@brightchain/brightchain-api-lib 0.18.2 → 0.21.0

package/src/lib/services/cliOperatorPrompt.js

@@ -0,0 +1,177 @@
+"use strict";
+/**
+ * CLIOperatorPrompt — Node.js readline-based implementation of IOperatorPrompt.
+ *
+ * Presents quorum proposals to the node operator via the terminal and collects
+ * vote decisions with password authentication on approve votes.
+ *
+ * Tracks failed authentication attempts per proposal and locks voting after
+ * a configurable number of consecutive failures for a cooldown period.
+ *
+ * This is a Node.js-specific service that lives in brightchain-api-lib.
+ *
+ * @see Requirements 6
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLIOperatorPrompt = void 0;
+const tslib_1 = require("tslib");
+const readline = tslib_1.__importStar(require("readline"));
+// ─── Default Config ─────────────────────────────────────────────────────────
+const DEFAULT_CONFIG = {
+    maxAttempts: 3,
+    cooldownMs: 300000, // 5 minutes
+};
+// ─── Implementation ─────────────────────────────────────────────────────────
+/**
+ * CLI-based operator prompt for quorum voting.
+ *
+ * Uses Node.js readline to interact with the operator via stdin/stdout.
+ * Tracks failed authentication attempts per proposal and enforces lockout
+ * after the configured maximum failures.
+ */
+class CLIOperatorPrompt {
+    constructor(config, rlFactory, output) {
+        this.lockoutMap = new Map();
+        this.config = { ...DEFAULT_CONFIG, ...config };
+        this.output = output ?? process.stdout;
+        this.rlFactory =
+            rlFactory ??
+                (() => readline.createInterface({
+                    input: process.stdin,
+                    output: this.output,
+                }));
+    }
+    /**
+     * Check if the voting interface is locked for a given proposal.
+     * Returns true if the operator has exceeded the maximum failed attempts
+     * and the cooldown period has not yet elapsed.
+     */
+    isLocked(proposalId) {
+        const state = this.lockoutMap.get(proposalId);
+        if (!state || state.lockedAt === null) {
+            return false;
+        }
+        const elapsed = Date.now() - state.lockedAt;
+        if (elapsed >= this.config.cooldownMs) {
+            // Cooldown expired — reset lockout state
+            state.failedAttempts = 0;
+            state.lockedAt = null;
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Present a proposal to the operator and collect their vote.
+     * Displays proposal details, collects a vote decision, and on approve
+     * requires password authentication.
+     *
+     * @throws Error if the proposal is currently locked due to failed attempts
+     */
+    async promptForVote(proposal) {
+        if (this.isLocked(proposal.proposalId)) {
+            throw new Error(`Voting is locked for proposal ${proposal.proposalId}. Please wait for the cooldown period to expire.`);
+        }
+        const rl = this.rlFactory();
+        try {
+            this.displayProposal(proposal);
+            const decision = await this.collectDecision(rl);
+            if (decision === 'reject') {
+                return { decision: 'reject' };
+            }
+            // Approve path — collect password
+            const password = await this.collectPassword(rl);
+            if (!password) {
+                this.recordFailedAttempt(proposal.proposalId);
+                throw new Error('Authentication failed: empty password provided.');
+            }
+            // Reset failed attempts on successful authentication
+            this.resetAttempts(proposal.proposalId);
+            return { decision: 'approve', password };
+        }
+        finally {
+            rl.close();
+        }
+    }
+    // ─── Private Helpers ────────────────────────────────────────────────────
+    /**
+     * Display proposal details to the operator via the readline output.
+     */
+    displayProposal(proposal) {
+        this.output.write('\n══════════════════════════════════════════════════\n');
+        this.output.write('  QUORUM PROPOSAL — VOTE REQUIRED\n');
+        this.output.write('══════════════════════════════════════════════════\n\n');
+        this.output.write(`  Proposal ID:  ${proposal.proposalId}\n`);
+        this.output.write(`  Description:  ${proposal.description}\n`);
+        this.output.write(`  Action Type:  ${proposal.actionType}\n`);
+        this.output.write(`  Action Payload: ${JSON.stringify(proposal.actionPayload, null, 2)}\n`);
+        this.output.write(`  Proposer:     ${proposal.proposerMemberId}\n`);
+        this.output.write(`  Expires At:   ${proposal.expiresAt.toISOString()}\n`);
+        if (proposal.attachmentCblId) {
+            this.output.write(`  Attachment:   CBL ${proposal.attachmentCblId}\n`);
+        }
+        if (proposal.attachmentContent) {
+            this.output.write(`  Attachment Size: ${proposal.attachmentContent.byteLength} bytes\n`);
+        }
+        this.output.write('\n──────────────────────────────────────────────────\n');
+    }
+    /**
+     * Prompt the operator for their vote decision (approve or reject).
+     */
+    collectDecision(rl) {
+        return new Promise((resolve) => {
+            const ask = () => {
+                rl.question('  Enter your vote (approve/reject): ', (answer) => {
+                    const normalized = answer.trim().toLowerCase();
+                    if (normalized === 'approve' || normalized === 'reject') {
+                        resolve(normalized);
+                    }
+                    else {
+                        this.output.write('  Invalid input. Please enter "approve" or "reject".\n');
+                        ask();
+                    }
+                });
+            };
+            ask();
+        });
+    }
+    /**
+     * Prompt the operator for their password to authenticate the approve vote.
+     */
+    collectPassword(rl) {
+        return new Promise((resolve) => {
+            rl.question('  Enter your password to authenticate: ', (answer) => {
+                resolve(answer);
+            });
+        });
+    }
+    /**
+     * Record a failed authentication attempt for a proposal.
+     * If the maximum attempts are reached, trigger lockout.
+     */
+    recordFailedAttempt(proposalId) {
+        let state = this.lockoutMap.get(proposalId);
+        if (!state) {
+            state = { failedAttempts: 0, lockedAt: null };
+            this.lockoutMap.set(proposalId, state);
+        }
+        state.failedAttempts += 1;
+        if (state.failedAttempts >= this.config.maxAttempts) {
+            state.lockedAt = Date.now();
+        }
+    }
+    /**
+     * Record a failed attempt externally (for use when authentication
+     * is validated outside this class, e.g., by the QuorumStateMachine).
+     */
+    recordAuthFailure(proposalId) {
+        this.recordFailedAttempt(proposalId);
+    }
+    /**
+     * Reset failed attempts for a proposal (on successful authentication).
+     */
+    resetAttempts(proposalId) {
+        this.lockoutMap.delete(proposalId);
+    }
+}
+exports.CLIOperatorPrompt = CLIOperatorPrompt;
+//# sourceMappingURL=cliOperatorPrompt.js.map

