@agentunion/fastaun-browser 0.2.19 → 0.3.0

package/dist/v2/crypto/ecdh.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecdh.js","sourceRoot":"","sources":["../../../src/v2/crypto/ecdh.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C,uCAAuC;AACvC,SAAS,aAAa,CAAC,KAAiB;IACtC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,mBAAmB;AACnB,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IACzE,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,uDAAuD;AACvD,SAAS,YAAY,CAAC,gBAA4B;IAChD,0EAA0E;IAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,KAAK,CAAe,CAAC;IACrE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzC,MAAM,IAAI,KAAK,CAAC,oDAAoD,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACpF,CAAC;IACD,OAAO,EAAE,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;AAC7D,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,gBAA4B,EAC5B,gBAA4B;IAE5B,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IAED,0CAA0C;IAC1C,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAEhD,MAAM,OAAO,GAAe;QAC1B,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,OAAO;QACZ,CAAC,EAAE,aAAa,CAAC,gBAAgB,CAAC;QAClC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;QACnB,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC;QACnB,GAAG,EAAE,IAAI;KACV,CAAC;IAEF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,OAAO,EACP,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1C,MAAM;IACN,gEAAgE;IAChE,gBAAgB,CAAC,KAAK,EAAE,CAAC,MAAM,EAC/B,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,KAAK,EACL,EAAE,CACH,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC/C,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,EAChC,OAAO,EACP,GAAG,CACJ,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC;IACvC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,MAAM,qBAAqB,CAAC,CAAC;IAC3E,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,WAAW,CAC7C,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,IAAI,EACJ,CAAC,YAAY,CAAC,CACf,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IACrE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAClE,CAAC;IACD,MAAM,IAAI,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IAElC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAC3E,OAAO,CAAC,IAAI,EAAE,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,gBAA4B;IACnE,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,8CAA8C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IAC3F,CAAC;IACD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IAEhD,oBAAoB;IACpB,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1C,KAAK,EACL,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,EAChF,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,EACrC,IAAI,EACJ,EAAE,CACH,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC"}

package/dist/v2/crypto/ecdsa.d.ts

@@ -0,0 +1,16 @@
+/**
+ * ECDSA-SHA256 RAW 签名（RFC 6979 deterministic, r||s 64 字节）。
+ *
+ * @param privateKeyScalar 32 字节 P-256 私钥标量
+ * @param message          原始消息（noble 内部 SHA-256）
+ */
+export declare function ecdsaSignRaw(privateKeyScalar: Uint8Array, message: Uint8Array): Promise<Uint8Array>;
+/**
+ * ECDSA-SHA256 RAW 验签。
+ *
+ * @param publicKeyDer SPKI DER 公钥
+ * @param signatureRaw 64 字节 r||s
+ * @param message      原始消息（内部做 SHA-256）
+ */
+export declare function ecdsaVerifyRaw(publicKeyDer: Uint8Array, signatureRaw: Uint8Array, message: Uint8Array): Promise<boolean>;
+//# sourceMappingURL=ecdsa.d.ts.map

package/dist/v2/crypto/ecdsa.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecdsa.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/ecdsa.ts"],"names":[],"mappings":"AAeA;;;;;GAKG;AACH,wBAAsB,YAAY,CAChC,gBAAgB,EAAE,UAAU,EAC5B,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,UAAU,CAAC,CAWrB;AAED;;;;;;GAMG;AACH,wBAAsB,cAAc,CAClC,YAAY,EAAE,UAAU,EACxB,YAAY,EAAE,UAAU,EACxB,OAAO,EAAE,UAAU,GAClB,OAAO,CAAC,OAAO,CAAC,CAoBlB"}

package/dist/v2/crypto/ecdsa.js

@@ -0,0 +1,52 @@
+/**
+ * AUN E2EE V2: ECDSA P-256 + SHA-256 RAW（r||s, 64B）
+ *
+ * 规范引用: §3.4 / §5.1 / §10
+ *
+ * 浏览器实现：
+ * - 签名：使用 @noble/curves p256（RFC 6979 deterministic），保持与 Python /
+ *   Go SDK 字节一致。WebCrypto 的 ECDSA 签名是不确定性的（每次随机 k），
+ *   无法用于 golden 比对，因此签名走 noble。
+ * - 验签：用 WebCrypto subtle.verify，公钥从 SPKI DER 导入。
+ * - 哈希：noble p256.sign 默认 prehash=true（自带 SHA-256），与 Python /
+ *   Go ECDSA-SHA256 行为一致；显式传 prehash 让意图更明确。
+ */
+import { p256 } from '@noble/curves/nist.js';
+/**
+ * ECDSA-SHA256 RAW 签名（RFC 6979 deterministic, r||s 64 字节）。
+ *
+ * @param privateKeyScalar 32 字节 P-256 私钥标量
+ * @param message          原始消息（noble 内部 SHA-256）
+ */
+export async function ecdsaSignRaw(privateKeyScalar, message) {
+    if (privateKeyScalar.length !== 32) {
+        throw new Error(`ECDSA private key must be 32 bytes, got ${privateKeyScalar.length}`);
+    }
+    // noble v2: sign 直接返回 Uint8Array（默认 format='compact' 即 r||s 64B）
+    // lowS=false 与 Python cryptography / Go ecdsa 行为一致
+    const sig = p256.sign(message, privateKeyScalar, { lowS: false, prehash: true });
+    if (!(sig instanceof Uint8Array) || sig.length !== 64) {
+        throw new Error(`unexpected ECDSA signature shape: ${sig?.constructor?.name} len=${sig?.length}`);
+    }
+    return sig;
+}
+/**
+ * ECDSA-SHA256 RAW 验签。
+ *
+ * @param publicKeyDer SPKI DER 公钥
+ * @param signatureRaw 64 字节 r||s
+ * @param message      原始消息（内部做 SHA-256）
+ */
+export async function ecdsaVerifyRaw(publicKeyDer, signatureRaw, message) {
+    if (signatureRaw.length !== 64)
+        return false;
+    try {
+        const pubKey = await crypto.subtle.importKey('spki', publicKeyDer.slice().buffer, { name: 'ECDSA', namedCurve: 'P-256' }, false, ['verify']);
+        const ok = await crypto.subtle.verify({ name: 'ECDSA', hash: { name: 'SHA-256' } }, pubKey, signatureRaw.slice().buffer, message.slice().buffer);
+        return Boolean(ok);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=ecdsa.js.map

