@zama-fhe/sdk 3.0.1 → 3.1.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/README.md +47 -797
  2. package/dist/cjs/assertions.cjs +2 -0
  3. package/dist/cjs/assertions.cjs.map +1 -0
  4. package/dist/cjs/base-signer.cjs +2 -0
  5. package/dist/cjs/base-signer.cjs.map +1 -0
  6. package/dist/cjs/chains/index.cjs +1 -0
  7. package/dist/cjs/chains.cjs +2 -0
  8. package/dist/cjs/chains.cjs.map +1 -0
  9. package/dist/cjs/cleartext/index.cjs +1 -1
  10. package/dist/cjs/eip1193-subscribe.cjs +1 -1
  11. package/dist/cjs/eip1193-subscribe.cjs.map +1 -1
  12. package/dist/cjs/encryption.cjs +2 -0
  13. package/dist/cjs/encryption.cjs.map +1 -0
  14. package/dist/cjs/ethers/index.cjs +1 -1
  15. package/dist/cjs/ethers/index.cjs.map +1 -1
  16. package/dist/cjs/index.cjs +1 -514
  17. package/dist/cjs/index.cjs.map +1 -1
  18. package/dist/cjs/query/index.cjs +1 -1
  19. package/dist/cjs/query/index.cjs.map +1 -1
  20. package/dist/cjs/relayer-cleartext.cjs +2 -0
  21. package/dist/cjs/relayer-cleartext.cjs.map +1 -0
  22. package/dist/cjs/relayer-sdk.worker.js +75 -75
  23. package/dist/cjs/relayer.cjs +1 -1
  24. package/dist/cjs/relayer.cjs.map +1 -1
  25. package/dist/cjs/token.cjs +2 -0
  26. package/dist/cjs/token.cjs.map +1 -0
  27. package/dist/cjs/validation.cjs +2 -0
  28. package/dist/cjs/validation.cjs.map +1 -0
  29. package/dist/cjs/viem/index.cjs +1 -1
  30. package/dist/cjs/viem/index.cjs.map +1 -1
  31. package/dist/cjs/web/index.cjs +515 -0
  32. package/dist/cjs/web/index.cjs.map +1 -0
  33. package/dist/cjs/wrappers-registry.cjs +1 -1
  34. package/dist/cjs/wrappers-registry.cjs.map +1 -1
  35. package/dist/esm/assertions-qxjXTeNw.js +2 -0
  36. package/dist/esm/{assertions-BARApuMj.js.map → assertions-qxjXTeNw.js.map} +1 -1
  37. package/dist/esm/base-signer-BKI5njAs.js +2 -0
  38. package/dist/esm/base-signer-BKI5njAs.js.map +1 -0
  39. package/dist/esm/base-signer-pKDrNMlE.d.ts +63 -0
  40. package/dist/esm/chains/index.d.ts +3 -0
  41. package/dist/esm/chains/index.js +1 -0
  42. package/dist/esm/chains-DKasII-S.js +2 -0
  43. package/dist/esm/chains-DKasII-S.js.map +1 -0
  44. package/dist/esm/cleartext/index.d.ts +2 -86
  45. package/dist/esm/cleartext/index.js +1 -1
  46. package/dist/esm/cleartext-Hw0ScIRR.d.ts +19 -0
  47. package/dist/esm/cleartext-xzeh3Frj.js +2 -0
  48. package/dist/esm/cleartext-xzeh3Frj.js.map +1 -0
  49. package/dist/esm/eip1193-subscribe-B7nvT1Mp.js +2 -0
  50. package/dist/esm/eip1193-subscribe-B7nvT1Mp.js.map +1 -0
  51. package/dist/esm/{encryption-CmIPBcfP.js → encryption-xcQIQ9NP.js} +2 -2
  52. package/dist/esm/{encryption-CmIPBcfP.js.map → encryption-xcQIQ9NP.js.map} +1 -1
  53. package/dist/esm/{error-B6H-mBAh.js → error-BRHDbi2m.js} +1 -1
  54. package/dist/esm/{error-B6H-mBAh.js.map → error-BRHDbi2m.js.map} +1 -1
  55. package/dist/esm/ethers/index.d.ts +62 -16
  56. package/dist/esm/ethers/index.js +1 -1
  57. package/dist/esm/ethers/index.js.map +1 -1
  58. package/dist/esm/{hex-D_B-zoId.js → hex-BgMi2Yfs.js} +2 -2
  59. package/dist/esm/{hex-D_B-zoId.js.map → hex-BgMi2Yfs.js.map} +1 -1
  60. package/dist/esm/{activity-CUYnGNME.d.ts → index-BFGqQkab.d.ts} +1613 -2472
  61. package/dist/esm/{relayer-utils-iSPis4x-.d.ts → index-BYVFG3L9.d.ts} +50 -23
  62. package/dist/esm/index.d.ts +19 -101
  63. package/dist/esm/index.js +1 -514
  64. package/dist/esm/index.js.map +1 -1
  65. package/dist/esm/indexeddb-storage-D2L6iKfO.js +2 -0
  66. package/dist/esm/indexeddb-storage-D2L6iKfO.js.map +1 -0
  67. package/dist/esm/memory-storage-CV60XJrC.js +2 -0
  68. package/dist/esm/memory-storage-CV60XJrC.js.map +1 -0
  69. package/dist/esm/node/index.d.ts +92 -131
  70. package/dist/esm/node/index.js +1 -1
  71. package/dist/esm/node/index.js.map +1 -1
  72. package/dist/esm/node/relayer-sdk.node-worker.js +1 -1
  73. package/dist/esm/node/relayer-sdk.node-worker.js.map +1 -1
  74. package/dist/esm/query/index.d.ts +83 -157
  75. package/dist/esm/query/index.js +1 -1
  76. package/dist/esm/query/index.js.map +1 -1
  77. package/dist/esm/relayer-BP6EyPUy.js +2 -0
  78. package/dist/esm/relayer-BP6EyPUy.js.map +1 -0
  79. package/dist/esm/relayer-cleartext-CCaAhwgH.js +2 -0
  80. package/dist/esm/relayer-cleartext-CCaAhwgH.js.map +1 -0
  81. package/dist/esm/relayer-cleartext-C_5NGHjw.d.ts +702 -0
  82. package/dist/esm/relayer-sdk.worker.js +75 -75
  83. package/dist/esm/token-DTgVBH31.js +2 -0
  84. package/dist/esm/token-DTgVBH31.js.map +1 -0
  85. package/dist/esm/types-CC0Mp18i.d.ts +652 -0
  86. package/dist/esm/types-CKtFhknu.d.ts +14 -0
  87. package/dist/esm/types-DSq1YR39.d.ts +30 -0
  88. package/dist/esm/types-qTxGTfOc.d.ts +48 -0
  89. package/dist/esm/validation-D2VCFYWj.js +2 -0
  90. package/dist/esm/validation-D2VCFYWj.js.map +1 -0
  91. package/dist/esm/viem/index.d.ts +41 -16
  92. package/dist/esm/viem/index.js +1 -1
  93. package/dist/esm/viem/index.js.map +1 -1
  94. package/dist/esm/web/index.d.ts +21 -0
  95. package/dist/esm/web/index.js +515 -0
  96. package/dist/esm/web/index.js.map +1 -0
  97. package/dist/esm/worker.base-client-pErLQy-p.js +2 -0
  98. package/dist/esm/worker.base-client-pErLQy-p.js.map +1 -0
  99. package/dist/esm/wrappers-registry-BNxAZZWS.js +2 -0
  100. package/dist/esm/wrappers-registry-BNxAZZWS.js.map +1 -0
  101. package/package.json +33 -6
  102. package/dist/cjs/activity.cjs +0 -2
  103. package/dist/cjs/activity.cjs.map +0 -1
  104. package/dist/cjs/cleartext.cjs +0 -2
  105. package/dist/cjs/cleartext.cjs.map +0 -1
  106. package/dist/esm/activity-BAFx7EMt.js +0 -2
  107. package/dist/esm/activity-BAFx7EMt.js.map +0 -1
  108. package/dist/esm/assertions-BARApuMj.js +0 -2
  109. package/dist/esm/cleartext-Cs28cTsa.js +0 -2
  110. package/dist/esm/cleartext-Cs28cTsa.js.map +0 -1
  111. package/dist/esm/eip1193-subscribe-Cl_wlVuQ.js +0 -2
  112. package/dist/esm/eip1193-subscribe-Cl_wlVuQ.js.map +0 -1
  113. package/dist/esm/memory-storage-F8xjMzVy.js +0 -2
  114. package/dist/esm/memory-storage-F8xjMzVy.js.map +0 -1
  115. package/dist/esm/relayer-C6u3eOlN.js +0 -2
  116. package/dist/esm/relayer-C6u3eOlN.js.map +0 -1
  117. package/dist/esm/relayer-sdk-DPqytEbO.d.ts +0 -44
  118. package/dist/esm/relayer-sdk.types-CGfXwKcB.d.ts +0 -528
  119. package/dist/esm/relayer-utils-BeoTNDM4.js +0 -2
  120. package/dist/esm/relayer-utils-BeoTNDM4.js.map +0 -1
  121. package/dist/esm/wrappers-registry-Ckwd2j6g.js +0 -2
  122. package/dist/esm/wrappers-registry-Ckwd2j6g.js.map +0 -1
package/dist/cjs/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.cjs","names":["ZamaError","ZamaErrorCode","ZamaError","ZamaErrorCode","DelegationCooldownError","DelegationContractIsSelfError","AclPausedError","DelegationSelfNotAllowedError","DelegationDelegateEqualsContractError","DelegationExpirationTooSoonError","DelegationExpiryUnchangedError","DelegationNotFoundError","#dbName","#dbVersion","#storeName","#db","#dbPromise","#withTransaction","#getDB","#worker","#initPromise","#doInitWorker","#pendingRequests","#rejectAllPending","workerFilename","workerCode","#storage","#chainId","#relayerUrl","#ttlMs","#logger","#publicKeyMem","#publicKeyInflight","#loadPublicKey","#deleteQuietly","toError","#publicParamsMem","#publicParamsInflight","#loadPublicParams","#revalidationInflight","#revalidateIfDueInner","#lastRevalidatedAt","#collectParamEntries","#writeEntries","#clearAll","#checkArtifactFreshness","#config","#status","#initError","#getWorkerConfig","DefaultConfigs","#ensureWorker","#ensureLock","#ensureWorkerInner","#workerClient","#initPromise","#artifactCache","#terminated","#resolvedChainId","#tearDown","#artifactStorage","#setStatus","#initWorker","ZamaError","ConfigurationError","#refreshCsrfToken","buildEIP712DomainType","withRetry","#storage","#decryptNamespace","#decryptKeysNamespace","#buildStorageKey","#indexWriteQueue","#addToIndex","#doClearForRequester","#readIndex","#doClearAll","#map","#cachedDerivedKey","#cachedDerivedKeyIdentity","#deriveKey","prefixHex","#storage","#assertSessionEntry","#onEvent","ZamaSDKEvents","#extendContracts","ZamaError","toError","#deleteCredentials","#createPromise","#createPromiseKey","#lastExtendResult","wrapSigningError","#extendPromise","#extendCredentials","#relayer","#storeKey","#cachedStoreKey","#cachedStoreKeyIdentity","#relayer","#storeKey","#create","#signDelegated","#cachedStoreKey","#cachedStoreKeyIdentity","ReadonlyToken","#getUnderlying","#underlying","#underlyingPromise","underlyingContract","#assertConfidentialBalance","ZamaSDKEvents","toError","ZamaError","EncryptionFailedError","confidentialTransferContract","confidentialTransferFromContract","setOperatorContract","isOperatorContract","balanceOfContract","#ensureAllowance","wrapContract","unwrapContract","isZeroHandle","DecryptionFailedError","unwrapFromBalanceContract","#waitAndFinalizeUnshield","finalizeUnwrapContract","allowanceContract","approveContract","DelegationExpirationTooSoonError","DelegationSelfNotAllowedError","DelegationDelegateEqualsContractError","MAX_UINT64","DelegationExpiryUnchangedError","delegateForUserDecryptionContract","DelegationNotFoundError","revokeDelegationContract","#batchDelegationOp","findUnwrapRequested","MainnetConfig","SepoliaConfig","hoodiCleartextConfig","#addresses","#ttlMs","#cache","ConfigurationError","#getCached","getTokenPairsLengthContract","#setCached","getTokenPairsSliceContract","#pairWithMetadata","nameContract","symbolContract","decimalsContract","erc20TotalSupplyContract","getConfidentialTokenAddressContract","isConfidentialTokenValidContract","getTokenAddressContract","getTokenPairsContract","getTokenPairContract","#registryTTL","#onEvent","#identityReady","#initIdentity","ZamaSDKEvents","toError","#unsubscribeSigner","#revokeByTrackedIdentity","#lastAddress","#lastChainId","ReadonlyToken","isZeroHandle","pLimit","wrapDecryptError"],"sources":["../../src/errors/transaction.ts","../../src/errors/balance.ts","../../src/errors/acl-revert.ts","../../src/storage/indexeddb-storage.ts","../../src/worker/worker.base-client.ts","../../src/worker/browser-extension.ts","../../src/worker/worker.client.ts","../../src/relayer/fhe-artifact-cache.ts","../../src/relayer/relayer-web.ts","../../src/decrypt-cache.ts","../../src/storage/memory-storage.ts","../../src/credentials/credential-crypto.ts","../../src/credentials/credential-validation.ts","../../src/credentials/session-signatures.ts","../../src/credentials/credentials-manager-base.ts","../../src/credentials/credentials-manager.ts","../../src/credentials/delegated-credentials-manager.ts","../../src/token/token.ts","../../src/wrappers-registry.ts","../../src/zama-sdk.ts","../../src/token/pending-unshield.ts","../../src/storage/chrome-session-storage.ts"],"sourcesContent":["import { ZamaError, ZamaErrorCode } from \"./base\";\n\n/** ERC-20 approval transaction failed. */\nexport class ApprovalFailedError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.ApprovalFailed, message, options);\n this.name = \"ApprovalFailedError\";\n }\n}\n\n/** On-chain transaction reverted. */\nexport class TransactionRevertedError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.TransactionReverted, message, options);\n this.name = \"TransactionRevertedError\";\n }\n}\n","import type { Address } from \"viem\";\nimport { ZamaError, ZamaErrorCode } from \"./base\";\n\n/** Structured details shared by balance-related errors. */\nexport interface BalanceErrorDetails {\n readonly requested: bigint;\n readonly available: bigint;\n readonly token: Address;\n}\n\n/** Confidential (cToken) balance is insufficient for the requested operation. */\nexport class InsufficientConfidentialBalanceError extends ZamaError {\n /** The amount the caller requested. */\n readonly requested: bigint;\n /** The available balance at the time of the check. */\n readonly available: bigint;\n /** The token contract address. */\n readonly token: Address;\n\n constructor(message: string, details: BalanceErrorDetails, options?: ErrorOptions) {\n super(ZamaErrorCode.InsufficientConfidentialBalance, message, options);\n this.name = \"InsufficientConfidentialBalanceError\";\n this.requested = details.requested;\n this.available = details.available;\n this.token = details.token;\n }\n}\n\n/** ERC-20 balance is insufficient for the requested shield amount. */\nexport class InsufficientERC20BalanceError extends ZamaError {\n /** The amount the caller requested. */\n readonly requested: bigint;\n /** The available balance at the time of the check. */\n readonly available: bigint;\n /** The ERC-20 token contract address. */\n readonly token: Address;\n\n constructor(message: string, details: BalanceErrorDetails, options?: ErrorOptions) {\n super(ZamaErrorCode.InsufficientERC20Balance, message, options);\n this.name = \"InsufficientERC20BalanceError\";\n this.requested = details.requested;\n this.available = details.available;\n this.token = details.token;\n }\n}\n\n/** Balance validation could not be performed (no cached credentials and decryption not possible). */\nexport class BalanceCheckUnavailableError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.BalanceCheckUnavailable, message, options);\n this.name = \"BalanceCheckUnavailableError\";\n }\n}\n\n/** A public ERC-20 read (e.g. balanceOf) failed due to a network or contract error. */\nexport class ERC20ReadFailedError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.ERC20ReadFailed, message, options);\n this.name = \"ERC20ReadFailedError\";\n }\n}\n","import type { ZamaError } from \"./base\";\nimport {\n AclPausedError,\n DelegationContractIsSelfError,\n DelegationCooldownError,\n DelegationDelegateEqualsContractError,\n DelegationExpirationTooSoonError,\n DelegationExpiryUnchangedError,\n DelegationNotFoundError,\n DelegationSelfNotAllowedError,\n} from \"./delegation\";\n\n/** Extract the decoded error name from a viem ContractFunctionRevertedError. */\nfunction extractRevertErrorName(error: unknown): string | null {\n if (!(error instanceof Error)) {\n return null;\n }\n const cause = error.cause;\n if (typeof cause !== \"object\" || cause === null || !(\"data\" in cause)) {\n return null;\n }\n const { data } = cause;\n if (typeof data !== \"object\" || data === null || !(\"errorName\" in data)) {\n return null;\n }\n return typeof data.errorName === \"string\" ? data.errorName : null;\n}\n\n/** ACL error name -> typed SDK error mapping. */\nconst ACL_ERROR_MAP: Record<string, (cause: Error | undefined) => ZamaError> = {\n AlreadyDelegatedOrRevokedInSameBlock: (cause) =>\n new DelegationCooldownError(\n \"Only one delegate/revoke per (delegator, delegate, contract) per block. Wait for the next block before retrying.\",\n { cause },\n ),\n SenderCannotBeContractAddress: (cause) =>\n new DelegationContractIsSelfError(\"The contract address cannot be the caller address.\", {\n cause,\n }),\n EnforcedPause: (cause) =>\n new AclPausedError(\n \"The ACL contract is paused. Delegation operations are temporarily disabled.\",\n { cause },\n ),\n SenderCannotBeDelegate: (cause) =>\n new DelegationSelfNotAllowedError(\"Cannot delegate to yourself (delegate === msg.sender).\", {\n cause,\n }),\n DelegateCannotBeContractAddress: (cause) =>\n new DelegationDelegateEqualsContractError(\n \"Delegate address cannot be the same as the contract address.\",\n { cause },\n ),\n ExpirationDateBeforeOneHour: (cause) =>\n new DelegationExpirationTooSoonError(\"Expiration date must be at least 1 hour in the future.\", {\n cause,\n }),\n ExpirationDateAlreadySetToSameValue: (cause) =>\n new DelegationExpiryUnchangedError(\"The new expiration date is the same as the current one.\", {\n cause,\n }),\n NotDelegatedYet: (cause) =>\n new DelegationNotFoundError(\"Cannot revoke: no active delegation exists.\", { cause }),\n};\n\n/**\n * Map known ACL Solidity revert error names to typed ZamaError subclasses.\n * Prefers viem's structured `error.cause.data.errorName` when available,\n * falling back to string-includes matching on the error message.\n * Returns `null` if the revert reason is not recognized.\n * @public\n */\nexport function matchAclRevert(error: unknown): ZamaError | null {\n const cause = error instanceof Error ? error : undefined;\n\n // Prefer structured error data from viem's ContractFunctionRevertedError\n const errorName = extractRevertErrorName(error);\n if (errorName && errorName in ACL_ERROR_MAP) {\n // eslint-disable-next-line @typescript-eslint/no-non-null-assertion -- guarded by `in` check above\n return ACL_ERROR_MAP[errorName]!(cause);\n }\n\n // Fallback: string matching for non-viem RPC providers\n const message = error instanceof Error ? error.message : String(error);\n for (const [name, factory] of Object.entries(ACL_ERROR_MAP)) {\n if (message.includes(name)) {\n return factory(cause);\n }\n }\n\n return null;\n}\n","\"use client\";\n\nimport type { GenericStorage } from \"../types\";\n\n/**\n * IndexedDB-backed {@link GenericStorage}.\n *\n * Stores encrypted credential objects keyed by a hashed wallet address.\n * Encryption is handled by {@link CredentialsManager} — this store only\n * persists opaque values.\n */\nexport class IndexedDBStorage implements GenericStorage {\n #db: IDBDatabase | null = null;\n #dbPromise: Promise<IDBDatabase> | null = null;\n #dbName: string;\n #dbVersion: number;\n #storeName: string;\n\n constructor(dbName = \"CredentialStore\", dbVersion = 1, storeName = \"credentials\") {\n this.#dbName = dbName;\n this.#dbVersion = dbVersion;\n this.#storeName = storeName;\n }\n\n #getDB(): Promise<IDBDatabase> {\n if (this.#db) {\n return Promise.resolve(this.#db);\n }\n if (this.#dbPromise) {\n return this.#dbPromise;\n }\n\n this.#dbPromise = new Promise((resolve, reject) => {\n const request = indexedDB.open(this.#dbName, this.#dbVersion);\n\n request.onupgradeneeded = () => {\n const db = request.result;\n if (!db.objectStoreNames.contains(this.#storeName)) {\n db.createObjectStore(this.#storeName, { keyPath: \"key\" });\n }\n };\n\n request.onsuccess = () => {\n this.#db = request.result;\n this.#dbPromise = null;\n this.#db.onversionchange = () => {\n // oxlint-disable-next-line no-console\n console.warn(\n `IndexedDB \"${this.#dbName}\" closing due to version change from another tab`,\n );\n this.#db?.close();\n this.#db = null;\n this.#dbPromise = null;\n };\n this.#db.onclose = () => {\n this.#db = null;\n this.#dbPromise = null;\n };\n resolve(this.#db);\n };\n\n request.onerror = () => {\n this.#db = null;\n this.#dbPromise = null;\n reject(request.error);\n };\n });\n\n return this.#dbPromise;\n }\n\n async #withTransaction<T>(\n mode: IDBTransactionMode,\n fn: (store: IDBObjectStore) => IDBRequest,\n ): Promise<T> {\n const db = await this.#getDB();\n return new Promise((resolve, reject) => {\n const tx = db.transaction(this.#storeName, mode);\n tx.onabort = () => reject(tx.error ?? new Error(\"Transaction aborted\"));\n const request = fn(tx.objectStore(this.#storeName));\n if (mode === \"readonly\") {\n request.onsuccess = () => resolve(request.result);\n } else {\n tx.oncomplete = () => resolve(request.result);\n }\n request.onerror = () => reject(request.error);\n });\n }\n\n async get<T = unknown>(key: string): Promise<T | null> {\n const result = await this.#withTransaction<{ value: T } | undefined>(\"readonly\", (store) =>\n store.get(key),\n );\n return result?.value ?? null;\n }\n\n async set<T = unknown>(key: string, value: T): Promise<void> {\n await this.#withTransaction<void>(\"readwrite\", (store) => store.put({ key, value }));\n }\n\n async delete(key: string): Promise<void> {\n await this.#withTransaction<void>(\"readwrite\", (store) => store.delete(key));\n }\n\n async clear(): Promise<void> {\n await this.#withTransaction<void>(\"readwrite\", (store) => store.clear());\n }\n}\n\n/** Default singleton for application-wide use. */\nexport const indexedDBStorage = new IndexedDBStorage();\n","import type { Handle } from \"../relayer/relayer-sdk.types\";\nimport type { ZKProofLike } from \"@zama-fhe/relayer-sdk/bundle\";\nimport type {\n CreateDelegatedEIP712Payload,\n CreateDelegatedEIP712ResponseData,\n CreateEIP712Payload,\n CreateEIP712ResponseData,\n DelegatedUserDecryptPayload,\n DelegatedUserDecryptResponseData,\n EncryptPayload,\n EncryptResponseData,\n GenerateKeypairResponseData,\n GetPublicKeyResponseData,\n GetPublicParamsResponseData,\n InitResponseData,\n PublicDecryptResponseData,\n RequestZKProofVerificationResponseData,\n UserDecryptPayload,\n UserDecryptResponseData,\n GenericLogger,\n WorkerRequest,\n WorkerRequestType,\n WorkerResponse,\n} from \"./worker.types\";\n\n/** Pending request tracker */\ninterface PendingRequest<T> {\n resolve: (value: T) => void;\n reject: (error: Error) => void;\n timeoutId: ReturnType<typeof setTimeout>;\n startTime: number;\n type: WorkerRequestType;\n}\n\n/** Default timeout for operations (30 seconds) */\nexport const DEFAULT_TIMEOUT_MS = 30_000;\n\n/** Extended timeout for WASM initialization (60 seconds) */\nexport const INIT_TIMEOUT_MS = 60_000;\n\n/**\n * Abstract base class for worker clients (browser Web Worker and Node.js worker_threads).\n * Encapsulates all shared logic: pending request tracking, timeouts, init dedup, domain methods.\n * Subclasses implement the abstract hooks for platform-specific worker creation and messaging.\n */\nexport abstract class BaseWorkerClient<TWorker, TConfig> {\n #worker: TWorker | null = null;\n #pendingRequests = new Map<string, PendingRequest<unknown>>();\n #initPromise: Promise<TWorker> | null = null;\n protected readonly config: TConfig;\n protected readonly logger: GenericLogger | undefined;\n\n constructor(config: TConfig, logger: GenericLogger | undefined) {\n this.config = config;\n this.logger = logger;\n }\n\n // ===========================================================================\n // Abstract hooks — subclasses must implement\n // ===========================================================================\n\n /** Create the platform-specific worker instance. */\n protected abstract createWorker(): TWorker;\n\n /** Wire message/error/messageerror events on the worker. */\n protected abstract wireEvents(worker: TWorker): void;\n\n /** Post a message to the worker. */\n protected abstract postMessage(worker: TWorker, request: WorkerRequest): void;\n\n /** Terminate the platform-specific worker. */\n protected abstract terminateWorker(worker: TWorker): void;\n\n /** Generate a unique request ID. */\n protected abstract generateRequestId(): string;\n\n /** Return the init request type and payload. */\n protected abstract getInitPayload(): {\n type: WorkerRequestType;\n payload: WorkerRequest[\"payload\"];\n };\n\n /** Optional hook called after worker init succeeds (e.g. for node worker.unref()). */\n protected onWorkerReady?(_worker: TWorker): void;\n\n // ===========================================================================\n // Shared init / terminate\n // ===========================================================================\n\n async initWorker(): Promise<TWorker> {\n if (this.#worker) {\n return this.#worker;\n }\n\n if (!this.#initPromise) {\n this.#initPromise = this.#doInitWorker().catch((error) => {\n this.#initPromise = null;\n throw error;\n });\n }\n return this.#initPromise;\n }\n\n async #doInitWorker(): Promise<TWorker> {\n const worker = this.createWorker();\n this.wireEvents(worker);\n\n try {\n const { type, payload } = this.getInitPayload();\n await this.sendRequestTo<InitResponseData>(worker, type, payload, INIT_TIMEOUT_MS);\n this.onWorkerReady?.(worker);\n this.#worker = worker;\n } catch (error) {\n this.terminateWorker(worker);\n throw error;\n }\n\n return this.#worker;\n }\n\n terminate(): void {\n if (this.#worker) {\n for (const [id, pending] of this.#pendingRequests) {\n clearTimeout(pending.timeoutId);\n pending.reject(new Error(\"Worker terminated\"));\n this.#pendingRequests.delete(id);\n }\n\n this.terminateWorker(this.#worker);\n this.#worker = null;\n }\n this.#initPromise = null;\n }\n\n // ===========================================================================\n // Message handling (called by subclass event wiring)\n // ===========================================================================\n\n protected handleResponse(response: WorkerResponse<unknown>): void {\n const pending = this.#pendingRequests.get(response.id);\n\n if (!pending) {\n this.logger?.warn(\"[WorkerClient] Received response for unknown request\", {\n id: response.id,\n });\n return;\n }\n\n const elapsed = Math.round(performance.now() - pending.startTime);\n\n clearTimeout(pending.timeoutId);\n this.#pendingRequests.delete(response.id);\n\n if (response.success) {\n this.logger?.debug(`[WorkerClient] ← ${pending.type} OK`, {\n id: response.id,\n elapsed,\n });\n pending.resolve(response.data);\n } else {\n this.logger?.error(`[WorkerClient] ← ${pending.type} FAILED`, {\n id: response.id,\n elapsed,\n error: response.error,\n });\n const err = new Error(response.error);\n if (\"statusCode\" in response && typeof response.statusCode === \"number\") {\n (err as Error & { statusCode?: number }).statusCode = response.statusCode;\n }\n pending.reject(err);\n }\n }\n\n protected handleWorkerError(message: string): void {\n this.logger?.error(\"[WorkerClient] Worker error\", { error: message });\n const worker = this.#worker;\n this.#worker = null;\n this.#rejectAllPending(`Worker error: ${message}`);\n if (worker) {\n this.terminateWorker(worker);\n }\n }\n\n protected handleWorkerMessageError(): void {\n this.logger?.error(\"[WorkerClient] Message deserialization failed\");\n const worker = this.#worker;\n this.#worker = null;\n this.#rejectAllPending(\"Worker message deserialization failed\");\n if (worker) {\n this.terminateWorker(worker);\n }\n }\n\n // ===========================================================================\n // Request sending\n // ===========================================================================\n\n protected sendRequestTo<T>(\n worker: TWorker,\n type: WorkerRequestType,\n payload: WorkerRequest[\"payload\"],\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n ): Promise<T> {\n return new Promise<T>((resolve, reject) => {\n const id = this.generateRequestId();\n const startTime = performance.now();\n this.logger?.debug(`[WorkerClient] → ${type}`, { id });\n\n const timeoutId = setTimeout(() => {\n this.#pendingRequests.delete(id);\n const elapsed = Math.round(performance.now() - startTime);\n this.logger?.error(`[WorkerClient] ${type} timed out after ${timeoutMs}ms`, {\n id,\n elapsed,\n });\n reject(new Error(`Request ${type} timed out after ${timeoutMs}ms`));\n }, timeoutMs);\n\n this.#pendingRequests.set(id, {\n resolve: resolve as (value: unknown) => void,\n reject,\n timeoutId,\n startTime,\n type,\n });\n\n const request = { id, type, payload } as WorkerRequest;\n this.postMessage(worker, request);\n });\n }\n\n protected async sendRequest<T>(\n type: WorkerRequestType,\n payload: WorkerRequest[\"payload\"],\n timeoutMs: number = DEFAULT_TIMEOUT_MS,\n ): Promise<T> {\n const worker = await this.initWorker();\n return this.sendRequestTo<T>(worker, type, payload, timeoutMs);\n }\n\n // ===========================================================================\n // Domain methods\n // ===========================================================================\n\n async generateKeypair(): Promise<GenerateKeypairResponseData> {\n return this.sendRequest<GenerateKeypairResponseData>(\"GENERATE_KEYPAIR\", {});\n }\n\n async createEIP712(params: CreateEIP712Payload): Promise<CreateEIP712ResponseData> {\n return this.sendRequest<CreateEIP712ResponseData>(\"CREATE_EIP712\", params);\n }\n\n async encrypt(params: EncryptPayload): Promise<EncryptResponseData> {\n return this.sendRequest<EncryptResponseData>(\"ENCRYPT\", params);\n }\n\n async userDecrypt(params: UserDecryptPayload): Promise<UserDecryptResponseData> {\n return this.sendRequest<UserDecryptResponseData>(\"USER_DECRYPT\", params);\n }\n\n async publicDecrypt(handles: Handle[]): Promise<PublicDecryptResponseData> {\n return this.sendRequest<PublicDecryptResponseData>(\"PUBLIC_DECRYPT\", { handles });\n }\n\n async createDelegatedUserDecryptEIP712(\n params: CreateDelegatedEIP712Payload,\n ): Promise<CreateDelegatedEIP712ResponseData> {\n return this.sendRequest<CreateDelegatedEIP712ResponseData>(\"CREATE_DELEGATED_EIP712\", params);\n }\n\n async delegatedUserDecrypt(\n params: DelegatedUserDecryptPayload,\n ): Promise<DelegatedUserDecryptResponseData> {\n return this.sendRequest<DelegatedUserDecryptResponseData>(\"DELEGATED_USER_DECRYPT\", params);\n }\n\n async requestZKProofVerification(\n zkProof: ZKProofLike,\n ): Promise<RequestZKProofVerificationResponseData> {\n return this.sendRequest<RequestZKProofVerificationResponseData>(\n \"REQUEST_ZK_PROOF_VERIFICATION\",\n { zkProof },\n );\n }\n\n async getPublicKey(): Promise<GetPublicKeyResponseData> {\n return this.sendRequest<GetPublicKeyResponseData>(\"GET_PUBLIC_KEY\", {});\n }\n\n async getPublicParams(bits: number): Promise<GetPublicParamsResponseData> {\n return this.sendRequest<GetPublicParamsResponseData>(\"GET_PUBLIC_PARAMS\", { bits });\n }\n\n // ===========================================================================\n // Internal helpers\n // ===========================================================================\n\n #rejectAllPending(message: string): void {\n for (const [id, pending] of this.#pendingRequests) {\n clearTimeout(pending.timeoutId);\n pending.reject(new Error(message));\n this.#pendingRequests.delete(id);\n }\n }\n}\n","import { assertFunctionProp, assertObject, assertStringProp } from \"../utils/assertions\";\n\n/**\n * Subset of the WebExtensions `runtime` API used by the SDK.\n * @see https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/runtime\n */\nexport interface BrowserExtensionRuntime {\n /** The ID of the extension. */\n id: string;\n /** Convert a relative path within the extension to a fully-qualified URL. */\n getURL: (path: string) => string;\n}\n\nfunction isValidRuntime(runtime: unknown): runtime is BrowserExtensionRuntime {\n try {\n assertObject(runtime, \"runtime\");\n assertStringProp(runtime, \"id\", \"runtime.id\");\n assertFunctionProp<\"getURL\", (path: string) => string>(runtime, \"getURL\", \"runtime.getURL\");\n return true;\n } catch {\n return false;\n }\n}\n\n/**\n * Return the browser extension runtime object, or `undefined` outside extensions.\n * Works across Chrome/Edge (`chrome.runtime`) and Firefox/Safari (`browser.runtime`).\n * Extensions have restricted CSP that blocks `blob:` URLs, so callers use\n * this to detect the environment and resolve file URLs via `runtime.getURL`.\n */\nexport function getBrowserExtensionRuntime(): BrowserExtensionRuntime | undefined {\n const g = globalThis as unknown as Record<string, unknown>;\n for (const ns of [g.chrome, g.browser]) {\n try {\n assertObject(ns, \"ns\");\n if (isValidRuntime(ns.runtime)) {\n return ns.runtime;\n }\n } catch {\n continue;\n }\n }\n return undefined;\n}\n","import type { FhevmInstanceConfig } from \"@zama-fhe/relayer-sdk/bundle\";\nimport type {\n GenericLogger,\n UpdateCsrfResponseData,\n WorkerRequest,\n WorkerRequestType,\n WorkerResponse,\n} from \"./worker.types\";\nimport { BaseWorkerClient } from \"./worker.base-client\";\nimport { getBrowserExtensionRuntime } from \"./browser-extension\";\nimport { default as workerCode, filename as workerFilename } from \"./relayer-sdk.worker.ts?iife\";\n\n/** Configuration for the worker client */\nexport interface WorkerClientConfig {\n cdnUrl: string;\n fhevmConfig: FhevmInstanceConfig;\n csrfToken: string;\n /** Expected SHA-384 hex digest of the CDN bundle for integrity verification. */\n integrity?: string;\n /** Optional logger for tracing worker request lifecycle. */\n logger?: GenericLogger;\n /** Number of WASM threads for parallel FHE operations (passed to `initSDK({ thread })`). */\n thread?: number;\n}\n\n/**\n * Client for communicating with the RelayerSDK Web Worker.\n * Provides a promise-based API for FHE operations.\n */\nexport class RelayerWorkerClient extends BaseWorkerClient<Worker, WorkerClientConfig> {\n constructor(config: WorkerClientConfig) {\n super(config, config.logger);\n }\n\n protected createWorker(): Worker {\n const runtime = getBrowserExtensionRuntime();\n if (runtime) {\n return new Worker(runtime.getURL(workerFilename));\n }\n const blobUrl = URL.createObjectURL(new Blob([workerCode], { type: \"application/javascript\" }));\n try {\n return new Worker(blobUrl);\n } finally {\n URL.revokeObjectURL(blobUrl);\n }\n }\n\n protected wireEvents(worker: Worker): void {\n worker.onmessage = (event: MessageEvent<WorkerResponse<unknown>>) =>\n this.handleResponse(event.data);\n worker.onerror = (event: ErrorEvent) => this.handleWorkerError(event.message);\n worker.onmessageerror = () => this.handleWorkerMessageError();\n }\n\n protected postMessage(worker: Worker, request: WorkerRequest): void {\n worker.postMessage(request);\n }\n\n protected terminateWorker(worker: Worker): void {\n worker.terminate();\n }\n\n protected generateRequestId(): string {\n return crypto.randomUUID();\n }\n\n protected getInitPayload(): {\n type: WorkerRequestType;\n payload: WorkerRequest[\"payload\"];\n } {\n // Explicitly construct the payload from serializable fields only.\n // Functions (e.g. `logger`) cannot be cloned by the structured clone\n // algorithm used by `worker.postMessage()`.\n const { cdnUrl, fhevmConfig, csrfToken, integrity, thread } = this.config;\n return { type: \"INIT\", payload: { cdnUrl, fhevmConfig, csrfToken, integrity, thread } };\n }\n\n /**\n * Update the CSRF token in the worker.\n * Call this before making authenticated requests to ensure the token is fresh.\n */\n async updateCsrf(csrfToken: string): Promise<void> {\n await this.sendRequest<UpdateCsrfResponseData>(\"UPDATE_CSRF\", {\n csrfToken,\n });\n }\n}\n","import type { GenericStorage } from \"../types\";\nimport { assertObject, assertStringProp, toError } from \"../utils\";\nimport type { GenericLogger } from \"../worker/worker.types\";\n\n// ── Cached data shapes ──────────────────────────────────────\n\n/** Cached shape for the FHE network public key. */\ninterface CachedPublicKey {\n publicKeyId: string;\n /** Base64-encoded Uint8Array. */\n publicKey: string;\n /** Artifact URL from the manifest. */\n artifactUrl?: string;\n /** HTTP ETag from the artifact response. */\n etag?: string;\n /** HTTP Last-Modified from the artifact response. */\n lastModified?: string;\n /** Epoch-ms timestamp of the last successful revalidation. */\n lastValidatedAt: number;\n}\n\n/** Cached shape for FHE public params. */\ninterface CachedPublicParams {\n publicParamsId: string;\n /** Base64-encoded Uint8Array. */\n publicParams: string;\n artifactUrl?: string;\n etag?: string;\n lastModified?: string;\n lastValidatedAt: number;\n}\n\n// ── Return types ────────────────────────────────────────────\n\n/** Return type of the public key fetcher. */\ntype PublicKeyResult = { publicKeyId: string; publicKey: Uint8Array } | null;\n\n/** Return type of the public params fetcher. */\ntype PublicParamsResult = {\n publicParamsId: string;\n publicParams: Uint8Array;\n} | null;\n\n// ── Constants ───────────────────────────────────────────────\n\n/** Max chunk size for String.fromCharCode to avoid call-stack overflow on large buffers. */\nconst CHUNK_SIZE = 8192;\n\n/** On revalidation failure, retry after 5 minutes instead of the full TTL. */\nconst SHORT_RETRY_MS = 5 * 60 * 1000;\n\n// ── Helpers ─────────────────────────────────────────────────\n\nfunction toBase64(bytes: Uint8Array): string {\n const chunks: string[] = [];\n for (let i = 0; i < bytes.length; i += CHUNK_SIZE) {\n chunks.push(String.fromCharCode(...bytes.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(chunks.join(\"\"));\n}\n\nfunction fromBase64(b64: string): Uint8Array {\n let binary: string;\n try {\n binary = atob(b64);\n } catch {\n throw new Error(`Invalid base64 data (length: ${b64.length})`);\n }\n if (binary.length === 0) {\n throw new Error(\"Decoded artifact is empty\");\n }\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n}\n\nfunction pubkeyStorageKey(chainId: number): string {\n return `fhe:pubkey:${chainId}`;\n}\n\nfunction paramsStorageKey(chainId: number, bits: number): string {\n return `fhe:params:${chainId}:${bits}`;\n}\n\nfunction paramsIndexKey(chainId: number): string {\n return `fhe:params-index:${chainId}`;\n}\n\nfunction assertCachedPk(v: unknown): asserts v is CachedPublicKey {\n assertObject(v, \"CachedPublicKey\");\n assertStringProp(v, \"publicKeyId\", \"CachedPublicKey.publicKeyId\");\n assertStringProp(v, \"publicKey\", \"CachedPublicKey.publicKey\");\n}\n\nfunction assertCachedParams(v: unknown): asserts v is CachedPublicParams {\n assertObject(v, \"CachedPublicParams\");\n assertStringProp(v, \"publicParamsId\", \"CachedPublicParams.publicParamsId\");\n assertStringProp(v, \"publicParams\", \"CachedPublicParams.publicParams\");\n}\n\n/** Manifest shape returned by the relayer `/keyurl` endpoint. */\ninterface ManifestShape {\n fhePublicKey: { dataId: string; urls: string[] };\n crs: Record<string, { dataId: string; urls: string[] }>;\n}\n\n// ── ArtifactCache ──────────────────────────────────────────\n\n/**\n * Persistent cache for FHE network public key and public params.\n * Uses a {@link GenericStorage} backend (e.g. MemoryStorage, or any\n * user-provided async key-value adapter) to avoid re-downloading large\n * binary data on every app instantiation.\n *\n * Cache keys are scoped by chain ID.\n */\nexport class FheArtifactCache {\n readonly #storage: GenericStorage;\n readonly #chainId: number;\n readonly #relayerUrl: string;\n readonly #ttlMs: number;\n readonly #logger: GenericLogger;\n #publicKeyMem: PublicKeyResult | undefined;\n #publicParamsMem = new Map<number, PublicParamsResult>();\n #publicKeyInflight: Promise<PublicKeyResult> | null = null;\n #publicParamsInflight = new Map<number, Promise<PublicParamsResult>>();\n #revalidationInflight: Promise<boolean> | null = null;\n /** In-memory guard to skip storage reads when revalidation isn't due. */\n #lastRevalidatedAt: number | null = null;\n\n constructor(opts: {\n storage: GenericStorage;\n chainId: number;\n relayerUrl: string;\n /** Cache TTL in seconds. Default: 86 400 (24 h). Set to 0 to revalidate on every operation. */\n ttl?: number;\n logger?: GenericLogger;\n }) {\n this.#storage = opts.storage;\n this.#chainId = opts.chainId;\n this.#relayerUrl = opts.relayerUrl;\n this.#ttlMs = (opts.ttl ?? 86_400) * 1000;\n this.#logger = opts.logger ?? console;\n }\n\n // ── getPublicKey ────────────────────────────────────────\n\n async getPublicKey(fetcher: () => Promise<PublicKeyResult>): Promise<PublicKeyResult> {\n if (this.#publicKeyMem !== undefined) {\n return this.#publicKeyMem;\n }\n\n // Deduplicate concurrent calls\n if (this.#publicKeyInflight) {\n return this.#publicKeyInflight;\n }\n\n this.#publicKeyInflight = this.#loadPublicKey(fetcher);\n try {\n return await this.#publicKeyInflight;\n } finally {\n this.#publicKeyInflight = null;\n }\n }\n\n async #loadPublicKey(fetcher: () => Promise<PublicKeyResult>): Promise<PublicKeyResult> {\n const key = pubkeyStorageKey(this.#chainId);\n\n try {\n const raw = await this.#storage.get(key);\n if (raw) {\n assertCachedPk(raw);\n const result: PublicKeyResult = {\n publicKeyId: raw.publicKeyId,\n publicKey: fromBase64(raw.publicKey),\n };\n this.#publicKeyMem = result;\n return result;\n }\n } catch (err) {\n // Corrupt or unreadable entry — delete and fall through to fetcher\n await this.#deleteQuietly(key);\n this.#logger.warn(\n \"Failed to read public key from persistent storage, falling back to network fetch\",\n {\n chainId: this.#chainId,\n error: toError(err).message,\n },\n );\n }\n\n const result = await fetcher();\n if (result === null) {\n return null;\n }\n\n this.#publicKeyMem = result;\n\n try {\n const cached: CachedPublicKey = {\n publicKeyId: result.publicKeyId,\n publicKey: toBase64(result.publicKey),\n lastValidatedAt: Date.now(),\n };\n await this.#storage.set(key, cached);\n } catch (err) {\n this.#logger.warn(\"Failed to persist public key to storage\", {\n chainId: this.#chainId,\n error: toError(err).message,\n });\n }\n\n return result;\n }\n\n // ── getPublicParams ─────────────────────────────────────\n\n async getPublicParams(\n bits: number,\n fetcher: () => Promise<PublicParamsResult>,\n ): Promise<PublicParamsResult> {\n const mem = this.#publicParamsMem.get(bits);\n if (mem !== undefined) {\n return mem;\n }\n\n // Deduplicate concurrent calls\n const inflight = this.#publicParamsInflight.get(bits);\n if (inflight) {\n return inflight;\n }\n\n const promise = this.#loadPublicParams(bits, fetcher);\n this.#publicParamsInflight.set(bits, promise);\n try {\n return await promise;\n } finally {\n this.#publicParamsInflight.delete(bits);\n }\n }\n\n async #loadPublicParams(\n bits: number,\n fetcher: () => Promise<PublicParamsResult>,\n ): Promise<PublicParamsResult> {\n const key = paramsStorageKey(this.#chainId, bits);\n\n try {\n const raw = await this.#storage.get(key);\n if (raw) {\n assertCachedParams(raw);\n const result: PublicParamsResult = {\n publicParamsId: raw.publicParamsId,\n publicParams: fromBase64(raw.publicParams),\n };\n this.#publicParamsMem.set(bits, result);\n return result;\n }\n } catch (err) {\n // Corrupt or unreadable entry — delete and fall through to fetcher\n await this.#deleteQuietly(key);\n this.#logger.warn(\n \"Failed to read public params from persistent storage, falling back to network fetch\",\n {\n chainId: this.#chainId,\n bits,\n error: toError(err).message,\n },\n );\n }\n\n const result = await fetcher();\n if (result === null) {\n return null;\n }\n\n this.#publicParamsMem.set(bits, result);\n\n try {\n const cached: CachedPublicParams = {\n publicParamsId: result.publicParamsId,\n publicParams: toBase64(result.publicParams),\n lastValidatedAt: Date.now(),\n };\n await this.#storage.set(key, cached);\n\n // Update params index for cold-start CRS detection\n const idxKey = paramsIndexKey(this.#chainId);\n const existing =\n (await this.#storage.get<number[]>(idxKey).catch((err) => {\n this.#logger.warn(\"Failed to read params index from storage\", {\n chainId: this.#chainId,\n error: toError(err).message,\n });\n return null;\n })) ?? [];\n if (!existing.includes(bits)) {\n await this.#storage.set(idxKey, [...existing, bits]);\n }\n } catch (err) {\n this.#logger.warn(\"Failed to persist public params to storage\", {\n chainId: this.#chainId,\n bits,\n error: toError(err).message,\n });\n }\n\n return result;\n }\n\n // ── Artifact-level revalidation ─────────────────────────\n\n /**\n * Check whether cached FHE artifacts are still fresh by issuing\n * HTTP conditional requests (ETag / If-None-Match, Last-Modified /\n * If-Modified-Since) against the actual artifact CDN URLs.\n *\n * @returns `true` if the cache was invalidated and the caller should\n * re-fetch artifacts, `false` otherwise.\n */\n async revalidateIfDue(): Promise<boolean> {\n // Concurrency guard — coalesce overlapping calls\n if (this.#revalidationInflight) {\n return this.#revalidationInflight;\n }\n this.#revalidationInflight = this.#revalidateIfDueInner();\n try {\n return await this.#revalidationInflight;\n } finally {\n this.#revalidationInflight = null;\n }\n }\n\n async #revalidateIfDueInner(): Promise<boolean> {\n // Fast path: in-memory timestamp check avoids storage I/O on every call\n const now = Date.now();\n if (this.#lastRevalidatedAt !== null && now - this.#lastRevalidatedAt < this.#ttlMs) {\n return false;\n }\n\n // Skip revalidation when relayerUrl is not configured (e.g. Hardhat)\n if (!this.#relayerUrl) {\n return false;\n }\n\n const pkKey = pubkeyStorageKey(this.#chainId);\n\n // Track partial progress so the catch block can reuse already-read data\n let storedPk: CachedPublicKey | null = null;\n let paramEntries: Array<{\n bits: number;\n key: string;\n data: CachedPublicParams;\n }> = [];\n\n try {\n // 1. Read PK cache entry and collect params entries in parallel\n const [pkRaw, entries] = await Promise.all([\n this.#storage.get(pkKey),\n this.#collectParamEntries(),\n ]);\n\n // Validate PK shape\n if (pkRaw) {\n try {\n assertCachedPk(pkRaw);\n storedPk = { ...pkRaw, lastValidatedAt: pkRaw.lastValidatedAt ?? 0 };\n } catch (err) {\n this.#logger.warn(\"Corrupt public key cache entry detected, deleting\", {\n chainId: this.#chainId,\n error: toError(err).message,\n });\n await this.#deleteQuietly(pkKey);\n }\n }\n\n paramEntries = entries;\n\n if (!storedPk) {\n return false;\n }\n\n // 2. Check if all entries are within TTL\n const allEntries: Array<{ lastValidatedAt: number }> = [\n storedPk,\n ...paramEntries.map((e) => e.data),\n ];\n const allFresh = allEntries.every((e) => now - e.lastValidatedAt < this.#ttlMs);\n if (allFresh) {\n this.#lastRevalidatedAt = now;\n return false;\n }\n\n // 3. Fetch manifest to discover current artifact URLs\n const manifestRes = await globalThis.fetch(`${this.#relayerUrl}/keyurl`);\n if (!manifestRes.ok) {\n // Treat as transient failure — use short retry instead of full TTL\n const retryTimestamp = now - this.#ttlMs + SHORT_RETRY_MS;\n this.#logger.warn(\"Manifest fetch failed during revalidation, retrying in 5 min\", {\n status: manifestRes.status,\n relayerUrl: this.#relayerUrl,\n });\n await this.#writeEntries(\n pkKey,\n { ...storedPk, lastValidatedAt: retryTimestamp },\n paramEntries.map((e) => ({\n ...e,\n data: { ...e.data, lastValidatedAt: retryTimestamp },\n })),\n );\n this.#lastRevalidatedAt = retryTimestamp;\n return false;\n }\n\n const manifest = (await manifestRes.json()) as unknown;\n\n // Validate manifest shape — a malformed response indicates a permanent\n // config error (wrong relayer URL, API version mismatch), not a transient\n // network issue. Log at error level so it's actionable.\n if (\n !manifest ||\n typeof manifest !== \"object\" ||\n !(\"fhePublicKey\" in manifest) ||\n !(manifest as ManifestShape).fhePublicKey?.urls?.length ||\n !(\"crs\" in manifest) ||\n typeof (manifest as ManifestShape).crs !== \"object\"\n ) {\n this.#logger.error(\n \"Relayer manifest has unexpected shape — check relayer URL and API version\",\n {\n relayerUrl: this.#relayerUrl,\n manifestKeys: manifest && typeof manifest === \"object\" ? Object.keys(manifest) : [],\n },\n );\n // Fail-open with short retry — but the error-level log distinguishes this from transient failures\n const retryTimestamp = now - this.#ttlMs + SHORT_RETRY_MS;\n await this.#writeEntries(\n pkKey,\n { ...storedPk, lastValidatedAt: retryTimestamp },\n paramEntries.map((e) => ({\n ...e,\n data: { ...e.data, lastValidatedAt: retryTimestamp },\n })),\n );\n this.#lastRevalidatedAt = retryTimestamp;\n return false;\n }\n const validManifest = manifest as ManifestShape;\n\n // ── 4. Check PK artifact ──────────────────────────\n const pkArtifactUrl = validManifest.fhePublicKey.urls[0];\n\n // URL change → stale\n if (storedPk.artifactUrl && pkArtifactUrl && pkArtifactUrl !== storedPk.artifactUrl) {\n await this.#clearAll(pkKey, paramEntries);\n this.#lastRevalidatedAt = null;\n return true;\n }\n\n let updatedPk: CachedPublicKey = { ...storedPk, lastValidatedAt: now };\n if (pkArtifactUrl) {\n const freshness = await this.#checkArtifactFreshness(pkArtifactUrl, storedPk);\n if (!freshness.fresh) {\n await this.#clearAll(pkKey, paramEntries);\n this.#lastRevalidatedAt = null;\n return true;\n }\n updatedPk = {\n ...updatedPk,\n artifactUrl: pkArtifactUrl,\n etag: freshness.etag,\n lastModified: freshness.lastModified,\n };\n }\n\n // ── 5. Check each CRS artifact ────────────────────\n const updatedParamEntries: typeof paramEntries = [];\n for (const entry of paramEntries) {\n const manifestCrs = validManifest.crs[String(entry.bits)];\n const crsUrl = manifestCrs?.urls[0];\n\n // URL change → stale\n if (entry.data.artifactUrl && crsUrl && crsUrl !== entry.data.artifactUrl) {\n await this.#clearAll(pkKey, paramEntries);\n this.#lastRevalidatedAt = null;\n return true;\n }\n\n let updatedData: CachedPublicParams = {\n ...entry.data,\n lastValidatedAt: now,\n };\n if (crsUrl) {\n const freshness = await this.#checkArtifactFreshness(crsUrl, entry.data);\n if (!freshness.fresh) {\n await this.#clearAll(pkKey, paramEntries);\n this.#lastRevalidatedAt = null;\n return true;\n }\n updatedData = {\n ...updatedData,\n artifactUrl: crsUrl,\n etag: freshness.etag,\n lastModified: freshness.lastModified,\n };\n }\n updatedParamEntries.push({ ...entry, data: updatedData });\n }\n\n // 6. All fresh — update timestamps and HTTP validators\n await this.