@agentunion/fastaun 0.2.13

package/dist/keystore/file.d.ts

@@ -0,0 +1,82 @@
+/**
+ * 基于文件（key.json/cert.pem）+ AIDDatabase（SQLite）的 KeyStore 实现。
+ *
+ * 与 Python SDK FileKeyStore / Go FileKeyStore 对齐：
+ * - key.json / cert.pem 仍用文件存储
+ * - tokens / prekeys / group_secrets / sessions / instance_state / metadata_kv 全部存 SQLite
+ * - 废弃 meta.json
+ */
+import type { KeyStore } from './index.js';
+import type { SecretStore } from '../secret-store/index.js';
+import { type GroupSecretRecord, type IdentityRecord, type KeyPairRecord, type MetadataRecord, type PrekeyMap, type PrekeyRecord } from '../types.js';
+export declare class FileKeyStore implements KeyStore {
+    private _root;
+    private _aidsRoot;
+    private _secretStore;
+    private _aidDBs;
+    private _deviceId;
+    constructor(root?: string, opts?: {
+        secretStore?: SecretStore;
+        encryptionSeed?: string;
+        sqliteBackup?: unknown;
+    });
+    close(): void;
+    private _getDB;
+    private _prepareRoot;
+    loadKeyPair(aid: string): KeyPairRecord | null;
+    saveKeyPair(aid: string, keyPair: KeyPairRecord): void;
+    private _restoreKeyPair;
+    loadCert(aid: string, certFingerprint?: string): string | null;
+    saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
+        makeActive?: boolean;
+    }): void;
+    loadIdentity(aid: string): IdentityRecord | null;
+    saveIdentity(aid: string, identity: IdentityRecord): void;
+    loadAnyIdentity(): IdentityRecord | null;
+    loadE2EEPrekeys(aid: string, deviceId?: string): PrekeyMap;
+    saveE2EEPrekey(aid: string, prekeyId: string, prekeyData: PrekeyRecord, deviceId?: string): void;
+    cleanupE2EEPrekeys(aid: string, cutoffMs: number, keepLatest?: number, deviceId?: string): string[];
+    listGroupSecretIds(aid: string): string[];
+    cleanupGroupOldEpochsState(aid: string, groupId: string, cutoffMs: number): number;
+    loadGroupSecretEpoch(aid: string, groupId: string, epoch?: number | null): GroupSecretRecord | null;
+    loadGroupSecretEpochs(aid: string, groupId: string): GroupSecretRecord[];
+    storeGroupSecretTransition(aid: string, groupId: string, opts: {
+        epoch: number;
+        secret: string;
+        commitment: string;
+        memberAids: string[];
+        epochChain?: string;
+        pendingRotationId?: string;
+        epochChainUnverified?: boolean | null;
+        epochChainUnverifiedReason?: string | null;
+        oldEpochRetentionMs: number;
+    }): boolean;
+    storeGroupSecretEpoch(aid: string, groupId: string, opts: {
+        epoch: number;
+        secret: string;
+        commitment: string;
+        memberAids: string[];
+        epochChain?: string;
+        pendingRotationId?: string;
+        epochChainUnverified?: boolean | null;
+        epochChainUnverifiedReason?: string | null;
+        oldEpochRetentionMs: number;
+    }): boolean;
+    discardPendingGroupSecretState(aid: string, groupId: string, epoch: number, rotationId: string): boolean;
+    deleteGroupSecretState(aid: string, groupId: string): void;
+    loadInstanceState(aid: string, deviceId: string, slotId?: string): MetadataRecord | null;
+    saveInstanceState(aid: string, deviceId: string, slotId: string, state: MetadataRecord): void;
+    updateInstanceState(aid: string, deviceId: string, slotId: string, updater: (state: MetadataRecord) => MetadataRecord | void): MetadataRecord;
+    loadE2EESessions(aid: string): Array<Record<string, unknown>>;
+    saveE2EESession(aid: string, sessionId: string, data: Record<string, unknown>): void;
+    saveSeq(aid: string, deviceId: string, slotId: string, namespace: string, contiguousSeq: number): void;
+    loadSeq(aid: string, deviceId: string, slotId: string, namespace: string): number;
+    loadAllSeqs(aid: string, deviceId: string, slotId: string): Record<string, number>;
+    /** 列出所有已存储的 AID（对齐 Python list_identities） */
+    listIdentities(): string[];
+    /** 加载指定 AID 的元数据（对齐 Python load_metadata） */
+    loadMetadata(aid: string): Record<string, unknown> | null;
+    private _keyPairPath;
+    private _certPath;
+    private _certVersionPath;
+}

package/dist/keystore/file.js

@@ -0,0 +1,395 @@
+/**
+ * 基于文件（key.json/cert.pem）+ AIDDatabase（SQLite）的 KeyStore 实现。
+ *
+ * 与 Python SDK FileKeyStore / Go FileKeyStore 对齐：
+ * - key.json / cert.pem 仍用文件存储
+ * - tokens / prekeys / group_secrets / sessions / instance_state / metadata_kv 全部存 SQLite
+ * - 废弃 meta.json
+ */
+import * as crypto from 'node:crypto';
+import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, chmodSync, renameSync, unlinkSync, } from 'node:fs';
+import { join, dirname } from 'node:path';
+import { homedir } from 'node:os';
