@agentunion/fastaun 0.4.5 → 0.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/CHANGELOG.md +39 -0
  2. package/_packed_docs/CHANGELOG.md +39 -0
  3. package/_packed_docs/INDEX.md +2 -2
  4. package/_packed_docs/KITE_DOCS_GUIDE.md +1 -1
  5. package/_packed_docs/agent.md//350/277/234/347/250/213agent.md/347/274/223/345/255/230/344/270/216etag/351/200/217/344/274/240/346/226/271/346/241/210.md +73 -84
  6. package/_packed_docs/sdk/01-/345/277/253/351/200/237/345/274/200/345/247/213.md +15 -14
  7. package/_packed_docs/sdk/02-WebSocket/345/215/217/350/256/256.md +2 -2
  8. package/_packed_docs/sdk/03-/346/240/270/345/277/203/346/246/202/345/277/265.md +22 -5
  9. package/_packed_docs/sdk/04-/350/277/236/346/216/245/344/270/216/350/256/244/350/257/201.md +44 -26
  10. package/_packed_docs/sdk/05-E2EE/345/212/240/345/257/206/351/200/232/344/277/241.md +5 -5
  11. package/_packed_docs/sdk/06-API/346/211/213/345/206/214.md +63 -35
  12. package/_packed_docs/sdk/08-/346/234/200/344/275/263/345/256/236/350/267/265.md +3 -3
  13. package/_packed_docs/sdk/09-message-rpc-manual.md +6 -6
  14. package/_packed_docs/sdk/AUN_DOCS_GUIDE.md +6 -4
  15. package/_packed_docs/sdk/INDEX.md +2 -2
  16. package/_packed_docs/sdk/README.md +3 -3
  17. package/dist/agent-md.d.ts +101 -0
  18. package/dist/agent-md.js +778 -0
  19. package/dist/agent-md.js.map +1 -0
  20. package/dist/aid-store.d.ts +12 -39
  21. package/dist/aid-store.js +114 -138
  22. package/dist/aid-store.js.map +1 -1
  23. package/dist/auth.js +1 -1
  24. package/dist/auth.js.map +1 -1
  25. package/dist/client.d.ts +1 -62
  26. package/dist/client.js +138 -826
  27. package/dist/client.js.map +1 -1
  28. package/dist/crypto.d.ts +1 -1
  29. package/dist/crypto.js +1 -1
  30. package/dist/index.d.ts +3 -2
  31. package/dist/index.js +2 -1
  32. package/dist/index.js.map +1 -1
  33. package/dist/keystore/aid-db.d.ts +2 -0
  34. package/dist/keystore/aid-db.js +12 -2
  35. package/dist/keystore/aid-db.js.map +1 -1
  36. package/dist/keystore/index.d.ts +6 -2
  37. package/dist/keystore/local-identity-store.d.ts +70 -0
  38. package/dist/keystore/local-identity-store.js +525 -0
  39. package/dist/keystore/local-identity-store.js.map +1 -0
  40. package/dist/keystore/local-token-store.d.ts +68 -0
  41. package/dist/keystore/local-token-store.js +368 -0
  42. package/dist/keystore/local-token-store.js.map +1 -0
  43. package/dist/register-flow.d.ts +12 -4
  44. package/dist/register-flow.js +70 -3
  45. package/dist/register-flow.js.map +1 -1
  46. package/dist/version.d.ts +1 -1
  47. package/dist/version.js +1 -1
  48. package/package.json +1 -1
package/dist/keystore/local-identity-store.js ADDED
@@ -0,0 +1,525 @@
1
+ /**
2
+ * LocalIdentityStore — 基于文件系统 + SQLite 的 KeyStore 实现(含私钥操作)。
3
+ * AIDStore / RegisterFlow 持有此类型。
4
+ */
5
+ import * as crypto from 'node:crypto';
6
+ import { existsSync, mkdirSync, readFileSync, writeFileSync, readdirSync, chmodSync, renameSync, unlinkSync, rmSync as fsRmSync, renameSync as fsRenameSync, statSync, } from 'node:fs';
7
+ import { join, dirname } from 'node:path';
8
+ import { homedir } from 'node:os';
9
+ import { AIDDatabase } from './aid-db.js';
10
+ import { getDeviceId } from '../config.js';
11
+ import { certificateSha256Fingerprint } from '../crypto.js';
12
+ import { createDefaultSecretStore } from '../secret-store/index.js';
13
+ import { FileSecretStore } from '../secret-store/file-store.js';
14
+ import { isJsonObject, } from '../types.js';
15
+ const _noopLogger = { error: () => { }, warn: () => { }, info: () => { }, debug: () => { } };
16
+ function secureFilePermissions(path) {
17
+ if (process.platform !== 'win32') {
18
+ try {
19
+ chmodSync(path, 0o600);
20
+ }
21
+ catch { /* ignore */ }
22
+ }
23
+ }
24
+ function replaceFileSync(tmpPath, targetPath) {
25
+ try {
26
+ renameSync(tmpPath, targetPath);
27
+ return;
28
+ }
29
+ catch (renameErr) {
30
+ try {
31
+ unlinkSync(targetPath);
32
+ }
33
+ catch (unlinkErr) {
34
+ if (unlinkErr.code !== 'ENOENT') {
35
+ throw new Error(`replace target cleanup failed: ${unlinkErr instanceof Error ? unlinkErr.message : String(unlinkErr)}`);
36
+ }
37
+ }
38
+ renameSync(tmpPath, targetPath);
39
+ }
40
+ }
41
+ function safeAid(aid) {
42
+ return aid.replace(/[/\\:]/g, '_');
43
+ }
44
+ export class LocalIdentityStore {
45
+ _root;
46
+ _aidsRoot;
47
+ _secretStore;
48
+ _aidDBs = new Map();
49
+ deviceId;
50
+ _logger;
51
+ constructor(root, opts) {
52
+ this._logger = opts?.logger ?? _noopLogger;
53
+ const preferred = root ?? join(homedir(), '.aun');
54
+ const fallback = join(process.cwd(), '.aun');
55
+ this._root = this._prepareRoot(preferred, fallback);
56
+ this._secretStore = opts?.secretStore ?? createDefaultSecretStore(this._root, opts?.encryptionSeed, undefined, { logger: opts?.secretStoreLogger ?? this._logger });
57
+ this._aidsRoot = join(this._root, 'AIDs');
58
+ mkdirSync(this._aidsRoot, { recursive: true });
59
+ this.deviceId = getDeviceId(this._root);
60
+ }
61
+ close() {
62
+ for (const db of this._aidDBs.values())
63
+ db.close();
64
+ this._aidDBs.clear();
65
+ }
66
+ static ChangeSeed(root, oldSeed, newSeed) {
67
+ return FileSecretStore.changeSeed(root, oldSeed, newSeed);
68
+ }
69
+ changeSeed(oldSeed, newSeed) {
70
+ this.close();
71
+ const result = FileSecretStore.changeSeed(this._root, oldSeed, newSeed, { logger: this._logger });
72