package/src/lib/services/cliOperatorPrompt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cliOperatorPrompt.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/services/cliOperatorPrompt.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;AAQH,2DAAqC;AAyBrC,+EAA+E;AAE/E,MAAM,cAAc,GAA4B;IAC9C,WAAW,EAAE,CAAC;IACd,UAAU,EAAE,MAAO,EAAE,YAAY;CAClC,CAAC;AAEF,+EAA+E;AAE/E;;;;;;GAMG;AACH,MAAa,iBAAiB;IAM5B,YACE,MAAyC,EACzC,SAAoC,EACpC,MAAiB;QAPF,eAAU,GAAoC,IAAI,GAAG,EAAE,CAAC;QASvE,IAAI,CAAC,MAAM,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,MAAM,EAAE,CAAC;QAC/C,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;QACvC,IAAI,CAAC,SAAS;YACZ,SAAS;gBACT,CAAC,GAAG,EAAE,CACJ,QAAQ,CAAC,eAAe,CAAC;oBACvB,KAAK,EAAE,OAAO,CAAC,KAAK;oBACpB,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB,CAAC,CAAC,CAAC;IACV,CAAC;IAED;;;;OAIG;IACH,QAAQ,CAAC,UAAwB;QAC/B,MAAM,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC9C,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE,CAAC;YACtC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC;QAC5C,IAAI,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACtC,yCAAyC;YACzC,KAAK,CAAC,cAAc,GAAG,CAAC,CAAC;YACzB,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC;YACtB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,aAAa,CAAC,QAAyB;QAC3C,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;YACvC,MAAM,IAAI,KAAK,CACb,iCAAiC,QAAQ,CAAC,UAAU,kDAAkD,CACvG,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAE5B,IAAI,CAAC;YACH,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;YAE/B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;YAEhD,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC1B,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC;YAChC,CAAC;YAED,kCAAkC;YAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;YAEhD,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;gBAC9C,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YAED,qDAAqD;YACrD,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YAExC,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;QAC3C,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,KAAK,EAAE,CAAC;QACb,CAAC;IACH,CAAC;IAED,2EAA2E;IAE3E;;OAEG;IACK,eAAe,CAAC,QAAyB;QAC/C,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QAC5E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,QAAQ,CAAC,WAAW,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,QAAQ,CAAC,UAAU,IAAI,CAAC,CAAC;QAC9D,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qBAAqB,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,CACzE,CAAC;QACF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,QAAQ,CAAC,gBAAgB,IAAI,CAAC,CAAC;QACpE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,QAAQ,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;QAE3E,IAAI,QAAQ,CAAC,eAAe,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,QAAQ,CAAC,eAAe,IAAI,CAAC,CAAC;QACzE,CAAC;QACD,IAAI,QAAQ,CAAC,iBAAiB,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,sBAAsB,QAAQ,CAAC,iBAAiB,CAAC,UAAU,UAAU,CACtE,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC9E,CAAC;IAED;;OAEG;IACK,eAAe,CACrB,EAAsB;QAEtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,GAAG,GAAG,GAAS,EAAE;gBACrB,EAAE,CAAC,QAAQ,CACT,sCAAsC,EACtC,CAAC,MAAc,EAAE,EAAE;oBACjB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;oBAC/C,IAAI,UAAU,KAAK,SAAS,IAAI,UAAU,KAAK,QAAQ,EAAE,CAAC;wBACxD,OAAO,CAAC,UAAU,CAAC,CAAC;oBACtB,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,wDAAwD,CACzD,CAAC;wBACF,GAAG,EAAE,CAAC;oBACR,CAAC;gBACH,CAAC,CACF,CAAC;YACJ,CAAC,CAAC;YACF,GAAG,EAAE,CAAC;QACR,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,EAAsB;QAC5C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,EAAE,CAAC,QAAQ,CACT,yCAAyC,EACzC,CAAC,MAAc,EAAE,EAAE;gBACjB,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC,CACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,mBAAmB,CAAC,UAAwB;QAClD,IAAI,KAAK,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC5C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,cAAc,EAAE,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAC9C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACzC,CAAC;QACD,KAAK,CAAC,cAAc,IAAI,CAAC,CAAC;QAC1B,IAAI,KAAK,CAAC,cAAc,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YACpD,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC9B,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,iBAAiB,CAAC,UAAwB;QACxC,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACK,aAAa,CAAC,UAAwB;QAC5C,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;CACF;AAzLD,8CAyLC"}

