tenzro-sdk 0.1.0 → 0.2.0

package/dist/custody.js

@@ -91,6 +91,222 @@ class CustodyClient {
             { wallet_id: walletId, duration_secs: durationSecs, operations },
         ]);
     }
+    // ── ML-DSA-65 (FIPS 204) — post-quantum wallet signing surface ──
+    //
+    // These methods call the `/wallet/mldsa/*` Web API endpoints (not
+    // JSON-RPC). Each call requires a caller-supplied DPoP-bound JWT and
+    // a fresh DPoP proof signed over `(method, htu)`. The proof is opaque
+    // to the SDK — the wallet kernel constructs it.
+    /**
+     * Discover the node's ML-DSA-65 signing mode.
+     *
+     * Always `tee-only` on testnet. The wallet uses this to decide
+     * whether to invoke threshold-coordination methods (skipped in
+     * `tee-only`) or fall through to the single-shot {@link mldsaSign}.
+     *
+     * Required AAP capability: `wallet.mldsa.sign`.
+     */
+    async mldsaCapabilities(bearerJwt, dpopProof) {
+        return this.rpc.getWithAuth('/wallet/mldsa/capabilities', bearerJwt, dpopProof);
+    }
+    /**
+     * Sign a preimage with the node-held ML-DSA-65 key bound to
+     * `(did, surfaceKey)`. The returned signature is 3309 bytes per
+     * FIPS 204 §4 Table 2.
+     *
+     * Required AAP capability: `wallet.mldsa.sign`.
+     *
+     * @param bearerJwt - DPoP-bound bearer JWT.
+     * @param dpopProof - Fresh DPoP proof signed over `(POST, "<base>/wallet/mldsa/sign")`.
+     * @param did - Bearer DID owning the surface key.
+     * @param surfaceKey - Wallet-defined surface identifier (e.g. `"vault.0"`).
+     * @param preimage - Raw bytes to be signed (encoded base64url no-pad on the wire).
+     * @param purpose - Optional caller-supplied purpose string for audit logging.
+     */
+    async mldsaSign(bearerJwt, dpopProof, did, surfaceKey, preimage, purpose) {
+        return this.rpc.postWithAuth('/wallet/mldsa/sign', {
+            did,
+            surface_key: surfaceKey,
+            preimage_b64: base64UrlNoPadEncode(preimage),
+            purpose,
+        }, bearerJwt, dpopProof);
+    }
+    // ── FROST (RFC 9591) — threshold Schnorr signing surface ──
+    //
+    // Per-curve `:scheme` path dispatch (`ed25519` | `secp256k1`). The
+    // node holds one share, the wallet holds the other (2-of-2). The
+    // wallet drives the protocol; the node is purely reactive. Each call
+    // is gated by AAP capability `wallet.frost.sign` and requires a
+    // fresh DPoP proof bound to the request's `(method, htu)`.
+    //
+    // Wire bytes (`*_b64` fields) are the FROST crate's canonical
+    // `.serialize()` of the corresponding round structure.
+    /**
+     * Start a FROST signing session.
+     *
+     * Server allocates a session, runs Round 1, and returns its
+     * commitments together with both participant identifiers. The
+     * wallet then runs its own Round 1 against the same `preimage`
+     * and the returned identifiers, and submits its commitments via
+     * {@link frostCommit}.
+     *
+     * Required AAP capability: `wallet.frost.sign`.
+     */
+    async frostStart(bearerJwt, dpopProof, scheme, did, surfaceKey, preimage) {
+        return this.rpc.postWithAuth(`/wallet/frost/${scheme}/start`, {
+            did,
+            surface_key: surfaceKey,
+            preimage_b64: base64UrlNoPadEncode(preimage),
+        }, bearerJwt, dpopProof);
+    }
+    /**
+     * Submit the wallet's Round 1 commitments.
+     *
+     * Transitions the session from `pending` to `committed`. After this
+     * call the wallet should call {@link frostAwaitChallenge} to receive
+     * the `SigningPackage` it must feed into the FROST crate's
+     * `round2::sign`.
+     *
+     * Required AAP capability: `wallet.frost.sign`.
+     */
+    async frostCommit(bearerJwt, dpopProof, scheme, sessionId, deviceCommitments) {
+        return this.rpc.postWithAuth(`/wallet/frost/${scheme}/commit`, {
+            session_id: sessionId,
+            device_commitments_b64: base64UrlNoPadEncode(deviceCommitments),
+        }, bearerJwt, dpopProof);
+    }
+    /**
+     * Long-poll for the challenge (`SigningPackage`).