+import { AIDDatabase } from './aid-db.js';
+import { getDeviceId } from '../config.js';
+import { certificateSha256Fingerprint } from '../crypto.js';
+import { createDefaultSecretStore } from '../secret-store/index.js';
+import { isJsonObject, } from '../types.js';
+const TOKEN_FIELDS = new Set(['access_token', 'refresh_token', 'kite_token']);
+function secureFilePermissions(path) {
+    if (process.platform !== 'win32') {
+        try {
+            chmodSync(path, 0o600);
+        }
+        catch { /* ignore */ }
+    }
+}
+function deepClone(value) {
+    return JSON.parse(JSON.stringify(value));
+}
+function fingerprintFromCertPem(certPem) {
+    // 委托给 crypto.ts 的统一实现（ISSUE-SDK-TS-008: 消除两套指纹计算）
+    return certificateSha256Fingerprint(certPem);
+}
+function normalizeCertFingerprint(fp) {
+    const v = String(fp ?? '').trim().toLowerCase();
+    if (!v.startsWith('sha256:') || v.length !== 71)
+        return '';
+    if (/[^0-9a-f]/.test(v.slice(7)))
+        return '';
+    return v;
+}
+function safeAid(aid) {
+    return aid.replace(/[/\\:]/g, '_');
+}
+export class FileKeyStore {
+    _root;
+    _aidsRoot;
+    _secretStore;
+    _aidDBs = new Map();
+    _deviceId;
+    constructor(root, opts) {
+        const preferred = root ?? join(homedir(), '.aun');
+        const fallback = join(process.cwd(), '.aun');
+        this._root = this._prepareRoot(preferred, fallback);
+        this._secretStore = opts?.secretStore ?? createDefaultSecretStore(this._root, opts?.encryptionSeed);
+        this._aidsRoot = join(this._root, 'AIDs');
+        mkdirSync(this._aidsRoot, { recursive: true });
+        this._deviceId = getDeviceId(this._root);
+    }
+    close() {
+        for (const db of this._aidDBs.values())
+            db.close();
+        this._aidDBs.clear();
+    }
+    _getDB(aid) {
+        const safe = safeAid(aid);
+        let db = this._aidDBs.get(safe);
+        if (!db) {
+            const dbPath = join(this._aidsRoot, safe, 'aun.db');
+            try {
+                db = new AIDDatabase(dbPath, this._secretStore, safe);
+            }
+            catch (exc) {
+                // DB 损坏：备份后重建
+                console.warn('[aun_core.keystore] 数据库损坏，备份后重建');
+                const ts = new Date().toISOString().replace(/[:.]/g, '-');
+                const bakPath = dbPath + `.corrupt_${ts}.bak`;
+                try {
+                    renameSync(dbPath, bakPath);
+                }
+                catch { /* 备份失败也继续重建 */ }
+                // 清理 WAL/SHM
+                for (const suffix of ['-wal', '-shm', '-journal']) {
+                    try {
+                        unlinkSync(dbPath + suffix);
+                    }
+                    catch { /* ignore */ }
+                }
+                db = new AIDDatabase(dbPath, this._secretStore, safe);
+            }
+            this._aidDBs.set(safe, db);
+        }
+        return db;
+    }
+    _prepareRoot(preferred, fallback) {
+        try {
+            mkdirSync(preferred, { recursive: true });
+            return preferred;
+        }
+        catch {
+            // ISSUE-TS-003: 回退时警告用户数据存储位置变更
+            console.warn(`[aun_core.keystore] 首选路径 ${preferred} 不可用，回退到 ${fallback}`);
+            mkdirSync(fallback, { recursive: true });
+            return fallback;
+        }
+    }
+    // ── KeyPair ──────────────────────────────────────────────
+    loadKeyPair(aid) {
+        const path = this._keyPairPath(aid);
+        if (!existsSync(path))
+            return null;
+        try {
+            const raw = JSON.parse(readFileSync(path, 'utf-8'));
+            return this._restoreKeyPair(aid, raw);
+        }
+        catch (exc) {
+            console.warn('[aun_core.keystore] key.json 读取或解析失败，视为不存在');
+            return null;
+        }
+    }
+    saveKeyPair(aid, keyPair) {
+        const path = this._keyPairPath(aid);
+        mkdirSync(dirname(path), { recursive: true });
+        const protected_ = deepClone(keyPair);
+        const pem = protected_.private_key_pem;
+        if (typeof pem === 'string' && pem) {
+            delete protected_.private_key_pem;
+            const rec = this._secretStore.protect(safeAid(aid), 'identity/private_key', Buffer.from(pem, 'utf-8'));
+            protected_.private_key_protection = rec;
+        }
+        writeFileSync(path, JSON.stringify(protected_, null, 2), { mode: 0o600 });
+        secureFilePermissions(path);
+    }
+    _restoreKeyPair(aid, kp) {
+        const out = deepClone(kp);
+        const rec = out.private_key_protection;
+        if (isJsonObject(rec)) {
+            const plain = this._secretStore.reveal(safeAid(aid), 'identity/private_key', rec);
+            if (plain)
