kawasekit 0.1.0-beta.6 → 0.2.0

package/dist/x402/index.d.cts

@@ -1,5 +1,5 @@
-export { K as KnownAssetDomain, a as KnownAssetId, X as X402AssetParam, b as X402TokenDomain, g as getKnownAssetDomain, l as listKnownAssetIds } from '../asset-domain-CpJuDkI2.cjs';
-export { B as BuildPaymentRequiredResponseParams, a as BuildPaymentRequirementsParams, C as CreateCoinbaseFacilitatorParams, b as CreateHttpFacilitatorParams, c as CreateSelfFacilitatorParams, d as CreateX402PaymentSignerParams, S as SignX402PaymentParams, W as WrapFetchParams, X as X402Fetch, e as X402InvalidConfigError, f as X402InvalidPayloadError, g as X402PaymentSigner, h as X402PolicyRejectedError, i as X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, j as X402_DEFAULT_MAX_TIMEOUT_SECONDS, k as X402_FACILITATOR_ERROR_CODES, m as X402_HEADER_PAYMENT_REQUIRED, n as X402_HEADER_PAYMENT_RESPONSE, o as X402_HEADER_PAYMENT_SIGNATURE, p as buildPaymentRequiredResponse, q as buildPaymentRequirements, r as createCoinbaseFacilitator, s as createHttpFacilitator, t as createSelfFacilitator, u as createX402PaymentSigner, v as decodePaymentRequiredHeader, w as decodePaymentResponseHeader, x as decodePaymentSignatureHeader, y as deriveReceiptTimeoutMs, z as encodePaymentRequiredHeader, A as encodePaymentResponseHeader, D as encodePaymentSignatureHeader, E as wrapFetch } from '../index-Z6AL1MR_.cjs';
+export { K as KnownAssetDomain, a as KnownAssetId, X as X402AssetParam, c as X402TokenDomain, h as getKnownAssetDomain, l as listKnownAssetIds } from '../asset-domain-4Ioxqn28.cjs';
+export { B as BuildPaymentRequiredResponseParams, a as BuildPaymentRequirementsParams, C as CreateCoinbaseFacilitatorParams, b as CreateHttpFacilitatorParams, c as CreateSelfFacilitatorParams, d as CreateX402PaymentSignerParams, S as SignX402PaymentParams, W as WrapFetchParams, X as X402Fetch, e as X402InvalidConfigError, f as X402InvalidPayloadError, g as X402PaymentSigner, h as X402PolicyRejectedError, i as X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, j as X402_DEFAULT_MAX_TIMEOUT_SECONDS, k as X402_FACILITATOR_ERROR_CODES, m as X402_HEADER_PAYMENT_REQUIRED, n as X402_HEADER_PAYMENT_RESPONSE, o as X402_HEADER_PAYMENT_SIGNATURE, p as buildPaymentRequiredResponse, q as buildPaymentRequirements, r as createCoinbaseFacilitator, s as createHttpFacilitator, t as createSelfFacilitator, u as createX402PaymentSigner, v as decodePaymentRequiredHeader, w as decodePaymentResponseHeader, x as decodePaymentSignatureHeader, y as deriveReceiptTimeoutMs, z as encodePaymentRequiredHeader, A as encodePaymentResponseHeader, D as encodePaymentSignatureHeader, E as wrapFetch } from '../index-Cn6kg7KH.cjs';
 export { C as CreateX402HandlerParams, I as IdempotencyServerConfig, X as X402HandlerContext, a as X402InnerHandler, b as X402RequestHandler, c as createX402Handler } from '../server-ov8YstNS.cjs';
 export { F as Facilitator, X as X402AssetTransferMethod, a as X402ExactEvmAuthorization, b as X402ExactEvmExtra, c as X402ExactEvmPayload, d as X402Network, e as X402PaymentPayload, f as X402PaymentRequiredResponse, g as X402PaymentRequirements, h as X402ResourceInfo, i as X402Scheme, j as X402SettleRequest, k as X402SettleResponse, l as X402SettlementResponse, m as X402SupportedKind, n as X402SupportedResponse, o as X402VerifyRequest, p as X402VerifyResponse, q as X402Version, r as X402_VERSION, s as chainIdToX402Network, t as isX402Network, x as x402NetworkToChainId } from '../types-TpS_8ztt.cjs';
 import 'viem';

package/dist/x402/index.d.ts

@@ -1,5 +1,5 @@
-export { K as KnownAssetDomain, a as KnownAssetId, X as X402AssetParam, b as X402TokenDomain, g as getKnownAssetDomain, l as listKnownAssetIds } from '../asset-domain-CpJuDkI2.js';
-export { B as BuildPaymentRequiredResponseParams, a as BuildPaymentRequirementsParams, C as CreateCoinbaseFacilitatorParams, b as CreateHttpFacilitatorParams, c as CreateSelfFacilitatorParams, d as CreateX402PaymentSignerParams, S as SignX402PaymentParams, W as WrapFetchParams, X as X402Fetch, e as X402InvalidConfigError, f as X402InvalidPayloadError, g as X402PaymentSigner, h as X402PolicyRejectedError, i as X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, j as X402_DEFAULT_MAX_TIMEOUT_SECONDS, k as X402_FACILITATOR_ERROR_CODES, m as X402_HEADER_PAYMENT_REQUIRED, n as X402_HEADER_PAYMENT_RESPONSE, o as X402_HEADER_PAYMENT_SIGNATURE, p as buildPaymentRequiredResponse, q as buildPaymentRequirements, r as createCoinbaseFacilitator, s as createHttpFacilitator, t as createSelfFacilitator, u as createX402PaymentSigner, v as decodePaymentRequiredHeader, w as decodePaymentResponseHeader, x as decodePaymentSignatureHeader, y as deriveReceiptTimeoutMs, z as encodePaymentRequiredHeader, A as encodePaymentResponseHeader, D as encodePaymentSignatureHeader, E as wrapFetch } from '../index-BaAOB0xd.js';
+export { K as KnownAssetDomain, a as KnownAssetId, X as X402AssetParam, c as X402TokenDomain, h as getKnownAssetDomain, l as listKnownAssetIds } from '../asset-domain-4Ioxqn28.js';
+export { B as BuildPaymentRequiredResponseParams, a as BuildPaymentRequirementsParams, C as CreateCoinbaseFacilitatorParams, b as CreateHttpFacilitatorParams, c as CreateSelfFacilitatorParams, d as CreateX402PaymentSignerParams, S as SignX402PaymentParams, W as WrapFetchParams, X as X402Fetch, e as X402InvalidConfigError, f as X402InvalidPayloadError, g as X402PaymentSigner, h as X402PolicyRejectedError, i as X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, j as X402_DEFAULT_MAX_TIMEOUT_SECONDS, k as X402_FACILITATOR_ERROR_CODES, m as X402_HEADER_PAYMENT_REQUIRED, n as X402_HEADER_PAYMENT_RESPONSE, o as X402_HEADER_PAYMENT_SIGNATURE, p as buildPaymentRequiredResponse, q as buildPaymentRequirements, r as createCoinbaseFacilitator, s as createHttpFacilitator, t as createSelfFacilitator, u as createX402PaymentSigner, v as decodePaymentRequiredHeader, w as decodePaymentResponseHeader, x as decodePaymentSignatureHeader, y as deriveReceiptTimeoutMs, z as encodePaymentRequiredHeader, A as encodePaymentResponseHeader, D as encodePaymentSignatureHeader, E as wrapFetch } from '../index-f-Xg86P9.js';
 export { C as CreateX402HandlerParams, I as IdempotencyServerConfig, X as X402HandlerContext, a as X402InnerHandler, b as X402RequestHandler, c as createX402Handler } from '../server-D_rZc-cW.js';
 export { F as Facilitator, X as X402AssetTransferMethod, a as X402ExactEvmAuthorization, b as X402ExactEvmExtra, c as X402ExactEvmPayload, d as X402Network, e as X402PaymentPayload, f as X402PaymentRequiredResponse, g as X402PaymentRequirements, h as X402ResourceInfo, i as X402Scheme, j as X402SettleRequest, k as X402SettleResponse, l as X402SettlementResponse, m as X402SupportedKind, n as X402SupportedResponse, o as X402VerifyRequest, p as X402VerifyResponse, q as X402Version, r as X402_VERSION, s as chainIdToX402Network, t as isX402Network, x as x402NetworkToChainId } from '../types-BR9UcvJO.js';
 import 'viem';

package/dist/x402/index.js

@@ -1,9 +1,9 @@
-export { X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, X402_FACILITATOR_ERROR_CODES, createCoinbaseFacilitator, createHttpFacilitator, createSelfFacilitator, createX402PaymentSigner, deriveReceiptTimeoutMs, wrapFetch } from '../chunk-E2EG72U2.js';
+export { X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS, X402_FACILITATOR_ERROR_CODES, createCoinbaseFacilitator, createHttpFacilitator, createSelfFacilitator, createX402PaymentSigner, deriveReceiptTimeoutMs, wrapFetch } from '../chunk-SMAZUZFO.js';
 export { X402_DEFAULT_MAX_TIMEOUT_SECONDS, X402_HEADER_PAYMENT_REQUIRED, X402_HEADER_PAYMENT_RESPONSE, X402_HEADER_PAYMENT_SIGNATURE, buildPaymentRequiredResponse, buildPaymentRequirements, createX402Handler, decodePaymentRequiredHeader, decodePaymentResponseHeader, decodePaymentSignatureHeader, encodePaymentRequiredHeader, encodePaymentResponseHeader, encodePaymentSignatureHeader } from '../chunk-PVUKX6IF.js';
 import '../chunk-LEHWRDVS.js';
 import '../chunk-TTX3RBIZ.js';
 export { X402_VERSION, chainIdToX402Network, isX402Network, x402NetworkToChainId } from '../chunk-QHUCU5YX.js';
-export { getKnownAssetDomain, listKnownAssetIds } from '../chunk-VPRR3TNA.js';
+export { getKnownAssetDomain, listKnownAssetIds } from '../chunk-VXZHS74W.js';
 export { X402InvalidConfigError, X402InvalidPayloadError, X402PolicyRejectedError } from '../chunk-WMVJNPX2.js';
 import '../chunk-KT7XDT2T.js';
 import '../chunk-SOTYGX67.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "kawasekit",
-  "version": "0.1.0-beta.6",
+  "version": "0.2.0",
   "description": "TypeScript SDK for stablecoin payments by AI agents. Japan-first, JPYC-native.",
   "license": "Apache-2.0",
   "author": "k0yote",

package/dist/asset-domain-CpJuDkI2.d.cts

@@ -1,102 +0,0 @@
-import { Address } from 'viem';
-
-/**
- * Known-asset registry for {@link createX402PaymentSigner}'s
- * `asset: { kind: "known", id }` discriminated-union branch.
- *
- * kawasekit only ships pinned EIP-712 domain definitions for assets it has
- * verified empirically against the deployed contracts. Adding a new entry
- * here requires citing the source-file + line reference for the contract
- * that owns the `name` / `version` (so the next reviewer can spot-check the
- * claim, the same discipline `docs/THREAT_MODEL.md` §0 demands of any ✅
- * verdict that delegates to an out-of-scope component).
- *
- * @packageDocumentation
- */
-
-/** Known asset identifiers. New entries must update this union AND the table. */
-type KnownAssetId = "jpyc-v2";
-/** Fully-pinned EIP-712 domain for a known asset. */
-interface KnownAssetDomain {
-    readonly id: KnownAssetId;
-    readonly name: string;
-    readonly version: string;
-    readonly verifyingContract: Address;
-}
-/**
- * Look up a known asset's pinned EIP-712 domain by id.
- *
- * @returns The domain, or `undefined` if the id is not in the registry.
- *
- * @example
- * ```ts
- * import { getKnownAssetDomain } from "kawasekit";
- *
- * const jpyc = getKnownAssetDomain("jpyc-v2");
- * if (jpyc === undefined) throw new Error("unreachable");
- * console.log(jpyc.verifyingContract); // 0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29
- * ```
- */
-declare function getKnownAssetDomain(id: KnownAssetId): KnownAssetDomain | undefined;
-/** List every known asset id (for diagnostics / error messages). */
-declare function listKnownAssetIds(): readonly KnownAssetId[];
-
-/**
- * EIP-712 asset-domain resolution for x402 / EIP-3009 signing.
- *
- * Construction-time pinning of the EIP-712 domain (`name` / `version` /
- * `verifyingContract`) a signer will use. The integrator declares an
- * {@link X402AssetParam} — either a kawasekit-maintained `known` asset or a
- * loud `unsafeOverride` — and {@link resolveAssetParam} resolves it to a pinned
- * {@link ResolvedAsset}. The signer then trusts only this pinned domain and
- * refuses to sign for a mismatched advertised asset (Threat 1.4: misadvertised
- * EIP-712 domain).
- *
- * Token-domain concern, reused by both the x402 signer (`src/x402/client.ts`)
- * and the M6 PolicyGatedSigner (`src/signer/`).
- *
- * @packageDocumentation
- */
-
-/** EIP-712 token domain `name` / `version` pair. */
-interface X402TokenDomain {
-    readonly name: string;
-    readonly version: string;
-}
-/**
- * Asset binding for {@link createX402PaymentSigner} and the M6 PolicyGatedSigner.
- * Required, discriminated.
- *
- * **Default-on whitelist**: integrators MUST declare which asset they intend
- * to sign for. The `known` branch references a kawasekit-maintained
- * whitelist (see `src/tokens/known-assets.ts`); the `unsafeOverride` branch
- * is the deliberate escape hatch for any other asset and is named loudly so
- * it survives a code review. Either way, the signer pins the EIP-712 domain
- * at construction time and refuses to sign if `paymentRequirements.asset`
- * disagrees with the pinned `verifyingContract`.
- *
- * Closes Threat 1.4 (misadvertised EIP-712 domain): the server's advertised
- * `extra.name` / `extra.version` and `asset` are all ignored for signing
- * purposes — the signer trusts only what the integrator declared here.
- */
-type X402AssetParam = {
-    /** Use a kawasekit-maintained pinned EIP-712 domain. */
-    readonly kind: "known";
-    /** The asset id to pin. See {@link KnownAssetId} for the registry. */
-    readonly id: KnownAssetId;
-} | {
-    /**
-     * Use a caller-supplied EIP-712 domain for an asset NOT on the
-     * kawasekit whitelist. The name is deliberately loud — pick this
-     * branch only when you have separately audited the contract and its
-     * `eip712Domain()` output.
-     */
-    readonly kind: "unsafeOverride";
-    readonly domain: {
-        readonly name: string;
-        readonly version: string;
-        readonly verifyingContract: Address;
-    };
-};
-
-export { type KnownAssetDomain as K, type X402AssetParam as X, type KnownAssetId as a, type X402TokenDomain as b, getKnownAssetDomain as g, listKnownAssetIds as l };

package/dist/asset-domain-CpJuDkI2.d.ts

@@ -1,102 +0,0 @@
-import { Address } from 'viem';
-
-/**
- * Known-asset registry for {@link createX402PaymentSigner}'s
- * `asset: { kind: "known", id }` discriminated-union branch.
- *
- * kawasekit only ships pinned EIP-712 domain definitions for assets it has
- * verified empirically against the deployed contracts. Adding a new entry
- * here requires citing the source-file + line reference for the contract
- * that owns the `name` / `version` (so the next reviewer can spot-check the
- * claim, the same discipline `docs/THREAT_MODEL.md` §0 demands of any ✅
- * verdict that delegates to an out-of-scope component).
- *
- * @packageDocumentation
- */
-
-/** Known asset identifiers. New entries must update this union AND the table. */
-type KnownAssetId = "jpyc-v2";
-/** Fully-pinned EIP-712 domain for a known asset. */
-interface KnownAssetDomain {
-    readonly id: KnownAssetId;
-    readonly name: string;
-    readonly version: string;
-    readonly verifyingContract: Address;
-}
-/**
- * Look up a known asset's pinned EIP-712 domain by id.
- *
- * @returns The domain, or `undefined` if the id is not in the registry.
- *
- * @example
- * ```ts
- * import { getKnownAssetDomain } from "kawasekit";
- *
- * const jpyc = getKnownAssetDomain("jpyc-v2");
- * if (jpyc === undefined) throw new Error("unreachable");
- * console.log(jpyc.verifyingContract); // 0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29
- * ```
- */
-declare function getKnownAssetDomain(id: KnownAssetId): KnownAssetDomain | undefined;
-/** List every known asset id (for diagnostics / error messages). */
-declare function listKnownAssetIds(): readonly KnownAssetId[];
-
-/**
- * EIP-712 asset-domain resolution for x402 / EIP-3009 signing.
- *
- * Construction-time pinning of the EIP-712 domain (`name` / `version` /
- * `verifyingContract`) a signer will use. The integrator declares an
- * {@link X402AssetParam} — either a kawasekit-maintained `known` asset or a
- * loud `unsafeOverride` — and {@link resolveAssetParam} resolves it to a pinned
- * {@link ResolvedAsset}. The signer then trusts only this pinned domain and
- * refuses to sign for a mismatched advertised asset (Threat 1.4: misadvertised
- * EIP-712 domain).
- *
- * Token-domain concern, reused by both the x402 signer (`src/x402/client.ts`)
- * and the M6 PolicyGatedSigner (`src/signer/`).
- *
- * @packageDocumentation
- */
-
-/** EIP-712 token domain `name` / `version` pair. */
-interface X402TokenDomain {
-    readonly name: string;
-    readonly version: string;
-}
-/**
- * Asset binding for {@link createX402PaymentSigner} and the M6 PolicyGatedSigner.
- * Required, discriminated.
- *
- * **Default-on whitelist**: integrators MUST declare which asset they intend
- * to sign for. The `known` branch references a kawasekit-maintained
- * whitelist (see `src/tokens/known-assets.ts`); the `unsafeOverride` branch
- * is the deliberate escape hatch for any other asset and is named loudly so
- * it survives a code review. Either way, the signer pins the EIP-712 domain
- * at construction time and refuses to sign if `paymentRequirements.asset`
- * disagrees with the pinned `verifyingContract`.
- *
- * Closes Threat 1.4 (misadvertised EIP-712 domain): the server's advertised
- * `extra.name` / `extra.version` and `asset` are all ignored for signing
- * purposes — the signer trusts only what the integrator declared here.
- */
-type X402AssetParam = {
-    /** Use a kawasekit-maintained pinned EIP-712 domain. */
-    readonly kind: "known";
-    /** The asset id to pin. See {@link KnownAssetId} for the registry. */
-    readonly id: KnownAssetId;
-} | {
-    /**
-     * Use a caller-supplied EIP-712 domain for an asset NOT on the
-     * kawasekit whitelist. The name is deliberately loud — pick this
-     * branch only when you have separately audited the contract and its
-     * `eip712Domain()` output.
-     */
-    readonly kind: "unsafeOverride";
-    readonly domain: {
-        readonly name: string;
-        readonly version: string;
-        readonly verifyingContract: Address;
-    };
-};
-
-export { type KnownAssetDomain as K, type X402AssetParam as X, type KnownAssetId as a, type X402TokenDomain as b, getKnownAssetDomain as g, listKnownAssetIds as l };

package/dist/chunk-E2EG72U2.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/x402/client.ts","../src/x402/facilitator.ts","../src/x402/fetch.ts"],"names":["getAddress"],"mappings":";;;;;;;;;AAmDO,IAAM,2CAAA,GAA8C;AAoJ3D,IAAM,WAAA,GAAA,CAAe,MAAM,IAAA,IAAQ,EAAA;AACnC,IAAM,eAAA,GAAkB,mBAAA;AAExB,SAAS,eAAA,CAAgB,OAAe,KAAA,EAAuB;AAC9D,EAAA,IAAI,CAAC,eAAA,CAAgB,IAAA,CAAK,KAAK,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,qBAAA;AAAA,MACA,KAAK,KAAK,CAAA,8CAAA,EAAiD,IAAA,CAAK,SAAA,CAAU,KAAK,CAAC,CAAA;AAAA,KACjF;AAAA,EACD;AACA,EAAA,MAAM,MAAA,GAAS,OAAO,KAAK,CAAA;AAC3B,EAAA,IAAI,SAAS,WAAA,EAAa;AACzB,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,qBAAA;AAAA,MACA,CAAA,EAAA,EAAK,KAAK,CAAA,wBAAA,EAA2B,KAAK,CAAA;AAAA,KAC3C;AAAA,EACD;AACA,EAAA,OAAO,MAAA;AACR;AAEA,SAAS,aAAA,CAAc,OAAe,KAAA,EAAwB;AAC7D,EAAA,IAAI,CAAC,SAAA,CAAU,KAAA,EAAO,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG;AACzC,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,qBAAA;AAAA,MACA,CAAA,EAAA,EAAK,KAAK,CAAA,2BAAA,EAA8B,KAAK,CAAA;AAAA,KAC9C;AAAA,EACD;AACA,EAAA,OAAO,KAAA;AACR;AAEA,SAAS,qBAAqB,YAAA,EAK5B;AACD,EAAA,IAAI,YAAA,CAAa,WAAW,OAAA,EAAS;AACpC,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,qBAAA;AAAA,MACA,CAAA,oBAAA,EAAuB,aAAa,MAAM,CAAA;AAAA,KAC3C;AAAA,EACD;AACA,EAAA,MAAM,OAAA,GAAU,oBAAA,CAAqB,YAAA,CAAa,OAAO,CAAA;AACzD,EAAA,IAAI,CAAC,kBAAA,CAAmB,OAAO,CAAA,EAAG;AAGjC,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,qBAAA;AAAA,MACA,CAAA,qBAAA,EAAwB,aAAa,OAAO,CAAA;AAAA,KAC7C;AAAA,EACD;AACA,EAAA,MAAM,KAAA,GAAQ,eAAA,CAAgB,YAAA,CAAa,MAAA,EAAQ,QAAQ,CAAA;AAC3D,EAAA,IAAI,UAAU,EAAA,EAAI;AACjB,IAAA,MAAM,IAAI,uBAAA,CAAwB,qBAAA,EAAuB,2BAA2B,CAAA;AAAA,EACrF;AACA,EAAA,IAAI,YAAA,CAAa,qBAAqB,CAAA,EAAG;AACxC,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,qBAAA;AAAA,MACA,CAAA,4CAAA,EAA+C,aAAa,iBAAiB,CAAA;AAAA,KAC9E;AAAA,EACD;AACA,EAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,YAAA,CAAa,KAAA,EAAO,OAAO,CAAA;AACvD,EAAA,MAAM,KAAA,GAAQ,aAAA,CAAc,YAAA,CAAa,KAAA,EAAO,OAAO,CAAA;AACvD,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,KAAA,EAAM;AACvC;AA6BO,SAAS,wBAAwB,MAAA,EAA0D;AACjG,EAAA,IAAI,MAAA,CAAO,WAAW,MAAA,EAAW;AAChC,IAAA,OAAO,oCAAoC,MAAM,CAAA;AAAA,EAClD;AACA,EAAA,MAAM,EAAE,OAAA,EAAS,OAAA,EAAQ,GAAI,MAAA;AAC7B,EAAA,MAAM,sBAAA,GACL,OAAO,sBAAA,IAA0B,2CAAA;AAClC,EAAA,IAAI,0BAA0B,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,yBAAA;AAAA,MACA,oDAAoD,sBAAsB,CAAA;AAAA,KAC3E;AAAA,EACD;AACA,EAAA,MAAM,mBAAmB,MAAA,CAAO,gBAAA;AAChC,EAAA,IAAI,gBAAA,KAAqB,MAAA,IAAa,gBAAA,IAAoB,EAAA,EAAI;AAC7D,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,yBAAA;AAAA,MACA,uDAAuD,gBAAgB,CAAA;AAAA,KACxE;AAAA,EACD;AACA,EAAA,MAAM,YAAA,GAAe,iBAAA,CAAkB,MAAA,CAAO,KAAK,CAAA;AAEnD,EAAA,OAAO;AAAA,IACN,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,MAAM,KAAK,UAAA,EAAY;AACtB,MAAA,MAAM,EAAE,qBAAoB,GAAI,UAAA;AAChC,MAAA,MAAM,EAAE,OAAA,EAAS,KAAA,EAAO,OAAO,KAAA,EAAM,GAAI,qBAAqB,mBAAmB,CAAA;AACjF,MAAA,MAAM,KAAA,GAAQ,SAAS,OAAO,CAAA;AAC9B,MAAA,IAAI,OAAA,KAAY,SAAA,IAAa,KAAA,CAAM,SAAA,EAAW;AAC7C,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,CAAA,sEAAA,EAAyE,mBAAA,CAAoB,