@attested-intelligence/aga-mcp-server 2.2.1 → 3.0.0-rc.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (104) hide show
  1. package/DEPLOYMENT.md +111 -0
  2. package/LICENSE +21 -21
  3. package/README.md +60 -48
  4. package/SECURITY.md +59 -0
  5. package/THREAT_BOUNDARY.md +77 -0
  6. package/dist/core/behavioral.d.ts.map +1 -1
  7. package/dist/core/behavioral.js +11 -3
  8. package/dist/core/behavioral.js.map +1 -1
  9. package/dist/core/index.d.ts +0 -2
  10. package/dist/core/index.d.ts.map +1 -1
  11. package/dist/core/index.js +2 -2
  12. package/dist/core/index.js.map +1 -1
  13. package/dist/core/types.d.ts +1 -22
  14. package/dist/core/types.d.ts.map +1 -1
  15. package/dist/crypto/index.d.ts +0 -1
  16. package/dist/crypto/index.d.ts.map +1 -1
  17. package/dist/crypto/index.js +1 -1
  18. package/dist/crypto/index.js.map +1 -1
  19. package/dist/crypto/sign.d.ts.map +1 -1
  20. package/dist/crypto/sign.js +24 -23
  21. package/dist/crypto/sign.js.map +1 -1
  22. package/dist/middleware/governance.d.ts +22 -3
  23. package/dist/middleware/governance.d.ts.map +1 -1
  24. package/dist/middleware/governance.js +36 -28
  25. package/dist/middleware/governance.js.map +1 -1
  26. package/dist/proxy/index.d.ts.map +1 -1
  27. package/dist/proxy/index.js +26 -15
  28. package/dist/proxy/index.js.map +1 -1
  29. package/dist/proxy/server.d.ts +18 -45
  30. package/dist/proxy/server.d.ts.map +1 -1
  31. package/dist/proxy/server.js +77 -131
  32. package/dist/proxy/server.js.map +1 -1
  33. package/dist/sep/bundle.d.ts +60 -0
  34. package/dist/sep/bundle.d.ts.map +1 -0
  35. package/dist/sep/bundle.js +74 -0
  36. package/dist/sep/bundle.js.map +1 -0
  37. package/dist/sep/canonical.d.ts +28 -0
  38. package/dist/sep/canonical.d.ts.map +1 -0
  39. package/dist/sep/canonical.js +62 -0
  40. package/dist/sep/canonical.js.map +1 -0
  41. package/dist/sep/checkpoint.d.ts +15 -0
  42. package/dist/sep/checkpoint.d.ts.map +1 -0
  43. package/dist/sep/checkpoint.js +28 -0
  44. package/dist/sep/checkpoint.js.map +1 -0
  45. package/dist/sep/crypto.d.ts +20 -0
  46. package/dist/sep/crypto.d.ts.map +1 -0
  47. package/dist/sep/crypto.js +104 -0
  48. package/dist/sep/crypto.js.map +1 -0
  49. package/dist/sep/index.d.ts +14 -0
  50. package/dist/sep/index.d.ts.map +1 -0
  51. package/dist/sep/index.js +14 -0
  52. package/dist/sep/index.js.map +1 -0
  53. package/dist/sep/merkle.d.ts +11 -0
  54. package/dist/sep/merkle.d.ts.map +1 -0
  55. package/dist/sep/merkle.js +51 -0
  56. package/dist/sep/merkle.js.map +1 -0
  57. package/dist/sep/receipt.d.ts +64 -0
  58. package/dist/sep/receipt.d.ts.map +1 -0
  59. package/dist/sep/receipt.js +0 -0
  60. package/dist/sep/receipt.js.map +1 -0
  61. package/dist/sep/verify.d.ts +14 -0
  62. package/dist/sep/verify.d.ts.map +1 -0
  63. package/dist/sep/verify.js +158 -0
  64. package/dist/sep/verify.js.map +1 -0
  65. package/dist/server.d.ts.map +1 -1
  66. package/dist/server.js +83 -39
  67. package/dist/server.js.map +1 -1
  68. package/dist/storage/interface.d.ts +1 -4
  69. package/dist/storage/interface.d.ts.map +1 -1
  70. package/dist/storage/memory.d.ts +1 -5
  71. package/dist/storage/memory.d.ts.map +1 -1
  72. package/dist/storage/memory.js +0 -4
  73. package/dist/storage/memory.js.map +1 -1
  74. package/dist/storage/sqlite.d.ts +1 -4
  75. package/dist/storage/sqlite.d.ts.map +1 -1
  76. package/dist/storage/sqlite.js +0 -4
  77. package/dist/storage/sqlite.js.map +1 -1
  78. package/dist/utils/canonical.d.ts.map +1 -1
  79. package/dist/utils/canonical.js +11 -1
  80. package/dist/utils/canonical.js.map +1 -1
  81. package/dist/utils/timestamp.d.ts.map +1 -1
  82. package/dist/utils/timestamp.js +4 -1
  83. package/dist/utils/timestamp.js.map +1 -1
  84. package/dist/utils/uuid.d.ts +1 -0
  85. package/dist/utils/uuid.d.ts.map +1 -1
  86. package/dist/utils/uuid.js +3 -2
  87. package/dist/utils/uuid.js.map +1 -1
  88. package/package.json +87 -92
  89. package/dist/core/bundle.d.ts +0 -20
  90. package/dist/core/bundle.d.ts.map +0 -1
  91. package/dist/core/bundle.js +0 -45
  92. package/dist/core/bundle.js.map +0 -1
  93. package/dist/core/checkpoint.d.ts +0 -8
  94. package/dist/core/checkpoint.d.ts.map +0 -1
  95. package/dist/core/checkpoint.js +0 -21
