{"version":3,"sources":["../../src/sign-in-with-x/server.ts","../../src/sign-in-with-x/client.ts"],"sourcesContent":["/**\n * Sign-In-With-X (SIWx) Server-Side Implementation\n *\n * Provides functions for servers to declare SIWx requirements,\n * parse client headers, and verify signatures.\n */\n\nimport { randomBytes } from \"crypto\";\nimport { keccak_256 } from \"@noble/hashes/sha3\";\nimport { sha256 as nobleSha256 } from \"@noble/hashes/sha2\";\nimport { secp256k1 } from \"@noble/curves/secp256k1\";\nimport { ed25519 } from \"@noble/curves/ed25519\";\nimport { bytesToHex, hexToBytes } from \"@noble/hashes/utils\";\nimport {\n  SIWxExtension,\n  SIWxExtensionInfo,\n  SIWxPayload,\n  DeclareSIWxOptions,\n  ValidateSIWxOptions,\n  VerifySIWxOptions,\n  SIWxValidationResult,\n  SIWxVerificationResult,\n} from \"./types.js\";\n\n/**\n * JSON Schema for SIWx payload validation.\n */\nconst SIWX_SCHEMA = {\n  type: \"object\",\n  required: [\"domain\", \"address\", \"uri\", \"version\", \"chainId\", \"nonce\", \"issuedAt\", \"signature\"],\n  properties: {\n    domain: { type: \"string\" },\n    address: { type: \"string\" },\n    statement: { type: \"string\" },\n    uri: { type: \"string\" },\n    version: { type: \"string\" },\n    chainId: { type: \"string\" },\n    nonce: { type: \"string\" },\n    issuedAt: { type: \"string\", format: \"date-time\" },\n    expirationTime: { type: \"string\", format: \"date-time\" },\n    notBefore: { type: \"string\", format: \"date-time\" },\n    requestId: { type: \"string\" },\n    resources: { type: \"array\", items: { type: \"string\" } },\n    signature: { type: \"string\" },\n  },\n};\n\n/**\n * EIP-1271 magic value for valid signatures.\n */\nconst EIP1271_MAGIC_VALUE = \"0x1626ba7e\";\n\n/**\n * Extracts domain from a resource URI.\n *\n * @param resourceUri - Full resource URI (e.g., \"https://api.example.com/resource\")\n * @returns Domain without protocol (e.g., \"api.example.com\")\n */\nfunction extractDomain(resourceUri: string): string {\n  try {\n    const url = new URL(resourceUri);\n    return url.host;\n  } catch {\n    // Fallback for non-URL formats\n    return resourceUri.replace(/^https?:\\/\\//, \"\").split(\"/\")[0];\n  }\n}\n\n/**\n * Generates a cryptographically secure nonce.\n *\n * @returns 32-byte hex-encoded nonce\n */\nfunction generateNonce(): string {\n  return randomBytes(16).toString(\"hex\");\n}\n\n/**\n * Declares a SIWx extension for server responses.\n *\n * @param options - Extension declaration options\n * @returns SIWx extension object ready for response\n *\n * @example\n * ```typescript\n * const extension = declareSIWxExtension({\n *   resourceUri: \"https://api.example.com/premium\",\n *   network: \"eip155:8453\",\n *   statement: \"Sign in to access premium content\",\n * });\n * ```\n */\nexport function declareSIWxExtension(options: DeclareSIWxOptions): SIWxExtension {\n  const domain = extractDomain(options.resourceUri);\n  const now = new Date();\n  const expirationTime =\n    options.expirationTime || new Date(now.getTime() + 5 * 60 * 1000).toISOString();\n\n  const info: SIWxExtensionInfo = {\n    domain,\n    uri: options.resourceUri,\n    statement: options.statement,\n    version: options.version || \"1\",\n    chainId: options.network,\n    nonce: generateNonce(),\n    issuedAt: now.toISOString(),\n    expirationTime,\n    resources: [options.resourceUri],\n    signatureScheme: options.signatureScheme,\n  };\n\n  return {\n    info,\n    schema: SIWX_SCHEMA,\n  };\n}\n\n/**\n * Parses a SIWx header from client request.\n *\n * The header format is base64-encoded JSON.\n *\n * @param header - Base64-encoded SIWx header value\n * @returns Parsed SIWx payload\n * @throws Error if header is invalid\n *\n * @example\n * ```typescript\n * const payload = parseSIWxHeader(request.headers['x-t402-siwx']);\n * ```\n */\nexport function parseSIWxHeader(header: string): SIWxPayload {\n  if (!header) {\n    throw new Error(\"Missing SIWx header\");\n  }\n\n  try {\n    const decoded = Buffer.from(header, \"base64\").toString(\"utf-8\");\n    const payload = JSON.parse(decoded) as SIWxPayload;\n\n    // Validate required fields\n    const required = [\n      \"domain\",\n      \"address\",\n      \"uri\",\n      \"version\",\n      \"chainId\",\n      \"nonce\",\n      \"issuedAt\",\n      \"signature\",\n    ];\n    for (const field of required) {\n      if (!(field in payload)) {\n        throw new Error(`Missing required field: ${field}`);\n      }\n    }\n\n    return payload;\n  } catch (error) {\n    if (error instanceof SyntaxError) {\n      throw new Error(\"Invalid SIWx header: malformed JSON\");\n    }\n    throw error;\n  }\n}\n\n/**\n * Validates a SIWx message against expected values.\n *\n * @param message - The SIWx payload to validate\n * @param expectedResourceUri - Expected resource URI (domain validated from this)\n * @param options - Validation options\n * @returns Validation result\n *\n * @example\n * ```typescript\n * const result = validateSIWxMessage(payload, \"https://api.example.com/premium\", {\n *   maxAge: 5 * 60 * 1000, // 5 minutes\n *   checkNonce: (nonce) => usedNonces.has(nonce) === false,\n * });\n * ```\n */\nexport function validateSIWxMessage(\n  message: SIWxPayload,\n  expectedResourceUri: string,\n  options: ValidateSIWxOptions = {},\n): SIWxValidationResult {\n  const { maxAge = 5 * 60 * 1000, checkNonce } = options;\n\n  // Validate domain matches\n  const expectedDomain = extractDomain(expectedResourceUri);\n  if (message.domain !