npm - @brightchain/brightchain-api-lib - Versions diffs - 0.14.0 → 0.15.0 - Mend

@brightchain/brightchain-api-lib 0.14.0 → 0.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/package.json +5 -5
package/src/index.d.ts +3 -0
package/src/index.d.ts.map +1 -1
package/src/index.js +5 -0
package/src/index.js.map +1 -1
package/src/lib/application.d.ts +1 -0
package/src/lib/application.d.ts.map +1 -1
package/src/lib/application.js +23 -0
package/src/lib/application.js.map +1 -1
package/src/lib/auth/aclEnforcedAvailability.d.ts +57 -0
package/src/lib/auth/aclEnforcedAvailability.d.ts.map +1 -0
package/src/lib/auth/aclEnforcedAvailability.js +87 -0
package/src/lib/auth/aclEnforcedAvailability.js.map +1 -0
package/src/lib/auth/aclEnforcedBlockStore.d.ts +66 -0
package/src/lib/auth/aclEnforcedBlockStore.d.ts.map +1 -0
package/src/lib/auth/aclEnforcedBlockStore.js +83 -0
package/src/lib/auth/aclEnforcedBlockStore.js.map +1 -0
package/src/lib/auth/ecdsaNodeAuthenticator.d.ts +46 -0
package/src/lib/auth/ecdsaNodeAuthenticator.d.ts.map +1 -0
package/src/lib/auth/ecdsaNodeAuthenticator.js +110 -0
package/src/lib/auth/ecdsaNodeAuthenticator.js.map +1 -0
package/src/lib/auth/index.d.ts +7 -0
package/src/lib/auth/index.d.ts.map +1 -0
package/src/lib/auth/index.js +13 -0
package/src/lib/auth/index.js.map +1 -0
package/src/lib/auth/poolAclBootstrap.d.ts +36 -0
package/src/lib/auth/poolAclBootstrap.d.ts.map +1 -0
package/src/lib/auth/poolAclBootstrap.js +64 -0
package/src/lib/auth/poolAclBootstrap.js.map +1 -0
package/src/lib/auth/poolAclStore.d.ts +77 -0
package/src/lib/auth/poolAclStore.d.ts.map +1 -0
package/src/lib/auth/poolAclStore.js +189 -0
package/src/lib/auth/poolAclStore.js.map +1 -0
package/src/lib/auth/poolAclUpdater.d.ts +79 -0
package/src/lib/auth/poolAclUpdater.d.ts.map +1 -0
package/src/lib/auth/poolAclUpdater.js +144 -0
package/src/lib/auth/poolAclUpdater.js.map +1 -0
package/src/lib/availability/availabilityService.d.ts +2 -2
package/src/lib/availability/availabilityService.d.ts.map +1 -1
package/src/lib/availability/availabilityService.js +12 -5
package/src/lib/availability/availabilityService.js.map +1 -1
package/src/lib/availability/blockRegistry.d.ts +45 -3
package/src/lib/availability/blockRegistry.d.ts.map +1 -1
package/src/lib/availability/blockRegistry.js +123 -5
package/src/lib/availability/blockRegistry.js.map +1 -1
package/src/lib/availability/discoveryProtocol.d.ts +30 -1
package/src/lib/availability/discoveryProtocol.d.ts.map +1 -1
package/src/lib/availability/discoveryProtocol.js +76 -0
package/src/lib/availability/discoveryProtocol.js.map +1 -1
package/src/lib/availability/gossipService.d.ts +45 -6
package/src/lib/availability/gossipService.d.ts.map +1 -1
package/src/lib/availability/gossipService.js +177 -5
package/src/lib/availability/gossipService.js.map +1 -1
package/src/lib/availability/reconciliationService.d.ts +88 -1
package/src/lib/availability/reconciliationService.d.ts.map +1 -1
package/src/lib/availability/reconciliationService.js +246 -48
package/src/lib/availability/reconciliationService.js.map +1 -1
package/src/lib/blockFetch/blockFetcher.d.ts +100 -0
package/src/lib/blockFetch/blockFetcher.d.ts.map +1 -0
package/src/lib/blockFetch/blockFetcher.js +279 -0
package/src/lib/blockFetch/blockFetcher.js.map +1 -0
package/src/lib/blockFetch/fetchQueue.d.ts +88 -0
package/src/lib/blockFetch/fetchQueue.d.ts.map +1 -0
package/src/lib/blockFetch/fetchQueue.js +204 -0
package/src/lib/blockFetch/fetchQueue.js.map +1 -0
package/src/lib/blockFetch/httpBlockFetchTransport.d.ts +65 -0
package/src/lib/blockFetch/httpBlockFetchTransport.d.ts.map +1 -0
package/src/lib/blockFetch/httpBlockFetchTransport.js +104 -0
package/src/lib/blockFetch/httpBlockFetchTransport.js.map +1 -0
package/src/lib/blockFetch/index.d.ts +10 -0
package/src/lib/blockFetch/index.d.ts.map +1 -0
package/src/lib/blockFetch/index.js +13 -0
package/src/lib/blockFetch/index.js.map +1 -0
package/src/lib/controllers/api/brightpass.d.ts +72 -0
package/src/lib/controllers/api/brightpass.d.ts.map +1 -0
package/src/lib/controllers/api/brightpass.js +577 -0
package/src/lib/controllers/api/brightpass.js.map +1 -0
package/src/lib/controllers/api/channels.d.ts +122 -0
package/src/lib/controllers/api/channels.d.ts.map +1 -0
package/src/lib/controllers/api/channels.js +701 -0
package/src/lib/controllers/api/channels.js.map +1 -0
package/src/lib/controllers/api/conversations.d.ts +89 -0
package/src/lib/controllers/api/conversations.d.ts.map +1 -0
package/src/lib/controllers/api/conversations.js +259 -0
package/src/lib/controllers/api/conversations.js.map +1 -0
package/src/lib/controllers/api/emails.d.ts +122 -0
package/src/lib/controllers/api/emails.d.ts.map +1 -0
package/src/lib/controllers/api/emails.js +494 -0
package/src/lib/controllers/api/emails.js.map +1 -0
package/src/lib/controllers/api/explodingMessages.d.ts +79 -0
package/src/lib/controllers/api/explodingMessages.d.ts.map +1 -0
package/src/lib/controllers/api/explodingMessages.js +378 -0
package/src/lib/controllers/api/explodingMessages.js.map +1 -0