#writeEntries(pkKey, updatedPk, updatedParamEntries);\n this.#lastRevalidatedAt = now;\n return false;\n } catch (err) {\n const error = toError(err);\n const isProgrammingError =\n err instanceof TypeError ||\n err instanceof ReferenceError ||\n err instanceof RangeError ||\n err instanceof SyntaxError;\n const level = isProgrammingError ? \"error\" : \"warn\";\n this.#logger[level](\n isProgrammingError\n ? \"Unexpected error during revalidation (possible bug)\"\n : \"Revalidation failed, using cached artifacts (fail-open)\",\n {\n chainId: this.#chainId,\n relayerUrl: this.#relayerUrl,\n error: error.message,\n },\n );\n\n // Fail-open: use short retry interval (5 min) instead of full TTL\n const retryTimestamp = now - this.#ttlMs + SHORT_RETRY_MS;\n try {\n if (storedPk) {\n await this.#writeEntries(\n pkKey,\n { ...storedPk, lastValidatedAt: retryTimestamp },\n paramEntries.map((e) => ({\n ...e,\n data: { ...e.data, lastValidatedAt: retryTimestamp },\n })),\n );\n }\n } catch (innerErr) {\n this.#logger.warn(\"Failed to update validation timestamps after revalidation error\", {\n chainId: this.#chainId,\n error: toError(innerErr).message,\n });\n }\n this.#lastRevalidatedAt = retryTimestamp;\n return false;\n }\n }\n\n // ── Artifact freshness via HTTP conditional requests ───\n\n async #checkArtifactFreshness(\n url: string,\n cached: { etag?: string; lastModified?: string },\n ): Promise<{ fresh: boolean; etag?: string; lastModified?: string }> {\n const hasValidators = Boolean(cached.etag || cached.lastModified);\n const headers: Record<string, string> = {};\n if (cached.etag) {\n headers[\"If-None-Match\"] = cached.etag;\n }\n if (cached.lastModified) {\n headers[\"If-Modified-Since\"] = cached.lastModified;\n }\n\n // HEAD avoids downloading the (potentially multi-MB) artifact body.\n // With conditional headers, the server returns 304 if unchanged or 200 (no body) if stale.\n let res = await globalThis.fetch(url, { method: \"HEAD\", headers });\n\n // Fallback to GET if HEAD is not supported (e.g. some CDN/WAF configs)\n if (res.status === 405) {\n res = await globalThis.fetch(url, { headers });\n }\n\n // Treat server errors as transient — throw so the outer catch applies fail-open with short retry.\n // Without this, a CDN 5xx would be misinterpreted as \"artifact changed\" and wipe the cache.\n if (!res.ok && res.status !== 304) {\n throw new Error(`Artifact freshness check failed: HEAD ${url} returned ${res.status}`);\n }\n\n const etag = res.headers.get(\"etag\") ?? undefined;\n const lastModified = res.headers.get(\"last-modified\") ?? undefined;\n\n if (res.status === 304) {\n return {\n fresh: true,\n etag: etag ?? cached.etag,\n lastModified: lastModified ?? cached.lastModified,\n };\n }\n\n if (!hasValidators) {\n // First revalidation — capture validators, treat as fresh\n return { fresh: true, etag, lastModified };\n }\n\n // 200 = artifact changed\n return { fresh: false, etag, lastModified };\n }\n\n // ── Internal helpers ────────────────────────────────────\n\n async #collectParamEntries(): Promise<\n Array<{ bits: number; key: string; data: CachedPublicParams }>\n > {\n // Merge in-memory keys with persisted index for cold-start CRS detection\n const idxKey = paramsIndexKey(this.#chainId);\n const persistedBits =\n (await this.#storage.get<number[]>(idxKey).catch((err) => {\n this.#logger.warn(\"Failed to read params index, CRS revalidation may be incomplete\", {\n chainId: this.#chainId,\n error: toError(err).message,\n });\n return null;\n })) ?? [];\n const allBits = new Set([...this.#publicParamsMem.keys(), ...persistedBits]);\n\n const bitsArray = Array.from(allBits);\n const results = await Promise.all(\n bitsArray.map(async (bits) => {\n const pKey = paramsStorageKey(this.#chainId, bits);\n // Separate storage read from validation so we only delete on corruption\n let raw: unknown;\n try {\n raw = await this.#storage.get(pKey);\n } catch (err) {\n this.#logger.warn(\"Failed to read cached params entry during revalidation\", {\n chainId: this.#chainId,\n bits,\n error: toError(err).message,\n });\n return null;\n }\n if (!raw) {\n return null;\n }\n try {\n assertCachedParams(raw);\n return {\n bits,\n key: pKey,\n data: {\n ...raw,\n lastValidatedAt: raw.lastValidatedAt ?? 0,\n } as CachedPublicParams,\n };\n } catch (err) {\n this.#logger.warn(\"Corrupt params cache entry detected, deleting\", {\n chainId: this.#chainId,\n bits,\n error: toError(err).message,\n });\n await this.#deleteQuietly(pKey);\n return null;\n }\n }),\n );\n return results.filter(\n (e): e is { bits: number; key: string; data: CachedPublicParams } => e !== null,\n );\n }\n\n async #deleteQuietly(key: string): Promise<void> {\n await this.#storage.delete(key).catch((err) => {\n this.#logger.warn(\"Failed to delete cache entry\", {\n chainId: this.#chainId,\n key,\n error: toError(err).message,\n });\n });\n }\n\n async #clearAll(pkKey: string, paramEntries: Array<{ key: string }>): Promise<void> {\n const idxKey = paramsIndexKey(this.#chainId);\n // Delete from persistent storage first — if this fails, in-memory cache\n // still serves stale data, but the next revalidation cycle will retry.\n try {\n await Promise.all([\n this.#storage.delete(pkKey),\n this.#storage.delete(idxKey),\n ...paramEntries.map((entry) => this.#storage.delete(entry.key)),\n ]);\n } catch (err) {\n this.#logger.warn(\"Failed to clear stale artifacts from persistent storage\", {\n chainId: this.#chainId,\n error: toError(err).message,\n });\n }\n // Clear in-memory after storage to avoid re-loading stale entries on failure\n this.#publicKeyMem = undefined;\n this.#publicParamsMem.clear();\n }\n\n async #writeEntries(\n pkKey: string,\n pk: CachedPublicKey,\n paramEntries: Array<{ key: string; data: CachedPublicParams }>,\n ): Promise<void> {\n const writes = [\n this.#storage.set(pkKey, pk).catch((err) => {\n this.#logger.warn(\"Failed to update public key validation timestamp\", {\n chainId: this.#chainId,\n error: toError(err).message,\n });\n }),\n ...paramEntries.map((entry) =>\n this.#storage.set(entry.key, entry.data).catch((err) => {\n this.#logger.warn(\"Failed to update params validation timestamp\", {\n chainId: this.#chainId,\n error: toError(err).message,\n });\n }),\n ),\n ];\n await Promise.all(writes);\n }\n}\n","import type {\n InputProofBytesType,\n KeypairType,\n KmsDelegatedUserDecryptEIP712Type,\n ZKProofLike,\n} from \"@zama-fhe/relayer-sdk/bundle\";\nimport type { Address, Hex } from \"viem\";\nimport { ConfigurationError, ZamaError } from \"../errors\";\nimport { IndexedDBStorage } from \"../storage/indexeddb-storage\";\nimport type { GenericStorage } from \"../types\";\nimport { RelayerWorkerClient, type WorkerClientConfig } from \"../worker/worker.client\";\nimport { FheArtifactCache } from \"./fhe-artifact-cache\";\nimport type { RelayerSDK } from \"./relayer-sdk\";\nimport type {\n ClearValueType,\n DelegatedUserDecryptParams,\n EIP712TypedData,\n EncryptParams,\n EncryptResult,\n Handle,\n PublicDecryptResult,\n RelayerSDKStatus,\n RelayerWebConfig,\n UserDecryptParams,\n} from \"./relayer-sdk.types\";\nimport { buildEIP712DomainType, DefaultConfigs, withRetry } from \"./relayer-utils\";\n\n/**\n * Pinned relayer SDK version used for the WASM CDN bundle.\n * Update this when upgrading @zama-fhe/relayer-sdk, and keep the\n * peerDependencies range in package.json in sync (~x.y.z).\n */\nconst RELAYER_SDK_VERSION = \"0.4.2\";\nconst CDN_URL = `https://cdn.zama.org/relayer-sdk-js/${RELAYER_SDK_VERSION}/relayer-sdk-js.umd.cjs`;\n/** SHA-384 hex digest of the pinned CDN bundle for integrity verification. */\nconst CDN_INTEGRITY =\n \"114438b01d518b53a447fa3e8bfbe6e71031cb42ac43219bb9f53488456fdfa4bbc8989628366d436e68f6526c7647eb\";\n\n/**\n * RelayerWeb — browser encryption/decryption layer using a Web Worker.\n * Handles WASM initialization in a Web Worker for non-blocking operations.\n *\n * ## Worker initialization / promise lock pattern\n *\n * Every public method calls `#ensureWorker()` before proceeding.\n * Initialization is managed by three private fields:\n *\n * - `#workerClient` — the live worker instance (null until first init)\n * - `#initPromise` — cached promise from `#initWorker()`; once resolved,\n * all subsequent callers reuse the same worker without re-initializing.\n * Cleared on error so the next caller retries a fresh init.\n * - `#ensureLock` — short-lived promise that serializes concurrent calls\n * to `#ensureWorkerInner()`. While one caller is checking chain IDs and\n * potentially tearing down an old worker, all other callers await the\n * same lock instead of racing through the same logic. Cleared in\n * `finally` so it's never leaked.\n *\n * Chain switching: when `getChainId()` returns a value different from the\n * previously resolved chain, the old worker is terminated, `#initPromise`\n * is cleared, and a fresh worker is created for the new chain — all within\n * the `#ensureLock` critical section.\n */\nexport class RelayerWeb implements RelayerSDK, Disposable {\n #workerClient: RelayerWorkerClient | null = null;\n #initPromise: Promise<RelayerWorkerClient> | null = null;\n #ensureLock: Promise<RelayerWorkerClient> | null = null;\n #terminated = false;\n #resolvedChainId: number | null = null;\n #artifactCache: FheArtifactCache | null = null;\n #artifactStorage: GenericStorage | null = null;\n #status: RelayerSDKStatus = \"idle\";\n #initError: Error | undefined;\n readonly #config: RelayerWebConfig;\n\n constructor(config: RelayerWebConfig) {\n this.#config = config;\n }\n\n /** Current WASM initialization status. */\n get status(): RelayerSDKStatus {\n return this.#status;\n }\n\n /** The error that caused initialization to fail, if `status` is `\"error\"`. */\n get initError(): Error | undefined {\n return this.#initError;\n }\n\n #setStatus(status: RelayerSDKStatus, error?: Error): void {\n this.#status = status;\n this.#initError = error;\n this.#config.onStatusChange?.(status, error);\n }\n\n async #getWorkerConfig(): Promise<WorkerClientConfig> {\n const chainId = await this.#config.getChainId();\n const { transports, security, threads } = this.#config;\n\n if (threads !== undefined && (!Number.isInteger(threads) || threads < 1)) {\n throw new Error(`Invalid thread count: ${threads}. Must be a positive integer.`);\n }\n\n if (threads !== undefined && globalThis.SharedArrayBuffer === undefined) {\n this.#config.logger?.warn(\n \"threads option requires SharedArrayBuffer (COOP/COEP headers). Falling back to single-threaded.\",\n );\n }\n\n return {\n cdnUrl: CDN_URL,\n fhevmConfig: Object.assign({}, DefaultConfigs[chainId], transports[chainId]),\n csrfToken: security?.getCsrfToken?.() ?? \"\",\n integrity: security?.integrityCheck === false ? undefined : CDN_INTEGRITY,\n logger: this.#config.logger,\n // Public API uses `threads` (plural, \"how many threads\"); upstream\n // `initSDK` expects `thread` (singular) — rename at the boundary.\n thread: threads,\n };\n }\n\n /**\n * Ensure the worker is initialized.\n * Uses a promise lock to prevent concurrent initialization.\n * Resets on failure to allow retries.\n */\n async #ensureWorker(): Promise<RelayerWorkerClient> {\n if (this.#ensureLock) {\n return this.#ensureLock;\n }\n this.#ensureLock = this.#ensureWorkerInner();\n try {\n return await this.#ensureLock;\n } finally {\n this.#ensureLock = null;\n }\n }\n\n #tearDown(): void {\n this.#workerClient?.terminate();\n this.#workerClient = null;\n this.#initPromise = null;\n this.#artifactCache = null;\n }\n\n async #ensureWorkerInner(): Promise<RelayerWorkerClient> {\n // Auto-restart after terminate() — supports React StrictMode's\n // unmount→remount cycle and HMR without permanently killing the worker.\n if (this.#terminated) {\n this.#terminated = false;\n this.#workerClient = null;\n this.#initPromise = null;\n this.#resolvedChainId = null;\n }\n\n const chainId = await this.#config.getChainId();\n\n // Chain changed → tear down old worker, re-init\n if (this.#resolvedChainId !== null && chainId !== this.#resolvedChainId) {\n this.#tearDown();\n }\n\n this.#resolvedChainId = chainId;\n\n // Create cache for current chain.\n // Storage is chain-independent — reuse across chain switches.\n if (!this.#artifactStorage) {\n this.#artifactStorage =\n this.#config.fheArtifactStorage ?? new IndexedDBStorage(\"FheArtifactCache\", 1, \"artifacts\");\n }\n if (!this.#artifactCache) {\n const config = Object.assign({}, DefaultConfigs[chainId], this.#config.transports[chainId]);\n this.#artifactCache = new FheArtifactCache({\n storage: this.#artifactStorage,\n chainId,\n relayerUrl: config.relayerUrl,\n ttl: this.#config.fheArtifactCacheTTL,\n logger: this.#config.logger,\n });\n }\n\n // Revalidate cached artifacts if due — never let revalidation block init\n if (this.#artifactCache) {\n let stale = false;\n try {\n stale = await this.#artifactCache.revalidateIfDue();\n } catch (err) {\n this.#config.logger?.warn(\n \"Artifact revalidation failed, proceeding with potentially stale cache\",\n { error: err instanceof Error ? err.message : String(err) },\n );\n }\n if (stale) {\n this.#config.logger?.info(\"Cached FHE artifacts are stale — reinitializing\");\n this.#tearDown();\n }\n }\n\n if (!this.#initPromise) {\n this.#setStatus(\"initializing\");\n this.#initPromise = this.#initWorker()\n .then((client) => {\n this.#setStatus(\"ready\");\n return client;\n })\n .catch((error) => {\n this.#initPromise = null;\n const wrappedError =\n error instanceof ZamaError\n ? error\n : new ConfigurationError(\"Failed to initialize FHE worker\", {\n cause: error,\n });\n this.#setStatus(\"error\", wrappedError);\n throw wrappedError;\n });\n }\n return this.#initPromise;\n }\n\n /**\n * Initialize the worker (called once via promise lock).\n */\n async #initWorker(): Promise<RelayerWorkerClient> {\n const workerConfig = await this.#getWorkerConfig();\n const client = new RelayerWorkerClient(workerConfig);\n await client.initWorker();\n // If terminate() was called while we were initializing, clean up immediately\n if (this.#terminated) {\n client.terminate();\n throw new Error(\"RelayerWeb was terminated during initialization\");\n }\n this.#workerClient = client;\n return client;\n }\n\n /**\n * Terminate the worker and clean up resources.\n * Call this when the SDK is no longer needed.\n */\n terminate(): void {\n this.#terminated = true;\n if (this.#workerClient) {\n this.#workerClient.terminate();\n this.#workerClient = null;\n }\n this.#initPromise = null;\n this.#ensureLock = null;\n }\n\n /** Calls {@link terminate}, shutting down the Web Worker. */\n [Symbol.dispose](): void {\n this.terminate();\n }\n\n /**\n * Refresh the CSRF token in the worker.\n * Call this before making authenticated network requests.\n */\n async #refreshCsrfToken(): Promise<void> {\n if (this.#workerClient) {\n const token = this.#config.security?.getCsrfToken?.() ?? \"\";\n if (token) {\n await this.#workerClient.updateCsrf(token);\n }\n }\n }\n\n /**\n * Generate a keypair for FHE operations.\n */\n async generateKeypair(): Promise<KeypairType<Hex>> {\n const worker = await this.#ensureWorker();\n const result = await worker.generateKeypair();\n return {\n publicKey: result.publicKey,\n privateKey: result.privateKey,\n };\n }\n\n /**\n * Create EIP712 typed data for user decryption authorization.\n */\n async createEIP712(\n publicKey: Hex,\n contractAddresses: Address[],\n startTimestamp: number,\n durationDays = 7,\n ): Promise<EIP712TypedData> {\n const worker = await this.#ensureWorker();\n const result = await worker.createEIP712({\n publicKey,\n contractAddresses,\n startTimestamp,\n durationDays,\n });\n\n const domain = {\n name: result.domain.name,\n version: result.domain.version,\n chainId: result.domain.chainId,\n verifyingContract: result.domain.verifyingContract,\n };\n\n return {\n domain,\n types: {\n EIP712Domain: buildEIP712DomainType(domain),\n UserDecryptRequestVerification: result.types.UserDecryptRequestVerification,\n },\n message: {\n publicKey: result.message.publicKey,\n contractAddresses: result.message.contractAddresses,\n startTimestamp: result.message.startTimestamp,\n durationDays: result.message.durationDays,\n extraData: result.message.extraData,\n },\n };\n }\n\n /**\n * Encrypt values for use in smart contract calls.\n * Each value must specify its FHE type (ebool, euint8–256, eaddress).\n */\n async encrypt(params: EncryptParams): Promise<EncryptResult> {\n const { values, contractAddress, userAddress } = params;\n\n return withRetry(async () => {\n const worker = await this.#ensureWorker();\n await this.#refreshCsrfToken();\n const result = await worker.encrypt({\n values,\n contractAddress,\n userAddress,\n });\n return { handles: result.handles, inputProof: result.inputProof };\n });\n }\n\n /**\n * Decrypt ciphertexts using user's private key.\n * Requires a valid EIP712 signature.\n */\n async userDecrypt(params: UserDecryptParams): Promise<Readonly<Record<Handle, ClearValueType>>> {\n return withRetry(async () => {\n const worker = await this.#ensureWorker();\n await this.#refreshCsrfToken();\n const result = await worker.userDecrypt(params);\n return result.clearValues;\n });\n }\n\n /**\n * Public decryption - no authorization needed.\n * Used for publicly visible encrypted values.\n */\n async publicDecrypt(handles: Handle[]): Promise<PublicDecryptResult> {\n return withRetry(async () => {\n const worker = await this.#ensureWorker();\n await this.#refreshCsrfToken();\n const result = await worker.publicDecrypt(handles);\n return {\n clearValues: result.clearValues,\n abiEncodedClearValues: result.abiEncodedClearValues,\n decryptionProof: result.decryptionProof,\n };\n });\n }\n\n /**\n * Create EIP712 typed data for delegated user decryption authorization.\n */\n async createDelegatedUserDecryptEIP712(\n publicKey: Hex,\n contractAddresses: Address[],\n delegatorAddress: Address,\n startTimestamp: number,\n durationDays = 7,\n ): Promise<KmsDelegatedUserDecryptEIP712Type> {\n const worker = await this.#ensureWorker();\n return worker.createDelegatedUserDecryptEIP712({\n publicKey,\n contractAddresses,\n delegatorAddress,\n startTimestamp,\n durationDays,\n });\n }\n\n /**\n * Decrypt ciphertexts via delegation.\n * Requires a valid EIP712 signature from the delegator.\n */\n async delegatedUserDecrypt(\n params: DelegatedUserDecryptParams,\n ): Promise<Readonly<Record<Handle, ClearValueType>>> {\n return withRetry(async () => {\n const worker = await this.#ensureWorker();\n await this.#refreshCsrfToken();\n const result = await worker.delegatedUserDecrypt(params);\n return result.clearValues;\n });\n }\n\n /**\n * Submit a ZK proof to the relayer for verification.\n */\n async requestZKProofVerification(zkProof: ZKProofLike): Promise<InputProofBytesType> {\n return withRetry(async () => {\n const worker = await this.#ensureWorker();\n await this.#refreshCsrfToken();\n return worker.requestZKProofVerification(zkProof);\n });\n }\n\n /**\n * Get the TFHE compact public key.\n * When storage is configured, the result is cached persistently.\n */\n async getPublicKey(): Promise<{\n publicKeyId: string;\n publicKey: Uint8Array;\n } | null> {\n const worker = await this.#ensureWorker();\n if (this.#artifactCache) {\n return this.#artifactCache.getPublicKey(async () => (await worker.getPublicKey()).result);\n }\n return (await worker.getPublicKey()).result;\n }\n\n /**\n * Get public parameters for encryption capacity.\n * When storage is configured, the result is cached persistently.\n */\n async getPublicParams(\n bits: number,\n ): Promise<{ publicParams: Uint8Array; publicParamsId: string } | null> {\n const worker = await this.#ensureWorker();\n if (this.#artifactCache) {\n return this.#artifactCache.getPublicParams(\n bits,\n async () => (await worker.getPublicParams(bits)).result,\n );\n }\n return (await worker.getPublicParams(bits)).result;\n }\n\n async getAclAddress(): Promise<Address> {\n const chainId = await this.#config.getChainId();\n const config = Object.assign({}, DefaultConfigs[chainId], this.#config.transports[chainId]);\n if (!config.aclContractAddress) {\n throw new ConfigurationError(`No ACL address configured for chain ${chainId}`);\n }\n return config.aclContractAddress as Address;\n }\n}\n","import { getAddress, type Address } from \"viem\";\nimport type { ClearValueType, Handle } from \"./relayer/relayer-sdk.types\";\nimport type { GenericStorage } from \"./types\";\n\n/**\n * Storage-backed cache for decrypted FHE plaintext values.\n *\n * Each entry is keyed by `(requester, contractAddress, handle)` so that\n * different signers cannot read each other's cached decryptions — this\n * mirrors the on-chain ACL where only the handle owner (or delegate) is\n * authorized to decrypt.\n *\n * Addresses are checksummed and handles lowercased, making lookups\n * case-insensitive. A separate index (`zama:decrypt:keys`) tracks all\n * stored cache keys so {@link clearForRequester} and {@link clearAll} can\n * enumerate entries without a full storage scan. Index writes are\n * serialised through a micro-queue to prevent concurrent `set` calls\n * from losing entries.\n *\n * All public methods are **best-effort**: storage errors are caught and\n * swallowed — the cache never throws.\n *\n * Cache storage key format:\n * ```\n * zama:decrypt:{checksumAddress}:{checksumAddress}:{lowercaseHandle}\n * ```\n *\n * Lifecycle:\n * - Populated by {@link ZamaSDK.decrypt} after relayer calls.\n * - Cleared by {@link ZamaSDK.revoke} / {@link ZamaSDK.revokeSession} (per-requester).\n * - Cleared by signer lifecycle events (disconnect, account change, chain change).\n * - Survives page reloads when backed by persistent storage (e.g. IndexedDB).\n */\nexport class DecryptCache {\n readonly #storage: GenericStorage;\n readonly #decryptNamespace = \"zama:decrypt\";\n readonly #decryptKeysNamespace = `${this.#decryptNamespace}:keys`;\n /** Serialises concurrent writes to the keys index. */\n #indexWriteQueue: Promise<void> = Promise.resolve();\n\n constructor(storage: GenericStorage) {\n this.#storage = storage;\n }\n\n /** Returns the cached clear value or `null` on a miss / error. */\n async get(\n requester: Address,\n contractAddress: Address,\n handle: Handle,\n ): Promise<ClearValueType | null> {\n try {\n const key = this.#buildStorageKey(requester, contractAddress, handle);\n return await this.#storage.get<ClearValueType>(key);\n } catch (error) {\n console.warn(\"[zama-sdk] DecryptCache.get failed:\", error); // eslint-disable-line no-console\n return null;\n }\n }\n\n /** Stores `value` for the given `(requester, contractAddress, handle)` tuple. */\n async set(\n requester: Address,\n contractAddress: Address,\n handle: Handle,\n value: ClearValueType,\n ): Promise<void> {\n try {\n const key = this.#buildStorageKey(requester, contractAddress, handle);\n await this.#storage.set<ClearValueType>(key, value);\n // Track the key in the index (serialised to avoid concurrent overwrites)\n this.#indexWriteQueue = this.#indexWriteQueue.then(() =>\n this.#addToIndex(key).catch((error) => {\n console.warn(\"[zama-sdk] DecryptCache index write failed:\", error); // eslint-disable-line no-console\n }),\n );\n await this.#indexWriteQueue;\n } catch (error) {\n console.warn(\"[zama-sdk] DecryptCache.set failed:\", error); // eslint-disable-line no-console\n }\n }\n\n /** Removes all cached entries for the given `requester`. */\n async clearForRequester(requester: Address): Promise<void> {\n // Serialise with the index write queue to avoid racing with concurrent set() calls\n this.#indexWriteQueue = this.#indexWriteQueue.then(() =>\n this.#doClearForRequester(requester).catch((error) => {\n console.warn(\"[zama-sdk] DecryptCache.clearForRequester failed:\", error); // eslint-disable-line no-console\n }),\n );\n await this.#indexWriteQueue;\n }\n\n async #doClearForRequester(requester: Address): Promise<void> {\n const checksumRequester = getAddress(requester);\n const prefix = `${this.#decryptNamespace}:${checksumRequester}:`;\n const keys = await this.#readIndex();\n const toRemove: string[] = [];\n const remaining: string[] = [];\n for (const k of keys) {\n if (k.startsWith(prefix)) {\n toRemove.push(k);\n } else {\n remaining.push(k);\n }\n }\n await Promise.all(toRemove.map((k) => this.#storage.delete(k).catch(() => {})));\n await this.#storage.set(this.#decryptKeysNamespace, remaining);\n }\n\n /** Removes all cached entries. */\n async clearAll(): Promise<void> {\n // Serialise with the index write queue to avoid racing with concurrent set() calls\n this.#indexWriteQueue = this.#indexWriteQueue.then(() =>\n this.#doClearAll().catch((error) => {\n console.warn(\"[zama-sdk] DecryptCache.clearAll failed:\", error); // eslint-disable-line no-console\n }),\n );\n await this.#indexWriteQueue;\n }\n\n async #doClearAll(): Promise<void> {\n const keys = await this.#readIndex();\n await Promise.all(keys.map((k) => this.#storage.delete(k).catch(() => {})));\n await this.#storage.delete(this.#decryptKeysNamespace);\n }\n\n #buildStorageKey(requester: Address, contractAddress: Address, handle: Handle): string {\n return `${this.#decryptNamespace}:${getAddress(requester)}:${getAddress(contractAddress)}:${handle.toLowerCase()}`;\n }\n\n async #readIndex(): Promise<string[]> {\n return (await this.#storage.get<string[]>(this.#decryptKeysNamespace)) ?? [];\n }\n\n async #addToIndex(key: string): Promise<void> {\n const keys = await this.#readIndex();\n if (!keys.includes(key)) {\n keys.push(key);\n await this.#storage.set(this.#decryptKeysNamespace, keys);\n }\n }\n}\n","import type { GenericStorage } from \"../types\";\n\n/** In-memory credential store. Credentials are lost on page reload. */\nexport class MemoryStorage implements GenericStorage {\n #map = new Map<string, unknown>();\n\n async get<T = unknown>(key: string): Promise<T | null> {\n return (this.#map.get(key) as T) ?? null;\n }\n\n async set<T = unknown>(key: string, value: T): Promise<void> {\n this.#map.set(key, value);\n }\n\n async delete(key: string): Promise<void> {\n this.#map.delete(key);\n }\n}\n\n/** Default singleton for application-wide use. */\nexport const memoryStorage = new MemoryStorage();\n","import type { Address, Hex } from \"viem\";\nimport { prefixHex } from \"../utils\";\n\n/** Encrypted data format with IV for AES-GCM decryption. */\nexport interface EncryptedData {\n /** Base64-encoded initialization vector. */\n iv: string;\n /** Base64-encoded ciphertext. */\n ciphertext: string;\n}\n\n/**\n * Manages AES-GCM encryption and decryption of FHE private keys.\n *\n * The encryption key is derived from a wallet signature via PBKDF2\n * (600 000 iterations, SHA-256). The signature is a secret known only\n * to the wallet holder, providing meaningful encryption protection\n * for the stored private key.\n *\n * The derived key is cached internally so that repeated encrypt/decrypt\n * calls with the same (signature, address) pair skip the expensive\n * PBKDF2 derivation.\n */\nexport class CredentialCrypto {\n #cachedDerivedKey: CryptoKey | null = null;\n #cachedDerivedKeyIdentity: string | null = null;\n\n /** Clear the cached derived key. Call when the session is revoked or the signer changes. */\n clearCache(): void {\n this.#cachedDerivedKey = null;\n this.#cachedDerivedKeyIdentity = null;\n }\n\n /** Encrypt an FHE private key using AES-GCM with a key derived from the wallet signature. */\n async encrypt(plaintext: Hex, signature: Hex, address: Address): Promise<EncryptedData> {\n const key = await this.#deriveKey(signature, address);\n const iv = crypto.getRandomValues(new Uint8Array(12));\n const encoder = new TextEncoder();\n\n const ciphertext = await crypto.subtle.encrypt(\n { name: \"AES-GCM\", iv },\n key,\n encoder.encode(plaintext),\n );\n\n return {\n iv: btoa(String.fromCharCode(...iv)),\n ciphertext: btoa(String.fromCharCode(...new Uint8Array(ciphertext))),\n };\n }\n\n /** Decrypt an AES-GCM encrypted FHE private key using a key derived from the wallet signature. */\n async decrypt(encrypted: EncryptedData, signature: Hex, address: Address): Promise<Hex> {\n const key = await this.#deriveKey(signature, address);\n const iv = Uint8Array.from(atob(encrypted.iv), (c) => c.charCodeAt(0));\n const ciphertext = Uint8Array.from(atob(encrypted.ciphertext), (c) => c.charCodeAt(0));\n\n const plaintext = await crypto.subtle.decrypt({ name: \"AES-GCM\", iv }, key, ciphertext);\n\n return prefixHex(new TextDecoder().decode(plaintext));\n }\n\n async #deriveKey(signature: Hex, address: Address): Promise<CryptoKey> {\n const identity = `${signature}:${address}`;\n if (this.#cachedDerivedKey && this.#cachedDerivedKeyIdentity === identity) {\n return this.#cachedDerivedKey;\n }\n\n const encoder = new TextEncoder();\n const keyMaterial = await crypto.subtle.importKey(\n \"raw\",\n encoder.encode(signature),\n \"PBKDF2\",\n false,\n [\"deriveKey\"],\n );\n\n const key = await crypto.subtle.deriveKey(\n {\n name: \"PBKDF2\",\n salt: encoder.encode(address),\n iterations: 600_000,\n hash: \"SHA-256\",\n },\n keyMaterial,\n { name: \"AES-GCM\", length: 256 },\n false,\n [\"encrypt\", \"decrypt\"],\n );\n\n this.#cachedDerivedKeyIdentity = identity;\n this.#cachedDerivedKey = key;\n return key;\n }\n}\n","import { getAddress, isAddress, type Address, type Hex } from \"viem\";\nimport { assertArray, assertCondition, assertObject, assertString } from \"../utils\";\nimport type { EncryptedData } from \"./credential-crypto\";\n\n/** Encrypted credential shape stored in persistent storage (shared base fields). */\nexport interface BaseEncryptedCredentials {\n publicKey: Hex;\n contractAddresses: Address[];\n encryptedPrivateKey: EncryptedData;\n startTimestamp: number;\n durationDays: number;\n}\n\n/**\n * Assert that `data` contains the base encrypted credential fields:\n * publicKey, contractAddresses (valid hex addresses), and encryptedPrivateKey (iv + ciphertext).\n */\nexport function assertBaseEncryptedCredentials(\n data: unknown,\n): asserts data is BaseEncryptedCredentials {\n assertObject(data, \"Stored credentials\");\n assertString(data.publicKey, \"credentials.publicKey\");\n assertArray(data.contractAddresses, \"credentials.contractAddresses\");\n for (const addr of data.contractAddresses) {\n assertCondition(\n typeof addr === \"string\" && isAddress(addr, { strict: false }),\n `Expected each contractAddress to be a valid hex address`,\n );\n }\n assertObject(data.encryptedPrivateKey, \"credentials.encryptedPrivateKey\");\n assertString(data.encryptedPrivateKey.iv, \"encryptedPrivateKey.iv\");\n assertString(data.encryptedPrivateKey.ciphertext, \"encryptedPrivateKey.ciphertext\");\n assertCondition(\n typeof data.startTimestamp === \"number\",\n \"Expected credentials.startTimestamp to be a number\",\n );\n assertCondition(\n typeof data.durationDays === \"number\",\n \"Expected credentials.durationDays to be a number\",\n );\n}\n\n/**\n * Assert that `data` contains the delegated-specific fields:\n * delegatorAddress, delegateAddress (valid addresses), startTimestamp and durationDays (numbers).\n */\nexport function assertDelegatedFields(data: unknown): asserts data is BaseEncryptedCredentials & {\n delegatorAddress: Address;\n delegateAddress: Address;\n} {\n assertBaseEncryptedCredentials(data);\n const obj = data as unknown as Record<string, unknown>;\n assertCondition(\n typeof obj.delegatorAddress === \"string\" && isAddress(obj.delegatorAddress, { strict: false }),\n \"Expected credentials.delegatorAddress to be a valid address\",\n );\n assertCondition(\n typeof obj.delegateAddress === \"string\" && isAddress(obj.delegateAddress, { strict: false }),\n \"Expected credentials.delegateAddress to be a valid address\",\n );\n assertCondition(typeof obj.startTimestamp === \"number\", \"Expected startTimestamp to be a number\");\n assertCondition(typeof obj.durationDays === \"number\", \"Expected durationDays to be a number\");\n}\n\n/** Check if credentials are still within their keypair TTL. */\nexport function isTimeValid(creds: { startTimestamp: number; durationDays: number }): boolean {\n const nowSeconds = Math.floor(Date.now() / 1000);\n const expiresAt = creds.startTimestamp + creds.durationDays * 86400;\n return nowSeconds < expiresAt;\n}\n\n/** Check if the signed address set covers all required addresses. */\nexport function coversContracts(signedAddresses: Address[], requiredContracts: Address[]): boolean {\n const required = new Set(requiredContracts.map((address) => getAddress(address)));\n const signed = new Set(signedAddresses.map((address) => getAddress(address)));\n return required.isSubsetOf(signed);\n}\n\n/**\n * Check if credentials are valid: not time-expired and covering all required contracts.\n */\nexport function isCredentialValid(\n creds: { startTimestamp: number; durationDays: number; contractAddresses: Address[] },\n requiredContracts: Address[],\n): boolean {\n if (!isTimeValid(creds)) {\n return false;\n }\n return coversContracts(creds.contractAddresses, requiredContracts);\n}\n\n/** Deduplicate and sort a list of addresses by their checksummed form. */\nexport function normalizeAddresses(addresses: Address[]): Address[] {\n return [...new Set(addresses.map((address) => getAddress(address)))].toSorted();\n}\n\n/** Compute a truncated SHA-256 store key from arbitrary identity segments. */\nexport async function computeStoreKey(...segments: (string | number)[]): Promise<string> {\n const hash = await crypto.subtle.digest(\n \"SHA-256\",\n new TextEncoder().encode(segments.map(String).join(\":\")),\n );\n return Array.from(new Uint8Array(hash))\n .map((b) => b.toString(16).padStart(2, \"0\"))\n .join(\"\")\n .slice(0, 32);\n}\n","import type { Hex } from \"viem\";\nimport { assertCondition, assertObject, assertString } from \"../utils\";\nimport type { GenericStorage } from \"../types\";\n\n/** Structured session entry stored in session storage. */\nexport interface SessionEntry {\n /** EIP-712 wallet signature authorizing decryption. */\n signature: Hex;\n /** Epoch seconds when the session was created. */\n createdAt: number;\n /** TTL at creation time (not current config). `0` = always expired, `\"infinite\"` = never expires. */\n ttl: number | \"infinite\";\n}\n\n/**\n * Manages session signature entries in a {@link GenericStorage} backend.\n *\n * A session entry caches a wallet signature so that subsequent decrypt\n * operations can reuse it without prompting the user again. The TTL\n * is recorded at creation time so that changing the config later does\n * not retroactively extend or shorten existing sessions.\n */\nexport class SessionSignatures {\n #storage: GenericStorage;\n\n constructor(storage: GenericStorage) {\n this.#storage = storage;\n }\n\n #assertSessionEntry(data: unknown): asserts data is SessionEntry {\n assertObject(data, \"Session entry\");\n assertString(data.signature, \"session.signature\");\n assertCondition(\n typeof data.createdAt === \"number\",\n `Expected session.createdAt to be a number`,\n );\n assertCondition(\n typeof data.ttl === \"number\" || data.ttl === \"infinite\",\n `Expected session.ttl to be a number or \"infinite\"`,\n );\n }\n\n /** Retrieve and validate a session entry, or `null` if none exists. */\n async get(key: string): Promise<SessionEntry | null> {\n const raw = await this.#storage.get<SessionEntry>(key);\n if (raw === null) {\n return null;\n }\n this.#assertSessionEntry(raw);\n return raw;\n }\n\n /** Create and store a session entry with the given TTL. */\n async set(params: { key: string; signature: Hex; ttl: number | \"infinite\" }): Promise<void> {\n const entry: SessionEntry = {\n signature: params.signature,\n createdAt: Math.floor(Date.now() / 1000),\n ttl: params.ttl,\n };\n await this.#storage.set(params.key, entry);\n }\n\n /** Delete a session entry. */\n async delete(key: string): Promise<void> {\n await this.#storage.delete(key);\n }\n\n /**\n * Check if a session entry has expired based on its recorded TTL.\n * - `0` = always expired (every operation triggers a signing prompt).\n * - `\"infinite\"` = never expires.\n * - Positive number = seconds until expiration.\n */\n isExpired(entry: SessionEntry): boolean {\n if (entry.ttl === \"infinite\") {\n return false;\n }\n if (entry.ttl === 0) {\n return true;\n }\n return Math.floor(Date.now() / 1000) - entry.createdAt >= entry.ttl;\n }\n}\n","import type { Address, Hex } from \"viem\";\nimport { ZamaError } from \"../errors/base\";\nimport { wrapSigningError } from \"../errors/signing\";\nimport type { ZamaSDKEventInput, ZamaSDKEventListener } from \"../events/sdk-events\";\nimport { ZamaSDKEvents } from \"../events/sdk-events\";\nimport type { GenericSigner, GenericStorage, StoredCredentials } from \"../types\";\nimport { toError } from \"../utils/error\";\nimport { CredentialCrypto } from \"./credential-crypto\";\nimport type { BaseEncryptedCredentials } from \"./credential-validation\";\nimport {\n coversContracts,\n isCredentialValid,\n isTimeValid,\n normalizeAddresses,\n} from \"./credential-validation\";\nimport { SessionSignatures } from \"./session-signatures\";\n\n/** Shared configuration accepted by both credential manager variants. */\nexport interface CredentialsConfig {\n /** Backend that generates FHE keypairs (public/private). */\n relayer: { generateKeypair(): Promise<{ publicKey: Hex; privateKey: Hex }> };\n /** Wallet signer used for EIP-712 authorization signatures. */\n signer: GenericSigner;\n /** Persistent storage for encrypted credentials. */\n storage: GenericStorage;\n /** Storage for session signatures (shorter-lived than credentials). */\n sessionStorage: GenericStorage;\n /** FHE keypair lifetime in seconds. Defaults to `2592000` (30 days). */\n keypairTTL?: number;\n /** Session signature lifetime. `0` = always re-sign, `\"infinite\"` = never expire. Defaults to `2592000` (30 days). */\n sessionTTL?: number | \"infinite\";\n /** Optional listener for credential lifecycle events. */\n onEvent?: ZamaSDKEventListener;\n}\n\n/** Minimal fields needed to produce an EIP-712 signing request. */\nexport interface SigningMeta {\n /** FHE public key being authorized. */\n publicKey: Hex;\n /** Epoch seconds when the keypair authorization begins. */\n startTimestamp: number;\n /** Number of days the keypair authorization is valid for. */\n durationDays: number;\n /** Delegator address, present only for delegated credentials. */\n delegatorAddress?: string;\n}\n\n/** Options for {@link BaseCredentialsManager.resolveCredentials}. */\ninterface ResolveCredentialsOptions<TCreds> {\n /** Storage key identifying the credential entry. */\n key: string;\n /** Contract addresses the caller needs access to. */\n contracts: Address[];\n /** Deduplication key — concurrent calls with the same key share a single creation promise. */\n createKey: string;\n /** Factory that creates fresh credentials when nothing usable is cached. */\n createFn: () => Promise<TCreds>;\n}\n\n/** Options for {@link BaseCredentialsManager.createCredentials}. */\ninterface CreateCredentialsOptions<TCreds> {\n /** Storage key identifying the credential entry. */\n key: string;\n /** Contract addresses being authorized. */\n contractAddresses: Address[];\n /** Factory that builds the credential payload (keypair + signature). */\n createFn: () => Promise<TCreds>;\n /** Human-readable context included in signing error messages. */\n errorContext: string;\n}\n\n/**\n * Abstract base for credential managers. Contains the entire allow/extend/expire\n * state machine. Subclasses provide the assertion, signing, and encrypt/decrypt\n * hooks that differ between regular and delegated flows.\n *\n * @typeParam TCreds - The in-memory credential shape (includes plaintext privateKey).\n * @typeParam TEncrypted - The on-disk shape (privateKey replaced by encryptedPrivateKey).\n */\nexport abstract class BaseCredentialsManager<\n TCreds extends StoredCredentials,\n TEncrypted extends BaseEncryptedCredentials,\n> {\n protected readonly signer: GenericSigner;\n protected readonly storage: GenericStorage;\n protected readonly sessionSignatures: SessionSignatures;\n protected readonly crypto: CredentialCrypto;\n readonly keypairTTL: number;\n readonly sessionTTL: number | \"infinite\";\n\n #onEvent: ZamaSDKEventListener;\n #createPromise: Promise<TCreds> | null = null;\n #createPromiseKey: string | null = null;\n #extendPromise: Promise<TCreds> | null = null;\n /** Last successfully resolved extension result, used to recover from the race where a\n * concurrent call enters #extendContracts after #extendPromise was already cleared. */\n #lastExtendResult: TCreds | null = null;\n\n constructor(config: CredentialsConfig) {\n this.signer = config.signer;\n this.storage = config.storage;\n this.sessionSignatures = new SessionSignatures(config.sessionStorage);\n this.crypto = new CredentialCrypto();\n this.keypairTTL = config.keypairTTL ?? 2592000;\n this.sessionTTL = config.sessionTTL ?? 2592000;\n this.#onEvent = config.onEvent ?? (() => {});\n\n if (typeof this.keypairTTL === \"number\" && this.keypairTTL < 0) {\n throw new Error(\"keypairTTL must be >= 0\");\n }\n if (typeof this.sessionTTL === \"number\" && this.sessionTTL < 0) {\n throw new Error(\"sessionTTL must be >= 0\");\n }\n if (typeof this.sessionTTL === \"number\" && this.sessionTTL > this.keypairTTL) {\n this.sessionTTL = this.keypairTTL;\n // oxlint-disable-next-line no-console\n console.warn(\n `[zama-sdk] sessionTTL was clamped to keypairTTL (${this.keypairTTL}s). ` +\n \"A session that outlives the keypair causes isAllowed() to return true \" +\n \"after the keypair expires, leading to unexpected wallet prompts.\",\n );\n }\n }\n\n /** Emit a credential lifecycle event, stamped with the current time. */\n protected emit(partial: ZamaSDKEventInput): void {\n this.#onEvent({ ...partial, timestamp: Date.now() } as never);\n }\n\n // ── Abstract hooks ────────────────────────────────────────────\n\n /** Validate that raw storage data matches the expected encrypted shape. */\n protected abstract assertEncrypted(data: unknown): asserts data is TEncrypted;\n\n /** Sign an EIP-712 authorization for the given contract addresses. */\n protected abstract signForContracts(\n meta: SigningMeta,\n contractAddresses: Address[],\n ): Promise<Hex>;\n\n /** Encrypt credentials for persistent storage. */\n protected abstract encryptCredentials(creds: TCreds): Promise<TEncrypted>;\n\n /** Decrypt credentials from persistent storage. */\n protected abstract decryptCredentials(encrypted: TEncrypted, signature: Hex): Promise<TCreds>;\n\n // ── Core credential resolution ────────────────────────────────\n\n /**\n * The allow() state machine: load → validate → extend/re-sign → or create fresh.\n * Subclasses call this from their public `allow()` after computing the key.\n */\n protected async resolveCredentials({\n key,\n contracts,\n createKey,\n createFn,\n }: ResolveCredentialsOptions<TCreds>): Promise<TCreds> {\n this.emit({\n type: ZamaSDKEvents.CredentialsLoading,\n contractAddresses: contracts,\n });\n\n try {\n const encrypted = await this.storage.get<TEncrypted>(key);\n if (encrypted) {\n this.assertEncrypted(encrypted);\n\n const sessionEntry = await this.sessionSignatures.get(key);\n if (sessionEntry) {\n if (this.sessionSignatures.isExpired(sessionEntry)) {\n await this.sessionSignatures.delete(key);\n this.emit({ type: ZamaSDKEvents.SessionExpired, reason: \"ttl\" });\n } else {\n const creds = await this.decryptCredentials(encrypted, sessionEntry.signature);\n if (isCredentialValid(creds, contracts)) {\n this.emit({\n type: ZamaSDKEvents.CredentialsCached,\n contractAddresses: contracts,\n });\n this.emit({\n type: ZamaSDKEvents.CredentialsAllowed,\n contractAddresses: contracts,\n });\n return creds;\n }\n if (isTimeValid(creds)) {\n return this.#extendContracts({\n key,\n credentials: creds,\n requiredContracts: contracts,\n });\n }\n this.emit({\n type: ZamaSDKEvents.CredentialsExpired,\n contractAddresses: contracts,\n });\n }\n }\n\n // No session or expired — need to re-sign\n if (isTimeValid(encrypted)) {\n if (coversContracts(encrypted.contractAddresses, contracts)) {\n const signature = await this.signForContracts(encrypted, encrypted.contractAddresses);\n await this.sessionSignatures.set({\n key,\n signature,\n ttl: this.sessionTTL,\n });\n const creds = await this.decryptCredentials(encrypted, signature);\n this.emit({\n type: ZamaSDKEvents.CredentialsCached,\n contractAddresses: contracts,\n });\n this.emit({\n type: ZamaSDKEvents.CredentialsAllowed,\n contractAddresses: contracts,\n });\n return creds;\n }\n // Time-valid but missing contracts — sign with old set to decrypt, then extend\n const oldSignature = await this.signForContracts(encrypted, encrypted.contractAddresses);\n const creds = await this.decryptCredentials(encrypted, oldSignature);\n return this.#extendContracts({\n key,\n credentials: creds,\n requiredContracts: contracts,\n });\n }\n\n this.emit({\n type: ZamaSDKEvents.CredentialsExpired,\n contractAddresses: contracts,\n });\n }\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n // oxlint-disable-next-line no-console\n console.warn(\"[zama-sdk] Credential resolution failed, recreating:\", error);\n this.emit({\n type: ZamaSDKEvents.CredentialsCorrupted,\n error: toError(error),\n });\n await this.#deleteCredentials(key);\n }\n\n // Nothing cached — create fresh (deduplicated)\n if (!this.#createPromise || this.#createPromiseKey !== createKey) {\n this.#createPromiseKey = createKey;\n this.#createPromise = createFn()\n .then((creds) => {\n this.emit({\n type: ZamaSDKEvents.CredentialsAllowed,\n contractAddresses: contracts,\n });\n return creds;\n })\n .finally(() => {\n this.#createPromise = null;\n this.#createPromiseKey = null;\n });\n }\n return this.#createPromise;\n }\n\n // ── Shared public method implementations ──────────────────────\n\n /**\n * Check whether stored credentials are expired or don't cover the given contract.\n * Returns `true` if stored credentials are expired or corrupted.\n * Returns `false` if no credentials exist yet.\n */\n protected async checkExpired(key: string, contractAddress?: Address): Promise<boolean> {\n try {\n const stored = await this.storage.get<TEncrypted>(key);\n if (!stored) {\n return false;\n }\n this.assertEncrypted(stored);\n const requiredContracts = contractAddress ? [contractAddress] : [];\n return !isCredentialValid(stored, requiredContracts);\n } catch (error) {\n // oxlint-disable-next-line no-console\n console.warn(\"[zama-sdk] isExpired check failed, treating as expired:\", error);\n return true;\n }\n }\n\n /** Delete the session signature and clear caches, forcing a fresh wallet signature on next use. */\n protected async revokeSession(key: string, contractAddresses?: Address[]): Promise<void> {\n await this.sessionSignatures.delete(key);\n this.clearCaches();\n this.emit({\n type: ZamaSDKEvents.CredentialsRevoked,\n ...(contractAddresses ? { contractAddresses } : {}),\n } as ZamaSDKEventInput);\n }\n\n protected async checkAllowed(\n key: string,\n contractAddresses: [Address, ...Address[]],\n ): Promise<boolean> {\n // Runtime guard: credentials are always contract-scoped,\n // so an empty contract list must never resolve to \"allowed\"\n // (the compile-time tuple type can be bypassed via casts).\n if (contractAddresses.length === 0) {\n return false;\n }\n const entry = await this.sessionSignatures.get(key);\n if (entry === null) {\n return false;\n }\n if (this.sessionSignatures.isExpired(entry)) {\n return false;\n }\n try {\n const stored = await this.storage.get<TEncrypted>(key);\n if (!stored) {\n return false;\n }\n this.assertEncrypted(stored);\n return isCredentialValid(stored, contractAddresses);\n } catch {\n return false;\n }\n }\n\n protected async clearAll(key: string): Promise<void> {\n await this.sessionSignatures.delete(key);\n this.clearCaches();\n await this.#deleteCredentials(key);\n }\n\n /** Override to also clear subclass-specific caches (e.g. key cache). */\n protected clearCaches(): void {\n this.crypto.clearCache();\n this.#lastExtendResult = null;\n }\n\n // ── Credential creation helper ────────────────────────────────\n\n /**\n * Shared wrapper for fresh credential creation:\n * emits events, persists, saves session, and wraps signing errors.