== expectedDomain) {\n    return {\n      valid: false,\n      error: `Domain mismatch: expected ${expectedDomain}, got ${message.domain}`,\n    };\n  }\n\n  // Validate URI matches\n  if (message.uri !== expectedResourceUri) {\n    return {\n      valid: false,\n      error: `URI mismatch: expected ${expectedResourceUri}, got ${message.uri}`,\n    };\n  }\n\n  // Validate version\n  if (message.version !== \"1\") {\n    return { valid: false, error: `Unsupported version: ${message.version}` };\n  }\n\n  // Validate issuedAt is not too old\n  const issuedAt = new Date(message.issuedAt);\n  const now = new Date();\n  if (now.getTime() - issuedAt.getTime() > maxAge) {\n    return { valid: false, error: \"Message has expired (issuedAt too old)\" };\n  }\n\n  // Validate expirationTime if present\n  if (message.expirationTime) {\n    const expiration = new Date(message.expirationTime);\n    if (expiration < now) {\n      return { valid: false, error: \"Message has expired\" };\n    }\n  }\n\n  // Validate notBefore if present\n  if (message.notBefore) {\n    const notBefore = new Date(message.notBefore);\n    if (notBefore > now) {\n      return { valid: false, error: \"Message not yet valid (notBefore in future)\" };\n    }\n  }\n\n  // Custom nonce validation\n  if (checkNonce && !checkNonce(message.nonce)) {\n    return { valid: false, error: \"Invalid nonce (replay attack detected)\" };\n  }\n\n  return { valid: true };\n}\n\n/**\n * Detects the signature scheme from chain ID.\n *\n * @param chainId - CAIP-2 chain ID (e.g., \"eip155:1\", \"solana:mainnet\", \"stellar:pubnet\")\n * @returns The signature scheme to use for verification\n */\nfunction detectSignatureScheme(chainId: string): \"evm\" | \"ed25519\" | \"tron\" {\n  const namespace = chainId.split(\":\")[0];\n\n  switch (namespace) {\n    case \"solana\":\n    case \"stellar\":\n    case \"ton\":\n      return \"ed25519\";\n    case \"tron\":\n      return \"tron\";\n    case \"eip155\":\n    default:\n      return \"evm\";\n  }\n}\n\n/**\n * Verifies an Ed25519 signature (used by Solana and Stellar).\n *\n * @param message - The message that was signed\n * @param signature - Hex-encoded Ed25519 signature (64 bytes)\n * @param publicKey - The public key to verify against (hex or base58)\n * @returns True if signature is valid\n */\nfunction verifyEd25519Signature(message: string, signature: string, publicKey: string): boolean {\n  try {\n    // Remove 0x prefix if present\n    const sigHex = signature.startsWith(\"0x\") ? signature.slice(2) : signature;\n    const sigBytes = hexToBytes(sigHex);\n\n    if (sigBytes.length !== 64) {\n      throw new Error(\n        `Invalid Ed25519 signature length: expected 64 bytes, got ${sigBytes.length}`,\n      );\n    }\n\n    // Get public key bytes\n    let pubKeyBytes: Uint8Array;\n    const pubKeyHex = publicKey.startsWith(\"0x\") ? publicKey.slice(2) : publicKey;\n\n    // Check if it's a hex string (64 chars = 32 bytes)\n    if (/^[0-9a-fA-F]{64}$/.test(pubKeyHex)) {\n      pubKeyBytes = hexToBytes(pubKeyHex);\n    } else {\n      // Try to decode as base58 (Solana format)\n      pubKeyBytes = decodeBase58(publicKey);\n    }\n\n    if (pubKeyBytes.length !== 32) {\n      throw new Error(\n        `Invalid Ed25519 public key length: expected 32 bytes, got ${pubKeyBytes.length}`,\n      );\n    }\n\n    // Hash the message (Ed25519 signs the raw message or its hash depending on implementation)\n    const messageBytes = new TextEncoder().encode(message);\n\n    // Verify the signature\n    return ed25519.verify(sigBytes, messageBytes, pubKeyBytes);\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Decodes a base58 string to bytes (for Solana addresses).\n *\n * @param str - Base58 encoded string\n * @returns Decoded bytes\n */\nfunction decodeBase58(str: string): Uint8Array {\n  const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n  const ALPHABET_MAP = new Map<string, number>();\n  for (let i = 0; i < ALPHABET.length; i++) {\n    ALPHABET_MAP.set(ALPHABET[i], i);\n  }\n\n  if (str.length === 0) return new Uint8Array(0);\n\n  const bytes: number[] = [0];\n  for (const char of str) {\n    const value = ALPHABET_MAP.get(char);\n    if (value === undefined) {\n      throw new Error(`Invalid base58 character: ${char}`);\n    }\n\n    let carry = value;\n    for (let j = 0; j < bytes.length; j++) {\n      carry += bytes[j] * 58;\n      bytes[j] = carry & 0xff;\n      carry >>= 8;\n    }\n\n    while (carry > 0) {\n      bytes.push(carry & 0xff);\n      carry >>= 8;\n    }\n  }\n\n  // Add leading zeros\n  for (const char of str) {\n    if (char !== \"1\") break;\n    bytes.push(0);\n  }\n\n  return new Uint8Array(bytes.reverse());\n}\n\n/**\n * Encodes bytes to base58 string.\n *\n * @param bytes - Bytes to encode\n * @returns Base58 encoded string\n */\nfunction encodeBase58(bytes: Uint8Array): string {\n  const ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n\n  if (bytes.length === 0) return \"\";\n\n  // Count leading zeros\n  let leadingZeros = 0;\n  for (const b of bytes) {\n    if (b !== 0) break;\n    leadingZeros++;\n  }\n\n  // Convert to base58\n  const digits: number[] = [0];\n  for (const b of bytes) {\n    let carry = b;\n    for (let j = 0; j < digits.length; j++) {\n      carry += digits[j] * 256;\n      digits[j] = carry % 58;\n      carry = Math.floor(carry / 58);\n    }\n    while (carry > 0) {\n      digits.push(carry % 58);\n      carry = Math.floor(carry / 58);\n    }\n  }\n\n  let result = ALPHABET[0].repeat(leadingZeros);\n  for (let i = digits.length - 1; i >= 0; i--) {\n    result += ALPHABET[digits[i]];\n  }\n\n  return result;\n}\n\n/**\n * Converts an EVM hex address to a TRON base58check address.