package/src/lib/controllers/api/groups.d.ts +94 -0
package/src/lib/controllers/api/groups.d.ts.map +1 -0
package/src/lib/controllers/api/groups.js +484 -0
package/src/lib/controllers/api/groups.js.map +1 -0
package/src/lib/controllers/api/index.d.ts +6 -0
package/src/lib/controllers/api/index.d.ts.map +1 -1
package/src/lib/controllers/api/index.js +6 -0
package/src/lib/controllers/api/index.js.map +1 -1
package/src/lib/controllers/api/messages.d.ts.map +1 -1
package/src/lib/controllers/api/messages.js +2 -1
package/src/lib/controllers/api/messages.js.map +1 -1
package/src/lib/controllers/api/sync.d.ts +38 -2
package/src/lib/controllers/api/sync.d.ts.map +1 -1
package/src/lib/controllers/api/sync.js +89 -0
package/src/lib/controllers/api/sync.js.map +1 -1
package/src/lib/controllers/crypto/gitController.d.ts +70 -0
package/src/lib/controllers/crypto/gitController.d.ts.map +1 -0
package/src/lib/controllers/crypto/gitController.js +306 -0
package/src/lib/controllers/crypto/gitController.js.map +1 -0
package/src/lib/controllers/crypto/index.d.ts +3 -0
package/src/lib/controllers/crypto/index.d.ts.map +1 -0
package/src/lib/controllers/crypto/index.js +6 -0
package/src/lib/controllers/crypto/index.js.map +1 -0
package/src/lib/controllers/crypto/walletController.d.ts +64 -0
package/src/lib/controllers/crypto/walletController.d.ts.map +1 -0
package/src/lib/controllers/crypto/walletController.js +260 -0
package/src/lib/controllers/crypto/walletController.js.map +1 -0
package/src/lib/controllers/identity/deviceController.d.ts +96 -0
package/src/lib/controllers/identity/deviceController.d.ts.map +1 -0
package/src/lib/controllers/identity/deviceController.js +355 -0
package/src/lib/controllers/identity/deviceController.js.map +1 -0
package/src/lib/controllers/identity/directoryController.d.ts +75 -0
package/src/lib/controllers/identity/directoryController.d.ts.map +1 -0
package/src/lib/controllers/identity/directoryController.js +288 -0
package/src/lib/controllers/identity/directoryController.js.map +1 -0
package/src/lib/controllers/identity/identityProofController.d.ts +94 -0
package/src/lib/controllers/identity/identityProofController.d.ts.map +1 -0
package/src/lib/controllers/identity/identityProofController.js +454 -0
package/src/lib/controllers/identity/identityProofController.js.map +1 -0
package/src/lib/controllers/identity/index.d.ts +4 -0
package/src/lib/controllers/identity/index.d.ts.map +1 -0
package/src/lib/controllers/identity/index.js +7 -0
package/src/lib/controllers/identity/index.js.map +1 -0
package/src/lib/controllers/index.d.ts +2 -0
package/src/lib/controllers/index.d.ts.map +1 -1
package/src/lib/controllers/index.js +2 -0
package/src/lib/controllers/index.js.map +1 -1
package/src/lib/encryption/encryptedMetadataService.d.ts +87 -0
package/src/lib/encryption/encryptedMetadataService.d.ts.map +1 -0
package/src/lib/encryption/encryptedMetadataService.js +224 -0
package/src/lib/encryption/encryptedMetadataService.js.map +1 -0
package/src/lib/encryption/encryptionAwareReplication.d.ts +76 -0
package/src/lib/encryption/encryptionAwareReplication.d.ts.map +1 -0
package/src/lib/encryption/encryptionAwareReplication.js +116 -0
package/src/lib/encryption/encryptionAwareReplication.js.map +1 -0
package/src/lib/encryption/errors.d.ts +49 -0
package/src/lib/encryption/errors.d.ts.map +1 -0
package/src/lib/encryption/errors.js +80 -0
package/src/lib/encryption/errors.js.map +1 -0
package/src/lib/encryption/index.d.ts +6 -0
package/src/lib/encryption/index.d.ts.map +1 -0
package/src/lib/encryption/index.js +9 -0
package/src/lib/encryption/index.js.map +1 -0
package/src/lib/encryption/poolEncryptionService.d.ts +94 -0
package/src/lib/encryption/poolEncryptionService.d.ts.map +1 -0
package/src/lib/encryption/poolEncryptionService.js +252 -0
package/src/lib/encryption/poolEncryptionService.js.map +1 -0
package/src/lib/encryption/poolKeyManager.d.ts +82 -0
package/src/lib/encryption/poolKeyManager.d.ts.map +1 -0
package/src/lib/encryption/poolKeyManager.js +156 -0
package/src/lib/encryption/poolKeyManager.js.map +1 -0
package/src/lib/environment.d.ts +3 -0
package/src/lib/environment.d.ts.map +1 -1
package/src/lib/environment.js +5 -0
package/src/lib/environment.js.map +1 -1
package/src/lib/interfaces/environment.d.ts +7 -1
package/src/lib/interfaces/environment.d.ts.map +1 -1
package/src/lib/interfaces/index.d.ts +0 -1
package/src/lib/interfaces/index.d.ts.map +1 -1
package/src/lib/interfaces/requests/getBlockDataRequest.d.ts +12 -0
package/src/lib/interfaces/requests/getBlockDataRequest.d.ts.map +1 -0
package/src/lib/interfaces/{blockStore.js → requests/getBlockDataRequest.js} +1 -1
package/src/lib/interfaces/requests/getBlockDataRequest.js.map +1 -0
package/src/lib/interfaces/requests/index.d.ts +1 -0
package/src/lib/interfaces/requests/index.d.ts.map +1 -1
package/src/lib/routers/api.d.ts +54 -1
package/src/lib/routers/api.d.ts.map +1 -1
package/src/lib/routers/api.js +77 -0
package/src/lib/routers/api.js.map +1 -1