+                out.private_key_pem = plain.toString('utf-8');
+        }
+        return out;
+    }
+    // ── Cert ─────────────────────────────────────────────────
+    loadCert(aid, certFingerprint) {
+        try {
+            const norm = normalizeCertFingerprint(certFingerprint);
+            if (norm) {
+                const vp = this._certVersionPath(aid, norm);
+                if (existsSync(vp))
+                    return readFileSync(vp, 'utf-8');
+                const active = this._certPath(aid);
+                if (existsSync(active)) {
+                    const certPem = readFileSync(active, 'utf-8');
+                    if (fingerprintFromCertPem(certPem) === norm)
+                        return certPem;
+                }
+                return null;
+            }
+            const path = this._certPath(aid);
+            return existsSync(path) ? readFileSync(path, 'utf-8') : null;
+        }
+        catch (exc) {
+            // 文件被锁定、无权限、目录冲突等异常时降级返回 null
+            console.warn('[aun_core.keystore] cert.pem 读取失败，视为不存在');
+            return null;
+        }
+    }
+    saveCert(aid, certPem, certFingerprint, opts) {
+        const norm = normalizeCertFingerprint(certFingerprint);
+        if (norm) {
+            const vp = this._certVersionPath(aid, norm);
+            mkdirSync(dirname(vp), { recursive: true });
+            writeFileSync(vp, certPem);
+            if (!opts?.makeActive)
+                return;
+        }
+        const path = this._certPath(aid);
+        mkdirSync(dirname(path), { recursive: true });
+        writeFileSync(path, certPem);
+    }
+    // ── Identity ─────────────────────────────────────────────
+    loadIdentity(aid) {
+        const kp = this.loadKeyPair(aid);
+        const cert = this.loadCert(aid);
+        // 直接从 DB 读取 tokens + KV
+        const db = this._getDB(aid);
+        const tokens = db.getAllTokens();
+        const kv = db.getAllMetadata();
+        const hasMeta = Object.keys(tokens).length > 0 || Object.keys(kv).length > 0;
+        if (!kp && !cert && !hasMeta)
+            return null;
+        const identity = {};
+        for (const [k, v] of Object.entries(kv)) {
+            try {
+                identity[k] = JSON.parse(v);
+            }
+            catch {
+                identity[k] = v;
+            }
+        }
+        Object.assign(identity, tokens);
+        if (kp)
+            Object.assign(identity, kp);
+        if (cert) {
+            // key/cert 公钥一致性校验：防止 cert.pem 被意外覆盖
+            const localPubB64 = kp?.public_key_der_b64;
+            if (typeof localPubB64 === 'string' && localPubB64) {
+                try {
+                    const x = new crypto.X509Certificate(cert);
+                    const certPubDer = x.publicKey.export({ type: 'spki', format: 'der' });
+                    const localPubDer = Buffer.from(localPubB64, 'base64');
+                    if (!certPubDer.equals(localPubDer)) {
+                        console.error('[keystore] key.json 公钥与 cert.pem 公钥不匹配，丢弃 cert');
+                    }
+                    else {
+                        identity.cert = cert;
+                    }
+                }
+                catch {
+                    identity.cert = cert;
+                }
+            }
+            else {
+                identity.cert = cert;
+            }
+        }
+        return identity;
+    }
+    saveIdentity(aid, identity) {
+        const kp = {};
+        for (const k of ['private_key_pem', 'public_key_der_b64', 'curve']) {
+            if (k in identity)
+                kp[k] = identity[k];
+        }
+        if (Object.keys(kp).length > 0)
+            this.saveKeyPair(aid, kp);
+        if (typeof identity.cert === 'string' && identity.cert)
+            this.saveCert(aid, identity.cert);
+        // 直接写入 tokens + KV
+        const db = this._getDB(aid);
+        const skip = new Set([...TOKEN_FIELDS, 'private_key_pem', 'public_key_der_b64', 'curve', 'cert', 'e2ee_prekeys', 'group_secrets', 'e2ee_sessions']);
+        for (const field of TOKEN_FIELDS) {
+            if (!(field in identity))
+                continue;
+            const v = identity[field];
+            if (typeof v === 'string' && v)
+                db.setToken(field, v);
+            else
+                db.deleteToken(field);
+        }
+        for (const [k, v] of Object.entries(identity)) {
+            if (skip.has(k))
+                continue;
+            db.setMetadata(k, JSON.stringify(v));
+        }
+    }
+    loadAnyIdentity() {
+        if (!existsSync(this._aidsRoot))
+            return null;
+        for (const entry of readdirSync(this._aidsRoot, { withFileTypes: true })) {