  96. package/dist/core/checkpoint.js.map +0 -1
  97. package/dist/crypto/merkle.d.ts +0 -8
  98. package/dist/crypto/merkle.d.ts.map +0 -1
  99. package/dist/crypto/merkle.js +0 -42
  100. package/dist/crypto/merkle.js.map +0 -1
  101. package/dist/proxy/verify.d.ts +0 -28
  102. package/dist/proxy/verify.d.ts.map +0 -1
  103. package/dist/proxy/verify.js +0 -182
  104. package/dist/proxy/verify.js.map +0 -1
package/package.json CHANGED
@@ -1,92 +1,87 @@
1
- {
2
- "name": "@attested-intelligence/aga-mcp-server",
3
- "version": "2.2.1",
4
- "description": "MCP server for cryptographic AI agent governance. Seal policy artifacts, enforce at runtime, prove with signed receipts and offline-verifiable evidence bundles.",
5
- "author": "Attested Intelligence Holdings LLC",
6
- "license": "MIT",
7
- "homepage": "https://attestedintelligence.com/technology",
8
- "repository": {
9
- "type": "git",
10
- "url": "https://github.com/attestedintelligence/AGA"
11
- },
12
- "bugs": {
13
- "url": "https://github.com/attestedintelligence/AGA/issues"
14
- },
15
- "type": "module",
16
- "main": "dist/index.js",
17
- "types": "dist/index.d.ts",
18
- "files": [
19
- "dist/",
20
- "README.md",
21
- "LICENSE"
22
- ],
23
- "bin": {
24
- "aga-mcp-server": "dist/index.js",
25
- "aga-proxy": "dist/proxy/index.js"
26
- },
27
- "scripts": {
28
- "build": "tsc",
29
- "start": "node dist/index.js",
30
- "dev": "tsx src/index.ts",
31
- "test": "vitest run",
32
- "test:watch": "vitest",
33
- "test:crypto": "vitest run tests/crypto/",
34
- "test:core": "vitest run tests/core/",
35
- "test:integration": "vitest run tests/integration/",
36
- "test:proxy": "vitest run tests/proxy/",
37
- "proxy": "tsx src/proxy/index.ts",
38
- "proxy:start": "tsx src/proxy/index.ts start",
39
- "demo": "tsx scripts/demo.ts",
40
- "benchmark": "tsx scripts/benchmark.ts",
41
- "verify": "cd independent-verifier && npm test",
42
- "lint": "tsc --noEmit",
43
- "demo:standalone": "npx tsx standalone/main.ts",
44
- "demo:scada": "npx tsx standalone/main.ts --scenario=scada",
45
- "demo:drone": "npx tsx standalone/main.ts --scenario=drone",
46
- "demo:agent": "npx tsx standalone/main.ts --scenario=ai-agent",
47
- "demo:all": "npx tsx standalone/main.ts --scenario=all --non-interactive",
48
- "watch": "npx tsx standalone/main.ts --watch",
49
- "build:exe": "npx tsx standalone/build.ts",
50
- "verify:evidence": "npx tsx standalone/verify-evidence.ts",
51
- "prepublishOnly": "npm run build && npm run test"
52
- },
53
- "dependencies": {
54
- "@modelcontextprotocol/sdk": "^1.12.0",
55
- "@noble/ed25519": "^2.1.0",
56
- "@noble/hashes": "^1.7.0",
57
- "commander": "^14.0.3",
58
- "uuid": "^11.1.0",
59
- "zod": "^3.24.0"
60
- },
61
- "optionalDependencies": {
62
- "better-sqlite3": "^11.7.0"
63
- },
64
- "devDependencies": {
65
- "@types/better-sqlite3": "^7.6.12",
66
- "@types/node": "^22.10.0",
67
- "@types/uuid": "^10.0.0",
68
- "postject": "^1.0.0-alpha.6",
69
- "tsx": "^4.19.0",
70
- "typescript": "^5.7.0",
71
- "vitest": "^2.1.0"
72
- },
73
- "engines": {
74
- "node": ">=20.0.0"
75
- },
76
- "keywords": [
77
- "mcp",
78
- "mcp-server",
79
- "model-context-protocol",
80
- "ai-governance",
81
- "ai-agent-security",
82
- "agentic-ai",
83
- "attestation",
84
- "governance",
85
- "cryptographic-enforcement",
86
- "runtime-integrity",
87
- "evidence-bundles",
88
- "ed25519",
89
- "policy-artifacts",
90
- "attested-intelligence"
91
- ]
92
- }
1
+ {
2
+ "name": "@attested-intelligence/aga-mcp-server",
3
+ "version": "3.0.0-rc.0",
4
+ "description": "MCP server for cryptographic AI agent governance. Seal policy artifacts, enforce at runtime, prove with signed receipts and offline-verifiable evidence bundles.",
5
+ "author": "Attested Intelligence Holdings LLC",
6
+ "license": "MIT",
7
+ "homepage": "https://attestedintelligence.com/technology",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "https://github.com/attestedintelligence/aga-mcp-server"
11
+ },
12
+ "bugs": {
13
+ "url": "https://github.com/attestedintelligence/aga-mcp-server/issues"
14
+ },
15
+ "type": "module",
16
+ "main": "dist/index.js",
17
+ "types": "dist/index.d.ts",
18
+ "files": [
19
+ "dist/",
20
+ "README.md",
21
+ "LICENSE",
22
+ "SECURITY.md",
23
+ "THREAT_BOUNDARY.md",
24
+ "DEPLOYMENT.md"
25
+ ],
