@capsara/sdk 1.0.1

package/dist/builder/capsa-builder.js

@@ -0,0 +1,489 @@
+/** Fluent capsa builder for creating encrypted capsas. */
+import * as fs from 'fs';
+import * as path from 'path';
+import { generateId } from '../internal/utils/id-generator.js';
+import { lookupMimeType } from '../internal/utils/mimetype-lookup.js';
+import { generateMasterKey, generateIV, encryptAES, encryptAESRaw, encryptMasterKeyForParty, computeHash, } from '../internal/crypto/primitives.js';
+import { buildCanonicalString, createCapsaSignature, } from '../internal/crypto/signatures.js';
+import { compressData, shouldCompress, } from '../internal/crypto/compression.js';
+/** Server-aligned validation constants. */
+export const SERVER_LIMITS = {
+    /** Maximum keychain entries (recipients + creator + delegates) */
+    MAX_KEYCHAIN_KEYS: 100,
+    /** Maximum base64url-encoded encrypted subject length */
+    MAX_ENCRYPTED_SUBJECT: 65_536,
+    /** Maximum base64url-encoded encrypted body length */
+    MAX_ENCRYPTED_BODY: 1_048_576,
+    /** Maximum base64url-encoded encrypted structured data length */
+    MAX_ENCRYPTED_STRUCTURED: 1_048_576,
+    /** Maximum metadata label length */
+    MAX_METADATA_LABEL: 512,
+    /** Maximum tags per envelope */
+    MAX_METADATA_TAGS: 100,
+    /** Maximum characters per tag */
+    MAX_TAG_LENGTH: 100,
+    /** Maximum metadata notes length */
+    MAX_METADATA_NOTES: 10_240,
+    /** Maximum related packages */
+    MAX_RELATED_PACKAGES: 50,
+    /** Maximum party ID length */
+    MAX_PARTY_ID_LENGTH: 100,
+    /** Maximum base64url-encoded encrypted filename length */
+    MAX_ENCRYPTED_FILENAME: 2_048,
+    /** Maximum base64url-encoded signature payload length */
+    MAX_SIGNATURE_PAYLOAD: 65_536,
+    /** Maximum parties a delegate can act for */
+    MAX_ACTING_FOR: 10,
+};
+export class CapsaBuilder {
+    subject;
+    body;
+    structured = {};
+    /** Unencrypted metadata */
+    metadata = {};
+    /** Expiration date (UTC, rounded to minute) */
+    get expiresAt() {
+        return this.#expiresAt ? new Date(this.#expiresAt) : undefined;
+    }
+    set expiresAt(value) {
+        if (value === undefined) {
+            this.#expiresAt = undefined;
+            return;
+        }
+        const dateObj = typeof value === 'string' ? new Date(value) : value;
+        dateObj.setSeconds(0, 0);
+        this.#expiresAt = dateObj.toISOString();
+    }
+    #masterKey;
+    #creatorId;
+    #recipients = [];
+    #files = [];
+    #creatorPrivateKey;
+    #limits;
+    #expiresAt;
+    constructor(creatorId, creatorPrivateKey, limits) {
+        this.#masterKey = generateMasterKey();
+        this.#creatorId = creatorId;
+        this.#creatorPrivateKey = creatorPrivateKey;
+        this.#limits = limits;
+    }
+    /**
+     * Add a recipient to the capsa
+     * @param partyId - Party ID
+     */
+    addRecipient(partyId) {
+        if (!partyId || partyId.length === 0) {
+            throw new Error('Party ID cannot be empty.');
+        }
+        if (partyId.length > SERVER_LIMITS.MAX_PARTY_ID_LENGTH) {
+            throw new Error(`Party ID (${partyId.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_PARTY_ID_LENGTH} chars.`);
+        }
+        // +1 for the creator who also gets a keychain entry
+        if (this.#recipients.length + 1 >= SERVER_LIMITS.MAX_KEYCHAIN_KEYS) {
+            throw new Error(`Cannot add recipient: keychain would exceed ${SERVER_LIMITS.MAX_KEYCHAIN_KEYS} entries (including creator). Server will reject this capsa.`);
+        }
+        this.#recipients.push({ partyId, permissions: ['read'] });
+        return this;
+    }
+    /**
+     * Add multiple recipients to the capsa
+     * @param partyIds - Party IDs
+     */
+    addRecipients(...partyIds) {
+        for (const partyId of partyIds) {
+            if (!partyId || partyId.length === 0) {
+                throw new Error('Party ID cannot be empty.');
+            }
+            if (partyId.length > SERVER_LIMITS.MAX_PARTY_ID_LENGTH) {
+                throw new Error(`Party ID (${partyId.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_PARTY_ID_LENGTH} chars.`);
+            }
+        }
+        // +1 for the creator who also gets a keychain entry
+        if (this.#recipients.length + partyIds.length + 1 > SERVER_LIMITS.MAX_KEYCHAIN_KEYS) {
+            throw new Error(`Cannot add ${partyIds.length} recipients: keychain would have ${this.#recipients.length + partyIds.length + 1} entries (max ${SERVER_LIMITS.MAX_KEYCHAIN_KEYS}). Server will reject this capsa.`);
+        }
+        for (const partyId of partyIds) {
+            this.#recipients.push({ partyId, permissions: ['read'] });
+        }
+        return this;
+    }
+    /**
+     * Add a file to the capsa
+     * @param input - File input (path or buffer with filename)
+     * @throws Error if file exceeds size limit or too many files
+     */
+    addFile(input) {
+        if (this.#files.length >= this.#limits.maxFilesPerCapsa) {
+            throw new Error(`Cannot add file: capsa already has ${this.#files.length} files (max: ${this.#limits.maxFilesPerCapsa})`);
