tenzro-wallet 0.2.6 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/dist/ports/agent/adapters/agent-bond-adapter.d.ts.map +1 -1
- package/dist/ports/agent/adapters/agent-bond-adapter.js +2 -1
- package/dist/ports/agent/adapters/agent-bond-adapter.js.map +1 -1
- package/dist/ports/agent/adapters/insurance-adapter.d.ts.map +1 -1
- package/dist/ports/agent/adapters/insurance-adapter.js +7 -6
- package/dist/ports/agent/adapters/insurance-adapter.js.map +1 -1
- package/dist/ports/agent/insurance.d.ts +2 -0
- package/dist/ports/agent/insurance.d.ts.map +1 -1
- package/dist/ports/canton/canton-provider.d.ts +75 -0
- package/dist/ports/canton/canton-provider.d.ts.map +1 -0
- package/dist/ports/canton/canton-provider.js +64 -0
- package/dist/ports/canton/canton-provider.js.map +1 -0
- package/dist/ports/canton/http.d.ts +14 -0
- package/dist/ports/canton/http.d.ts.map +1 -1
- package/dist/ports/canton/http.js +16 -6
- package/dist/ports/canton/http.js.map +1 -1
- package/dist/ports/canton/verify-content.d.ts +64 -0
- package/dist/ports/canton/verify-content.d.ts.map +1 -0
- package/dist/ports/canton/verify-content.js +128 -0
- package/dist/ports/canton/verify-content.js.map +1 -0
- package/dist/ports/index.d.ts +4 -0
- package/dist/ports/index.d.ts.map +1 -1
- package/dist/ports/index.js +2 -0
- package/dist/ports/index.js.map +1 -1
- package/dist/ports/secure-mint/adapter.d.ts +23 -8
- package/dist/ports/secure-mint/adapter.d.ts.map +1 -1
- package/dist/ports/secure-mint/adapter.js +76 -15
- package/dist/ports/secure-mint/adapter.js.map +1 -1
- package/dist/ports/secure-mint/secure-mint.d.ts +44 -21
- package/dist/ports/secure-mint/secure-mint.d.ts.map +1 -1
- package/dist/ports/secure-mint/secure-mint.js +3 -0
- package/dist/ports/secure-mint/secure-mint.js.map +1 -1
- package/dist/surfaces/canton-external.d.ts +10 -10
- package/dist/surfaces/canton-external.d.ts.map +1 -1
- package/dist/surfaces/canton-external.js +21 -10
- package/dist/surfaces/canton-external.js.map +1 -1
- package/dist/surfaces/canton-internal.d.ts.map +1 -1
- package/dist/surfaces/canton-internal.js +7 -0
- package/dist/surfaces/canton-internal.js.map +1 -1
- package/package.json +4 -2
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Content-level verification of a `PreparedTransaction` before signing.
|
|
3
|
+
*
|
|
4
|
+
* Hash equality (`hash.ts` + `bytesEqualConstantTime`) binds the signature to
|
|
5
|
+
* the *exact* proto bytes the validator returned. It does NOT prove those bytes
|
|
6
|
+
* encode the transaction the user intended — a malicious or buggy validator can
|
|
7
|
+
* return internally-consistent bytes (correct hash) for the *wrong* transfer
|
|
8
|
+
* (different recipient, different amount, an extra exercise node draining a
|
|
9
|
+
* second contract). This module closes that gap: it decodes the proto and
|
|
10
|
+
* checks the user-visible fields against the intent the wallet built.
|
|
11
|
+
*
|
|
12
|
+
* Browser-clean: `@canton-network/core-tx-visualizer` depends only on
|
|
13
|
+
* `@canton-network/core-ledger-proto` + `camelcase-keys` + `@protobuf-ts/runtime`
|
|
14
|
+
* — no `@grpc/grpc-js`, no Node-only globals. Decode + canonical hashing live in
|
|
15
|
+
* the official package so the wallet never hand-walks a version-sensitive,
|
|
16
|
+
* security-critical proto schema.
|
|
17
|
+
*
|
|
18
|
+
* The visualizer API takes base64 strings; the kernel holds `Uint8Array`, so we
|
|
19
|
+
* encode via `base64Encode` (standard base64, browser-clean) before calling.
|
|
20
|
+
*/
|
|
21
|
+
import { parsePreparedTransaction, validateAuthorizedPartyIds, } from '@canton-network/core-tx-visualizer';
|
|
22
|
+
import { base64Encode } from "./http.js";
|
|
23
|
+
export class CantonContentMismatchError extends Error {
|
|
24
|
+
field;
|
|
25
|
+
expected;
|
|
26
|
+
actual;
|
|
27
|
+
constructor(field, expected, actual) {
|
|
28
|
+
super(`canton content verify: ${field} mismatch — refusing to sign. ` +
|
|
29
|
+
`expected ${expected}, decoded ${actual}. ` +
|
|
30
|
+
'The validator returned valid bytes for a transaction that does not ' +
|
|
31
|
+
'match the prepared intent.');
|
|
32
|
+
this.field = field;
|
|
33
|
+
this.expected = expected;
|
|
34
|
+
this.actual = actual;
|
|
35
|
+
this.name = 'CantonContentMismatchError';
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
/**
|
|
39
|
+
* Decode the `PreparedTransaction` proto and assert its content matches
|
|
40
|
+
* `intent`. Throws `CantonContentMismatchError` on any divergence.
|
|
41
|
+
*
|
|
42
|
+
* Checks, in order:
|
|
43
|
+
* 1. `actAs` authorisation — the acting party is genuinely authorised in the
|
|
44
|
+
* decoded transaction (via `validateAuthorizedPartyIds`). This is the
|
|
45
|
+
* strongest single check: it proves the proto authorises a spend *by the
|
|
46
|
+
* user's party*, not by some other party the validator slipped in.
|
|
47
|
+
* 2. amount — the decoded transfer amount equals the intended amount.
|
|
48
|
+
* 3. recipient presence — the recipient party id appears in the decoded
|
|
49
|
+
* transaction (signatories, stakeholders, or the serialised argument JSON).
|
|
50
|
+
*
|
|
51
|
+
* The decode is best-effort by design of the visualizer (`ParsedTransactionInfo`
|
|
52
|
+
* fields are all optional). We FAIL CLOSED: if a field the check needs cannot be
|
|
53
|
+
* decoded, that's a mismatch, not a pass. A validator returning an opaque proto
|
|
54
|
+
* we can't read is exactly the case we refuse to sign blind.
|
|
55
|
+
*/
|
|
56
|
+
export function verifyPreparedContent(preparedTransaction, intent) {
|
|
57
|
+
const txBase64 = base64Encode(preparedTransaction);
|
|
58
|
+
// 1. actAs authorisation — the acting party must be authorised in the proto.