\n *\n * TRON addresses are the same as EVM addresses but with a 0x41 prefix\n * instead of 0x, encoded in base58check format.\n *\n * @param evmAddress - EVM address with 0x prefix\n * @returns TRON base58check address starting with 'T'\n */\nfunction evmAddressToTron(evmAddress: string): string {\n  const addr = evmAddress.toLowerCase().replace(\"0x\", \"\");\n  // TRON address = 0x41 + 20-byte address\n  const addressBytes = hexToBytes(\"41\" + addr);\n\n  // Double SHA-256 for base58check checksum\n  const hash1 = nobleSha256(addressBytes);\n  const hash2 = nobleSha256(hash1);\n  const checksum = hash2.slice(0, 4);\n\n  // Concatenate address + checksum\n  const fullAddress = new Uint8Array(addressBytes.length + 4);\n  fullAddress.set(addressBytes, 0);\n  fullAddress.set(checksum, addressBytes.length);\n\n  return encodeBase58(fullAddress);\n}\n\n/**\n * Verifies a SIWx signature.\n *\n * Supports EIP-191 personal signatures for EVM chains, Ed25519 for Solana/Stellar/TON,\n * TRON secp256k1 with base58check addresses,\n * and can optionally verify smart wallet signatures via EIP-1271/6492.\n *\n * @param message - The SIWx payload to verify\n * @param signature - The signature to verify (hex-encoded)\n * @param options - Verification options\n * @returns Verification result with recovered address\n *\n * @example\n * ```typescript\n * const result = await verifySIWxSignature(payload, payload.signature, {\n *   checkSmartWallet: true,\n *   provider: web3Provider,\n * });\n * ```\n */\nexport async function verifySIWxSignature(\n  message: SIWxPayload,\n  signature: string,\n  options: VerifySIWxOptions = {},\n): Promise<SIWxVerificationResult> {\n  const { checkSmartWallet = false } = options;\n\n  try {\n    // Reconstruct the CAIP-122 message that was signed\n    const messageText = constructMessage(message);\n\n    // Detect signature scheme based on chain ID\n    const scheme = detectSignatureScheme(message.chainId);\n\n    if (scheme === \"ed25519\") {\n      // Ed25519 verification for Solana, Stellar, and TON\n      // For Ed25519, the address IS the public key, so we verify directly\n      const isValid = verifyEd25519Signature(messageText, signature, message.address);\n\n      if (isValid) {\n        return { valid: true, address: message.address };\n      }\n\n      return {\n        valid: false,\n        error: \"Ed25519 signature verification failed\",\n      };\n    }\n\n    if (scheme === \"tron\") {\n      // TRON uses secp256k1 (same as EVM) but with base58check address format\n      const messageHash = hashMessage(messageText);\n      const recoveredEvmAddress = recoverAddress(messageHash, signature);\n\n      // Convert recovered EVM address to TRON base58check address\n      const recoveredTronAddress = evmAddressToTron(recoveredEvmAddress);\n\n      if (recoveredTronAddress === message.address) {\n        return { valid: true, address: message.address };\n      }\n\n      return {\n        valid: false,\n        address: recoveredTronAddress,\n        error: `Signature mismatch: expected ${message.address}, recovered ${recoveredTronAddress}`,\n      };\n    }\n\n    // EVM verification (secp256k1)\n    // Hash the message with Ethereum prefix\n    const messageHash = hashMessage(messageText);\n\n    // Try to recover the signer address\n    const recoveredAddress = recoverAddress(messageHash, signature);\n\n    // Check if recovered address matches claimed address\n    if (recoveredAddress.toLowerCase() !== message.address.toLowerCase()) {\n      // If smart wallet checking is enabled, try EIP-1271 verification\n      if (checkSmartWallet && options.provider) {\n        const isValidSmartWallet = await verifySmartWalletSignature(\n          message.address,\n          messageHash,\n          signature,\n          options.provider,\n        );\n\n        if (isValidSmartWallet) {\n          return { valid: true, address: message.address };\n        }\n      }\n\n      return {\n        valid: false,\n        address: recoveredAddress,\n        error: `Signature mismatch: expected ${message.address}, recovered ${recoveredAddress}`,\n      };\n    }\n\n    return { valid: true, address: recoveredAddress };\n  } catch (error) {\n    return {\n      valid: false,\n      error: `Signature verification failed: ${error instanceof Error ? error.message : \"unknown error\"}`,\n    };\n  }\n}\n\n/**\n * Constructs the CAIP-122 message string from payload.\n *\n * @param payload - SIWx payload\n * @returns CAIP-122 formatted message string\n */\nexport function constructMessage(payload: SIWxPayload): string {\n  const lines: string[] = [];\n\n  // Header\n  lines.push(`${payload.domain} wants you to sign in with your ${payload.chainId} account:`);\n  lines.push(payload.address);\n  lines.push(\"\");\n\n  // Statement (optional)\n  if (payload.statement) {\n    lines.push(payload.statement);\n    lines.push(\"\");\n  }\n\n  // Required fields\n  lines.push(`URI: ${payload.uri}`);\n  lines.push(`Version: ${payload.version}`);\n  lines.push(`Chain ID: ${payload.chainId}`);\n  lines.push(`Nonce: ${payload.nonce}`);\n  lines.push(`Issued At: ${payload.issuedAt}`);\n\n  // Optional fields\n  if (payload.expirationTime) {\n    lines.push(`Expiration Time: ${payload.expirationTime}`);\n  }\n  if (payload.notBefore) {\n    lines.push(`Not Before: ${payload.notBefore}`);\n  }\n  if (payload.requestId) {\n    lines.push(`Request ID: ${payload.requestId}`);\n  }\n\n  // Resources\n  if (payload.resources && payload.resources.length > 0) {\n    lines.push(\"Resources:\");\n    for (const resource of payload.resources) {\n      lines.push(`- ${resource}`);\n    }\n  }\n\n  return lines.join(\"\\n\");\n}\n\n/**\n * Hashes a message with the Ethereum signed message prefix (EIP-191).