package/src/lib/services/contentAwareBlocksService.d.ts

@@ -0,0 +1,92 @@
+/**
+ * @fileoverview ContentAwareBlocksService — wraps BlocksService with identity
+ * validation and sealing via ContentIngestionService.
+ *
+ * Content is only accepted into the block store after:
+ * 1. Identity validation passes (signature, alias, membership proof, ban check)
+ * 2. Identity sealing completes (shard generation, distribution, identity replacement)
+ *
+ * @see Requirements 16
+ * @see Design: Content Ingestion Pipeline Integration (Task 19.2)
+ */
+import { BlockStoreOptions, BrightenResult, ContentIngestionResult, ContentWithIdentity, IBlockMetadata, IContentIngestionService, IdentityValidationError, QuorumError } from '@brightchain/brightchain-lib';
+import { Member, PlatformID } from '@digitaldefiance/ecies-lib';
+import { DefaultBackendIdType } from '../shared-types';
+import { BlocksService } from './blocks';
+/**
+ * Result of storing a block with identity validation and sealing.
+ */
+export interface ContentAwareStoreResult<TID extends PlatformID = Uint8Array> {
+    /** Block store result */
+    blockId: string;
+    metadata?: IBlockMetadata;
+    /** Identity ingestion result */
+    ingestion: ContentIngestionResult<TID>;
+}
+/**
+ * ContentAwareBlocksService wraps BlocksService with identity validation
+ * and sealing. Content is only stored after successful validation and
+ * shard distribution.
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+export declare class ContentAwareBlocksService<TID extends PlatformID = DefaultBackendIdType> {
+    private readonly blocksService;
+    private readonly contentIngestionService;
+    constructor(blocksService: BlocksService<TID>, contentIngestionService: IContentIngestionService<TID>);
+    /**
+     * Store a block with identity validation and sealing.
+     *
+     * Flow:
+     * 1. Validate and seal identity via ContentIngestionService
+     * 2. Store the block via BlocksService (only if step 1 succeeds)
+     * 3. Return combined result
+     *
+     * @param dataBuffer - The raw block data
+     * @param member - The authenticated member
+     * @param content - The content identity metadata for validation/sealing
+     * @param canRead - Whether the block can be read
+     * @param canPersist - Whether the block can be persisted
+     * @param options - Block store options
+     * @returns Combined block store and ingestion result
+     * @throws IdentityValidationError if identity validation fails
+     * @throws QuorumError if identity sealing fails
+     */
+    storeBlockWithIdentity(dataBuffer: Buffer, member: Member, content: ContentWithIdentity<TID>, canRead?: boolean, canPersist?: boolean, options?: BlockStoreOptions): Promise<ContentAwareStoreResult<TID>>;
+    /**
+     * Store a block without identity validation (passthrough to BlocksService).
+     * Use this for system-internal blocks that don't carry user identity.
+     */
+    storeBlock(dataBuffer: Buffer, member: Member, canRead?: boolean, canPersist?: boolean, options?: BlockStoreOptions): Promise<{
+        blockId: string;
+        metadata?: IBlockMetadata;
+    }>;
+    /**
+     * Get a block by ID (passthrough to BlocksService).
+     */
+    getBlock(blockId: string): Promise<{
+        data: Buffer;
+        metadata?: IBlockMetadata;
+    }>;
+    /**
+     * Get block metadata (passthrough to BlocksService).
+     */
+    getBlockMetadata(blockId: string): Promise<IBlockMetadata | null>;
+    /**
+     * Delete a block (passthrough to BlocksService).
+     */
+    deleteBlock(blockId: string): Promise<void>;
+    /**
+     * Brighten a block (passthrough to BlocksService).
+     */
+    brightenBlock(blockId: string, randomBlockCount: number): Promise<BrightenResult>;
+    /**
+     * Create a rejection from an IdentityValidationError.
+     */
+    static createRejection(error: IdentityValidationError): import("@brightchain/brightchain-lib").ContentIngestionRejection;
+    /**
+     * Create a rejection from a QuorumError.
+     */
+    static createSealingRejection(error: QuorumError): import("@brightchain/brightchain-lib").ContentIngestionRejection;
+}
+//# sourceMappingURL=contentAwareBlocksService.d.ts.map