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,cAAA;AAAA,SAC1H;AAAA,MACD;AACA,MAAA,IAAI,OAAA,KAAY,SAAA,IAAa,CAAC,KAAA,CAAM,SAAA,EAAW;AAC9C,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,CAAA,sEAAA,EAAyE,mBAAA,CAAoB,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,6DAAA;AAAA,SAC1H;AAAA,MACD;AACA,MAAA,IAAI,UAAA,CAAW,KAAK,CAAA,KAAM,YAAA,CAAa,iBAAA,EAAmB;AACzD,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,uBAAuB,UAAA,CAAW,KAAK,CAAC,CAAA,wDAAA,EAA2D,aAAa,iBAAiB,CAAA,8EAAA;AAAA,SAClI;AAAA,MACD;AACA,MAAA,IAAI,gBAAA,KAAqB,MAAA,IAAa,KAAA,GAAQ,gBAAA,EAAkB;AAC/D,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,CAAA,qBAAA,EAAwB,KAAK,CAAA,qDAAA,EAAwD,gBAAgB,CAAA,0FAAA;AAAA,SACtG;AAAA,MACD;AAEA,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,GAAA,CAAI,sBAAA,EAAwB,oBAAoB,iBAAiB,CAAA;AACvF,MAAA,MAAM,UAAA,GAAa,WAAW,UAAA,IAAc,EAAA;AAC5C,MAAA,MAAM,WAAA,GAAc,UAAA,CAAW,WAAA,IAAe,4BAAA,CAA6B,QAAQ,CAAA;AACnF,MAAA,IAAI,eAAe,UAAA,EAAY;AAC9B,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,CAAA,iBAAA,EAAoB,WAAW,CAAA,uCAAA,EAA0C,UAAU,CAAA,CAAA;AAAA,SACpF;AAAA,MACD;AAEA,MAAA,MAAM,KAAA,GACL,UAAA,CAAW,cAAA,KAAmB,MAAA,GAC3B,wBAAA;AAAA,QACA,EAAE,cAAA,EAAgB,UAAA,CAAW,cAAA,EAAe;AAAA,QAC5C;AAAA,UACC,MAAM,OAAA,CAAQ,OAAA;AAAA,UACd,mBAAmB,YAAA,CAAa,iBAAA;AAAA,UAChC;AAAA;AACD,UAEA,0BAAA,EAA2B;AAC/B,MAAA,MAAM,SAAS,MAAM,6BAAA;AAAA,QACpB,OAAA;AAAA,QACA;AAAA,UACC,MAAM,YAAA,CAAa,IAAA;AAAA,UACnB,SAAS,YAAA,CAAa,OAAA;AAAA,UACtB,OAAA;AAAA,UACA,mBAAmB,YAAA,CAAa;AAAA,SACjC;AAAA,QACA;AAAA,UACC,MAAM,OAAA,CAAQ,OAAA;AAAA,UACd,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA;AAAA,UACA,UAAA;AAAA,UACA,WAAA;AAAA,UACA;AAAA;AACD,OACD;AAEA,MAAA,MAAM,OAAA,GAA+B;AAAA,QACpC,WAAW,MAAA,CAAO,SAAA;AAAA,QAClB,aAAA,EAAe;AAAA,UACd,IAAA,EAAM,OAAO,OAAA,CAAQ,IAAA;AAAA,UACrB,EAAA,EAAI,OAAO,OAAA,CAAQ,EAAA;AAAA,UACnB,KAAA,EAAO,MAAA,CAAO,OAAA,CAAQ,KAAA,CAAM,QAAA,EAAS;AAAA,UACrC,UAAA,EAAY,MAAA,CAAO,OAAA,CAAQ,UAAA,CAAW,QAAA,EAAS;AAAA,UAC/C,WAAA,EAAa,MAAA,CAAO,OAAA,CAAQ,WAAA,CAAY,QAAA,EAAS;AAAA,UACjD,KAAA,EAAO,OAAO,OAAA,CAAQ;AAAA;AACvB,OACD;AAEA,MAAA,MAAM,MAAA,GAA6B,WAAW,QAAA,GAC3C;AAAA,QACA,WAAA,EAAa,YAAA;AAAA,QACb,UAAU,UAAA,CAAW,QAAA;AAAA,QACrB,QAAA,EAAU,mBAAA;AAAA,QACV,OAAA,EAAS,EAAE,GAAG,OAAA;AAAQ,OACvB,GACC;AAAA,QACA,WAAA,EAAa,YAAA;AAAA,QACb,QAAA,EAAU,mBAAA;AAAA,QACV,OAAA,EAAS,EAAE,GAAG,OAAA;AAAQ,OACvB;AACF,MAAA,OAAO,MAAA;AAAA,IACR;AAAA,GACD;AACD;AAaA,SAAS,oCACR,MAAA,EACoB;AACpB,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAQ,GAAI,MAAA;AAC5B,EAAA,MAAM,sBAAA,GACL,OAAO,sBAAA,IAA0B,2CAAA;AAClC,EAAA,IAAI,0BAA0B,CAAA,EAAG;AAChC,IAAA,MAAM,IAAI,uBAAA;AAAA,MACT,yBAAA;AAAA,MACA,oDAAoD,sBAAsB,CAAA;AAAA,KAC3E;AAAA,EACD;AACA,EAAA,IAAI,MAAA,CAAO,uBAAuB,MAAA,EAAW;AAC5C,IAAA,mBAAA,CAAoB,MAAM,CAAA;AAAA,EAC3B;AACA,EAAA,MAAM,YAAA,GAAe,iBAAA,CAAkB,MAAA,CAAO,KAAK,CAAA;AACnD,EAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AAEpB,EAAA,OAAO;AAAA,IACN,OAAA,EAAS,IAAA;AAAA,IACT,MAAM,KAAK,UAAA,EAAY;AACtB,MAAA,MAAM,EAAE,qBAAoB,GAAI,UAAA;AAChC,MAAA,MAAM,EAAE,OAAA,EAAS,KAAA,EAAO,OAAO,KAAA,EAAM,GAAI,qBAAqB,mBAAmB,CAAA;AACjF,MAAA,MAAM,KAAA,GAAQ,SAAS,OAAO,CAAA;AAC9B,MAAA,IAAI,OAAA,KAAY,SAAA,IAAa,KAAA,CAAM,SAAA,EAAW;AAC7C,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,CAAA,sEAAA,EAAyE,mBAAA,CAAoB,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,cAAA;AAAA,SAC1H;AAAA,MACD;AACA,MAAA,IAAI,OAAA,KAAY,SAAA,IAAa,CAAC,KAAA,CAAM,SAAA,EAAW;AAC9C,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,CAAA,sEAAA,EAAyE,mBAAA,CAAoB,OAAO,CAAA,WAAA,EAAc,OAAO,CAAA,6DAAA;AAAA,SAC1H;AAAA,MACD;AACA,MAAA,IAAI,UAAA,CAAW,KAAK,CAAA,KAAM,YAAA,CAAa,iBAAA,EAAmB;AACzD,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,uBAAuB,UAAA,CAAW,KAAK,CAAC,CAAA,wDAAA,EAA2D,aAAa,iBAAiB,CAAA,8EAAA;AAAA,SAClI;AAAA,MACD;AAEA,MAAA,MAAM,QAAA,GAAW,IAAA,CAAK,GAAA,CAAI,sBAAA,EAAwB,oBAAoB,iBAAiB,CAAA;AACvF,MAAA,MAAM,UAAA,GAAa,WAAW,UAAA,IAAc,EAAA;AAC5C,MAAA,MAAM,WAAA,GAAc,UAAA,CAAW,WAAA,IAAe,4BAAA,CAA6B,QAAQ,CAAA;AACnF,MAAA,IAAI,eAAe,UAAA,EAAY;AAC9B,QAAA,MAAM,IAAI,uBAAA;AAAA,UACT,qBAAA;AAAA,UACA,CAAA,iBAAA,EAAoB,WAAW,CAAA,uCAAA,EAA0C,UAAU,CAAA,CAAA;AAAA,SACpF;AAAA,MACD;AAEA,MAAA,MAAM,KAAA,GACL,UAAA,CAAW,cAAA,KAAmB,MAAA,GAC3B,wBAAA;AAAA,QACA,EAAE,cAAA,EAAgB,UAAA,CAAW,cAAA,EAAe;AAAA,QAC5C,EAAE,IAAA,EAAM,iBAAA,EAAmB,YAAA,CAAa,mBAAmB,OAAA;AAAQ,UAEnE,0BAAA,EAA2B;AAE/B,MAAA,MAAM,MAAA,GAAwB;AAAA,QAC7B,OAAO,YAAA,CAAa,iBAAA;AAAA,QACpB,OAAA;AAAA,QACA,IAAA;AAAA,QACA,EAAA,EAAI,KAAA;AAAA,QACJ,KAAA;AAAA,QACA,UAAA;AAAA,QACA,WAAA;AAAA,QACA;AAAA,OACD;AAEA,MAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,IAAA,CAAK,MAAM,CAAA;AAC3C,MAAA,IAAI,CAAC,WAAW,EAAA,EAAI;AACnB,QAAA,MAAM,IAAI,uBAAA,CAAwB,UAAA,CAAW,SAAS,CAAA;AAAA,MACvD;AAEA,MAAA,MAAM,OAAA,GAA+B;AAAA,QACpC,WAAW,UAAA,CAAW,SAAA;AAAA,QACtB,aAAA,EAAe;AAAA,UACd,IAAA;AAAA,UACA,EAAA,EAAI,KAAA;AAAA,UACJ,KAAA,EAAO,MAAM,QAAA,EAAS;AAAA,UACtB,UAAA,EAAY,WAAW,QAAA,EAAS;AAAA,UAChC,WAAA,EAAa,YAAY,QAAA,EAAS;AAAA,UAClC;AAAA;AACD,OACD;AAEA,MAAA,MAAM,MAAA,GAA6B,WAAW,QAAA,GAC3C;AAAA,QACA,WAAA,EAAa,YAAA;AAAA,QACb,UAAU,UAAA,CAAW,QAAA;AAAA,QACrB,QAAA,EAAU,mBAAA;AAAA,QACV,OAAA,EAAS,EAAE,GAAG,OAAA;AAAQ,OACvB,GACC;AAAA,QACA,WAAA,EAAa,YAAA;AAAA,QACb,QAAA,EAAU,mBAAA;AAAA,QACV,OAAA,EAAS,EAAE,GAAG,OAAA;AAAQ,OACvB;AACF,MAAA,OAAO,MAAA;AAAA,IACR;AAAA,GACD;AACD;ACjeO,IAAM,4BAAA,GAA+B;AAAA,EAC3C,kBAAA,EAAoB,oBAAA;AAAA,EACpB,mDAAA,EACC,qDAAA;AAAA,EACD,oDAAA,EACC,sDAAA;AAAA,EACD,sDAAA,EACC,wDAAA;AAAA,EACD,4CAAA,EAA8C,8CAAA;AAAA,EAC9C,mCAAA,EAAqC,qCAAA;AAAA,EACrC,eAAA,EAAiB,iBAAA;AAAA,EACjB,eAAA,EAAiB,iBAAA;AAAA,EACjB,cAAA,EAAgB,gBAAA;AAAA,EAChB,yBAAA,EAA2B,2BAAA;AAAA,EAC3B,uBAAA,EAAyB,yBAAA;AAAA,EACzB,uBAAA,EAAyB;AAC1B;AAqBA,SAAS,MAAM,KAAA,EAA8B;AAC5C,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,kBAAA,CAAmB,KAAK,KAAK,CAAA;AAClE;AAEA,SAAS,cAAc,KAAA,EAAkC;AACxD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,qBAAA,CAAsB,KAAK,KAAK,CAAA;AACrE;AAEA,SAAS,gBAAgB,KAAA,EAAiC;AACzD,EAAA,OAAO,OAAO,KAAA,KAAU,QAAA,IAAY,mBAAA,CAAoB,KAAK,KAAK,CAAA;AACnE;AAEA,SAAS,sBAAsB,OAAA,EAAgE;AAC9F,EAAA,MAAM,CAAA,GAAI,OAAA;AACV,EAAA,IAAI,CAAC,KAAA,CAAM,CAAA,CAAE,SAAS,GAAG,OAAO,IAAA;AAChC,EAAA,IAAI,OAAO,CAAA,CAAE,aAAA,KAAkB,YAAY,CAAA,CAAE,aAAA,KAAkB,MAAM,OAAO,IAAA;AAC5E,EAAA,MAAM,IAAI,CAAA,CAAE,aAAA;AAQZ,EAAA,IAAI,CAAC,aAAA,CAAc,CAAA,CAAE,IAAI,GAAG,OAAO,IAAA;AACnC,EAAA,IAAI,CAAC,aAAA,CAAc,CAAA,CAAE,EAAE,GAAG,OAAO,IAAA;AACjC,EAAA,IAAI,CAAC,eAAA,CAAgB,CAAA,CAAE,KAAK,GAAG,OAAO,IAAA;AACtC,EAAA,IAAI,CAAC,eAAA,CAAgB,CAAA,CAAE,UAAU,GAAG,OAAO,IAAA;AAC3C,EAAA,IAAI,CAAC,eAAA,CAAgB,CAAA,CAAE,WAAW,GAAG,OAAO,IAAA;AAC5C,EAAA,IAAI,CAAC,KAAA,CAAM,CAAA,CAAE,KAAK,GAAG,OAAO,IAAA;AAC5B,EAAA,OAAO;AAAA,IACN,WAAW,CAAA,CAAE,SAAA;AAAA,IACb,aAAA,EAAe;AAAA,MACd,MAAM,CAAA,CAAE,IAAA;AAAA,MACR,IAAI,CAAA,CAAE,EAAA;AAAA,MACN,OAAO,CAAA,CAAE,KAAA;AAAA,MACT,YAAY,CAAA,CAAE,UAAA;AAAA,MACd,aAAa,CAAA,CAAE,WAAA;AAAA,MACf,OAAO,CAAA,CAAE;AAAA;AACV,GACD;AACD;AAEA,IAAM,4BAAA,GAA+B;AAAA,EACpC,yBAAA,EAA2B;AAAA,IAC1B,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU;AAAA,IAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,IACjC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,IACtC,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,IACvC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AAEnC,CAAA;AAEA,SAAS,cAAc,YAAA,EAGrB;AACD,EAAA,MAAM,QAAQ,YAAA,CAAa,KAAA;AAC3B,EAAA,IAAI,OAAO,KAAA,CAAM,IAAA,KAAS,YAAY,OAAO,KAAA,CAAM,YAAY,QAAA,EAAU;AACxE,IAAA,OAAO,EAAE,IAAA,EAAM,KAAA,CAAM,IAAA,EAAM,OAAA,EAAS,MAAM,OAAA,EAAQ;AAAA,EACnD;AACA,EAAA,IAAIA,WAAW,YAAA,CAAa,KAAK,CAAA,KAAMA,UAAAA,CAAW,eAAe,CAAA,EAAG;AACnE,IAAA,OAAO,uBAAA;AAAA,EACR;AACA,EAAA,MAAM,IAAI,KAAA;AAAA,IACT;AAAA,GACD;AACD;AAEA,SAAS,UAAA,CACR,MAAA,EACA,OAAA,EACA,KAAA,EACqB;AACrB,EAAA,IAAI,OAAA,KAAY,MAAA,IAAa,KAAA,KAAU,MAAA,EAAW;AACjD,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,eAAe,MAAA,EAAQ,cAAA,EAAgB,SAAS,KAAA,EAAM;AAAA,EAChF;AACA,EAAA,IAAI,YAAY,MAAA,EAAW;AAC1B,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAA,EAAe,MAAA,EAAQ,gBAAgB,OAAA,EAAQ;AAAA,EACzE;AACA,EAAA,IAAI,UAAU,MAAA,EAAW;AACxB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAA,EAAe,QAAQ,KAAA,EAAM;AAAA,EACvD;AACA,EAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,aAAA,EAAe,MAAA,EAAO;AAChD;AAEA,SAAS,UAAA,CACR,OAAA,EACA,MAAA,EACA,OAAA,GAAuE,EAAC,EACnD;AACrB,EAAA,MAAM,WAAA,GAAc,QAAQ,WAAA,IAAe,EAAA;AAC3C,EAAA,MAAM,IAAA,GAA2B;AAAA,IAChC,OAAA,EAAS,KAAA;AAAA,IACT,WAAA,EAAa,MAAA;AAAA,IACb,WAAA;AAAA,IACA;AAAA,GACD;AACA,EAAA,IAAI,OAAA,CAAQ,OAAA,KAAY,MAAA,IAAa,OAAA,CAAQ,UAAU,MAAA,EAAW;AACjE,IAAA,OAAO,EAAE,GAAG,IAAA,EAAM,YAAA,EAAc,QAAQ,OAAA,EAAS,KAAA,EAAO,QAAQ,KAAA,EAAM;AAAA,EACvE;AACA,EAAA,IAAI,OAAA,CAAQ,YAAY,MAAA,EAAW;AAClC,IAAA,OAAO,EAAE,GAAG,IAAA,EAAM,YAAA,EAAc,QAAQ,OAAA,EAAQ;AAAA,EACjD;AACA,EAAA,IAAI,OAAA,CAAQ,UAAU,MAAA,EAAW;AAChC,IAAA,OAAO,EAAE,GAAG,IAAA,EAAM,KAAA,EAAO,QAAQ,KAAA,EAAM;AAAA,EACxC;AACA,EAAA,OAAO,IAAA;AACR;AAmEA,IAAM,wBAAA,GAA2B,GAAA;AACjC,IAAM,oBAAA,GAAuB,IAAA;AAC7B,IAAM,qBAAA,GAAwB,GAAA;AAmBvB,SAAS,sBAAA,CAAuB,OAAoB,aAAA,EAA+B;AACzF,EAAA,MAAM,MAAA,GAAS,oBAAA,GAAuB,aAAA,GAAgB,KAAA,CAAM,WAAA,GAAc,qBAAA;AAC1E,EAAA,OAAO,KAAK,GAAA,CAAI,wBAAA,EAA0B,IAAA,CAAK,IAAA,CAAK,MAAM,CAAC,CAAA;AAC5D;AAmCO,SAAS,sBAAsB,MAAA,EAAkD;AACvF,EAAA,MAAM,EAAE,YAAA,EAAc,YAAA,EAAa,GAAI,MAAA;AACvC,EAAA,MAAM,kBAAA,GAAqB,aAAa,KAAA,CAAM,EAAA;AAC9C,EAAA,IAAI,CAAC,kBAAA,CAAmB,kBAAkB,CAAA,EAAG;AAC5C,IAAA,MAAM,IAAI,KAAA;AAAA,MACT,gDAAgD,kBAAkB,CAAA,mCAAA;AAAA,KACnE;AAAA,EACD;AACA,EAAA,MAAM,gBAAA,GAAqC,kBAAA;AAC3C,EAAA,MAAM,KAAA,GAAQ,SAAS,gBAAgB,CAAA;AACvC,EAAA,IAAI,MAAA,CAAO,OAAA,KAAY,SAAA,IAAa,KAAA,CAAM,SAAA,EAAW;AACpD,IAAA,MAAM,IAAI,KAAA;AAAA,MACT,CAAA,iEAAA,EAAoE,KAAA,CAAM,IAAI,CAAA,WAAA,EAAc,gBAAgB,CAAA,cAAA;AAAA,KAC7G;AAAA,EACD;AACA,EAAA,IAAI,MAAA,CAAO,OAAA,KAAY,SAAA,IAAa,CAAC,MAAM,SAAA,EAAW;AACrD,IAAA,MAAM,IAAI,KAAA;AAAA,MACT,CAAA,iEAAA,EAAoE,KAAA,CAAM,IAAI,CAAA,WAAA,EAAc,gBAAgB,CAAA,2DAAA;AAAA,KAC7G;AAAA,EACD;AAKA,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,aAAA,IAAiB,KAAA,CAAM,oBAAA;AAIpD,EAAA,MAAM,gBAAA,GAAmB,MAAA,CAAO,gBAAA,IAAoB,sBAAA,CAAuB,OAAO,aAAa,CAAA;AAU/F,EAAA,IAAI,YAAA,CAAa,OAAA,CAAQ,YAAA,KAAiB,MAAA,EAAW;AACpD,IAAA,MAAM,IAAI,KAAA;AAAA,MACT;AAAA,KACD;AAAA,EACD;AAEA,EAAA,MAAM,OAAA,GAAU,qBAAqB,gBAAgB,CAAA;AACrD,EAAA,MAAM,QAAQ,MAAA,CAAO,KAAA;AAErB,EAAA,SAAS,gBAAA,CACR,GAAA,EACA,QAAA,EACA,WAAA,EACc;AACd,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,GAAA,EAAI,GAAI,WAAA;AAChC,IAAA,MAAM,YAAA,GAAe,IAAI,mBAAA,CAAoB,OAAA;AAC7C,IAAA,IAAI,QAAA,CAAS,OAAA,IAAW,QAAA,CAAS,KAAA,KAAU,MAAA,EAAW;AACrD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM,QAAA;AAAA,QACN,MAAA,EAAQ,SAAA;AAAA,QACR,WAAA;AAAA,QACA,UAAA;AAAA,QACA,OAAA,EAAS,YAAA;AAAA,QACT,OAAO,QAAA,CAAS,KAAA;AAAA,QAChB,MAAA,EAAQ,IAAI,mBAAA,CAAoB;AAAA,OACjC;AAAA,IACD;AACA,IAAA,IAAI,SAAS,OAAA,EAAS;AAIrB,MAAA,OAAO;AAAA,QACN,IAAA,EAAM,QAAA;AAAA,QACN,MAAA,EAAQ,SAAA;AAAA,QACR,WAAA;AAAA,QACA,UAAA;AAAA,QACA,OAAA,EAAS,YAAA;AAAA,QACT,aAAA,EAAe,yBAAA;AAAA,QACf,cAAA,EAAgB;AAAA,OACjB;AAAA,IACD;AACA,IAAA,MAAM,IAAA,GAAO;AAAA,MACZ,IAAA,EAAM,QAAA;AAAA,MACN,MAAA,EAAQ,SAAA;AAAA,MACR,WAAA;AAAA,MACA,UAAA;AAAA,MACA,OAAA,EAAS,YAAA;AAAA,MACT,aAAA,EAAe,SAAS,aAAA,IAAiB;AAAA,KAC1C;AACA,IAAA,IAAI,QAAA,CAAS,KAAA,KAAU,MAAA,IAAa,QAAA,CAAS,mBAAmB,MAAA,EAAW;AAC1E,MAAA,OAAO,EAAE,GAAG,IAAA,EAAM,KAAA,EAAO,SAAS,KAAA,EAAO,cAAA,EAAgB,SAAS,cAAA,EAAe;AAAA,IAClF;AACA,IAAA,IAAI,QAAA,CAAS,UAAU,MAAA,EAAW;AACjC,MAAA,OAAO,EAAE,GAAG,IAAA,EAAM,KAAA,EAAO,SAAS,KAAA,EAAM;AAAA,IACzC;AACA,IAAA,IAAI,QAAA,CAAS,mBAAmB,MAAA,EAAW;AAC1C,MAAA,OAAO,EAAE,GAAG,IAAA,EAAM,cAAA,EAAgB,SAAS,cAAA,EAAe;AAAA,IAC3D;AACA,IAAA,OAAO,IAAA;AAAA,EACR;AAEA,EAAA,SAAS,gBAAA,CACR,GAAA,EACA,QAAA,EACA,WAAA,EACc;AACd,IAAA,MAAM,UAAA,GAAa,IAAA,CAAK,GAAA,EAAI,GAAI,WAAA;AAChC,IAAA,MAAM,YAAA,GAAe,IAAI,mBAAA,CAAoB,OAAA;AAC7C,IAAA,IAAI,QAAA,CAAS,OAAA,IAAW,QAAA,CAAS,KAAA,KAAU,MAAA,EAAW;AACrD,MAAA,OAAO;AAAA,QACN,IAAA,EAAM,QAAA;AAAA,QACN,MAAA,EAAQ,SAAA;AAAA,QACR,WAAA;AAAA,QACA,UAAA;AAAA,QACA,OAAA,EAAS,YAAA;AAAA,QACT,OAAO,QAAA,CAAS,KAAA;AAAA,QAChB,MAAA,EAAQ,IAAI,mBAAA,CAAoB,MAAA;AAAA,QAChC,aAAa,QAAA,CAAS;AAAA,OACvB;AAAA,IACD;AACA,IAAA,IAAI,SAAS,OAAA,EAAS;AAIrB,MAAA,OAAO;AAAA,QACN,IAAA,EAAM,QAAA;AAAA,QACN,MAAA,EAAQ,SAAA;AAAA,QACR,WAAA;AAAA,QACA,UAAA;AAAA,QACA,OAAA,EAAS,YAAA;AAAA,QACT,WAAA,EAAa,yBAAA;AAAA,QACb,YAAA,EAAc,6CAAA;AAAA,QACd,aAAa,QAAA,CAAS;AAAA,OACvB;AAAA,IACD;AACA,IAAA,MAAM,IAAA,GAAO;AAAA,MACZ,IAAA,EAAM,QAAA;AAAA,MACN,MAAA,EAAQ,SAAA;AAAA,MACR,WAAA;AAAA,MACA,UAAA;AAAA,MACA,OAAA,EAAS,YAAA;AAAA,MACT,WAAA,EAAa,SAAS,WAAA,IAAe;AAAA,KACtC;AACA,IAAA,MAAM,SAAA,GAAY,QAAA,CAAS,KAAA,KAAU,MAAA,GAAY,EAAE,GAAG,IAAA,EAAM,KAAA,EAAO,QAAA,CAAS,KAAA,EAAM,GAAI,IAAA;AACtF,IAAA,MAAM,WAAA,GACL,QAAA,CAAS,YAAA,KAAiB,MAAA,GACvB,EAAE,GAAG,SAAA,EAAW,YAAA,EAAc,QAAA,CAAS,YAAA,EAAa,GACpD,SAAA;AACJ,IAAA,IAAI,QAAA,CAAS,WAAA,KAAgB,EAAA,IAAM,QAAA,CAAS,gBAAgB,MAAA,EAAW;AACtE,MAAA,OAAO,EAAE,GAAG,WAAA,EAAa,WAAA,EAAa,SAAS,WAAA,EAAmB;AAAA,IACnE;AACA,IAAA,OAAO,WAAA;AAAA,EACR;AAEA,EAAA,eAAe,WAAW,GAAA,EAAqD;AAE9E,IAAA,IAAI,GAAA,CAAI,mBAAA,CAAoB,MAAA,KAAW,OAAA,EAAS;AAC/C,MAAA,OAAO,WAAW,gBAAgB,CAAA;AAAA,IACnC;AACA,IAAA,IAAI,GAAA,CAAI,cAAA,CAAe,QAAA,CAAS,MAAA,KAAW,OAAA,EAAS;AACnD,MAAA,OAAO,WAAW,gBAAgB,CAAA;AAAA,IACnC;AACA,IAAA,MAAM,UAAA,GAAa,oBAAA,CAAqB,GAAA,CAAI,mBAAA,CAAoB,OAAO,CAAA;AACvE,IAAA,IAAI,eAAe,gBAAA,EAAkB;AACpC,MAAA,OAAO,WAAW,iBAAiB,CAAA;AAAA,IACpC;AACA,IAAA,IAAI,IAAI,cAAA,CAAe,QAAA,CAAS,OAAA,KAAY,GAAA,CAAI,oBAAoB,OAAA,EAAS;AAC5E,MAAA,OAAO,WAAW,iBAAiB,CAAA;AAAA,IACpC;AAGA,IAAA,MAAM,KAAA,GAAQ,qBAAA,CAAsB,GAAA,CAAI,cAAA,CAAe,OAAO,CAAA;AAC9D,IAAA,IAAI,UAAU,IAAA,EAAM;AACnB,MAAA,OAAO,WAAW,iBAAiB,CAAA;AAAA,IACpC;AACA,IAAA,MAAM,OAAO,KAAA,CAAM,aAAA;AAGnB,IAAA,IAAI,IAAA,CAAK,KAAA,KAAU,GAAA,CAAI,mBAAA,CAAoB,MAAA,EAAQ;AAClD,MAAA,OAAO,UAAA;AAAA,QACN,wDAAA;AAAA,QACA,MAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACN;AAAA,IACD;AACA,IAAA,IAAIA,UAAAA,CAAW,KAAK,EAAE,CAAA,KAAMA,WAAW,GAAA,CAAI,mBAAA,CAAoB,KAAK,CAAA,EAAG;AACtE,MAAA,OAAO,UAAA,CAAW,8CAAA,EAAgD,MAAA,EAAW,IAAA,CAAK,IAAI,CAAA;AAAA,IACvF;AAGA,IAAA,MAAM,GAAA,GAAM,OAAO,IAAA,CAAK,KAAA,CAAM,KAAK,GAAA,EAAI,GAAI,GAAI,CAAC,CAAA;AAChD,IAAA,MAAM,UAAA,GAAa,MAAA,CAAO,IAAA,CAAK,UAAU,CAAA;AACzC,IAAA,MAAM,WAAA,GAAc,MAAA,CAAO,IAAA,CAAK,WAAW,CAAA;AAC3C,IAAA,IAAI,MAAM,UAAA,EAAY;AACrB,MAAA,OAAO,UAAA;AAAA,QACN,qDAAA;AAAA,QACA,MAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACN;AAAA,IACD;AACA,IAAA,IAAI,OAAO,WAAA,EAAa;AACvB,MAAA,OAAO,UAAA;AAAA,QACN,sDAAA;AAAA,QACA,MAAA;AAAA,QACA,IAAA,CAAK;AAAA,OACN;AAAA,IACD;AAGA,IAAA,IAAI,SAAA;AACJ,IAAA,IAAI;AACH,MAAA,MAAM,MAAA,GAAS,aAAA,CAAc,GAAA,CAAI,mBAAmB,CAAA;AACpD,MAAA,SAAA,GAAY,MAAM,uBAAA,CAAwB;AAAA,QACzC,MAAA,EAAQ;AAAA,UACP,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,SAAS,MAAA,CAAO,OAAA;AAAA,UAChB,OAAA,EAAS,UAAA;AAAA,UACT,iBAAA,EAAmB,IAAI,mBAAA,CAAoB;AAAA,SAC5C;AAAA,QACA,KAAA,EAAO,4BAAA;AAAA,QACP,WAAA,EAAa,2BAAA;AAAA,QACb,OAAA,EAAS;AAAA,UACR,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,IAAI,IAAA,CAAK,EAAA;AAAA,UACT,KAAA,EAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA;AAAA,UACxB,UAAA;AAAA,UACA,WAAA;AAAA,UACA,OAAO,IAAA,CAAK;AAAA,SACb;AAAA,QACA,WAAW,KAAA,CAAM;AAAA,OACjB,CAAA;AAAA,IACF,SAAS,KAAA,EAAO;AACf,MAAA,OAAO,UAAA;AAAA,QACN,yBAAA;AAAA,QACA,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,QACrD,IAAA,CAAK;AAAA,OACN;AAAA,IACD;AACA,IAAA,IAAIA,WAAW,SAAS,CAAA,KAAMA,UAAAA,CAAW,IAAA,CAAK,IAAI,CAAA,EAAG;AACpD,MAAA,OAAO,UAAA,CAAW,qCAAA,EAAuC,MAAA,EAAW,IAAA,CAAK,IAAI,CAAA;AAAA,IAC9E;AAGA,IAAA,IAAI;AACH,MAAA,MAAM,CAAC,OAAA,EAAS,IAAI,CAAA,GAAI,MAAM,QAAQ,GAAA,CAAI;AAAA,QACzC,aAAa,YAAA,CAAa;AAAA,UACzB,OAAA,EAAS,IAAI,mBAAA,CAAoB,KAAA;AAAA,UACjC,GAAA,EAAK,OAAA;AAAA,UACL,YAAA,EAAc,WAAA;AAAA,UACd,IAAA,EAAM,CAAC,IAAA,CAAK,IAAI;AAAA,SAChB,CAAA;AAAA,QACD,aAAa,YAAA,CAAa;AAAA,UACzB,OAAA,EAAS,IAAI,mBAAA,CAAoB,KAAA;AAAA,UACjC,GAAA,EAAK,OAAA;AAAA,UACL,YAAA,EAAc,oBAAA;AAAA,UACd,IAAA,EAAM,CAAC,IAAA,CAAK,IAAA,EAAM,KAAK,KAAK;AAAA,SAC5B;AAAA,OACD,CAAA;AACD,MAAA,IAAI,IAAA,EAAM;AACT,QAAA,OAAO,UAAA,CAAW,iBAAA,EAAmB,kCAAA,EAAoC,IAAA,CAAK,IAAI,CAAA;AAAA,MACnF;AACA,MAAA,IAAK,OAAA,GAAqB,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,EAAG;AAC7C,QAAA,OAAO,UAAA,CAAW,oBAAA,EAAsB,KAAA,CAAA,EAAW,IAAA,CAAK,IAAI,CAAA;AAAA,MAC7D;AAAA,IACD,SAAS,KAAA,EAAO;AACf,MAAA,OAAO,UAAA;AAAA,QACN,yBAAA;AAAA,QACA,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,QACrD,IAAA,CAAK;AAAA,OACN;AAAA,IACD;AAEA,IAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,KAAA,EAAO,KAAK,IAAA,EAAK;AAAA,EAC1C;AAEA,EAAA,eAAe,WAAW,GAAA,EAAqD;AAI9E,IAAA,MAAM,YAAA,GAAe,MAAM,MAAA,CAAO,GAAG,CAAA;AACrC,IAAA,IAAI,CAAC,aAAa,OAAA,EAAS;AAC1B,MAAA,OAAO,UAAA;AAAA,QACN,IAAI,mBAAA,CAAoB,OAAA;AAAA,QACvB,aAAa,aAAA,IAA8C,yBAAA;AAAA,QAC5D;AAAA,UACC,GAAI,aAAa,cAAA,KAAmB,MAAA,GACjC,EAAE,OAAA,EAAS,YAAA,CAAa,cAAA,EAAe,GACvC,EAAC;AAAA,UACJ,GAAI,aAAa,KAAA,KAAU,MAAA,GAAY,EAAE,KAAA,EAAO,YAAA,CAAa,KAAA,EAAM,GAAI;AAAC;AACzE,OACD;AAAA,IACD;AAEA,IAAA,MAAM,KAAA,GAAQ,qBAAA,CAAsB,GAAA,CAAI,cAAA,CAAe,OAAO,CAAA;AAC9D,IAAA,IAAI,UAAU,IAAA,EAAM;AACnB,MAAA,OAAO,UAAA,CAAW,GAAA,CAAI,mBAAA,CAAoB,OAAA,EAAS,iBAAiB,CAAA;AAAA,IACrE;AACA,IAAA,MAAM,OAAO,KAAA,CAAM,aAAA;AACnB,IAAA,MAAM,MAAA,GAAS,cAAA,CAAe,KAAA,CAAM,SAAS,CAAA;AAC7C,IAAA,MAAM,CAAA,GAAI,MAAA,CAAO,CAAA,KAAM,MAAA,GAAY,MAAA,CAAO,OAAO,CAAC,CAAA,GAAA,CAAK,MAAA,CAAO,OAAA,IAAW,CAAA,IAAK,EAAA;AAE9E,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACH,MAAA,MAAA,GAAS,MAAM,aAAa,aAAA,CAAc;AAAA,QACzC,OAAA,EAAS,IAAI,mBAAA,CAAoB,KAAA;AAAA,QACjC,GAAA,EAAK,OAAA;AAAA,QACL,YAAA,EAAc,2BAAA;AAAA,QACd,IAAA,EAAM;AAAA,UACL,IAAA,CAAK,IAAA;AAAA,UACL,IAAA,CAAK,EAAA;AAAA,UACL,MAAA,CAAO,KAAK,KAAK,CAAA;AAAA,UACjB,MAAA,CAAO,KAAK,UAAU,CAAA;AAAA,UACtB,MAAA,CAAO,KAAK,WAAW,CAAA;AAAA,UACvB,IAAA,CAAK,KAAA;AAAA,UACL,CAAA;AAAA,UACA,MAAA,CAAO,CAAA;AAAA,UACP,MAAA,CAAO;AAAA;AACR,OACA,CAAA;AAAA,IACF,SAAS,KAAA,EAAO;AACf,MAAA,OAAO,UAAA,CAAW,GAAA,CAAI,mBAAA,CAAoB,OAAA,EAAS,yBAAA,EAA2B;AAAA,QAC7E,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,QAC9D,OAAO,IAAA,CAAK;AAAA,OACZ,CAAA;AAAA,IACF;AAEA,IAAA,IAAI;AACH,MAAA,MAAM,OAAA,GAAU,MAAM,YAAA,CAAa,yBAAA,CAA0B;AAAA,QAC5D,IAAA,EAAM,MAAA;AAAA,QACN,OAAA,EAAS,gBAAA;AAAA,QACT;AAAA,OACA,CAAA;AACD,MAAA,IAAI,OAAA,CAAQ,WAAW,SAAA,EAAW;AACjC,QAAA,OAAO,UAAA,CAAW,GAAA,CAAI,mBAAA,CAAoB,OAAA,EAAS,2BAAA,EAA6B;AAAA,UAC/E,WAAA,EAAa,MAAA;AAAA,UACb,OAAO,IAAA,CAAK;AAAA,SACZ,CAAA;AAAA,MACF;AAAA,IACD,SAAS,KAAA,EAAO;AACf,MAAA,OAAO,UAAA,CAAW,GAAA,CAAI,mBAAA,CAAoB,OAAA,EAAS,yBAAA,EAA2B;AAAA,QAC7E,SAAS,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU,OAAO,KAAK,CAAA;AAAA,QAC9D,OAAO,IAAA,CAAK,IAAA;AAAA,QACZ,WAAA,EAAa;AAAA,OACb,CAAA;AAAA,IACF;AAEA,IAAA,OAAO;AAAA,MACN,OAAA,EAAS,IAAA;AAAA,MACT,WAAA,EAAa,MAAA;AAAA,MACb,OAAA,EAAS,IAAI,mBAAA,CAAoB,OAAA;AAAA,MACjC,OAAO,IAAA,CAAK,IAAA;AAAA,MACZ,QAAQ,IAAA,CAAK;AAAA,KACd;AAAA,EACD;AAEA,EAAA,eAAe,OAAO,GAAA,EAAqD;AAC1E,IAAA,MAAM,WAAA,GAAc,KAAK,GAAA,EAAI;AAC7B,IAAA,MAAM,MAAA,GAAS,MAAM,UAAA,CAAW,GAAG,CAAA;AACnC,IAAA,gBAAA,CAAiB,OAAO,QAAA,EAAU,gBAAA,CAAiB,GAAA,EAAK,MAAA,EAAQ,WAAW,CAAC,CAAA;AAC5E,IAAA,OAAO,MAAA;AAAA,EACR;AAEA,EAAA,eAAe,OAAO,GAAA,EAAqD;AAC1E,IAAA,MAAM,WAAA,GAAc,KAAK,GAAA,EAAI;AAC7B,IAAA,MAAM,MAAA,GAAS,MAAM,UAAA,CAAW,GAAG,CAAA;AACnC,IAAA,gBAAA,CAAiB,OAAO,QAAA,EAAU,gBAAA,CAAiB,GAAA,EAAK,MAAA,EAAQ,WAAW,CAAC,CAAA;AAC5E,IAAA,OAAO,MAAA;AAAA,EACR;AAEA,EAAA,eAAe,iBAAA,GAAoD;AAClE,IAAA,MAAM,IAAA,GAA0B;AAAA,MAC/B,WAAA,EAAa,YAAA;AAAA,MACb,MAAA,EAAQ,OAAA;AAAA,MACR;AAAA,KACD;AACA,IAAA,OAAO;AAAA,MACN,KAAA,EAAO,CAAC,IAAI,CAAA;AAAA,MACZ,YAAY,EAAC;AAAA,MACb,SAAS,EAAE,UAAA,EAAY,CAAC,YAAA,CAAa,OAAA,CAAQ,OAAO,CAAA;AAAE,KACvD;AAAA,EACD;AAEA,EAAA,OAAO;AAAA,IACN,MAAA;AAAA,IACA,MAAA;AAAA,IACA,SAAA,EAAW;AAAA,GACZ;AACD;AAoDO,SAAS,sBAAsB,MAAA,EAAkD;AACvF,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,OAAO,EAAE,CAAA;AAChD,EAAA,MAAM,SAAA,GAAY,OAAO,KAAA,IAAS,KAAA;AAClC,EAAA,MAAM,iBAAiB,MAAA,CAAO,cAAA;AAE9B,EAAA,eAAe,IAAA,CAAgB,UAA+B,IAAA,EAAmC;AAChG,IAAA,MAAM,OAAA,GAAkC,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAC7E,IAAA,IAAI,cAAA,EAAgB;AACnB,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,EAAS,MAAM,cAAA,CAAe,QAAQ,CAAC,CAAA;AAAA,IACtD;AACA,IAAA,MAAM,WAAW,MAAM,SAAA,CAAU,GAAG,OAAO,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA,EAAI;AAAA,MAC1D,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA;AAAA,MACA,IAAA,EAAM,IAAA,CAAK,SAAA,CAAU,IAAI;AAAA,KACzB,CAAA;AACD,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACH,MAAA,MAAA,GAAS,IAAA,KAAS,EAAA,GAAK,IAAA,GAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,IAC9C,CAAA,CAAA,MAAQ;AACP,MAAA,MAAM,IAAI,KAAA;AAAA,QACT,CAAA,YAAA,EAAe,QAAQ,CAAA,2BAAA,EAA8B,QAAA,CAAS,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,CAAA,EAAG,GAAG,CAAC,CAAA;AAAA,OAC7F;AAAA,IACD;AACA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,IAAI,KAAA;AAAA,QACT,CAAA,YAAA,EAAe,QAAQ,CAAA,gBAAA,EAAmB,QAAA,CAAS,MAAM,CAAA,GAAA,EAAM,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