package/dist/v2/crypto/ecdsa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecdsa.js","sourceRoot":"","sources":["../../../src/v2/crypto/ecdsa.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAE7C;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,gBAA4B,EAC5B,OAAmB;IAEnB,IAAI,gBAAgB,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,2CAA2C,gBAAgB,CAAC,MAAM,EAAE,CAAC,CAAC;IACxF,CAAC;IACD,iEAAiE;IACjE,mDAAmD;IACnD,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,gBAAgB,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACjF,IAAI,CAAC,CAAC,GAAG,YAAY,UAAU,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,EAAE,WAAW,EAAE,IAAI,QAAS,GAA2B,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7H,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,YAAwB,EACxB,YAAwB,EACxB,OAAmB;IAEnB,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC1C,MAAM,EACN,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAC3B,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EACtC,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;QACF,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACnC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAC5C,MAAM,EACN,YAAY,CAAC,KAAK,EAAE,CAAC,MAAM,EAC3B,OAAO,CAAC,KAAK,EAAE,CAAC,MAAM,CACvB,CAAC;QACF,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/v2/crypto/hkdf.d.ts

@@ -0,0 +1,21 @@
+/**
+ * AUN E2EE V2: HKDF-SHA256
+ *
+ * 规范引用: §3.2 / §5.2 / §10
+ *
+ * 浏览器实现：使用 WebCrypto subtle.deriveBits 完成 HKDF。
+ * - salt 长度为 0 时按 RFC 5869 规则替换为 32 字节零（与 Python sdk 行为一致）。
+ * - info 必须是 BufferSource（Uint8Array 即可）。
+ * - 输出长度由 `length` 控制（字节数）。
+ */
+/**
+ * 计算 HKDF-SHA256(ikm, salt, info, length)。
+ *
+ * @param ikm    输入密钥材料
+ * @param salt   盐（可空）
+ * @param info   上下文/信息字段
+ * @param length 输出字节数
+ * @returns      派生密钥
+ */
+export declare function hkdfSha256(ikm: Uint8Array, salt: Uint8Array, info: Uint8Array, length: number): Promise<Uint8Array>;
+//# sourceMappingURL=hkdf.d.ts.map

package/dist/v2/crypto/hkdf.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/hkdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;GAQG;AACH,wBAAsB,UAAU,CAC9B,GAAG,EAAE,UAAU,EACf,IAAI,EAAE,UAAU,EAChB,IAAI,EAAE,UAAU,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,CAAC,CAqBrB"}

package/dist/v2/crypto/hkdf.js

@@ -0,0 +1,32 @@
+/**
+ * AUN E2EE V2: HKDF-SHA256
+ *
+ * 规范引用: §3.2 / §5.2 / §10
+ *
+ * 浏览器实现：使用 WebCrypto subtle.deriveBits 完成 HKDF。
+ * - salt 长度为 0 时按 RFC 5869 规则替换为 32 字节零（与 Python sdk 行为一致）。
+ * - info 必须是 BufferSource（Uint8Array 即可）。
+ * - 输出长度由 `length` 控制（字节数）。
+ */
+/**
+ * 计算 HKDF-SHA256(ikm, salt, info, length)。
+ *
+ * @param ikm    输入密钥材料
+ * @param salt   盐（可空）
+ * @param info   上下文/信息字段
+ * @param length 输出字节数
+ * @returns      派生密钥
+ */
+export async function hkdfSha256(ikm, salt, info, length) {
+    const realSalt = salt.length === 0 ? new Uint8Array(32) : salt;
+    // ikm 必须是独立 ArrayBuffer，避免视图歧义
+    const baseKey = await crypto.subtle.importKey('raw', ikm.slice().buffer, 'HKDF', false, ['deriveBits']);
+    const bits = await crypto.subtle.deriveBits({
+        name: 'HKDF',
+        hash: 'SHA-256',
+        salt: realSalt.slice().buffer,
+        info: info.slice().buffer,
+    }, baseKey, length * 8);
+    return new Uint8Array(bits);
+}
+//# sourceMappingURL=hkdf.js.map