+        }
+        let fileSize;
+        if (input.buffer) {
+            fileSize = input.buffer.length;
+        }
+        else if (input.path) {
+            fileSize = fs.statSync(input.path).size;
+        }
+        else {
+            throw new Error('File input must have either path or buffer');
+        }
+        if (fileSize > this.#limits.maxFileSize) {
+            throw new Error(`File "${input.filename}" exceeds maximum size of ${Math.floor(this.#limits.maxFileSize / 1024 / 1024)}MB (${fileSize} bytes)`);
+        }
+        this.#files.push({ input });
+        return this;
+    }
+    /**
+     * Add a file from a file path
+     * @param filePath - File path on disk
+     * @param filename - Filename override (defaults to basename)
+     * @param mimetype - MIME type (auto-detected if not specified)
+     */
+    addFileFromPath(filePath, filename, mimetype) {
+        const resolvedFilename = filename ?? path.basename(filePath);
+        return this.addFile({ path: filePath, filename: resolvedFilename, mimetype });
+    }
+    /**
+     * Add a file from a Buffer
+     * @param buffer - File content
+     * @param filename - Filename
+     * @param mimetype - MIME type (auto-detected if not specified)
+     */
+    addFileFromBuffer(buffer, filename, mimetype) {
+        return this.addFile({ buffer, filename, mimetype });
+    }
+    /**
+     * Add multiple files from file paths
+     * @param paths - File paths on disk
+     */
+    addFiles(...paths) {
+        for (const path of paths) {
+            this.addFileFromPath(path);
+        }
+        return this;
+    }
+    /**
+     * Add multiple files from FileInput objects
+     * @param files - File inputs
+     */
+    addFilesFromInputs(...files) {
+        for (const file of files) {
+            this.addFile(file);
+        }
+        return this;
+    }
+    /**
+     * Add a text file from string content
+     * @param filename - Filename
+     * @param content - Text content
+     */
+    addTextFile(filename, content) {
+        const buffer = Buffer.from(content, 'utf-8');
+        return this.addFile({ buffer, filename, mimetype: 'text/plain' });
+    }
+    /**
+     * Add a JSON file from an object
+     * @param filename - Filename
+     * @param data - Object to serialize as JSON
+     */
+    addJsonFile(filename, data) {
+        const json = JSON.stringify(data);
+        const buffer = Buffer.from(json, 'utf-8');
+        return this.addFile({ buffer, filename, mimetype: 'application/json' });
+    }
+    withStructured(keyOrData, value) {
+        if (typeof keyOrData === 'string') {
+            this.structured[keyOrData] = value;
+        }
+        else {
+            Object.assign(this.structured, keyOrData);
+        }
+        return this;
+    }
+    /**
+     * Set the subject
+     * @param subject - Subject text
+     */
+    withSubject(subject) {
+        this.subject = subject;
+        return this;
+    }
+    /**
+     * Set the body
+     * @param body - Body text
+     */
+    withBody(body) {
+        this.body = body;
+        return this;
+    }
+    /**
+     * Set the expiration
+     * @param expiresAt - Expiration date/time
+     */
+    withExpiration(expiresAt) {
+        this.expiresAt = expiresAt;
+        return this;
+    }
+    async #encryptFile(input) {
+        let fileData;
+        if (input.buffer) {
+            fileData = input.buffer;
+        }
+        else if (input.path) {
+            fileData = fs.readFileSync(input.path);
+        }
+        else {
+            throw new Error('File input must have either path or buffer');
+        }
+        const originalSize = fileData.length;
+        const shouldCompressFile = input.compress !== false && shouldCompress(originalSize);
+        let dataToEncrypt = fileData;
+        let compressed = false;
+        let compressionAlgorithm;
+        if (shouldCompressFile) {
+            const compressionResult = await compressData(fileData);
+            dataToEncrypt = compressionResult.compressedData;
+            compressed = true;
+            compressionAlgorithm = 'gzip';
+        }
+        const raw = encryptAESRaw(dataToEncrypt, this.#masterKey);
+        const hash = computeHash(raw.encryptedData);
+        const contentIV = raw.iv.toString('base64url');
+        const authTag = raw.authTag.toString('base64url');
+        const mimetype = input.mimetype || (input.path && lookupMimeType(input.path)) || 'application/octet-stream';
+        return {
+            encryptedData: raw.encryptedData,
+            iv: contentIV,
+            authTag,
+            hash,
+            size: raw.encryptedData.length,
+            mimetype,
+            ...(compressed && { compressed }),
+            ...(compressionAlgorithm && { compressionAlgorithm }),
+            ...(compressed && { originalSize }),
+        };
+    }
+    getRecipientIds() {
+        return this.#recipients.map((r) => r.partyId);
+    }
+    getFileCount() {
+        return this.#files.length;
+    }
+    /**
+     * Build the capsa with encryption and signature.