,GAAG,CAAC,CAAA;AAAA,OACpG;AAAA,IACD;AACA,IAAA,OAAO,MAAA;AAAA,EACR;AAEA,EAAA,eAAe,eAAe,GAAA,EAAqD;AAClF,IAAA,OAAO,KAAyB,QAAA,EAAU;AAAA,MACzC,aAAa,GAAA,CAAI,WAAA;AAAA,MACjB,gBAAgB,GAAA,CAAI,cAAA;AAAA,MACpB,qBAAqB,GAAA,CAAI;AAAA,KACzB,CAAA;AAAA,EACF;AAEA,EAAA,eAAe,eAAe,GAAA,EAAqD;AAClF,IAAA,OAAO,KAAyB,QAAA,EAAU;AAAA,MACzC,aAAa,GAAA,CAAI,WAAA;AAAA,MACjB,gBAAgB,GAAA,CAAI,cAAA;AAAA,MACpB,qBAAqB,GAAA,CAAI;AAAA,KACzB,CAAA;AAAA,EACF;AAEA,EAAA,eAAe,iBAAA,GAAoD;AAClE,IAAA,MAAM,UAAkC,EAAC;AACzC,IAAA,IAAI,cAAA,EAAgB;AACnB,MAAA,MAAA,CAAO,MAAA,CAAO,OAAA,EAAS,MAAM,cAAA,CAAe,WAAW,CAAC,CAAA;AAAA,IACzD;AACA,IAAA,MAAM,QAAA,GAAW,MAAM,SAAA,CAAU,CAAA,EAAG,OAAO,cAAc,EAAE,MAAA,EAAQ,KAAA,EAAO,OAAA,EAAS,CAAA;AACnF,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,IAAA,IAAI,MAAA;AACJ,IAAA,IAAI;AACH,MAAA,MAAA,GAAS,IAAA,KAAS,EAAA,GAAK,IAAA,GAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,IAC9C,CAAA,CAAA,MAAQ;AACP,MAAA,MAAM,IAAI,KAAA;AAAA,QACT,CAAA,gDAAA,EAAmD,SAAS,MAAM,CAAA,GAAA,EAAM,KAAK,KAAA,CAAM,CAAA,EAAG,GAAG,CAAC,CAAA;AAAA,OAC3F;AAAA,IACD;AACA,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,MAAA,MAAM,IAAI,KAAA;AAAA,QACT,CAAA,qCAAA,EAAwC,QAAA,CAAS,MAAM,CAAA,GAAA,EAAM,IAAA,CAAK,SAAA,CAAU,MAAM,CAAA,CAAE,KAAA,CAAM,CAAA,EAAG,GAAG,CAAC,CAAA;AAAA,OAClG;AAAA,IACD;AACA,IAAA,OAAO,MAAA;AAAA,EACR;AAEA,EAAA,OAAO;AAAA,IACN,MAAA,EAAQ,cAAA;AAAA,IACR,MAAA,EAAQ,cAAA;AAAA,IACR,SAAA,EAAW;AAAA,GACZ;AACD;AAuBA,IAAI,+BAAA,GAAkC,KAAA;AAQ/B,SAAS,0BAA0B,MAAA,EAAkD;AAC3F,EAAA,IAAI,CAAC,+BAAA,EAAiC;AACrC,IAAA,+BAAA,GAAkC,IAAA;AAClC,IAAA,OAAA,CAAQ,WAAA;AAAA,MACP,mNAAA;AAAA,MACA,EAAE,IAAA,EAAM,oBAAA,EAAsB,IAAA,EAAM,mBAAA;AAAoB,KACzD;AAAA,EACD;AACA,EAAA,OAAO,sBAAsB,MAAM,CAAA;AACpC;;;ACrvBA,eAAe,oBACd,QAAA,EAC8C;AAC9C,EAAA,MAAM,WAAA,GAAc,QAAA,CAAS,OAAA,CAAQ,GAAA,CAAI,4BAA4B,CAAA;AACrE,EAAA,IAAI,WAAA,KAAgB,IAAA,IAAQ,WAAA,KAAgB,EAAA,EAAI;AAC/C,IAAA,IAAI;AACH,MAAA,OAAO,4BAA4B,WAAW,CAAA;AAAA,IAC/C,CAAA,CAAA,MAAQ;AAAA,IAGR;AAAA,EACD;AACA,EAAA,IAAI;AACH,IAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,KAAA,GAAQ,IAAA,EAAK;AACzC,IAAA,IAAI,IAAA,KAAS,IAAI,OAAO,IAAA;AACxB,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAC9B,IAAA,IAAI,MAAA,KAAW,QAAQ,OAAO,MAAA,KAAW,YAAY,KAAA,CAAM,OAAA,CAAQ,MAAM,CAAA,EAAG;AAC3E,MAAA,OAAO,IAAA;AAAA,IACR;AACA,IAAA,OAAO,MAAA;AAAA,EACR,CAAA,CAAA,MAAQ;AACP,IAAA,OAAO,IAAA;AAAA,EACR;AACD;AAEA,SAAS,0BACR,OAAA,EACiC;AACjC,EAAA,OAAO,OAAA,CAAQ,CAAC,CAAA,IAAK,IAAA;AACtB;AAmCO,SAAS,UAAU,MAAA,EAAoC;AAC7D,EAAA,MAAM,SAAA,GAAuB,OAAO,KAAA,KAAU,CAAC,OAAO,IAAA,KAAS,KAAA,CAAM,OAAO,IAAI,CAAA,CAAA;AAChF,EAAA,MAAM,kBAAA,GAAqB,OAAO,kBAAA,IAAsB,yBAAA;AACxD,EAAA,MAAM,YAAY,MAAA,CAAO,SAAA;AACzB,EAAA,MAAM,QAAQ,MAAA,CAAO,KAAA;AAErB,EAAA,OAAO,eAAe,SAAA,CAAU,KAAA,EAAO,IAAA,EAAM;AAC5C,IAAA,MAAM,WAAA,GAAc,KAAK,GAAA,EAAI;AAC7B,IAAA,MAAM,UAAA,GACL,OAAO,KAAA,KAAU,QAAA,GAAW,QAAQ,KAAA,YAAiB,GAAA,GAAM,KAAA,CAAM,IAAA,GAAO,KAAA,CAAM,GAAA;AAE/E,IAAA,MAAM,WAAA,GAAc,CAAC,MAAA,EAAgB,UAAA,KAAyC;AAC7E,MAAA,MAAM,KAAA,GAA4B;AAAA,QACjC,IAAA,EAAM,gBAAA;AAAA,QACN,MAAA,EAAQ,SAAA;AAAA,QACR,WAAA;AAAA,QACA,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,WAAA;AAAA,QACzB,UAAA;AAAA,QACA,MAAA;AAAA,QACA,GAAI,UAAA,KAAe,MAAA,GAAY,EAAE,UAAA,KAAe;AAAC,OAClD;AACA,MAAA,gBAAA,CAAiB,KAAA,EAAO,iBAAiB,KAAK,CAAA;AAAA,IAC/C,CAAA;AAEA,IAAA,MAAM,eAAA,GAAkB,MAAM,SAAA,CAAU,KAAA,EAAO,IAAI,CAAA;AACnD,IAAA,IAAI,eAAA,CAAgB,WAAW,GAAA,EAAK;AACnC,MAAA,OAAO,eAAA;AAAA,IACR;AAEA,IAAA,MAAM,eAAA,GAAkB,MAAM,mBAAA,CAAoB,eAAe,CAAA;AACjE,IAAA,IAAI,eAAA,KAAoB,IAAA,IAAQ,eAAA,CAAgB,OAAA,CAAQ,WAAW,CAAA,EAAG;AACrE,MAAA,WAAA,CAAY,6BAA6B,GAAG,CAAA;AAC5C,MAAA,OAAO,eAAA;AAAA,IACR;AAEA,IAAA,MAAM,MAAA,GAAS,kBAAA,CAAmB,eAAA,CAAgB,OAAA,EAAS,eAAe,CAAA;AAC1E,IAAA,IAAI,WAAW,IAAA,EAAM;AACpB,MAAA,WAAA,CAAY,6BAA6B,GAAG,CAAA;AAC5C,MAAA,OAAO,eAAA;AAAA,IACR;AAEA,IAAA,MAAM,OAAA,GAAU,MAAM,SAAA,CAAU,MAAA,EAAQ,eAAe,CAAA;AACvD,IAAA,IAAI,YAAY,KAAA,EAAO;AACtB,MAAA,WAAA,CAAY,sBAAsB,GAAG,CAAA;AACrC,MAAA,OAAO,eAAA;AAAA,IACR;AAEA,IAAA,MAAM,cAAA,GAAiB,MAAA,CAAO,iBAAA,GAAoB,KAAA,EAAO,QAAQ,eAAe,CAAA;AAEhF,IAAA,MAAM,cAAA,GAAiB,MAAM,MAAA,CAAO,MAAA,CAAO,IAAA,CAAK;AAAA,MAC/C,mBAAA,EAAqB,MAAA;AAAA,MACrB,GAAI,gBAAgB,QAAA,GAAW,EAAE,UAAU,eAAA,CAAgB,QAAA,KAAa,EAAC;AAAA,MACzE,GAAI,cAAA,KAAmB,MAAA,GAAY,EAAE,cAAA,KAAmB;AAAC,KACzD,CAAA;AAED,IAAA,MAAM,YAAA,GAAe,IAAI,OAAA,CAAQ,IAAA,EAAM,OAAO,CAAA;AAC9C,IAAA,YAAA,CAAa,GAAA,CAAI,6BAAA,EAA+B,4BAAA,CAA6B,cAAc,CAAC,CAAA;AAC5F,IAAA,IAAI,mBAAmB,MAAA,EAAW;AACjC,MAAA,YAAA,CAAa,GAAA,CAAI,6BAA6B,cAAc,CAAA;AAAA,IAC7D;AAEA,IAAA,MAAM,aAAA,GAAgB,MAAM,SAAA,CAAU,KAAA,EAAO,EAAE,GAAG,IAAA,EAAM,OAAA,EAAS,YAAA,EAAc,CAAA;AAE/E,IAAA,IAAI,aAAA,CAAc,MAAA,IAAU,GAAA,IAAO,aAAA,CAAc,SAAS,GAAA,EAAK;AAC9D,MAAA,MAAM,gBAAA,GAAmB,aAAA,CAAc,OAAA,CAAQ,GAAA,CAAI,4BAA4B,CAAA;AAC/E,MAAA,IAAI,WAAA;AACJ,MAAA,IAAI,gBAAA,KAAqB,IAAA,IAAQ,gBAAA,KAAqB,EAAA,EAAI;AACzD,QAAA,IAAI;AACH,UAAA,MAAM,UAAA,GAAa,4BAA4B,gBAAgB,CAAA;AAC/D,UAAA,IAAI,UAAA,CAAW,gBAAgB,EAAA,EAAI;AAClC,YAAA,WAAA,GAAc,UAAA,CAAW,WAAA;AAAA,UAC1B;AAAA,QACD,CAAA,CAAA,MAAQ;AAAA,QAGR;AAAA,MACD;AACA,MAAA,MAAM,YAAA,GAAmC;AAAA,QACxC,IAAA,EAAM,gBAAA;AAAA,QACN,MAAA,EAAQ,SAAA;AAAA,QACR,WAAA;AAAA,QACA,UAAA,EAAY,IAAA,CAAK,GAAA,EAAI,GAAI,WAAA;AAAA,QACzB,UAAA;AAAA,QACA,KAAA,EAAO,OAAO,MAAA,CAAO,OAAA;AAAA,QACrB,QAAQ,MAAA,CAAO,MAAA;AAAA,QACf,SAAS,MAAA,CAAO,OAAA;AAAA,QAChB,GAAI,WAAA,KAAgB,MAAA,GAAY,EAAE,WAAA,KAAgB;AAAC,OACpD;AACA,MAAA,gBAAA,CAAiB,KAAA,EAAO,iBAAiB,YAAY,CAAA;AAAA,IACtD,CAAA,MAAO;AACN,MAAA,WAAA;AAAA,QACC,aAAA,CAAc,MAAA,KAAW,GAAA,GAAM,iBAAA,GAAoB,YAAA;AAAA,QACnD,aAAA,CAAc;AAAA,OACf;AAAA,IACD;AAEA,IAAA,OAAO,aAAA;AAAA,EACR,CAAA;AACD","file":"chunk-E2EG72U2.js","sourcesContent":["/**\n * x402 v2 client-side signer.\n *\n * Given a server-issued {@link X402PaymentRequirements}, produce a\n * {@link X402PaymentPayload} the client can send back in the next request. This\n * is the first runtime consumer of the M2 EIP-3009 helpers\n * ({@link signTransferWithAuthorization}, {@link authorizationDeadlineFromNow},\n * {@link generateAuthorizationNonce}).\n *\n * Scope:\n * - **exact-EVM scheme only.** Permit2 / ERC-7710 are M4+.\n * - **EOA payer only.** EIP-3009 uses pure `ecrecover` (no ERC-1271 fallback)\n *   so smart accounts cannot be `from`. The agent-account flow is\n *   {@link transferJpyc} (UserOp), not x402.\n *\n * @packageDocumentation\n */\n\nimport type { Account, Address } from \"viem\";\nimport { getAddress, isAddress } from \"viem\";\nimport { getChain, isSupportedChainId } from \"../chains\";\nimport { assertNonBypassable } from \"../signer/gate\";\nimport type { NonBypassableEnforcement, PaymentIntent, PolicyGatedSigner } from \"../signer/types\";\nimport type { X402AssetParam, X402TokenDomain } from \"../tokens/asset-domain\";\nimport { resolveAssetParam } from \"../tokens/asset-domain\";\nimport {\n\tauthorizationDeadlineFromNow,\n\tderiveAuthorizationNonce,\n\tgenerateAuthorizationNonce,\n\tsignTransferWithAuthorization,\n} from \"../tokens/eip3009\";\nimport { X402InvalidPayloadError, X402PolicyRejectedError } from \"./errors\";\nimport type {\n\tX402ExactEvmPayload,\n\tX402PaymentPayload,\n\tX402PaymentRequirements,\n\tX402ResourceInfo,\n} from \"./types\";\nimport { X402_VERSION, x402NetworkToChainId } from \"./types\";\n\n// ---------------------------------------------------------------------------\n// Defaults\n// ---------------------------------------------------------------------------\n\n/**\n * Default authorization lifetime (`validBefore = now + this`) when the caller\n * does not pass an override. Capped per-sign by `paymentRequirements.maxTimeoutSeconds`.\n *\n * 300 s matches the M3 example app's tolerance for Polygon Amoy bundler\n * inclusion latency (see plan risk #6).\n */\nexport const X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS = 300;\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n// `X402TokenDomain` and `X402AssetParam` were lifted to `../tokens/asset-domain`\n// (M6-0) so the PolicyGatedSigner can reuse the same pinned-domain resolution.\n// Re-exported here for back-compat — consumers still import them from this module.\nexport type { X402AssetParam, X402TokenDomain };\n\n/**\n * Parameters for the `account` (EOA) variant of {@link createX402PaymentSigner}.\n *\n * Kept as a named, extensible `interface` (consumers may `extends` /\n * declaration-merge it). `maxAmountPerSign` pins the per-sign ceiling; for richer\n * policy use the `signer` variant ({@link CreateX402PaymentSignerSignerParams}).\n */\nexport interface CreateX402PaymentSignerAccountParams {\n\t/**\n\t * Declared production-vs-test intent. Each `sign()` call verifies that\n\t * `paymentRequirements.network` resolves to a chain whose `isTestnet`\n\t * agrees with this value, and throws otherwise. The point is to refuse\n\t * to sign a real-funds payment when the signer was configured for testnet\n\t * (e.g. the server unexpectedly demanded `polygon-mainnet` instead of\n\t * `polygon-amoy`).\n\t */\n\treadonly network: \"mainnet\" | \"testnet\";\n\t/**\n\t * EOA / LocalAccount that signs the EIP-3009 `TransferWithAuthorization`.\n\t * MUST be the same address the requirements' `from` will name.\n\t */\n\treadonly account: Account;\n\t/**\n\t * Asset binding (required). Pins the EIP-712 domain at construction time\n\t * and cross-checks `paymentRequirements.asset` at every sign call.\n\t * See {@link X402AssetParam} for the discriminated-union shape.\n\t *\n\t * **Threat 1.4 mitigation**: the wire-format `extra.name` and\n\t * `extra.version` are NOT consulted; a malicious server cannot coerce a\n\t * mismatched signature through them.\n\t */\n\treadonly asset: X402AssetParam;\n\t/**\n\t * Default authorization lifetime in seconds. Bounded by each\n\t * requirement's `maxTimeoutSeconds` at sign time.\n\t * Defaults to {@link X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS}.\n\t */\n\treadonly defaultLifetimeSeconds?: number;\n\t/**\n\t * Optional per-signature value ceiling, in the asset's smallest unit\n\t * (`bigint`). When set, `sign()` throws {@link X402InvalidPayloadError} if a\n\t * server advertises `requirements.amount` greater than this — refusing to\n\t * sign an over-budget payment at the primitive.\n\t *\n\t * **Threat 1.14 mitigation.** {@link createX402PaymentSigner} is a public API\n\t * and the direct-signer path bypasses the `wrapFetch` `onPayment` guard; the\n\t * EOA-payer x402 flow is also not bounded by the Layer-4 session-key daily\n\t * limit. This pins the *amount* ceiling the way {@link X402AssetParam} pins\n\t * the *asset* (1.4) — production posture is to set it. Omit it for no ceiling\n\t * (backward-compatible default; the payer EOA balance is the only bound).\n\t */\n\treadonly maxAmountPerSign?: bigint;\n\t/** Discriminant: absent on this arm — use the `signer` variant for a PolicyGatedSigner. */\n\treadonly signer?: never;\n}\n\n/**\n * Parameters for the `signer` (PolicyGatedSigner) variant of\n * {@link createX402PaymentSigner}. Drives signing through a\n * {@link PolicyGatedSigner} (e.g. `createLocalPolicyGatedSigner`); the per-sign\n * ceiling and richer policy live in the signer, so `maxAmountPerSign` is not\n * accepted here.\n */\nexport interface CreateX402PaymentSignerSignerParams {\n\t/** Declared production-vs-test intent (same semantics as the `account` variant). */\n\treadonly network: \"mainnet\" | \"testnet\";\n\t/** The policy-gated signer that produces the EIP-3009 authorization. */\n\treadonly signer: PolicyGatedSigner;\n\t/** Asset binding — pins the EIP-712 domain and cross-checks `paymentRequirements.asset`. */\n\treadonly asset: X402AssetParam;\n\t/**\n\t * Default authorization lifetime in seconds. Bounded per-sign by\n\t * `paymentRequirements.maxTimeoutSeconds`. Defaults to\n\t * {@link X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS}.\n\t */\n\treadonly defaultLifetimeSeconds?: number;\n\t/**\n\t * When set, asserts at construction that `signer` is non-bypassable\n\t * (`cryptographic` | `hardware`) — the runtime mirror of the\n\t * `requireNonBypassable` type-gate. Throws for an advisory signer.\n\t */\n\treadonly requireEnforcement?: NonBypassableEnforcement;\n\t/** Discriminant: absent on this arm. */\n\treadonly account?: never;\n\t/** Subsumed by the signer's policy; not accepted on this arm. */\n\treadonly maxAmountPerSign?: never;\n}\n\n/**\n * Parameters for {@link createX402PaymentSigner} — a discriminated union of the\n * `account` (EOA) and `signer` (PolicyGatedSigner) variants.\n *\n * NOTE: type-level breaking change from the original `interface` (a union cannot\n * be `extends`-ed). Existing `{ account, asset, network }` callers are\n * value-assignable to the `account` arm and unaffected; consumers who `extends`\n * / declaration-merge should use {@link CreateX402PaymentSignerAccountParams}.\n */\nexport type CreateX402PaymentSignerParams =\n\t| CreateX402PaymentSignerAccountParams\n\t| CreateX402PaymentSignerSignerParams;\n\n/** Parameters for {@link X402PaymentSigner.sign}. */\nexport interface SignX402PaymentParams {\n\t/** The chosen entry from the server's `accepts` array. */\n\treadonly paymentRequirements: X402PaymentRequirements;\n\t/** Optional {@link X402ResourceInfo} to echo back in the payload. */\n\treadonly resource?: X402ResourceInfo;\n\t/** Unix-seconds override of `validAfter`. Defaults to `0n`. */\n\treadonly validAfter?: bigint;\n\t/**\n\t * Unix-seconds override of `validBefore`. Defaults to `now + lifetime`\n\t * where lifetime = `min(signer default, requirements.maxTimeoutSeconds)`.\n\t */\n\treadonly validBefore?: bigint;\n\t/**\n\t * Optional reasoning-step idempotency key (M5-1, Half B). When supplied, the\n\t * EIP-3009 nonce is **derived deterministically** from it (instead of random)\n\t * so a re-signed same-intent payment produces the same on-chain nonce — the\n\t * token contract's `authorizationState` then rejects the duplicate\n\t * settlement. For a byte-identical re-sign, also pin `validBefore`. Build the\n\t * key with `createIdempotencyKeyBuilder` from `kawasekit/idempotency`.\n\t */\n\treadonly idempotencyKey?: string;\n}\n\n/** Signer returned by {@link createX402PaymentSigner}. */\nexport interface X402PaymentSigner {\n\t/** Address of the EOA bound to this signer. */\n\treadonly address: Address;\n\t/** Sign a payment for one {@link X402PaymentRequirements}. */\n\tsign(params: SignX402PaymentParams): Promise<X402PaymentPayload>;\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\nconst UINT256_MAX = (1n << 256n) - 1n;\nconst UINT256_DECIMAL = /^(0|[1-9][0-9]*)$/;\n\nfunction parseUintString(value: string, field: string): bigint {\n\tif (!UINT256_DECIMAL.test(value)) {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"PaymentRequirements\",\n\t\t\t`\\`${field}\\` must be a non-negative decimal string, got ${JSON.stringify(value)}`,\n\t\t);\n\t}\n\tconst parsed = BigInt(value);\n\tif (parsed > UINT256_MAX) {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"PaymentRequirements\",\n\t\t\t`\\`${field}\\` exceeds uint256, got ${value}`,\n\t\t);\n\t}\n\treturn parsed;\n}\n\nfunction assertAddress(value: string, field: string): Address {\n\tif (!isAddress(value, { strict: false })) {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"PaymentRequirements\",\n\t\t\t`\\`${field}\\` is not a valid address: ${value}`,\n\t\t);\n\t}\n\treturn value as Address;\n}\n\nfunction validateRequirements(requirements: X402PaymentRequirements): {\n\treadonly chainId: number;\n\treadonly value: bigint;\n\treadonly asset: Address;\n\treadonly payTo: Address;\n} {\n\tif (requirements.scheme !== \"exact\") {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"PaymentRequirements\",\n\t\t\t`unsupported scheme: ${requirements.scheme}`,\n\t\t);\n\t}\n\tconst chainId = x402NetworkToChainId(requirements.network);\n\tif (!isSupportedChainId(chainId)) {\n\t\t// Defensive: an inbound payload typed as X402PaymentRequirements that\n\t\t// nonetheless smuggled an unsupported chainId via type-cast.\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"PaymentRequirements\",\n\t\t\t`unsupported network: ${requirements.network}`,\n\t\t);\n\t}\n\tconst value = parseUintString(requirements.amount, \"amount\");\n\tif (value === 0n) {\n\t\tthrow new X402InvalidPayloadError(\"PaymentRequirements\", \"`amount` must be positive\");\n\t}\n\tif (requirements.maxTimeoutSeconds <= 0) {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"PaymentRequirements\",\n\t\t\t`\\`maxTimeoutSeconds\\` must be positive, got ${requirements.maxTimeoutSeconds}`,\n\t\t);\n\t}\n\tconst asset = assertAddress(requirements.asset, \"asset\");\n\tconst payTo = assertAddress(requirements.payTo, \"payTo\");\n\treturn { chainId, value, asset, payTo };\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Build an {@link X402PaymentSigner} bound to a single signing account.\n *\n * The returned signer can produce many {@link X402PaymentPayload}s in\n * succession — one per accepted requirement. Each call generates a fresh\n * EIP-3009 nonce.\n *\n * @example\n * ```ts\n * import { privateKeyToAccount } from \"viem/accounts\";\n * import { createX402PaymentSigner } from \"kawasekit\";\n *\n * const account = privateKeyToAccount(\"0x...\");\n * const signer = createX402PaymentSigner({\n *   network: \"testnet\",\n *   account,\n *   asset: { kind: \"known\", id: \"jpyc-v2\" },\n * });\n *\n * // ...after receiving a 402 with PAYMENT-REQUIRED header...\n * const paymentPayload = await signer.sign({ paymentRequirements });\n * ```\n */\nexport function createX402PaymentSigner(params: CreateX402PaymentSignerParams): X402PaymentSigner {\n\tif (params.signer !== undefined) {\n\t\treturn createSignerBackedX402PaymentSigner(params);\n\t}\n\tconst { account, network } = params;\n\tconst defaultLifetimeSeconds =\n\t\tparams.defaultLifetimeSeconds ?? X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS;\n\tif (defaultLifetimeSeconds <= 0) {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"X402PaymentSignerConfig\",\n\t\t\t`\\`defaultLifetimeSeconds\\` must be positive, got ${defaultLifetimeSeconds}`,\n\t\t);\n\t}\n\tconst maxAmountPerSign = params.maxAmountPerSign;\n\tif (maxAmountPerSign !== undefined && maxAmountPerSign <= 0n) {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"X402PaymentSignerConfig\",\n\t\t\t`\\`maxAmountPerSign\\` must be a positive bigint, got ${maxAmountPerSign}`,\n\t\t);\n\t}\n\tconst pinnedDomain = resolveAssetParam(params.asset);\n\n\treturn {\n\t\taddress: account.address,\n\t\tasync sign(signParams) {\n\t\t\tconst { paymentRequirements } = signParams;\n\t\t\tconst { chainId, value, asset, payTo } = validateRequirements(paymentRequirements);\n\t\t\tconst chain = getChain(chainId);\n\t\t\tif (network === \"mainnet\" && chain.isTestnet) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`signer was configured for network=\"mainnet\" but requirements.network=\"${paymentRequirements.network}\" (chainId ${chainId}) is a testnet`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tif (network === \"testnet\" && !chain.isTestnet) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`signer was configured for network=\"testnet\" but requirements.network=\"${paymentRequirements.network}\" (chainId ${chainId}) is a mainnet — refusing to sign payment for real funds`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tif (getAddress(asset) !== pinnedDomain.verifyingContract) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`requirements.asset (${getAddress(asset)}) does not match the signer's pinned verifyingContract (${pinnedDomain.verifyingContract}) — refusing to sign for an asset the signer was not configured to handle`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tif (maxAmountPerSign !== undefined && value > maxAmountPerSign) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`requirements.amount (${value}) exceeds the signer's \\`maxAmountPerSign\\` ceiling (${maxAmountPerSign}) — refusing to sign a payment above the configured per-signature limit (threat 1.14)`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst lifetime = Math.min(defaultLifetimeSeconds, paymentRequirements.maxTimeoutSeconds);\n\t\t\tconst validAfter = signParams.validAfter ?? 0n;\n\t\t\tconst validBefore = signParams.validBefore ?? authorizationDeadlineFromNow(lifetime);\n\t\t\tif (validBefore <= validAfter) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`\\`validBefore\\` (${validBefore}) must be greater than \\`validAfter\\` (${validAfter})`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst nonce =\n\t\t\t\tsignParams.idempotencyKey !