+            if (!entry.isDirectory())
+                continue;
+            const identity = this.loadIdentity(entry.name);
+            if (identity)
+                return identity;
+        }
+        return null;
+    }
+    // ── Prekeys ──────────────────────────────────────────────
+    loadE2EEPrekeys(aid, deviceId) {
+        return this._getDB(aid).loadPrekeys(String(deviceId ?? '').trim());
+    }
+    saveE2EEPrekey(aid, prekeyId, prekeyData, deviceId) {
+        const pem = typeof prekeyData.private_key_pem === 'string' ? prekeyData.private_key_pem : '';
+        const extra = {};
+        for (const [k, v] of Object.entries(prekeyData)) {
+            if (!['private_key_pem', 'created_at', 'updated_at', 'expires_at'].includes(k))
+                extra[k] = v;
+        }
+        this._getDB(aid).savePrekey(prekeyId, pem, String(deviceId ?? '').trim(), prekeyData.created_at, prekeyData.expires_at, extra);
+    }
+    cleanupE2EEPrekeys(aid, cutoffMs, keepLatest = 7, deviceId) {
+        return this._getDB(aid).cleanupPrekeys(String(deviceId ?? '').trim(), cutoffMs, keepLatest);
+    }
+    // ── Group Secrets ────────────────────────────────────────
+    listGroupSecretIds(aid) {
+        const db = this._getDB(aid);
+        const ids = new Set(Object.keys(db.loadAllGroupCurrent()));
+        for (const groupId of db.loadAllGroupIdsWithOldEpochs())
+            ids.add(groupId);
+        return [...ids].sort();
+    }
+    cleanupGroupOldEpochsState(aid, groupId, cutoffMs) {
+        return this._getDB(aid).cleanupGroupOldEpochs(groupId, cutoffMs);
+    }
+    loadGroupSecretEpoch(aid, groupId, epoch) {
+        return this._getDB(aid).loadGroupSecretEpoch(groupId, epoch);
+    }
+    loadGroupSecretEpochs(aid, groupId) {
+        return this._getDB(aid).loadGroupSecretEpochs(groupId);
+    }
+    storeGroupSecretTransition(aid, groupId, opts) {
+        return this._getDB(aid).storeGroupSecretTransition(groupId, opts);
+    }
+    storeGroupSecretEpoch(aid, groupId, opts) {
+        return this._getDB(aid).storeGroupSecretEpoch(groupId, opts);
+    }
+    discardPendingGroupSecretState(aid, groupId, epoch, rotationId) {
+        return this._getDB(aid).discardPendingGroupSecretState(groupId, epoch, rotationId);
+    }
+    deleteGroupSecretState(aid, groupId) {
+        const db = this._getDB(aid);
+        db.deleteGroupCurrent(groupId);
+        db.deleteAllGroupOldEpochs(groupId);
+    }
+    // ── Instance State ───────────────────────────────────────
+    loadInstanceState(aid, deviceId, slotId = '') {
+        return this._getDB(aid).loadInstanceState(deviceId, slotId);
+    }
+    saveInstanceState(aid, deviceId, slotId, state) {
+        this._getDB(aid).saveInstanceState(deviceId, slotId, state);
+    }
+    updateInstanceState(aid, deviceId, slotId, updater) {
+        const db = this._getDB(aid);
+        const current = (db.loadInstanceState(deviceId, slotId) ?? {});
+        const working = deepClone(current);
+        const updated = updater(working) ?? working;
+        db.saveInstanceState(deviceId, slotId, updated);
+        return deepClone(updated);
+    }
+    // ── E2EE Sessions ────────────────────────────────────────
+    loadE2EESessions(aid) {
+        return this._getDB(aid).loadAllSessions();
+    }
+    saveE2EESession(aid, sessionId, data) {
+        this._getDB(aid).saveSession(sessionId, data);
+    }
+    // ── Seq Tracker ───────────────────────────────────────────
+    saveSeq(aid, deviceId, slotId, namespace, contiguousSeq) {
+        this._getDB(aid).saveSeq(deviceId, slotId, namespace, contiguousSeq);
+    }
+    loadSeq(aid, deviceId, slotId, namespace) {
+        return this._getDB(aid).loadSeq(deviceId, slotId, namespace);
+    }
+    loadAllSeqs(aid, deviceId, slotId) {
+        return this._getDB(aid).loadAllSeqs(deviceId, slotId);
+    }
+    // ── 身份列表 ───────────────────────────────────────────
+    /** 列出所有已存储的 AID（对齐 Python list_identities） */
+    listIdentities() {
+        if (!existsSync(this._aidsRoot))
+            return [];
+        const aids = [];
+        for (const entry of readdirSync(this._aidsRoot, { withFileTypes: true })) {
+            if (!entry.isDirectory())
+                continue;
+            aids.push(entry.name);
+        }
+        return aids;
+    }
+    /** 加载指定 AID 的元数据（对齐 Python load_metadata） */
+    loadMetadata(aid) {
+        try {
+            const db = this._getDB(aid);
+            const kv = db.getAllMetadata();
+            if (Object.keys(kv).length === 0)
+                return null;
+            const result = {};
+            for (const [k, v] of Object.entries(kv)) {
+                try {
