@agirails/sdk 4.4.9 → 4.5.2

package/dist/delivery/validate.js

@@ -0,0 +1,648 @@
+"use strict";
+/**
+ * AIP-16 Delivery Surface — Runtime Validation (Phase 2a)
+ * ========================================================
+ *
+ * Pure, dependency-light runtime validators for the delivery surface
+ * wire and signed shapes. Used by:
+ *
+ *  - Buyer SDK when receiving a {@link DeliveryEnvelopeWireV1} from the
+ *    relay, before signature recovery and decryption.
+ *  - Provider SDK when receiving a {@link DeliverySetupWireV1} from the
+ *    relay, before signature recovery and ECDH key derivation.
+ *  - Server-side Platform routes that accept these objects over HTTP
+ *    (mirrored in Phase 2c so client and server share the same
+ *    validation contract — defense-in-depth against a malicious peer
+ *    or a buggy/older client).
+ *
+ * Design notes:
+ *
+ *  - Validators are PURE — they do not throw, do not perform I/O, do
+ *    not consult network state. They return a discriminated
+ *    {@link ValidationResult} so callers can branch cleanly.
+ *
+ *  - On the first failure the validator returns; we do NOT accumulate
+ *    error lists. The first structural defect makes downstream checks
+ *    meaningless and the order in which we check is deliberately
+ *    coarse → fine (top-level shape, then individual fields, then
+ *    cross-field invariants).
+ *
+ *  - The error string is a stable, machine-actionable identifier
+ *    (snake_case, no message punctuation). Higher layers map it to a
+ *    {@link DeliveryErrorCode} when they want a structured error.
+ *
+ *  - Field order in {@link DeliverySetupSignedV1} and
+ *    {@link DeliveryEnvelopeSignedV1} is part of the EIP-712 type hash
+ *    and therefore part of the cross-SDK contract. The validators here
+ *    do NOT enforce order (it cannot be enforced on a parsed
+ *    JavaScript object), but they DO enforce the *presence and type*
+ *    of every field — which is sufficient to guarantee that signature
+ *    recovery has a well-formed input.
+ *
+ *  - Canonical-empty rule: for `scheme: "public-v1"`, the
+ *    encryption-related slots (`providerEphemeralPubkey`, `nonce`,
+ *    `tag`) MUST be the canonical zero-filled values of the correct
+ *    length — NOT omitted, NOT non-zero. This is enforced by
+ *    {@link validateSchemeConsistency} after the per-field validators
+ *    pass.
+ *
+ * @module delivery/validate
+ * @see ./types — the underlying signed/wire interfaces
+ * @see ./eip712 — domain + signed-type schemas (kept in lock-step)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateSchemeConsistency = exports.validateEnvelopeWire = exports.validateEnvelopeSigned = exports.validateSetupWire = exports.validateSetupSigned = exports.isCanonicalEmptyBytes16 = exports.isCanonicalEmptyBytes12 = exports.isCanonicalEmptyBytes32 = exports.isValidRole = exports.isValidPrivacy = exports.isValidScheme = exports.isValidUintString = exports.isValidAddress = exports.isValidBytes16 = exports.isValidBytes12 = exports.isValidBytes32 = void 0;
+const ethers_1 = require("ethers");
+const types_1 = require("./types");
+// ============================================================================
+// Internal Constants
+// ============================================================================
+//
+// Hex regexes here are intentionally compiled once at module scope (not
+// per-call) — they are exercised on every inbound wire object, and the
+// per-call regex cost would otherwise be a measurable share of the
+// validation budget.
+//
+// We accept BOTH cases of A-F in the hex body so that callers using
+// checksum-cased addresses or mixed-case bytes32 (e.g. straight from
+// `ethers.hexlify`, which currently lowercases but may not always)
+// are not punished by this layer. The signed types canonicalize
+// addresses to lowercase later, before signature recovery.
+const BYTES32_HEX_RE = /^0x[0-9a-fA-F]{64}$/;
+const BYTES16_HEX_RE = /^0x[0-9a-fA-F]{32}$/;
+const BYTES12_HEX_RE = /^0x[0-9a-fA-F]{24}$/;
+const UINT_STRING_RE = /^(0|[1-9][0-9]*)$/;
+/**
+ * Allowed delivery schemes (kept in lock-step with {@link DeliveryScheme}).
+ * Exported as a tuple-cast Set so adding a new scheme is a single
+ * source-of-truth edit visible to all validators.
+ */
+const ALLOWED_SCHEMES = new Set([
+    'x25519-aes256gcm-v1',
+    'public-v1',
+]);
+/**
+ * Allowed expected-privacy values (kept in lock-step with
+ * {@link DeliveryPrivacy}).
