viem 2.47.6 → 2.47.11

package/tempo/Account.ts

@@ -48,7 +48,7 @@ export type RootAccount = Account_base<'root'> & {
     key: Pick<AccessKeyAccount, 'accessKeyAddress' | 'keyType'>,
     parameters: Pick<
       KeyAuthorization.KeyAuthorization,
-      'chainId' | 'expiry' | 'limits'
+      'chainId' | 'expiry' | 'limits' | 'scopes'
     >,
   ) => Promise<KeyAuthorization.Signed>
 }
@@ -381,7 +381,7 @@ export async function signKeyAuthorization(
   account: LocalAccount,
   parameters: signKeyAuthorization.Parameters,
 ): Promise<signKeyAuthorization.ReturnValue> {
-  const { chainId, key, expiry, limits } = parameters
+  const { chainId, key, expiry, limits, scopes } = parameters
   const { accessKeyAddress, keyType: type } = key
 
   const signature = await account.sign!({
@@ -390,6 +390,7 @@ export async function signKeyAuthorization(
       chainId,
       expiry,
       limits,
+      scopes,
       type,
     }),
   })
@@ -398,6 +399,7 @@ export async function signKeyAuthorization(
     chainId,
     expiry,
     limits,
+    scopes,
     signature: SignatureEnvelope.from(signature),
     type,
   })
@@ -406,7 +408,7 @@ export async function signKeyAuthorization(
 export declare namespace signKeyAuthorization {
   type Parameters = Pick<
     KeyAuthorization.KeyAuthorization,
-    'chainId' | 'expiry' | 'limits'
+    'chainId' | 'expiry' | 'limits' | 'scopes'
   > & {
     key: Pick<AccessKeyAccount, 'accessKeyAddress' | 'keyType'>
   }
@@ -444,10 +446,7 @@ function fromBase(parameters: fromBase.Parameters): Account_base {
           version: internal_version,
         }),
       )
-    // Don't need to append magic bytes to secp256k1 signatures as they are
-    // backwards compatible with existing verification logic.
-    if (keyType === 'secp256k1') return signature
-    return Hex.concat(signature, SignatureEnvelope.magicBytes)
+    return signature
   }
 
   return {
@@ -525,7 +524,7 @@ function fromRoot(parameters: fromRoot.Parameters): RootAccount {
     ...account,
     source: 'root',
     async signKeyAuthorization(key, parameters) {
-      const { chainId, expiry, limits } = parameters
+      const { chainId, expiry, limits, scopes } = parameters
       const { accessKeyAddress, keyType: type } = key
 
       const signature = await account.sign({
@@ -534,6 +533,7 @@ function fromRoot(parameters: fromRoot.Parameters): RootAccount {
           chainId,
           expiry,
           limits,
+          scopes,
           type,
         }),
       })
@@ -542,6 +542,7 @@ function fromRoot(parameters: fromRoot.Parameters): RootAccount {
         chainId,
         expiry,
         limits,
+        scopes,
         signature: SignatureEnvelope.from(signature),
         type,
       })

package/tempo/Decorator.ts

@@ -124,7 +124,7 @@ export type Decorator<
      *   transport: http(),
      * }).extend(tempoActions())
      *
-     * const remaining = await client.accessKey.getRemainingLimit({
+     * const { remaining, periodEnd } = await client.accessKey.getRemainingLimit({
      *   account: '0x...',
      *   accessKey: '0x...',
      *   token: '0x...',
@@ -132,7 +132,7 @@ export type Decorator<
      * ```
      *
      * @param parameters - Parameters.
-     * @returns The remaining spending amount.
+     * @returns The remaining spending amount and period end timestamp.
      */
     getRemainingLimit: (
       parameters: accessKeyActions.getRemainingLimit.Parameters<account>,

package/tempo/Hardfork.ts

@@ -0,0 +1,17 @@
+export const hardforks = [
+  'genesis',
+  't0',
+  't1',
+  't1a',
+  't1b',
+  't1c',
+  't2',
+  't3',
+] as const
+
+export type Hardfork = (typeof hardforks)[number]
+
+/** Returns `true` if `current` is before `target`. */
+export function lt(current: string, target: Hardfork): boolean {
+  return hardforks.indexOf(current as Hardfork) < hardforks.indexOf(target)
+}

