npm - @zama-fhe/sdk - Versions diffs - 3.0.0-alpha.2 → 3.0.0-alpha.21 - Mend

@zama-fhe/sdk 3.0.0-alpha.2 → 3.0.0-alpha.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (99) hide show

package/README.md +207 -122
package/dist/cjs/build.cjs +2 -0
package/dist/cjs/build.cjs.map +1 -0
package/dist/cjs/chains/index.cjs +1 -0
package/dist/cjs/chains.cjs +2 -0
package/dist/cjs/chains.cjs.map +1 -0
package/dist/cjs/cleartext/index.cjs +1 -1
package/dist/cjs/eip1193-subscribe.cjs +1 -1
package/dist/cjs/eip1193-subscribe.cjs.map +1 -1
package/dist/cjs/encryption.cjs +2 -0
package/dist/cjs/encryption.cjs.map +1 -0
package/dist/cjs/ethers/index.cjs +1 -1
package/dist/cjs/ethers/index.cjs.map +1 -1
package/dist/cjs/index.cjs +73 -73
package/dist/cjs/index.cjs.map +1 -1
package/dist/cjs/query/index.cjs +1 -1
package/dist/cjs/query/index.cjs.map +1 -1
package/dist/cjs/readonly-token.cjs +1 -1
package/dist/cjs/readonly-token.cjs.map +1 -1
package/dist/cjs/relayer-cleartext.cjs +2 -0
package/dist/cjs/relayer-cleartext.cjs.map +1 -0
package/dist/cjs/relayer-sdk.worker.js +71 -71
package/dist/cjs/relayer.cjs +1 -1
package/dist/cjs/relayer.cjs.map +1 -1
package/dist/cjs/viem/index.cjs +1 -1
package/dist/cjs/viem/index.cjs.map +1 -1
package/dist/cjs/wrappers-registry.cjs +1 -1
package/dist/cjs/wrappers-registry.cjs.map +1 -1
package/dist/esm/{assertions-BARApuMj.js → assertions-CfqI3AJv.js} +1 -1
package/dist/esm/{assertions-BARApuMj.js.map → assertions-CfqI3AJv.js.map} +1 -1
package/dist/esm/build-CvenCk6R.js +2 -0
package/dist/esm/build-CvenCk6R.js.map +1 -0
package/dist/esm/chains/index.d.ts +3 -0
package/dist/esm/chains/index.js +1 -0
package/dist/esm/chains-aHmrozPh.js +2 -0
package/dist/esm/chains-aHmrozPh.js.map +1 -0
package/dist/esm/cleartext/index.d.ts +2 -86
package/dist/esm/cleartext/index.js +1 -1
package/dist/esm/cleartext-BHu6-LCv.d.ts +19 -0
package/dist/esm/cleartext-I-etE_7S.js +2 -0
package/dist/esm/cleartext-I-etE_7S.js.map +1 -0
package/dist/esm/eip1193-subscribe-CcotSOIm.js +2 -0
package/dist/esm/eip1193-subscribe-CcotSOIm.js.map +1 -0
package/dist/esm/{encryption-CmIPBcfP.js → encryption-YS-Kb7qm.js} +2 -2
package/dist/esm/{encryption-CmIPBcfP.js.map → encryption-YS-Kb7qm.js.map} +1 -1
package/dist/esm/ethers/index.d.ts +53 -8
package/dist/esm/ethers/index.js +1 -1
package/dist/esm/ethers/index.js.map +1 -1
package/dist/esm/{hex-D_B-zoId.js → hex-BZVTzEK6.js} +2 -2
package/dist/esm/{hex-D_B-zoId.js.map → hex-BZVTzEK6.js.map} +1 -1
package/dist/esm/{relayer-utils-iSPis4x-.d.ts → index-BTY0MxOt.d.ts} +50 -23
package/dist/esm/{onchain-events-2VNiL78c.d.ts → index-BdyljG1F.d.ts} +387 -1505
package/dist/esm/index.d.ts +61 -93
package/dist/esm/index.js +73 -73
package/dist/esm/index.js.map +1 -1
package/dist/esm/memory-storage-CFXqXUcm.js +2 -0
package/dist/esm/memory-storage-CFXqXUcm.js.map +1 -0
package/dist/esm/node/index.d.ts +88 -110
package/dist/esm/node/index.js +1 -1
package/dist/esm/node/index.js.map +1 -1
package/dist/esm/node/relayer-sdk.node-worker.js +1 -1
package/dist/esm/node/relayer-sdk.node-worker.js.map +1 -1
package/dist/esm/query/index.d.ts +40 -50
package/dist/esm/query/index.js +1 -1
package/dist/esm/query/index.js.map +1 -1
package/dist/esm/readonly-token-DCLOYhws.js +2 -0
package/dist/esm/readonly-token-DCLOYhws.js.map +1 -0
package/dist/esm/{relayer-C6u3eOlN.js → relayer-7Hd00A6X.js} +2 -2
package/dist/esm/relayer-7Hd00A6X.js.map +1 -0
package/dist/esm/{relayer-sdk.types-CGfXwKcB.d.ts → relayer-cleartext-DJkSUlZ2.d.ts} +263 -106
package/dist/esm/relayer-cleartext-SZCM9wTx.js +2 -0
package/dist/esm/relayer-cleartext-SZCM9wTx.js.map +1 -0
package/dist/esm/relayer-sdk.worker.js +71 -71
package/dist/esm/types-C1S426x4.d.ts +48 -0
package/dist/esm/types-CVyJHEya.d.ts +14 -0
package/dist/esm/types-DePjTTbo.d.ts +30 -0
package/dist/esm/types-FY7ciI37.d.ts +615 -0
package/dist/esm/viem/index.d.ts +39 -11
package/dist/esm/viem/index.js +1 -1
package/dist/esm/viem/index.js.map +1 -1
package/dist/esm/wrappers-registry-CXNs4eR0.js +2 -0
package/dist/esm/wrappers-registry-CXNs4eR0.js.map +1 -0
package/package.json +17 -3
package/dist/cjs/cleartext.cjs +0 -2
package/dist/cjs/cleartext.cjs.map +0 -1
package/dist/esm/cleartext-Cs28cTsa.js +0 -2
package/dist/esm/cleartext-Cs28cTsa.js.map +0 -1
package/dist/esm/eip1193-subscribe-Cl_wlVuQ.js +0 -2
package/dist/esm/eip1193-subscribe-Cl_wlVuQ.js.map +0 -1
package/dist/esm/memory-storage-F8xjMzVy.js +0 -2
package/dist/esm/memory-storage-F8xjMzVy.js.map +0 -1
package/dist/esm/readonly-token-D4GjTj0q.js +0 -2
package/dist/esm/readonly-token-D4GjTj0q.js.map +0 -1
package/dist/esm/relayer-C6u3eOlN.js.map +0 -1
package/dist/esm/relayer-sdk-DPqytEbO.d.ts +0 -44
package/dist/esm/relayer-utils-BeoTNDM4.js +0 -2
package/dist/esm/relayer-utils-BeoTNDM4.js.map +0 -1
package/dist/esm/wrappers-registry-ydyySM9g.js +0 -2
package/dist/esm/wrappers-registry-ydyySM9g.js.map +0 -1

package/dist/esm/{relayer-sdk.types-CGfXwKcB.d.ts → relayer-cleartext-DJkSUlZ2.d.ts} RENAMED Viewed

@@ -1,6 +1,8 @@
+import { n as FheChain } from "./types-C1S426x4.js";
+import { PrivateKeyAccount } from "viem/accounts";
 import { Abi, Address, ContractFunctionArgs, ContractFunctionName, ContractFunctionReturnType, Hex } from "viem";
 import * as SDK from "@zama-fhe/relayer-sdk/bundle";
-import { FhevmInstanceConfig, InputProofBytesType, KmsDelegatedUserDecryptEIP712Type, ZKProofLike } from "@zama-fhe/relayer-sdk/bundle";
+import { Bytes32Hex, ClearValueType, InputProofBytesType, KeypairType, KmsDelegatedUserDecryptEIP712Type, KmsUserDecryptEIP712Type, PublicDecryptResults, ZKProofLike } from "@zama-fhe/relayer-sdk/bundle";
 //#region src/worker/worker.types.d.ts
 /**
@@ -14,26 +16,30 @@ interface GenericLogger {
   warn: (message: string, data?: Record<string, unknown>) => void;
   error: (message: string, data?: Record<string, unknown>) => void;
 }
-type WorkerRequestType = "INIT" | "NODE_INIT" | "UPDATE_CSRF" | "ENCRYPT" | "USER_DECRYPT" | "PUBLIC_DECRYPT" | "GENERATE_KEYPAIR" | "CREATE_EIP712" | "CREATE_DELEGATED_EIP712" | "DELEGATED_USER_DECRYPT" | "REQUEST_ZK_PROOF_VERIFICATION" | "GET_PUBLIC_KEY" | "GET_PUBLIC_PARAMS";
+type WorkerEnv = "web" | "node";
+type WorkerRequestType = "INIT" | "UPDATE_CSRF" | "ENCRYPT" | "USER_DECRYPT" | "PUBLIC_DECRYPT" | "GENERATE_KEYPAIR" | "CREATE_EIP712" | "CREATE_DELEGATED_EIP712" | "DELEGATED_USER_DECRYPT" | "REQUEST_ZK_PROOF_VERIFICATION" | "GET_PUBLIC_KEY" | "GET_PUBLIC_PARAMS";
 interface BaseRequest {
   id: string;
   type: WorkerRequestType;
 }
+interface InitWebPayload {
+  env: "web";
+  cdnUrl: string;
+  chains: FheChain[];
+  csrfToken: string;
+  /** Expected SHA-384 hex digest for integrity verification. */
+  integrity?: string;
+  /** Number of WASM threads for parallel FHE operations. */
+  thread?: number;
+}
+interface InitNodePayload {
+  env: "node";
+  chains: FheChain[];
+}
+type InitPayload = InitWebPayload | InitNodePayload;
 interface InitRequest extends BaseRequest {
   type: "INIT";
-  payload: {
-    cdnUrl: string;
-    fhevmConfig: FhevmInstanceConfig;
-    csrfToken: string; /** Expected SHA-384 hex digest for integrity verification. */
-    integrity?: string; /** Number of WASM threads for parallel FHE operations. */
-    thread?: number;
-  };
-}
-interface NodeInitRequest extends BaseRequest {
-  type: "NODE_INIT";
-  payload: {
-    fhevmConfig: FhevmInstanceConfig;
-  };
+  payload: InitPayload;
 }
 interface UpdateCsrfRequest extends BaseRequest {
   type: "UPDATE_CSRF";
@@ -44,6 +50,7 @@ interface UpdateCsrfRequest extends BaseRequest {
 interface EncryptRequest extends BaseRequest {
   type: "ENCRYPT";
   payload: {
+    chainId: number;
     values: EncryptInput[];
     contractAddress: Address;
     userAddress: Address;
@@ -52,6 +59,7 @@ interface EncryptRequest extends BaseRequest {
 interface UserDecryptRequest extends BaseRequest {
   type: "USER_DECRYPT";
   payload: {
+    chainId: number;
     handles: Handle[];
     contractAddress: Address;
     signedContractAddresses: Address[];
@@ -66,16 +74,20 @@ interface UserDecryptRequest extends BaseRequest {
 interface PublicDecryptRequest extends BaseRequest {
   type: "PUBLIC_DECRYPT";
   payload: {
+    chainId: number;
     handles: Handle[];
   };
 }
 interface GenerateKeypairRequest extends BaseRequest {
   type: "GENERATE_KEYPAIR";
-  payload: Record<string, never>;
+  payload: {
+    chainId: number;
+  };
 }
 interface CreateEIP712Request extends BaseRequest {
   type: "CREATE_EIP712";
   payload: {
+    chainId: number;
     publicKey: Hex;
     contractAddresses: Address[];
     startTimestamp: number;
@@ -85,6 +97,7 @@ interface CreateEIP712Request extends BaseRequest {
 interface CreateDelegatedEIP712Request extends BaseRequest {
   type: "CREATE_DELEGATED_EIP712";
   payload: {
+    chainId: number;
     publicKey: Hex;
     contractAddresses: Address[];
     delegatorAddress: Address;
@@ -95,6 +108,7 @@ interface CreateDelegatedEIP712Request extends BaseRequest {
 interface DelegatedUserDecryptRequest extends BaseRequest {
   type: "DELEGATED_USER_DECRYPT";
   payload: {
+    chainId: number;
     handles: Handle[];
     contractAddress: Address;
     signedContractAddresses: Address[];
@@ -110,22 +124,27 @@ interface DelegatedUserDecryptRequest extends BaseRequest {
 interface RequestZKProofVerificationRequest extends BaseRequest {
   type: "REQUEST_ZK_PROOF_VERIFICATION";
   payload: {
+    chainId: number;
     zkProof: ZKProofLike;
   };
 }
 interface GetPublicKeyRequest extends BaseRequest {
   type: "GET_PUBLIC_KEY";
-  payload: Record<string, never>;
+  payload: {
+    chainId: number;
+  };
 }
 interface GetPublicParamsRequest extends BaseRequest {
   type: "GET_PUBLIC_PARAMS";
   payload: {
+    chainId: number;
     bits: number;
   };
 }
-type WorkerRequest = InitRequest | NodeInitRequest | UpdateCsrfRequest | EncryptRequest | UserDecryptRequest | PublicDecryptRequest | GenerateKeypairRequest | CreateEIP712Request | CreateDelegatedEIP712Request | DelegatedUserDecryptRequest | RequestZKProofVerificationRequest | GetPublicKeyRequest | GetPublicParamsRequest;
+type WorkerRequest = InitRequest | UpdateCsrfRequest | EncryptRequest | UserDecryptRequest | PublicDecryptRequest | GenerateKeypairRequest | CreateEIP712Request | CreateDelegatedEIP712Request | DelegatedUserDecryptRequest | RequestZKProofVerificationRequest | GetPublicKeyRequest | GetPublicParamsRequest;
 type EncryptPayload = EncryptRequest["payload"];
 type UserDecryptPayload = UserDecryptRequest["payload"];