+ */
+const ALLOWED_PRIVACY = new Set([
+    'encrypted',
+    'public',
+]);
+/**
+ * Allowed participant role tokens (kept in lock-step with
+ * {@link ParticipantRole}).
+ */
+const ALLOWED_ROLES = new Set([
+    'provider',
+    'requester',
+]);
+/**
+ * Lowercased canonical-empty hex strings, computed once at module load
+ * so comparisons in {@link validateSchemeConsistency} are a fast string
+ * equality on already-normalized values.
+ */
+const CANONICAL_EMPTY_BYTES32_LC = types_1.CANONICAL_EMPTY_BYTES32.toLowerCase();
+const CANONICAL_EMPTY_BYTES12_LC = types_1.CANONICAL_EMPTY_BYTES12.toLowerCase();
+const CANONICAL_EMPTY_BYTES16_LC = types_1.CANONICAL_EMPTY_BYTES16.toLowerCase();
+/**
+ * Maximum reasonable `acceptedChannels` array length. The v1 channel
+ * registry has exactly one entry (`agirails-relay-v1`); we accept up
+ * to 32 to leave room for future channels without making the cap a
+ * forwards-compat hazard, but reject obviously-pathological lists
+ * that could be used to inflate signed-payload size.
+ */
+const MAX_ACCEPTED_CHANNELS = 32;
+/**
+ * Maximum reasonable length of a single channel identifier string.
+ * The v1 identifier `agirails-relay-v1` is 17 chars; a 256-char cap
+ * provides ample room for namespaced future identifiers (e.g.
+ * `libp2p://Qm…`) while preventing memory amplification attacks.
+ */
+const MAX_CHANNEL_ID_LENGTH = 256;
+// ============================================================================
+// Primitive Validators
+// ============================================================================
+/**
+ * True iff `s` is a string of exactly `0x` + 64 hex characters
+ * (case-insensitive), i.e. a well-formed `bytes32` hex value.
+ *
+ * Does NOT enforce lowercase — both lower and upper hex digits are
+ * accepted. Higher layers (signature recovery, canonical-empty
+ * checks) are responsible for case normalization where it matters.
+ */
+function isValidBytes32(s) {
+    return typeof s === 'string' && BYTES32_HEX_RE.test(s);
+}
+exports.isValidBytes32 = isValidBytes32;
+/**
+ * True iff `s` is a string of exactly `0x` + 24 hex characters
+ * (case-insensitive), i.e. a well-formed `bytes12` value — the
+ * AES-GCM nonce length.
+ */
+function isValidBytes12(s) {
+    return typeof s === 'string' && BYTES12_HEX_RE.test(s);
+}
+exports.isValidBytes12 = isValidBytes12;
+/**
+ * True iff `s` is a string of exactly `0x` + 32 hex characters
+ * (case-insensitive), i.e. a well-formed `bytes16` value — the
+ * AES-GCM authentication tag length.
+ */
+function isValidBytes16(s) {
+    return typeof s === 'string' && BYTES16_HEX_RE.test(s);
+}
+exports.isValidBytes16 = isValidBytes16;
+/**
+ * True iff `s` is a string that `ethers.isAddress` accepts as an EVM
+ * address. Accepts both lowercase and EIP-55 mixed-case checksummed
+ * addresses. `ethers.isAddress` returns false on invalid checksums,
+ * so a mixed-case address whose case is wrong is rejected here too —
+ * which is the intended behaviour.
+ *
+ * NOTE: We do NOT enforce a particular case at this layer; callers
+ * that need canonical (lowercase) comparison MUST `.toLowerCase()`
+ * both sides themselves, per the repo-wide convention.
+ */
+function isValidAddress(s) {
+    return typeof s === 'string' && (0, ethers_1.isAddress)(s);
+}
+exports.isValidAddress = isValidAddress;
+/**
+ * True iff `s` is a decimal-string representation of a non-negative
+ * integer with no leading zeros (other than the literal `"0"`).
+ *
+ * Exists for forward-compat with future receipts-style integer
+ * fields that must round-trip across JSON without losing precision
+ * (JavaScript numbers cannot represent uint256 values).
+ */
+function isValidUintString(s) {
+    return typeof s === 'string' && UINT_STRING_RE.test(s);
+}
+exports.isValidUintString = isValidUintString;
+/**
+ * True iff `s` is one of the {@link DeliveryScheme} discriminants.
+ * Type guard so downstream code can branch on `scheme` with
+ * exhaustiveness.
+ */
+function isValidScheme(s) {
+    return typeof s === 'string' && ALLOWED_SCHEMES.has(s);
+}
+exports.isValidScheme = isValidScheme;
+/**
+ * True iff `s` is one of the {@link DeliveryPrivacy} discriminants.