package/dist/v2/crypto/hkdf.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hkdf.js","sourceRoot":"","sources":["../../../src/v2/crypto/hkdf.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAe,EACf,IAAgB,EAChB,IAAgB,EAChB,MAAc;IAEd,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC/D,+BAA+B;IAC/B,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC3C,KAAK,EACL,GAAG,CAAC,KAAK,EAAE,CAAC,MAAM,EAClB,MAAM,EACN,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IACF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CACzC;QACE,IAAI,EAAE,MAAM;QACZ,IAAI,EAAE,SAAS;QACf,IAAI,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,MAAM;QAC7B,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM;KACZ,EACf,OAAO,EACP,MAAM,GAAG,CAAC,CACX,CAAC;IACF,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;AAC9B,CAAC"}

package/dist/v2/crypto/index.d.ts

@@ -0,0 +1,9 @@
+export { canonicalJson } from './canonical';
+export { ecdhComputeShared, generateP256Keypair, privateToPublicDer, } from './ecdh';
+export { hkdfSha256 } from './hkdf';
+export { aesGcmEncrypt, aesGcmDecrypt } from './aead';
+export { ecdsaSignRaw, ecdsaVerifyRaw } from './ecdsa';
+export { compute1DHWrap, compute3DHWrap, INFO_1DH, INFO_3DH, WRAP_KEY_LENGTH, } from './dh-path';
+export { sortRecipients, computeLeafHash, computeMerkleRoot, computeMerkleProof, verifyMerkleProof, computeRecipientsDigest, } from './recipients';
+export type { ProofStep } from './recipients';
+//# sourceMappingURL=index.d.ts.map

package/dist/v2/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,EACL,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,cAAc,CAAC;AACtB,YAAY,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC"}

package/dist/v2/crypto/index.js

@@ -0,0 +1,8 @@
+export { canonicalJson } from './canonical';
+export { ecdhComputeShared, generateP256Keypair, privateToPublicDer, } from './ecdh';
+export { hkdfSha256 } from './hkdf';
+export { aesGcmEncrypt, aesGcmDecrypt } from './aead';
+export { ecdsaSignRaw, ecdsaVerifyRaw } from './ecdsa';
+export { compute1DHWrap, compute3DHWrap, INFO_1DH, INFO_3DH, WRAP_KEY_LENGTH, } from './dh-path';
+export { sortRecipients, computeLeafHash, computeMerkleRoot, computeMerkleProof, verifyMerkleProof, computeRecipientsDigest, } from './recipients';
+//# sourceMappingURL=index.js.map

package/dist/v2/crypto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/v2/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,GACnB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AACvD,OAAO,EACL,cAAc,EACd,cAAc,EACd,QAAQ,EACR,QAAQ,EACR,eAAe,GAChB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,cAAc,EACd,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,uBAAuB,GACxB,MAAM,cAAc,CAAC"}

package/dist/v2/crypto/recipients.d.ts

@@ -0,0 +1,43 @@
+/**
+ * AUN E2EE V2: Recipients 排序与 Digest（Merkle root）
+ *
+ * 规范引用: §10.3 / §5.3
+ * - 二维数组（无 columns 表头）；行按 (aid asc, device_id asc, role asc) 排序
+ * - 每行固定 8 字段: [aid, device_id, role, key_source, fp, spk_id, wrap_nonce, wrapped_key]
+ * - leaf = SHA256(LEAF_PREFIX || canonical row binary fields)
+ * - inner = SHA256(NODE_PREFIX || left || right)
+ * - 奇数节点复制最后一个
+ *
+ * 浏览器实现：使用 WebCrypto subtle.digest('SHA-256')，全链路 async。
+ * - wrap_nonce / wrapped_key 字段：优先 base64 解码（仅当长度为 4 的倍数且字符合法），
+ *   失败时回退 UTF-8 字节，与 Python `_decode_or_raw` 对齐。
+ */
+/**
+ * 按 (aid asc, device_id asc, role asc) 排序 recipients 行（不修改入参）。
+ */
+export declare function sortRecipients(rows: string[][]): string[][];
+/**
+ * 计算单个 recipient 行的 leaf hash（32 字节）。
+ */
+export declare function computeLeafHash(row: string[]): Promise<Uint8Array>;
+/**
+ * Merkle root（hex），rows 必须已排序。
+ */
+export declare function computeMerkleRoot(rows: string[][]): Promise<string>;
+export interface ProofStep {
+    sibling: string;
+    position: 'L' | 'R';
+}
+/**
+ * 为 targetIndex 行生成 Merkle proof。
+ */
+export declare function computeMerkleProof(rows: string[][], targetIndex: number): Promise<ProofStep[]>;
+/**
+ * 验证 leaf + proof 重建出的 root 与期望值一致。
+ */
+export declare function verifyMerkleProof(leaf: Uint8Array, proof: ProofStep[], expectedRootHex: string): Promise<boolean>;
+/**
+ * 计算 recipients_digest（Merkle root）。调用方 MUST 先调 sortRecipients。
+ */
+export declare function computeRecipientsDigest(rows: string[][]): Promise<string>;
+//# sourceMappingURL=recipients.d.ts.map