+                    result[k] = JSON.parse(v);
+                }
+                catch {
+                    result[k] = v;
+                }
+            }
+            return result;
+        }
+        catch {
+            return null;
+        }
+    }
+    // ── 路径辅助 ─────────────────────────────────────────────
+    _keyPairPath(aid) {
+        return join(this._aidsRoot, safeAid(aid), 'private', 'key.json');
+    }
+    _certPath(aid) {
+        return join(this._aidsRoot, safeAid(aid), 'public', 'cert.pem');
+    }
+    _certVersionPath(aid, fp) {
+        return join(this._aidsRoot, safeAid(aid), 'public', 'certs', `${fp.replace(/:/g, '_')}.pem`);
+    }
+}
+//# sourceMappingURL=file.js.map

package/dist/keystore/file.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.js","sourceRoot":"","sources":["../../src/keystore/file.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,aAAa,EACb,WAAW,EACX,SAAS,EACT,UAAU,EACV,UAAU,GACX,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAIlC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAuB,MAAM,cAAc,CAAC;AAChE,OAAO,EAAE,4BAA4B,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EACL,YAAY,GAQb,MAAM,aAAa,CAAC;AAErB,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,eAAe,EAAE,YAAY,CAAC,CAAC,CAAC;AAE9E,SAAS,qBAAqB,CAAC,IAAY;IACzC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,IAAI,CAAC;YAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAI,KAAQ;IAC5B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAM,CAAC;AAChD,CAAC;AAED,SAAS,sBAAsB,CAAC,OAAe;IAC7C,kDAAkD;IAClD,OAAO,4BAA4B,CAAC,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,wBAAwB,CAAC,EAAW;IAC3C,MAAM,CAAC,GAAG,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAChD,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,EAAE,CAAC;IAC3D,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC5C,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,OAAO,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,OAAO,YAAY;IACf,KAAK,CAAS;IACd,SAAS,CAAS;IAClB,YAAY,CAAc;IAC1B,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAC;IACzC,SAAS,CAAS;IAE1B,YACE,IAAa,EACb,IAIC;QAED,MAAM,SAAS,GAAG,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,YAAY,GAAG,IAAI,EAAE,WAAW,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,cAAc,CAAC,CAAC;QACpG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1C,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,SAAS,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK;QACH,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;YAAE,EAAE,CAAC,KAAK,EAAE,CAAC;QACnD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAEO,MAAM,CAAC,GAAW;QACxB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YACpD,IAAI,CAAC;gBACH,EAAE,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YACxD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,cAAc;gBACd,OAAO,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC;gBAChD,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAC1D,MAAM,OAAO,GAAG,MAAM,GAAG,YAAY,EAAE,MAAM,CAAC;gBAC9C,IAAI,CAAC;oBAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;gBAC9D,aAAa;gBACb,KAAK,MAAM,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;oBAClD,IAAI,CAAC;wBAAC,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC7D,CAAC;gBACD,EAAE,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YACxD,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAEO,YAAY,CAAC,SAAiB,EAAE,QAAgB;QACtD,IAAI,CAAC;YACH,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,gCAAgC;YAChC,OAAO,CAAC,IAAI,CAAC,4BAA4B,SAAS,YAAY,QAAQ,EAAE,CAAC,CAAC;YAC1E,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAED,4DAA4D;IAE5D,WAAW,CAAC,GAAW;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACxC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAC;YAC3D,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,WAAW,CAAC,GAAW,EAAE,OAAsB;QAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACpC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,UAAU,CAAC,eAAe,CAAC;QACvC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,EAAE,CAAC;YACnC,OAAO,UAAU,CAAC,eAAe,CAAC;YAClC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,sBAAsB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;YACvG,UAAU,CAAC,sBAAsB,GAAG,GAAG,CAAC;QAC1C,CAAC;QACD,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1E,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAEO,eAAe,CAAC,GAAW,EAAE,EAAc;QACjD,MAAM,GAAG,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;QAC1B,MAAM,GAAG,GAAG,GAAG,CAAC,sBAAsB,CAAC;QACvC,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,sBAAsB,EAAE,GAAU,CAAC,CAAC;YACzF,IAAI,KAAK;gBAAE,GAAG,CAAC,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,4DAA4D;IAE5D,QAAQ,CAAC,GAAW,EAAE,eAAwB;QAC5C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,wBAAwB,CAAC,eAAe,CAAC,CAAC;YACvD,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,EAAE,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBAC5C,IAAI,UAAU,CAAC,EAAE,CAAC;oBAAE,OAAO,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;gBACrD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBACvB,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;oBAC9C,IAAI,sBAAsB,CAAC,OAAO,CAAC,KAAK,IAAI;wBAAE,OAAO,OAAO,CAAC;gBAC/D,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACjC,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,8BAA8B;YAC9B,OAAO,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,GAAW,EAAE,OAAe,EAAE,eAAwB,EAAE,IAA+B;QAC9F,MAAM,IAAI,GAAG,wBAAwB,CAAC,eAAe,CAAC,CAAC;QACvD,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,EAAE,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC5C,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5C,aAAa,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI,EAAE,UAAU;gBAAE,OAAO;QAChC,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACjC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,4DAA4D;IAE5D,YAAY,CAAC,GAAW;QACtB,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChC,wBAAwB;QACxB,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,EAAE,CAAC;QACjC,MAAM,EAAE,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAC7E,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC1C,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;YACxC,IAAI,CAAC;gBAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAAC,CAAC;QACjE,CAAC;QACD,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAChC,IAAI,EAAE;YAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACpC,IAAI,IAAI,EAAE,CAAC;YACT,qCAAqC;YACrC,MAAM,WAAW,GAAG,EAAE,EAAE,kBAAkB,CAAC;YAC3C,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,EAAE,CAAC;gBACnD,IAAI,CAAC;oBACH,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC3C,MAAM,UAAU,GAAG,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;oBACvE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;oBACvD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;wBACpC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;oBAClE,CAAC;yBAAM,CAAC;wBACN,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;oBACvB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;gBAAC,CAAC;YACnC,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;YACvB,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,YAAY,CAAC,GAAW,EAAE,QAAwB;QAChD,MAAM,EAAE,GAAkB,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,oBAAoB,EAAE,OAAO,CAAU,EAAE,CAAC;YAC5E,IAAI,CAAC,IAAI,QAAQ;gBAAE,EAAE,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAW,CAAC;QACnD,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,IAAI,QAAQ,CAAC,IAAI;YAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1F,mBAAmB;QACnB,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,YAAY,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC;QACpJ,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,IAAI,CAAC,CAAC,KAAK,IAAI,QAAQ,CAAC;gBAAE,SAAS;YACnC,MAAM,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC1B,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC;gBAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;;gBACjD,EAAE,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QAC7B,CAAC;QACD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,SAAS;YAC1B,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,eAAe;QACb,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;gBAAE,SAAS;YACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,4DAA4D;IAE5D,eAAe,CAAC,GAAW,EAAE,QAAiB;QAC5C,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAc,CAAC;IAClF,CAAC;IAED,cAAc,CAAC,GAAW,EAAE,QAAgB,EAAE,UAAwB,EAAE,QAAiB;QACvF,MAAM,GAAG,GAAG,OAAO,UAAU,CAAC,eAAe,KAAK,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7F,MAAM,KAAK,GAA4B,EAAE,CAAC;QAC1C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,CAAC;YAChD,IAAI,CAAC,CAAC,iBAAiB,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;gBAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAC/F,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,QAAQ,EAAE,GAAG,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IACjI,CAAC;IAED,kBAAkB,CAAC,GAAW,EAAE,QAAgB,EAAE,UAAU,GAAG,CAAC,EAAE,QAAiB;QACjF,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAC9F,CAAC;IAED,4DAA4D;IAE5D,kBAAkB,CAAC,GAAW;QAC5B,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAS,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,CAAC,CAAC;QACnE,KAAK,MAAM,OAAO,IAAI,EAAE,CAAC,4BAA4B,EAAE;YAAE,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC1E,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,0BAA0B,CAAC,GAAW,EAAE,OAAe,EAAE,QAAgB;QACvE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,qBAAqB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IACnE,CAAC;IAED,oBAAoB,CAAC,GAAW,EAAE,OAAe,EAAE,KAAqB;QACtE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAAC,OAAO,EAAE,KAAK,CAA6B,CAAC;IAC3F,CAAC;IAED,qBAAqB,CAAC,GAAW,EAAE,OAAe;QAChD,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,qBAAqB,CAAC,OAAO,CAAwB,CAAC;IAChF,CAAC;IAED,0BAA0B,CACxB,GAAW,EACX,OAAe,EACf,IAUC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,0BAA0B,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACpE,CAAC;IAED,qBAAqB,CACnB,GAAW,EACX,OAAe,EACf,IAUC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,qBAAqB,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;IAED,8BAA8B,CAAC,GAAW,EAAE,OAAe,EAAE,KAAa,EAAE,UAAkB;QAC5F,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,8BAA8B,CAAC,OAAO,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC;IACrF,CAAC;IAED,sBAAsB,CAAC,GAAW,EAAE,OAAe;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,EAAE,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAC/B,EAAE,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAED,4DAA4D;IAE5D,iBAAiB,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAM,GAAG,EAAE;QAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAA0B,CAAC;IACvF,CAAC;IAED,iBAAiB,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc,EAAE,KAAqB;QACpF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED,mBAAmB,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc,EAAE,OAAyD;QAC1H,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,OAAO,GAAG,CAAC,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,CAAmB,CAAC;QACjF,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,OAAO,CAAC;QAC5C,EAAE,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,CAAC;QAChD,OAAO,SAAS,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,4DAA4D;IAE5D,gBAAgB,CAAC,GAAW;QAC1B,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,eAAe,EAAE,CAAC;IAC5C,CAAC;IAED,eAAe,CAAC,GAAW,EAAE,SAAiB,EAAE,IAA6B;QAC3E,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;IAChD,CAAC;IAED,6DAA6D;IAE7D,OAAO,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc,EAAE,SAAiB,EAAE,aAAqB;QAC7F,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc,EAAE,SAAiB;QACtE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,sDAAsD;IAEtD,8CAA8C;IAC9C,cAAc;QACZ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;gBAAE,SAAS;YACnC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,6CAA6C;IAC7C,YAAY,CAAC,GAAW;QACtB,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5B,MAAM,EAAE,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC;YAC/B,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAC9C,MAAM,MAAM,GAA4B,EAAE,CAAC;YAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;gBACxC,IAAI,CAAC;oBAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAAC,CAAC;YAC7D,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,wDAAwD;IAEhD,YAAY,CAAC,GAAW;QAC9B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACnE,CAAC;IAEO,SAAS,CAAC,GAAW;QAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClE,CAAC;IAEO,gBAAgB,CAAC,GAAW,EAAE,EAAU;QAC9C,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/F,CAAC;CACF"}

package/dist/keystore/index.d.ts

@@ -0,0 +1,88 @@
+/**
+ * KeyStore 接口定义
+ *
+ * 与 Python SDK 的 KeyStore Protocol 完全对齐。
+ */
+import type { GroupSecretRecord, IdentityRecord, KeyPairRecord, MetadataRecord, PrekeyMap, PrekeyRecord } from '../types.js';
+export interface KeyStore {
+    /** 加载密钥对 */
+    loadKeyPair(aid: string): KeyPairRecord | null;
+    /** 保存密钥对 */
+    saveKeyPair(aid: string, keyPair: KeyPairRecord): void;
+    /** 加载证书 */
+    loadCert(aid: string, certFingerprint?: string): string | null;
+    /** 保存证书 */
+    saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
+        makeActive?: boolean;
+    }): void;
+    /** 加载完整身份信息 */
+    loadIdentity(aid: string): IdentityRecord | null;
+    /** 保存完整身份信息 */
+    saveIdentity(aid: string, identity: IdentityRecord): void;
+    /** 加载实例级状态 */
+    loadInstanceState?(aid: string, deviceId: string, slotId?: string): MetadataRecord | null;
+    /** 保存实例级状态 */
+    saveInstanceState?(aid: string, deviceId: string, slotId: string, state: MetadataRecord): void;
+    /** 原子更新实例级状态 */
+    updateInstanceState?(aid: string, deviceId: string, slotId: string, updater: (state: MetadataRecord) => MetadataRecord | void): MetadataRecord;
+    /** 加载结构化 prekeys，deviceId 为空时等价于全局 */
+    loadE2EEPrekeys?(aid: string, deviceId?: string): PrekeyMap;
+    /** 保存单个 prekey，deviceId 为空时等价于全局 */
+    saveE2EEPrekey?(aid: string, prekeyId: string, prekeyData: PrekeyRecord, deviceId?: string): void;
+    /** 清理过期 prekeys，deviceId 为空时等价于全局 */