+ */
+function isValidPrivacy(s) {
+    return typeof s === 'string' && ALLOWED_PRIVACY.has(s);
+}
+exports.isValidPrivacy = isValidPrivacy;
+/**
+ * True iff `s` is one of the {@link ParticipantRole} discriminants.
+ */
+function isValidRole(s) {
+    return typeof s === 'string' && ALLOWED_ROLES.has(s);
+}
+exports.isValidRole = isValidRole;
+// ============================================================================
+// Canonical-Empty Checks
+// ============================================================================
+/**
+ * True iff `s` is the canonical empty bytes32 value (32 zero bytes,
+ * hex-encoded). Comparison is case-insensitive — the canonical form
+ * itself is all-zero so case is moot, but accepting `0x0000…` and
+ * `0x0000…` (uppercase X is not valid per regex) consistently is
+ * cheapest with a single `.toLowerCase()`.
+ *
+ * Used by {@link validateSchemeConsistency} to enforce the
+ * `public-v1` canonical-empty rule on `providerEphemeralPubkey`
+ * and (in setups) `buyerEphemeralPubkey`.
+ */
+function isCanonicalEmptyBytes32(s) {
+    return typeof s === 'string' && s.toLowerCase() === CANONICAL_EMPTY_BYTES32_LC;
+}
+exports.isCanonicalEmptyBytes32 = isCanonicalEmptyBytes32;
+/**
+ * True iff `s` is the canonical empty bytes12 value (12 zero bytes,
+ * hex-encoded). Used to enforce the `public-v1` canonical-empty rule
+ * on the AES-GCM `nonce` slot.
+ */
+function isCanonicalEmptyBytes12(s) {
+    return typeof s === 'string' && s.toLowerCase() === CANONICAL_EMPTY_BYTES12_LC;
+}
+exports.isCanonicalEmptyBytes12 = isCanonicalEmptyBytes12;
+/**
+ * True iff `s` is the canonical empty bytes16 value (16 zero bytes,
+ * hex-encoded). Used to enforce the `public-v1` canonical-empty rule
+ * on the AES-GCM authentication `tag` slot.
+ */
+function isCanonicalEmptyBytes16(s) {
+    return typeof s === 'string' && s.toLowerCase() === CANONICAL_EMPTY_BYTES16_LC;
+}
+exports.isCanonicalEmptyBytes16 = isCanonicalEmptyBytes16;
+// ============================================================================
+// Internal Helpers
+// ============================================================================
+/**
+ * Convenience: type guard for non-null objects. Narrows `unknown` to
+ * a record we can index into without TS complaining. Excludes arrays
+ * because arrays are objects-with-numeric-keys and would otherwise
+ * pass through this guard misleadingly.
+ */
+function isObjectLike(x) {
+    return typeof x === 'object' && x !== null && !Array.isArray(x);
+}
+/**
+ * True iff `n` is a finite integer (no NaN, no Infinity, no
+ * fractional component) AND strictly positive (Unix-seconds timestamps
+ * are always > 0 in our era).
+ */
+function isPositiveInteger(n) {
+    return (typeof n === 'number' &&
+        Number.isFinite(n) &&
+        Number.isInteger(n) &&
+        n > 0);
+}
+/**
+ * True iff `arr` is a non-empty array of non-empty strings, each at
+ * most {@link MAX_CHANNEL_ID_LENGTH} characters, with at most
+ * {@link MAX_ACCEPTED_CHANNELS} entries.
+ *
+ * The length caps are not part of the AIP-16 spec; they are local
+ * structural-validation guards against pathological inputs that
+ * could inflate the signed-payload size or the cost of downstream
+ * processing.
+ */
+function isValidAcceptedChannels(arr) {
+    if (!Array.isArray(arr)) {
+        return false;
+    }
+    if (arr.length === 0 || arr.length > MAX_ACCEPTED_CHANNELS) {
+        return false;
+    }
+    for (const c of arr) {
+        if (typeof c !== 'string') {
+            return false;
+        }
+        if (c.length === 0 || c.length > MAX_CHANNEL_ID_LENGTH) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Build a failure result with the given error identifier. Tiny
+ * helper that exists so call sites read as a single expression.
+ */
+function fail(error) {
+    return { ok: false, error };
+}
+/**
+ * Singleton success result reused across all validators — these
+ * objects are immutable from this module's perspective and reusing
+ * a single instance eliminates allocation on the common (valid) path.
+ */
+const OK = { ok: true };
+// ============================================================================
+// Setup Signed Validator
+// ============================================================================
+/**
+ * Validate a {@link DeliverySetupSignedV1} object's structure and
+ * field-level invariants.
+ *
+ * Checks performed (in order):
+ *
+ *  1. Top-level shape is a non-null object.