package/src/lib/services/blockStore.d.ts +5 -2
package/src/lib/services/blockStore.d.ts.map +1 -1
package/src/lib/services/blockStore.js +4 -0
package/src/lib/services/blockStore.js.map +1 -1
package/src/lib/services/brightpass/auditLogger.d.ts +77 -0
package/src/lib/services/brightpass/auditLogger.d.ts.map +1 -0
package/src/lib/services/brightpass/auditLogger.js +184 -0
package/src/lib/services/brightpass/auditLogger.js.map +1 -0
package/src/lib/services/brightpass/vaultEncryption.d.ts +82 -0
package/src/lib/services/brightpass/vaultEncryption.d.ts.map +1 -0
package/src/lib/services/brightpass/vaultEncryption.js +144 -0
package/src/lib/services/brightpass/vaultEncryption.js.map +1 -0
package/src/lib/services/brightpass.d.ts +294 -0
package/src/lib/services/brightpass.d.ts.map +1 -0
package/src/lib/services/brightpass.js +1260 -0
package/src/lib/services/brightpass.js.map +1 -0
package/src/lib/services/eventNotificationSystem.d.ts +69 -3
package/src/lib/services/eventNotificationSystem.d.ts.map +1 -1
package/src/lib/services/eventNotificationSystem.js +200 -0
package/src/lib/services/eventNotificationSystem.js.map +1 -1
package/src/lib/services/expirationScheduler.d.ts +90 -0
package/src/lib/services/expirationScheduler.d.ts.map +1 -0
package/src/lib/services/expirationScheduler.js +131 -0
package/src/lib/services/expirationScheduler.js.map +1 -0
package/src/lib/services/fecUsageExample.d.ts +2 -2
package/src/lib/services/index.d.ts +2 -0
package/src/lib/services/index.d.ts.map +1 -1
package/src/lib/services/index.js +2 -0
package/src/lib/services/index.js.map +1 -1
package/src/lib/services/paginationService.d.ts +18 -0
package/src/lib/services/paginationService.d.ts.map +1 -0
package/src/lib/services/paginationService.js +32 -0
package/src/lib/services/paginationService.js.map +1 -0
package/src/lib/services/presenceService.d.ts +76 -0
package/src/lib/services/presenceService.d.ts.map +1 -0
package/src/lib/services/presenceService.js +143 -0
package/src/lib/services/presenceService.js.map +1 -0
package/src/lib/services/wireConversationPromotion.d.ts +23 -0
package/src/lib/services/wireConversationPromotion.d.ts.map +1 -0
package/src/lib/services/wireConversationPromotion.js +26 -0
package/src/lib/services/wireConversationPromotion.js.map +1 -0
package/src/lib/stores/availabilityAwareBlockStore.d.ts +115 -10
package/src/lib/stores/availabilityAwareBlockStore.d.ts.map +1 -1
package/src/lib/stores/availabilityAwareBlockStore.js +267 -23
package/src/lib/stores/availabilityAwareBlockStore.js.map +1 -1
package/src/lib/stores/diskBlockAsyncStore.d.ts +81 -2
package/src/lib/stores/diskBlockAsyncStore.d.ts.map +1 -1
package/src/lib/stores/diskBlockAsyncStore.js +297 -10
package/src/lib/stores/diskBlockAsyncStore.js.map +1 -1
package/src/lib/utils/communicationValidation.d.ts +44 -0
package/src/lib/utils/communicationValidation.d.ts.map +1 -0
package/src/lib/utils/communicationValidation.js +291 -0
package/src/lib/utils/communicationValidation.js.map +1 -0
package/src/lib/utils/emailValidation.d.ts +19 -0
package/src/lib/utils/emailValidation.d.ts.map +1 -0
package/src/lib/utils/emailValidation.js +232 -0
package/src/lib/utils/emailValidation.js.map +1 -0
package/src/lib/interfaces/blockStore.d.ts +0 -7
package/src/lib/interfaces/blockStore.d.ts.map +0 -1
package/src/lib/interfaces/blockStore.js.map +0 -1

package/src/lib/services/brightpass/auditLogger.js ADDED Viewed

@@ -0,0 +1,184 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLogger = void 0;
+const brightchain_lib_1 = require("@brightchain/brightchain-lib");
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+/**
+ * AuditLogger - Stores audit log entries as encrypted blocks
+ *
+ * Supports two modes:
+ * 1. In-memory mode (default): Entries stored in memory array for testing/development
+ * 2. Block store mode: Entries persisted as encrypted blocks in BrightChain's block store
+ *
+ * Entries are append-only and retrieved in reverse chronological order.
+ *
+ * Requirements: 4.1, 4.2, 4.3, 4.4
+ */
+class AuditLogger {
+    /**
+     * Create an AuditLogger instance.
+     *
+     * @param blockStore - Optional block store for encrypted persistence (Req 4.1)
+     * @param systemMember - Optional system member with public key for encryption (Req 4.3)
+     * @param batchSize - Number of entries to batch before creating a block (default: 10)
+     * @param blockSize - Block size for audit log blocks (default: BlockSize.Small)
+     */
+    constructor(blockStore, systemMember, batchSize = 10, blockSize = brightchain_lib_1.BlockSize.Small) {
+        this.entries = [];
+        this.headBlockId = null;
+        this.cachedBlockEntries = null;
+        this.pendingEntries = [];
+        this.persistedEntryCount = 0;
+        this.blockStore = blockStore;
+        this.systemMember = systemMember;
+        this.batchSize = batchSize;
+        this.blockSize = blockSize;
+        this.blockService = new brightchain_lib_1.BlockService();
+    }
+    /**
+     * Check if this logger is using encrypted block storage.