+     *
+     * Returns immediately if the session is already `committed`. Polls
+     * for up to ~5s otherwise. The wallet feeds `signing_package_b64`
+     * into `round2::sign(signing_package, signer_nonces, key_package)`
+     * to produce its signature share.
+     *
+     * Required AAP capability: `wallet.frost.sign`.
+     */
+    async frostAwaitChallenge(bearerJwt, dpopProof, scheme, sessionId) {
+        return this.rpc.postWithAuth(`/wallet/frost/${scheme}/await-challenge`, { session_id: sessionId }, bearerJwt, dpopProof);
+    }
+    /**
+     * Submit the wallet's Round 2 signature share.
+     *
+     * Server runs its own Round 2, aggregates the two shares, and
+     * transitions the session to `finalized`. The aggregated signature
+     * is then retrievable via {@link frostFinalize}.
+     *
+     * Required AAP capability: `wallet.frost.sign`.
+     */
+    async frostRespond(bearerJwt, dpopProof, scheme, sessionId, deviceSignatureShare) {
+        return this.rpc.postWithAuth(`/wallet/frost/${scheme}/respond`, {
+            session_id: sessionId,
+            device_signature_share_b64: base64UrlNoPadEncode(deviceSignatureShare),
+        }, bearerJwt, dpopProof);
+    }
+    /**
+     * Long-poll for the aggregated signature.
+     *
+     * Returns immediately if the session is already `finalized`. Polls
+     * for up to ~5s otherwise. `signature_b64` is the canonical Schnorr
+     * signature: 64 bytes for Ed25519, 65 for secp256k1 (Taproot).
+     *
+     * Required AAP capability: `wallet.frost.sign`.
+     */
+    async frostFinalize(bearerJwt, dpopProof, scheme, sessionId) {
+        return this.rpc.postWithAuth(`/wallet/frost/${scheme}/finalize`, { session_id: sessionId }, bearerJwt, dpopProof);
+    }
+    /**
+     * Abort an in-flight FROST session.
+     *
+     * Idempotent: an already-aborted session returns `aborted`. A
+     * session that has already finalized stays `finalized` (the abort
+     * is a no-op rather than an error).
+     *
+     * Required AAP capability: `wallet.frost.sign`.
+     */
+    async frostAbort(bearerJwt, dpopProof, scheme, sessionId) {
+        return this.rpc.postWithAuth(`/wallet/frost/${scheme}/abort`, { session_id: sessionId }, bearerJwt, dpopProof);
+    }
+    // ── Passkey share-unwrap surface (`/wallet/share/*`) ──
+    //
+    // Three-step flow:
+    //   1. shareEnvelope          — fetch the wrapped FROST share blob.
+    //   2. shareEscrowChallenge   — mint a single-use 30s nonce.
+    //   3. shareEscrowUnwrap      — submit the WebAuthn assertion + nonce
+    //                                to receive `(wrapped_share, pepper)`.
+    //
+    // The pepper is mixed into the wallet's local unwrap KDF; without it
+    // the wrapped share is gibberish even to a caller that holds a valid
+    // AAP token. All endpoints require capability `wallet.share.unwrap`.
+    /**
+     * Fetch the wrapped FROST share for `(credentialId, surfaceKey)`.
+     *
+     * Idempotent — repeated calls return identical bytes for the same
+     * pair. The returned blob is useless on its own; the wallet must
+     * also obtain the per-assertion pepper via {@link shareEscrowUnwrap}
+     * and combine the two through its local KDF to recover the cleartext
+     * share.
+     *
+     * Required AAP capability: `wallet.share.unwrap`.
+     */
+    async shareEnvelope(bearerJwt, dpopProof, credentialId, surfaceKey) {
+        const path = `/wallet/share/envelope?credential_id=${encodeURIComponent(credentialId)}&surface_key=${encodeURIComponent(surfaceKey)}`;
+        return this.rpc.getWithAuth(path, bearerJwt, dpopProof);
+    }
+    /**
+     * Mint a single-use, 30-second-TTL nonce for an upcoming WebAuthn
+     * ceremony.
+     *
+     * The wallet must use the returned `nonce_b64` value verbatim as
+     * the WebAuthn `challenge` field when prompting the user's passkey.
+     * Server-side the nonce is held in an in-memory escrow; it is
+     * consumed by {@link shareEscrowUnwrap} regardless of whether the
+     * assertion verifies.
+     *
+     * Required AAP capability: `wallet.share.unwrap`.