26
+ "bin": {
27
+ "aga-mcp-server": "dist/index.js",
28
+ "aga-proxy": "dist/proxy/index.js"
29
+ },
30
+ "scripts": {
31
+ "build": "node -e \"require('fs').rmSync('dist',{recursive:true,force:true})\" && tsc",
32
+ "start": "node dist/index.js",
33
+ "dev": "tsx src/index.ts",
34
+ "test": "vitest run",
35
+ "test:watch": "vitest",
36
+ "test:crypto": "vitest run tests/crypto/",
37
+ "test:core": "vitest run tests/core/",
38
+ "test:integration": "vitest run tests/integration/",
39
+ "test:proxy": "vitest run tests/proxy/",
40
+ "test:conformance": "node fixtures/run-conformance.mjs",
41
+ "conformance:cross-stack": "node fixtures/cross-stack/run-all-stacks.mjs",
42
+ "check:pack": "node scripts/check-pack.mjs",
43
+ "check": "npm run build && npm run lint && npm run test && npm run test:conformance && npm run check:pack",
44
+ "proxy": "tsx src/proxy/index.ts",
45
+ "proxy:start": "tsx src/proxy/index.ts start",
46
+ "demo": "tsx scripts/demo.ts",
47
+ "benchmark": "tsx scripts/benchmark.ts",
48
+ "verify": "cd independent-verifier && npm test",
49
+ "lint": "tsc --noEmit",
50
+ "prepublishOnly": "npm run build && npm run test && npm run test:conformance && npm run check:pack"
51
+ },
52
+ "dependencies": {
53
+ "@modelcontextprotocol/sdk": "^1.12.0",
54
+ "@noble/hashes": "^1.7.0",
55
+ "commander": "^14.0.3",
56
+ "zod": "^3.24.0"
57
+ },
58
+ "optionalDependencies": {
59
+ "better-sqlite3": "^11.7.0"
60
+ },
61
+ "devDependencies": {
62
+ "@types/better-sqlite3": "^7.6.12",
63
+ "@types/node": "^22.10.0",
64
+ "tsx": "^4.19.0",
65
+ "typescript": "^5.7.0",
66
+ "vitest": "^2.1.0"
67
+ },
68
+ "engines": {
69
+ "node": ">=20.0.0"
70
+ },
71
+ "keywords": [
72
+ "mcp",
73
+ "mcp-server",
74
+ "model-context-protocol",
75
+ "ai-governance",
76
+ "ai-agent-security",
77
+ "agentic-ai",
78
+ "attestation",
79
+ "governance",
80
+ "cryptographic-enforcement",
81
+ "runtime-integrity",
82
+ "evidence-bundles",
83
+ "ed25519",
84
+ "policy-artifacts",
85
+ "attested-intelligence"
86
+ ]
87
+ }
@@ -1,20 +0,0 @@
1
- import type { KeyPair, MerkleInclusionProof } from '../crypto/types.js';
2
- import type { EvidenceBundle, PolicyArtifact, SignedReceipt, CheckpointReference, VerificationTier } from './types.js';
3
- /**
4
- * Generate an evidence bundle. Original signature preserved for backward compatibility.
5
- * Tiered bundle generation (CAISI §3b):
6
- * BRONZE - artifact + receipts only (proofs omitted)
7
- * SILVER - artifact + receipts + Merkle proofs
8
- * GOLD - artifact + receipts + Merkle proofs + anchor checkpoint reference
9
- */
10
- export declare function generateBundle(artifact: PolicyArtifact, receipts: SignedReceipt[], proofs: MerkleInclusionProof[], checkpoint: CheckpointReference, kp: KeyPair, tier?: VerificationTier): EvidenceBundle;
11
- export interface VerificationResult {
12
- step1_artifact_sig: boolean;
13
- step2_receipt_sigs: boolean;
14
- step3_merkle_proofs: boolean;
15
- step4_anchor: 'SKIPPED_OFFLINE' | boolean;
16
- overall: boolean;
17
- errors: string[];
18
- }
19
- export declare function verifyBundleOffline(bundle: EvidenceBundle, pinnedPkHex: string): VerificationResult;
20
- //# sourceMappingURL=bundle.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"bundle.d.ts","sourceRoot":"","sources":["../../src/core/bundle.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AACxE,OAAO,KAAK,EAAE,cAAc,EAAE,cAAc,EAAE,aAAa,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAEvH;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,cAAc,EAAE,QAAQ,EAAE,aAAa,EAAE,EAAE,MAAM,EAAE,oBAAoB,EAAE,EAAE,UAAU,EAAE,mBAAmB,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,gBAAgB,GAAG,cAAc,CAUzM;AAED,MAAM,WAAW,kBAAkB;IACjC,kBAAkB,EAAE,OAAO,CAAC;IAAC,kBAAkB,EAAE,OAAO,CAAC;IACzD,mBAAmB,EAAE,OAAO,CAAC;IAAC,YAAY,EAAE,iBAAiB,GAAG,OAAO,CAAC;IACxE,OAAO,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAC;CACpC;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG,kBAAkB,CAanG"}
@@ -1,45 +0,0 @@
1
- import { signStr, sigToB64, b64ToSig, hexToPk, verifyStr, pkToHex } from '../crypto/sign.js';
2
- import { verifyProof } from '../crypto/merkle.js';
3
- import { canonicalize } from '../utils/canonical.js';
4
- /**
5
- * Generate an evidence bundle. Original signature preserved for backward compatibility.