+     * Requires both a block store and a system member with public key.
+     */
+    get isUsingBlockStore() {
+        return this.blockStore !== undefined && this.systemMember !== undefined;
+    }
+    /**
+     * Log an audit entry.
+     *
+     * In block store mode, entries are batched and periodically persisted as encrypted blocks.
+     * In memory mode, entries are simply appended to the in-memory array.
+     *
+     * Requirements: 4.1, 4.2
+     */
+    async log(entry) {
+        const logEntry = {
+            ...entry,
+            timestamp: new Date(),
+        };
+        if (this.isUsingBlockStore) {
+            this.pendingEntries.push(logEntry);
+            if (this.pendingEntries.length >= this.batchSize) {
+                await this.flushToBlockStore();
+            }
+        }
+        else {
+            this.entries.push(logEntry);
+        }
+    }
+    /**
+     * Flush pending entries to the block store as an encrypted block.
+     * Uses EncryptedBlock for encryption with the system member's public key.
+     * Requirements: 4.2, 4.3, 4.4
+     */
+    async flushToBlockStore() {
+        if (!this.isUsingBlockStore || this.pendingEntries.length === 0) {
+            return;
+        }
+        const block = {
+            entries: [...this.pendingEntries],
+            previousBlockId: this.headBlockId,
+            createdAt: new Date().toISOString(),
+        };
+        const serialized = JSON.stringify(block);
+        const dataBuffer = new TextEncoder().encode(serialized);
+        const paddedData = new Uint8Array(this.blockSize);
+        paddedData.set(dataBuffer);
+        const checksumService = (0, brightchain_lib_1.getGlobalServiceProvider)().checksumService;
+        const checksum = checksumService.calculateChecksum(paddedData);
+        const ephemeralBlock = await brightchain_lib_1.EphemeralBlock.from(brightchain_lib_1.BlockType.EphemeralOwnedDataBlock, brightchain_lib_1.BlockDataType.EphemeralStructuredData, this.blockSize, paddedData, checksum, this.systemMember, new Date(), dataBuffer.length);
+        const encryptedBlock = await this.blockService.encrypt(brightchain_lib_1.BlockType.EncryptedOwnedDataBlock, ephemeralBlock, this.systemMember);
+        // Store the encrypted block - the block store uses the block's checksum as the key
+        await this.blockStore.put(encryptedBlock.idChecksum, encryptedBlock.data);
+        // Store the block's checksum as the head block ID (hex string)
+        this.headBlockId = encryptedBlock.idChecksum.toHex();
+        this.persistedEntryCount += this.pendingEntries.length;
+        this.pendingEntries = [];
+        this.cachedBlockEntries = null;
+    }
+    /**
+     * Get audit log entries in reverse chronological order.
+     * Requirements: 4.1
+     */
+    async getEntries(limit) {
+        let allEntries;
+        if (this.isUsingBlockStore) {
+            if (this.cachedBlockEntries === null) {
+                this.cachedBlockEntries = await this.loadEntriesFromBlockStore();
+            }
+            allEntries = [...this.pendingEntries, ...this.cachedBlockEntries];
+        }
+        else {
+            allEntries = [...this.entries];
+        }
+        const sorted = allEntries.sort((a, b) => b.timestamp.getTime() - a.timestamp.getTime());
+        return limit ? sorted.slice(0, limit) : sorted;
+    }
+    /**
+     * Get the total entry count.
+     */
+    getCount() {
+        if (this.isUsingBlockStore) {
+            return this.pendingEntries.length + this.persistedEntryCount;
+        }
+        return this.entries.length;
+    }
+    /**
+     * Load all entries from the block store by traversing the block chain.
+     * Decrypts each block using the system member's private key.
+     */
+    async loadEntriesFromBlockStore() {
+        if (!this.blockStore || !this.headBlockId || !this.systemMember) {
+            return [];
+        }
+        if (!this.systemMember.hasPrivateKey || !this.systemMember.privateKey) {
+            return [];
+        }
+        const allEntries = [];
+        let currentBlockId = this.headBlockId;
+        while (currentBlockId) {
+            try {
+                const hasBlock = await this.blockStore.has(currentBlockId);
+                if (!hasBlock) {
+                    break;
+                }
+                const blockHandle = this.blockStore.get(currentBlockId);
+                const encryptedData = blockHandle.fullData;
+                // Extract the ECIES data directly from the encrypted block
+                // The header structure is: [EncType(1)][RecipientID(idSize)][ECIES header + ciphertext]
+                const idProvider = (0, brightchain_lib_1.getGlobalServiceProvider)().idProvider;
+                const eciesDataOffset = ecies_lib_1.UINT8_SIZE + idProvider.byteLength;
+                const eciesData = encryptedData.subarray(eciesDataOffset);
+                // Decrypt directly using the ECIES service
+                const eciesService = (0, brightchain_lib_1.getGlobalServiceProvider)().eciesService;
+                const decryptedData = await eciesService.decryptWithLengthAndHeader(this.systemMember.privateKey.idUint8Array, eciesData);
+                const jsonString = new TextDecoder().decode(decryptedData);
+                const parsedBlock = JSON.parse(jsonString);
+                const entries = parsedBlock.entries.map((e) => ({
+                    ...e,
+                    timestamp: new Date(e.timestamp),
+                }));
+                allEntries.push(...entries);
+                currentBlockId = parsedBlock.previousBlockId;
+            }
+            catch {
+                break;
+            }
+        }
+        return allEntries;
+    }
+    /**
+     * Set the head block ID (for restoring state from a persisted vault).
