() directly or implement getPublicKey() in provider.`\n );\n }\n\n // Use provider-backed signer (delegates to provider.signMessage)\n return {\n kind: 'secp256k1', // Provider signs with secp256k1\n signer: new ProviderBackedSigner(provider),\n };\n }\n\n // Route 2: Fallback to secp256k1\n if (secpKey) {\n return {\n kind: 'secp256k1',\n signer: new Secp256k1SoftwareSigner(secpKey),\n };\n }\n\n // No signer input available\n throw new Error(\n `${ERR_INVALID_PARAM}: No signer input available. Provide either provider, passkey (for P-256), or secpKey (for secp256k1).`\n );\n}\n\n"]}