\n *\n * @param message - Message to hash\n * @returns Hex-encoded keccak256 hash with 0x prefix\n */\nexport function hashMessage(message: string): string {\n  const messageBytes = new TextEncoder().encode(message);\n  const prefix = `\\x19Ethereum Signed Message:\\n${messageBytes.length}`;\n  const prefixBytes = new TextEncoder().encode(prefix);\n\n  // Concatenate prefix and message\n  const combined = new Uint8Array(prefixBytes.length + messageBytes.length);\n  combined.set(prefixBytes, 0);\n  combined.set(messageBytes, prefixBytes.length);\n\n  // Hash with keccak256\n  const hash = keccak_256(combined);\n  return \"0x\" + bytesToHex(hash);\n}\n\n/**\n * Recovers the signer address from an EIP-191 signature.\n *\n * @param messageHash - Keccak256 hash of the prefixed message (with 0x prefix)\n * @param signature - Hex-encoded signature (65 bytes: r + s + v)\n * @returns Checksummed Ethereum address\n */\nfunction recoverAddress(messageHash: string, signature: string): string {\n  // Remove 0x prefix if present\n  const sigHex = signature.startsWith(\"0x\") ? signature.slice(2) : signature;\n  const hashHex = messageHash.startsWith(\"0x\") ? messageHash.slice(2) : messageHash;\n\n  if (sigHex.length !== 130) {\n    throw new Error(`Invalid signature length: expected 130 hex chars, got ${sigHex.length}`);\n  }\n\n  // Parse signature components\n  const r = BigInt(\"0x\" + sigHex.slice(0, 64));\n  const s = BigInt(\"0x\" + sigHex.slice(64, 128));\n  let v = parseInt(sigHex.slice(128, 130), 16);\n\n  // Normalize v to 0 or 1 (EIP-155 compatibility)\n  if (v >= 27) {\n    v -= 27;\n  }\n\n  if (v !== 0 && v !== 1) {\n    throw new Error(`Invalid recovery id: ${v}`);\n  }\n\n  // Create signature object\n  const sig = new secp256k1.Signature(r, s).addRecoveryBit(v);\n\n  // Recover public key\n  const hashBytes = hexToBytes(hashHex);\n  const publicKey = sig.recoverPublicKey(hashBytes);\n\n  // Get uncompressed public key (65 bytes) and remove the 04 prefix\n  const pubKeyBytes = publicKey.toRawBytes(false).slice(1);\n\n  // Hash public key to get address\n  const addressHash = keccak_256(pubKeyBytes);\n\n  // Take last 20 bytes\n  const addressBytes = addressHash.slice(-20);\n  const address = \"0x\" + bytesToHex(addressBytes);\n\n  // Return checksummed address\n  return toChecksumAddress(address);\n}\n\n/**\n * Converts an Ethereum address to checksummed format (EIP-55).\n *\n * @param address - Ethereum address (with or without 0x prefix)\n * @returns Checksummed address with 0x prefix\n */\nfunction toChecksumAddress(address: string): string {\n  const addr = address.toLowerCase().replace(\"0x\", \"\");\n  const hash = bytesToHex(keccak_256(new TextEncoder().encode(addr)));\n\n  let checksummed = \"0x\";\n  for (let i = 0; i < 40; i++) {\n    if (parseInt(hash[i], 16) >= 8) {\n      checksummed += addr[i].toUpperCase();\n    } else {\n      checksummed += addr[i];\n    }\n  }\n\n  return checksummed;\n}\n\n/**\n * Verifies a smart wallet signature using EIP-1271.\n *\n * @param walletAddress - Smart wallet contract address\n * @param messageHash - Hash of the message that was signed\n * @param signature - The signature to verify\n * @param provider - Ethereum provider with call capability\n * @returns True if signature is valid according to the smart wallet\n */\nasync function verifySmartWalletSignature(\n  walletAddress: string,\n  messageHash: string,\n  signature: string,\n  provider: unknown,\n): Promise<boolean> {\n  // Type guard for provider\n  interface EthProvider {\n    request(args: { method: string; params: unknown[] }): Promise<unknown>;\n  }\n\n  /**\n   * Type guard for Ethereum provider interface\n   *\n   * @param p - Value to check\n   * @returns True if value is an EthProvider\n   */\n  function isEthProvider(p: unknown): p is EthProvider {\n    return typeof p === \"object\" && p !== null && \"request\" in p;\n  }\n\n  if (!isEthProvider(provider)) {\n    return false;\n  }\n\n  try {\n    // EIP-1271 isValidSignature(bytes32 hash, bytes signature) returns bytes4\n    const hashHex = messageHash.startsWith(\"0x\") ? messageHash : \"0x\" + messageHash;\n    const sigHex = signature.startsWith(\"0x\") ? signature : \"0x\" + signature;\n\n    // Encode function call\n    // isValidSignature(bytes32,bytes) selector: 0x1626ba7e\n    const data =\n      \"0x1626ba7e\" +\n      hashHex.slice(2).padStart(64, \"0\") + // bytes32 hash\n      \"0000000000000000000000000000000000000000000000000000000000000040\" + // offset to bytes\n      (sigHex.length / 2 - 1).toString(16).padStart(64, \"0\") + // bytes length\n      sigHex.slice(2).padEnd(Math.ceil((sigHex.length - 2) / 64) * 64, \"0\"); // bytes data\n\n    const result = (await provider.request({\n      method: \"eth_call\",\n      params: [{ to: walletAddress, data }, \"latest\"],\n    })) as string;\n\n    // Check if result matches magic value\n    return result.toLowerCase().startsWith(EIP1271_MAGIC_VALUE);\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Verifies a signature using EIP-6492 (universal signature verification).