+ *  2. `version === 1` exactly (integer-equal, not string-equal).
+ *  3. `txId` is a well-formed bytes32 hex string.
+ *  4. `chainId` is a positive integer.
+ *  5. `kernelAddress`, `requesterAddress`, `signerAddress` are valid
+ *     EVM addresses (case-insensitive per `ethers.isAddress`).
+ *  6. `buyerEphemeralPubkey` is a well-formed bytes32 hex string.
+ *  7. `acceptedChannels` is a non-empty bounded array of non-empty
+ *     bounded strings.
+ *  8. `expectedPrivacy` is one of the {@link DeliveryPrivacy} values.
+ *  9. `createdAt`, `expiresAt` are positive integers (Unix seconds).
+ * 10. `expiresAt > createdAt` (cross-field).
+ *
+ * Does NOT verify the signature, the chainId↔network mapping, the
+ * smart-wallet derivation, the kernel allowlist, or the canonical-
+ * empty rule for `buyerEphemeralPubkey` against `expectedPrivacy` —
+ * those are the responsibility of higher layers (signature recovery,
+ * verifier modules, scheme-consistency in {@link validateSchemeConsistency}
+ * for envelopes; setup-side privacy/pubkey consistency is enforced
+ * by the setup verifier in Phase 2b).
+ *
+ * @param obj — value of `unknown` static type (validated at runtime).
+ * @returns {@link ValidationResult}.
+ */
+function validateSetupSigned(obj) {
+    if (!isObjectLike(obj)) {
+        return fail('setup_signed_not_object');
+    }
+    if (obj.version !== 1) {
+        return fail('setup_version_invalid');
+    }
+    if (!isValidBytes32(obj.txId)) {
+        return fail('setup_txid_invalid');
+    }
+    if (typeof obj.chainId !== 'number' ||
+        !Number.isInteger(obj.chainId) ||
+        obj.chainId <= 0) {
+        return fail('setup_chain_id_invalid');
+    }
+    if (!isValidAddress(obj.kernelAddress)) {
+        return fail('setup_kernel_address_invalid');
+    }
+    if (!isValidAddress(obj.requesterAddress)) {
+        return fail('setup_requester_address_invalid');
+    }
+    if (!isValidAddress(obj.signerAddress)) {
+        return fail('setup_signer_address_invalid');
+    }
+    if (!isValidBytes32(obj.buyerEphemeralPubkey)) {
+        return fail('setup_buyer_pubkey_invalid');
+    }
+    if (!isValidAcceptedChannels(obj.acceptedChannels)) {
+        return fail('setup_accepted_channels_invalid');
+    }
+    if (!isValidPrivacy(obj.expectedPrivacy)) {
+        return fail('setup_expected_privacy_invalid');
+    }
+    if (!isPositiveInteger(obj.createdAt)) {
+        return fail('setup_created_at_invalid');
+    }
+    if (!isPositiveInteger(obj.expiresAt)) {
+        return fail('setup_expires_at_invalid');
+    }
+    if (obj.expiresAt <= obj.createdAt) {
+        return fail('expiresAt_before_createdAt');
+    }
+    return OK;
+}
+exports.validateSetupSigned = validateSetupSigned;
+// ============================================================================
+// Setup Wire Validator
+// ============================================================================
+/**
+ * Validate a {@link DeliverySetupWireV1} object's structure.
+ *
+ * Checks performed (in order):
+ *
+ *  1. Top-level shape is a non-null object.
+ *  2. `signed` validates as a {@link DeliverySetupSignedV1}.
+ *  3. `requesterSig` is a string starting with `0x` and of even hex
+ *     length consistent with a typical 65-byte EIP-712 signature
+ *     (132 hex chars + `0x` = 134 chars). We accept any `0x`-hex
+ *     string of plausible signature length; the actual cryptographic
+ *     validity is checked by `ethers.verifyTypedData` in the
+ *     recovery helpers — there is no point duplicating that here.
+ *  4. `serverMeta`, if present, is an object with `receivedAt`
+ *     (non-empty string) and `relayId` (non-empty string). Absence
+ *     is fine — `serverMeta` is set by the relay on read and is not
+ *     present on freshly built setups.
+ *
+ * @param obj — value of `unknown` static type.
+ * @returns {@link ValidationResult}.