package/tempo/Transaction.ts

@@ -163,10 +163,11 @@ export function getType(
   transaction: Record<string, unknown>,
 ): Transaction['type'] {
   const account = transaction.account as
-    | { keyType?: string | undefined }
+    | { keyType?: string | undefined; source?: string | undefined }
     | undefined
   if (
     (account?.keyType && account.keyType !== 'secp256k1') ||
+    account?.source === 'accessKey' ||
     typeof transaction.calls !== 'undefined' ||
     typeof transaction.feePayer !== 'undefined' ||
     typeof transaction.feeToken !== 'undefined' ||

package/tempo/actions/accessKey.ts

@@ -1,7 +1,7 @@
 import type { Address } from 'abitype'
+import type { KeyAuthorization } from 'ox/tempo'
 import type { Account } from '../../accounts/types.js'
 import { parseAccount } from '../../accounts/utils/parseAccount.js'
-import type { ReadContractReturnType } from '../../actions/public/readContract.js'
 import { readContract } from '../../actions/public/readContract.js'
 import { sendTransaction } from '../../actions/wallet/sendTransaction.js'
 import { sendTransactionSync } from '../../actions/wallet/sendTransactionSync.js'
@@ -20,6 +20,7 @@ import * as Abis from '../Abis.js'
 import type { AccessKeyAccount } from '../Account.js'
 import { signKeyAuthorization } from '../Account.js'
 import * as Addresses from '../Addresses.js'
+import * as Hardfork from '../Hardfork.js'
 import type {
   GetAccountParameter,
   ReadParameters,
@@ -96,7 +97,11 @@ export namespace authorize {
     /** Unix timestamp when the key expires. */
     expiry?: number | undefined
     /** Spending limits per token. */
-    limits?: { token: Address; limit: bigint }[] | undefined
+    limits?:
+      | { token: Address; limit: bigint; period?: number | undefined }[]
+      | undefined
+    /** Call scopes restricting which contracts/selectors this key can call. */
+    scopes?: KeyAuthorization.Scope[] | undefined
   }
 
   export type ReturnValue = WriteContractReturnType
@@ -119,6 +124,7 @@ export namespace authorize {
       chainId = client.chain?.id,
       expiry,
       limits,
+      scopes,
       ...rest
     } = parameters
     const account_ = rest.account ?? client.account
@@ -130,6 +136,7 @@ export namespace authorize {
       key: accessKey,
       expiry,
       limits,
+      scopes,
     })
     return (await action(client, {
       ...rest,
@@ -742,10 +749,26 @@ export async function getRemainingLimit<
   } = parameters
   if (!account_) throw new Error('account is required.')
   const account = parseAccount(account_)
-  return readContract(client, {
+
+  // TODO: remove pre-t3 branch once mainnet is on t3.
+  const hardfork = (client.chain as { hardfork?: string } | undefined)?.hardfork
+  if (hardfork && Hardfork.lt(hardfork, 't3')) {
+    const remaining = await readContract(client, {
+      ...rest,
+      ...getRemainingLimit.call({ account: account.address, accessKey, token }),
+    })
+    return { remaining, periodEnd: undefined }
+  }
+
+  const [remaining, periodEnd] = await readContract(client, {
     ...rest,
-    ...getRemainingLimit.call({ account: account.address, accessKey, token }),
+    ...getRemainingLimit.callWithPeriod({
+      account: account.address,
+      accessKey,
+      token,
+    }),
   })
+  return { remaining, periodEnd }
 }
 
 export namespace getRemainingLimit {
@@ -764,14 +787,13 @@ export namespace getRemainingLimit {
     token: Address
   }
 
-  export type ReturnValue = ReadContractReturnType<
-    typeof Abis.accountKeychain,
-    'getRemainingLimit',
-    never
-  >
+  export type ReturnValue = {
+    remaining: bigint
+    periodEnd: bigint | undefined
+  }
 