package/dist/v2/crypto/recipients.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"recipients.d.ts","sourceRoot":"","sources":["../../../src/v2/crypto/recipients.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AA8DH;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,MAAM,EAAE,EAAE,CAO3D;AAED;;GAEG;AACH,wBAAsB,eAAe,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CA8BxE;AAMD;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAczE;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,GAAG,GAAG,GAAG,CAAC;CACrB;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,MAAM,EAAE,EAAE,EAChB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,SAAS,EAAE,CAAC,CAsBtB;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,UAAU,EAChB,KAAK,EAAE,SAAS,EAAE,EAClB,eAAe,EAAE,MAAM,GACtB,OAAO,CAAC,OAAO,CAAC,CAelB;AAED;;GAEG;AACH,wBAAsB,uBAAuB,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,CAE/E"}

package/dist/v2/crypto/recipients.js

@@ -0,0 +1,188 @@
+/**
+ * AUN E2EE V2: Recipients 排序与 Digest（Merkle root）
+ *
+ * 规范引用: §10.3 / §5.3
+ * - 二维数组（无 columns 表头）；行按 (aid asc, device_id asc, role asc) 排序
+ * - 每行固定 8 字段: [aid, device_id, role, key_source, fp, spk_id, wrap_nonce, wrapped_key]
+ * - leaf = SHA256(LEAF_PREFIX || canonical row binary fields)
+ * - inner = SHA256(NODE_PREFIX || left || right)
+ * - 奇数节点复制最后一个
+ *
+ * 浏览器实现：使用 WebCrypto subtle.digest('SHA-256')，全链路 async。
+ * - wrap_nonce / wrapped_key 字段：优先 base64 解码（仅当长度为 4 的倍数且字符合法），
+ *   失败时回退 UTF-8 字节，与 Python `_decode_or_raw` 对齐。
+ */
+const LEAF_PREFIX = new TextEncoder().encode('AUN-V2-RCPT-LEAF-v1');
+const NODE_PREFIX = new TextEncoder().encode('AUN-V2-RCPT-NODE-v1');
+async function sha256(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    return new Uint8Array(buf);
+}
+function bytesToHex(b) {
+    let s = '';
+    for (let i = 0; i < b.length; i++)
+        s += b[i].toString(16).padStart(2, '0');
+    return s;
+}
+function hexToBytes(s) {
+    if (s.length % 2 !== 0)
+        throw new Error('hex length must be even');
+    const out = new Uint8Array(s.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const hi = parseInt(s.charAt(i * 2), 16);
+        const lo = parseInt(s.charAt(i * 2 + 1), 16);
+        if (Number.isNaN(hi) || Number.isNaN(lo))
+            throw new Error('invalid hex char');
+        out[i] = (hi << 4) | lo;
+    }
+    return out;
+}
+function concat(...arrs) {
+    let total = 0;
+    for (const a of arrs)
+        total += a.length;
+    const out = new Uint8Array(total);
+    let pos = 0;
+    for (const a of arrs) {
+        out.set(a, pos);
+        pos += a.length;
+    }
+    return out;
+}
+/**
+ * 与 Python `_decode_or_raw` 行为一致：
+ *  - 空串 → 空 bytes
+ *  - 长度为 4 的倍数且仅含 base64 字符 → atob 解码
+ *  - 其他情况 → UTF-8 编码
+ */
+function decodeOrRaw(value) {
+    if (!value)
+        return new Uint8Array(0);
+    // 标准 base64：A-Z a-z 0-9 + / =，长度必须是 4 的倍数
+    if (value.length > 0 && value.length % 4 === 0 && /^[A-Za-z0-9+/]+={0,2}$/.test(value)) {
+        try {
+            const bin = atob(value);
+            const out = new Uint8Array(bin.length);
+            for (let i = 0; i < bin.length; i++)
+                out[i] = bin.charCodeAt(i);
+            return out;
+        }
+        catch {
+            // fall through
+        }
+    }
+    return new TextEncoder().encode(value);
+}
+/**
+ * 按 (aid asc, device_id asc, role asc) 排序 recipients 行（不修改入参）。
+ */
+export function sortRecipients(rows) {
+    return [...rows].sort((a, b) => {
+        if (a[0] !== b[0])
+            return a[0] < b[0] ? -1 : 1;
+        if (a[1] !== b[1])
+            return a[1] < b[1] ? -1 : 1;
+        if (a[2] !== b[2])
+            return a[2] < b[2] ? -1 : 1;
+        return 0;
+    });
+}
+/**
+ * 计算单个 recipient 行的 leaf hash（32 字节）。
+ */
+export async function computeLeafHash(row) {
+    const enc = (s) => new TextEncoder().encode(s ?? '');
+    const aid = enc(String(row[0] ?? ''));
+    const deviceId = enc(String(row[1] ?? ''));
+    const role = enc(String(row[2] ?? ''));
+    const keySource = enc(String(row[3] ?? ''));
+    const fp = enc(String(row[4] ?? ''));
+    const spkId = enc(String(row.length > 5 ? row[5] : ''));
+    const wrapNonce = decodeOrRaw(row.length > 6 ? String(row[6] ?? '') : '');
+    const wrappedKey = decodeOrRaw(row.length > 7 ? String(row[7] ?? '') : '');
+    const ZERO = Uint8Array.of(0);
+    const data = concat(LEAF_PREFIX, aid, ZERO, deviceId, ZERO, role, ZERO, keySource, ZERO, fp, ZERO, spkId, ZERO, wrapNonce, wrappedKey);
+    return sha256(data);
+}
+async function nodeHash(left, right) {
+    return sha256(concat(NODE_PREFIX, left, right));
+}
+/**
+ * Merkle root（hex），rows 必须已排序。
+ */
+export async function computeMerkleRoot(rows) {
+    if (rows.length === 0)
+        return '';
+    let layer = [];
+    for (const r of rows)
+        layer.push(await computeLeafHash(r));
+    while (layer.length > 1) {
+        if (layer.length % 2 === 1)
+            layer.push(layer[layer.length - 1]);
+        const next = [];
+        for (let i = 0; i < layer.length; i += 2) {
+            next.push(await nodeHash(layer[i], layer[i + 1]));
+        }
+        layer = next;
+    }
+    return bytesToHex(layer[0]);
+}
+/**
+ * 为 targetIndex 行生成 Merkle proof。
+ */
+export async function computeMerkleProof(rows, targetIndex) {
+    if (rows.length === 0 || targetIndex < 0 || targetIndex >= rows.length)
+        return [];
+    let layer = [];
+    for (const r of rows)
+        layer.push(await computeLeafHash(r));
+    let idx = targetIndex;
+    const proof = [];
+    while (layer.length > 1) {
+        if (layer.length % 2 === 1)
+            layer.push(layer[layer.length - 1]);
+        const siblingIdx = idx ^ 1;
+        proof.push({
+            sibling: bytesToHex(layer[siblingIdx]),
+            position: siblingIdx > idx ? 'R' : 'L',
+        });
+        const next = [];
+        for (let i = 0; i < layer.length; i += 2) {
+            next.push(await nodeHash(layer[i], layer[i + 1]));
+        }
+        layer = next;
+        idx = Math.floor(idx / 2);
+    }
+    return proof;
+}
+/**
+ * 验证 leaf + proof 重建出的 root 与期望值一致。
+ */
+export async function verifyMerkleProof(leaf, proof, expectedRootHex) {
+    if (!expectedRootHex)
+        return false;
+    let cur = leaf;
+    for (const step of proof) {
+        let sibling;
+        try {
+            sibling = hexToBytes(step.sibling);
+        }
+        catch {
+            return false;
+        }
+        if (step.position === 'L')
+            cur = await nodeHash(sibling, cur);
+        else if (step.position === 'R')
+            cur = await nodeHash(cur, sibling);
+        else
+            return false;
+    }
+    return bytesToHex(cur) === expectedRootHex;
+}
+/**
+ * 计算 recipients_digest（Merkle root）。调用方 MUST 先调 sortRecipients。
+ */
+export async function computeRecipientsDigest(rows) {
+    return computeMerkleRoot(rows);
+}
+//# sourceMappingURL=recipients.js.map