+ */
+function validateSetupWire(obj) {
+    if (!isObjectLike(obj)) {
+        return fail('setup_wire_not_object');
+    }
+    const signedResult = validateSetupSigned(obj.signed);
+    if (!signedResult.ok) {
+        return signedResult;
+    }
+    if (!isValidSignatureHex(obj.requesterSig)) {
+        return fail('setup_requester_sig_invalid');
+    }
+    if (obj.serverMeta !== undefined) {
+        const sm = obj.serverMeta;
+        if (!isObjectLike(sm)) {
+            return fail('setup_server_meta_invalid');
+        }
+        if (typeof sm.receivedAt !== 'string' || sm.receivedAt.length === 0) {
+            return fail('setup_server_meta_received_at_invalid');
+        }
+        if (typeof sm.relayId !== 'string' || sm.relayId.length === 0) {
+            return fail('setup_server_meta_relay_id_invalid');
+        }
+    }
+    return OK;
+}
+exports.validateSetupWire = validateSetupWire;
+// ============================================================================
+// Envelope Signed Validator
+// ============================================================================
+/**
+ * Validate a {@link DeliveryEnvelopeSignedV1} object's structure and
+ * field-level invariants.
+ *
+ * Checks performed (in order):
+ *
+ *  1. Top-level shape is a non-null object.
+ *  2. `version === 1` exactly.
+ *  3. `txId` is a well-formed bytes32 hex string.
+ *  4. `chainId` is a positive integer.
+ *  5. `kernelAddress`, `providerAddress`, `signerAddress` are valid
+ *     EVM addresses.
+ *  6. `scheme` is one of the {@link DeliveryScheme} discriminants.
+ *  7. `providerEphemeralPubkey` is a well-formed bytes32 hex string.
+ *  8. `nonce` is a well-formed bytes12 hex string.
+ *  9. `payloadHash` is a well-formed bytes32 hex string.
+ * 10. `tag` is a well-formed bytes16 hex string.
+ * 11. `createdAt` is a positive integer.
+ * 12. Scheme/canonical-empty consistency via
+ *     {@link validateSchemeConsistency}.
+ *
+ * Does NOT verify the signature, recompute `payloadHash`, or
+ * decrypt — those happen in higher layers.
+ *
+ * @param obj — value of `unknown` static type.
+ * @returns {@link ValidationResult}.
+ */
+function validateEnvelopeSigned(obj) {
+    if (!isObjectLike(obj)) {
+        return fail('envelope_signed_not_object');
+    }
+    if (obj.version !== 1) {
+        return fail('envelope_version_invalid');
+    }
+    if (!isValidBytes32(obj.txId)) {
+        return fail('envelope_txid_invalid');
+    }
+    if (typeof obj.chainId !== 'number' ||
+        !Number.isInteger(obj.chainId) ||
+        obj.chainId <= 0) {
+        return fail('envelope_chain_id_invalid');
+    }
+    if (!isValidAddress(obj.kernelAddress)) {
+        return fail('envelope_kernel_address_invalid');
+    }
+    if (!isValidAddress(obj.providerAddress)) {
+        return fail('envelope_provider_address_invalid');
+    }
+    if (!isValidAddress(obj.signerAddress)) {
+        return fail('envelope_signer_address_invalid');
+    }
+    if (!isValidScheme(obj.scheme)) {
+        return fail('envelope_scheme_invalid');
+    }
+    if (!isValidBytes32(obj.providerEphemeralPubkey)) {
+        return fail('envelope_provider_pubkey_invalid');
+    }
+    if (!isValidBytes12(obj.nonce)) {
+        return fail('envelope_nonce_invalid');
+    }
+    if (!isValidBytes32(obj.payloadHash)) {
+        return fail('envelope_payload_hash_invalid');
+    }
+    if (!isValidBytes16(obj.tag)) {
+        return fail('envelope_tag_invalid');
+    }
+    if (!isPositiveInteger(obj.createdAt)) {
+        return fail('envelope_created_at_invalid');
+    }
+    // Cross-field: scheme ↔ canonical-empty invariant. At this point we
+    // know every field has the right TYPE and LENGTH; the consistency
+    // check confirms the VALUES are correct for the declared scheme.
+    return validateSchemeConsistency(obj);
+}
+exports.validateEnvelopeSigned = validateEnvelopeSigned;
+// ============================================================================
+// Envelope Wire Validator
+// ============================================================================
+/**
+ * Validate a {@link DeliveryEnvelopeWireV1} object's structure.
+ *
+ * Checks performed (in order):
+ *
+ *  1. Top-level shape is a non-null object.
+ *  2. `signed` validates as a {@link DeliveryEnvelopeSignedV1}
+ *     (which includes the scheme/canonical-empty consistency check).
+ *  3. `body` is a string. For `public-v1` this is plaintext UTF-8
+ *     JSON; for `x25519-aes256gcm-v1` this is base64-encoded
+ *     ciphertext. We do NOT verify base64-ness here because the
+ *     receiver will discover any malformed encoding when it
+ *     recomputes `payloadHash`. We DO insist on non-empty — an
+ *     empty body would imply the provider sent nothing.