|
|
59
|
+
const authResult = validateAuthorizedPartyIds(txBase64, [intent.fromParty]);
|
|
60
|
+
const actAsEntry = authResult[intent.fromParty];
|
|
61
|
+
if (!actAsEntry || !actAsEntry.isAuthorized) {
|
|
62
|
+
throw new CantonContentMismatchError('actAs', `${intent.fromParty} authorised`, actAsEntry ? 'present but not authorised' : 'not present in transaction');
|
|
63
|
+
}
|
|
64
|
+
const parsed = parsePreparedTransaction(txBase64);
|
|
65
|
+
// 2. amount — decoded numeric must equal the intended amount. The visualizer
|
|
66
|
+
// returns `amount` as a decimal string (Daml `Numeric`); the kernel holds a
|
|
67
|
+
// bigint of base units. Canton Amulet amounts are `Numeric 10` decimals, so a
|
|
68
|
+
// direct integer compare would be wrong if the proto carries a fractional
|
|
69
|
+
// representation. We normalise both to a canonical integer-base-unit string.
|
|
70
|
+
if (parsed.amount === undefined) {
|
|
71
|
+
throw new CantonContentMismatchError('amount', intent.amount.toString(), 'undecodable');
|
|
72
|
+
}
|
|
73
|
+
const decodedUnits = decimalToBaseUnits(parsed.amount);
|
|
74
|
+
if (decodedUnits !== intent.amount) {
|
|
75
|
+
throw new CantonContentMismatchError('amount', intent.amount.toString(), `${parsed.amount} (=${decodedUnits} base units)`);
|
|
76
|
+
}
|
|
77
|
+
// 3. recipient presence — the recipient party id must appear somewhere in the
|
|
78
|
+
// decoded transaction. Canton transfer choices carry the receiver as a party
|
|
79
|
+
// argument; depending on the choice it surfaces as a stakeholder, a signatory,
|
|
80
|
+
// or inside the serialised `jsonString`. Checking all three keeps us robust to
|
|
81
|
+
// the preapproval-send vs transfer-offer shape difference without decoding the
|
|
82
|
+
// per-choice argument schema ourselves.
|
|
83
|
+
if (!recipientPresent(parsed, intent.toParty)) {
|
|
84
|
+
throw new CantonContentMismatchError('toParty', intent.toParty, 'recipient party not found in decoded transaction');
|
|
85
|
+
}
|
|
86
|
+
}
|
|
87
|
+
/** True if `party` appears as a signatory, stakeholder, or in the tx JSON. */
|
|
88
|
+
function recipientPresent(parsed, party) {
|
|
89
|
+
if (parsed.signatories?.includes(party))
|
|
90
|
+
return true;
|
|
91
|
+
if (parsed.stakeholders?.includes(party))
|
|
92
|
+
return true;
|
|
93
|
+
// The serialised argument JSON is the catch-all: the receiver always appears
|
|
94
|
+
// there for a transfer choice even when it isn't a top-level signatory
|
|
95
|
+
// (e.g. a TransferPreapproval_Send where the provider co-signs).
|
|
96
|
+
if (parsed.jsonString !== undefined && parsed.jsonString.includes(party))
|
|
97
|
+
return true;
|
|
98
|
+
return false;
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
* Normalise a Daml `Numeric` decimal string (e.g. `"12.5"`, `"100.0000000000"`)
|
|
102
|
+
* to integer base units, matching how the kernel holds `amount: bigint`.
|
|
103
|
+
*
|
|
104
|
+
* The kernel's convention: `amount` is the whole-token count when the asset is
|
|
105
|
+
* indivisible at the kernel layer, OR base units when divisible — but the
|
|
106
|
+
* surfaces build the bigint and the proto from the SAME intent.amount, so the
|
|
107
|
+
* round-trip is the identity transform as long as we parse the decimal the same
|
|
108
|
+
* way on both sides. Canton Amulet is `Numeric 10`; the kernel passes whole
|
|
109
|
+
* `amount` values, so the decoded decimal is `"<amount>.0000000000"`. We strip a
|
|
110
|
+
* trailing all-zero fractional part and reject any non-zero fraction (which
|
|
111
|
+
* would mean the validator is moving a different, fractional amount).
|
|
112
|
+
*/
|
|
113
|
+
function decimalToBaseUnits(decimal) {
|
|
114
|
+
const trimmed = decimal.trim();
|
|
115
|
+
const dot = trimmed.indexOf('.');
|
|
116
|
+
if (dot < 0)
|
|
117
|
+
return BigInt(trimmed);
|
|
118
|
+
const whole = trimmed.slice(0, dot);
|
|
119
|
+
const frac = trimmed.slice(dot + 1);
|
|
120
|
+
if (/[^0]/.test(frac)) {
|
|
121
|
+
// Non-zero fractional component. The kernel never builds fractional
|
|
122
|
+
// amounts, so this is a divergence from intent — surface it as a value
|
|
123
|
+
// that cannot equal any whole-token bigint.
|
|
124
|
+
throw new CantonContentMismatchError('amount', 'whole-token amount', `${decimal} (non-zero fractional component)`);
|
|
125
|
+
}
|
|
126
|
+
return BigInt(whole === '' || whole === '-' ? `${whole}0` : whole);
|
|
127
|
+
}
|
|
128
|
+
//# sourceMappingURL=verify-content.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verify-content.js","sourceRoot":"","sources":["../../../src/ports/canton/verify-content.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EACL,wBAAwB,EACxB,0BAA0B,GAC3B,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAqBzC,MAAM,OAAO,0BAA2B,SAAQ,KAAK;IAExC;IACA;IACA;IAHX,YACW,KAAa,EACb,QAAgB,EAChB,MAAc;QAEvB,KAAK,CACH,0BAA0B,KAAK,gCAAgC;YAC7D,YAAY,QAAQ,aAAa,MAAM,IAAI;YAC3C,qEAAqE;YACrE,4BAA4B,CAC/B,CAAC;QATO,UAAK,GAAL,KAAK,CAAQ;QACb,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAQ;QAQvB,IAAI,CAAC,IAAI,GAAG,4BAA4B,CAAC;IAC3C,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,qBAAqB,CACnC,mBAA+B,EAC/B,MAA4B;IAE5B,MAAM,QAAQ,GAAG,YAAY,CAAC,mBAAmB,CAAC,CAAC;IAEnD,6EAA6E;IAC7E,MAAM,UAAU,GAAG,0BAA0B,CAAC,QAAQ,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5E,MAAM,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAChD,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC;QAC5C,MAAM,IAAI,0BAA0B,CAClC,OAAO,EACP,GAAG,MAAM,CAAC,SAAS,aAAa,EAChC,UAAU,CAAC,CAAC,CAAC,4BAA4B,CAAC,CAAC,CAAC,4BAA4B,CACzE,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,wBAAwB,CAAC,QAAQ,CAAC,CAAC;IAElD,6EAA6E;IAC7E,4EAA4E;IAC5E,8EAA8E;IAC9E,0EAA0E;IAC1E,6EAA6E;IAC7E,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAChC,MAAM,IAAI,0BAA0B,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,aAAa,CAAC,CAAC;IAC1F,CAAC;IACD,MAAM,YAAY,GAAG,kBAAkB,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACvD,IAAI,YAAY,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QACnC,MAAM,IAAI,0BAA0B,CAClC,QAAQ,EACR,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,EACxB,GAAG,MAAM,CAAC,MAAM,MAAM,YAAY,cAAc,CACjD,CAAC;IACJ,CAAC;IAED,8EAA8E;IAC9E,6EAA6E;IAC7E,+EAA+E;IAC/E,+EAA+E;IAC/E,+EAA+E;IAC/E,wCAAwC;IACxC,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,0BAA0B,CAClC,SAAS,EACT,MAAM,CAAC,OAAO,EACd,kDAAkD,CACnD,CAAC;IACJ,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,SAAS,gBAAgB,CACvB,MAAmD,EACnD,KAAa;IAEb,IAAI,MAAM,CAAC,WAAW,EAAE,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACrD,IAAI,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,6EAA6E;IAC7E,uEAAuE;IACvE,iEAAiE;IACjE,IAAI,MAAM,CAAC,UAAU,KAAK,SAAS,IAAI,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACtF,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,kBAAkB,CAAC,OAAe;IACzC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,GAAG,GAAG,CAAC;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACpC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACtB,oEAAoE;QACpE,uEAAuE;QACvE,4CAA4C;QAC5C,MAAM,IAAI,0BAA0B,CAClC,QAAQ,EACR,oBAAoB,EACpB,GAAG,OAAO,kCAAkC,CAC7C,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,KAAK,KAAK,EAAE,IAAI,KAAK,KAAK,GAAG,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACrE,CAAC"}