package/dist/v2/crypto/recipients.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"recipients.js","sourceRoot":"","sources":["../../../src/v2/crypto/recipients.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AACpE,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAEpE,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,UAAU,CAAC,CAAa;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC3E,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,MAAM,CAAC,GAAG,IAAkB;IACnC,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;IACxC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACrB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAChB,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAClB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,SAAS,WAAW,CAAC,KAAa;IAChC,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACrC,0CAA0C;IAC1C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QACvF,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;YACxB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAChE,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;QACjB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC7C,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC7B,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,OAAO,CAAC,CAAC;IACX,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,GAAa;IACjD,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACvC,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5C,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACrC,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1E,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAE3E,MAAM,IAAI,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC9B,MAAM,IAAI,GAAG,MAAM,CACjB,WAAW,EACX,GAAG,EACH,IAAI,EACJ,QAAQ,EACR,IAAI,EACJ,IAAI,EACJ,IAAI,EACJ,SAAS,EACT,IAAI,EACJ,EAAE,EACF,IAAI,EACJ,KAAK,EACL,IAAI,EACJ,SAAS,EACT,UAAU,CACX,CAAC;IACF,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AAED,KAAK,UAAU,QAAQ,CAAC,IAAgB,EAAE,KAAiB;IACzD,OAAO,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,IAAgB;IACtD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACjC,IAAI,KAAK,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;IACf,CAAC;IACD,OAAO,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9B,CAAC;AAOD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAAgB,EAChB,WAAmB;IAEnB,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,IAAI,WAAW,GAAG,CAAC,IAAI,WAAW,IAAI,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAClF,IAAI,KAAK,GAAiB,EAAE,CAAC;IAC7B,KAAK,MAAM,CAAC,IAAI,IAAI;QAAE,KAAK,CAAC,IAAI,CAAC,MAAM,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,IAAI,GAAG,GAAG,WAAW,CAAC;IACtB,MAAM,KAAK,GAAgB,EAAE,CAAC;IAC9B,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACxB,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,GAAG,GAAG,CAAC,CAAC;QAC3B,KAAK,CAAC,IAAI,CAAC;YACT,OAAO,EAAE,UAAU,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;YACtC,QAAQ,EAAE,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG;SACvC,CAAC,CAAC;QACH,MAAM,IAAI,GAAiB,EAAE,CAAC;QAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,IAAI,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpD,CAAC;QACD,KAAK,GAAG,IAAI,CAAC;QACb,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,IAAgB,EAChB,KAAkB,EAClB,eAAuB;IAEvB,IAAI,CAAC,eAAe;QAAE,OAAO,KAAK,CAAC;IACnC,IAAI,GAAG,GAAG,IAAI,CAAC;IACf,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,OAAmB,CAAC;QACxB,IAAI,CAAC;YACH,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG;YAAE,GAAG,GAAG,MAAM,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;aACzD,IAAI,IAAI,CAAC,QAAQ,KAAK,GAAG;YAAE,GAAG,GAAG,MAAM,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;;YAC9D,OAAO,KAAK,CAAC;IACpB,CAAC;IACD,OAAO,UAAU,CAAC,GAAG,CAAC,KAAK,eAAe,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAAC,IAAgB;IAC5D,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;AACjC,CAAC"}