+     * @param partyKeys - Public keys for all recipients
+     */
+    async build(partyKeys) {
+        // No-content guard: server requires files OR a message (subject/body)
+        const hasContent = this.#files.length > 0 || this.subject || this.body;
+        if (!hasContent) {
+            throw new Error('Capsa must contain either files or a message (subject/body). Server will reject empty capsas.');
+        }
+        const packageId = `capsa_${generateId(22)}`;
+        const encryptedFiles = [];
+        let totalSize = 0;
+        for (const file of this.#files) {
+            const encrypted = await this.#encryptFile(file.input);
+            const { encryptedData: encryptedFilename, iv: filenameIV, authTag: filenameAuthTag } = encryptAES(Buffer.from(file.input.filename, 'utf-8'), this.#masterKey);
+            if (encryptedFilename.length > SERVER_LIMITS.MAX_ENCRYPTED_FILENAME) {
+                throw new Error(`Encrypted filename for "${file.input.filename.slice(0, 30)}..." (${encryptedFilename.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_ENCRYPTED_FILENAME} chars. Use a shorter filename.`);
+            }
+            let normalizedFileExpiresAt;
+            if (file.input.expiresAt !== undefined) {
+                const dateObj = typeof file.input.expiresAt === 'string' ? new Date(file.input.expiresAt) : file.input.expiresAt;
+                dateObj.setSeconds(0, 0);
+                normalizedFileExpiresAt = dateObj.toISOString();
+            }
+            const fileMetadata = {
+                fileId: `file_${generateId(16)}.enc`,
+                encryptedFilename,
+                filenameIV,
+                filenameAuthTag,
+                iv: encrypted.iv,
+                authTag: encrypted.authTag,
+                mimetype: encrypted.mimetype,
+                size: encrypted.size,
+                hash: encrypted.hash,
+                hashAlgorithm: 'SHA-256',
+                ...(encrypted.compressed !== undefined && { compressed: encrypted.compressed }),
+                ...(encrypted.compressionAlgorithm && { compressionAlgorithm: encrypted.compressionAlgorithm }),
+                ...(encrypted.originalSize !== undefined && { originalSize: encrypted.originalSize }),
+                ...(normalizedFileExpiresAt !== undefined && { expiresAt: normalizedFileExpiresAt }),
+                ...(file.input.transform && { transform: file.input.transform }),
+            };
+            encryptedFiles.push({
+                metadata: fileMetadata,
+                data: encrypted.encryptedData,
+            });
+            totalSize += encrypted.size;
+        }
+        if (totalSize > this.#limits.maxTotalSize) {
+            throw new Error(`Total capsa size ${totalSize} bytes exceeds maximum of ${Math.floor(this.#limits.maxTotalSize / 1024 / 1024)}MB`);
+        }
+        let encryptedSubject;
+        let subjectIV;
+        let subjectAuthTag;
+        let encryptedBody;
+        let bodyIV;
+        let bodyAuthTag;
+        let encryptedStructured;
+        let structuredIV;
+        let structuredAuthTag;
+        if (this.subject) {
+            const result = encryptAES(Buffer.from(this.subject, 'utf-8'), this.#masterKey);
+            encryptedSubject = result.encryptedData;
+            subjectIV = result.iv;
+            subjectAuthTag = result.authTag;
+            if (encryptedSubject.length > SERVER_LIMITS.MAX_ENCRYPTED_SUBJECT) {
+                throw new Error(`Encrypted subject (${encryptedSubject.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_ENCRYPTED_SUBJECT} chars. Reduce subject length.`);
+            }
+        }
+        if (this.body) {
+            const result = encryptAES(Buffer.from(this.body, 'utf-8'), this.#masterKey);
+            encryptedBody = result.encryptedData;
+            bodyIV = result.iv;
+            bodyAuthTag = result.authTag;
+            if (encryptedBody.length > SERVER_LIMITS.MAX_ENCRYPTED_BODY) {
+                throw new Error(`Encrypted body (${encryptedBody.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_ENCRYPTED_BODY} chars. Reduce body length.`);
+            }
+        }
+        const hasStructured = Object.keys(this.structured).length > 0;
+        if (hasStructured) {
+            const result = encryptAES(Buffer.from(JSON.stringify(this.structured), 'utf-8'), this.#masterKey);
+            encryptedStructured = result.encryptedData;
+            structuredIV = result.iv;
+            structuredAuthTag = result.authTag;
+            if (encryptedStructured.length > SERVER_LIMITS.MAX_ENCRYPTED_STRUCTURED) {
+                throw new Error(`Encrypted structured data (${encryptedStructured.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_ENCRYPTED_STRUCTURED} chars. Reduce structured data size.`);
+            }
+        }
+        const keychain = [];
+        for (const partyKey of partyKeys) {
+            const recipient = this.#recipients.find((r) => r.partyId === partyKey.id);
+            const isCreator = partyKey.id === this.#creatorId;
+            let permissions = [];
+            let actingFor;
+            if (partyKey.isDelegate && Array.isArray(partyKey.isDelegate)) {
+                const recipientIds = this.#recipients.map(r => r.partyId);
+                const relevantActingFor = partyKey.isDelegate.filter(id => recipientIds.includes(id));