|
package/dist/ports/index.d.ts
CHANGED
|
@@ -13,6 +13,10 @@ export { CantonHttpError } from './canton/http.js';
|
|
|
13
13
|
export { LedgerApiAdapter } from './canton/adapters/ledger-api-adapter.js';
|
|
14
14
|
export type { LedgerApiAdapterConfig } from './canton/adapters/ledger-api-adapter.js';
|
|
15
15
|
export { preparedTransactionHash, topologyBundleHash, bytesEqualConstantTime, } from './canton/hash.js';
|
|
16
|
+
export { verifyPreparedContent, CantonContentMismatchError } from './canton/verify-content.js';
|
|
17
|
+
export type { CantonTransferIntent } from './canton/verify-content.js';
|
|
18
|
+
export { resolveCantonAdapterConfig } from './canton/canton-provider.js';
|
|
19
|
+
export type { CantonProviderConfig, ByoCantonProviderConfig, TenzroCantonProviderConfig, } from './canton/canton-provider.js';
|
|
16
20
|
export * from './agent/index.js';
|
|
17
21
|
export * from './bridge/index.js';
|
|
18
22
|
export * from './capital/index.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ports/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,aAAa,EACb,cAAc,EACd,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,kCAAkC,CAAC;AAC1C,YAAY,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACzE,YAAY,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,uCAAuC,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,YAAY,GACb,MAAM,eAAe,CAAC;AAGvB,YAAY,EACV,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,EACvB,wBAAwB,EACxB,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,0BAA0B,EAC1B,wBAAwB,EACxB,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAChG,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,YAAY,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/ports/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,aAAa,EACb,cAAc,EACd,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,kCAAkC,CAAC;AAC1C,YAAY,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC;AACzE,YAAY,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,uCAAuC,CAAC;AAC9E,YAAY,EAAE,kBAAkB,EAAE,MAAM,uCAAuC,CAAC;AAChF,YAAY,EAAE,gBAAgB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,YAAY,GACb,MAAM,eAAe,CAAC;AAGvB,YAAY,EACV,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,EACzB,wBAAwB,EACxB,gBAAgB,EAChB,gBAAgB,EAChB,qBAAqB,EACrB,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,EACvB,wBAAwB,EACxB,qBAAqB,EACrB,oBAAoB,EACpB,yBAAyB,EACzB,0BAA0B,EAC1B,wBAAwB,EACxB,0BAA0B,EAC1B,mBAAmB,GACpB,MAAM,8BAA8B,CAAC;AACtC,YAAY,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,6BAA6B,CAAC;AAChG,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAC3E,YAAY,EAAE,sBAAsB,EAAE,MAAM,yCAAyC,CAAC;AACtF,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,qBAAqB,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AAC/F,YAAY,EAAE,oBAAoB,EAAE,MAAM,4BAA4B,CAAC;AACvE,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AACzE,YAAY,EACV,oBAAoB,EACpB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,6BAA6B,CAAC;AAGrC,cAAc,kBAAkB,CAAC;AAGjC,cAAc,mBAAmB,CAAC;AAKlC,cAAc,oBAAoB,CAAC;AAKnC,cAAc,qBAAqB,CAAC;AAKpC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,wBAAwB,CAAC;AAKvC,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AAKnC,cAAc,iBAAiB,CAAC;AAMhC,cAAc,oBAAoB,CAAC;AAOnC,cAAc,qBAAqB,CAAC;AAMpC,cAAc,uBAAuB,CAAC;AAOtC,YAAY,EACV,QAAQ,EACR,mBAAmB,EACnB,gBAAgB,EAChB,sBAAsB,EACtB,gBAAgB,EAChB,4BAA4B,EAC5B,uBAAuB,EACvB,qBAAqB,EACrB,cAAc,GACf,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK9C,cAAc,oBAAoB,CAAC;AAKnC,cAAc,2BAA2B,CAAC;AAI1C,cAAc,8BAA8B,CAAC;AAI7C,cAAc,yBAAyB,CAAC"}
|
package/dist/ports/index.js
CHANGED
|
@@ -4,6 +4,8 @@ export { CROSS_VM_PRECOMPILE, decimalsFor, truncateForView, dustResidual, } from
|
|
|
4
4
|
export { CantonHttpError } from "./canton/http.js";
|
|
5
5
|
export { LedgerApiAdapter } from "./canton/adapters/ledger-api-adapter.js";
|
|
6
6
|
export { preparedTransactionHash, topologyBundleHash, bytesEqualConstantTime, } from "./canton/hash.js";
|
|
7
|
+
export { verifyPreparedContent, CantonContentMismatchError } from "./canton/verify-content.js";
|
|
8
|
+
export { resolveCantonAdapterConfig } from "./canton/canton-provider.js";
|
|
7
9
|
// ── Agent-payments ports + adapters (AP2, ERC-8004, agent-payments, nano) ──
|
|
8
10
|
export * from "./agent/index.js";
|
|
9
11
|
// ── Bridge router ports + adapter stubs (M8 — see DESIGN.md §10) ──
|
package/dist/ports/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ports/index.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,uCAAuC,CAAC;AAG9E,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,YAAY,GACb,MAAM,eAAe,CAAC;AAyBvB,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/ports/index.ts"],"names":[],"mappings":"AAKA,OAAO,EACL,gBAAgB,EAChB,uBAAuB,GACxB,MAAM,kCAAkC,CAAC;AAG1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,uCAAuC,CAAC;AAG9E,OAAO,EACL,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,YAAY,GACb,MAAM,eAAe,CAAC;AAyBvB,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,gBAAgB,EAAE,MAAM,yCAAyC,CAAC;AAE3E,OAAO,EACL,uBAAuB,EACvB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,qBAAqB,EAAE,0BAA0B,EAAE,MAAM,4BAA4B,CAAC;AAE/F,OAAO,EAAE,0BAA0B,EAAE,MAAM,6BAA6B,CAAC;AAOzE,8EAA8E;AAC9E,cAAc,kBAAkB,CAAC;AAEjC,qEAAqE;AACrE,cAAc,mBAAmB,CAAC;AAElC,yCAAyC;AACzC,uEAAuE;AACvE,yCAAyC;AACzC,cAAc,oBAAoB,CAAC;AAEnC,8CAA8C;AAC9C,iEAAiE;AACjE,wCAAwC;AACxC,cAAc,qBAAqB,CAAC;AAEpC,uCAAuC;AACvC,kEAAkE;AAClE,mEAAmE;AACnE,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,wBAAwB,CAAC;AAEvC,oDAAoD;AACpD,mEAAmE;AACnE,mEAAmE;AACnE,cAAc,sBAAsB,CAAC;AACrC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AAEnC,iDAAiD;AACjD,uEAAuE;AACvE,kCAAkC;AAClC,cAAc,iBAAiB,CAAC;AAEhC,gDAAgD;AAChD,oEAAoE;AACpE,qEAAqE;AACrE,WAAW;AACX,cAAc,oBAAoB,CAAC;AAEnC,8CAA8C;AAC9C,mEAAmE;AACnE,oEAAoE;AACpE,6DAA6D;AAC7D,6BAA6B;AAC7B,cAAc,qBAAqB,CAAC;AAEpC,iEAAiE;AACjE,qEAAqE;AACrE,iEAAiE;AACjE,0CAA0C;AAC1C,cAAc,uBAAuB,CAAC;AAkBtC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,gEAAgE;AAChE,iEAAiE;AACjE,kEAAkE;AAClE,cAAc,oBAAoB,CAAC;AAEnC,wCAAwC;AACxC,gEAAgE;AAChE,oBAAoB;AACpB,cAAc,2BAA2B,CAAC;AAE1C,yDAAyD;AACzD,uDAAuD;AACvD,cAAc,8BAA8B,CAAC;AAE7C,uDAAuD;AACvD,2CAA2C;AAC3C,cAAc,yBAAyB,CAAC"}
|
|
@@ -1,20 +1,35 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* SecureMintAdapter — `SecureMintPort` backed by `tenzro-sdk`
|
|
3
|
-
* `SecureMintClient`.