== undefined\n\t\t\t\t\t? deriveAuthorizationNonce(\n\t\t\t\t\t\t\t{ idempotencyKey: signParams.idempotencyKey },\n\t\t\t\t\t\t\t{\n\t\t\t\t\t\t\t\tfrom: account.address,\n\t\t\t\t\t\t\t\tverifyingContract: pinnedDomain.verifyingContract,\n\t\t\t\t\t\t\t\tchainId,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t)\n\t\t\t\t\t: generateAuthorizationNonce();\n\t\t\tconst signed = await signTransferWithAuthorization(\n\t\t\t\taccount,\n\t\t\t\t{\n\t\t\t\t\tname: pinnedDomain.name,\n\t\t\t\t\tversion: pinnedDomain.version,\n\t\t\t\t\tchainId,\n\t\t\t\t\tverifyingContract: pinnedDomain.verifyingContract,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tfrom: account.address,\n\t\t\t\t\tto: payTo,\n\t\t\t\t\tvalue,\n\t\t\t\t\tvalidAfter,\n\t\t\t\t\tvalidBefore,\n\t\t\t\t\tnonce,\n\t\t\t\t},\n\t\t\t);\n\n\t\t\tconst payload: X402ExactEvmPayload = {\n\t\t\t\tsignature: signed.signature,\n\t\t\t\tauthorization: {\n\t\t\t\t\tfrom: signed.message.from,\n\t\t\t\t\tto: signed.message.to,\n\t\t\t\t\tvalue: signed.message.value.toString(),\n\t\t\t\t\tvalidAfter: signed.message.validAfter.toString(),\n\t\t\t\t\tvalidBefore: signed.message.validBefore.toString(),\n\t\t\t\t\tnonce: signed.message.nonce,\n\t\t\t\t},\n\t\t\t};\n\n\t\t\tconst result: X402PaymentPayload = signParams.resource\n\t\t\t\t? {\n\t\t\t\t\t\tx402Version: X402_VERSION,\n\t\t\t\t\t\tresource: signParams.resource,\n\t\t\t\t\t\taccepted: paymentRequirements,\n\t\t\t\t\t\tpayload: { ...payload },\n\t\t\t\t\t}\n\t\t\t\t: {\n\t\t\t\t\t\tx402Version: X402_VERSION,\n\t\t\t\t\t\taccepted: paymentRequirements,\n\t\t\t\t\t\tpayload: { ...payload },\n\t\t\t\t\t};\n\t\t\treturn result;\n\t\t},\n\t};\n}\n\n/**\n * The `signer` (PolicyGatedSigner) variant of {@link createX402PaymentSigner}.\n *\n * Shares the `account` path's validate / network / asset-pin / window / nonce\n * prologue (kept in sync deliberately — the two security checks must not drift),\n * then routes the EIP-3009 signing through the {@link PolicyGatedSigner}. A\n * policy denial (`sign()` → `{ ok: false }`) surfaces as a thrown\n * {@link X402PolicyRejectedError}, so the `X402PaymentSigner.sign()` contract is\n * unchanged (returns a payload or throws). The per-sign ceiling is the signer's\n * policy, so there is no `maxAmountPerSign` check here.\n */\nfunction createSignerBackedX402PaymentSigner(\n\tparams: CreateX402PaymentSignerSignerParams,\n): X402PaymentSigner {\n\tconst { signer, network } = params;\n\tconst defaultLifetimeSeconds =\n\t\tparams.defaultLifetimeSeconds ?? X402_DEFAULT_AUTHORIZATION_LIFETIME_SECONDS;\n\tif (defaultLifetimeSeconds <= 0) {\n\t\tthrow new X402InvalidPayloadError(\n\t\t\t\"X402PaymentSignerConfig\",\n\t\t\t`\\`defaultLifetimeSeconds\\` must be positive, got ${defaultLifetimeSeconds}`,\n\t\t);\n\t}\n\tif (params.requireEnforcement !== undefined) {\n\t\tassertNonBypassable(signer);\n\t}\n\tconst pinnedDomain = resolveAssetParam(params.asset);\n\tconst from = signer.from;\n\n\treturn {\n\t\taddress: from,\n\t\tasync sign(signParams) {\n\t\t\tconst { paymentRequirements } = signParams;\n\t\t\tconst { chainId, value, asset, payTo } = validateRequirements(paymentRequirements);\n\t\t\tconst chain = getChain(chainId);\n\t\t\tif (network === \"mainnet\" && chain.isTestnet) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`signer was configured for network=\"mainnet\" but requirements.network=\"${paymentRequirements.network}\" (chainId ${chainId}) is a testnet`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tif (network === \"testnet\" && !chain.isTestnet) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`signer was configured for network=\"testnet\" but requirements.network=\"${paymentRequirements.network}\" (chainId ${chainId}) is a mainnet — refusing to sign payment for real funds`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tif (getAddress(asset) !== pinnedDomain.verifyingContract) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`requirements.asset (${getAddress(asset)}) does not match the signer's pinned verifyingContract (${pinnedDomain.verifyingContract}) — refusing to sign for an asset the signer was not configured to handle`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst lifetime = Math.min(defaultLifetimeSeconds, paymentRequirements.maxTimeoutSeconds);\n\t\t\tconst validAfter = signParams.validAfter ?? 0n;\n\t\t\tconst validBefore = signParams.validBefore ?? authorizationDeadlineFromNow(lifetime);\n\t\t\tif (validBefore <= validAfter) {\n\t\t\t\tthrow new X402InvalidPayloadError(\n\t\t\t\t\t\"PaymentRequirements\",\n\t\t\t\t\t`\\`validBefore\\` (${validBefore}) must be greater than \\`validAfter\\` (${validAfter})`,\n\t\t\t\t);\n\t\t\t}\n\n\t\t\tconst nonce =\n\t\t\t\tsignParams.idempotencyKey !== undefined\n\t\t\t\t\t? deriveAuthorizationNonce(\n\t\t\t\t\t\t\t{ idempotencyKey: signParams.idempotencyKey },\n\t\t\t\t\t\t\t{ from, verifyingContract: pinnedDomain.verifyingContract, chainId },\n\t\t\t\t\t\t)\n\t\t\t\t\t: generateAuthorizationNonce();\n\n\t\t\tconst intent: PaymentIntent = {\n\t\t\t\ttoken: pinnedDomain.verifyingContract,\n\t\t\t\tchainId,\n\t\t\t\tfrom,\n\t\t\t\tto: payTo,\n\t\t\t\tvalue,\n\t\t\t\tvalidAfter,\n\t\t\t\tvalidBefore,\n\t\t\t\tnonce,\n\t\t\t};\n\n\t\t\tconst signResult = await signer.sign(intent);\n\t\t\tif (!signResult.ok) {\n\t\t\t\tthrow new X402PolicyRejectedError(signResult.rejection);\n\t\t\t}\n\n\t\t\tconst payload: X402ExactEvmPayload = {\n\t\t\t\tsignature: signResult.signature,\n\t\t\t\tauthorization: {\n\t\t\t\t\tfrom,\n\t\t\t\t\tto: payTo,\n\t\t\t\t\tvalue: value.toString(),\n\t\t\t\t\tvalidAfter: validAfter.toString(),\n\t\t\t\t\tvalidBefore: validBefore.toString(),\n\t\t\t\t\tnonce,\n\t\t\t\t},\n\t\t\t};\n\n\t\t\tconst result: X402PaymentPayload = signParams.resource\n\t\t\t\t? {\n\t\t\t\t\t\tx402Version: X402_VERSION,\n\t\t\t\t\t\tresource: signParams.resource,\n\t\t\t\t\t\taccepted: paymentRequirements,\n\t\t\t\t\t\tpayload: { ...payload },\n\t\t\t\t\t}\n\t\t\t\t: {\n\t\t\t\t\t\tx402Version: X402_VERSION,\n\t\t\t\t\t\taccepted: paymentRequirements,\n\t\t\t\t\t\tpayload: { ...payload },\n\t\t\t\t\t};\n\t\t\treturn result;\n\t\t},\n\t};\n}\n","/**\n * Facilitator implementations: local viem-backed (`createSelfFacilitator`) and\n * HTTP-proxied (`createHttpFacilitator`).\n *\n * Both expose the same {@link Facilitator} interface — `verify` / `settle` /\n * `supported` — so {@link createX402Handler} can swap one for the other based\n * on environment (testnet vs. mainnet, self-hosted vs. Coinbase CDP).\n *\n * Spec references:\n * - Error codes: x402 v2 spec §9 (Error Handling)\n * - Verification steps: scheme_exact_evm.md §1 Phase 2\n * - Facilitator HTTP API: x402 v2 spec §7\n *\n * @packageDocumentation\n */\n\nimport type { Account, Address, Chain, Hex, PublicClient, Transport, WalletClient } from \"viem\";\nimport { getAddress, parseSignature, recoverTypedDataAddress } from \"viem\";\nimport { getChain, isSupportedChainId, type KawaseChain, type SupportedChainId } from \"../chains\";\nimport {\n\tinvokeHookSafely,\n\ttype ObservabilityHooks,\n\ttype SettleEvent,\n\ttype VerifyEvent,\n} from \"../observability/hooks\";\nimport { JPYC_EIP712_DOMAIN_HINT, JPYC_V2_ADDRESS, jpycAbi } from \"../tokens/jpyc\";\nimport type {\n\tFacilitator,\n\tX402PaymentRequirements,\n\tX402SettleRequest,\n\tX402SettleResponse,\n\tX402SupportedKind,\n\tX402SupportedResponse,\n\tX402VerifyRequest,\n\tX402VerifyResponse,\n} from \"./types\";\nimport { chainIdToX402Network, X402_VERSION, x402NetworkToChainId } from \"./types\";\n\n// ---------------------------------------------------------------------------\n// Error code vocabulary (x402 v2 §9)\n// ---------------------------------------------------------------------------\n\n/**\n * Standard x402 v2 error codes used as `invalidReason` (verify) and\n * `errorReason` (settle). Kept as string literals so that consumers can\n * `switch` on the union; values match the spec verbatim.\n */\nexport const X402_FACILITATOR_ERROR_CODES = {\n\tinsufficient_funds: \"insufficient_funds\",\n\tinvalid_exact_evm_payload_authorization_valid_after:\n\t\t\"invalid_exact_evm_payload_authorization_valid_after\",\n\tinvalid_exact_evm_payload_authorization_valid_before:\n\t\t\"invalid_exact_evm_payload_authorization_valid_before\",\n\tinvalid_exact_evm_payload_authorization_value_mismatch:\n\t\t\"invalid_exact_evm_payload_authorization_value_mismatch\",\n\tinvalid_exact_evm_payload_recipient_mismatch: \"invalid_exact_evm_payload_recipient_mismatch\",\n\tinvalid_exact_evm_payload_signature: \"invalid_exact_evm_payload_signature\",\n\tinvalid_network: \"invalid_network\",\n\tinvalid_payload: \"invalid_payload\",\n\tinvalid_scheme: \"invalid_scheme\",\n\tinvalid_transaction_state: \"invalid_transaction_state\",\n\tunexpected_settle_error: \"unexpected_settle_error\",\n\tunexpected_verify_error: \"unexpected_verify_error\",\n} as const;\n\ntype X402FacilitatorErrorCode =\n\t(typeof X402_FACILITATOR_ERROR_CODES)[keyof typeof X402_FACILITATOR_ERROR_CODES];\n\n// ---------------------------------------------------------------------------\n// Shared helpers\n// ---------------------------------------------------------------------------\n\ninterface NarrowExactEvmPayload {\n\treadonly signature: Hex;\n\treadonly authorization: {\n\t\treadonly from: Address;\n\t\treadonly to: Address;\n\t\treadonly value: string;\n\t\treadonly validAfter: string;\n\t\treadonly validBefore: string;\n\t\treadonly nonce: Hex;\n\t};\n}\n\nfunction isHex(value: unknown): value is Hex {\n\treturn typeof value === \"string\" && /^0x[0-9a-fA-F]*$/.test(value);\n}\n\nfunction isAddressLike(value: unknown): value is Address {\n\treturn typeof value === \"string\" && /^0x[0-9a-fA-F]{40}$/.test(value);\n}\n\nfunction isDecimalString(value: unknown): value is string {\n\treturn typeof value === \"string\" && /^(0|[1-9][0-9]*)$/.test(value);\n}\n\nfunction narrowExactEvmPayload(payload: Record<string, unknown>): NarrowExactEvmPayload | null {\n\tconst p = payload as { signature?: unknown; authorization?: unknown };\n\tif (!isHex(p.signature)) return null;\n\tif (typeof p.authorization !== \"object\" || p.authorization === null) return null;\n\tconst a = p.authorization as {\n\t\tfrom?: unknown;\n\t\tto?: unknown;\n\t\tvalue?: unknown;\n\t\tvalidAfter?: unknown;\n\t\tvalidBefore?: unknown;\n\t\tnonce?: unknown;\n\t};\n\tif (!isAddressLike(a.from)) return null;\n\tif (!isAddressLike(a.to)) return null;\n\tif (!isDecimalString(a.value)) return null;\n\tif (!isDecimalString(a.validAfter)) return null;\n\tif (!isDecimalString(a.validBefore)) return null;\n\tif (!isHex(a.nonce)) return null;\n\treturn {\n\t\tsignature: p.signature,\n\t\tauthorization: {\n\t\t\tfrom: a.from,\n\t\t\tto: a.to,\n\t\t\tvalue: a.value,\n\t\t\tvalidAfter: a.validAfter,\n\t\t\tvalidBefore: a.validBefore,\n\t\t\tnonce: a.nonce,\n\t\t},\n\t};\n}\n\nconst TRANSFER_AUTHORIZATION_TYPES = {\n\tTransferWithAuthorization: [\n\t\t{ name: \"from\", type: \"address\" },\n\t\t{ name: \"to\", type: \"address\" },\n\t\t{ name: \"value\", type: \"uint256\" },\n\t\t{ name: \"validAfter\", type: \"uint256\" },\n\t\t{ name: \"validBefore\", type: \"uint256\" },\n\t\t{ name: \"nonce\", type: \"bytes32\" },\n\t],\n} as const;\n\nfunction resolveDomain(requirements: X402PaymentRequirements): {\n\treadonly name: string;\n\treadonly version: string;\n} {\n\tconst extra = requirements.extra as { name?: unknown; version?: unknown };\n\tif (typeof extra.name === \"string\" && typeof extra.version === \"string\") {\n\t\treturn { name: extra.name, version: extra.version };\n\t}\n\tif (getAddress(requirements.asset) === getAddress(JPYC_V2_ADDRESS)) {\n\t\treturn JPYC_EIP712_DOMAIN_HINT;\n\t}\n\tthrow new Error(\n\t\t\"resolveDomain: `extra.name` and `extra.version` are required for non-JPYC assets\",\n\t);\n}\n\nfunction failVerify(\n\treason: X402FacilitatorErrorCode,\n\tmessage?: string,\n\tpayer?: Address,\n): X402VerifyResponse {\n\tif (message !== undefined && payer !== undefined) {\n\t\treturn { isValid: false, invalidReason: reason, invalidMessage: message, payer };\n\t}\n\tif (message !== undefined) {\n\t\treturn { isValid: false, invalidReason: reason, invalidMessage: message };\n\t}\n\tif (payer !== undefined) {\n\t\treturn { isValid: false, invalidReason: reason, payer };\n\t}\n\treturn { isValid: false, invalidReason: reason };\n}\n\nfunction failSettle(\n\tnetwork: X402SettleResponse[\"network\"],\n\treason: X402FacilitatorErrorCode,\n\toptions: { message?: string; payer?: Address; transaction?: string } = {},\n): X402SettleResponse {\n\tconst transaction = options.transaction ?? \"\";\n\tconst base: X402SettleResponse = {\n\t\tsuccess: false,\n\t\terrorReason: reason,\n\t\ttransaction,\n\t\tnetwork,\n\t};\n\tif (options.message !== undefined && options.payer !== undefined) {\n\t\treturn { ...base, errorMessage: options.message, payer: options.payer };\n\t}\n\tif (options.message !== undefined) {\n\t\treturn { ...base, errorMessage: options.message };\n\t}\n\tif (options.payer !== undefined) {\n\t\treturn { ...base, payer: options.payer };\n\t}\n\treturn base;\n}\n\n// ---------------------------------------------------------------------------\n// Self-facilitator (local viem-backed)\n// ---------------------------------------------------------------------------\n\n/** Parameters for {@link createSelfFacilitator}. */\nexport interface CreateSelfFacilitatorParams {\n\t/**\n\t * Declared production-vs-test intent. MUST agree with `walletClient.chain`:\n\t * - `\"mainnet\"` requires a kawasekit chain with `isTestnet === false`.\n\t * - `\"testnet\"` requires a kawasekit chain with `isTestnet === true`.\n\t *\n\t * The check is enforced at construction time and throws a fatal error on\n\t * disagreement. The point is to make accidentally pointing a testnet\n\t * configuration at a mainnet RPC (or vice versa) impossible — that mistake\n\t * would broadcast real-fund transactions silently.\n\t */\n\treadonly network: \"mainnet\" | \"testnet\";\n\t/**\n\t * Pre-configured wallet client that broadcasts settlement transactions.\n\t * The bound account pays gas. `walletClient.chain.id` determines the only\n\t * chain this facilitator serves, and `walletClient.chain.isTestnet` MUST\n\t * agree with the declared {@link network}.\n\t */\n\treadonly walletClient: WalletClient<Transport, Chain, Account>;\n\t/**\n\t * Pre-configured public client on the same chain as `walletClient`. Used\n\t * for balance and authorization-state reads during verify.\n\t */\n\treadonly publicClient: PublicClient<Transport, Chain>;\n\t/**\n\t * Timeout (ms) for `waitForTransactionReceipt` during settle.\n\t * Defaults to 60_000.\n\t */\n\treadonly receiptTimeoutMs?: number;\n\t/**\n\t * Number of block confirmations to wait past the settle tx inclusion\n\t * before considering settlement final. Mitigates threat 2.8 (settle\n\t * tx reorg producing a \"content delivered, payment reverted\" state)\n\t * by raising the bar past Polygon PoS's typical reorg depth.\n\t *\n\t * Chain-aware defaults if omitted:\n\t *  - testnet (Polygon Amoy): `1` — fast feedback for dev loops, no\n\t *    real funds at risk\n\t *  - mainnet (Polygon): `4` — roughly ~8 s of soft finality at\n\t *    Polygon's ~2 s block time, suitable for the small-value paywall\n\t *    hits kawasekit targets (sub-100 JPYC per call)\n\t *\n\t * For high-value merchants — or any deployment uncomfortable with\n\t * shallow reorg risk — raise this to 32+ and bump\n\t * {@link receiptTimeoutMs} so the timeout still accommodates the\n\t * wait. See `docs/THREAT_MODEL.md` §2.8 / §6.6.\n\t */\n\treadonly confirmations?: number;\n\t/**\n\t * Optional observability callbacks. Hooks are fire-and-forget — any throw\n\t * or rejection inside a hook is silently discarded and never propagates to\n\t * the verify / settle return path. See {@link ObservabilityHooks}.\n\t *\n\t * The facilitator emits `onVerify` after every `verify()` call (including\n\t * the internal re-verify that runs at the start of `settle()`) and\n\t * `onSettle` after every `settle()` call.\n\t */\n\treadonly hooks?: ObservabilityHooks;\n}\n\nconst RECEIPT_TIMEOUT_FLOOR_MS = 60_000;\nconst RECEIPT_INCLUSION_MS = 15_000;\nconst RECEIPT_TIMEOUT_SLACK = 1.5;\n\n/**\n * Auto-sizes the settle receipt timeout to a confirmation depth and the chain's\n * block time: `max(60_000, 15_000 + confirmations × blockTimeMs × 1.5)`. This is\n * the default {@link CreateSelfFacilitatorParams.receiptTimeoutMs} when the\n * operator does not pass one, so a deep-confirmation chain (Ethereum's `32` ×\n * ~12 s ≈ 10 min) does not time out at the flat 60 s floor, while shallow chains\n * (Polygon) keep the floor. Exposed so operators tuning `confirmations` per the\n * finality recipe (`docs/recipes/facilitator-finality-tuning.md`) can compute a\n * matching timeout.\n *\n * @example\n * ```ts\n * import { deriveReceiptTimeoutMs, ethereum } from \"kawasekit\";\n *\n * deriveReceiptTimeoutMs(ethereum, 32); // ≈ 591_000 ms\n * ```\n */\nexport function deriveReceiptTimeoutMs(chain: KawaseChain, confirmations: number): number {\n\tconst wallMs = RECEIPT_INCLUSION_MS + confirmations * chain.blockTimeMs * RECEIPT_TIMEOUT_SLACK;\n\treturn Math.max(RECEIPT_TIMEOUT_FLOOR_MS, Math.ceil(wallMs));\n}\n\n/**\n * Builds a facilitator that verifies and broadcasts exact-EVM EIP-3009\n * payments using a locally-held EOA private key (gas payer).\n *\n * Intended for self-hosted paywalls and testnet (Polygon Amoy) where the\n * Coinbase CDP facilitator is not guaranteed to support the chain.\n *\n * **Concurrent settle() calls**: under any meaningful load (e.g. an LLM\n * agent fan-out) you will issue multiple `transferWithAuthorization`\n * broadcasts from the same facilitator EOA in parallel. Without local nonce\n * sequencing those broadcasts race for the same on-chain nonce and only\n * one lands. Pass viem's `nonceManager` when constructing the facilitator\n * account to make this safe — see `@example` below.\n *\n * @example\n * ```ts\n * import { createPublicClient, createWalletClient, http } from \"viem\";\n * import { nonceManager, privateKeyToAccount } from \"viem/accounts\";\n * import { createSelfFacilitator, polygonAmoy } from \"kawasekit\";\n *\n * // `nonceManager` is REQUIRED whenever you expect concurrent settlements.\n * const account = privateKeyToAccount(\n *   process.env.FACILITATOR_PK as `0x${string}`,\n *   { nonceManager },\n * );\n * const transport = http(process.env.RPC_URL);\n * const facilitator = createSelfFacilitator({\n *   network: \"testnet\", // must agree with polygonAmoy.isTestnet === true\n *   walletClient: createWalletClient({ chain: polygonAmoy, transport, account }),\n *   publicClient: createPublicClient({ chain: polygonAmoy, transport }),\n * });\n * ```\n */\nexport function createSelfFacilitator(params: CreateSelfFacilitatorParams): Facilitator {\n\tconst { walletClient, publicClient } = params;\n\tconst facilitatorChainId = walletClient.chain.id;\n\tif (!isSupportedChainId(facilitatorChainId)) {\n\t\tthrow new Error(\n\t\t\t`createSelfFacilitator: walletClient.chain.id ${facilitatorChainId} is not a kawasekit-supported chain`,\n\t\t);\n\t}\n\tconst supportedChainId: SupportedChainId = facilitatorChainId;\n\tconst chain = getChain(supportedChainId);\n\tif (params.network === \"mainnet\" && chain.isTestnet) {\n\t\tthrow new Error(\n\t\t\t`createSelfFacilitator: network=\"mainnet\" but walletClient.chain \"${chain.name}\" (chainId ${supportedChainId}) is a testnet`,\n\t\t);\n\t}\n\tif (params.network === \"testnet\" && !chain.isTestnet) {\n\t\tthrow new Error(\n\t\t\t`createSelfFacilitator: network=\"testnet\" but walletClient.chain \"${chain.name}\" (chainId ${supportedChainId}) is a mainnet — refusing to broadcast with real funds`,\n\t\t);\n\t}\n\t// Chain-aware confirmation depth (threat 2.8 / §6.6), sourced from the chain\n\t// config (config-as-data): probabilistic chains need depth, deterministic-\n\t// finality chains (Avalanche Snowman / Kaia IBFT) need 1-2, Ethereum ~32.\n\t// Operators override via `params.confirmations`.\n\tconst confirmations = params.confirmations ?? chain.defaultConfirmations;\n\t// `receiptTimeoutMs` auto-sizes to the depth so a deep-confirmation chain does\n\t// not time out at the flat 60 s floor (e.g. Ethereum's 32×12 s). Shallow chains\n\t// (Polygon) keep the 60 s floor. Override to extend further.