   /**
-   * Defines a call to the `getRemainingLimit` function.
+   * Defines a call to the `getRemainingLimit` function (pre-T3).
    *
    * @param args - Arguments.
    * @returns The call.
@@ -785,6 +807,22 @@ export namespace getRemainingLimit {
       args: [account, resolveAccessKey(accessKey), token],
     })
   }
+
+  /**
+   * Defines a call to the `getRemainingLimitWithPeriod` function (T3+).
+   *
+   * @param args - Arguments.
+   * @returns The call.
+   */
+  export function callWithPeriod(args: Args) {
+    const { account, accessKey, token } = args
+    return defineCall({
+      address: Addresses.accountKeychain,
+      abi: Abis.accountKeychain,
+      functionName: 'getRemainingLimitWithPeriod',
+      args: [account, resolveAccessKey(accessKey), token],
+    })
+  }
 }
 
 /**
@@ -844,7 +882,11 @@ export namespace signAuthorization {
     /** Unix timestamp when the key expires. */
     expiry?: number | undefined
     /** Spending limits per token. */
-    limits?: { token: Address; limit: bigint }[] | undefined
+    limits?:
+      | { token: Address; limit: bigint; period?: number | undefined }[]
+      | undefined
+    /** Call scopes restricting which contracts/selectors this key can call. */
+    scopes?: KeyAuthorization.Scope[] | undefined
   }
 
   export type ReturnValue = Awaited<ReturnType<typeof signKeyAuthorization>>

package/tempo/actions/token.ts

@@ -2510,8 +2510,9 @@ export namespace revokeRoles {
     client: Client<Transport, chain, account>,
     parameters: revokeRoles.Parameters<chain, account>,
   ): Promise<ReturnType<action>> {
+    const { from: _, ...rest } = parameters
     return (await action(client, {
-      ...parameters,
+      ...rest,
       calls: parameters.roles.map((role) => {
         const call = revokeRoles.call({ ...parameters, role })
         return {

package/tempo/actions/validator.ts

@@ -155,7 +155,7 @@ export namespace add {
     } = args
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [
         newValidatorAddress,
         publicKey,
@@ -329,7 +329,7 @@ export namespace changeOwner {
     const { newOwner } = args
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [newOwner],
       functionName: 'changeOwner',
     })
@@ -497,7 +497,7 @@ export namespace changeStatus {
     const { validator, active } = args
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [validator, active],
       functionName: 'changeValidatorStatus',
     })
@@ -596,7 +596,7 @@ export namespace getNextFullDkgCeremony {
   export type Parameters = ReadParameters
 
   export type ReturnValue = ReadContractReturnType<
-    typeof Abis.validator,
+    typeof Abis.validatorConfig,
     'getNextFullDkgCeremony',
     never
   >
@@ -630,7 +630,7 @@ export namespace getNextFullDkgCeremony {
   export function call() {
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [],
       functionName: 'getNextFullDkgCeremony',
     })
@@ -675,7 +675,7 @@ export namespace getOwner {
   export type Parameters = ReadParameters
 
   export type ReturnValue = ReadContractReturnType<
-    typeof Abis.validator,
+    typeof Abis.validatorConfig,
     'owner',
     never
   >
@@ -709,7 +709,7 @@ export namespace getOwner {
   export function call() {
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [],
       functionName: 'owner',
     })
@@ -762,7 +762,7 @@ export namespace get {
   }
 
   export type ReturnValue = ReadContractReturnType<
-    typeof Abis.validator,
+    typeof Abis.validatorConfig,
     'validators',
     never
   >
@@ -800,7 +800,7 @@ export namespace get {
     const { validator } = args
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [validator],
       functionName: 'validators',
     })
@@ -853,7 +853,7 @@ export namespace getByIndex {
   }
 
   export type ReturnValue = ReadContractReturnType<
-    typeof Abis.validator,
+    typeof Abis.validatorConfig,
     'validatorsArray',
     never
   >
@@ -892,7 +892,7 @@ export namespace getByIndex {
     const { index } = args
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [index],
       functionName: 'validatorsArray',
     })
@@ -937,7 +937,7 @@ export namespace getCount {
   export type Parameters = ReadParameters
 