+type PublicDecryptPayload = PublicDecryptRequest["payload"];
 type DelegatedUserDecryptPayload = DelegatedUserDecryptRequest["payload"];
 type CreateEIP712Payload = CreateEIP712Request["payload"];
 type CreateDelegatedEIP712Payload = CreateDelegatedEIP712Request["payload"];
@@ -144,10 +163,7 @@ interface ErrorResponse extends BaseResponse {
   statusCode?: number;
 }
 type WorkerResponse<T> = SuccessResponse<T> | ErrorResponse;
-interface EncryptResponseData {
-  handles: Uint8Array[];
-  inputProof: Uint8Array;
-}
+type EncryptResponseData = InputProofBytesType;
 interface UserDecryptResponseData {
   clearValues: Record<Handle, ClearValueType>;
 }
@@ -160,27 +176,7 @@ interface GenerateKeypairResponseData {
   publicKey: Hex;
   privateKey: Hex;
 }
-interface CreateEIP712ResponseData {
-  domain: {
-    name: string;
-    version: string;
-    chainId: number;
-    verifyingContract: Address;
-  };
-  types: {
-    UserDecryptRequestVerification: {
-      name: string;
-      type: string;
-    }[];
-  };
-  message: {
-    publicKey: Hex;
-    contractAddresses: Address[];
-    startTimestamp: bigint;
-    durationDays: bigint;
-    extraData: Hex;
-  };
-}
+type CreateEIP712ResponseData = KmsUserDecryptEIP712Type;
 type CreateDelegatedEIP712ResponseData = KmsDelegatedUserDecryptEIP712Type;
 interface DelegatedUserDecryptResponseData {
   clearValues: Record<Handle, ClearValueType>;
@@ -267,29 +263,67 @@ interface TransactionResult {
 }
 //#endregion
 //#region src/types/signer.d.ts
-/** Callbacks for signer lifecycle events (wallet disconnect, account switch). */
-interface SignerLifecycleCallbacks {
-  /** Called when the wallet disconnects. */
-  onDisconnect?: () => void;
-  /** Called when the active account changes. */
-  onAccountChange?: (newAddress: Address) => void;
-  /** Called when the connected chain changes. */
-  onChainChange?: (newChainId: number) => void;
-}
+/** Snapshot of wallet identity at a point in time. */
+interface SignerIdentity {
+  address: Address;
+  chainId: number;
+}
+/** An identity transition emitted by signer adapters. */
+interface SignerIdentityChange {
+  previous?: SignerIdentity;
+  next?: SignerIdentity;
+}
+/** Listener for signer identity transitions. */
+type SignerIdentityListener = (change: SignerIdentityChange) => void;
 /**
- * Framework-agnostic signer interface.
- * Wallet devs implement this with their library of choice.
- * The React SDK ships pre-built adapters for wagmi/viem/ethers.
+ * Framework-agnostic signer interface — wallet authority only.
+ *
+ * Public chain reads have moved to {@link GenericProvider}. A signer is only
+ * required for operations that involve a user-controlled wallet
+ * (`getAddress`, `signTypedData`, `writeContract`).
+ *
+ * Both interfaces expose `getChainId()` — neither takes ownership of "the
+ * chain" unilaterally. A wallet can legitimately switch chain mid-session
+ * while the provider's RPC stays constant.
  */
 interface GenericSigner {
-  /** Return the chain ID of the connected network. */
+  /** Return the chain ID of the connected wallet. */
   getChainId(): Promise<number>;
   /** The connected wallet address. */
-  getAddress: () => Promise<Address>;
+  getAddress(): Promise<Address>;
   /** Sign EIP-712 typed data (used for decrypt authorization). */
   signTypedData(typedData: EIP712TypedData): Promise<Hex>;
   /** Send a write transaction and return the tx hash. */
   writeContract<const TAbi extends ContractAbi, TFunctionName extends WriteFunctionName<TAbi>, const TArgs extends WriteContractArgs<TAbi, TFunctionName>>(config: WriteContractConfig<TAbi, TFunctionName, TArgs>): Promise<Hex>;
+  /**
+   * Subscribe to wallet identity transitions (connect, disconnect, account
+   * change, chain change). Returns an unsubscribe function.
+   * Built-in browser adapters also emit the current connected identity when
+   * subscribe is called and the wallet is already connected.
+   *
+   * Optional — server-side signers or custom implementations that don't
+   * support lifecycle events can omit this method entirely.
+   */
+  subscribe?: (onIdentityChange: SignerIdentityListener) => () => void;
+}
+//#endregion
+//#region src/types/provider.d.ts
+/**
+ * Framework-agnostic read-only provider interface.
+ *
+ * Represents the minimal set of capabilities needed to perform public chain
+ * reads: querying state via `eth_call`, checking chain identity, awaiting
+ * transaction receipts, and fetching block timestamps.
+ *
+ * Any caller with only an RPC endpoint (server indexer, SSR, dApp pre-connect)
+ * can drive the SDK via a {@link GenericProvider} implementation, without
+ * instantiating a wallet-shaped object. Use {@link ViemProvider},
+ * {@link EthersProvider}, or {@link WagmiProvider}; or implement the
+ * interface directly.
+ */
+interface GenericProvider {
+  /** Return the chain ID of the connected network. */
+  getChainId(): Promise<number>;
   /** Execute a read-only call and return the decoded result. */
   readContract<const TAbi extends ContractAbi, TFunctionName extends ReadFunctionName<TAbi>, const TArgs extends ReadContractArgs<TAbi, TFunctionName>>(config: ReadContractConfig<TAbi, TFunctionName, TArgs>): Promise<ReadContractReturnType<TAbi, TFunctionName, TArgs>>;
   /** Wait for a transaction to be mined and return its receipt. */
@@ -299,15 +333,7 @@ interface GenericSigner {
    * Used by {@link ReadonlyToken.isDelegated} to compare delegation expiry
    * against the chain clock instead of the local clock.
    */
-  getBlockTimestamp: () => Promise<bigint>;
-  /**
-   * Subscribe to wallet lifecycle events (disconnect, account change, chain change).
-   * Returns an unsubscribe function.
-   *
-   * Optional — server-side signers or custom implementations that don't
-   * support lifecycle events can omit this method entirely.
-   */
-  subscribe?: (callbacks: SignerLifecycleCallbacks) => () => void;
+  getBlockTimestamp(): Promise<bigint>;
 }
 //#endregion
 //#region src/types/storage.d.ts
@@ -395,6 +421,91 @@ interface UnshieldOptions extends UnshieldCallbacks {
   skipBalanceCheck?: boolean;
 }
 //#endregion
+//#region src/worker/worker.base-client.d.ts
+/**
+ * Abstract base class for worker clients (browser Web Worker and Node.js worker_threads).
+ * Encapsulates all shared logic: pending request tracking, timeouts, init dedup, domain methods.
+ * Subclasses implement the abstract hooks for platform-specific worker creation and messaging.
+ */
+declare abstract class BaseWorkerClient<TWorker, TConfig> {
+  #private;
+  protected readonly config: TConfig;
+  protected readonly logger: GenericLogger | undefined;
+  constructor(config: TConfig, logger: GenericLogger | undefined);
+  /** Create the platform-specific worker instance. */
+  protected abstract createWorker(): TWorker;
+  /** Wire message/error/messageerror events on the worker. */
+  protected abstract wireEvents(worker: TWorker): void;
+  /** Post a message to the worker. */
+  protected abstract postMessage(worker: TWorker, request: WorkerRequest): void;
+  /** Terminate the platform-specific worker. */
+  protected abstract terminateWorker(worker: TWorker): void;
+  /** Generate a unique request ID. */
+  protected abstract generateRequestId(): string;
+  /** Return the init request type and payload. */
+  protected abstract getInitPayload(): {
+    type: WorkerRequestType;
+    payload: WorkerRequest["payload"];
+  };
+  /** Subclasses set "web" or "node" — stamps the env discriminant on INIT payloads. */
+  protected abstract readonly env: WorkerEnv;
+  /** Optional hook called after worker init succeeds (e.g. for node worker.unref()). */
+  protected onWorkerReady?(_worker: TWorker): void;
+  initWorker(): Promise<TWorker>;
+  terminate(): void;
+  protected handleResponse(response: WorkerResponse<unknown>): void;
+  protected handleWorkerError(message: string): void;
+  protected handleWorkerMessageError(): void;
+  protected sendRequestTo<T>(worker: TWorker, type: WorkerRequestType, payload: WorkerRequest["payload"], timeoutMs?: number): Promise<T>;
+  protected sendRequest<T>(type: WorkerRequestType, payload: WorkerRequest["payload"], timeoutMs?: number): Promise<T>;
+  generateKeypair(params: GenerateKeypairRequest["payload"]): Promise<GenerateKeypairResponseData>;
+  createEIP712(params: CreateEIP712Payload): Promise<CreateEIP712ResponseData>;
+  encrypt(params: EncryptPayload): Promise<EncryptResponseData>;
+  userDecrypt(params: UserDecryptPayload): Promise<UserDecryptResponseData>;
+  publicDecrypt(params: PublicDecryptPayload): Promise<PublicDecryptResponseData>;
+  createDelegatedUserDecryptEIP712(params: CreateDelegatedEIP712Payload): Promise<CreateDelegatedEIP712ResponseData>;
+  delegatedUserDecrypt(params: DelegatedUserDecryptPayload): Promise<DelegatedUserDecryptResponseData>;
+  requestZKProofVerification(params: RequestZKProofVerificationRequest["payload"]): Promise<RequestZKProofVerificationResponseData>;
+  getPublicKey(params: GetPublicKeyRequest["payload"]): Promise<GetPublicKeyResponseData>;
+  getPublicParams(params: GetPublicParamsRequest["payload"]): Promise<GetPublicParamsResponseData>;
+}
+//#endregion
+//#region src/worker/worker.client.d.ts
+/** Configuration for the worker client */
+interface WorkerClientConfig {
+  cdnUrl: string;
+  chains: FheChain[];
+  csrfToken: string;
+  /** Expected SHA-384 hex digest of the CDN bundle for integrity verification. */
+  integrity?: string;
+  /** Optional logger for tracing worker request lifecycle. */
+  logger?: GenericLogger;
+  /** Number of WASM threads for parallel FHE operations (passed to `initSDK({ thread })`). */
+  thread?: number;
+}
+/**
+ * Client for communicating with the RelayerSDK Web Worker.
+ * Provides a promise-based API for FHE operations.
+ */
+declare class RelayerWorkerClient extends BaseWorkerClient<Worker, WorkerClientConfig> {
+  protected readonly env: WorkerEnv;
+  constructor(config: WorkerClientConfig);
+  protected createWorker(): Worker;
+  protected wireEvents(worker: Worker): void;
+  protected postMessage(worker: Worker, request: WorkerRequest): void;
+  protected terminateWorker(worker: Worker): void;
+  protected generateRequestId(): string;
+  protected getInitPayload(): {
+    type: WorkerRequestType;
+    payload: WorkerRequest["payload"];
+  };
+  /**
+   * Update the CSRF token in the worker.
+   * Call this before making authenticated requests to ensure the token is fresh.