\n *\n * This supports both deployed and undeployed smart wallets.\n *\n * @param walletAddress - Wallet address (may be counterfactual)\n * @param messageHash - Hash of the message that was signed\n * @param signature - The signature (may include deployment data)\n * @param provider - Ethereum provider\n * @returns True if signature is valid\n */\nexport async function verifyEIP6492Signature(\n  walletAddress: string,\n  messageHash: string,\n  signature: string,\n  provider: unknown,\n): Promise<boolean> {\n  // EIP-6492 signatures end with the magic suffix\n  const EIP6492_SUFFIX = \"6492649264926492649264926492649264926492649264926492649264926492\";\n  const sigHex = signature.startsWith(\"0x\") ? signature.slice(2) : signature;\n\n  if (sigHex.endsWith(EIP6492_SUFFIX)) {\n    // This is an EIP-6492 signature with deployment data\n    // For full implementation, we would need to:\n    // 1. Deploy the wallet contract to a local fork\n    // 2. Then call isValidSignature\n    // This requires more complex provider interaction\n    console.warn(\"EIP-6492 deployment signatures not yet fully implemented\");\n    return false;\n  }\n\n  // Fall back to standard EIP-1271 verification\n  return verifySmartWalletSignature(walletAddress, messageHash, signature, provider);\n}\n","/**\n * Sign-In-With-X (SIWx) Client-Side Implementation\n *\n * Provides functions for clients to create and sign SIWx messages.\n */\n\nimport {\n  SIWxPayload,\n  SIWxExtension,\n  SIWxExtensionInfo,\n  SIWxSigner,\n  SignatureScheme,\n} from \"./types.js\";\nimport { constructMessage } from \"./server.js\";\n\n/**\n * Encodes a SIWx payload for transmission in HTTP header.\n *\n * @param payload - The SIWx payload to encode\n * @returns Base64-encoded JSON string\n *\n * @example\n * ```typescript\n * const header = encodeSIWxHeader(payload);\n * fetch(url, {\n *   headers: { 'X-T402-SIWx': header }\n * });\n * ```\n */\nexport function encodeSIWxHeader(payload: SIWxPayload): string {\n  const json = JSON.stringify(payload);\n  // Use Buffer in Node.js or btoa in browser\n  if (typeof Buffer !== \"undefined\") {\n    return Buffer.from(json, \"utf-8\").toString(\"base64\");\n  }\n  return btoa(json);\n}\n\n/**\n * Creates a CAIP-122 formatted message string from server info.\n *\n * @param serverInfo - Extension info from server\n * @param address - Wallet address signing the message\n * @returns CAIP-122 formatted message string ready for signing\n *\n * @example\n * ```typescript\n * const message = createSIWxMessage(extension.info, wallet.address);\n * const signature = await wallet.signMessage(message);\n * ```\n */\nexport function createSIWxMessage(serverInfo: SIWxExtensionInfo, address: string): string {\n  // Create a temporary payload for message construction\n  const payload: SIWxPayload = {\n    domain: serverInfo.domain,\n    address,\n    statement: serverInfo.statement,\n    uri: serverInfo.uri,\n    version: serverInfo.version,\n    chainId: serverInfo.chainId,\n    nonce: serverInfo.nonce,\n    issuedAt: serverInfo.issuedAt,\n    expirationTime: serverInfo.expirationTime,\n    notBefore: serverInfo.notBefore,\n    requestId: serverInfo.requestId,\n    resources: serverInfo.resources,\n    signature: \"\", // Will be added after signing\n  };\n\n  return constructMessage(payload);\n}\n\n/**\n * Creates EIP-712 typed data for SIWx signing.\n *\n * @param serverInfo - Extension info from server\n * @param address - Wallet address signing the message\n * @returns EIP-712 typed data object\n */\nexport function createSIWxTypedData(\n  serverInfo: SIWxExtensionInfo,\n  address: string,\n): {\n  domain: {\n    name: string;\n    version: string;\n    chainId: number;\n  };\n  types: {\n    SIWx: Array<{ name: string; type: string }>;\n  };\n  primaryType: \"SIWx\";\n  message: Record<string, unknown>;\n} {\n  // Extract chain ID number from CAIP-2 format (e.g., \"eip155:8453\" -> 8453)\n  const chainIdParts = serverInfo.chainId.split(\":\");\n  const chainIdNum =\n    chainIdParts.length > 1 ? parseInt(chainIdParts[1], 10) : parseInt(chainIdParts[0], 10);\n\n  return {\n    domain: {\n      name: serverInfo.domain,\n      version: serverInfo.version,\n      chainId: chainIdNum,\n    },\n    types: {\n      SIWx: [\n        { name: \"domain\", type: \"string\" },\n        { name: \"address\", type: \"address\" },\n        { name: \"statement\", type: \"string\" },\n        { name: \"uri\", type: \"string\" },\n        { name: \"version\", type: \"string\" },\n        { name: \"chainId\", type: \"string\" },\n        { name: \"nonce\", type: \"string\" },\n        { name: \"issuedAt\", type: \"string\" },\n        { name: \"expirationTime\", type: \"string\" },\n        { name: \"resources\", type: \"string[]\" },\n      ],\n    },\n    primaryType: \"SIWx\",\n    message: {\n      domain: serverInfo.domain,\n      address,\n      statement: serverInfo.statement || \"\",\n      uri: serverInfo.uri,\n      version: serverInfo.version,\n      chainId: serverInfo.chainId,\n      nonce: serverInfo.nonce,\n      issuedAt: serverInfo.issuedAt,\n      expirationTime: serverInfo.expirationTime || \"\",\n      resources: serverInfo.resources || [],\n    },\n  };\n}\n\n/**\n * Signs a SIWx message using the provided signer.