+ this._secretStore = createDefaultSecretStore(this._root, newSeed, undefined, { logger: this._logger });
73
+ return result;
74
+ }
75
+ _prepareRoot(preferred, fallback) {
76
+ try {
77
+ mkdirSync(preferred, { recursive: true });
78
+ return preferred;
79
+ }
80
+ catch {
81
+ this._logger.warn(`preferred path ${preferred} unavailable, falling back to ${fallback}`);
82
+ mkdirSync(fallback, { recursive: true });
83
+ return fallback;
84
+ }
85
+ }
86
+ _getDB(aid) {
87
+ const safe = safeAid(aid);
88
+ let db = this._aidDBs.get(safe);
89
+ if (!db) {
90
+ const dbPath = join(this._aidsRoot, safe, 'aun.db');
91
+ try {
92
+ db = new AIDDatabase(dbPath, this._secretStore, safe, this._logger);
93
+ }
94
+ catch (exc) {
95
+ this._logger.warn(`database corrupted, backing up and rebuilding: aid=${aid} err=${exc instanceof Error ? exc.message : String(exc)}`);
96
+ const ts = new Date().toISOString().replace(/[:.]/g, '-');
97
+ const bakPath = dbPath + `.corrupt_${ts}.bak`;
98
+ try {
99
+ renameSync(dbPath, bakPath);
100
+ }
101
+ catch (renameErr) {
102
+ this._logger.warn(`backup rename failed: ${renameErr instanceof Error ? renameErr.message : String(renameErr)}`);
103
+ }
104
+ for (const suffix of ['-wal', '-shm', '-journal']) {
105
+ try {
106
+ unlinkSync(dbPath + suffix);
107
+ }
108
+ catch { /* ignore */ }
109
+ }
110
+ db = new AIDDatabase(dbPath, this._secretStore, safe, this._logger);
111
+ }
112
+ this._aidDBs.set(safe, db);
113
+ }
114
+ return db;
115
+ }
116
+ // ── KeyPair ──────────────────────────────────────────────
117
+ loadKeyPair(aid) {
118
+ const path = this._keyPairPath(aid);
119
+ if (!existsSync(path))
120
+ return null;
121
+ let raw;
122
+ try {
123
+ raw = JSON.parse(readFileSync(path, 'utf-8'));
124
+ }
125
+ catch {
126
+ this._logger.warn('key.json read or parse failed, treating as non-existent');
127
+ return null;
128
+ }
129
+ return this._restoreKeyPair(aid, raw, path);
130
+ }
131
+ saveKeyPair(aid, keyPair) {
132
+ this._saveKeyPairAtPath(aid, this._keyPairPath(aid), keyPair);
133
+ }
134
+ _saveKeyPairAtPath(aid, path, keyPair) {
135
+ mkdirSync(dirname(path), { recursive: true });
136
+ const protected_ = JSON.parse(JSON.stringify(keyPair));
137
+ const pem = protected_.private_key_pem;
138
+ if (typeof pem === 'string' && pem) {
139
+ delete protected_.private_key_pem;
140
+ const rec = this._secretStore.protect(safeAid(aid), 'identity/private_key', Buffer.from(pem, 'utf-8'));
141
+ protected_.private_key_protection = rec;
142
+ }
143
+ const tmpPath = `${path}.tmp-${process.pid}-${Date.now()}-${crypto.randomBytes(4).toString('hex')}`;
144
+ writeFileSync(tmpPath, JSON.stringify(protected_, null, 2), { mode: 0o600 });
145
+ secureFilePermissions(tmpPath);
146
+ try {
147
+ replaceFileSync(tmpPath, path);
148
+ }
149
+ catch (exc) {
150
+ try {
151
+ unlinkSync(tmpPath);
152
+ }
153
+ catch { /* ignore */ }
154
+ throw exc;
155
+ }
156
+ secureFilePermissions(path);
157
+ }
158
+ _restoreKeyPair(aid, kp, persistPath) {
159
+ const out = JSON.parse(JSON.stringify(kp));
160
+ const rec = out.private_key_protection;
161
+ if (isJsonObject(rec)) {
162
+ const plain = this._secretStore.reveal(safeAid(aid), 'identity/private_key', rec);
163
+ if (!plain)
164
+ throw new Error(`private key decrypt failed for aid ${aid}: seed_password mismatch or key.json corrupted`);
165
+ out.private_key_pem = plain.toString('utf-8');
166
+ return out;
167
+ }
168
+ if (persistPath && typeof out.private_key_pem === 'string' && out.private_key_pem) {
169
+ this._saveKeyPairAtPath(aid, persistPath, out);
170
+ }
171
+ return out;
172
+ }
173
+ // ── Cert ─────────────────────────────────────────────────
174
+ loadCert(aid, certFingerprint) {
175
+ try {
176
+ const norm = this._normalizeCertFingerprint(certFingerprint);
177
+ if (norm) {
178
+ const vp = this._certVersionPath(aid, norm);
179
+ if (existsSync(vp))
180
+ return readFileSync(vp, 'utf-8');
181
+ const active = this._certPath(aid);
182
+ if (existsSync(active)) {
183
+ const certPem = readFileSync(active, 'utf-8');
184
+ if (certificateSha256Fingerprint(certPem) === norm)
185
+ return certPem;
186
+ }
187
+ return null;
188
+ }
189
+ const path = this._certPath(aid);
190
+ return existsSync(path) ? readFileSync(path, 'utf-8') : null;
191
+ }
192
+ catch {
193
+ this._logger.warn('cert.pem read failed, treating as non-existent');
194
+ return null;
195
+ }
196
+ }
197
+ saveCert(aid, certPem, certFingerprint, opts) {
198
+ const norm = this._normalizeCertFingerprint(certFingerprint);
199
+ if (norm) {
200
+ const vp = this._certVersionPath(aid, norm);
201
+ mkdirSync(dirname(vp), { recursive: true });
202
+ writeFileSync(vp, certPem);
203
+ if (!opts?.makeActive)
204
+ return;
205
+ }
206
+ const path = this._certPath(aid);
207
+ mkdirSync(dirname(path), { recursive: true });
208
+ writeFileSync(path, certPem);
209
+ }
210
+ _normalizeCertFingerprint(fp) {
211
+ const v = String(fp ?? '').trim().toLowerCase();
212
+ if (!v.startsWith('sha256:') || v.length !== 71)
213
+ return '';
214
+ if (/[^0-9a-f]/.test(v.slice(7)))
215
+ return '';
216
+ return v;
217
+ }
218
+ // ── Identity ─────────────────────────────────────────────
219
+ loadIdentity(aid) {
220
+ const identityDir = join(this._aidsRoot, safeAid(aid));
221
+ if (!existsSync(identityDir))
222
+ return null;
223
+ const kp = this.loadKeyPair(aid);
224
+ const cert = this.loadCert(aid);
225
+ const db = this._getDB(aid);