+   */
+  updateCsrf(csrfToken: string): Promise<void>;
+}
+//#endregion
 //#region src/relayer/relayer-sdk.types.d.ts
 /** Network configuration for the Relayer SDK */
 type NetworkType = "hardhat" | "sepolia" | "mainnet";
@@ -407,9 +518,10 @@ interface RelayerWebSecurityConfig {
 }
 /** Configuration for RelayerWeb (browser backend) initialization. */
 interface RelayerWebConfig {
-  transports: Record<number, Partial<SDK.FhevmInstanceConfig>>;
-  /** Resolve the current chain ID. Called lazily before each operation; the worker is re-initialized when the value changes. */
-  getChainId: () => Promise<number>;
+  /** FHE chain configuration. */
+  chain: FheChain;
+  /** Worker client — handles WASM operations off the main thread. */
+  worker: RelayerWorkerClient;
   /** Security options (CSRF, CDN integrity). */
   security?: RelayerWebSecurityConfig;
   /** Optional logger for observing worker lifecycle and request timing. */
@@ -428,8 +540,6 @@ interface RelayerWebConfig {
    * When omitted, the relayer SDK uses its default (single-threaded).
    */
   threads?: number;
-  /** Called whenever the SDK status changes (e.g. idle → initializing → ready). */
-  onStatusChange?: (status: RelayerSDKStatus, error?: Error) => void;
   /**
    * Persistent storage for caching FHE public key and params across sessions.
    *
@@ -444,15 +554,10 @@ interface RelayerWebConfig {
   /** Cache TTL in seconds for FHE public material. Default: 86 400 (24 h). Set to 0 to revalidate on every operation. Ignored when storage is not set. */
   fheArtifactCacheTTL?: number;
 }
-/** Result from encryption operation */
-interface EncryptResult {
-  handles: Uint8Array[];
-  inputProof: Uint8Array;
-}
-/** Canonical SDK type for encrypted ciphertext handles (`bytes32` values). */
-type Handle = `0x${string}`;
-/** Decrypted value type — one of bigint, boolean, or hex-encoded bytes. */
-type ClearValueType = bigint | boolean | `0x${string}`;
+/** Result from encryption operation. Alias for {@link InputProofBytesType}. */
+type EncryptResult = InputProofBytesType;
+/** Canonical SDK type for encrypted ciphertext handles (`bytes32` values). Alias for {@link Bytes32Hex}. */
+type Handle = Bytes32Hex;
 /** A single value to encrypt with its FHE type. */
 type EncryptInput = {
   value: boolean | bigint;
@@ -483,31 +588,22 @@ interface UserDecryptParams {
   startTimestamp: number;
   durationDays: number;
 }
-/** Result from public decryption */
-type PublicDecryptResult = Omit<SDK.PublicDecryptResults, "clearValues"> & {
-  clearValues: Readonly<Record<Handle, ClearValueType>>;
-};
-/** EIP712 typed data structure */
-interface EIP712TypedData {
-  domain: {
-    name: string;
-    version: string;
-    chainId: number;
-    verifyingContract: Address;
-  };
-  types: Record<string, readonly {
-    readonly name: string;
-    readonly type: string;
-  }[]>;
-  primaryType?: string;
-  message: {
-    publicKey: Hex;
-    contractAddresses: readonly Address[];
-    startTimestamp: bigint;
-    durationDays: bigint;
-    extraData: Hex;
-  };
+/** Result from public decryption. Alias for {@link PublicDecryptResults}. */
+type PublicDecryptResult = PublicDecryptResults;
+/**
+ * EIP712 typed data structure for user or delegated user decrypt requests.
+ * Union of the relayer-sdk's two user-decrypt EIP712 shapes.
+ */
+type EIP712TypedData = KmsUserDecryptEIP712Type | KmsDelegatedUserDecryptEIP712Type;
+/** TFHE public key */
+interface PublicKeyData {
+  publicKeyId: string;
+  publicKey: Uint8Array;
 }
+/**
+ * TFHE public parameters
+ */
+type PublicParamsData = SDK.PublicParams<Uint8Array>[keyof SDK.PublicParams<Uint8Array>];
 /** Parameters for delegated user decryption */
 interface DelegatedUserDecryptParams {
   handles: Handle[];
@@ -524,5 +620,66 @@ interface DelegatedUserDecryptParams {
 /** SDK status */
 type RelayerSDKStatus = "idle" | "initializing" | "ready" | "error";
 //#endregion
-export { GetPublicKeyRequest as $, ReadContractConfig as A, CreateEIP712Payload as B, GenericSigner as C, TransactionResult as D, TransactionReceipt as E, WriteFunctionName as F, DelegatedUserDecryptResponseData as G, CreateEIP712ResponseData as H, BaseRequest as I, EncryptResponseData as J, EncryptPayload as K, CreateDelegatedEIP712Payload as L, ReadFunctionName as M, WriteContractArgs as N, ContractAbi as O, WriteContractConfig as P, GenericLogger as Q, CreateDelegatedEIP712Request as R, GenericStorage as S, RawLog as T, DelegatedUserDecryptPayload as U, CreateEIP712Request as V, DelegatedUserDecryptRequest as W, GenerateKeypairRequest as X, ErrorResponse as Y, GenerateKeypairResponseData as Z, ShieldCallbacks as _, EncryptParams as a, PublicDecryptRequest as at, DelegatedStoredCredentials as b, NetworkType as c, RequestZKProofVerificationResponseData as ct, RelayerWebConfig as d, UserDecryptPayload as dt, GetPublicKeyResponseData as et, RelayerWebSecurityConfig as f, UserDecryptRequest as ft, UnshieldOptions as g, WorkerResponse as gt, TransferOptions as h, WorkerRequestType as ht, EncryptInput as i, NodeInitRequest as it, ReadContractReturnType as j, ReadContractArgs as k, PublicDecryptResult as l, SuccessResponse as lt, ShieldOptions as m, WorkerRequest as mt, DelegatedUserDecryptParams as n, GetPublicParamsResponseData as nt, EncryptResult as o, PublicDecryptResponseData as ot, UserDecryptParams as p, UserDecryptResponseData as pt, EncryptRequest as q, EIP712TypedData as r, InitRequest as rt, Handle as s, RequestZKProofVerificationRequest as st, ClearValueType as t, GetPublicParamsRequest as tt, RelayerSDKStatus as u, UpdateCsrfRequest as ut, TransferCallbacks as v, SignerLifecycleCallbacks as w, StoredCredentials as x, UnshieldCallbacks as y, CreateDelegatedEIP712ResponseData as z };
-//# sourceMappingURL=relayer-sdk.types-CGfXwKcB.d.ts.map
+//#region src/relayer/relayer-sdk.d.ts
+/**
+ * Core FHE cryptographic operations — the 10 methods that perform
+ * encryption, decryption, key generation, and proof verification.
+ */
+interface FheOperations {
+  /** Generate an FHE keypair (public + private key). */
+  generateKeypair(): Promise<KeypairType<Hex>>;
+  /** Create EIP-712 typed data for signing an FHE decrypt credential. */
+  createEIP712(publicKey: Hex, contractAddresses: Address[], startTimestamp: number, durationDays?: number): Promise<EIP712TypedData>;
+  /** Encrypt plaintext values into FHE ciphertexts. */
+  encrypt(params: EncryptParams): Promise<EncryptResult>;
+  /** Decrypt FHE ciphertext handles using the user's own credentials. */
+  userDecrypt(params: UserDecryptParams): Promise<Readonly<Record<Handle, ClearValueType>>>;
+  /** Decrypt FHE handles using the network public key (no credential needed). */
+  publicDecrypt(handles: Handle[]): Promise<PublicDecryptResult>;
+  /** Create EIP-712 typed data for a delegated user decrypt credential. */
+  createDelegatedUserDecryptEIP712(publicKey: Hex, contractAddresses: Address[], delegatorAddress: Address, startTimestamp: number, durationDays?: number): Promise<KmsDelegatedUserDecryptEIP712Type>;
+  /** Decrypt FHE handles using delegated user credentials. */
+  delegatedUserDecrypt(params: DelegatedUserDecryptParams): Promise<Readonly<Record<Handle, ClearValueType>>>;
+  /** Submit a ZK proof for on-chain verification. */
+  requestZKProofVerification(zkProof: ZKProofLike): Promise<InputProofBytesType>;
+  /** Fetch the FHE network public key. Returns `null` if not available. */
+  getPublicKey(): Promise<PublicKeyData | null>;
+  /** Fetch FHE public parameters for a given bit size. Returns `null` if not available. */
+  getPublicParams(bits: number): Promise<PublicParamsData | null>;
+}
+/**
+ * Interface for FHE relayer operations.
+ * Extends `FheOperations` with lifecycle and chain-specific methods.
+ * Implemented by `RelayerWeb` (browser, via Web Worker + WASM) and `RelayerNode` (Node.js, direct).
+ */
+interface RelayerSDK extends FheOperations {
+  /** Return the ACL contract address for the current chain. */
+  getAclAddress(): Promise<Address>;
+  /** Terminate the relayer backend and release resources. */
+  terminate(): void;
+}
+//#endregion
+//#region src/relayer/cleartext/relayer-cleartext.d.ts
+declare class RelayerCleartext implements RelayerSDK, Disposable {
+  #private;
+  readonly kmsSigner: PrivateKeyAccount;
+  readonly inputSigner: PrivateKeyAccount;
+  constructor(config: FheChain);
+  generateKeypair(): Promise<KeypairType<Hex>>;
+  createEIP712(publicKey: Hex, contractAddresses: Address[], startTimestamp: number, durationDays?: number): Promise<EIP712TypedData>;
+  encrypt(params: EncryptParams): Promise<EncryptResult>;
+  userDecrypt(params: UserDecryptParams): Promise<Readonly<Record<Handle, ClearValueType>>>;
+  publicDecrypt(handles: Handle[]): Promise<PublicDecryptResult>;
+  createDelegatedUserDecryptEIP712(publicKey: Hex, contractAddresses: Address[], delegatorAddress: Address, startTimestamp: number, durationDays?: number): Promise<KmsDelegatedUserDecryptEIP712Type>;
+  delegatedUserDecrypt(params: DelegatedUserDecryptParams): Promise<Readonly<Record<Handle, ClearValueType>>>;
+  requestZKProofVerification(_zkProof: ZKProofLike): Promise<InputProofBytesType>;
+  getPublicKey(): Promise<PublicKeyData | null>;
+  getPublicParams(_bits: number): Promise<PublicParamsData | null>;