package/dist/v2/e2ee/decrypt.d.ts

@@ -0,0 +1,13 @@
+/**
+ * 解密 V2 加密消息（P2P 或 Group）。
+ *
+ * @param envelope         完整 envelope dict
+ * @param selfAid          接收方 AID
+ * @param selfDeviceId     接收方 device_id
+ * @param selfIkPriv       接收方 IK 私钥（32B scalar）
+ * @param selfSpkPriv      接收方 SPK 私钥（32B scalar）；undefined 表示无 SPK（1DH）
+ * @param senderPubDer     发送方 AID 主公钥（DER），用于验签
+ * @returns                解密后的 payload；null 表示找不到自己的 recipient 行
+ */
+export declare function decryptMessage(envelope: Record<string, unknown>, selfAid: string, selfDeviceId: string, selfIkPriv: Uint8Array, selfSpkPriv: Uint8Array | undefined, senderPubDer: Uint8Array): Promise<Record<string, unknown> | null>;
+//# sourceMappingURL=decrypt.d.ts.map

package/dist/v2/e2ee/decrypt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../../../src/v2/e2ee/decrypt.ts"],"names":[],"mappings":"AA2EA;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,UAAU,EACtB,WAAW,EAAE,UAAU,GAAG,SAAS,EACnC,YAAY,EAAE,UAAU,GACvB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC,CA4FzC"}