+     */
+    async shareEscrowChallenge(bearerJwt, dpopProof, credentialId, surfaceKey) {
+        return this.rpc.postWithAuth('/wallet/share/escrow/challenge', { credential_id: credentialId, surface_key: surfaceKey }, bearerJwt, dpopProof);
+    }
+    /**
+     * Verify a WebAuthn assertion, consume the escrow nonce, and return
+     * `(wrapped_share, pepper)`.
+     *
+     * Single-use: the nonce is removed from the escrow before the
+     * assertion is verified, so a successful unwrap cannot be replayed
+     * and a failed verification still consumes the nonce. The wallet
+     * must request a fresh challenge before retrying.
+     *
+     * Required AAP capability: `wallet.share.unwrap`.
+     */
+    async shareEscrowUnwrap(bearerJwt, dpopProof, credentialId, surfaceKey, nonceB64, assertion) {
+        return this.rpc.postWithAuth('/wallet/share/escrow/unwrap', {
+            credential_id: credentialId,
+            surface_key: surfaceKey,
+            nonce_b64: nonceB64,
+            assertion,
+        }, bearerJwt, dpopProof);
+    }
 }
 exports.CustodyClient = CustodyClient;
+// ── helpers ──
+/**
+ * Encode bytes as base64url with no padding (RFC 4648 §5). Used for
+ * the `*_b64` fields on the wire format. Implemented locally so the
+ * SDK does not pull in a runtime dependency.
+ */
+function base64UrlNoPadEncode(bytes) {
+    let binary = '';
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    // btoa is available in browsers and modern Node (≥16); fall back
+    // to a Buffer path on older runtimes.
+    const b64 = typeof btoa !== 'undefined'
+        ? btoa(binary)
+        : globalThis
+            .Buffer.from(binary, 'binary')
+            .toString('base64');
+    return b64.replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
 //# sourceMappingURL=custody.js.map

package/dist/custody.js.map

@@ -1 +1 @@
-{"version":3,"file":"custody.js","sourceRoot":"","sources":["../src/custody.ts"],"names":[],"mappings":";;;AAgEA,eAAe;AAEf;;;;;GAKG;AACH,MAAa,aAAa;IACK;IAA7B,YAA6B,GAAc;QAAd,QAAG,GAAH,GAAG,CAAW;IAAG,CAAC;IAE/C;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CACnB,SAAiB,EACjB,WAAmB,EACnB,OAAgC;QAEhC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAY,wBAAwB,EAAE;YACxD,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE;SAC5D,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAoB,uBAAuB,EAAE;YAC/D,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAClC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAY,uBAAuB,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAa,qBAAqB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,QAAgB;QAC/B,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,mBAAmB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACvF,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CACrB,QAAgB,EAChB,UAAkB,EAClB,UAAkB;QAElB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,0BAA0B,EAAE;YAC/D;gBACE,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,UAAU,CAAC,QAAQ,EAAE;gBAClC,YAAY,EAAE,UAAU,CAAC,QAAQ,EAAE;aACpC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,QAAgB;QACtC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,0BAA0B,EAAE;YAC/D,EAAE,SAAS,EAAE,QAAQ,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,gBAAgB,CACpB,QAAgB,EAChB,YAAoB,EACpB,UAAoB;QAEpB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAa,yBAAyB,EAAE;YAC1D,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE;SACjE,CAAC,CAAC;IACL,CAAC;CACF;AApGD,sCAoGC"}
+{"version":3,"file":"custody.js","sourceRoot":"","sources":["../src/custody.ts"],"names":[],"mappings":";;;AAgEA,eAAe;AAEf;;;;;GAKG;AACH,MAAa,aAAa;IACK;IAA7B,YAA6B,GAAc;QAAd,QAAG,GAAH,GAAG,CAAW;IAAG,CAAC;IAE/C;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CACnB,SAAiB,EACjB,WAAmB,EACnB,OAAgC;QAEhC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAY,wBAAwB,EAAE;YACxD,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE;SAC5D,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAoB,uBAAuB,EAAE;YAC/D,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAClC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAY,uBAAuB,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAa,qBAAqB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,QAAgB;QAC/B,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,mBAAmB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACvF,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CACrB,QAAgB,EAChB,UAAkB,EAClB,UAAkB;QAElB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,0BAA0B,EAAE;YAC/D;gBACE,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,UAAU,CAAC,QAAQ,EAAE;gBAClC,YAAY,EAAE,UAAU,CAAC,QAAQ,EAAE;aACpC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,QAAgB;QACtC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,0BAA0B,EAAE;YAC/D,EAAE,SAAS,EAAE,QAAQ,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,gBAAgB,CACpB,QAAgB,EAChB,YAAoB,EACpB,UAAoB;QAEpB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAa,yBAAyB,EAAE;YAC1D,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE;SACjE,CAAC,CAAC;IACL,CAAC;IAED,mEAAmE;IACnE,EAAE;IACF,kEAAkE;IAClE,qEAAqE;IACrE,sEAAsE;IACtE,gDAAgD;IAEhD;;;;;;;;OAQG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,SAAiB;QAEjB,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CACzB,4BAA4B,EAC5B,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,SAAS,CACb,SAAiB,EACjB,SAAiB,EACjB,GAAW,EACX,UAAkB,EAClB,QAAoB,EACpB,OAAgB;QAEhB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,oBAAoB,EACpB;YACE,GAAG;YACH,WAAW,EAAE,UAAU;YACvB,YAAY,EAAE,oBAAoB,CAAC,QAAQ,CAAC;YAC5C,OAAO;SACR,EACD,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED,6DAA6D;IAC7D,EAAE;IACF,mEAAmE;IACnE,iEAAiE;IACjE,qEAAqE;IACrE,gEAAgE;IAChE,2DAA2D;IAC3D,EAAE;IACF,8DAA8D;IAC9D,uDAAuD;IAEvD;;;;;;;;;;OAUG;IACH,KAAK,CAAC,UAAU,CACd,SAAiB,EACjB,SAAiB,EACjB,MAAmB,EACnB,GAAW,EACX,UAAkB,EAClB,QAAoB;QAEpB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,iBAAiB,MAAM,QAAQ,EAC/B;YACE,GAAG;YACH,WAAW,EAAE,UAAU;YACvB,YAAY,EAAE,oBAAoB,CAAC,QAAQ,CAAC;SAC7C,EACD,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,WAAW,CACf,SAAiB,EACjB,SAAiB,EACjB,MAAmB,EACnB,SAAiB,EACjB,iBAA6B;QAE7B,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,iBAAiB,MAAM,SAAS,EAChC;YACE,UAAU,EAAE,SAAS;YACrB,sBAAsB,EAAE,oBAAoB,CAAC,iBAAiB,CAAC;SAChE,EACD,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,mBAAmB,CACvB,SAAiB,EACjB,SAAiB,EACjB,MAAmB,EACnB,SAAiB;QAEjB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,iBAAiB,MAAM,kBAAkB,EACzC,EAAE,UAAU,EAAE,SAAS,EAAE,EACzB,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,YAAY,CAChB,SAAiB,EACjB,SAAiB,EACjB,MAAmB,EACnB,SAAiB,EACjB,oBAAgC;QAEhC,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,iBAAiB,MAAM,UAAU,EACjC;YACE,UAAU,EAAE,SAAS;YACrB,0BAA0B,EAAE,oBAAoB,CAAC,oBAAoB,CAAC;SACvE,EACD,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,aAAa,CACjB,SAAiB,EACjB,SAAiB,EACjB,MAAmB,EACnB,SAAiB;QAEjB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,iBAAiB,MAAM,WAAW,EAClC,EAAE,UAAU,EAAE,SAAS,EAAE,EACzB,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,UAAU,CACd,SAAiB,EACjB,SAAiB,EACjB,MAAmB,EACnB,SAAiB;QAEjB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,iBAAiB,MAAM,QAAQ,EAC/B,EAAE,UAAU,EAAE,SAAS,EAAE,EACzB,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED,yDAAyD;IACzD,EAAE;IACF,mBAAmB;IACnB,oEAAoE;IACpE,6DAA6D;IAC7D,sEAAsE;IACtE,uEAAuE;IACvE,EAAE;IACF,qEAAqE;IACrE,qEAAqE;IACrE,qEAAqE;IAErE;;;;;;;;;;OAUG;IACH,KAAK,CAAC,aAAa,CACjB,SAAiB,EACjB,SAAiB,EACjB,YAAoB,EACpB,UAAkB;QAElB,MAAM,IAAI,GAAG,wCAAwC,kBAAkB,CAAC,YAAY,CAAC,gBAAgB,kBAAkB,CAAC,UAAU,CAAC,EAAE,CAAC;QACtI,OAAO,IAAI,CAAC,GAAG,CAAC,WAAW,CAAwB,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACjF,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,oBAAoB,CACxB,SAAiB,EACjB,SAAiB,EACjB,YAAoB,EACpB,UAAkB;QAElB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,gCAAgC,EAChC,EAAE,aAAa,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,EACxD,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,iBAAiB,CACrB,SAAiB,EACjB,SAAiB,EACjB,YAAoB,EACpB,UAAkB,EAClB,QAAgB,EAChB,SAA2B;QAE3B,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAC1B,6BAA6B,EAC7B;YACE,aAAa,EAAE,YAAY;YAC3B,WAAW,EAAE,UAAU;YACvB,SAAS,EAAE,QAAQ;YACnB,SAAS;SACV,EACD,SAAS,EACT,SAAS,CACV,CAAC;IACJ,CAAC;CACF;AApaD,sCAoaC;AAiJD,gBAAgB;AAEhB;;;;GAIG;AACH,SAAS,oBAAoB,CAAC,KAAiB;IAC7C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC;IACD,iEAAiE;IACjE,sCAAsC;IACtC,MAAM,GAAG,GACP,OAAO,IAAI,KAAK,WAAW;QACzB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC;QACd,CAAC,CAAE,UAAqG;aACnG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC;aAC7B,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC5B,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxE,CAAC"}

package/dist/eip6963.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Minimal EIP-6963 provider discovery for `TenzroClient.fromInjected()`.