+  getAclAddress(): Promise<Address>;
+  terminate(): void;
+  /** Calls {@link terminate} (no-op in cleartext mode). */
+  [Symbol.dispose](): void;
+}
+//#endregion
+export { DelegatedUserDecryptRequest as $, GenericSigner as A, ReadContractReturnType as B, ShieldCallbacks as C, UserDecryptResponseData as Ct, StoredCredentials as D, WorkerResponse as Dt, DelegatedStoredCredentials as E, WorkerRequestType as Et, TransactionReceipt as F, BaseRequest as G, WriteContractArgs as H, TransactionResult as I, CreateDelegatedEIP712ResponseData as J, CreateDelegatedEIP712Payload as K, ContractAbi as L, SignerIdentityChange as M, SignerIdentityListener as N, GenericStorage as O, RawLog as P, DelegatedUserDecryptPayload as Q, ReadContractArgs as R, UnshieldOptions as S, UserDecryptRequest as St, UnshieldCallbacks as T, WorkerRequest as Tt, WriteContractConfig as U, ReadFunctionName as V, WriteFunctionName as W, CreateEIP712Request as X, CreateEIP712Payload as Y, CreateEIP712ResponseData as Z, UserDecryptParams as _, RequestZKProofVerificationRequest as _t, EIP712TypedData as a, GenerateKeypairRequest as at, ShieldOptions as b, UpdateCsrfRequest as bt, EncryptResult as c, GetPublicKeyRequest as ct, PublicDecryptResult as d, GetPublicParamsResponseData as dt, DelegatedUserDecryptResponseData as et, PublicKeyData as f, InitPayload as ft, RelayerWebSecurityConfig as g, PublicDecryptResponseData as gt, RelayerWebConfig as h, PublicDecryptRequest as ht, DelegatedUserDecryptParams as i, ErrorResponse as it, SignerIdentity as j, GenericProvider as k, Handle as l, GetPublicKeyResponseData as lt, RelayerSDKStatus as m, PublicDecryptPayload as mt, RelayerSDK as n, EncryptRequest as nt, EncryptInput as o, GenerateKeypairResponseData as ot, PublicParamsData as p, InitRequest as pt, CreateDelegatedEIP712Request as q, ClearValueType as r, EncryptResponseData as rt, EncryptParams as s, GenericLogger as st, RelayerCleartext as t, EncryptPayload as tt, NetworkType as u, GetPublicParamsRequest as ut, RelayerWorkerClient as v, RequestZKProofVerificationResponseData as vt, TransferCallbacks as w, WorkerEnv as wt, TransferOptions as x, UserDecryptPayload as xt, BaseWorkerClient as y, SuccessResponse as yt, ReadContractConfig as z };
+//# sourceMappingURL=relayer-cleartext-DJkSUlZ2.d.ts.map

package/dist/esm/relayer-cleartext-SZCM9wTx.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import{t as e}from"./relayer-7Hd00A6X.js";import{n as t,t as n}from"./encryption-YS-Kb7qm.js";import{privateKeyToAccount as r}from"viem/accounts";import{concat as i,createPublicClient as a,custom as o,encodePacked as s,getAddress as c,http as l,keccak256 as u,pad as d,parseAbi as f,toBytes as p,toHex as m}from"viem";import{mainnet as h,sepolia as g}from"viem/chains";const _=(e,t)=>({name:`InputVerification`,version:`1`,chainId:BigInt(e),verifyingContract:t}),v=(e,t)=>({name:`Decryption`,version:`1`,chainId:BigInt(e),verifyingContract:t}),y={domain:_,types:{CiphertextVerification:[{name:`ctHandles`,type:`bytes32[]`},{name:`userAddress`,type:`address`},{name:`contractAddress`,type:`address`},{name:`contractChainId`,type:`uint256`},{name:`extraData`,type:`bytes`}]}},b={domain:v,types:{PublicDecryptVerification:[{name:`ctHandles`,type:`bytes32[]`},{name:`decryptedResult`,type:`bytes`},{name:`extraData`,type:`bytes`}]}},x={domain:v,types:{UserDecryptRequestVerification:[{name:`publicKey`,type:`bytes`},{name:`contractAddresses`,type:`address[]`},{name:`startTimestamp`,type:`uint256`},{name:`durationDays`,type:`uint256`},{name:`extraData`,type:`bytes`}]}},S={domain:v,types:{DelegatedUserDecryptRequestVerification:[{name:`publicKey`,type:`bytes`},{name:`contractAddresses`,type:`address[]`},{name:`delegatorAddress`,type:`address`},{name:`startTimestamp`,type:`uint256`},{name:`durationDays`,type:`uint256`},{name:`extraData`,type:`bytes`}]}},C={ebool:0,euint8:2,euint16:3,euint32:4,euint64:5,euint128:6,eaddress:7,euint256:8},w={0:`ebool`,2:`euint8`,3:`euint16`,4:`euint32`,5:`euint64`,6:`euint128`,7:`eaddress`,8:`euint256`},T={0:2,2:8,3:16,4:32,5:64,6:128,7:160,8:256};Object.freeze(C),Object.freeze(w),Object.freeze(T),Object.freeze({2:0,8:2,16:3,32:4,64:5,128:6,160:7,256:8});function E(e){switch(e){case 0:case 2:case 3:case 4:case 5:case 6:case 7:case 8:return!0;default:return!1}}function D(e){return typeof e==`string`?e in C:!1}function O(e){if(!D(e))throw Error(`Invalid FheType name '${e}'`);return C[e]}function k(e){if(!E(e))throw Error(`Invalid FheType id '${e}'`);let t=T[e];if(t<2)throw Error(`Invalid FheType encryption bit width: ${t}. Minimum is 2 bits.`);return t}const A=p(`ZK-w_rct`),j=p(`ZK-w_hdl`);function M(e,t){let n=Math.ceil(k(t)/8);return p(d(m(e),{size:n}))}function N(e,n,r){if(r.length!==32)throw new t(`random32 must be exactly 32 bytes`);let a=M(n,e),o=u(i([m(new Uint8Array([e])),m(a),m(r)]));return u(i([m(A),o]))}function P(e,n,r,a,o){if(!Number.isInteger(n)\|\|n<0\|\|n>255)throw new t(`index must be an integer between 0 and 255`);let c=u(i([m(A),e])),l=u(s([`bytes`,`bytes32`,`uint8`,`address`,`uint256`],[m(j),c,n,a,o])),d=o&18446744073709551615n;return m(BigInt(l)&115792089237316195423570985008687907853269984665640254554447762662844404858880n\|BigInt(n)<<80n\|d<<16n\|BigInt(r)<<8n\|BigInt(0),{size:32})}const F=f([`function persistAllowed(bytes32 handle, address account) view returns (bool)`,`function isAllowedForDecryption(bytes32 handle) view returns (bool)`,`function isHandleDelegatedForUserDecryption(address delegator, address delegate, address contractAddress, bytes32 handle) view returns (bool)`]),I=f([`function plaintexts(bytes32 handle) view returns (uint256)`]),L=[{name:`name`,type:`string`},{name:`version`,type:`string`},{name:`chainId`,type:`uint256`},{name:`verifyingContract`,type:`address`}],R={EIP712Domain:L,UserDecryptRequestVerification:x.types.UserDecryptRequestVerification},z={EIP712Domain:L,DelegatedUserDecryptRequestVerification:S.types.DelegatedUserDecryptRequestVerification},B={EIP712Domain:L,PublicDecryptVerification:b.types.PublicDecryptVerification},V=new Set([h.id,g.id]);function H(e,t){let n=Number(BigInt(e)>>8n&255n);return n===0?t!==0n:n===7?m(t,{size:20}):t}function U(e){if(!D(e.type))throw new t(`Unsupported FHE type`);let n=O(e.type),r;if(e.type===`ebool`){if(typeof e.value==`boolean`)r=e.value?1n:0n;else if(r=e.value,r!==0n&&r!==1n)throw new t(`Bool value must be 0, 1, true, or false`)}else r=e.type===`eaddress`?BigInt(c(e.value)):e.value;if(r<0n)throw new t(`Only non-negative cleartext values are supported`);let i=k(n),a=(1n<<BigInt(i))-1n;if(r>a)throw new t(`Value ${r} exceeds max ${a} for FheType ${n}`);return{fheType:n,value:r}}var W=class{#e;#t;kmsSigner;inputSigner;constructor(t){if(V.has(t.id))throw new e(`Cleartext mode is not allowed on chain ${t.id}. It is intended for local development and testing only.`);if(!t.executorAddress)throw new e(`Cleartext transport requires an executorAddress for chain ${t.id}.`);this.#e=a({transport:typeof t.network==`string`?l(t.network):o(t.network)}),this.#t=t,this.kmsSigner=r(t.kmsSignerPrivateKey??`0x388b7680e4e1afa06efbfd45cdd1fe39f3c6af381df6555a19661f283b97de91`),this.inputSigner=r(t.inputSignerPrivateKey??`0x7ec8ada6642fc4ccfb7729bc29c17cf8d21b61abd5642d1db992c0b8672ab901`)}async generateKeypair(){let e=m(crypto.getRandomValues(new Uint8Array(32))),t=m(crypto.getRandomValues(new Uint8Array(32)));for(;t===e;)t=m(crypto.getRandomValues(new Uint8Array(32)));return{publicKey:e,privateKey:t}}async createEIP712(e,t,n,r=7){return{domain:x.domain(this.#t.id,this.#t.verifyingContractAddressDecryption),types:R,primaryType:`UserDecryptRequestVerification`,message:{publicKey:e,contractAddresses:t,startTimestamp:String(n),durationDays:String(r),extraData:`0x00`}}}async encrypt(e){let t=e.values.map(U),n=c(e.contractAddress),r=c(e.userAddress),a=t.map(({fheType:e,value:t})=>N(e,t,crypto.getRandomValues(new Uint8Array(32)))),o=u(a.length>0?i(a):`0x`),s=t.map(({fheType:e},t)=>P(o,t,e,this.#t.aclContractAddress,BigInt(this.#t.id))),l=t.map(({value:e})=>d(m(e),{size:32})),f=l.length>0?i(l):`0x`,h=await this.inputSigner.signTypedData({domain:y.domain(this.#t.gatewayChainId,this.#t.verifyingContractAddressInputVerification),types:{CiphertextVerification:y.types.CiphertextVerification},primaryType:`CiphertextVerification`,message:{ctHandles:s,userAddress:r,contractAddress:n,contractChainId:BigInt(this.#t.id),extraData:f}}),g=p(i([m(new Uint8Array([s.length])),m(new Uint8Array([1])),...s,h,f]));return{handles:s.map(e=>p(e)),inputProof:g}}async userDecrypt(e){return await this.#r(e.handles,c(e.signerAddress),c(e.contractAddress),`User`,`user decrypt`),this.#n(e.handles)}async publicDecrypt(e){let t=e,r=(await Promise.all(t.map(e=>this.#o(e)))).findIndex(e=>!e);if(r!==-1)throw new n(`Handle ${t[r]} is not allowed for public decryption`);let a=await Promise.all(t.map(e=>this.#s(e))),o=Object.fromEntries(t.map((e,t)=>[e,H(e,a[t])])),s=i(a.map(e=>d(m(e),{size:32}))),c=await this.kmsSigner.signTypedData({domain:b.domain(this.#t.gatewayChainId,this.#t.verifyingContractAddressDecryption),types:B,primaryType:`PublicDecryptVerification`,message:{ctHandles:t,decryptedResult:s,extraData:`0x`}});return{clearValues:o,abiEncodedClearValues:s,decryptionProof:i([m(new Uint8Array([1])),c])}}async createDelegatedUserDecryptEIP712(e,t,n,r,i=7){let a={publicKey:e,contractAddresses:t,delegatorAddress:c(n),startTimestamp:String(r),durationDays:String(i),extraData:`0x00`};return{domain:S.domain(this.