226
+ const kv = db.getAllMetadata();
227
+ const hasMeta = Object.keys(kv).length > 0;
228
+ if (!kp && !cert && !hasMeta)
229
+ return null;
230
+ const identity = {};
231
+ for (const [k, v] of Object.entries(kv)) {
232
+ try {
233
+ identity[k] = JSON.parse(v);
234
+ }
235
+ catch {
236
+ identity[k] = v;
237
+ }
238
+ }
239
+ if (kp)
240
+ Object.assign(identity, kp);
241
+ if (cert) {
242
+ const localPubB64 = kp?.public_key_der_b64;
243
+ if (typeof localPubB64 === 'string' && localPubB64) {
244
+ try {
245
+ const x = new crypto.X509Certificate(cert);
246
+ const certPubDer = x.publicKey.export({ type: 'spki', format: 'der' });
247
+ const localPubDer = Buffer.from(localPubB64, 'base64');
248
+ if (!certPubDer.equals(localPubDer)) {
249
+ this._logger.error('key.json public key does not match cert.pem public key, discarding cert');
250
+ }
251
+ else {
252
+ identity.cert = cert;
253
+ }
254
+ }
255
+ catch {
256
+ identity.cert = cert;
257
+ }
258
+ }
259
+ else {
260
+ identity.cert = cert;
261
+ }
262
+ }
263
+ return identity;
264
+ }
265
+ saveIdentity(aid, identity) {
266
+ const kp = {};
267
+ for (const k of ['private_key_pem', 'public_key_der_b64', 'curve']) {
268
+ if (k in identity)
269
+ kp[k] = identity[k];
270
+ }
271
+ if (Object.keys(kp).length > 0)
272
+ this.saveKeyPair(aid, kp);
273
+ if (typeof identity.cert === 'string' && identity.cert)
274
+ this.saveCert(aid, identity.cert);
275
+ const db = this._getDB(aid);
276
+ const skip = new Set(['private_key_pem', 'public_key_der_b64', 'curve', 'cert']);
277
+ for (const [k, v] of Object.entries(identity)) {
278
+ if (skip.has(k))
279
+ continue;
280
+ db.setMetadata(k, JSON.stringify(v));
281
+ }
282
+ }
283
+ loadAnyIdentity() {
284
+ if (!existsSync(this._aidsRoot))
285
+ return null;
286
+ for (const entry of readdirSync(this._aidsRoot, { withFileTypes: true })) {
287
+ if (!entry.isDirectory() || entry.name.startsWith('_'))
288
+ continue;
289
+ const identity = this.loadIdentity(entry.name);
290
+ if (identity)
291
+ return identity;
292
+ }
293
+ return null;
294
+ }
295
+ listIdentities() {
296
+ if (!existsSync(this._aidsRoot))
297
+ return [];
298
+ const aids = [];
299
+ for (const entry of readdirSync(this._aidsRoot, { withFileTypes: true })) {
300
+ if (!entry.isDirectory() || entry.name.startsWith('_'))
301
+ continue;
302
+ aids.push(entry.name);
303
+ }
304
+ return aids;
305
+ }
306
+ loadMetadata(aid) {
307
+ try {
308
+ const dbPath = join(this._aidsRoot, safeAid(aid), 'aun.db');
309
+ if (!existsSync(dbPath))
310
+ return null;
311
+ const kv = this._getDB(aid).getAllMetadata();
312
+ if (Object.keys(kv).length === 0)
313
+ return null;
314
+ const result = {};
315
+ for (const [k, v] of Object.entries(kv)) {
316
+ try {
317
+ result[k] = JSON.parse(v);
318
+ }
319
+ catch {
320
+ result[k] = v;
321
+ }
322
+ }
323
+ return result;
324
+ }
325
+ catch {
326
+ return null;
327
+ }
328
+ }
329
+ saveMetadata(aid, metadata) {
330
+ const db = this._getDB(aid);
331
+ for (const [k, v] of Object.entries(metadata)) {
332
+ if (v === undefined) {
333
+ db.deleteMetadata(k);
334
+ continue;
335
+ }
336
+ db.setMetadata(k, JSON.stringify(v));
337
+ }
338
+ }
339
+ // ── Instance State ───────────────────────────────────────
340
+ loadInstanceState(aid, deviceId, slotId = '') {
341
+ return this._getDB(aid).loadInstanceState(deviceId, slotId);
342
+ }
343
+ saveInstanceState(aid, deviceId, slotId, state) {
344
+ this._getDB(aid).saveInstanceState(deviceId, slotId, state);
345
+ }
346
+ // ── Seq Tracker ───────────────────────────────────────────
347
+ saveSeq(aid, deviceId, slotId, namespace, contiguousSeq) {
348
+ this._getDB(aid).saveSeq(deviceId, slotId, namespace, contiguousSeq);
349
+ }
350
+ loadSeq(aid, deviceId, slotId, namespace) {
351
+ return this._getDB(aid).loadSeq(deviceId, slotId, namespace);
352
+ }
353
+ loadAllSeqs(aid, deviceId, slotId) {
354
+ return this._getDB(aid).loadAllSeqs(deviceId, slotId);
355
+ }
356
+ // ── 信任根管理 ─────────────────────────────────────────────
357
+ trustRootDir() {
358
+ const dir = join(this._root, 'CA', 'root');
359
+ mkdirSync(dir, { recursive: true });
360
+ return dir;
361
+ }
362
+ trustRootBundlePath() {
363
+ return join(this.trustRootDir(), 'trust-roots.pem');
364
+ }
365
+ saveTrustRoots(trustList, rootCerts) {
366
+ const dir = this.trustRootDir();
367
+ for (let i = 0; i < rootCerts.length; i++) {
368
+ const item = rootCerts[i];
369
+ const certId = item.id || item.fingerprint_sha256 || `root-${i + 1}`;
370
+ writeFileSync(join(dir, `${certId.replace(/[^A-Za-z0-9_.-]+/g, '_').slice(0, 120)}.crt`), item.cert_pem, 'utf-8');
371
+ }
372
+ const bundlePath = this.trustRootBundlePath();
373
+ writeFileSync(bundlePath, rootCerts.map(i => i.cert_pem.trim()).join('\n') + '\n', 'utf-8');
374
+ writeFileSync(join(dir, 'trust-roots.json'), JSON.stringify(trustList, null, 2), 'utf-8');
375
+ return bundlePath;
376
+ }
377
+ saveIssuerRootCert(issuer, certPem, fingerprintSha256 = '') {
378
+ const dir = this.trustRootDir();
379
+ const issuersDir = join(dir, 'issuers');
380
+ mkdirSync(issuersDir, { recursive: true });
381
+ const certPath = join(issuersDir, `${(issuer || 'issuer').replace(/[^A-Za-z0-9_.-]+/g, '_').slice(0, 120)}.root.crt`);
382
+ const normalizedPem = certPem.trim() + '\n';
383
+ writeFileSync(certPath, normalizedPem, 'utf-8');
384
+ const bundlePath = this.trustRootBundlePath();
385