+                if (relevantActingFor.length === 0) {
+                    continue;
+                }
+                if (relevantActingFor.length > SERVER_LIMITS.MAX_ACTING_FOR) {
+                    throw new Error(`Delegate "${partyKey.id}" acting for ${relevantActingFor.length} parties exceeds server limit of ${SERVER_LIMITS.MAX_ACTING_FOR}.`);
+                }
+                permissions = ['delegate'];
+                actingFor = relevantActingFor;
+            }
+            else if (isCreator) {
+                permissions = [];
+            }
+            else if (recipient) {
+                permissions = recipient.permissions;
+                actingFor = recipient.actingFor;
+            }
+            else {
+                continue;
+            }
+            const isDelegatedRecipient = permissions.length === 0 && !isCreator;
+            const keyIV = generateIV();
+            keychain.push({
+                party: partyKey.id,
+                encryptedKey: isDelegatedRecipient
+                    ? ''
+                    : encryptMasterKeyForParty(this.#masterKey, partyKey.publicKey),
+                iv: keyIV,
+                fingerprint: partyKey.fingerprint,
+                permissions,
+                actingFor,
+                revoked: false,
+            });
+        }
+        const canonicalString = buildCanonicalString({
+            packageId,
+            totalSize,
+            algorithm: 'AES-256-GCM',
+            files: encryptedFiles.map((f) => f.metadata),
+            structuredIV,
+            subjectIV,
+            bodyIV,
+        });
+        const signature = createCapsaSignature(canonicalString, this.#creatorPrivateKey);
+        if (signature.payload.length > SERVER_LIMITS.MAX_SIGNATURE_PAYLOAD) {
+            throw new Error(`Signature payload (${signature.payload.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_SIGNATURE_PAYLOAD} chars.`);
+        }
+        const capsa = {
+            packageId,
+            keychain: {
+                algorithm: 'AES-256-GCM',
+                keys: keychain,
+            },
+            signature,
+            files: encryptedFiles.map((f) => f.metadata),
+            accessControl: {
+                expiresAt: this.#expiresAt,
+            },
+            deliveryPriority: 'normal',
+        };
+        const hasMetadata = this.metadata.label || this.metadata.tags?.length || this.metadata.notes || this.metadata.relatedPackages?.length;
+        if (hasMetadata) {
+            if (this.metadata.label && this.metadata.label.length > SERVER_LIMITS.MAX_METADATA_LABEL) {
+                throw new Error(`Metadata label (${this.metadata.label.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_METADATA_LABEL} chars.`);
+            }
+            if (this.metadata.tags && this.metadata.tags.length > SERVER_LIMITS.MAX_METADATA_TAGS) {
+                throw new Error(`Metadata tags count (${this.metadata.tags.length}) exceeds server limit of ${SERVER_LIMITS.MAX_METADATA_TAGS}.`);
+            }
+            if (this.metadata.tags) {
+                for (const tag of this.metadata.tags) {
+                    if (tag.length > SERVER_LIMITS.MAX_TAG_LENGTH) {
+                        throw new Error(`Metadata tag "${tag.slice(0, 20)}..." (${tag.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_TAG_LENGTH} chars.`);
+                    }
+                }
+            }
+            if (this.metadata.notes && this.metadata.notes.length > SERVER_LIMITS.MAX_METADATA_NOTES) {
+                throw new Error(`Metadata notes (${this.metadata.notes.length} chars) exceeds server limit of ${SERVER_LIMITS.MAX_METADATA_NOTES} chars.`);
+            }
+            if (this.metadata.relatedPackages && this.metadata.relatedPackages.length > SERVER_LIMITS.MAX_RELATED_PACKAGES) {
+                throw new Error(`Related packages count (${this.metadata.relatedPackages.length}) exceeds server limit of ${SERVER_LIMITS.MAX_RELATED_PACKAGES}.`);
+            }
+            capsa.metadata = this.metadata;
+        }
+        if (encryptedSubject) {
+            capsa.encryptedSubject = encryptedSubject;
+            capsa.subjectIV = subjectIV;
+            capsa.subjectAuthTag = subjectAuthTag;
+        }
+        if (encryptedBody) {
+            capsa.encryptedBody = encryptedBody;
+            capsa.bodyIV = bodyIV;
+            capsa.bodyAuthTag = bodyAuthTag;
+        }
+        if (encryptedStructured) {
+            capsa.encryptedStructured = encryptedStructured;
+            capsa.structuredIV = structuredIV;
+            capsa.structuredAuthTag = structuredAuthTag;
+        }
+        // Defense-in-depth: detect duplicate IVs across all fields.
+        // Server performs the same check and will reject duplicates.
+        const allIVs = [];
+        if (subjectIV)
+            allIVs.push(subjectIV);
+        if (bodyIV)
+            allIVs.push(bodyIV);
+        if (structuredIV)
+            allIVs.push(structuredIV);
+        for (const entry of keychain) {
+            if (entry.iv)
+                allIVs.push(entry.iv);
+        }
+        for (const file of encryptedFiles) {
+            allIVs.push(file.metadata.iv);
+            allIVs.push(file.metadata.filenameIV);
+        }
+        const ivSet = new Set(allIVs);
+        if (ivSet.size !== allIVs.length) {