+     */
+    setHeadBlockId(blockId) {
+        this.headBlockId = blockId;
+        this.cachedBlockEntries = null;
+    }
+    /**
+     * Get the head block ID (for persisting vault state).
+     */
+    getHeadBlockId() {
+        return this.headBlockId;
+    }
+}
+exports.AuditLogger = AuditLogger;
+//# sourceMappingURL=auditLogger.js.map

package/src/lib/services/brightpass/auditLogger.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auditLogger.js","sourceRoot":"","sources":["../../../../../../brightchain-api-lib/src/lib/services/brightpass/auditLogger.ts"],"names":[],"mappings":";;;AAAA,kEAUsC;AACtC,0DAA4E;AAQ5E;;;;;;;;;;GAUG;AACH,MAAa,WAAW;IAYtB;;;;;;;OAOG;IACH,YACE,UAAwB,EACxB,YAA0B,EAC1B,SAAS,GAAG,EAAE,EACd,YAAuB,2BAAS,CAAC,KAAK;QAvBhC,YAAO,GAAoB,EAAE,CAAC;QAI9B,gBAAW,GAAkB,IAAI,CAAC;QAClC,uBAAkB,GAA2B,IAAI,CAAC;QAClD,mBAAc,GAAoB,EAAE,CAAC;QAErC,wBAAmB,GAAG,CAAC,CAAC;QAiB9B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,YAAY,GAAG,IAAI,8BAAY,EAAO,CAAC;IAC9C,CAAC;IAED;;;OAGG;IACH,IAAW,iBAAiB;QAC1B,OAAO,IAAI,CAAC,UAAU,KAAK,SAAS,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,CAAC;IAC1E,CAAC;IAED;;;;;;;OAOG;IACI,KAAK,CAAC,GAAG,CAAC,KAAuC;QACtD,MAAM,QAAQ,GAAkB;YAC9B,GAAG,KAAK;YACR,SAAS,EAAE,IAAI,IAAI,EAAE;SACtB,CAAC;QAEF,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACjD,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACjC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,iBAAiB;QAC5B,IAAI,CAAC,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChE,OAAO;QACT,CAAC;QAED,MAAM,KAAK,GAAkB;YAC3B,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC;YACjC,eAAe,EAAE,IAAI,CAAC,WAAW;YACjC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;QAExD,MAAM,UAAU,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAClD,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAE3B,MAAM,eAAe,GAAG,IAAA,0CAAwB,GAAO,CAAC,eAAe,CAAC;QACxE,MAAM,QAAQ,GAAG,eAAe,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAE/D,MAAM,cAAc,GAAG,MAAM,gCAAc,CAAC,IAAI,CAC9C,2BAAS,CAAC,uBAAuB,EACjC,+BAAa,CAAC,uBAAuB,EACrC,IAAI,CAAC,SAAS,EACd,UAAU,EACV,QAAQ,EACR,IAAI,CAAC,YAAa,EAClB,IAAI,IAAI,EAAE,EACV,UAAU,CAAC,MAAM,CAClB,CAAC;QAEF,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,OAAO,CACpD,2BAAS,CAAC,uBAAuB,EACjC,cAAc,EACd,IAAI,CAAC,YAAa,CACnB,CAAC;QAEF,mFAAmF;QACnF,MAAM,IAAI,CAAC,UAAW,CAAC,GAAG,CAAC,cAAc,CAAC,UAAU,EAAE,cAAc,CAAC,IAAI,CAAC,CAAC;QAE3E,+DAA+D;QAC/D,IAAI,CAAC,WAAW,GAAG,cAAc,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACrD,IAAI,CAAC,mBAAmB,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC;QACvD,IAAI,CAAC,cAAc,GAAG,EAAE,CAAC;QACzB,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;IACjC,CAAC;IAED;;;OAGG;IACI,KAAK,CAAC,UAAU,CAAC,KAAc;QACpC,IAAI,UAA2B,CAAC;QAEhC,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,IAAI,IAAI,CAAC,kBAAkB,KAAK,IAAI,EAAE,CAAC;gBACrC,IAAI,CAAC,kBAAkB,GAAG,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC;YACnE,CAAC;YACD,UAAU,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACpE,CAAC;aAAM,CAAC;YACN,UAAU,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC;QACjC,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAC5B,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE,CACxD,CAAC;QAEF,OAAO,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACjD,CAAC;IAED;;OAEG;IACI,QAAQ;QACb,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC;QAC/D,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED;;;OAGG;IACK,KAAK,CAAC,yBAAyB;QACrC,IAAI,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YAChE,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,aAAa,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;YACtE,OAAO,EAAE,CAAC;QACZ,CAAC;QAED,MAAM,UAAU,GAAoB,EAAE,CAAC;QACvC,IAAI,cAAc,GAAkB,IAAI,CAAC,WAAW,CAAC;QAErD,OAAO,cAAc,EAAE,CAAC;YACtB,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;gBAC3D,IAAI,CAAC,QAAQ,EAAE,CAAC;oBACd,MAAM;gBACR,CAAC;gBAED,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAe,cAAc,CAAC,CAAC;gBACtE,MAAM,aAAa,GAAG,WAAW,CAAC,QAAQ,CAAC;gBAE3C,2DAA2D;gBAC3D,wFAAwF;gBACxF,MAAM,UAAU,GAAG,IAAA,0CAAwB,GAAO,CAAC,UAAU,CAAC;gBAC9D,MAAM,eAAe,GAAG,sBAAU,GAAG,UAAU,CAAC,UAAU,CAAC;gBAC3D,MAAM,SAAS,GAAG,aAAa,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;gBAE1D,2CAA2C;gBAC3C,MAAM,YAAY,GAAG,IAAA,0CAAwB,GAAO,CAAC,YAAY,CAAC;gBAClE,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,0BAA0B,CACjE,IAAI,CAAC,YAAY,CAAC,UAAU,CAAC,YAAY,EACzC,SAAS,CACV,CAAC;gBAEF,MAAM,UAAU,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;gBAC3D,MAAM,WAAW,GAAkB,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;gBAE1D,MAAM,OAAO,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;oBAC9C,GAAG,CAAC;oBACJ,SAAS,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;iBACjC,CAAC,CAAC,CAAC;gBAEJ,UAAU,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC;gBAC5B,cAAc,GAAG,WAAW,CAAC,eAAe,CAAC;YAC/C,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM;YACR,CAAC;QACH,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED;;OAEG;IACI,cAAc,CAAC,OAAsB;QAC1C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC;QAC3B,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC;IACjC,CAAC;IAED;;OAEG;IACI,cAAc;QACnB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF;AA7ND,kCA6NC"}

package/src/lib/services/brightpass/vaultEncryption.d.ts ADDED Viewed

@@ -0,0 +1,82 @@
+/**
+ * VaultEncryption - Symmetric AES-256-GCM encryption for vault data.