package/dist/v2/e2ee/decrypt.js

@@ -0,0 +1,176 @@
+/**
+ * AUN E2EE V2: 统一解密引擎（浏览器版，async）
+ *
+ * 支持 P2P 和 Group 消息解密（按 envelope.type 分流）。纯计算，无 IO。
+ *
+ * 规范引用: §4.6 / §5.5
+ *
+ * 参考实现: python/src/aun_core/v2/e2ee/decrypt.py
+ */
+import { canonicalJson } from '../crypto/canonical';
+import { ecdsaVerifyRaw } from '../crypto/ecdsa';
+import { ecdhComputeShared } from '../crypto/ecdh';
+import { hkdfSha256 } from '../crypto/hkdf';
+import { aesGcmDecrypt } from '../crypto/aead';
+import { computeLeafHash, computeMerkleRoot, verifyMerkleProof, } from '../crypto/recipients';
+import { SUITE_NAME } from './types';
+const encoder = new TextEncoder();
+const INFO_3DH = encoder.encode('AUN-V2-3DH');
+const INFO_1DH = encoder.encode('AUN-V2-1DH');
+async function sha256(data) {
+    const buf = await crypto.subtle.digest('SHA-256', data.slice().buffer);
+    return new Uint8Array(buf);
+}
+function base64ToBytes(s) {
+    const bin = atob(s);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+function hexToBytes(s) {
+    if (s.length % 2 !== 0)
+        throw new Error('hex length must be even');
+    const out = new Uint8Array(s.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        const hi = parseInt(s.charAt(i * 2), 16);
+        const lo = parseInt(s.charAt(i * 2 + 1), 16);
+        if (Number.isNaN(hi) || Number.isNaN(lo))
+            throw new Error('invalid hex char');
+        out[i] = (hi << 4) | lo;
+    }
+    return out;
+}
+/**
+ * 解密 V2 加密消息（P2P 或 Group）。
+ *
+ * @param envelope         完整 envelope dict
+ * @param selfAid          接收方 AID
+ * @param selfDeviceId     接收方 device_id
+ * @param selfIkPriv       接收方 IK 私钥（32B scalar）
+ * @param selfSpkPriv      接收方 SPK 私钥（32B scalar）；undefined 表示无 SPK（1DH）
+ * @param senderPubDer     发送方 AID 主公钥（DER），用于验签
+ * @returns                解密后的 payload；null 表示找不到自己的 recipient 行
+ */
+export async function decryptMessage(envelope, selfAid, selfDeviceId, selfIkPriv, selfSpkPriv, senderPubDer) {
+    const env = envelope;
+    // 1. 验 sender_signature
+    if (!(await verifySenderSignature(env, senderPubDer))) {
+        throw new Error('sender_signature verification failed');
+    }
+    // 2. 找自己的 row（完整 recipients 数组 / 单个 recipient + merkle_proof）
+    let row = null;
+    if (Array.isArray(env.recipients)) {
+        const rows = env.recipients;
+        const expected = await computeMerkleRoot(rows);
+        if (expected !== env.recipients_digest) {
+            throw new Error('recipients_digest mismatch');
+        }
+        row = findMyRow(rows, selfAid, selfDeviceId);
+        if (!row)
+            return null;
+    }
+    else if (env.recipient && typeof env.recipient === 'object') {
+        const r = env.recipient;
+        row = [
+            r.aid ?? '',
+            r.device_id ?? '',
+            r.role ?? '',
+            r.key_source ?? '',
+            r.fp ?? '',
+            r.spk_id ?? '',
+            r.wrap_nonce ?? '',
+            r.wrapped_key ?? '',
+        ];
+        // 服务端拆分后存储：用 Merkle proof 验证 wrap 在签名集中
+        const proof = env.merkle_proof;
+        const expectedRoot = env.recipients_digest;
+        if (proof != null && expectedRoot) {
+            const leaf = await computeLeafHash(row);
+            const ok = await verifyMerkleProof(leaf, proof, expectedRoot);
+            if (!ok) {
+                // 服务端篡改/替换 wrap，拒绝
+                return null;
+            }
+        }
+    }
+    else {
+        return null;
+    }
+    // 3. wrap_salt = SHA256(canonical_aad || sender_session_pk_der || suite)[:16]
+    const senderSessionPkDer = base64ToBytes(env.sender_session_pk);
+    const aadBytes = canonicalJson(env.aad);
+    const suiteStr = env.suite ?? SUITE_NAME;
+    const suiteBytes = encoder.encode(suiteStr);
+    const saltInput = new Uint8Array(aadBytes.length + senderSessionPkDer.length + suiteBytes.length);
+    saltInput.set(aadBytes, 0);
+    saltInput.set(senderSessionPkDer, aadBytes.length);
+    saltInput.set(suiteBytes, aadBytes.length + senderSessionPkDer.length);
+    const wrapSalt = (await sha256(saltInput)).subarray(0, 16);
+    // 4. compute wrap_key
+    const wrapKey = await computeWrapKey(row, selfIkPriv, selfSpkPriv, senderSessionPkDer, senderPubDer, wrapSalt);
+    // 5. decrypt master_key（wrapped_key = ciphertext(32B) + tag(16B) = 48B）
+    const wrapNonce = base64ToBytes(row[6]);
+    const wrappedKey = base64ToBytes(row[7]);
+    if (wrappedKey.length < 16) {
+        throw new Error(`wrapped_key too short: ${wrappedKey.length}`);
+    }
+    const wrappedCt = wrappedKey.subarray(0, wrappedKey.length - 16);
+    const wrappedTag = wrappedKey.subarray(wrappedKey.length - 16);
+    const masterKey = await aesGcmDecrypt(wrapKey, wrapNonce, wrappedCt, wrappedTag, new Uint8Array(0));
+    // 6. decrypt body
+    const msgNonce = base64ToBytes(env.nonce);
+    const ct = base64ToBytes(env.ciphertext);
+    const tag = base64ToBytes(env.tag);
+    const plaintext = await aesGcmDecrypt(masterKey, msgNonce, ct, tag, aadBytes);
+    // 7. 解析 payload
+    return JSON.parse(new TextDecoder().decode(plaintext));
+}
+async function verifySenderSignature(env, senderPubDer) {
+    const sig = base64ToBytes(env.sender_signature);
+    const ct = base64ToBytes(env.ciphertext);
+    const tag = base64ToBytes(env.tag);
+    const aadBytes = canonicalJson(env.aad);
+    const digestBytes = hexToBytes(env.recipients_digest);
+    const signInput = new Uint8Array(ct.length + tag.length + aadBytes.length + digestBytes.length);
+    let pos = 0;
+    signInput.set(ct, pos);
+    pos += ct.length;
+    signInput.set(tag, pos);
+    pos += tag.length;
+    signInput.set(aadBytes, pos);
+    pos += aadBytes.length;
+    signInput.set(digestBytes, pos);
+    return ecdsaVerifyRaw(senderPubDer, sig, signInput);
+}
+function findMyRow(recipients, selfAid, selfDeviceId) {
+    for (const row of recipients) {
+        if (row[0] === selfAid && row[1] === selfDeviceId)
+            return row;
+    }
+    return null;
+}
+async function computeWrapKey(row, selfIkPriv, selfSpkPriv, senderSessionPkDer, senderMasterPkDer, salt) {
+    const spkId = row[5];
+    if (spkId && selfSpkPriv) {
+        // 3DH 接收方路径
+        // dh1 = ECDH(self_ik_priv, sender_session_pk)
+        // dh2 = ECDH(self_spk_priv, sender_master_pk)
+        // dh3 = ECDH(self_spk_priv, sender_session_pk)
+        const dh1 = await ecdhComputeShared(selfIkPriv, senderSessionPkDer);
+        const dh2 = await ecdhComputeShared(selfSpkPriv, senderMasterPkDer);
+        const dh3 = await ecdhComputeShared(selfSpkPriv, senderSessionPkDer);
+        if (dh1.length !== 32 || dh2.length !== 32 || dh3.length !== 32) {
+            throw new Error(`3DH expected 32B shares, got dh1=${dh1.length} dh2=${dh2.length} dh3=${dh3.length}`);
+        }
+        const ikm = new Uint8Array(96);
+        ikm.set(dh1, 0);
+        ikm.set(dh2, 32);
+        ikm.set(dh3, 64);
+        return hkdfSha256(ikm, salt, INFO_3DH, 32);
+    }
+    // 1DH 接收方路径
+    const dh1 = await ecdhComputeShared(selfIkPriv, senderSessionPkDer);
+    return hkdfSha256(dh1, salt, INFO_1DH, 32);
+}
+//# sourceMappingURL=decrypt.js.map