\n */\n protected async createCredentials({\n key,\n contractAddresses,\n createFn,\n errorContext,\n }: CreateCredentialsOptions<TCreds>): Promise<TCreds> {\n this.emit({ type: ZamaSDKEvents.CredentialsCreating, contractAddresses });\n try {\n const creds = await createFn();\n await this.persistCredentials(key, creds);\n await this.sessionSignatures.set({\n key,\n signature: creds.signature,\n ttl: this.sessionTTL,\n });\n this.emit({ type: ZamaSDKEvents.CredentialsCreated, contractAddresses });\n return creds;\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n return wrapSigningError(error, errorContext);\n }\n }\n\n // ── Contract extension ────────────────────────────────────────\n\n async #extendContracts({\n key,\n credentials,\n requiredContracts,\n }: {\n key: string;\n credentials: TCreds;\n requiredContracts: Address[];\n }): Promise<TCreds> {\n if (this.#extendPromise) {\n const previous = await this.#extendPromise;\n if (coversContracts(previous.contractAddresses, requiredContracts)) {\n this.emit({\n type: ZamaSDKEvents.CredentialsAllowed,\n contractAddresses: requiredContracts,\n });\n return previous;\n }\n credentials = previous;\n } else if (this.#lastExtendResult) {\n // A concurrent extension may have resolved and cleared #extendPromise before\n // this call entered. Use the last known result as the base to avoid dropping\n // contract addresses merged by the just-completed extension.\n const last = this.#lastExtendResult;\n if (coversContracts(last.contractAddresses, requiredContracts)) {\n this.emit({\n type: ZamaSDKEvents.CredentialsAllowed,\n contractAddresses: requiredContracts,\n });\n return last;\n }\n credentials = last;\n }\n\n const promise = this.#extendCredentials({\n key,\n credentials,\n requiredContracts,\n });\n this.#extendPromise = promise;\n try {\n const result = await promise;\n this.#lastExtendResult = result;\n return result;\n } finally {\n if (this.#extendPromise === promise) {\n this.#extendPromise = null;\n }\n }\n }\n\n async #extendCredentials({\n key,\n credentials,\n requiredContracts,\n }: {\n key: string;\n credentials: TCreds;\n requiredContracts: Address[];\n }): Promise<TCreds> {\n const merged = normalizeAddresses([...credentials.contractAddresses, ...requiredContracts]);\n const signature = await this.signForContracts(credentials, merged);\n\n const extended: TCreds = {\n ...credentials,\n contractAddresses: merged,\n signature,\n };\n // Persist ciphertext before session signature to prevent a window where a\n // concurrent reader sees the new signature but finds old ciphertext.\n await this.persistCredentials(key, extended);\n await this.sessionSignatures.set({\n key,\n signature,\n ttl: this.sessionTTL,\n });\n this.emit({\n type: ZamaSDKEvents.CredentialsAllowed,\n contractAddresses: requiredContracts,\n });\n return extended;\n }\n\n protected async persistCredentials(key: string, credentials: TCreds): Promise<void> {\n try {\n const encrypted = await this.encryptCredentials(credentials);\n await this.storage.set(key, encrypted);\n } catch (error) {\n // oxlint-disable-next-line no-console\n console.warn(\"[zama-sdk] Failed to encrypt credentials for persistence:\", error);\n this.emit({\n type: ZamaSDKEvents.CredentialsPersistFailed,\n error: toError(error),\n });\n }\n }\n\n async #deleteCredentials(key: string): Promise<void> {\n try {\n await this.storage.delete(key);\n } catch (error) {\n // oxlint-disable-next-line no-console\n console.warn(\"[zama-sdk] Failed to delete credentials:\", error);\n this.emit({\n type: ZamaSDKEvents.CredentialsPersistFailed,\n error: toError(error),\n });\n }\n }\n}\n","import { getAddress, type Address, type Hex } from \"viem\";\nimport type { RelayerSDK } from \"../relayer/relayer-sdk\";\nimport type { StoredCredentials } from \"../types\";\nimport { MemoryStorage } from \"../storage/memory-storage\";\nimport {\n BaseCredentialsManager,\n type CredentialsConfig,\n type SigningMeta,\n} from \"./credentials-manager-base\";\nimport {\n type BaseEncryptedCredentials,\n assertBaseEncryptedCredentials,\n normalizeAddresses,\n computeStoreKey,\n} from \"./credential-validation\";\n\n/** Internal storage shape — same as BaseEncryptedCredentials. */\ntype EncryptedCredentials = BaseEncryptedCredentials;\n\n/** Configuration for constructing a {@link CredentialsManager}. */\nexport interface CredentialsManagerConfig extends CredentialsConfig {\n /** FHE relayer backend for keypair generation and EIP-712 creation. */\n relayer: RelayerSDK;\n}\n\nfunction hasExtensionRuntimeId(value: unknown): value is { runtime: { id: string } } {\n if (typeof value !== \"object\" || value === null) {\n return false;\n }\n const runtime = Reflect.get(value, \"runtime\");\n if (typeof runtime !== \"object\" || runtime === null) {\n return false;\n }\n return typeof Reflect.get(runtime, \"id\") === \"string\";\n}\n\n/**\n * Manages FHE decrypt credentials for a single wallet.\n * Handles keypair generation, EIP-712 authorization signing, and\n * encrypted persistence scoped to a (wallet address, chain ID) pair.\n */\nexport class CredentialsManager extends BaseCredentialsManager<\n StoredCredentials,\n EncryptedCredentials\n> {\n #relayer: RelayerSDK;\n #cachedStoreKey: string | null = null;\n #cachedStoreKeyIdentity: string | null = null;\n\n /** Derive the deterministic storage key for a given wallet address and chain. */\n static async computeStoreKey(address: Address, chainId: number): Promise<string> {\n return computeStoreKey(getAddress(address), chainId);\n }\n\n constructor(config: CredentialsManagerConfig) {\n super(config);\n this.#relayer = config.relayer;\n\n // Warn when using in-memory session storage inside a Chrome extension context\n const chromeNamespace =\n typeof globalThis !== \"undefined\" ? Reflect.get(globalThis, \"chrome\") : undefined;\n if (hasExtensionRuntimeId(chromeNamespace) && config.sessionStorage instanceof MemoryStorage) {\n // oxlint-disable-next-line no-console\n console.warn(\n \"[zama-sdk] Detected Chrome extension context with in-memory session storage. \" +\n \"Session signatures will be lost on service worker restart and won't be shared across contexts. \" +\n \"Consider using chromeSessionStorage instead. \",\n );\n }\n }\n\n // ── Public API ────────────────────────────────────────────────\n\n /**\n * Authorize FHE credentials for one or more contract addresses.\n *\n * @throws {@link SigningRejectedError} if the user rejects the wallet signature prompt.\n * @throws {@link SigningFailedError} if the signing operation fails for any other reason.\n */\n async allow(...contractAddresses: Address[]): Promise<StoredCredentials> {\n const normalized = normalizeAddresses(contractAddresses);\n const key = await this.#storeKey();\n return this.resolveCredentials({\n key,\n contracts: normalized,\n createKey: normalized.join(\",\"),\n createFn: () => this.create(normalized),\n });\n }\n\n /** Check if stored credentials are expired or unusable. */\n async isExpired(contractAddress?: Address): Promise<boolean> {\n return this.checkExpired(await this.#storeKey(), contractAddress);\n }\n\n /** Revoke the session signature. Next decrypt requires a fresh wallet signature. */\n async revoke(...contractAddresses: Address[]): Promise<void> {\n await this.revokeSession(\n await this.#storeKey(),\n contractAddresses.length > 0 ? contractAddresses : undefined,\n );\n }\n\n /** Revoke the session signature for a pre-computed store key. */\n async revokeByKey(key: string): Promise<void> {\n await this.revokeSession(key);\n }\n\n /** Whether a session signature is currently cached and covers the given contracts. */\n async isAllowed(contractAddresses: [Address, ...Address[]]): Promise<boolean> {\n return this.checkAllowed(await this.#storeKey(), contractAddresses);\n }\n\n /** Delete stored credentials (best-effort). */\n async clear(): Promise<void> {\n await this.clearAll(await this.#storeKey());\n }\n\n /**\n * Generate a fresh FHE keypair, create an EIP-712 authorization, and\n * prompt the user to sign it.\n */\n async create(contractAddresses: Address[]): Promise<StoredCredentials> {\n const normalized = normalizeAddresses(contractAddresses);\n const key = await this.#storeKey();\n return this.createCredentials({\n key,\n contractAddresses: normalized,\n createFn: async () => {\n const keypair = await this.#relayer.generateKeypair();\n const startTimestamp = Math.floor(Date.now() / 1000);\n const durationDays = Math.ceil(this.keypairTTL / 86400);\n\n const eip712 = await this.#relayer.createEIP712(\n keypair.publicKey,\n normalized,\n startTimestamp,\n durationDays,\n );\n const signature = await this.signer.signTypedData(eip712);\n\n return {\n publicKey: keypair.publicKey,\n privateKey: keypair.privateKey,\n signature,\n contractAddresses: normalized,\n startTimestamp,\n durationDays,\n };\n },\n errorContext: \"Failed to create decrypt credentials\",\n });\n }\n\n // ── Abstract implementations ──────────────────────────────────\n\n protected assertEncrypted(data: unknown): asserts data is EncryptedCredentials {\n assertBaseEncryptedCredentials(data);\n }\n\n protected async signForContracts(meta: SigningMeta, contractAddresses: Address[]): Promise<Hex> {\n const eip712 = await this.#relayer.createEIP712(\n meta.publicKey,\n contractAddresses,\n meta.startTimestamp,\n meta.durationDays,\n );\n return this.signer.signTypedData(eip712);\n }\n\n protected async encryptCredentials(creds: StoredCredentials): Promise<EncryptedCredentials> {\n const address = await this.signer.getAddress();\n const encryptedPrivateKey = await this.crypto.encrypt(\n creds.privateKey,\n creds.signature,\n address,\n );\n const { privateKey: _, signature: _sig, ...rest } = creds;\n return { ...rest, encryptedPrivateKey };\n }\n\n protected async decryptCredentials(\n encrypted: EncryptedCredentials,\n signature: Hex,\n ): Promise<StoredCredentials> {\n const address = await this.signer.getAddress();\n const privateKey = await this.crypto.decrypt(encrypted.encryptedPrivateKey, signature, address);\n const { encryptedPrivateKey: _, ...rest } = encrypted;\n return { ...rest, privateKey, signature };\n }\n\n protected override clearCaches(): void {\n this.#cachedStoreKey = null;\n this.#cachedStoreKeyIdentity = null;\n super.clearCaches();\n }\n\n // ── Store key ─────────────────────────────────────────────────\n\n async #storeKey(): Promise<string> {\n const address = await this.signer.getAddress();\n const chainId = await this.signer.getChainId();\n const identity = `${getAddress(address)}:${chainId}`;\n if (this.#cachedStoreKey && this.#cachedStoreKeyIdentity === identity) {\n return this.#cachedStoreKey;\n }\n const key = await CredentialsManager.computeStoreKey(address, chainId);\n this.#cachedStoreKeyIdentity = identity;\n this.#cachedStoreKey = key;\n return key;\n }\n}\n","import { getAddress, type Address, type Hex } from \"viem\";\nimport type { RelayerSDK } from \"../relayer/relayer-sdk\";\nimport type { DelegatedStoredCredentials } from \"../types\";\nimport {\n BaseCredentialsManager,\n type CredentialsConfig,\n type SigningMeta,\n} from \"./credentials-manager-base\";\nimport {\n type BaseEncryptedCredentials,\n assertDelegatedFields,\n normalizeAddresses,\n computeStoreKey,\n} from \"./credential-validation\";\n\n/** Internal storage shape — base fields plus delegator/delegate addresses. */\ninterface EncryptedCredentials extends BaseEncryptedCredentials {\n delegatorAddress: Address;\n delegateAddress: Address;\n}\n\n/** Configuration for constructing a {@link DelegatedCredentialsManager}. */\nexport interface DelegatedCredentialsManagerConfig extends CredentialsConfig {\n /** FHE relayer backend for keypair generation and delegated EIP-712 creation. */\n relayer: RelayerSDK;\n}\n\n/** Signing metadata for delegated credentials, adding the delegator's address. */\nexport interface DelegatedSigningMeta extends SigningMeta {\n /** On-chain address of the account that delegated decryption rights. */\n delegatorAddress: Address;\n}\n\n/**\n * Manages FHE decrypt credentials for delegated decryption.\n * Scoped to a (delegate, delegator) pair.\n */\nexport class DelegatedCredentialsManager extends BaseCredentialsManager<\n DelegatedStoredCredentials,\n EncryptedCredentials\n> {\n #relayer: RelayerSDK;\n #cachedStoreKey: string | null = null;\n #cachedStoreKeyIdentity: string | null = null;\n\n /** Derive the deterministic storage key for a (delegate, delegator, chain) triple. */\n static async computeStoreKey(\n delegateAddress: Address,\n delegatorAddress: Address,\n chainId: number,\n ): Promise<string> {\n return computeStoreKey(getAddress(delegateAddress), getAddress(delegatorAddress), chainId);\n }\n\n constructor(config: DelegatedCredentialsManagerConfig) {\n super(config);\n this.#relayer = config.relayer;\n }\n\n // ── Public API ────────────────────────────────────────────────\n\n /**\n * Authorize FHE delegated credentials for one or more contract addresses.\n *\n * @throws {@link SigningRejectedError} if the user rejects the wallet signature prompt.\n * @throws {@link SigningFailedError} if the signing operation fails for any other reason.\n */\n async allow(\n delegatorAddress: Address,\n ...contractAddresses: Address[]\n ): Promise<DelegatedStoredCredentials> {\n const normalizedDelegator = getAddress(delegatorAddress);\n const normalized = normalizeAddresses(contractAddresses);\n const key = await this.#storeKey(normalizedDelegator);\n return this.resolveCredentials({\n key,\n contracts: normalized,\n createKey: `${normalizedDelegator}:${normalized.join(\",\")}`,\n createFn: () => this.#create(normalizedDelegator, normalized),\n });\n }\n\n /** Check if stored delegated credentials are expired or unusable. */\n async isExpired(delegatorAddress: Address, contractAddress?: Address): Promise<boolean> {\n return this.checkExpired(await this.#storeKey(getAddress(delegatorAddress)), contractAddress);\n }\n\n /** Revoke the session signature for a delegator. */\n async revoke(delegatorAddress: Address): Promise<void> {\n await this.revokeSession(await this.#storeKey(getAddress(delegatorAddress)));\n }\n\n /** Whether a session signature is currently cached and covers the given contracts. */\n async isAllowed(\n delegatorAddress: Address,\n contractAddresses: [Address, ...Address[]],\n ): Promise<boolean> {\n return this.checkAllowed(await this.#storeKey(getAddress(delegatorAddress)), contractAddresses);\n }\n\n /** Delete stored credentials for a delegator (best-effort). */\n async clear(delegatorAddress: Address): Promise<void> {\n await this.clearAll(await this.#storeKey(getAddress(delegatorAddress)));\n }\n\n // ── Credential creation ───────────────────────────────────────\n\n async #create(\n delegatorAddress: Address,\n contractAddresses: Address[],\n ): Promise<DelegatedStoredCredentials> {\n const key = await this.#storeKey(delegatorAddress);\n return this.createCredentials({\n key,\n contractAddresses,\n createFn: async () => {\n const keypair = await this.#relayer.generateKeypair();\n const delegateAddress = await this.signer.getAddress();\n const startTimestamp = Math.floor(Date.now() / 1000);\n const durationDays = Math.ceil(this.keypairTTL / 86400);\n\n const meta = {\n publicKey: keypair.publicKey,\n startTimestamp,\n durationDays,\n delegatorAddress,\n };\n const signature = await this.#signDelegated(meta, contractAddresses);\n\n return {\n publicKey: keypair.publicKey,\n privateKey: keypair.privateKey,\n signature,\n contractAddresses,\n startTimestamp,\n durationDays,\n delegatorAddress,\n delegateAddress,\n };\n },\n errorContext: \"Failed to create delegated decrypt credentials\",\n });\n }\n\n // ── Abstract implementations ──────────────────────────────────\n\n protected assertEncrypted(data: unknown): asserts data is EncryptedCredentials {\n assertDelegatedFields(data);\n }\n\n protected async signForContracts(\n meta: DelegatedSigningMeta,\n contractAddresses: Address[],\n ): Promise<Hex> {\n return this.#signDelegated(meta, contractAddresses);\n }\n\n protected async encryptCredentials(\n creds: DelegatedStoredCredentials,\n ): Promise<EncryptedCredentials> {\n const address = await this.signer.getAddress();\n const encryptedPrivateKey = await this.crypto.encrypt(\n creds.privateKey,\n creds.signature,\n address,\n );\n const { privateKey: _, signature: _sig, ...rest } = creds;\n return { ...rest, encryptedPrivateKey };\n }\n\n protected async decryptCredentials(\n encrypted: EncryptedCredentials,\n signature: Hex,\n ): Promise<DelegatedStoredCredentials> {\n const address = await this.signer.getAddress();\n const privateKey = await this.crypto.decrypt(encrypted.encryptedPrivateKey, signature, address);\n const { encryptedPrivateKey: _, ...rest } = encrypted;\n return { ...rest, privateKey, signature };\n }\n\n protected override clearCaches(): void {\n this.#cachedStoreKey = null;\n this.#cachedStoreKeyIdentity = null;\n super.clearCaches();\n }\n\n // ── Private helpers ───────────────────────────────────────────\n\n async #storeKey(delegatorAddress: Address): Promise<string> {\n const delegateAddress = await this.signer.getAddress();\n const chainId = await this.signer.getChainId();\n const identity = `${getAddress(delegateAddress)}:${getAddress(delegatorAddress)}:${chainId}`;\n if (this.#cachedStoreKey && this.#cachedStoreKeyIdentity === identity) {\n return this.#cachedStoreKey;\n }\n const key = await DelegatedCredentialsManager.computeStoreKey(\n delegateAddress,\n delegatorAddress,\n chainId,\n );\n this.#cachedStoreKeyIdentity = identity;\n this.#cachedStoreKey = key;\n return key;\n }\n\n async #signDelegated(meta: DelegatedSigningMeta, contractAddresses: Address[]): Promise<Hex> {\n const delegatedEIP712 = await this.#relayer.createDelegatedUserDecryptEIP712(\n meta.publicKey,\n contractAddresses,\n meta.delegatorAddress,\n meta.startTimestamp,\n meta.durationDays,\n );\n return this.signer.signTypedData({\n domain: {\n ...delegatedEIP712.domain,\n chainId: Number(delegatedEIP712.domain.chainId),\n },\n types: delegatedEIP712.types,\n message: {\n ...delegatedEIP712.message,\n startTimestamp: BigInt(delegatedEIP712.message.startTimestamp),\n durationDays: BigInt(delegatedEIP712.message.durationDays),\n },\n });\n }\n}\n","import { type Address, getAddress, type Hex } from \"viem\";\nimport {\n allowanceContract,\n approveContract,\n balanceOfContract,\n confidentialTransferContract,\n confidentialTransferFromContract,\n delegateForUserDecryptionContract,\n finalizeUnwrapContract,\n isOperatorContract,\n MAX_UINT64,\n revokeDelegationContract,\n setOperatorContract,\n underlyingContract,\n unwrapContract,\n unwrapFromBalanceContract,\n wrapContract,\n} from \"../contracts\";\nimport { findUnwrapRequested } from \"../events/onchain-events\";\nimport { ZamaSDKEvents } from \"../events/sdk-events\";\nimport type { Handle } from \"../relayer/relayer-sdk.types\";\nimport { toError } from \"../utils\";\nimport {\n ApprovalFailedError,\n BalanceCheckUnavailableError,\n DecryptionFailedError,\n ERC20ReadFailedError,\n DelegationDelegateEqualsContractError,\n DelegationExpirationTooSoonError,\n DelegationExpiryUnchangedError,\n DelegationNotFoundError,\n DelegationSelfNotAllowedError,\n EncryptionFailedError,\n InsufficientConfidentialBalanceError,\n InsufficientERC20BalanceError,\n TransactionRevertedError,\n ZamaError,\n matchAclRevert,\n} from \"../errors\";\nimport { isZeroHandle } from \"../utils/handles\";\nimport { ReadonlyToken } from \"./readonly-token\";\nimport type {\n ShieldCallbacks,\n ShieldOptions,\n TransactionResult,\n TransferCallbacks,\n TransferOptions,\n UnshieldCallbacks,\n UnshieldOptions,\n} from \"../types\";\nimport type { ZamaSDK } from \"../zama-sdk\";\nimport { assertBigint } from \"../utils/assertions\";\n\n/**\n * ERC-20-like interface for a single confidential token.\n * Hides all FHE complexity (encryption, decryption, EIP-712 signing)\n * behind familiar methods.\n *\n * Extends {@link ReadonlyToken} with write operations\n * (transfer, shield, unshield).\n */\nexport class Token extends ReadonlyToken {\n static readonly ZERO_ADDRESS: Address = \"0x0000000000000000000000000000000000000000\";\n\n readonly wrapper: Address;\n #underlying: Address | undefined;\n #underlyingPromise: Promise<Address> | null = null;\n\n constructor(sdk: ZamaSDK, address: Address, wrapper?: Address) {\n super(sdk, address);\n this.wrapper = wrapper ? getAddress(wrapper) : this.address;\n }\n\n async #getUnderlying(): Promise<Address> {\n if (this.#underlying !== undefined) {\n return this.#underlying;\n }\n if (!this.#underlyingPromise) {\n this.#underlyingPromise = this.sdk.signer\n .readContract(underlyingContract(this.wrapper))\n .then((v) => {\n this.#underlying = v;\n this.#underlyingPromise = null;\n return v;\n })\n .catch((error) => {\n this.#underlyingPromise = null;\n throw error;\n });\n }\n return this.#underlyingPromise;\n }\n\n // WRITE OPERATIONS\n\n /**\n * Confidential transfer. Encrypts the amount via FHE, then calls the contract.\n * Returns the transaction hash.\n *\n * By default, the SDK validates the confidential balance before submitting.\n * If a cached plaintext balance exists it is used; otherwise, if credentials\n * are cached, it decrypts on the fly. Set `skipBalanceCheck: true` to bypass\n * this validation (e.g. for smart wallets).\n *\n * @param to - Recipient address.\n * @param amount - Plaintext amount to transfer (encrypted automatically via FHE).\n * @param options - Optional: `skipBalanceCheck` (default `false`).\n * @returns The transaction hash and mined receipt.\n * @throws {@link InsufficientConfidentialBalanceError} if the confidential balance is less than `amount`.\n * @throws {@link BalanceCheckUnavailableError} if balance validation is required but decryption is not possible (no cached credentials).\n * @throws {@link EncryptionFailedError} if FHE encryption fails.\n * @throws {@link TransactionRevertedError} if the on-chain transfer reverts.\n *\n * @example\n * ```ts\n * const txHash = await token.confidentialTransfer(\"0xRecipient\", 1000n);\n * // Smart wallet (skip balance check):\n * const txHash = await token.confidentialTransfer(\"0xRecipient\", 1000n, { skipBalanceCheck: true });\n * ```\n */\n async confidentialTransfer(\n to: Address,\n amount: bigint,\n options?: TransferOptions,\n ): Promise<TransactionResult> {\n const { skipBalanceCheck = false, onEncryptComplete, onTransferSubmitted } = options ?? {};\n\n const normalizedTo = getAddress(to);\n\n if (!skipBalanceCheck) {\n await this.#assertConfidentialBalance(amount);\n }\n\n let handles: Uint8Array[];\n let inputProof: Uint8Array;\n const t0 = Date.now();\n try {\n this.emit({ type: ZamaSDKEvents.EncryptStart });\n ({ handles, inputProof } = await this.sdk.relayer.encrypt({\n values: [{ value: amount, type: \"euint64\" }],\n contractAddress: this.address,\n userAddress: await this.sdk.signer.getAddress(),\n }));\n this.emit({\n type: ZamaSDKEvents.EncryptEnd,\n durationMs: Date.now() - t0,\n });\n safeCallback(() => onEncryptComplete?.());\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.EncryptError,\n error: toError(error),\n durationMs: Date.now() - t0,\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new EncryptionFailedError(\"Failed to encrypt transfer amount\", {\n cause: error,\n });\n }\n\n if (handles.length === 0) {\n throw new EncryptionFailedError(\"Encryption returned no handles\");\n }\n\n try {\n const txHash = await this.sdk.signer.writeContract(\n confidentialTransferContract(this.address, normalizedTo, handles[0]!, inputProof),\n );\n this.emit({ type: ZamaSDKEvents.TransferSubmitted, txHash });\n safeCallback(() => onTransferSubmitted?.(txHash));\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"transfer\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"Transfer transaction failed\", {\n cause: error,\n });\n }\n }\n\n /**\n * Operator encrypted transfer on behalf of another address.\n * The caller must be an approved operator for `from`.\n *\n * @param from - The address to transfer from (caller must be an approved operator).\n * @param to - Recipient address.\n * @param amount - Plaintext amount to transfer (encrypted automatically via FHE).\n * @returns The transaction hash and mined receipt.\n * @throws {@link EncryptionFailedError} if FHE encryption fails.\n * @throws {@link TransactionRevertedError} if the on-chain transfer reverts.\n *\n * @example\n * ```ts\n * const txHash = await token.confidentialTransferFrom(\"0xFrom\", \"0xTo\", 500n);\n * ```\n */\n async confidentialTransferFrom(\n from: Address,\n to: Address,\n amount: bigint,\n callbacks?: TransferCallbacks,\n ): Promise<TransactionResult> {\n const normalizedFrom = getAddress(from);\n const normalizedTo = getAddress(to);\n\n let handles: Uint8Array[];\n let inputProof: Uint8Array;\n const t0 = Date.now();\n try {\n this.emit({ type: ZamaSDKEvents.EncryptStart });\n ({ handles, inputProof } = await this.sdk.relayer.encrypt({\n values: [{ value: amount, type: \"euint64\" }],\n contractAddress: this.address,\n userAddress: normalizedFrom,\n }));\n this.emit({\n type: ZamaSDKEvents.EncryptEnd,\n durationMs: Date.now() - t0,\n });\n safeCallback(() => callbacks?.onEncryptComplete?.());\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.EncryptError,\n error: toError(error),\n durationMs: Date.now() - t0,\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new EncryptionFailedError(\"Failed to encrypt transferFrom amount\", {\n cause: error,\n });\n }\n\n if (handles.length === 0) {\n throw new EncryptionFailedError(\"Encryption returned no handles\");\n }\n\n try {\n const txHash = await this.sdk.signer.writeContract(\n confidentialTransferFromContract(\n this.address,\n normalizedFrom,\n normalizedTo,\n handles[0]!,\n inputProof,\n ),\n );\n this.emit({ type: ZamaSDKEvents.TransferFromSubmitted, txHash });\n safeCallback(() => callbacks?.onTransferSubmitted?.(txHash));\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"transferFrom\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"TransferFrom transaction failed\", {\n cause: error,\n });\n }\n }\n\n /**\n * Set operator approval for the confidential token.\n * Defaults to 1 hour from now if `until` is not specified.\n *\n * @param spender - The address to approve as an operator.\n * @param until - Optional Unix timestamp for approval expiry. Defaults to now + 1 hour.\n * @returns The transaction hash and mined receipt.\n * @throws {@link ApprovalFailedError} if the approval transaction fails.\n *\n * @example\n * ```ts\n * const txHash = await token.approve(\"0xSpender\");\n * ```\n */\n async approve(spender: Address, until?: number): Promise<TransactionResult> {\n const normalizedSpender = getAddress(spender);\n try {\n const txHash = await this.sdk.signer.writeContract(\n setOperatorContract(this.address, normalizedSpender, until),\n );\n this.emit({ type: ZamaSDKEvents.ApproveSubmitted, txHash });\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"approve\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new ApprovalFailedError(\"Operator approval failed\", {\n cause: error,\n });\n }\n }\n\n /**\n * Check if a spender is an approved operator for a given holder.\n *\n * @param spender - The address to check operator approval for.\n * @param holder - The token holder address. Defaults to the connected wallet.\n * @returns `true` if the spender is an approved operator for the holder.\n *\n * @example\n * ```ts\n * if (await token.isApproved(\"0xSpender\")) {\n * // spender can call transferFrom on behalf of connected wallet\n * }\n * // or check for a specific holder:\n * if (await token.isApproved(\"0xSpender\", \"0xHolder\")) { ... }\n * ```\n */\n async isApproved(spender: Address, holder?: Address): Promise<boolean> {\n const normalizedSpender = getAddress(spender);\n const resolvedHolder = holder ? getAddress(holder) : await this.sdk.signer.getAddress();\n return this.sdk.signer.readContract(\n isOperatorContract(this.address, resolvedHolder, normalizedSpender),\n );\n }\n\n /**\n * Shield public ERC-20 tokens into confidential tokens.\n * Handles ERC-20 approval automatically based on `approvalStrategy`\n * (`\"exact\"` by default, `\"max\"` for unlimited approval, `\"skip\"` to opt out).\n *\n * The ERC-20 balance is validated before submitting (public read, no signing\n * required).\n *\n * @param amount - The plaintext amount to shield.\n * @param options - Optional configuration: `approvalStrategy` (`\"exact\"` | `\"max\"` | `\"skip\"`, default `\"exact\"`).\n * @returns The transaction hash and mined receipt.\n * @throws {@link InsufficientERC20BalanceError} if the ERC-20 balance is less than `amount`.\n * @throws {@link ApprovalFailedError} if the ERC-20 approval step fails.\n * @throws {@link TransactionRevertedError} if the shield transaction reverts.\n *\n * @example\n * ```ts\n * const txHash = await token.shield(1000n);\n * // or with exact approval:\n * const txHash = await token.shield(1000n, { approvalStrategy: \"exact\" });\n * ```\n */\n async shield(amount: bigint, options?: ShieldOptions): Promise<TransactionResult> {\n const underlying = await this.#getUnderlying();\n\n // ERC-20 balance check always runs (public read, no signing needed, works for all wallet types)\n let erc20Balance: bigint;\n try {\n const userAddress = await this.sdk.signer.getAddress();\n erc20Balance = await this.sdk.signer.readContract(balanceOfContract(underlying, userAddress));\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new ERC20ReadFailedError(\n `Could not read ERC-20 balance for shield validation (token: ${underlying})`,\n { cause: toError(error) },\n );\n }\n if (erc20Balance < amount) {\n throw new InsufficientERC20BalanceError(\n `Insufficient ERC-20 balance: requested ${amount}, available ${erc20Balance} (token: ${underlying})`,\n { requested: amount, available: erc20Balance, token: underlying },\n );\n }\n\n const strategy = options?.approvalStrategy ?? \"exact\";\n if (strategy !== \"skip\") {\n await this.#ensureAllowance(amount, strategy === \"max\", options);\n }\n\n try {\n const recipient = options?.to ? getAddress(options.to) : await this.sdk.signer.getAddress();\n const txHash = await this.sdk.signer.writeContract(\n wrapContract(this.wrapper, recipient, amount),\n );\n this.emit({ type: ZamaSDKEvents.ShieldSubmitted, txHash });\n safeCallback(() => options?.onShieldSubmitted?.(txHash));\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"shield\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"Shield transaction failed\", {\n cause: error,\n });\n }\n }\n\n /**\n * Request an unwrap for a specific amount. Encrypts the amount first.\n * Call {@link finalizeUnwrap} after the request is processed on-chain.\n *\n * @param amount - The plaintext amount to unwrap (encrypted automatically).\n * @returns The transaction hash and mined receipt.\n * @throws {@link EncryptionFailedError} if FHE encryption fails.\n * @throws {@link TransactionRevertedError} if the unwrap transaction reverts.\n *\n * @example\n * ```ts\n * const txHash = await token.unwrap(500n);\n * ```\n */\n async unwrap(amount: bigint): Promise<TransactionResult> {\n const userAddress = await this.sdk.signer.getAddress();\n\n let handles: Uint8Array[];\n let inputProof: Uint8Array;\n const t0 = Date.now();\n try {\n this.emit({ type: ZamaSDKEvents.EncryptStart });\n ({ handles, inputProof } = await this.sdk.relayer.encrypt({\n values: [{ value: amount, type: \"euint64\" }],\n contractAddress: this.wrapper,\n userAddress,\n }));\n this.emit({\n type: ZamaSDKEvents.EncryptEnd,\n durationMs: Date.now() - t0,\n });\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.EncryptError,\n error: toError(error),\n durationMs: Date.now() - t0,\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new EncryptionFailedError(\"Failed to encrypt unshield amount\", {\n cause: error,\n });\n }\n\n if (handles.length === 0) {\n throw new EncryptionFailedError(\"Encryption returned no handles\");\n }\n\n try {\n const txHash = await this.sdk.signer.writeContract(\n unwrapContract(this.address, userAddress, userAddress, handles[0]!, inputProof),\n );\n this.emit({ type: ZamaSDKEvents.UnwrapSubmitted, txHash });\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"unwrap\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"Unshield transaction failed\", {\n cause: error,\n });\n }\n }\n\n /**\n * Request an unwrap for the entire confidential balance.\n * Uses the on-chain balance handle directly (no encryption needed).\n * Throws if the balance is zero.\n *\n * @returns The transaction hash and mined receipt.\n * @throws {@link DecryptionFailedError} if the balance is zero.\n * @throws {@link TransactionRevertedError} if the unwrap transaction reverts.\n *\n * @example\n * ```ts\n * const txHash = await token.unwrapAll();\n * ```\n */\n async unwrapAll(): Promise<TransactionResult> {\n const userAddress = await this.sdk.signer.getAddress();\n const handle = await this.readConfidentialBalanceOf(userAddress);\n\n if (isZeroHandle(handle)) {\n throw new DecryptionFailedError(\"Cannot unshield: balance is zero\");\n }\n\n try {\n const txHash = await this.sdk.signer.writeContract(\n unwrapFromBalanceContract(this.address, userAddress, userAddress, handle),\n );\n this.emit({ type: ZamaSDKEvents.UnwrapSubmitted, txHash });\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"unwrap\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"Unshield-all transaction failed\", {\n cause: error,\n });\n }\n }\n\n /**\n * Unshield a specific amount and finalize in one call.\n * Orchestrates: unshield → wait for receipt → parse event → finalize.\n *\n * By default, the SDK validates the confidential balance before submitting.\n * Set `skipBalanceCheck: true` to bypass this validation (e.g. for smart wallets).\n *\n * @param amount - The plaintext amount to unshield.\n * @param options - Optional: `skipBalanceCheck` (default `false`), `callbacks`.\n * @returns The finalize transaction hash and mined receipt.\n * @throws {@link InsufficientConfidentialBalanceError} if the confidential balance is less than `amount`.\n * @throws {@link BalanceCheckUnavailableError} if balance validation is required but decryption is not possible.\n * @throws {@link EncryptionFailedError} if FHE encryption fails.\n * @throws {@link TransactionRevertedError} if any transaction in the flow reverts.\n *\n * @example\n * ```ts\n * const txHash = await token.unshield(500n);\n * // Smart wallet (skip balance check):\n * const txHash = await token.unshield(500n, { skipBalanceCheck: true });\n * ```\n */\n async unshield(amount: bigint, options?: UnshieldOptions): Promise<TransactionResult> {\n const {\n skipBalanceCheck = false,\n onUnwrapSubmitted,\n onFinalizing,\n onFinalizeSubmitted,\n } = options ?? {};\n\n if (!skipBalanceCheck) {\n await this.#assertConfidentialBalance(amount);\n }\n\n const callbacks: UnshieldCallbacks = {\n onFinalizing,\n onFinalizeSubmitted,\n };\n const operationId = crypto.randomUUID();\n const unwrapResult = await this.unwrap(amount);\n safeCallback(() => onUnwrapSubmitted?.(unwrapResult.txHash));\n return this.#waitAndFinalizeUnshield(unwrapResult.txHash, operationId, callbacks);\n }\n\n /**\n * Unshield the entire balance and finalize in one call.\n * Orchestrates: unshieldAll → wait for receipt → parse event → finalize.\n *\n * @param callbacks - Optional progress callbacks for each phase.\n * @returns The finalize transaction hash and mined receipt.\n * @throws {@link DecryptionFailedError} if the balance is zero.\n * @throws {@link TransactionRevertedError} if any transaction in the flow reverts.\n *\n * @example\n * ```ts\n * const txHash = await token.unshieldAll();\n * ```\n */\n async unshieldAll(callbacks?: UnshieldCallbacks): Promise<TransactionResult> {\n const operationId = crypto.randomUUID();\n const unwrapResult = await this.unwrapAll();\n safeCallback(() => callbacks?.onUnwrapSubmitted?.(unwrapResult.txHash));\n return this.#waitAndFinalizeUnshield(unwrapResult.txHash, operationId, callbacks);\n }\n\n /**\n * Resume an in-progress unshield from an existing unwrap tx hash.\n * Useful when the user already submitted the unwrap but the finalize step\n * was interrupted (e.g. page reload, network error).\n *\n * @param unwrapTxHash - The transaction hash of the previously submitted unwrap.\n * @param callbacks - Optional progress callbacks.\n * @returns The finalize transaction hash and mined receipt.\n * @throws {@link TransactionRevertedError} if finalization fails.\n *\n * @example\n * ```ts\n * const txHash = await token.resumeUnshield(previousUnwrapTxHash);\n * ```\n */\n async resumeUnshield(\n unwrapTxHash: Hex,\n callbacks?: UnshieldCallbacks,\n ): Promise<TransactionResult> {\n return this.#waitAndFinalizeUnshield(unwrapTxHash, crypto.randomUUID(), callbacks);\n }\n\n /**\n * Complete an unwrap by providing the public decryption proof.\n * Call this after an unshield request has been processed on-chain.\n *\n * @param burnAmountHandle - The encrypted amount handle from the `UnwrapRequested` event.\n * @returns The transaction hash and mined receipt.\n * @throws {@link DecryptionFailedError} if public decryption fails.\n * @throws {@link TransactionRevertedError} if the finalize transaction reverts.\n *\n * @example\n * ```ts\n * const event = findUnwrapRequested(receipt.logs);\n * const txHash = await token.finalizeUnwrap(event.encryptedAmount);\n * ```\n */\n async finalizeUnwrap(burnAmountHandle: Handle): Promise<TransactionResult> {\n const result = await this.sdk.publicDecrypt([burnAmountHandle]);\n const clearValue = result.clearValues[burnAmountHandle];\n assertBigint(clearValue, \"finalizeUnwrap: clearValue\");\n try {\n const txHash = await this.sdk.signer.writeContract(\n finalizeUnwrapContract(this.wrapper, burnAmountHandle, clearValue, result.decryptionProof),\n );\n this.emit({ type: ZamaSDKEvents.FinalizeUnwrapSubmitted, txHash });\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"finalizeUnwrap\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"Failed to finalize unshield\", {\n cause: error,\n });\n }\n }\n\n /**\n * Approve this token contract to spend the underlying ERC-20.\n * Defaults to max uint256. Resets to zero first if there's an existing\n * non-zero allowance (required by tokens like USDT).\n *\n * @param amount - Optional approval amount. Defaults to max uint256.\n * @returns The transaction hash and mined receipt.\n * @throws {@link ApprovalFailedError} if the approval transaction fails.\n *\n * @example\n * ```ts\n * await token.approveUnderlying(); // max approval\n * await token.approveUnderlying(1000n); // exact amount\n * ```\n */\n async approveUnderlying(amount?: bigint): Promise<TransactionResult> {\n const underlying = await this.#getUnderlying();\n\n const approvalAmount = amount ?? 2n ** 256n - 1n;\n\n try {\n if (approvalAmount > 0n) {\n const userAddress = await this.sdk.signer.getAddress();\n const currentAllowance = await this.sdk.signer.readContract(\n allowanceContract(underlying, userAddress, this.wrapper),\n );\n\n if (currentAllowance > 0n) {\n await this.sdk.signer.writeContract(approveContract(underlying, this.wrapper, 0n));\n }\n }\n\n const txHash = await this.sdk.signer.writeContract(\n approveContract(underlying, this.wrapper, approvalAmount),\n );\n this.emit({ type: ZamaSDKEvents.ApproveUnderlyingSubmitted, txHash });\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"approveUnderlying\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new ApprovalFailedError(\"ERC-20 approval failed\", {\n cause: error,\n });\n }\n }\n\n // DELEGATION OPERATIONS\n\n /**\n * Delegate decryption rights for this token to another address.\n * Calls `ACL.delegateForUserDecryption()` on-chain.\n *\n * **Important:** After the transaction is mined, allow **1–2 minutes** before\n * calling {@link ReadonlyToken.decryptBalanceAs | decryptBalanceAs}. The delegation\n * is recorded on L1 immediately, but the gateway (on Arbitrum) must sync the\n * ACL state via cross-chain event propagation. Attempting delegated decryption\n * before propagation completes will throw a\n * {@link DelegationNotPropagatedError}.\n *\n * @param delegateAddress - Address to delegate decryption rights to.\n * @param expirationDate - Optional expiration date (defaults to permanent delegation via `uint64.max`).\n * @returns The transaction hash and mined receipt.\n * @throws {@link TransactionRevertedError} if the delegation transaction reverts.\n */\n async delegateDecryption({\n delegateAddress,\n expirationDate,\n }: {\n delegateAddress: Address;\n expirationDate?: Date;\n }): Promise<TransactionResult> {\n if (expirationDate && expirationDate.getTime() < Date.now() + 3600_000) {\n throw new DelegationExpirationTooSoonError(\n \"Expiration date must be at least 1 hour in the future\",\n );\n }\n\n const normalizedDelegate = getAddress(delegateAddress);\n\n // Pre-flight: delegate cannot be the connected wallet (SenderCannotBeDelegate)\n const signerAddress = await this.sdk.signer.getAddress();\n if (normalizedDelegate === getAddress(signerAddress)) {\n throw new DelegationSelfNotAllowedError(\n \"Cannot delegate to yourself (delegate === msg.sender).\",\n );\n }\n\n // Pre-flight: delegate cannot be the contract address (DelegateCannotBeContractAddress)\n if (normalizedDelegate === this.address) {\n throw new DelegationDelegateEqualsContractError(\n `Delegate address cannot be the same as the contract address (${this.address}).`,\n );\n }\n\n const acl = await this.getAclAddress();\n // uint64 max → no practical expiry\n const expDate = expirationDate\n ? BigInt(Math.floor(expirationDate.getTime() / 1000))\n : MAX_UINT64;\n\n // Pre-flight with RPC: new expiry must differ from current (ExpirationDateAlreadySetToSameValue)\n let currentExpiry: bigint;\n try {\n currentExpiry = await this.getDelegationExpiry({\n delegatorAddress: signerAddress,\n delegateAddress: normalizedDelegate,\n });\n } catch {\n currentExpiry = -1n; // RPC failure — skip client-side check, let the contract enforce\n }\n if (currentExpiry === expDate) {\n throw new DelegationExpiryUnchangedError(\n `The new expiration date (${expDate}) is the same as the current one. No on-chain change needed.`,\n );\n }\n\n try {\n const txHash = await this.sdk.signer.writeContract(\n delegateForUserDecryptionContract(acl, normalizedDelegate, this.address, expDate),\n );\n this.emit({ type: ZamaSDKEvents.DelegationSubmitted, txHash });\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"delegateDecryption\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n const mapped = matchAclRevert(error);\n if (mapped) {\n throw mapped;\n }\n throw new TransactionRevertedError(\"Delegation transaction failed\", {\n cause: error,\n });\n }\n }\n\n /**\n * Revoke decryption delegation for this token.\n * Calls `ACL.revokeDelegationForUserDecryption()` on-chain.\n *\n * @param delegateAddress - Address to revoke delegation from.\n * @returns The transaction hash and mined receipt.\n * @throws {@link TransactionRevertedError} if the revocation transaction reverts.\n */\n async revokeDelegation({\n delegateAddress,\n }: {\n delegateAddress: Address;\n }): Promise<TransactionResult> {\n const normalizedDelegate = getAddress(delegateAddress);\n const signerAddress = await this.sdk.signer.getAddress();\n const acl = await this.getAclAddress();\n\n // Pre-flight: reject if never delegated (expiry === 0).\n // Expired delegations (non-zero expiry in the past) are allowed through —\n // the ACL contract accepts revocation of expired delegations.\n let currentExpiry: bigint;\n try {\n currentExpiry = await this.getDelegationExpiry({\n delegatorAddress: signerAddress,\n delegateAddress: normalizedDelegate,\n });\n } catch {\n currentExpiry = 1n; // RPC failure — skip client-side check, let the contract enforce\n }\n if (currentExpiry === 0n) {\n throw new DelegationNotFoundError(\n `No active delegation found for delegate ${normalizedDelegate} on contract ${this.address}.`,\n );\n }\n\n try {\n const txHash = await this.sdk.signer.writeContract(\n revokeDelegationContract(acl, normalizedDelegate, this.address),\n );\n this.emit({ type: ZamaSDKEvents.RevokeDelegationSubmitted, txHash });\n const receipt = await this.sdk.signer.waitForTransactionReceipt(txHash);\n return { txHash, receipt };\n } catch (error) {\n this.emit({\n type: ZamaSDKEvents.TransactionError,\n operation: \"revokeDelegation\",\n error: toError(error),\n });\n if (error instanceof ZamaError) {\n throw error;\n }\n const mapped = matchAclRevert(error);\n if (mapped) {\n throw mapped;\n }\n throw new TransactionRevertedError(\"Revoke delegation transaction failed\", {\n cause: error,\n });\n }\n }\n\n // BATCH DELEGATION\n\n /**\n * Delegate decryption rights across multiple tokens in parallel.\n * Returns a per-token result map with partial success semantics.\n *\n * @param tokens - Array of Token instances to delegate on.\n * @param delegateAddress - Address to delegate decryption rights to.\n * @param expirationDate - Optional expiration date.\n * @returns Map from token address to TransactionResult or ZamaError.\n */\n static async batchDelegateDecryption({\n tokens,\n delegateAddress,\n expirationDate,\n }: {\n tokens: Token[];\n delegateAddress: Address;\n expirationDate?: Date;\n }): Promise<Map<Address, TransactionResult | ZamaError>> {\n return Token.#batchDelegationOp(\n tokens,\n (t) => t.delegateDecryption({ delegateAddress, expirationDate }),\n \"Delegation failed\",\n );\n }\n\n /**\n * Revoke delegation across multiple tokens in parallel.\n * Returns a per-token result map with partial success semantics.\n *\n * @param tokens - Array of Token instances to revoke delegation on.\n * @param delegateAddress - Address to revoke delegation from.\n * @returns Map from token address to TransactionResult or ZamaError.\n */\n static async batchRevokeDelegation({\n tokens,\n delegateAddress,\n }: {\n tokens: Token[];\n delegateAddress: Address;\n }): Promise<Map<Address, TransactionResult | ZamaError>> {\n return Token.#batchDelegationOp(\n tokens,\n (t) => t.revokeDelegation({ delegateAddress }),\n \"Revoke delegation failed\",\n );\n }\n\n static async #batchDelegationOp(\n tokens: Token[],\n op: (token: Token) => Promise<TransactionResult>,\n errorMessage: string,\n ): Promise<Map<Address, TransactionResult | ZamaError>> {\n const results = new Map<Address, TransactionResult | ZamaError>();\n // Run sequentially: parallel writeContract calls from the same signer\n // cause nonce contention. The value of the batch API is partial-success\n // semantics (per-token results without throwing), not parallelism.\n for (let i = 0; i < tokens.length; i++) {\n try {\n results.set(tokens[i]!.address, await op(tokens[i]!));\n } catch (error) {\n if (error instanceof ZamaError) {\n results.set(tokens[i]!.address, error);\n } else {\n results.set(\n tokens[i]!.address,\n new TransactionRevertedError(errorMessage, {\n cause: error,\n }),\n );\n }\n }\n }\n return results;\n }\n\n // PRIVATE HELPERS\n\n /**\n * Pre-flight check: decrypt the confidential balance and compare against the\n * requested amount. If credentials are cached the decrypt happens silently;\n * if not, throws {@link BalanceCheckUnavailableError} instead of triggering\n * a surprise EIP-712 popup.\n */\n async #assertConfidentialBalance(amount: bigint): Promise<void> {\n if (amount === 0n) {\n return;\n }\n\n let balance: bigint;\n try {\n balance = await this.balanceOf();\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new BalanceCheckUnavailableError(`Balance validation failed (token: ${this.address})`, {\n cause: error,\n });\n }\n\n if (balance < amount) {\n throw new InsufficientConfidentialBalanceError(\n `Insufficient confidential balance: requested ${amount}, available ${balance} (token: ${this.address})`,\n { requested: amount, available: balance, token: this.address },\n );\n }\n }\n\n async #waitAndFinalizeUnshield(\n unshieldHash: Hex,\n operationId: string,\n callbacks: UnshieldCallbacks | undefined,\n ): Promise<TransactionResult> {\n this.emit({\n type: ZamaSDKEvents.UnshieldPhase1Submitted,\n txHash: unshieldHash,\n operationId,\n });\n let receipt;\n try {\n receipt = await this.sdk.signer.waitForTransactionReceipt(unshieldHash);\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"Failed to get unshield receipt\", {\n cause: error,\n });\n }\n const event = findUnwrapRequested(receipt.logs);\n if (!event) {\n throw new TransactionRevertedError(\"No UnwrapRequested event found in unshield receipt\");\n }\n this.emit({ type: ZamaSDKEvents.UnshieldPhase2Started, operationId });\n safeCallback(() => callbacks?.onFinalizing?.());\n const finalizeResult = await this.finalizeUnwrap(event.encryptedAmount);\n this.emit({\n type: ZamaSDKEvents.UnshieldPhase2Submitted,\n txHash: finalizeResult.txHash,\n operationId,\n });\n safeCallback(() => callbacks?.onFinalizeSubmitted?.(finalizeResult.txHash));\n return finalizeResult;\n }\n\n async #ensureAllowance(\n amount: bigint,\n maxApproval: boolean,\n callbacks?: ShieldCallbacks,\n ): Promise<void> {\n const underlying = await this.