   export type ReturnValue = ReadContractReturnType<
-    typeof Abis.validator,
+    typeof Abis.validatorConfig,
     'validatorCount',
     never
   >
@@ -971,7 +971,7 @@ export namespace getCount {
   export function call() {
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [],
       functionName: 'validatorCount',
     })
@@ -1016,7 +1016,7 @@ export namespace list {
   export type Parameters = ReadParameters
 
   export type ReturnValue = ReadContractReturnType<
-    typeof Abis.validator,
+    typeof Abis.validatorConfig,
     'getValidators',
     never
   >
@@ -1050,7 +1050,7 @@ export namespace list {
   export function call() {
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [],
       functionName: 'getValidators',
     })
@@ -1161,7 +1161,7 @@ export namespace setNextFullDkgCeremony {
     const { epoch } = args
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [epoch],
       functionName: 'setNextFullDkgCeremony',
     })
@@ -1353,7 +1353,7 @@ export namespace update {
       args
     return defineCall({
       address: Addresses.validator,
-      abi: Abis.validator,
+      abi: Abis.validatorConfig,
       args: [newValidatorAddress, publicKey, inboundAddress, outboundAddress],
       functionName: 'updateValidator',
     })

package/tempo/chainConfig.ts

@@ -1,3 +1,6 @@
+import * as Address from 'ox/Address'
+import * as Hex from 'ox/Hex'
+import * as PublicKey from 'ox/PublicKey'
 import { SignatureEnvelope, type TokenId } from 'ox/tempo'
 import { getCode } from '../actions/public/getCode.js'
 import { verifyHash } from '../actions/public/verifyHash.js'
@@ -8,9 +11,12 @@ import { defineTransaction } from '../utils/formatters/transaction.js'
 import { defineTransactionReceipt } from '../utils/formatters/transactionReceipt.js'
 import { defineTransactionRequest } from '../utils/formatters/transactionRequest.js'
 import { getAction } from '../utils/getAction.js'
+import { keccak256 } from '../utils/hash/keccak256.js'
 import type { SerializeTransactionFn } from '../utils/transaction/serializeTransaction.js'
 import type { Account } from './Account.js'
+import { getMetadata } from './actions/accessKey.js'
 import * as Formatters from './Formatters.js'
+import type { Hardfork } from './Hardfork.js'
 import * as Concurrent from './internal/concurrent.js'
 import * as Transaction from './Transaction.js'
 
@@ -20,6 +26,7 @@ export const chainConfig = {
   blockTime: 1_000,
   extendSchema: extendSchema<{
     feeToken?: TokenId.TokenIdOrAddress | undefined
+    hardfork?: Hardfork | undefined
   }>(),
   formatters: {
     transaction: defineTransaction({
@@ -42,13 +49,15 @@ export const chainConfig = {
           | undefined
       }
 
-      // FIXME: node does not account for fee payer + key authorization combinartion; bump gas for now.
+      // FIXME: node estimates gas with secp256k1 dummy sig + null feePayerSignature.
+      // Actual tx has larger keychain/webAuthn sigs + real fee payer sig, costing more intrinsic gas.
       if (phase === 'afterFillParameters') {
-        if (
-          request.feePayer &&
-          request.keyAuthorization?.signature.type === 'webAuthn'
-        )
-          request.gas = (request.gas ?? 0n) + 20_000n
+        if (request.feePayer) {
+          if (request.keyAuthorization?.signature.type === 'webAuthn')
+            request.gas = (request.gas ?? 0n) + 20_000n
+          else if (request.account?.source === 'accessKey')
+            request.gas = (request.gas ?? 0n) + 10_000n
+        }
         return request as unknown as typeof r
       }
 
@@ -89,18 +98,53 @@ export const chainConfig = {
       Transaction.serialize(transaction, signature)) as SerializeTransactionFn,
   },
   async verifyHash(client, parameters) {
-    const { address, hash, signature } = parameters
+    const { address, hash, signature, mode } = parameters
+
+    const envelope = (() => {
+      if (typeof signature !== 'string') return
+      try {
+        return SignatureEnvelope.deserialize(signature)
+      } catch {
+        return undefined
+      }
+    })()
 
