@cello-protocol/daemon 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (153) hide show
  1. package/dist/agent-loader.d.ts +41 -0
  2. package/dist/agent-loader.d.ts.map +1 -0
  3. package/dist/agent-loader.js +94 -0
  4. package/dist/agent-loader.js.map +1 -0
  5. package/dist/bin/cello-daemon.d.ts +13 -0
  6. package/dist/bin/cello-daemon.d.ts.map +1 -0
  7. package/dist/bin/cello-daemon.js +170 -0
  8. package/dist/bin/cello-daemon.js.map +1 -0
  9. package/dist/cello-node-transport-dialer.d.ts +59 -0
  10. package/dist/cello-node-transport-dialer.d.ts.map +1 -0
  11. package/dist/cello-node-transport-dialer.js +108 -0
  12. package/dist/cello-node-transport-dialer.js.map +1 -0
  13. package/dist/challenge-verifier.d.ts +12 -0
  14. package/dist/challenge-verifier.d.ts.map +1 -0
  15. package/dist/challenge-verifier.js +11 -0
  16. package/dist/challenge-verifier.js.map +1 -0
  17. package/dist/connect-or-start.d.ts +25 -0
  18. package/dist/connect-or-start.d.ts.map +1 -0
  19. package/dist/connect-or-start.js +117 -0
  20. package/dist/connect-or-start.js.map +1 -0
  21. package/dist/content-park-client.d.ts +49 -0
  22. package/dist/content-park-client.d.ts.map +1 -0
  23. package/dist/content-park-client.js +196 -0
  24. package/dist/content-park-client.js.map +1 -0
  25. package/dist/daemon.d.ts +65 -0
  26. package/dist/daemon.d.ts.map +1 -0
  27. package/dist/daemon.js +3202 -0
  28. package/dist/daemon.js.map +1 -0
  29. package/dist/directory-bootstrap.d.ts +55 -0
  30. package/dist/directory-bootstrap.d.ts.map +1 -0
  31. package/dist/directory-bootstrap.js +102 -0
  32. package/dist/directory-bootstrap.js.map +1 -0
  33. package/dist/file-manifest-provider.d.ts +18 -0
  34. package/dist/file-manifest-provider.d.ts.map +1 -0
  35. package/dist/file-manifest-provider.js +72 -0
  36. package/dist/file-manifest-provider.js.map +1 -0
  37. package/dist/index.d.ts +18 -0
  38. package/dist/index.d.ts.map +1 -0
  39. package/dist/index.js +18 -0
  40. package/dist/index.js.map +1 -0
  41. package/dist/ipc-client.d.ts +31 -0
  42. package/dist/ipc-client.d.ts.map +1 -0
  43. package/dist/ipc-client.js +112 -0
  44. package/dist/ipc-client.js.map +1 -0
  45. package/dist/ipc-server.d.ts +49 -0
  46. package/dist/ipc-server.d.ts.map +1 -0
  47. package/dist/ipc-server.js +268 -0
  48. package/dist/ipc-server.js.map +1 -0
  49. package/dist/lock-file.d.ts +27 -0
  50. package/dist/lock-file.d.ts.map +1 -0
  51. package/dist/lock-file.js +84 -0
  52. package/dist/lock-file.js.map +1 -0
  53. package/dist/manifest-loader.d.ts +33 -0
  54. package/dist/manifest-loader.d.ts.map +1 -0
  55. package/dist/manifest-loader.js +70 -0
  56. package/dist/manifest-loader.js.map +1 -0
  57. package/dist/manifest-poll-scheduler.d.ts +31 -0
  58. package/dist/manifest-poll-scheduler.d.ts.map +1 -0
  59. package/dist/manifest-poll-scheduler.js +59 -0
  60. package/dist/manifest-poll-scheduler.js.map +1 -0
  61. package/dist/manifest-version-store-file.d.ts +18 -0
  62. package/dist/manifest-version-store-file.d.ts.map +1 -0
  63. package/dist/manifest-version-store-file.js +40 -0
  64. package/dist/manifest-version-store-file.js.map +1 -0
  65. package/dist/manifest-version-store.d.ts +14 -0
  66. package/dist/manifest-version-store.d.ts.map +1 -0
  67. package/dist/manifest-version-store.js +13 -0
  68. package/dist/manifest-version-store.js.map +1 -0
  69. package/dist/network-directory-node.d.ts +94 -0
  70. package/dist/network-directory-node.d.ts.map +1 -0
  71. package/dist/network-directory-node.js +626 -0
  72. package/dist/network-directory-node.js.map +1 -0
  73. package/dist/nonce-dedup.d.ts +68 -0
  74. package/dist/nonce-dedup.d.ts.map +1 -0
  75. package/dist/nonce-dedup.js +204 -0
  76. package/dist/nonce-dedup.js.map +1 -0
  77. package/dist/notification-dispatcher.d.ts +65 -0
  78. package/dist/notification-dispatcher.d.ts.map +1 -0
  79. package/dist/notification-dispatcher.js +138 -0
  80. package/dist/notification-dispatcher.js.map +1 -0