package/src/lib/services/contentAwareBlocksService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentAwareBlocksService.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/services/contentAwareBlocksService.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,sBAAsB,EACtB,mBAAmB,EACnB,cAAc,EACd,wBAAwB,EACxB,uBAAuB,EACvB,WAAW,EACZ,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC;;GAEG;AACH,MAAM,WAAW,uBAAuB,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAC1E,yBAAyB;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,gCAAgC;IAChC,SAAS,EAAE,sBAAsB,CAAC,GAAG,CAAC,CAAC;CACxC;AAED;;;;;;GAMG;AACH,qBAAa,yBAAyB,CACpC,GAAG,SAAS,UAAU,GAAG,oBAAoB;IAG3C,OAAO,CAAC,QAAQ,CAAC,aAAa;IAC9B,OAAO,CAAC,QAAQ,CAAC,uBAAuB;gBADvB,aAAa,EAAE,aAAa,CAAC,GAAG,CAAC,EACjC,uBAAuB,EAAE,wBAAwB,CAAC,GAAG,CAAC;IAGzE;;;;;;;;;;;;;;;;;OAiBG;IACG,sBAAsB,CAC1B,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,mBAAmB,CAAC,GAAG,CAAC,EACjC,OAAO,UAAO,EACd,UAAU,UAAO,EACjB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAqBxC;;;OAGG;IACG,UAAU,CACd,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,EACd,OAAO,UAAO,EACd,UAAU,UAAO,EACjB,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,cAAc,CAAA;KAAE,CAAC;IAU1D;;OAEG;IACG,QAAQ,CACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,cAAc,CAAA;KAAE,CAAC;IAIvD;;OAEG;IACG,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAIvE;;OAEG;IACG,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjD;;OAEG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAAC,cAAc,CAAC;IAI1B;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,KAAK,EAAE,uBAAuB;IAIrD;;OAEG;IACH,MAAM,CAAC,sBAAsB,CAAC,KAAK,EAAE,WAAW;CAGjD"}