+            throw new Error('Duplicate IV detected across capsa fields. This indicates a CSPRNG failure. Do not send this capsa.');
+        }
+        return { capsa, files: encryptedFiles };
+    }
+}
+//# sourceMappingURL=capsa-builder.js.map

package/dist/builder/capsa-builder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capsa-builder.js","sourceRoot":"","sources":["../../src/builder/capsa-builder.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAE1D,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,EAAE,UAAU,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,sCAAsC,CAAC;AACtE,OAAO,EACL,iBAAiB,EACjB,UAAU,EACV,UAAU,EACV,aAAa,EACb,wBAAwB,EACxB,WAAW,GACZ,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EACL,YAAY,EACZ,cAAc,GACf,MAAM,mCAAmC,CAAC;AAyC3C,2CAA2C;AAC3C,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,kEAAkE;IAClE,iBAAiB,EAAE,GAAG;IACtB,yDAAyD;IACzD,qBAAqB,EAAE,MAAM;IAC7B,sDAAsD;IACtD,kBAAkB,EAAE,SAAS;IAC7B,iEAAiE;IACjE,wBAAwB,EAAE,SAAS;IACnC,oCAAoC;IACpC,kBAAkB,EAAE,GAAG;IACvB,gCAAgC;IAChC,iBAAiB,EAAE,GAAG;IACtB,iCAAiC;IACjC,cAAc,EAAE,GAAG;IACnB,oCAAoC;IACpC,kBAAkB,EAAE,MAAM;IAC1B,+BAA+B;IAC/B,oBAAoB,EAAE,EAAE;IACxB,8BAA8B;IAC9B,mBAAmB,EAAE,GAAG;IACxB,0DAA0D;IAC1D,sBAAsB,EAAE,KAAK;IAC7B,yDAAyD;IACzD,qBAAqB,EAAE,MAAM;IAC7B,6CAA6C;IAC7C,cAAc,EAAE,EAAE;CACV,CAAC;AAEX,MAAM,OAAO,YAAY;IACvB,OAAO,CAAU;IACjB,IAAI,CAAU;IACd,UAAU,GAA4B,EAAE,CAAC;IAEzC,2BAA2B;IAClB,QAAQ,GAAkB,EAAE,CAAC;IAEtC,+CAA+C;IAC/C,IAAI,SAAS;QACX,OAAO,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACjE,CAAC;IACD,IAAI,SAAS,CAAC,KAAgC;QAC5C,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;YAC5B,OAAO;QACT,CAAC;QACD,MAAM,OAAO,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACpE,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAC1C,CAAC;IAED,UAAU,CAAS;IACnB,UAAU,CAAS;IACnB,WAAW,GAAsB,EAAE,CAAC;IACpC,MAAM,GAAkE,EAAE,CAAC;IAC3E,kBAAkB,CAAS;IAC3B,OAAO,CAAe;IACtB,UAAU,CAAU;IAEpB,YAAY,SAAiB,EAAE,iBAAyB,EAAE,MAAoB;QAC5E,IAAI,CAAC,UAAU,GAAG,iBAAiB,EAAE,CAAC;QACtC,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,kBAAkB,GAAG,iBAAiB,CAAC;QAC5C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,OAAe;QAC1B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC,mBAAmB,EAAE,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,aAAa,OAAO,CAAC,MAAM,mCAAmC,aAAa,CAAC,mBAAmB,SAAS,CACzG,CAAC;QACJ,CAAC;QACD,oDAAoD;QACpD,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,CAAC,IAAI,aAAa,CAAC,iBAAiB,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CACb,+CAA+C,aAAa,CAAC,iBAAiB,8DAA8D,CAC7I,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,GAAG,QAAkB;QACjC,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,CAAC;YACD,IAAI,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC,mBAAmB,EAAE,CAAC;gBACvD,MAAM,IAAI,KAAK,CACb,aAAa,OAAO,CAAC,MAAM,mCAAmC,aAAa,CAAC,mBAAmB,SAAS,CACzG,CAAC;YACJ,CAAC;QACH,CAAC;QACD,oDAAoD;QACpD,IAAI,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,GAAG,aAAa,CAAC,iBAAiB,EAAE,CAAC;YACpF,MAAM,IAAI,KAAK,CACb,cAAc,QAAQ,CAAC,MAAM,oCAAoC,IAAI,CAAC,WAAW,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,CAAC,iBAAiB,aAAa,CAAC,iBAAiB,mCAAmC,CAClM,CAAC;QACJ,CAAC;QACD,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACH,OAAO,CAAC,KAAgB;QACtB,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CACb,sCAAsC,IAAI,CAAC,MAAM,CAAC,MAAM,gBAAgB,IAAI,CAAC,OAAO,CAAC,gBAAgB,GAAG,CACzG,CAAC;QACJ,CAAC;QAED,IAAI,QAAgB,CAAC;QACrB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC;QACjC,CAAC;aAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACtB,QAAQ,GAAG,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,IAAI,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,SAAS,KAAK,CAAC,QAAQ,6BAA6B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,GAAG,IAAI,GAAG,IAAI,CAAC,OAAO,QAAQ,SAAS,CAC/H,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,QAAgB,EAAE,QAAiB,EAAE,QAAiB;QACpE,MAAM,gBAAgB,GAAG,QAAQ,IAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,gBAAgB,EAAE,QAAQ,EAAE,CAAC,CAAC;IAChF,CAAC;IAED;;;;;OAKG;IACH,iBAAiB,CAAC,MAAc,EAAE,QAAgB,EAAE,QAAiB;QACnE,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC;IACtD,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,GAAG,KAAe;QACzB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,kBAAkB,CAAC,GAAG,KAAkB;QACtC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;OAIG;IACH,WAAW,CAAC,QAAgB,EAAE,OAAe;QAC3C,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAC;IACpE,CAAC;IAED;;;;OAIG;IACH,WAAW,CAAC,QAAgB,EAAE,IAAa;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC1C,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC1E,CAAC;IAaD,cAAc,CAAC,SAA2C,EAAE,KAAe;QACzE,IAAI,OAAO,SAAS,KAAK,QAAQ,EAAE,CAAC;YAClC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,WAAW,CAAC,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,QAAQ,CAAC,IAAY;QACnB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,SAAwB;QACrC,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,KAAgB;QACjC,IAAI,QAAgB,CAAC;QACrB,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC;YACjB,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC;QAC1B,CAAC;aAAM,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;YACtB,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzC,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,YAAY,GAAG,QAAQ,CAAC,MAAM,CAAC;QACrC,MAAM,kBAAkB,GAAG,KAAK,CAAC,QAAQ,KAAK,KAAK,IAAI,cAAc,CAAC,YAAY,CAAC,CAAC;QAEpF,IAAI,aAAa,GAAG,QAAQ,CAAC;QAC7B,IAAI,UAAU,GAAG,KAAK,CAAC;QACvB,IAAI,oBAAwC,CAAC;QAE7C,IAAI,kBAAkB,EAAE,CAAC;YACvB,MAAM,iBAAiB,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;YACvD,aAAa,GAAG,iBAAiB,CAAC,cAAc,CAAC;YACjD,UAAU,GAAG,IAAI,CAAC;YAClB,oBAAoB,GAAG,MAAM,CAAC;QAChC,CAAC;QAED,MAAM,GAAG,GAAG,aAAa,CAAC,aAAa,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAC1D,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAC/C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QAClD,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,cAAc,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,0BAA0B,CAAC;QAE5G,OAAO;YACL,aAAa,EAAE,GAAG,CAAC,aAAa;YAChC,EAAE,EAAE,SAAS;YACb,OAAO;YACP,IAAI;YACJ,IAAI,EAAE,GAAG,CAAC,aAAa,CAAC,MAAM;YAC9B,QAAQ;YACR,GAAG,CAAC,UAAU,IAAI,EAAE,UAAU,EAAE,CAAC;YACjC,GAAG,CAAC,oBAAoB,IAAI,EAAE,oBAAoB,EAAE,CAAC;YACrD,GAAG,CAAC,UAAU,IAAI,EAAE,YAAY,EAAE,CAAC;SACpC,CAAC;IACJ,CAAC;IAED,eAAe;QACb,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAChD,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,SAAqB;QAC/B,sEAAsE;QACtE,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC;QACvE,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,+FAA+F,CAChG,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,UAAU,CAAC,EAAE,CAAC,EAAE,CAAC;QAC5C,MAAM,cAAc,GAAqD,EAAE,CAAC;QAC5E,IAAI,SAAS,GAAG,CAAC,CAAC;QAElB,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACtD,MAAM,EAAE,aAAa,EAAE,iBAAiB,EAAE,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,UAAU,CAC/F,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,EACzC,IAAI,CAAC,UAAU,CAChB,CAAC;YAEF,IAAI,iBAAiB,CAAC,MAAM,GAAG,aAAa,CAAC,sBAAsB,EAAE,CAAC;gBACpE,MAAM,IAAI,KAAK,CACb,2BAA2B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,iBAAiB,CAAC,MAAM,mCAAmC,aAAa,CAAC,sBAAsB,iCAAiC,CACrM,CAAC;YACJ,CAAC;YAED,IAAI,uBAA2C,CAAC;YAChD,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACvC,MAAM,OAAO,GAAG,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC;gBACjH,OAAO,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBACzB,uBAAuB,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;YAClD,CAAC;YAED,MAAM,YAAY,GAAkB;gBAClC,MAAM,EAAE,QAAQ,UAAU,CAAC,EAAE,CAAC,MAAM;gBACpC,iBAAiB;gBACjB,UAAU;gBACV,eAAe;gBACf,EAAE,EAAE,SAAS,CAAC,EAAE;gBAChB,OAAO,EAAE,SAAS,CAAC,OAAO;gBAC1B,QAAQ,EAAE,SAAS,CAAC,QAAQ;gBAC5B,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,IAAI,EAAE,SAAS,CAAC,IAAI;gBACpB,aAAa,EAAE,SAAS;gBACxB,GAAG,CAAC,SAAS,CAAC,UAAU,KAAK,SAAS,IAAI,EAAE,UAAU,EAAE,SAAS,CAAC,UAAU,EAAE,CAAC;gBAC/E,GAAG,CAAC,SAAS,CAAC,oBAAoB,IAAI,EAAE,oBAAoB,EAAE,SAAS,CAAC,oBAAoB,EAAE,CAAC;gBAC/F,GAAG,CAAC,SAAS,CAAC,YAAY,KAAK,SAAS,IAAI,EAAE,YAAY,EAAE,SAAS,CAAC,YAAY,EAAE,CAAC;gBACrF,GAAG,CAAC,uBAAuB,KAAK,SAAS,IAAI,EAAE,SAAS,EAAE,uBAAuB,EAAE,CAAC;gBACpF,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;aACjE,CAAC;YAEF,cAAc,CAAC,IAAI,CAAC;gBAClB,QAAQ,EAAE,YAAY;gBACtB,IAAI,EAAE,SAAS,CAAC,aAAa;aAC9B,CAAC,CAAC;YAEH,SAAS,IAAI,SAAS,CAAC,IAAI,CAAC;QAC9B,CAAC;QAED,IAAI,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CACb,oBAAoB,SAAS,6BAA6B,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,GAAG,IAAI,GAAG,IAAI,CAAC,IAAI,CAClH,CAAC;QACJ,CAAC;QAED,IAAI,gBAAoC,CAAC;QACzC,IAAI,SAA6B,CAAC;QAClC,IAAI,cAAkC,CAAC;QACvC,IAAI,aAAiC,CAAC;QACtC,IAAI,MAA0B,CAAC;QAC/B,IAAI,WAA+B,CAAC;QACpC,IAAI,mBAAuC,CAAC;QAC5C,IAAI,YAAgC,CAAC;QACrC,IAAI,iBAAqC,CAAC;QAE1C,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,MAAM,MAAM,GAAG,UAAU,CACvB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,EAClC,IAAI,CAAC,UAAU,CAChB,CAAC;YACF,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC;YACxC,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC;YACtB,cAAc,GAAG,MAAM,CAAC,OAAO,CAAC;YAEhC,IAAI,gBAAgB,CAAC,MAAM,GAAG,aAAa,CAAC,qBAAqB,EAAE,CAAC;gBAClE,MAAM,IAAI,KAAK,CACb,sBAAsB,gBAAgB,CAAC,MAAM,mCAAmC,aAAa,CAAC,qBAAqB,gCAAgC,CACpJ,CAAC;YACJ,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,MAAM,GAAG,UAAU,CACvB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,EAC/B,IAAI,CAAC,UAAU,CAChB,CAAC;YACF,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC;YACrC,MAAM,GAAG,MAAM,CAAC,EAAE,CAAC;YACnB,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC;YAE7B,IAAI,aAAa,CAAC,MAAM,GAAG,aAAa,CAAC,kBAAkB,EAAE,CAAC;gBAC5D,MAAM,IAAI,KAAK,CACb,mBAAmB,aAAa,CAAC,MAAM,mCAAmC,aAAa,CAAC,kBAAkB,6BAA6B,CACxI,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;QAC9D,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,UAAU,CACvB,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,OAAO,CAAC,EACrD,IAAI,CAAC,UAAU,CAChB,CAAC;YACF,mBAAmB,GAAG,MAAM,CAAC,aAAa,CAAC;YAC3C,YAAY,GAAG,MAAM,CAAC,EAAE,CAAC;YACzB,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC;YAEnC,IAAI,mBAAmB,CAAC,MAAM,GAAG,aAAa,CAAC,wBAAwB,EAAE,CAAC;gBACxE,MAAM,IAAI,KAAK,CACb,8BAA8B,mBAAmB,CAAC,MAAM,mCAAmC,aAAa,CAAC,wBAAwB,sCAAsC,CACxK,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAoB,EAAE,CAAC;QAErC,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;YACjC,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC1E,MAAM,SAAS,GAAG,QAAQ,CAAC,EAAE,KAAK,IAAI,CAAC,UAAU,CAAC;YAClD,IAAI,WAAW,GAAa,EAAE,CAAC;YAC/B,IAAI,SAA+B,CAAC;YAEpC,IAAI,QAAQ,CAAC,UAAU,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;gBAC9D,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAC1D,MAAM,iBAAiB,GAAG,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;gBAEtF,IAAI,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;oBACnC,SAAS;gBACX,CAAC;gBAED,IAAI,iBAAiB,CAAC,MAAM,GAAG,aAAa,CAAC,cAAc,EAAE,CAAC;oBAC5D,