6
- * Tiered bundle generation (CAISI §3b):
7
- * BRONZE - artifact + receipts only (proofs omitted)
8
- * SILVER - artifact + receipts + Merkle proofs
9
- * GOLD - artifact + receipts + Merkle proofs + anchor checkpoint reference
10
- */
11
- export function generateBundle(artifact, receipts, proofs, checkpoint, kp, tier) {
12
- const effectiveTier = tier ?? 'GOLD';
13
- const bundleProofs = effectiveTier === 'BRONZE' ? [] : proofs;
14
- const bundleCheckpoint = effectiveTier === 'GOLD' ? checkpoint : {
15
- ...checkpoint,
16
- transaction_id: effectiveTier === 'BRONZE' ? '' : checkpoint.transaction_id,
17
- anchor_network: effectiveTier === 'BRONZE' ? '' : checkpoint.anchor_network,
18
- };
19
- const unsigned = { artifact, receipts, merkle_proofs: bundleProofs, checkpoint_reference: bundleCheckpoint, public_key: pkToHex(kp.publicKey), verification_tier: effectiveTier };
20
- return { ...unsigned, bundle_signature: sigToB64(signStr(canonicalize(unsigned), kp.secretKey)) };
21
- }
22
- export function verifyBundleOffline(bundle, pinnedPkHex) {
23
- const errors = [];
24
- const { signature: aSig, ...aU } = bundle.artifact;
25
- const s1 = verifyStr(b64ToSig(aSig), canonicalize(aU), hexToPk(pinnedPkHex));
26
- if (!s1)
27
- errors.push('Artifact signature failed');
28
- let s2 = true;
29
- for (const r of bundle.receipts) {
30
- const { portal_signature, ...rU } = r;
31
- if (!verifyStr(b64ToSig(portal_signature), canonicalize(rU), hexToPk(bundle.public_key))) {
32
- s2 = false;
33
- errors.push(`Receipt ${r.receipt_id} sig failed`);
34
- }
35
- }
36
- let s3 = true;
37
- for (const p of bundle.merkle_proofs) {
38
- if (!verifyProof(p)) {
39
- s3 = false;
40
- errors.push(`Merkle proof failed leaf ${p.leafIndex}`);
41
- }
42
- }
43
- return { step1_artifact_sig: s1, step2_receipt_sigs: s2, step3_merkle_proofs: s3, step4_anchor: 'SKIPPED_OFFLINE', overall: s1 && s2 && s3, errors };
44
- }
45
- //# sourceMappingURL=bundle.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"bundle.js","sourceRoot":"","sources":["../../src/core/bundle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC7F,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAIrD;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,QAAwB,EAAE,QAAyB,EAAE,MAA8B,EAAE,UAA+B,EAAE,EAAW,EAAE,IAAuB;IACvL,MAAM,aAAa,GAAG,IAAI,IAAI,MAAM,CAAC;IACrC,MAAM,YAAY,GAAG,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC;IAC9D,MAAM,gBAAgB,GAAwB,aAAa,KAAK,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACpF,GAAG,UAAU;QACb,cAAc,EAAE,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,cAAc;QAC3E,cAAc,EAAE,aAAa,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,cAAc;KAC5E,CAAC;IACF,MAAM,QAAQ,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,CAAC,SAAS,CAAC,EAAE,iBAAiB,EAAE,aAAa,EAAE,CAAC;IAClL,OAAO,EAAE,GAAG,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,CAAC,OAAO,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC;AACpG,CAAC;AAQD,MAAM,UAAU,mBAAmB,CAAC,MAAsB,EAAE,WAAmB;IAC7E,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;IACnD,MAAM,EAAE,GAAG,SAAS,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;IAC7E,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;IAClD,IAAI,EAAE,GAAG,IAAI,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,MAAM,EAAE,gBAAgB,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,YAAY,CAAC,EAAE,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC;YAAC,EAAE,GAAG,KAAK,CAAC;YAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,UAAU,aAAa,CAAC,CAAC;QAAC,CAAC;IAC9J,CAAC;IACD,IAAI,EAAE,GAAG,IAAI,CAAC;IACd,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;QAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC;YAAC,EAAE,GAAG,KAAK,CAAC;YAAC,MAAM,CAAC,IAAI,CAAC,4BAA4B,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;QAAC,CAAC;IAAC,CAAC;IACtI,OAAO,EAAE,kBAAkB,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE,mBAAmB,EAAE,EAAE,EAAE,YAAY,EAAE,iBAAiB,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,CAAC;AACvJ,CAAC"}
@@ -1,8 +0,0 @@
1
- import type { ContinuityEvent, CheckpointReference, AnchorBatchPayload } from './types.js';
2
- import type { MerkleInclusionProof } from '../crypto/types.js';
3
- export declare function createCheckpoint(events: ContinuityEvent[], anchorNetwork?: string): {
4
- checkpoint: CheckpointReference;
5