package/src/lib/services/contentAwareBlocksService.js

@@ -0,0 +1,102 @@
+"use strict";
+/**
+ * @fileoverview ContentAwareBlocksService — wraps BlocksService with identity
+ * validation and sealing via ContentIngestionService.
+ *
+ * Content is only accepted into the block store after:
+ * 1. Identity validation passes (signature, alias, membership proof, ban check)
+ * 2. Identity sealing completes (shard generation, distribution, identity replacement)
+ *
+ * @see Requirements 16
+ * @see Design: Content Ingestion Pipeline Integration (Task 19.2)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContentAwareBlocksService = void 0;
+const contentIngestionService_1 = require("./contentIngestionService");
+/**
+ * ContentAwareBlocksService wraps BlocksService with identity validation
+ * and sealing. Content is only stored after successful validation and
+ * shard distribution.
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+class ContentAwareBlocksService {
+    constructor(blocksService, contentIngestionService) {
+        this.blocksService = blocksService;
+        this.contentIngestionService = contentIngestionService;
+    }
+    /**
+     * Store a block with identity validation and sealing.
+     *
+     * Flow:
+     * 1. Validate and seal identity via ContentIngestionService
+     * 2. Store the block via BlocksService (only if step 1 succeeds)
+     * 3. Return combined result
+     *
+     * @param dataBuffer - The raw block data
+     * @param member - The authenticated member
+     * @param content - The content identity metadata for validation/sealing
+     * @param canRead - Whether the block can be read
+     * @param canPersist - Whether the block can be persisted
+     * @param options - Block store options
+     * @returns Combined block store and ingestion result
+     * @throws IdentityValidationError if identity validation fails
+     * @throws QuorumError if identity sealing fails
+     */
+    async storeBlockWithIdentity(dataBuffer, member, content, canRead = true, canPersist = true, options) {
+        // Step 1: Validate and seal identity — block store write is gated on this
+        const ingestionResult = await this.contentIngestionService.processContent(content);
+        // Step 2: Store the block only after successful validation and sealing
+        const storeResult = await this.blocksService.storeBlock(dataBuffer, member, canRead, canPersist, options);
+        return {
+            blockId: storeResult.blockId,
+            metadata: storeResult.metadata,
+            ingestion: ingestionResult,
+        };
+    }
+    /**
+     * Store a block without identity validation (passthrough to BlocksService).
+     * Use this for system-internal blocks that don't carry user identity.
+     */
+    async storeBlock(dataBuffer, member, canRead = true, canPersist = true, options) {
+        return this.blocksService.storeBlock(dataBuffer, member, canRead, canPersist, options);
+    }
+    /**
+     * Get a block by ID (passthrough to BlocksService).
+     */
+    async getBlock(blockId) {
+        return this.blocksService.getBlock(blockId);
+    }
+    /**
+     * Get block metadata (passthrough to BlocksService).
+     */
+    async getBlockMetadata(blockId) {
+        return this.blocksService.getBlockMetadata(blockId);
+    }
+    /**
+     * Delete a block (passthrough to BlocksService).
+     */
+    async deleteBlock(blockId) {
+        return this.blocksService.deleteBlock(blockId);
+    }
+    /**
+     * Brighten a block (passthrough to BlocksService).
+     */
+    async brightenBlock(blockId, randomBlockCount) {
+        return this.blocksService.brightenBlock(blockId, randomBlockCount);
+    }
+    /**
+     * Create a rejection from an IdentityValidationError.
+     */
+    static createRejection(error) {
+        return contentIngestionService_1.ContentIngestionService.createRejection(error);
+    }
+    /**
+     * Create a rejection from a QuorumError.
+     */
+    static createSealingRejection(error) {
+        return contentIngestionService_1.ContentIngestionService.createSealingRejection(error);
+    }
+}
+exports.ContentAwareBlocksService = ContentAwareBlocksService;
+//# sourceMappingURL=contentAwareBlocksService.js.map

package/src/lib/services/contentAwareBlocksService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentAwareBlocksService.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/services/contentAwareBlocksService.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAeH,uEAAoE;AAapE;;;;;;GAMG;AACH,MAAa,yBAAyB;IAGpC,YACmB,aAAiC,EACjC,uBAAsD;QADtD,kBAAa,GAAb,aAAa,CAAoB;QACjC,4BAAuB,GAAvB,uBAAuB,CAA+B;IACtE,CAAC;IAEJ;;;;;;;;;;;;;;;;;OAiBG;IACH,KAAK,CAAC,sBAAsB,CAC1B,UAAkB,EAClB,MAAc,EACd,OAAiC,EACjC,OAAO,GAAG,IAAI,EACd,UAAU,GAAG,IAAI,EACjB,OAA2B;QAE3B,0EAA0E;QAC1E,MAAM,eAAe,GACnB,MAAM,IAAI,CAAC,uBAAuB,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAE7D,uEAAuE;QACvE,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,UAAU,CACrD,UAAU,EACV,MAAM,EACN,OAAO,EACP,UAAU,EACV,OAAO,CACR,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,WAAW,CAAC,OAAO;YAC5B,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,SAAS,EAAE,eAAe;SAC3B,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CACd,UAAkB,EAClB,MAAc,EACd,OAAO,GAAG,IAAI,EACd,UAAU,GAAG,IAAI,EACjB,OAA2B;QAE3B,OAAO,IAAI,CAAC,aAAa,CAAC,UAAU,CAClC,UAAU,EACV,MAAM,EACN,OAAO,EACP,UAAU,EACV,OAAO,CACR,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CACZ,OAAe;QAEf,OAAO,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,gBAAgB,CAAC,OAAe;QACpC,OAAO,IAAI,CAAC,aAAa,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,OAAe;QAC/B,OAAO,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CACjB,OAAe,EACf,gBAAwB;QAExB,OAAO,IAAI,CAAC,aAAa,CAAC,aAAa,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,eAAe,CAAC,KAA8B;QACnD,OAAO,iDAAuB,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IACxD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,sBAAsB,CAAC,KAAkB;QAC9C,OAAO,iDAAuB,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;IAC/D,CAAC;CACF;AAxHD,8DAwHC"}