+ *  4. `providerSig` is a `0x`-hex string of plausible signature length.
+ *  5. `serverMeta`, if present, is well-formed.
+ *
+ * @param obj — value of `unknown` static type.
+ * @returns {@link ValidationResult}.
+ */
+function validateEnvelopeWire(obj) {
+    if (!isObjectLike(obj)) {
+        return fail('envelope_wire_not_object');
+    }
+    const signedResult = validateEnvelopeSigned(obj.signed);
+    if (!signedResult.ok) {
+        return signedResult;
+    }
+    if (typeof obj.body !== 'string' || obj.body.length === 0) {
+        return fail('envelope_body_invalid');
+    }
+    if (!isValidSignatureHex(obj.providerSig)) {
+        return fail('envelope_provider_sig_invalid');
+    }
+    if (obj.serverMeta !== undefined) {
+        const sm = obj.serverMeta;
+        if (!isObjectLike(sm)) {
+            return fail('envelope_server_meta_invalid');
+        }
+        if (typeof sm.receivedAt !== 'string' || sm.receivedAt.length === 0) {
+            return fail('envelope_server_meta_received_at_invalid');
+        }
+        if (typeof sm.relayId !== 'string' || sm.relayId.length === 0) {
+            return fail('envelope_server_meta_relay_id_invalid');
+        }
+    }
+    return OK;
+}
+exports.validateEnvelopeWire = validateEnvelopeWire;
+// ============================================================================
+// Scheme Consistency (Canonical-Empty Rule)
+// ============================================================================
+/**
+ * Cross-field check enforcing the AIP-16 canonical-empty rule on a
+ * {@link DeliveryEnvelopeSignedV1}.
+ *
+ * Rule:
+ *
+ *  - `scheme === "public-v1"` →
+ *      `providerEphemeralPubkey === CANONICAL_EMPTY_BYTES32` AND
+ *      `nonce === CANONICAL_EMPTY_BYTES12` AND
+ *      `tag === CANONICAL_EMPTY_BYTES16`.
+ *
+ *  - `scheme === "x25519-aes256gcm-v1"` →
+ *      `providerEphemeralPubkey` MUST NOT be canonical empty (a zero
+ *      X25519 public key cannot produce a usable shared secret —
+ *      RFC 7748 §6.1 actually requires implementations to reject it)
+ *      AND `nonce` MUST NOT be canonical empty (a zero AES-GCM nonce
+ *      under a real key catastrophically breaks GCM) AND `tag` MUST
+ *      NOT be canonical empty (a zero 128-bit tag has ~2^-128 chance
+ *      of matching, so this is effectively a signal that the
+ *      provider built the envelope incorrectly).
+ *
+ * This validator assumes the underlying field types are already
+ * correct (length, hex shape) — callers must run
+ * {@link validateEnvelopeSigned} first, which is also where this is
+ * invoked from automatically.
+ *
+ * @param env — already-shape-validated envelope.
+ * @returns {@link ValidationResult}.
+ */
+function validateSchemeConsistency(env) {
+    if (env.scheme === 'public-v1') {
+        if (!isCanonicalEmptyBytes32(env.providerEphemeralPubkey)) {
+            return fail('envelope_public_pubkey_not_canonical_empty');
+        }
+        if (!isCanonicalEmptyBytes12(env.nonce)) {
+            return fail('envelope_public_nonce_not_canonical_empty');
+        }
+        if (!isCanonicalEmptyBytes16(env.tag)) {
+            return fail('envelope_public_tag_not_canonical_empty');
+        }
+        return OK;
+    }
+    if (env.scheme === 'x25519-aes256gcm-v1') {
+        if (isCanonicalEmptyBytes32(env.providerEphemeralPubkey)) {
+            return fail('envelope_encrypted_pubkey_is_canonical_empty');
+        }
+        if (isCanonicalEmptyBytes12(env.nonce)) {
+            return fail('envelope_encrypted_nonce_is_canonical_empty');
+        }
+        if (isCanonicalEmptyBytes16(env.tag)) {
+            return fail('envelope_encrypted_tag_is_canonical_empty');
+        }
+        return OK;
+    }
+    // Unreachable if validateEnvelopeSigned has run, but guards against
+    // direct callers using a malformed scheme via the public type cast.
+    return fail('envelope_scheme_invalid');
+}
+exports.validateSchemeConsistency = validateSchemeConsistency;
+// ============================================================================
+// Internal: Signature-Shape Heuristic
+// ============================================================================
+/**
+ * True iff `s` is a `0x`-prefixed hex string of length consistent
+ * with a standard 65-byte secp256k1 EIP-712 signature (r ‖ s ‖ v).
+ * Specifically: `0x` + 130 hex characters.