#t.id,this.#t.verifyingContractAddressDecryption),types:z,primaryType:`DelegatedUserDecryptRequestVerification`,message:a}}async delegatedUserDecrypt(e){return await this.#i(e.handles,c(e.delegatorAddress),c(e.delegateAddress),c(e.contractAddress)),this.#n(e.handles)}async requestZKProofVerification(t){throw new e(`Not implemented in cleartext mode`)}async getPublicKey(){return{publicKeyId:`mock-public-key-id`,publicKey:new Uint8Array([32])}}async getPublicParams(e){return{publicParams:new Uint8Array([32]),publicParamsId:`mock-public-params-id`}}async getAclAddress(){return this.#t.aclContractAddress}terminate(){}[Symbol.dispose](){this.terminate()}async#n(e){let t=await Promise.all(e.map(e=>this.#s(e)));return Object.fromEntries(e.map((e,n)=>[e,H(e,t[n])]))}async#r(e,t,r,i,a){if(t===r)throw new n(`${i} address ${t} must not equal contract address for ${a}`);let o=await Promise.all(e.flatMap(e=>[this.#a(e,t),this.#a(e,r)]));for(let s=0;s<e.length;s++){let c=o[s2],l=o[s2+1];if(!c)throw new n(`${i} ${t} is not authorized for ${a} of handle ${e[s]}`);if(!l)throw new n(`Contract ${r} is not authorized for ${a} of handle ${e[s]}`)}}async#i(e,t,r,i){let a=await Promise.all(e.map(e=>this.#e.readContract({address:this.#t.aclContractAddress,abi:F,functionName:`isHandleDelegatedForUserDecryption`,args:[t,r,i,e]})));for(let t=0;t<e.length;t++)if(!a[t])throw new n(`Handle ${e[t]} is not delegated for user decryption`)}async#a(e,t){return this.#e.readContract({address:this.#t.aclContractAddress,abi:F,functionName:`persistAllowed`,args:[e,t]})}async#o(e){return this.#e.readContract({address:this.#t.aclContractAddress,abi:F,functionName:`isAllowedForDecryption`,args:[e]})}async#s(e){return this.#e.readContract({address:this.#t.executorAddress,abi:I,functionName:`plaintexts`,args:[e]})}};export{W as t};
2	+ //# sourceMappingURL=relayer-cleartext-SZCM9wTx.js.map

package/dist/esm/relayer-cleartext-SZCM9wTx.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"relayer-cleartext-SZCM9wTx.js","names":["#client","#config","#assertDecryptAuthorization","#decryptHandles","#isAllowedForDecryption","#readPlaintext","#assertDelegation","#persistAllowed"],"sources":["../../src/relayer/cleartext/eip712.ts","../../src/relayer/cleartext/constants.ts","../../src/relayer/cleartext/fhe-type.ts","../../src/relayer/cleartext/handle.ts","../../src/relayer/cleartext/relayer-cleartext.ts"],"sourcesContent":["import type { Address } from \"viem\";\nimport type {\n CoprocessorEIP712DomainType,\n CoprocessorEIP712TypesType,\n KmsDelegatedUserDecryptEIP712TypesType,\n KmsEIP712DomainType,\n KmsPublicDecryptEIP712TypesType,\n KmsUserDecryptEIP712TypesType,\n} from \"@zama-fhe/relayer-sdk/bundle\";\n\nconst inputDomain = (\n chainId: number | bigint,\n verifyingContract: Address,\n): CoprocessorEIP712DomainType => ({\n name: \"InputVerification\",\n version: \"1\",\n chainId: BigInt(chainId),\n verifyingContract,\n});\n\nconst decryptionDomain = (\n chainId: number | bigint,\n verifyingContract: Address,\n): KmsEIP712DomainType => ({\n name: \"Decryption\",\n version: \"1\",\n chainId: BigInt(chainId),\n verifyingContract,\n});\n\nexport const INPUT_VERIFICATION_EIP712 = {\n domain: inputDomain,\n types: {\n CiphertextVerification: [\n { name: \"ctHandles\", type: \"bytes32[]\" },\n { name: \"userAddress\", type: \"address\" },\n { name: \"contractAddress\", type: \"address\" },\n { name: \"contractChainId\", type: \"uint256\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\nexport const KMS_DECRYPTION_EIP712 = {\n domain: decryptionDomain,\n types: {\n PublicDecryptVerification: [\n { name: \"ctHandles\", type: \"bytes32[]\" },\n { name: \"decryptedResult\", type: \"bytes\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\nexport const USER_DECRYPT_EIP712 = {\n domain: decryptionDomain,\n types: {\n UserDecryptRequestVerification: [\n { name: \"publicKey\", type: \"bytes\" },\n { name: \"contractAddresses\", type: \"address[]\" },\n { name: \"startTimestamp\", type: \"uint256\" },\n { name: \"durationDays\", type: \"uint256\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\nexport const DELEGATED_USER_DECRYPT_EIP712 = {\n domain: decryptionDomain,\n types: {\n DelegatedUserDecryptRequestVerification: [\n { name: \"publicKey\", type: \"bytes\" },\n { name: \"contractAddresses\", type: \"address[]\" },\n { name: \"delegatorAddress\", type: \"address\" },\n { name: \"startTimestamp\", type: \"uint256\" },\n { name: \"durationDays\", type: \"uint256\" },\n { name: \"extraData\", type: \"bytes\" },\n ],\n },\n} as const;\n\n// ── Compile-time structural checks against relayer-sdk types ──────────\n// These assertions ensure our local EIP-712 type arrays stay in sync with\n// the relayer-sdk's canonical definitions. A mismatch will cause a build error.\ntype AssertFieldsMatch<\n Local extends readonly { readonly name: string; readonly type: string }[],\n Canonical extends readonly { readonly name: string; readonly type: string }[],\n> = [Local[\"length\"]] extends [Canonical[\"length\"]]\n ? {\n [K in keyof Local]: Local[K] extends { readonly name: infer N; readonly type: infer T }\n ? Canonical[K & keyof Canonical] extends { readonly name: N; readonly type: T }\n ? true\n : { error: `Field mismatch at index ${K & string}` }\n : never;\n }\n : { error: \"Field count mismatch\" };\n\n// Wrapping in readonly true[] ensures a mismatch produces a compile error\n// (not just an inert type alias that TypeScript silently accepts).\ntype AssertAllTrue<T extends readonly true[]> = T;\n\ntype _CheckInput = AssertAllTrue<\n AssertFieldsMatch<\n typeof INPUT_VERIFICATION_EIP712.types.CiphertextVerification,\n CoprocessorEIP712TypesType[\"CiphertextVerification\"]\n >\n>;\ntype _CheckPublicDecrypt = AssertAllTrue<\n AssertFieldsMatch<\n typeof KMS_DECRYPTION_EIP712.types.PublicDecryptVerification,\n KmsPublicDecryptEIP712TypesType[\"PublicDecryptVerification\"]\n >\n>;\ntype _CheckUserDecrypt = AssertAllTrue<\n AssertFieldsMatch<\n typeof USER_DECRYPT_EIP712.types.UserDecryptRequestVerification,\n KmsUserDecryptEIP712TypesType[\"UserDecryptRequestVerification\"]\n >\n>;\ntype _CheckDelegatedDecrypt = AssertAllTrue<\n AssertFieldsMatch<\n typeof DELEGATED_USER_DECRYPT_EIP712.types.DelegatedUserDecryptRequestVerification,\n KmsDelegatedUserDecryptEIP712TypesType[\"DelegatedUserDecryptRequestVerification\"]\n >\n>;\n","export const HANDLE_VERSION = 0;\n\nexport const PREHANDLE_MASK = 0xffffffffffffffffffffffffffffffffffffffffff0000000000000000000000n;\n\n// Constants used for instanciation of the cleartext FHEVM instance.\nexport const MOCK_INPUT_SIGNER_PK =\n \"0x7ec8ada6642fc4ccfb7729bc29c17cf8d21b61abd5642d1db992c0b8672ab901\";\nexport const MOCK_KMS_SIGNER_PK =\n \"0x388b7680e4e1afa06efbfd45cdd1fe39f3c6af381df6555a19661f283b97de91\";\n","// Copied from @zama-fhe/relayer-sdk/src/sdk/FheType.ts\n// Pure utility functions with zero WASM dependency.\n// Adapted to use simple errors instead of RelayerErrorBase hierarchy.\n\n////////////////////////////////////////////////////////////////////////////////\n// Types (from types/primitives.d.ts)\n////////////////////////////////////////////////////////////////////////////////\n\nexport interface FheTypeNameToIdMap {\n ebool: 0;\n //euint4: 1; deprecated\n euint8: 2;\n euint16: 3;\n euint32: 4;\n euint64: 5;\n euint128: 6;\n eaddress: 7;\n euint256: 8;\n}\n\nexport interface FheTypeIdToNameMap {\n 0: \"ebool\";\n //1: 'euint4'; deprecated\n 2: \"euint8\";\n 3: \"euint16\";\n 4: \"euint32\";\n 5: \"euint64\";\n 6: \"euint128\";\n 7: \"eaddress\";\n 8: \"euint256\";\n}\n\nexport interface FheTypeEncryptionBitwidthToIdMap {\n 2: FheTypeNameToIdMap[\"ebool\"];\n 8: FheTypeNameToIdMap[\"euint8\"];\n 16: FheTypeNameToIdMap[\"euint16\"];\n 32: FheTypeNameToIdMap[\"euint32\"];\n 64: FheTypeNameToIdMap[\"euint64\"];\n 128: FheTypeNameToIdMap[\"euint128\"];\n 160: FheTypeNameToIdMap[\"eaddress\"];\n 256: FheTypeNameToIdMap[\"euint256\"];\n}\n\nexport type FheTypeIdToEncryptionBitwidthMap = {\n [K in keyof FheTypeEncryptionBitwidthToIdMap as FheTypeEncryptionBitwidthToIdMap[K]]: K;\n};\n\ntype Prettify<T> = { [K in keyof T]: T[K] } & {};\n\nexport type FheTypeName = Prettify<keyof FheTypeNameToIdMap>;\nexport type FheTypeId = Prettify<keyof FheTypeIdToNameMap>;\nexport type EncryptionBits = Prettify<keyof FheTypeEncryptionBitwidthToIdMap>;\n\n////////////////////////////////////////////////////////////////////////////////\n// Lookup Maps\n////////////////////////////////////////////////////////////////////////////////\n\nconst MINIMUM_ENCRYPTION_BIT_WIDTH = 2;\n\nconst FheTypeNameToId: FheTypeNameToIdMap = {\n ebool: 0,\n //euint4: 1, deprecated\n euint8: 2,\n euint16: 3,\n euint32: 4,\n euint64: 5,\n euint128: 6,\n eaddress: 7,\n euint256: 8,\n} as const;\n\nconst FheTypeIdToName: FheTypeIdToNameMap = {\n 0: \"ebool\",\n //1: 'euint4', deprecated\n 2: \"euint8\",\n 3: \"euint16\",\n 4: \"euint32\",\n 5: \"euint64\",\n 6: \"euint128\",\n 7: \"eaddress\",\n 8: \"euint256\",\n} as const;\n\nconst FheTypeIdToEncryptionBitwidth: FheTypeIdToEncryptionBitwidthMap = {\n 0: 2,\n //1:?, euint4 deprecated\n 2: 8,\n 3: 16,\n 4: 32,\n 5: 64,\n 6: 128,\n 7: 160,\n 8: 256,\n} as const;\n\nconst EncryptionBitwidthToFheTypeId: FheTypeEncryptionBitwidthToIdMap = {\n 2: 0,\n 8: 2,\n 16: 3,\n 32: 4,\n 64: 5,\n 128: 6,\n 160: 7,\n 256: 8,\n} as const;\n\nObject.freeze(FheTypeNameToId);\nObject.freeze(FheTypeIdToName);\nObject.freeze(FheTypeIdToEncryptionBitwidth);\nObject.freeze(EncryptionBitwidthToFheTypeId);\n\n////////////////////////////////////////////////////////////////////////////////\n// Type Guards\n////////////////////////////////////////////////////////////////////////////////\n\nexport function isFheTypeId(value: unknown): value is FheTypeId {\n switch (value as FheTypeId) {\n case 0:\n case 2:\n case 3:\n case 4:\n case 5:\n case 6:\n case 7:\n case 8:\n return true;\n default:\n return false;\n }\n}\n\nexport function isFheTypeName(value: unknown): value is FheTypeName {\n if (typeof value !