+ *
+ * The browser extension installs `window.tenzro` and announces itself
+ * via `eip6963:announceProvider` (the multi-wallet discovery standard
+ * from EIP-6963 §Specification). This helper listens for the matching
+ * announcement and returns the provider, with a typed
+ * `TenzroNotInstalledError` for the not-installed case.
+ *
+ * The discovery code is inlined here rather than imported from a
+ * separate `@tenzro/inject` package so the SDK has zero peer
+ * dependencies — `npm install tenzro-sdk` is enough to opt into the
+ * injected-provider path.
+ */
+export interface EIP1193Provider {
+    request<T = unknown>(args: {
+        method: string;
+        params?: readonly unknown[] | Record<string, unknown>;
+    }): Promise<T>;
+}
+export interface EIP6963ProviderInfo {
+    readonly uuid: string;
+    readonly name: string;
+    readonly icon: string;
+    readonly rdns: string;
+}
+export interface EIP6963ProviderDetail {
+    readonly info: EIP6963ProviderInfo;
+    readonly provider: EIP1193Provider;
+}
+/**
+ * Default `rdns` for the Tenzro browser-extension provider.
+ *
+ * Pre-registration value — kept aligned with the extension's
+ * `installTenzroProvider({ rdns })` default. Will become a
+ * formally-registered RDNS once the CAIP-2 `tenzro:` namespace PR
+ * lands upstream.
+ */
+export declare const TENZRO_PROVIDER_RDNS = "network.tenzro.wallet";
+/**
+ * Listen for EIP-6963 announcements and resolve when a provider
+ * matching `rdns` arrives. Defaults to the Tenzro extension's RDNS.
+ *
+ * Rejects with {@link TenzroNotInstalledError} if no matching
+ * provider announces within `timeoutMs` (default 3000ms).
+ */
+export declare function discoverEip6963Provider(options?: {
+    rdns?: string;
+    timeoutMs?: number;
+}): Promise<EIP6963ProviderDetail>;
+/**
+ * Thrown when a Tenzro provider is expected but not present in the page.
+ *
+ * Catch this in dApps to render an "Install Tenzro" CTA rather than
+ * a generic error. The `code` field is also set to the literal string
+ * `"TENZRO_NOT_INSTALLED"` for callers that prefer duck-typing over
+ * `instanceof`.
+ */
+export declare class TenzroNotInstalledError extends Error {
+    readonly code: "TENZRO_NOT_INSTALLED";
+    constructor(message: string);
+}
+//# sourceMappingURL=eip6963.d.ts.map

package/dist/eip6963.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"eip6963.d.ts","sourceRoot":"","sources":["../src/eip6963.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,MAAM,WAAW,eAAe;IAC9B,OAAO,CAAC,CAAC,GAAG,OAAO,EAAE,IAAI,EAAE;QACzB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,SAAS,OAAO,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACvD,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;CAChB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,IAAI,EAAE,mBAAmB,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,eAAe,CAAC;CACpC;AAMD;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,0BAA0B,CAAC;AAE5D;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,CAAC,EAAE;IAChD,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAwCjC;AAED;;;;;;;GAOG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;IAChD,QAAQ,CAAC,IAAI,EAAG,sBAAsB,CAAU;gBAEpC,OAAO,EAAE,MAAM;CAI5B"}

package/dist/eip6963.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TenzroNotInstalledError = exports.TENZRO_PROVIDER_RDNS = void 0;
+exports.discoverEip6963Provider = discoverEip6963Provider;
+/**
+ * Default `rdns` for the Tenzro browser-extension provider.