package/dist/v2/e2ee/decrypt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"decrypt.js","sourceRoot":"","sources":["../../../src/v2/e2ee/decrypt.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AACH,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,iBAAiB,GAElB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAC9C,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAE9C,KAAK,UAAU,MAAM,CAAC,IAAgB;IACpC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC,MAAM,CAAC,CAAC;IACvE,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACpB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAChE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,UAAU,CAAC,CAAS;IAC3B,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACnE,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACzC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzC,MAAM,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC7C,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QAC9E,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1B,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AA2BD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAiC,EACjC,OAAe,EACf,YAAoB,EACpB,UAAsB,EACtB,WAAmC,EACnC,YAAwB;IAExB,MAAM,GAAG,GAAG,QAAoC,CAAC;IAEjD,wBAAwB;IACxB,IAAI,CAAC,CAAC,MAAM,qBAAqB,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,EAAE,CAAC;QACtD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;IAC1D,CAAC;IAED,8DAA8D;IAC9D,IAAI,GAAG,GAAoB,IAAI,CAAC;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,GAAG,GAAG,CAAC,UAAU,CAAC;QAC5B,MAAM,QAAQ,GAAG,MAAM,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,QAAQ,KAAK,GAAG,CAAC,iBAAiB,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QACD,GAAG,GAAG,SAAS,CAAC,IAAI,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;QAC7C,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;IACxB,CAAC;SAAM,IAAI,GAAG,CAAC,SAAS,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;QAC9D,MAAM,CAAC,GAAG,GAAG,CAAC,SAAS,CAAC;QACxB,GAAG,GAAG;YACJ,CAAC,CAAC,GAAG,IAAI,EAAE;YACX,CAAC,CAAC,SAAS,IAAI,EAAE;YACjB,CAAC,CAAC,IAAI,IAAI,EAAE;YACZ,CAAC,CAAC,UAAU,IAAI,EAAE;YAClB,CAAC,CAAC,EAAE,IAAI,EAAE;YACV,CAAC,CAAC,MAAM,IAAI,EAAE;YACd,CAAC,CAAC,UAAU,IAAI,EAAE;YAClB,CAAC,CAAC,WAAW,IAAI,EAAE;SACpB,CAAC;QACF,wCAAwC;QACxC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC;QAC/B,MAAM,YAAY,GAAG,GAAG,CAAC,iBAAiB,CAAC;QAC3C,IAAI,KAAK,IAAI,IAAI,IAAI,YAAY,EAAE,CAAC;YAClC,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,EAAE,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC;YAC9D,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,mBAAmB;gBACnB,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,IAAI,CAAC;IACd,CAAC;IAED,8EAA8E;IAC9E,MAAM,kBAAkB,GAAG,aAAa,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAChE,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,IAAI,UAAU,CAAC;IACzC,MAAM,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,QAAQ,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAChE,CAAC;IACF,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IAC3B,SAAS,CAAC,GAAG,CAAC,kBAAkB,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnD,SAAS,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,MAAM,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,CAAC,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE3D,sBAAsB;IACtB,MAAM,OAAO,GAAG,MAAM,cAAc,CAClC,GAAG,EACH,UAAU,EACV,WAAW,EACX,kBAAkB,EAClB,YAAY,EACZ,QAAQ,CACT,CAAC;IAEF,wEAAwE;IACxE,MAAM,SAAS,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACxC,MAAM,UAAU,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzC,IAAI,UAAU,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,0BAA0B,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACjE,CAAC;IACD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACjE,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,MAAM,aAAa,CACnC,OAAO,EACP,SAAS,EACT,SAAS,EACT,UAAU,EACV,IAAI,UAAU,CAAC,CAAC,CAAC,CAClB,CAAC;IAEF,kBAAkB;IAClB,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC1C,MAAM,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAE9E,gBAAgB;IAChB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAA4B,CAAC;AACpF,CAAC;AAED,KAAK,UAAU,qBAAqB,CAClC,GAAkB,EAClB,YAAwB;IAExB,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAChD,MAAM,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IAEtD,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,EAAE,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAC9D,CAAC;IACF,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IACvB,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC;IACjB,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACxB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;IAClB,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC7B,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC;IACvB,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IAEhC,OAAO,cAAc,CAAC,YAAY,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC;AAED,SAAS,SAAS,CAChB,UAAsB,EACtB,OAAe,EACf,YAAoB;IAEpB,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,YAAY;YAAE,OAAO,GAAG,CAAC;IAChE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,KAAK,UAAU,cAAc,CAC3B,GAAa,EACb,UAAsB,EACtB,WAAmC,EACnC,kBAA8B,EAC9B,iBAA6B,EAC7B,IAAgB;IAEhB,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,KAAK,IAAI,WAAW,EAAE,CAAC;QACzB,YAAY;QACZ,8CAA8C;QAC9C,8CAA8C;QAC9C,+CAA+C;QAC/C,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,iBAAiB,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACrE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CACb,oCAAoC,GAAG,CAAC,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,GAAG,CAAC,MAAM,EAAE,CACrF,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAChB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QACjB,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IACD,YAAY;IACZ,MAAM,GAAG,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;IACpE,OAAO,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC"}