== \"string\") {\n return false;\n }\n return value in FheTypeNameToId;\n}\n\nexport function isEncryptionBits(value: unknown): value is EncryptionBits {\n if (typeof value !== \"number\") {\n return false;\n }\n return value in EncryptionBitwidthToFheTypeId;\n}\n\n////////////////////////////////////////////////////////////////////////////////\n// Converters\n////////////////////////////////////////////////////////////////////////////////\n\nexport function fheTypeIdFromEncryptionBits(bitwidth: number): FheTypeId {\n if (!isEncryptionBits(bitwidth)) {\n throw new Error(`Invalid encryption bits ${bitwidth}`);\n }\n return EncryptionBitwidthToFheTypeId[bitwidth];\n}\n\nexport function fheTypeIdFromName(name: string): FheTypeId {\n if (!isFheTypeName(name)) {\n throw new Error(`Invalid FheType name '${name}'`);\n }\n return FheTypeNameToId[name];\n}\n\nexport function fheTypeNameFromId(id: number): FheTypeName {\n if (!isFheTypeId(id)) {\n throw new Error(`Invalid FheType id '${id}'`);\n }\n return FheTypeIdToName[id];\n}\n\nexport function encryptionBitsFromFheTypeId(typeId: number): EncryptionBits {\n if (!isFheTypeId(typeId)) {\n throw new Error(`Invalid FheType id '${typeId}'`);\n }\n const bw = FheTypeIdToEncryptionBitwidth[typeId];\n if (bw < MINIMUM_ENCRYPTION_BIT_WIDTH) {\n throw new Error(\n `Invalid FheType encryption bit width: ${bw}. Minimum is ${MINIMUM_ENCRYPTION_BIT_WIDTH} bits.`,\n );\n }\n return bw;\n}\n\nexport function encryptionBitsFromFheTypeName(name: string): EncryptionBits {\n if (!isFheTypeName(name)) {\n throw new Error(`Invalid FheType name '${name}'`);\n }\n const bw = FheTypeIdToEncryptionBitwidth[FheTypeNameToId[name]];\n if (bw < MINIMUM_ENCRYPTION_BIT_WIDTH) {\n throw new Error(\n `Invalid FheType encryption bit width: ${bw}. Minimum is ${MINIMUM_ENCRYPTION_BIT_WIDTH} bits.`,\n );\n }\n return bw;\n}\n","import { concat, encodePacked, keccak256, pad, toBytes, toHex, type Address, type Hex } from \"viem\";\nimport { HANDLE_VERSION, PREHANDLE_MASK } from \"./constants\";\nimport { encryptionBitsFromFheTypeId, type FheTypeId } from \"./fhe-type\";\nimport { EncryptionFailedError } from \"../../errors\";\n\nconst RAW_CT_HASH_DOMAIN_SEPARATOR = toBytes(\"ZK-w_rct\");\nconst HANDLE_HASH_DOMAIN_SEPARATOR = toBytes(\"ZK-w_hdl\");\n\nfunction cleartextToBytes(cleartext: bigint, fheType: FheTypeId): Uint8Array {\n const byteLength = Math.ceil(encryptionBitsFromFheTypeId(fheType) / 8);\n return toBytes(pad(toHex(cleartext), { size: byteLength }));\n}\n\nexport function computeMockCiphertext(\n fheType: FheTypeId,\n cleartext: bigint,\n random32: Uint8Array,\n): Hex {\n if (random32.length !== 32) {\n throw new EncryptionFailedError(\"random32 must be exactly 32 bytes\");\n }\n\n const clearBytes = cleartextToBytes(cleartext, fheType);\n const inner = keccak256(\n concat([toHex(new Uint8Array([fheType])), toHex(clearBytes), toHex(random32)]),\n );\n\n return keccak256(concat([toHex(RAW_CT_HASH_DOMAIN_SEPARATOR), inner]));\n}\n\nexport function computeInputHandle(\n mockCiphertext: Hex,\n index: number,\n fheType: FheTypeId,\n aclAddress: Address,\n chainId: bigint,\n): Hex {\n if (!Number.isInteger(index) || index < 0 || index > 255) {\n throw new EncryptionFailedError(\"index must be an integer between 0 and 255\");\n }\n\n const blobHash = keccak256(concat([toHex(RAW_CT_HASH_DOMAIN_SEPARATOR), mockCiphertext]));\n const handleHash = keccak256(\n encodePacked(\n [\"bytes\", \"bytes32\", \"uint8\", \"address\", \"uint256\"],\n [toHex(HANDLE_HASH_DOMAIN_SEPARATOR), blobHash, index, aclAddress, chainId],\n ),\n );\n\n const chainId64 = chainId & 0xffff_ffff_ffff_ffffn;\n const handle =\n (BigInt(handleHash) & PREHANDLE_MASK) |\n (BigInt(index) << 80n) |\n (chainId64 << 16n) |\n (BigInt(fheType) << 8n) |\n BigInt(HANDLE_VERSION);\n\n return toHex(handle, { size: 32 });\n}\n","import type { PrivateKeyAccount } from \"viem/accounts\";\nimport { privateKeyToAccount } from \"viem/accounts\";\nimport {\n concat,\n createPublicClient,\n custom,\n getAddress,\n http,\n keccak256,\n pad,\n parseAbi,\n toBytes,\n toHex,\n type Address,\n type Hex,\n type PublicClient,\n} from \"viem\";\nimport { mainnet, sepolia } from \"viem/chains\";\nimport type {\n InputProofBytesType,\n KeypairType,\n KmsDelegatedUserDecryptEIP712Type,\n KmsPublicDecryptEIP712Type,\n KmsUserDecryptEIP712Type,\n ZKProofLike,\n} from \"@zama-fhe/relayer-sdk/bundle\";\n\nimport type { RelayerSDK } from \"../relayer-sdk\";\nimport type {\n ClearValueType,\n DelegatedUserDecryptParams,\n EIP712TypedData,\n EncryptParams,\n EncryptResult,\n Handle,\n PublicDecryptResult,\n PublicKeyData,\n PublicParamsData,\n UserDecryptParams,\n} from \"../relayer-sdk.types\";\nimport {\n DELEGATED_USER_DECRYPT_EIP712,\n INPUT_VERIFICATION_EIP712,\n KMS_DECRYPTION_EIP712,\n USER_DECRYPT_EIP712,\n} from \"./eip712\";\nimport { MOCK_INPUT_SIGNER_PK, MOCK_KMS_SIGNER_PK } from \"./constants\";\nimport {\n encryptionBitsFromFheTypeId,\n fheTypeIdFromName,\n isFheTypeName,\n type FheTypeId,\n} from \"./fhe-type\";\nimport { computeInputHandle, computeMockCiphertext } from \"./handle\";\nimport type { FheChain } from \"../../chains/types\";\nimport { ConfigurationError, DecryptionFailedError, EncryptionFailedError } from \"../../errors\";\n\nconst ACL_ABI = parseAbi([\n \"function persistAllowed(bytes32 handle, address account) view returns (bool)\",\n \"function isAllowedForDecryption(bytes32 handle) view returns (bool)\",\n \"function isHandleDelegatedForUserDecryption(address delegator, address delegate, address contractAddress, bytes32 handle) view returns (bool)\",\n]);\n\nconst EXECUTOR_ABI = parseAbi([\"function plaintexts(bytes32 handle) view returns (uint256)\"]);\n\nconst STANDARD_EIP712_DOMAIN = [\n { name: \"name\", type: \"string\" },\n { name: \"version\", type: \"string\" },\n { name: \"chainId\", type: \"uint256\" },\n { name: \"verifyingContract\", type: \"address\" },\n] as const;\n\nconst USER_DECRYPT_TYPES = {\n EIP712Domain: STANDARD_EIP712_DOMAIN,\n UserDecryptRequestVerification: USER_DECRYPT_EIP712.types.UserDecryptRequestVerification,\n} satisfies KmsUserDecryptEIP712Type[\"types\"];\nconst DELEGATED_USER_DECRYPT_TYPES = {\n EIP712Domain: STANDARD_EIP712_DOMAIN,\n DelegatedUserDecryptRequestVerification:\n DELEGATED_USER_DECRYPT_EIP712.types.DelegatedUserDecryptRequestVerification,\n} satisfies KmsDelegatedUserDecryptEIP712Type[\"types\"];\nconst KMS_DECRYPTION_TYPES = {\n EIP712Domain: STANDARD_EIP712_DOMAIN,\n PublicDecryptVerification: KMS_DECRYPTION_EIP712.types.PublicDecryptVerification,\n} satisfies KmsPublicDecryptEIP712Type[\"types\"];\n\nconst FORBIDDEN_CHAIN_IDS = new Set<number>([mainnet.id, sepolia.id]);\n\n// FheTypeId constants for hot-path comparisons\nconst EBOOL_ID: FheTypeId = 0;\nconst EADDRESS_ID: FheTypeId = 7;\n\nfunction decodeClearValueType(handle: Handle, rawValue: bigint): ClearValueType {\n const typeByte = Number((BigInt(handle) >> 8n) & 0xffn);\n if (typeByte === EBOOL_ID) {\n return rawValue !== 0n;\n }\n if (typeByte === EADDRESS_ID) {\n return toHex(rawValue, { size: 20 });\n }\n return rawValue;\n}\n\nfunction normalizeEncryptValue(entry: EncryptParams[\"values\"][number]): {\n fheType: FheTypeId;\n value: bigint;\n} {\n if (!isFheTypeName(entry.type)) {\n throw new EncryptionFailedError(\"Unsupported FHE type\");\n }\n\n const fheType = fheTypeIdFromName(entry.type);\n\n let value: bigint;\n if (entry.type === \"ebool\") {\n if (typeof entry.value === \"boolean\") {\n value = entry.value ? 1n : 0n;\n } else {\n value = entry.value;\n if (value !== 0n && value !== 1n) {\n throw new EncryptionFailedError(\"Bool value must be 0, 1, true, or false\");\n }\n }\n } else if (entry.type === \"eaddress\") {\n value = BigInt(getAddress(entry.value));\n } else {\n value = entry.value;\n }\n\n if (value < 0n) {\n throw new EncryptionFailedError(\"Only non-negative cleartext values are supported\");\n }\n\n const bits = encryptionBitsFromFheTypeId(fheType);\n const maxValue = (1n << BigInt(bits)) - 1n;\n if (value > maxValue) {\n throw new EncryptionFailedError(\n `Value ${value} exceeds max ${maxValue} for FheType ${fheType}`,\n );\n }\n\n return { fheType, value };\n}\n\nexport class RelayerCleartext implements RelayerSDK, Disposable {\n readonly #client: PublicClient;\n readonly #config: FheChain;\n readonly kmsSigner: PrivateKeyAccount;\n readonly inputSigner: PrivateKeyAccount;\n\n constructor(config: FheChain) {\n if (FORBIDDEN_CHAIN_IDS.has(config.id)) {\n throw new ConfigurationError(\n `Cleartext mode is not allowed on chain ${config.id}. ` +\n `It is intended for local development and testing only.