  81. package/dist/registration-context.d.ts +69 -0
  82. package/dist/registration-context.d.ts.map +1 -0
  83. package/dist/registration-context.js +118 -0
  84. package/dist/registration-context.js.map +1 -0
  85. package/dist/registration-manager.d.ts +72 -0
  86. package/dist/registration-manager.d.ts.map +1 -0
  87. package/dist/registration-manager.js +267 -0
  88. package/dist/registration-manager.js.map +1 -0
  89. package/dist/registration-persistence.d.ts +131 -0
  90. package/dist/registration-persistence.d.ts.map +1 -0
  91. package/dist/registration-persistence.js +233 -0
  92. package/dist/registration-persistence.js.map +1 -0
  93. package/dist/retry-queue.d.ts +144 -0
  94. package/dist/retry-queue.d.ts.map +1 -0
  95. package/dist/retry-queue.js +444 -0
  96. package/dist/retry-queue.js.map +1 -0
  97. package/dist/seal-frontier-verify.d.ts +58 -0
  98. package/dist/seal-frontier-verify.d.ts.map +1 -0
  99. package/dist/seal-frontier-verify.js +87 -0
  100. package/dist/seal-frontier-verify.js.map +1 -0
  101. package/dist/seal-legibility-tbs.d.ts +25 -0
  102. package/dist/seal-legibility-tbs.d.ts.map +1 -0
  103. package/dist/seal-legibility-tbs.js +78 -0
  104. package/dist/seal-legibility-tbs.js.map +1 -0
  105. package/dist/seal-upgrade.d.ts +90 -0
  106. package/dist/seal-upgrade.d.ts.map +1 -0
  107. package/dist/seal-upgrade.js +178 -0
  108. package/dist/seal-upgrade.js.map +1 -0
  109. package/dist/session-assignment-parser.d.ts +22 -0
  110. package/dist/session-assignment-parser.d.ts.map +1 -0
  111. package/dist/session-assignment-parser.js +139 -0
  112. package/dist/session-assignment-parser.js.map +1 -0
  113. package/dist/session-ceremony.d.ts +156 -0
  114. package/dist/session-ceremony.d.ts.map +1 -0
  115. package/dist/session-ceremony.js +447 -0
  116. package/dist/session-ceremony.js.map +1 -0
  117. package/dist/session-connection-gater.d.ts +91 -0
  118. package/dist/session-connection-gater.d.ts.map +1 -0
  119. package/dist/session-connection-gater.js +146 -0
  120. package/dist/session-connection-gater.js.map +1 -0
  121. package/dist/session-node-manager.d.ts +585 -0
  122. package/dist/session-node-manager.d.ts.map +1 -0
  123. package/dist/session-node-manager.js +2609 -0
  124. package/dist/session-node-manager.js.map +1 -0
  125. package/dist/session-relay-client.d.ts +101 -0
  126. package/dist/session-relay-client.d.ts.map +1 -0
  127. package/dist/session-relay-client.js +520 -0
  128. package/dist/session-relay-client.js.map +1 -0
  129. package/dist/session-tree.d.ts +80 -0
  130. package/dist/session-tree.d.ts.map +1 -0
  131. package/dist/session-tree.js +123 -0
  132. package/dist/session-tree.js.map +1 -0
  133. package/dist/signaling-connect.d.ts +83 -0
  134. package/dist/signaling-connect.d.ts.map +1 -0
  135. package/dist/signaling-connect.js +266 -0
  136. package/dist/signaling-connect.js.map +1 -0
  137. package/dist/transcript-cipher.d.ts +31 -0
  138. package/dist/transcript-cipher.d.ts.map +1 -0
  139. package/dist/transcript-cipher.js +74 -0
  140. package/dist/transcript-cipher.js.map +1 -0
  141. package/dist/transport-composition.d.ts +31 -0
  142. package/dist/transport-composition.d.ts.map +1 -0
  143. package/dist/transport-composition.js +55 -0
  144. package/dist/transport-composition.js.map +1 -0
  145. package/dist/transport-selector.d.ts +189 -0
  146. package/dist/transport-selector.d.ts.map +1 -0
  147. package/dist/transport-selector.js +195 -0
  148. package/dist/transport-selector.js.map +1 -0
  149. package/dist/types.d.ts +265 -0
  150. package/dist/types.d.ts.map +1 -0
  151. package/dist/types.js +33 -0
  152. package/dist/types.js.map +1 -0
  153. package/package.json +1 -1
package/dist/session-connection-gater.d.ts ADDED
@@ -0,0 +1,91 @@
1
+ /**
2
+ * CELLO Daemon — SessionConnectionGater
3
+ *
4
+ * Implements the libp2p ConnectionGater interface to enforce per-session
5
+ * peer allowlists on ephemeral session nodes.