+ *
+ * This is a *shape* check; cryptographic validity is established by
+ * `ethers.verifyTypedData` in the recovery helpers — there is no
+ * value in re-implementing that here, and doing so would risk
+ * disagreeing with ethers on edge cases.
+ *
+ * We do NOT export this helper as part of the public API because
+ * downstream code that wants signature validation should use the
+ * recovery helpers in `./eip712.ts`; the shape check is internal
+ * structural validation only.
+ */
+function isValidSignatureHex(s) {
+    return (typeof s === 'string' &&
+        s.length === 132 &&
+        /^0x[0-9a-fA-F]{130}$/.test(s));
+}
+//# sourceMappingURL=validate.js.map

package/dist/delivery/validate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validate.js","sourceRoot":"","sources":["../../src/delivery/validate.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;;;AAEH,mCAAmC;AAEnC,mCAWiB;AA0BjB,+EAA+E;AAC/E,qBAAqB;AACrB,+EAA+E;AAC/E,EAAE;AACF,wEAAwE;AACxE,uEAAuE;AACvE,mEAAmE;AACnE,qBAAqB;AACrB,EAAE;AACF,oEAAoE;AACpE,qEAAqE;AACrE,mEAAmE;AACnE,gEAAgE;AAChE,2DAA2D;AAE3D,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAC7C,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAC7C,MAAM,cAAc,GAAG,qBAAqB,CAAC;AAC7C,MAAM,cAAc,GAAG,mBAAmB,CAAC;AAE3C;;;;GAIG;AACH,MAAM,eAAe,GAAgC,IAAI,GAAG,CAAiB;IAC3E,qBAAqB;IACrB,WAAW;CACZ,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,eAAe,GAAiC,IAAI,GAAG,CAAkB;IAC7E,WAAW;IACX,QAAQ;CACT,CAAC,CAAC;AAEH;;;GAGG;AACH,MAAM,aAAa,GAAiC,IAAI,GAAG,CAAkB;IAC3E,UAAU;IACV,WAAW;CACZ,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,0BAA0B,GAAG,+BAAuB,CAAC,WAAW,EAAE,CAAC;AACzE,MAAM,0BAA0B,GAAG,+BAAuB,CAAC,WAAW,EAAE,CAAC;AACzE,MAAM,0BAA0B,GAAG,+BAAuB,CAAC,WAAW,EAAE,CAAC;AAEzE;;;;;;GAMG;AACH,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAEjC;;;;;GAKG;AACH,MAAM,qBAAqB,GAAG,GAAG,CAAC;AAElC,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;;;;;;GAOG;AACH,SAAgB,cAAc,CAAC,CAAU;IACvC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAFD,wCAEC;AAED;;;;GAIG;AACH,SAAgB,cAAc,CAAC,CAAU;IACvC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAFD,wCAEC;AAED;;;;GAIG;AACH,SAAgB,cAAc,CAAC,CAAU;IACvC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAFD,wCAEC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,cAAc,CAAC,CAAU;IACvC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,IAAA,kBAAS,EAAC,CAAC,CAAC,CAAC;AAC/C,CAAC;AAFD,wCAEC;AAED;;;;;;;GAOG;AACH,SAAgB,iBAAiB,CAAC,CAAU;IAC1C,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,cAAc,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACzD,CAAC;AAFD,8CAEC;AAED;;;;GAIG;AACH,SAAgB,aAAa,CAAC,CAAU;IACtC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,eAAe,CAAC,GAAG,CAAC,CAAmB,CAAC,CAAC;AAC3E,CAAC;AAFD,sCAEC;AAED;;GAEG;AACH,SAAgB,cAAc,CAAC,CAAU;IACvC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,eAAe,CAAC,GAAG,CAAC,CAAoB,CAAC,CAAC;AAC5E,CAAC;AAFD,wCAEC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,CAAU;IACpC,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,aAAa,CAAC,GAAG,CAAC,CAAoB,CAAC,CAAC;AAC1E,CAAC;AAFD,kCAEC;AAED,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;;;;;;;GAUG;AACH,SAAgB,uBAAuB,CAAC,CAAS;IAC/C,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,0BAA0B,CAAC;AACjF,CAAC;AAFD,0DAEC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,CAAS;IAC/C,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,0BAA0B,CAAC;AACjF,CAAC;AAFD,0DAEC;AAED;;;;GAIG;AACH,SAAgB,uBAAuB,CAAC,CAAS;IAC/C,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,WAAW,EAAE,KAAK,0BAA0B,CAAC;AACjF,CAAC;AAFD,0DAEC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;;;GAKG;AACH,SAAS,YAAY,CAAC,CAAU;IAC9B,OAAO,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAClE,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB,CAAC,CAAU;IACnC,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAClB,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;QACnB,CAAC,GAAG,CAAC,CACN,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,uBAAuB,CAAC,GAAY;IAC3C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;QAC3D,OAAO,KAAK,CAAC;IACf,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,GAAG,EAAE,CAAC;QACpB,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;YAC1B,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,IAAI,CAAC,KAAa;IACzB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC9B,CAAC;AAED;;;;GAIG;AACH,MAAM,EAAE,GAAqB,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AAE1C,+EAA+E;AAC/E,yBAAyB;AACzB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,SAAgB,mBAAmB,CAAC,GAAY;IAC9C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