+ *
+ * Pre-registration value — kept aligned with the extension's
+ * `installTenzroProvider({ rdns })` default. Will become a
+ * formally-registered RDNS once the CAIP-2 `tenzro:` namespace PR
+ * lands upstream.
+ */
+exports.TENZRO_PROVIDER_RDNS = "network.tenzro.wallet";
+/**
+ * Listen for EIP-6963 announcements and resolve when a provider
+ * matching `rdns` arrives. Defaults to the Tenzro extension's RDNS.
+ *
+ * Rejects with {@link TenzroNotInstalledError} if no matching
+ * provider announces within `timeoutMs` (default 3000ms).
+ */
+function discoverEip6963Provider(options) {
+    const wantRdns = options?.rdns ?? exports.TENZRO_PROVIDER_RDNS;
+    const timeoutMs = options?.timeoutMs ?? 3000;
+    if (typeof window === "undefined") {
+        return Promise.reject(new TenzroNotInstalledError("not running in a browser context"));
+    }
+    return new Promise((resolve, reject) => {
+        let settled = false;
+        const onAnnounce = (rawEvent) => {
+            const event = rawEvent;
+            if (event.detail?.info?.rdns === wantRdns && !settled) {
+                settled = true;
+                window.removeEventListener("eip6963:announceProvider", onAnnounce);
+                window.clearTimeout(timer);
+                resolve(event.detail);
+            }
+        };
+        window.addEventListener("eip6963:announceProvider", onAnnounce);
+        // Per EIP-6963 §Specification, dApps signal readiness with this
+        // event; already-installed wallets re-announce in response.
+        window.dispatchEvent(new Event("eip6963:requestProvider"));
+        const timer = window.setTimeout(() => {
+            if (settled)
+                return;
+            settled = true;
+            window.removeEventListener("eip6963:announceProvider", onAnnounce);
+            reject(new TenzroNotInstalledError(`no EIP-6963 provider with rdns="${wantRdns}" announced within ${timeoutMs}ms`));
+        }, timeoutMs);
+    });
+}
+/**
+ * Thrown when a Tenzro provider is expected but not present in the page.
+ *
+ * Catch this in dApps to render an "Install Tenzro" CTA rather than
+ * a generic error. The `code` field is also set to the literal string
+ * `"TENZRO_NOT_INSTALLED"` for callers that prefer duck-typing over
+ * `instanceof`.
+ */
+class TenzroNotInstalledError extends Error {
+    code = "TENZRO_NOT_INSTALLED";
+    constructor(message) {
+        super(message);
+        this.name = "TenzroNotInstalledError";
+    }
+}
+exports.TenzroNotInstalledError = TenzroNotInstalledError;
+//# sourceMappingURL=eip6963.js.map

package/dist/eip6963.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eip6963.js","sourceRoot":"","sources":["../src/eip6963.ts"],"names":[],"mappings":";;;AAsDA,0DA2CC;AA5DD;;;;;;;GAOG;AACU,QAAA,oBAAoB,GAAG,uBAAuB,CAAC;AAE5D;;;;;;GAMG;AACH,SAAgB,uBAAuB,CAAC,OAGvC;IACC,MAAM,QAAQ,GAAG,OAAO,EAAE,IAAI,IAAI,4BAAoB,CAAC;IACvD,MAAM,SAAS,GAAG,OAAO,EAAE,SAAS,IAAI,IAAI,CAAC;IAE7C,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;QAClC,OAAO,OAAO,CAAC,MAAM,CACnB,IAAI,uBAAuB,CAAC,kCAAkC,CAAC,CAChE,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,UAAU,GAAG,CAAC,QAAe,EAAE,EAAE;YACrC,MAAM,KAAK,GAAG,QAAwC,CAAC;YACvD,IAAI,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,KAAK,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC;gBACtD,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,mBAAmB,CAAC,0BAA0B,EAAE,UAAU,CAAC,CAAC;gBACnE,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;gBAC3B,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;YACxB,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,0BAA0B,EAAE,UAAU,CAAC,CAAC;QAEhE,gEAAgE;QAChE,4DAA4D;QAC5D,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAE3D,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,CAAC,GAAG,EAAE;YACnC,IAAI,OAAO;gBAAE,OAAO;YACpB,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,CAAC,mBAAmB,CAAC,0BAA0B,EAAE,UAAU,CAAC,CAAC;YACnE,MAAM,CACJ,IAAI,uBAAuB,CACzB,mCAAmC,QAAQ,sBAAsB,SAAS,IAAI,CAC/E,CACF,CAAC;QACJ,CAAC,EAAE,SAAS,CAAC,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;GAOG;AACH,MAAa,uBAAwB,SAAQ,KAAK;IACvC,IAAI,GAAG,sBAA+B,CAAC;IAEhD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAPD,0DAOC"}

package/dist/erc8004.d.ts

@@ -0,0 +1,97 @@
+import type { RpcClient } from './rpc';
+/**
+ * Deterministic agent id derived from a Tenzro DID via
+ * `keccak256(utf8(did))`.