     // `verifyHash` supports "signature envelopes" (a Tempo proposal) to natively verify arbitrary
     // envelope-compatible (WebAuthn, P256, etc.) signatures.
-    // We can directly verify stateless, non-keychain signature envelopes without a
-    // network request to the chain.
-    if (
-      typeof signature === 'string' &&
-      signature.endsWith(SignatureEnvelope.magicBytes.slice(2))
-    ) {
-      const envelope = SignatureEnvelope.deserialize(signature)
-      if (envelope.type !== 'keychain') {
+    if (envelope) {
+      // Access key (keychain) signature verification: check the key is
+      // authorized, not expired, and not revoked on the AccountKeychain.
+      if (envelope?.type === 'keychain' && mode === 'allowAccessKey') {
+        const accessKeyAddress = Address.fromPublicKey(
+          PublicKey.from(envelope.inner.publicKey as PublicKey.PublicKey),
+        )
+
+        const keyInfo = await getMetadata(client, {
+          account: address,
+          accessKey: accessKeyAddress,
+          blockNumber: parameters.blockNumber,
+          blockTag: parameters.blockTag,
+        } as never)
+
+        if (keyInfo.isRevoked) return false
+        if (keyInfo.expiry <= BigInt(Math.floor(Date.now() / 1000)))
+          return false
+
+        // For v2 keychain envelopes, the inner signature signs
+        // keccak256(0x04 || hash || userAddress).
+        const innerPayload =
+          envelope.version === 'v2'
+            ? keccak256(Hex.concat('0x04', hash, address))
+            : hash
+        return SignatureEnvelope.verify(envelope.inner, {
+          address: accessKeyAddress,
+          payload: innerPayload,
+        })
+      }
+
+      // Stateless, non-keychain signature envelopes (P256, WebAuthn) can be
+      // verified directly without a network request.
+      if (envelope.type === 'p256' || envelope.type === 'webAuthn') {
         const code = await getCode(client, {
           address,
           blockNumber: parameters.blockNumber,

package/tempo/index.ts

@@ -10,7 +10,7 @@ export type {
   TxEnvelopeTempo as z_TxEnvelopeTempo,
 } from 'ox/tempo'
 // biome-ignore lint/performance/noBarrelFile: _
-export { TempoAddress, Tick, TokenId } from 'ox/tempo'
+export { Period, TempoAddress, Tick, TokenId } from 'ox/tempo'
 export * as Abis from './Abis.js'
 export * as Account from './Account.js'
 export * as Addresses from './Addresses.js'
@@ -21,6 +21,7 @@ export {
   decorator as tempoActions,
 } from './Decorator.js'
 export * as Formatters from './Formatters.js'
+export * as Hardfork from './Hardfork.js'
 export * as P256 from './P256.js'
 export * as Secp256k1 from './Secp256k1.js'
 export * as TokenIds from './TokenIds.js'

package/tsconfig.json

@@ -5,6 +5,6 @@
   "compilerOptions": {
     "composite": true,
     "noEmit": true,
-    "baseUrl": ".",
+    "types": ["node"]
   }
 }

package/utils/buildRequest.ts

@@ -279,6 +279,10 @@ export function shouldRetry(error: Error) {
     if (error.code === -1) return true // Unknown error
     if (error.code === LimitExceededRpcError.code) return true
     if (error.code === InternalRpcError.code) return true
+    // Too Many Requests — some providers (e.g. Alchemy in batch mode) return
+    // HTTP 200 with a JSON-RPC body of `{ code: 429 }` instead of an HTTP 429,
+    // so we need to handle this code in addition to the HTTP status check below.
+    if (error.code === 429) return true
     return false
   }
   if (error instanceof HttpRequestError && error.status) {