`,\n );\n }\n if (!config.executorAddress) {\n throw new ConfigurationError(\n `Cleartext transport requires an executorAddress for chain ${config.id}.`,\n );\n }\n this.#client = createPublicClient({\n transport: typeof config.network === \"string\" ? http(config.network) : custom(config.network),\n });\n this.#config = config;\n this.kmsSigner = privateKeyToAccount(config.kmsSignerPrivateKey ?? MOCK_KMS_SIGNER_PK);\n this.inputSigner = privateKeyToAccount(config.inputSignerPrivateKey ?? MOCK_INPUT_SIGNER_PK);\n }\n\n async generateKeypair(): Promise<KeypairType<Hex>> {\n const publicKey = toHex(crypto.getRandomValues(new Uint8Array(32)));\n let privateKey = toHex(crypto.getRandomValues(new Uint8Array(32)));\n\n while (privateKey === publicKey) {\n privateKey = toHex(crypto.getRandomValues(new Uint8Array(32)));\n }\n\n return { publicKey, privateKey };\n }\n\n async createEIP712(\n publicKey: Hex,\n contractAddresses: Address[],\n startTimestamp: number,\n durationDays = 7,\n ): Promise<EIP712TypedData> {\n return {\n domain: USER_DECRYPT_EIP712.domain(\n this.#config.id,\n this.#config.verifyingContractAddressDecryption as Address,\n ),\n types: USER_DECRYPT_TYPES,\n primaryType: \"UserDecryptRequestVerification\",\n message: {\n publicKey,\n contractAddresses,\n startTimestamp: String(startTimestamp),\n durationDays: String(durationDays),\n extraData: \"0x00\",\n },\n };\n }\n\n async encrypt(params: EncryptParams): Promise<EncryptResult> {\n const entries = params.values.map(normalizeEncryptValue);\n const contractAddress = getAddress(params.contractAddress);\n const userAddress = getAddress(params.userAddress);\n\n const mockCiphertexts = entries.map(({ fheType, value }) =>\n computeMockCiphertext(fheType, value, crypto.getRandomValues(new Uint8Array(32))),\n );\n\n const ciphertextBlob = keccak256(mockCiphertexts.length > 0 ? concat(mockCiphertexts) : \"0x\");\n\n const handles = entries.map(({ fheType }, index) =>\n computeInputHandle(\n ciphertextBlob,\n index,\n fheType,\n this.#config.aclContractAddress as Address,\n BigInt(this.#config.id),\n ),\n );\n\n const cleartextParts = entries.map(({ value }) => pad(toHex(value), { size: 32 }));\n const cleartextBytes: Hex = cleartextParts.length > 0 ? concat(cleartextParts) : \"0x\";\n\n const signature = await this.inputSigner.signTypedData({\n domain: INPUT_VERIFICATION_EIP712.domain(\n this.#config.gatewayChainId,\n this.#config.verifyingContractAddressInputVerification as Address,\n ),\n types: {\n CiphertextVerification: INPUT_VERIFICATION_EIP712.types.CiphertextVerification,\n },\n primaryType: \"CiphertextVerification\",\n message: {\n ctHandles: handles,\n userAddress,\n contractAddress,\n contractChainId: BigInt(this.#config.id),\n extraData: cleartextBytes,\n },\n });\n\n const inputProof = toBytes(\n concat([\n toHex(new Uint8Array([handles.length])),\n toHex(new Uint8Array([1])),\n ...handles,\n signature,\n cleartextBytes,\n ]),\n );\n\n return {\n handles: handles.map((handle) => toBytes(handle)),\n inputProof,\n };\n }\n\n async userDecrypt(params: UserDecryptParams): Promise<Readonly<Record<Handle, ClearValueType>>> {\n await this.#assertDecryptAuthorization(\n params.handles,\n getAddress(params.signerAddress),\n getAddress(params.contractAddress),\n \"User\",\n \"user decrypt\",\n );\n\n return this.#decryptHandles(params.handles);\n }\n\n async publicDecrypt(handles: Handle[]): Promise<PublicDecryptResult> {\n const normalizedHandles = handles;\n\n const allowedResults = await Promise.all(\n normalizedHandles.map((handle) => this.#isAllowedForDecryption(handle)),\n );\n const unauthorizedIndex = allowedResults.findIndex((isAllowed) => !isAllowed);\n if (unauthorizedIndex !== -1) {\n throw new DecryptionFailedError(\n `Handle ${normalizedHandles[unauthorizedIndex]!} is not allowed for public decryption`,\n );\n }\n\n const orderedValues = await Promise.all(\n normalizedHandles.map((handle) => this.#readPlaintext(handle)),\n );\n const clearValues: PublicDecryptResult[\"clearValues\"] = Object.fromEntries(\n normalizedHandles.map((handle, index) => [\n handle,\n decodeClearValueType(handle, orderedValues[index]!),\n ]),\n );\n\n const abiEncodedClearValues = concat(orderedValues.map((v) => pad(toHex(v), { size: 32 })));\n\n const signature = await this.kmsSigner.signTypedData({\n domain: KMS_DECRYPTION_EIP712.domain(\n this.#config.gatewayChainId,\n this.#config.verifyingContractAddressDecryption as Address,\n ),\n types: KMS_DECRYPTION_TYPES,\n primaryType: \"PublicDecryptVerification\",\n message: {\n ctHandles: normalizedHandles,\n decryptedResult: abiEncodedClearValues,\n extraData: \"0x\",\n },\n });\n\n const decryptionProof = concat([toHex(new Uint8Array([1])), signature]);\n\n return {\n clearValues,\n abiEncodedClearValues,\n decryptionProof,\n };\n }\n\n async createDelegatedUserDecryptEIP712(\n publicKey: Hex,\n contractAddresses: Address[],\n delegatorAddress: Address,\n startTimestamp: number,\n durationDays = 7,\n ): Promise<KmsDelegatedUserDecryptEIP712Type> {\n const message: KmsDelegatedUserDecryptEIP712Type[\"message\"] = {\n publicKey,\n contractAddresses,\n delegatorAddress: getAddress(delegatorAddress),\n startTimestamp: String(startTimestamp),\n durationDays: String(durationDays),\n extraData: \"0x00\",\n };\n\n return {\n domain: DELEGATED_USER_DECRYPT_EIP712.domain(\n this.#config.id,\n this.#config.verifyingContractAddressDecryption as Address,\n ),\n types: DELEGATED_USER_DECRYPT_TYPES,\n primaryType: \"DelegatedUserDecryptRequestVerification\",\n message,\n };\n }\n\n async delegatedUserDecrypt(\n params: DelegatedUserDecryptParams,\n ): Promise<Readonly<Record<Handle, ClearValueType>>> {\n await this.#assertDelegation(\n params.handles,\n getAddress(params.delegatorAddress),\n getAddress(params.delegateAddress),\n getAddress(params.contractAddress),\n );\n\n return this.#decryptHandles(params.handles);\n }\n\n async requestZKProofVerification(_zkProof: ZKProofLike): Promise<InputProofBytesType> {\n throw new ConfigurationError(\"Not implemented in cleartext mode\");\n }\n\n async getPublicKey(): Promise<PublicKeyData | null> {\n return {\n publicKeyId: \"mock-public-key-id\",\n publicKey: new Uint8Array([32]),\n };\n }\n\n async getPublicParams(_bits: number): Promise<PublicParamsData | null> {\n return {\n publicParams: new Uint8Array([32]),\n publicParamsId: \"mock-public-params-id\",\n };\n }\n\n async getAclAddress(): Promise<Address> {\n return this.#config.aclContractAddress as Address;\n }\n\n terminate(): void {\n // No resources to release in cleartext mode.\n }\n\n /** Calls {@link terminate} (no-op in cleartext mode). */\n [Symbol.dispose](): void {\n this.terminate();\n }\n\n async #decryptHandles(\n normalizedHandles: Handle[],\n ): Promise<Readonly<Record<Handle, ClearValueType>>> {\n const values = await Promise.all(\n normalizedHandles.map((handle) => this.#readPlaintext(handle)),\n );\n\n return Object.fromEntries(\n normalizedHandles.map((handle, index) => [\n handle,\n decodeClearValueType(handle, values[index]!),\n ]),\n );\n }\n\n async #assertDecryptAuthorization(\n normalizedHandles: Handle[],\n actorAddress: Address,\n contractAddress: Address,\n actorLabel: \"User\" | \"Delegator\",\n operationLabel: \"user decrypt\" | \"delegated decrypt\",\n ): Promise<void> {\n if (actorAddress === contractAddress) {\n throw new DecryptionFailedError(\n `${actorLabel} address ${actorAddress} must not equal contract address for ${operationLabel}`,\n );\n }\n\n const results = await Promise.all(\n normalizedHandles.flatMap((handle) => [\n this.#persistAllowed(handle, actorAddress),\n this.#persistAllowed(handle, contractAddress),\n ]),\n );\n\n for (let i = 0; i < normalizedHandles.length; i++) {\n const actorAllowed = results[i * 2];\n const contractAllowed = results[i * 2 + 1];\n if (!actorAllowed) {\n throw new DecryptionFailedError(\n `${actorLabel} ${actorAddress} is not authorized for ${operationLabel} of handle ${normalizedHandles[i]!}`,\n );\n }\n if (!contractAllowed) {\n throw new DecryptionFailedError(\n `Contract ${contractAddress} is not authorized for ${operationLabel} of handle ${normalizedHandles[i]!}`,\n );\n }\n }\n }\n\n async #assertDelegation(\n handles: Handle[],\n delegatorAddress: Address,\n delegateAddress: Address,\n contractAddress: Address,\n ): Promise<void> {\n const results = await Promise.all(\n handles.map((handle) =>\n this.#client.readContract({\n address: this.#config.aclContractAddress as Address,\n abi: ACL_ABI,\n functionName: \"isHandleDelegatedForUserDecryption\",\n args: [delegatorAddress, delegateAddress, contractAddress, handle],\n }),\n ),\n );\n\n for (let i = 0; i < handles.length; i++) {\n if (!results[i]) {\n throw new DecryptionFailedError(\n `Handle ${handles[i]!} is not delegated for user decryption`,\n );\n }\n }\n }\n\n async #persistAllowed(handle: Handle, account: Address): Promise<boolean> {\n return this.#client.readContract({\n address: this.