\n *\n * @param message - CAIP-122 formatted message to sign\n * @param signer - Wallet/signer interface with signMessage\n * @param options - Signing options\n * @param options.signatureScheme - Signature scheme to use\n * @param options.serverInfo - Server info for verification\n * @returns Hex-encoded signature\n *\n * @example\n * ```typescript\n * const signature = await signSIWxMessage(message, wallet, {\n *   signatureScheme: 'eip191'\n * });\n * ```\n */\nexport async function signSIWxMessage(\n  message: string,\n  signer: SIWxSigner,\n  options?: { signatureScheme?: SignatureScheme; serverInfo?: SIWxExtensionInfo },\n): Promise<string> {\n  const scheme = options?.signatureScheme || \"eip191\";\n\n  switch (scheme) {\n    case \"eip191\":\n      if (!signer.signMessage) {\n        throw new Error(\"Signer does not support personal_sign (EIP-191)\");\n      }\n      return signer.signMessage(message);\n\n    case \"eip712\":\n      if (!signer.signTypedData) {\n        throw new Error(\"Signer does not support signTypedData (EIP-712)\");\n      }\n      if (!options?.serverInfo) {\n        throw new Error(\"EIP-712 signing requires serverInfo in options\");\n      }\n      const typedData = createSIWxTypedData(options.serverInfo, signer.address);\n      return signer.signTypedData(typedData);\n\n    case \"eip1271\":\n    case \"eip6492\":\n      // Smart wallet signatures go through the same signMessage path\n      // but verification happens on-chain\n      if (!signer.signMessage) {\n        throw new Error(\"Signer does not support signing\");\n      }\n      return signer.signMessage(message);\n\n    case \"siws\":\n      // Sign-In With Solana uses Ed25519 signatures\n      if (!signer.signMessage) {\n        throw new Error(\"Signer does not support signing\");\n      }\n      // Solana wallets typically implement signMessage that handles the encoding\n      return signer.signMessage(message);\n\n    case \"sep10\":\n      // Stellar SEP-10 uses Ed25519 signatures (same as Solana)\n      if (!signer.signMessage) {\n        throw new Error(\"Signer does not support signing\");\n      }\n      // Stellar wallets implement signMessage for Ed25519 signing\n      // The wallet handles proper message encoding and returns hex signature\n      return signer.signMessage(message);\n\n    default:\n      throw new Error(`Unknown signature scheme: ${scheme}`);\n  }\n}\n\n/**\n * Creates a complete SIWx payload from server extension and signer.\n *\n * This is the main entry point for clients - it handles message construction,\n * signing, and payload assembly.\n *\n * @param serverExtension - Extension from server's 402 response\n * @param signer - Wallet/signer interface\n * @returns Complete signed SIWx payload ready for header encoding\n *\n * @example\n * ```typescript\n * // Get extension from server 402 response\n * const extension = paymentRequirements.extensions?.siwx;\n *\n * // Create signed payload\n * const payload = await createSIWxPayload(extension, wallet);\n *\n * // Encode and send with retry\n * const header = encodeSIWxHeader(payload);\n * fetch(url, {\n *   headers: { 'X-T402-SIWx': header }\n * });\n * ```\n */\nexport async function createSIWxPayload(\n  serverExtension: SIWxExtension,\n  signer: SIWxSigner,\n): Promise<SIWxPayload> {\n  const { info } = serverExtension;\n\n  // Create the message to sign\n  const message = createSIWxMessage(info, signer.address);\n\n  // Sign the message\n  const signature = await signSIWxMessage(message, signer, {\n    signatureScheme: info.signatureScheme,\n    serverInfo: info,\n  });\n\n  // Assemble the complete payload\n  return {\n    domain: info.domain,\n    address: signer.address,\n    statement: info.statement,\n    uri: info.uri,\n    version: info.version,\n    chainId: info.chainId,\n    nonce: info.nonce,\n    issuedAt: info.issuedAt,\n    expirationTime: info.expirationTime,\n    notBefore: info.notBefore,\n    requestId: info.requestId,\n    resources: info.resources,\n    signature,\n  };\n}\n\n/**\n * Extension key for SIWx in payment requirements.\n */\nexport const SIWX_EXTENSION_KEY = \"siwx\";\n\n/**\n * HTTP header name for SIWx payload.\n */\nexport const SIWX_HEADER_NAME = \"X-T402-SIWx\";\n"],"mappings":";AAOA,SAAS,mBAAmB;AAC5B,SAAS,kBAAkB;AAC3B,SAAS,UAAU,mBAAmB;AACtC,SAAS,iBAAiB;AAC1B,SAAS,eAAe;AACxB,SAAS,YAAY,kBAAkB;AAevC,IAAM,cAAc;AAAA,EAClB,MAAM;AAAA,EACN,UAAU,CAAC,UAAU,WAAW,OAAO,WAAW,WAAW,SAAS,YAAY,WAAW;AAAA,EAC7F,YAAY;AAAA,IACV,QAAQ,EAAE,MAAM,SAAS;AAAA,IACzB,SAAS,EAAE,MAAM,SAAS;AAAA,IAC1B,WAAW,EAAE,MAAM,SAAS;AAAA,IAC5B,KAAK,EAAE,MAAM,SAAS;AAAA,IACtB,SAAS,EAAE,MAAM,SAAS;AAAA,IAC1B,SAAS,EAAE,MAAM,SAAS;AAAA,IAC1B,OAAO,EAAE,MAAM,SAAS;AAAA,IACxB,UAAU,EAAE,MAAM,UAAU,QAAQ,YAAY;AAAA,IAChD,gBAAgB,EAAE,MAAM,UAAU,QAAQ,YAAY;AAAA,IACtD,WAAW,EAAE,MAAM,UAAU,QAAQ,YAAY;AAAA,IACjD,WAAW,EAAE,MAAM,SAAS;AAAA,IAC5B,WAAW,EAAE,MAAM,SAAS,OAAO,EAAE,MAAM,SAAS,EAAE;AAAA,IACtD,WAAW,EAAE,MAAM,SAAS;AAAA,EAC9B;AACF;AAKA,IAAM,sBAAsB;AAQ5B,SAAS,cAAc,aAA6B;AAClD,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,WAAW;AAC/B,WAAO,IAAI;AAAA,EACb,QAAQ;AAEN,WAAO,YAAY,QAAQ,gBAAgB,EAAE,EAAE,MAAM,GAAG,EAAE,CAAC;AAAA,EAC7D;AACF;AAOA,SAAS,gBAAwB;AAC/B,SAAO,YAAY,EAAE,EAAE,SAAS,KAAK;AACvC;AAiBO,SAAS,qBAAqB,SAA4C;AAC/E,QAAM,SAAS,cAAc,QAAQ,WAAW;AAChD,QAAM,MAAM,oBAAI,KAAK;AACrB,QAAM,iBACJ,QAAQ,kBAAkB,IAAI,KAAK,IAAI,QAAQ,IAAI,IAAI,KAAK,GAAI,EAAE,YAAY;AAEhF,QAAM,OAA0B;AAAA,IAC9B;AAAA,IACA,KAAK,QAAQ;AAAA,IACb,WAAW,QAAQ;AAAA,IACnB,SAAS,QAAQ,WAAW;AAAA,IAC5B,SAAS,QAAQ;AAAA,IACjB,OAAO,cAAc;AAAA,IACrB,UAAU,IAAI,YAAY;AAAA,IAC1B;AAAA,IACA,WAAW,CAAC,QAAQ,WAAW;AAAA,IAC/B,iBAAiB,QAAQ;AAAA,EAC3B;AAEA,SAAO;AAAA,IACL;AAAA,IACA,QAAQ;AAAA,EACV;AACF;AAgBO,SAAS,gBAAgB,QAA6B;AAC3D,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,qBAAqB;AAAA,EACvC;AAEA,MAAI;AACF,UAAM,UAAU,OAAO,KAAK,QAAQ,QAAQ,EAAE,SAAS,OAAO;AAC9D,UAAM,UAAU,KAAK,MAAM,OAAO;AAGlC,UAAM,WAAW;AAAA,MACf;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF;AACA,eAAW,SAAS,UAAU;AAC5B,UAAI,EAAE,SAAS,UAAU;AACvB,cAAM,IAAI,MAAM,2BAA2B,KAAK,EAAE;AAAA,MACpD;AAAA,IACF;AAEA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,QAAI,iBAAiB,aAAa;AAChC,YAAM,IAAI,MAAM,qCAAqC;AAAA,IACvD;AACA,UAAM;AAAA,EACR;AACF;AAkBO,SAAS,oBACd,SACA,qBACA,UAA+B,CAAC,GACV;AACtB,QAAM,EAAE,SAAS,IAAI,KAAK,KAAM,WAAW,IAAI;AAG/C,QAAM,iBAAiB,cAAc,mBAAmB;AACxD,MAAI,QAAQ,WAAW,gBAAgB;AACrC,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,6BAA6B,cAAc,SAAS,QAAQ,MAAM;AAAA,IAC3E;AAAA,EACF;AAGA,MAAI,QAAQ,QAAQ,qBAAqB;AACvC,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,0BAA0B,mBAAmB,SAAS,QAAQ,GAAG;AAAA,IAC1E;AAAA,EACF;AAGA,MAAI,QAAQ,YAAY,KAAK;AAC3B,WAAO,EAAE,OAAO,OAAO,OAAO,wBAAwB,QAAQ,OAAO,GAAG;AAAA,EAC1E;AAGA,QAAM,WAAW,IAAI,KAAK,QAAQ,QAAQ;AAC1C,QAAM,MAAM,oBAAI,KAAK;AACrB,MAAI,IAAI,QAAQ,IAAI,SAAS,QAAQ,IAAI,QAAQ;AAC/C,WAAO,EAAE,OAAO,OAAO,OAAO,yCAAyC;AAAA,EACzE;AAGA,MAAI,QAAQ,gBAAgB;AAC1B,UAAM,aAAa,IAAI,KAAK,QAAQ,cAAc;AAClD,QAAI,aAAa,KAAK;AACpB,aAAO,EAAE,OAAO,OAAO,OAAO,sBAAsB;AAAA,IACtD;AAAA,EACF;AAGA,MAAI,QAAQ,WAAW;AACrB,UAAM,YAAY,IAAI,KAAK,QAAQ,SAAS;AAC5C,QAAI,YAAY,KAAK;AACnB,aAAO,EAAE,OAAO,OAAO,OAAO,8CAA8C;AAAA,IAC9E;AAAA,EACF;AAGA,MAAI,cAAc,CAAC,WAAW,QAAQ,KAAK,GAAG;AAC5C,WAAO,EAAE,OAAO,OAAO,OAAO,yCAAyC;AAAA,EACzE;AAEA,SAAO,EAAE,OAAO,KAAK;AACvB;AAQA,SAAS,sBAAsB,SAA6C;AAC1E,QAAM,YAAY,QAAQ,MAAM,GAAG,EAAE,CAAC;AAEtC,UAAQ,WAAW;AAAA,IACjB,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AACH,aAAO;AAAA,IACT,KAAK;AAAA,IACL;AACE,aAAO;AAAA,EACX;AACF;AAUA,SAAS,uBAAuB,SAAiB,WAAmB,WAA4B;AAC9F,MAAI;AAEF,UAAM,SAAS,UAAU,WAAW,IAAI,IAAI,UAAU,MAAM,CAAC,IAAI;AACjE,UAAM,WAAW,WAAW,MAAM;AAElC,QAAI,SAAS,WAAW,IAAI;AAC1B,YAAM,IAAI;AAAA,QACR,4DAA4D,SAAS,MAAM;AAAA,MAC7E;AAAA,IACF;AAGA,QAAI;AACJ,UAAM,YAAY,UAAU,WAAW,IAAI,IAAI,UAAU,MAAM,CAAC,IAAI;AAGpE,QAAI,oBAAoB,KAAK,SAAS,GAAG;AACvC,oBAAc,WAAW,SAAS;AAAA,IACpC,OAAO;AAEL,oBAAc,aAAa,SAAS;AAAA,IACtC;AAEA,QAAI,YAAY,WAAW,IAAI;AAC7B,YAAM,IAAI;AAAA,QACR,6DAA6D,YAAY,MAAM;AAAA,MACjF;AAAA,IACF;AAGA,UAAM,eAAe,IAAI,YAAY,EAAE,OAAO,OAAO;AAGrD,WAAO,QAAQ,OAAO,UAAU,cAAc,WAAW;AAAA,EAC3D,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAQA,SAAS,aAAa,KAAyB;AAC7C,QAAM,WAAW;AACjB,QAAM,eAAe,oBAAI,IAAoB;AAC7C,WAAS,IAAI,GAAG,IAAI,SAAS,QAAQ,KAAK;AACxC,iBAAa,IAAI,SAAS,CAAC,GAAG,CAAC;AAAA,EACjC;AAEA,MAAI,IAAI,WAAW,EAAG,QAAO,IAAI,WAAW,CAAC;AAE7C,QAAM,QAAkB,CAAC,CAAC;AAC1B,aAAW,QAAQ,KAAK;AACtB,UAAM,QAAQ,aAAa,IAAI,IAAI;AACnC,QAAI,UAAU,QAAW;AACvB,YAAM,IAAI,MAAM,6BAA6B,IAAI,EAAE;AAAA,IACrD;AAEA,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;AACrC,eAAS,MAAM,CAAC,IAAI;AACpB,YAAM,CAAC,IAAI,QAAQ;AACnB,gBAAU;AAAA,IACZ;AAEA,WAAO,QAAQ,GAAG;AAChB,YAAM,KAAK,QAAQ,GAAI;AACvB,gBAAU;AAAA,IACZ;AAAA,EACF;AAGA,aAAW,QAAQ,KAAK;AACtB,QAAI,SAAS,IAAK;AAClB,UAAM,KAAK,CAAC;AAAA,EACd;AAEA,SAAO,IAAI,WAAW,MAAM,QAAQ,CAAC;AACvC;AAQA,SAAS,aAAa,OAA2B;AAC/C,QAAM,WAAW;AAEjB,MAAI,MAAM,WAAW,EAAG,QAAO;AAG/B,MAAI,eAAe;AACnB,aAAW,KAAK,OAAO;AACrB,QAAI,MAAM,EAAG;AACb;AAAA,EACF;AAGA,QAAM,SAAmB,CAAC,CAAC;AAC3B,aAAW,KAAK,OAAO;AACrB,QAAI,QAAQ;AACZ,aAAS,IAAI,GAAG,IAAI,OAAO,QAAQ,KAAK;AACtC,eAAS,OAAO,CAAC,IAAI;AACrB,aAAO,CAAC,IAAI,QAAQ;AACpB,cAAQ,KAAK,MAAM,QAAQ,EAAE;AAAA,IAC/B;AACA,WAAO,QAAQ,GAAG;AAChB,aAAO,KAAK,QAAQ,EAAE;AACtB,cAAQ,KAAK,MAAM,QAAQ,EAAE;AAAA,IAC/B;AAAA,EACF;AAEA,MAAI,SAAS,SAAS,CAAC,EAAE,OAAO,YAAY;AAC5C,WAAS,IAAI,OAAO,SAAS,GAAG,KAAK,GAAG,KAAK;AAC3C,cAAU,SAAS,OAAO,CAAC,CAAC;AAAA,EAC9B;AAEA,SAAO;AACT;AAWA,SAAS,iBAAiB,YAA4B;AACpD,QAAM,OAAO,WAAW,YAAY,EAAE,QAAQ,MAAM,EAAE;AAEtD,QAAM,eAAe,WAAW,OAAO,IAAI;AAG3C,QAAM,QAAQ,YAAY,YAAY;AACtC,QAAM,QAAQ,YAAY,KAAK;AAC/B,QAAM,WAAW,MAAM,MAAM,GAAG,CAAC;AAGjC,QAAM,cAAc,IAAI,WAAW,aAAa,SAAS,CAAC;AAC1D,cAAY,IAAI,cAAc,CAAC;AAC/B,cAAY,IAAI,UAAU,aAAa,MAAM;AAE7C,SAAO,aAAa,WAAW;AACjC;AAsBA,eAAsB,oBACpB,SACA,WACA,UAA6B,CAAC,GACG;AACjC,QAAM,EAAE,mBAAmB,MAAM,IAAI;AAErC,MAAI;AAEF,UAAM,cAAc,iBAAiB,OAAO;AAG5C,UAAM,SAAS,sBAAsB,QAAQ,OAAO;AAEpD,QAAI,WAAW,WAAW;AAGxB,YAAM,UAAU,uBAAuB,aAAa,WAAW,QAAQ,OAAO;AAE9E,UAAI,SAAS;AACX,eAAO,EAAE,OAAO,MAAM,SAAS,QAAQ,QAAQ;AAAA,MACjD;AAEA,aAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAEA,QAAI,WAAW,QAAQ;AAErB,YAAMA,eAAc,YAAY,WAAW;AAC3C,YAAM,sBAAsB,eAAeA,cAAa,SAAS;AAGjE,YAAM,uBAAuB,iBAAiB,mBAAmB;AAEjE,UAAI,yBAAyB,QAAQ,SAAS;AAC5C,eAAO,EAAE,OAAO,MAAM,SAAS,QAAQ,QAAQ;AAAA,MACjD;AAEA,aAAO;AAAA,QACL,OAAO;AAAA,QACP,SAAS;AAAA,QACT,OAAO,gCAAgC,QAAQ,OAAO,eAAe,oBAAoB;AAAA,MAC3F;AAAA,IACF;AAIA,UAAM,cAAc,YAAY,WAAW;AAG3C,UAAM,mBAAmB,eAAe,aAAa,SAAS;AAG9D,QAAI,iBAAiB,YAAY,MAAM,QAAQ,QAAQ,YAAY,GAAG;AAEpE,UAAI,oBAAoB,QAAQ,UAAU;AACxC,cAAM,qBAAqB,MAAM;AAAA,UAC/B,QAAQ;AAAA,UACR;AAAA,UACA;AAAA,UACA,QAAQ;AAAA,QACV;AAEA,YAAI,oBAAoB;AACtB,iBAAO,EAAE,OAAO,MAAM,SAAS,QAAQ,QAAQ;AAAA,QACjD;AAAA,MACF;AAEA,aAAO;AAAA,QACL,OAAO;AAAA,QACP,SAAS;AAAA,QACT,OAAO,gCAAgC,QAAQ,OAAO,eAAe,gBAAgB;AAAA,MACvF;AAAA,IACF;AAEA,WAAO,EAAE,OAAO,MAAM,SAAS,iBAAiB;AAAA,EAClD,SAAS,OAAO;AACd,WAAO;AAAA,MACL,OAAO;AAAA,MACP,OAAO,kCAAkC,iBAAiB,QAAQ,MAAM,UAAU,eAAe;AAAA,IACnG;AAAA,EACF;AACF;AAQO,SAAS,iBAAiB,SAA8B;AAC7D,QAAM,QAAkB,CAAC;AAGzB,QAAM,KAAK,GAAG,QAAQ,MAAM,mCAAmC,QAAQ,OAAO,WAAW;AACzF,QAAM,KAAK,QAAQ,OAAO;AAC1B,QAAM,KAAK,EAAE;AAGb,MAAI,QAAQ,WAAW;AACrB,UAAM,KAAK,QAAQ,SAAS;AAC5B,UAAM,KAAK,EAAE;AAAA,EACf;AAGA,QAAM,KAAK,QAAQ,QAAQ,GAAG,EAAE;AAChC,QAAM,KAAK,YAAY,QAAQ,OAAO,EAAE;AACxC,QAAM,KAAK,aAAa,QAAQ,OAAO,EAAE;AACzC,QAAM,KAAK,UAAU,QAAQ,KAAK,EAAE;AACpC,QAAM,KAAK,cAAc,QAAQ,QAAQ,EAAE;AAG3C,