package/_cjs/chains/definitions/tempoAndantino.js

@@ -1,28 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.tempoAndantino = void 0;
-const chainConfig_js_1 = require("../../tempo/chainConfig.js");
-const defineChain_js_1 = require("../../utils/chain/defineChain.js");
-exports.tempoAndantino = (0, defineChain_js_1.defineChain)({
-    ...chainConfig_js_1.chainConfig,
-    id: 42429,
-    blockExplorers: {
-        default: {
-            name: 'Tempo Explorer',
-            url: 'https://explore.testnet.tempo.xyz',
-        },
-    },
-    name: 'Tempo Testnet (Andantino)',
-    nativeCurrency: {
-        name: 'USD',
-        symbol: 'USD',
-        decimals: 6,
-    },
-    rpcUrls: {
-        default: {
-            http: ['https://rpc.testnet.tempo.xyz'],
-            webSocket: ['wss://rpc.testnet.tempo.xyz'],
-        },
-    },
-});
-//# sourceMappingURL=tempoAndantino.js.map

package/_cjs/chains/definitions/tempoAndantino.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tempoAndantino.js","sourceRoot":"","sources":["../../../chains/definitions/tempoAndantino.ts"],"names":[],"mappings":";;;AAAA,+DAAwD;AACxD,qEAA8D;AAEjD,QAAA,cAAc,GAAiB,IAAA,4BAAW,EAAC;IACtD,GAAG,4BAAW;IACd,EAAE,EAAE,KAAK;IACT,cAAc,EAAE;QACd,OAAO,EAAE;YACP,IAAI,EAAE,gBAAgB;YACtB,GAAG,EAAE,mCAAmC;SACzC;KACF;IACD,IAAI,EAAE,2BAA2B;IACjC,cAAc,EAAE;QACd,IAAI,EAAE,KAAK;QACX,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,CAAC;KACZ;IACD,OAAO,EAAE;QACP,OAAO,EAAE;YACP,IAAI,EAAE,CAAC,+BAA+B,CAAC;YACvC,SAAS,EAAE,CAAC,6BAA6B,CAAC;SAC3C;KACF;CACF,CAAC,CAAA"}

package/_esm/chains/definitions/tempoAndantino.js

@@ -1,25 +0,0 @@
-import { chainConfig } from '../../tempo/chainConfig.js';
-import { defineChain } from '../../utils/chain/defineChain.js';
-export const tempoAndantino = /*#__PURE__*/ defineChain({
-    ...chainConfig,
-    id: 42429,
-    blockExplorers: {
-        default: {
-            name: 'Tempo Explorer',
-            url: 'https://explore.testnet.tempo.xyz',
-        },
-    },
-    name: 'Tempo Testnet (Andantino)',
-    nativeCurrency: {
-        name: 'USD',
-        symbol: 'USD',
-        decimals: 6,
-    },
-    rpcUrls: {
-        default: {
-            http: ['https://rpc.testnet.tempo.xyz'],
-            webSocket: ['wss://rpc.testnet.tempo.xyz'],
-        },
-    },
-});
-//# sourceMappingURL=tempoAndantino.js.map

package/_esm/chains/definitions/tempoAndantino.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tempoAndantino.js","sourceRoot":"","sources":["../../../chains/definitions/tempoAndantino.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAA;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAE9D,MAAM,CAAC,MAAM,cAAc,GAAG,aAAa,CAAC,WAAW,CAAC;IACtD,GAAG,WAAW;IACd,EAAE,EAAE,KAAK;IACT,cAAc,EAAE;QACd,OAAO,EAAE;YACP,IAAI,EAAE,gBAAgB;YACtB,GAAG,EAAE,mCAAmC;SACzC;KACF;IACD,IAAI,EAAE,2BAA2B;IACjC,cAAc,EAAE;QACd,IAAI,EAAE,KAAK;QACX,MAAM,EAAE,KAAK;QACb,QAAQ,EAAE,CAAC;KACZ;IACD,OAAO,EAAE;QACP,OAAO,EAAE;YACP,IAAI,EAAE,CAAC,+BAA+B,CAAC;YACvC,SAAS,EAAE,CAAC,6BAA6B,CAAC;SAC3C;KACF;CACF,CAAC,CAAA"}