#getUnderlying();\n\n const userAddress = await this.sdk.signer.getAddress();\n const allowance = await this.sdk.signer.readContract(\n allowanceContract(underlying, userAddress, this.wrapper),\n );\n\n if (allowance >= amount) {\n return;\n }\n\n try {\n // Reset to zero first when there's an existing non-zero allowance.\n // Required by non-standard tokens like USDT, and also mitigates the\n // ERC-20 approve race condition for all tokens.\n if (allowance > 0n) {\n await this.sdk.signer.writeContract(approveContract(underlying, this.wrapper, 0n));\n }\n\n const approvalAmount = maxApproval ? 2n ** 256n - 1n : amount;\n\n const txHash = await this.sdk.signer.writeContract(\n approveContract(underlying, this.wrapper, approvalAmount),\n );\n this.emit({ type: ZamaSDKEvents.ApproveUnderlyingSubmitted, txHash });\n safeCallback(() => callbacks?.onApprovalSubmitted?.(txHash));\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new ApprovalFailedError(\"ERC-20 approval failed\", {\n cause: error,\n });\n }\n }\n}\n\n/**\n * Invoke a callback inside a try/catch so a throwing listener\n * can never break the unshield flow (unwrap already on-chain).\n */\nfunction safeCallback(fn: () => void): void {\n try {\n fn();\n } catch (error) {\n console.warn(\"[zama-sdk] Callback threw:\", error);\n }\n}\n","import { type Address, getAddress } from \"viem\";\nimport type { TokenWrapperPairWithMetadata, PaginatedResult, TokenWrapperPair } from \"./contracts\";\nimport {\n decimalsContract,\n erc20TotalSupplyContract,\n getConfidentialTokenAddressContract,\n getTokenAddressContract,\n getTokenPairContract,\n getTokenPairsContract,\n getTokenPairsLengthContract,\n getTokenPairsSliceContract,\n isConfidentialTokenValidContract,\n nameContract,\n symbolContract,\n} from \"./contracts\";\nimport { ConfigurationError } from \"./errors/relayer\";\nimport { hoodiCleartextConfig } from \"./relayer/cleartext\";\nimport { MainnetConfig, SepoliaConfig } from \"./relayer/relayer-utils\";\nimport type { GenericSigner } from \"./types/signer\";\n\n/**\n * Default wrappers registry addresses for known chains.\n * Only includes chains where a registry is deployed (excludes Hardhat).\n */\nexport const DefaultRegistryAddresses: Record<number, Address> = {\n [MainnetConfig.chainId]: MainnetConfig.registryAddress,\n [SepoliaConfig.chainId]: SepoliaConfig.registryAddress,\n [hoodiCleartextConfig.chainId]: hoodiCleartextConfig.registryAddress,\n};\n\n/** Default page size for {@link WrappersRegistry.listPairs}. */\nconst DEFAULT_PAGE_SIZE = 100;\n\n/** Default registry TTL in seconds (24 hours). */\nconst DEFAULT_REGISTRY_TTL = 86400;\n\n/** Configuration for {@link WrappersRegistry}. */\nexport interface WrappersRegistryConfig {\n /** The connected wallet signer. Must satisfy the full `GenericSigner` interface. */\n signer: GenericSigner;\n /**\n * Per-chain registry address overrides, merged on top of\n * {@link DefaultRegistryAddresses}. Use this to supply a registry\n * address for custom or local chains (e.g. Hardhat).\n *\n * @example\n * ```ts\n * new WrappersRegistry({\n * signer,\n * registryAddresses: { [31337]: \"0xYourHardhatRegistry\" },\n * });\n * ```\n */\n registryAddresses?: Record<number, Address>;\n /**\n * How long cached registry results remain valid, in seconds.\n * Default: `86400` (24 hours).\n */\n registryTTL?: number;\n}\n\n/** Options for {@link WrappersRegistry.listPairs}. */\nexport interface ListPairsOptions {\n /** Page number (1-indexed). Default: `1`. */\n page?: number;\n /** Number of items per page. Default: `100`. */\n pageSize?: number;\n /**\n * When `true`, fetches on-chain metadata (name, symbol, decimals) for both\n * the ERC-20 and confidential token, plus totalSupply for the ERC-20.\n * Default: `false`.\n */\n metadata?: boolean;\n}\n\n/** Shorter TTL for negative lookups (5 minutes) so newly registered tokens are discoverable quickly. */\nconst NEGATIVE_CACHE_TTL_MS = 5 * 60 * 1000;\n\n/** Cache entry with expiry timestamp. */\ninterface CacheEntry<T> {\n data: T;\n expiresAt: number;\n}\n\n/**\n * High-level interface for the on-chain token wrappers registry.\n *\n * Uses the connected signer to resolve the correct registry contract\n * address for the current chain and exposes typed read helpers for\n * every registry query. Results are cached in memory with a\n * configurable TTL (default 24 hours).\n *\n * @example\n * ```ts\n * const registry = new WrappersRegistry({ signer });\n *\n * // Paginated listing\n * const page1 = await registry.listPairs({ page: 1, pageSize: 20 });\n *\n * // Structured lookups\n * const result = await registry.getConfidentialToken(erc20Address);\n * if (result) console.log(result.confidentialTokenAddress);\n *\n * // Force refresh\n * registry.refresh();\n * ```\n */\nexport class WrappersRegistry {\n readonly signer: GenericSigner;\n readonly #addresses: Record<number, Address>;\n readonly #ttlMs: number;\n readonly #cache = new Map<string, CacheEntry<unknown>>();\n\n constructor(config: WrappersRegistryConfig) {\n this.signer = config.signer;\n this.#addresses = Object.assign({}, DefaultRegistryAddresses, config.registryAddresses);\n this.#ttlMs = (config.registryTTL ?? DEFAULT_REGISTRY_TTL) * 1000;\n }\n\n /**\n * Synchronous lookup of the registry address for a given chain ID.\n * Returns `undefined` if no address is configured for that chain.\n */\n getAddress(chainId: number): Address | undefined {\n return this.#addresses[chainId];\n }\n\n // ---------------------------------------------------------------------------\n // Cache helpers\n // ---------------------------------------------------------------------------\n\n #getCached<T>(key: string): T | undefined {\n const entry = this.#cache.get(key);\n if (!entry) {\n return undefined;\n }\n if (Date.now() >= entry.expiresAt) {\n this.#cache.delete(key);\n return undefined;\n }\n return entry.data as T;\n }\n\n #setCached<T>(key: string, data: T, ttlMs = this.#ttlMs): T {\n this.#cache.set(key, {\n data,\n expiresAt: Date.now() + ttlMs,\n });\n return data;\n }\n\n /**\n * Force-invalidate the in-memory cache. The next call to any read method\n * will fetch fresh data from the chain.\n */\n refresh(): void {\n this.#cache.clear();\n }\n\n /**\n * The cache TTL in milliseconds.\n * Exposed so query option factories can set a matching `staleTime`.\n */\n get ttlMs(): number {\n return this.#ttlMs;\n }\n\n // ---------------------------------------------------------------------------\n // Registry address resolution\n // ---------------------------------------------------------------------------\n\n /**\n * Resolve the registry contract address for the current chain.\n *\n * Priority: `registryAddresses[chainId]` \\> built-in default.\n *\n * @returns The registry contract address for the connected chain.\n * @throws {@link ConfigurationError} if no address is configured for the chain.\n */\n async getRegistryAddress(): Promise<Address> {\n const chainId = await this.signer.getChainId();\n const address = this.#addresses[chainId];\n\n if (!address) {\n throw new ConfigurationError(\n `No wrappers registry address configured for chain ${chainId}.\\n` +\n `Pass a registryAddresses entry for this chain.`,\n );\n }\n\n return getAddress(address);\n }\n\n // ---------------------------------------------------------------------------\n // Paginated listing\n // ---------------------------------------------------------------------------\n\n /**\n * List token wrapper pairs with page-based pagination.\n *\n * Internally maps to `getTokenConfidentialTokenPairsSlice` on-chain.\n *\n * @param options - Pagination and enrichment options.\n * @returns A {@link PaginatedResult} of pairs.\n *\n * @example\n * ```ts\n * const result = await registry.listPairs({ page: 1, pageSize: 20 });\n * console.log(`${result.total} pairs, showing page ${result.page}`);\n *\n * // With on-chain metadata\n * const withMeta = await registry.listPairs({ metadata: true, pageSize: 10 });\n * for (const pair of withMeta.items) {\n * console.log(pair.underlying.symbol, \"→\", pair.confidential.symbol);\n * }\n * ```\n */\n async listPairs(\n options: ListPairsOptions & { metadata: true },\n ): Promise<PaginatedResult<TokenWrapperPairWithMetadata>>;\n async listPairs(options?: ListPairsOptions): Promise<PaginatedResult<TokenWrapperPair>>;\n async listPairs(\n options: ListPairsOptions = {},\n ): Promise<PaginatedResult<TokenWrapperPair | TokenWrapperPairWithMetadata>> {\n const page = options.page ?? 1;\n const pageSize = options.pageSize ?? DEFAULT_PAGE_SIZE;\n const metadata = options.metadata ?? false;\n\n if (page < 1) {\n throw new ConfigurationError(`page must be >= 1, got ${page}`);\n }\n if (pageSize < 1) {\n throw new ConfigurationError(`pageSize must be >= 1, got ${pageSize}`);\n }\n\n const registry = await this.getRegistryAddress();\n\n // Fetch total (cached)\n const totalCacheKey = `total:${registry}`;\n let total = this.#getCached<number>(totalCacheKey);\n if (total === undefined) {\n const raw = await this.signer.readContract(getTokenPairsLengthContract(registry));\n total = this.#setCached(totalCacheKey, Number(raw));\n }\n\n // Compute slice indices, clamping toIndex to total\n const fromIndex = BigInt((page - 1) * pageSize);\n const clampedToIndex =\n fromIndex + BigInt(pageSize) > BigInt(total) ? BigInt(total) : fromIndex + BigInt(pageSize);\n\n // Page beyond total — return empty\n if (fromIndex >= BigInt(total)) {\n return { items: [], total, page, pageSize };\n }\n\n // Fetch slice (cached)\n const sliceCacheKey = `slice:${registry}:${fromIndex}:${clampedToIndex}`;\n let items = this.#getCached<TokenWrapperPair[]>(sliceCacheKey);\n if (items === undefined) {\n const raw = await this.signer.readContract(\n getTokenPairsSliceContract(registry, fromIndex, clampedToIndex),\n );\n items = this.#setCached(sliceCacheKey, [...raw]);\n }\n\n if (!metadata) {\n return { items, total, page, pageSize };\n }\n\n // Enrich with on-chain metadata (resilient — individual failures don't break the batch)\n const metadataCacheKey = `metadata:${registry}:${fromIndex}:${clampedToIndex}`;\n let metadataItems = this.#getCached<TokenWrapperPairWithMetadata[]>(metadataCacheKey);\n if (metadataItems === undefined) {\n const settled = await Promise.allSettled(items.map((pair) => this.#pairWithMetadata(pair)));\n const hasFailures = settled.some((r) => r.status === \"rejected\");\n const enriched = settled.map((result, i) =>\n result.status === \"fulfilled\"\n ? result.value\n : Object.assign({}, items[i], {\n metadataFailed: true as const,\n underlying: {\n name: \"Unknown\",\n symbol: \"???\",\n decimals: 0,\n totalSupply: 0n,\n },\n confidential: { name: \"Unknown\", symbol: \"???\", decimals: 0 },\n }),\n );\n // Use negative cache TTL when any metadata fetch failed so retries happen sooner\n metadataItems = this.#setCached(\n metadataCacheKey,\n enriched,\n hasFailures ? NEGATIVE_CACHE_TTL_MS : undefined,\n );\n }\n\n return { items: metadataItems, total, page, pageSize };\n }\n\n async #pairWithMetadata(pair: TokenWrapperPair): Promise<TokenWrapperPairWithMetadata> {\n const [uName, uSymbol, uDecimals, uTotalSupply, cName, cSymbol, cDecimals] = await Promise.all([\n this.signer.readContract(nameContract(pair.tokenAddress)),\n this.signer.readContract(symbolContract(pair.tokenAddress)),\n this.signer.readContract(decimalsContract(pair.tokenAddress)),\n this.signer.readContract(erc20TotalSupplyContract(pair.tokenAddress)),\n this.signer.readContract(nameContract(pair.confidentialTokenAddress)),\n this.signer.readContract(symbolContract(pair.confidentialTokenAddress)),\n this.signer.readContract(decimalsContract(pair.confidentialTokenAddress)),\n ]);\n\n return {\n ...pair,\n underlying: {\n name: uName,\n symbol: uSymbol,\n decimals: uDecimals,\n totalSupply: uTotalSupply,\n },\n confidential: { name: cName, symbol: cSymbol, decimals: cDecimals },\n };\n }\n\n // ---------------------------------------------------------------------------\n // Structured single-pair lookups\n // ---------------------------------------------------------------------------\n\n /**\n * Look up the confidential token for a given plain ERC-20 address.\n *\n * @param tokenAddress - The plain ERC-20 token address.\n * @returns The lookup result, or `null` if no pair is registered.\n *\n * @example\n * ```ts\n * const result = await registry.getConfidentialToken(usdcAddress);\n * if (result) {\n * console.log(result.confidentialTokenAddress, result.isValid);\n * }\n * ```\n */\n async getConfidentialToken(\n tokenAddress: Address,\n ): Promise<{ confidentialTokenAddress: Address; isValid: boolean } | null> {\n const registry = await this.getRegistryAddress();\n const normalized = getAddress(tokenAddress);\n\n const cacheKey = `ct:${registry}:${normalized}`;\n const cached = this.#getCached<{\n confidentialTokenAddress: Address;\n isValid: boolean;\n } | null>(cacheKey);\n if (cached !== undefined) {\n return cached;\n }\n\n const [found, confidentialTokenAddress] = await this.signer.readContract(\n getConfidentialTokenAddressContract(registry, normalized),\n );\n\n if (!found) {\n return this.#setCached(cacheKey, null, NEGATIVE_CACHE_TTL_MS);\n }\n\n // Check validity via isConfidentialTokenValid\n const isValid = await this.signer.readContract(\n isConfidentialTokenValidContract(registry, confidentialTokenAddress),\n );\n\n return this.#setCached(cacheKey, { confidentialTokenAddress, isValid });\n }\n\n /**\n * Reverse lookup — find the plain ERC-20 for a given confidential token.\n *\n * @param confidentialTokenAddress - The confidential token address.\n * @returns The lookup result, or `null` if no pair is registered.\n *\n * @example\n * ```ts\n * const result = await registry.getUnderlyingToken(cUsdcAddress);\n * if (result) {\n * console.log(result.tokenAddress, result.isValid);\n * }\n * ```\n */\n async getUnderlyingToken(\n confidentialTokenAddress: Address,\n ): Promise<{ tokenAddress: Address; isValid: boolean } | null> {\n const registry = await this.getRegistryAddress();\n const normalized = getAddress(confidentialTokenAddress);\n\n const cacheKey = `ut:${registry}:${normalized}`;\n const cached = this.#getCached<{\n tokenAddress: Address;\n isValid: boolean;\n } | null>(cacheKey);\n if (cached !== undefined) {\n return cached;\n }\n\n const [found, tokenAddress] = await this.signer.readContract(\n getTokenAddressContract(registry, normalized),\n );\n\n if (!found) {\n return this.#setCached(cacheKey, null, NEGATIVE_CACHE_TTL_MS);\n }\n\n const isValid = await this.signer.readContract(\n isConfidentialTokenValidContract(registry, normalized),\n );\n\n return this.#setCached(cacheKey, { tokenAddress, isValid });\n }\n\n // ---------------------------------------------------------------------------\n // Low-level pass-through methods (backward compatible)\n // ---------------------------------------------------------------------------\n\n /**\n * Fetch all token wrapper pairs from the registry.\n *\n * @returns All registered `TokenWrapperPair` entries.\n */\n async getTokenPairs(): Promise<readonly TokenWrapperPair[]> {\n const registry = await this.getRegistryAddress();\n return this.signer.readContract(getTokenPairsContract(registry));\n }\n\n /**\n * Get the total number of token wrapper pairs.\n *\n * @returns The count as a bigint.\n */\n async getTokenPairsLength(): Promise<bigint> {\n const registry = await this.getRegistryAddress();\n return this.signer.readContract(getTokenPairsLengthContract(registry));\n }\n\n /**\n * Fetch a range of token wrapper pairs (paginated by index).\n *\n * @param fromIndex - Start index (inclusive).\n * @param toIndex - End index (exclusive).\n * @returns The slice of `TokenWrapperPair` entries.\n */\n async getTokenPairsSlice(\n fromIndex: bigint,\n toIndex: bigint,\n ): Promise<readonly TokenWrapperPair[]> {\n const registry = await this.getRegistryAddress();\n return this.signer.readContract(getTokenPairsSliceContract(registry, fromIndex, toIndex));\n }\n\n /**\n * Fetch a single token wrapper pair by index.\n *\n * @param index - Zero-based pair index.\n * @returns The `TokenWrapperPair` at that index.\n */\n async getTokenPair(index: bigint): Promise<TokenWrapperPair> {\n const registry = await this.getRegistryAddress();\n return this.signer.readContract(getTokenPairContract(registry, index));\n }\n\n /**\n * Look up the confidential token address for a given plain ERC-20 token.\n *\n * @param tokenAddress - The plain ERC-20 token address.\n * @returns A tuple `[found, confidentialTokenAddress]`.\n */\n async getConfidentialTokenAddress(tokenAddress: Address): Promise<readonly [boolean, Address]> {\n const registry = await this.getRegistryAddress();\n return this.signer.readContract(\n getConfidentialTokenAddressContract(registry, getAddress(tokenAddress)),\n );\n }\n\n /**\n * Reverse lookup — find the plain ERC-20 for a given confidential token.\n *\n * @param confidentialTokenAddress - The confidential token address.\n * @returns A tuple `[found, tokenAddress]`.\n */\n async getTokenAddress(confidentialTokenAddress: Address): Promise<readonly [boolean, Address]> {\n const registry = await this.getRegistryAddress();\n return this.signer.readContract(\n getTokenAddressContract(registry, getAddress(confidentialTokenAddress)),\n );\n }\n\n /**\n * Check whether a confidential token is registered and valid.\n *\n * @param confidentialTokenAddress - The confidential token address to check.\n * @returns `true` if the token is a known valid wrapper in the registry.\n */\n async isConfidentialTokenValid(confidentialTokenAddress: Address): Promise<boolean> {\n const registry = await this.getRegistryAddress();\n return this.signer.readContract(\n isConfidentialTokenValidContract(registry, getAddress(confidentialTokenAddress)),\n );\n }\n}\n","import { getAddress, type Address } from \"viem\";\nimport { CredentialsManager } from \"./credentials/credentials-manager\";\nimport { DelegatedCredentialsManager } from \"./credentials/delegated-credentials-manager\";\nimport { DecryptCache } from \"./decrypt-cache\";\nimport { wrapDecryptError } from \"./errors\";\nimport type { ZamaSDKEvent, ZamaSDKEventInput, ZamaSDKEventListener } from \"./events/sdk-events\";\nimport { ZamaSDKEvents } from \"./events/sdk-events\";\nimport type { DecryptHandle } from \"./query/user-decrypt\";\nimport { isZeroHandle } from \"./utils/handles\";\nimport type { RelayerSDK } from \"./relayer/relayer-sdk\";\nimport type { ClearValueType, Handle, PublicDecryptResult } from \"./relayer/relayer-sdk.types\";\nimport { MemoryStorage } from \"./storage/memory-storage\";\nimport { ReadonlyToken } from \"./token/readonly-token\";\nimport { Token } from \"./token/token\";\nimport type { GenericSigner, GenericStorage, SignerLifecycleCallbacks } from \"./types\";\nimport { toError } from \"./utils\";\nimport { pLimit } from \"./utils/concurrency\";\nimport { WrappersRegistry } from \"./wrappers-registry\";\n\n/** Maximum keypairTTL accepted by the fhevm ACL contract (365 days, in seconds). */\nconst MAX_KEYPAIR_TTL = 365 * 86400; // 31_536_000 s\n\n/** Configuration for {@link ZamaSDK}. */\nexport interface ZamaSDKConfig {\n /** FHE relayer backend (`RelayerWeb` for browser, `RelayerNode` for server). */\n relayer: RelayerSDK;\n /** Wallet signer (`ViemSigner`, `EthersSigner`, or custom {@link GenericSigner}). */\n signer: GenericSigner;\n /** Credential storage backend (`IndexedDBStorage` for browser, `MemoryStorage` for tests). */\n storage: GenericStorage;\n /**\n * Session storage for wallet signatures. Shared across all contracts in this SDK instance.\n * Defaults to an in-memory store (lost on page reload). Pass a `chrome.storage.session`-backed\n * implementation for web extensions so signatures survive service worker restarts.\n */\n sessionStorage?: GenericStorage;\n /**\n * How long the ML-KEM re-encryption keypair remains valid, in seconds.\n * Default: `2592000` (30 days). Must be a positive number — `0` is rejected\n * because the keypair is required to establish the relayer connection.\n * Maximum: `31536000` (365 days) — the fhevm contract rejects `durationDays > 365`.\n * Values above this maximum are automatically capped with a console warning.\n */\n keypairTTL?: number;\n /**\n * Controls how long session signatures (EIP-712 wallet signatures) remain valid, in seconds.\n * Default: `2592000` (30 days).\n * - `0`: never persist — every operation triggers a signing prompt (high-security mode).\n * - `\"infinite\"`: session never expires.\n * - Positive number: seconds until the session signature expires and requires re-authentication.\n */\n sessionTTL?: number | \"infinite\";\n /** Optional structured event listener for debugging and telemetry. Never receives sensitive data. */\n onEvent?: ZamaSDKEventListener;\n /**\n * Per-chain wrappers registry address overrides, merged on top of built-in defaults.\n * Use this for custom or local chains (e.g. Hardhat) where no default registry exists.\n */\n registryAddresses?: Record<number, Address>;\n /**\n * How long cached registry results remain valid, in seconds.\n * Default: `86400` (24 hours).\n */\n registryTTL?: number;\n /** Optional signer lifecycle callbacks composed with the SDK's internal session handling. */\n signerLifecycleCallbacks?: SignerLifecycleCallbacks;\n}\n\n/**\n * ZamaSDK — composes a RelayerSDK with contract abstraction.\n * Provides signer, storage, and high-level confidential contract interface.\n */\nexport class ZamaSDK {\n readonly relayer: RelayerSDK;\n readonly signer: GenericSigner;\n readonly storage: GenericStorage;\n readonly sessionStorage: GenericStorage;\n readonly credentials: CredentialsManager;\n readonly delegatedCredentials: DelegatedCredentialsManager;\n /** Persistent cache for decrypted FHE plaintext values, scoped by (requester, contract, handle). */\n readonly cache: DecryptCache;\n /**\n * A {@link WrappersRegistry} instance auto-configured for the current chain.\n * Uses built-in defaults merged with any `registryAddresses` overrides, and the SDK's `registryTTL` if configured.\n *\n * @example\n * ```ts\n * const pairs = await sdk.registry.listPairs({ page: 1 });\n * const result = await sdk.registry.getConfidentialToken(erc20Address);\n * ```\n */\n readonly registry: WrappersRegistry;\n readonly #registryTTL: number | undefined;\n readonly #onEvent: ZamaSDKEventListener;\n #unsubscribeSigner?: () => void;\n // oxlint false positive: awaited in #revokeByTrackedIdentity() and revokeSession()\n // eslint-disable-next-line no-unused-private-class-members\n #identityReady: Promise<void>;\n #lastAddress: Address | null = null;\n #lastChainId: number | null = null;\n\n constructor(config: ZamaSDKConfig) {\n this.relayer = config.relayer;\n this.signer = config.signer;\n this.storage = config.storage;\n this.sessionStorage = config.sessionStorage ?? new MemoryStorage();\n this.cache = new DecryptCache(config.storage);\n this.#onEvent = config.onEvent ?? function () {};\n this.registry = new WrappersRegistry({\n signer: this.signer,\n registryAddresses: config.registryAddresses,\n registryTTL: config.registryTTL,\n });\n this.#registryTTL = config.registryTTL;\n const credentialsConfig = {\n relayer: this.relayer,\n signer: this.signer,\n storage: this.storage,\n sessionStorage: this.sessionStorage,\n keypairTTL: (() => {\n const ttl = config.keypairTTL ?? 2592000;\n if (ttl <= 0 || isNaN(ttl)) {\n throw new Error(\"keypairTTL must be a positive number (seconds)\");\n }\n if (ttl > MAX_KEYPAIR_TTL) {\n // oxlint-disable-next-line no-console\n console.warn(\n `[zama-sdk] keypairTTL (${ttl}s) exceeds the fhevm maximum of 365 days (${MAX_KEYPAIR_TTL}s); capping to ${MAX_KEYPAIR_TTL}s.`,\n );\n return MAX_KEYPAIR_TTL;\n }\n return ttl;\n })(),\n sessionTTL: config.sessionTTL ?? 2592000,\n onEvent: this.#onEvent,\n };\n this.credentials = new CredentialsManager(credentialsConfig);\n this.delegatedCredentials = new DelegatedCredentialsManager(credentialsConfig);\n this.#identityReady = this.#initIdentity();\n\n if (this.signer.subscribe) {\n const lifecycleCallbacks = config.signerLifecycleCallbacks;\n const runLifecycleEffect = (operation: string, effect: () => Promise<void>) => {\n void effect().catch((error) => {\n this.emitEvent({\n type: ZamaSDKEvents.TransactionError,\n operation,\n error: toError(error),\n });\n });\n };\n this.#unsubscribeSigner = this.signer.subscribe({\n onDisconnect: () => {\n runLifecycleEffect(\"signerDisconnect\", async () => {\n await this.#revokeByTrackedIdentity();\n await this.cache.clearAll();\n this.#lastAddress = null;\n this.#lastChainId = null;\n lifecycleCallbacks?.onDisconnect?.();\n });\n },\n onAccountChange: (newAddress: Address) => {\n runLifecycleEffect(\"signerAccountChange\", async () => {\n await this.#revokeByTrackedIdentity();\n await this.cache.clearAll();\n this.#lastAddress = getAddress(newAddress);\n try {\n this.#lastChainId = await this.signer.getChainId();\n } catch {\n // Signer may not be ready — keep previous chainId\n }\n lifecycleCallbacks?.onAccountChange?.(newAddress);\n });\n },\n onChainChange: (newChainId: number) => {\n runLifecycleEffect(\"signerChainChange\", async () => {\n await this.#revokeByTrackedIdentity();\n await this.cache.clearAll();\n this.#lastChainId = newChainId;\n try {\n this.#lastAddress = await this.signer.getAddress();\n } catch {\n // Signer may not be ready — keep previous address\n }\n lifecycleCallbacks?.onChainChange?.(newChainId);\n });\n },\n });\n }\n }\n\n async #initIdentity(): Promise<void> {\n try {\n const address = await this.signer.getAddress();\n const chainId = await this.signer.getChainId();\n // Only commit both values atomically so revokeByTrackedIdentity\n // never sees a partial (address-only) state.\n this.#lastAddress = address;\n this.#lastChainId = chainId;\n } catch {\n // Signer not ready yet — identity will be set on first lifecycle event\n }\n }\n\n async #revokeByTrackedIdentity(): Promise<void> {\n await this.#identityReady;\n if (this.#lastAddress === null || this.#lastChainId === null) {\n return;\n }\n const storeKey = await CredentialsManager.computeStoreKey(this.#lastAddress, this.#lastChainId);\n await this.credentials.revokeByKey(storeKey);\n }\n\n /**\n * Create a read-only interface for a confidential token.\n * Supports balance queries and authorization without a wrapper address.\n *\n * @param address - The confidential token contract address.\n * @returns A {@link ReadonlyToken} instance bound to this SDK.\n */\n createReadonlyToken(address: Address): ReadonlyToken {\n return new ReadonlyToken(this, address);\n }\n\n /**\n * Create a high-level ERC-20-like interface for a confidential token.\n * Includes write operations (transfer, shield, unshield).\n *\n * @param address - The confidential token contract address (also used as wrapper by default).\n * @param wrapper - Optional explicit wrapper address, if it differs from the token address.\n * @returns A {@link Token} instance bound to this SDK.\n */\n createToken(address: Address, wrapper?: Address): Token {\n return new Token(this, address, wrapper);\n }\n\n /**\n * Emit a structured SDK event. Used by {@link Token}/{@link ReadonlyToken}\n * to surface lifecycle events through the unified SDK event stream.\n *\n * Listener exceptions are caught and logged so that a misbehaving subscriber\n * can never corrupt SDK operations.\n *\n * Application code should subscribe via the `onEvent` config option, never\n * call this directly.\n *\n * @internal\n */\n emitEvent(input: ZamaSDKEventInput, tokenAddress?: Address): void {\n try {\n this.#onEvent({\n ...input,\n tokenAddress,\n timestamp: Date.now(),\n } as ZamaSDKEvent);\n } catch (error) {\n // oxlint-disable-next-line no-console\n console.error(\"[zama-sdk] onEvent listener threw:\", error);\n }\n }\n\n /**\n * Create a {@link WrappersRegistry} instance bound to this SDK's signer.\n * On Mainnet and Sepolia the registry address is resolved automatically.\n *\n * @param registryAddresses - Optional per-chain overrides (e.g. Hardhat).\n * @returns A {@link WrappersRegistry} instance.\n *\n * @example\n * ```ts\n * // Mainnet / Sepolia — resolved automatically\n * const registry = sdk.createWrappersRegistry();\n *\n * // Hardhat or custom chain — override per chain\n * const registry = sdk.createWrappersRegistry({ [31337]: \"0xYourRegistry\" });\n *\n * const pairs = await registry.getTokenPairs();\n * ```\n */\n createWrappersRegistry(registryAddresses?: Record<number, Address>): WrappersRegistry {\n return new WrappersRegistry({\n signer: this.signer,\n registryAddresses,\n registryTTL: this.#registryTTL,\n });\n }\n\n /**\n * Pre-authorize contract addresses for decryption, triggering a single\n * wallet signature prompt. Subsequent {@link userDecrypt} calls whose\n * handles span the same set will reuse the cached credentials without\n * an additional prompt.\n *\n * @param contractAddresses - One or more contract addresses to authorize.\n *\n * @example\n * ```ts\n * // Sign once for three tokens, then decrypt individually\n * await sdk.allow([cUSDT, cDAI, cWETH]);\n * const a = await sdk.userDecrypt([{ handle: h1, contractAddress: cUSDT }]);\n * const b = await sdk.userDecrypt([{ handle: h2, contractAddress: cDAI }]);\n * ```\n */\n async allow(contractAddresses: Address[]): Promise<void> {\n if (contractAddresses.length === 0) {\n return;\n }\n await this.credentials.allow(...contractAddresses);\n }\n\n /**\n * Decrypt one or more FHE handles. Results are cached — repeated calls\n * for the same handle skip the relayer round-trip.\n *\n * Zero handles are mapped to `0n` without hitting the relayer.\n * Events (`DecryptStart/End/Error`) are emitted uniformly.\n * Relayer errors are wrapped into typed SDK errors.\n *\n * @param handles - Handles to decrypt, each paired with its contract address.\n * @returns A record mapping each handle to its decrypted clear-text value.\n *\n * @example\n * ```ts\n * const values = await sdk.userDecrypt([\n * { handle: balanceHandle, contractAddress: cUSDT },\n * ]);\n * console.log(values[balanceHandle]); // 1000n\n * ```\n */\n async userDecrypt(handles: DecryptHandle[]): Promise<Record<Handle, ClearValueType>> {\n if (handles.length === 0) {\n return {};\n }\n\n // Normalize addresses once at the top\n const normalized = handles.map((h) => ({\n handle: h.handle,\n contractAddress: getAddress(h.contractAddress),\n }));\n\n const result: Record<Handle, ClearValueType> = {};\n const nonZero: DecryptHandle[] = [];\n\n // Filter zero handles → 0n without relayer\n for (const h of normalized) {\n if (isZeroHandle(h.handle)) {\n result[h.handle] = 0n;\n } else {\n nonZero.push(h);\n }\n }\n\n if (nonZero.length === 0) {\n return result;\n }\n\n // Cache partition\n const signerAddress = await this.signer.getAddress();\n const uncached: DecryptHandle[] = [];\n\n for (const h of nonZero) {\n const cached = await this.cache.get(signerAddress, h.contractAddress, h.handle);\n if (cached !== null) {\n result[h.handle] = cached;\n } else {\n uncached.push(h);\n }\n }\n\n if (uncached.length === 0) {\n return result;\n }\n\n // Derive contract addresses from ALL handles for stable credential cache key\n const creds = await this.credentials.allow(\n ...new Set(normalized.map((h) => h.contractAddress)),\n );\n\n // Group uncached by contract\n const byContract = new Map<Address, Handle[]>();\n for (const h of uncached) {\n const existing = byContract.get(h.contractAddress);\n if (existing) {\n existing.push(h.handle);\n } else {\n byContract.set(h.contractAddress, [h.handle]);\n }\n }\n\n // Decrypt per contract group with bounded concurrency\n const t0 = Date.now();\n const uncachedHandles = uncached.map((h) => h.handle);\n\n try {\n this.emitEvent({\n type: ZamaSDKEvents.DecryptStart,\n handles: uncachedHandles,\n });\n\n await pLimit(\n [...byContract.entries()].map(([contractAddress, contractHandles]) => async () => {\n const decrypted = await this.relayer.userDecrypt({\n handles: contractHandles,\n contractAddress,\n signedContractAddresses: creds.contractAddresses,\n privateKey: creds.privateKey,\n publicKey: creds.publicKey,\n signature: creds.signature,\n signerAddress,\n startTimestamp: creds.startTimestamp,\n durationDays: creds.durationDays,\n });\n\n for (const [handle, value] of Object.entries(decrypted)) {\n result[handle as Handle] = value;\n await this.cache.set(signerAddress, contractAddress, handle as Handle, value);\n }\n }),\n 5,\n );\n\n // Emit only the freshly-decrypted subset in `result` so its keys match\n // `handles`. Cached and zero-handle entries are intentionally excluded.\n const uncachedResult: Record<Handle, ClearValueType> = {};\n for (const handle of uncachedHandles) {\n const value = result[handle];\n if (value !== undefined) {\n uncachedResult[handle] = value;\n }\n }\n this.emitEvent({\n type: ZamaSDKEvents.DecryptEnd,\n durationMs: Date.now() - t0,\n handles: uncachedHandles,\n result: uncachedResult,\n });\n return result;\n } catch (error) {\n this.emitEvent({\n type: ZamaSDKEvents.DecryptError,\n error: toError(error),\n durationMs: Date.now() - t0,\n handles: uncachedHandles,\n });\n throw wrapDecryptError(error, \"Failed to decrypt handles\");\n }\n }\n\n /**\n * Publicly decrypt one or more FHE handles.\n *\n * Returns the decryption proof alongside the clear-text values so callers\n * can submit on-chain finalization transactions (e.g. `finalizeUnwrap`).\n *\n * @param handles - FHE handles to decrypt publicly.\n * @returns Clear-text values, ABI-encoded values, and the decryption proof.\n *\n * @example\n * ```ts\n * const { clearValues, decryptionProof, abiEncodedClearValues } =\n * await sdk.publicDecrypt([handle]);\n * ```\n */\n async publicDecrypt(handles: Handle[]): Promise<PublicDecryptResult> {\n if (handles.length === 0) {\n return { clearValues: {}, decryptionProof: \"0x\", abiEncodedClearValues: \"0x\" };\n }\n\n try {\n return await this.relayer.publicDecrypt(handles);\n } catch (error) {\n throw wrapDecryptError(error, \"Public decryption failed\");\n }\n }\n\n /**\n * Revoke the session signature for the current signer without requiring\n * contract addresses. Uses the tracked identity when available (safe during\n * account switches), falling back to querying the signer directly.\n *\n * @example\n * ```ts\n * wallet.on(\"disconnect\", () => sdk.revokeSession());\n * ```\n */\n async revokeSession(): Promise<void> {\n await this.#identityReady;\n const address = this.#lastAddress ?? (await this.signer.getAddress());\n const chainId = this.#lastChainId ?? (await this.signer.getChainId());\n const storeKey = await CredentialsManager.computeStoreKey(address, chainId);\n await this.credentials.revokeByKey(storeKey);\n await this.cache.clearForRequester(address);\n }\n\n /**\n * Unsubscribe from signer lifecycle events without terminating the relayer.\n * Call this when the SDK instance is being replaced but the relayer is shared\n * (e.g. React provider remount in Strict Mode).\n */\n dispose(): void {\n this.#unsubscribeSigner?.();\n this.#unsubscribeSigner = undefined;\n }\n\n /**\n * Terminate the relayer backend and clean up resources.\n * Call this when the SDK is no longer needed (e.g. on unmount or shutdown).\n */\n terminate(): void {\n this.dispose();\n this.relayer.terminate();\n }\n\n /**\n * Implements the TC39 Explicit Resource Management protocol.\n * Calls {@link terminate} when the `using` binding goes out of scope,\n * unsubscribing signer events and shutting down the relayer.\n *\n * @example\n * ```ts\n * {\n * using sdk = new ZamaSDK({ relayer, signer, storage });\n * await sdk.credentials.allow(cUSDT);\n * const balance = await sdk.createReadonlyToken(cUSDT).balanceOf();\n * } // sdk.terminate() called automatically here\n * ```\n */\n [Symbol.dispose](): void {\n this.terminate();\n }\n}\n","import type { Address, Hex } from \"viem\";\nimport type { GenericStorage } from \"../types\";\n\nconst STORAGE_PREFIX = \"zama:pending-unshield:\";\n\nfunction storageKey(wrapperAddress: Address): string {\n return `${STORAGE_PREFIX}${wrapperAddress}`;\n}\n\n/**\n * Persist the unwrap tx hash so an interrupted unshield can be resumed later\n * (e.g. after a page reload).\n */\nexport async function savePendingUnshield(\n storage: GenericStorage,\n wrapperAddress: Address,\n unwrapTxHash: Hex,\n): Promise<void> {\n await storage.set(storageKey(wrapperAddress), unwrapTxHash);\n}\n\n/**\n * Load a previously saved unwrap tx hash, or `null` if none exists.\n */\nexport async function loadPendingUnshield(\n storage: GenericStorage,\n wrapperAddress: Address,\n): Promise<Hex | null> {\n return storage.get<Hex>(storageKey(wrapperAddress));\n}\n\n/**\n * Clear the saved unwrap tx hash after a successful finalization.\n */\nexport async function clearPendingUnshield(\n storage: GenericStorage,\n wrapperAddress: Address,\n): Promise<void> {\n await storage.delete(storageKey(wrapperAddress));\n}\n","import type { GenericStorage } from \"../types\";\n\n/** Minimal chrome.storage.session typings (avoids depending on @types/chrome). */\ndeclare const chrome: {\n storage: {\n session: {\n get(key: string): Promise<Record<string, unknown>>;\n set(items: Record<string, unknown>): Promise<void>;\n remove(key: string): Promise<void>;\n };\n };\n};\n\n/**\n * {@link GenericStorage} backed by `chrome.storage.session`.\n *\n * Use this in MV3 web extensions so the wallet signature survives\n * service worker restarts and is shared across popup, background,\n * and content script contexts.\n *\n * @example\n * ```ts\n * import { ZamaSDK, indexedDBStorage, chromeSessionStorage } from \"@zama-fhe/sdk\";\n *\n * const sdk = new ZamaSDK({\n * relayer,\n * signer,\n * storage: indexedDBStorage,\n * sessionStorage: chromeSessionStorage,\n * });\n * ```\n */\nexport class ChromeSessionStorage implements GenericStorage {\n async get<T = unknown>(key: string): Promise<T | null> {\n const result = await chrome.storage.session.get(key);\n return (result[key] as T) ?? null;\n }\n\n async set(key: string, value: unknown): Promise<void> {\n await chrome.storage.session.set({ [key]: value });\n }\n\n async delete(key: string): Promise<void> {\n await chrome.storage.session.remove(key);\n }\n}\n\n/** Default singleton for application-wide use. */\nexport const chromeSessionStorage = new ChromeSessionStorage();\n"],"mappings":"wNAGA,IAAa,EAAb,cAAyCA,EAAAA,CAAU,CACjD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,eAAgB,EAAS,EAAQ,CACrD,KAAK,KAAO,wBAKH,EAAb,cAA8CD,EAAAA,CAAU,CACtD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,oBAAqB,EAAS,EAAQ,CAC1D,KAAK,KAAO,6BCHH,EAAb,cAA0DC,EAAAA,CAAU,CAElE,UAEA,UAEA,MAEA,YAAY,EAAiB,EAA8B,EAAwB,CACjF,MAAMC,EAAAA,EAAc,gCAAiC,EAAS,EAAQ,CACtE,KAAK,KAAO,uCACZ,KAAK,UAAY,EAAQ,UACzB,KAAK,UAAY,EAAQ,UACzB,KAAK,MAAQ,EAAQ,QAKZ,EAAb,cAAmDD,EAAAA,CAAU,CAE3D,UAEA,UAEA,MAEA,YAAY,EAAiB,EAA8B,EAAwB,CACjF,MAAMC,EAAAA,EAAc,yBAA0B,EAAS,EAAQ,CAC/D,KAAK,KAAO,gCACZ,KAAK,UAAY,EAAQ,UACzB,KAAK,UAAY,EAAQ,UACzB,KAAK,MAAQ,EAAQ,QAKZ,EAAb,cAAkDD,EAAAA,CAAU,CAC1D,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,wBAAyB,EAAS,EAAQ,CAC9D,KAAK,KAAO,iCAKH,EAAb,cAA0CD,EAAAA,CAAU,CAClD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,gBAAiB,EAAS,EAAQ,CACtD,KAAK,KAAO,yBC7ChB,SAAS,EAAuB,EAA+B,CAC7D,GAAI,EAAE,aAAiB,OACrB,OAAO,KAET,IAAM,EAAQ,EAAM,MACpB,GAAI,OAAO,GAAU,WAAY,GAAkB,EAAE,SAAU,GAC7D,OAAO,KAET,GAAM,CAAE,QAAS,EAIjB,OAHI,OAAO,GAAS,WAAY,GAAiB,EAAE,cAAe,GACzD,KAEF,OAAO,EAAK,WAAc,SAAW,EAAK,UAAY,KAI/D,MAAM,EAAyE,CAC7E,qCAAuC,GACrC,IAAIC,EAAAA,GACF,mHACA,CAAE,QAAO,CACV,CACH,8BAAgC,GAC9B,IAAIC,EAAAA,GAA8B,qDAAsD,CACtF,QACD,CAAC,CACJ,cAAgB,GACd,IAAIC,EAAAA,EACF,8EACA,CAAE,QAAO,CACV,CACH,uBAAyB,GACvB,IAAIC,EAAAA,GAA8B,yDAA0D,CAC1F,QACD,CAAC,CACJ,gCAAkC,GAChC,IAAIC,EAAAA,GACF,+DACA,CAAE,QAAO,CACV,CACH,4BAA8B,GAC5B,IAAIC,EAAAA,GAAiC,yDAA0D,CAC7F,QACD,CAAC,CACJ,oCAAsC,GACpC,IAAIC,EAAAA,GAA+B,0DAA2D,CAC5F,QACD,CAAC,CACJ,gBAAkB,GAChB,IAAIC,EAAAA,GAAwB,8CAA+C,CAAE,QAAO,CAAC,CACxF,CASD,SAAgB,EAAe,EAAkC,CAC/D,IAAM,EAAQ,aAAiB,MAAQ,EAAQ,IAAA,GAGzC,EAAY,EAAuB,EAAM,CAC/C,GAAI,GAAa,KAAa,EAE5B,OAAO,EAAc,GAAY,EAAM,CAIzC,IAAM,EAAU,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,CACtE,IAAK,GAAM,CAAC,EAAM,KAAY,OAAO,QAAQ,EAAc,CACzD,GAAI,EAAQ,SAAS,EAAK,CACxB,OAAO,EAAQ,EAAM,CAIzB,OAAO,KC/ET,IAAa,EAAb,KAAwD,CACtD,GAA0B,KAC1B,GAA0C,KAC1C,GACA,GACA,GAEA,YAAY,EAAS,kBAAmB,EAAY,EAAG,EAAY,cAAe,CAChF,MAAA,EAAe,EACf,MAAA,EAAkB,EAClB,MAAA,EAAkB,EAGpB,IAA+B,CA4C7B,OA3CI,MAAA,EACK,QAAQ,QAAQ,MAAA,EAAS,EAE9B,AAIJ,MAAA,IAAkB,IAAI,SAAS,EAAS,IAAW,CACjD,IAAM,EAAU,UAAU,KAAK,MAAA,EAAc,MAAA,EAAgB,CAE7D,EAAQ,oBAAwB,CAC9B,IAAM,EAAK,EAAQ,OACd,EAAG,iBAAiB,SAAS,MAAA,EAAgB,EAChD,EAAG,kBAAkB,MAAA,EAAiB,CAAE,QAAS,MAAO,CAAC,EAI7D,EAAQ,cAAkB,CACxB,MAAA,EAAW,EAAQ,OACnB,MAAA,EAAkB,KAClB,MAAA,EAAS,oBAAwB,CAE/B,QAAQ,KACN,cAAc,MAAA,EAAa,kDAC5B,CACD,MAAA,GAAU,OAAO,CACjB,MAAA,EAAW,KACX,MAAA,EAAkB,MAEpB,MAAA,EAAS,YAAgB,CACvB,MAAA,EAAW,KACX,MAAA,EAAkB,MAEpB,EAAQ,MAAA,EAAS,EAGnB,EAAQ,YAAgB,CACtB,MAAA,EAAW,KACX,MAAA,EAAkB,KAClB,EAAO,EAAQ,MAAM,GAEvB,CArCO,MAAA,GA0CX,MAAA,EACE,EACA,EACY,CACZ,IAAM,EAAK,MAAM,MAAA,GAAa,CAC9B,OAAO,IAAI,SAAS,EAAS,IAAW,CACtC,IAAM,EAAK,EAAG,YAAY,MAAA,EAAiB,EAAK,CAChD,EAAG,YAAgB,EAAO,EAAG,OAAa,MAAM,sBAAsB,CAAC,CACvE,IAAM,EAAU,EAAG,EAAG,YAAY,MAAA,EAAgB,CAAC,CAC/C,IAAS,WACX,EAAQ,cAAkB,EAAQ,EAAQ,OAAO,CAEjD,EAAG,eAAmB,EAAQ,EAAQ,OAAO,CAE/C,EAAQ,YAAgB,EAAO,EAAQ,MAAM,EAC7C,CAGJ,MAAM,IAAiB,EAAgC,CAIrD,OAHe,MAAM,MAAA,EAAgD,WAAa,GAChF,EAAM,IAAI,EAAI,CACf,GACc,OAAS,KAG1B,MAAM,IAAiB,EAAa,EAAyB,CAC3D,MAAM,MAAA,EAA4B,YAAc,GAAU,EAAM,IAAI,CAAE,MAAK,QAAO,CAAC,CAAC,CAGtF,MAAM,OAAO,EAA4B,CACvC,MAAM,MAAA,EAA4B,YAAc,GAAU,EAAM,OAAO,EAAI,CAAC,CAG9E,MAAM,OAAuB,CAC3B,MAAM,MAAA,EAA4B,YAAc,GAAU,EAAM,OAAO,CAAC,GAK5E,MAAa,EAAmB,IAAI,EC3EvB,EAAqB,IAUlC,IAAsB,EAAtB,KAAyD,CACvD,GAA0B,KAC1B,GAAmB,IAAI,IACvB,GAAwC,KACxC,OACA,OAEA,YAAY,EAAiB,EAAmC,CAC9D,KAAK,OAAS,EACd,KAAK,OAAS,EAmChB,MAAM,YAA+B,CAWnC,OAVI,MAAA,EACK,MAAA,GAGT,AACE,MAAA,IAAoB,MAAA,GAAoB,CAAC,MAAO,GAAU,CAExD,KADA,OAAA,EAAoB,KACd,GACN,CAEG,MAAA,GAGT,MAAA,GAAwC,CACtC,IAAM,EAAS,KAAK,cAAc,CAClC,KAAK,WAAW,EAAO,CAEvB,GAAI,CACF,GAAM,CAAE,OAAM,WAAY,KAAK,gBAAgB,CAC/C,MAAM,KAAK,cAAgC,EAAQ,EAAM,EAAS,IAAgB,CAClF,KAAK,gBAAgB,EAAO,CAC5B,MAAA,EAAe,QACR,EAAO,CAEd,MADA,KAAK,gBAAgB,EAAO,CACtB,EAGR,OAAO,MAAA,EAGT,WAAkB,CAChB,GAAI,MAAA,EAAc,CAChB,IAAK,GAAM,CAAC,EAAI,KAAY,MAAA,EAC1B,aAAa,EAAQ,UAAU,CAC/B,EAAQ,OAAW,MAAM,oBAAoB,CAAC,CAC9C,MAAA,EAAsB,OAAO,EAAG,CAGlC,KAAK,gBAAgB,MAAA,EAAa,CAClC,MAAA,EAAe,KAEjB,MAAA,EAAoB,KAOtB,eAAyB,EAAyC,CAChE,IAAM,EAAU,MAAA,EAAsB,IAAI,EAAS,GAAG,CAEtD,GAAI,CAAC,EAAS,CACZ,KAAK,QAAQ,KAAK,uDAAwD,CACxE,GAAI,EAAS,GACd,CAAC,CACF,OAGF,IAAM,EAAU,KAAK,MAAM,YAAY,KAAK,CAAG,EAAQ,UAAU,CAKjE,GAHA,aAAa,EAAQ,UAAU,CAC/B,MAAA,EAAsB,OAAO,EAAS,GAAG,CAErC,EAAS,QACX,KAAK,QAAQ,MAAM,oBAAoB,EAAQ,KAAK,KAAM,CACxD,GAAI,EAAS,GACb,UACD,CAAC,CACF,EAAQ,QAAQ,EAAS,KAAK,KACzB,CACL,KAAK,QAAQ,MAAM,oBAAoB,EAAQ,KAAK,SAAU,CAC5D,GAAI,EAAS,GACb,UACA,MAAO,EAAS,MACjB,CAAC,CACF,IAAM,EAAU,MAAM,EAAS,MAAM,CACjC,eAAgB,GAAY,OAAO,EAAS,YAAe,WAC5D,EAAwC,WAAa,EAAS,YAEjE,EAAQ,OAAO,EAAI,EAIvB,kBAA4B,EAAuB,CACjD,KAAK,QAAQ,MAAM,8BAA+B,CAAE,MAAO,EAAS,CAAC,CACrE,IAAM,EAAS,MAAA,EACf,MAAA,EAAe,KACf,MAAA,EAAuB,iBAAiB,IAAU,CAC9C,GACF,KAAK,gBAAgB,EAAO,CAIhC,0BAA2C,CACzC,KAAK,QAAQ,MAAM,gDAAgD,CACnE,IAAM,EAAS,MAAA,EACf,MAAA,EAAe,KACf,MAAA,EAAuB,wCAAwC,CAC3D,GACF,KAAK,gBAAgB,EAAO,CAQhC,cACE,EACA,EACA,EACA,EAAoB,EACR,CACZ,OAAO,IAAI,SAAY,EAAS,IAAW,CACzC,IAAM,EAAK,KAAK,mBAAmB,CAC7B,EAAY,YAAY,KAAK,CACnC,KAAK,QAAQ,MAAM,oBAAoB,IAAQ,CAAE,KAAI,CAAC,CAEtD,IAAM,EAAY,eAAiB,CACjC,MAAA,EAAsB,OAAO,EAAG,CAChC,IAAM,EAAU,KAAK,MAAM,YAAY,KAAK,CAAG,EAAU,CACzD,KAAK,QAAQ,MAAM,kBAAkB,EAAK,mBAAmB,EAAU,IAAK,CAC1E,KACA,UACD,CAAC,CACF,EAAW,MAAM,WAAW,EAAK,mBAAmB,EAAU,IAAI,CAAC,EAClE,EAAU,CAEb,MAAA,EAAsB,IAAI,EAAI,CACnB,UACT,SACA,YACA,YACA,OACD,CAAC,CAEF,IAAM,EAAU,CAAE,KAAI,OAAM,UAAS,CACrC,KAAK,YAAY,EAAQ,EAAQ,EACjC,CAGJ,MAAgB,YACd,EACA,EACA,EAAoB,EACR,CACZ,IAAM,EAAS,MAAM,KAAK,YAAY,CACtC,OAAO,KAAK,cAAiB,EAAQ,EAAM,EAAS,EAAU,CAOhE,MAAM,iBAAwD,CAC5D,OAAO,KAAK,YAAyC,mBAAoB,EAAE,CAAC,CAG9E,MAAM,aAAa,EAAgE,CACjF,OAAO,KAAK,YAAsC,gBAAiB,EAAO,CAG5E,MAAM,QAAQ,EAAsD,CAClE,OAAO,KAAK,YAAiC,UAAW,EAAO,CAGjE,MAAM,YAAY,EAA8D,CAC9E,OAAO,KAAK,YAAqC,eAAgB,EAAO,CAG1E,MAAM,cAAc,EAAuD,CACzE,OAAO,KAAK,YAAuC,iBAAkB,CAAE,UAAS,CAAC,CAGnF,MAAM,iCACJ,EAC4C,CAC5C,OAAO,KAAK,YAA+C,0BAA2B,EAAO,CAG/F,MAAM,qBACJ,EAC2C,CAC3C,OAAO,KAAK,YAA8C,yBAA0B,EAAO,CAG7F,MAAM,2BACJ,EACiD,CACjD,OAAO,KAAK,YACV,gCACA,CAAE,UAAS,CACZ,CAGH,MAAM,cAAkD,CACtD,OAAO,KAAK,YAAsC,iBAAkB,EAAE,CAAC,CAGzE,MAAM,gBAAgB,EAAoD,CACxE,OAAO,KAAK,YAAyC,oBAAqB,CAAE,OAAM,CAAC,CAOrF,GAAkB,EAAuB,CACvC,IAAK,GAAM,CAAC,EAAI,KAAY,MAAA,EAC1B,aAAa,EAAQ,UAAU,CAC/B,EAAQ,OAAW,MAAM,EAAQ,CAAC,CAClC,MAAA,EAAsB,OAAO,EAAG,GChStC,SAAS,EAAe,EAAsD,CAC5E,GAAI,CAIF,OAHA,EAAA,EAAa,EAAS,UAAU,CAChC,EAAA,EAAiB,EAAS,KAAM,aAAa,CAC7C,EAAA,EAAuD,EAAS,SAAU,iBAAiB,CACpF,QACD,CACN,MAAO,IAUX,SAAgB,IAAkE,CAChF,IAAM,EAAI,WACV,IAAK,IAAM,IAAM,CAAC,EAAE,OAAQ,EAAE,QAAQ,CACpC,GAAI,CAEF,GADA,EAAA,EAAa,EAAI,KAAK,CAClB,EAAe,EAAG,QAAQ,CAC5B,OAAO,EAAG,aAEN,CACN,UCVN,IAAa,EAAb,cAAyC,CAA6C,CACpF,YAAY,EAA4B,CACtC,MAAM,EAAQ,EAAO,OAAO,CAG9B,cAAiC,CAC/B,IAAM,EAAU,IAA4B,CAC5C,GAAI,EACF,OAAO,IAAI,OAAO,EAAQ,OAAOa,wBAAe,CAAC,CAEnD,IAAM,EAAU,IAAI,gBAAgB,IAAI,KAAK,CAACC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAW,CAAE,CAAE,KAAM,yBAA0B,CAAC,CAAC,CAC/F,GAAI,CACF,OAAO,IAAI,OAAO,EAAQ,QAClB,CACR,IAAI,gBAAgB,EAAQ,EAIhC,WAAqB,EAAsB,CACzC,EAAO,UAAa,GAClB,KAAK,eAAe,EAAM,KAAK,CACjC,EAAO,QAAW,GAAsB,KAAK,kBAAkB,EAAM,QAAQ,CAC7E,EAAO,mBAAuB,KAAK,0BAA0B,CAG/D,YAAsB,EAAgB,EAA8B,CAClE,EAAO,YAAY,EAAQ,CAG7B,gBAA0B,EAAsB,CAC9C,EAAO,WAAW,CAGpB,mBAAsC,CACpC,OAAO,OAAO,YAAY,CAG5B,gBAGE,CAIA,GAAM,CAAE,SAAQ,cAAa,YAAW,YAAW,UAAW,KAAK,OACnE,MAAO,CAAE,KAAM,OAAQ,QAAS,CAAE,SAAQ,cAAa,YAAW,YAAW,SAAQ,CAAE,CAOzF,MAAM,WAAW,EAAkC,CACjD,MAAM,KAAK,YAAoC,cAAe,CAC5D,YACD,CAAC,GCtCN,MAAM,EAAa,KAGb,EAAiB,IAAS,IAIhC,SAAS,EAAS,EAA2B,CAC3C,IAAM,EAAmB,EAAE,CAC3B,IAAK,IAAI,EAAI,EAAG,EAAI,EAAM,OAAQ,GAAK,EACrC,EAAO,KAAK,OAAO,aAAa,GAAG,EAAM,SAAS,EAAG,EAAI,EAAW,CAAC,CAAC,CAExE,OAAO,KAAK,EAAO,KAAK,GAAG,CAAC,CAG9B,SAAS,EAAW,EAAyB,CAC3C,IAAI,EACJ,GAAI,CACF,EAAS,KAAK,EAAI,MACZ,CACN,MAAU,MAAM,gCAAgC,EAAI,OAAO,GAAG,CAEhE,GAAI,EAAO,SAAW,EACpB,MAAU,MAAM,4BAA4B,CAE9C,IAAM,EAAQ,IAAI,WAAW,EAAO,OAAO,CAC3C,IAAK,IAAI,EAAI,EAAG,EAAI,EAAO,OAAQ,IACjC,EAAM,GAAK,EAAO,WAAW,EAAE,CAEjC,OAAO,EAGT,SAAS,EAAiB,EAAyB,CACjD,MAAO,cAAc,IAGvB,SAAS,EAAiB,EAAiB,EAAsB,CAC/D,MAAO,cAAc,EAAQ,GAAG,IAGlC,SAAS,EAAe,EAAyB,CAC/C,MAAO,oBAAoB,IAG7B,SAAS,EAAe,EAA0C,CAChE,EAAA,EAAa,EAAG,kBAAkB,CAClC,EAAA,EAAiB,EAAG,cAAe,8BAA8B,CACjE,EAAA,EAAiB,EAAG,YAAa,4BAA4B,CAG/D,SAAS,EAAmB,EAA6C,CACvE,EAAA,EAAa,EAAG,qBAAqB,CACrC,EAAA,EAAiB,EAAG,iBAAkB,oCAAoC,CAC1E,EAAA,EAAiB,EAAG,eAAgB,kCAAkC,CAmBxE,IAAa,EAAb,KAA8B,CAC5B,GACA,GACA,GACA,GACA,GACA,GACA,GAAmB,IAAI,IACvB,GAAsD,KACtD,GAAwB,IAAI,IAC5B,GAAiD,KAEjD,GAAoC,KAEpC,YAAY,EAOT,CACD,MAAA,EAAgB,EAAK,QACrB,MAAA,EAAgB,EAAK,QACrB,MAAA,EAAmB,EAAK,WACxB,MAAA,GAAe,EAAK,KAAO,OAAU,IACrC,MAAA,EAAe,EAAK,QAAU,QAKhC,MAAM,aAAa,EAAmE,CACpF,GAAI,MAAA,IAAuB,IAAA,GACzB,OAAO,MAAA,EAIT,GAAI,MAAA,EACF,OAAO,MAAA,EAGT,MAAA,EAA0B,MAAA,EAAoB,EAAQ,CACtD,GAAI,CACF,OAAO,MAAM,MAAA,SACL,CACR,MAAA,EAA0B,MAI9B,MAAA,EAAqB,EAAmE,CACtF,IAAM,EAAM,EAAiB,MAAA,EAAc,CAE3C,GAAI,CACF,IAAM,EAAM,MAAM,MAAA,EAAc,IAAI,EAAI,CACxC,GAAI,EAAK,CACP,EAAe,EAAI,CACnB,IAAM,EAA0B,CAC9B,YAAa,EAAI,YACjB,UAAW,EAAW,EAAI,UAAU,CACrC,CAED,MADA,OAAA,EAAqB,EACd,SAEF,EAAK,CAEZ,MAAM,MAAA,EAAoB,EAAI,CAC9B,MAAA,EAAa,KACX,mFACA,CACE,QAAS,MAAA,EACT,MAAOU,EAAAA,EAAQ,EAAI,CAAC,QACrB,CACF,CAGH,IAAM,EAAS,MAAM,GAAS,CAC9B,GAAI,IAAW,KACb,OAAO,KAGT,MAAA,EAAqB,EAErB,GAAI,CACF,IAAM,EAA0B,CAC9B,YAAa,EAAO,YACpB,UAAW,EAAS,EAAO,UAAU,CACrC,gBAAiB,KAAK,KAAK,CAC5B,CACD,MAAM,MAAA,EAAc,IAAI,EAAK,EAAO,OAC7B,EAAK,CACZ,MAAA,EAAa,KAAK,0CAA2C,CAC3D,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CAGJ,OAAO,EAKT,MAAM,gBACJ,EACA,EAC6B,CAC7B,IAAM,EAAM,MAAA,EAAsB,IAAI,EAAK,CAC3C,GAAI,IAAQ,IAAA,GACV,OAAO,EAIT,IAAM,EAAW,MAAA,EAA2B,IAAI,EAAK,CACrD,GAAI,EACF,OAAO,EAGT,IAAM,EAAU,MAAA,EAAuB,EAAM,EAAQ,CACrD,MAAA,EAA2B,IAAI,EAAM,EAAQ,CAC7C,GAAI,CACF,OAAO,MAAM,SACL,CACR,MAAA,EAA2B,OAAO,EAAK,EAI3C,MAAA,EACE,EACA,EAC6B,CAC7B,IAAM,EAAM,EAAiB,MAAA,EAAe,EAAK,CAEjD,GAAI,CACF,IAAM,EAAM,MAAM,MAAA,EAAc,IAAI,EAAI,CACxC,GAAI,EAAK,CACP,EAAmB,EAAI,CACvB,IAAM,EAA6B,CACjC,eAAgB,EAAI,eACpB,aAAc,EAAW,EAAI,aAAa,CAC3C,CAED,OADA,MAAA,EAAsB,IAAI,EAAM,EAAO,CAChC,SAEF,EAAK,CAEZ,MAAM,MAAA,EAAoB,EAAI,CAC9B,MAAA,EAAa,KACX,sFACA,CACE,QAAS,MAAA,EACT,OACA,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CACF,CAGH,IAAM,EAAS,MAAM,GAAS,CAC9B,GAAI,IAAW,KACb,OAAO,KAGT,MAAA,EAAsB,IAAI,EAAM,EAAO,CAEvC,GAAI,CACF,IAAM,EAA6B,CACjC,eAAgB,EAAO,eACvB,aAAc,EAAS,EAAO,aAAa,CAC3C,gBAAiB,KAAK,KAAK,CAC5B,CACD,MAAM,MAAA,EAAc,IAAI,EAAK,EAAO,CAGpC,IAAM,EAAS,EAAe,MAAA,EAAc,CACtC,EACH,MAAM,MAAA,EAAc,IAAc,EAAO,CAAC,MAAO,IAChD,MAAA,EAAa,KAAK,2CAA4C,CAC5D,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