+ *
+ * This module provides authenticated encryption for vault entries using
+ * AES-256-GCM, the industry standard for password managers. The vault key
+ * is derived from the vault's BIP39 seed + master password using HKDF.
+ *
+ * Security Model (Hybrid Approach - same as 1Password/Bitwarden):
+ * - Vault entries: Encrypted with symmetric AES-256-GCM (fast, efficient)
+ * - Vault key sharing: Wrapped with ECIES when sharing with other members
+ * - Master password: Never stored, used only for key derivation
+ *
+ * Format: [IV (12 bytes)][Auth Tag (16 bytes)][Ciphertext]
+ *
+ * Requirements: 2.2, 2.3, 2.4, 3.2
+ */
+/**
+ * VaultEncryption provides AES-256-GCM authenticated encryption for vault data.
+ *
+ * This is the production implementation used for encrypting vault entries.
+ * It uses:
+ * - AES-256-GCM: Authenticated encryption with associated data
+ * - 12-byte IV: Randomly generated for each encryption
+ * - 16-byte Auth Tag: Provides integrity verification
+ *
+ * The vault key must be 32 bytes (256 bits), derived from the vault's
+ * BIP39 seed and master password using HKDF-SHA256.
+ */
+export declare class VaultEncryption {
+    /** AES-256-GCM algorithm identifier */
+    private static readonly ALGORITHM;
+    /** IV length in bytes (96 bits as recommended by NIST SP 800-38D) */
+    private static readonly IV_LENGTH;
+    /** Authentication tag length in bytes (128 bits for maximum security) */
+    private static readonly AUTH_TAG_LENGTH;
+    /** Required vault key length in bytes (256 bits for AES-256) */
+    private static readonly KEY_LENGTH;
+    /**
+     * Encrypt data using AES-256-GCM.
+     *
+     * @param vaultKey - 32-byte vault key derived from BIP39 seed + master password
+     * @param plaintext - Data to encrypt
+     * @returns Encrypted data in format: [IV][Auth Tag][Ciphertext]
+     * @throws Error if vault key is not 32 bytes
+     */
+    static encrypt(vaultKey: Uint8Array, plaintext: Uint8Array): Uint8Array;
+    /**
+     * Decrypt data using AES-256-GCM.
+     *
+     * @param vaultKey - 32-byte vault key derived from BIP39 seed + master password
+     * @param ciphertext - Encrypted data in format: [IV][Auth Tag][Ciphertext]
+     * @returns Decrypted plaintext
+     * @throws Error if vault key is not 32 bytes
+     * @throws Error if ciphertext is too short
+     * @throws Error if authentication fails (data tampered)
+     */
+    static decrypt(vaultKey: Uint8Array, ciphertext: Uint8Array): Uint8Array;
+    /**
+     * Encrypt a string and return base64-encoded ciphertext.
+     *
+     * @param vaultKey - 32-byte vault key
+     * @param plaintext - String to encrypt
+     * @returns Base64-encoded encrypted data
+     */
+    static encryptString(vaultKey: Uint8Array, plaintext: string): string;
+    /**
+     * Decrypt a base64-encoded ciphertext and return the original string.
+     *
+     * @param vaultKey - 32-byte vault key
+     * @param ciphertext - Base64-encoded encrypted data
+     * @returns Decrypted string
+     */
+    static decryptString(vaultKey: Uint8Array, ciphertext: string): string;
+    /**
+     * Get the overhead size added by encryption.
+     * This is useful for capacity calculations.
+     *
+     * @returns Number of bytes added to plaintext (IV + Auth Tag = 28 bytes)
+     */
+    static getOverheadSize(): number;
+}
+//# sourceMappingURL=vaultEncryption.d.ts.map

package/src/lib/services/brightpass/vaultEncryption.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vaultEncryption.d.ts","sourceRoot":"","sources":["../../../../../../brightchain-api-lib/src/lib/services/brightpass/vaultEncryption.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAIH;;;;;;;;;;;GAWG;AACH,qBAAa,eAAe;IAC1B,uCAAuC;IACvC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAA0B;IAE3D,qEAAqE;IACrE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAM;IAEvC,yEAAyE;IACzE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAM;IAE7C,gEAAgE;IAChE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAM;IAExC;;;;;;;OAOG;WACW,OAAO,CACnB,QAAQ,EAAE,UAAU,EACpB,SAAS,EAAE,UAAU,GACpB,UAAU;IA0Cb;;;;;;;;;OASG;WACW,OAAO,CACnB,QAAQ,EAAE,UAAU,EACpB,UAAU,EAAE,UAAU,GACrB,UAAU;IA4Cb;;;;;;OAMG;WACW,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM;IAS5E;;;;;;OAMG;WACW,aAAa,CACzB,QAAQ,EAAE,UAAU,EACpB,UAAU,EAAE,MAAM,GACjB,MAAM;IAOT;;;;;OAKG;WACW,eAAe,IAAI,MAAM;CAGxC"}

package/src/lib/services/brightpass/vaultEncryption.js ADDED Viewed

@@ -0,0 +1,144 @@
+"use strict";
+/**
+ * VaultEncryption - Symmetric AES-256-GCM encryption for vault data.