|
|
4
|
-
*
|
|
5
|
-
*
|
|
3
|
+
* `SecureMintClient`.
|
|
4
|
+
*
|
|
5
|
+
* Wire:
|
|
6
|
+
* setPolicy → SecureMintClient.setPolicy(policy) [→ {installed, policy}]
|
|
7
|
+
* getPolicy → SecureMintClient.getPolicy(token) [→ {found, policy?}]
|
|
8
|
+
* clearPolicy → SecureMintClient.clearPolicy(token) [→ {cleared}]
|
|
9
|
+
* checkMint → SecureMintClient.check(token, amount) [→ {allowed, ...}]
|
|
10
|
+
* applyMint → SecureMintClient.apply(token, amount) [→ {applied, policy}]
|
|
11
|
+
* recordBurn → SecureMintClient.recordBurn(...) [→ {recorded, policy}]
|
|
12
|
+
*
|
|
13
|
+
* The SDK keys every method on the token's 20-byte EVM address and wraps
|
|
14
|
+
* results in `{flag, token, ...}` envelopes; we serialise our typed
|
|
15
|
+
* `SecureMintPolicy` (camelCase, bigint amounts) to the snake_case /
|
|
16
|
+
* string-amount shape the RPC expects and decode the envelopes back.
|
|
6
17
|
*/
|
|
7
18
|
import type { SecureMintClient } from 'tenzro-sdk';
|
|
8
19
|
import type { SecureMintApply, SecureMintCheck, SecureMintPolicy, SecureMintPort } from './secure-mint.js';
|
|
20
|
+
/**
|
|
21
|
+
* Slice of `SecureMintClient` the adapter relies on, anchored to the SDK
|
|
22
|
+
* via `Pick<>` so a method-rename in `tenzro-sdk` breaks the build.
|
|
23
|
+
*/
|
|
9
24
|
export type SecureMintClientLike = Pick<SecureMintClient, 'setPolicy' | 'getPolicy' | 'clearPolicy' | 'check' | 'apply' | 'recordBurn'>;
|
|
10
25
|
export declare class SecureMintAdapter implements SecureMintPort {
|
|
11
26
|
private readonly client;
|
|
12
27
|
constructor(client: SecureMintClientLike);
|
|
13
28
|
setPolicy(policy: SecureMintPolicy): Promise<SecureMintPolicy>;
|
|
14
|
-
getPolicy(
|
|
15
|
-
clearPolicy(
|
|
16
|
-
checkMint(
|
|
17
|
-
applyMint(
|
|
18
|
-
recordBurn(
|
|
29
|
+
getPolicy(token: string): Promise<SecureMintPolicy | null>;
|
|
30
|
+
clearPolicy(token: string): Promise<boolean>;
|
|
31
|
+
checkMint(token: string, amount: bigint): Promise<SecureMintCheck>;
|
|
32
|
+
applyMint(token: string, amount: bigint): Promise<SecureMintApply>;
|
|
33
|
+
recordBurn(token: string, amount: bigint): Promise<SecureMintApply>;
|
|
19
34
|
}
|
|
20
35
|
//# sourceMappingURL=adapter.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../../../src/ports/secure-mint/adapter.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"adapter.d.ts","sourceRoot":"","sources":["../../../src/ports/secure-mint/adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAiC,MAAM,YAAY,CAAC;AAClF,OAAO,KAAK,EACV,eAAe,EACf,eAAe,EACf,gBAAgB,EAChB,cAAc,EACf,MAAM,kBAAkB,CAAC;AAE1B;;;GAGG;AACH,MAAM,MAAM,oBAAoB,GAAG,IAAI,CACrC,gBAAgB,EAChB,WAAW,GAAG,WAAW,GAAG,aAAa,GAAG,OAAO,GAAG,OAAO,GAAG,YAAY,CAC7E,CAAC;AAEF,qBAAa,iBAAkB,YAAW,cAAc;IAC1C,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,oBAAoB;IAEnD,SAAS,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAK9D,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAK1D,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5C,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAWlE,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAUlE,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;CAS1E"}
|
|
@@ -1,31 +1,92 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* SecureMintAdapter — `SecureMintPort` backed by `tenzro-sdk`
|
|
3
|
-
* `SecureMintClient`.
|
|
4
|
-
*
|
|
5
|
-
*
|
|
3
|
+
* `SecureMintClient`.
|
|
4
|
+
*
|
|
5
|
+
* Wire:
|
|
6
|
+
* setPolicy → SecureMintClient.setPolicy(policy) [→ {installed, policy}]
|
|
7
|
+
* getPolicy → SecureMintClient.getPolicy(token) [→ {found, policy?}]
|
|
8
|
+
* clearPolicy → SecureMintClient.clearPolicy(token) [→ {cleared}]
|
|
9
|
+
* checkMint → SecureMintClient.check(token, amount) [→ {allowed, ...}]
|
|
10
|
+
* applyMint → SecureMintClient.apply(token, amount) [→ {applied, policy}]
|
|
11
|
+
* recordBurn → SecureMintClient.recordBurn(...) [→ {recorded, policy}]
|
|
12
|
+
*
|
|
13
|
+
* The SDK keys every method on the token's 20-byte EVM address and wraps
|
|
14
|
+
* results in `{flag, token, ...}` envelopes; we serialise our typed
|
|
15
|
+
* `SecureMintPolicy` (camelCase, bigint amounts) to the snake_case /
|
|
16
|
+
* string-amount shape the RPC expects and decode the envelopes back.