MAAI,QAAQ,gBAAgB;AAC1B,UAAM,KAAK,oBAAoB,QAAQ,cAAc,EAAE;AAAA,EACzD;AACA,MAAI,QAAQ,WAAW;AACrB,UAAM,KAAK,eAAe,QAAQ,SAAS,EAAE;AAAA,EAC/C;AACA,MAAI,QAAQ,WAAW;AACrB,UAAM,KAAK,eAAe,QAAQ,SAAS,EAAE;AAAA,EAC/C;AAGA,MAAI,QAAQ,aAAa,QAAQ,UAAU,SAAS,GAAG;AACrD,UAAM,KAAK,YAAY;AACvB,eAAW,YAAY,QAAQ,WAAW;AACxC,YAAM,KAAK,KAAK,QAAQ,EAAE;AAAA,IAC5B;AAAA,EACF;AAEA,SAAO,MAAM,KAAK,IAAI;AACxB;AAQO,SAAS,YAAY,SAAyB;AACnD,QAAM,eAAe,IAAI,YAAY,EAAE,OAAO,OAAO;AACrD,QAAM,SAAS;AAAA,EAAiC,aAAa,MAAM;AACnE,QAAM,cAAc,IAAI,YAAY,EAAE,OAAO,MAAM;AAGnD,QAAM,WAAW,IAAI,WAAW,YAAY,SAAS,aAAa,MAAM;AACxE,WAAS,IAAI,aAAa,CAAC;AAC3B,WAAS,IAAI,cAAc,YAAY,MAAM;AAG7C,QAAM,OAAO,WAAW,QAAQ;AAChC,SAAO,OAAO,WAAW,IAAI;AAC/B;AASA,SAAS,eAAe,aAAqB,WAA2B;AAEtE,QAAM,SAAS,UAAU,WAAW,IAAI,IAAI,UAAU,MAAM,CAAC,IAAI;AACjE,QAAM,UAAU,YAAY,WAAW,IAAI,IAAI,YAAY,MAAM,CAAC,IAAI;AAEtE,MAAI,OAAO,WAAW,KAAK;AACzB,UAAM,IAAI,MAAM,yDAAyD,OAAO,MAAM,EAAE;AAAA,EAC1F;AAGA,QAAM,IAAI,OAAO,OAAO,OAAO,MAAM,GAAG,EAAE,CAAC;AAC3C,QAAM,IAAI,OAAO,OAAO,OAAO,MAAM,IAAI,GAAG,CAAC;AAC7C,MAAI,IAAI,SAAS,OAAO,MAAM,KAAK,GAAG,GAAG,EAAE;AAG3C,MAAI,KAAK,IAAI;AACX,SAAK;AAAA,EACP;AAEA,MAAI,MAAM,KAAK,MAAM,GAAG;AACtB,UAAM,IAAI,MAAM,wBAAwB,CAAC,EAAE;AAAA,EAC7C;AAGA,QAAM,MAAM,IAAI,UAAU,UAAU,GAAG,CAAC,EAAE,eAAe,CAAC;AAG1D,QAAM,YAAY,WAAW,OAAO;AACpC,QAAM,YAAY,IAAI,iBAAiB,SAAS;AAGhD,QAAM,cAAc,UAAU,WAAW,KAAK,EAAE,MAAM,CAAC;AAGvD,QAAM,cAAc,WAAW,WAAW;AAG1C,QAAM,eAAe,YAAY,MAAM,GAAG;AAC1C,QAAM,UAAU,OAAO,WAAW,YAAY;AAG9C,SAAO,kBAAkB,OAAO;AAClC;AAQA,SAAS,kBAAkB,SAAyB;AAClD,QAAM,OAAO,QAAQ,YAAY,EAAE,QAAQ,MAAM,EAAE;AACnD,QAAM,OAAO,WAAW,WAAW,IAAI,YAAY,EAAE,OAAO,IAAI,CAAC,CAAC;AAElE,MAAI,cAAc;AAClB,WAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AAC3B,QAAI,SAAS,KAAK,CAAC,GAAG,EAAE,KAAK,GAAG;AAC9B,qBAAe,KAAK,CAAC,EAAE,YAAY;AAAA,IACrC,OAAO;AACL,qBAAe,KAAK,CAAC;AAAA,IACvB;AAAA,EACF;AAEA,SAAO;AACT;AAWA,eAAe,2BACb,eACA,aACA,WACA,UACkB;AAYlB,WAAS,cAAc,GAA8B;AACnD,WAAO,OAAO,MAAM,YAAY,MAAM,QAAQ,aAAa;AAAA,EAC7D;AAEA,MAAI,CAAC,cAAc,QAAQ,GAAG;AAC5B,WAAO;AAAA,EACT;AAEA,MAAI;AAEF,UAAM,UAAU,YAAY,WAAW,IAAI,IAAI,cAAc,OAAO;AACpE,UAAM,SAAS,UAAU,WAAW,IAAI,IAAI,YAAY,OAAO;AAI/D,UAAM,OACJ,eACA,QAAQ,MAAM,CAAC,EAAE,SAAS,IAAI,GAAG;AAAA,IACjC;AAAA,KACC,OAAO,SAAS,IAAI,GAAG,SAAS,EAAE,EAAE,SAAS,IAAI,GAAG;AAAA,IACrD,OAAO,MAAM,CAAC,EAAE,OAAO,KAAK,MAAM,OAAO,SAAS,KAAK,EAAE,IAAI,IAAI,GAAG;AAEtE,UAAM,SAAU,MAAM,SAAS,QAAQ;AAAA,MACrC,QAAQ;AAAA,MACR,QAAQ,CAAC,EAAE,IAAI,eAAe,KAAK,GAAG,QAAQ;AAAA,IAChD,CAAC;AAGD,WAAO,OAAO,YAAY,EAAE,WAAW,mBAAmB;AAAA,EAC5D,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAaA,eAAsB,uBACpB,eACA,aACA,WACA,UACkB;AAElB,QAAM,iBAAiB;AACvB,QAAM,SAAS,UAAU,WAAW,IAAI,IAAI,UAAU,MAAM,CAAC,IAAI;AAEjE,MAAI,OAAO,SAAS,cAAc,GAAG;AAMnC,YAAQ,KAAK,0DAA0D;AACvE,WAAO;AAAA,EACT;AAGA,SAAO,2BAA2B,eAAe,aAAa,WAAW,QAAQ;AACnF;;;ACluBO,SAAS,iBAAiB,SAA8B;AAC7D,QAAM,OAAO,KAAK,UAAU,OAAO;AAEnC,MAAI,OAAO,WAAW,aAAa;AACjC,WAAO,OAAO,KAAK,MAAM,OAAO,EAAE,SAAS,QAAQ;AAAA,EACrD;AACA,SAAO,KAAK,IAAI;AAClB;AAeO,SAAS,kBAAkB,YAA+B,SAAyB;AAExF,QAAM,UAAuB;AAAA,IAC3B,QAAQ,WAAW;AAAA,IACnB;AAAA,IACA,WAAW,WAAW;AAAA,IACtB,KAAK,WAAW;AAAA,IAChB,SAAS,WAAW;AAAA,IACpB,SAAS,WAAW;AAAA,IACpB,OAAO,WAAW;AAAA,IAClB,UAAU,WAAW;AAAA,IACrB,gBAAgB,WAAW;AAAA,IAC3B,WAAW,WAAW;AAAA,IACtB,WAAW,WAAW;AAAA,IACtB,WAAW,WAAW;AAAA,IACtB,WAAW;AAAA;AAAA,EACb;AAEA,SAAO,iBAAiB,OAAO;AACjC;AASO,SAAS,oBACd,YACA,SAYA;AAEA,QAAM,eAAe,WAAW,QAAQ,MAAM,GAAG;AACjD,QAAM,aACJ,aAAa,SAAS,IAAI,SAAS,aAAa,CAAC,GAAG,EAAE,IAAI,SAAS,aAAa,CAAC,GAAG,EAAE;AAExF,SAAO;AAAA,IACL,QAAQ;AAAA,MACN,MAAM,WAAW;AAAA,MACjB,SAAS,WAAW;AAAA,MACpB,SAAS;AAAA,IACX;AAAA,IACA,OAAO;AAAA,MACL,MAAM;AAAA,QACJ,EAAE,MAAM,UAAU,MAAM,SAAS;AAAA,QACjC,EAAE,MAAM,WAAW,MAAM,UAAU;AAAA,QACnC,EAAE,MAAM,aAAa,MAAM,SAAS;AAAA,QACpC,EAAE,MAAM,OAAO,MAAM,SAAS;AAAA,QAC9B,EAAE,MAAM,WAAW,MAAM,SAAS;AAAA,QAClC,EAAE,MAAM,WAAW,MAAM,SAAS;AAAA,QAClC,EAAE,MAAM,SAAS,MAAM,SAAS;AAAA,QAChC,EAAE,MAAM,YAAY,MAAM,SAAS;AAAA,QACnC,EAAE,MAAM,kBAAkB,MAAM,SAAS;AAAA,QACzC,EAAE,MAAM,aAAa,MAAM,WAAW;AAAA,MACxC;AAAA,IACF;AAAA,IACA,aAAa;AAAA,IACb,SAAS;AAAA,MACP,QAAQ,WAAW;AAAA,MACnB;AAAA,MACA,WAAW,WAAW,aAAa;AAAA,MACnC,KAAK,WAAW;AAAA,MAChB,SAAS,WAAW;AAAA,MACpB,SAAS,WAAW;AAAA,MACpB,OAAO,WAAW;AAAA,MAClB,UAAU,WAAW;AAAA,MACrB,gBAAgB,WAAW,kBAAkB;AAAA,MAC7C,WAAW,WAAW,aAAa,CAAC;AAAA,IACtC;AAAA,EACF;AACF;AAmBA,eAAsB,gBACpB,SACA,QACA,SACiB;AACjB,QAAM,SAAS,SAAS,mBAAmB;AAE3C,UAAQ,QAAQ;AAAA,IACd,KAAK;AACH,UAAI,CAAC,OAAO,aAAa;AACvB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AACA,aAAO,OAAO,YAAY,OAAO;AAAA,IAEnC,KAAK;AACH,UAAI,CAAC,OAAO,eAAe;AACzB,cAAM,IAAI,MAAM,iDAAiD;AAAA,MACnE;AACA,UAAI,CAAC,SAAS,YAAY;AACxB,cAAM,IAAI,MAAM,gDAAgD;AAAA,MAClE;AACA,YAAM,YAAY,oBAAoB,QAAQ,YAAY,OAAO,OAAO;AACxE,aAAO,OAAO,cAAc,SAAS;AAAA,IAEvC,KAAK;AAAA,IACL,KAAK;AAGH,UAAI,CAAC,OAAO,aAAa;AACvB,cAAM,IAAI,MAAM,iCAAiC;AAAA,MACnD;AACA,aAAO,OAAO,YAAY,OAAO;AAAA,IAEnC,KAAK;AAEH,UAAI,CAAC,OAAO,aAAa;AACvB,cAAM,IAAI,MAAM,iCAAiC;AAAA,MACnD;AAEA,aAAO,OAAO,YAAY,OAAO;AAAA,IAEnC,KAAK;AAEH,UAAI,CAAC,OAAO,aAAa;AACvB,cAAM,IAAI,MAAM,iCAAiC;AAAA,MACnD;AAGA,aAAO,OAAO,YAAY,OAAO;AAAA,IAEnC;AACE,YAAM,IAAI,MAAM,6BAA6B,MAAM,EAAE;AAAA,EACzD;AACF;AA2BA,eAAsB,kBACpB,iBACA,QACsB;AACtB,QAAM,EAAE,KAAK,IAAI;AAGjB,QAAM,UAAU,kBAAkB,MAAM,OAAO,OAAO;AAGtD,QAAM,YAAY,MAAM,gBAAgB,SAAS,QAAQ;AAAA,IACvD,iBAAiB,KAAK;AAAA,IACtB,YAAY;AAAA,EACd,CAAC;AAGD,SAAO;AAAA,IACL,QAAQ,KAAK;AAAA,IACb,SAAS,OAAO;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,KAAK,KAAK;AAAA,IACV,SAAS,KAAK;AAAA,IACd,SAAS,KAAK;AAAA,IACd,OAAO,KAAK;AAAA,IACZ,UAAU,KAAK;AAAA,IACf,gBAAgB,KAAK;AAAA,IACrB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB,WAAW,KAAK;AAAA,IAChB;AAAA,EACF;AACF;AAKO,IAAM,qBAAqB;AAK3B,IAAM,mBAAmB;","names":["messageHash"]}