CACK,MACP,EAAK,EAAE,CACN,EAAS,SAAS,EAAK,EAC1B,MAAM,MAAA,EAAc,IAAI,EAAQ,CAAC,GAAG,EAAU,EAAK,CAAC,OAE/C,EAAK,CACZ,MAAA,EAAa,KAAK,6CAA8C,CAC9D,QAAS,MAAA,EACT,OACA,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CAGJ,OAAO,EAaT,MAAM,iBAAoC,CAExC,GAAI,MAAA,EACF,OAAO,MAAA,EAET,MAAA,EAA6B,MAAA,GAA4B,CACzD,GAAI,CACF,OAAO,MAAM,MAAA,SACL,CACR,MAAA,EAA6B,MAIjC,MAAA,GAAgD,CAE9C,IAAM,EAAM,KAAK,KAAK,CAMtB,GALI,MAAA,IAA4B,MAAQ,EAAM,MAAA,EAA0B,MAAA,GAKpE,CAAC,MAAA,EACH,MAAO,GAGT,IAAM,EAAQ,EAAiB,MAAA,EAAc,CAGzC,EAAmC,KACnC,EAIC,EAAE,CAEP,GAAI,CAEF,GAAM,CAAC,EAAO,GAAW,MAAM,QAAQ,IAAI,CACzC,MAAA,EAAc,IAAI,EAAM,CACxB,MAAA,GAA2B,CAC5B,CAAC,CAGF,GAAI,EACF,GAAI,CACF,EAAe,EAAM,CACrB,EAAW,CAAE,GAAG,EAAO,gBAAiB,EAAM,iBAAmB,EAAG,OAC7D,EAAK,CACZ,MAAA,EAAa,KAAK,oDAAqD,CACrE,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CACF,MAAM,MAAA,EAAoB,EAAM,CAMpC,GAFA,EAAe,EAEX,CAAC,EACH,MAAO,GAST,GALuD,CACrD,EACA,GAAG,EAAa,IAAK,GAAM,EAAE,KAAK,CACnC,CAC2B,MAAO,GAAM,EAAM,EAAE,gBAAkB,MAAA,EAAY,CAG7E,MADA,OAAA,EAA0B,EACnB,GAIT,IAAM,EAAc,MAAM,WAAW,MAAM,GAAG,MAAA,EAAiB,SAAS,CACxE,GAAI,CAAC,EAAY,GAAI,CAEnB,IAAM,EAAiB,EAAM,MAAA,EAAc,EAc3C,OAbA,MAAA,EAAa,KAAK,+DAAgE,CAChF,OAAQ,EAAY,OACpB,WAAY,MAAA,EACb,CAAC,CACF,MAAM,MAAA,EACJ,EACA,CAAE,GAAG,EAAU,gBAAiB,EAAgB,CAChD,EAAa,IAAK,IAAO,CACvB,GAAG,EACH,KAAM,CAAE,GAAG,EAAE,KAAM,gBAAiB,EAAgB,CACrD,EAAE,CACJ,CACD,MAAA,EAA0B,EACnB,GAGT,IAAM,EAAY,MAAM,EAAY,MAAM,CAK1C,GACE,CAAC,GACD,OAAO,GAAa,UACpB,EAAE,iBAAkB,IACpB,CAAE,EAA2B,cAAc,MAAM,QACjD,EAAE,QAAS,IACX,OAAQ,EAA2B,KAAQ,SAC3C,CACA,MAAA,EAAa,MACX,4EACA,CACE,WAAY,MAAA,EACZ,aAAc,GAAY,OAAO,GAAa,SAAW,OAAO,KAAK,EAAS,CAAG,EAAE,CACpF,CACF,CAED,IAAM,EAAiB,EAAM,MAAA,EAAc,EAU3C,OATA,MAAM,MAAA,EACJ,EACA,CAAE,GAAG,EAAU,gBAAiB,EAAgB,CAChD,EAAa,IAAK,IAAO,CACvB,GAAG,EACH,KAAM,CAAE,GAAG,EAAE,KAAM,gBAAiB,EAAgB,CACrD,EAAE,CACJ,CACD,MAAA,EAA0B,EACnB,GAET,IAAM,EAAgB,EAGhB,EAAgB,EAAc,aAAa,KAAK,GAGtD,GAAI,EAAS,aAAe,GAAiB,IAAkB,EAAS,YAGtE,OAFA,MAAM,MAAA,EAAe,EAAO,EAAa,CACzC,MAAA,EAA0B,KACnB,GAGT,IAAI,EAA6B,CAAE,GAAG,EAAU,gBAAiB,EAAK,CACtE,GAAI,EAAe,CACjB,IAAM,EAAY,MAAM,MAAA,EAA6B,EAAe,EAAS,CAC7E,GAAI,CAAC,EAAU,MAGb,OAFA,MAAM,MAAA,EAAe,EAAO,EAAa,CACzC,MAAA,EAA0B,KACnB,GAET,EAAY,CACV,GAAG,EACH,YAAa,EACb,KAAM,EAAU,KAChB,aAAc,EAAU,aACzB,CAIH,IAAM,EAA2C,EAAE,CACnD,IAAK,IAAM,KAAS,EAAc,CAEhC,IAAM,EADc,EAAc,IAAI,OAAO,EAAM,KAAK,GAC5B,KAAK,GAGjC,GAAI,EAAM,KAAK,aAAe,GAAU,IAAW,EAAM,KAAK,YAG5D,OAFA,MAAM,MAAA,EAAe,EAAO,EAAa,CACzC,MAAA,EAA0B,KACnB,GAGT,IAAI,EAAkC,CACpC,GAAG,EAAM,KACT,gBAAiB,EAClB,CACD,GAAI,EAAQ,CACV,IAAM,EAAY,MAAM,MAAA,EAA6B,EAAQ,EAAM,KAAK,CACxE,GAAI,CAAC,EAAU,MAGb,OAFA,MAAM,MAAA,EAAe,EAAO,EAAa,CACzC,MAAA,EAA0B,KACnB,GAET,EAAc,CACZ,GAAG,EACH,YAAa,EACb,KAAM,EAAU,KAChB,aAAc,EAAU,aACzB,CAEH,EAAoB,KAAK,CAAE,GAAG,EAAO,KAAM,EAAa,CAAC,CAM3D,OAFA,MAAM,MAAA,EAAmB,EAAO,EAAW,EAAoB,CAC/D,MAAA,EAA0B,EACnB,SACA,EAAK,CACZ,IAAM,EAAQA,EAAAA,EAAQ,EAAI,CACpB,EACJ,aAAe,WACf,aAAe,gBACf,aAAe,YACf,aAAe,YACX,EAAQ,EAAqB,QAAU,OAC7C,MAAA,EAAa,GACX,EACI,sDACA,0DACJ,CACE,QAAS,MAAA,EACT,WAAY,MAAA,EACZ,MAAO,EAAM,QACd,CACF,CAGD,IAAM,EAAiB,EAAM,MAAA,EAAc,EAC3C,GAAI,CACE,GACF,MAAM,MAAA,EACJ,EACA,CAAE,GAAG,EAAU,gBAAiB,EAAgB,CAChD,EAAa,IAAK,IAAO,CACvB,GAAG,EACH,KAAM,CAAE,GAAG,EAAE,KAAM,gBAAiB,EAAgB,CACrD,EAAE,CACJ,OAEI,EAAU,CACjB,MAAA,EAAa,KAAK,kEAAmE,CACnF,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAS,CAAC,QAC1B,CAAC,CAGJ,MADA,OAAA,EAA0B,EACnB,IAMX,MAAA,EACE,EACA,EACmE,CACnE,IAAM,EAAgB,GAAQ,EAAO,MAAQ,EAAO,cAC9C,EAAkC,EAAE,CACtC,EAAO,OACT,EAAQ,iBAAmB,EAAO,MAEhC,EAAO,eACT,EAAQ,qBAAuB,EAAO,cAKxC,IAAI,EAAM,MAAM,WAAW,MAAM,EAAK,CAAE,OAAQ,OAAQ,UAAS,CAAC,CASlE,GANI,EAAI,SAAW,MACjB,EAAM,MAAM,WAAW,MAAM,EAAK,CAAE,UAAS,CAAC,EAK5C,CAAC,EAAI,IAAM,EAAI,SAAW,IAC5B,MAAU,MAAM,yCAAyC,EAAI,YAAY,EAAI,SAAS,CAGxF,IAAM,EAAO,EAAI,QAAQ,IAAI,OAAO,EAAI,IAAA,GAClC,EAAe,EAAI,QAAQ,IAAI,gBAAgB,EAAI,IAAA,GAgBzD,OAdI,EAAI,SAAW,IACV,CACL,MAAO,GACP,KAAM,GAAQ,EAAO,KACrB,aAAc,GAAgB,EAAO,aACtC,CAGE,EAME,CAAE,MAAO,GAAO,OAAM,eAAc,CAJlC,CAAE,MAAO,GAAM,OAAM,eAAc,CAS9C,MAAA,GAEE,CAEA,IAAM,EAAS,EAAe,MAAA,EAAc,CACtC,EACH,MAAM,MAAA,EAAc,IAAc,EAAO,CAAC,MAAO,IAChD,MAAA,EAAa,KAAK,kEAAmE,CACnF,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CACK,MACP,EAAK,EAAE,CACL,EAAU,IAAI,IAAI,CAAC,GAAG,MAAA,EAAsB,MAAM,CAAE,GAAG,EAAc,CAAC,CAEtE,EAAY,MAAM,KAAK,EAAQ,CAwCrC,OAvCgB,MAAM,QAAQ,IAC5B,EAAU,IAAI,KAAO,IAAS,CAC5B,IAAM,EAAO,EAAiB,MAAA,EAAe,EAAK,CAE9C,EACJ,GAAI,CACF,EAAM,MAAM,MAAA,EAAc,IAAI,EAAK,OAC5B,EAAK,CAMZ,OALA,MAAA,EAAa,KAAK,yDAA0D,CAC1E,QAAS,MAAA,EACT,OACA,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CACK,KAET,GAAI,CAAC,EACH,OAAO,KAET,GAAI,CAEF,OADA,EAAmB,EAAI,CAChB,CACL,OACA,IAAK,EACL,KAAM,CACJ,GAAG,EACH,gBAAiB,EAAI,iBAAmB,EACzC,CACF,OACM,EAAK,CAOZ,OANA,MAAA,EAAa,KAAK,gDAAiD,CACjE,QAAS,MAAA,EACT,OACA,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CACF,MAAM,MAAA,EAAoB,EAAK,CACxB,OAET,CACH,EACc,OACZ,GAAoE,IAAM,KAC5E,CAGH,MAAA,EAAqB,EAA4B,CAC/C,MAAM,MAAA,EAAc,OAAO,EAAI,CAAC,MAAO,GAAQ,CAC7C,MAAA,EAAa,KAAK,+BAAgC,CAChD,QAAS,MAAA,EACT,MACA,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,EACF,CAGJ,MAAA,EAAgB,EAAe,EAAqD,CAClF,IAAM,EAAS,EAAe,MAAA,EAAc,CAG5C,GAAI,CACF,MAAM,QAAQ,IAAI,CAChB,MAAA,EAAc,OAAO,EAAM,CAC3B,MAAA,EAAc,OAAO,EAAO,CAC5B,GAAG,EAAa,IAAK,GAAU,MAAA,EAAc,OAAO,EAAM,IAAI,CAAC,CAChE,CAAC,OACK,EAAK,CACZ,MAAA,EAAa,KAAK,0DAA2D,CAC3E,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,CAGJ,MAAA,EAAqB,IAAA,GACrB,MAAA,EAAsB,OAAO,CAG/B,MAAA,EACE,EACA,EACA,EACe,CACf,IAAM,EAAS,CACb,MAAA,EAAc,IAAI,EAAO,EAAG,CAAC,MAAO,GAAQ,CAC1C,MAAA,EAAa,KAAK,mDAAoD,CACpE,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,EACF,CACF,GAAG,EAAa,IAAK,GACnB,MAAA,EAAc,IAAI,EAAM,IAAK,EAAM,KAAK,CAAC,MAAO,GAAQ,CACtD,MAAA,EAAa,KAAK,+CAAgD,CAChE,QAAS,MAAA,EACT,MAAOA,EAAAA,EAAQ,EAAI,CAAC,QACrB,CAAC,EACF,CACH,CACF,CACD,MAAM,QAAQ,IAAI,EAAO,GCppBhB,EAAb,KAA0D,CACxD,GAA4C,KAC5C,GAAoD,KACpD,GAAmD,KACnD,GAAc,GACd,GAAkC,KAClC,GAA0C,KAC1C,GAA0C,KAC1C,GAA4B,OAC5B,GACA,GAEA,YAAY,EAA0B,CACpC,MAAA,EAAe,EAIjB,IAAI,QAA2B,CAC7B,OAAO,MAAA,EAIT,IAAI,WAA+B,CACjC,OAAO,MAAA,EAGT,GAAW,EAA0B,EAAqB,CACxD,MAAA,EAAe,EACf,MAAA,EAAkB,EAClB,MAAA,EAAa,iBAAiB,EAAQ,EAAM,CAG9C,MAAA,GAAsD,CACpD,IAAM,EAAU,MAAM,MAAA,EAAa,YAAY,CACzC,CAAE,aAAY,WAAU,WAAY,MAAA,EAE1C,GAAI,IAAY,IAAA,KAAc,CAAC,OAAO,UAAU,EAAQ,EAAI,EAAU,GACpE,MAAU,MAAM,yBAAyB,EAAQ,+BAA+B,CASlF,OANI,IAAY,IAAA,IAAa,WAAW,oBAAsB,IAAA,IAC5D,MAAA,EAAa,QAAQ,KACnB,kGACD,CAGI,CACL,OAAQ,mEACR,YAAa,OAAO,OAAO,EAAE,CAAEe,EAAAA,EAAe,GAAU,EAAW,GAAS,CAC5E,UAAW,GAAU,gBAAgB,EAAI,GACzC,UAAW,GAAU,iBAAmB,GAAQ,IAAA,GAAY,mGAC5D,OAAQ,MAAA,EAAa,OAGrB,OAAQ,EACT,CAQH,MAAA,GAAoD,CAClD,GAAI,MAAA,EACF,OAAO,MAAA,EAET,MAAA,EAAmB,MAAA,GAAyB,CAC5C,GAAI,CACF,OAAO,MAAM,MAAA,SACL,CACR,MAAA,EAAmB,MAIvB,IAAkB,CAChB,MAAA,GAAoB,WAAW,CAC/B,MAAA,EAAqB,KACrB,MAAA,EAAoB,KACpB,MAAA,EAAsB,KAGxB,MAAA,GAAyD,CAGnD,MAAA,IACF,MAAA,EAAmB,GACnB,MAAA,EAAqB,KACrB,MAAA,EAAoB,KACpB,MAAA,EAAwB,MAG1B,IAAM,EAAU,MAAM,MAAA,EAAa,YAAY,CAe/C,GAZI,MAAA,IAA0B,MAAQ,IAAY,MAAA,GAChD,MAAA,GAAgB,CAGlB,MAAA,EAAwB,EAIxB,AACE,MAAA,IACE,MAAA,EAAa,oBAAsB,IAAI,EAAiB,mBAAoB,EAAG,YAAY,CAE3F,CAAC,MAAA,EAAqB,CACxB,IAAM,EAAS,OAAO,OAAO,EAAE,CAAEA,EAAAA,EAAe,GAAU,MAAA,EAAa,WAAW,GAAS,CAC3F,MAAA,EAAsB,IAAI,EAAiB,CACzC,QAAS,MAAA,EACT,UACA,WAAY,EAAO,WACnB,IAAK,MAAA,EAAa,oBAClB,OAAQ,MAAA,EAAa,OACtB,CAAC,CAIJ,GAAI,MAAA,EAAqB,CACvB,IAAI,EAAQ,GACZ,GAAI,CACF,EAAQ,MAAM,MAAA,EAAoB,iBAAiB,OAC5C,EAAK,CACZ,MAAA,EAAa,QAAQ,KACnB,wEACA,CAAE,MAAO,aAAe,MAAQ,EAAI,QAAU,OAAO,EAAI,CAAE,CAC5D,CAEC,IACF,MAAA,EAAa,QAAQ,KAAK,kDAAkD,CAC5E,MAAA,GAAgB,EAuBpB,MAnBA,CAEE,MAAA,KADA,MAAA,EAAgB,eAAe,CACX,MAAA,GAAkB,CACnC,KAAM,IACL,MAAA,EAAgB,QAAQ,CACjB,GACP,CACD,MAAO,GAAU,CAChB,MAAA,EAAoB,KACpB,IAAM,EACJ,aAAiBa,EAAAA,EACb,EACA,IAAIC,EAAAA,EAAmB,kCAAmC,CACxD,MAAO,EACR,CAAC,CAER,MADA,MAAA,EAAgB,QAAS,EAAa,CAChC,GACN,EAEC,MAAA,EAMT,MAAA,GAAkD,CAEhD,IAAM,EAAS,IAAI,EADE,MAAM,MAAA,GAAuB,CACE,CAGpD,GAFA,MAAM,EAAO,YAAY,CAErB,MAAA,EAEF,MADA,EAAO,WAAW,CACR,MAAM,kDAAkD,CAGpE,MADA,OAAA,EAAqB,EACd,EAOT,WAAkB,CAChB,MAAA,EAAmB,GACnB,AAEE,MAAA,KADA,MAAA,EAAmB,WAAW,CACT,MAEvB,MAAA,EAAoB,KACpB,MAAA,EAAmB,KAIrB,CAAC,OAAO,UAAiB,CACvB,KAAK,WAAW,CAOlB,MAAA,GAAyC,CACvC,GAAI,MAAA,EAAoB,CACtB,IAAM,EAAQ,MAAA,EAAa,UAAU,gBAAgB,EAAI,GACrD,GACF,MAAM,MAAA,EAAmB,WAAW,EAAM,EAQhD,MAAM,iBAA6C,CAEjD,IAAM,EAAS,MADA,MAAM,MAAA,GAAoB,EACb,iBAAiB,CAC7C,MAAO,CACL,UAAW,EAAO,UAClB,WAAY,EAAO,WACpB,CAMH,MAAM,aACJ,EACA,EACA,EACA,EAAe,EACW,CAE1B,IAAM,EAAS,MADA,MAAM,MAAA,GAAoB,EACb,aAAa,CACvC,YACA,oBACA,iBACA,eACD,CAAC,CAEI,EAAS,CACb,KAAM,EAAO,OAAO,KACpB,QAAS,EAAO,OAAO,QACvB,QAAS,EAAO,OAAO,QACvB,kBAAmB,EAAO,OAAO,kBAClC,CAED,MAAO,CACL,SACA,MAAO,CACL,aAAcE,EAAAA,EAAsB,EAAO,CAC3C,+BAAgC,EAAO,MAAM,+BAC9C,CACD,QAAS,CACP,UAAW,EAAO,QAAQ,UAC1B,kBAAmB,EAAO,QAAQ,kBAClC,eAAgB,EAAO,QAAQ,eAC/B,aAAc,EAAO,QAAQ,aAC7B,UAAW,EAAO,QAAQ,UAC3B,CACF,CAOH,MAAM,QAAQ,EAA+C,CAC3D,GAAM,CAAE,SAAQ,kBAAiB,eAAgB,EAEjD,OAAOC,EAAAA,EAAU,SAAY,CAC3B,IAAM,EAAS,MAAM,MAAA,GAAoB,CACzC,MAAM,MAAA,GAAwB,CAC9B,IAAM,EAAS,MAAM,EAAO,QAAQ,CAClC,SACA,kBACA,cACD,CAAC,CACF,MAAO,CAAE,QAAS,EAAO,QAAS,WAAY,EAAO,WAAY,EACjE,CAOJ,MAAM,YAAY,EAA8E,CAC9F,OAAOA,EAAAA,EAAU,SAAY,CAC3B,IAAM,EAAS,MAAM,MAAA,GAAoB,CAGzC,OAFA,MAAM,MAAA,GAAwB,EACf,MAAM,EAAO,YAAY,EAAO,EACjC,aACd,CAOJ,MAAM,cAAc,EAAiD,CACnE,OAAOA,EAAAA,EAAU,SAAY,CAC3B,IAAM,EAAS,MAAM,MAAA,GAAoB,CACzC,MAAM,MAAA,GAAwB,CAC9B,IAAM,EAAS,MAAM,EAAO,cAAc,EAAQ,CAClD,MAAO,CACL,YAAa,EAAO,YACpB,sBAAuB,EAAO,sBAC9B,gBAAiB,EAAO,gBACzB,EACD,CAMJ,MAAM,iCACJ,EACA,EACA,EACA,EACA,EAAe,EAC6B,CAE5C,OADe,MAAM,MAAA,GAAoB,EAC3B,iCAAiC,CAC7C,YACA,oBACA,mBACA,iBACA,eACD,CAAC,CAOJ,MAAM,qBACJ,EACmD,CACnD,OAAOA,EAAAA,EAAU,SAAY,CAC3B,IAAM,EAAS,MAAM,MAAA,GAAoB,CAGzC,OAFA,MAAM,MAAA,GAAwB,EACf,MAAM,EAAO,qBAAqB,EAAO,EAC1C,aACd,CAMJ,MAAM,2BAA2B,EAAoD,CACnF,OAAOA,EAAAA,EAAU,SAAY,CAC3B,IAAM,EAAS,MAAM,MAAA,GAAoB,CAEzC,OADA,MAAM,MAAA,GAAwB,CACvB,EAAO,2BAA2B,EAAQ,EACjD,CAOJ,MAAM,cAGI,CACR,IAAM,EAAS,MAAM,MAAA,GAAoB,CAIzC,OAHI,MAAA,EACK,MAAA,EAAoB,aAAa,UAAa,MAAM,EAAO,cAAc,EAAE,OAAO,EAEnF,MAAM,EAAO,cAAc,EAAE,OAOvC,MAAM,gBACJ,EACsE,CACtE,IAAM,EAAS,MAAM,MAAA,GAAoB,CAOzC,OANI,MAAA,EACK,MAAA,EAAoB,gBACzB,EACA,UAAa,MAAM,EAAO,gBAAgB,EAAK,EAAE,OAClD,EAEK,MAAM,EAAO,gBAAgB,EAAK,EAAE,OAG9C,MAAM,eAAkC,CACtC,IAAM,EAAU,MAAM,MAAA,EAAa,YAAY,CACzC,EAAS,OAAO,OAAO,EAAE,CAAEjB,EAAAA,EAAe,GAAU,MAAA,EAAa,WAAW,GAAS,CAC3F,GAAI,CAAC,EAAO,mBACV,MAAM,IAAIc,EAAAA,EAAmB,uCAAuC,IAAU,CAEhF,OAAO,EAAO,qBCnaL,EAAb,KAA0B,CACxB,GACA,GAA6B,eAC7B,GAAiC,GAAG,MAAA,EAAuB,OAE3D,GAAkC,QAAQ,SAAS,CAEnD,YAAY,EAAyB,CACnC,MAAA,EAAgB,EAIlB,MAAM,IACJ,EACA,EACA,EACgC,CAChC,GAAI,CACF,IAAM,EAAM,MAAA,EAAsB,EAAW,EAAiB,EAAO,CACrE,OAAO,MAAM,MAAA,EAAc,IAAoB,EAAI,OAC5C,EAAO,CAEd,OADA,QAAQ,KAAK,sCAAuC,EAAM,CACnD,MAKX,MAAM,IACJ,EACA,EACA,EACA,EACe,CACf,GAAI,CACF,IAAM,EAAM,MAAA,EAAsB,EAAW,EAAiB,EAAO,CACrE,MAAM,MAAA,EAAc,IAAoB,EAAK,EAAM,CAEnD,MAAA,EAAwB,MAAA,EAAsB,SAC5C,MAAA,EAAiB,EAAI,CAAC,MAAO,GAAU,CACrC,QAAQ,KAAK,8CAA+C,EAAM,EAClE,CACH,CACD,MAAM,MAAA,QACC,EAAO,CACd,QAAQ,KAAK,sCAAuC,EAAM,EAK9D,MAAM,kBAAkB,EAAmC,CAEzD,MAAA,EAAwB,MAAA,EAAsB,SAC5C,MAAA,EAA0B,EAAU,CAAC,MAAO,GAAU,CACpD,QAAQ,KAAK,oDAAqD,EAAM,EACxE,CACH,CACD,MAAM,MAAA,EAGR,MAAA,EAA2B,EAAmC,CAC5D,IAAM,GAAA,EAAA,EAAA,YAA+B,EAAU,CACzC,EAAS,GAAG,MAAA,EAAuB,GAAG,EAAkB,GACxD,EAAO,MAAM,MAAA,GAAiB,CAC9B,EAAqB,EAAE,CACvB,EAAsB,EAAE,CAC9B,IAAK,IAAM,KAAK,EACV,EAAE,WAAW,EAAO,CACtB,EAAS,KAAK,EAAE,CAEhB,EAAU,KAAK,EAAE,CAGrB,MAAM,QAAQ,IAAI,EAAS,IAAK,GAAM,MAAA,EAAc,OAAO,EAAE,CAAC,UAAY,GAAG,CAAC,CAAC,CAC/E,MAAM,MAAA,EAAc,IAAI,MAAA,EAA4B,EAAU,CAIhE,MAAM,UAA0B,CAE9B,MAAA,EAAwB,MAAA,EAAsB,SAC5C,MAAA,GAAkB,CAAC,MAAO,GAAU,CAClC,QAAQ,KAAK,2CAA4C,EAAM,EAC/D,CACH,CACD,MAAM,MAAA,EAGR,MAAA,GAAmC,CACjC,IAAM,EAAO,MAAM,MAAA,GAAiB,CACpC,MAAM,QAAQ,IAAI,EAAK,IAAK,GAAM,MAAA,EAAc,OAAO,EAAE,CAAC,UAAY,GAAG,CAAC,CAAC,CAC3E,MAAM,MAAA,EAAc,OAAO,MAAA,EAA2B,CAGxD,GAAiB,EAAoB,EAA0B,EAAwB,CACrF,MAAO,GAAG,MAAA,EAAuB,IAAA,EAAA,EAAA,YAAc,EAAU,CAAC,IAAA,EAAA,EAAA,YAAc,EAAgB,CAAC,GAAG,EAAO,aAAa,GAGlH,MAAA,GAAsC,CACpC,OAAQ,MAAM,MAAA,EAAc,IAAc,MAAA,EAA2B,EAAK,EAAE,CAG9E,MAAA,EAAkB,EAA4B,CAC5C,IAAM,EAAO,MAAM,MAAA,GAAiB,CAC/B,EAAK,SAAS,EAAI,GACrB,EAAK,KAAK,EAAI,CACd,MAAM,MAAA,EAAc,IAAI,MAAA,EAA4B,EAAK,ICvIlD,EAAb,KAAqD,CACnD,GAAO,IAAI,IAEX,MAAM,IAAiB,EAAgC,CACrD,OAAQ,MAAA,EAAU,IAAI,EAAI,EAAU,KAGtC,MAAM,IAAiB,EAAa,EAAyB,CAC3D,MAAA,EAAU,IAAI,EAAK,EAAM,CAG3B,MAAM,OAAO,EAA4B,CACvC,MAAA,EAAU,OAAO,EAAI,GAKzB,MAAa,EAAgB,IAAI,ECGjC,IAAa,EAAb,KAA8B,CAC5B,GAAsC,KACtC,GAA2C,KAG3C,YAAmB,CACjB,MAAA,EAAyB,KACzB,MAAA,EAAiC,KAInC,MAAM,QAAQ,EAAgB,EAAgB,EAA0C,CACtF,IAAM,EAAM,MAAM,MAAA,EAAgB,EAAW,EAAQ,CAC/C,EAAK,OAAO,gBAAgB,IAAI,WAAW,GAAG,CAAC,CAC/C,EAAU,IAAI,YAEd,EAAa,MAAM,OAAO,OAAO,QACrC,CAAE,KAAM,UAAW,KAAI,CACvB,EACA,EAAQ,OAAO,EAAU,CAC1B,CAED,MAAO,CACL,GAAI,KAAK,OAAO,aAAa,GAAG,EAAG,CAAC,CACpC,WAAY,KAAK,OAAO,aAAa,GAAG,IAAI,WAAW,EAAW,CAAC,CAAC,CACrE,CAIH,MAAM,QAAQ,EAA0B,EAAgB,EAAgC,CACtF,IAAM,EAAM,MAAM,MAAA,EAAgB,EAAW,EAAQ,CAC/C,EAAK,WAAW,KAAK,KAAK,EAAU,GAAG,CAAG,GAAM,EAAE,WAAW,EAAE,CAAC,CAChE,EAAa,WAAW,KAAK,KAAK,EAAU,WAAW,CAAG,GAAM,EAAE,WAAW,EAAE,CAAC,CAEhF,EAAY,MAAM,OAAO,OAAO,QAAQ,CAAE,KAAM,UAAW,KAAI,CAAE,EAAK,EAAW,CAEvF,OAAOiB,EAAAA,EAAU,IAAI,aAAa,CAAC,OAAO,EAAU,CAAC,CAGvD,MAAA,EAAiB,EAAgB,EAAsC,CACrE,IAAM,EAAW,GAAG,EAAU,GAAG,IACjC,GAAI,MAAA,GAA0B,MAAA,IAAmC,EAC/D,OAAO,MAAA,EAGT,IAAM,EAAU,IAAI,YACd,EAAc,MAAM,OAAO,OAAO,UACtC,MACA,EAAQ,OAAO,EAAU,CACzB,SACA,GACA,CAAC,YAAY,CACd,CAEK,EAAM,MAAM,OAAO,OAAO,UAC9B,CACE,KAAM,SACN,KAAM,EAAQ,OAAO,EAAQ,CAC7B,WAAY,IACZ,KAAM,UACP,CACD,EACA,CAAE,KAAM,UAAW,OAAQ,IAAK,CAChC,GACA,CAAC,UAAW,UAAU,CACvB,CAID,MAFA,OAAA,EAAiC,EACjC,MAAA,EAAyB,EAClB,IC3EX,SAAgB,EACd,EAC0C,CAC1C,EAAA,EAAa,EAAM,qBAAqB,CACxC,EAAA,EAAa,EAAK,UAAW,wBAAwB,CACrD,EAAA,EAAY,EAAK,kBAAmB,gCAAgC,CACpE,IAAK,IAAM,KAAQ,EAAK,kBACtB,EAAA,EACE,OAAO,GAAS,WAAA,EAAA,EAAA,WAAsB,EAAM,CAAE,OAAQ,GAAO,CAAC,CAC9D,0DACD,CAEH,EAAA,EAAa,EAAK,oBAAqB,kCAAkC,CACzE,EAAA,EAAa,EAAK,oBAAoB,GAAI,yBAAyB,CACnE,EAAA,EAAa,EAAK,oBAAoB,WAAY,iCAAiC,CACnF,EAAA,EACE,OAAO,EAAK,gBAAmB,SAC/B,qDACD,CACD,EAAA,EACE,OAAO,EAAK,cAAiB,SAC7B,mDACD,CAOH,SAAgB,EAAsB,EAGpC,CACA,EAA+B,EAAK,CACpC,IAAM,EAAM,EACZ,EAAA,EACE,OAAO,EAAI,kBAAqB,WAAA,EAAA,EAAA,WAAsB,EAAI,iBAAkB,CAAE,OAAQ,GAAO,CAAC,CAC9F,8DACD,CACD,EAAA,EACE,OAAO,EAAI,iBAAoB,WAAA,EAAA,EAAA,WAAsB,EAAI,gBAAiB,CAAE,OAAQ,GAAO,CAAC,CAC5F,6DACD,CACD,EAAA,EAAgB,OAAO,EAAI,gBAAmB,SAAU,yCAAyC,CACjG,EAAA,EAAgB,OAAO,EAAI,cAAiB,SAAU,uCAAuC,CAI/F,SAAgB,EAAY,EAAkE,CAG5F,OAFmB,KAAK,MAAM,KAAK,KAAK,CAAG,IAAK,CAC9B,EAAM,eAAiB,EAAM,aAAe,MAKhE,SAAgB,EAAgB,EAA4B,EAAuC,CACjG,IAAM,EAAW,IAAI,IAAI,EAAkB,IAAK,IAAA,EAAA,EAAA,YAAuB,EAAQ,CAAC,CAAC,CAC3E,EAAS,IAAI,IAAI,EAAgB,IAAK,IAAA,EAAA,EAAA,YAAuB,EAAQ,CAAC,CAAC,CAC7E,OAAO,EAAS,WAAW,EAAO,CAMpC,SAAgB,EACd,EACA,EACS,CAIT,OAHK,EAAY,EAAM,CAGhB,EAAgB,EAAM,kBAAmB,EAAkB,CAFzD,GAMX,SAAgB,EAAmB,EAAiC,CAClE,MAAO,CAAC,GAAG,IAAI,IAAI,EAAU,IAAK,IAAA,EAAA,EAAA,YAAuB,EAAQ,CAAC,CAAC,CAAC,CAAC,UAAU,CAIjF,eAAsB,EAAgB,GAAG,EAAgD,CACvF,IAAM,EAAO,MAAM,OAAO,OAAO,OAC/B,UACA,IAAI,aAAa,CAAC,OAAO,EAAS,IAAI,OAAO,CAAC,KAAK,IAAI,CAAC,CACzD,CACD,OAAO,MAAM,KAAK,IAAI,WAAW,EAAK,CAAC,CACpC,IAAK,GAAM,EAAE,SAAS,GAAG,CAAC,SAAS,EAAG,IAAI,CAAC,CAC3C,KAAK,GAAG,CACR,MAAM,EAAG,GAAG,CCnFjB,IAAa,EAAb,KAA+B,CAC7B,GAEA,YAAY,EAAyB,CACnC,MAAA,EAAgB,EAGlB,GAAoB,EAA6C,CAC/D,EAAA,EAAa,EAAM,gBAAgB,CACnC,EAAA,EAAa,EAAK,UAAW,oBAAoB,CACjD,EAAA,EACE,OAAO,EAAK,WAAc,SAC1B,4CACD,CACD,EAAA,EACE,OAAO,EAAK,KAAQ,UAAY,EAAK,MAAQ,WAC7C,oDACD,CAIH,MAAM,IAAI,EAA2C,CACnD,IAAM,EAAM,MAAM,MAAA,EAAc,IAAkB,EAAI,CAKtD,OAJI,IAAQ,KACH,MAET,MAAA,EAAyB,EAAI,CACtB,GAIT,MAAM,IAAI,EAAkF,CAC1F,IAAM,EAAsB,CAC1B,UAAW,EAAO,UAClB,UAAW,KAAK,MAAM,KAAK,KAAK,CAAG,IAAK,CACxC,IAAK,EAAO,IACb,CACD,MAAM,MAAA,EAAc,IAAI,EAAO,IAAK,EAAM,CAI5C,MAAM,OAAO,EAA4B,CACvC,MAAM,MAAA,EAAc,OAAO,EAAI,CASjC,UAAU,EAA8B,CAOtC,OANI,EAAM,MAAQ,WACT,GAEL,EAAM,MAAQ,EACT,GAEF,KAAK,MAAM,KAAK,KAAK,CAAG,IAAK,CAAG,EAAM,WAAa,EAAM,MCD9C,EAAtB,KAGE,CACA,OACA,QACA,kBACA,OACA,WACA,WAEA,GACA,GAAyC,KACzC,GAAmC,KACnC,GAAyC,KAGzC,GAAmC,KAEnC,YAAY,EAA2B,CASrC,GARA,KAAK,OAAS,EAAO,OACrB,KAAK,QAAU,EAAO,QACtB,KAAK,kBAAoB,IAAI,EAAkB,EAAO,eAAe,CACrE,KAAK,OAAS,IAAI,EAClB,KAAK,WAAa,EAAO,YAAc,OACvC,KAAK,WAAa,EAAO,YAAc,OACvC,MAAA,EAAgB,EAAO,cAAkB,IAErC,OAAO,KAAK,YAAe,UAAY,KAAK,WAAa,EAC3D,MAAU,MAAM,0BAA0B,CAE5C,GAAI,OAAO,KAAK,YAAe,UAAY,KAAK,WAAa,EAC3D,MAAU,MAAM,0BAA0B,CAExC,OAAO,KAAK,YAAe,UAAY,KAAK,WAAa,KAAK,aAChE,KAAK,WAAa,KAAK,WAEvB,QAAQ,KACN,oDAAoD,KAAK,WAAW,4IAGrE,EAKL,KAAe,EAAkC,CAC/C,MAAA,EAAc,CAAE,GAAG,EAAS,UAAW,KAAK,KAAK,CAAE,CAAU,CA0B/D,MAAgB,mBAAmB,CACjC,MACA,YACA,YACA,YACqD,CACrD,KAAK,KAAK,CACR,KAAMI,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CAEF,GAAI,CACF,IAAM,EAAY,MAAM,KAAK,QAAQ,IAAgB,EAAI,CACzD,GAAI,EAAW,CACb,KAAK,gBAAgB,EAAU,CAE/B,IAAM,EAAe,MAAM,KAAK,kBAAkB,IAAI,EAAI,CAC1D,GAAI,EACF,GAAI,KAAK,kBAAkB,UAAU,EAAa,CAChD,MAAM,KAAK,kBAAkB,OAAO,EAAI,CACxC,KAAK,KAAK,CAAE,KAAMA,EAAAA,EAAc,eAAgB,OAAQ,MAAO,CAAC,KAC3D,CACL,IAAM,EAAQ,MAAM,KAAK,mBAAmB,EAAW,EAAa,UAAU,CAC9E,GAAI,EAAkB,EAAO,EAAU,CASrC,OARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,kBACpB,kBAAmB,EACpB,CAAC,CACF,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CACK,EAET,GAAI,EAAY,EAAM,CACpB,OAAO,MAAA,EAAsB,CAC3B,MACA,YAAa,EACb,kBAAmB,EACpB,CAAC,CAEJ,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CAKN,GAAI,EAAY,EAAU,CAAE,CAC1B,GAAI,EAAgB,EAAU,kBAAmB,EAAU,CAAE,CAC3D,IAAM,EAAY,MAAM,KAAK,iBAAiB,EAAW,EAAU,kBAAkB,CACrF,MAAM,KAAK,kBAAkB,IAAI,CAC/B,MACA,YACA,IAAK,KAAK,WACX,CAAC,CACF,IAAM,EAAQ,MAAM,KAAK,mBAAmB,EAAW,EAAU,CASjE,OARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,kBACpB,kBAAmB,EACpB,CAAC,CACF,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CACK,EAGT,IAAM,EAAe,MAAM,KAAK,iBAAiB,EAAW,EAAU,kBAAkB,CAClF,EAAQ,MAAM,KAAK,mBAAmB,EAAW,EAAa,CACpE,OAAO,MAAA,EAAsB,CAC3B,MACA,YAAa,EACb,kBAAmB,EACpB,CAAC,CAGJ,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,QAEG,EAAO,CACd,GAAI,aAAiBE,EAAAA,EACnB,MAAM,EAGR,QAAQ,KAAK,uDAAwD,EAAM,CAC3E,KAAK,KAAK,CACR,KAAMF,EAAAA,EAAc,qBACpB,MAAOG,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACF,MAAM,MAAA,EAAwB,EAAI,CAmBpC,OAfI,CAAC,MAAA,GAAuB,MAAA,IAA2B,KACrD,MAAA,EAAyB,EACzB,MAAA,EAAsB,GAAU,CAC7B,KAAM,IACL,KAAK,KAAK,CACR,KAAMH,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CACK,GACP,CACD,YAAc,CACb,MAAA,EAAsB,KACtB,MAAA,EAAyB,MACzB,EAEC,MAAA,EAUT,MAAgB,aAAa,EAAa,EAA6C,CACrF,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,QAAQ,IAAgB,EAAI,CAMtD,OALK,GAGL,KAAK,gBAAgB,EAAO,CAErB,CAAC,EAAkB,EADA,EAAkB,CAAC,EAAgB,CAAG,EAAE,CACd,EAJ3C,SAKF,EAAO,CAGd,OADA,QAAQ,KAAK,0DAA2D,EAAM,CACvE,IAKX,MAAgB,cAAc,EAAa,EAA8C,CACvF,MAAM,KAAK,kBAAkB,OAAO,EAAI,CACxC,KAAK,aAAa,CAClB,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,mBACpB,GAAI,EAAoB,CAAE,oBAAmB,CAAG,EAAE,CACnD,CAAsB,CAGzB,MAAgB,aACd,EACA,EACkB,CAIlB,GAAI,EAAkB,SAAW,EAC/B,MAAO,GAET,IAAM,EAAQ,MAAM,KAAK,kBAAkB,IAAI,EAAI,CAInD,GAHI,IAAU,MAGV,KAAK,kBAAkB,UAAU,EAAM,CACzC,MAAO,GAET,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,QAAQ,IAAgB,EAAI,CAKtD,OAJK,GAGL,KAAK,gBAAgB,EAAO,CACrB,EAAkB,EAAQ,EAAkB,EAH1C,QAIH,CACN,MAAO,IAIX,MAAgB,SAAS,EAA4B,CACnD,MAAM,KAAK,kBAAkB,OAAO,EAAI,CACxC,KAAK,aAAa,CAClB,MAAM,MAAA,EAAwB,EAAI,CAIpC,aAA8B,CAC5B,KAAK,OAAO,YAAY,CACxB,MAAA,EAAyB,KAS3B,MAAgB,kBAAkB,CAChC,MACA,oBACA,WACA,gBACoD,CACpD,KAAK,KAAK,CAAE,KAAMA,EAAAA,EAAc,oBAAqB,oBAAmB,CAAC,CACzE,GAAI,CACF,IAAM,EAAQ,MAAM,GAAU,CAQ9B,OAPA,MAAM,KAAK,mBAAmB,EAAK,EAAM,CACzC,MAAM,KAAK,kBAAkB,IAAI,CAC/B,MACA,UAAW,EAAM,UACjB,IAAK,KAAK,WACX,CAAC,CACF,KAAK,KAAK,CAAE,KAAMA,EAAAA,EAAc,mBAAoB,oBAAmB,CAAC,CACjE,QACA,EAAO,CACd,GAAI,aAAiBE,EAAAA,EACnB,MAAM,EAER,OAAOM,EAAAA,GAAiB,EAAO,EAAa,EAMhD,MAAA,EAAuB,CACrB,MACA,cACA,qBAKkB,CAClB,GAAI,MAAA,EAAqB,CACvB,IAAM,EAAW,MAAM,MAAA,EACvB,GAAI,EAAgB,EAAS,kBAAmB,EAAkB,CAKhE,OAJA,KAAK,KAAK,CACR,KAAMR,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CACK,EAET,EAAc,UACL,MAAA,EAAwB,CAIjC,IAAM,EAAO,MAAA,EACb,GAAI,EAAgB,EAAK,kBAAmB,EAAkB,CAK5D,OAJA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CACK,EAET,EAAc,EAGhB,IAAM,EAAU,MAAA,EAAwB,CACtC,MACA,cACA,oBACD,CAAC,CACF,MAAA,EAAsB,EACtB,GAAI,CACF,IAAM,EAAS,MAAM,EAErB,MADA,OAAA,EAAyB,EAClB,SACC,CACJ,MAAA,IAAwB,IAC1B,MAAA,EAAsB,OAK5B,MAAA,EAAyB,CACvB,MACA,cACA,qBAKkB,CAClB,IAAM,EAAS,EAAmB,CAAC,GAAG,EAAY,kBAAmB,GAAG,EAAkB,CAAC,CACrF,EAAY,MAAM,KAAK,iBAAiB,EAAa,EAAO,CAE5D,EAAmB,CACvB,GAAG,EACH,kBAAmB,EACnB,YACD,CAaD,OAVA,MAAM,KAAK,mBAAmB,EAAK,EAAS,CAC5C,MAAM,KAAK,kBAAkB,IAAI,CAC/B,MACA,YACA,IAAK,KAAK,WACX,CAAC,CACF,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,mBACpB,kBAAmB,EACpB,CAAC,CACK,EAGT,MAAgB,mBAAmB,EAAa,EAAoC,CAClF,GAAI,CACF,IAAM,EAAY,MAAM,KAAK,mBAAmB,EAAY,CAC5D,MAAM,KAAK,QAAQ,IAAI,EAAK,EAAU,OAC/B,EAAO,CAEd,QAAQ,KAAK,4DAA6D,EAAM,CAChF,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,yBACpB,MAAOG,EAAAA,EAAQ,EAAM,CACtB,CAAC,EAIN,MAAA,EAAyB,EAA4B,CACnD,GAAI,CACF,MAAM,KAAK,QAAQ,OAAO,EAAI,OACvB,EAAO,CAEd,QAAQ,KAAK,2CAA4C,EAAM,CAC/D,KAAK,KAAK,CACR,KAAMH,EAAAA,EAAc,yBACpB,MAAOG,EAAAA,EAAQ,EAAM,CACtB,CAAC,ICvcR,SAAS,GAAsB,EAAsD,CACnF,GAAI,OAAO,GAAU,WAAY,EAC/B,MAAO,GAET,IAAM,EAAU,QAAQ,IAAI,EAAO,UAAU,CAI7C,OAHI,OAAO,GAAY,WAAY,EAC1B,GAEF,OAAO,QAAQ,IAAI,EAAS,KAAK,EAAK,SAQ/C,IAAa,EAAb,MAAa,UAA2B,CAGtC,CACA,GACA,GAAiC,KACjC,GAAyC,KAGzC,aAAa,gBAAgB,EAAkB,EAAkC,CAC/E,OAAO,GAAA,EAAA,EAAA,YAA2B,EAAQ,CAAE,EAAQ,CAGtD,YAAY,EAAkC,CAC5C,MAAM,EAAO,CACb,MAAA,EAAgB,EAAO,QAKnB,GADF,OAAO,WAAe,IAAc,QAAQ,IAAI,WAAY,SAAS,CAAG,IAAA,GAChC,EAAI,EAAO,0BAA0B,GAE7E,QAAQ,KACN,4NAGD,CAYL,MAAM,MAAM,GAAG,EAA0D,CACvE,IAAM,EAAa,EAAmB,EAAkB,CAClD,EAAM,MAAM,MAAA,GAAgB,CAClC,OAAO,KAAK,mBAAmB,CAC7B,MACA,UAAW,EACX,UAAW,EAAW,KAAK,IAAI,CAC/B,aAAgB,KAAK,OAAO,EAAW,CACxC,CAAC,CAIJ,MAAM,UAAU,EAA6C,CAC3D,OAAO,KAAK,aAAa,MAAM,MAAA,GAAgB,CAAE,EAAgB,CAInE,MAAM,OAAO,GAAG,EAA6C,CAC3D,MAAM,KAAK,cACT,MAAM,MAAA,GAAgB,CACtB,EAAkB,OAAS,EAAI,EAAoB,IAAA,GACpD,CAIH,MAAM,YAAY,EAA4B,CAC5C,MAAM,KAAK,cAAc,EAAI,CAI/B,MAAM,UAAU,EAA8D,CAC5E,OAAO,KAAK,aAAa,MAAM,MAAA,GAAgB,CAAE,EAAkB,CAIrE,MAAM,OAAuB,CAC3B,MAAM,KAAK,SAAS,MAAM,MAAA,GAAgB,CAAC,CAO7C,MAAM,OAAO,EAA0D,CACrE,IAAM,EAAa,EAAmB,EAAkB,CAClD,EAAM,MAAM,MAAA,GAAgB,CAClC,OAAO,KAAK,kBAAkB,CAC5B,MACA,kBAAmB,EACnB,SAAU,SAAY,CACpB,IAAM,EAAU,MAAM,MAAA,EAAc,iBAAiB,CAC/C,EAAiB,KAAK,MAAM,KAAK,KAAK,CAAG,IAAK,CAC9C,EAAe,KAAK,KAAK,KAAK,WAAa,MAAM,CAEjD,EAAS,MAAM,MAAA,EAAc,aACjC,EAAQ,UACR,EACA,EACA,EACD,CACK,EAAY,MAAM,KAAK,OAAO,cAAc,EAAO,CAEzD,MAAO,CACL,UAAW,EAAQ,UACnB,WAAY,EAAQ,WACpB,YACA,kBAAmB,EACnB,iBACA,eACD,EAEH,aAAc,uCACf,CAAC,CAKJ,gBAA0B,EAAqD,CAC7E,EAA+B,EAAK,CAGtC,MAAgB,iBAAiB,EAAmB,EAA4C,CAC9F,IAAM,EAAS,MAAM,MAAA,EAAc,aACjC,EAAK,UACL,EACA,EAAK,eACL,EAAK,aACN,CACD,OAAO,KAAK,OAAO,cAAc,EAAO,CAG1C,MAAgB,mBAAmB,EAAyD,CAC1F,IAAM,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAsB,MAAM,KAAK,OAAO,QAC5C,EAAM,WACN,EAAM,UACN,EACD,CACK,CAAE,WAAY,EAAG,UAAW,EAAM,GAAG,GAAS,EACpD,MAAO,CAAE,GAAG,EAAM,sBAAqB,CAGzC,MAAgB,mBACd,EACA,EAC4B,CAC5B,IAAM,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAa,MAAM,KAAK,OAAO,QAAQ,EAAU,oBAAqB,EAAW,EAAQ,CACzF,CAAE,oBAAqB,EAAG,GAAG,GAAS,EAC5C,MAAO,CAAE,GAAG,EAAM,aAAY,YAAW,CAG3C,aAAuC,CACrC,MAAA,EAAuB,KACvB,MAAA,EAA+B,KAC/B,MAAM,aAAa,CAKrB,MAAA,GAAmC,CACjC,IAAM,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAW,IAAA,EAAA,EAAA,YAAc,EAAQ,CAAC,GAAG,IAC3C,GAAI,MAAA,GAAwB,MAAA,IAAiC,EAC3D,OAAO,MAAA,EAET,IAAM,EAAM,MAAM,EAAmB,gBAAgB,EAAS,EAAQ,CAGtE,MAFA,OAAA,EAA+B,EAC/B,MAAA,EAAuB,EAChB,IC5KE,EAAb,MAAa,UAAoC,CAG/C,CACA,GACA,GAAiC,KACjC,GAAyC,KAGzC,aAAa,gBACX,EACA,EACA,EACiB,CACjB,OAAO,GAAA,EAAA,EAAA,YAA2B,EAAgB,EAAA,EAAA,EAAA,YAAa,EAAiB,CAAE,EAAQ,CAG5F,YAAY,EAA2C,CACrD,MAAM,EAAO,CACb,MAAA,EAAgB,EAAO,QAWzB,MAAM,MACJ,EACA,GAAG,EACkC,CACrC,IAAM,GAAA,EAAA,EAAA,YAAiC,EAAiB,CAClD,EAAa,EAAmB,EAAkB,CAClD,EAAM,MAAM,MAAA,EAAe,EAAoB,CACrD,OAAO,KAAK,mBAAmB,CAC7B,MACA,UAAW,EACX,UAAW,GAAG,EAAoB,GAAG,EAAW,KAAK,IAAI,GACzD,aAAgB,MAAA,EAAa,EAAqB,EAAW,CAC9D,CAAC,CAIJ,MAAM,UAAU,EAA2B,EAA6C,CACtF,OAAO,KAAK,aAAa,MAAM,MAAA,GAAKa,EAAAA,EAAAA,YAAqB,EAAiB,CAAC,CAAE,EAAgB,CAI/F,MAAM,OAAO,EAA0C,CACrD,MAAM,KAAK,cAAc,MAAM,MAAA,GAAKA,EAAAA,EAAAA,YAAqB,EAAiB,CAAC,CAAC,CAI9E,MAAM,UACJ,EACA,EACkB,CAClB,OAAO,KAAK,aAAa,MAAM,MAAA,GAAKA,EAAAA,EAAAA,YAAqB,EAAiB,CAAC,CAAE,EAAkB,CAIjG,MAAM,MAAM,EAA0C,CACpD,MAAM,KAAK,SAAS,MAAM,MAAA,GAAKA,EAAAA,EAAAA,YAAqB,EAAiB,CAAC,CAAC,CAKzE,MAAA,EACE,EACA,EACqC,CACrC,IAAM,EAAM,MAAM,MAAA,EAAe,EAAiB,CAClD,OAAO,KAAK,kBAAkB,CAC5B,MACA,oBACA,SAAU,SAAY,CACpB,IAAM,EAAU,MAAM,MAAA,EAAc,iBAAiB,CAC/C,EAAkB,MAAM,KAAK,OAAO,YAAY,CAChD,EAAiB,KAAK,MAAM,KAAK,KAAK,CAAG,IAAK,CAC9C,EAAe,KAAK,KAAK,KAAK,WAAa,MAAM,CAEjD,EAAO,CACX,UAAW,EAAQ,UACnB,iBACA,eACA,mBACD,CACK,EAAY,MAAM,MAAA,EAAoB,EAAM,EAAkB,CAEpE,MAAO,CACL,UAAW,EAAQ,UACnB,WAAY,EAAQ,WACpB,YACA,oBACA,iBACA,eACA,mBACA,kBACD,EAEH,aAAc,iDACf,CAAC,CAKJ,gBAA0B,EAAqD,CAC7E,EAAsB,EAAK,CAG7B,MAAgB,iBACd,EACA,EACc,CACd,OAAO,MAAA,EAAoB,EAAM,EAAkB,CAGrD,MAAgB,mBACd,EAC+B,CAC/B,IAAM,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAsB,MAAM,KAAK,OAAO,QAC5C,EAAM,WACN,EAAM,UACN,EACD,CACK,CAAE,WAAY,EAAG,UAAW,EAAM,GAAG,GAAS,EACpD,MAAO,CAAE,GAAG,EAAM,sBAAqB,CAGzC,MAAgB,mBACd,EACA,EACqC,CACrC,IAAM,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAa,MAAM,KAAK,OAAO,QAAQ,EAAU,oBAAqB,EAAW,EAAQ,CACzF,CAAE,oBAAqB,EAAG,GAAG,GAAS,EAC5C,MAAO,CAAE,GAAG,EAAM,aAAY,YAAW,CAG3C,aAAuC,CACrC,MAAA,EAAuB,KACvB,MAAA,EAA+B,KAC/B,MAAM,aAAa,CAKrB,MAAA,EAAgB,EAA4C,CAC1D,IAAM,EAAkB,MAAM,KAAK,OAAO,YAAY,CAChD,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAW,IAAA,EAAA,EAAA,YAAc,EAAgB,CAAC,IAAA,EAAA,EAAA,YAAc,EAAiB,CAAC,GAAG,IACnF,GAAI,MAAA,GAAwB,MAAA,IAAiC,EAC3D,OAAO,MAAA,EAET,IAAM,EAAM,MAAM,EAA4B,gBAC5C,EACA,EACA,EACD,CAGD,MAFA,OAAA,EAA+B,EAC/B,MAAA,EAAuB,EAChB,EAGT,MAAA,EAAqB,EAA4B,EAA4C,CAC3F,IAAM,EAAkB,MAAM,MAAA,EAAc,iCAC1C,EAAK,UACL,EACA,EAAK,iBACL,EAAK,eACL,EAAK,aACN,CACD,OAAO,KAAK,OAAO,cAAc,CAC/B,OAAQ,CACN,GAAG,EAAgB,OACnB,QAAS,OAAO,EAAgB,OAAO,QAAQ,CAChD,CACD,MAAO,EAAgB,MACvB,QAAS,CACP,GAAG,EAAgB,QACnB,eAAgB,OAAO,EAAgB,QAAQ,eAAe,CAC9D,aAAc,OAAO,EAAgB,QAAQ,aAAa,CAC3D,CACF,CAAC,GCnKO,EAAb,MAAa,UAAcK,EAAAA,CAAc,CACvC,OAAgB,aAAwB,6CAExC,QACA,GACA,GAA8C,KAE9C,YAAY,EAAc,EAAkB,EAAmB,CAC7D,MAAM,EAAK,EAAQ,CACnB,KAAK,QAAU,GAAA,EAAA,EAAA,YAAqB,EAAQ,CAAG,KAAK,QAGtD,MAAA,GAAyC,CAiBvC,OAhBI,MAAA,IAAqB,IAAA,IAGzB,AACE,MAAA,IAA0B,KAAK,IAAI,OAChC,aAAaI,EAAAA,EAAmB,KAAK,QAAQ,CAAC,CAC9C,KAAM,IACL,MAAA,EAAmB,EACnB,MAAA,EAA0B,KACnB,GACP,CACD,MAAO,GAAU,CAEhB,KADA,OAAA,EAA0B,KACpB,GACN,CAEC,MAAA,GAfE,MAAA,EA6CX,MAAM,qBACJ,EACA,EACA,EAC4B,CAC5B,GAAM,CAAE,mBAAmB,GAAO,oBAAmB,uBAAwB,GAAW,EAAE,CAEpF,GAAA,EAAA,EAAA,YAA0B,EAAG,CAE9B,GACH,MAAM,MAAA,EAAgC,EAAO,CAG/C,IAAI,EACA,EACE,EAAK,KAAK,KAAK,CACrB,GAAI,CACF,KAAK,KAAK,CAAE,KAAME,EAAAA,EAAc,aAAc,CAAC,CAC9C,yBAA0B,MAAM,KAAK,IAAI,QAAQ,QAAQ,CACxD,OAAQ,CAAC,CAAE,MAAO,EAAQ,KAAM,UAAW,CAAC,CAC5C,gBAAiB,KAAK,QACtB,YAAa,MAAM,KAAK,IAAI,OAAO,YAAY,CAChD,CAAC,CACF,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,WACpB,WAAY,KAAK,KAAK,CAAG,EAC1B,CAAC,CACF,MAAmB,KAAqB,CAAC,OAClC,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,aACpB,MAAOC,EAAAA,EAAQ,EAAM,CACrB,WAAY,KAAK,KAAK,CAAG,EAC1B,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAIC,EAAAA,EAAsB,oCAAqC,CACnE,MAAO,EACR,CAAC,CAGJ,GAAI,EAAQ,SAAW,EACrB,MAAM,IAAIA,EAAAA,EAAsB,iCAAiC,CAGnE,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCC,EAAAA,EAA6B,KAAK,QAAS,EAAc,EAAQ,GAAK,EAAW,CAClF,CAID,OAHA,KAAK,KAAK,CAAE,KAAMJ,EAAAA,EAAc,kBAAmB,SAAQ,CAAC,CAC5D,MAAmB,IAAsB,EAAO,CAAC,CAE1C,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,WACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAyB,8BAA+B,CAChE,MAAO,EACR,CAAC,EAoBN,MAAM,yBACJ,EACA,EACA,EACA,EAC4B,CAC5B,IAAM,GAAA,EAAA,EAAA,YAA4B,EAAK,CACjC,GAAA,EAAA,EAAA,YAA0B,EAAG,CAE/B,EACA,EACE,EAAK,KAAK,KAAK,CACrB,GAAI,CACF,KAAK,KAAK,CAAE,KAAMF,EAAAA,EAAc,aAAc,CAAC,CAC9C,yBAA0B,MAAM,KAAK,IAAI,QAAQ,QAAQ,CACxD,OAAQ,CAAC,CAAE,MAAO,EAAQ,KAAM,UAAW,CAAC,CAC5C,gBAAiB,KAAK,QACtB,YAAa,EACd,CAAC,CACF,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,WACpB,WAAY,KAAK,KAAK,CAAG,EAC1B,CAAC,CACF,MAAmB,GAAW,qBAAqB,CAAC,OAC7C,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,aACpB,MAAOC,EAAAA,EAAQ,EAAM,CACrB,WAAY,KAAK,KAAK,CAAG,EAC1B,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAIC,EAAAA,EAAsB,wCAAyC,CACvE,MAAO,EACR,CAAC,CAGJ,GAAI,EAAQ,SAAW,EACrB,MAAM,IAAIA,EAAAA,EAAsB,iCAAiC,CAGnE,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCE,EAAAA,EACE,KAAK,QACL,EACA,EACA,EAAQ,GACR,EACD,CACF,CAID,OAHA,KAAK,KAAK,CAAE,KAAML,EAAAA,EAAc,sBAAuB,SAAQ,CAAC,CAChE,MAAmB,GAAW,sBAAsB,EAAO,CAAC,CAErD,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,eACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAyB,kCAAmC,CACpE,MAAO,EACR,CAAC,EAkBN,MAAM,QAAQ,EAAkB,EAA4C,CAC1E,IAAM,GAAA,EAAA,EAAA,YAA+B,EAAQ,CAC7C,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCI,EAAAA,EAAoB,KAAK,QAAS,EAAmB,EAAM,CAC5D,CAGD,OAFA,KAAK,KAAK,CAAE,KAAMN,EAAAA,EAAc,iBAAkB,SAAQ,CAAC,CAEpD,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,UACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAoB,2BAA4B,CACxD,MAAO,EACR,CAAC,EAoBN,MAAM,WAAW,EAAkB,EAAoC,CACrE,IAAM,GAAA,EAAA,EAAA,YAA+B,EAAQ,CACvC,EAAiB,GAAA,EAAA,EAAA,YAAoB,EAAO,CAAG,MAAM,KAAK,IAAI,OAAO,YAAY,CACvF,OAAO,KAAK,IAAI,OAAO,aACrBK,EAAAA,EAAmB,KAAK,QAAS,EAAgB,EAAkB,CACpE,CAyBH,MAAM,OAAO,EAAgB,EAAqD,CAChF,IAAM,EAAa,MAAM,MAAA,GAAqB,CAG1C,EACJ,GAAI,CACF,IAAM,EAAc,MAAM,KAAK,IAAI,OAAO,YAAY,CACtD,EAAe,MAAM,KAAK,IAAI,OAAO,aAAaC,EAAAA,EAAkB,EAAY,EAAY,CAAC,OACtF,EAAO,CAId,MAHI,aAAiBN,EAAAA,EACb,EAEF,IAAI,EACR,+DAA+D,EAAW,GAC1E,CAAE,MAAOD,EAAAA,EAAQ,EAAM,CAAE,CAC1B,CAEH,GAAI,EAAe,EACjB,MAAM,IAAI,EACR,0CAA0C,EAAO,cAAc,EAAa,WAAW,EAAW,GAClG,CAAE,UAAW,EAAQ,UAAW,EAAc,MAAO,EAAY,CAClE,CAGH,IAAM,EAAW,GAAS,kBAAoB,QAC1C,IAAa,QACf,MAAM,MAAA,EAAsB,EAAQ,IAAa,MAAO,EAAQ,CAGlE,GAAI,CACF,IAAM,EAAY,GAAS,IAAA,EAAA,EAAA,YAAgB,EAAQ,GAAG,CAAG,MAAM,KAAK,IAAI,OAAO,YAAY,CACrF,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCS,EAAAA,EAAa,KAAK,QAAS,EAAW,EAAO,CAC9C,CAID,OAHA,KAAK,KAAK,CAAE,KAAMV,EAAAA,EAAc,gBAAiB,SAAQ,CAAC,CAC1D,MAAmB,GAAS,oBAAoB,EAAO,CAAC,CAEjD,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,SACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAyB,4BAA6B,CAC9D,MAAO,EACR,CAAC,EAkBN,MAAM,OAAO,EAA4C,CACvD,IAAM,EAAc,MAAM,KAAK,IAAI,OAAO,YAAY,CAElD,EACA,EACE,EAAK,KAAK,KAAK,CACrB,GAAI,CACF,KAAK,KAAK,CAAE,KAAMF,EAAAA,EAAc,aAAc,CAAC,CAC9C,yBAA0B,MAAM,KAAK,IAAI,QAAQ,QAAQ,CACxD,OAAQ,CAAC,CAAE,MAAO,EAAQ,KAAM,UAAW,CAAC,CAC5C,gBAAiB,KAAK,QACtB,cACD,CAAC,CACF,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,WACpB,WAAY,KAAK,KAAK,CAAG,EAC1B,CAAC,OACK,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,aACpB,MAAOC,EAAAA,EAAQ,EAAM,CACrB,WAAY,KAAK,KAAK,CAAG,EAC1B,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAIC,EAAAA,EAAsB,oCAAqC,CACnE,MAAO,EACR,CAAC,CAGJ,GAAI,EAAQ,SAAW,EACrB,MAAM,IAAIA,EAAAA,EAAsB,iCAAiC,CAGnE,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCQ,EAAAA,EAAe,KAAK,QAAS,EAAa,EAAa,EAAQ,GAAK,EAAW,CAChF,CAGD,OAFA,KAAK,KAAK,CAAE,KAAMX,EAAAA,EAAc,gBAAiB,SAAQ,CAAC,CAEnD,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,SACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAyB,8BAA+B,CAChE,MAAO,EACR,CAAC,EAkBN,MAAM,WAAwC,CAC5C,IAAM,EAAc,MAAM,KAAK,IAAI,OAAO,YAAY,CAChD,EAAS,MAAM,KAAK,0BAA0B,EAAY,CAEhE,GAAIU,EAAAA,EAAa,EAAO,CACtB,MAAM,IAAIC,EAAAA,EAAsB,mCAAmC,CAGrE,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCC,EAAAA,EAA0B,KAAK,QAAS,EAAa,EAAa,EAAO,CAC1E,CAGD,OAFA,KAAK,KAAK,CAAE,KAAMd,EAAAA,EAAc,gBAAiB,SAAQ,CAAC,CAEnD,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,SACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAyB,kCAAmC,CACpE,MAAO,EACR,CAAC,EA0BN,MAAM,SAAS,EAAgB,EAAuD,CACpF,GAAM,CACJ,mBAAmB,GACnB,oBACA,eACA,uBACE,GAAW,EAAE,CAEZ,GACH,MAAM,MAAA,EAAgC,EAAO,CAG/C,IAAM,EAA+B,CACnC,eACA,sBACD,CACK,EAAc,OAAO,YAAY,CACjC,EAAe,MAAM,KAAK,OAAO,EAAO,CAE9C,OADA,MAAmB,IAAoB,EAAa,OAAO,CAAC,CACrD,MAAA,EAA8B,EAAa,OAAQ,EAAa,EAAU,CAiBnF,MAAM,YAAY,EAA2D,CAC3E,IAAM,EAAc,OAAO,YAAY,CACjC,EAAe,MAAM,KAAK,WAAW,CAE3C,OADA,MAAmB,GAAW,oBAAoB,EAAa,OAAO,CAAC,CAChE,MAAA,EAA8B,EAAa,OAAQ,EAAa,EAAU,CAkBnF,MAAM,eACJ,EACA,EAC4B,CAC5B,OAAO,MAAA,EAA8B,EAAc,OAAO,YAAY,CAAE,EAAU,CAkBpF,MAAM,eAAe,EAAsD,CACzE,IAAM,EAAS,MAAM,KAAK,IAAI,cAAc,CAAC,EAAiB,CAAC,CACzD,EAAa,EAAO,YAAY,GACtC,EAAA,EAAa,EAAY,6BAA6B,CACtD,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCc,EAAAA,EAAuB,KAAK,QAAS,EAAkB,EAAY,EAAO,gBAAgB,CAC3F,CAGD,OAFA,KAAK,KAAK,CAAE,KAAMhB,EAAAA,EAAc,wBAAyB,SAAQ,CAAC,CAE3D,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,iBACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAyB,8BAA+B,CAChE,MAAO,EACR,CAAC,EAmBN,MAAM,kBAAkB,EAA6C,CACnE,IAAM,EAAa,MAAM,MAAA,GAAqB,CAExC,EAAiB,GAAU,IAAM,KAAO,GAE9C,GAAI,CACF,GAAI,EAAiB,GAAI,CACvB,IAAM,EAAc,MAAM,KAAK,IAAI,OAAO,YAAY,CAC7B,MAAM,KAAK,IAAI,OAAO,aAC7Ce,EAAAA,EAAkB,EAAY,EAAa,KAAK,QAAQ,CACzD,CAEsB,IACrB,MAAM,KAAK,IAAI,OAAO,cAAcC,EAAAA,EAAgB,EAAY,KAAK,QAAS,GAAG,CAAC,CAItF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCA,EAAAA,EAAgB,EAAY,KAAK,QAAS,EAAe,CAC1D,CAGD,OAFA,KAAK,KAAK,CAAE,KAAMlB,EAAAA,EAAc,2BAA4B,SAAQ,CAAC,CAE9D,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CASd,MARA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,oBACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEF,IAAI,EAAoB,yBAA0B,CACtD,MAAO,EACR,CAAC,EAsBN,MAAM,mBAAmB,CACvB,kBACA,kBAI6B,CAC7B,GAAI,GAAkB,EAAe,SAAS,CAAG,KAAK,KAAK,CAAG,KAC5D,MAAM,IAAIiB,EAAAA,GACR,wDACD,CAGH,IAAM,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAGhD,EAAgB,MAAM,KAAK,IAAI,OAAO,YAAY,CACxD,GAAI,KAAA,EAAA,EAAA,YAAkC,EAAc,CAClD,MAAM,IAAIC,EAAAA,GACR,yDACD,CAIH,GAAI,IAAuB,KAAK,QAC9B,MAAM,IAAIC,EAAAA,GACR,gEAAgE,KAAK,QAAQ,IAC9E,CAGH,IAAM,EAAM,MAAM,KAAK,eAAe,CAEhC,EAAU,EACZ,OAAO,KAAK,MAAM,EAAe,SAAS,CAAG,IAAK,CAAC,CACnDC,EAAAA,EAGA,EACJ,GAAI,CACF,EAAgB,MAAM,KAAK,oBAAoB,CAC7C,iBAAkB,EAClB,gBAAiB,EAClB,CAAC,MACI,CACN,EAAgB,CAAC,GAEnB,GAAI,IAAkB,EACpB,MAAM,IAAIC,EAAAA,GACR,4BAA4B,EAAQ,8DACrC,CAGH,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCC,EAAAA,EAAkC,EAAK,EAAoB,KAAK,QAAS,EAAQ,CAClF,CAGD,OAFA,KAAK,KAAK,CAAE,KAAMxB,EAAAA,EAAc,oBAAqB,SAAQ,CAAC,CAEvD,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CAad,MAZA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,qBACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEO,EAAe,EAAM,EAI9B,IAAI,EAAyB,gCAAiC,CAClE,MAAO,EACR,CAAC,EAYN,MAAM,iBAAiB,CACrB,mBAG6B,CAC7B,IAAM,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAChD,EAAgB,MAAM,KAAK,IAAI,OAAO,YAAY,CAClD,EAAM,MAAM,KAAK,eAAe,CAKlC,EACJ,GAAI,CACF,EAAgB,MAAM,KAAK,oBAAoB,CAC7C,iBAAkB,EAClB,gBAAiB,EAClB,CAAC,MACI,CACN,EAAgB,GAElB,GAAI,IAAkB,GACpB,MAAM,IAAIuB,EAAAA,GACR,2CAA2C,EAAmB,eAAe,KAAK,QAAQ,GAC3F,CAGH,GAAI,CACF,IAAM,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCC,EAAAA,EAAyB,EAAK,EAAoB,KAAK,QAAQ,CAChE,CAGD,OAFA,KAAK,KAAK,CAAE,KAAM1B,EAAAA,EAAc,0BAA2B,SAAQ,CAAC,CAE7D,CAAE,SAAQ,QADD,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAO,CAC7C,OACnB,EAAO,CAad,MAZA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,iBACpB,UAAW,mBACX,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,CACE,aAAiBC,EAAAA,EACb,EAEO,EAAe,EAAM,EAI9B,IAAI,EAAyB,uCAAwC,CACzE,MAAO,EACR,CAAC,EAeN,aAAa,wBAAwB,CACnC,SACA,kBACA,kBAKuD,CACvD,OAAO,GAAA,EACL,EACC,GAAM,EAAE,mBAAmB,CAAE,kBAAiB,iBAAgB,CAAC,CAChE,oBACD,CAWH,aAAa,sBAAsB,CACjC,SACA,mBAIuD,CACvD,OAAO,GAAA,EACL,EACC,GAAM,EAAE,iBAAiB,CAAE,kBAAiB,CAAC,CAC9C,2BACD,CAGH,aAAA,EACE,EACA,EACA,EACsD,CACtD,IAAM,EAAU,IAAI,IAIpB,IAAK,IAAI,EAAI,EAAG,EAAI,EAAO,OAAQ,IACjC,GAAI,CACF,EAAQ,IAAI,EAAO,GAAI,QAAS,MAAM,EAAG,EAAO,GAAI,CAAC,OAC9C,EAAO,CACV,aAAiBA,EAAAA,EACnB,EAAQ,IAAI,EAAO,GAAI,QAAS,EAAM,CAEtC,EAAQ,IACN,EAAO,GAAI,QACX,IAAI,EAAyB,EAAc,CACzC,MAAO,EACR,CAAC,CACH,CAIP,OAAO,EAWT,MAAA,EAAiC,EAA+B,CAC9D,GAAI,IAAW,GACb,OAGF,IAAI,EACJ,GAAI,CACF,EAAU,MAAM,KAAK,WAAW,OACzB,EAAO,CAId,MAHI,aAAiBA,EAAAA,EACb,EAEF,IAAI,EAA6B,qCAAqC,KAAK,QAAQ,GAAI,CAC3F,MAAO,EACR,CAAC,CAGJ,GAAI,EAAU,EACZ,MAAM,IAAI,EACR,gDAAgD,EAAO,cAAc,EAAQ,WAAW,KAAK,QAAQ,GACrG,CAAE,UAAW,EAAQ,UAAW,EAAS,MAAO,KAAK,QAAS,CAC/D,CAIL,MAAA,EACE,EACA,EACA,EAC4B,CAC5B,KAAK,KAAK,CACR,KAAMF,EAAAA,EAAc,wBACpB,OAAQ,EACR,cACD,CAAC,CACF,IAAI,EACJ,GAAI,CACF,EAAU,MAAM,KAAK,IAAI,OAAO,0BAA0B,EAAa,OAChE,EAAO,CAId,MAHI,aAAiBE,EAAAA,EACb,EAEF,IAAI,EAAyB,iCAAkC,CACnE,MAAO,EACR,CAAC,CAEJ,IAAM,EAAQ0B,EAAAA,EAAoB,EAAQ,KAAK,CAC/C,GAAI,CAAC,EACH,MAAM,IAAI,EAAyB,qDAAqD,CAE1F,KAAK,KAAK,CAAE,KAAM5B,EAAAA,EAAc,sBAAuB,cAAa,CAAC,CACrE,MAAmB,GAAW,gBAAgB,CAAC,CAC/C,IAAM,EAAiB,MAAM,KAAK,eAAe,EAAM,gBAAgB,CAOvE,OANA,KAAK,KAAK,CACR,KAAMA,EAAAA,EAAc,wBACpB,OAAQ,EAAe,OACvB,cACD,CAAC,CACF,MAAmB,GAAW,sBAAsB,EAAe,OAAO,CAAC,CACpE,EAGT,MAAA,EACE,EACA,EACA,EACe,CACf,IAAM,EAAa,MAAM,MAAA,GAAqB,CAExC,EAAc,MAAM,KAAK,IAAI,OAAO,YAAY,CAChD,EAAY,MAAM,KAAK,IAAI,OAAO,aACtCiB,EAAAA,EAAkB,EAAY,EAAa,KAAK,QAAQ,CACzD,CAEG,QAAa,GAIjB,GAAI,CAIE,EAAY,IACd,MAAM,KAAK,IAAI,OAAO,cAAcC,EAAAA,EAAgB,EAAY,KAAK,QAAS,GAAG,CAAC,CAGpF,IAAM,EAAiB,EAAc,IAAM,KAAO,GAAK,EAEjD,EAAS,MAAM,KAAK,IAAI,OAAO,cACnCA,EAAAA,EAAgB,EAAY,KAAK,QAAS,EAAe,CAC1D,CACD,KAAK,KAAK,CAAE,KAAMlB,EAAAA,EAAc,2BAA4B,SAAQ,CAAC,CACrE,MAAmB,GAAW,sBAAsB,EAAO,CAAC,OACrD,EAAO,CAId,MAHI,aAAiBE,EAAAA,EACb,EAEF,IAAI,EAAoB,yBAA0B,CACtD,MAAO,EACR,CAAC,IASR,SAAS,EAAa,EAAsB,CAC1C,GAAI,CACF,GAAI,OACG,EAAO,CACd,QAAQ,KAAK,6BAA8B,EAAM,EC/gCrD,MAAa,EAAoD,EAC9D2B,EAAAA,EAAc,SAAUA,EAAAA,EAAc,iBACtCC,EAAAA,EAAc,SAAUA,EAAAA,EAAc,iBACtCC,EAAAA,EAAqB,SAAUA,EAAAA,EAAqB,gBACtD,CAgDK,EAAwB,IAAS,IA+BvC,IAAa,EAAb,KAA8B,CAC5B,OACA,GACA,GACA,GAAkB,IAAI,IAEtB,YAAY,EAAgC,CAC1C,KAAK,OAAS,EAAO,OACrB,MAAA,EAAkB,OAAO,OAAO,EAAE,CAAE,EAA0B,EAAO,kBAAkB,CACvF,MAAA,GAAe,EAAO,aAAe,OAAwB,IAO/D,WAAW,EAAsC,CAC/C,OAAO,MAAA,EAAgB,GAOzB,GAAc,EAA4B,CACxC,IAAM,EAAQ,MAAA,EAAY,IAAI,EAAI,CAC7B,KAGL,IAAI,KAAK,KAAK,EAAI,EAAM,UAAW,CACjC,MAAA,EAAY,OAAO,EAAI,CACvB,OAEF,OAAO,EAAM,MAGf,GAAc,EAAa,EAAS,EAAQ,MAAA,EAAgB,CAK1D,OAJA,MAAA,EAAY,IAAI,EAAK,CACnB,OACA,UAAW,KAAK,KAAK,CAAG,EACzB,CAAC,CACK,EAOT,SAAgB,CACd,MAAA,EAAY,OAAO,CAOrB,IAAI,OAAgB,CAClB,OAAO,MAAA,EAeT,MAAM,oBAAuC,CAC3C,IAAM,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAU,MAAA,EAAgB,GAEhC,GAAI,CAAC,EACH,MAAM,IAAII,EAAAA,EACR,qDAAqD,EAAQ,mDAE9D,CAGH,OAAA,EAAA,EAAA,YAAkB,EAAQ,CA+B5B,MAAM,UACJ,EAA4B,EAAE,CAC6C,CAC3E,IAAM,EAAO,EAAQ,MAAQ,EACvB,EAAW,EAAQ,UAAY,IAC/B,EAAW,EAAQ,UAAY,GAErC,GAAI,EAAO,EACT,MAAM,IAAIA,EAAAA,EAAmB,0BAA0B,IAAO,CAEhE,GAAI,EAAW,EACb,MAAM,IAAIA,EAAAA,EAAmB,8BAA8B,IAAW,CAGxE,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAG1C,EAAgB,SAAS,IAC3B,EAAQ,MAAA,EAAwB,EAAc,CAClD,GAAI,IAAU,IAAA,GAAW,CACvB,IAAM,EAAM,MAAM,KAAK,OAAO,aAAaE,EAAAA,EAA4B,EAAS,CAAC,CACjF,EAAQ,MAAA,EAAgB,EAAe,OAAO,EAAI,CAAC,CAIrD,IAAM,EAAY,QAAQ,EAAO,GAAK,EAAS,CACzC,EACJ,EAAY,OAAO,EAAS,CAAG,OAAO,EAAM,CAAG,OAAO,EAAM,CAAG,EAAY,OAAO,EAAS,CAG7F,GAAI,GAAa,OAAO,EAAM,CAC5B,MAAO,CAAE,MAAO,EAAE,CAAE,QAAO,OAAM,WAAU,CAI7C,IAAM,EAAgB,SAAS,EAAS,GAAG,EAAU,GAAG,IACpD,EAAQ,MAAA,EAAoC,EAAc,CAC9D,GAAI,IAAU,IAAA,GAAW,CACvB,IAAM,EAAM,MAAM,KAAK,OAAO,aAC5BE,EAAAA,EAA2B,EAAU,EAAW,EAAe,CAChE,CACD,EAAQ,MAAA,EAAgB,EAAe,CAAC,GAAG,EAAI,CAAC,CAGlD,GAAI,CAAC,EACH,MAAO,CAAE,QAAO,QAAO,OAAM,WAAU,CAIzC,IAAM,EAAmB,YAAY,EAAS,GAAG,EAAU,GAAG,IAC1D,EAAgB,MAAA,EAAgD,EAAiB,CACrF,GAAI,IAAkB,IAAA,GAAW,CAC/B,IAAM,EAAU,MAAM,QAAQ,WAAW,EAAM,IAAK,GAAS,MAAA,EAAuB,EAAK,CAAC,CAAC,CACrF,EAAc,EAAQ,KAAM,GAAM,EAAE,SAAW,WAAW,CAC1D,EAAW,EAAQ,KAAK,EAAQ,IACpC,EAAO,SAAW,YACd,EAAO,MACP,OAAO,OAAO,EAAE,CAAE,EAAM,GAAI,CAC1B,eAAgB,GAChB,WAAY,CACV,KAAM,UACN,OAAQ,MACR,SAAU,EACV,YAAa,GACd,CACD,aAAc,CAAE,KAAM,UAAW,OAAQ,MAAO,SAAU,EAAG,CAC9D,CAAC,CACP,CAED,EAAgB,MAAA,EACd,EACA,EACA,EAAc,EAAwB,IAAA,GACvC,CAGH,MAAO,CAAE,MAAO,EAAe,QAAO,OAAM,WAAU,CAGxD,MAAA,EAAwB,EAA+D,CACrF,GAAM,CAAC,EAAO,EAAS,EAAW,EAAc,EAAO,EAAS,GAAa,MAAM,QAAQ,IAAI,CAC7F,KAAK,OAAO,aAAaE,EAAAA,EAAa,EAAK,aAAa,CAAC,CACzD,KAAK,OAAO,aAAaC,EAAAA,EAAe,EAAK,aAAa,CAAC,CAC3D,KAAK,OAAO,aAAaC,EAAAA,EAAiB,EAAK,aAAa,CAAC,CAC7D,KAAK,OAAO,aAAaC,EAAAA,EAAyB,EAAK,aAAa,CAAC,CACrE,KAAK,OAAO,aAAaH,EAAAA,EAAa,EAAK,yBAAyB,CAAC,CACrE,KAAK,OAAO,aAAaC,EAAAA,EAAe,EAAK,yBAAyB,CAAC,CACvE,KAAK,OAAO,aAAaC,EAAAA,EAAiB,EAAK,yBAAyB,CAAC,CAC1E,CAAC,CAEF,MAAO,CACL,GAAG,EACH,WAAY,CACV,KAAM,EACN,OAAQ,EACR,SAAU,EACV,YAAa,EACd,CACD,aAAc,CAAE,KAAM,EAAO,OAAQ,EAAS,SAAU,EAAW,CACpE,CAqBH,MAAM,qBACJ,EACyE,CACzE,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAC1C,GAAA,EAAA,EAAA,YAAwB,EAAa,CAErC,EAAW,MAAM,EAAS,GAAG,IAC7B,EAAS,MAAA,EAGL,EAAS,CACnB,GAAI,IAAW,IAAA,GACb,OAAO,EAGT,GAAM,CAAC,EAAO,GAA4B,MAAM,KAAK,OAAO,aAC1DE,EAAAA,EAAoC,EAAU,EAAW,CAC1D,CAED,GAAI,CAAC,EACH,OAAO,MAAA,EAAgB,EAAU,KAAM,EAAsB,CAI/D,IAAM,EAAU,MAAM,KAAK,OAAO,aAChCC,EAAAA,EAAiC,EAAU,EAAyB,CACrE,CAED,OAAO,MAAA,EAAgB,EAAU,CAAE,2BAA0B,UAAS,CAAC,CAiBzE,MAAM,mBACJ,EAC6D,CAC7D,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAC1C,GAAA,EAAA,EAAA,YAAwB,EAAyB,CAEjD,EAAW,MAAM,EAAS,GAAG,IAC7B,EAAS,MAAA,EAGL,EAAS,CACnB,GAAI,IAAW,IAAA,GACb,OAAO,EAGT,GAAM,CAAC,EAAO,GAAgB,MAAM,KAAK,OAAO,aAC9CC,EAAAA,EAAwB,EAAU,EAAW,CAC9C,CAED,GAAI,CAAC,EACH,OAAO,MAAA,EAAgB,EAAU,KAAM,EAAsB,CAG/D,IAAM,EAAU,MAAM,KAAK,OAAO,aAChCD,EAAAA,EAAiC,EAAU,EAAW,CACvD,CAED,OAAO,MAAA,EAAgB,EAAU,CAAE,eAAc,UAAS,CAAC,CAY7D,MAAM,eAAsD,CAC1D,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAChD,OAAO,KAAK,OAAO,aAAaE,EAAAA,EAAsB,EAAS,CAAC,CAQlE,MAAM,qBAAuC,CAC3C,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAChD,OAAO,KAAK,OAAO,aAAaX,EAAAA,EAA4B,EAAS,CAAC,CAUxE,MAAM,mBACJ,EACA,EACsC,CACtC,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAChD,OAAO,KAAK,OAAO,aAAaE,EAAAA,EAA2B,EAAU,EAAW,EAAQ,CAAC,CAS3F,MAAM,aAAa,EAA0C,CAC3D,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAChD,OAAO,KAAK,OAAO,aAAaU,EAAAA,EAAqB,EAAU,EAAM,CAAC,CASxE,MAAM,4BAA4B,EAA6D,CAC7F,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAChD,OAAO,KAAK,OAAO,aACjBJ,EAAAA,EAAoC,GAAA,EAAA,EAAA,YAAqB,EAAa,CAAC,CACxE,CASH,MAAM,gBAAgB,EAAyE,CAC7F,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAChD,OAAO,KAAK,OAAO,aACjBE,EAAAA,EAAwB,GAAA,EAAA,EAAA,YAAqB,EAAyB,CAAC,CACxE,CASH,MAAM,yBAAyB,EAAqD,CAClF,IAAM,EAAW,MAAM,KAAK,oBAAoB,CAChD,OAAO,KAAK,OAAO,aACjBD,EAAAA,EAAiC,GAAA,EAAA,EAAA,YAAqB,EAAyB,CAAC,CACjF,GCleL,MAAM,EAAkB,IAAM,MAoD9B,IAAa,GAAb,KAAqB,CACnB,QACA,OACA,QACA,eACA,YACA,qBAEA,MAWA,SACA,GACA,GACA,GAGA,GACA,GAA+B,KAC/B,GAA8B,KAE9B,YAAY,EAAuB,CACjC,KAAK,QAAU,EAAO,QACtB,KAAK,OAAS,EAAO,OACrB,KAAK,QAAU,EAAO,QACtB,KAAK,eAAiB,EAAO,gBAAkB,IAAI,EACnD,KAAK,MAAQ,IAAI,EAAa,EAAO,QAAQ,CAC7C,MAAA,EAAgB,EAAO,SAAW,UAAY,GAC9C,KAAK,SAAW,IAAI,EAAiB,CACnC,OAAQ,KAAK,OACb,kBAAmB,EAAO,kBAC1B,YAAa,EAAO,YACrB,CAAC,CACF,MAAA,EAAoB,EAAO,YAC3B,IAAM,EAAoB,CACxB,QAAS,KAAK,QACd,OAAQ,KAAK,OACb,QAAS,KAAK,QACd,eAAgB,KAAK,eACrB,gBAAmB,CACjB,IAAM,EAAM,EAAO,YAAc,OACjC,GAAI,GAAO,GAAK,MAAM,EAAI,CACxB,MAAU,MAAM,iDAAiD,CASnE,OAPI,EAAM,GAER,QAAQ,KACN,0BAA0B,EAAI,4CAA4C,EAAgB,iBAAiB,EAAgB,IAC5H,CACM,GAEF,KACL,CACJ,WAAY,EAAO,YAAc,OACjC,QAAS,MAAA,EACV,CAKD,GAJA,KAAK,YAAc,IAAI,EAAmB,EAAkB,CAC5D,KAAK,qBAAuB,IAAI,EAA4B,EAAkB,CAC9E,MAAA,EAAsB,MAAA,GAAoB,CAEtC,KAAK,OAAO,UAAW,CACzB,IAAM,EAAqB,EAAO,yBAC5B,GAAsB,EAAmB,IAAgC,CACxE,GAAQ,CAAC,MAAO,GAAU,CAC7B,KAAK,UAAU,CACb,KAAMQ,EAAAA,EAAc,iBACpB,YACA,MAAOC,EAAAA,EAAQ,EAAM,CACtB,CAAC,EACF,EAEJ,MAAA,EAA0B,KAAK,OAAO,UAAU,CAC9C,iBAAoB,CAClB,EAAmB,mBAAoB,SAAY,CACjD,MAAM,MAAA,GAA+B,CACrC,MAAM,KAAK,MAAM,UAAU,CAC3B,MAAA,EAAoB,KACpB,MAAA,EAAoB,KACpB,GAAoB,gBAAgB,EACpC,EAEJ,gBAAkB,GAAwB,CACxC,EAAmB,sBAAuB,SAAY,CACpD,MAAM,MAAA,GAA+B,CACrC,MAAM,KAAK,MAAM,UAAU,CAC3B,MAAA,GAAKG,EAAAA,EAAAA,YAA0B,EAAW,CAC1C,GAAI,CACF,MAAA,EAAoB,MAAM,KAAK,OAAO,YAAY,MAC5C,EAGR,GAAoB,kBAAkB,EAAW,EACjD,EAEJ,cAAgB,GAAuB,CACrC,EAAmB,oBAAqB,SAAY,CAClD,MAAM,MAAA,GAA+B,CACrC,MAAM,KAAK,MAAM,UAAU,CAC3B,MAAA,EAAoB,EACpB,GAAI,CACF,MAAA,EAAoB,MAAM,KAAK,OAAO,YAAY,MAC5C,EAGR,GAAoB,gBAAgB,EAAW,EAC/C,EAEL,CAAC,EAIN,MAAA,GAAqC,CACnC,GAAI,CACF,IAAM,EAAU,MAAM,KAAK,OAAO,YAAY,CACxC,EAAU,MAAM,KAAK,OAAO,YAAY,CAG9C,MAAA,EAAoB,EACpB,MAAA,EAAoB,OACd,GAKV,MAAA,GAAgD,CAE9C,GADA,MAAM,MAAA,EACF,MAAA,IAAsB,MAAQ,MAAA,IAAsB,KACtD,OAEF,IAAM,EAAW,MAAM,EAAmB,gBAAgB,MAAA,EAAmB,MAAA,EAAkB,CAC/F,MAAM,KAAK,YAAY,YAAY,EAAS,CAU9C,oBAAoB,EAAiC,CACnD,OAAO,IAAIE,EAAAA,EAAc,KAAM,EAAQ,CAWzC,YAAY,EAAkB,EAA0B,CACtD,OAAO,IAAI,EAAM,KAAM,EAAS,EAAQ,CAe1C,UAAU,EAA0B,EAA8B,CAChE,GAAI,CACF,MAAA,EAAc,CACZ,GAAG,EACH,eACA,UAAW,KAAK,KAAK,CACtB,CAAiB,OACX,EAAO,CAEd,QAAQ,MAAM,qCAAsC,EAAM,EAsB9D,uBAAuB,EAA+D,CACpF,OAAO,IAAI,EAAiB,CAC1B,OAAQ,KAAK,OACb,oBACA,YAAa,MAAA,EACd,CAAC,CAmBJ,MAAM,MAAM,EAA6C,CACnD,EAAkB,SAAW,GAGjC,MAAM,KAAK,YAAY,MAAM,GAAG,EAAkB,CAsBpD,MAAM,YAAY,EAAmE,CACnF,GAAI,EAAQ,SAAW,EACrB,MAAO,EAAE,CAIX,IAAM,EAAa,EAAQ,IAAK,IAAO,CACrC,OAAQ,EAAE,OACV,iBAAA,EAAA,EAAA,YAA4B,EAAE,gBAAgB,CAC/C,EAAE,CAEG,EAAyC,EAAE,CAC3C,EAA2B,EAAE,CAGnC,IAAK,IAAM,KAAK,EACVC,EAAAA,EAAa,EAAE,OAAO,CACxB,EAAO,EAAE,QAAU,GAEnB,EAAQ,KAAK,EAAE,CAInB,GAAI,EAAQ,SAAW,EACrB,OAAO,EAIT,IAAM,EAAgB,MAAM,KAAK,OAAO,YAAY,CAC9C,EAA4B,EAAE,CAEpC,IAAK,IAAM,KAAK,EAAS,CACvB,IAAM,EAAS,MAAM,KAAK,MAAM,IAAI,EAAe,EAAE,gBAAiB,EAAE,OAAO,CAC3E,IAAW,KAGb,EAAS,KAAK,EAAE,CAFhB,EAAO,EAAE,QAAU,EAMvB,GAAI,EAAS,SAAW,EACtB,OAAO,EAIT,IAAM,EAAQ,MAAM,KAAK,YAAY,MACnC,GAAG,IAAI,IAAI,EAAW,IAAK,GAAM,EAAE,gBAAgB,CAAC,CACrD,CAGK,EAAa,IAAI,IACvB,IAAK,IAAM,KAAK,EAAU,CACxB,IAAM,EAAW,EAAW,IAAI,EAAE,gBAAgB,CAC9C,EACF,EAAS,KAAK,EAAE,OAAO,CAEvB,EAAW,IAAI,EAAE,gBAAiB,CAAC,EAAE,OAAO,CAAC,CAKjD,IAAM,EAAK,KAAK,KAAK,CACf,EAAkB,EAAS,IAAK,GAAM,EAAE,OAAO,CAErD,GAAI,CACF,KAAK,UAAU,CACb,KAAMP,EAAAA,EAAc,aACpB,QAAS,EACV,CAAC,CAEF,MAAMQ,EAAAA,EACJ,CAAC,GAAG,EAAW,SAAS,CAAC,CAAC,KAAK,CAAC,EAAiB,KAAqB,SAAY,CAChF,IAAM,EAAY,MAAM,KAAK,QAAQ,YAAY,CAC/C,QAAS,EACT,kBACA,wBAAyB,EAAM,kBAC/B,WAAY,EAAM,WAClB,UAAW,EAAM,UACjB,UAAW,EAAM,UACjB,gBACA,eAAgB,EAAM,eACtB,aAAc,EAAM,aACrB,CAAC,CAEF,IAAK,GAAM,CAAC,EAAQ,KAAU,OAAO,QAAQ,EAAU,CACrD,EAAO,GAAoB,EAC3B,MAAM,KAAK,MAAM,IAAI,EAAe,EAAiB,EAAkB,EAAM,EAE/E,CACF,EACD,CAID,IAAM,EAAiD,EAAE,CACzD,IAAK,IAAM,KAAU,EAAiB,CACpC,IAAM,EAAQ,EAAO,GACjB,IAAU,IAAA,KACZ,EAAe,GAAU,GAS7B,OANA,KAAK,UAAU,CACb,KAAMR,EAAAA,EAAc,WACpB,WAAY,KAAK,KAAK,CAAG,EACzB,QAAS,EACT,OAAQ,EACT,CAAC,CACK,QACA,EAAO,CAOd,MANA,KAAK,UAAU,CACb,KAAMA,EAAAA,EAAc,aACpB,MAAOC,EAAAA,EAAQ,EAAM,CACrB,WAAY,KAAK,KAAK,CAAG,EACzB,QAAS,EACV,CAAC,CACIQ,EAAAA,EAAiB,EAAO,4BAA4B,EAmB9D,MAAM,cAAc,EAAiD,CACnE,GAAI,EAAQ,SAAW,EACrB,MAAO,CAAE,YAAa,EAAE,CAAE,gBAAiB,KAAM,sBAAuB,KAAM,CAGhF,GAAI,CACF,OAAO,MAAM,KAAK,QAAQ,cAAc,EAAQ,OACzC,EAAO,CACd,MAAMA,EAAAA,EAAiB,EAAO,2BAA2B,EAc7D,MAAM,eAA+B,CACnC,MAAM,MAAA,EACN,IAAM,EAAU,MAAA,GAAsB,MAAM,KAAK,OAAO,YAAY,CAC9D,EAAU,MAAA,GAAsB,MAAM,KAAK,OAAO,YAAY,CAC9D,EAAW,MAAM,EAAmB,gBAAgB,EAAS,EAAQ,CAC3E,MAAM,KAAK,YAAY,YAAY,EAAS,CAC5C,MAAM,KAAK,MAAM,kBAAkB,EAAQ,CAQ7C,SAAgB,CACd,MAAA,KAA2B,CAC3B,MAAA,EAA0B,IAAA,GAO5B,WAAkB,CAChB,KAAK,SAAS,CACd,KAAK,QAAQ,WAAW,CAiB1B,CAAC,OAAO,UAAiB,CACvB,KAAK,WAAW,GC3gBpB,SAAS,EAAW,EAAiC,CACnD,MAAO,yBAAoB,IAO7B,eAAsB,GACpB,EACA,EACA,EACe,CACf,MAAM,EAAQ,IAAI,EAAW,EAAe,CAAE,EAAa,CAM7D,eAAsB,GACpB,EACA,EACqB,CACrB,OAAO,EAAQ,IAAS,EAAW,EAAe,CAAC,CAMrD,eAAsB,GACpB,EACA,EACe,CACf,MAAM,EAAQ,OAAO,EAAW,EAAe,CAAC,CCNlD,IAAa,EAAb,KAA4D,CAC1D,MAAM,IAAiB,EAAgC,CAErD,OADe,MAAM,OAAO,QAAQ,QAAQ,IAAI,EAAI,EACrC,IAAc,KAG/B,MAAM,IAAI,EAAa,EAA+B,CACpD,MAAM,OAAO,QAAQ,QAAQ,IAAI,EAAG,GAAM,EAAO,CAAC,CAGpD,MAAM,OAAO,EAA4B,CACvC,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAI,GAK5C,MAAa,GAAuB,IAAI"}
1