- payload: AnchorBatchPayload;
6
- };
7
- export declare function eventInclusionProof(events: ContinuityEvent[], targetSeq: number): MerkleInclusionProof;
8
- //# sourceMappingURL=checkpoint.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"checkpoint.d.ts","sourceRoot":"","sources":["../../src/core/checkpoint.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAC3F,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAE/D,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,eAAe,EAAE,EAAE,aAAa,SAAU,GAAG;IAAE,UAAU,EAAE,mBAAmB,CAAC;IAAC,OAAO,EAAE,kBAAkB,CAAA;CAAE,CASrJ;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,eAAe,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,oBAAoB,CAItG"}
@@ -1,21 +0,0 @@
1
- import { buildMerkleTree, inclusionProof } from '../crypto/merkle.js';
2
- import { utcNow } from '../utils/timestamp.js';
3
- import { uuid } from '../utils/uuid.js';
4
- export function createCheckpoint(events, anchorNetwork = 'local') {
5
- if (!events.length)
6
- throw new Error('No events to checkpoint');
7
- const { root } = buildMerkleTree(events.map(e => e.leaf_hash));
8
- const checkpoint = {
9
- merkle_root: root, batch_start_sequence: events[0].sequence_number,
10
- batch_end_sequence: events[events.length - 1].sequence_number,
11
- anchor_network: anchorNetwork, transaction_id: `${anchorNetwork}:${uuid()}`, timestamp: utcNow(),
12
- };
13
- return { checkpoint, payload: { checkpoint_reference: checkpoint, leaf_count: events.length } };
14
- }
15
- export function eventInclusionProof(events, targetSeq) {
16
- const idx = events.findIndex(e => e.sequence_number === targetSeq);
17
- if (idx === -1)
18
- throw new Error(`Sequence ${targetSeq} not in batch`);
19
- return inclusionProof(events.map(e => e.leaf_hash), idx);
20
- }
21
- //# sourceMappingURL=checkpoint.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"checkpoint.js","sourceRoot":"","sources":["../../src/core/checkpoint.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AAIxC,MAAM,UAAU,gBAAgB,CAAC,MAAyB,EAAE,aAAa,GAAG,OAAO;IACjF,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC/D,MAAM,EAAE,IAAI,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;IAC/D,MAAM,UAAU,GAAwB;QACtC,WAAW,EAAE,IAAI,EAAE,oBAAoB,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,eAAe;QAClE,kBAAkB,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,eAAe;QAC7D,cAAc,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,aAAa,IAAI,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;KACjG,CAAC;IACF,OAAO,EAAE,UAAU,EAAE,OAAO,EAAE,EAAE,oBAAoB,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;AAClG,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAyB,EAAE,SAAiB;IAC9E,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe,KAAK,SAAS,CAAC,CAAC;IACnE,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,YAAY,SAAS,eAAe,CAAC,CAAC;IACtE,OAAO,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC,CAAC;AAC3D,CAAC"}
@@ -1,8 +0,0 @@
1
- import type { HashHex, MerkleInclusionProof } from './types.js';
2
- export declare function buildMerkleTree(leaves: HashHex[]): {
3
- root: HashHex;
4
- layers: HashHex[][];
5
- };
6
- export declare function inclusionProof(leaves: HashHex[], idx: number): MerkleInclusionProof;
7
- export declare function verifyProof(proof: MerkleInclusionProof): boolean;
8
- //# sourceMappingURL=merkle.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"merkle.d.ts","sourceRoot":"","sources":["../../src/crypto/merkle.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAIhE,wBAAgB,eAAe,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,OAAO,EAAE,EAAE,CAAA;CAAE,CAczF;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,oBAAoB,CAanF;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,oBAAoB,GAAG,OAAO,CAMhE"}
@@ -1,42 +0,0 @@
1
- import { sha256Str } from './hash.js';
2
- function pair(l, r) { return sha256Str(l + r); }
3
- export function buildMerkleTree(leaves) {
4
- if (!leaves.length)
5
- throw new Error('Empty leaf set');
6
- if (leaves.length === 1)
7
- return { root: leaves[0], layers: [leaves] };
8
- const layers = [[...leaves]];
9
- let cur = leaves;
10
- while (cur.length > 1) {
11
- const next = [];
12
- for (let i = 0; i < cur.length; i += 2) {
13
- next.push(pair(cur[i], i + 1 < cur.length ? cur[i + 1] : cur[i]));
14
- }
15
- layers.push(next);