+ */
+export interface Erc8004AgentId {
+    /** DID echoed back. */
+    did: string;
+    /** 32-byte agent id as 0x-prefixed hex. */
+    agent_id: string;
+}
+/**
+ * Hex-encoded ABI calldata ready for `eth_sendRawTransaction` / `eth_call`.
+ */
+export interface Erc8004Calldata {
+    /** Full hex-encoded calldata (selector + abi-encoded args). */
+    calldata: string;
+    /** Echoed agent id from `encodeRegister`; empty for other encoders. */
+    agent_id?: string;
+}
+/**
+ * Decoded agent record returned by `IdentityRegistry.getAgent()`.
+ */
+export interface Erc8004Agent {
+    /** Agent owner / controller address. */
+    agent_address: string;
+    /** Off-chain metadata URI (e.g. IPFS, HTTPS). */
+    metadata_uri: string;
+}
+/**
+ * Decoded `bytes` value returned by `IdentityRegistry.getMetadata()`.
+ */
+export interface Erc8004Metadata {
+    /** Hex-encoded value (`0x` prefix), or empty hex when unset. */
+    metadata_value: string;
+}
+/**
+ * Client for the ERC-8004 Trustless Agents Registry family
+ * (IdentityRegistry, ReputationRegistry, ValidationRegistry).
+ *
+ * Covers the canonical v0.6+ surface — base register/feedback/validation
+ * plus `setAgentURI` / `setAgentWallet` / `setMetadata` / `getMetadata`
+ * / `getAgentURI` / `getAgentWallet` / `revokeFeedback` /
+ * `appendResponse` / `isFeedbackRevoked` / `getFeedbackResponses` /
+ * `getFeedback` / `getFeedbackCount` / `getValidation`.
+ *
+ * All `encode*` methods return hex calldata that callers can sign and
+ * broadcast through any EVM wallet. `decode*` helpers round-trip
+ * return data from `eth_call` into typed structs.
+ */
+export declare class Erc8004Client {
+    private readonly rpc;
+    constructor(rpc: RpcClient);
+    /** Derive a canonical ERC-8004 `agentId = keccak256(utf8(did))`. */
+    deriveAgentId(did: string): Promise<Erc8004AgentId>;
+    /** ABI-encode `IdentityRegistry.registerAgent(bytes32 agentId, address agentAddress, string metadataURI)`. */
+    encodeRegister(did: string, agentAddress: string, metadataUri: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `IdentityRegistry.getAgent(bytes32 agentId)`. */
+    encodeGetAgent(agentId: string): Promise<Erc8004Calldata>;
+    /** Decode `(address, string)` returndata from `getAgent()`. */
+    decodeGetAgent(returnData: string): Promise<Erc8004Agent>;
+    /** ABI-encode `IdentityRegistry.setAgentURI(uint256 agentId, string metadataURI)`. */
+    encodeSetAgentURI(agentId: string, metadataUri: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `IdentityRegistry.setAgentWallet(uint256 agentId, address newWallet, uint256 deadline, bytes signature)`. */
+    encodeSetAgentWallet(agentId: string, newWallet: string, deadline: number, signature: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `IdentityRegistry.setMetadata(uint256 agentId, string metadataKey, bytes metadataValue)`. */
+    encodeSetMetadata(agentId: string, metadataKey: string, metadataValue: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `IdentityRegistry.getMetadata(uint256 agentId, string metadataKey)`. */
+    encodeGetMetadata(agentId: string, metadataKey: string): Promise<Erc8004Calldata>;
+    /** Decode `bytes` returndata from `getMetadata()`. */
+    decodeGetMetadata(returnData: string): Promise<Erc8004Metadata>;
+    /** ABI-encode `IdentityRegistry.getAgentURI(uint256 agentId)`. */
+    encodeGetAgentURI(agentId: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `IdentityRegistry.getAgentWallet(uint256 agentId)`. */
+    encodeGetAgentWallet(agentId: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ReputationRegistry.submitFeedback(bytes32 subjectAgentId, int8 rating, string contextURI)`. */
+    encodeFeedback(subjectAgentId: string, rating: number, contextUri: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ReputationRegistry.getFeedback(bytes32 subject, uint256 index)`. */
+    encodeGetFeedback(subjectAgentId: string, index: number): Promise<Erc8004Calldata>;
+    /** ABI-encode `ReputationRegistry.getFeedbackCount(bytes32 subject)`. */