6
+ *
7
+ * Two modes:
8
+ * 1. Session node gater: allows exactly one counterparty Peer ID.
9
+ * Created with the counterparty's Peer ID at session node creation.
10
+ * 2. Standing receiver gater: starts OPEN (all peers allowed) because
11
+ * the counterparty is unknown at creation time. Call setAllowedPeer()
12
+ * before handing the node's multiaddr to the directory (AC-015).
13
+ * 3. Directory node gater: delegates to DirectoryPeerIdProvider.
14
+ * Allows only known directory Peer IDs (MANIFEST-002 fills the real set).
15
+ *
16
+ * The gater uses denyInboundConnection (before Noise handshake) to reject
17
+ * unexpected peers as early as possible. Since PeerId is not yet known at
18
+ * that point, we use denyInboundEncryptedConnection (after Noise, before muxer)
19
+ * which has the PeerId and still occurs before any streams are opened.
20
+ *
21
+ * Observability: session.node.connection.rejected (WARN) is logged with
22
+ * sessionId, attemptedPeerId, and expectedPeerId.
23
+ */
24
+ import type { ConnectionGater, MultiaddrConnection } from "@libp2p/interface";
25
+ import type { PeerId } from "@libp2p/interface";
26
+ import type { Logger } from "./types.js";
27
+ /**
28
+ * Interface for providing directory Peer IDs to the directory-facing node gater.
29
+ * Stub for DAEMON-002: MANIFEST-002 replaces with manifest-backed implementation.
30
+ */
31
+ export interface DirectoryPeerIdProvider {
32
+ isDirectoryPeer(peerId: string): boolean;
33
+ }
34
+ /** Permissive stub: allows all peers. Used for directory node in DAEMON-002. */
35
+ export declare class PermissiveDirectoryPeerIdProvider implements DirectoryPeerIdProvider {
36
+ isDirectoryPeer(_peerId: string): boolean;
37
+ }
38
+ /** Restrictive stub: denies all peers. Used in unit tests (AC-016). */
39
+ export declare class EmptyDirectoryPeerIdProvider implements DirectoryPeerIdProvider {
40
+ isDirectoryPeer(_peerId: string): boolean;
41
+ }
42
+ /**
43
+ * SessionConnectionGater — enforces a single allowed Peer ID on a session node.
44
+ *
45
+ * Initially open (allowedPeerId = null) for the standing receiver. Close the
46
+ * window by calling setAllowedPeer(initiatorPeerId) before returning the
47
+ * node's multiaddr to the caller (AC-015).
48
+ */
49
+ export declare class SessionConnectionGater implements ConnectionGater {
50
+ #private;
51
+ constructor(opts: {
52
+ sessionId: string;
53
+ allowedPeerId: string | null;
54
+ logger: Logger;
55
+ });
56
+ /** Update the allowed Peer ID (called when standing receiver is claimed). */
57
+ setAllowedPeer(peerId: string): void;
58
+ /**
59
+ * M7 DOD-SPINE-6: permit an OUTBOUND connection to the relay witness (a third peer,
60
+ * authorized by the FROST-signed assignment). Does NOT widen the inbound allowlist.