16
- cur = next;
17
- }
18
- return { root: cur[0], layers };
19
- }
20
- export function inclusionProof(leaves, idx) {
21
- if (idx < 0 || idx >= leaves.length)
22
- throw new RangeError(`Index ${idx} out of [0,${leaves.length})`);
23
- const { root, layers } = buildMerkleTree(leaves);
24
- const siblings = [];
25
- let ci = idx;
26
- for (let L = 0; L < layers.length - 1; L++) {
27
- const layer = layers[L];
28
- const isRight = ci % 2 === 1;
29
- const si = isRight ? ci - 1 : (ci + 1 < layer.length ? ci + 1 : ci);
30
- siblings.push({ hash: layer[si], position: isRight ? 'left' : 'right' });
31
- ci = Math.floor(ci / 2);
32
- }
33
- return { leafHash: leaves[idx], leafIndex: idx, siblings, root };
34
- }
35
- export function verifyProof(proof) {
36
- let h = proof.leafHash;
37
- for (const s of proof.siblings) {
38
- h = s.position === 'left' ? pair(s.hash, h) : pair(h, s.hash);
39
- }
40
- return h === proof.root;
41
- }
42
- //# sourceMappingURL=merkle.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"merkle.js","sourceRoot":"","sources":["../../src/crypto/merkle.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAGtC,SAAS,IAAI,CAAC,CAAU,EAAE,CAAU,IAAa,OAAO,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAE3E,MAAM,UAAU,eAAe,CAAC,MAAiB;IAC/C,IAAI,CAAC,MAAM,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;IACtD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC;IACtE,MAAM,MAAM,GAAgB,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;IAC1C,IAAI,GAAG,GAAG,MAAM,CAAC;IACjB,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,GAAc,EAAE,CAAC;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClB,GAAG,GAAG,IAAI,CAAC;IACb,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,MAAiB,EAAE,GAAW;IAC3D,IAAI,GAAG,GAAG,CAAC,IAAI,GAAG,IAAI,MAAM,CAAC,MAAM;QAAE,MAAM,IAAI,UAAU,CAAC,SAAS,GAAG,cAAc,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC;IACtG,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,QAAQ,GAAqC,EAAE,CAAC;IACtD,IAAI,EAAE,GAAG,GAAG,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,OAAO,GAAG,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC;QAC7B,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;QACpE,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;QACzE,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IAC1B,CAAC;IACD,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AACnE,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,KAA2B;IACrD,IAAI,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC;IACvB,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC/B,CAAC,GAAG,CAAC,CAAC,QAAQ,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,CAAC,KAAK,KAAK,CAAC,IAAI,CAAC;AAC1B,CAAC"}
@@ -1,28 +0,0 @@
1
- /**
2
- * AGA Gateway Bundle Verifier
3
- * Verifies Ed25519-SHA256-JCS evidence bundles.
4
- * Uses ONLY @noble crypto - zero imports from ../core/ or ../crypto/.
5
- *
6
- * 5-step verification matching gateway, Python SDK, and browser verifier:
7
- * 1. Algorithm check
8
- * 2. Receipt signature verification
9
- * 3. Chain integrity (previous_receipt_hash linkage)
10
- * 4. Merkle inclusion proofs
11
- * 5. Bundle consistency (leaf hashes match receipts)
12
- *
13
- * Copyright (c) 2026 Attested Intelligence Holdings LLC
14
- * SPDX-License-Identifier: MIT
15
- */
16
- export interface GatewayVerificationResult {
17
- algorithm_valid: boolean;
18
- receipt_signatures_valid: boolean;
19
- chain_integrity_valid: boolean;
20
- merkle_proofs_valid: boolean;
21
- bundle_consistent: boolean;
22
- overall_valid: boolean;
23
- receipts_checked: number;
24
- algorithm: string;
25
- error?: string;
26
- }
27
- export declare function verifyGatewayBundle(bundleJson: string): Promise<GatewayVerificationResult>;
28
- //# sourceMappingURL=verify.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAiDH,MAAM,WAAW,yBAAyB;IACxC,eAAe,EAAE,OAAO,CAAC;IACzB,wBAAwB,EAAE,OAAO,CAAC;IAClC,qBAAqB,EAAE,OAAO,CAAC;IAC/B,mBAAmB,EAAE,OAAO,CAAC;IAC7B,iBAAiB,EAAE,OAAO,CAAC;IAC3B,aAAa,EAAE,OAAO,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,wBAAsB,mBAAmB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,yBAAyB,CAAC,CA2HhG"}
@@ -1,182 +0,0 @@
1
- /**
2
- * AGA Gateway Bundle Verifier
3
- * Verifies Ed25519-SHA256-JCS evidence bundles.
4
- * Uses ONLY @noble crypto - zero imports from ../core/ or ../crypto/.