+ const existingPems = new Map();
386
+ try {
387
+ for (const pem of readFileSync(bundlePath, 'utf-8').split(/(?<=-----END CERTIFICATE-----)\s*/).map(s => s.trim()).filter(s => s.startsWith('-----BEGIN CERTIFICATE-----'))) {
388
+ existingPems.set(this._pemFingerprint(pem), pem);
389
+ }
390
+ }
391
+ catch { /* ignore */ }
392
+ const newFp = fingerprintSha256 ? fingerprintSha256.toLowerCase().replace(/^sha256:/, '') : this._pemFingerprint(normalizedPem);
393
+ existingPems.set(newFp, normalizedPem);
394
+ writeFileSync(bundlePath, Array.from(existingPems.values()).map(p => p.trim()).join('\n') + '\n', 'utf-8');
395
+ return [certPath, bundlePath];
396
+ }
397
+ _pemFingerprint(pem) {
398
+ try {
399
+ const der = pem.replace(/-----[A-Z ]+-----/g, '').replace(/\s/g, '');
400
+ return crypto.createHash('sha256').update(Buffer.from(der, 'base64')).digest('hex');
401
+ }
402
+ catch {
403
+ return crypto.createHash('sha256').update(pem, 'utf-8').digest('hex');
404
+ }
405
+ }
406
+ // ── Pending 身份管理 ─────────────────────────────────────
407
+ pendingIdentityDir(aid) {
408
+ const nonce = crypto.randomBytes(4).toString('hex');
409
+ const ts = Math.floor(Date.now() / 1000);
410
+ const dir = join(this._pendingRoot(), `${safeAid(aid)}-${nonce}-${ts}`);
411
+ mkdirSync(join(dir, 'private'), { recursive: true });
412
+ mkdirSync(join(dir, 'public'), { recursive: true });
413
+ return dir;
414
+ }
415
+ listPendingIdentityDirs(aid) {
416
+ const root = this._pendingRoot();
417
+ if (!existsSync(root))
418
+ return [];
419
+ const prefix = `${safeAid(aid)}-`;
420
+ const items = [];
421
+ for (const entry of readdirSync(root, { withFileTypes: true })) {
422
+ if (!entry.isDirectory() || !entry.name.startsWith(prefix))
423
+ continue;
424
+ const path = join(root, entry.name);
425
+ try {
426
+ items.push({ path, mtimeMs: statSync(path).mtimeMs });
427
+ }
428
+ catch { /* ignore */ }
429
+ }
430
+ return items.sort((a, b) => b.mtimeMs - a.mtimeMs).map(item => item.path);
431
+ }
432
+ savePendingKeyPair(pendingDir, aid, keyPair) {
433
+ this._saveKeyPairAtPath(aid, join(pendingDir, 'private', 'key.json'), keyPair);
434
+ }
435
+ loadPendingKeyPair(pendingDir, aid) {
436
+ const keyPath = join(pendingDir, 'private', 'key.json');
437
+ if (!existsSync(keyPath))
438
+ return null;
439
+ let raw;
440
+ try {
441
+ raw = JSON.parse(readFileSync(keyPath, 'utf-8'));
442
+ }
443
+ catch {
444
+ return null;
445
+ }
446
+ return this._restoreKeyPair(aid, raw, keyPath);
447
+ }
448
+ savePendingCert(pendingDir, certPem) {
449
+ const certPath = join(pendingDir, 'public', 'cert.pem');
450
+ mkdirSync(dirname(certPath), { recursive: true });
451
+ writeFileSync(certPath, certPem, { encoding: 'utf-8', mode: 0o600 });
452
+ }
453
+ promotePendingIdentity(pendingDir, aid) {
454
+ this._ensurePendingKeyPairProtected(pendingDir, aid);
455
+ const target = join(this._aidsRoot, safeAid(aid));
456
+ if (existsSync(target))
457
+ throw new Error(`promotePendingIdentity: target exists: ${target}`);
458
+ const safe = safeAid(aid);
459
+ const db = this._aidDBs.get(safe);
460
+ if (db) {
461
+ try {
462
+ db.close();
463
+ }
464
+ catch { /* ignore */ }
465
+ this._aidDBs.delete(safe);
466
+ }
467
+ mkdirSync(this._aidsRoot, { recursive: true });
468
+ fsRenameSync(pendingDir, target);
469
+ return target;
470
+ }
471
+ discardPendingIdentity(pendingDir) {
472
+ fsRmSync(pendingDir, { recursive: true, force: true });
473
+ }
474
+ cleanupPendingDirs(maxAgeMs = 600_000) {
475
+ const root = this._pendingRoot();
476
+ if (!existsSync(root))
477
+ return 0;
478
+ let removed = 0;
479
+ const now = Date.now();
480
+ try {
481
+ for (const entry of readdirSync(root, { withFileTypes: true })) {
482
+ if (!entry.isDirectory())
483
+ continue;
484
+ const path = join(root, entry.name);
485
+ try {
486
+ if (now - statSync(path).mtimeMs < maxAgeMs)
487
+ continue;
488
+ fsRmSync(path, { recursive: true, force: true });
489
+ removed++;
490
+ }
491
+ catch (e) {
492
+ this._logger.warn(`cleanupPendingDirs entry failed: ${path} err=${e instanceof Error ? e.message : String(e)}`);
493
+ }
494
+ }
495
+ }
496
+ catch (e) {
497
+ this._logger.warn(`cleanupPendingDirs read root failed: ${root} err=${e instanceof Error ? e.message : String(e)}`);
498
+ }
499
+ return removed;
500
+ }
501
+ _ensurePendingKeyPairProtected(pendingDir, aid) {
502
+ const keyPath = join(pendingDir, 'private', 'key.json');
503
+ if (!existsSync(keyPath))
504
+ throw new Error(`pending identity missing key pair for ${aid}`);
505
+ const raw = JSON.parse(readFileSync(keyPath, 'utf-8'));
506
+ if (typeof raw.private_key_pem === 'string' && raw.private_key_pem)
507
+ throw new Error(`pending identity private key is plaintext for ${aid}`);
508
+ if (!isJsonObject(raw.private_key_protection))
509
+ throw new Error(`pending identity private key is not encrypted for ${aid}`);
510
+ }
511
+ _pendingRoot() {
512
+ return join(this._aidsRoot, '_pending');
513
+ }
514
+ // ── 路径辅助 ─────────────────────────────────────────────
515
+ _keyPairPath(aid) {
516
+ return join(this._aidsRoot, safeAid(aid), 'private', 'key.json');
517
+ }
518
+ _certPath(aid) {
519
+ return join(this._aidsRoot, safeAid(aid), 'public', 'cert.pem');
520
+ }
521
+ _certVersionPath(aid, fp) {
522
+ return join(this._aidsRoot, safeAid(aid), 'public', 'certs', `${fp.replace(/:/g, '_')}.pem`);
523
+ }
524
+ }
525
+ //# sourceMappingURL=local-identity-store.js.map