package/src/lib/services/contentIngestionService.d.ts

@@ -0,0 +1,68 @@
+/**
+ * @fileoverview ContentIngestionService — wires identity validation and sealing
+ * into the content ingestion path.
+ *
+ * Before content is accepted into the block store, this service:
+ * 1. Validates the content identity via IdentityValidator
+ * 2. Seals the identity via IdentitySealingPipeline (generates shards, replaces identity)
+ * 3. Returns the processed content ready for block store acceptance
+ *
+ * @see Requirements 16
+ * @see Design: Content Ingestion Pipeline Integration (Task 19)
+ */
+import { ContentIngestionRejection, ContentIngestionResult, ContentWithIdentity, IContentIngestionService, IdentityValidationError, IIdentitySealingPipeline, IIdentityValidator, QuorumError } from '@brightchain/brightchain-lib';
+import { PlatformID } from '@digitaldefiance/ecies-lib';
+/**
+ * ContentIngestionService orchestrates identity validation and sealing
+ * before content is accepted into the block store.
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+export declare class ContentIngestionService<TID extends PlatformID = Uint8Array> implements IContentIngestionService<TID> {
+    private readonly identityValidator;
+    private readonly identitySealingPipeline;
+    constructor(identityValidator: IIdentityValidator<TID>, identitySealingPipeline: IIdentitySealingPipeline<TID>);
+    /**
+     * Process content through identity validation and sealing.
+     *
+     * Steps:
+     * 1. Validate identity (signature, alias status, membership proof, ban/suspend check)
+     * 2. Seal identity (generate shards, replace identity field, distribute encrypted shards)
+     * 3. Return processed content with recovery record ID
+     *
+     * @param content - The content with identity to validate and seal
+     * @returns Ingestion result with processed content
+     * @throws IdentityValidationError with specific error type on validation failure
+     * @throws QuorumError with IdentitySealingFailed on sealing failure
+     */
+    processContent(content: ContentWithIdentity<TID>): Promise<ContentIngestionResult<TID>>;
+    /**
+     * Resolve the alias name from content's identity recovery record.
+     * The IdentityValidator already confirmed the alias exists and is active,
+     * so the sealing pipeline handles alias lookup internally.
+     */
+    private resolveAliasName;
+    /**
+     * Create a rejection result from an IdentityValidationError.
+     *
+     * @param error - The validation error
+     * @returns A structured rejection result
+     */
+    static createRejection(error: IdentityValidationError): ContentIngestionRejection;
+    /**
+     * Create a rejection result from a QuorumError (sealing failure).
+     *
+     * @param error - The quorum error
+     * @returns A structured rejection result
+     */
+    static createSealingRejection(error: QuorumError): ContentIngestionRejection;
+    /**
+     * Determine if an error is an IdentityValidationError.
+     */
+    static isValidationError(error: unknown): error is IdentityValidationError;
+    /**
+     * Determine if an error is a QuorumError.
+     */
+    static isQuorumError(error: unknown): error is QuorumError;
+}
+//# sourceMappingURL=contentIngestionService.d.ts.map

package/src/lib/services/contentIngestionService.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentIngestionService.d.ts","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/services/contentIngestionService.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,yBAAyB,EACzB,sBAAsB,EACtB,mBAAmB,EACnB,wBAAwB,EAExB,uBAAuB,EAEvB,wBAAwB,EACxB,kBAAkB,EAClB,WAAW,EAEZ,MAAM,8BAA8B,CAAC;AACtC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAwBxD;;;;;GAKG;AACH,qBAAa,uBAAuB,CAClC,GAAG,SAAS,UAAU,GAAG,UAAU,CACnC,YAAW,wBAAwB,CAAC,GAAG,CAAC;IAEtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,uBAAuB;gBADvB,iBAAiB,EAAE,kBAAkB,CAAC,GAAG,CAAC,EAC1C,uBAAuB,EAAE,wBAAwB,CAAC,GAAG,CAAC;IAGzE;;;;;;;;;;;;OAYG;IACG,cAAc,CAClB,OAAO,EAAE,mBAAmB,CAAC,GAAG,CAAC,GAChC,OAAO,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC;IA2BvC;;;;OAIG;YACW,gBAAgB;IAS9B;;;;;OAKG;IACH,MAAM,CAAC,eAAe,CACpB,KAAK,EAAE,uBAAuB,GAC7B,yBAAyB;IAW5B;;;;;OAKG;IACH,MAAM,CAAC,sBAAsB,CAAC,KAAK,EAAE,WAAW,GAAG,yBAAyB;IAwB5E;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,uBAAuB;IAI1E;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,IAAI,WAAW;CAG3D"}