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,CAAC,EAAE,gBAAgB,iBAAiB,CAAC,MAAM,oCAAoC,aAAa,CAAC,cAAc,GAAG,CACpI,CAAC;gBACJ,CAAC;gBAED,WAAW,GAAG,CAAC,UAAU,CAAC,CAAC;gBAC3B,SAAS,GAAG,iBAAiB,CAAC;YAChC,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,GAAG,EAAE,CAAC;YACnB,CAAC;iBAAM,IAAI,SAAS,EAAE,CAAC;gBACrB,WAAW,GAAG,SAAS,CAAC,WAAW,CAAC;gBACpC,SAAS,GAAG,SAAS,CAAC,SAAS,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,SAAS;YACX,CAAC;YAED,MAAM,oBAAoB,GAAG,WAAW,CAAC,MAAM,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC;YAEpE,MAAM,KAAK,GAAG,UAAU,EAAE,CAAC;YAE3B,QAAQ,CAAC,IAAI,CAAC;gBACZ,KAAK,EAAE,QAAQ,CAAC,EAAE;gBAClB,YAAY,EAAE,oBAAoB;oBAChC,CAAC,CAAC,EAAE;oBACJ,CAAC,CAAC,wBAAwB,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,SAAS,CAAC;gBACjE,EAAE,EAAE,KAAK;gBACT,WAAW,EAAE,QAAQ,CAAC,WAAW;gBACjC,WAAW;gBACX,SAAS;gBACT,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;QAED,MAAM,eAAe,GAAG,oBAAoB,CAAC;YAC3C,SAAS;YACT,SAAS;YACT,SAAS,EAAE,aAAa;YACxB,KAAK,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC5C,YAAY;YACZ,SAAS;YACT,MAAM;SACP,CAAC,CAAC;QAEH,MAAM,SAAS,GAAG,oBAAoB,CACpC,eAAe,EACf,IAAI,CAAC,kBAAkB,CACxB,CAAC;QAEF,IAAI,SAAS,CAAC,OAAO,CAAC,MAAM,GAAG,aAAa,CAAC,qBAAqB,EAAE,CAAC;YACnE,MAAM,IAAI,KAAK,CACb,sBAAsB,SAAS,CAAC,OAAO,CAAC,MAAM,mCAAmC,aAAa,CAAC,qBAAqB,SAAS,CAC9H,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAiBP;YACF,SAAS;YACT,QAAQ,EAAE;gBACR,SAAS,EAAE,aAAa;gBACxB,IAAI,EAAE,QAAQ;aACf;YACD,SAAS;YACT,KAAK,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE;gBACb,SAAS,EAAE,IAAI,CAAC,UAAU;aAC3B;YACD,gBAAgB,EAAE,QAAQ;SAC3B,CAAC;QAEF,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;QACtI,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,aAAa,CAAC,kBAAkB,EAAE,CAAC;gBACzF,MAAM,IAAI,KAAK,CACb,mBAAmB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,mCAAmC,aAAa,CAAC,kBAAkB,SAAS,CAC1H,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,aAAa,CAAC,iBAAiB,EAAE,CAAC;gBACtF,MAAM,IAAI,KAAK,CACb,wBAAwB,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,6BAA6B,aAAa,CAAC,iBAAiB,GAAG,CACjH,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACvB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACrC,IAAI,GAAG,CAAC,MAAM,GAAG,aAAa,CAAC,cAAc,EAAE,CAAC;wBAC9C,MAAM,IAAI,KAAK,CACb,iBAAiB,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,GAAG,CAAC,MAAM,mCAAmC,aAAa,CAAC,cAAc,SAAS,CAC7H,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,IAAI,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,GAAG,aAAa,CAAC,kBAAkB,EAAE,CAAC;gBACzF,MAAM,IAAI,KAAK,CACb,mBAAmB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,mCAAmC,aAAa,CAAC,kBAAkB,SAAS,CAC1H,CAAC;YACJ,CAAC;YACD,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,IAAI,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,MAAM,GAAG,aAAa,CAAC,oBAAoB,EAAE,CAAC;gBAC/G,MAAM,IAAI,KAAK,CACb,2BAA2B,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,MAAM,6BAA6B,aAAa,CAAC,oBAAoB,GAAG,CAClI,CAAC;YACJ,CAAC;YACD,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QACjC,CAAC;QAED,IAAI,gBAAgB,EAAE,CAAC;YACrB,KAAK,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;YAC1C,KAAK,CAAC,SAAS,GAAG,SAAS,CAAC;YAC5B,KAAK,CAAC,cAAc,GAAG,cAAc,CAAC;QACxC,CAAC;QACD,IAAI,aAAa,EAAE,CAAC;YAClB,KAAK,CAAC,aAAa,GAAG,aAAa,CAAC;YACpC,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;YACtB,KAAK,CAAC,WAAW,GAAG,WAAW,CAAC;QAClC,CAAC;QACD,IAAI,mBAAmB,EAAE,CAAC;YACxB,KAAK,CAAC,mBAAmB,GAAG,mBAAmB,CAAC;YAChD,KAAK,CAAC,YAAY,GAAG,YAAY,CAAC;YAClC,KAAK,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC9C,CAAC;QAED,4DAA4D;QAC5D,6DAA6D;QAC7D,MAAM,MAAM,GAAa,EAAE,CAAC;QAC5B,IAAI,SAAS;YAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACtC,IAAI,MAAM;YAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChC,IAAI,YAAY;YAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC5C,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;YAC7B,IAAI,KAAK,CAAC,EAAE;gBAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QACtC,CAAC;QACD,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;YAC9B,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC9B,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,qGAAqG,CACtG,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;IAC1C,CAAC;CACF"}

package/dist/client/capsara-client.d.ts

@@ -0,0 +1,96 @@
+/** Primary interface for zero-knowledge encrypted file sharing. */
+import { type PublicKeyInfo, type KeyHistoryEntry } from '../internal/services/account-service.js';
+import { type GeneratedKeyPair } from '../internal/crypto/key-generator.js';
+import { CapsaBuilder } from '../builder/capsa-builder.js';
+import { type DecryptedCapsa } from '../internal/decryptor/capsa-decryptor.js';
+import { type HttpTimeoutConfig } from '../internal/config/http-client.js';
+import type { RetryConfig } from '../internal/config/retry-interceptor.js';
+import type { AuthCredentials, AuthResponse, Capsa, SystemLimits, CapsaListFilters, CapsaListResponse, GetAuditEntriesFilters, GetAuditEntriesResponse, CreateAuditEntryRequest, CreateAuditEntryResponse } from '../types/index.js';
+export interface CapsaraClientOptions {
+    credentials?: AuthCredentials;
+    accessToken?: string;
+    expectedIssuer?: string;
+    expectedAudience?: string;
+    timeout?: Partial<HttpTimeoutConfig>;
+    retry?: RetryConfig;
+    maxBatchSize?: number;
+    cacheTTL?: number;
+    /**
+     * Custom user agent string to append to the default SDK user agent.