61
+ */
62
+ setAllowedOutboundPeer(peerId: string): void;
63
+ getSessionId(): string;
64
+ getAllowedPeerId(): string | null;
65
+ /**
66
+ * denyInboundEncryptedConnection — called after Noise handshake, before muxer.
67
+ * This is the enforcement point for inbound connections: PeerId is known here.
68
+ * Return true to DENY the connection.
69
+ */
70
+ denyInboundEncryptedConnection(peerId: PeerId, _maConn: MultiaddrConnection): boolean;
71
+ /**
72
+ * denyOutboundEncryptedConnection — symmetric gate for outbound connections.
73
+ * Session nodes should only connect to the designated counterparty.
74
+ * Return true to DENY the connection.
75
+ */
76
+ denyOutboundEncryptedConnection(peerId: PeerId, _maConn: MultiaddrConnection): boolean;
77
+ }
78
+ /**
79
+ * DirectoryConnectionGater — enforces directory-only connections on the
80
+ * directory-facing node. Delegates to DirectoryPeerIdProvider.
81
+ *
82
+ * Logs session.node.connection.rejected (using sessionId='directory') when
83
+ * a non-directory peer is denied.
84
+ */
85
+ export declare class DirectoryConnectionGater implements ConnectionGater {
86
+ #private;
87
+ constructor(provider: DirectoryPeerIdProvider, logger: Logger);
88
+ denyInboundEncryptedConnection(peerId: PeerId, _maConn: MultiaddrConnection): boolean;
89
+ denyOutboundEncryptedConnection(peerId: PeerId, _maConn: MultiaddrConnection): boolean;
90
+ }
91
+ //# sourceMappingURL=session-connection-gater.d.ts.map
package/dist/session-connection-gater.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session-connection-gater.d.ts","sourceRoot":"","sources":["../src/session-connection-gater.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAEzC;;;GAGG;AACH,MAAM,WAAW,uBAAuB;IACtC,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC;CAC1C;AAED,gFAAgF;AAChF,qBAAa,iCAAkC,YAAW,uBAAuB;IAC/E,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;CAG1C;AAED,uEAAuE;AACvE,qBAAa,4BAA6B,YAAW,uBAAuB;IAC1E,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO;CAG1C;AAED;;;;;;GAMG;AACH,qBAAa,sBAAuB,YAAW,eAAe;;gBAYhD,IAAI,EAAE;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,MAAM,EAAE,MAAM,CAAC;KAChB;IAMD,6EAA6E;IAC7E,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAIpC;;;OAGG;IACH,sBAAsB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAI5C,YAAY,IAAI,MAAM;IAItB,gBAAgB,IAAI,MAAM,GAAG,IAAI;IAIjC;;;;OAIG;IACH,8BAA8B,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO;IAIrF;;;;OAIG;IACH,+BAA+B,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO;CAwBvF;AAED;;;;;;GAMG;AACH,qBAAa,wBAAyB,YAAW,eAAe;;gBAIlD,QAAQ,EAAE,uBAAuB,EAAE,MAAM,EAAE,MAAM;IAK7D,8BAA8B,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO;IAIrF,+BAA+B,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO;CAgBvF"}
package/dist/session-connection-gater.js ADDED
@@ -0,0 +1,146 @@
1
+ /**
2
+ * CELLO Daemon — SessionConnectionGater
3
+ *
4
+ * Implements the libp2p ConnectionGater interface to enforce per-session
5
+ * peer allowlists on ephemeral session nodes.
6
+ *
7
+ * Two modes:
8
+ * 1. Session node gater: allows exactly one counterparty Peer ID.
9
+ * Created with the counterparty's Peer ID at session node creation.
10
+ * 2. Standing receiver gater: starts OPEN (all peers allowed) because
11
+ * the counterparty is unknown at creation time. Call setAllowedPeer()
12
+ * before handing the node's multiaddr to the directory (AC-015).
13
+ * 3. Directory node gater: delegates to DirectoryPeerIdProvider.
14
+ * Allows only known directory Peer IDs (MANIFEST-002 fills the real set).
15
+ *
16
+ * The gater uses denyInboundConnection (before Noise handshake) to reject
17
+ * unexpected peers as early as possible. Since PeerId is not yet known at
18
+ * that point, we use denyInboundEncryptedConnection (after Noise, before muxer)
19
+ * which has the PeerId and still occurs before any streams are opened.
20
+ *
21
+ * Observability: session.node.connection.rejected (WARN) is logged with
22
+ * sessionId, attemptedPeerId, and expectedPeerId.