+ *
+ * This module provides authenticated encryption for vault entries using
+ * AES-256-GCM, the industry standard for password managers. The vault key
+ * is derived from the vault's BIP39 seed + master password using HKDF.
+ *
+ * Security Model (Hybrid Approach - same as 1Password/Bitwarden):
+ * - Vault entries: Encrypted with symmetric AES-256-GCM (fast, efficient)
+ * - Vault key sharing: Wrapped with ECIES when sharing with other members
+ * - Master password: Never stored, used only for key derivation
+ *
+ * Format: [IV (12 bytes)][Auth Tag (16 bytes)][Ciphertext]
+ *
+ * Requirements: 2.2, 2.3, 2.4, 3.2
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VaultEncryption = void 0;
+const tslib_1 = require("tslib");
+const crypto = tslib_1.__importStar(require("crypto"));
+/**
+ * VaultEncryption provides AES-256-GCM authenticated encryption for vault data.
+ *
+ * This is the production implementation used for encrypting vault entries.
+ * It uses:
+ * - AES-256-GCM: Authenticated encryption with associated data
+ * - 12-byte IV: Randomly generated for each encryption
+ * - 16-byte Auth Tag: Provides integrity verification
+ *
+ * The vault key must be 32 bytes (256 bits), derived from the vault's
+ * BIP39 seed and master password using HKDF-SHA256.
+ */
+class VaultEncryption {
+    /**
+     * Encrypt data using AES-256-GCM.
+     *
+     * @param vaultKey - 32-byte vault key derived from BIP39 seed + master password
+     * @param plaintext - Data to encrypt
+     * @returns Encrypted data in format: [IV][Auth Tag][Ciphertext]
+     * @throws Error if vault key is not 32 bytes
+     */
+    static encrypt(vaultKey, plaintext) {
+        if (vaultKey.length !== VaultEncryption.KEY_LENGTH) {
+            throw new Error(`Vault key must be ${VaultEncryption.KEY_LENGTH} bytes for AES-256, got ${vaultKey.length}`);
+        }
+        // Generate cryptographically secure random IV
+        const iv = crypto.randomBytes(VaultEncryption.IV_LENGTH);
+        // Create cipher with AES-256-GCM
+        const cipher = crypto.createCipheriv(VaultEncryption.ALGORITHM, Buffer.from(vaultKey), iv);
+        // Encrypt the plaintext
+        const encrypted = Buffer.concat([
+            cipher.update(Buffer.from(plaintext)),
+            cipher.final(),
+        ]);
+        // Get the authentication tag
+        const authTag = cipher.getAuthTag();
+        // Combine: [IV (12)][Auth Tag (16)][Ciphertext]
+        const result = new Uint8Array(VaultEncryption.IV_LENGTH +
+            VaultEncryption.AUTH_TAG_LENGTH +
+            encrypted.length);
+        result.set(iv, 0);
+        result.set(authTag, VaultEncryption.IV_LENGTH);
+        result.set(encrypted, VaultEncryption.IV_LENGTH + VaultEncryption.AUTH_TAG_LENGTH);
+        return result;
+    }
+    /**
+     * Decrypt data using AES-256-GCM.
+     *
+     * @param vaultKey - 32-byte vault key derived from BIP39 seed + master password
+     * @param ciphertext - Encrypted data in format: [IV][Auth Tag][Ciphertext]
+     * @returns Decrypted plaintext
+     * @throws Error if vault key is not 32 bytes
+     * @throws Error if ciphertext is too short
+     * @throws Error if authentication fails (data tampered)
+     */
+    static decrypt(vaultKey, ciphertext) {
+        if (vaultKey.length !== VaultEncryption.KEY_LENGTH) {
+            throw new Error(`Vault key must be ${VaultEncryption.KEY_LENGTH} bytes for AES-256, got ${vaultKey.length}`);
+        }
+        const minLength = VaultEncryption.IV_LENGTH + VaultEncryption.AUTH_TAG_LENGTH;
+        if (ciphertext.length < minLength) {
+            throw new Error(`Ciphertext too short: expected at least ${minLength} bytes, got ${ciphertext.length}`);
+        }
+        // Extract components: [IV (12)][Auth Tag (16)][Ciphertext]
+        const iv = ciphertext.slice(0, VaultEncryption.IV_LENGTH);
+        const authTag = ciphertext.slice(VaultEncryption.IV_LENGTH, VaultEncryption.IV_LENGTH + VaultEncryption.AUTH_TAG_LENGTH);
+        const encrypted = ciphertext.slice(VaultEncryption.IV_LENGTH + VaultEncryption.AUTH_TAG_LENGTH);
+        // Create decipher with AES-256-GCM
+        const decipher = crypto.createDecipheriv(VaultEncryption.ALGORITHM, Buffer.from(vaultKey), Buffer.from(iv));
+        // Set the authentication tag for verification
+        decipher.setAuthTag(Buffer.from(authTag));
+        // Decrypt and verify authentication
+        const decrypted = Buffer.concat([
+            decipher.update(Buffer.from(encrypted)),
+            decipher.final(), // Throws if auth tag verification fails
+        ]);
+        return new Uint8Array(decrypted);
+    }
+    /**
+     * Encrypt a string and return base64-encoded ciphertext.