+ {"version":3,"file":"index.cjs","names":["ZamaError","ZamaErrorCode","ZamaError","ZamaErrorCode","DecryptionFailedError","RelayerRequestFailedError","SigningRejectedError","SigningFailedError","ConfigurationError","RelayerCleartext","buildZamaConfig","#signer","#provider","#relayer","#decryptionService","requireConfigured","#requireDecryptionService","requireAlignedWalletAccount","#signer","#provider","#delegationService","requireConfigured","#requireSigner","requireAlignedWalletAccount","#signer","#provider","#cachingService","#credentialService","requireConfigured","#requireCredentialService","requireChainAlignment","requireAlignedWalletAccount","swallow","z","checksummedAddress","#storage","#decryptNamespace","#decryptKeysNamespace","#buildStorageKey","#indexWriteQueue","#addToIndex","#doDelete","#doClearForRequester","#doClearAll","#readIndex","DecryptionFailedError","checksum","#cache","#credentialService","#delegationService","#relayer","#emitEvent","#decrypt","#assertAllDelegationsActive","#setHandleResult","isFatalBatchError","#missingBatchItem","#toZamaError","pLimit","isZeroHandle","ZamaSDKEvents","toError","DecryptionFailedError","ZamaError","#provider","#relayer","#emitEvent","MAX_UINT64","#submitAclTransaction","delegateForUserDecryptionContract","revokeDelegationContract","getDelegationExpiryContract","submitTransaction","#throwAclRevertIfMatched","TransactionRevertedError","#relayer","#emitEvent","ZamaSDKEvents","toError","ZamaError","EncryptionFailedError","#signer","#relayer","#cachingService","#credentialService","#walletAccountListeners","#unsubscribeSigner","#handleWalletAccountChange","swallow","Token","SignerNotConfiguredError","#getUnderlying","#isPayable","isPayableTokenContract","allowanceContract","requireAlignedWalletAccount","balanceOfContract","ZamaError","ERC20ReadFailedError","toError","InsufficientERC20BalanceError","#shieldViaTransferAndCall","#shieldViaApproveAndWrap","#requireSigner","#ensureAllowance","wrapContract","approveContract","swallow","#waitAndFinalizeUnshield","EncryptionFailedError","unwrapContract","isZeroHandle","DecryptionFailedError","unwrapFromBalanceContract","requireChainAlignment","finalizeUnwrapContract","#underlying","#underlyingPromise","underlyingContract","ZamaSDKEvents","TransactionRevertedError","#registryTTL","#onEvent","#cachingService","#lifecycleService","#encryptionService","#decryptionService","#credentialService","#delegationService","WrappersRegistry","CredentialService","Token","checksum","z","hex"],"sources":["../../src/errors/credential.ts","../../src/errors/delegation.ts","../../src/errors/decrypt.ts","../../src/config/cleartext.ts","../../src/utils/hex.ts","../../src/abi/erc1363.abi.ts","../../src/contracts/erc1363.ts","../../src/config/create.ts","../../src/namespaces/decryption.ts","../../src/namespaces/delegations.ts","../../src/namespaces/permits.ts","../../src/services/caching-service.ts","../../src/credentials/decrypt-permit.ts","../../src/services/decryption-service.ts","../../src/errors/acl-revert.ts","../../src/services/delegation-service.ts","../../src/services/encryption-service.ts","../../src/services/lifecycle-service.ts","../../src/events/onchain-events.ts","../../src/token/wrapped-token.ts","../../src/zama-sdk.ts","../../src/token/pending-unshield.ts","../../src/storage/chrome-session-storage.ts"],"sourcesContent":["import { ZamaError, ZamaErrorCode } from \"./base\";\n\n/** FHE keypair has expired and needs regeneration. */\nexport class KeypairExpiredError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.KeypairExpired, message, options);\n this.name = \"KeypairExpiredError\";\n }\n}\n\n/** Relayer rejected FHE keypair (stale, expired, or malformed). */\nexport class InvalidKeypairError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.InvalidKeypair, message, options);\n this.name = \"InvalidKeypairError\";\n }\n}\n\n/** No FHE ciphertext exists for this account (never shielded). */\nexport class NoCiphertextError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.NoCiphertext, message, options);\n this.name = \"NoCiphertextError\";\n }\n}\n","import { ZamaError, ZamaErrorCode } from \"./base\";\n\n// Delegation errors — thrown by SDK pre-flight checks and by delegation\n// transaction callsites when they map ACL Solidity revert reasons.\n\n/** Delegation cannot target self (delegate === msg.sender). */\nexport class DelegationSelfNotAllowedError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationSelfNotAllowed, message, options);\n this.name = \"DelegationSelfNotAllowedError\";\n }\n}\n\n/** Only one delegate/revoke per (delegator, delegate, contract) per block. */\nexport class DelegationCooldownError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationCooldown, message, options);\n this.name = \"DelegationCooldownError\";\n }\n}\n\n/** No active delegation found for this (delegator, delegate, contract) tuple. */\nexport class DelegationNotFoundError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationNotFound, message, options);\n this.name = \"DelegationNotFoundError\";\n }\n}\n\n/** The delegation has expired. */\nexport class DelegationExpiredError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationExpired, message, options);\n this.name = \"DelegationExpiredError\";\n }\n}\n\n/** The new expiration date equals the current one. */\nexport class DelegationExpiryUnchangedError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationExpiryUnchanged, message, options);\n this.name = \"DelegationExpiryUnchangedError\";\n }\n}\n\n/** Delegate address cannot be the contract address. */\nexport class DelegationDelegateEqualsContractError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationDelegateEqualsContract, message, options);\n this.name = \"DelegationDelegateEqualsContractError\";\n }\n}\n\n/** Contract address cannot be the sender address. */\nexport class DelegationContractIsSelfError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationContractIsSelf, message, options);\n this.name = \"DelegationContractIsSelfError\";\n }\n}\n\n/** The ACL contract is paused. */\nexport class AclPausedError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.AclPaused, message, options);\n this.name = \"AclPausedError\";\n }\n}\n\n/** Expiration date is too soon (must be at least 1 hour in the future). */\nexport class DelegationExpirationTooSoonError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationExpirationTooSoon, message, options);\n this.name = \"DelegationExpirationTooSoonError\";\n }\n}\n\n/**\n * Delegation exists on L1 but hasn't propagated to the gateway yet.\n *\n * After calling `delegateForUserDecryption()`, the delegation is recorded on-chain\n * immediately. However, the gateway (deployed on Arbitrum) must sync this state\n * via cross-chain event propagation, which typically takes 1–2 minutes.\n *\n * Calling `decryptBalanceAs` during this window will fail because the gateway's\n * `isHandleDelegatedForUserDecryption()` check reads from its own synced copy\n * of the ACL state, which hasn't been updated yet.\n *\n * **Note:** This error is raised as a best-effort heuristic — when a delegated\n * decryption receives an HTTP 500 from the relayer, the most likely cause is a\n * propagation delay. However, the same status code can occur if the gateway or\n * relayer experiences an unrelated internal error.\n */\nexport class DelegationNotPropagatedError extends ZamaError {\n constructor(message: string, options?: ErrorOptions) {\n super(ZamaErrorCode.DelegationNotPropagated, message, options);\n this.name = \"DelegationNotPropagatedError\";\n }\n}\n","import type { ZamaError } from \"./base\";\nimport { DecryptionFailedError } from \"./encryption\";\nimport { NoCiphertextError } from \"./credential\";\nimport { RelayerRequestFailedError } from \"./relayer\";\nimport { DelegationNotPropagatedError } from \"./delegation\";\nimport { SigningRejectedError, SigningFailedError } from \"./signing\";\n\n/**\n * Inspect a caught error for an HTTP status code and return the appropriate\n * typed SDK error (NoCiphertextError for 400, RelayerRequestFailedError for\n * other HTTP errors, or the generic DecryptionFailedError as fallback).\n *\n * Errors that are already typed SDK errors (e.g. {@link SigningRejectedError},\n * {@link DecryptionFailedError}) are returned as-is so callers can still match\n * the original cause.\n *\n * When `isDelegated` is true and the relayer returns a 500, the error is\n * wrapped as {@link DelegationNotPropagatedError} because the most likely\n * cause is that the gateway hasn't synced the delegation from L1 yet.\n */\nexport function wrapDecryptError(\n error: unknown,\n fallbackMessage: string,\n isDelegated = false,\n): ZamaError {\n if (\n error instanceof DecryptionFailedError ||\n error instanceof NoCiphertextError ||\n error instanceof RelayerRequestFailedError ||\n error instanceof DelegationNotPropagatedError ||\n error instanceof SigningRejectedError ||\n error instanceof SigningFailedError\n ) {\n return error;\n }\n\n const statusCode =\n error !== null &&\n error !== undefined &&\n typeof error === \"object\" &&\n \"statusCode\" in error &&\n typeof (error as Record<string, unknown>).statusCode === \"number\"\n ? ((error as Record<string, unknown>).statusCode as number)\n : undefined;\n\n if (statusCode === 400) {\n return new NoCiphertextError(\n error instanceof Error ? error.message : \"No ciphertext for this account\",\n { cause: error },\n );\n }\n\n if (isDelegated && statusCode === 500) {\n return new DelegationNotPropagatedError(\n \"Delegated decryption failed with a server error. \" +\n \"This is most commonly caused by the delegation not having propagated to the gateway yet — \" +\n \"after granting delegation, allow 1–2 minutes for cross-chain synchronization before retrying. \" +\n \"If the error persists, the gateway or relayer may be experiencing an unrelated issue.\",\n { cause: error },\n );\n }\n\n if (statusCode !== undefined) {\n return new RelayerRequestFailedError(\n error instanceof Error ? error.message : fallbackMessage,\n statusCode,\n { cause: error },\n );\n }\n\n return new DecryptionFailedError(fallbackMessage, {\n cause: error,\n });\n}\n","import { ConfigurationError } from \"../errors\";\nimport { RelayerCleartext } from \"../relayer/cleartext/relayer-cleartext\";\nimport type { CleartextRelayerConfig } from \"./types\";\n\n/**\n * Cleartext relayer — routes to RelayerCleartext (no FHE infrastructure).\n *\n * When `executorAddress` is set on the chain definition (e.g. `hardhat`, `hoodi`),\n * it is picked up automatically.\n *\n * @example\n * ```ts\n * // executorAddress comes from the chain preset:\n * relayers: { [hardhat.id]: cleartext() }\n * ```\n */\nexport function cleartext(): CleartextRelayerConfig {\n return {\n type: \"cleartext\",\n createRelayer: (chain) => {\n if (!chain.executorAddress) {\n throw new ConfigurationError(\n `Cleartext relayer requires an executorAddress. ` +\n `Either use a chain preset that includes it (e.g. hardhat, hoodi) ` +\n `or set it on the chain definition.`,\n );\n }\n return new RelayerCleartext(chain);\n },\n };\n}\n","import type { Hex } from \"viem\";\nimport { assertCondition } from \"./assertions\";\n\n/** Normalize a un-prefixed hex payload to a 0x-prefixed `Hex` value. */\nexport function prefixHex(value: string): Hex {\n return (value.startsWith(\"0x\") ? value : `0x${value}`) as Hex;\n}\n\n/** Convert a public `Hex` value back an unprefixed format. */\nexport function unprefixHex(value: Hex): string {\n assertCondition(value.startsWith(\"0x\"), `Expected 0x-prefixed hex, got: ${value}`);\n return value.slice(2);\n}\n","export const erc1363Abi = [\n {\n type: \"function\",\n name: \"transferAndCall\",\n stateMutability: \"nonpayable\",\n inputs: [\n { name: \"to\", type: \"address\" },\n { name: \"value\", type: \"uint256\" },\n { name: \"data\", type: \"bytes\" },\n ],\n outputs: [{ name: \"\", type: \"bool\" }],\n },\n] as const;\n","import type { Address, Hex } from \"viem\";\nimport { erc1363Abi } from \"../abi/erc1363.abi\";\n\n/**\n * Returns the contract config for an ERC-1363 `transferAndCall`.\n *\n * @param tokenAddress - The ERC-20 token to transfer from (the underlying, not the wrapper).\n * @param to - The recipient of the ERC-20 transfer. In `Token.shield`, this is\n * the wrapper contract whose `onTransferReceived` callback mints\n * confidential tokens to the address encoded in `data`.\n * @param amount - The amount to transfer.\n * @param data - Raw 20-byte recipient address for shield-to-other (decoded by\n * the wrapper as `address(bytes20(data))`). Empty `0x` for self-shield —\n * the wrapper falls back to `from`.\n */\nexport function transferAndCallContract(\n tokenAddress: Address,\n to: Address,\n amount: bigint,\n data: Hex = \"0x\",\n) {\n return {\n address: tokenAddress,\n abi: erc1363Abi,\n functionName: \"transferAndCall\",\n args: [to, amount, data],\n } as const;\n}\n","import type { FheChain } from \"../chains\";\nimport { buildZamaConfig } from \"./build\";\nimport type { ZamaConfig, ZamaConfigGeneric } from \"./types\";\n\n/**\n * Create a {@link ZamaConfig} from a custom {@link GenericSigner} and\n * {@link GenericProvider}. Use this when the built-in adapter paths\n * (`@zama-fhe/sdk/viem`, `@zama-fhe/sdk/ethers`, `@zama-fhe/react-sdk/wagmi`)\n * don't cover your setup — e.g. a server-side relayer that implements\n * `GenericSigner` directly.\n *\n * @example\n * ```ts\n * import { createConfig, memoryStorage } from \"@zama-fhe/sdk\";\n * import { web } from \"@zama-fhe/sdk/web\";\n * import { sepolia } from \"@zama-fhe/sdk/chains\";\n *\n * const config = createConfig({\n * chains: [sepolia],\n * signer: myCustomSigner,\n * provider: myCustomProvider,\n * storage: memoryStorage,\n * relayers: { [sepolia.id]: web() },\n * });\n * const sdk = new ZamaSDK(config);\n * ```\n */\nexport function createConfig<const TChains extends readonly [FheChain, ...FheChain[]]>(\n params: ZamaConfigGeneric<TChains>,\n): ZamaConfig {\n return buildZamaConfig(params.signer, params.provider, params);\n}\n","import type { Address } from \"viem\";\nimport { requireConfigured, wrapDecryptError } from \"../errors\";\nimport type { EncryptedInput } from \"../query/user-decrypt\";\nimport type { RelayerDispatcher } from \"../relayer/relayer-dispatcher\";\nimport type { ClearValue, EncryptedValue, PublicDecryptResult } from \"../relayer/relayer-sdk.types\";\nimport type { BatchDecryptHandlesResult, DecryptionService } from \"../services/decryption-service\";\nimport type { GenericProvider, GenericSigner } from \"../types\";\nimport { requireAlignedWalletAccount } from \"../utils/alignment\";\n\n/**\n * Public namespace for FHE decryption.\n *\n * Exposed as `sdk.decryption`. Owns the SDK-level guards (signer requirement on\n * `userDecrypt` and `delegatedDecrypt`, empty-array short-circuit on `publicDecrypt`,\n * relayer error wrapping) and delegates the actual work to the internal\n * {@link DecryptionService} or the relayer directly for `publicDecrypt`.\n *\n * **Mixed signer requirement:** `userDecrypt` and `delegatedDecrypt` need a configured\n * signer; `publicDecrypt` does not. Each method documents its requirement in its JSDoc.\n */\nexport class Decryption {\n readonly #signer: GenericSigner | undefined;\n readonly #provider: GenericProvider;\n readonly #relayer: RelayerDispatcher;\n readonly #decryptionService: DecryptionService | undefined;\n\n /** @internal */\n constructor(opts: {\n signer: GenericSigner | undefined;\n provider: GenericProvider;\n relayer: RelayerDispatcher;\n decryptionService: DecryptionService | undefined;\n }) {\n this.#signer = opts.signer;\n this.#provider = opts.provider;\n this.#relayer = opts.relayer;\n this.#decryptionService = opts.decryptionService;\n }\n\n #requireDecryptionService(operation: string): DecryptionService {\n return requireConfigured(this.#decryptionService, operation);\n }\n\n /**\n * Decrypt one or more FHE encrypted values. Results are cached — repeated calls\n * for the same encrypted value skip the relayer round-trip.\n *\n * Zero encrypted values are mapped to `0n` without hitting the relayer.\n * Events (`DecryptStart/End/Error`) are emitted uniformly.\n * Relayer errors are wrapped into typed SDK errors.\n *\n * @param encryptedInput - Encrypted values to decrypt, each paired with its contract address.\n * @returns A record mapping each encrypted value to its decrypted clear-text value.\n * @throws if no signer is configured. {@link SignerNotConfiguredError}\n * @throws if signer and provider are on different chains. {@link ChainMismatchError}\n *\n * @example\n * ```ts\n * const values = await sdk.decryption.userDecrypt([\n * { encryptedValue: balanceHandle, contractAddress: cUSDT },\n * ]);\n * console.log(values[balanceHandle]); // 1000n\n * ```\n */\n async userDecrypt(encryptedInput: EncryptedInput[]): Promise<Record<EncryptedValue, ClearValue>> {\n const service = this.#requireDecryptionService(\"userDecrypt\");\n const account = await requireAlignedWalletAccount(\"userDecrypt\", this.#signer, this.#provider);\n return service.userDecrypt(encryptedInput, account.address);\n }\n\n /**\n * Decrypt one or more FHE encrypted values using delegated credentials.\n *\n * Mirrors {@link userDecrypt} with delegated credentials — same caching and\n * zero-value short-circuit. Before reading from cache or calling the relayer,\n * every non-zero encrypted value's contract must have an active delegation from the\n * delegator to the connected signer; missing or expired delegations fail fast.\n *\n * @param encryptedInputs - FHE encrypted values paired with their contract addresses.\n * @param delegatorAddress - The address that granted delegation rights.\n * @param accountAddress - Address used as the cache key's \"requester\"\n * dimension. Defaults to `delegatorAddress`. Pass the actual account address\n * when decrypting on behalf of someone whose balance is stored under a\n * different address (e.g. `decryptBalanceAs` with an explicit `accountAddress`).\n * @returns Map of encrypted value → clear-text value.\n *\n * @example\n * ```ts\n * const values = await sdk.decryption.delegatedDecrypt([\n * { encryptedValue: balanceHandle, contractAddress: tokenAddr },\n * ], delegatorAddr);\n * console.log(values[balanceHandle]); // 1000n\n * ```\n */\n async delegatedDecrypt(\n encryptedInputs: EncryptedInput[],\n delegatorAddress: Address,\n accountAddress: Address = delegatorAddress,\n ): Promise<Record<EncryptedValue, ClearValue>> {\n const service = this.#requireDecryptionService(\"delegatedDecrypt\");\n const account = await requireAlignedWalletAccount(\n \"delegatedDecrypt\",\n this.#signer,\n this.#provider,\n );\n return service.delegatedUserDecrypt(\n encryptedInputs,\n delegatorAddress,\n account.address,\n accountAddress,\n );\n }\n\n /**\n * Publicly decrypt one or more FHE encrypted values.\n *\n * Signer-independent: works without a configured signer.\n * Returns the decryption proof alongside the clear-text values so callers\n * can submit on-chain finalization transactions (e.g. `finalizeUnwrap`).\n *\n * @param encryptedValues - FHE encrypted values to decrypt publicly.\n * @returns Clear-text values, ABI-encoded values, and the decryption proof.\n *\n * @example\n * ```ts\n * const { clearValues, decryptionProof, abiEncodedClearValues } =\n * await sdk.decryption.publicDecrypt([encryptedValue]);\n * ```\n */\n async publicDecrypt(encryptedValues: EncryptedValue[]): Promise<PublicDecryptResult> {\n if (encryptedValues.length === 0) {\n return {\n clearValues: {},\n decryptionProof: \"0x\",\n abiEncodedClearValues: \"0x\",\n };\n }\n\n try {\n return await this.#relayer.publicDecrypt(encryptedValues);\n } catch (error) {\n throw wrapDecryptError(error, \"Public decryption failed\");\n }\n }\n\n /**\n * Batch-decrypt delegated encrypted values with per-entry error isolation.\n *\n * Attempts a single batch request first. If the batch fails with a non-fatal\n * error (e.g. one entry is invalid), falls back to per-entry decryption so\n * healthy entries still resolve. Each item in the result carries either a\n * decrypted value or an error — callers decide how to surface partial failures.\n *\n * @param encryptedInputs - FHE encrypted values paired with their contract addresses.\n * @param delegatorAddress - The address that granted delegation rights.\n * @param accountAddress - The account on whose behalf decryption is performed. Defaults to `delegatorAddress`.\n * @param maxConcurrency - Maximum parallel decrypt calls during per-entry fallback.\n * @returns Per-entry results, each with a value or an error.\n * @throws if no signer is configured. {@link SignerNotConfiguredError}\n * @throws if signer and provider are on different chains. {@link ChainMismatchError}\n *\n * @example\n * ```ts\n * const result = await sdk.decryption.delegatedBatchDecrypt({\n * encryptedInputs: [\n * { encryptedValue: encryptedValue1, contractAddress: tokenA },\n * { encryptedValue: encryptedValue2, contractAddress: tokenB },\n * ],\n * delegatorAddress: \"0xDelegator\",\n * maxConcurrency: 5,\n * });\n * for (const item of result.items) {\n * if (item.error) console.error(item.encryptedValue, item.error);\n * else console.log(item.encryptedValue, item.value);\n * }\n * ```\n */\n async delegatedBatchDecrypt({\n encryptedInputs,\n delegatorAddress,\n accountAddress = delegatorAddress,\n maxConcurrency,\n }: {\n encryptedInputs: EncryptedInput[];\n delegatorAddress: Address;\n accountAddress?: Address;\n maxConcurrency?: number;\n }): Promise<BatchDecryptHandlesResult> {\n const service = this.#requireDecryptionService(\"delegatedBatchDecrypt\");\n const account = await requireAlignedWalletAccount(\n \"delegatedBatchDecrypt\",\n this.#signer,\n this.#provider,\n );\n return service.delegatedBatchDecryptHandlesAs({\n encryptedInputs,\n delegatorAddress,\n delegateAddress: account.address,\n accountAddress,\n maxConcurrency,\n });\n }\n}\n","import type { Address } from \"viem\";\nimport type { DelegationService } from \"../services/delegation-service\";\nimport type { GenericProvider, GenericSigner, TransactionResult } from \"../types\";\nimport { requireAlignedWalletAccount } from \"../utils/alignment\";\nimport { requireConfigured } from \"../errors\";\n\n/**\n * Public namespace for on-chain decryption-delegation management.\n *\n * Exposed as `sdk.delegations`. Owns the SDK-level guards (signer requirement, chain\n * alignment, delegator address resolution from the wallet account) and delegates the\n * actual work to the internal {@link DelegationService}.\n *\n * Delegation operations write to the host chain ACL; after a delegation is mined,\n * allow **1–2 minutes** before attempting delegated decryption to let the gateway\n * sync the ACL state via cross-chain event propagation.\n */\nexport class Delegations {\n readonly #signer: GenericSigner | undefined;\n readonly #provider: GenericProvider;\n readonly #delegationService: DelegationService;\n\n /** @internal */\n constructor(opts: {\n signer: GenericSigner | undefined;\n provider: GenericProvider;\n delegationService: DelegationService;\n }) {\n this.#signer = opts.signer;\n this.#provider = opts.provider;\n this.#delegationService = opts.delegationService;\n }\n\n #requireSigner(operation: string): GenericSigner {\n return requireConfigured(this.#signer, operation);\n }\n\n /**\n * Delegate decryption rights for a confidential contract to another address.\n * Calls `ACL.delegateForUserDecryption()` on-chain.\n *\n * **Important:** After the transaction is mined, allow **1–2 minutes** before\n * attempting delegated decryption. The delegation is recorded on L1 immediately,\n * but the gateway must sync the ACL state via cross-chain event propagation.\n *\n * @param contractAddress - The confidential contract address to delegate on.\n * @param delegateAddress - Address to delegate decryption rights to.\n * @param expirationDate - Optional expiration date (defaults to permanent delegation via `uint64.max`).\n * @returns The transaction hash and mined receipt.\n * @throws if no signer is configured. {@link SignerNotConfiguredError}\n * @throws if signer and provider are on different chains. {@link ChainMismatchError}\n * @throws if `expirationDate` is less than 1 hour in the future. {@link DelegationExpirationTooSoonError}\n * @throws if the delegate equals the connected wallet. {@link DelegationSelfNotAllowedError}\n * @throws if the delegate equals the contract address. {@link DelegationDelegateEqualsContractError}\n * @throws if the new expiry equals the current one. {@link DelegationExpiryUnchangedError}\n * @throws if the delegation transaction reverts. {@link TransactionRevertedError}\n */\n async delegateDecryption({\n contractAddress,\n delegateAddress,\n expirationDate,\n }: {\n contractAddress: Address;\n delegateAddress: Address;\n expirationDate?: Date;\n }): Promise<TransactionResult> {\n const signer = this.#requireSigner(\"delegateDecryption\");\n const account = await requireAlignedWalletAccount(\n \"delegateDecryption\",\n this.#signer,\n this.#provider,\n );\n return this.#delegationService.delegateDecryption(signer, {\n contractAddress,\n delegateAddress,\n delegatorAddress: account.address,\n expirationDate,\n });\n }\n\n /**\n * Revoke decryption delegation for a confidential contract.\n * Calls `ACL.revokeDelegationForUserDecryption()` on-chain.\n *\n * @param contractAddress - The confidential contract address to revoke delegation on.\n * @param delegateAddress - Address to revoke delegation from.\n * @returns The transaction hash and mined receipt.\n * @throws if no signer is configured. {@link SignerNotConfiguredError}\n * @throws if signer and provider are on different chains. {@link ChainMismatchError}\n * @throws if no delegation exists for this (delegator, delegate, contract) tuple. {@link DelegationNotFoundError}\n * @throws if the revocation transaction reverts. {@link TransactionRevertedError}\n */\n async revokeDelegation({\n contractAddress,\n delegateAddress,\n }: {\n contractAddress: Address;\n delegateAddress: Address;\n }): Promise<TransactionResult> {\n const signer = this.#requireSigner(\"revokeDelegation\");\n const account = await requireAlignedWalletAccount(\n \"revokeDelegation\",\n this.#signer,\n this.#provider,\n );\n return this.#delegationService.revokeDelegation(signer, {\n contractAddress,\n delegateAddress,\n delegatorAddress: account.address,\n });\n }\n\n /**\n * Check whether a delegation is active for the given contract address.\n *\n * Signer-independent: works without a configured signer.\n *\n * @param contractAddress - The confidential contract address.\n * @param delegatorAddress - The address that granted the delegation.\n * @param delegateAddress - The address that received delegation rights.\n * @returns `true` if the delegation exists and has not expired.\n */\n async isActive(params: {\n contractAddress: Address;\n delegatorAddress: Address;\n delegateAddress: Address;\n }): Promise<boolean> {\n return this.#delegationService.isDelegated(params);\n }\n\n /**\n * Get the expiration timestamp of a delegation for the given contract.\n *\n * Signer-independent: works without a configured signer.\n *\n * @param contractAddress - The confidential contract address.\n * @param delegatorAddress - The address that granted the delegation.\n * @param delegateAddress - The address that received delegation rights.\n * @returns Unix timestamp as bigint. `0n` = no delegation. `2^64 - 1` = permanent.\n */\n async getExpiry(params: {\n contractAddress: Address;\n delegatorAddress: Address;\n delegateAddress: Address;\n }): Promise<bigint> {\n return this.#delegationService.getDelegationExpiry(params);\n }\n}\n","import { getAddress, type Address } from \"viem\";\nimport type { CredentialService } from \"../credentials/credential-service\";\nimport { requireConfigured } from \"../errors\";\nimport type { CachingService } from \"../services/caching-service\";\nimport type { GenericProvider, GenericSigner } from \"../types\";\nimport { swallow } from \"../utils\";\nimport { requireAlignedWalletAccount, requireChainAlignment } from \"../utils/alignment\";\n\n/**\n * Public namespace for permit and keypair management.\n *\n * Exposed as `sdk.permits`. Owns the SDK-level guards (chain alignment, empty-array\n * short-circuit, decrypt-cache invalidation) and delegates the actual work to the\n * internal {@link CredentialService}.\n *\n * The namespace is named `permits` because the user-facing concept is the signed-permit\n * store. The FHE keypair is invisible plumbing — there is no `getKeypair()` surfaced;\n * the keypair exists to sign permits and is created automatically when needed.\n * {@link clear} wipes both the permit store and the keypair (permits cascade-delete\n * with the keypair).\n */\nexport class Permits {\n readonly #signer: GenericSigner | undefined;\n readonly #provider: GenericProvider;\n readonly #cachingService: CachingService;\n readonly #credentialService: CredentialService | undefined;\n\n /** @internal */\n constructor(opts: {\n signer: GenericSigner | undefined;\n provider: GenericProvider;\n cachingService: CachingService;\n credentialService: CredentialService | undefined;\n }) {\n this.#signer = opts.signer;\n this.#provider = opts.provider;\n this.#cachingService = opts.cachingService;\n this.#credentialService = opts.credentialService;\n }\n\n #requireCredentialService(operation: string): CredentialService {\n return requireConfigured(this.#credentialService, operation);\n }\n\n /**\n * Sign and store an EIP-712 permit authorising direct decryption for the\n * given contract addresses.\n *\n * Idempotent: if a permit covering the requested set already exists, no\n * wallet prompt occurs. Otherwise the SDK chunks the uncovered subset into\n * groups of ≤10 contracts and prompts once per chunk; partial mid-flight\n * rejection is preserved (already-signed chunks are persisted before the\n * next prompt).\n *\n * @param contracts - Contract addresses to authorize.\n */\n async grantPermit(contracts: Address[]): Promise<void> {\n if (contracts.length === 0) {\n return;\n }\n const service = this.#requireCredentialService(\"grantPermit\");\n await requireChainAlignment(\"grantPermit\", this.#signer, this.#provider);\n await service.grantPermit(contracts);\n }\n\n /**\n * Sign and store an EIP-712 delegation permit authorising decryption on\n * behalf of `delegator`. Same idempotence/chunking semantics as {@link grantPermit}.\n *\n * @param delegator - The address that delegated decryption rights to the connected signer.\n * @param contracts - Contract addresses to authorize.\n */\n async grantDelegationPermit(delegator: Address, contracts: Address[]): Promise<void> {\n if (contracts.length === 0) {\n return;\n }\n const service = this.#requireCredentialService(\"grantDelegationPermit\");\n await requireChainAlignment(\"grantDelegationPermit\", this.#signer, this.#provider);\n await service.grantPermit(contracts, delegator);\n }\n\n /**\n * Pure store lookup: is there a permit covering `contracts`?\n * No wallet prompt, no keypair generation. Returns `false` when no signer\n * is configured.\n */\n async hasPermit(contracts: Address[]): Promise<boolean> {\n if (!this.#credentialService) {\n return false;\n }\n return this.#credentialService.hasPermit(contracts);\n }\n\n /**\n * Pure store lookup for a delegation permit. See {@link hasPermit}.\n *\n * @param delegator - The address that delegated decryption rights to the connected signer.\n * @param contracts - Contract addresses to check.\n * @returns `true` if cached delegation permits cover all requested contracts.\n */\n async hasDelegationPermit(delegator: Address, contracts: Address[]): Promise<boolean> {\n if (!this.#credentialService) {\n return false;\n }\n return this.#credentialService.hasPermit(contracts, delegator);\n }\n\n /**\n * Best-effort keypair prefetch for the connected signer.\n *\n * Optional latency optimization: decrypt and permit flows remain correct\n * without it because they lazily create the keypair when needed.\n *\n * Silent no-op when no signer is configured or no wallet account is\n * available. The keypair is generated through the relayer dispatcher's\n * currently active chain — see {@link LifecycleService}, which calls\n * `switchChain` before fanning the wallet-account change out to listeners,\n * so any downstream caller (including React adapters) observes the\n * dispatcher on the wallet chain by the time it invokes warmup.\n */\n async warmKeypair(): Promise<void> {\n const service = this.#credentialService;\n if (!service) {\n return;\n }\n const account = this.#signer?.walletAccount.getSnapshot();\n if (!account) {\n return;\n }\n await service.warmKeypair(account.address);\n }\n\n /**\n * Wipe FHE permits for the current signer.\n *\n * - With no argument: every permit referencing this signer is removed across\n * all chains and delegators. The keypair survives — use {@link clear} to\n * also wipe the keypair.\n * - With a contract list: every signed permit in the direct-decrypt scope\n * (current chain) whose immutable payload touches any listed address is\n * removed. Delegation permits are not touched in this mode.\n *\n * @throws if no signer is configured. {@link SignerNotConfiguredError}\n */\n async revokePermits(contracts?: Address[]): Promise<void> {\n const service = this.#requireCredentialService(\"revokePermits\");\n const account = await requireAlignedWalletAccount(\n \"revokePermits\",\n this.#signer,\n this.#provider,\n );\n const signerAddress = getAddress(account.address);\n try {\n await service.revokePermits(contracts);\n } finally {\n await swallow(\"clear decrypt cache\", () =>\n this.#cachingService.clearForRequester(signerAddress),\n );\n }\n }\n\n /**\n * Wipe the keypair for the current signer and cascade-delete every permit\n * (across chains and delegators) referencing it.\n *\n * @throws if no signer is configured. {@link SignerNotConfiguredError}\n */\n async clear(): Promise<void> {\n const service = this.#requireCredentialService(\"clear\");\n const account = await requireAlignedWalletAccount(\"clear\", this.#signer, this.#provider);\n const signerAddress = getAddress(account.address);\n try {\n await service.clearCredentials();\n } finally {\n await swallow(\"clear decrypt cache\", () =>\n this.#cachingService.clearForRequester(signerAddress),\n );\n }\n }\n}\n","import { getAddress, type Address } from \"viem\";\nimport { z } from \"zod/mini\";\nimport type { ClearValue, EncryptedValue } from \"../relayer/relayer-sdk.types\";\nimport { checksummedAddress } from \"../schemas/primitives\";\nimport type { GenericStorage } from \"../types\";\n\nconst CacheValueSchema = z.union([z.bigint(), z.boolean(), checksummedAddress]);\nconst CacheIndexSchema = z.array(z.string());\n\n/**\n * Storage-backed cache for decrypted FHE plaintext values.\n *\n * Each entry is keyed by `(requester, contractAddress, handle)` so different\n * signers cannot read each other's cached decryptions.\n */\nexport class CachingService {\n readonly #storage: GenericStorage;\n readonly #decryptNamespace = \"zama:decrypt\";\n readonly #decryptKeysNamespace = `${this.#decryptNamespace}:keys`;\n #indexWriteQueue: Promise<void> = Promise.resolve();\n\n constructor(storage: GenericStorage) {\n this.#storage = storage;\n }\n\n async get(\n requester: Address,\n contractAddress: Address,\n encryptedValue: EncryptedValue,\n ): Promise<ClearValue | null> {\n try {\n const key = this.#buildStorageKey(requester, contractAddress, encryptedValue);\n const value = await this.#storage.get(key);\n if (value === null) {\n return null;\n }\n const parsed = CacheValueSchema.safeParse(value);\n if (!parsed.success) {\n await this.delete(requester, contractAddress, encryptedValue);\n return null;\n }\n return parsed.data;\n } catch (error) {\n console.warn(\"[zama-sdk] CachingService.get failed:\", error); // eslint-disable-line no-console\n return null;\n }\n }\n\n async set(\n requester: Address,\n contractAddress: Address,\n encryptedValue: EncryptedValue,\n value: ClearValue,\n ): Promise<void> {\n try {\n const key = this.#buildStorageKey(requester, contractAddress, encryptedValue);\n await this.#storage.set<ClearValue>(key, value);\n this.#indexWriteQueue = this.#indexWriteQueue.then(() =>\n this.#addToIndex(key).catch((error) => {\n console.warn(\"[zama-sdk] CachingService index write failed:\", error); // eslint-disable-line no-console\n }),\n );\n await this.#indexWriteQueue;\n } catch (error) {\n console.warn(\"[zama-sdk] CachingService.set failed:\", error); // eslint-disable-line no-console\n }\n }\n\n async delete(\n requester: Address,\n contractAddress: Address,\n encryptedValue: EncryptedValue,\n ): Promise<void> {\n const key = this.#buildStorageKey(requester, contractAddress, encryptedValue);\n this.#indexWriteQueue = this.#indexWriteQueue.then(() =>\n this.#doDelete(key).catch((error) => {\n console.warn(\"[zama-sdk] CachingService.delete failed:\", error); // eslint-disable-line no-console\n }),\n );\n await this.#indexWriteQueue;\n }\n\n async clearForRequester(requester: Address): Promise<void> {\n this.#indexWriteQueue = this.#indexWriteQueue.then(() =>\n this.#doClearForRequester(requester).catch((error) => {\n console.warn(\"[zama-sdk] CachingService.clearForRequester failed:\", error); // eslint-disable-line no-console\n }),\n );\n await this.#indexWriteQueue;\n }\n\n async clearAll(): Promise<void> {\n this.#indexWriteQueue = this.#indexWriteQueue.then(() =>\n this.#doClearAll().catch((error) => {\n console.warn(\"[zama-sdk] CachingService.clearAll failed:\", error); // eslint-disable-line no-console\n }),\n );\n await this.#indexWriteQueue;\n }\n\n async #doDelete(key: string): Promise<void> {\n await this.#storage.delete(key).catch(() => {});\n const keys = await this.#readIndex();\n const remaining = keys.filter((k) => k !== key);\n if (remaining.length !== keys.length) {\n await this.#storage.set(this.#decryptKeysNamespace, remaining);\n }\n }\n\n async #doClearForRequester(requester: Address): Promise<void> {\n const checksumRequester = getAddress(requester);\n const prefix = `${this.#decryptNamespace}:${checksumRequester}:`;\n const keys = await this.#readIndex();\n const toRemove: string[] = [];\n const remaining: string[] = [];\n for (const k of keys) {\n if (k.startsWith(prefix)) {\n toRemove.push(k);\n } else {\n remaining.push(k);\n }\n }\n await Promise.all(toRemove.map((k) => this.#storage.delete(k).catch(() => {})));\n await this.#storage.set(this.#decryptKeysNamespace, remaining);\n }\n\n async #doClearAll(): Promise<void> {\n const keys = await this.#readIndex();\n await Promise.all(keys.map((k) => this.#storage.delete(k).catch(() => {})));\n await this.#storage.delete(this.#decryptKeysNamespace);\n }\n\n #buildStorageKey(\n requester: Address,\n contractAddress: Address,\n encryptedValue: EncryptedValue,\n ): string {\n return `${this.#decryptNamespace}:${getAddress(requester)}:${getAddress(contractAddress)}:${encryptedValue.toLowerCase()}`;\n }\n\n async #readIndex(): Promise<string[]> {\n const value = await this.#storage.get(this.#decryptKeysNamespace);\n if (value === null) {\n return [];\n }\n const parsed = CacheIndexSchema.safeParse(value);\n if (parsed.success) {\n return parsed.data;\n }\n await this.#storage.delete(this.#decryptKeysNamespace).catch(() => {});\n return [];\n }\n\n async #addToIndex(key: string): Promise<void> {\n const keys = await this.#readIndex();\n if (!keys.includes(key)) {\n keys.push(key);\n await this.#storage.set(this.#decryptKeysNamespace, keys);\n }\n }\n}\n","import type { Address } from \"viem\";\nimport { DecryptionFailedError } from \"../errors\";\nimport type { DelegatedUserDecryptParams, UserDecryptParams } from \"../relayer/relayer-sdk.types\";\nimport type { CredentialBundle, Permission } from \"./types\";\nimport { checksum } from \"../schemas/primitives\";\n\nexport type UserDecryptPermitParams = Pick<\n UserDecryptParams,\n | \"signedContractAddresses\"\n | \"privateKey\"\n | \"publicKey\"\n | \"signature\"\n | \"startTimestamp\"\n | \"durationDays\"\n>;\n\nexport type DelegatedUserDecryptPermitParams = Pick<\n DelegatedUserDecryptParams,\n | \"signedContractAddresses\"\n | \"privateKey\"\n | \"publicKey\"\n | \"signature\"\n | \"delegatorAddress\"\n | \"startTimestamp\"\n | \"durationDays\"\n>;\n\nexport function resolveUserDecryptPermit(\n credentials: CredentialBundle,\n contractAddress: Address,\n): UserDecryptPermitParams {\n const permission = findPermissionFor(credentials, contractAddress);\n if (!permission) {\n throw new DecryptionFailedError(`No permit covers contract ${contractAddress} after allow()`);\n }\n return commonPermitParams(credentials, permission);\n}\n\nexport function resolveDelegatedDecryptPermit(\n credentials: CredentialBundle,\n contractAddress: Address,\n): DelegatedUserDecryptPermitParams {\n const permission = findPermissionFor(credentials, contractAddress);\n if (!permission) {\n throw new DecryptionFailedError(\n `No delegated permit covers contract ${contractAddress} after allow()`,\n );\n }\n return {\n ...commonPermitParams(credentials, permission),\n delegatorAddress: permission.delegatorAddress,\n };\n}\n\nfunction commonPermitParams(credentials: CredentialBundle, permission: Permission) {\n return {\n signedContractAddresses: permission.signedContractAddresses,\n privateKey: credentials.keypair.privateKey,\n publicKey: credentials.keypair.publicKey,\n signature: permission.signature,\n startTimestamp: permission.startTimestamp,\n durationDays: permission.durationDays,\n };\n}\n\nfunction findPermissionFor(\n credentials: CredentialBundle,\n contractAddress: Address,\n): Permission | undefined {\n const target = checksum(contractAddress);\n return credentials.permits.find((permission) =>\n permission.signedContractAddresses.includes(target),\n );\n}\n","import { getAddress, type Address } from \"viem\";\nimport type { CredentialService } from \"../credentials/credential-service\";\nimport {\n resolveDelegatedDecryptPermit,\n resolveUserDecryptPermit,\n} from \"../credentials/decrypt-permit\";\nimport type { CredentialBundle } from \"../credentials/types\";\nimport { DecryptionFailedError, isFatalBatchError, wrapDecryptError, ZamaError } from \"../errors\";\nimport type { ZamaSDKEventInput } from \"../events/sdk-events\";\nimport { ZamaSDKEvents } from \"../events/sdk-events\";\nimport type { EncryptedInput } from \"../query/user-decrypt\";\nimport type { RelayerDispatcher } from \"../relayer/relayer-dispatcher\";\nimport type { ClearValue, EncryptedValue } from \"../relayer/relayer-sdk.types\";\nimport { pLimit } from \"../utils/concurrency\";\nimport { isZeroHandle } from \"../utils/handles\";\nimport { toError } from \"../utils\";\nimport type { CachingService } from \"./caching-service\";\nimport type { DelegationService } from \"./delegation-service\";\n\ninterface DecryptionStrategy {\n requesterAddress: Address;\n resolveCredentials: (contractAddresses: Address[]) => Promise<CredentialBundle>;\n validate?: (contractAddresses: readonly Address[]) => Promise<void>;\n decryptContract: (args: {\n credentials: CredentialBundle;\n contractAddress: Address;\n encryptedValues: EncryptedValue[];\n }) => Promise<Record<EncryptedValue, ClearValue>>;\n errorMessage: string;\n delegated?: boolean;\n}\n\nexport interface BatchDecryptHandleItem {\n encryptedValue: EncryptedValue;\n contractAddress: Address;\n value?: ClearValue;\n error?: ZamaError;\n}\n\nexport interface BatchDecryptHandlesResult {\n items: BatchDecryptHandleItem[];\n}\n\nexport class DecryptionService {\n readonly #cache: CachingService;\n readonly #credentialService: CredentialService;\n readonly #delegationService: DelegationService;\n readonly #relayer: RelayerDispatcher;\n readonly #emitEvent: (input: ZamaSDKEventInput) => void;\n\n constructor({\n cache,\n credentialService,\n delegationService,\n relayer,\n emitEvent,\n }: {\n cache: CachingService;\n credentialService: CredentialService;\n delegationService: DelegationService;\n relayer: RelayerDispatcher;\n emitEvent: (input: ZamaSDKEventInput) => void;\n }) {\n this.#cache = cache;\n this.#credentialService = credentialService;\n this.#delegationService = delegationService;\n this.#relayer = relayer;\n this.#emitEvent = emitEvent;\n }\n\n async userDecrypt(\n handles: EncryptedInput[],\n signerAddress: Address,\n ): Promise<Record<EncryptedValue, ClearValue>> {\n const normalizedSigner = getAddress(signerAddress);\n return this.#decrypt(handles, {\n requesterAddress: normalizedSigner,\n resolveCredentials: (contractAddresses) =>\n this.#credentialService.grantPermit(contractAddresses),\n decryptContract: async ({ credentials, contractAddress, encryptedValues }) => {\n return this.#relayer.userDecrypt({\n encryptedValues,\n contractAddress,\n ...resolveUserDecryptPermit(credentials, contractAddress),\n signerAddress: normalizedSigner,\n });\n },\n errorMessage: \"Failed to decrypt handles\",\n });\n }\n\n async delegatedUserDecrypt(\n encryptedValues: EncryptedInput[],\n delegatorAddress: Address,\n delegateAddress: Address,\n accountAddress: Address,\n ): Promise<Record<EncryptedValue, ClearValue>> {\n const normalizedDelegator = getAddress(delegatorAddress);\n const normalizedDelegate = getAddress(delegateAddress);\n return this.#decrypt(encryptedValues, {\n requesterAddress: getAddress(accountAddress),\n resolveCredentials: (contractAddresses) =>\n this.#credentialService.grantPermit(contractAddresses, normalizedDelegator),\n validate: (contractAddresses) =>\n this.#assertAllDelegationsActive(contractAddresses, {\n delegatorAddress: normalizedDelegator,\n delegateAddress: normalizedDelegate,\n }),\n decryptContract: async ({\n credentials,\n contractAddress,\n // oxlint-disable-next-line no-shadow\n encryptedValues,\n }) => {\n return this.#relayer.delegatedUserDecrypt({\n encryptedValues: encryptedValues,\n contractAddress,\n ...resolveDelegatedDecryptPermit(credentials, contractAddress),\n delegateAddress: normalizedDelegate,\n });\n },\n errorMessage: \"Failed to decrypt delegated handles\",\n delegated: true,\n });\n }\n\n async delegatedBatchDecryptHandlesAs({\n encryptedInputs,\n delegatorAddress,\n delegateAddress,\n accountAddress,\n maxConcurrency = 5,\n }: {\n encryptedInputs: EncryptedInput[];\n delegatorAddress: Address;\n delegateAddress: Address;\n accountAddress: Address;\n maxConcurrency?: number;\n }): Promise<BatchDecryptHandlesResult> {\n const items: BatchDecryptHandleItem[] = encryptedInputs.map((h) => ({\n encryptedValue: h.encryptedValue,\n contractAddress: getAddress(h.contractAddress),\n }));\n if (items.length === 0) {\n return { items };\n }\n const normalizedAccount = getAddress(accountAddress);\n\n try {\n const decrypted = await this.delegatedUserDecrypt(\n items.map(({ encryptedValue, contractAddress }) => ({\n encryptedValue,\n contractAddress,\n })),\n delegatorAddress,\n delegateAddress,\n normalizedAccount,\n );\n for (const item of items) {\n this.#setHandleResult(item, decrypted);\n }\n return { items };\n } catch (error) {\n if (isFatalBatchError(error)) {\n throw error;\n }\n if (items.length === 1) {\n const [item = this.#missingBatchItem()] = items;\n item.error = this.#toZamaError(error, \"Failed to decrypt delegated handles\", true);\n return { items };\n }\n }\n\n await pLimit(\n items.map((item) => async () => {\n try {\n const decrypted = await this.delegatedUserDecrypt(\n [\n {\n encryptedValue: item.encryptedValue,\n contractAddress: item.contractAddress,\n },\n ],\n delegatorAddress,\n delegateAddress,\n normalizedAccount,\n );\n this.#setHandleResult(item, decrypted);\n } catch (error) {\n if (isFatalBatchError(error)) {\n throw error;\n }\n item.error = this.#toZamaError(error, \"Failed to decrypt delegated handles\", true);\n }\n }),\n maxConcurrency,\n );\n\n return { items };\n }\n\n async #decrypt(\n handles: EncryptedInput[],\n strategy: DecryptionStrategy,\n ): Promise<Record<EncryptedValue, ClearValue>> {\n if (handles.length === 0) {\n return {};\n }\n\n const normalized = handles.map((h) => ({\n encryptedValue: h.encryptedValue,\n contractAddress: getAddress(h.contractAddress),\n }));\n const result: Record<EncryptedValue, ClearValue> = {};\n const nonZero: EncryptedInput[] = [];\n\n for (const h of normalized) {\n if (isZeroHandle(h.encryptedValue)) {\n result[h.encryptedValue] = 0n;\n } else {\n nonZero.push(h);\n }\n }\n\n if (nonZero.length === 0) {\n return result;\n }\n\n const allContracts = Array.from(new Set(normalized.map((h) => h.contractAddress)));\n const nonZeroContracts = Array.from(new Set(nonZero.map((h) => h.contractAddress)));\n if (strategy.validate) {\n await strategy.validate(nonZeroContracts);\n }\n\n const uncached: EncryptedInput[] = [];\n for (const h of nonZero) {\n const cached = await this.#cache.get(\n strategy.requesterAddress,\n h.contractAddress,\n h.encryptedValue,\n );\n if (cached !== null) {\n result[h.encryptedValue] = cached;\n } else {\n uncached.push(h);\n }\n }\n\n if (uncached.length === 0) {\n return result;\n }\n\n const credentials = await strategy.resolveCredentials(allContracts);\n\n const byContract = new Map<Address, EncryptedValue[]>();\n for (const h of uncached) {\n const existing = byContract.get(h.contractAddress);\n if (existing) {\n existing.push(h.encryptedValue);\n } else {\n byContract.set(h.contractAddress, [h.encryptedValue]);\n }\n }\n\n const t0 = Date.now();\n const uncachedEncryptedValues = uncached.map((h) => h.encryptedValue);\n try {\n this.#emitEvent({\n type: ZamaSDKEvents.DecryptStart,\n encryptedValues: uncachedEncryptedValues,\n });\n\n await pLimit(\n [...byContract.entries()].map(([contractAddress, encryptedValues]) => async () => {\n const decrypted = await strategy.decryptContract({\n credentials,\n contractAddress,\n encryptedValues,\n });\n\n for (const [encryptedValue, value] of Object.entries(decrypted)) {\n result[encryptedValue as EncryptedValue] = value;\n await this.#cache.set(\n strategy.requesterAddress,\n contractAddress,\n encryptedValue as EncryptedValue,\n value,\n );\n }\n }),\n 5,\n );\n\n const uncachedResult: Record<EncryptedValue, ClearValue> = {};\n for (const encryptedValue of uncachedEncryptedValues) {\n const value = result[encryptedValue];\n if (value !== undefined) {\n uncachedResult[encryptedValue] = value;\n }\n }\n this.#emitEvent({\n type: ZamaSDKEvents.DecryptEnd,\n durationMs: Date.now() - t0,\n encryptedValues: uncachedEncryptedValues,\n result: uncachedResult,\n });\n return result;\n } catch (error) {\n this.#emitEvent({\n type: ZamaSDKEvents.DecryptError,\n error: toError(error),\n durationMs: Date.now() - t0,\n encryptedValues: uncachedEncryptedValues,\n });\n throw wrapDecryptError(error, strategy.errorMessage, strategy.delegated);\n }\n }\n\n #setHandleResult(\n item: BatchDecryptHandleItem,\n decrypted: Record<EncryptedValue, ClearValue>,\n ): void {\n const value = decrypted[item.encryptedValue];\n if (value === undefined) {\n item.error = new DecryptionFailedError(\n `Batch delegated decryption returned no value for encrypted value ${item.encryptedValue} on contract ${item.contractAddress}`,\n );\n return;\n }\n item.value = value;\n }\n\n #toZamaError(error: unknown, fallbackMessage: string, delegated = false): ZamaError {\n return error instanceof ZamaError ? error : wrapDecryptError(error, fallbackMessage, delegated);\n }\n\n #missingBatchItem(): never {\n throw new DecryptionFailedError(\"Batch delegated decryption invariant failed: missing item\");\n }\n\n async #assertAllDelegationsActive(\n contractAddresses: readonly Address[],\n {\n delegatorAddress,\n delegateAddress,\n }: {\n delegatorAddress: Address;\n delegateAddress: Address;\n },\n ): Promise<void> {\n const inactive = await this.