23
+ */
24
+ /** Permissive stub: allows all peers. Used for directory node in DAEMON-002. */
25
+ export class PermissiveDirectoryPeerIdProvider {
26
+ isDirectoryPeer(_peerId) {
27
+ return true;
28
+ }
29
+ }
30
+ /** Restrictive stub: denies all peers. Used in unit tests (AC-016). */
31
+ export class EmptyDirectoryPeerIdProvider {
32
+ isDirectoryPeer(_peerId) {
33
+ return false;
34
+ }
35
+ }
36
+ /**
37
+ * SessionConnectionGater — enforces a single allowed Peer ID on a session node.
38
+ *
39
+ * Initially open (allowedPeerId = null) for the standing receiver. Close the
40
+ * window by calling setAllowedPeer(initiatorPeerId) before returning the
41
+ * node's multiaddr to the caller (AC-015).
42
+ */
43
+ export class SessionConnectionGater {
44
+ #allowedPeerId;
45
+ /**
46
+ * M7 DOD-SPINE-6: an additional peer the session node may connect to OUTBOUND only —
47
+ * the relay witness. The session node dials the relay (Structure-2 hash submit); the
48
+ * relay never dials back. Kept OUTBOUND-only so the INBOUND counterparty-only invariant
49
+ * (INV-5 — a session node admits exactly one counterparty) is fully preserved.
50
+ */
51
+ #allowedOutboundPeerId = null;
52
+ #sessionId;
53
+ #logger;
54
+ constructor(opts) {
55
+ this.#sessionId = opts.sessionId;
56
+ this.#allowedPeerId = opts.allowedPeerId;
57
+ this.#logger = opts.logger;
58
+ }
59
+ /** Update the allowed Peer ID (called when standing receiver is claimed). */
60
+ setAllowedPeer(peerId) {
61
+ this.#allowedPeerId = peerId;
62
+ }
63
+ /**
64
+ * M7 DOD-SPINE-6: permit an OUTBOUND connection to the relay witness (a third peer,
65
+ * authorized by the FROST-signed assignment). Does NOT widen the inbound allowlist.
66
+ */
67
+ setAllowedOutboundPeer(peerId) {
68
+ this.#allowedOutboundPeerId = peerId;
69
+ }
70
+ getSessionId() {
71
+ return this.#sessionId;
72
+ }
73
+ getAllowedPeerId() {
74
+ return this.#allowedPeerId;
75
+ }
76
+ /**
77
+ * denyInboundEncryptedConnection — called after Noise handshake, before muxer.
78
+ * This is the enforcement point for inbound connections: PeerId is known here.
79
+ * Return true to DENY the connection.
80
+ */
81
+ denyInboundEncryptedConnection(peerId, _maConn) {
82
+ return this.#denyIfNotAllowed(peerId);
83
+ }
84
+ /**
85
+ * denyOutboundEncryptedConnection — symmetric gate for outbound connections.
86
+ * Session nodes should only connect to the designated counterparty.
87
+ * Return true to DENY the connection.
88
+ */
89
+ denyOutboundEncryptedConnection(peerId, _maConn) {
90
+ // The relay witness is an OUTBOUND-only allowance (the session node dials it).
91
+ if (this.#allowedOutboundPeerId !== null && peerId.toString() === this.#allowedOutboundPeerId) {
92
+ return false; // allow
93
+ }
94
+ return this.#denyIfNotAllowed(peerId);
95
+ }
96
+ #denyIfNotAllowed(peerId) {
97
+ // If no allowed peer set (fully open gater), allow all.
98
+ if (this.#allowedPeerId === null) {
99
+ return false;
100
+ }
101
+ const attemptedPeerId = peerId.toString();
102
+ if (attemptedPeerId === this.#allowedPeerId) {
103
+ return false; // allow
104
+ }
105
+ this.#logger.warn("session.node.connection.rejected", {
106
+ sessionId: this.#sessionId,
107
+ attemptedPeerId,
108
+ expectedPeerId: this.#allowedPeerId,
109
+ });
110
+ return true; // deny
111
+ }
112
+ }
113
+ /**
114
+ * DirectoryConnectionGater — enforces directory-only connections on the
115
+ * directory-facing node. Delegates to DirectoryPeerIdProvider.
116
+ *
117
+ * Logs session.node.connection.rejected (using sessionId='directory') when
118
+ * a non-directory peer is denied.