package/dist/keystore/local-identity-store.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"local-identity-store.js","sourceRoot":"","sources":["../../src/keystore/local-identity-store.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EACL,UAAU,EACV,SAAS,EACT,YAAY,EACZ,aAAa,EACb,WAAW,EACX,SAAS,EACT,UAAU,EACV,UAAU,EACV,MAAM,IAAI,QAAQ,EAClB,UAAU,IAAI,YAAY,EAC1B,QAAQ,GACT,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAKlC,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,4BAA4B,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAC;AACpE,OAAO,EAAE,eAAe,EAAyB,MAAM,+BAA+B,CAAC;AACvF,OAAO,EACL,YAAY,GAKb,MAAM,aAAa,CAAC;AAErB,MAAM,WAAW,GAAiB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC,EAAE,CAAC;AAEvG,SAAS,qBAAqB,CAAC,IAAY;IACzC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,IAAI,CAAC;YAAC,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,OAAe,EAAE,UAAkB;IAC1D,IAAI,CAAC;QACH,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;QAChC,OAAO;IACT,CAAC;IAAC,OAAO,SAAS,EAAE,CAAC;QACnB,IAAI,CAAC;YAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAAC,CAAC;QAAC,OAAO,SAAS,EAAE,CAAC;YACjD,IAAK,SAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACvD,MAAM,IAAI,KAAK,CAAC,kCAAkC,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;YAC1H,CAAC;QACH,CAAC;QACD,UAAU,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAClC,CAAC;AACH,CAAC;AAED,SAAS,OAAO,CAAC,GAAW;IAC1B,OAAO,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;AACrC,CAAC;AAED,MAAM,OAAO,kBAAkB;IACrB,KAAK,CAAS;IACd,SAAS,CAAS;IAClB,YAAY,CAAc;IAC1B,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAC;IACxC,QAAQ,CAAS;IAClB,OAAO,CAAe;IAE9B,YACE,IAAa,EACb,IAKC;QAED,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE,MAAM,IAAI,WAAW,CAAC;QAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,YAAY,GAAG,IAAI,EAAE,WAAW,IAAI,wBAAwB,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,iBAAiB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACpK,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1C,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,IAAI,CAAC,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC1C,CAAC;IAED,KAAK;QACH,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;YAAE,EAAE,CAAC,KAAK,EAAE,CAAC;QACnD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAED,MAAM,CAAC,UAAU,CAAC,IAAY,EAAE,OAAe,EAAE,OAAe;QAC9D,OAAO,eAAe,CAAC,UAAU,CAAC,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IAC5D,CAAC;IAED,UAAU,CAAC,OAAe,EAAE,OAAe;QACzC,IAAI,CAAC,KAAK,EAAE,CAAC;QACb,MAAM,MAAM,GAAG,eAAe,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QAClG,IAAI,CAAC,YAAY,GAAG,wBAAwB,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;QACvG,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,YAAY,CAAC,SAAiB,EAAE,QAAgB;QACtD,IAAI,CAAC;YACH,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1C,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kBAAkB,SAAS,iCAAiC,QAAQ,EAAE,CAAC,CAAC;YAC1F,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,GAAW;QACxB,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1B,IAAI,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,CAAC,EAAE,EAAE,CAAC;YACR,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;YACpD,IAAI,CAAC;gBACH,EAAE,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACtE,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,sDAAsD,GAAG,QAAQ,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACvI,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAC1D,MAAM,OAAO,GAAG,MAAM,GAAG,YAAY,EAAE,MAAM,CAAC;gBAC9C,IAAI,CAAC;oBAAC,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;gBAAC,CAAC;gBAAC,OAAO,SAAS,EAAE,CAAC;oBACtD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,yBAAyB,SAAS,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;gBACnH,CAAC;gBACD,KAAK,MAAM,MAAM,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC;oBAClD,IAAI,CAAC;wBAAC,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC;oBAAC,CAAC;oBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;gBAC7D,CAAC;gBACD,EAAE,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,IAAI,CAAC,YAAY,EAAE,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACtE,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,4DAA4D;IAE5D,WAAW,CAAC,GAAW;QACrB,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAC;QACnC,IAAI,GAAe,CAAC;QACpB,IAAI,CAAC;YACH,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAe,CAAC;QAC9D,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,yDAAyD,CAAC,CAAC;YAC7E,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,WAAW,CAAC,GAAW,EAAE,OAAsB;QAC7C,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;IAEO,kBAAkB,CAAC,GAAW,EAAE,IAAY,EAAE,OAAsB;QAC1E,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAkB,CAAC;QACxE,MAAM,GAAG,GAAG,UAAU,CAAC,eAAe,CAAC;QACvC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,EAAE,CAAC;YACnC,OAAO,UAAU,CAAC,eAAe,CAAC;YAClC,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,sBAAsB,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;YACvG,UAAU,CAAC,sBAAsB,GAAG,GAAG,CAAC;QAC1C,CAAC;QACD,MAAM,OAAO,GAAG,GAAG,IAAI,QAAQ,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACpG,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC7E,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC/B,IAAI,CAAC;YACH,eAAe,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC;gBAAC,UAAU,CAAC,OAAO,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YACnD,MAAM,GAAG,CAAC;QACZ,CAAC;QACD,qBAAqB,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;IAEO,eAAe,CAAC,GAAW,EAAE,EAAc,EAAE,WAAoB;QACvE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAkB,CAAC;QAC5D,MAAM,GAAG,GAAI,GAAkB,CAAC,sBAAsB,CAAC;QACvD,IAAI,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,KAAK,GAAG,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,sBAAsB,EAAE,GAAU,CAAC,CAAC;YACzF,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,gDAAgD,CAAC,CAAC;YACvH,GAAG,CAAC,eAAe,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC9C,OAAO,GAAG,CAAC;QACb,CAAC;QACD,IAAI,WAAW,IAAI,OAAO,GAAG,CAAC,eAAe,KAAK,QAAQ,IAAI,GAAG,CAAC,eAAe,EAAE,CAAC;YAClF,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;QACjD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,4DAA4D;IAE5D,QAAQ,CAAC,GAAW,EAAE,eAAwB;QAC5C,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,yBAAyB,CAAC,eAAe,CAAC,CAAC;YAC7D,IAAI,IAAI,EAAE,CAAC;gBACT,MAAM,EAAE,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;gBAC5C,IAAI,UAAU,CAAC,EAAE,CAAC;oBAAE,OAAO,YAAY,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;gBACrD,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnC,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBACvB,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;oBAC9C,IAAI,4BAA4B,CAAC,OAAO,CAAC,KAAK,IAAI;wBAAE,OAAO,OAAO,CAAC;gBACrE,CAAC;gBACD,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;YACjC,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC/D,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YACpE,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,GAAW,EAAE,OAAe,EAAE,eAAwB,EAAE,IAA+B;QAC9F,MAAM,IAAI,GAAG,IAAI,CAAC,yBAAyB,CAAC,eAAe,CAAC,CAAC;QAC7D,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,EAAE,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAC5C,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5C,aAAa,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YAC3B,IAAI,CAAC,IAAI,EAAE,UAAU;gBAAE,OAAO;QAChC,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACjC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,aAAa,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAC/B,CAAC;IAEO,yBAAyB,CAAC,EAAW;QAC3C,MAAM,CAAC,GAAG,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAChD,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,EAAE;YAAE,OAAO,EAAE,CAAC;QAC3D,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,EAAE,CAAC;QAC5C,OAAO,CAAC,CAAC;IACX,CAAC;IAED,4DAA4D;IAE5D,YAAY,CAAC,GAAW;QACtB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QACvD,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAE1C,MAAM,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChC,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,EAAE,GAAG,EAAE,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAC3C,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAE1C,MAAM,QAAQ,GAAmB,EAAE,CAAC;QACpC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;YACxC,IAAI,CAAC;gBAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC;gBAAC,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAAC,CAAC;QACjE,CAAC;QACD,IAAI,EAAE;YAAE,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;QACpC,IAAI,IAAI,EAAE,CAAC;YACT,MAAM,WAAW,GAAG,EAAE,EAAE,kBAAkB,CAAC;YAC3C,IAAI,OAAO,WAAW,KAAK,QAAQ,IAAI,WAAW,EAAE,CAAC;gBACnD,IAAI,CAAC;oBACH,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;oBAC3C,MAAM,UAAU,GAAG,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;oBACvE,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;oBACvD,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;wBACpC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,yEAAyE,CAAC,CAAC;oBAChG,CAAC;yBAAM,CAAC;wBACN,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;oBACvB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;gBAAC,CAAC;YACnC,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,GAAG,IAAI,CAAC;YACvB,CAAC;QACH,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,YAAY,CAAC,GAAW,EAAE,QAAwB;QAChD,MAAM,EAAE,GAAkB,EAAE,CAAC;QAC7B,KAAK,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,oBAAoB,EAAE,OAAO,CAAU,EAAE,CAAC;YAC5E,IAAI,CAAC,IAAI,QAAQ;gBAAE,EAAE,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAW,CAAC;QACnD,CAAC;QACD,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1D,IAAI,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,IAAI,QAAQ,CAAC,IAAI;YAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,MAAM,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,iBAAiB,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC;QACjF,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,SAAS;YAC1B,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,eAAe;QACb,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,IAAI,CAAC;QAC7C,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YACjE,MAAM,QAAQ,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC/C,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;QAChC,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,cAAc;QACZ,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC;YAAE,OAAO,EAAE,CAAC;QAC3C,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACzE,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YACjE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY,CAAC,GAAW;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,QAAQ,CAAC,CAAC;YAC5D,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,OAAO,IAAI,CAAC;YACrC,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,EAAE,CAAC;YAC7C,