+     *
+     * @param vaultKey - 32-byte vault key
+     * @param plaintext - String to encrypt
+     * @returns Base64-encoded encrypted data
+     */
+    static encryptString(vaultKey, plaintext) {
+        const encoder = new TextEncoder();
+        const encrypted = VaultEncryption.encrypt(vaultKey, encoder.encode(plaintext));
+        return Buffer.from(encrypted).toString('base64');
+    }
+    /**
+     * Decrypt a base64-encoded ciphertext and return the original string.
+     *
+     * @param vaultKey - 32-byte vault key
+     * @param ciphertext - Base64-encoded encrypted data
+     * @returns Decrypted string
+     */
+    static decryptString(vaultKey, ciphertext) {
+        const encrypted = new Uint8Array(Buffer.from(ciphertext, 'base64'));
+        const decrypted = VaultEncryption.decrypt(vaultKey, encrypted);
+        const decoder = new TextDecoder();
+        return decoder.decode(decrypted);
+    }
+    /**
+     * Get the overhead size added by encryption.
+     * This is useful for capacity calculations.
+     *
+     * @returns Number of bytes added to plaintext (IV + Auth Tag = 28 bytes)
+     */
+    static getOverheadSize() {
+        return VaultEncryption.IV_LENGTH + VaultEncryption.AUTH_TAG_LENGTH;
+    }
+}
+exports.VaultEncryption = VaultEncryption;
+/** AES-256-GCM algorithm identifier */
+VaultEncryption.ALGORITHM = 'aes-256-gcm';
+/** IV length in bytes (96 bits as recommended by NIST SP 800-38D) */
+VaultEncryption.IV_LENGTH = 12;
+/** Authentication tag length in bytes (128 bits for maximum security) */
+VaultEncryption.AUTH_TAG_LENGTH = 16;
+/** Required vault key length in bytes (256 bits for AES-256) */
+VaultEncryption.KEY_LENGTH = 32;
+//# sourceMappingURL=vaultEncryption.js.map

package/src/lib/services/brightpass/vaultEncryption.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"vaultEncryption.js","sourceRoot":"","sources":["../../../../../../brightchain-api-lib/src/lib/services/brightpass/vaultEncryption.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;AAEH,uDAAiC;AAEjC;;;;;;;;;;;GAWG;AACH,MAAa,eAAe;IAa1B;;;;;;;OAOG;IACI,MAAM,CAAC,OAAO,CACnB,QAAoB,EACpB,SAAqB;QAErB,IAAI,QAAQ,CAAC,MAAM,KAAK,eAAe,CAAC,UAAU,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,qBAAqB,eAAe,CAAC,UAAU,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAC5F,CAAC;QACJ,CAAC;QAED,8CAA8C;QAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QAEzD,iCAAiC;QACjC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAClC,eAAe,CAAC,SAAS,EACzB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EACrB,EAAE,CACH,CAAC;QAEF,wBAAwB;QACxB,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;YAC9B,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACrC,MAAM,CAAC,KAAK,EAAE;SACf,CAAC,CAAC;QAEH,6BAA6B;QAC7B,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,gDAAgD;QAChD,MAAM,MAAM,GAAG,IAAI,UAAU,CAC3B,eAAe,CAAC,SAAS;YACvB,eAAe,CAAC,eAAe;YAC/B,SAAS,CAAC,MAAM,CACnB,CAAC;QACF,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QAClB,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;QAC/C,MAAM,CAAC,GAAG,CACR,SAAS,EACT,eAAe,CAAC,SAAS,GAAG,eAAe,CAAC,eAAe,CAC5D,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;;OASG;IACI,MAAM,CAAC,OAAO,CACnB,QAAoB,EACpB,UAAsB;QAEtB,IAAI,QAAQ,CAAC,MAAM,KAAK,eAAe,CAAC,UAAU,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CACb,qBAAqB,eAAe,CAAC,UAAU,2BAA2B,QAAQ,CAAC,MAAM,EAAE,CAC5F,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GACb,eAAe,CAAC,SAAS,GAAG,eAAe,CAAC,eAAe,CAAC;QAC9D,IAAI,UAAU,CAAC,MAAM,GAAG,SAAS,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,2CAA2C,SAAS,eAAe,UAAU,CAAC,MAAM,EAAE,CACvF,CAAC;QACJ,CAAC;QAED,2DAA2D;QAC3D,MAAM,EAAE,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,UAAU,CAAC,KAAK,CAC9B,eAAe,CAAC,SAAS,EACzB,eAAe,CAAC,SAAS,GAAG,eAAe,CAAC,eAAe,CAC5D,CAAC;QACF,MAAM,SAAS,GAAG,UAAU,CAAC,KAAK,CAChC,eAAe,CAAC,SAAS,GAAG,eAAe,CAAC,eAAe,CAC5D,CAAC;QAEF,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CACtC,eAAe,CAAC,SAAS,EACzB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EACrB,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAChB,CAAC;QAEF,8CAA8C;QAC9C,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;QAE1C,oCAAoC;QACpC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC;YAC9B,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvC,QAAQ,CAAC,KAAK,EAAE,EAAE,wCAAwC;SAC3D,CAAC,CAAC;QAEH,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,aAAa,CAAC,QAAoB,EAAE,SAAiB;QACjE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CACvC,QAAQ,EACR,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAC1B,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACnD,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,aAAa,CACzB,QAAoB,EACpB,UAAkB;QAElB,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpE,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;QAClC,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,eAAe;QAC3B,OAAO,eAAe,CAAC,SAAS,GAAG,eAAe,CAAC,eAAe,CAAC;IACrE,CAAC;;AApKH,0CAqKC;AApKC,uCAAuC;AACf,yBAAS,GAAG,aAAsB,CAAC;AAE3D,qEAAqE;AAC7C,yBAAS,GAAG,EAAE,CAAC;AAEvC,yEAAyE;AACjD,+BAAe,GAAG,EAAE,CAAC;AAE7C,gEAAgE;AACxC,0BAAU,GAAG,EAAE,CAAC"}