|
|
6
17
|
*/
|
|
7
18
|
export class SecureMintAdapter {
|
|
8
19
|
client;
|
|
9
20
|
constructor(client) {
|
|
10
21
|
this.client = client;
|
|
11
22
|
}
|
|
12
|
-
setPolicy(policy) {
|
|
13
|
-
|
|
23
|
+
async setPolicy(policy) {
|
|
24
|
+
const res = await this.client.setPolicy(encodePolicy(policy));
|
|
25
|
+
return decodePolicy(res.policy);
|
|
14
26
|
}
|
|
15
|
-
getPolicy(
|
|
16
|
-
|
|
27
|
+
async getPolicy(token) {
|
|
28
|
+
const res = await this.client.getPolicy(token);
|
|
29
|
+
return res.found && res.policy ? decodePolicy(res.policy) : null;
|
|
17
30
|
}
|
|
18
|
-
clearPolicy(
|
|
19
|
-
|
|
31
|
+
async clearPolicy(token) {
|
|
32
|
+
const res = await this.client.clearPolicy(token);
|
|
33
|
+
return res.cleared;
|
|
20
34
|
}
|
|
21
|
-
checkMint(
|
|
22
|
-
|
|
35
|
+
async checkMint(token, amount) {
|
|
36
|
+
const res = await this.client.check(token, amount.toString());
|
|
37
|
+
return {
|
|
38
|
+
allowed: res.allowed,
|
|
39
|
+
token: res.token,
|
|
40
|
+
amount: BigInt(res.amount),
|
|
41
|
+
now: res.now,
|
|
42
|
+
...(res.reason !== undefined ? { reason: res.reason } : {}),
|
|
43
|
+
};
|
|
23
44
|
}
|
|
24
|
-
applyMint(
|
|
25
|
-
|
|
45
|
+
async applyMint(token, amount) {
|
|
46
|
+
const res = await this.client.apply(token, amount.toString());
|
|
47
|
+
return {
|
|
48
|
+
applied: res.applied,
|
|
49
|
+
token: res.token,
|
|
50
|
+
amount: BigInt(res.amount),
|
|
51
|
+
policy: decodePolicy(res.policy),
|
|
52
|
+
};
|
|
26
53
|
}
|
|
27
|
-
recordBurn(
|
|
28
|
-
|
|
54
|
+
async recordBurn(token, amount) {
|
|
55
|
+
const res = await this.client.recordBurn(token, amount.toString());
|
|
56
|
+
return {
|
|
57
|
+
applied: res.recorded,
|
|
58
|
+
token: res.token,
|
|
59
|
+
amount: BigInt(res.amount),
|
|
60
|
+
policy: decodePolicy(res.policy),
|
|
61
|
+
};
|
|
29
62
|
}
|
|
30
63
|
}
|
|
64
|
+
function encodePolicy(policy) {
|
|
65
|
+
return {
|
|
66
|
+
token: policy.token,
|
|
67
|
+
asset_id: policy.assetId,
|
|
68
|
+
reserve: policy.reserve.toString(),
|
|
69
|
+
...(policy.circulating !== undefined
|
|
70
|
+
? { circulating: policy.circulating.toString() }
|
|
71
|
+
: {}),
|
|
72
|
+
por_feed_id: policy.porFeedId,
|
|
73
|
+
attester_did: policy.attesterDid,
|
|
74
|
+
attestation_hash: policy.attestationHash,
|
|
75
|
+
attested_at: policy.attestedAt,
|
|
76
|
+
ttl_secs: policy.ttlSecs,
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
function decodePolicy(raw) {
|
|
80
|
+
return {
|
|
81
|
+
token: raw.token,
|
|
82
|
+
assetId: raw.asset_id,
|
|
83
|
+
reserve: BigInt(raw.reserve),
|
|
84
|
+
...(raw.circulating !== undefined ? { circulating: BigInt(raw.circulating) } : {}),
|
|
85
|
+
porFeedId: raw.por_feed_id,
|
|
86
|
+
attesterDid: raw.attester_did,
|
|
87
|
+
attestationHash: raw.attestation_hash,
|
|
88
|
+
attestedAt: raw.attested_at,
|
|
89
|
+
ttlSecs: raw.ttl_secs,
|
|
90
|
+
};
|
|
91
|
+
}
|
|
31
92
|
//# sourceMappingURL=adapter.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adapter.js","sourceRoot":"","sources":["../../../src/ports/secure-mint/adapter.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"adapter.js","sourceRoot":"","sources":["../../../src/ports/secure-mint/adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAmBH,MAAM,OAAO,iBAAiB;IACC;IAA7B,YAA6B,MAA4B;QAA5B,WAAM,GAAN,MAAM,CAAsB;IAAG,CAAC;IAE7D,KAAK,CAAC,SAAS,CAAC,MAAwB;QACtC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9D,OAAO,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa;QAC3B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAC/C,OAAO,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACnE,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACjD,OAAO,GAAG,CAAC,OAAO,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,MAAc;QAC3C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9D,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YAC1B,GAAG,EAAE,GAAG,CAAC,GAAG;YACZ,GAAG,CAAC,GAAG,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,KAAa,EAAE,MAAc;QAC3C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC9D,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,OAAO;YACpB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YAC1B,MAAM,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;SACjC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,KAAa,EAAE,MAAc;QAC5C,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO;YACL,OAAO,EAAE,GAAG,CAAC,QAAQ;YACrB,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;YAC1B,MAAM,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC;SACjC,CAAC;IACJ,CAAC;CACF;AAED,SAAS,YAAY,CAAC,MAAwB;IAC5C,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE;QAClC,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS;YAClC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE;YAChD,CAAC,CAAC,EAAE,CAAC;QACP,WAAW,EAAE,MAAM,CAAC,SAAS;QAC7B,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,gBAAgB,EAAE,MAAM,CAAC,eAAe;QACxC,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,QAAQ,EAAE,MAAM,CAAC,OAAO;KACzB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAc;IAClC,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,OAAO,EAAE,GAAG,CAAC,QAAQ;QACrB,OAAO,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC;QAC5B,GAAG,CAAC,GAAG,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,SAAS,EAAE,GAAG,CAAC,WAAW;QAC1B,WAAW,EAAE,GAAG,CAAC,YAAY;QAC7B,eAAe,EAAE,GAAG,CAAC,gBAAgB;QACrC,UAAU,EAAE,GAAG,CAAC,WAAW;QAC3B,OAAO,EAAE,GAAG,CAAC,QAAQ;KACtB,CAAC;AACJ,CAAC"}
|
|
@@ -3,38 +3,61 @@
|
|
|
3
3
|
* tokenized real-world assets (xStocks-class equities, treasuries,
|
|
4
4
|
* stablecoins). Enforces `circulating + amount ≤ reserve` at every mint.
|
|
5
5
|
*
|
|
6
|
+
* Policies are keyed on-chain by the token's 20-byte EVM address;
|
|
7
|
+
* `assetId` is a human-readable label (ISIN, symbol).