package/src/lib/services/contentIngestionService.js

@@ -0,0 +1,139 @@
+"use strict";
+/**
+ * @fileoverview ContentIngestionService — wires identity validation and sealing
+ * into the content ingestion path.
+ *
+ * Before content is accepted into the block store, this service:
+ * 1. Validates the content identity via IdentityValidator
+ * 2. Seals the identity via IdentitySealingPipeline (generates shards, replaces identity)
+ * 3. Returns the processed content ready for block store acceptance
+ *
+ * @see Requirements 16
+ * @see Design: Content Ingestion Pipeline Integration (Task 19)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContentIngestionService = void 0;
+const brightchain_lib_1 = require("@brightchain/brightchain-lib");
+/**
+ * Human-readable error messages for each IdentityValidationErrorType.
+ */
+const VALIDATION_ERROR_MESSAGES = {
+    [brightchain_lib_1.IdentityValidationErrorType.InvalidSignature]: 'Content signature does not match the claimed identity public key',
+    [brightchain_lib_1.IdentityValidationErrorType.UnregisteredAlias]: 'The alias used for content publication is not registered',
+    [brightchain_lib_1.IdentityValidationErrorType.InactiveAlias]: 'The alias used for content publication has been deactivated',
+    [brightchain_lib_1.IdentityValidationErrorType.InvalidMembershipProof]: 'The membership proof for anonymous content is invalid',
+    [brightchain_lib_1.IdentityValidationErrorType.MissingMembershipProof]: 'Anonymous content must include a valid membership proof',
+    [brightchain_lib_1.IdentityValidationErrorType.BannedUser]: 'The content creator has been banned from the network',
+    [brightchain_lib_1.IdentityValidationErrorType.SuspendedUser]: 'The content creator is currently suspended',
+    [brightchain_lib_1.IdentityValidationErrorType.ShardVerificationFailed]: 'Identity shard verification failed during sealing',
+};
+/**
+ * ContentIngestionService orchestrates identity validation and sealing
+ * before content is accepted into the block store.
+ *
+ * @template TID - Platform ID type for frontend/backend DTO compatibility
+ */
+class ContentIngestionService {
+    constructor(identityValidator, identitySealingPipeline) {
+        this.identityValidator = identityValidator;
+        this.identitySealingPipeline = identitySealingPipeline;
+    }
+    /**
+     * Process content through identity validation and sealing.
+     *
+     * Steps:
+     * 1. Validate identity (signature, alias status, membership proof, ban/suspend check)
+     * 2. Seal identity (generate shards, replace identity field, distribute encrypted shards)
+     * 3. Return processed content with recovery record ID
+     *
+     * @param content - The content with identity to validate and seal
+     * @returns Ingestion result with processed content
+     * @throws IdentityValidationError with specific error type on validation failure
+     * @throws QuorumError with IdentitySealingFailed on sealing failure
+     */
+    async processContent(content) {
+        // Step 1: Validate identity
+        const validationResult = await this.identityValidator.validateContent(content);
+        // Step 2: Determine alias name for alias mode
+        let aliasName;
+        if (validationResult.identityMode === brightchain_lib_1.IdentityMode.Alias) {
+            aliasName = await this.resolveAliasName(content);
+        }
+        // Step 3: Seal identity through the pipeline
+        const sealingResult = await this.identitySealingPipeline.sealIdentity(content, validationResult.identityMode, aliasName);
+        return {
+            accepted: true,
+            processedContent: sealingResult.modifiedContent,
+            recoveryRecordId: sealingResult.recoveryRecordId,
+            identityMode: validationResult.identityMode,
+            resolvedMemberId: validationResult.resolvedMemberId,
+        };
+    }
+    /**
+     * Resolve the alias name from content's identity recovery record.
+     * The IdentityValidator already confirmed the alias exists and is active,
+     * so the sealing pipeline handles alias lookup internally.
+     */
+    async resolveAliasName(_content) {
+        // The alias name is determined by the IdentitySealingPipeline
+        // based on the content's identityRecoveryRecordId.
+        // The sealing pipeline handles alias lookup internally.
+        return undefined;
+    }
+    /**
+     * Create a rejection result from an IdentityValidationError.
+     *
+     * @param error - The validation error
+     * @returns A structured rejection result
+     */
+    static createRejection(error) {
+        const errorType = error.type;
+        return {
+            accepted: false,
+            reason: VALIDATION_ERROR_MESSAGES[errorType] ??
+                `Identity validation failed: ${errorType}`,
+            errorType,
+        };
+    }
+    /**
+     * Create a rejection result from a QuorumError (sealing failure).
+     *
+     * @param error - The quorum error
+     * @returns A structured rejection result
+     */
+    static createSealingRejection(error) {
+        const errorType = error.type;
+        let reason;
+        switch (errorType) {
+            case brightchain_lib_1.QuorumErrorType.IdentitySealingFailed:
+                reason =
+                    'Identity sealing failed during shard generation or distribution';
+                break;
+            case brightchain_lib_1.QuorumErrorType.ShardVerificationFailed:
+                reason =
+                    'Identity shard verification failed — shards do not reconstruct correctly';
+                break;
+            default:
+                reason = `Identity sealing failed: ${errorType}`;
+        }
+        return {
+            accepted: false,
+            reason,
+            errorType: 'IDENTITY_SEALING_FAILED',
+        };
+    }
+    /**
+     * Determine if an error is an IdentityValidationError.
+     */
+    static isValidationError(error) {
+        return error instanceof brightchain_lib_1.IdentityValidationError;
+    }
+    /**
+     * Determine if an error is a QuorumError.
+     */
+    static isQuorumError(error) {
+        return error instanceof brightchain_lib_1.QuorumError;
+    }
+}
+exports.ContentIngestionService = ContentIngestionService;
+//# sourceMappingURL=contentIngestionService.js.map