#delegationService.findInactiveDelegations(\n contractAddresses,\n delegatorAddress,\n delegateAddress,\n );\n if (inactive.size === 0) {\n return;\n }\n for (const error of inactive.values()) {\n throw error;\n }\n }\n}\n","import type { ZamaError } from \"./base\";\nimport {\n AclPausedError,\n DelegationContractIsSelfError,\n DelegationCooldownError,\n DelegationDelegateEqualsContractError,\n DelegationExpirationTooSoonError,\n DelegationExpiryUnchangedError,\n DelegationNotFoundError,\n DelegationSelfNotAllowedError,\n} from \"./delegation\";\n\n/** Extract the decoded error name from a viem ContractFunctionRevertedError. */\nfunction extractRevertErrorName(error: unknown): string | null {\n if (!(error instanceof Error)) {\n return null;\n }\n const cause = error.cause;\n if (typeof cause !== \"object\" || cause === null || !(\"data\" in cause)) {\n return null;\n }\n const { data } = cause;\n if (typeof data !== \"object\" || data === null || !(\"errorName\" in data)) {\n return null;\n }\n return typeof data.errorName === \"string\" ? data.errorName : null;\n}\n\n/** ACL error name -> typed SDK error mapping. */\nconst ACL_ERROR_MAP = {\n AlreadyDelegatedOrRevokedInSameBlock: (cause) =>\n new DelegationCooldownError(\n \"Only one delegate/revoke per (delegator, delegate, contract) per block. Wait for the next block before retrying.\",\n { cause },\n ),\n SenderCannotBeContractAddress: (cause) =>\n new DelegationContractIsSelfError(\"The contract address cannot be the caller address.\", {\n cause,\n }),\n EnforcedPause: (cause) =>\n new AclPausedError(\n \"The ACL contract is paused. Delegation operations are temporarily disabled.\",\n { cause },\n ),\n SenderCannotBeDelegate: (cause) =>\n new DelegationSelfNotAllowedError(\"Cannot delegate to yourself (delegate === msg.sender).\", {\n cause,\n }),\n DelegateCannotBeContractAddress: (cause) =>\n new DelegationDelegateEqualsContractError(\n \"Delegate address cannot be the same as the contract address.\",\n { cause },\n ),\n ExpirationDateBeforeOneHour: (cause) =>\n new DelegationExpirationTooSoonError(\"Expiration date must be at least 1 hour in the future.\", {\n cause,\n }),\n ExpirationDateAlreadySetToSameValue: (cause) =>\n new DelegationExpiryUnchangedError(\"The new expiration date is the same as the current one.\", {\n cause,\n }),\n NotDelegatedYet: (cause) =>\n new DelegationNotFoundError(\"Cannot revoke: no active delegation exists.\", { cause }),\n} satisfies Record<string, (cause: unknown) => ZamaError>;\n\nfunction isAclRevertName(name: string): name is keyof typeof ACL_ERROR_MAP {\n return name in ACL_ERROR_MAP;\n}\n\n/**\n * Map known ACL Solidity revert error names to typed ZamaError subclasses.\n * Prefers viem's structured `error.cause.data.errorName` when available,\n * falling back to string-includes matching on the error message.\n * Returns `null` if the revert reason is not recognized.\n * @internal\n */\nexport function matchAclRevert(error: unknown, mappedCause: unknown): ZamaError | null {\n // Prefer structured error data from viem's ContractFunctionRevertedError\n const errorName = extractRevertErrorName(error);\n if (errorName && isAclRevertName(errorName)) {\n return ACL_ERROR_MAP[errorName](mappedCause);\n }\n\n // Fallback: string matching for non-viem RPC providers\n const message = error instanceof Error ? error.message : String(error);\n for (const [name, factory] of Object.entries(ACL_ERROR_MAP)) {\n if (message.includes(name)) {\n return factory(mappedCause);\n }\n }\n\n return null;\n}\n","import { getAddress, type Address } from \"viem\";\nimport {\n delegateForUserDecryptionContract,\n getDelegationExpiryContract,\n MAX_UINT64,\n revokeDelegationContract,\n} from \"../contracts\";\nimport {\n DelegationDelegateEqualsContractError,\n DelegationExpirationTooSoonError,\n DelegationExpiredError,\n DelegationExpiryUnchangedError,\n DelegationNotFoundError,\n DelegationSelfNotAllowedError,\n TransactionRevertedError,\n} from \"../errors\";\nimport { matchAclRevert } from \"../errors/acl-revert\";\nimport type { TransactionOperation, ZamaSDKEventInput } from \"../events/sdk-events\";\nimport type { RelayerDispatcher } from \"../relayer/relayer-dispatcher\";\nimport type {\n GenericProvider,\n GenericSigner,\n TransactionResult,\n WriteContractConfig,\n} from \"../types\";\nimport { submitTransaction } from \"../utils/submit-transaction\";\n\ntype AclTransactionOperation = Extract<\n TransactionOperation,\n \"delegateDecryption\" | \"revokeDelegation\"\n>;\n\nexport class DelegationService {\n readonly #provider: GenericProvider;\n readonly #relayer: RelayerDispatcher;\n readonly #emitEvent: (input: ZamaSDKEventInput, tokenAddress?: Address) => void;\n\n constructor({\n provider,\n relayer,\n emitEvent = () => {},\n }: {\n provider: GenericProvider;\n relayer: RelayerDispatcher;\n emitEvent?: (input: ZamaSDKEventInput, tokenAddress?: Address) => void;\n }) {\n this.#provider = provider;\n this.#relayer = relayer;\n this.#emitEvent = emitEvent;\n }\n\n async delegateDecryption(\n signer: GenericSigner,\n {\n contractAddress,\n delegateAddress,\n delegatorAddress,\n expirationDate,\n }: {\n contractAddress: Address;\n delegateAddress: Address;\n delegatorAddress: Address;\n expirationDate?: Date;\n },\n ): Promise<TransactionResult> {\n if (expirationDate && expirationDate.getTime() < Date.now() + 3600_000) {\n throw new DelegationExpirationTooSoonError(\n \"Expiration date must be at least 1 hour in the future\",\n );\n }\n\n const normalizedContract = getAddress(contractAddress);\n const normalizedDelegate = getAddress(delegateAddress);\n const normalizedDelegator = getAddress(delegatorAddress);\n\n if (normalizedDelegate === normalizedDelegator) {\n throw new DelegationSelfNotAllowedError(\n \"Cannot delegate to yourself (delegate === msg.sender).\",\n );\n }\n\n if (normalizedDelegate === normalizedContract) {\n throw new DelegationDelegateEqualsContractError(\n `Delegate address cannot be the same as the contract address (${normalizedContract}).`,\n );\n }\n\n const acl = await this.#relayer.getAclAddress();\n const expDate = expirationDate\n ? BigInt(Math.floor(expirationDate.getTime() / 1000))\n : MAX_UINT64;\n\n let currentExpiry: bigint;\n try {\n currentExpiry = await this.getDelegationExpiry({\n contractAddress: normalizedContract,\n delegatorAddress: normalizedDelegator,\n delegateAddress: normalizedDelegate,\n });\n } catch (error) {\n console.warn(\"[zama-sdk] delegateDecryption: pre-flight expiry check failed:\", error); // eslint-disable-line no-console\n currentExpiry = -1n;\n }\n if (currentExpiry === expDate) {\n throw new DelegationExpiryUnchangedError(\n `The new expiration date (${expDate}) is the same as the current one. No on-chain change needed.`,\n );\n }\n\n return this.#submitAclTransaction({\n operation: \"delegateDecryption\",\n signer,\n contractAddress,\n config: delegateForUserDecryptionContract(\n acl,\n normalizedDelegate,\n normalizedContract,\n expDate,\n ),\n });\n }\n\n async revokeDelegation(\n signer: GenericSigner,\n {\n contractAddress,\n delegateAddress,\n delegatorAddress,\n }: {\n contractAddress: Address;\n delegateAddress: Address;\n delegatorAddress: Address;\n },\n ): Promise<TransactionResult> {\n const normalizedContract = getAddress(contractAddress);\n const normalizedDelegate = getAddress(delegateAddress);\n const normalizedDelegator = getAddress(delegatorAddress);\n const acl = await this.#relayer.getAclAddress();\n\n let currentExpiry: bigint;\n try {\n currentExpiry = await this.getDelegationExpiry({\n contractAddress: normalizedContract,\n delegatorAddress: normalizedDelegator,\n delegateAddress: normalizedDelegate,\n });\n } catch (error) {\n console.warn(\"[zama-sdk] revokeDelegation: pre-flight expiry check failed:\", error); // eslint-disable-line no-console\n currentExpiry = 1n;\n }\n if (currentExpiry === 0n) {\n throw new DelegationNotFoundError(\n `No active delegation found for delegate ${normalizedDelegate} on contract ${normalizedContract}.`,\n );\n }\n\n return this.#submitAclTransaction({\n operation: \"revokeDelegation\",\n signer,\n contractAddress,\n config: revokeDelegationContract(acl, normalizedDelegate, normalizedContract),\n });\n }\n\n async isDelegated(params: {\n contractAddress: Address;\n delegatorAddress: Address;\n delegateAddress: Address;\n }): Promise<boolean> {\n const expiry = await this.getDelegationExpiry(params);\n if (expiry === 0n) {\n return false;\n }\n if (expiry === MAX_UINT64) {\n return true;\n }\n const now = await this.#provider.getBlockTimestamp();\n return expiry > now;\n }\n\n async getDelegationExpiry({\n contractAddress,\n delegatorAddress,\n delegateAddress,\n }: {\n contractAddress: Address;\n delegatorAddress: Address;\n delegateAddress: Address;\n }): Promise<bigint> {\n const acl = await this.#relayer.getAclAddress();\n return this.#provider.readContract(\n getDelegationExpiryContract(\n acl,\n getAddress(delegatorAddress),\n getAddress(delegateAddress),\n getAddress(contractAddress),\n ),\n );\n }\n\n async #submitAclTransaction({\n operation,\n signer,\n contractAddress,\n config,\n }: {\n operation: AclTransactionOperation;\n signer: GenericSigner;\n contractAddress: Address;\n config: WriteContractConfig;\n }): Promise<TransactionResult> {\n try {\n return await submitTransaction({\n operation,\n signer,\n provider: this.#provider,\n config,\n emit: (input) => this.#emitEvent(input, contractAddress),\n });\n } catch (error) {\n this.#throwAclRevertIfMatched(error);\n throw error;\n }\n }\n\n #throwAclRevertIfMatched(error: unknown): void {\n if (!(error instanceof TransactionRevertedError)) {\n return;\n }\n const mapped = matchAclRevert(error.cause ?? error, error);\n if (mapped) {\n throw mapped;\n }\n }\n\n async findInactiveDelegations(\n contractAddresses: readonly Address[],\n delegatorAddress: Address,\n delegateAddress: Address,\n ): Promise<Map<Address, DelegationNotFoundError | DelegationExpiredError>> {\n const inactive = new Map<Address, DelegationNotFoundError | DelegationExpiredError>();\n await Promise.all(\n contractAddresses.map(async (contractAddress) => {\n try {\n await this.assertDelegationActive(contractAddress, delegatorAddress, delegateAddress);\n } catch (error) {\n if (error instanceof DelegationNotFoundError || error instanceof DelegationExpiredError) {\n const normalizedContract = getAddress(contractAddress);\n inactive.set(normalizedContract, error);\n return;\n }\n throw error;\n }\n }),\n );\n return inactive;\n }\n\n async assertDelegationActive(\n contractAddress: Address,\n delegatorAddress: Address,\n delegateAddress: Address,\n ): Promise<void> {\n const normalizedContract = getAddress(contractAddress);\n const normalizedDelegator = getAddress(delegatorAddress);\n const normalizedDelegate = getAddress(delegateAddress);\n const expiry = await this.getDelegationExpiry({\n contractAddress: normalizedContract,\n delegatorAddress: normalizedDelegator,\n delegateAddress: normalizedDelegate,\n });\n if (expiry === 0n) {\n throw new DelegationNotFoundError(\n `No active delegation from ${normalizedDelegator} to ${normalizedDelegate} for ${normalizedContract}`,\n );\n }\n if (expiry !== MAX_UINT64) {\n const now = await this.#provider.getBlockTimestamp();\n if (expiry <= now) {\n throw new DelegationExpiredError(\n `Delegation from ${normalizedDelegator} to ${normalizedDelegate} for ${normalizedContract} has expired`,\n );\n }\n }\n }\n}\n","import { EncryptionFailedError, ZamaError } from \"../errors\";\nimport type { ZamaSDKEventInput } from \"../events/sdk-events\";\nimport { ZamaSDKEvents } from \"../events/sdk-events\";\nimport type { RelayerDispatcher } from \"../relayer/relayer-dispatcher\";\nimport type { EncryptParams, EncryptResult } from \"../relayer/relayer-sdk.types\";\nimport { toError } from \"../utils\";\n\nexport class EncryptionService {\n readonly #relayer: RelayerDispatcher;\n readonly #emitEvent: (\n input: ZamaSDKEventInput,\n tokenAddress?: EncryptParams[\"contractAddress\"],\n ) => void;\n\n constructor({\n relayer,\n emitEvent,\n }: {\n relayer: RelayerDispatcher;\n emitEvent: (input: ZamaSDKEventInput, tokenAddress?: EncryptParams[\"contractAddress\"]) => void;\n }) {\n this.#relayer = relayer;\n this.#emitEvent = emitEvent;\n }\n\n async encrypt(params: EncryptParams): Promise<EncryptResult> {\n const t0 = Date.now();\n try {\n this.#emitEvent({ type: ZamaSDKEvents.EncryptStart }, params.contractAddress);\n const result = await this.#relayer.encrypt(params);\n this.#emitEvent(\n {\n type: ZamaSDKEvents.EncryptEnd,\n durationMs: Date.now() - t0,\n },\n params.contractAddress,\n );\n return result;\n } catch (error) {\n this.#emitEvent(\n {\n type: ZamaSDKEvents.EncryptError,\n error: toError(error),\n durationMs: Date.now() - t0,\n },\n params.contractAddress,\n );\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new EncryptionFailedError(\"Encryption failed\", {\n cause: error,\n });\n }\n }\n}\n","import type { CredentialService } from \"../credentials/credential-service\";\nimport type { RelayerDispatcher } from \"../relayer/relayer-dispatcher\";\nimport type { GenericSigner, WalletAccountChange, WalletAccountListener } from \"../types\";\nimport { swallow } from \"../utils\";\nimport type { CachingService } from \"./caching-service\";\n\nexport type LifecycleServiceOptions = {\n signer?: GenericSigner;\n relayer: RelayerDispatcher;\n cachingService: CachingService;\n credentialService?: CredentialService;\n};\n\n/**\n * Owns signer-lifecycle wiring for {@link ZamaSDK}: subscribes to the signer's\n * wallet-account store on construction, runs the SDK-side cleanup (credential\n * rotation, decrypt-cache invalidation, relayer chain switch) on every change,\n * then fans out to external listeners. Unsubscribes on {@link dispose}.\n *\n * @internal — consumed by ZamaSDK; not part of the public surface.\n */\nexport class LifecycleService {\n readonly #signer: GenericSigner | undefined;\n readonly #relayer: RelayerDispatcher;\n readonly #cachingService: CachingService;\n readonly #credentialService: CredentialService | undefined;\n readonly #walletAccountListeners = new Set<WalletAccountListener>();\n #unsubscribeSigner?: () => void;\n\n constructor(opts: LifecycleServiceOptions) {\n this.#signer = opts.signer;\n this.#relayer = opts.relayer;\n this.#cachingService = opts.cachingService;\n this.#credentialService = opts.credentialService;\n if (this.#signer) {\n this.#unsubscribeSigner = this.#signer.walletAccount.subscribe((change) => {\n this.#handleWalletAccountChange(change).catch((error) => {\n // oxlint-disable-next-line no-console\n console.warn(\"[zama-sdk] wallet account handler failed:\", error);\n });\n });\n }\n }\n\n onWalletAccountChange(listener: WalletAccountListener): () => void {\n this.#walletAccountListeners.add(listener);\n return () => {\n this.#walletAccountListeners.delete(listener);\n };\n }\n\n dispose(): void {\n this.#unsubscribeSigner?.();\n this.#unsubscribeSigner = undefined;\n this.#walletAccountListeners.clear();\n }\n\n async #handleWalletAccountChange(change: WalletAccountChange): Promise<void> {\n const prev = change.previous;\n const next = change.next;\n // switchChain runs first so credential cleanup, decrypt-cache invalidation,\n // and external listeners observe the dispatcher on next.chainId. Downstream\n // keypair warming (driven by listeners — see ZamaProvider) therefore\n // dispatches against the wallet chain rather than chains[0]. `swallow`\n // suspends one microtask for error containment, not for I/O —\n // RelayerDispatcher.switchChain is synchronous.\n const nextChainId = next?.chainId;\n if (nextChainId !== undefined) {\n await swallow(\"switch relayer chain\", () => this.#relayer.switchChain(nextChainId));\n }\n const credentialService = this.#credentialService;\n if (credentialService) {\n await swallow(\"credential wallet account change\", () =>\n credentialService.handleWalletAccountChange(prev, next),\n );\n }\n if (prev) {\n await swallow(\"clear decrypt cache\", () =>\n this.#cachingService.clearForRequester(prev.address),\n );\n }\n await Promise.all(\n Array.from(this.#walletAccountListeners, (listener) =>\n swallow(\"wallet account listener\", () => listener(change)),\n ),\n );\n }\n}\n","/**\n * Framework-agnostic event decoders for confidential token contracts.\n * Works with raw log data from any provider.\n */\n\nimport type { EncryptedValue } from \"../relayer/relayer-sdk.types\";\nimport { getAddress, keccak256, toBytes, type Address, type Hex } from \"viem\";\nimport { prefixHex } from \"../utils\";\nimport type { RawLog } from \"../types/transaction\";\nexport type { RawLog } from \"../types/transaction\";\n\nfunction eventTopic(signature: string): Hex {\n return keccak256(toBytes(signature));\n}\n\n// ---------------------------------------------------------------------------\n// Event topic0 constants (keccak256 of canonical signature)\n// ---------------------------------------------------------------------------\n\n/**\n * Event topic0 constants (keccak256 of the canonical Solidity signature).\n * Pass to `getLogs({ topics: [Object.values(Topics)] })` to fetch all events.\n */\nexport const Topics = {\n /** `ConfidentialTransfer(address indexed from, address indexed to, bytes32 indexed amount)` */\n ConfidentialTransfer: eventTopic(\"ConfidentialTransfer(address,address,bytes32)\"),\n // NOTE: New wrapper contracts no longer emit Wrapped — shields now emit\n // ConfidentialTransfer(from=zeroAddress, ...) instead. Retained for backward\n // compatibility with older deployments.\n /** `Wrapped(address indexed to, uint256 amountIn)` */\n Wrapped: eventTopic(\"Wrapped(address,uint256)\"),\n /** `UnwrapRequested(address indexed receiver, bytes32 indexed unwrapRequestId, bytes32 amount)` */\n UnwrapRequested: eventTopic(\"UnwrapRequested(address,bytes32,bytes32)\"),\n /** `UnwrapFinalized(address indexed receiver, bytes32 indexed unwrapRequestId, bytes32 encryptedAmount, uint64 cleartextAmount)` */\n UnwrapFinalized: eventTopic(\"UnwrapFinalized(address,bytes32,bytes32,uint64)\"),\n /** `UnwrappedStarted(bool returnVal, uint256 indexed requestId, ...)` */\n UnwrappedStarted: eventTopic(\n \"UnwrappedStarted(bool,uint256,uint256,address,address,bytes32,bytes32)\",\n ),\n} as const;\n\n// ---------------------------------------------------------------------------\n// Typed event interfaces\n// ---------------------------------------------------------------------------\n\n/** Decoded `ConfidentialTransfer` event — an encrypted token transfer. */\nexport interface ConfidentialTransferEvent {\n readonly eventName: \"ConfidentialTransfer\";\n /** Sender address. */\n readonly from: Address;\n /** Receiver address. */\n readonly to: Address;\n /** FHE encrypted value for the transferred amount. */\n readonly encryptedAmountHandle: EncryptedValue;\n}\n\n// NOTE: New wrapper contracts no longer emit this event — shields now emit\n// ConfidentialTransfer(from=zeroAddress, ...) instead. Retained for backward\n// compatibility with older deployments.\n/** Decoded `Wrapped` event — an ERC-20 shield (wrap) operation. */\nexport interface WrappedEvent {\n readonly eventName: \"Wrapped\";\n /** Receiver of the minted confidential tokens. */\n readonly to: Address;\n /** Underlying ERC-20 tokens deposited. */\n readonly amountIn: bigint;\n}\n\n/** Decoded `UnwrapRequested` event — an unshield request submitted. */\nexport interface UnwrapRequestedEvent {\n readonly eventName: \"UnwrapRequested\";\n /** Address that will receive the unwrapped ERC-20 tokens. */\n readonly receiver: Address;\n /** FHE encrypted value for the requested unshield amount. */\n readonly encryptedAmount: EncryptedValue;\n /** Request identifier from the `UnwrapRequested` event topic. */\n readonly unwrapRequestId?: EncryptedValue;\n}\n\n/** Decoded `UnwrapFinalized` event — an unshield completed on-chain. */\nexport interface UnwrapFinalizedEvent {\n readonly eventName: \"UnwrapFinalized\";\n /** Address receiving the unwrapped ERC-20 tokens. */\n readonly receiver: Address;\n /** FHE encrypted value of the burnt confidential balance. */\n readonly encryptedAmount: EncryptedValue;\n /** Cleartext amount of underlying ERC-20 tokens returned. */\n readonly cleartextAmount: bigint;\n /** Request identifier from the `UnwrapFinalized` event topic. */\n readonly unwrapRequestId?: EncryptedValue;\n}\n\n/** Decoded `UnwrappedStarted` event — the relayer began processing an unshield. */\nexport interface UnwrappedStartedEvent {\n readonly eventName: \"UnwrappedStarted\";\n /** Whether the unwrap start succeeded. */\n readonly returnVal: boolean;\n /** On-chain request ID. */\n readonly requestId: bigint;\n /** On-chain transaction ID. */\n readonly txId: bigint;\n /** Receiver address. */\n readonly to: Address;\n /** Refund address (if applicable). */\n readonly refund: Address;\n /** FHE encrypted value of the requested amount. */\n readonly requestedAmount: EncryptedValue;\n /** FHE encrypted value of the burn amount. */\n readonly burnAmount: EncryptedValue;\n}\n\n/** Union of all decoded confidential token event types. */\nexport type OnChainEvent =\n | ConfidentialTransferEvent\n | WrappedEvent\n | UnwrapRequestedEvent\n | UnwrapFinalizedEvent\n | UnwrappedStartedEvent;\n\n// ---------------------------------------------------------------------------\n// ABI decoding helpers (no external deps)\n// ---------------------------------------------------------------------------\n\nfunction topicToAddress(topic: Hex): Address {\n return getAddress(prefixHex(topic.slice(-40)));\n}\n\nfunction topicToBigInt(topic: Hex): bigint {\n return BigInt(topic);\n}\n\nfunction topicToBytes32(topic: Hex): EncryptedValue {\n // EVM topics are already 32-byte 0x-prefixed hex — cast directly\n return topic as EncryptedValue;\n}\n\nfunction wordAt(data: Hex, index: number): string {\n // data starts with \"0x\", each word is 64 hex chars (32 bytes)\n const start = 2 + index * 64;\n const word = data.slice(start, start + 64);\n return word.length === 64 ? word : word.padEnd(64, \"0\");\n}\n\nfunction wordToAddress(data: Hex, index: number): Address {\n return getAddress(prefixHex(wordAt(data, index).slice(-40)));\n}\n\nfunction wordToBigInt(data: Hex, index: number): bigint {\n return BigInt(\"0x\" + wordAt(data, index));\n}\n\nfunction wordToBool(data: Hex, index: number): boolean {\n return BigInt(\"0x\" + wordAt(data, index)) !== 0n;\n}\n\nfunction wordToBytes32(data: Hex, index: number): EncryptedValue {\n // wordAt returns exactly 64 hex chars — prefix and cast directly\n return prefixHex(wordAt(data, index)) as EncryptedValue;\n}\n\n// ---------------------------------------------------------------------------\n// Individual decoders\n// ---------------------------------------------------------------------------\n\n/**\n * ConfidentialTransfer(address indexed from, address indexed to, bytes32 indexed amount)\n * All 3 params indexed → topics[1..3], no data.\n */\nexport function decodeConfidentialTransfer(log: RawLog): ConfidentialTransferEvent | null {\n if (log.topics[0] !== Topics.ConfidentialTransfer) {\n return null;\n }\n if (log.topics.length < 4) {\n return null;\n }\n\n return {\n eventName: \"ConfidentialTransfer\",\n from: topicToAddress(log.topics[1]!),\n to: topicToAddress(log.topics[2]!),\n encryptedAmountHandle: topicToBytes32(log.topics[3]!),\n };\n}\n\n// NOTE: New wrapper contracts no longer emit this event. Retained for backward\n// compatibility with older deployments.\n/**\n * Wrapped(address indexed to, uint256 amountIn)\n * Indexed: to (topics[1])\n * Data: amountIn (uint256)\n */\nexport function decodeWrapped(log: RawLog): WrappedEvent | null {\n if (log.topics[0] !== Topics.Wrapped) {\n return null;\n }\n if (log.topics.length < 2) {\n return null;\n }\n\n return {\n eventName: \"Wrapped\",\n to: topicToAddress(log.topics[1]!),\n amountIn: wordToBigInt(log.data, 0),\n };\n}\n\n/**\n * UnwrapRequested(address indexed receiver, bytes32 indexed unwrapRequestId, bytes32 amount)\n */\nexport function decodeUnwrapRequested(log: RawLog): UnwrapRequestedEvent | null {\n if (log.topics[0] !== Topics.UnwrapRequested) {\n return null;\n }\n if (log.topics.length < 3) {\n return null;\n }\n\n return {\n eventName: \"UnwrapRequested\",\n receiver: topicToAddress(log.topics[1]!),\n unwrapRequestId: topicToBytes32(log.topics[2]!),\n encryptedAmount: wordToBytes32(log.data, 0),\n };\n}\n\n/**\n * UnwrapFinalized(address indexed receiver, bytes32 indexed unwrapRequestId, bytes32 encryptedAmount, uint64 cleartextAmount)\n */\nexport function decodeUnwrapFinalized(log: RawLog): UnwrapFinalizedEvent | null {\n if (log.topics[0] !== Topics.UnwrapFinalized) {\n return null;\n }\n if (log.topics.length < 3) {\n return null;\n }\n\n return {\n eventName: \"UnwrapFinalized\",\n receiver: topicToAddress(log.topics[1]!),\n unwrapRequestId: topicToBytes32(log.topics[2]!),\n encryptedAmount: wordToBytes32(log.data, 0),\n cleartextAmount: wordToBigInt(log.data, 1),\n };\n}\n\n/**\n * UnwrappedStarted(bool returnVal, uint256 indexed requestId, uint256 indexed txId, address indexed to,\n * address refund, bytes32 requestedAmount, bytes32 burnAmount)\n * Indexed: requestId (topics[1]), txId (topics[2]), to (topics[3])\n * Data: returnVal, refund, requestedAmount, burnAmount\n */\nexport function decodeUnwrappedStarted(log: RawLog): UnwrappedStartedEvent | null {\n if (log.topics[0] !== Topics.UnwrappedStarted) {\n return null;\n }\n if (log.topics.length < 4) {\n return null;\n }\n\n return {\n eventName: \"UnwrappedStarted\",\n requestId: topicToBigInt(log.topics[1]!),\n txId: topicToBigInt(log.topics[2]!),\n to: topicToAddress(log.topics[3]!),\n returnVal: wordToBool(log.data, 0),\n refund: wordToAddress(log.data, 1),\n requestedAmount: wordToBytes32(log.data, 2),\n burnAmount: wordToBytes32(log.data, 3),\n };\n}\n\n// ---------------------------------------------------------------------------\n// Convenience helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Try all decoders on a single log and return the first match, or `null`.\n *\n * @example\n * ```ts\n * const event = decodeOnChainEvent(log);\n * if (event?.eventName === \"ConfidentialTransfer\") {\n * console.log(event.from, event.to);\n * }\n * ```\n */\nexport function decodeOnChainEvent(log: RawLog): OnChainEvent | null {\n return (\n decodeConfidentialTransfer(log) ??\n decodeWrapped(log) ??\n decodeUnwrapRequested(log) ??\n decodeUnwrapFinalized(log) ??\n decodeUnwrappedStarted(log)\n );\n}\n\n/**\n * Batch-decode an array of logs, skipping unrecognized entries.\n *\n * @example\n * ```ts\n * const events = decodeOnChainEvents(receipt.logs);\n * ```\n */\nexport function decodeOnChainEvents(logs: readonly RawLog[]): OnChainEvent[] {\n const events: OnChainEvent[] = [];\n for (const log of logs) {\n const event = decodeOnChainEvent(log);\n if (event) {\n events.push(event);\n }\n }\n return events;\n}\n\n/**\n * Find the first {@link UnwrapRequestedEvent} in a logs array.\n *\n * @example\n * ```ts\n * const event = findUnwrapRequested(receipt.logs);\n * if (event) console.log(event.receiver, event.encryptedAmount);\n * ```\n */\nexport function findUnwrapRequested(logs: readonly RawLog[]): UnwrapRequestedEvent | null {\n for (const log of logs) {\n const event = decodeUnwrapRequested(log);\n if (event) {\n return event;\n }\n }\n return null;\n}\n\n// NOTE: New wrapper contracts no longer emit this event. Retained for backward\n// compatibility with older deployments.\n/**\n * Find the first {@link WrappedEvent} in a logs array.\n *\n * @example\n * ```ts\n * const event = findWrapped(receipt.logs);\n * if (event) console.log(event.to, event.amountIn);\n * ```\n */\nexport function findWrapped(logs: readonly RawLog[]): WrappedEvent | null {\n for (const log of logs) {\n const event = decodeWrapped(log);\n if (event) {\n return event;\n }\n }\n return null;\n}\n\n/**\n * All confidential token event topic0 hashes.\n * Pass to `getLogs({ topics: [TOKEN_TOPICS] })` to fetch\n * all confidential token events in a single RPC call.\n */\nexport const TOKEN_TOPICS = [\n Topics.ConfidentialTransfer,\n Topics.Wrapped,\n Topics.UnwrapRequested,\n Topics.UnwrapFinalized,\n Topics.UnwrappedStarted,\n] as const;\n\n// ---------------------------------------------------------------------------\n// ACL delegation event topic0 constants\n// ---------------------------------------------------------------------------\n\n/**\n * ACL delegation event topic0 constants (keccak256 of the canonical Solidity signature).\n * These are ACL events, NOT token events — they are emitted by the ACL contract.\n */\nexport const AclTopics = {\n /** `DelegatedForUserDecryption(address indexed delegator, address indexed delegate, address contractAddress, uint64 delegationCounter, uint64 oldExpirationDate, uint64 newExpirationDate)` */\n DelegatedForUserDecryption: eventTopic(\n \"DelegatedForUserDecryption(address,address,address,uint64,uint64,uint64)\",\n ),\n /** `RevokedDelegationForUserDecryption(address indexed delegator, address indexed delegate, address contractAddress, uint64 delegationCounter, uint64 oldExpirationDate)` */\n RevokedDelegationForUserDecryption: eventTopic(\n \"RevokedDelegationForUserDecryption(address,address,address,uint64,uint64)\",\n ),\n} as const;\n\n// ---------------------------------------------------------------------------\n// ACL delegation event interfaces\n// ---------------------------------------------------------------------------\n\n/** Decoded `DelegatedForUserDecryption` event — a delegation was created or renewed. */\nexport interface DelegatedForUserDecryptionEvent {\n readonly eventName: \"DelegatedForUserDecryption\";\n /** Address of the delegator (the account granting access). */\n readonly delegator: Address;\n /** Address of the delegate (the account receiving access). */\n readonly delegate: Address;\n /** Contract address the delegation applies to. */\n readonly contractAddress: Address;\n /** Monotonic delegation counter. */\n readonly delegationCounter: bigint;\n /** Previous expiration timestamp (0 if first delegation). */\n readonly oldExpirationDate: bigint;\n /** New expiration timestamp. */\n readonly newExpirationDate: bigint;\n}\n\n/** Decoded `RevokedDelegationForUserDecryption` event — a delegation was revoked. */\nexport interface RevokedDelegationForUserDecryptionEvent {\n readonly eventName: \"RevokedDelegationForUserDecryption\";\n /** Address of the delegator. */\n readonly delegator: Address;\n /** Address of the delegate. */\n readonly delegate: Address;\n /** Contract address the revocation applies to. */\n readonly contractAddress: Address;\n /** Monotonic delegation counter. */\n readonly delegationCounter: bigint;\n /** Expiration date that was active before revocation. */\n readonly oldExpirationDate: bigint;\n}\n\n/** Union of all decoded ACL delegation event types. */\nexport type AclEvent = DelegatedForUserDecryptionEvent | RevokedDelegationForUserDecryptionEvent;\n\n// ---------------------------------------------------------------------------\n// ACL delegation event decoders\n// ---------------------------------------------------------------------------\n\n/**\n * DelegatedForUserDecryption(address indexed delegator, address indexed delegate,\n * address contractAddress, uint64 delegationCounter, uint64 oldExpirationDate, uint64 newExpirationDate)\n * Indexed: delegator (topics[1]), delegate (topics[2])\n * Data: contractAddress, delegationCounter, oldExpirationDate, newExpirationDate\n */\nexport function decodeDelegatedForUserDecryption(\n log: RawLog,\n): DelegatedForUserDecryptionEvent | null {\n if (log.topics[0] !== AclTopics.DelegatedForUserDecryption) {\n return null;\n }\n if (log.topics.length < 3) {\n return null;\n }\n\n return {\n eventName: \"DelegatedForUserDecryption\",\n delegator: topicToAddress(log.topics[1]!),\n delegate: topicToAddress(log.topics[2]!),\n contractAddress: wordToAddress(log.data, 0),\n delegationCounter: wordToBigInt(log.data, 1),\n oldExpirationDate: wordToBigInt(log.data, 2),\n newExpirationDate: wordToBigInt(log.data, 3),\n };\n}\n\n/**\n * RevokedDelegationForUserDecryption(address indexed delegator, address indexed delegate,\n * address contractAddress, uint64 delegationCounter, uint64 oldExpirationDate)\n * Indexed: delegator (topics[1]), delegate (topics[2])\n * Data: contractAddress, delegationCounter, oldExpirationDate\n */\nexport function decodeRevokedDelegationForUserDecryption(\n log: RawLog,\n): RevokedDelegationForUserDecryptionEvent | null {\n if (log.topics[0] !== AclTopics.RevokedDelegationForUserDecryption) {\n return null;\n }\n if (log.topics.length < 3) {\n return null;\n }\n\n return {\n eventName: \"RevokedDelegationForUserDecryption\",\n delegator: topicToAddress(log.topics[1]!),\n delegate: topicToAddress(log.topics[2]!),\n contractAddress: wordToAddress(log.data, 0),\n delegationCounter: wordToBigInt(log.data, 1),\n oldExpirationDate: wordToBigInt(log.data, 2),\n };\n}\n\n/**\n * Try all ACL delegation decoders on a single log and return the first match, or `null`.\n */\nexport function decodeAclEvent(log: RawLog): AclEvent | null {\n return decodeDelegatedForUserDecryption(log) ?? decodeRevokedDelegationForUserDecryption(log);\n}\n\n/**\n * Batch-decode an array of logs for ACL delegation events, skipping unrecognized entries.\n */\nexport function decodeAclEvents(logs: readonly RawLog[]): AclEvent[] {\n const events: AclEvent[] = [];\n for (const log of logs) {\n const event = decodeAclEvent(log);\n if (event) {\n events.push(event);\n }\n }\n return events;\n}\n\n/**\n * Find the first {@link DelegatedForUserDecryptionEvent} in a logs array.\n */\nexport function findDelegatedForUserDecryption(\n logs: readonly RawLog[],\n): DelegatedForUserDecryptionEvent | null {\n for (const log of logs) {\n const event = decodeDelegatedForUserDecryption(log);\n if (event) {\n return event;\n }\n }\n return null;\n}\n\n/**\n * Find the first {@link RevokedDelegationForUserDecryptionEvent} in a logs array.\n */\nexport function findRevokedDelegationForUserDecryption(\n logs: readonly RawLog[],\n): RevokedDelegationForUserDecryptionEvent | null {\n for (const log of logs) {\n const event = decodeRevokedDelegationForUserDecryption(log);\n if (event) {\n return event;\n }\n }\n return null;\n}\n\n/**\n * Both ACL delegation event topic0 hashes.\n * Pass to `getLogs({ topics: [ACL_TOPICS] })` to fetch\n * all delegation events in a single RPC call.\n */\nexport const ACL_TOPICS = [\n AclTopics.DelegatedForUserDecryption,\n AclTopics.RevokedDelegationForUserDecryption,\n] as const;\n","import { type Address, getAddress, type Hex } from \"viem\";\nimport {\n allowanceContract,\n approveContract,\n balanceOfContract,\n finalizeUnwrapContract,\n isPayableTokenContract,\n transferAndCallContract,\n underlyingContract,\n unwrapContract,\n unwrapFromBalanceContract,\n wrapContract,\n} from \"../contracts\";\nimport { findUnwrapRequested } from \"../events/onchain-events\";\nimport { ZamaSDKEvents } from \"../events/sdk-events\";\nimport type { EncryptedValue } from \"../relayer/relayer-sdk.types\";\nimport {\n DecryptionFailedError,\n ERC20ReadFailedError,\n EncryptionFailedError,\n InsufficientERC20BalanceError,\n SignerNotConfiguredError,\n TransactionRevertedError,\n ZamaError,\n} from \"../errors\";\nimport { isZeroHandle } from \"../utils/handles\";\nimport { toError } from \"../utils\";\nimport { requireAlignedWalletAccount, requireChainAlignment } from \"../utils/alignment\";\nimport { assertBigint, assertNonNullable } from \"../utils/assertions\";\nimport { swallow } from \"../utils/swallow\";\nimport { Token } from \"./token\";\nimport type {\n GenericSigner,\n ShieldCallbacks,\n ShieldOptions,\n TransactionResult,\n UnshieldCallbacks,\n UnshieldOptions,\n} from \"../types\";\n\n/**\n * Confidential ERC-20 wrapper (ERC-7984 ERC20Wrapper).\n *\n * Extends {@link Token} with wrapper-specific operations:\n * - `shield` / `unshield` — convert between the underlying ERC-20 and confidential balance\n * - `unwrap` / `unwrapAll` / `finalizeUnwrap` — low-level two-phase primitives\n * - `underlying` / `allowance` — wrapper reads\n *\n * `WrappedToken.address` is the wrapper contract address itself — the wrapper\n * IS the confidential token.\n */\nexport class WrappedToken extends Token {\n #underlying: Address | undefined;\n #underlyingPromise: Promise<Address> | null = null;\n #isPayable: boolean | null = null;\n\n /** Resolve `sdk.signer` or throw {@link SignerNotConfiguredError} tagged with `operation`. */\n #requireSigner(operation: string): GenericSigner {\n try {\n assertNonNullable(this.sdk.signer, \"WrappedToken.sdk.signer\");\n return this.sdk.signer;\n } catch (cause) {\n throw new SignerNotConfiguredError(operation, { cause });\n }\n }\n\n // WRAPPER READS\n\n /**\n * Read the underlying ERC-20 token address from the wrapper contract.\n *\n * @returns The underlying ERC-20 token address.\n */\n async underlying(): Promise<Address> {\n return this.#getUnderlying();\n }\n\n /**\n * Check whether the underlying ERC-20 supports ERC-1363 (payable token).\n * Result is cached per WrappedToken instance (negative results included):\n * once we know an underlying does not support ERC-1363, subsequent shields\n * go straight to the `approve` + `wrap` path without re-probing.\n */\n async isPayable(): Promise<boolean> {\n if (this.#isPayable !== null) {\n return this.#isPayable;\n }\n try {\n const underlying = await this.#getUnderlying();\n this.#isPayable = await this.sdk.provider.readContract(isPayableTokenContract(underlying));\n } catch {\n this.#isPayable = false;\n }\n return this.#isPayable;\n }\n\n /**\n * Read the ERC-20 allowance granted by `owner` to this wrapper for the\n * underlying token.\n *\n * @param owner - The owner address whose allowance to read.\n * @returns The current allowance as a bigint.\n */\n async allowance(owner: Address): Promise<bigint> {\n const underlying = await this.#getUnderlying();\n return this.sdk.provider.readContract(\n allowanceContract(underlying, getAddress(owner), this.address),\n );\n }\n\n // SHIELD (ERC-20 → confidential)\n\n /**\n * Shield public ERC-20 tokens into confidential tokens.\n *\n * The execution path is decided automatically by ERC-165 introspection on\n * the underlying ERC-20:\n * - **`transferAndCall`** (single tx): when the underlying supports\n * ERC-1363, no approval is required — the wrapper's `onTransferReceived`\n * callback mints confidential tokens directly. `approvalStrategy` is\n * **ignored** on this path. See {@link ShieldPath}.\n * - **`approveAndWrap`** (two-tx fallback): otherwise, an `approve` is\n * followed by a `wrap`. Approval is controlled by `approvalStrategy`\n * (`\"exact\"` by default, `\"max\"` for unlimited, `\"skip\"` to opt out).\n *\n * The ERC-20 balance is validated before submitting (public read, no\n * signing required) so the call works for all wallet types, including\n * smart wallets.\n *\n * @param amount - The plaintext amount to shield.\n * @param options - Optional: `approvalStrategy`, `to`, callbacks.\n * @returns The transaction hash and mined receipt.\n * @throws if signer and provider are on different chains. {@link ChainMismatchError}\n * @throws if the ERC-20 balance is less than `amount`. {@link InsufficientERC20BalanceError}\n * @throws if the ERC-20 approval or shield transaction reverts. {@link TransactionRevertedError}\n *\n * @example\n * ```ts\n * const txHash = await wrappedToken.shield(1000n);\n * ```\n */\n async shield(amount: bigint, options?: ShieldOptions): Promise<TransactionResult> {\n const account = await requireAlignedWalletAccount(\"shield\", this.sdk.signer, this.sdk.provider);\n\n const isPayableToken = await this.isPayable();\n const underlying = await this.#getUnderlying();\n const userAddress = getAddress(account.address);\n\n // ERC-20 balance check always runs (public read, no signing needed, works for all wallet types)\n let erc20Balance: bigint;\n try {\n erc20Balance = await this.sdk.provider.readContract(\n balanceOfContract(underlying, userAddress),\n );\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new ERC20ReadFailedError(\n `Could not read ERC-20 balance for shield validation (token: ${underlying})`,\n { cause: toError(error) },\n );\n }\n if (erc20Balance < amount) {\n throw new InsufficientERC20BalanceError(\n `Insufficient ERC-20 balance: requested ${amount}, available ${erc20Balance} (token: ${underlying})`,\n { requested: amount, available: erc20Balance, token: underlying },\n );\n }\n\n if (isPayableToken) {\n return this.#shieldViaTransferAndCall(amount, underlying, userAddress, options);\n }\n return this.#shieldViaApproveAndWrap(amount, userAddress, options);\n }\n\n async #shieldViaTransferAndCall(\n amount: bigint,\n underlying: Address,\n userAddress: Address,\n options?: ShieldOptions,\n ): Promise<TransactionResult> {\n this.#requireSigner(\"shield\");\n const recipient = options?.to ? getAddress(options.to) : userAddress;\n // ERC7984ERC20Wrapper.onTransferReceived decodes the recipient via\n // `address(bytes20(data))` — i.e. the first 20 bytes of `data`. We pass\n // the raw 20-byte address (not ABI-encoded), and the empty payload `0x`\n // for self-shield so the wrapper falls back to `from`.\n const data: Hex = recipient === userAddress ? \"0x\" : recipient;\n\n return this.submitTransaction({\n operation: \"shield:transferAndCall\",\n config: transferAndCallContract(underlying, this.address, amount, data),\n onSubmitted: options?.onShieldSubmitted,\n });\n }\n\n async #shieldViaApproveAndWrap(\n amount: bigint,\n userAddress: Address,\n options?: ShieldOptions,\n ): Promise<TransactionResult> {\n this.#requireSigner(\"shield\");\n const strategy = options?.approvalStrategy ?? \"exact\";\n if (strategy !== \"skip\") {\n await this.#ensureAllowance(amount, strategy === \"max\", options);\n }\n const recipient = options?.to ? getAddress(options.to) : userAddress;\n return this.submitTransaction({\n operation: \"shield:approveAndWrap\",\n config: wrapContract(this.address, recipient, amount),\n onSubmitted: options?.onShieldSubmitted,\n });\n }\n\n /**\n * Approve this wrapper contract to spend the underlying ERC-20.\n * Defaults to max uint256. Resets to zero first if there's an existing\n * non-zero allowance (required by tokens like USDT).\n *\n * @param amount - Optional approval amount. Defaults to max uint256.\n * @returns The transaction hash and mined receipt.\n *\n * @example\n * ```ts\n * await wrappedToken.approveUnderlying(); // max approval\n * await wrappedToken.approveUnderlying(1000n); // exact amount\n * ```\n */\n async approveUnderlying(amount?: bigint): Promise<TransactionResult> {\n this.#requireSigner(\"approveUnderlying\");\n const account = await requireAlignedWalletAccount(\n \"approveUnderlying\",\n this.sdk.signer,\n this.sdk.provider,\n );\n const underlying = await this.#getUnderlying();\n const userAddress = getAddress(account.address);\n\n const approvalAmount = amount ?? 2n ** 256n - 1n;\n\n if (approvalAmount > 0n) {\n const currentAllowance = await this.sdk.provider.readContract(\n allowanceContract(underlying, userAddress, this.address),\n );\n\n if (currentAllowance > 0n) {\n await this.submitTransaction({\n operation: \"approveUnderlying:reset\",\n config: approveContract(underlying, this.address, 0n),\n });\n }\n }\n\n return this.submitTransaction({\n operation: \"approveUnderlying\",\n config: approveContract(underlying, this.address, approvalAmount),\n });\n }\n\n // UNSHIELD (confidential → ERC-20)\n\n /**\n * Unshield a specific amount and finalize in one call.\n * Orchestrates: unshield → wait for receipt → parse event → finalize.\n *\n * By default, the SDK validates the confidential balance before submitting.\n * Set `skipBalanceCheck: true` to bypass this validation (e.g. for smart wallets).\n *\n * @param amount - The plaintext amount to unshield.\n * @param options - Optional: `skipBalanceCheck` (default `false`), callbacks.\n * @returns The finalize transaction hash and mined receipt.\n *\n * @example\n * ```ts\n * const txHash = await wrappedToken.unshield(500n);\n * ```\n */\n async unshield(amount: bigint, options?: UnshieldOptions): Promise<TransactionResult> {\n const {\n skipBalanceCheck = false,\n onUnwrapSubmitted,\n onFinalizing,\n onFinalizeSubmitted,\n } = options ?? {};\n\n if (!skipBalanceCheck) {\n await this.assertConfidentialBalance(amount);\n }\n\n const callbacks: UnshieldCallbacks = {\n onFinalizing,\n onFinalizeSubmitted,\n };\n const operationId = crypto.randomUUID();\n const unwrapResult = await this.unwrap(amount);\n void swallow(\"unshield: onUnwrapSubmitted\", () => onUnwrapSubmitted?.(unwrapResult.txHash));\n return this.#waitAndFinalizeUnshield(unwrapResult.txHash, operationId, callbacks);\n }\n\n /**\n * Unshield the entire balance and finalize in one call.\n * Orchestrates: unshieldAll → wait for receipt → parse event → finalize.\n *\n * @param callbacks - Optional progress callbacks for each phase.\n * @returns The finalize transaction hash and mined receipt.\n * @throws if the balance is zero. {@link DecryptionFailedError}\n *\n * @example\n * ```ts\n * const txHash = await wrappedToken.unshieldAll();\n * ```\n */\n async unshieldAll(callbacks?: UnshieldCallbacks): Promise<TransactionResult> {\n const operationId = crypto.randomUUID();\n const unwrapResult = await this.unwrapAll();\n void swallow(\"unshieldAll: onUnwrapSubmitted\", () =>\n callbacks?.onUnwrapSubmitted?.(unwrapResult.txHash),\n );\n return this.#waitAndFinalizeUnshield(unwrapResult.txHash, operationId, callbacks);\n }\n\n /**\n * Resume an in-progress unshield from an existing unwrap tx hash.\n * Useful when the user already submitted the unwrap but the finalize step\n * was interrupted (e.g. page reload, network error).\n *\n * @param unwrapTxHash - The transaction hash of the previously submitted unwrap.\n * @param callbacks - Optional progress callbacks.\n * @returns The finalize transaction hash and mined receipt.\n *\n * @example\n * ```ts\n * const txHash = await wrappedToken.resumeUnshield(previousUnwrapTxHash);\n * ```\n */\n async resumeUnshield(\n unwrapTxHash: Hex,\n callbacks?: UnshieldCallbacks,\n ): Promise<TransactionResult> {\n return this.#waitAndFinalizeUnshield(unwrapTxHash, crypto.randomUUID(), callbacks);\n }\n\n // UNSHIELD LOW-LEVEL PRIMITIVES\n\n /**\n * Request an unwrap for a specific amount. Encrypts the amount first.\n * Call {@link finalizeUnwrap} after the request is processed on-chain.\n *\n * @param amount - The plaintext amount to unwrap (encrypted automatically).\n * @returns The transaction hash and mined receipt.\n *\n * @example\n * ```ts\n * const txHash = await wrappedToken.unwrap(500n);\n * ```\n */\n async unwrap(amount: bigint): Promise<TransactionResult> {\n this.#requireSigner(\"unwrap\");\n const account = await requireAlignedWalletAccount(\"unwrap\", this.sdk.signer, this.sdk.provider);\n const userAddress = getAddress(account.address);\n\n const { handles, inputProof } = await this.sdk.encrypt({\n values: [{ value: amount, type: \"euint64\" }],\n contractAddress: this.address,\n userAddress,\n });\n\n const [handle] = handles;\n if (!handle) {\n throw new EncryptionFailedError(\"Encryption returned no handles\");\n }\n\n return this.submitTransaction({\n operation: \"unwrap\",\n config: unwrapContract(this.address, userAddress, userAddress, handle, inputProof),\n });\n }\n\n /**\n * Request an unwrap for the entire confidential balance.\n * Uses the on-chain encrypted balance directly (no encryption needed).\n * Throws if the balance is zero.\n *\n * @returns The transaction hash and mined receipt.\n * @throws if the balance is zero. {@link DecryptionFailedError}\n *\n * @example\n * ```ts\n * const txHash = await wrappedToken.unwrapAll();\n * ```\n */\n async unwrapAll(): Promise<TransactionResult> {\n this.#requireSigner(\"unwrapAll\");\n const account = await requireAlignedWalletAccount(\n \"unwrapAll\",\n this.sdk.signer,\n this.sdk.provider,\n );\n const userAddress = getAddress(account.address);\n const handle = await this.readConfidentialBalanceOf(userAddress);\n\n if (isZeroHandle(handle)) {\n throw new DecryptionFailedError(\"Cannot unshield: balance is zero\");\n }\n\n return this.submitTransaction({\n operation: \"unwrapAll\",\n config: unwrapFromBalanceContract(this.address, userAddress, userAddress, handle),\n });\n }\n\n /**\n * Complete an unwrap by providing the public decryption proof.