|
|
8
|
+
*
|
|
6
9
|
* Wallet usage: the wallet does not mint RWAs itself, but it surfaces
|
|
7
10
|
* the policy + reserve state for assets the user holds and lets the
|
|
8
11
|
* issuer's UI check / apply the invariant.
|
|
9
12
|
*/
|
|
10
13
|
export interface SecureMintPolicy {
|
|
11
|
-
|
|
12
|
-
readonly
|
|
13
|
-
|
|
14
|
-
readonly
|
|
15
|
-
|
|
16
|
-
readonly
|
|
17
|
-
|
|
18
|
-
readonly
|
|
14
|
+
/** Token's 20-byte EVM address (hex, `0x`-prefixed). Primary key. */
|
|
15
|
+
readonly token: string;
|
|
16
|
+
/** Human-readable asset label (e.g. ISIN, symbol). */
|
|
17
|
+
readonly assetId: string;
|
|
18
|
+
/** Attested reserve, base units. */
|
|
19
|
+
readonly reserve: bigint;
|
|
20
|
+
/** Current circulating supply, base units. */
|
|
21
|
+
readonly circulating?: bigint;
|
|
22
|
+
/** Proof-of-reserve feed id this policy reads from. */
|
|
23
|
+
readonly porFeedId: string;
|
|
24
|
+
/** Attester DID whose attestation gates this policy. */
|
|
25
|
+
readonly attesterDid: string;
|
|
26
|
+
/** 32-byte attestation hash (hex, `0x`-prefixed). */
|
|
27
|
+
readonly attestationHash: string;
|
|
28
|
+
/** Unix seconds the attestation was made. */
|
|
29
|
+
readonly attestedAt: number;
|
|
30
|
+
/** Attestation freshness window in seconds. */
|
|
31
|
+
readonly ttlSecs: number;
|
|
19
32
|
}
|
|
33
|
+
/** Read-only invariant test result. */
|
|
20
34
|
export interface SecureMintCheck {
|
|
21
|
-
readonly
|
|
22
|
-
readonly
|
|
23
|
-
readonly
|
|
24
|
-
|
|
25
|
-
readonly
|
|
35
|
+
readonly allowed: boolean;
|
|
36
|
+
readonly token: string;
|
|
37
|
+
readonly amount: bigint;
|
|
38
|
+
/** Unix seconds the node evaluated the check. */
|
|
39
|
+
readonly now: number;
|
|
40
|
+
readonly reason?: string;
|
|
26
41
|
}
|
|
42
|
+
/** Invariant test + circulating-supply mutation result. */
|
|
27
43
|
export interface SecureMintApply {
|
|
28
|
-
readonly
|
|
29
|
-
readonly
|
|
30
|
-
readonly
|
|
44
|
+
readonly applied: boolean;
|
|
45
|
+
readonly token: string;
|
|
46
|
+
readonly amount: bigint;
|
|
47
|
+
readonly policy: SecureMintPolicy;
|
|
31
48
|
}
|
|
32
49
|
export interface SecureMintPort {
|
|
50
|
+
/** Install or refresh a token's reserve-attestation policy. */
|
|
33
51
|
setPolicy(policy: SecureMintPolicy): Promise<SecureMintPolicy>;
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
52
|
+
/** Read the active policy for a token's EVM address. Null if unset. */
|
|
53
|
+
getPolicy(token: string): Promise<SecureMintPolicy | null>;
|
|
54
|
+
/** Drop the policy for a token. Returns true if one was cleared. */
|
|
55
|
+
clearPolicy(token: string): Promise<boolean>;
|
|
56
|
+
/** Read-only: would minting `amount` of `token` stay within reserve? */
|
|
57
|
+
checkMint(token: string, amount: bigint): Promise<SecureMintCheck>;
|
|
58
|
+
/** Apply the invariant and increment circulating supply on success. */
|
|
59
|
+
applyMint(token: string, amount: bigint): Promise<SecureMintApply>;
|
|
60
|
+
/** Decrement circulating supply on redemption/burn. */
|
|
61
|
+
recordBurn(token: string, amount: bigint): Promise<SecureMintApply>;
|
|
39
62
|
}
|
|
40
63
|
//# sourceMappingURL=secure-mint.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secure-mint.d.ts","sourceRoot":"","sources":["../../../src/ports/secure-mint/secure-mint.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"secure-mint.d.ts","sourceRoot":"","sources":["../../../src/ports/secure-mint/secure-mint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,qEAAqE;IACrE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,sDAAsD;IACtD,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,oCAAoC;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,8CAA8C;IAC9C,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,uDAAuD;IACvD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,wDAAwD;IACxD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,qDAAqD;IACrD,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,6CAA6C;IAC7C,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,+CAA+C;IAC/C,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,uCAAuC;AACvC,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,iDAAiD;IACjD,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,2DAA2D;AAC3D,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;CACnC;AAED,MAAM,WAAW,cAAc;IAC7B,+DAA+D;IAC/D,SAAS,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC/D,uEAAuE;IACvE,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAC3D,oEAAoE;IACpE,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C,wEAAwE;IACxE,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IACnE,uEAAuE;IACvE,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IACnE,uDAAuD;IACvD,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CACrE"}
|
|
@@ -3,6 +3,9 @@
|
|
|
3
3
|
* tokenized real-world assets (xStocks-class equities, treasuries,
|
|
4
4
|
* stablecoins). Enforces `circulating + amount ≤ reserve` at every mint.
|
|
5
5
|
*
|
|
6
|
+
* Policies are keyed on-chain by the token's 20-byte EVM address;
|
|
7
|
+
* `assetId` is a human-readable label (ISIN, symbol).
|
|
8
|
+
*
|
|
6
9
|
* Wallet usage: the wallet does not mint RWAs itself, but it surfaces
|
|
7
10
|
* the policy + reserve state for assets the user holds and lets the
|
|
8
11
|
* issuer's UI check / apply the invariant.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secure-mint.js","sourceRoot":"","sources":["../../../src/ports/secure-mint/secure-mint.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"secure-mint.js","sourceRoot":"","sources":["../../../src/ports/secure-mint/secure-mint.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG"}
|
|
@@ -8,20 +8,20 @@
|
|
|
8
8
|
* `PreparedTransaction` proto + canonical hash.
|
|
9
9
|
* - sign → recompute the hash locally (SHA-256 with Canton hash purpose 11
|
|
10
10
|
* prefix, `HASHING_SCHEME_VERSION_V2`), constant-time-compare with the
|
|
11
|
-
* validator's hash,
|
|
12
|
-
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
11
|
+
* validator's hash, decode the proto and verify its content matches the
|
|
12
|
+
* prepared intent, then sign that hash via the SigningDriver. The
|
|
13
|
+
* equality assertion binds the signature to the exact bytes; the content
|
|
14
|
+
* check binds those bytes to the user's intent. Both are required —
|
|
15
|
+
* without them, signing the validator-supplied hash trusts the validator
|
|
16
|
+
* on what's being authorised.
|
|
15
17
|
* - submit → `executeSubmission` with the signed hash; the validator
|
|
16
18
|
* dispatches to the synchronizer.
|
|
17
19
|
* - watch → tail `tailCompletions` filtered to this command id.