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;YAC9C,MAAM,MAAM,GAA4B,EAAE,CAAC;YAC3C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC,EAAE,CAAC;gBACxC,IAAI,CAAC;oBAAC,MAAM,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;gBAAC,CAAC;YAC7D,CAAC;YACD,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,IAAI,CAAC;QAAC,CAAC;IAC1B,CAAC;IAED,YAAY,CAAC,GAAW,EAAE,QAAiC;QACzD,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5B,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBAAC,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;gBAAC,SAAS;YAAC,CAAC;YACxD,EAAE,CAAC,WAAW,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,4DAA4D;IAE5D,iBAAiB,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAM,GAAG,EAAE;QAC1D,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,CAA0B,CAAC;IACvF,CAAC;IAED,iBAAiB,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc,EAAE,KAAqB;QACpF,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IAC9D,CAAC;IAED,6DAA6D;IAE7D,OAAO,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc,EAAE,SAAiB,EAAE,aAAqB;QAC7F,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,aAAa,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc,EAAE,SAAiB;QACtE,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;IAC/D,CAAC;IAED,WAAW,CAAC,GAAW,EAAE,QAAgB,EAAE,MAAc;QACvD,OAAO,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACxD,CAAC;IAED,yDAAyD;IAEzD,YAAY;QACV,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAC3C,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpC,OAAO,GAAG,CAAC;IACb,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,iBAAiB,CAAC,CAAC;IACtD,CAAC;IAED,cAAc,CAAC,SAAkC,EAAE,SAAgF;QACjI,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAChC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,kBAAkB,IAAI,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACrE,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACpH,CAAC;QACD,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC9C,aAAa,CAAC,UAAU,EAAE,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5F,aAAa,CAAC,IAAI,CAAC,GAAG,EAAE,kBAAkB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1F,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,kBAAkB,CAAC,MAAc,EAAE,OAAe,EAAE,iBAAiB,GAAG,EAAE;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QAChC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;QACxC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,IAAI,QAAQ,CAAC,CAAC,OAAO,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,WAAW,CAAC,CAAC;QACtH,MAAM,aAAa,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,IAAI,CAAC;QAC5C,aAAa,CAAC,QAAQ,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC;QAChD,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC9C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAkB,CAAC;QAC/C,IAAI,CAAC;YACH,KAAK,MAAM,GAAG,IAAI,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC,EAAE,CAAC;gBAC3K,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QACxB,MAAM,KAAK,GAAG,iBAAiB,CAAC,CAAC,CAAC,iBAAiB,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;QAChI,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,aAAa,CAAC,CAAC;QACvC,aAAa,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3G,OAAO,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAChC,CAAC;IAEO,eAAe,CAAC,GAAW;QACjC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACrE,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACtF,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IAED,wDAAwD;IAExD,kBAAkB,CAAC,GAAW;QAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,KAAK,IAAI,EAAE,EAAE,CAAC,CAAC;QACxE,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,SAAS,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,OAAO,GAAG,CAAC;IACb,CAAC;IAED,uBAAuB,CAAC,GAAW;QACjC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC;QAClC,MAAM,KAAK,GAA6C,EAAE,CAAC;QAC3D,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YAC/D,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC;gBAAE,SAAS;YACrE,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,IAAI,CAAC;gBAAC,KAAK,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QACvF,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5E,CAAC;IAED,kBAAkB,CAAC,UAAkB,EAAE,GAAW,EAAE,OAAsB;QACxE,IAAI,CAAC,kBAAkB,CAAC,GAAG,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE,OAAO,CAAC,CAAC;IACjF,CAAC;IAED,kBAAkB,CAAC,UAAkB,EAAE,GAAW;QAChD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO,IAAI,CAAC;QACtC,IAAI,GAAe,CAAC;QACpB,IAAI,CAAC;YAAC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAe,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC;YAAC,OAAO,IAAI,CAAC;QAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,eAAe,CAAC,UAAkB,EAAE,OAAe;QACjD,MAAM,QAAQ,GAAG,IAAI,CAAC,UAAU,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;QACxD,SAAS,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAClD,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,sBAAsB,CAAC,UAAkB,EAAE,GAAW;QACpD,IAAI,CAAC,8BAA8B,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;QAClD,IAAI,UAAU,CAAC,MAAM,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,MAAM,EAAE,CAAC,CAAC;QAC5F,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QAC1B,MAAM,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClC,IAAI,EAAE,EAAE,CAAC;YAAC,IAAI,CAAC;gBAAC,EAAE,CAAC,KAAK,EAAE,CAAC;YAAC,CAAC;YAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;YAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAAC,CAAC;QACjF,