\n * Call this after an unshield request has been processed on-chain.\n *\n * @param unwrapRequestIdOrAmount - `unwrapRequestId` from the `UnwrapRequested` event.\n * The `burnAmountHandle` form is accepted only to resume unshields persisted by an\n * older SDK version.\n * @returns The transaction hash and mined receipt.\n *\n * @example\n * ```ts\n * const event = findUnwrapRequested(receipt.logs);\n * const txHash = await wrappedToken.finalizeUnwrap(event.unwrapRequestId);\n * ```\n */\n async finalizeUnwrap(unwrapRequestIdOrAmount: EncryptedValue): Promise<TransactionResult> {\n this.#requireSigner(\"finalizeUnwrap\");\n await requireChainAlignment(\"finalizeUnwrap\", this.sdk.signer, this.sdk.provider);\n const result = await this.sdk.decryption.publicDecrypt([unwrapRequestIdOrAmount]);\n const clearValue = result.clearValues[unwrapRequestIdOrAmount];\n assertBigint(clearValue, \"finalizeUnwrap: clearValue\");\n return this.submitTransaction({\n operation: \"finalizeUnwrap\",\n config: finalizeUnwrapContract(\n this.address,\n unwrapRequestIdOrAmount,\n clearValue,\n result.decryptionProof,\n ),\n });\n }\n\n // PRIVATE HELPERS\n\n async #getUnderlying(): Promise<Address> {\n if (this.#underlying !== undefined) {\n return this.#underlying;\n }\n if (!this.#underlyingPromise) {\n this.#underlyingPromise = this.sdk.provider\n .readContract(underlyingContract(this.address))\n .then((v) => {\n this.#underlying = v;\n this.#underlyingPromise = null;\n return v;\n })\n .catch((error) => {\n this.#underlyingPromise = null;\n throw error;\n });\n }\n return this.#underlyingPromise;\n }\n\n async #waitAndFinalizeUnshield(\n unshieldHash: Hex,\n operationId: string,\n callbacks: UnshieldCallbacks | undefined,\n ): Promise<TransactionResult> {\n this.emit({\n type: ZamaSDKEvents.UnshieldPhase1Submitted,\n txHash: unshieldHash,\n operationId,\n });\n let receipt;\n try {\n receipt = await this.sdk.provider.waitForTransactionReceipt(unshieldHash);\n } catch (error) {\n if (error instanceof ZamaError) {\n throw error;\n }\n throw new TransactionRevertedError(\"Failed to get unshield receipt\", {\n cause: error,\n });\n }\n const event = findUnwrapRequested(receipt.logs);\n if (!event) {\n throw new TransactionRevertedError(\"No UnwrapRequested event found in unshield receipt\");\n }\n this.emit({ type: ZamaSDKEvents.UnshieldPhase2Started, operationId });\n void swallow(\"unshield: onFinalizing\", () => callbacks?.onFinalizing?.());\n const finalizeResult = await this.finalizeUnwrap(\n event.unwrapRequestId ?? event.encryptedAmount,\n );\n this.emit({\n type: ZamaSDKEvents.UnshieldPhase2Submitted,\n txHash: finalizeResult.txHash,\n operationId,\n });\n void swallow(\"unshield: onFinalizeSubmitted\", () =>\n callbacks?.onFinalizeSubmitted?.(finalizeResult.txHash),\n );\n return finalizeResult;\n }\n\n async #ensureAllowance(\n amount: bigint,\n maxApproval: boolean,\n callbacks?: ShieldCallbacks,\n ): Promise<void> {\n this.#requireSigner(\"approveUnderlying\");\n const underlying = await this.#getUnderlying();\n const account = await requireAlignedWalletAccount(\n \"approveUnderlying\",\n this.sdk.signer,\n this.sdk.provider,\n );\n const userAddress = getAddress(account.address);\n const allowance = await this.sdk.provider.readContract(\n allowanceContract(underlying, userAddress, this.address),\n );\n\n if (allowance >= amount) {\n return;\n }\n\n // Reset to zero first when there's an existing non-zero allowance.\n // Required by non-standard tokens like USDT, and also mitigates the\n // ERC-20 approve race condition for all tokens.\n if (allowance > 0n) {\n await this.submitTransaction({\n operation: \"approveUnderlying:reset\",\n config: approveContract(underlying, this.address, 0n),\n });\n }\n\n const approvalAmount = maxApproval ? 2n ** 256n - 1n : amount;\n\n await this.submitTransaction({\n operation: \"approveUnderlying\",\n config: approveContract(underlying, this.address, approvalAmount),\n onSubmitted: callbacks?.onApprovalSubmitted,\n });\n }\n}\n","import type { Address } from \"viem\";\nimport { Decryption } from \"./namespaces/decryption\";\nimport { Delegations } from \"./namespaces/delegations\";\nimport { Permits } from \"./namespaces/permits\";\nimport type { ZamaConfig } from \"./config/types\";\nimport { CredentialService } from \"./credentials/credential-service\";\nimport type { ZamaSDKEvent, ZamaSDKEventInput, ZamaSDKEventListener } from \"./events/sdk-events\";\nimport type { RelayerDispatcher } from \"./relayer/relayer-dispatcher\";\nimport type { EncryptParams, EncryptResult } from \"./relayer/relayer-sdk.types\";\nimport { CachingService } from \"./services/caching-service\";\nimport { DecryptionService } from \"./services/decryption-service\";\nimport { DelegationService } from \"./services/delegation-service\";\nimport { EncryptionService } from \"./services/encryption-service\";\nimport { LifecycleService } from \"./services/lifecycle-service\";\nimport { Token } from \"./token/token\";\nimport { WrappedToken } from \"./token/wrapped-token\";\nimport type {\n GenericProvider,\n GenericSigner,\n GenericStorage,\n WalletAccountListener,\n} from \"./types\";\nimport { WrappersRegistry } from \"./wrappers-registry\";\n\n/**\n * ZamaSDK — composes a RelayerSDK with contract abstraction.\n *\n * Exposes domain namespaces for permits, delegations, decryption, and tokens,\n * plus an unchanged registry, a top-level `encrypt`, and lifecycle methods. Internal\n * `*Service` classes do the work; the namespace classes own SDK-level guards\n * (chain alignment, signer requirement, event emission).\n */\nexport class ZamaSDK {\n readonly relayer: RelayerDispatcher;\n readonly provider: GenericProvider;\n readonly signer: GenericSigner | undefined;\n readonly storage: GenericStorage;\n /**\n * A {@link WrappersRegistry} instance auto-configured for the current chain.\n * Uses built-in defaults from chain configs, and the SDK's `registryTTL` if configured.\n */\n readonly registry: WrappersRegistry;\n /** Permit and keypair management. */\n readonly permits: Permits;\n /** On-chain decryption-delegation management. */\n readonly delegations: Delegations;\n /** FHE decryption (user, delegated user, public). */\n readonly decryption: Decryption;\n readonly #registryTTL: number;\n readonly #onEvent: ZamaSDKEventListener;\n readonly #cachingService: CachingService;\n readonly #lifecycleService: LifecycleService;\n readonly #encryptionService: EncryptionService;\n readonly #decryptionService: DecryptionService | undefined;\n readonly #credentialService: CredentialService | undefined;\n readonly #delegationService: DelegationService;\n\n constructor(config: ZamaConfig) {\n this.relayer = config.relayer;\n this.provider = config.provider;\n this.signer = config.signer;\n this.storage = config.storage;\n this.#onEvent = config.onEvent ?? function () {};\n this.#cachingService = new CachingService(config.storage);\n this.#delegationService = new DelegationService({\n provider: this.provider,\n relayer: this.relayer,\n emitEvent: this.emitEvent.bind(this),\n });\n\n const registryAddresses: Record<number, Address> = {};\n for (const chain of config.chains) {\n if (chain.registryAddress) {\n registryAddresses[chain.id] = chain.registryAddress;\n }\n }\n this.registry = new WrappersRegistry({\n provider: this.provider,\n registryAddresses,\n registryTTL: config.registryTTL,\n });\n this.#registryTTL = config.registryTTL;\n\n if (config.signer) {\n this.#credentialService = new CredentialService({\n relayer: this.relayer,\n signer: config.signer,\n keypairTTL: config.keypairTTL,\n permitTTL: config.permitTTL,\n storage: this.storage,\n permitStorage: config.permitStorage,\n });\n this.#decryptionService = new DecryptionService({\n cache: this.#cachingService,\n credentialService: this.#credentialService,\n delegationService: this.#delegationService,\n relayer: this.relayer,\n emitEvent: this.emitEvent.bind(this),\n });\n }\n this.#encryptionService = new EncryptionService({\n relayer: this.relayer,\n emitEvent: this.emitEvent.bind(this),\n });\n this.#lifecycleService = new LifecycleService({\n signer: config.signer,\n relayer: this.relayer,\n cachingService: this.#cachingService,\n credentialService: this.#credentialService,\n });\n\n this.permits = new Permits({\n signer: this.signer,\n provider: this.provider,\n cachingService: this.#cachingService,\n credentialService: this.#credentialService,\n });\n this.delegations = new Delegations({\n signer: this.signer,\n provider: this.provider,\n delegationService: this.#delegationService,\n });\n this.decryption = new Decryption({\n signer: this.signer,\n provider: this.provider,\n relayer: this.relayer,\n decryptionService: this.#decryptionService,\n });\n }\n\n /**\n * Subscribe to wallet account transitions.\n *\n * @param listener - Called on each transition with a {@link WalletAccountChange} carrying\n * `previous` and `next` wallet account snapshots; either may be `undefined` for\n * connect and disconnect transitions.\n * @returns An unsubscribe function; calling it removes the listener.\n *\n * @internal\n */\n onWalletAccountChange(listener: WalletAccountListener): () => void {\n return this.#lifecycleService.onWalletAccountChange(listener);\n }\n\n /**\n * Emit a structured SDK event into the unified SDK event stream.\n *\n * Listener exceptions are caught and logged so that a misbehaving subscriber\n * can never corrupt SDK operations.\n *\n * Application code should subscribe via the `onEvent` config option, never\n * call this directly.\n *\n * @internal\n */\n emitEvent(input: ZamaSDKEventInput, tokenAddress?: Address): void {\n try {\n this.#onEvent({\n ...input,\n tokenAddress,\n timestamp: Date.now(),\n } as ZamaSDKEvent);\n } catch (error) {\n // oxlint-disable-next-line no-console\n console.error(\"[zama-sdk] onEvent listener threw:\", error);\n }\n }\n\n /**\n * Create a {@link WrappersRegistry} instance bound to this SDK's provider.\n * On Mainnet and Sepolia the registry address is resolved automatically.\n *\n * @param registryAddresses - Optional per-chain overrides for this registry instance.\n * @returns A {@link WrappersRegistry} instance.\n *\n * @example\n * ```ts\n * // Mainnet / Sepolia — resolved automatically\n * const registry = sdk.createWrappersRegistry();\n *\n * // Hardhat or custom chain — override per chain for this registry instance\n * const registry = sdk.createWrappersRegistry({ [31337]: \"0xYourRegistry\" });\n *\n * const pairs = await registry.getTokenPairs();\n * ```\n */\n createWrappersRegistry(registryAddresses?: Record<number, Address>): WrappersRegistry {\n return new WrappersRegistry({\n provider: this.provider,\n registryAddresses,\n registryTTL: this.#registryTTL,\n });\n }\n\n /**\n * Encrypt one or more plaintext values into FHE ciphertexts.\n *\n * @param params - Typed FHE inputs, the target contract address, and the user address.\n * @returns External encrypted values and the input proof for on-chain submission.\n * @throws if FHE encryption fails. {@link EncryptionFailedError}\n *\n * @example\n * ```ts\n * const { handles, inputProof } = await sdk.encrypt({\n * values: [{ value: 1000n, type: \"euint64\" }],\n * contractAddress: \"0xToken\",\n * userAddress: \"0xUser\",\n * });\n * ```\n */\n async encrypt(params: EncryptParams): Promise<EncryptResult> {\n return this.#encryptionService.encrypt(params);\n }\n\n /**\n * Create a high-level ERC-20-style interface for an ERC-7984 confidential token.\n * Supports balance queries, transfers, operator approvals, and decryption.\n *\n * For ERC-7984 wrappers (shield/unshield/allowance), use {@link createWrappedToken} instead.\n *\n * @param address - The confidential token contract address.\n * @returns A {@link Token} instance bound to this SDK.\n *\n * @example\n * ```ts\n * const token = sdk.createToken(cUSDT);\n * const balance = await token.balanceOf(userAddress);\n * ```\n */\n createToken(address: Address): Token {\n return new Token(this, address);\n }\n\n /**\n * Create a high-level interface for an ERC-7984 wrapper token.\n * Extends {@link Token} with shield/unshield/allowance/finalize-unwrap operations.\n *\n * @param address - The wrapper token contract address.\n * @returns A {@link WrappedToken} instance bound to this SDK.\n *\n * @example\n * ```ts\n * const wrapped = sdk.createWrappedToken(wUSDT);\n * await wrapped.shield(1_000_000n);\n * ```\n */\n createWrappedToken(address: Address): WrappedToken {\n return new WrappedToken(this, address);\n }\n\n /**\n * Unsubscribe from signer lifecycle events without terminating the relayer.\n * Call this when the SDK instance is being replaced but the relayer is shared\n * (e.g. React provider remount in Strict Mode).\n */\n dispose(): void {\n this.#lifecycleService.dispose();\n }\n\n /**\n * Terminate the relayer backend and clean up resources.\n * Call this when the SDK is no longer needed (e.g. on unmount or shutdown).\n */\n terminate(): void {\n this.dispose();\n this.relayer.terminate();\n this.signer?.dispose?.();\n }\n\n /**\n * Implements the TC39 Explicit Resource Management protocol.\n * Calls {@link terminate} when the `using` binding goes out of scope,\n * unsubscribing signer events and shutting down the relayer.\n *\n * @example\n * ```ts\n * {\n * using sdk = new ZamaSDK({ relayer, provider, signer, storage });\n * await sdk.permits.grantPermit([cUSDT]);\n * const balance = await sdk.createToken(cUSDT).balanceOf(userAddress);\n * } // sdk.terminate() called automatically here\n * ```\n */\n [Symbol.dispose](): void {\n this.terminate();\n }\n}\n","import type { Address, Hex } from \"viem\";\nimport { z } from \"zod/mini\";\nimport { checksum, hex } from \"../schemas/primitives\";\nimport type { GenericStorage } from \"../types\";\nimport type { EncryptedValue } from \"../relayer/relayer-sdk.types\";\n\nconst STORAGE_PREFIX = \"zama:pending-unshield:\";\nconst CURRENT_VERSION = 1;\n\n/**\n * Persisted state for an in-progress unshield request.\n * Used to resume an interrupted unshield after page reload.\n */\nexport interface PendingUnshieldRequest {\n /** Transaction hash of the original unwrap call. */\n readonly unwrapTxHash: Hex;\n /**\n * Request identifier from the `UnwrapRequested` event.\n * Always populated for entries persisted by this SDK version; pass it as\n * `unwrapRequestId` to `finalizeUnwrap`. Absent only when re-loading a\n * pending unshield serialized by an older SDK version that did not\n * record this field — in that case pass the `encryptedAmount` from the\n * `UnwrapRequested` event to `finalizeUnwrap` instead.\n */\n readonly unwrapRequestId?: EncryptedValue;\n}\n\ninterface StoredPendingUnshieldRequest extends PendingUnshieldRequest {\n readonly version: typeof CURRENT_VERSION;\n}\n\nfunction storageKey(wrapperAddress: Address): string {\n return `${STORAGE_PREFIX}${checksum(wrapperAddress)}`;\n}\n\nconst PendingUnshieldRequestSchema = z.union([\n z.pipe(\n hex,\n z.transform((unwrapTxHash: Hex) => ({ unwrapTxHash })),\n ),\n z.pipe(\n z.object({\n version: z.literal(CURRENT_VERSION),\n unwrapTxHash: hex,\n unwrapRequestId: z.optional(hex),\n }),\n z.transform(\n ({\n unwrapTxHash,\n unwrapRequestId,\n }: {\n version: typeof CURRENT_VERSION;\n unwrapTxHash: Hex;\n unwrapRequestId?: Hex;\n }) => ({ unwrapTxHash, unwrapRequestId }),\n ),\n ),\n]);\n\n/**\n * Persist the unwrap tx hash so an interrupted unshield can be resumed later\n * (e.g. after a page reload).\n */\nexport async function savePendingUnshield(\n storage: GenericStorage,\n wrapperAddress: Address,\n unwrapTxHash: Hex,\n unwrapRequestId?: EncryptedValue,\n): Promise<void> {\n if (unwrapRequestId === undefined) {\n await storage.set(storageKey(wrapperAddress), unwrapTxHash);\n return;\n }\n\n await storage.set(storageKey(wrapperAddress), {\n version: CURRENT_VERSION,\n unwrapTxHash,\n unwrapRequestId,\n } satisfies StoredPendingUnshieldRequest);\n}\n\n/**\n * Load a previously saved unwrap tx hash, or `null` if none exists.\n */\nexport async function loadPendingUnshield(\n storage: GenericStorage,\n wrapperAddress: Address,\n): Promise<Hex | null> {\n const request = await loadPendingUnshieldRequest(storage, wrapperAddress);\n return request?.unwrapTxHash ?? null;\n}\n\n/**\n * Load a previously saved unwrap request, including `unwrapRequestId` when available.\n *\n * `resumeUnshield()` only needs `unwrapTxHash`: it reloads the transaction receipt and\n * rediscovers the right finalize input from the emitted `UnwrapRequested` event.\n * Use `unwrapRequestId` directly only for custom flows that call `finalizeUnwrap()`\n * without reloading the original unwrap receipt.\n */\nexport async function loadPendingUnshieldRequest(\n storage: GenericStorage,\n wrapperAddress: Address,\n): Promise<PendingUnshieldRequest | null> {\n const key = storageKey(wrapperAddress);\n const value = await storage.get<Hex | StoredPendingUnshieldRequest>(key);\n if (value === null || value === undefined) {\n return null;\n }\n const parsed = PendingUnshieldRequestSchema.safeParse(value);\n if (!parsed.success) {\n await storage.delete(key);\n return null;\n }\n return parsed.data as PendingUnshieldRequest;\n}\n\n/**\n * Clear the saved unwrap tx hash after a successful finalization.\n */\nexport async function clearPendingUnshield(\n storage: GenericStorage,\n wrapperAddress: Address,\n): Promise<void> {\n await storage.delete(storageKey(wrapperAddress));\n}\n","import type { GenericStorage } from \"../types\";\n\n/** Minimal chrome.storage.session typings (avoids depending on @types/chrome). */\ndeclare const chrome: {\n storage: {\n session: {\n get(key: string): Promise<Record<string, unknown>>;\n set(items: Record<string, unknown>): Promise<void>;\n remove(key: string): Promise<void>;\n };\n };\n};\n\n/**\n * {@link GenericStorage} backed by `chrome.storage.session`.\n *\n * Use this in MV3 web extensions so the wallet signature survives\n * service worker restarts and is shared across popup, background,\n * and content script contexts.\n *\n * @example\n * ```ts\n * import { ZamaSDK, indexedDBStorage, chromeSessionStorage } from \"@zama-fhe/sdk\";\n *\n * const sdk = new ZamaSDK({\n * relayer,\n * signer,\n * storage: indexedDBStorage,\n * sessionStorage: chromeSessionStorage,\n * });\n * ```\n */\nexport class ChromeSessionStorage implements GenericStorage {\n async get<T = unknown>(key: string): Promise<T | null> {\n const result = await chrome.storage.session.get(key);\n return (result[key] as T) ?? null;\n }\n\n async set(key: string, value: unknown): Promise<void> {\n await chrome.storage.session.set({ [key]: value });\n }\n\n async delete(key: string): Promise<void> {\n await chrome.storage.session.remove(key);\n }\n}\n\n/** Default singleton for application-wide use. */\nexport const chromeSessionStorage = new ChromeSessionStorage();\n"],"mappings":"sYAGA,IAAa,EAAb,cAAyCA,EAAAA,CAAU,CACjD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,eAAgB,EAAS,EAAQ,CACrD,KAAK,KAAO,wBAKH,EAAb,cAAyCD,EAAAA,CAAU,CACjD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,eAAgB,EAAS,EAAQ,CACrD,KAAK,KAAO,wBAKH,EAAb,cAAuCD,EAAAA,CAAU,CAC/C,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,aAAc,EAAS,EAAQ,CACnD,KAAK,KAAO,sBChBH,EAAb,cAAmDC,EAAAA,CAAU,CAC3D,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,yBAA0B,EAAS,EAAQ,CAC/D,KAAK,KAAO,kCAKH,EAAb,cAA6CD,EAAAA,CAAU,CACrD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,mBAAoB,EAAS,EAAQ,CACzD,KAAK,KAAO,4BAKH,EAAb,cAA6CD,EAAAA,CAAU,CACrD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,mBAAoB,EAAS,EAAQ,CACzD,KAAK,KAAO,4BAKH,EAAb,cAA4CD,EAAAA,CAAU,CACpD,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,kBAAmB,EAAS,EAAQ,CACxD,KAAK,KAAO,2BAKH,EAAb,cAAoDD,EAAAA,CAAU,CAC5D,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,0BAA2B,EAAS,EAAQ,CAChE,KAAK,KAAO,mCAKH,EAAb,cAA2DD,EAAAA,CAAU,CACnE,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,iCAAkC,EAAS,EAAQ,CACvE,KAAK,KAAO,0CAKH,EAAb,cAAmDD,EAAAA,CAAU,CAC3D,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,yBAA0B,EAAS,EAAQ,CAC/D,KAAK,KAAO,kCAKH,EAAb,cAAoCD,EAAAA,CAAU,CAC5C,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,UAAW,EAAS,EAAQ,CAChD,KAAK,KAAO,mBAKH,EAAb,cAAsDD,EAAAA,CAAU,CAC9D,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,4BAA6B,EAAS,EAAQ,CAClE,KAAK,KAAO,qCAoBH,EAAb,cAAkDD,EAAAA,CAAU,CAC1D,YAAY,EAAiB,EAAwB,CACnD,MAAMC,EAAAA,EAAc,wBAAyB,EAAS,EAAQ,CAC9D,KAAK,KAAO,iCC5EhB,SAAgB,EACd,EACA,EACA,EAAc,GACH,CACX,GACE,aAAiBC,EAAAA,GACjB,aAAiB,GACjB,aAAiBC,EAAAA,GACjB,aAAiB,GACjB,aAAiBC,EAAAA,GACjB,aAAiBC,EAAAA,EAEjB,OAAO,EAGT,IAAM,EAGJ,OAAO,GAAU,UAFjB,GAGA,eAAgB,GAChB,OAAQ,EAAkC,YAAe,SACnD,EAAkC,WACpC,IAAA,GA2BN,OAzBI,IAAe,IACV,IAAI,EACT,aAAiB,MAAQ,EAAM,QAAU,iCACzC,CAAE,MAAO,EAAO,CACjB,CAGC,GAAe,IAAe,IACzB,IAAI,EACT,iUAIA,CAAE,MAAO,EAAO,CACjB,CAGC,IAAe,IAAA,GAQZ,IAAIH,EAAAA,EAAsB,EAAiB,CAChD,MAAO,EACR,CAAC,CATO,IAAIC,EAAAA,EACT,aAAiB,MAAQ,EAAM,QAAU,EACzC,EACA,CAAE,MAAO,EAAO,CACjB,CCnDL,SAAgB,IAAoC,CAClD,MAAO,CACL,KAAM,YACN,cAAgB,GAAU,CACxB,GAAI,CAAC,EAAM,gBACT,MAAM,IAAIG,EAAAA,EACR,qJAGD,CAEH,OAAO,IAAIC,EAAAA,EAAiB,EAAM,EAErC,CCzBH,SAAgB,EAAU,EAAoB,CAC5C,OAAQ,EAAM,WAAW,KAAK,CAAG,EAAQ,KAAK,ICLhD,MAAa,GAAa,CACxB,CACE,KAAM,WACN,KAAM,kBACN,gBAAiB,aACjB,OAAQ,CACN,CAAE,KAAM,KAAM,KAAM,UAAW,CAC/B,CAAE,KAAM,QAAS,KAAM,UAAW,CAClC,CAAE,KAAM,OAAQ,KAAM,QAAS,CAChC,CACD,QAAS,CAAC,CAAE,KAAM,GAAI,KAAM,OAAQ,CAAC,CACtC,CACF,CCGD,SAAgB,EACd,EACA,EACA,EACA,EAAY,KACZ,CACA,MAAO,CACL,QAAS,EACT,IAAK,GACL,aAAc,kBACd,KAAM,CAAC,EAAI,EAAQ,EAAK,CACzB,CCCH,SAAgB,GACd,EACY,CACZ,OAAOC,EAAAA,EAAgB,EAAO,OAAQ,EAAO,SAAU,EAAO,CCVhE,IAAa,EAAb,KAAwB,CACtB,GACA,GACA,GACA,GAGA,YAAY,EAKT,CACD,KAAKC,GAAU,EAAK,OACpB,KAAKC,GAAY,EAAK,SACtB,KAAKC,GAAW,EAAK,QACrB,KAAKC,GAAqB,EAAK,kBAGjC,GAA0B,EAAsC,CAC9D,OAAOC,EAAAA,EAAkB,KAAKD,GAAoB,EAAU,CAwB9D,MAAM,YAAY,EAA+E,CAC/F,IAAM,EAAU,KAAKE,GAA0B,cAAc,CACvD,EAAU,MAAMC,EAAAA,EAA4B,cAAe,KAAKN,GAAS,KAAKC,GAAU,CAC9F,OAAO,EAAQ,YAAY,EAAgB,EAAQ,QAAQ,CA2B7D,MAAM,iBACJ,EACA,EACA,EAA0B,EACmB,CAC7C,IAAM,EAAU,KAAKI,GAA0B,mBAAmB,CAC5D,EAAU,MAAMC,EAAAA,EACpB,mBACA,KAAKN,GACL,KAAKC,GACN,CACD,OAAO,EAAQ,qBACb,EACA,EACA,EAAQ,QACR,EACD,CAmBH,MAAM,cAAc,EAAiE,CACnF,GAAI,EAAgB,SAAW,EAC7B,MAAO,CACL,YAAa,EAAE,CACf,gBAAiB,KACjB,sBAAuB,KACxB,CAGH,GAAI,CACF,OAAO,MAAM,KAAKC,GAAS,cAAc,EAAgB,OAClD,EAAO,CACd,MAAM,EAAiB,EAAO,2BAA2B,EAoC7D,MAAM,sBAAsB,CAC1B,kBACA,mBACA,iBAAiB,EACjB,kBAMqC,CACrC,IAAM,EAAU,KAAKG,GAA0B,wBAAwB,CACjE,EAAU,MAAMC,EAAAA,EACpB,wBACA,KAAKN,GACL,KAAKC,GACN,CACD,OAAO,EAAQ,+BAA+B,CAC5C,kBACA,mBACA,gBAAiB,EAAQ,QACzB,iBACA,iBACD,CAAC,GCvLO,EAAb,KAAyB,CACvB,GACA,GACA,GAGA,YAAY,EAIT,CACD,KAAKM,GAAU,EAAK,OACpB,KAAKC,GAAY,EAAK,SACtB,KAAKC,GAAqB,EAAK,kBAGjC,GAAe,EAAkC,CAC/C,OAAOC,EAAAA,EAAkB,KAAKH,GAAS,EAAU,CAuBnD,MAAM,mBAAmB,CACvB,kBACA,kBACA,kBAK6B,CAC7B,IAAM,EAAS,KAAKI,GAAe,qBAAqB,CAClD,EAAU,MAAMC,EAAAA,EACpB,qBACA,KAAKL,GACL,KAAKC,GACN,CACD,OAAO,KAAKC,GAAmB,mBAAmB,EAAQ,CACxD,kBACA,kBACA,iBAAkB,EAAQ,QAC1B,iBACD,CAAC,CAeJ,MAAM,iBAAiB,CACrB,kBACA,mBAI6B,CAC7B,IAAM,EAAS,KAAKE,GAAe,mBAAmB,CAChD,EAAU,MAAMC,EAAAA,EACpB,mBACA,KAAKL,GACL,KAAKC,GACN,CACD,OAAO,KAAKC,GAAmB,iBAAiB,EAAQ,CACtD,kBACA,kBACA,iBAAkB,EAAQ,QAC3B,CAAC,CAaJ,MAAM,SAAS,EAIM,CACnB,OAAO,KAAKA,GAAmB,YAAY,EAAO,CAapD,MAAM,UAAU,EAII,CAClB,OAAO,KAAKA,GAAmB,oBAAoB,EAAO,GC5HjD,EAAb,KAAqB,CACnB,GACA,GACA,GACA,GAGA,YAAY,EAKT,CACD,KAAKI,GAAU,EAAK,OACpB,KAAKC,GAAY,EAAK,SACtB,KAAKC,GAAkB,EAAK,eAC5B,KAAKC,GAAqB,EAAK,kBAGjC,GAA0B,EAAsC,CAC9D,OAAOC,EAAAA,EAAkB,KAAKD,GAAoB,EAAU,CAe9D,MAAM,YAAY,EAAqC,CACrD,GAAI,EAAU,SAAW,EACvB,OAEF,IAAM,EAAU,KAAKE,GAA0B,cAAc,CAC7D,MAAMC,EAAAA,EAAsB,cAAe,KAAKN,GAAS,KAAKC,GAAU,CACxE,MAAM,EAAQ,YAAY,EAAU,CAUtC,MAAM,sBAAsB,EAAoB,EAAqC,CACnF,GAAI,EAAU,SAAW,EACvB,OAEF,IAAM,EAAU,KAAKI,GAA0B,wBAAwB,CACvE,MAAMC,EAAAA,EAAsB,wBAAyB,KAAKN,GAAS,KAAKC,GAAU,CAClF,MAAM,EAAQ,YAAY,EAAW,EAAU,CAQjD,MAAM,UAAU,EAAwC,CAItD,OAHK,KAAKE,GAGH,KAAKA,GAAmB,UAAU,EAAU,CAF1C,GAYX,MAAM,oBAAoB,EAAoB,EAAwC,CAIpF,OAHK,KAAKA,GAGH,KAAKA,GAAmB,UAAU,EAAW,EAAU,CAFrD,GAkBX,MAAM,aAA6B,CACjC,IAAM,EAAU,KAAKA,GACrB,GAAI,CAAC,EACH,OAEF,IAAM,EAAU,KAAKH,IAAS,cAAc,aAAa,CACpD,GAGL,MAAM,EAAQ,YAAY,EAAQ,QAAQ,CAe5C,MAAM,cAAc,EAAsC,CACxD,IAAM,EAAU,KAAKK,GAA0B,gBAAgB,CAMzD,GAAA,EAAA,EAAA,aAA2B,MALXE,EAAAA,EACpB,gBACA,KAAKP,GACL,KAAKC,GACN,EACwC,QAAQ,CACjD,GAAI,CACF,MAAM,EAAQ,cAAc,EAAU,QAC9B,CACR,MAAMO,EAAAA,EAAQ,0BACZ,KAAKN,GAAgB,kBAAkB,EAAc,CACtD,EAUL,MAAM,OAAuB,CAC3B,IAAM,EAAU,KAAKG,GAA0B,QAAQ,CAEjD,GAAA,EAAA,EAAA,aAA2B,MADXE,EAAAA,EAA4B,QAAS,KAAKP,GAAS,KAAKC,GAAU,EAC/C,QAAQ,CACjD,GAAI,CACF,MAAM,EAAQ,kBAAkB,QACxB,CACR,MAAMO,EAAAA,EAAQ,0BACZ,KAAKN,GAAgB,kBAAkB,EAAc,CACtD,IC1KP,MAAM,GAAmBO,EAAAA,EAAE,MAAM,CAACA,EAAAA,EAAE,QAAQ,CAAEA,EAAAA,EAAE,SAAS,CAAEC,EAAAA,EAAmB,CAAC,CACzE,GAAmBD,EAAAA,EAAE,MAAMA,EAAAA,EAAE,QAAQ,CAAC,CAQ5C,IAAa,GAAb,KAA4B,CAC1B,GACA,GAA6B,eAC7B,GAAiC,GAAG,KAAKG,GAAkB,OAC3D,GAAkC,QAAQ,SAAS,CAEnD,YAAY,EAAyB,CACnC,KAAKD,GAAW,EAGlB,MAAM,IACJ,EACA,EACA,EAC4B,CAC5B,GAAI,CACF,IAAM,EAAM,KAAKG,GAAiB,EAAW,EAAiB,EAAe,CACvE,EAAQ,MAAM,KAAKH,GAAS,IAAI,EAAI,CAC1C,GAAI,IAAU,KACZ,OAAO,KAET,IAAM,EAAS,GAAiB,UAAU,EAAM,CAKhD,OAJK,EAAO,QAIL,EAAO,MAHZ,MAAM,KAAK,OAAO,EAAW,EAAiB,EAAe,CACtD,YAGF,EAAO,CAEd,OADA,QAAQ,KAAK,wCAAyC,EAAM,CACrD,MAIX,MAAM,IACJ,EACA,EACA,EACA,EACe,CACf,GAAI,CACF,IAAM,EAAM,KAAKG,GAAiB,EAAW,EAAiB,EAAe,CAC7E,MAAM,KAAKH,GAAS,IAAgB,EAAK,EAAM,CAC/C,KAAKI,GAAmB,KAAKA,GAAiB,SAC5C,KAAKC,GAAY,EAAI,CAAC,MAAO,GAAU,CACrC,QAAQ,KAAK,gDAAiD,EAAM,EACpE,CACH,CACD,MAAM,KAAKD,SACJ,EAAO,CACd,QAAQ,KAAK,wCAAyC,EAAM,EAIhE,MAAM,OACJ,EACA,EACA,EACe,CACf,IAAM,EAAM,KAAKD,GAAiB,EAAW,EAAiB,EAAe,CAC7E,KAAKC,GAAmB,KAAKA,GAAiB,SAC5C,KAAKE,GAAU,EAAI,CAAC,MAAO,GAAU,CACnC,QAAQ,KAAK,2CAA4C,EAAM,EAC/D,CACH,CACD,MAAM,KAAKF,GAGb,MAAM,kBAAkB,EAAmC,CACzD,KAAKA,GAAmB,KAAKA,GAAiB,SAC5C,KAAKG,GAAqB,EAAU,CAAC,MAAO,GAAU,CACpD,QAAQ,KAAK,sDAAuD,EAAM,EAC1E,CACH,CACD,MAAM,KAAKH,GAGb,MAAM,UAA0B,CAC9B,KAAKA,GAAmB,KAAKA,GAAiB,SAC5C,KAAKI,IAAa,CAAC,MAAO,GAAU,CAClC,QAAQ,KAAK,6CAA8C,EAAM,EACjE,CACH,CACD,MAAM,KAAKJ,GAGb,KAAME,GAAU,EAA4B,CAC1C,MAAM,KAAKN,GAAS,OAAO,EAAI,CAAC,UAAY,GAAG,CAC/C,IAAM,EAAO,MAAM,KAAKS,IAAY,CAC9B,EAAY,EAAK,OAAQ,GAAM,IAAM,EAAI,CAC3C,EAAU,SAAW,EAAK,QAC5B,MAAM,KAAKT,GAAS,IAAI,KAAKE,GAAuB,EAAU,CAIlE,KAAMK,GAAqB,EAAmC,CAC5D,IAAM,GAAA,EAAA,EAAA,YAA+B,EAAU,CACzC,EAAS,GAAG,KAAKN,GAAkB,GAAG,EAAkB,GACxD,EAAO,MAAM,KAAKQ,IAAY,CAC9B,EAAqB,EAAE,CACvB,EAAsB,EAAE,CAC9B,IAAK,IAAM,KAAK,EACV,EAAE,WAAW,EAAO,CACtB,EAAS,KAAK,EAAE,CAEhB,EAAU,KAAK,EAAE,CAGrB,MAAM,QAAQ,IAAI,EAAS,IAAK,GAAM,KAAKT,GAAS,OAAO,EAAE,CAAC,UAAY,GAAG,CAAC,CAAC,CAC/E,MAAM,KAAKA,GAAS,IAAI,KAAKE,GAAuB,EAAU,CAGhE,KAAMM,IAA6B,CACjC,IAAM,EAAO,MAAM,KAAKC,IAAY,CACpC,MAAM,QAAQ,IAAI,EAAK,IAAK,GAAM,KAAKT,GAAS,OAAO,EAAE,CAAC,UAAY,GAAG,CAAC,CAAC,CAC3E,MAAM,KAAKA,GAAS,OAAO,KAAKE,GAAsB,CAGxD,GACE,EACA,EACA,EACQ,CACR,MAAO,GAAG,KAAKD,GAAkB,IAAA,EAAA,EAAA,YAAc,EAAU,CAAC,IAAA,EAAA,EAAA,YAAc,EAAgB,CAAC,GAAG,EAAe,aAAa,GAG1H,KAAMQ,IAAgC,CACpC,IAAM,EAAQ,MAAM,KAAKT,GAAS,IAAI,KAAKE,GAAsB,CACjE,GAAI,IAAU,KACZ,MAAO,EAAE,CAEX,IAAM,EAAS,GAAiB,UAAU,EAAM,CAKhD,OAJI,EAAO,QACF,EAAO,MAEhB,MAAM,KAAKF,GAAS,OAAO,KAAKE,GAAsB,CAAC,UAAY,GAAG,CAC/D,EAAE,EAGX,KAAMG,GAAY,EAA4B,CAC5C,IAAM,EAAO,MAAM,KAAKI,IAAY,CAC/B,EAAK,SAAS,EAAI,GACrB,EAAK,KAAK,EAAI,CACd,MAAM,KAAKT,GAAS,IAAI,KAAKE,GAAuB,EAAK,IClI/D,SAAgB,GACd,EACA,EACyB,CACzB,IAAM,EAAa,EAAkB,EAAa,EAAgB,CAClE,GAAI,CAAC,EACH,MAAM,IAAIQ,EAAAA,EAAsB,6BAA6B,EAAgB,gBAAgB,CAE/F,OAAO,EAAmB,EAAa,EAAW,CAGpD,SAAgB,GACd,EACA,EACkC,CAClC,IAAM,EAAa,EAAkB,EAAa,EAAgB,CAClE,GAAI,CAAC,EACH,MAAM,IAAIA,EAAAA,EACR,uCAAuC,EAAgB,gBACxD,CAEH,MAAO,CACL,GAAG,EAAmB,EAAa,EAAW,CAC9C,iBAAkB,EAAW,iBAC9B,CAGH,SAAS,EAAmB,EAA+B,EAAwB,CACjF,MAAO,CACL,wBAAyB,EAAW,wBACpC,WAAY,EAAY,QAAQ,WAChC,UAAW,EAAY,QAAQ,UAC/B,UAAW,EAAW,UACtB,eAAgB,EAAW,eAC3B,aAAc,EAAW,aAC1B,CAGH,SAAS,EACP,EACA,EACwB,CACxB,IAAM,EAASC,EAAAA,EAAS,EAAgB,CACxC,OAAO,EAAY,QAAQ,KAAM,GAC/B,EAAW,wBAAwB,SAAS,EAAO,CACpD,CC7BH,IAAa,GAAb,KAA+B,CAC7B,GACA,GACA,GACA,GACA,GAEA,YAAY,CACV,QACA,oBACA,oBACA,UACA,aAOC,CACD,KAAKC,GAAS,EACd,KAAKC,GAAqB,EAC1B,KAAKC,GAAqB,EAC1B,KAAKC,GAAW,EAChB,KAAKC,GAAa,EAGpB,MAAM,YACJ,EACA,EAC6C,CAC7C,IAAM,GAAA,EAAA,EAAA,YAA8B,EAAc,CAClD,OAAO,KAAKC,GAAS,EAAS,CAC5B,iBAAkB,EAClB,mBAAqB,GACnB,KAAKJ,GAAmB,YAAY,EAAkB,CACxD,gBAAiB,MAAO,CAAE,cAAa,kBAAiB,qBAC/C,KAAKE,GAAS,YAAY,CAC/B,kBACA,kBACA,GAAG,GAAyB,EAAa,EAAgB,CACzD,cAAe,EAChB,CAAC,CAEJ,aAAc,4BACf,CAAC,CAGJ,MAAM,qBACJ,EACA,EACA,EACA,EAC6C,CAC7C,IAAM,GAAA,EAAA,EAAA,YAAiC,EAAiB,CAClD,GAAA,EAAA,EAAA,YAAgC,EAAgB,CACtD,OAAO,KAAKE,GAAS,EAAiB,CACpC,kBAAA,EAAA,EAAA,YAA6B,EAAe,CAC5C,mBAAqB,GACnB,KAAKJ,GAAmB,YAAY,EAAmB,EAAoB,CAC7E,SAAW,GACT,KAAKK,GAA4B,EAAmB,CAClD,iBAAkB,EAClB,gBAAiB,EAClB,CAAC,CACJ,gBAAiB,MAAO,CACtB,cACA,kBAEA,qBAEO,KAAKH,GAAS,qBAAqB,CACvB,kBACjB,kBACA,GAAG,GAA8B,EAAa,EAAgB,CAC9D,gBAAiB,EAClB,CAAC,CAEJ,aAAc,sCACd,UAAW,GACZ,CAAC,CAGJ,MAAM,+BAA+B,CACnC,kBACA,mBACA,kBACA,iBACA,iBAAiB,GAOoB,CACrC,IAAM,EAAkC,EAAgB,IAAK,IAAO,CAClE,eAAgB,EAAE,eAClB,iBAAA,EAAA,EAAA,YAA4B,EAAE,gBAAgB,CAC/C,EAAE,CACH,GAAI,EAAM,SAAW,EACnB,MAAO,CAAE,QAAO,CAElB,IAAM,GAAA,EAAA,EAAA,YAA+B,EAAe,CAEpD,GAAI,CACF,IAAM,EAAY,MAAM,KAAK,qBAC3B,EAAM,KAAK,CAAE,iBAAgB,sBAAuB,CAClD,iBACA,kBACD,EAAE,CACH,EACA,EACA,EACD,CACD,IAAK,IAAM,KAAQ,EACjB,KAAKI,GAAiB,EAAM,EAAU,CAExC,MAAO,CAAE,QAAO,OACT,EAAO,CACd,GAAIC,EAAAA,EAAkB,EAAM,CAC1B,MAAM,EAER,GAAI,EAAM,SAAW,EAAG,CACtB,GAAM,CAAC,EAAO,KAAKC,IAAmB,EAAI,EAE1C,MADA,GAAK,MAAQ,KAAKC,GAAa,EAAO,sCAAuC,GAAK,CAC3E,CAAE,QAAO,EA6BpB,OAzBA,MAAMC,EAAAA,EACJ,EAAM,IAAK,GAAS,SAAY,CAC9B,GAAI,CACF,IAAM,EAAY,MAAM,KAAK,qBAC3B,CACE,CACE,eAAgB,EAAK,eACrB,gBAAiB,EAAK,gBACvB,CACF,CACD,EACA,EACA,EACD,CACD,KAAKJ,GAAiB,EAAM,EAAU,OAC/B,EAAO,CACd,GAAIC,EAAAA,EAAkB,EAAM,CAC1B,MAAM,EAER,EAAK,MAAQ,KAAKE,GAAa,EAAO,sCAAuC,GAAK,GAEpF,CACF,EACD,CAEM,CAAE,QAAO,CAGlB,KAAML,GACJ,EACA,EAC6C,CAC7C,GAAI,EAAQ,SAAW,EACrB,MAAO,EAAE,CAGX,IAAM,EAAa,EAAQ,IAAK,IAAO,CACrC,eAAgB,EAAE,eAClB,iBAAA,EAAA,EAAA,YAA4B,EAAE,gBAAgB,CAC/C,EAAE,CACG,EAA6C,EAAE,CAC/C,EAA4B,EAAE,CAEpC,IAAK,IAAM,KAAK,EACVO,EAAAA,EAAa,EAAE,eAAe,CAChC,EAAO,EAAE,gBAAkB,GAE3B,EAAQ,KAAK,EAAE,CAInB,GAAI,EAAQ,SAAW,EACrB,OAAO,EAGT,IAAM,EAAe,MAAM,KAAK,IAAI,IAAI,EAAW,IAAK,GAAM,EAAE,gBAAgB,CAAC,CAAC,CAC5E,EAAmB,MAAM,KAAK,IAAI,IAAI,EAAQ,IAAK,GAAM,EAAE,gBAAgB,CAAC,CAAC,CAC/E,EAAS,UACX,MAAM,EAAS,SAAS,EAAiB,CAG3C,IAAM,EAA6B,EAAE,CACrC,IAAK,IAAM,KAAK,EAAS,CACvB,IAAM,EAAS,MAAM,KAAKZ,GAAO,IAC/B,EAAS,iBACT,EAAE,gBACF,EAAE,eACH,CACG,IAAW,KAGb,EAAS,KAAK,EAAE,CAFhB,EAAO,EAAE,gBAAkB,EAM/B,GAAI,EAAS,SAAW,EACtB,OAAO,EAGT,IAAM,EAAc,MAAM,EAAS,mBAAmB,EAAa,CAE7D,EAAa,IAAI,IACvB,IAAK,IAAM,KAAK,EAAU,CACxB,IAAM,EAAW,EAAW,IAAI,EAAE,gBAAgB,CAC9C,EACF,EAAS,KAAK,EAAE,eAAe,CAE/B,EAAW,IAAI,EAAE,gBAAiB,CAAC,EAAE,eAAe,CAAC,CAIzD,IAAM,EAAK,KAAK,KAAK,CACf,EAA0B,EAAS,IAAK,GAAM,EAAE,eAAe,CACrE,GAAI,CACF,KAAKI,GAAW,CACd,KAAMS,EAAAA,EAAc,aACpB,gBAAiB,EAClB,CAAC,CAEF,MAAMF,EAAAA,EACJ,CAAC,GAAG,EAAW,SAAS,CAAC,CAAC,KAAK,CAAC,EAAiB,KAAqB,SAAY,CAChF,IAAM,EAAY,MAAM,EAAS,gBAAgB,CAC/C,cACA,kBACA,kBACD,CAAC,CAEF,IAAK,GAAM,CAAC,EAAgB,KAAU,OAAO,QAAQ,EAAU,CAC7D,EAAO,GAAoC,EAC3C,MAAM,KAAKX,GAAO,IAChB,EAAS,iBACT,EACA,EACA,EACD,EAEH,CACF,EACD,CAED,IAAM,EAAqD,EAAE,CAC7D,IAAK,IAAM,KAAkB,EAAyB,CACpD,IAAM,EAAQ,EAAO,GACjB,IAAU,IAAA,KACZ,EAAe,GAAkB,GASrC,OANA,KAAKI,GAAW,CACd,KAAMS,EAAAA,EAAc,WACpB,WAAY,KAAK,KAAK,CAAG,EACzB,gBAAiB,EACjB,OAAQ,EACT,CAAC,CACK,QACA,EAAO,CAOd,MANA,KAAKT,GAAW,CACd,KAAMS,EAAAA,EAAc,aACpB,MAAOC,EAAAA,EAAQ,EAAM,CACrB,WAAY,KAAK,KAAK,CAAG,EACzB,gBAAiB,EAClB,CAAC,CACI,EAAiB,EAAO,EAAS,aAAc,EAAS,UAAU,EAI5E,GACE,EACA,EACM,CACN,IAAM,EAAQ,EAAU,EAAK,gBAC7B,GAAI,IAAU,IAAA,GAAW,CACvB,EAAK,MAAQ,IAAIC,EAAAA,EACf,oEAAoE,EAAK,eAAe,eAAe,EAAK,kBAC7G,CACD,OAEF,EAAK,MAAQ,EAGf,GAAa,EAAgB,EAAyB,EAAY,GAAkB,CAClF,OAAO,aAAiBC,EAAAA,EAAY,EAAQ,EAAiB,EAAO,EAAiB,EAAU,CAGjG,IAA2B,CACzB,MAAM,IAAID,EAAAA,EAAsB,4DAA4D,CAG9F,KAAMT,GACJ,EACA,CACE,mBACA,mBAKa,CACf,IAAM,EAAW,MAAM,KAAKJ,GAAmB,wBAC7C,EACA,EACA,EACD,CACG,KAAS,OAAS,EAGtB,IAAK,IAAM,KAAS,EAAS,QAAQ,CACnC,MAAM,IC1VZ,SAAS,GAAuB,EAA+B,CAC7D,GAAI,EAAE,aAAiB,OACrB,OAAO,KAET,IAAM,EAAQ,EAAM,MACpB,GAAI,OAAO,GAAU,WAAY,GAAkB,EAAE,SAAU,GAC7D,OAAO,KAET,GAAM,CAAE,QAAS,EAIjB,OAHI,OAAO,GAAS,WAAY,GAAiB,EAAE,cAAe,GACzD,KAEF,OAAO,EAAK,WAAc,SAAW,EAAK,UAAY,KAI/D,MAAM,EAAgB,CACpB,qCAAuC,GACrC,IAAI,EACF,mHACA,CAAE,QAAO,CACV,CACH,8BAAgC,GAC9B,IAAI,EAA8B,qDAAsD,CACtF,QACD,CAAC,CACJ,cAAgB,GACd,IAAI,EACF,8EACA,CAAE,QAAO,CACV,CACH,uBAAyB,GACvB,IAAI,EAA8B,yDAA0D,CAC1F,QACD,CAAC,CACJ,gCAAkC,GAChC,IAAI,EACF,+DACA,CAAE,QAAO,CACV,CACH,4BAA8B,GAC5B,IAAI,EAAiC,yDAA0D,CAC7F,QACD,CAAC,CACJ,oCAAsC,GACpC,IAAI,EAA+B,0DAA2D,CAC5F,QACD,CAAC,CACJ,gBAAkB,GAChB,IAAI,EAAwB,8CAA+C,CAAE,QAAO,CAAC,CACxF,CAED,SAAS,GAAgB,EAAkD,CACzE,OAAO,KAAQ,EAUjB,SAAgB,GAAe,EAAgB,EAAwC,CAErF,IAAM,EAAY,GAAuB,EAAM,CAC/C,GAAI,GAAa,GAAgB,EAAU,CACzC,OAAO,EAAc,GAAW,EAAY,CAI9C,IAAM,EAAU,aAAiB,MAAQ,EAAM,QAAU,OAAO,EAAM,CACtE,IAAK,GAAM,CAAC,EAAM,KAAY,OAAO,QAAQ,EAAc,CACzD,GAAI,EAAQ,SAAS,EAAK,CACxB,OAAO,EAAQ,EAAY,CAI/B,OAAO,KC3DT,IAAa,GAAb,KAA+B,CAC7B,GACA,GACA,GAEA,YAAY,CACV,WACA,UACA,gBAAkB,IAKjB,CACD,KAAKe,GAAY,EACjB,KAAKC,GAAW,EAChB,KAAKC,GAAa,EAGpB,MAAM,mBACJ,EACA,CACE,kBACA,kBACA,mBACA,kBAO0B,CAC5B,GAAI,GAAkB,EAAe,SAAS,CAAG,KAAK,KAAK,CAAG,KAC5D,MAAM,IAAI,EACR,wDACD,CAGH,IAAM,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAChD,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAChD,GAAA,EAAA,EAAA,YAAiC,EAAiB,CAExD,GAAI,IAAuB,EACzB,MAAM,IAAI,EACR,yDACD,CAGH,GAAI,IAAuB,EACzB,MAAM,IAAI,EACR,gEAAgE,EAAmB,IACpF,CAGH,IAAM,EAAM,MAAM,KAAKD,GAAS,eAAe,CACzC,EAAU,EACZ,OAAO,KAAK,MAAM,EAAe,SAAS,CAAG,IAAK,CAAC,CACnDE,EAAAA,EAEA,EACJ,GAAI,CACF,EAAgB,MAAM,KAAK,oBAAoB,CAC7C,gBAAiB,EACjB,iBAAkB,EAClB,gBAAiB,EAClB,CAAC,OACK,EAAO,CACd,QAAQ,KAAK,iEAAkE,EAAM,CACrF,EAAgB,CAAC,GAEnB,GAAI,IAAkB,EACpB,MAAM,IAAI,EACR,4BAA4B,EAAQ,8DACrC,CAGH,OAAO,KAAKC,GAAsB,CAChC,UAAW,qBACX,SACA,kBACA,OAAQC,EAAAA,EACN,EACA,EACA,EACA,EACD,CACF,CAAC,CAGJ,MAAM,iBACJ,EACA,CACE,kBACA,kBACA,oBAM0B,CAC5B,IAAM,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAChD,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAChD,GAAA,EAAA,EAAA,YAAiC,EAAiB,CAClD,EAAM,MAAM,KAAKJ,GAAS,eAAe,CAE3C,EACJ,GAAI,CACF,EAAgB,MAAM,KAAK,oBAAoB,CAC7C,gBAAiB,EACjB,iBAAkB,EAClB,gBAAiB,EAClB,CAAC,OACK,EAAO,CACd,QAAQ,KAAK,+DAAgE,EAAM,CACnF,EAAgB,GAElB,GAAI,IAAkB,GACpB,MAAM,IAAI,EACR,2CAA2C,EAAmB,eAAe,EAAmB,GACjG,CAGH,OAAO,KAAKG,GAAsB,CAChC,UAAW,mBACX,SACA,kBACA,OAAQE,EAAAA,EAAyB,EAAK,EAAoB,EAAmB,CAC9E,CAAC,CAGJ,MAAM,YAAY,EAIG,CACnB,IAAM,EAAS,MAAM,KAAK,oBAAoB,EAAO,CAQrD,OAPI,IAAW,GACN,GAEL,IAAWH,EAAAA,EACN,GAGF,EAAS,MADE,KAAKH,GAAU,mBAAmB,CAItD,MAAM,oBAAoB,CACxB,kBACA,mBACA,mBAKkB,CAClB,IAAM,EAAM,MAAM,KAAKC,GAAS,eAAe,CAC/C,OAAO,KAAKD,GAAU,aACpBO,EAAAA,EACE,GAAA,EAAA,EAAA,YACW,EAAiB,EAAA,EAAA,EAAA,YACjB,EAAgB,EAAA,EAAA,EAAA,YAChB,EAAgB,CAC5B,CACF,CAGH,KAAMH,GAAsB,CAC1B,YACA,SACA,kBACA,UAM6B,CAC7B,GAAI,CACF,OAAO,MAAMI,EAAAA,EAAkB,CAC7B,YACA,SACA,SAAU,KAAKR,GACf,SACA,KAAO,GAAU,KAAKE,GAAW,EAAO,EAAgB,CACzD,CAAC,OACK,EAAO,CAEd,MADA,KAAKO,GAAyB,EAAM,CAC9B,GAIV,GAAyB,EAAsB,CAC7C,GAAI,EAAE,aAAiBC,EAAAA,GACrB,OAEF,IAAM,EAAS,GAAe,EAAM,OAAS,EAAO,EAAM,CAC1D,GAAI,EACF,MAAM,EAIV,MAAM,wBACJ,EACA,EACA,EACyE,CACzE,IAAM,EAAW,IAAI,IAerB,OAdA,MAAM,QAAQ,IACZ,EAAkB,IAAI,KAAO,IAAoB,CAC/C,GAAI,CACF,MAAM,KAAK,uBAAuB,EAAiB,EAAkB,EAAgB,OAC9E,EAAO,CACd,GAAI,aAAiB,GAA2B,aAAiB,EAAwB,CACvF,IAAM,GAAA,EAAA,EAAA,YAAgC,EAAgB,CACtD,EAAS,IAAI,EAAoB,EAAM,CACvC,OAEF,MAAM,IAER,CACH,CACM,EAGT,MAAM,uBACJ,EACA,EACA,EACe,CACf,IAAM,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAChD,GAAA,EAAA,EAAA,YAAiC,EAAiB,CAClD,GAAA,EAAA,EAAA,YAAgC,EAAgB,CAChD,EAAS,MAAM,KAAK,oBAAoB,CAC5C,gBAAiB,EACjB,iBAAkB,EAClB,gBAAiB,EAClB,CAAC,CACF,GAAI,IAAW,GACb,MAAM,IAAI,EACR,6BAA6B,EAAoB,MAAM,EAAmB,OAAO,IAClF,CAEH,GAAI,IAAWP,EAAAA,GAET,GAAU,MADI,KAAKH,GAAU,mBAAmB,CAElD,MAAM,IAAI,EACR,mBAAmB,EAAoB,MAAM,EAAmB,OAAO,EAAmB,cAC3F,GClRI,GAAb,KAA+B,CAC7B,GACA,GAKA,YAAY,CACV,UACA,aAIC,CACD,KAAKW,GAAW,EAChB,KAAKC,GAAa,EAGpB,MAAM,QAAQ,EAA+C,CAC3D,IAAM,EAAK,KAAK,KAAK,CACrB,GAAI,CACF,KAAKA,GAAW,CAAE,KAAMC,EAAAA,EAAc,aAAc,CAAE,EAAO,gBAAgB,CAC7E,IAAM,EAAS,MAAM,KAAKF,GAAS,QAAQ,EAAO,CAQlD,OAPA,KAAKC,GACH,CACE,KAAMC,EAAAA,EAAc,WACpB,WAAY,KAAK,KAAK,CAAG,EAC1B,CACD,EAAO,gBACR,CACM,QACA,EAAO,CAYd,MAXA,KAAKD,GACH,CACE,KAAMC,EAAAA,EAAc,aACpB,MAAOC,EAAAA,EAAQ,EAAM,CACrB,WAAY,KAAK,KAAK,CAAG,EAC1B,CACD,EAAO,gBACR,CACG,aAAiBC,EAAAA,EACb,EAEF,IAAIC,EAAAA,EAAsB,oBAAqB,CACnD,MAAO,EACR,CAAC,IC/BK,GAAb,KAA8B,CAC5B,GACA,GACA,GACA,GACA,GAAmC,IAAI,IACvC,GAEA,YAAY,EAA+B,CACzC,KAAKC,GAAU,EAAK,OACpB,KAAKC,GAAW,EAAK,QACrB,KAAKC,GAAkB,EAAK,eAC5B,KAAKC,GAAqB,EAAK,kBAC3B,KAAKH,KACP,KAAKK,GAAqB,KAAKL,GAAQ,cAAc,UAAW,GAAW,CACzE,KAAKM,GAA2B,EAAO,CAAC,MAAO,GAAU,CAEvD,QAAQ,KAAK,4CAA6C,EAAM,EAChE,EACF,EAIN,sBAAsB,EAA6C,CAEjE,OADA,KAAKF,GAAwB,IAAI,EAAS,KAC7B,CACX,KAAKA,GAAwB,OAAO,EAAS,EAIjD,SAAgB,CACd,KAAKC,MAAsB,CAC3B,KAAKA,GAAqB,IAAA,GAC1B,KAAKD,GAAwB,OAAO,CAGtC,KAAME,GAA2B,EAA4C,CAC3E,IAAM,EAAO,EAAO,SACd,EAAO,EAAO,KAOd,EAAc,GAAM,QACtB,IAAgB,IAAA,IAClB,MAAMC,EAAAA,EAAQ,2BAA8B,KAAKN,GAAS,YAAY,EAAY,CAAC,CAErF,IAAM,EAAoB,KAAKE,GAC3B,GACF,MAAMI,EAAAA,EAAQ,uCACZ,EAAkB,0BAA0B,EAAM,EAAK,CACxD,CAEC,GACF,MAAMA,EAAAA,EAAQ,0BACZ,KAAKL,GAAgB,kBAAkB,EAAK,QAAQ,CACrD,CAEH,MAAM,QAAQ,IACZ,MAAM,KAAK,KAAKE,GAA0B,GACxCG,EAAAA,EAAQ,8BAAiC,EAAS,EAAO,CAAC,CAC3D,CACF,GC1EL,SAAS,EAAW,EAAwB,CAC1C,OAAA,EAAA,EAAA,YAAA,EAAA,EAAA,SAAyB,EAAU,CAAC,CAWtC,MAAa,EAAS,CAEpB,qBAAsB,EAAW,gDAAgD,CAKjF,QAAS,EAAW,2BAA2B,CAE/C,gBAAiB,EAAW,2CAA2C,CAEvE,gBAAiB,EAAW,kDAAkD,CAE9E,iBAAkB,EAChB,yEACD,CACF,CAoFD,SAAS,EAAe,EAAqB,CAC3C,OAAA,EAAA,EAAA,YAAkB,EAAU,EAAM,MAAM,IAAI,CAAC,CAAC,CAGhD,SAAS,EAAc,EAAoB,CACzC,OAAO,OAAO,EAAM,CAGtB,SAAS,EAAe,EAA4B,CAElD,OAAO,EAGT,SAAS,EAAO,EAAW,EAAuB,CAEhD,IAAM,EAAQ,EAAI,EAAQ,GACpB,EAAO,EAAK,MAAM,EAAO,EAAQ,GAAG,CAC1C,OAAO,EAAK,SAAW,GAAK,EAAO,EAAK,OAAO,GAAI,IAAI,CAGzD,SAAS,EAAc,EAAW,EAAwB,CACxD,OAAA,EAAA,EAAA,YAAkB,EAAU,EAAO,EAAM,EAAM,CAAC,MAAM,IAAI,CAAC,CAAC,CAG9D,SAAS,EAAa,EAAW,EAAuB,CACtD,OAAO,OAAO,KAAO,EAAO,EAAM,EAAM,CAAC,CAG3C,SAAS,GAAW,EAAW,EAAwB,CACrD,OAAO,OAAO,KAAO,EAAO,EAAM,EAAM,CAAC,GAAK,GAGhD,SAAS,EAAc,EAAW,EAA+B,CAE/D,OAAO,EAAU,EAAO,EAAM,EAAM,CAAC,CAWvC,SAAgB,EAA2B,EAA+C,CAQxF,OAPI,EAAI,OAAO,KAAO,EAAO,sBAGzB,EAAI,OAAO,OAAS,EACf,KAGF,CACL,UAAW,uBACX,KAAM,EAAe,EAAI,OAAO,GAAI,CACpC,GAAI,EAAe,EAAI,OAAO,GAAI,CAClC,sBAAuB,EAAe,EAAI,OAAO,GAAI,CACtD,CAUH,SAAgB,EAAc,EAAkC,CAQ9D,OAPI,EAAI,OAAO,KAAO,EAAO,SAGzB,EAAI,OAAO,OAAS,EACf,KAGF,CACL,UAAW,UACX,GAAI,EAAe,EAAI,OAAO,GAAI,CAClC,SAAU,EAAa,EAAI,KAAM,EAAE,CACpC,CAMH,SAAgB,EAAsB,EAA0C,CAQ9E,OAPI,EAAI,OAAO,KAAO,EAAO,iBAGzB,EAAI,OAAO,OAAS,EACf,KAGF,CACL,UAAW,kBACX,SAAU,EAAe,EAAI,OAAO,GAAI,CACxC,gBAAiB,EAAe,EAAI,OAAO,GAAI,CAC/C,gBAAiB,EAAc,EAAI,KAAM,EAAE,CAC5C,CAMH,SAAgB,EAAsB,EAA0C,CAQ9E,OAPI,EAAI,OAAO,KAAO,EAAO,iBAGzB,EAAI,OAAO,OAAS,EACf,KAGF,CACL,UAAW,kBACX,SAAU,EAAe,EAAI,OAAO,GAAI,CACxC,gBAAiB,EAAe,EAAI,OAAO,GAAI,CAC/C,gBAAiB,EAAc,EAAI,KAAM,EAAE,CAC3C,gBAAiB,EAAa,EAAI,KAAM,EAAE,CAC3C,CASH,SAAgB,EAAuB,EAA2C,CAQhF,OAPI,EAAI,OAAO,KAAO,EAAO,kBAGzB,EAAI,OAAO,OAAS,EACf,KAGF,CACL,UAAW,mBACX,UAAW,EAAc,EAAI,OAAO,GAAI,CACxC,KAAM,EAAc,EAAI,OAAO,GAAI,CACnC,GAAI,EAAe,EAAI,OAAO,GAAI,CAClC,UAAW,GAAW,EAAI,KAAM,EAAE,CAClC,OAAQ,EAAc,EAAI,KAAM,EAAE,CAClC,gBAAiB,EAAc,EAAI,KAAM,EAAE,CAC3C,WAAY,EAAc,EAAI,KAAM,EAAE,CACvC,CAkBH,SAAgB,EAAmB,EAAkC,CACnE,OACE,EAA2B,EAAI,EAC/B,EAAc,EAAI,EAClB,EAAsB,EAAI,EAC1B,EAAsB,EAAI,EAC1B,EAAuB,EAAI,CAY/B,SAAgB,GAAoB,EAAyC,CAC3E,IAAM,EAAyB,EAAE,CACjC,IAAK,IAAM,KAAO,EAAM,CACtB,IAAM,EAAQ,EAAmB,EAAI,CACjC,GACF,EAAO,KAAK,EAAM,CAGtB,OAAO,EAYT,SAAgB,EAAoB,EAAsD,CACxF,IAAK,IAAM,KAAO,EAAM,CACtB,IAAM,EAAQ,EAAsB,EAAI,CACxC,GAAI,EACF,OAAO,EAGX,OAAO,KAcT,SAAgB,GAAY,EAA8C,CACxE,IAAK,IAAM,KAAO,EAAM,CACtB,IAAM,EAAQ,EAAc,EAAI,CAChC,GAAI,EACF,OAAO,EAGX,OAAO,KAQT,MAAa,GAAe,CAC1B,EAAO,qBACP,EAAO,QACP,EAAO,gBACP,EAAO,gBACP,EAAO,iBACR,CAUY,EAAY,CAEvB,2BAA4B,EAC1B,2EACD,CAED,mCAAoC,EAClC,4EACD,CACF,CAmDD,SAAgB,EACd,EACwC,CAQxC,OAPI,EAAI,OAAO,KAAO,EAAU,4BAG5B,EAAI,OAAO,OAAS,EACf,KAGF,CACL,UAAW,6BACX,UAAW,EAAe,EAAI,OAAO,GAAI,CACzC,SAAU,EAAe,EAAI,OAAO,GAAI,CACxC,gBAAiB,EAAc,EAAI,KAAM,EAAE,CAC3C,kBAAmB,EAAa,EAAI,KAAM,EAAE,CAC5C,kBAAmB,EAAa,EAAI,KAAM,EAAE,CAC5C,kBAAmB,EAAa,EAAI,KAAM,EAAE,CAC7C,CASH,SAAgB,EACd,EACgD,CAQhD,OAPI,EAAI,OAAO,KAAO,EAAU,oCAG5B,EAAI,OAAO,OAAS,EACf,KAGF,CACL,UAAW,qCACX,UAAW,EAAe,EAAI,OAAO,GAAI,CACzC,SAAU,EAAe,EAAI,OAAO,GAAI,CACxC,gBAAiB,EAAc,EAAI,KAAM,EAAE,CAC3C,kBAAmB,EAAa,EAAI,KAAM,EAAE,CAC5C,kBAAmB,EAAa,EAAI,KAAM,EAAE,CAC7C,CAMH,SAAgB,EAAe,EAA8B,CAC3D,OAAO,EAAiC,EAAI,EAAI,EAAyC,EAAI,CAM/F,SAAgB,GAAgB,EAAqC,CACnE,IAAM,EAAqB,EAAE,CAC7B,IAAK,IAAM,KAAO,EAAM,CACtB,IAAM,EAAQ,EAAe,EAAI,CAC7B,GACF,EAAO,KAAK,EAAM,CAGtB,OAAO,EAMT,SAAgB,GACd,EACwC,CACxC,IAAK,IAAM,KAAO,EAAM,CACtB,IAAM,EAAQ,EAAiC,EAAI,CACnD,GAAI,EACF,OAAO,EAGX,OAAO,KAMT,SAAgB,GACd,EACgD,CAChD,IAAK,IAAM,KAAO,EAAM,CACtB,IAAM,EAAQ,EAAyC,EAAI,CAC3D,GAAI,EACF,OAAO,EAGX,OAAO,KAQT,MAAa,GAAa,CACxB,EAAU,2BACV,EAAU,mCACX,CC3eD,IAAa,GAAb,cAAkCC,EAAAA,CAAM,CACtC,GACA,GAA8C,KAC9C,GAA6B,KAG7B,GAAe,EAAkC,CAC/C,GAAI,CAEF,OADA,EAAA,EAAkB,KAAK,IAAI,OAAQ,0BAA0B,CACtD,KAAK,IAAI,aACT,EAAO,CACd,MAAM,IAAIC,EAAAA,EAAyB,EAAW,CAAE,QAAO,CAAC,EAW5D,MAAM,YAA+B,CACnC,OAAO,KAAKC,IAAgB,CAS9B,MAAM,WAA8B,CAClC,GAAI,KAAKC,KAAe,KACtB,OAAO,KAAKA,GAEd,GAAI,CACF,IAAM,EAAa,MAAM,KAAKD,IAAgB,CAC9C,KAAKC,GAAa,MAAM,KAAK,IAAI,SAAS,aAAaC,EAAAA,EAAuB,EAAW,CAAC,MACpF,CACN,KAAKD,GAAa,GAEpB,OAAO,KAAKA,GAUd,MAAM,UAAU,EAAiC,CAC/C,IAAM,EAAa,MAAM,KAAKD,IAAgB,CAC9C,OAAO,KAAK,IAAI,SAAS,aACvBG,EAAAA,EAAkB,GAAA,EAAA,EAAA,YAAuB,EAAM,CAAE,KAAK,QAAQ,CAC/D,CAkCH,MAAM,OAAO,EAAgB,EAAqD,CAChF,IAAM,EAAU,MAAMC,EAAAA,EAA4B,SAAU,KAAK,IAAI,OAAQ,KAAK,IAAI,SAAS,CAEzF,EAAiB,MAAM,KAAK,WAAW,CACvC,EAAa,MAAM,KAAKJ,IAAgB,CACxC,GAAA,EAAA,EAAA,YAAyB,EAAQ,QAAQ,CAG3C,EACJ,GAAI,CACF,EAAe,MAAM,KAAK,IAAI,SAAS,aACrCK,EAAAA,EAAkB,EAAY,EAAY,CAC3C,OACM,EAAO,CAId,MAHI,aAAiBC,EAAAA,EACb,EAEF,IAAIC,EAAAA,EACR,+DAA+D,EAAW,GAC1E,CAAE,MAAOC,EAAAA,EAAQ,EAAM,CAAE,CAC1B,CAEH,GAAI,EAAe,EACjB,MAAM,IAAIC,EAAAA,EACR,0CAA0C,EAAO,cAAc,EAAa,WAAW,EAAW,GAClG,CAAE,UAAW,EAAQ,UAAW,EAAc,MAAO,EAAY,CAClE,CAMH,OAHI,EACK,KAAKC,GAA0B,EAAQ,EAAY,EAAa,EAAQ,CAE1E,KAAKC,GAAyB,EAAQ,EAAa,EAAQ,CAGpE,KAAMD,GACJ,EACA,EACA,EACA,EAC4B,CAC5B,KAAKE,GAAe,SAAS,CAC7B,IAAM,EAAY,GAAS,IAAA,EAAA,EAAA,YAAgB,EAAQ,GAAG,CAAG,EAKnD,EAAY,IAAc,EAAc,KAAO,EAErD,OAAO,KAAK,kBAAkB,CAC5B,UAAW,yBACX,OAAQ,EAAwB,EAAY,KAAK,QAAS,EAAQ,EAAK,CACvE,YAAa,GAAS,kBACvB,CAAC,CAGJ,KAAMD,GACJ,EACA,EACA,EAC4B,CAC5B,KAAKC,GAAe,SAAS,CAC7B,IAAM,EAAW,GAAS,kBAAoB,QAC1C,IAAa,QACf,MAAM,KAAKC,GAAiB,EAAQ,IAAa,MAAO,EAAQ,CAElE,IAAM,EAAY,GAAS,IAAA,EAAA,EAAA,YAAgB,EAAQ,GAAG,CAAG,EACzD,OAAO,KAAK,kBAAkB,CAC5B,UAAW,wBACX,OAAQC,EAAAA,EAAa,KAAK,QAAS,EAAW,EAAO,CACrD,YAAa,GAAS,kBACvB,CAAC,CAiBJ,MAAM,kBAAkB,EAA6C,CACnE,KAAKF,GAAe,oBAAoB,CACxC,IAAM,EAAU,MAAMR,EAAAA,EACpB,oBACA,KAAK,IAAI,OACT,KAAK,IAAI,SACV,CACK,EAAa,MAAM,KAAKJ,IAAgB,CACxC,GAAA,EAAA,EAAA,YAAyB,EAAQ,QAAQ,CAEzC,EAAiB,GAAU,IAAM,KAAO,GAe9C,OAbI,EAAiB,IAKf,MAJ2B,KAAK,IAAI,SAAS,aAC/CG,EAAAA,EAAkB,EAAY,EAAa,KAAK,QAAQ,CACzD,CAEsB,IACrB,MAAM,KAAK,kBAAkB,CAC3B,UAAW,0BACX,OAAQY,EAAAA,EAAgB,EAAY,KAAK,QAAS,GAAG,CACtD,CAAC,CAIC,KAAK,kBAAkB,CAC5B,UAAW,oBACX,OAAQA,EAAAA,EAAgB,EAAY,KAAK,QAAS,EAAe,CAClE,CAAC,CAqBJ,MAAM,SAAS,EAAgB,EAAuD,CACpF,GAAM,CACJ,mBAAmB,GACnB,oBACA,eACA,uBACE,GAAW,EAAE,CAEZ,GACH,MAAM,KAAK,0BAA0B,EAAO,CAG9C,IAAM,EAA+B,CACnC,eACA,sBACD,CACK,EAAc,OAAO,YAAY,CACjC,EAAe,MAAM,KAAK,OAAO,EAAO,CAE9C,OADA,EAAKC,EAAQ,kCAAqC,IAAoB,EAAa,OAAO,CAAC,CACpF,KAAKC,GAAyB,EAAa,OAAQ,EAAa,EAAU,CAgBnF,MAAM,YAAY,EAA2D,CAC3E,IAAM,EAAc,OAAO,YAAY,CACjC,EAAe,MAAM,KAAK,WAAW,CAI3C,OAHA,EAAKD,EAAQ,qCACX,GAAW,oBAAoB,EAAa,OAAO,CACpD,CACM,KAAKC,GAAyB,EAAa,OAAQ,EAAa,EAAU,CAiBnF,MAAM,eACJ,EACA,EAC4B,CAC5B,OAAO,KAAKA,GAAyB,EAAc,OAAO,YAAY,CAAE,EAAU,CAiBpF,MAAM,OAAO,EAA4C,CACvD,KAAKL,GAAe,SAAS,CAE7B,IAAM,GAAA,EAAA,EAAA,aAAyB,MADTR,EAAAA,EAA4B,SAAU,KAAK,IAAI,OAAQ,KAAK,IAAI,SAAS,EACxD,QAAQ,CAEzC,CAAE,UAAS,cAAe,MAAM,KAAK,IAAI,QAAQ,CACrD,OAAQ,CAAC,CAAE,MAAO,EAAQ,KAAM,UAAW,CAAC,CAC5C,gBAAiB,KAAK,QACtB,cACD,CAAC,CAEI,CAAC,GAAU,EACjB,GAAI,CAAC,EACH,MAAM,IAAIc,EAAAA,EAAsB,iCAAiC,CAGnE,OAAO,KAAK,kBAAkB,CAC5B,UAAW,SACX,OAAQC,EAAAA,EAAe,KAAK,QAAS,EAAa,EAAa,EAAQ,EAAW,CACnF,CAAC,CAgBJ,MAAM,WAAwC,CAC5C,KAAKP,GAAe,YAAY,CAMhC,IAAM,GAAA,EAAA,EAAA,aAAyB,MALTR,EAAAA,EACpB,YACA,KAAK,IAAI,OACT,KAAK,IAAI,SACV,EACsC,QAAQ,CACzC,EAAS,MAAM,KAAK,0BAA0B,EAAY,CAEhE,GAAIgB,EAAAA,EAAa,EAAO,CACtB,MAAM,IAAIC,EAAAA,EAAsB,mCAAmC,CAGrE,OAAO,KAAK,kBAAkB,CAC5B,UAAW,YACX,OAAQC,EAAAA,EAA0B,KAAK,QAAS,EAAa,EAAa,EAAO,CAClF,CAAC,CAkBJ,MAAM,eAAe,EAAqE,CACxF,KAAKV,GAAe,iBAAiB,CACrC,MAAMW,EAAAA,EAAsB,iBAAkB,KAAK,IAAI,OAAQ,KAAK,IAAI,SAAS,CACjF,IAAM,EAAS,MAAM,KAAK,IAAI,WAAW,cAAc,CAAC,EAAwB,CAAC,CAC3E,EAAa,EAAO,YAAY,GAEtC,OADA,EAAA,EAAa,EAAY,6BAA6B,CAC/C,KAAK,kBAAkB,CAC5B,UAAW,iBACX,OAAQC,EAAAA,EACN,KAAK,QACL,EACA,EACA,EAAO,gBACR,CACF,CAAC,CAKJ,KAAMxB,IAAmC,CAiBvC,OAhBI,KAAKyB,KAAgB,IAAA,IAGzB,AACE,KAAKC,KAAqB,KAAK,IAAI,SAChC,aAAaC,EAAAA,EAAmB,KAAK,QAAQ,CAAC,CAC9C,KAAM,IACL,KAAKF,GAAc,EACnB,KAAKC,GAAqB,KACnB,GACP,CACD,MAAO,GAAU,CAEhB,KADA,MAAKA,GAAqB,KACpB,GACN,CAEC,KAAKA,IAfH,KAAKD,GAkBhB,KAAMR,GACJ,EACA,EACA,EAC4B,CAC5B,KAAK,KAAK,CACR,KAAMW,EAAAA,EAAc,wBACpB,OAAQ,EACR,cACD,CAAC,CACF,IAAI,EACJ,GAAI,CACF,EAAU,MAAM,KAAK,IAAI,SAAS,0BAA0B,EAAa,OAClE,EAAO,CAId,MAHI,aAAiBtB,EAAAA,EACb,EAEF,IAAIuB,EAAAA,EAAyB,iCAAkC,CACnE,MAAO,EACR,CAAC,CAEJ,IAAM,EAAQ,EAAoB,EAAQ,KAAK,CAC/C,GAAI,CAAC,EACH,MAAM,IAAIA,EAAAA,EAAyB,qDAAqD,CAE1F,KAAK,KAAK,CAAE,KAAMD,EAAAA,EAAc,sBAAuB,cAAa,CAAC,CACrE,EAAKZ,EAAQ,6BAAgC,GAAW,gBAAgB,CAAC,CACzE,IAAM,EAAiB,MAAM,KAAK,eAChC,EAAM,iBAAmB,EAAM,gBAChC,CASD,OARA,KAAK,KAAK,CACR,KAAMY,EAAAA,EAAc,wBACpB,OAAQ,EAAe,OACvB,cACD,CAAC,CACF,EAAKZ,EAAQ,oCACX,GAAW,sBAAsB,EAAe,OAAO,CACxD,CACM,EAGT,KAAMH,GACJ,EACA,EACA,EACe,CACf,KAAKD,GAAe,oBAAoB,CACxC,IAAM,EAAa,MAAM,KAAKZ,IAAgB,CAMxC,GAAA,EAAA,EAAA,aAAyB,MALTI,EAAAA,EACpB,oBACA,KAAK,IAAI,OACT,KAAK,IAAI,SACV,EACsC,QAAQ,CACzC,EAAY,MAAM,KAAK,IAAI,SAAS,aACxCD,EAAAA,EAAkB,EAAY,EAAa,KAAK,QAAQ,CACzD,CAED,GAAI,GAAa,EACf,OAME,EAAY,IACd,MAAM,KAAK,kBAAkB,CAC3B,UAAW,0BACX,OAAQY,EAAAA,EAAgB,EAAY,KAAK,QAAS,GAAG,CACtD,CAAC,CAGJ,IAAM,EAAiB,EAAc,IAAM,KAAO,GAAK,EAEvD,MAAM,KAAK,kBAAkB,CAC3B,UAAW,oBACX,OAAQA,EAAAA,EAAgB,EAAY,KAAK,QAAS,EAAe,CACjE,YAAa,GAAW,oBACzB,CAAC,GChgBO,GAAb,KAAqB,CACnB,QACA,SACA,OACA,QAKA,SAEA,QAEA,YAEA,WACA,GACA,GACA,GACA,GACA,GACA,GACA,GACA,GAEA,YAAY,EAAoB,CAC9B,KAAK,QAAU,EAAO,QACtB,KAAK,SAAW,EAAO,SACvB,KAAK,OAAS,EAAO,OACrB,KAAK,QAAU,EAAO,QACtB,KAAKgB,GAAW,EAAO,SAAW,UAAY,GAC9C,KAAKC,GAAkB,IAAI,GAAe,EAAO,QAAQ,CACzD,KAAKK,GAAqB,IAAI,GAAkB,CAC9C,SAAU,KAAK,SACf,QAAS,KAAK,QACd,UAAW,KAAK,UAAU,KAAK,KAAK,CACrC,CAAC,CAEF,IAAM,EAA6C,EAAE,CACrD,IAAK,IAAM,KAAS,EAAO,OACrB,EAAM,kBACR,EAAkB,EAAM,IAAM,EAAM,iBAGxC,KAAK,SAAW,IAAIC,EAAAA,EAAiB,CACnC,SAAU,KAAK,SACf,oBACA,YAAa,EAAO,YACrB,CAAC,CACF,KAAKR,GAAe,EAAO,YAEvB,EAAO,SACT,KAAKM,GAAqB,IAAIG,EAAAA,EAAkB,CAC9C,QAAS,KAAK,QACd,OAAQ,EAAO,OACf,WAAY,EAAO,WACnB,UAAW,EAAO,UAClB,QAAS,KAAK,QACd,cAAe,EAAO,cACvB,CAAC,CACF,KAAKJ,GAAqB,IAAI,GAAkB,CAC9C,MAAO,KAAKH,GACZ,kBAAmB,KAAKI,GACxB,kBAAmB,KAAKC,GACxB,QAAS,KAAK,QACd,UAAW,KAAK,UAAU,KAAK,KAAK,CACrC,CAAC,EAEJ,KAAKH,GAAqB,IAAI,GAAkB,CAC9C,QAAS,KAAK,QACd,UAAW,KAAK,UAAU,KAAK,KAAK,CACrC,CAAC,CACF,KAAKD,GAAoB,IAAI,GAAiB,CAC5C,OAAQ,EAAO,OACf,QAAS,KAAK,QACd,eAAgB,KAAKD,GACrB,kBAAmB,KAAKI,GACzB,CAAC,CAEF,KAAK,QAAU,IAAI,EAAQ,CACzB,OAAQ,KAAK,OACb,SAAU,KAAK,SACf,eAAgB,KAAKJ,GACrB,kBAAmB,KAAKI,GACzB,CAAC,CACF,KAAK,YAAc,IAAI,EAAY,CACjC,OAAQ,KAAK,OACb,SAAU,KAAK,SACf,kBAAmB,KAAKC,GACzB,CAAC,CACF,KAAK,WAAa,IAAI,EAAW,CAC/B,OAAQ,KAAK,OACb,SAAU,KAAK,SACf,QAAS,KAAK,QACd,kBAAmB,KAAKF,GACzB,CAAC,CAaJ,sBAAsB,EAA6C,CACjE,OAAO,KAAKF,GAAkB,sBAAsB,EAAS,CAc/D,UAAU,EAA0B,EAA8B,CAChE,GAAI,CACF,KAAKF,GAAS,CACZ,GAAG,EACH,eACA,UAAW,KAAK,KAAK,CACtB,CAAiB,OACX,EAAO,CAEd,QAAQ,MAAM,qCAAsC,EAAM,EAsB9D,uBAAuB,EAA+D,CACpF,OAAO,IAAIO,EAAAA,EAAiB,CAC1B,SAAU,KAAK,SACf,oBACA,YAAa,KAAKR,GACnB,CAAC,CAmBJ,MAAM,QAAQ,EAA+C,CAC3D,OAAO,KAAKI,GAAmB,QAAQ,EAAO,CAkBhD,YAAY,EAAyB,CACnC,OAAO,IAAIM,EAAAA,EAAM,KAAM,EAAQ,CAgBjC,mBAAmB,EAAgC,CACjD,OAAO,IAAI,GAAa,KAAM,EAAQ,CAQxC,SAAgB,CACd,KAAKP,GAAkB,SAAS,CAOlC,WAAkB,CAChB,KAAK,SAAS,CACd,KAAK,QAAQ,WAAW,CACxB,KAAK,QAAQ,WAAW,CAiB1B,CAAC,OAAO,UAAiB,CACvB,KAAK,WAAW,GC7PpB,SAAS,EAAW,EAAiC,CACnD,MAAO,yBAAoBQ,EAAAA,EAAS,EAAe,GAGrD,MAAM,GAA+BC,EAAAA,EAAE,MAAM,CAC3CA,EAAAA,EAAE,KACAC,EAAAA,EACAD,EAAAA,EAAE,UAAW,IAAuB,CAAE,eAAc,EAAE,CACvD,CACDA,EAAAA,EAAE,KACAA,EAAAA,EAAE,OAAO,CACP,QAASA,EAAAA,EAAE,QAAQ,EAAgB,CACnC,aAAcC,EAAAA,EACd,gBAAiBD,EAAAA,EAAE,SAASC,EAAAA,EAAI,CACjC,CAAC,CACFD,EAAAA,EAAE,WACC,CACC,eACA,sBAKK,CAAE,eAAc,kBAAiB,EACzC,CACF,CACF,CAAC,CAMF,eAAsB,GACpB,EACA,EACA,EACA,EACe,CACf,GAAI,IAAoB,IAAA,GAAW,CACjC,MAAM,EAAQ,IAAI,EAAW,EAAe,CAAE,EAAa,CAC3D,OAGF,MAAM,EAAQ,IAAI,EAAW,EAAe,CAAE,CAC5C,QAAS,EACT,eACA,kBACD,CAAwC,CAM3C,eAAsB,GACpB,EACA,EACqB,CAErB,OAAO,MADe,GAA2B,EAAS,EAAe,GACzD,cAAgB,KAWlC,eAAsB,GACpB,EACA,EACwC,CACxC,IAAM,EAAM,EAAW,EAAe,CAChC,EAAQ,MAAM,EAAQ,IAAwC,EAAI,CACxE,GAAI,GAAU,KACZ,OAAO,KAET,IAAM,EAAS,GAA6B,UAAU,EAAM,CAK5D,OAJK,EAAO,QAIL,EAAO,MAHZ,MAAM,EAAQ,OAAO,EAAI,CAClB,MAQX,eAAsB,GACpB,EACA,EACe,CACf,MAAM,EAAQ,OAAO,EAAW,EAAe,CAAC,CC5FlD,IAAa,GAAb,KAA4D,CAC1D,MAAM,IAAiB,EAAgC,CAErD,OAAQ,MADa,OAAO,QAAQ,QAAQ,IAAI,EAAI,EACrC,IAAc,KAG/B,MAAM,IAAI,EAAa,EAA+B,CACpD,MAAM,OAAO,QAAQ,QAAQ,IAAI,EAAG,GAAM,EAAO,CAAC,CAGpD,MAAM,OAAO,EAA4B,CACvC,MAAM,OAAO,QAAQ,QAAQ,OAAO,EAAI,GAK5C,MAAa,GAAuB,IAAI"}