|
|
18
20
|
*
|
|
19
|
-
* The PreparedTransaction proto
|
|
20
|
-
*
|
|
21
|
-
*
|
|
22
|
-
*
|
|
23
|
-
* against a validator that returns *valid* bytes for the *wrong* transaction.
|
|
24
|
-
* We accept that gap until the proto schema lands in the kernel.
|
|
21
|
+
* The PreparedTransaction proto is content-verified before signing
|
|
22
|
+
* (`verifyPreparedContent`): the decoded actAs/amount/recipient are checked
|
|
23
|
+
* against the prepared intent. This defends against a validator that returns
|
|
24
|
+
* *valid* bytes (correct hash) for the *wrong* transaction.
|
|
25
25
|
*/
|
|
26
26
|
import type { CantonValidatorPort } from '../ports/canton/canton-validator.js';
|
|
27
27
|
import type { SurfaceKey, TdipDid } from '../types/identity.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"canton-external.d.ts","sourceRoot":"","sources":["../../src/surfaces/canton-external.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,KAAK,EACV,mBAAmB,EAIpB,MAAM,qCAAqC,CAAC;
|
|
1
|
+
{"version":3,"file":"canton-external.d.ts","sourceRoot":"","sources":["../../src/surfaces/canton-external.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,OAAO,KAAK,EACV,mBAAmB,EAIpB,MAAM,qCAAqC,CAAC;AAI7C,OAAO,KAAK,EAAkB,UAAU,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAEhF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAoBhE,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,UAAU,GAAG,SAAS,CAAC;IAC/D,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,0EAA0E;IAC1E,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,kBAAkB,GAAG,aAAa,CA8J7E"}
|
|
@@ -8,22 +8,23 @@
|
|
|
8
8
|
* `PreparedTransaction` proto + canonical hash.
|
|
9
9
|
* - sign → recompute the hash locally (SHA-256 with Canton hash purpose 11
|
|
10
10
|
* prefix, `HASHING_SCHEME_VERSION_V2`), constant-time-compare with the
|
|
11
|
-
* validator's hash,
|
|
12
|
-
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
11
|
+
* validator's hash, decode the proto and verify its content matches the
|
|
12
|
+
* prepared intent, then sign that hash via the SigningDriver. The
|
|
13
|
+
* equality assertion binds the signature to the exact bytes; the content
|
|
14
|
+
* check binds those bytes to the user's intent. Both are required —
|
|
15
|
+
* without them, signing the validator-supplied hash trusts the validator
|
|
16
|
+
* on what's being authorised.
|
|
15
17
|
* - submit → `executeSubmission` with the signed hash; the validator
|
|
16
18
|
* dispatches to the synchronizer.
|
|
17
19
|
* - watch → tail `tailCompletions` filtered to this command id.
|
|
18
20
|
*
|
|
19
|
-
* The PreparedTransaction proto
|
|
20
|
-
*
|
|
21
|
-
*
|
|
22
|
-
*
|
|
23
|
-
* against a validator that returns *valid* bytes for the *wrong* transaction.
|
|
24
|
-
* We accept that gap until the proto schema lands in the kernel.
|
|
21
|
+
* The PreparedTransaction proto is content-verified before signing
|
|
22
|
+
* (`verifyPreparedContent`): the decoded actAs/amount/recipient are checked
|
|
23
|
+
* against the prepared intent. This defends against a validator that returns
|
|
24
|
+
* *valid* bytes (correct hash) for the *wrong* transaction.
|
|
25
25
|
*/
|
|
26
26
|
import { bytesEqualConstantTime, preparedTransactionHash } from "../ports/canton/hash.js";
|
|
27
|
+
import { verifyPreparedContent } from "../ports/canton/verify-content.js";
|
|
27
28
|
import { makeHandle } from "./util.js";
|
|
28
29
|
export function cantonExternalSurface(deps) {
|
|
29
30
|
const port = deps.validatorPort;
|
|
@@ -125,6 +126,16 @@ export function cantonExternalSurface(deps) {
|
|
|
125
126
|
throw new Error('canton-external: preparedTransactionHash mismatch — refusing to sign. ' +
|
|
126
127
|
'Either the validator is malicious or the proto bytes were corrupted in transit.');
|
|
127
128
|
}
|
|
129
|
+
// Content check: hash equality binds the signature to these exact bytes,
|
|
130
|
+
// but not to the user's intent. Decode the proto and verify the
|
|
131
|
+
// actAs/amount/recipient match what was prepared, so a validator can't
|
|
132
|
+
// return correctly-hashed bytes for a different transfer.
|
|
133
|
+
verifyPreparedContent(body.preparedTransaction, {
|
|
134
|
+
fromParty: body.fromParty,
|
|
135
|
+
toParty: body.toParty,
|
|
136
|
+
amount: body.amount,
|
|
137
|
+
assetSymbol: body.assetSymbol,
|
|
138
|
+
});
|
|
128
139
|
const result = await deps.signingDriver.sign({
|
|
129
140
|
did,
|
|
130
141
|
surfaceKey: key,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"canton-external.js","sourceRoot":"","sources":["../../src/surfaces/canton-external.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAQH,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"canton-external.js","sourceRoot":"","sources":["../../src/surfaces/canton-external.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAQH,OAAO,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,yBAAyB,CAAC;AAC1F,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAM1E,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAgCvC,MAAM,UAAU,qBAAqB,CAAC,IAAwB;IAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC;IAEhC,OAAO;QACL,IAAI,EAAE,iBAAiB;QAEvB,QAAQ;YACN,oEAAoE;YACpE,oEAAoE;YACpE,qEAAqE;YACrE,kEAAkE;YAClE,2BAA2B;YAC3B,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,KAAK;gBACf,SAAS,EAAE,GAAG;gBACd,KAAK,EAAE,sBAAsB;aAC9B,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,OAAO,CAAC,MAAc;YAC1B,IAAI,MAAM,CAAC,IAAI,KAAK,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YAC3E,IAAI,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACjE,CAAC;YACD,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC9C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;gBACtD,MAAM,IAAI,KAAK,CAAC,8BAA8B,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/D,CAAC;YACD,MAAM,UAAU,GAAG,iBAAiB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAEjD,wEAAwE;YACxE,sEAAsE;YACtE,oEAAoE;YACpE,mEAAmE;YACnE,mEAAmE;YACnE,8CAA8C;YAC9C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC;YACpE,MAAM,cAAc,GAAG,WAAW,KAAK,IAAI,CAAC;YAE5C,MAAM,GAAG,GAA6B;gBACpC,KAAK,EAAE,OAAO,CAAC,OAAO;gBACtB,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,SAAS,EAAE,UAAU;gBACrB,oEAAoE;gBACpE,kDAAkD;gBAClD,4BAA4B,EAAE,sBAAsB;gBACpD,QAAQ,EAAE,mBAAmB,CAAC;oBAC5B,IAAI,EAAE,OAAO,CAAC,OAAO;oBACrB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,OAAO;oBACrB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;oBAChC,IAAI,EAAE,MAAM,CAAC,IAAI;oBACjB,cAAc;oBACd,GAAG,CAAC,WAAW,KAAK,IAAI,CAAC,CAAC,CAAC,EAAE,qBAAqB,EAAE,WAAW,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACnF,CAAC;aACH,CAAC;YACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;YACnD,mBAAmB,CAAC,QAAQ,CAAC,CAAC;YAE9B,MAAM,IAAI,GAAuB;gBAC/B,IAAI,EAAE,sBAAsB;gBAC5B,SAAS,EAAE,OAAO,CAAC,OAAO;gBAC1B,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC,OAAO;gBAC1B,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,WAAW,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;gBAChC,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAClE,UAAU;gBACV,cAAc;gBACd,cAAc,EAAE,OAAO,CAAC,cAAc;gBACtC,mBAAmB,EAAE,QAAQ,CAAC,mBAAmB;gBACjD,uBAAuB,EAAE,QAAQ,CAAC,uBAAuB;aAC1D,CAAC;YAEF,OAAO;gBACL,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,EAAE;gBACrD,MAAM;gBACN,iEAAiE;gBACjE,mEAAmE;gBACnE,kEAAkE;gBAClE,IAAI,EAAE,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;gBAC7E,mEAAmE;gBACnE,oEAAoE;gBACpE,oBAAoB;gBACpB,KAAK,EAAE,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;gBACnC,aAAa,EAAE,cAAc,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,4BAA4B;gBAChF,QAAQ,EAAE,EAAE;gBACZ,IAAI;aACL,CAAC;QACJ,CAAC;QAED,KAAK,CAAC,IAAI,CAAC,QAAoB,EAAE,QAAiB;YAChD,MAAM,IAAI,GAAG,QAAQ,CAAC,IAA0B,CAAC;YACjD,MAAM,GAAG,GAAI,QAAQ,CAAC,MAA4C,CAAC,IAAI,CAAC;YACxE,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;YAClC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;YAC9D,CAAC;YACD,qEAAqE;YACrE,mEAAmE;YACnE,oEAAoE;YACpE,4BAA4B;YAC5B,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;YAC3E,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,IAAI,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBACtE,MAAM,IAAI,KAAK,CACb,wEAAwE;oBACtE,iFAAiF,CACpF,CAAC;YACJ,CAAC;YACD,yEAAyE;YACzE,gEAAgE;YAChE,uEAAuE;YACvE,0DAA0D;YAC1D,qBAAqB,CAAC,IAAI,CAAC,mBAAmB,EAAE;gBAC9C,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,WAAW,EAAE,IAAI,CAAC,WAAW;aAC9B,CAAC,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC;gBAC3C,GAAG;gBACH,UAAU,EAAE,GAAG;gBACf,MAAM,EAAE,SAAS;gBACjB,oEAAoE;gBACpE,qEAAqE;gBACrE,kDAAkD;gBAClD,QAAQ,EAAE,UAAU;gBACpB,OAAO,EAAE,sBAAsB;aAChC,CAAC,CAAC;YACH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC;QAC3D,CAAC;QAED,KAAK,CAAC,MAAM,CAAC,MAAgB;YAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,IAA0B,CAAC;YAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,WAAW,CACzB,MAAM,CAAC,QAAQ,CAAC,MAA4C,CAAC,IAAI,CACnE,CAAC;YACF,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,OAAO,KAAK,iBAAiB,EAAE,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAChE,CAAC;YACD,MAAM,GAAG,GAA6B;gBACpC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;gBAC7C,eAAe,EAAE,oBAAoB,CAAC,GAAG,EAAE,MAAM,CAAC,UAAU,CAAC;gBAC7D,oBAAoB,EAAE,2BAA2B;gBACjD,YAAY,EAAE,IAAI,CAAC,UAAU;aAC9B,CAAC;YACF,MAAM,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC;YAClC,qEAAqE;YACrE,oEAAoE;YACpE,qEAAqE;YACrE,4BAA4B;YAC5B,OAAO,UAAU,CAAC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAChF,CAAC;QAED,KAAK,CAAC,MAAgB;YACpB,OAAO,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QACjD,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,mBAAmB,CAAC,IAQ5B;IACC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;QACxB,OAAO;YACL;gBACE,OAAO,EAAE,6BAA6B;gBACtC,MAAM,EAAE,IAAI,CAAC,IAAI;gBACjB,QAAQ,EAAE,IAAI,CAAC,EAAE;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC9D,qBAAqB,EAAE,IAAI,CAAC,qBAAqB;aAClD;SACF,CAAC;IACJ,CAAC;IACD,OAAO;QACL;YACE,OAAO,EAAE,uBAAuB;YAChC,MAAM,EAAE,IAAI,CAAC,IAAI;YACjB,QAAQ,EAAE,IAAI,CAAC,EAAE;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC/D;KACF,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,SAAS,oBAAoB,CAC3B,GAAmB,EACnB,UAAqC;IAErC,IAAI,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,SAAS,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,SAAS,oBAAoB,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACjG,CAAC;IACD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACvD,MAAM,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;QAC9B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,EAAE,CAAC,CAAC;QAC/E,OAAO;YACL,KAAK,EAAE,GAAG,CAAC,OAAO;YAClB,SAAS,EAAE,GAAG;YACd,MAAM,EAAE,EAAE,CAAC,MAAM;YACjB,uEAAuE;YACvE,+DAA+D;YAC/D,gEAAgE;YAChE,QAAQ,EAAE,EAAE,CAAC,WAAW;SACzB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,CAA4B;IACvD,IAAI,CAAC,CAAC,oBAAoB,KAAK,2BAA2B,EAAE,CAAC;QAC3D,MAAM,IAAI,KAAK,CACb,+CAA+C,CAAC,CAAC,oBAAoB,IAAI;YACvE,2DAA2D,CAC9D,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,KAAK,SAAS,CAAC,CAAC,YAAY,CAC1B,MAAgB,EAChB,IAAyB,EACzB,MAAc;IAEd,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACnC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;IACnC,qEAAqE;IACrE,oEAAoE;IACpE,IAAI,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC;QACzC,MAAM;QACN,KAAK,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;KACxB,CAAC,EAAE,CAAC;QACH,IAAI,CAAC,CAAC,SAAS,KAAK,MAAM,CAAC,IAAI;YAAE,SAAS,CAAC,8BAA8B;QACzE,MAAM;YACJ,MAAM,EAAE,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE;YACvC,KAAK,EAAE,CAAC,CAAC,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ;YACvD,GAAG,CAAC,CAAC,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACpE,CAAC;QACF,OAAO;IACT,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"canton-internal.d.ts","sourceRoot":"","sources":["../../src/surfaces/canton-internal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EACV,mBAAmB,EAIpB,MAAM,qCAAqC,CAAC;
|
|
1
|
+
{"version":3,"file":"canton-internal.d.ts","sourceRoot":"","sources":["../../src/surfaces/canton-internal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EACV,mBAAmB,EAIpB,MAAM,qCAAqC,CAAC;AAI7C,OAAO,KAAK,EAAkB,UAAU,EAAE,OAAO,EAAE,MAAM,sBAAsB,CAAC;AAEhF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,4BAA4B,CAAC;AAgBhE,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,UAAU,GAAG,SAAS,CAAC;IAC/D,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC;IACtC,+EAA+E;IAC/E,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,kBAAkB,GAAG,aAAa,CAkH7E"}
|