5
- *
6
- * 5-step verification matching gateway, Python SDK, and browser verifier:
7
- * 1. Algorithm check
8
- * 2. Receipt signature verification
9
- * 3. Chain integrity (previous_receipt_hash linkage)
10
- * 4. Merkle inclusion proofs
11
- * 5. Bundle consistency (leaf hashes match receipts)
12
- *
13
- * Copyright (c) 2026 Attested Intelligence Holdings LLC
14
- * SPDX-License-Identifier: MIT
15
- */
16
- import * as ed from '@noble/ed25519';
17
- import { sha512 } from '@noble/hashes/sha512';
18
- import { sha256 } from '@noble/hashes/sha256';
19
- import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
20
- // Ed25519 setup
21
- ed.etc.sha512Sync = (...m) => {
22
- const total = m.reduce((n, a) => n + a.length, 0);
23
- const buf = new Uint8Array(total);
24
- let off = 0;
25
- for (const a of m) {
26
- buf.set(a, off);
27
- off += a.length;
28
- }
29
- return sha512(buf);
30
- };
31
- const enc = new TextEncoder();
32
- // ── RFC 8785 Canonicalization ────────────────────────────────
33
- function deepSortKeys(obj) {
34
- if (obj === null || obj === undefined || typeof obj !== 'object')
35
- return obj;
36
- if (Array.isArray(obj))
37
- return obj.map(deepSortKeys);
38
- const sorted = {};
39
- for (const key of Object.keys(obj).sort()) {
40
- sorted[key] = deepSortKeys(obj[key]);
41
- }
42
- return sorted;
43
- }
44
- function canonicalize(obj) {
45
- return JSON.stringify(deepSortKeys(obj));
46
- }
47
- function sha256Hex(data) {
48
- return bytesToHex(sha256(enc.encode(data)));
49
- }
50
- function merkleNodeHash(leftHex, rightHex) {
51
- const left = hexToBytes(leftHex);
52
- const right = hexToBytes(rightHex);
53
- const combined = new Uint8Array(left.length + right.length);
54
- combined.set(left, 0);
55
- combined.set(right, left.length);
56
- return bytesToHex(sha256(combined));
57
- }
58
- // ── 5-step verification ─────────────────────────────────────
59
- export async function verifyGatewayBundle(bundleJson) {
60
- let bundle;
61
- try {
62
- bundle = JSON.parse(bundleJson);
63
- }
64
- catch {
65
- return {
66
- algorithm_valid: false, receipt_signatures_valid: false,
67
- chain_integrity_valid: false, merkle_proofs_valid: false,
68
- bundle_consistent: false, overall_valid: false,
69
- receipts_checked: 0, algorithm: '', error: 'Invalid JSON',
70
- };
71
- }
72
- const result = {
73
- algorithm_valid: false, receipt_signatures_valid: false,
74
- chain_integrity_valid: false, merkle_proofs_valid: false,
75
- bundle_consistent: false, overall_valid: false,
76
- receipts_checked: bundle.receipts?.length ?? 0,
77
- algorithm: bundle.algorithm ?? '',
78
- };
79
- // Step 1: Algorithm
80
- if (bundle.algorithm !== 'Ed25519-SHA256-JCS') {
81
- result.error = `unsupported algorithm: ${bundle.algorithm}`;
82
- return result;
83
- }
84
- for (const r of bundle.receipts) {
85
- if (r.algorithm !== 'Ed25519-SHA256-JCS') {
86
- result.error = `receipt has wrong algorithm: ${r.algorithm}`;
87
- return result;
88
- }
89
- }
90
- result.algorithm_valid = true;
91
- // Step 2: Receipt signatures
92
- try {
93
- for (const receipt of bundle.receipts) {
94
- const { signature, ...unsigned } = receipt;
95
- const canonical = canonicalize(unsigned);
96
- const sig = hexToBytes(signature);
97
- const pk = hexToBytes(receipt.public_key);
98
- if (!ed.verify(sig, enc.encode(canonical), pk)) {
99
- result.error = `Receipt ${receipt.receipt_id} signature failed`;
100
- return result;
101
- }
102
- }
103
- result.receipt_signatures_valid = true;
104
- }
105
- catch (e) {
106
- result.error = `signature verification error: ${e}`;
107
- return result;
108
- }
109
- // Step 3: Chain integrity
110
- try {
111
- const receipts = bundle.receipts;
112
- if (receipts.length > 0 && receipts[0].previous_receipt_hash !== '') {
113
- result.error = 'First receipt previous_receipt_hash must be empty';
114
- return result;
115
- }
116
- for (let i = 1; i < receipts.length; i++) {
117
- const expectedHash = sha256Hex(canonicalize(receipts[i - 1]));
118
- if (receipts[i].previous_receipt_hash !== expectedHash) {
119
- result.error = `Chain break at receipt ${i}`;
120
- return result;
121
- }
122
- }
123
- result.chain_integrity_valid = true;
124
- }
125
- catch (e) {
126
- result.error = `chain integrity error: ${e}`;
127
- return result;
128
- }
129
- // Step 4: Merkle proofs
130
- try {
131
- for (const proof of bundle.merkle_proofs) {
132
- let currentHash = proof.leaf_hash;
133
- for (let i = 0; i < proof.siblings.length; i++) {
134
- if (proof.directions[i] === 'left') {
135
- currentHash = merkleNodeHash(proof.siblings[i], currentHash);
136
- }
137
- else {
138
- currentHash = merkleNodeHash(currentHash, proof.siblings[i]);
139
- }
140
- }
141
- if (currentHash !== bundle.merkle_root) {
142
- result.error = `Merkle proof failed for leaf ${proof.leaf_index}`;
143
- return result;
144
- }
145
- if (proof.merkle_root !== bundle.merkle_root) {
146
- result.error = `Proof root mismatch at leaf ${proof.leaf_index}`;
147
- return result;
148
- }
149
- }
150
- result.merkle_proofs_valid = true;
151
- }
152
- catch (e) {
153
- result.error = `merkle proof error: ${e}`;
154
- return result;
155
- }
156
- // Step 5: Bundle consistency
157
- try {
158
- if (bundle.merkle_proofs.length !== bundle.receipts.length) {
159
- result.error = 'Proof count != receipt count';
160
- return result;