\n\tconst receiptTimeoutMs = params.receiptTimeoutMs ?? deriveReceiptTimeoutMs(chain, confirmations);\n\n\t// Threat 2.2 (concurrent settle nonce race) enforcement. The facilitator\n\t// will broadcast `transferWithAuthorization` calls in parallel under any\n\t// fan-out workload (LLM agent tool calls are the canonical example).\n\t// Without viem's nonceManager attached, every parallel `writeContract`\n\t// reads the same on-chain nonce and only one tx lands — settlements\n\t// silently dropped. Enforcing this at construction time means the\n\t// failure mode shows up at boot, not at the first parallel hit in\n\t// production. See `docs/THREAT_MODEL.md#22-concurrent-settle-nonce-race`.\n\tif (walletClient.account.nonceManager === undefined) {\n\t\tthrow new Error(\n\t\t\t'createSelfFacilitator: walletClient.account must be constructed with viem\\'s `nonceManager` to serialise nonces under concurrent settle(). Example:\\n  import { nonceManager, privateKeyToAccount } from \"viem/accounts\";\\n  const account = privateKeyToAccount(pk, { nonceManager });\\n  const walletClient = createWalletClient({ chain, transport, account });',\n\t\t);\n\t}\n\n\tconst network = chainIdToX402Network(supportedChainId);\n\tconst hooks = params.hooks;\n\n\tfunction buildVerifyEvent(\n\t\treq: X402VerifyRequest,\n\t\tresponse: X402VerifyResponse,\n\t\tstartedAtMs: number,\n\t): VerifyEvent {\n\t\tconst durationMs = Date.now() - startedAtMs;\n\t\tconst eventNetwork = req.paymentRequirements.network;\n\t\tif (response.isValid && response.payer !== undefined) {\n\t\t\treturn {\n\t\t\t\tkind: \"verify\",\n\t\t\t\tresult: \"success\",\n\t\t\t\tstartedAtMs,\n\t\t\t\tdurationMs,\n\t\t\t\tnetwork: eventNetwork,\n\t\t\t\tpayer: response.payer,\n\t\t\t\tamount: req.paymentRequirements.amount,\n\t\t\t};\n\t\t}\n\t\tif (response.isValid) {\n\t\t\t// verifyCore always sets payer on success, but the X402VerifyResponse\n\t\t\t// type permits it to be absent; downgrade to a synthetic failure\n\t\t\t// event so the discriminated union remains sound for adapters.\n\t\t\treturn {\n\t\t\t\tkind: \"verify\",\n\t\t\t\tresult: \"failure\",\n\t\t\t\tstartedAtMs,\n\t\t\t\tdurationMs,\n\t\t\t\tnetwork: eventNetwork,\n\t\t\t\tinvalidReason: \"unexpected_verify_error\",\n\t\t\t\tinvalidMessage: \"verify succeeded but payer was not surfaced\",\n\t\t\t};\n\t\t}\n\t\tconst base = {\n\t\t\tkind: \"verify\" as const,\n\t\t\tresult: \"failure\" as const,\n\t\t\tstartedAtMs,\n\t\t\tdurationMs,\n\t\t\tnetwork: eventNetwork,\n\t\t\tinvalidReason: response.invalidReason ?? \"unexpected_verify_error\",\n\t\t};\n\t\tif (response.payer !== undefined && response.invalidMessage !== undefined) {\n\t\t\treturn { ...base, payer: response.payer, invalidMessage: response.invalidMessage };\n\t\t}\n\t\tif (response.payer !== undefined) {\n\t\t\treturn { ...base, payer: response.payer };\n\t\t}\n\t\tif (response.invalidMessage !== undefined) {\n\t\t\treturn { ...base, invalidMessage: response.invalidMessage };\n\t\t}\n\t\treturn base;\n\t}\n\n\tfunction buildSettleEvent(\n\t\treq: X402SettleRequest,\n\t\tresponse: X402SettleResponse,\n\t\tstartedAtMs: number,\n\t): SettleEvent {\n\t\tconst durationMs = Date.now() - startedAtMs;\n\t\tconst eventNetwork = req.paymentRequirements.network;\n\t\tif (response.success && response.payer !== undefined) {\n\t\t\treturn {\n\t\t\t\tkind: \"settle\",\n\t\t\t\tresult: \"success\",\n\t\t\t\tstartedAtMs,\n\t\t\t\tdurationMs,\n\t\t\t\tnetwork: eventNetwork,\n\t\t\t\tpayer: response.payer,\n\t\t\t\tamount: req.paymentRequirements.amount,\n\t\t\t\ttransaction: response.transaction as Hex,\n\t\t\t};\n\t\t}\n\t\tif (response.success) {\n\t\t\t// settleCore always sets payer on success; the spec response type\n\t\t\t// permits it to be absent so we downgrade to a synthetic failure\n\t\t\t// rather than emit a malformed event.\n\t\t\treturn {\n\t\t\t\tkind: \"settle\",\n\t\t\t\tresult: \"failure\",\n\t\t\t\tstartedAtMs,\n\t\t\t\tdurationMs,\n\t\t\t\tnetwork: eventNetwork,\n\t\t\t\terrorReason: \"unexpected_settle_error\",\n\t\t\t\terrorMessage: \"settle succeeded but payer was not surfaced\",\n\t\t\t\ttransaction: response.transaction as Hex,\n\t\t\t};\n\t\t}\n\t\tconst base = {\n\t\t\tkind: \"settle\" as const,\n\t\t\tresult: \"failure\" as const,\n\t\t\tstartedAtMs,\n\t\t\tdurationMs,\n\t\t\tnetwork: eventNetwork,\n\t\t\terrorReason: response.errorReason ?? \"unexpected_settle_error\",\n\t\t};\n\t\tconst withPayer = response.payer !== undefined ? { ...base, payer: response.payer } : base;\n\t\tconst withMessage =\n\t\t\tresponse.errorMessage !== undefined\n\t\t\t\t? { ...withPayer, errorMessage: response.errorMessage }\n\t\t\t\t: withPayer;\n\t\tif (response.transaction !== \"\" && response.transaction !== undefined) {\n\t\t\treturn { ...withMessage, transaction: response.transaction as Hex };\n\t\t}\n\t\treturn withMessage;\n\t}\n\n\tasync function verifyCore(req: X402VerifyRequest): Promise<X402VerifyResponse> {\n\t\t// 1. Scheme / network gates\n\t\tif (req.paymentRequirements.scheme !== \"exact\") {\n\t\t\treturn failVerify(\"invalid_scheme\");\n\t\t}\n\t\tif (req.paymentPayload.accepted.scheme !== \"exact\") {\n\t\t\treturn failVerify(\"invalid_scheme\");\n\t\t}\n\t\tconst reqChainId = x402NetworkToChainId(req.paymentRequirements.network);\n\t\tif (reqChainId !== supportedChainId) {\n\t\t\treturn failVerify(\"invalid_network\");\n\t\t}\n\t\tif (req.paymentPayload.accepted.network !== req.paymentRequirements.network) {\n\t\t\treturn failVerify(\"invalid_network\");\n\t\t}\n\n\t\t// 2. Narrow scheme-specific payload\n\t\tconst exact = narrowExactEvmPayload(req.paymentPayload.payload);\n\t\tif (exact === null) {\n\t\t\treturn failVerify(\"invalid_payload\");\n\t\t}\n\t\tconst auth = exact.authorization;\n\n\t\t// 3. Parameter matching against requirements\n\t\tif (auth.value !== req.paymentRequirements.amount) {\n\t\t\treturn failVerify(\n\t\t\t\t\"invalid_exact_evm_payload_authorization_value_mismatch\",\n\t\t\t\tundefined,\n\t\t\t\tauth.from,\n\t\t\t);\n\t\t}\n\t\tif (getAddress(auth.to) !== getAddress(req.paymentRequirements.payTo)) {\n\t\t\treturn failVerify(\"invalid_exact_evm_payload_recipient_mismatch\", undefined, auth.from);\n\t\t}\n\n\t\t// 4. Time window\n\t\tconst now = BigInt(Math.floor(Date.now() / 1000));\n\t\tconst validAfter = BigInt(auth.validAfter);\n\t\tconst validBefore = BigInt(auth.validBefore);\n\t\tif (now < validAfter) {\n\t\t\treturn failVerify(\n\t\t\t\t\"invalid_exact_evm_payload_authorization_valid_after\",\n\t\t\t\tundefined,\n\t\t\t\tauth.from,\n\t\t\t);\n\t\t}\n\t\tif (now >= validBefore) {\n\t\t\treturn failVerify(\n\t\t\t\t\"invalid_exact_evm_payload_authorization_valid_before\",\n\t\t\t\tundefined,\n\t\t\t\tauth.from,\n\t\t\t);\n\t\t}\n\n\t\t// 5. Signature recovery\n\t\tlet recovered: Address;\n\t\ttry {\n\t\t\tconst domain = resolveDomain(req.paymentRequirements);\n\t\t\trecovered = await recoverTypedDataAddress({\n\t\t\t\tdomain: {\n\t\t\t\t\tname: domain.name,\n\t\t\t\t\tversion: domain.version,\n\t\t\t\t\tchainId: reqChainId,\n\t\t\t\t\tverifyingContract: req.paymentRequirements.asset,\n\t\t\t\t},\n\t\t\t\ttypes: TRANSFER_AUTHORIZATION_TYPES,\n\t\t\t\tprimaryType: \"TransferWithAuthorization\",\n\t\t\t\tmessage: {\n\t\t\t\t\tfrom: auth.from,\n\t\t\t\t\tto: auth.to,\n\t\t\t\t\tvalue: BigInt(auth.value),\n\t\t\t\t\tvalidAfter,\n\t\t\t\t\tvalidBefore,\n\t\t\t\t\tnonce: auth.nonce,\n\t\t\t\t},\n\t\t\t\tsignature: exact.signature,\n\t\t\t});\n\t\t} catch (cause) {\n\t\t\treturn failVerify(\n\t\t\t\t\"unexpected_verify_error\",\n\t\t\t\tcause instanceof Error ? cause.message : String(cause),\n\t\t\t\tauth.from,\n\t\t\t);\n\t\t}\n\t\tif (getAddress(recovered) !== getAddress(auth.from)) {\n\t\t\treturn failVerify(\"invalid_exact_evm_payload_signature\", undefined, auth.from);\n\t\t}\n\n\t\t// 6. On-chain reads: balance + nonce-not-used\n\t\ttry {\n\t\t\tconst [balance, used] = await Promise.all([\n\t\t\t\tpublicClient.readContract({\n\t\t\t\t\taddress: req.paymentRequirements.asset,\n\t\t\t\t\tabi: jpycAbi,\n\t\t\t\t\tfunctionName: \"balanceOf\",\n\t\t\t\t\targs: [auth.from],\n\t\t\t\t}),\n\t\t\t\tpublicClient.readContract({\n\t\t\t\t\taddress: req.paymentRequirements.asset,\n\t\t\t\t\tabi: jpycAbi,\n\t\t\t\t\tfunctionName: \"authorizationState\",\n\t\t\t\t\targs: [auth.from, auth.nonce],\n\t\t\t\t}),\n\t\t\t]);\n\t\t\tif (used) {\n\t\t\t\treturn failVerify(\"invalid_payload\", \"authorization nonce already used\", auth.from);\n\t\t\t}\n\t\t\tif ((balance as bigint) < BigInt(auth.value)) {\n\t\t\t\treturn failVerify(\"insufficient_funds\", undefined, auth.from);\n\t\t\t}\n\t\t} catch (cause) {\n\t\t\treturn failVerify(\n\t\t\t\t\"unexpected_verify_error\",\n\t\t\t\tcause instanceof Error ? cause.message : String(cause),\n\t\t\t\tauth.from,\n\t\t\t);\n\t\t}\n\n\t\treturn { isValid: true, payer: auth.from };\n\t}\n\n\tasync function settleCore(req: X402SettleRequest): Promise<X402SettleResponse> {\n\t\t// Re-verify before broadcasting. The wrapped `verify` is used so the\n\t\t// internal re-verify also emits onVerify; operators can dedupe in their\n\t\t// hook if they don't want the extra event.\n\t\tconst verifyResult = await verify(req);\n\t\tif (!verifyResult.isValid) {\n\t\t\treturn failSettle(\n\t\t\t\treq.paymentRequirements.network,\n\t\t\t\t(verifyResult.invalidReason as X402FacilitatorErrorCode) ?? \"unexpected_settle_error\",\n\t\t\t\t{\n\t\t\t\t\t...(verifyResult.invalidMessage !== undefined\n\t\t\t\t\t\t? { message: verifyResult.invalidMessage }\n\t\t\t\t\t\t: {}),\n\t\t\t\t\t...(verifyResult.payer !== undefined ? { payer: verifyResult.payer } : {}),\n\t\t\t\t},\n\t\t\t);\n\t\t}\n\n\t\tconst exact = narrowExactEvmPayload(req.paymentPayload.payload);\n\t\tif (exact === null) {\n\t\t\treturn failSettle(req.paymentRequirements.network, \"invalid_payload\");\n\t\t}\n\t\tconst auth = exact.authorization;\n\t\tconst parsed = parseSignature(exact.signature);\n\t\tconst v = parsed.v !== undefined ? Number(parsed.v) : (parsed.yParity ?? 0) + 27;\n\n\t\tlet txHash: Hex;\n\t\ttry {\n\t\t\ttxHash = await walletClient.writeContract({\n\t\t\t\taddress: req.paymentRequirements.asset,\n\t\t\t\tabi: jpycAbi,\n\t\t\t\tfunctionName: \"transferWithAuthorization\",\n\t\t\t\targs: [\n\t\t\t\t\tauth.from,\n\t\t\t\t\tauth.to,\n\t\t\t\t\tBigInt(auth.value),\n\t\t\t\t\tBigInt(auth.validAfter),\n\t\t\t\t\tBigInt(auth.validBefore),\n\t\t\t\t\tauth.nonce,\n\t\t\t\t\tv,\n\t\t\t\t\tparsed.r,\n\t\t\t\t\tparsed.s,\n\t\t\t\t],\n\t\t\t});\n\t\t} catch (cause) {\n\t\t\treturn failSettle(req.paymentRequirements.network, \"unexpected_settle_error\", {\n\t\t\t\tmessage: cause instanceof Error ? cause.message : String(cause),\n\t\t\t\tpayer: auth.from,\n\t\t\t});\n\t\t}\n\n\t\ttry {\n\t\t\tconst receipt = await publicClient.waitForTransactionReceipt({\n\t\t\t\thash: txHash,\n\t\t\t\ttimeout: receiptTimeoutMs,\n\t\t\t\tconfirmations,\n\t\t\t});\n\t\t\tif (receipt.status !== \"success\") {\n\t\t\t\treturn failSettle(req.paymentRequirements.network, \"invalid_transaction_state\", {\n\t\t\t\t\ttransaction: txHash,\n\t\t\t\t\tpayer: auth.from,\n\t\t\t\t});\n\t\t\t}\n\t\t} catch (cause) {\n\t\t\treturn failSettle(req.paymentRequirements.network, \"unexpected_settle_error\", {\n\t\t\t\tmessage: cause instanceof Error ? cause.message : String(cause),\n\t\t\t\tpayer: auth.from,\n\t\t\t\ttransaction: txHash,\n\t\t\t});\n\t\t}\n\n\t\treturn {\n\t\t\tsuccess: true,\n\t\t\ttransaction: txHash,\n\t\t\tnetwork: req.paymentRequirements.network,\n\t\t\tpayer: auth.from,\n\t\t\tamount: auth.value,\n\t\t};\n\t}\n\n\tasync function verify(req: X402VerifyRequest): Promise<X402VerifyResponse> {\n\t\tconst startedAtMs = Date.now();\n\t\tconst result = await verifyCore(req);\n\t\tinvokeHookSafely(hooks?.onVerify, buildVerifyEvent(req, result, startedAtMs));\n\t\treturn result;\n\t}\n\n\tasync function settle(req: X402SettleRequest): Promise<X402SettleResponse> {\n\t\tconst startedAtMs = Date.now();\n\t\tconst result = await settleCore(req);\n\t\tinvokeHookSafely(hooks?.onSettle, buildSettleEvent(req, result, startedAtMs));\n\t\treturn result;\n\t}\n\n\tasync function supportedInternal(): Promise<X402SupportedResponse> {\n\t\tconst kind: X402SupportedKind = {\n\t\t\tx402Version: X402_VERSION,\n\t\t\tscheme: \"exact\",\n\t\t\tnetwork,\n\t\t};\n\t\treturn {\n\t\t\tkinds: [kind],\n\t\t\textensions: [],\n\t\t\tsigners: { \"eip155:*\": [walletClient.account.address] },\n\t\t};\n\t}\n\n\treturn {\n\t\tverify,\n\t\tsettle,\n\t\tsupported: supportedInternal,\n\t};\n}\n\n// ---------------------------------------------------------------------------\n// HTTP-proxied facilitator (Coinbase CDP and any other x402 v2-compliant\n// facilitator endpoint)\n// ---------------------------------------------------------------------------\n\n/** Parameters for {@link createHttpFacilitator}. */\nexport interface CreateHttpFacilitatorParams {\n\t/**\n\t * Base URL of the facilitator service (Coinbase CDP, your own host, any\n\t * x402 v2-compliant endpoint). Endpoints `/verify`, `/settle`, `/supported`\n\t * are POST / POST / GET respectively relative to this URL. Trailing slash\n\t * is stripped.\n\t */\n\treadonly baseUrl: string;\n\t/**\n\t * Optional callback invoked per request that returns headers to merge\n\t * into the outbound request (typically `Authorization`). Receives the\n\t * endpoint name so the caller can compute distinct signatures per route.\n\t */\n\treadonly getAuthHeaders?: (\n\t\tendpoint: \"verify\" | \"settle\" | \"supported\",\n\t) => Promise<Record<string, string>> | Record<string, string>;\n\t/**\n\t * Override the global `fetch` (e.g. for in-process testing or to inject\n\t * an `undici` Agent in Node).\n\t */\n\treadonly fetch?: typeof fetch;\n}\n\n/**\n * Builds a facilitator that proxies all RPC over HTTP to a remote endpoint,\n * matching the request / response shapes of x402 v2 spec §7.\n *\n * Works with any x402 v2-compliant facilitator — Coinbase CDP, your own\n * self-hosted facilitator behind nginx, a regional mirror — as long as it\n * exposes `/verify`, `/settle`, and `/supported` per the spec.\n *\n * If your target facilitator doesn't support the chain you need, fall back\n * to {@link createSelfFacilitator} (in-process viem broadcaster).\n *\n * @example\n * ```ts\n * import { createHttpFacilitator } from \"kawasekit\";\n *\n * const facilitator = createHttpFacilitator({\n *   baseUrl: process.env.X402_FACILITATOR_URL!, // e.g. Coinbase CDP endpoint\n *   getAuthHeaders: () => ({ Authorization: `Bearer ${apiKey}` }),\n * });\n * ```\n */\nexport function createHttpFacilitator(params: CreateHttpFacilitatorParams): Facilitator {\n\tconst baseUrl = params.baseUrl.replace(/\\/$/, \"\");\n\tconst fetchImpl = params.fetch ?? fetch;\n\tconst getAuthHeaders = params.getAuthHeaders;\n\n\tasync function post<TResponse>(endpoint: \"verify\" | \"settle\", body: unknown): Promise<TResponse> {\n\t\tconst headers: Record<string, string> = { \"content-type\": \"application/json\" };\n\t\tif (getAuthHeaders) {\n\t\t\tObject.assign(headers, await getAuthHeaders(endpoint));\n\t\t}\n\t\tconst response = await fetchImpl(`${baseUrl}/${endpoint}`, {\n\t\t\tmethod: \"POST\",\n\t\t\theaders,\n\t\t\tbody: JSON.stringify(body),\n\t\t});\n\t\tconst text = await response.text();\n\t\tlet parsed: unknown;\n\t\ttry {\n\t\t\tparsed = text === \"\" ? null : JSON.parse(text);\n\t\t} catch {\n\t\t\tthrow new Error(\n\t\t\t\t`Facilitator ${endpoint} returned non-JSON (status ${response.status}): ${text.slice(0, 200)}`,\n\t\t\t);\n\t\t}\n\t\tif (!response.ok) {\n\t\t\tthrow new Error(\n\t\t\t\t`Facilitator ${endpoint} failed (status ${response.status}): ${JSON.stringify(parsed).slice(0, 200)}`,\n\t\t\t);\n\t\t}\n\t\treturn parsed as TResponse;\n\t}\n\n\tasync function verifyInternal(req: X402VerifyRequest): Promise<X402VerifyResponse> {\n\t\treturn post<X402VerifyResponse>(\"verify\", {\n\t\t\tx402Version: req.x402Version,\n\t\t\tpaymentPayload: req.paymentPayload,\n\t\t\tpaymentRequirements: req.paymentRequirements,\n\t\t});\n\t}\n\n\tasync function settleInternal(req: X402SettleRequest): Promise<X402SettleResponse> {\n\t\treturn post<X402SettleResponse>(\"settle\", {\n\t\t\tx402Version: req.x402Version,\n\t\t\tpaymentPayload: req.paymentPayload,\n\t\t\tpaymentRequirements: req.paymentRequirements,\n\t\t});\n\t}\n\n\tasync function supportedInternal(): Promise<X402SupportedResponse> {\n\t\tconst headers: Record<string, string> = {};\n\t\tif (getAuthHeaders) {\n\t\t\tObject.assign(headers, await getAuthHeaders(\"supported\"));\n\t\t}\n\t\tconst response = await fetchImpl(`${baseUrl}/supported`, { method: \"GET\", headers });\n\t\tconst text = await response.text();\n\t\tlet parsed: unknown;\n\t\ttry {\n\t\t\tparsed = text === \"\" ? null : JSON.parse(text);\n\t\t} catch {\n\t\t\tthrow new Error(\n\t\t\t\t`Facilitator supported returned non-JSON (status ${response.status}): ${text.slice(0, 200)}`,\n\t\t\t);\n\t\t}\n\t\tif (!response.ok) {\n\t\t\tthrow new Error(\n\t\t\t\t`Facilitator supported failed (status ${response.status}): ${JSON.stringify(parsed).slice(0, 200)}`,\n\t\t\t);\n\t\t}\n\t\treturn parsed as X402SupportedResponse;\n\t}\n\n\treturn {\n\t\tverify: verifyInternal,\n\t\tsettle: settleInternal,\n\t\tsupported: supportedInternal,\n\t};\n}\n\n// ---------------------------------------------------------------------------\n// Deprecated aliases (M3-era names)\n//\n// The HTTP-proxied facilitator used to be called `createCoinbaseFacilitator`\n// because the only x402 v2-compliant endpoint we tested against at the time\n// was Coinbase CDP. The function was never Coinbase-specific — it speaks the\n// raw x402 v2 HTTP shape — and the rename to `createHttpFacilitator` lands in\n// v0.1.0-alpha to make that obvious before the npm publish freezes the API.\n//\n// The aliases below preserve M3-era call sites for the v0.1.x line. Calling\n// `createCoinbaseFacilitator` emits a one-shot Node DeprecationWarning. The\n// aliases will be removed in v0.2.0.\n// ---------------------------------------------------------------------------\n\n/**\n * @deprecated Renamed to {@link CreateHttpFacilitatorParams} in v0.1.0-alpha.\n *   The HTTP facilitator works with any x402 v2-compliant endpoint, not only\n *   Coinbase CDP. This alias will be removed in v0.2.0.\n */\nexport type CreateCoinbaseFacilitatorParams = CreateHttpFacilitatorParams;\n\nlet warnedCreateCoinbaseFacilitator = false;\n\n/**\n * @deprecated Renamed to {@link createHttpFacilitator} in v0.1.0-alpha.\n *   This alias delegates to the new function and emits one\n *   `DeprecationWarning` per process on first call. It will be removed in\n *   v0.2.0.\n */\nexport function createCoinbaseFacilitator(params: CreateHttpFacilitatorParams): Facilitator {\n\tif (!warnedCreateCoinbaseFacilitator) {\n\t\twarnedCreateCoinbaseFacilitator = true;\n\t\tprocess.emitWarning(\n\t\t\t\"createCoinbaseFacilitator() is deprecated and will be removed in kawasekit v0.2.0. Use createHttpFacilitator() instead — the function works with any x402 v2-compliant HTTP endpoint, not only Coinbase CDP.\",\n\t\t\t{ type: \"DeprecationWarning\", code: \"KAWASEKIT_DEP_001\" },\n\t\t);\n\t}\n\treturn createHttpFacilitator(params);\n}\n","/**\n * `wrapFetch()` — turn any WHATWG `fetch` implementation into an x402-aware\n * client.\n *\n * The returned function makes a first request as usual. If the server replies\n * with `402 Payment Required`, the wrapper decodes the `PAYMENT-REQUIRED`\n * header (or response body as a fallback), picks one entry from `accepts`,\n * signs it with the configured {@link X402PaymentSigner}, and retries the\n * same request with a `PAYMENT-SIGNATURE` header. Non-402 responses are\n * returned unchanged.\n *\n * The wrapper does **not** poll or back off — the latency budget (Polygon Amoy\n * bundler inclusion can take ~60 s) lives entirely on the server side, which\n * holds the connection open while it broadcasts and waits for the receipt.\n * If the second attempt still fails the wrapper returns that response so the\n * caller can decide how to recover.\n *\n * Streaming request bodies are not retry-safe; the wrapper passes `init.body`\n * through verbatim, so callers who need retry must pass a buffered body\n * (string / Uint8Array / ArrayBuffer / FormData).