119
+ */
120
+ export class DirectoryConnectionGater {
121
+ #provider;
122
+ #logger;
123
+ constructor(provider, logger) {
124
+ this.#provider = provider;
125
+ this.#logger = logger;
126
+ }
127
+ denyInboundEncryptedConnection(peerId, _maConn) {
128
+ return this.#denyIfNotDirectory(peerId);
129
+ }
130
+ denyOutboundEncryptedConnection(peerId, _maConn) {
131
+ return this.#denyIfNotDirectory(peerId);
132
+ }
133
+ #denyIfNotDirectory(peerId) {
134
+ const peerIdStr = peerId.toString();
135
+ if (this.#provider.isDirectoryPeer(peerIdStr)) {
136
+ return false; // allow
137
+ }
138
+ this.#logger.warn("session.node.connection.rejected", {
139
+ sessionId: "__directory_facing__",
140
+ attemptedPeerId: peerIdStr,
141
+ expectedPeerId: "known_directory_peer",
142
+ });
143
+ return true; // deny
144
+ }
145
+ }
146
+ //# sourceMappingURL=session-connection-gater.js.map
package/dist/session-connection-gater.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"session-connection-gater.js","sourceRoot":"","sources":["../src/session-connection-gater.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAcH,gFAAgF;AAChF,MAAM,OAAO,iCAAiC;IAC5C,eAAe,CAAC,OAAe;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,uEAAuE;AACvE,MAAM,OAAO,4BAA4B;IACvC,eAAe,CAAC,OAAe;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,OAAO,sBAAsB;IACjC,cAAc,CAAgB;IAC9B;;;;;OAKG;IACH,sBAAsB,GAAkB,IAAI,CAAC;IACpC,UAAU,CAAS;IACnB,OAAO,CAAS;IAEzB,YAAY,IAIX;QACC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC;QACjC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,aAAa,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC7B,CAAC;IAED,6EAA6E;IAC7E,cAAc,CAAC,MAAc;QAC3B,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC;IAC/B,CAAC;IAED;;;OAGG;IACH,sBAAsB,CAAC,MAAc;QACnC,IAAI,CAAC,sBAAsB,GAAG,MAAM,CAAC;IACvC,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,gBAAgB;QACd,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;;;OAIG;IACH,8BAA8B,CAAC,MAAc,EAAE,OAA4B;QACzE,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;;;OAIG;IACH,+BAA+B,CAAC,MAAc,EAAE,OAA4B;QAC1E,+EAA+E;QAC/E,IAAI,IAAI,CAAC,sBAAsB,KAAK,IAAI,IAAI,MAAM,CAAC,QAAQ,EAAE,KAAK,IAAI,CAAC,sBAAsB,EAAE,CAAC;YAC9F,OAAO,KAAK,CAAC,CAAC,QAAQ;QACxB,CAAC;QACD,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED,iBAAiB,CAAC,MAAc;QAC9B,wDAAwD;QACxD,IAAI,IAAI,CAAC,cAAc,KAAK,IAAI,EAAE,CAAC;YACjC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC1C,IAAI,eAAe,KAAK,IAAI,CAAC,cAAc,EAAE,CAAC;YAC5C,OAAO,KAAK,CAAC,CAAC,QAAQ;QACxB,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE;YACpD,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,eAAe;YACf,cAAc,EAAE,IAAI,CAAC,cAAc;SACpC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,CAAC,OAAO;IACtB,CAAC;CACF;AAED;;;;;;GAMG;AACH,MAAM,OAAO,wBAAwB;IAC1B,SAAS,CAA0B;IACnC,OAAO,CAAS;IAEzB,YAAY,QAAiC,EAAE,MAAc;QAC3D,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;QAC1B,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;IACxB,CAAC;IAED,8BAA8B,CAAC,MAAc,EAAE,OAA4B;QACzE,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,+BAA+B,CAAC,MAAc,EAAE,OAA4B;QAC1E,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC1C,CAAC;IAED,mBAAmB,CAAC,MAAc;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpC,IAAI,IAAI,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC,CAAC,QAAQ;QACxB,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE;YACpD,SAAS,EAAE,sBAAsB;YACjC,eAAe,EAAE,SAAS;YAC1B,cAAc,EAAE,sBAAsB;SACvC,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,CAAC,OAAO;IACtB,CAAC;CACF"}