package/src/lib/services/contentIngestionService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contentIngestionService.js","sourceRoot":"","sources":["../../../../../brightchain-api-lib/src/lib/services/contentIngestionService.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,kEAYsC;AAGtC;;GAEG;AACH,MAAM,yBAAyB,GAAgD;IAC7E,CAAC,6CAA2B,CAAC,gBAAgB,CAAC,EAC5C,kEAAkE;IACpE,CAAC,6CAA2B,CAAC,iBAAiB,CAAC,EAC7C,0DAA0D;IAC5D,CAAC,6CAA2B,CAAC,aAAa,CAAC,EACzC,6DAA6D;IAC/D,CAAC,6CAA2B,CAAC,sBAAsB,CAAC,EAClD,uDAAuD;IACzD,CAAC,6CAA2B,CAAC,sBAAsB,CAAC,EAClD,yDAAyD;IAC3D,CAAC,6CAA2B,CAAC,UAAU,CAAC,EACtC,sDAAsD;IACxD,CAAC,6CAA2B,CAAC,aAAa,CAAC,EACzC,4CAA4C;IAC9C,CAAC,6CAA2B,CAAC,uBAAuB,CAAC,EACnD,mDAAmD;CACtD,CAAC;AAEF;;;;;GAKG;AACH,MAAa,uBAAuB;IAGlC,YACmB,iBAA0C,EAC1C,uBAAsD;QADtD,sBAAiB,GAAjB,iBAAiB,CAAyB;QAC1C,4BAAuB,GAAvB,uBAAuB,CAA+B;IACtE,CAAC;IAEJ;;;;;;;;;;;;OAYG;IACH,KAAK,CAAC,cAAc,CAClB,OAAiC;QAEjC,4BAA4B;QAC5B,MAAM,gBAAgB,GACpB,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QAExD,8CAA8C;QAC9C,IAAI,SAA6B,CAAC;QAClC,IAAI,gBAAgB,CAAC,YAAY,KAAK,8BAAY,CAAC,KAAK,EAAE,CAAC;YACzD,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;QAED,6CAA6C;QAC7C,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,uBAAuB,CAAC,YAAY,CACnE,OAAO,EACP,gBAAgB,CAAC,YAAY,EAC7B,SAAS,CACV,CAAC;QAEF,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,gBAAgB,EAAE,aAAa,CAAC,eAAe;YAC/C,gBAAgB,EAAE,aAAa,CAAC,gBAAgB;YAChD,YAAY,EAAE,gBAAgB,CAAC,YAAY;YAC3C,gBAAgB,EAAE,gBAAgB,CAAC,gBAAgB;SACpD,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACK,KAAK,CAAC,gBAAgB,CAC5B,QAAkC;QAElC,8DAA8D;QAC9D,mDAAmD;QACnD,wDAAwD;QACxD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,eAAe,CACpB,KAA8B;QAE9B,MAAM,SAAS,GAAG,KAAK,CAAC,IAAmC,CAAC;QAC5D,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EACJ,yBAAyB,CAAC,SAAS,CAAC;gBACpC,+BAA+B,SAAS,EAAE;YAC5C,SAAS;SACV,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,sBAAsB,CAAC,KAAkB;QAC9C,MAAM,SAAS,GAAG,KAAK,CAAC,IAAuB,CAAC;QAChD,IAAI,MAAc,CAAC;QAEnB,QAAQ,SAAS,EAAE,CAAC;YAClB,KAAK,iCAAe,CAAC,qBAAqB;gBACxC,MAAM;oBACJ,iEAAiE,CAAC;gBACpE,MAAM;YACR,KAAK,iCAAe,CAAC,uBAAuB;gBAC1C,MAAM;oBACJ,0EAA0E,CAAC;gBAC7E,MAAM;YACR;gBACE,MAAM,GAAG,4BAA4B,SAAS,EAAE,CAAC;QACrD,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM;YACN,SAAS,EAAE,yBAAyB;SACrC,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,iBAAiB,CAAC,KAAc;QACrC,OAAO,KAAK,YAAY,yCAAuB,CAAC;IAClD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,KAAc;QACjC,OAAO,KAAK,YAAY,6BAAW,CAAC;IACtC,CAAC;CACF;AA9HD,0DA8HC"}