+     * Default: "Capsara-SDK/1.0.0 (Node.js v20.x.x)"
+     * If provided, becomes: "Capsara-SDK/1.0.0 (Node.js v20.x.x) YourCustomAgent"
+     */
+    userAgent?: string;
+}
+export declare class CapsaraClient {
+    private creatorId;
+    private creatorPrivateKey;
+    private authService;
+    private keyManager;
+    private limitsManager;
+    private accountClient;
+    private capsaService;
+    private downloadService;
+    private uploadService;
+    private auditService;
+    private capsaCache;
+    private axiosInstance;
+    private blobClient;
+    private timeoutConfig;
+    private retryConfig;
+    private maxBatchSize;
+    private logger;
+    private refreshPromise;
+    private inFlightCapsaFetches;
+    constructor(baseUrl: string, options?: CapsaraClientOptions);
+    login(credentials: AuthCredentials): Promise<AuthResponse>;
+    logout(): Promise<boolean>;
+    isAuthenticated(): boolean;
+    setPrivateKey(privateKey: string): void;
+    createCapsaBuilder(): Promise<CapsaBuilder>;
+    sendCapsas(builders: CapsaBuilder[]): Promise<{
+        batchId: string;
+        successful: number;
+        failed: number;
+        partialSuccess?: boolean;
+        created: Array<{
+            packageId: string;
+            index: number;
+        }>;
+        errors?: Array<{
+            index: number;
+            packageId: string;
+            error: string;
+        }>;
+    }>;
+    getCapsa(capsaId: string): Promise<DecryptedCapsa>;
+    getCapsa(capsaId: string, options: {
+        decrypt: false;
+    }): Promise<Capsa>;
+    getCapsa(capsaId: string, options: {
+        verifySignature?: boolean;
+    }): Promise<DecryptedCapsa>;
+    private getOrCreateCapsaFetch;
+    private fetchAndDecryptCapsa;
+    listCapsas(filters?: CapsaListFilters): Promise<CapsaListResponse>;
+    deleteCapsa(capsaId: string): Promise<void>;
+    downloadFile(capsaId: string, fileId: string): Promise<{
+        data: Buffer;
+        filename: string;
+    }>;
+    getAuditEntries(capsaId: string, filters?: GetAuditEntriesFilters): Promise<GetAuditEntriesResponse>;
+    createAuditEntry(capsaId: string, entry: CreateAuditEntryRequest): Promise<CreateAuditEntryResponse>;
+    getCurrentPublicKey(): Promise<PublicKeyInfo | null>;
+    addPublicKey(publicKey: string, fingerprint: string, reason?: string): Promise<PublicKeyInfo>;
+    getKeyHistory(): Promise<KeyHistoryEntry[]>;
+    rotateKey(): Promise<{
+        keyPair: GeneratedKeyPair;
+        serverInfo: PublicKeyInfo;
+    }>;
+    getLimits(): Promise<SystemLimits>;
+    static generateKeyPair(): Promise<GeneratedKeyPair>;
+    clearCache(): void;
+    /** Release all resources and securely clear cached keys. */
+    destroy(): Promise<void>;
+}
+//# sourceMappingURL=capsara-client.d.ts.map

package/dist/client/capsara-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capsara-client.d.ts","sourceRoot":"","sources":["../../src/client/capsara-client.ts"],"names":[],"mappings":"AAAA,mEAAmE;AAMnE,OAAO,EAAiB,KAAK,aAAa,EAAE,KAAK,eAAe,EAAE,MAAM,yCAAyC,CAAC;AAMlH,OAAO,EAAmB,KAAK,gBAAgB,EAAE,MAAM,qCAAqC,CAAC;AAC7F,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAC/E,OAAO,EAML,KAAK,iBAAiB,EACvB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,KAAK,EAAE,WAAW,EAAe,MAAM,yCAAyC,CAAC;AACxF,OAAO,KAAK,EACV,eAAe,EACf,YAAY,EACZ,KAAK,EACL,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,sBAAsB,EACtB,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACzB,MAAM,mBAAmB,CAAC;AAE3B,MAAM,WAAW,oBAAoB;IACnC,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,OAAO,CAAC,EAAE,OAAO,CAAC,iBAAiB,CAAC,CAAC;IACrC,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,iBAAiB,CAAuB;IAChD,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,eAAe,CAAkB;IACzC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,UAAU,CAAsB;IACxC,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,UAAU,CAAgB;IAClC,OAAO,CAAC,aAAa,CAAoB;IACzC,OAAO,CAAC,WAAW,CAAwB;IAC3C,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,MAAM,CAAc;IAC5B,OAAO,CAAC,cAAc,CAAiC;IACvD,OAAO,CAAC,oBAAoB,CAAmD;gBAEnE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,oBAAoB;IAiIrD,KAAK,CAAC,WAAW,EAAE,eAAe,GAAG,OAAO,CAAC,YAAY,CAAC;IAM1D,MAAM,IAAI,OAAO,CAAC,OAAO,CAAC;IAKhC,eAAe,IAAI,OAAO;IAI1B,aAAa,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAIjC,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC;IAQ3C,UAAU,CAAC,QAAQ,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC;QAClD,OAAO,EAAE,MAAM,CAAC;QAChB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;QACf,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,KAAK,CAAC;YAAE,SAAS,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QACrD,MAAM,CAAC,EAAE,KAAK,CAAC;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAC;YAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACrE,CAAC;IAOI,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAClD,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;QAAE,OAAO,EAAE,KAAK,CAAA;KAAE,GAAG,OAAO,CAAC,KAAK,CAAC;IACtE,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,cAAc,CAAC;IAUhG,OAAO,CAAC,qBAAqB;YAkBf,oBAAoB;IA4B5B,UAAU,CAAC,OAAO,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAIlE,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAK3C,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAiB1F,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAIpG,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,uBAAuB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAIpG,mBAAmB,IAAI,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC;IAIpD,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAI7F,aAAa,IAAI,OAAO,CAAC,eAAe,EAAE,CAAC;IAI3C,SAAS,IAAI,OAAO,CAAC;QAAE,OAAO,EAAE,gBAAgB,CAAC;QAAC,UAAU,EAAE,aAAa,CAAA;KAAE,CAAC;IAI9E,SAAS,IAAI,OAAO,CAAC,YAAY,CAAC;WAI3B,eAAe,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAIzD,UAAU,IAAI,IAAI;IAIlB,4DAA4D;IACtD,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;CAU/B"}