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACjC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sBAAsB,CAAC,UAAkB;QACvC,QAAQ,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,kBAAkB,CAAC,QAAQ,GAAG,OAAO;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACjC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,CAAC,CAAC;QAChC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;gBAC/D,IAAI,CAAC,KAAK,CAAC,WAAW,EAAE;oBAAE,SAAS;gBACnC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC;gBACpC,IAAI,CAAC;oBACH,IAAI,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,OAAO,GAAG,QAAQ;wBAAE,SAAS;oBACtD,QAAQ,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;oBACjD,OAAO,EAAE,CAAC;gBACZ,CAAC;gBAAC,OAAO,CAAC,EAAE,CAAC;oBACX,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,oCAAoC,IAAI,QAAQ,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAClH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,wCAAwC,IAAI,QAAQ,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACtH,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,8BAA8B,CAAC,UAAkB,EAAE,GAAW;QACpE,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QACxD,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,EAAE,CAAC,CAAC;QAC1F,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAe,CAAC;QACrE,IAAI,OAAO,GAAG,CAAC,eAAe,KAAK,QAAQ,IAAI,GAAG,CAAC,eAAe;YAAE,MAAM,IAAI,KAAK,CAAC,iDAAiD,GAAG,EAAE,CAAC,CAAC;QAC5I,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,sBAAsB,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,qDAAqD,GAAG,EAAE,CAAC,CAAC;IAC7H,CAAC;IAEO,YAAY;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED,wDAAwD;IAEhD,YAAY,CAAC,GAAW;QAC9B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;IACnE,CAAC;IAEO,SAAS,CAAC,GAAW;QAC3B,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;IAClE,CAAC;IAEO,gBAAgB,CAAC,GAAW,EAAE,EAAU;QAC9C,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/F,CAAC;CACF"}
package/dist/keystore/local-token-store.d.ts ADDED
@@ -0,0 +1,68 @@
1
+ /**
2
+ * LocalTokenStore — 基于 SQLite 的 TokenStore 实现(不含私钥操作)。
3
+ * AUNClient / AuthFlow 持有此类型。
4
+ */
5
+ import type { TokenStore } from './index.js';
6
+ import type { SecretStore } from '../secret-store/index.js';
7
+ import type { ModuleLogger } from '../logger.js';
8
+ import { V2KeyStore } from '../v2/session/keystore.js';
9
+ import { type SeedChangeResult } from '../secret-store/file-store.js';
10
+ import type { MetadataRecord } from '../types.js';
11
+ export declare class LocalTokenStore implements TokenStore {
12
+ private _root;
13
+ private _aidsRoot;
14
+ private _secretStore;
15
+ private _aidDBs;
16
+ readonly deviceId: string;
17
+ private _logger;
18
+ constructor(root?: string, opts?: {
19
+ secretStore?: SecretStore;
20
+ encryptionSeed?: string;
21
+ logger?: ModuleLogger;
22
+ secretStoreLogger?: ModuleLogger;
23
+ });
24
+ close(): void;
25
+ static ChangeSeed(root: string, oldSeed: string, newSeed: string): SeedChangeResult;
26
+ changeSeed(oldSeed: string, newSeed: string): SeedChangeResult;
27
+ private _prepareRoot;
28
+ private _getDB;
29
+ loadCert(aid: string, certFingerprint?: string): string | null;
30
+ saveCert(aid: string, certPem: string, certFingerprint?: string, opts?: {
31
+ makeActive?: boolean;
32
+ }): void;
33
+ loadInstanceState(aid: string, deviceId: string, slotId?: string): MetadataRecord | null;
34
+ saveInstanceState(aid: string, deviceId: string, slotId: string, state: MetadataRecord): void;
35
+ updateInstanceState(aid: string, deviceId: string, slotId: string, updater: (state: MetadataRecord) => MetadataRecord | void): MetadataRecord;
36
+ saveSeq(aid: string, deviceId: string, slotId: string, namespace: string, contiguousSeq: number): void;
37
+ loadSeq(aid: string, deviceId: string, slotId: string, namespace: string): number;
38
+ loadAllSeqs(aid: string, deviceId: string, slotId: string): Record<string, number>;
39
+ deleteSeq(aid: string, deviceId: string, slotId: string, namespace: string): void;
40
+ loadMetadata(aid: string): Record<string, unknown> | null;
41
+ saveMetadata(aid: string, metadata: Record<string, unknown>): void;
42
+ trustRootDir(): string;
43
+ trustRootBundlePath(): string;
44
+ saveTrustRoots(trustList: Record<string, unknown>, rootCerts: Array<{
45
+ id?: string;
46
+ cert_pem: string;
47
+ fingerprint_sha256?: string;
48
+ }>): string;
49
+ saveIssuerRootCert(issuer: string, certPem: string, fingerprintSha256?: string): [string, string];
50
+ private _pemFingerprint;
51
+ saveE2EEPrekey(aid: string, prekeyId: string, prekeyData: Record<string, unknown>, deviceId?: string): Promise<void>;
52
+ loadE2EEPrekeys(aid: string, deviceId?: string): Promise<Record<string, Record<string, unknown>>>;
53
+ listGroupSecretIds(aid: string): Promise<string[]>;
54
+ loadGroupSecretEpoch(aid: string, groupId: string, epoch?: number | null): Promise<Record<string, unknown> | null>;
55
+ storeGroupSecretTransition(aid: string, groupId: string, opts: {
56
+ epoch: number;
57
+ secret: string;
58
+ commitment: string;
59
+ memberAids?: string[];
60
+ oldEpochRetentionMs?: number;
61
+ }): Promise<boolean>;
62
+ saveE2EESession(aid: string, sessionId: string, data: Record<string, unknown>): Promise<void>;
63
+ loadE2EESessions(aid: string): Promise<Array<Record<string, unknown>>>;
64
+ /** 获取指定 AID 的 V2KeyStore(共享同一 SQLite 连接)。 */
65
+ getV2KeyStore(aid: string): V2KeyStore;
66
+ private _certPath;
67
+ private _certVersionPath;
68
+ }