#config.aclContractAddress as Address,\n abi: ACL_ABI,\n functionName: \"persistAllowed\",\n args: [handle, account],\n });\n }\n\n async #isAllowedForDecryption(handle: Handle): Promise<boolean> {\n return this.#client.readContract({\n address: this.#config.aclContractAddress as Address,\n abi: ACL_ABI,\n functionName: \"isAllowedForDecryption\",\n args: [handle],\n });\n }\n\n async #readPlaintext(handle: Handle): Promise<bigint> {\n return this.#client.readContract({\n address: this.#config.executorAddress as Address,\n abi: EXECUTOR_ABI,\n functionName: \"plaintexts\",\n args: [handle],\n });\n }\n}\n"],"mappings":"iXAUA,MAAM,GACJ,EACA,KACiC,CACjC,KAAM,oBACN,QAAS,IACT,QAAS,OAAO,EAAQ,CACxB,oBACD,EAEK,GACJ,EACA,KACyB,CACzB,KAAM,aACN,QAAS,IACT,QAAS,OAAO,EAAQ,CACxB,oBACD,EAEY,EAA4B,CACvC,OAAQ,EACR,MAAO,CACL,uBAAwB,CACtB,CAAE,KAAM,YAAa,KAAM,YAAa,CACxC,CAAE,KAAM,cAAe,KAAM,UAAW,CACxC,CAAE,KAAM,kBAAmB,KAAM,UAAW,CAC5C,CAAE,KAAM,kBAAmB,KAAM,UAAW,CAC5C,CAAE,KAAM,YAAa,KAAM,QAAS,CACrC,CACF,CACF,CAEY,EAAwB,CACnC,OAAQ,EACR,MAAO,CACL,0BAA2B,CACzB,CAAE,KAAM,YAAa,KAAM,YAAa,CACxC,CAAE,KAAM,kBAAmB,KAAM,QAAS,CAC1C,CAAE,KAAM,YAAa,KAAM,QAAS,CACrC,CACF,CACF,CAEY,EAAsB,CACjC,OAAQ,EACR,MAAO,CACL,+BAAgC,CAC9B,CAAE,KAAM,YAAa,KAAM,QAAS,CACpC,CAAE,KAAM,oBAAqB,KAAM,YAAa,CAChD,CAAE,KAAM,iBAAkB,KAAM,UAAW,CAC3C,CAAE,KAAM,eAAgB,KAAM,UAAW,CACzC,CAAE,KAAM,YAAa,KAAM,QAAS,CACrC,CACF,CACF,CAEY,EAAgC,CAC3C,OAAQ,EACR,MAAO,CACL,wCAAyC,CACvC,CAAE,KAAM,YAAa,KAAM,QAAS,CACpC,CAAE,KAAM,oBAAqB,KAAM,YAAa,CAChD,CAAE,KAAM,mBAAoB,KAAM,UAAW,CAC7C,CAAE,KAAM,iBAAkB,KAAM,UAAW,CAC3C,CAAE,KAAM,eAAgB,KAAM,UAAW,CACzC,CAAE,KAAM,YAAa,KAAM,QAAS,CACrC,CACF,CACF,CEpBK,EAAsC,CAC1C,MAAO,EAEP,OAAQ,EACR,QAAS,EACT,QAAS,EACT,QAAS,EACT,SAAU,EACV,SAAU,EACV,SAAU,EACX,CAEK,EAAsC,CAC1C,EAAG,QAEH,EAAG,SACH,EAAG,UACH,EAAG,UACH,EAAG,UACH,EAAG,WACH,EAAG,WACH,EAAG,WACJ,CAEK,EAAkE,CACtE,EAAG,EAEH,EAAG,EACH,EAAG,GACH,EAAG,GACH,EAAG,GACH,EAAG,IACH,EAAG,IACH,EAAG,IACJ,CAaD,OAAO,OAAO,EAAgB,CAC9B,OAAO,OAAO,EAAgB,CAC9B,OAAO,OAAO,EAA8B,CAC5C,OAAO,OAdiE,CACtE,EAAG,EACH,EAAG,EACH,GAAI,EACJ,GAAI,EACJ,GAAI,EACJ,IAAK,EACL,IAAK,EACL,IAAK,EACN,CAK2C,CAM5C,SAAgB,EAAY,EAAoC,CAC9D,OAAQ,EAAR,CACE,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACL,IAAK,GACH,MAAO,GACT,QACE,MAAO,IAIb,SAAgB,EAAc,EAAsC,CAIlE,OAHI,OAAO,GAAU,SAGd,KAAS,EAFP,GAuBX,SAAgB,EAAkB,EAAyB,CACzD,GAAI,CAAC,EAAc,EAAK,CACtB,MAAU,MAAM,yBAAyB,EAAK,GAAG,CAEnD,OAAO,EAAgB,GAUzB,SAAgB,EAA4B,EAAgC,CAC1E,GAAI,CAAC,EAAY,EAAO,CACtB,MAAU,MAAM,uBAAuB,EAAO,GAAG,CAEnD,IAAM,EAAK,EAA8B,GACzC,GAAI,EAAK,EACP,MAAU,MACR,yCAAyC,EAAG,sBAC7C,CAEH,OAAO,EC/KT,MAAM,EAA+B,EAAQ,WAAW,CAClD,EAA+B,EAAQ,WAAW,CAExD,SAAS,EAAiB,EAAmB,EAAgC,CAC3E,IAAM,EAAa,KAAK,KAAK,EAA4B,EAAQ,CAAG,EAAE,CACtE,OAAO,EAAQ,EAAI,EAAM,EAAU,CAAE,CAAE,KAAM,EAAY,CAAC,CAAC,CAG7D,SAAgB,EACd,EACA,EACA,EACK,CACL,GAAI,EAAS,SAAW,GACtB,MAAM,IAAI,EAAsB,oCAAoC,CAGtE,IAAM,EAAa,EAAiB,EAAW,EAAQ,CACjD,EAAQ,EACZ,EAAO,CAAC,EAAM,IAAI,WAAW,CAAC,EAAQ,CAAC,CAAC,CAAE,EAAM,EAAW,CAAE,EAAM,EAAS,CAAC,CAAC,CAC/E,CAED,OAAO,EAAU,EAAO,CAAC,EAAM,EAA6B,CAAE,EAAM,CAAC,CAAC,CAGxE,SAAgB,EACd,EACA,EACA,EACA,EACA,EACK,CACL,GAAI,CAAC,OAAO,UAAU,EAAM,EAAI,EAAQ,GAAK,EAAQ,IACnD,MAAM,IAAI,EAAsB,6CAA6C,CAG/E,IAAM,EAAW,EAAU,EAAO,CAAC,EAAM,EAA6B,CAAE,EAAe,CAAC,CAAC,CACnF,EAAa,EACjB,EACE,CAAC,QAAS,UAAW,QAAS,UAAW,UAAU,CACnD,CAAC,EAAM,EAA6B,CAAE,EAAU,EAAO,EAAY,EAAQ,CAC5E,CACF,CAEK,EAAY,EAAU,sBAQ5B,OAAO,EANJ,OAAO,EAAW,CAAG,gFACrB,OAAO,EAAM,EAAI,IACjB,GAAa,IACb,OAAO,EAAQ,EAAI,GACpB,OAAA,EAAsB,CAEH,CAAE,KAAM,GAAI,CAAC,CCApC,MAAM,EAAU,EAAS,CACvB,+EACA,sEACA,gJACD,CAAC,CAEI,EAAe,EAAS,CAAC,6DAA6D,CAAC,CAEvF,EAAyB,CAC7B,CAAE,KAAM,OAAQ,KAAM,SAAU,CAChC,CAAE,KAAM,UAAW,KAAM,SAAU,CACnC,CAAE,KAAM,UAAW,KAAM,UAAW,CACpC,CAAE,KAAM,oBAAqB,KAAM,UAAW,CAC/C,CAEK,EAAqB,CACzB,aAAc,EACd,+BAAgC,EAAoB,MAAM,+BAC3D,CACK,EAA+B,CACnC,aAAc,EACd,wCACE,EAA8B,MAAM,wCACvC,CACK,EAAuB,CAC3B,aAAc,EACd,0BAA2B,EAAsB,MAAM,0BACxD,CAEK,EAAsB,IAAI,IAAY,CAAC,EAAQ,GAAI,EAAQ,GAAG,CAAC,CAMrE,SAAS,EAAqB,EAAgB,EAAkC,CAC9E,IAAM,EAAW,OAAQ,OAAO,EAAO,EAAI,GAAM,KAAM,CAOvD,OANI,IAAa,EACR,IAAa,GAElB,IAAa,EACR,EAAM,EAAU,CAAE,KAAM,GAAI,CAAC,CAE/B,EAGT,SAAS,EAAsB,EAG7B,CACA,GAAI,CAAC,EAAc,EAAM,KAAK,CAC5B,MAAM,IAAI,EAAsB,uBAAuB,CAGzD,IAAM,EAAU,EAAkB,EAAM,KAAK,CAEzC,EACJ,GAAI,EAAM,OAAS,QACjB,IAAI,OAAO,EAAM,OAAU,UACzB,EAAQ,EAAM,MAAQ,GAAK,WAE3B,EAAQ,EAAM,MACV,IAAU,IAAM,IAAU,GAC5B,MAAM,IAAI,EAAsB,0CAA0C,MAM9E,EAHS,EAAM,OAAS,WAChB,OAAO,EAAW,EAAM,MAAM,CAAC,CAE/B,EAAM,MAGhB,GAAI,EAAQ,GACV,MAAM,IAAI,EAAsB,mDAAmD,CAGrF,IAAM,EAAO,EAA4B,EAAQ,CAC3C,GAAY,IAAM,OAAO,EAAK,EAAI,GACxC,GAAI,EAAQ,EACV,MAAM,IAAI,EACR,SAAS,EAAM,eAAe,EAAS,eAAe,IACvD,CAGH,MAAO,CAAE,UAAS,QAAO,CAG3B,IAAa,EAAb,KAAgE,CAC9D,GACA,GACA,UACA,YAEA,YAAY,EAAkB,CAC5B,GAAI,EAAoB,IAAI,EAAO,GAAG,CACpC,MAAM,IAAI,EACR,0CAA0C,EAAO,GAAG,0DAErD,CAEH,GAAI,CAAC,EAAO,gBACV,MAAM,IAAI,EACR,6DAA6D,EAAO,GAAG,GACxE,CAEH,MAAA,EAAe,EAAmB,CAChC,UAAW,OAAO,EAAO,SAAY,SAAW,EAAK,EAAO,QAAQ,CAAG,EAAO,EAAO,QAAQ,CAC9F,CAAC,CACF,MAAA,EAAe,EACf,KAAK,UAAY,EAAoB,EAAO,qBAAA,qEAA0C,CACtF,KAAK,YAAc,EAAoB,EAAO,uBAAA,qEAA8C,CAG9F,MAAM,iBAA6C,CACjD,IAAM,EAAY,EAAM,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC,CAC/D,EAAa,EAAM,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC,CAElE,KAAO,IAAe,GACpB,EAAa,EAAM,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC,CAGhE,MAAO,CAAE,YAAW,aAAY,CAGlC,MAAM,aACJ,EACA,EACA,EACA,EAAe,EACW,CAC1B,MAAO,CACL,OAAQ,EAAoB,OAC1B,MAAA,EAAa,GACb,MAAA,EAAa,mCACd,CACD,MAAO,EACP,YAAa,iCACb,QAAS,CACP,YACA,oBACA,eAAgB,OAAO,EAAe,CACtC,aAAc,OAAO,EAAa,CAClC,UAAW,OACZ,CACF,CAGH,MAAM,QAAQ,EAA+C,CAC3D,IAAM,EAAU,EAAO,OAAO,IAAI,EAAsB,CAClD,EAAkB,EAAW,EAAO,gBAAgB,CACpD,EAAc,EAAW,EAAO,YAAY,CAE5C,EAAkB,EAAQ,KAAK,CAAE,UAAS,WAC9C,EAAsB,EAAS,EAAO,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAAC,CAClF,CAEK,EAAiB,EAAU,EAAgB,OAAS,EAAI,EAAO,EAAgB,CAAG,KAAK,CAEvF,EAAU,EAAQ,KAAK,CAAE,WAAW,IACxC,EACE,EACA,EACA,EACA,MAAA,EAAa,mBACb,OAAO,MAAA,EAAa,GAAG,CACxB,CACF,CAEK,EAAiB,EAAQ,KAAK,CAAE,WAAY,EAAI,EAAM,EAAM,CAAE,CAAE,KAAM,GAAI,CAAC,CAAC,CAC5E,EAAsB,EAAe,OAAS,EAAI,EAAO,EAAe,CAAG,KAE3E,EAAY,MAAM,KAAK,YAAY,cAAc,CACrD,OAAQ,EAA0B,OAChC,MAAA,EAAa,eACb,MAAA,EAAa,0CACd,CACD,MAAO,CACL,uBAAwB,EAA0B,MAAM,uBACzD,CACD,YAAa,yBACb,QAAS,CACP,UAAW,EACX,cACA,kBACA,gBAAiB,OAAO,MAAA,EAAa,GAAG,CACxC,UAAW,EACZ,CACF,CAAC,CAEI,EAAa,EACjB,EAAO,CACL,EAAM,IAAI,WAAW,CAAC,EAAQ,OAAO,CAAC,CAAC,CACvC,EAAM,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC,CAC1B,GAAG,EACH,EACA,EACD,CAAC,CACH,CAED,MAAO,CACL,QAAS,EAAQ,IAAK,GAAW,EAAQ,EAAO,CAAC,CACjD,aACD,CAGH,MAAM,YAAY,EAA8E,CAS9F,OARA,MAAM,MAAA,EACJ,EAAO,QACP,EAAW,EAAO,cAAc,CAChC,EAAW,EAAO,gBAAgB,CAClC,OACA,eACD,CAEM,MAAA,EAAqB,EAAO,QAAQ,CAG7C,MAAM,cAAc,EAAiD,CACnE,IAAM,EAAoB,EAKpB,GAHiB,MAAM,QAAQ,IACnC,EAAkB,IAAK,GAAW,MAAA,EAA6B,EAAO,CAAC,CACxE,EACwC,UAAW,GAAc,CAAC,EAAU,CAC7E,GAAI,IAAsB,GACxB,MAAM,IAAI,EACR,UAAU,EAAkB,GAAoB,uCACjD,CAGH,IAAM,EAAgB,MAAM,QAAQ,IAClC,EAAkB,IAAK,GAAW,MAAA,EAAoB,EAAO,CAAC,CAC/D,CACK,EAAkD,OAAO,YAC7D,EAAkB,KAAK,EAAQ,IAAU,CACvC,EACA,EAAqB,EAAQ,EAAc,GAAQ,CACpD,CAAC,CACH,CAEK,EAAwB,EAAO,EAAc,IAAK,GAAM,EAAI,EAAM,EAAE,CAAE,CAAE,KAAM,GAAI,CAAC,CAAC,CAAC,CAErF,EAAY,MAAM,KAAK,UAAU,cAAc,CACnD,OAAQ,EAAsB,OAC5B,MAAA,EAAa,eACb,MAAA,EAAa,mCACd,CACD,MAAO,EACP,YAAa,4BACb,QAAS,CACP,UAAW,EACX,gBAAiB,EACjB,UAAW,KACZ,CACF,CAAC,CAIF,MAAO,CACL,cACA,wBACA,gBALsB,EAAO,CAAC,EAAM,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC,CAAE,EAAU,CAAC,CAMtE,CAGH,MAAM,iCACJ,EACA,EACA,EACA,EACA,EAAe,EAC6B,CAC5C,IAAM,EAAwD,CAC5D,YACA,oBACA,iBAAkB,EAAW,EAAiB,CAC9C,eAAgB,OAAO,EAAe,CACtC,aAAc,OAAO,EAAa,CAClC,UAAW,OACZ,CAED,MAAO,CACL,OAAQ,EAA8B,OACpC,MAAA,EAAa,GACb,MAAA,EAAa,mCACd,CACD,MAAO,EACP,YAAa,0CACb,UACD,CAGH,MAAM,qBACJ,EACmD,CAQnD,OAPA,MAAM,MAAA,EACJ,EAAO,QACP,EAAW,EAAO,iBAAiB,CACnC,EAAW,EAAO,gBAAgB,CAClC,EAAW,EAAO,gBAAgB,CACnC,CAEM,MAAA,EAAqB,EAAO,QAAQ,CAG7C,MAAM,2BAA2B,EAAqD,CACpF,MAAM,IAAI,EAAmB,oCAAoC,CAGnE,MAAM,cAA8C,CAClD,MAAO,CACL,YAAa,qBACb,UAAW,IAAI,WAAW,CAAC,GAAG,CAAC,CAChC,CAGH,MAAM,gBAAgB,EAAiD,CACrE,MAAO,CACL,aAAc,IAAI,WAAW,CAAC,GAAG,CAAC,CAClC,eAAgB,wBACjB,CAGH,MAAM,eAAkC,CACtC,OAAO,MAAA,EAAa,mBAGtB,WAAkB,EAKlB,CAAC,OAAO,UAAiB,CACvB,KAAK,WAAW,CAGlB,MAAA,EACE,EACmD,CACnD,IAAM,EAAS,MAAM,QAAQ,IAC3B,EAAkB,IAAK,GAAW,MAAA,EAAoB,EAAO,CAAC,CAC/D,CAED,OAAO,OAAO,YACZ,EAAkB,KAAK,EAAQ,IAAU,CACvC,EACA,EAAqB,EAAQ,EAAO,GAAQ,CAC7C,CAAC,CACH,CAGH,MAAA,EACE,EACA,EACA,EACA,EACA,EACe,CACf,GAAI,IAAiB,EACnB,MAAM,IAAI,EACR,GAAG,EAAW,WAAW,EAAa,uCAAuC,IAC9E,CAGH,IAAM,EAAU,MAAM,QAAQ,IAC5B,EAAkB,QAAS,GAAW,CACpC,MAAA,EAAqB,EAAQ,EAAa,CAC1C,MAAA,EAAqB,EAAQ,EAAgB,CAC9C,CAAC,CACH,CAED,IAAK,IAAI,EAAI,EAAG,EAAI,EAAkB,OAAQ,IAAK,CACjD,IAAM,EAAe,EAAQ,EAAI,GAC3B,EAAkB,EAAQ,EAAI,EAAI,GACxC,GAAI,CAAC,EACH,MAAM,IAAI,EACR,GAAG,EAAW,GAAG,EAAa,yBAAyB,EAAe,aAAa,EAAkB,KACtG,CAEH,GAAI,CAAC,EACH,MAAM,IAAI,EACR,YAAY,EAAgB,yBAAyB,EAAe,aAAa,EAAkB,KACpG,EAKP,MAAA,EACE,EACA,EACA,EACA,EACe,CACf,IAAM,EAAU,MAAM,QAAQ,IAC5B,EAAQ,IAAK,GACX,MAAA,EAAa,aAAa,CACxB,QAAS,MAAA,EAAa,mBACtB,IAAK,EACL,aAAc,qCACd,KAAM,CAAC,EAAkB,EAAiB,EAAiB,EAAO,CACnE,CAAC,CACH,CACF,CAED,IAAK,IAAI,EAAI,EAAG,EAAI,EAAQ,OAAQ,IAClC,GAAI,CAAC,EAAQ,GACX,MAAM,IAAI,EACR,UAAU,EAAQ,GAAI,uCACvB,CAKP,MAAA,EAAsB,EAAgB,EAAoC,CACxE,OAAO,MAAA,EAAa,aAAa,CAC/B,QAAS,MAAA,EAAa,mBACtB,IAAK,EACL,aAAc,iBACd,KAAM,CAAC,EAAQ,EAAQ,CACxB,CAAC,CAGJ,MAAA,EAA8B,EAAkC,CAC9D,OAAO,MAAA,EAAa,aAAa,CAC/B,QAAS,MAAA,EAAa,mBACtB,IAAK,EACL,aAAc,yBACd,KAAM,CAAC,EAAO,CACf,CAAC,CAGJ,MAAA,EAAqB,EAAiC,CACpD,OAAO,MAAA,EAAa,aAAa,CAC/B,QAAS,MAAA,EAAa,gBACtB,IAAK,EACL,aAAc,aACd,KAAM,CAAC,EAAO,CACf,CAAC"}