\n *\n * @packageDocumentation\n */\n\nimport type { Hex } from \"viem\";\nimport {\n\ttype ClientPaymentEvent,\n\tinvokeHookSafely,\n\ttype ObservabilityHooks,\n} from \"../observability/hooks\";\nimport type { X402PaymentSigner } from \"./client\";\nimport {\n\tdecodePaymentRequiredHeader,\n\tdecodePaymentResponseHeader,\n\tencodePaymentSignatureHeader,\n\tX402_HEADER_IDEMPOTENCY_KEY,\n\tX402_HEADER_PAYMENT_REQUIRED,\n\tX402_HEADER_PAYMENT_RESPONSE,\n\tX402_HEADER_PAYMENT_SIGNATURE,\n} from \"./encoding\";\nimport type { X402PaymentRequiredResponse, X402PaymentRequirements } from \"./types\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\n/** Function shape matching the WHATWG `fetch` global. */\nexport type X402Fetch = (input: string | URL | Request, init?: RequestInit) => Promise<Response>;\n\n/** Parameters for {@link wrapFetch}. */\nexport interface WrapFetchParams {\n\t/**\n\t * The signer used to produce {@link X402PaymentPayload}s when the server\n\t * returns 402. Bound to one EOA.\n\t */\n\treadonly signer: X402PaymentSigner;\n\t/**\n\t * Optional underlying fetch implementation. Defaults to `globalThis.fetch`.\n\t */\n\treadonly fetch?: X402Fetch;\n\t/**\n\t * Optional policy for choosing one entry from the server's `accepts` list.\n\t * Defaults to the first entry. Return `null` to abort — the original 402\n\t * response is returned without retry.\n\t */\n\treadonly selectRequirements?: (\n\t\taccepts: readonly X402PaymentRequirements[],\n\t\tresponse: Response,\n\t) => X402PaymentRequirements | null;\n\t/**\n\t * Required gate invoked just before the retry request goes out. Receives\n\t * the chosen requirements and the parsed 402 body so the caller can log\n\t * spending, prompt the user, or enforce a budget.\n\t *\n\t * Returning `false` aborts the retry — the original 402 is returned.\n\t * Returning `true` (or `undefined`) proceeds with the signed retry.\n\t *\n\t * This callback is **required** at the type level: a 402 retry transfers\n\t * real funds, and kawasekit refuses to default to \"always pay\" silently.\n\t * If your caller already enforces a budget elsewhere, return `true`\n\t * explicitly — the empty function `() => true` is a deliberate opt-in.\n\t *\n\t * See `docs/THREAT_MODEL.md` Threat 1.8 / §6.1.\n\t */\n\treadonly onPayment: (\n\t\trequirements: X402PaymentRequirements,\n\t\tpaymentRequired: X402PaymentRequiredResponse,\n\t) => boolean | undefined | Promise<boolean | undefined>;\n\t/**\n\t * Optional observability callbacks. {@link wrapFetch} emits an\n\t * `onClientPayment` event for every paywall round-trip — `success` when the\n\t * retry returns 2xx with a PAYMENT-RESPONSE header, `failure` otherwise\n\t * (including `onPayment` declining the retry).\n\t */\n\treadonly hooks?: ObservabilityHooks;\n\t/**\n\t * Optional mapper from a request to a reasoning-step idempotency key (M5-1).\n\t * When it returns a key, the key is (a) sent as the `Idempotency-Key` request\n\t * header so the server can deduplicate, and (b) forwarded into the signer so\n\t * the EIP-3009 nonce is derived deterministically (on-chain backstop). Return\n\t * `undefined` to fall back to today's random-nonce behaviour. Build keys with\n\t * `createIdempotencyKeyBuilder` from `kawasekit/idempotency` at the agent\n\t * harness's tool-execution boundary, where the reasoning-step intent is visible.\n\t */\n\treadonly idempotencyKeyFor?: (\n\t\tinput: string | URL | Request,\n\t\trequirements: X402PaymentRequirements,\n\t\tpaymentRequired: X402PaymentRequiredResponse,\n\t) => string | undefined;\n}\n\n// ---------------------------------------------------------------------------\n// Internal helpers\n// ---------------------------------------------------------------------------\n\nasync function readPaymentRequired(\n\tresponse: Response,\n): Promise<X402PaymentRequiredResponse | null> {\n\tconst headerValue = response.headers.get(X402_HEADER_PAYMENT_REQUIRED);\n\tif (headerValue !== null && headerValue !== \"\") {\n\t\ttry {\n\t\t\treturn decodePaymentRequiredHeader(headerValue);\n\t\t} catch {\n\t\t\t// Fall through to body parse — the header was malformed but the\n\t\t\t// body might still be intact (or vice versa).\n\t\t}\n\t}\n\ttry {\n\t\tconst body = await response.clone().text();\n\t\tif (body === \"\") return null;\n\t\tconst parsed = JSON.parse(body) as unknown;\n\t\tif (parsed === null || typeof parsed !== \"object\" || Array.isArray(parsed)) {\n\t\t\treturn null;\n\t\t}\n\t\treturn parsed as X402PaymentRequiredResponse;\n\t} catch {\n\t\treturn null;\n\t}\n}\n\nfunction defaultSelectRequirements(\n\taccepts: readonly X402PaymentRequirements[],\n): X402PaymentRequirements | null {\n\treturn accepts[0] ?? null;\n}\n\n// ---------------------------------------------------------------------------\n// Public API\n// ---------------------------------------------------------------------------\n\n/**\n * Returns an x402-aware `fetch` that pays for `402` responses on the caller's\n * behalf using the provided signer.\n *\n * @example\n * ```ts\n * import { privateKeyToAccount } from \"viem/accounts\";\n * import { createX402PaymentSigner, wrapFetch } from \"kawasekit\";\n *\n * const signer = createX402PaymentSigner({\n *   account: privateKeyToAccount(process.env.PAYER_PK as `0x${string}`),\n * });\n *\n * let spent = 0n;\n * const MAX_SPEND = 100_000n; // 100 JPYC (6 decimals)\n * const fetch402 = wrapFetch({\n *   signer,\n *   onPayment: (req) => {\n *     const next = spent + BigInt(req.amount);\n *     if (next > MAX_SPEND) return false; // budget exhausted\n *     spent = next;\n *     return true;\n *   },\n * });\n *\n * const res = await fetch402(\"https://api.example.com/weather?city=Tokyo\");\n * console.log(await res.json());\n * ```\n */\nexport function wrapFetch(params: WrapFetchParams): X402Fetch {\n\tconst baseFetch: X402Fetch = params.fetch ?? ((input, init) => fetch(input, init));\n\tconst selectRequirements = params.selectRequirements ?? defaultSelectRequirements;\n\tconst onPayment = params.onPayment;\n\tconst hooks = params.hooks;\n\n\treturn async function x402Fetch(input, init) {\n\t\tconst startedAtMs = Date.now();\n\t\tconst requestUrl =\n\t\t\ttypeof input === \"string\" ? input : input instanceof URL ? input.href : input.url;\n\n\t\tconst emitFailure = (reason: string, httpStatus: number | undefined): void => {\n\t\t\tconst event: ClientPaymentEvent = {\n\t\t\t\tkind: \"client_payment\",\n\t\t\t\tresult: \"failure\",\n\t\t\t\tstartedAtMs,\n\t\t\t\tdurationMs: Date.now() - startedAtMs,\n\t\t\t\trequestUrl,\n\t\t\t\treason,\n\t\t\t\t...(httpStatus !== undefined ? { httpStatus } : {}),\n\t\t\t};\n\t\t\tinvokeHookSafely(hooks?.onClientPayment, event);\n\t\t};\n\n\t\tconst initialResponse = await baseFetch(input, init);\n\t\tif (initialResponse.status !== 402) {\n\t\t\treturn initialResponse;\n\t\t}\n\n\t\tconst paymentRequired = await readPaymentRequired(initialResponse);\n\t\tif (paymentRequired === null || paymentRequired.accepts.length === 0) {\n\t\t\temitFailure(\"no_acceptable_requirement\", 402);\n\t\t\treturn initialResponse;\n\t\t}\n\n\t\tconst chosen = selectRequirements(paymentRequired.accepts, initialResponse);\n\t\tif (chosen === null) {\n\t\t\temitFailure(\"no_acceptable_requirement\", 402);\n\t\t\treturn initialResponse;\n\t\t}\n\n\t\tconst proceed = await onPayment(chosen, paymentRequired);\n\t\tif (proceed === false) {\n\t\t\temitFailure(\"onPayment_declined\", 402);\n\t\t\treturn initialResponse;\n\t\t}\n\n\t\tconst idempotencyKey = params.idempotencyKeyFor?.(input, chosen, paymentRequired);\n\n\t\tconst paymentPayload = await params.signer.sign({\n\t\t\tpaymentRequirements: chosen,\n\t\t\t...(paymentRequired.resource ? { resource: paymentRequired.resource } : {}),\n\t\t\t...(idempotencyKey !== undefined ? { idempotencyKey } : {}),\n\t\t});\n\n\t\tconst retryHeaders = new Headers(init?.headers);\n\t\tretryHeaders.set(X402_HEADER_PAYMENT_SIGNATURE, encodePaymentSignatureHeader(paymentPayload));\n\t\tif (idempotencyKey !== undefined) {\n\t\t\tretryHeaders.set(X402_HEADER_IDEMPOTENCY_KEY, idempotencyKey);\n\t\t}\n\n\t\tconst retryResponse = await baseFetch(input, { ...init, headers: retryHeaders });\n\n\t\tif (retryResponse.status >= 200 && retryResponse.status < 300) {\n\t\t\tconst settlementHeader = retryResponse.headers.get(X402_HEADER_PAYMENT_RESPONSE);\n\t\t\tlet transaction: Hex | undefined;\n\t\t\tif (settlementHeader !== null && settlementHeader !== \"\") {\n\t\t\t\ttry {\n\t\t\t\t\tconst settlement = decodePaymentResponseHeader(settlementHeader);\n\t\t\t\t\tif (settlement.transaction !== \"\") {\n\t\t\t\t\t\ttransaction = settlement.transaction as Hex;\n\t\t\t\t\t}\n\t\t\t\t} catch {\n\t\t\t\t\t// PAYMENT-RESPONSE header malformed — the retry still\n\t\t\t\t\t// succeeded so we treat that as a (degraded) success event.\n\t\t\t\t}\n\t\t\t}\n\t\t\tconst successEvent: ClientPaymentEvent = {\n\t\t\t\tkind: \"client_payment\",\n\t\t\t\tresult: \"success\",\n\t\t\t\tstartedAtMs,\n\t\t\t\tdurationMs: Date.now() - startedAtMs,\n\t\t\t\trequestUrl,\n\t\t\t\tpayer: params.signer.address,\n\t\t\t\tamount: chosen.amount,\n\t\t\t\tnetwork: chosen.network,\n\t\t\t\t...(transaction !== undefined ? { transaction } : {}),\n\t\t\t};\n\t\t\tinvokeHookSafely(hooks?.onClientPayment, successEvent);\n\t\t} else {\n\t\t\temitFailure(\n\t\t\t\tretryResponse.status === 402 ? \"settle_rejected\" : \"http_error\",\n\t\t\t\tretryResponse.status,\n\t\t\t);\n\t\t}\n\n\t\treturn retryResponse;\n\t};\n}\n"]}

package/dist/chunk-RUWCCP37.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/signer/local.ts"],"names":[],"mappings":";;;;AAgEO,SAAS,6BACf,MAAA,EACgC;AAChC,EAAA,IAAI,MAAA,CAAO,wBAAwB,IAAA,EAAM;AACxC,IAAA,MAAM,IAAI,4BAAA;AAAA,MACT,qBAAA;AAAA,MACA;AAAA,KACD;AAAA,EACD;AAEA,EAAA,MAAM,EAAE,OAAA,EAAS,MAAA,EAAQ,UAAA,EAAW,GAAI,MAAA;AACxC,EAAA,MAAM,MAAA,GAAS,iBAAA,CAAkB,MAAA,CAAO,KAAK,CAAA;AAC7C,EAAA,MAAM,IAAA,GAAO,UAAA,CAAW,OAAA,CAAQ,OAAO,CAAA;AAEvC,EAAA,OAAO;AAAA,IACN,WAAA,EAAa,UAAA;AAAA,IACb,IAAA;AAAA,IACA,MAAM,KAAK,MAAA,EAA4C;AACtD,MAAA,IAAI,UAAA,CAAW,MAAA,CAAO,IAAI,CAAA,KAAM,IAAA,EAAM;AACrC,QAAA,OAAO;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,SAAA,EAAW;AAAA,YACV,MAAA,EAAQ,eAAA;AAAA,YACR,QAAQ,CAAA,YAAA,EAAe,UAAA,CAAW,OAAO,IAAI,CAAC,+BAA+B,IAAI,CAAA;AAAA;AAClF,SACD;AAAA,MACD;AACA,MAAA,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,CAAA,KAAM,OAAO,iBAAA,EAAmB;AAC1D,QAAA,OAAO;AAAA,UACN,EAAA,EAAI,KAAA;AAAA,UACJ,SAAA,EAAW;AAAA,YACV,MAAA,EAAQ,mBAAA;AAAA,YACR,MAAA,EAAQ,gBAAgB,UAAA,CAAW,MAAA,CAAO,KAAK,CAAC,CAAA,sDAAA,EAAyD,OAAO,iBAAiB,CAAA;AAAA;AAClI,SACD;AAAA,MACD;AAEA,MAAA,MAAM,QAAqB,MAAM,UAAA,QAAmB,EAAE,aAAA,EAAe,EAAC,EAAE;AACxE,MAAA,MAAM,UAAA,GAAa,OAAO,IAAA,CAAK,KAAA,CAAM,KAAK,GAAA,EAAI,GAAI,GAAI,CAAC,CAAA;AACvD,MAAA,MAAM,QAAA,GAAW,sBAAA,CAAuB,MAAA,EAAQ,MAAA,EAAQ,OAAO,UAAU,CAAA;AACzE,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AACjB,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,SAAA,EAAW,SAAS,SAAA,EAAU;AAAA,MACnD;AAEA,MAAA,MAAM,SAAS,MAAM,6BAAA;AAAA,QACpB,OAAA;AAAA,QACA;AAAA,UACC,MAAM,MAAA,CAAO,IAAA;AAAA,UACb,SAAS,MAAA,CAAO,OAAA;AAAA,UAChB,SAAS,MAAA,CAAO,OAAA;AAAA,UAChB,mBAAmB,MAAA,CAAO;AAAA,SAC3B;AAAA,QACA;AAAA,UACC,IAAA;AAAA,UACA,IAAI,MAAA,CAAO,EAAA;AAAA,UACX,OAAO,MAAA,CAAO,KAAA;AAAA,UACd,YAAY,MAAA,CAAO,UAAA;AAAA,UACnB,aAAa,MAAA,CAAO,WAAA;AAAA,UACpB,OAAO,MAAA,CAAO;AAAA;AACf,OACD;AACA,MAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,SAAA,EAAW,MAAA,CAAO,WAAW,MAAA,EAAO;AAAA,IACxD,CAAA;AAAA,IACA,QAAA,GAA8B;AAC7B,MAAA,OAAO;AAAA,QACN,WAAA,EAAa,UAAA;AAAA,QACb,IAAA;AAAA,QACA,QAAA,EAAU,OAAO,OAAA,CAAQ,EAAA;AAAA,QACzB,QAAA,EAAU,OAAO,OAAA,CAAQ,QAAA;AAAA,QACzB,SAAS,MAAA,CAAO;AAAA,OACjB;AAAA,IACD;AAAA,GACD;AACD","file":"chunk-RUWCCP37.js","sourcesContent":["/**\n * The `local` PolicyGatedSigner adapter — `enforcement: \"advisory\"`.\n *\n * Wraps a viem {@link Account} + a {@link SpendingPolicy} + a pinned EIP-712\n * domain. `sign(intent)` evaluates the policy SDK-side and, on pass, produces a\n * real EIP-3009 authorization via {@link signTransferWithAuthorization}. It is\n * **advisory** because the wrapped key can still sign anything elsewhere — the\n * gate is only reached if the caller chooses to call *this* `sign()`. Use it for\n * dev, the A1 cross-language fallback, and any flow that is explicitly not\n * bounded/regulated; the type-gate (`requireNonBypassable`) keeps it out of\n * flows that require non-bypassable enforcement.\n *\n * @packageDocumentation\n */\n\nimport type { Account } from \"viem\";\nimport { getAddress } from \"viem\";\nimport type { SpendingPolicy, SpendState } from \"../policy/spending-policy\";\nimport { evaluateSpendingPolicy } from \"../policy/spending-policy\";\nimport type { X402AssetParam } from \"../tokens/asset-domain\";\nimport { resolveAssetParam } from \"../tokens/asset-domain\";\nimport { signTransferWithAuthorization } from \"../tokens/eip3009\";\nimport { PolicyGatedSignerConfigError } from \"./errors\";\nimport type { PaymentIntent, PolicyGatedSigner, SignerDescription, SignResult } from \"./types\";\n\n/** Parameters for {@link createLocalPolicyGatedSigner}. */\nexport interface CreateLocalPolicyGatedSignerParams {\n\t/** EOA / LocalAccount that signs the EIP-3009 authorization. */\n\treadonly account: Account;\n\t/** The spending policy this signer enforces (SDK-side, advisory). */\n\treadonly policy: SpendingPolicy;\n\t/** Asset binding — pins the EIP-712 domain `name`/`version`/`verifyingContract`. */\n\treadonly asset: X402AssetParam;\n\t/**\n\t * Required literal acknowledgement that this signer is **advisory** (a\n\t * key-holder can bypass its policy). Omitting it is a compile error (TS) and\n\t * a construction-time throw (JS) — so constructing an advisory signer is a\n\t * conscious, greppable act. For bounded/regulated flows use a cryptographic\n\t * adapter instead.\n\t */\n\treadonly acknowledgeAdvisory: true;\n\t/**\n\t * Optional cumulative-spend view (read-only) the adapter evaluates\n\t * `cumulativeCap` against. `local` does not own an authoritative ledger; the\n\t * caller folds a successful spend back in (e.g. via `mergeSpendState`) before\n\t * the next call. Default: empty.\n\t */\n\treadonly spendState?: () => SpendState | Promise<SpendState>;\n}\n\n/**\n * Construct a `local` (advisory) PolicyGatedSigner.\n *\n * @example\n * ```ts\n * const signer = createLocalPolicyGatedSigner({\n *   account,\n *   policy: createSpendingPolicy({ session: { id, notAfter }, perToken: [{ token: JPYC, maxPerSign: 1_000n }], recipientAllowlist: \"any\" }),\n *   asset: { kind: \"known\", id: \"jpyc-v2\" },\n *   acknowledgeAdvisory: true,\n * });\n * const result = await signer.sign(intent);\n * ```\n */\nexport function createLocalPolicyGatedSigner(\n\tparams: CreateLocalPolicyGatedSignerParams,\n): PolicyGatedSigner<\"advisory\"> {\n\tif (params.acknowledgeAdvisory !== true) {\n\t\tthrow new PolicyGatedSignerConfigError(\n\t\t\t\"acknowledgeAdvisory\",\n\t\t\t\"a local signer is advisory (a key-holder can bypass its policy); pass `acknowledgeAdvisory: true` to construct one consciously, or use a cryptographic adapter for bounded/regulated flows\",\n\t\t);\n\t}\n\n\tconst { account, policy, spendState } = params;\n\tconst pinned = resolveAssetParam(params.asset);\n\tconst from = getAddress(account.address);\n\n\treturn {\n\t\tenforcement: \"advisory\",\n\t\tfrom,\n\t\tasync sign(intent: PaymentIntent): Promise<SignResult> {\n\t\t\tif (getAddress(intent.from) !== from) {\n\t\t\t\treturn {\n\t\t\t\t\tok: false,\n\t\t\t\t\trejection: {\n\t\t\t\t\t\treason: \"from_mismatch\",\n\t\t\t\t\t\tdetail: `intent.from ${getAddress(intent.from)} does not equal signer.from ${from}`,\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t}\n\t\t\tif (getAddress(intent.token) !== pinned.verifyingContract) {\n\t\t\t\treturn {\n\t\t\t\t\tok: false,\n\t\t\t\t\trejection: {\n\t\t\t\t\t\treason: \"token_not_allowed\",\n\t\t\t\t\t\tdetail: `intent.token ${getAddress(intent.token)} does not equal the signer's pinned verifyingContract ${pinned.verifyingContract}`,\n\t\t\t\t\t},\n\t\t\t\t};\n\t\t\t}\n\n\t\t\tconst state: SpendState = (await spendState?.()) ?? { spentPerToken: [] };\n\t\t\tconst nowSeconds = BigInt(Math.floor(Date.now() / 1000));\n\t\t\tconst decision = evaluateSpendingPolicy(policy, intent, state, nowSeconds);\n\t\t\tif (!decision.ok) {\n\t\t\t\treturn { ok: false, rejection: decision.rejection };\n\t\t\t}\n\n\t\t\tconst signed = await signTransferWithAuthorization(\n\t\t\t\taccount,\n\t\t\t\t{\n\t\t\t\t\tname: pinned.name,\n\t\t\t\t\tversion: pinned.version,\n\t\t\t\t\tchainId: intent.chainId,\n\t\t\t\t\tverifyingContract: pinned.verifyingContract,\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\tfrom,\n\t\t\t\t\tto: intent.to,\n\t\t\t\t\tvalue: intent.value,\n\t\t\t\t\tvalidAfter: intent.validAfter,\n\t\t\t\t\tvalidBefore: intent.validBefore,\n\t\t\t\t\tnonce: intent.nonce,\n\t\t\t\t},\n\t\t\t);\n\t\t\treturn { ok: true, signature: signed.signature, intent };\n\t\t},\n\t\tdescribe(): SignerDescription {\n\t\t\treturn {\n\t\t\t\tenforcement: \"advisory\",\n\t\t\t\tfrom,\n\t\t\t\tpolicyId: policy.session.id,\n\t\t\t\tnotAfter: policy.session.notAfter,\n\t\t\t\trevoked: policy.revoked,\n\t\t\t};\n\t\t},\n\t};\n}\n"]}

package/dist/chunk-VPRR3TNA.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/signer/errors.ts","../src/signer/gate.ts","../src/tokens/known-assets.ts","../src/tokens/eip3009.ts","../src/tokens/asset-domain.ts"],"names":["getAddress"],"mappings":";;;;;AA2BO,IAAM,4BAAA,GAAN,cAA2C,KAAA,CAAM;AAAA;AAAA,EAE9C,KAAA;AAAA;AAAA,EAEA,MAAA;AAAA,EAET,WAAA,CAAY,KAAA,EAAe,MAAA,EAAgB,OAAA,EAA+B;AACzE,IAAA,KAAA,CAAM,CAAA,kCAAA,EAAqC,KAAK,CAAA,GAAA,EAAM,MAAM,IAAI,OAAO,CAAA;AACvE,IAAA,IAAA,CAAK,IAAA,GAAO,8BAAA;AACZ,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AACb,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EACf;AACD;;;ACZO,SAAS,qBACf,MAAA,EACuB;AACvB,EAAA,OAAO,MAAA;AACR;AAQO,SAAS,oBACf,MAAA,EACgE;AAChE,EAAA,IAAI,MAAA,CAAO,WAAA,KAAgB,UAAA,IAAc,MAAA,CAAO,gBAAgB,YAAA,EAAc;AAC7E,IAAA,MAAM,IAAI,4BAAA;AAAA,MACT,aAAA;AAAA,MACA,CAAA,kEAAA,EAAqE,MAAA,CAAO,WAAW,CAAA,YAAA,EAAU,OAAO,WAAW,CAAA,gDAAA;AAAA,KACpH;AAAA,EACD;AACD;ACLA,IAAM,YAAA,GAAgD;AAAA,EACrD;AAAA,IACC,EAAA,EAAI,SAAA;AAAA,IACJ,MAAM,uBAAA,CAAwB,IAAA;AAAA,IAC9B,SAAS,uBAAA,CAAwB,OAAA;AAAA,IACjC,iBAAA,EAAmB,WAAW,eAAe;AAAA;AAE/C,CAAA;AAgBO,SAAS,oBAAoB,EAAA,EAAgD;AACnF,EAAA,OAAO,aAAa,IAAA,CAAK,CAAC,KAAA,KAAU,KAAA,CAAM,OAAO,EAAE,CAAA;AACpD;AAGO,SAAS,iBAAA,GAA6C;AAC5D,EAAA,OAAO,YAAA,CAAa,GAAA,CAAI,CAAC,KAAA,KAAU,MAAM,EAAE,CAAA;AAC5C;ACEA,IAAM,8BAAA,GAAiC;AAAA,EACtC,yBAAA,EAA2B;AAAA,IAC1B,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU;AAAA,IAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,IACjC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,IACtC,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,IACvC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AAEnC,CAAA;AAEA,IAAM,6BAAA,GAAgC;AAAA,EACrC,wBAAA,EAA0B;AAAA,IACzB,EAAE,IAAA,EAAM,MAAA,EAAQ,IAAA,EAAM,SAAA,EAAU;AAAA,IAChC,EAAE,IAAA,EAAM,IAAA,EAAM,IAAA,EAAM,SAAA,EAAU;AAAA,IAC9B,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA,EAAU;AAAA,IACjC,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,IACtC,EAAE,IAAA,EAAM,aAAA,EAAe,IAAA,EAAM,SAAA,EAAU;AAAA,IACvC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AAEnC,CAAA;AAEA,IAAM,wBAAA,GAA2B;AAAA,EAChC,mBAAA,EAAqB;AAAA,IACpB,EAAE,IAAA,EAAM,YAAA,EAAc,IAAA,EAAM,SAAA,EAAU;AAAA,IACtC,EAAE,IAAA,EAAM,OAAA,EAAS,IAAA,EAAM,SAAA;AAAU;AAEnC,CAAA;AAmBO,SAAS,0BAAA,GAAkC;AACjD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,KAAK,KAAA,CAAM,IAAA,CAAK,KAAA,EAAO,CAAC,MAAM,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA,CAAA;AAC/E;AAGA,IAAM,wBAAA,GAA2B,2BAAA;AA4B1B,SAAS,wBAAA,CACf,OACA,KAAA,EACM;AACN,EAAA,IAAI,KAAA,CAAM,mBAAmB,EAAA,EAAI;AAChC,IAAA,MAAM,IAAI,MAAM,qEAAqE,CAAA;AAAA,EACtF;AACA,EAAA,MAAM,QAAA,GAAW,KAAK,SAAA,CAAU;AAAA,IAC/B,wBAAA;AAAA,IACA,KAAA,CAAM,cAAA;AAAA,IACNA,UAAAA,CAAW,MAAM,IAAI,CAAA;AAAA,IACrBA,UAAAA,CAAW,MAAM,iBAAiB,CAAA;AAAA,IAClC,KAAA,CAAM;AAAA,GACN,CAAA;AACD,EAAA,OAAO,SAAA,CAAU,WAAA,CAAY,QAAQ,CAAC,CAAA;AACvC;AAeO,SAAS,4BAAA,CAA6B,SAAiB,MAAA,EAAyB;AACtF,EAAA,MAAM,GAAA,GAAM,UAAU,MAAA,CAAO,IAAA,CAAK,MAAM,IAAA,CAAK,GAAA,EAAI,GAAI,GAAI,CAAC,CAAA;AAC1D,EAAA,OAAO,GAAA,GAAM,OAAO,OAAO,CAAA;AAC5B;AAEA,SAAS,qBAAqB,OAAA,EAAyD;AACtF,EAAA,IAAI,CAAC,QAAQ,aAAA,EAAe;AAC3B,IAAA,MAAM,IAAI,KAAA;AAAA,MACT,CAAA,QAAA,EAAW,QAAQ,OAAO,CAAA,+FAAA;AAAA,KAC3B;AAAA,EACD;AACA,EAAA,OAAO,OAAA,CAAQ,aAAA,CAAc,IAAA,CAAK,OAAO,CAAA;AAC1C;AAEA,SAAS,mBAAA,CAAoB,OAAA,EAAkB,YAAA,EAAuB,IAAA,EAAoB;AACzF,EAAA,IAAIA,WAAW,OAAA,CAAQ,OAAO,CAAA,KAAMA,UAAAA,CAAW,YAAY,CAAA,EAAG;AAC7D,IAAA,MAAM,IAAI,KAAA;AAAA,MACT,CAAA,SAAA,EAAY,IAAI,CAAA,4BAAA,EAA+B,IAAA,KAAS,QAAA,GAAW,YAAA,GAAe,MAAM,CAAA,eAAA,EAAkB,OAAA,CAAQ,OAAO,CAAA,eAAA,EAAkB,YAAY,CAAA,CAAA;AAAA,KACxJ;AAAA,EACD;AACD;AAuCA,eAAsB,6BAAA,CACrB,OAAA,EACA,MAAA,EACA,OAAA,EACiE;AACjE,EAAA,mBAAA,CAAoB,OAAA,EAAS,OAAA,CAAQ,IAAA,EAAM,UAAU,CAAA;AACrD,EAAA,MAAM,IAAA,GAAO,qBAAqB,OAAO,CAAA;AACzC,EAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK;AAAA,IAC5B,MAAA;AAAA,IACA,KAAA,EAAO,8BAAA;AAAA,IACP,WAAA,EAAa,2BAAA;AAAA,IACb;AAAA,GACA,CAAA;AACD,EAAA,OAAO,kBAAA,CAAmB,SAAA,EAAW,MAAA,EAAQ,OAAO,CAAA;AACrD;AAWA,eAAsB,4BAAA,CACrB,OAAA,EACA,MAAA,EACA,OAAA,EACgE;AAChE,EAAA,mBAAA,CAAoB,OAAA,EAAS,OAAA,CAAQ,IAAA,EAAM,SAAS,CAAA;AACpD,EAAA,MAAM,IAAA,GAAO,qBAAqB,OAAO,CAAA;AACzC,EAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK;AAAA,IAC5B,MAAA;AAAA,IACA,KAAA,EAAO,6BAAA;AAAA,IACP,WAAA,EAAa,0BAAA;AAAA,IACb;AAAA,GACA,CAAA;AACD,EAAA,OAAO,kBAAA,CAAmB,SAAA,EAAW,MAAA,EAAQ,OAAO,CAAA;AACrD;AAQA,eAAsB,uBAAA,CACrB,OAAA,EACA,MAAA,EACA,OAAA,EAC2D;AAC3D,EAAA,mBAAA,CAAoB,OAAA,EAAS,OAAA,CAAQ,UAAA,EAAY,QAAQ,CAAA;AACzD,EAAA,MAAM,IAAA,GAAO,qBAAqB,OAAO,CAAA;AACzC,EAAA,MAAM,SAAA,GAAY,MAAM,IAAA,CAAK;AAAA,IAC5B,MAAA;AAAA,IACA,KAAA,EAAO,wBAAA;AAAA,IACP,WAAA,EAAa,qBAAA;AAAA,IACb;AAAA,GACA,CAAA;AACD,EAAA,OAAO,kBAAA,CAAmB,SAAA,EAAW,MAAA,EAAQ,OAAO,CAAA;AACrD;AAEA,SAAS,kBAAA,CACR,SAAA,EACA,MAAA,EACA,OAAA,EACgC;AAChC,EAAA,MAAM,MAAA,GAAS,eAAe,SAAS,CAAA;AAEvC,EAAA,MAAM,CAAA,GAAI,MAAA,CAAO,CAAA,KAAM,MAAA,GAAY,MAAA,CAAO,OAAO,CAAC,CAAA,GAAA,CAAK,MAAA,CAAO,OAAA,IAAW,CAAA,IAAK,EAAA;AAC9E,EAAA,OAAO;AAAA,IACN,SAAA;AAAA,IACA,CAAA;AAAA,IACA,GAAG,MAAA,CAAO,CAAA;AAAA,IACV,GAAG,MAAA,CAAO,CAAA;AAAA,IACV,MAAA;AAAA,IACA;AAAA,GACD;AACD;AChPO,SAAS,kBAAkB,KAAA,EAAsC;AACvE,EAAA,IAAI,KAAA,CAAM,SAAS,OAAA,EAAS;AAC3B,IAAA,MAAM,KAAA,GAAsC,mBAAA,CAAoB,KAAA,CAAM,EAAE,CAAA;AACxE,IAAA,IAAI,UAAU,MAAA,EAAW;AACxB,MAAA,MAAM,IAAI,sBAAA;AAAA,QACT,UAAA;AAAA,QACA,oBAAoB,IAAA,CAAK,SAAA,CAAU,MAAM,EAAE,CAAC,gBAAgB,iBAAA,EAAkB,CAC5E,IAAI,CAAC,EAAA,KAAO,KAAK,SAAA,CAAU,EAAE,CAAC,CAAA,CAC9B,IAAA,CAAK,IAAI,CAAC,CAAA,CAAA;AAAA,OACb;AAAA,IACD;AACA,IAAA,OAAO;AAAA,MACN,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,SAAS,KAAA,CAAM,OAAA;AAAA,MACf,mBAAmB,KAAA,CAAM;AAAA,KAC1B;AAAA,EACD;AACA,EAAA,IAAI,KAAA,CAAM,SAAS,gBAAA,EAAkB;AACpC,IAAA,MAAM,EAAE,QAAO,GAAI,KAAA;AACnB,IAAA,IAAI,OAAO,MAAA,CAAO,IAAA,KAAS,QAAA,IAAY,MAAA,CAAO,SAAS,EAAA,EAAI;AAC1D,MAAA,MAAM,IAAI,sBAAA;AAAA,QACT,mBAAA;AAAA,QACA;AAAA,OACD;AAAA,IACD;AACA,IAAA,IAAI,OAAO,MAAA,CAAO,OAAA,KAAY,QAAA,IAAY,MAAA,CAAO,YAAY,EAAA,EAAI;AAChE,MAAA,MAAM,IAAI,sBAAA;AAAA,QACT,sBAAA;AAAA,QACA;AAAA,OACD;AAAA,IACD;AACA,IAAA,IAAI,CAAC,UAAU,MAAA,CAAO,iBAAA,EAAmB,EAAE,MAAA,EAAQ,KAAA,EAAO,CAAA,EAAG;AAC5D,MAAA,MAAM,IAAI,sBAAA;AAAA,QACT,gCAAA;AAAA,QACA,CAAA,yEAAA,EAA4E,IAAA,CAAK,SAAA,CAAU,MAAA,CAAO,iBAAiB,CAAC,CAAA;AAAA,OACrH;AAAA,IACD;AACA,IAAA,OAAO;AAAA,MACN,MAAM,MAAA,CAAO,IAAA;AAAA,MACb,SAAS,MAAA,CAAO,OAAA;AAAA,MAChB,iBAAA,EAAmBA,UAAAA,CAAW,MAAA,CAAO,iBAAiB;AAAA,KACvD;AAAA,EACD;AAGA,EAAA,MAAM,UAAA,GAAa,KAAA;AACnB,EAAA,MAAM,IAAI,sBAAA;AAAA,IACT,YAAA;AAAA,IACA,CAAA,iBAAA,EAAoB,IAAA,CAAK,SAAA,CAAU,UAAA,CAAW,IAAI,CAAC,CAAA,uCAAA;AAAA,GACpD;AACD","file":"chunk-VPRR3TNA.js","sourcesContent":["/**\n * PolicyGatedSigner error types.\n *\n * @packageDocumentation\n */\n\n/**\n * Thrown for a construction-time / configuration error in a PolicyGatedSigner\n * adapter — e.g. a `local` signer constructed without the required\n * `acknowledgeAdvisory: true`, or a non-bypassable signer asserted on an\n * advisory one (`assertNonBypassable`). Policy *denials* are NOT errors — they\n * are returned as a typed {@link PolicyRejection} in {@link SignResult}.\n *\n * @example\n * ```ts\n * import { createLocalPolicyGatedSigner, PolicyGatedSignerConfigError } from \"kawasekit/signer\";\n *\n * try {\n *   // @ts-expect-error — acknowledgeAdvisory is required\n *   createLocalPolicyGatedSigner({ account, policy, asset });\n * } catch (error) {\n *   if (error instanceof PolicyGatedSignerConfigError) {\n *     console.error(`${error.field}: ${error.reason}`);\n *   }\n * }\n * ```\n */\nexport class PolicyGatedSignerConfigError extends Error {\n\t/** The offending config field. */\n\treadonly field: string;\n\t/** Short machine-readable reason. */\n\treadonly reason: string;\n\n\tconstructor(field: string, reason: string, options?: { cause?: unknown }) {\n\t\tsuper(`Invalid PolicyGatedSigner config (${field}): ${reason}`, options);\n\t\tthis.name = \"PolicyGatedSignerConfigError\";\n\t\tthis.field = field;\n\t\tthis.reason = reason;\n\t}\n}\n","/**\n * The enforcement-level type-gate — the compile-time (and runtime) mechanism\n * that prevents an advisory signer from being substituted for an enforcing one.\n *\n * @packageDocumentation\n */\n\nimport { PolicyGatedSignerConfigError } from \"./errors\";\nimport type { NonBypassableEnforcement, PolicyGatedSigner } from \"./types\";\n\n/**\n * Compile-time gate: accepts only a non-bypassable signer\n * (`cryptographic` | `hardware`). Passing an `advisory` (or `integrator`) signer\n * is a **compile error**, because `PolicyGatedSigner<\"advisory\">` is not\n * assignable to `PolicyGatedSigner<NonBypassableEnforcement>` (covariant `E`).\n *\n * Use it at the boundary of a bounded/regulated flow so wiring an advisory\n * signer into it fails the build, not silently at runtime.\n *\n * @example\n * ```ts\n * function payBounded(signer: PolicyGatedSigner<NonBypassableEnforcement>) { ... }\n *\n * requireNonBypassable(mpc2pSigner); // ✓ ok — cryptographic\n * // requireNonBypassable(localSigner); // ✗ compile error — advisory\n * ```\n */\nexport function requireNonBypassable<E extends NonBypassableEnforcement>(\n\tsigner: PolicyGatedSigner<E>,\n): PolicyGatedSigner<E> {\n\treturn signer;\n}\n\n/**\n * Runtime mirror of {@link requireNonBypassable}, for plain-JS call sites and as\n * defense-in-depth. Throws {@link PolicyGatedSignerConfigError} if the signer is\n * advisory/integrator (i.e. bypassable). On success, narrows the signer type to\n * {@link NonBypassableEnforcement}.\n */\nexport function assertNonBypassable(\n\tsigner: PolicyGatedSigner,\n): asserts signer is PolicyGatedSigner<NonBypassableEnforcement> {\n\tif (signer.enforcement === \"advisory\" || signer.enforcement === \"integrator\") {\n\t\tthrow new PolicyGatedSignerConfigError(\n\t\t\t\"enforcement\",\n\t\t\t`expected a non-bypassable signer (cryptographic | hardware), got \"${signer.enforcement}\" — an ${signer.enforcement} signer's policy can be bypassed by a key-holder`,\n\t\t);\n\t}\n}\n","/**\n * Known-asset registry for {@link createX402PaymentSigner}'s\n * `asset: { kind: \"known\", id }` discriminated-union branch.\n *\n * kawasekit only ships pinned EIP-712 domain definitions for assets it has\n * verified empirically against the deployed contracts. Adding a new entry\n * here requires citing the source-file + line reference for the contract\n * that owns the `name` / `version` (so the next reviewer can spot-check the\n * claim, the same discipline `docs/THREAT_MODEL.md` §0 demands of any ✅\n * verdict that delegates to an out-of-scope component).\n *\n * @packageDocumentation\n */\n\nimport type { Address } from \"viem\";\nimport { getAddress } from \"viem\";\nimport { JPYC_EIP712_DOMAIN_HINT, JPYC_V2_ADDRESS } from \"./jpyc\";\n\n/** Known asset identifiers. New entries must update this union AND the table. */\nexport type KnownAssetId = \"jpyc-v2\";\n\n/** Fully-pinned EIP-712 domain for a known asset. */\nexport interface KnownAssetDomain {\n\treadonly id: KnownAssetId;\n\treadonly name: string;\n\treadonly version: string;\n\treadonly verifyingContract: Address;\n}\n\n/**\n * Canonical table. Lookups go through {@link getKnownAssetDomain}, which\n * returns a frozen copy so callers cannot mutate the registry.\n *\n * `verifyingContract` is the multi-chain canonical address — JPYC v2 is the\n * same address on Ethereum / Polygon (mainnet + Amoy) / Avalanche. The\n * signer cross-checks `requirements.asset` against this value at sign time,\n * so a server advertising a different `asset` is rejected before any\n * signature is produced.\n *\n * JPYC v2 domain: `name = \"JPY Coin\"`, `version = \"1\"`. Source of truth is\n * the deployed contract's `eip712Domain()` view — verified empirically and\n * also cached in `src/tokens/jpyc.ts:JPYC_EIP712_DOMAIN_HINT`.\n */\nconst KNOWN_ASSETS: ReadonlyArray<KnownAssetDomain> = [\n\t{\n\t\tid: \"jpyc-v2\",\n\t\tname: JPYC_EIP712_DOMAIN_HINT.name,\n\t\tversion: JPYC_EIP712_DOMAIN_HINT.version,\n\t\tverifyingContract: getAddress(JPYC_V2_ADDRESS),\n\t},\n];\n\n/**\n * Look up a known asset's pinned EIP-712 domain by id.\n *\n * @returns The domain, or `undefined` if the id is not in the registry.\n *\n * @example\n * ```ts\n * import { getKnownAssetDomain } from \"kawasekit\";\n *\n * const jpyc = getKnownAssetDomain(\"jpyc-v2\");\n * if (jpyc === undefined) throw new Error(\"unreachable\");\n * console.log(jpyc.verifyingContract); // 0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29\n * ```\n */\nexport function getKnownAssetDomain(id: KnownAssetId): KnownAssetDomain | undefined {\n\treturn KNOWN_ASSETS.find((entry) => entry.id === id);\n}\n\n/** List every known asset id (for diagnostics / error messages). */\nexport function listKnownAssetIds(): readonly KnownAssetId[] {\n\treturn KNOWN_ASSETS.map((entry) => entry.id);\n}\n","/**\n * EIP-3009 typed-data builders and signing helpers.\n *\n * Token-agnostic: works for any EIP-3009-compliant token (JPYC, USDC, USDP,\n * Centre FiatToken family). Pure off-chain construction — no chain RPC, no\n * submission. Submission is the caller's job (M3 x402 flow, or arbitrary\n * gas-paying relayer).\n *\n * @packageDocumentation\n */\n\nimport {\n\ttype Account,\n\ttype Address,\n\tgetAddress,\n\ttype Hex,\n\tkeccak256,\n\tparseSignature,\n\tstringToHex,\n} from \"viem\";\n\n// ---------------------------------------------------------------------------\n// Domain & typed-data shapes\n// ---------------------------------------------------------------------------\n\n/**\n * EIP-712 domain for an EIP-3009-compliant token.\n *\n * `name` and `version` MUST match the values the token used when computing\n * its `DOMAIN_SEPARATOR`. For JPYC see {@link JPYC_EIP712_DOMAIN_HINT}.\n */\nexport interface Eip3009Domain {\n\treadonly name: string;\n\treadonly version: string;\n\treadonly chainId: number;\n\treadonly verifyingContract: Address;\n}\n\n/** Message body for {@link signTransferWithAuthorization}. */\nexport interface TransferWithAuthorizationMessage {\n\treadonly from: Address;\n\treadonly to: Address;\n\treadonly value: bigint;\n\treadonly validAfter: bigint;\n\treadonly validBefore: bigint;\n\t/** 32-byte random nonce. Generate with {@link generateAuthorizationNonce}. */\n\treadonly nonce: Hex;\n}\n\n/** Message body for {@link signReceiveWithAuthorization}. */\nexport type ReceiveWithAuthorizationMessage = TransferWithAuthorizationMessage;\n\n/** Message body for {@link signCancelAuthorization}. */\nexport interface CancelAuthorizationMessage {\n\treadonly authorizer: Address;\n\treadonly nonce: Hex;\n}\n\n/**\n * A signed EIP-3009 authorization, ready to be passed to the token's\n * `*WithAuthorization` entrypoint as `(v, r, s)`.\n */\nexport interface SignedAuthorization<TMessage> {\n\treadonly signature: Hex;\n\treadonly v: number;\n\treadonly r: Hex;\n\treadonly s: Hex;\n\treadonly domain: Eip3009Domain;\n\treadonly message: TMessage;\n}\n\n// ---------------------------------------------------------------------------\n// EIP-712 type definitions (must match EIP-3009 byte-for-byte)\n// ---------------------------------------------------------------------------\n\nconst transferWithAuthorizationTypes = {\n\tTransferWithAuthorization: [\n\t\t{ name: \"from\", type: \"address\" },\n\t\t{ name: \"to\", type: \"address\" },\n\t\t{ name: \"value\", type: \"uint256\" },\n\t\t{ name: \"validAfter\", type: \"uint256\" },\n\t\t{ name: \"validBefore\", type: \"uint256\" },\n\t\t{ name: \"nonce\", type: \"bytes32\" },\n\t],\n} as const;\n\nconst receiveWithAuthorizationTypes = {\n\tReceiveWithAuthorization: [\n\t\t{ name: \"from\", type: \"address\" },\n\t\t{ name: \"to\", type: \"address\" },\n\t\t{ name: \"value\", type: \"uint256\" },\n\t\t{ name: \"validAfter\", type: \"uint256\" },\n\t\t{ name: \"validBefore\", type: \"uint256\" },\n\t\t{ name: \"nonce\", type: \"bytes32\" },\n\t],\n} as const;\n\nconst cancelAuthorizationTypes = {\n\tCancelAuthorization: [\n\t\t{ name: \"authorizer\", type: \"address\" },\n\t\t{ name: \"nonce\", type: \"bytes32\" },\n\t],\n} as const;\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\n/**\n * Generates a cryptographically random 32-byte EIP-3009 nonce.\n *\n * The nonce only needs to be unique per `(authorizer, contract)` — duplicates\n * across different tokens are harmless because the contract scopes them.\n *\n * @example\n * ```ts\n * import { generateAuthorizationNonce } from \"kawasekit\";\n *\n * const nonce = generateAuthorizationNonce();\n * ```\n */\nexport function generateAuthorizationNonce(): Hex {\n\tconst bytes = new Uint8Array(32);\n\tcrypto.getRandomValues(bytes);\n\treturn `0x${Array.from(bytes, (b) => b.toString(16).padStart(2, \"0\")).join(\"\")}` as Hex;\n}\n\n/** Domain tag separating the nonce preimage from any other keccak use in the SDK. */\nconst EIP3009_NONCE_DOMAIN_TAG = \"kawasekit/eip3009-nonce/1\";\n\n/**\n * Derives a **deterministic** 32-byte EIP-3009 nonce from a reasoning-step\n * idempotency key, scoped to `(from, verifyingContract, chainId)` so the same\n * key never collides across tokens or chains (M5-1, Half B).\n *\n * `nonce = keccak256(DOMAIN_TAG ‖ idempotencyKey ‖ from ‖ verifyingContract ‖\n * chainId)`. **No shared secret**: determinism across replicas / sub-agents\n * needs only a shared `conversationId` (the source of the key), not secret\n * distribution. A replayed key ⇒ identical nonce ⇒ the token contract's\n * `authorizationState` rejects the second settlement — the on-chain last line of\n * defence against re-signed same-intent duplicate payments. Use in place of\n * {@link generateAuthorizationNonce} only when a key is available.\n *\n * `chainId` is in the preimage, so the same JPYC address on Polygon / Avalanche\n * / Kaia / Ethereum yields distinct nonces (cross-chain replay safety).\n *\n * @example\n * ```ts\n * import { deriveAuthorizationNonce } from \"kawasekit\";\n *\n * const nonce = deriveAuthorizationNonce(\n *   { idempotencyKey },\n *   { from: account.address, verifyingContract, chainId },\n * );\n * ```\n */\nexport function deriveAuthorizationNonce(\n\tinput: { readonly idempotencyKey: string },\n\tscope: { readonly from: Address; readonly verifyingContract: Address; readonly chainId: number },\n): Hex {\n\tif (input.idempotencyKey === \"\") {\n\t\tthrow new Error(\"deriveAuthorizationNonce: idempotencyKey must be a non-empty string\");\n\t}\n\tconst preimage = JSON.stringify([\n\t\tEIP3009_NONCE_DOMAIN_TAG,\n\t\tinput.idempotencyKey,\n\t\tgetAddress(scope.from),\n\t\tgetAddress(scope.verifyingContract),\n\t\tscope.chainId,\n\t]);\n\treturn keccak256(stringToHex(preimage));\n}\n\n/**\n * Returns a `validBefore` UNIX timestamp `seconds` in the future.\n *\n * @param seconds - Lifetime of the authorization, in seconds.\n * @param nowSec - Optional override of \"now\" (defaults to {@link Date.now}).\n *\n * @example\n * ```ts\n * import { authorizationDeadlineFromNow } from \"kawasekit\";\n *\n * const validBefore = authorizationDeadlineFromNow(60 * 5); // 5 minutes\n * ```\n */\nexport function authorizationDeadlineFromNow(seconds: number, nowSec?: bigint): bigint {\n\tconst now = nowSec ?? BigInt(Math.floor(Date.now() / 1000));\n\treturn now + BigInt(seconds);\n}\n\nfunction requireSignTypedData(account: Account): NonNullable<Account[\"signTypedData\"]> {\n\tif (!account.signTypedData) {\n\t\tthrow new Error(\n\t\t\t`Account ${account.address} cannot sign typed data — pass a LocalAccount or a JsonRpcAccount bound to a WalletClient.`,\n\t\t);\n\t}\n\treturn account.signTypedData.bind(account);\n}\n\nfunction assertSignerMatches(account: Account, expectedFrom: Address, role: string): void {\n\tif (getAddress(account.address) !== getAddress(expectedFrom)) {\n\t\tthrow new Error(\n\t\t\t`EIP-3009 ${role} signature must come from \\`${role === \"cancel\" ? \"authorizer\" : \"from\"}\\`: account is ${account.address}, message says ${expectedFrom}.`,\n\t\t);\n\t}\n}\n\n// ---------------------------------------------------------------------------\n// Signers\n// ---------------------------------------------------------------------------\n\n/**\n * Signs an EIP-3009 `TransferWithAuthorization` message.\n *\n * The signing account MUST equal `message.from` — EIP-3009 rejects signatures\n * from anyone else (the on-chain check is pure `ecrecover` against `from`).\n *\n * @example\n * ```ts\n * import { privateKeyToAccount } from \"viem/accounts\";\n * import {\n *   authorizationDeadlineFromNow,\n *   generateAuthorizationNonce,\n *   JPYC_EIP712_DOMAIN_HINT,\n *   polygon,\n *   signTransferWithAuthorization,\n * } from \"kawasekit\";\n *\n * const account = privateKeyToAccount(\"0x...\");\n * const signed = await signTransferWithAuthorization(account, {\n *   ...JPYC_EIP712_DOMAIN_HINT,\n *   chainId: polygon.id,\n *   verifyingContract: \"0xE7C3D8C9a439feDe00D2600032D5dB0Be71C3c29\",\n * }, {\n *   from: account.address,\n *   to: \"0xBeef...\",\n *   value: 100n * 10n ** 18n,\n *   validAfter: 0n,\n *   validBefore: authorizationDeadlineFromNow(300),\n *   nonce: generateAuthorizationNonce(),\n * });\n * // → submit (v, r, s) to token.transferWithAuthorization(...)\n * ```\n */\nexport async function signTransferWithAuthorization(\n\taccount: Account,\n\tdomain: Eip3009Domain,\n\tmessage: TransferWithAuthorizationMessage,\n): Promise<SignedAuthorization<TransferWithAuthorizationMessage>> {\n\tassertSignerMatches(account, message.from, \"transfer\");\n\tconst sign = requireSignTypedData(account);\n\tconst signature = await sign({\n\t\tdomain,\n\t\ttypes: transferWithAuthorizationTypes,\n\t\tprimaryType: \"TransferWithAuthorization\",\n\t\tmessage,\n\t});\n\treturn splitAuthorization(signature, domain, message);\n}\n\n/**\n * Signs an EIP-3009 `ReceiveWithAuthorization` message.\n *\n * Differs from {@link signTransferWithAuthorization} in two ways:\n * 1. Uses the `ReceiveWithAuthorization` EIP-712 type.\n * 2. The contract additionally enforces `msg.sender == to` at submission\n *    time, so only `to` (or a relayer impersonating `to` — impossible in\n *    practice) can land the tx.\n */\nexport async function signReceiveWithAuthorization(\n\taccount: Account,\n\tdomain: Eip3009Domain,\n\tmessage: ReceiveWithAuthorizationMessage,\n): Promise<SignedAuthorization<ReceiveWithAuthorizationMessage>> {\n\tassertSignerMatches(account, message.from, \"receive\");\n\tconst sign = requireSignTypedData(account);\n\tconst signature = await sign({\n\t\tdomain,\n\t\ttypes: receiveWithAuthorizationTypes,\n\t\tprimaryType: \"ReceiveWithAuthorization\",\n\t\tmessage,\n\t});\n\treturn splitAuthorization(signature, domain, message);\n}\n\n/**\n * Signs an EIP-3009 `CancelAuthorization` message.\n *\n * Cancelling consumes the nonce so a later `transferWithAuthorization` or\n * `receiveWithAuthorization` with the same nonce will revert.\n */\nexport async function signCancelAuthorization(\n\taccount: Account,\n\tdomain: Eip3009Domain,\n\tmessage: CancelAuthorizationMessage,\n): Promise<SignedAuthorization<CancelAuthorizationMessage>> {\n\tassertSignerMatches(account, message.authorizer, \"cancel\");\n\tconst sign = requireSignTypedData(account);\n\tconst signature = await sign({\n\t\tdomain,\n\t\ttypes: cancelAuthorizationTypes,\n\t\tprimaryType: \"CancelAuthorization\",\n\t\tmessage,\n\t});\n\treturn splitAuthorization(signature, domain, message);\n}\n\nfunction splitAuthorization<TMessage>(\n\tsignature: Hex,\n\tdomain: Eip3009Domain,\n\tmessage: TMessage,\n): SignedAuthorization<TMessage> {\n\tconst parsed = parseSignature(signature);\n\t// viem's parseSignature returns yParity ∈ {0, 1} as well as v when present.\n\tconst v = parsed.v !== undefined ? Number(parsed.v) : (parsed.yParity ?? 