161
- }
162
- for (let i = 0; i < bundle.receipts.length; i++) {
163
- const leafHash = sha256Hex(canonicalize(bundle.receipts[i]));
164
- if (bundle.merkle_proofs[i].leaf_hash !== leafHash) {
165
- result.error = `Leaf hash mismatch at receipt ${i}`;
166
- return result;
167
- }
168
- if (bundle.merkle_proofs[i].leaf_index !== i) {
169
- result.error = `Leaf index mismatch at receipt ${i}`;
170
- return result;
171
- }
172
- }
173
- result.bundle_consistent = true;
174
- }
175
- catch (e) {
176
- result.error = `consistency error: ${e}`;
177
- return result;
178
- }
179
- result.overall_valid = true;
180
- return result;
181
- }
182
- //# sourceMappingURL=verify.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"verify.js","sourceRoot":"","sources":["../../src/proxy/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE7D,gBAAgB;AAChB,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE;IACzC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAClC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC;AACrB,CAAC,CAAC;AAEF,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,gEAAgE;AAEhE,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,YAAY,CAAC,GAAY;IAChC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC;AAED,SAAS,SAAS,CAAC,IAAY;IAC7B,OAAO,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,cAAc,CAAC,OAAe,EAAE,QAAgB;IACvD,MAAM,IAAI,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACjC,MAAM,KAAK,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5D,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;IACtB,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;IACjC,OAAO,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;AACtC,CAAC;AAgBD,+DAA+D;AAE/D,MAAM,CAAC,KAAK,UAAU,mBAAmB,CAAC,UAAkB;IAC1D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;YACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;YACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;YAC9C,gBAAgB,EAAE,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,cAAc;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAA8B;QACxC,eAAe,EAAE,KAAK,EAAE,wBAAwB,EAAE,KAAK;QACvD,qBAAqB,EAAE,KAAK,EAAE,mBAAmB,EAAE,KAAK;QACxD,iBAAiB,EAAE,KAAK,EAAE,aAAa,EAAE,KAAK;QAC9C,gBAAgB,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAM,IAAI,CAAC;QAC9C,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,EAAE;KAClC,CAAC;IAEF,oBAAoB;IACpB,IAAI,MAAM,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;QAC9C,MAAM,CAAC,KAAK,GAAG,0BAA0B,MAAM,CAAC,SAAS,EAAE,CAAC;QAC5D,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QAChC,IAAI,CAAC,CAAC,SAAS,KAAK,oBAAoB,EAAE,CAAC;YACzC,MAAM,CAAC,KAAK,GAAG,gCAAgC,CAAC,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IACD,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC;IAE9B,6BAA6B;IAC7B,IAAI,CAAC;QACH,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,OAAO,CAAC;YAC3C,MAAM,SAAS,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC;YAClC,MAAM,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YAC1C,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBAC/C,MAAM,CAAC,KAAK,GAAG,WAAW,OAAO,CAAC,UAAU,mBAAmB,CAAC;gBAChE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,wBAAwB,GAAG,IAAI,CAAC;IACzC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0BAA0B;IAC1B,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,EAAE,EAAE,CAAC;YACpE,MAAM,CAAC,KAAK,GAAG,mDAAmD,CAAC;YACnE,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACzC,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC,qBAAqB,KAAK,YAAY,EAAE,CAAC;gBACvD,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;gBAC7C,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACtC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,0BAA0B,CAAC,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC;QACH,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzC,IAAI,WAAW,GAAG,KAAK,CAAC,SAAS,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/C,IAAI,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;oBACnC,WAAW,GAAG,cAAc,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;gBAC/D,CAAC;qBAAM,CAAC;oBACN,WAAW,GAAG,cAAc,CAAC,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;YACD,IAAI,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBACvC,MAAM,CAAC,KAAK,GAAG,gCAAgC,KAAK,CAAC,UAAU,EAAE,CAAC;gBAClE,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,KAAK,CAAC,WAAW,KAAK,MAAM,CAAC,WAAW,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,+BAA+B,KAAK,CAAC,UAAU,EAAE,CAAC;gBACjE,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,mBAAmB,GAAG,IAAI,CAAC;IACpC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,uBAAuB,CAAC,EAAE,CAAC;QAC1C,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,6BAA6B;IAC7B,IAAI,CAAC;QACH,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAM,CAAC,KAAK,GAAG,8BAA8B,CAAC;YAC9C,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7D,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;gBACnD,MAAM,CAAC,KAAK,GAAG,iCAAiC,CAAC,EAAE,CAAC;gBACpD,OAAO,MAAM,CAAC;YAChB,CAAC;YACD,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC7C,MAAM,CAAC,KAAK,GAAG,kCAAkC,CAAC,EAAE,CAAC;gBACrD,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QACD,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAClC,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,MAAM,CAAC,KAAK,GAAG,sBAAsB,CAAC,EAAE,CAAC;QACzC,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,OAAO,MAAM,CAAC;AAChB,CAAC"}