+    cleanupE2EEPrekeys?(aid: string, cutoffMs: number, keepLatest?: number, deviceId?: string): string[];
+    /** 列出本地已存储群组密钥的 group_id */
+    listGroupSecretIds?(aid: string): string[];
+    /** 清理单个群组过期 old epochs */
+    cleanupGroupOldEpochsState?(aid: string, groupId: string, cutoffMs: number): number;
+    /** 按 row 加载当前或指定 epoch 的群组密钥 */
+    loadGroupSecretEpoch?(aid: string, groupId: string, epoch?: number | null): GroupSecretRecord | null;
+    /** 按 row 加载某个群组的当前和历史 epoch 密钥 */
+    loadGroupSecretEpochs?(aid: string, groupId: string): GroupSecretRecord[];
+    /** 事务化保存群组密钥状态转移 */
+    storeGroupSecretTransition?(aid: string, groupId: string, opts: {
+        epoch: number;
+        secret: string;
+        commitment: string;
+        memberAids: string[];
+        epochChain?: string;
+        pendingRotationId?: string;
+        epochChainUnverified?: boolean | null;
+        epochChainUnverifiedReason?: string | null;
+        oldEpochRetentionMs: number;
+    }): boolean;
+    /** 事务化保存指定 epoch 密钥；低于 current 时写入 old epoch row */
+    storeGroupSecretEpoch?(aid: string, groupId: string, opts: {
+        epoch: number;
+        secret: string;
+        commitment: string;
+        memberAids: string[];
+        epochChain?: string;
+        pendingRotationId?: string;
+        epochChainUnverified?: boolean | null;
+        epochChainUnverifiedReason?: string | null;
+        oldEpochRetentionMs: number;
+    }): boolean;
+    /** 事务化丢弃指定 pending rotation */
+    discardPendingGroupSecretState?(aid: string, groupId: string, epoch: number, rotationId: string): boolean;
+    /** 删除单个群组的所有密钥状态（群组解散时使用） */
+    deleteGroupSecretState?(aid: string, groupId: string): void;
+    /** 加载全部 E2EE sessions */
+    loadE2EESessions?(aid: string): Array<Record<string, unknown>>;
+    /** 保存单个 E2EE session */
+    saveE2EESession?(aid: string, sessionId: string, data: Record<string, unknown>): void;
+    /** 保存单个 namespace 的 contiguous_seq */
+    saveSeq?(aid: string, deviceId: string, slotId: string, namespace: string, contiguousSeq: number): void;
+    /** 加载单个 namespace 的 contiguous_seq */
+    loadSeq?(aid: string, deviceId: string, slotId: string, namespace: string): number;
+    /** 加载某 device+slot 下所有 namespace 的 contiguous_seq */
+    loadAllSeqs?(aid: string, deviceId: string, slotId: string): Record<string, number>;
+    /** 读取最近 ack seq，供 SeqTracker 作 baseline 使用 */
+    getLastAckSeq?(aid: string, deviceId: string, slotId: string, namespace: string): number;
+    /** 写入最近 ack seq */
+    setLastAckSeq?(aid: string, deviceId: string, slotId: string, namespace: string, seq: number): void;
+    /** 列出所有已存储的 AID（对齐 Python list_identities） */
+    listIdentities?(): string[];
+    /** 加载指定 AID 的元数据（对齐 Python load_metadata） */
+    loadMetadata?(aid: string): Record<string, unknown> | null;
+}

package/dist/keystore/index.js

@@ -0,0 +1,7 @@
+/**
+ * KeyStore 接口定义
+ *
+ * 与 Python SDK 的 KeyStore Protocol 完全对齐。
+ */
+export {};
+//# sourceMappingURL=index.js.map

package/dist/keystore/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/keystore/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/keystore/sqlite-backup.d.ts

@@ -0,0 +1,40 @@
+/**
+ * SQLite 备份层 + 结构化主存。
+ *
+ * 语义对齐 Python:
+ * - metadata 仍作为兼容备份；
+ * - prekeys / group_current / group_old_epochs 作为结构化主存；
+ * - 业务层优先读取结构化主存，metadata 仅作为兼容视图和未过期回捞来源。
+ */
+import type { JsonObject } from '../types.js';
+type JsonMap = JsonObject;
+export declare class SQLiteBackup {
+    private _db;
+    private _available;
+    constructor(dbPath?: string);
+    get available(): boolean;
+    close(): void;
+    backupSeed(seed: Buffer): void;
+    restoreSeed(): Buffer | null;
+    backupDeviceId(deviceId: string): void;
+    restoreDeviceId(): string | null;
+    backupKeyPair(aid: string, data: string): void;
+    restoreKeyPair(aid: string): string | null;
+    backupCert(aid: string, certPem: string): void;
+    restoreCert(aid: string): string | null;
+    backupMetadata(aid: string, data: string): void;
+    restoreMetadata(aid: string): string | null;
+    loadPrekeys(aid: string): Record<string, JsonMap>;
+    replacePrekeys(aid: string, prekeys: Record<string, JsonMap>): void;
+    cleanupPrekeysBefore(aid: string, cutoffMs: number, keepLatest?: number): string[];
+    loadGroupEntries(aid: string): Record<string, JsonMap>;
+    replaceGroupEntries(aid: string, entries: Record<string, JsonMap>): void;
+    cleanupGroupOldEpochs(aid: string, groupId: string, cutoffMs: number): number[];
+    private _initTables;
+    private _migrate;
+    private _runTransaction;
+    private _exec;
+    private _queryOne;
+    private _queryAll;
+}
+export {};