0) + 27;\n\treturn {\n\t\tsignature,\n\t\tv,\n\t\tr: parsed.r,\n\t\ts: parsed.s,\n\t\tdomain,\n\t\tmessage,\n\t};\n}\n","/**\n * EIP-712 asset-domain resolution for x402 / EIP-3009 signing.\n *\n * Construction-time pinning of the EIP-712 domain (`name` / `version` /\n * `verifyingContract`) a signer will use. The integrator declares an\n * {@link X402AssetParam} — either a kawasekit-maintained `known` asset or a\n * loud `unsafeOverride` — and {@link resolveAssetParam} resolves it to a pinned\n * {@link ResolvedAsset}. The signer then trusts only this pinned domain and\n * refuses to sign for a mismatched advertised asset (Threat 1.4: misadvertised\n * EIP-712 domain).\n *\n * Token-domain concern, reused by both the x402 signer (`src/x402/client.ts`)\n * and the M6 PolicyGatedSigner (`src/signer/`).\n *\n * @packageDocumentation\n */\n\nimport type { Address } from \"viem\";\nimport { getAddress, isAddress } from \"viem\";\nimport { X402InvalidConfigError } from \"../x402/errors\";\nimport {\n\tgetKnownAssetDomain,\n\ttype KnownAssetDomain,\n\ttype KnownAssetId,\n\tlistKnownAssetIds,\n} from \"./known-assets\";\n\n/** EIP-712 token domain `name` / `version` pair. */\nexport interface X402TokenDomain {\n\treadonly name: string;\n\treadonly version: string;\n}\n\n/**\n * Asset binding for {@link createX402PaymentSigner} and the M6 PolicyGatedSigner.\n * Required, discriminated.\n *\n * **Default-on whitelist**: integrators MUST declare which asset they intend\n * to sign for. The `known` branch references a kawasekit-maintained\n * whitelist (see `src/tokens/known-assets.ts`); the `unsafeOverride` branch\n * is the deliberate escape hatch for any other asset and is named loudly so\n * it survives a code review. Either way, the signer pins the EIP-712 domain\n * at construction time and refuses to sign if `paymentRequirements.asset`\n * disagrees with the pinned `verifyingContract`.\n *\n * Closes Threat 1.4 (misadvertised EIP-712 domain): the server's advertised\n * `extra.name` / `extra.version` and `asset` are all ignored for signing\n * purposes — the signer trusts only what the integrator declared here.\n */\nexport type X402AssetParam =\n\t| {\n\t\t\t/** Use a kawasekit-maintained pinned EIP-712 domain. */\n\t\t\treadonly kind: \"known\";\n\t\t\t/** The asset id to pin. See {@link KnownAssetId} for the registry. */\n\t\t\treadonly id: KnownAssetId;\n\t  }\n\t| {\n\t\t\t/**\n\t\t\t * Use a caller-supplied EIP-712 domain for an asset NOT on the\n\t\t\t * kawasekit whitelist. The name is deliberately loud — pick this\n\t\t\t * branch only when you have separately audited the contract and its\n\t\t\t * `eip712Domain()` output.\n\t\t\t */\n\t\t\treadonly kind: \"unsafeOverride\";\n\t\t\treadonly domain: {\n\t\t\t\treadonly name: string;\n\t\t\t\treadonly version: string;\n\t\t\t\treadonly verifyingContract: Address;\n\t\t\t};\n\t  };\n\n/** Construction-time resolution of an {@link X402AssetParam} to a pinned domain. */\nexport interface ResolvedAsset {\n\treadonly name: string;\n\treadonly version: string;\n\treadonly verifyingContract: Address;\n}\n\n/**\n * Resolve an {@link X402AssetParam} to a pinned {@link ResolvedAsset}.\n *\n * Throws {@link X402InvalidConfigError} for an unknown `known` id or a malformed\n * `unsafeOverride` domain. Pure / construction-time — no chain RPC.\n */\nexport function resolveAssetParam(asset: X402AssetParam): ResolvedAsset {\n\tif (asset.kind === \"known\") {\n\t\tconst entry: KnownAssetDomain | undefined = getKnownAssetDomain(asset.id);\n\t\tif (entry === undefined) {\n\t\t\tthrow new X402InvalidConfigError(\n\t\t\t\t\"asset.id\",\n\t\t\t\t`unknown asset id ${JSON.stringify(asset.id)}. Supported: ${listKnownAssetIds()\n\t\t\t\t\t.map((id) => JSON.stringify(id))\n\t\t\t\t\t.join(\", \")}.`,\n\t\t\t);\n\t\t}\n\t\treturn {\n\t\t\tname: entry.name,\n\t\t\tversion: entry.version,\n\t\t\tverifyingContract: entry.verifyingContract,\n\t\t};\n\t}\n\tif (asset.kind === \"unsafeOverride\") {\n\t\tconst { domain } = asset;\n\t\tif (typeof domain.name !== \"string\" || domain.name === \"\") {\n\t\t\tthrow new X402InvalidConfigError(\n\t\t\t\t\"asset.domain.name\",\n\t\t\t\t\"`unsafeOverride.domain.name` must be a non-empty string\",\n\t\t\t);\n\t\t}\n\t\tif (typeof domain.version !== \"string\" || domain.version === \"\") {\n\t\t\tthrow new X402InvalidConfigError(\n\t\t\t\t\"asset.domain.version\",\n\t\t\t\t\"`unsafeOverride.domain.version` must be a non-empty string\",\n\t\t\t);\n\t\t}\n\t\tif (!isAddress(domain.verifyingContract, { strict: false })) {\n\t\t\tthrow new X402InvalidConfigError(\n\t\t\t\t\"asset.domain.verifyingContract\",\n\t\t\t\t`\\`unsafeOverride.domain.verifyingContract\\` must be a valid address, got ${JSON.stringify(domain.verifyingContract)}`,\n\t\t\t);\n\t\t}\n\t\treturn {\n\t\t\tname: domain.name,\n\t\t\tversion: domain.version,\n\t\t\tverifyingContract: getAddress(domain.verifyingContract),\n\t\t};\n\t}\n\t// Defensive: TS exhaustiveness guarantees this is unreachable at compile\n\t// time, but a JS consumer could smuggle through an unknown kind.\n\tconst exhaustive = asset as { kind: string };\n\tthrow new X402InvalidConfigError(\n\t\t\"asset.kind\",\n\t\t`unsupported kind ${JSON.stringify(exhaustive.kind)}. Expected \"known\" or \"unsafeOverride\".`,\n\t);\n}\n"]}

package/dist/chunk-YMABXRCK.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/policy/spending-policy.ts"],"names":[],"mappings":";;;AAsEO,IAAM,yBAAA,GAAN,cAAwC,KAAA,CAAM;AAAA,EAC3C,KAAA;AAAA,EACA,MAAA;AAAA,EAET,WAAA,CAAY,KAAA,EAAe,MAAA,EAAgB,OAAA,EAA+B;AACzE,IAAA,KAAA,CAAM,CAAA,wBAAA,EAA2B,KAAK,CAAA,GAAA,EAAM,MAAM,IAAI,OAAO,CAAA;AAC7D,IAAA,IAAA,CAAK,IAAA,GAAO,2BAAA;AACZ,IAAA,IAAA,CAAK,KAAA,GAAQ,KAAA;AACb,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AAAA,EACf;AACD;AAEA,SAAS,IAAA,CAAK,QAAmC,MAAA,EAAgC;AAChF,EAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,WAAW,EAAE,MAAA,EAAQ,QAAO,EAAE;AACnD;AAgBO,SAAS,sBAAA,CACf,MAAA,EACA,MAAA,EACA,KAAA,EACA,UAAA,EACiB;AACjB,EAAA,IAAI,OAAO,OAAA,EAAS;AACnB,IAAA,OAAO,IAAA,CAAK,WAAW,sCAAsC,CAAA;AAAA,EAC9D;AACA,EAAA,IAAI,UAAA,GAAa,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU;AACzC,IAAA,OAAO,IAAA,CAAK,WAAW,CAAA,mBAAA,EAAsB,MAAA,CAAO,QAAQ,QAAQ,CAAA,MAAA,EAAS,UAAU,CAAA,CAAA,CAAG,CAAA;AAAA,EAC3F;AACA,EAAA,IAAI,MAAA,CAAO,WAAA,GAAc,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAU;AACjD,IAAA,OAAO,IAAA;AAAA,MACN,SAAA;AAAA,MACA,6BAA6B,MAAA,CAAO,WAAW,CAAA,gCAAA,EAAmC,MAAA,CAAO,QAAQ,QAAQ,CAAA,CAAA;AAAA,KAC1G;AAAA,EACD;AAEA,EAAA,MAAM,WAAA,GAAc,UAAA,CAAW,MAAA,CAAO,KAAK,CAAA;AAC3C,EAAA,MAAM,KAAA,GAAQ,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,CAAC,MAAM,UAAA,CAAW,CAAA,CAAE,KAAK,CAAA,KAAM,WAAW,CAAA;AAC7E,EAAA,IAAI,UAAU,MAAA,EAAW;AACxB,IAAA,OAAO,IAAA,CAAK,mBAAA,EAAqB,CAAA,MAAA,EAAS,WAAW,CAAA,qBAAA,CAAuB,CAAA;AAAA,EAC7E;AAEA,EAAA,IAAI,MAAA,CAAO,uBAAuB,KAAA,EAAO;AACxC,IAAA,MAAM,EAAA,GAAK,UAAA,CAAW,MAAA,CAAO,EAAE,CAAA;AAC/B,IAAA,MAAM,OAAA,GAAU,OAAO,kBAAA,CAAmB,IAAA,CAAK,CAAC,CAAA,KAAM,UAAA,CAAW,CAAC,CAAA,KAAM,EAAE,CAAA;AAC1E,IAAA,IAAI,CAAC,OAAA,EAAS;AACb,MAAA,OAAO,IAAA,CAAK,uBAAA,EAAyB,CAAA,UAAA,EAAa,EAAE,CAAA,wBAAA,CAA0B,CAAA;AAAA,IAC/E;AAAA,EACD;AAEA,EAAA,IAAI,MAAA,CAAO,KAAA,GAAQ,KAAA,CAAM,UAAA,EAAY;AACpC,IAAA,OAAO,IAAA;AAAA,MACN,yBAAA;AAAA,MACA,CAAA,MAAA,EAAS,MAAA,CAAO,KAAK,CAAA,oBAAA,EAAuB,MAAM,UAAU,CAAA;AAAA,KAC7D;AAAA,EACD;AAEA,EAAA,IAAI,KAAA,CAAM,kBAAkB,MAAA,EAAW;AACtC,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,aAAA,CAAc,IAAA,CAAK,CAAC,CAAA,KAAM,UAAA,CAAW,CAAA,CAAE,KAAK,CAAA,KAAM,WAAW,CAAA,EAAG,KAAA,IAAS,EAAA;AAC7F,IAAA,IAAI,KAAA,GAAQ,MAAA,CAAO,KAAA,GAAQ,KAAA,CAAM,aAAA,EAAe;AAC/C,MAAA,OAAO,IAAA;AAAA,QACN,2BAAA;AAAA,QACA,SAAS,KAAK,CAAA,SAAA,EAAY,OAAO,KAAK,CAAA,uBAAA,EAA0B,MAAM,aAAa,CAAA;AAAA,OACpF;AAAA,IACD;AAAA,EACD;AAEA,EAAA,OAAO,EAAE,IAAI,IAAA,EAAK;AACnB;AA2BO,SAAS,qBAAqB,MAAA,EAAoD;AACxF,EAAA,IAAI,OAAO,OAAO,OAAA,CAAQ,EAAA,KAAO,YAAY,MAAA,CAAO,OAAA,CAAQ,OAAO,EAAA,EAAI;AACtE,IAAA,MAAM,IAAI,yBAAA,CAA0B,YAAA,EAAc,4BAA4B,CAAA;AAAA,EAC/E;AACA,EAAA,IAAI,MAAA,CAAO,OAAA,CAAQ,QAAA,IAAY,EAAA,EAAI;AAClC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACT,kBAAA;AAAA,MACA,CAAA,4CAAA,EAA+C,MAAA,CAAO,OAAA,CAAQ,QAAQ,CAAA;AAAA,KACvE;AAAA,EACD;AACA,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,MAAA,KAAW,CAAA,EAAG;AACjC,IAAA,MAAM,IAAI,yBAAA;AAAA,MACT,UAAA;AAAA,MACA;AAAA,KACD;AAAA,EACD;AAEA,EAAA,MAAM,IAAA,uBAAW,GAAA,EAAY;AAC7B,EAAA,MAAM,QAAA,GAAkC,MAAA,CAAO,QAAA,CAAS,GAAA,CAAI,CAAC,CAAA,KAAM;AAClE,IAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,CAAA,CAAE,KAAK,CAAA;AAChC,IAAA,IAAI,IAAA,CAAK,GAAA,CAAI,KAAK,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,yBAAA,CAA0B,UAAA,EAAY,CAAA,gBAAA,EAAmB,KAAK,CAAA,CAAE,CAAA;AAAA,IAC3E;AACA,IAAA,IAAA,CAAK,IAAI,KAAK,CAAA;AACd,IAAA,IAAI,CAAA,CAAE,cAAc,EAAA,EAAI;AACvB,MAAA,MAAM,IAAI,yBAAA;AAAA,QACT,qBAAA;AAAA,QACA,CAAA,sBAAA,EAAyB,CAAA,CAAE,UAAU,CAAA,KAAA,EAAQ,KAAK,CAAA;AAAA,OACnD;AAAA,IACD;AACA,IAAA,IAAI,CAAA,CAAE,kBAAkB,MAAA,EAAW;AAClC,MAAA,IAAI,CAAA,CAAE,iBAAiB,EAAA,EAAI;AAC1B,QAAA,MAAM,IAAI,yBAAA;AAAA,UACT,wBAAA;AAAA,UACA,CAAA,sBAAA,EAAyB,CAAA,CAAE,aAAa,CAAA,KAAA,EAAQ,KAAK,CAAA;AAAA,SACtD;AAAA,MACD;AACA,MAAA,IAAI,CAAA,CAAE,aAAA,GAAgB,CAAA,CAAE,UAAA,EAAY;AACnC,QAAA,MAAM,IAAI,yBAAA;AAAA,UACT,wBAAA;AAAA,UACA,kBAAkB,CAAA,CAAE,aAAa,4BAA4B,CAAA,CAAE,UAAU,SAAS,KAAK,CAAA;AAAA,SACxF;AAAA,MACD;AACA,MAAA,OAAO,EAAE,KAAA,EAAO,UAAA,EAAY,EAAE,UAAA,EAAY,aAAA,EAAe,EAAE,aAAA,EAAc;AAAA,IAC1E;AACA,IAAA,OAAO,EAAE,KAAA,EAAO,UAAA,EAAY,CAAA,CAAE,UAAA,EAAW;AAAA,EAC1C,CAAC,CAAA;AAED,EAAA,MAAM,kBAAA,GACL,MAAA,CAAO,kBAAA,KAAuB,KAAA,GAC3B,KAAA,GACA,MAAA,CAAO,kBAAA,CAAmB,GAAA,CAAI,CAAC,CAAA,KAAM,UAAA,CAAW,CAAC,CAAC,CAAA;AAEtD,EAAA,OAAO;AAAA,IACN,OAAA,EAAS,GAAA;AAAA,IACT,OAAA,EAAS,EAAE,EAAA,EAAI,MAAA,CAAO,QAAQ,EAAA,EAAI,QAAA,EAAU,MAAA,CAAO,OAAA,CAAQ,QAAA,EAAS;AAAA,IACpE,QAAA;AAAA,IACA,kBAAA;AAAA,IACA,OAAA,EAAS,OAAO,OAAA,IAAW;AAAA,GAC5B;AACD;AAOO,SAAS,eAAA,CACf,OACA,KAAA,EACa;AACb,EAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,KAAA,CAAM,KAAK,CAAA;AACpC,EAAA,MAAM,MAAA,GAAS,KAAA,CAAM,aAAA,CAAc,IAAA,CAAK,CAAC,MAAM,UAAA,CAAW,CAAA,CAAE,KAAK,CAAA,KAAM,KAAK,CAAA;AAC5E,EAAA,MAAM,aAAA,GAAgB,MAAA,GACnB,KAAA,CAAM,aAAA,CAAc,GAAA;AAAA,IAAI,CAAC,CAAA,KACzB,UAAA,CAAW,CAAA,CAAE,KAAK,CAAA,KAAM,KAAA,GAAQ,EAAE,KAAA,EAAO,KAAA,EAAO,CAAA,CAAE,KAAA,GAAQ,KAAA,CAAM,OAAM,GAAI;AAAA,GAC3E,GACC,CAAC,GAAG,KAAA,CAAM,aAAA,EAAe,EAAE,KAAA,EAAO,KAAA,EAAO,KAAA,CAAM,KAAA,EAAO,CAAA;AACzD,EAAA,OAAO,EAAE,aAAA,EAAc;AACxB","file":"chunk-YMABXRCK.js","sourcesContent":["/**\n * Spending policy — policy-as-data for the x402 / EIP-3009 PolicyGatedSigner\n * (M6). One declarative {@link SpendingPolicy} (session + expiry, per-token\n * `maxPerSign` + cumulative cap, recipient allowlist, `revoked`) and one pure,\n * deny-closed evaluator {@link evaluateSpendingPolicy}.\n *\n * The same specification is enforced SDK-side (the `local` adapter) and, for the\n * `mpc-2p` adapter, re-implemented backend-side in Go; a shared conformance\n * corpus (`__fixtures__/spending-policy.vectors.json`) keeps the two in lockstep.\n * The evaluator is **check-only** — it reads `SpendState` and never mutates it;\n * the cumulative-cap *commit* (folding a successful spend back in via\n * {@link mergeSpendState}) is the adapter's job, and atomic+authoritative\n * commit is a property of the `cryptographic` adapter only.\n *\n * This is the **x402-EOA** policy path. The smart-account / ZeroDev session-key\n * path is `createJpycDailyLimitPolicies` (`./daily-limit`) — a sibling, not a\n * replacement.\n *\n * @packageDocumentation\n */\n\nimport type { Address } from \"viem\";\nimport { getAddress } from \"viem\";\nimport type { PaymentIntent, PolicyRejection } from \"../signer/types\";\n\n/** Per-token spend limits. A token absent from the policy's `perToken` is NOT allowed. */\nexport interface TokenLimit {\n\treadonly token: Address;\n\t/** Max value per single signature, token base units. Generalizes `maxAmountPerSign` (threat 1.14). */\n\treadonly maxPerSign: bigint;\n\t/** Optional total across the session. `undefined` = uncapped. MUST be `>= maxPerSign`. */\n\treadonly cumulativeCap?: bigint;\n}\n\n/**\n * Policy-as-data evaluated for every {@link PaymentIntent}. Deny-closed\n * throughout: a token not listed in `perToken` is rejected, and\n * `recipientAllowlist` is **required** — `\"any\"` (unrestricted) is a conscious,\n * greppable choice, never a silent default.\n */\nexport interface SpendingPolicy {\n\treadonly version: \"1\";\n\t/** Session id + expiry (unix seconds). An authorization may not outlive the session. */\n\treadonly session: { readonly id: string; readonly notAfter: bigint };\n\treadonly perToken: readonly TokenLimit[];\n\t/**\n\t * Recipient restriction (**required** — no silent allow-open default):\n\t * `\"any\"` = unrestricted, `[]` = deny-all, `[...]` = allowlist. Making\n\t * `\"any\"` explicit keeps the policy deny-closed like `perToken`.\n\t */\n\treadonly recipientAllowlist: readonly Address[] | \"any\";\n\treadonly revoked: boolean;\n}\n\n/**\n * Cross-call cumulative spend, per token. Injected into the evaluator (never a\n * module global). For the `local` adapter this is a single-process, caller-managed\n * **read-only view**; the authoritative ledger lives in the `cryptographic`\n * adapter's backend.\n */\nexport interface SpendState {\n\treadonly spentPerToken: readonly { readonly token: Address; readonly spent: bigint }[];\n}\n\n/** The outcome of {@link evaluateSpendingPolicy}. */\nexport type PolicyDecision =\n\t| { readonly ok: true }\n\t| { readonly ok: false; readonly rejection: PolicyRejection };\n\n/** Thrown by {@link createSpendingPolicy} on a malformed policy. */\nexport class SpendingPolicyConfigError extends Error {\n\treadonly field: string;\n\treadonly reason: string;\n\n\tconstructor(field: string, reason: string, options?: { cause?: unknown }) {\n\t\tsuper(`Invalid SpendingPolicy (${field}): ${reason}`, options);\n\t\tthis.name = \"SpendingPolicyConfigError\";\n\t\tthis.field = field;\n\t\tthis.reason = reason;\n\t}\n}\n\nfunction deny(reason: PolicyRejection[\"reason\"], detail: string): PolicyDecision {\n\treturn { ok: false, rejection: { reason, detail } };\n}\n\n/**\n * Evaluate a {@link SpendingPolicy} against a decoded {@link PaymentIntent}.\n *\n * Pure, deterministic, no I/O. Deny-closed; the first failing check wins. All\n * amount comparisons are `bigint`; all address equality uses `getAddress()` on\n * both sides. **Reads `state`, never mutates it** — see {@link mergeSpendState}.\n * `detail` strings never contain the nonce or any signature.\n *\n * @example\n * ```ts\n * const decision = evaluateSpendingPolicy(policy, intent, state, BigInt(Math.floor(Date.now() / 1000)));\n * if (!decision.ok) console.warn(decision.rejection.reason);\n * ```\n */\nexport function evaluateSpendingPolicy(\n\tpolicy: SpendingPolicy,\n\tintent: PaymentIntent,\n\tstate: SpendState,\n\tnowSeconds: bigint,\n): PolicyDecision {\n\tif (policy.revoked) {\n\t\treturn deny(\"revoked\", \"the spending policy has been revoked\");\n\t}\n\tif (nowSeconds > policy.session.notAfter) {\n\t\treturn deny(\"expired\", `session expired at ${policy.session.notAfter} (now ${nowSeconds})`);\n\t}\n\tif (intent.validBefore > policy.session.notAfter) {\n\t\treturn deny(\n\t\t\t\"expired\",\n\t\t\t`authorization validBefore ${intent.validBefore} outlives the session (notAfter ${policy.session.notAfter})`,\n\t\t);\n\t}\n\n\tconst intentToken = getAddress(intent.token);\n\tconst limit = policy.perToken.find((l) => getAddress(l.token) === intentToken);\n\tif (limit === undefined) {\n\t\treturn deny(\"token_not_allowed\", `token ${intentToken} is not in the policy`);\n\t}\n\n\tif (policy.recipientAllowlist !== \"any\") {\n\t\tconst to = getAddress(intent.to);\n\t\tconst allowed = policy.recipientAllowlist.some((a) => getAddress(a) === to);\n\t\tif (!allowed) {\n\t\t\treturn deny(\"recipient_not_allowed\", `recipient ${to} is not on the allowlist`);\n\t\t}\n\t}\n\n\tif (intent.value > limit.maxPerSign) {\n\t\treturn deny(\n\t\t\t\"amount_exceeds_per_sign\",\n\t\t\t`value ${intent.value} exceeds maxPerSign ${limit.maxPerSign}`,\n\t\t);\n\t}\n\n\tif (limit.cumulativeCap !== undefined) {\n\t\tconst spent = state.spentPerToken.find((s) => getAddress(s.token) === intentToken)?.spent ?? 0n;\n\t\tif (spent + intent.value > limit.cumulativeCap) {\n\t\t\treturn deny(\n\t\t\t\t\"amount_exceeds_cumulative\",\n\t\t\t\t`spent ${spent} + value ${intent.value} exceeds cumulativeCap ${limit.cumulativeCap}`,\n\t\t\t);\n\t\t}\n\t}\n\n\treturn { ok: true };\n}\n\n/** Parameters for {@link createSpendingPolicy}. */\nexport interface CreateSpendingPolicyParams {\n\treadonly session: { readonly id: string; readonly notAfter: bigint };\n\treadonly perToken: readonly TokenLimit[];\n\t/** Required: `\"any\"` (unrestricted), `[]` (deny-all), or an allowlist. No silent default. */\n\treadonly recipientAllowlist: readonly Address[] | \"any\";\n\t/** Defaults to `false`. */\n\treadonly revoked?: boolean;\n}\n\n/**\n * Validate + normalize a {@link SpendingPolicy}. Checksums all addresses\n * (`getAddress`), rejects an empty `perToken` (deny-closed), a non-positive\n * `maxPerSign`/`cumulativeCap`, a `cumulativeCap < maxPerSign`, and duplicate\n * tokens. Throws {@link SpendingPolicyConfigError} on violation.\n *\n * @example\n * ```ts\n * const policy = createSpendingPolicy({\n *   session: { id: conversationId, notAfter: BigInt(deadline) },\n *   perToken: [{ token: JPYC, maxPerSign: 1_000n, cumulativeCap: 10_000n }],\n *   recipientAllowlist: [merchant],\n * });\n * ```\n */\nexport function createSpendingPolicy(params: CreateSpendingPolicyParams): SpendingPolicy {\n\tif (typeof params.session.id !== \"string\" || params.session.id === \"\") {\n\t\tthrow new SpendingPolicyConfigError(\"session.id\", \"must be a non-empty string\");\n\t}\n\tif (params.session.notAfter <= 0n) {\n\t\tthrow new SpendingPolicyConfigError(\n\t\t\t\"session.notAfter\",\n\t\t\t`must be a positive unix-seconds bigint, got ${params.session.notAfter}`,\n\t\t);\n\t}\n\tif (params.perToken.length === 0) {\n\t\tthrow new SpendingPolicyConfigError(\n\t\t\t\"perToken\",\n\t\t\t\"must list at least one token (the policy is deny-closed)\",\n\t\t);\n\t}\n\n\tconst seen = new Set<string>();\n\tconst perToken: readonly TokenLimit[] = params.perToken.map((l) => {\n\t\tconst token = getAddress(l.token);\n\t\tif (seen.has(token)) {\n\t\t\tthrow new SpendingPolicyConfigError(\"perToken\", `duplicate token ${token}`);\n\t\t}\n\t\tseen.add(token);\n\t\tif (l.maxPerSign <= 0n) {\n\t\t\tthrow new SpendingPolicyConfigError(\n\t\t\t\t\"perToken.maxPerSign\",\n\t\t\t\t`must be positive, got ${l.maxPerSign} for ${token}`,\n\t\t\t);\n\t\t}\n\t\tif (l.cumulativeCap !== undefined) {\n\t\t\tif (l.cumulativeCap <= 0n) {\n\t\t\t\tthrow new SpendingPolicyConfigError(\n\t\t\t\t\t\"perToken.cumulativeCap\",\n\t\t\t\t\t`must be positive, got ${l.cumulativeCap} for ${token}`,\n\t\t\t\t);\n\t\t\t}\n\t\t\tif (l.cumulativeCap < l.maxPerSign) {\n\t\t\t\tthrow new SpendingPolicyConfigError(\n\t\t\t\t\t\"perToken.cumulativeCap\",\n\t\t\t\t\t`cumulativeCap (${l.cumulativeCap}) must be >= maxPerSign (${l.maxPerSign}) for ${token}`,\n\t\t\t\t);\n\t\t\t}\n\t\t\treturn { token, maxPerSign: l.maxPerSign, cumulativeCap: l.cumulativeCap };\n\t\t}\n\t\treturn { token, maxPerSign: l.maxPerSign };\n\t});\n\n\tconst recipientAllowlist =\n\t\tparams.recipientAllowlist === \"any\"\n\t\t\t? \"any\"\n\t\t\t: params.recipientAllowlist.map((a) => getAddress(a));\n\n\treturn {\n\t\tversion: \"1\",\n\t\tsession: { id: params.session.id, notAfter: params.session.notAfter },\n\t\tperToken,\n\t\trecipientAllowlist,\n\t\trevoked: params.revoked ?? false,\n\t};\n}\n\n/**\n * Fold a successful spend back into a {@link SpendState} (pure; returns a new\n * state). The caller of the `local` adapter uses this to keep `cumulativeCap`\n * meaningful across calls — `local` does not own an authoritative ledger.\n */\nexport function mergeSpendState(\n\tstate: SpendState,\n\tspend: { readonly token: Address; readonly value: bigint },\n): SpendState {\n\tconst token = getAddress(spend.token);\n\tconst exists = state.spentPerToken.some((s) => getAddress(s.token) === token);\n\tconst spentPerToken = exists\n\t\t? state.spentPerToken.map((s) =>\n\t\t\t\tgetAddress(s.token) === token ? { token, spent: s.spent + spend.value } : s,\n\t\t\t)\n\t\t: [...state.spentPerToken, { token, spent: spend.value }];\n\treturn { spentPerToken };\n}\n"]}