+    encodeGetFeedbackCount(subjectAgentId: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ReputationRegistry.revokeFeedback(uint256 agentId, bytes32 feedbackId)` (v0.6+). */
+    encodeRevokeFeedback(agentId: string, feedbackId: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ReputationRegistry.appendResponse(uint256 agentId, bytes32 feedbackId, string responseURI)` (v0.6+). */
+    encodeAppendResponse(agentId: string, feedbackId: string, responseUri: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ReputationRegistry.isFeedbackRevoked(uint256 agentId, bytes32 feedbackId)` (v0.6+). */
+    encodeIsFeedbackRevoked(agentId: string, feedbackId: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ReputationRegistry.getFeedbackResponses(uint256 agentId, bytes32 feedbackId)` (v0.6+). */
+    encodeGetFeedbackResponses(agentId: string, feedbackId: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ValidationRegistry.validationRequest(address validatorAddress, uint256 agentId, string requestURI, bytes32 requestHash)`. */
+    encodeValidationRequest(validatorAddress: string, agentId: string, requestUri: string, requestHash: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ValidationRegistry.validationResponse(bytes32 requestHash, uint8 response, string responseURI, bytes32 responseHash, string tag)`. `response` is a 0-100 quality score. */
+    encodeValidationResponse(requestHash: string, response: number, responseUri: string, responseHash: string, tag: string): Promise<Erc8004Calldata>;
+    /** ABI-encode `ValidationRegistry.getValidation(bytes32 requestHash)`. */
+    encodeGetValidation(requestHash: string): Promise<Erc8004Calldata>;
+}
+//# sourceMappingURL=erc8004.d.ts.map

package/dist/erc8004.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"erc8004.d.ts","sourceRoot":"","sources":["../src/erc8004.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEvC;;;GAGG;AACH,MAAM,WAAW,cAAc;IAC7B,uBAAuB;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,+DAA+D;IAC/D,QAAQ,EAAE,MAAM,CAAC;IACjB,uEAAuE;IACvE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,wCAAwC;IACxC,aAAa,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,gEAAgE;IAChE,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAAH,GAAG,EAAE,SAAS;IAM3C,oEAAoE;IAC9D,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAMzD,8GAA8G;IACxG,cAAc,CAClB,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,eAAe,CAAC;IAM3B,+DAA+D;IACzD,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAM/D,+DAA+D;IACzD,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAU/D,sFAAsF;IAChF,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,eAAe,CAAC;IAM3B,2HAA2H;IACrH,oBAAoB,CACxB,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC;IAc3B,2GAA2G;IACrG,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EACnB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,eAAe,CAAC;IAc3B,sFAAsF;IAChF,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,eAAe,CAAC;IAM3B,sDAAsD;IAChD,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAMrE,kEAAkE;IAC5D,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAMlE,qEAAqE;IAC/D,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAWrE,8GAA8G;IACxG,cAAc,CAClB,cAAc,EAAE,MAAM,EACtB,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,CAAC;IAU3B,mFAAmF;IAC7E,iBAAiB,CACrB,cAAc,EAAE,MAAM,EACtB,KAAK,EAAE,MAAM,GACZ,OAAO,CAAC,eAAe,CAAC;IAM3B,yEAAyE;IACnE,sBAAsB,CAC1B,cAAc,EAAE,MAAM,GACrB,OAAO,CAAC,eAAe,CAAC;IAO3B,mGAAmG;IAC7F,oBAAoB,CACxB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,CAAC;IAO3B,uHAAuH;IACjH,oBAAoB,CACxB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,eAAe,CAAC;IAa3B,sGAAsG;IAChG,uBAAuB,CAC3B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,CAAC;IAO3B,yGAAyG;IACnG,0BAA0B,CAC9B,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,eAAe,CAAC;IAW3B,4IAA4I;IACtI,uBAAuB,CAC3B,gBAAgB,EAAE,MAAM,EACxB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,eAAe,CAAC;IAc3B,0LAA0L;IACpL,wBAAwB,CAC5B,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,GAAG,EAAE,MAAM,GACV,OAAO,CAAC,eAAe,CAAC;IAe3B,0EAA0E;IACpE,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;CAMzE"}