,oBAAoB,CAAC,CAAC;IACpC,CAAC;IAED,IACE,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAC/B,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;QAC9B,GAAG,CAAC,OAAO,IAAI,CAAC,EAChB,CAAC;QACD,OAAO,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,CAAC;QAC9C,OAAO,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACnD,OAAO,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC,gCAAgC,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IAED,IAAK,GAAG,CAAC,SAAoB,IAAK,GAAG,CAAC,SAAoB,EAAE,CAAC;QAC3D,OAAO,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC5C,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AA1DD,kDA0DC;AAED,+EAA+E;AAC/E,uBAAuB;AACvB,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,iBAAiB,CAAC,GAAY;IAC5C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;IAED,MAAM,YAAY,GAAG,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACrD,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;QAC1B,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,2BAA2B,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC,oCAAoC,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AA5BD,8CA4BC;AAED,+EAA+E;AAC/E,4BAA4B;AAC5B,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,SAAgB,sBAAsB,CAAC,GAAY;IACjD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC,4BAA4B,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,GAAG,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9B,OAAO,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;IAED,IACE,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ;QAC/B,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;QAC9B,GAAG,CAAC,OAAO,IAAI,CAAC,EAChB,CAAC;QACD,OAAO,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAC3C,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACzC,OAAO,IAAI,CAAC,mCAAmC,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,iCAAiC,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,uBAAuB,CAAC,EAAE,CAAC;QACjD,OAAO,IAAI,CAAC,kCAAkC,CAAC,CAAC;IAClD,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QACrC,OAAO,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,sBAAsB,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC,6BAA6B,CAAC,CAAC;IAC7C,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,iEAAiE;IACjE,OAAO,yBAAyB,CAAC,GAA0C,CAAC,CAAC;AAC/E,CAAC;AA7DD,wDA6DC;AAED,+EAA+E;AAC/E,0BAA0B;AAC1B,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;GAmBG;AACH,SAAgB,oBAAoB,CAAC,GAAY;IAC/C,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC,0BAA0B,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,YAAY,GAAG,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC;QACrB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1D,OAAO,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACvC,CAAC;IAED,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1C,OAAO,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,EAAE,GAAG,GAAG,CAAC,UAAU,CAAC;QAC1B,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC9C,CAAC;QACD,IAAI,OAAO,EAAE,CAAC,UAAU,KAAK,QAAQ,IAAI,EAAE,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,CAAC,0CAA0C,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,OAAO,EAAE,CAAC,OAAO,KAAK,QAAQ,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9D,OAAO,IAAI,CAAC,uCAAuC,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAhCD,oDAgCC;AAED,+EAA+E;AAC/E,4CAA4C;AAC5C,+EAA+E;AAE/E;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,SAAgB,yBAAyB,CACvC,GAA6B;IAE7B,IAAI,GAAG,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QAC/B,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,uBAAuB,CAAC,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,4CAA4C,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACxC,OAAO,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,uBAAuB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,yCAAyC,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,IAAI,GAAG,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;QACzC,IAAI,uBAAuB,CAAC,GAAG,CAAC,uBAAuB,CAAC,EAAE,CAAC;YACzD,OAAO,IAAI,CAAC,8CAA8C,CAAC,CAAC;QAC9D,CAAC;QACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACvC,OAAO,IAAI,CAAC,6CAA6C,CAAC,CAAC;QAC7D,CAAC;QACD,IAAI,uBAAuB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,2CAA2C,CAAC,CAAC;QAC3D,CAAC;QACD,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,oEAAoE;IACpE,oEAAoE;IACpE,OAAO,IAAI,CAAC,yBAAyB,CAAC,CAAC;AACzC,CAAC;AAhCD,8DAgCC;AAED,+EAA+E;AAC/E,sCAAsC;AACtC,+EAA+E;AAE/E;;;;;;;;;;;;;;GAcG;AACH,SAAS,mBAAmB,CAAC,CAAU;IACrC,OAAO,CACL,OAAO,CAAC,KAAK,QAAQ;QACrB,CAAC,CAAC,MAAM,KAAK,GAAG;QAChB,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,CAC/B,CAAC;AACJ,CAAC"}