@clawbureau/clawverify-core 0.1.0

package/dist/schema-registry.d.ts

@@ -0,0 +1,99 @@
+/**
+ * Schema Registry
+ * Fail-closed validation: reject any unknown version/type/algorithm
+ * CVF-US-009: Schema registry allowlist for deterministic validation
+ */
+import { type EnvelopeVersion, type EnvelopeType, type Algorithm, type HashAlgorithm } from './types.js';
+/**
+ * Schema allowlist entry - defines an allowed schema ID with its version
+ */
+export interface SchemaAllowlistEntry {
+    /** Schema identifier (e.g., 'artifact_signature') */
+    schema_id: string;
+    /** Current active version */
+    version: string;
+    /** All supported versions for this schema */
+    supported_versions: string[];
+    /** Schema status */
+    status: 'active' | 'deprecated';
+    /** When this schema was added to the allowlist */
+    added_at: string;
+    /** Optional deprecation date for deprecated schemas */
+    deprecated_at?: string;
+}
+/**
+ * Allowlisted schema IDs and their versions
+ * This is the authoritative list - any schema not in this list is rejected
+ */
+export declare const SCHEMA_ALLOWLIST: readonly SchemaAllowlistEntry[];
+/**
+ * Check if a schema ID is in the allowlist
+ * @param schemaId - The schema ID to check
+ * @returns true if the schema ID is allowlisted, false otherwise
+ */
+export declare function isAllowlistedSchemaId(schemaId: unknown): schemaId is string;
+/**
+ * Check if a schema ID + version combination is allowlisted
+ * @param schemaId - The schema ID to check
+ * @param version - The version to check
+ * @returns true if the combination is allowlisted, false otherwise
+ */
+export declare function isAllowlistedSchemaVersion(schemaId: string, version: string): boolean;
+/**
+ * Get the allowlist entry for a schema ID
+ * @param schemaId - The schema ID to look up
+ * @returns The allowlist entry or undefined if not found
+ */
+export declare function getSchemaAllowlistEntry(schemaId: string): SchemaAllowlistEntry | undefined;
+/**
+ * Get all allowlisted schema IDs
+ * @returns Array of all allowlisted schema IDs
+ */
+export declare function getAllowlistedSchemaIds(): string[];
+/**
+ * Validate schema ID and version against the allowlist
+ * Returns detailed error information for fail-closed behavior
+ */
+export interface SchemaValidationResult {
+    valid: boolean;
+    schema_id?: string;
+    version?: string;
+    error_code?: 'UNKNOWN_SCHEMA_ID' | 'UNKNOWN_SCHEMA_VERSION' | 'DEPRECATED_SCHEMA';
+    error_message?: string;
+}
+/**
+ * Validate a schema ID and version against the allowlist
+ * @param schemaId - The schema ID to validate
+ * @param version - The version to validate (optional, defaults to checking if ID exists)
+ * @returns Validation result with error details if invalid
+ */
+export declare function validateSchemaAllowlist(schemaId: string, version?: string): SchemaValidationResult;
+/**
+ * Check if an envelope version is allowlisted
+ */
+export declare function isAllowedVersion(version: unknown): version is EnvelopeVersion;
+/**
+ * Check if an envelope type is allowlisted
+ */
+export declare function isAllowedType(type: unknown): type is EnvelopeType;
+/**
+ * Check if a signature algorithm is allowlisted
+ */
+export declare function isAllowedAlgorithm(algorithm: unknown): algorithm is Algorithm;
+/**
+ * Check if a hash algorithm is allowlisted
+ */
+export declare function isAllowedHashAlgorithm(hashAlgorithm: unknown): hashAlgorithm is HashAlgorithm;
+/**
+ * Validate DID format (did:key:... or did:web:...)
+ */
+export declare function isValidDidFormat(did: unknown): did is string;
+/**
+ * Validate ISO 8601 date format
+ */
+export declare function isValidIsoDate(date: unknown): date is string;
+/**
+ * Validate base64url string format
+ */
+export declare function isValidBase64Url(str: unknown): str is string;
+//# sourceMappingURL=schema-registry.d.ts.map

package/dist/schema-registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-registry.d.ts","sourceRoot":"","sources":["../src/schema-registry.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAKL,KAAK,eAAe,EACpB,KAAK,YAAY,EACjB,KAAK,SAAS,EACd,KAAK,aAAa,EACnB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,qDAAqD;IACrD,SAAS,EAAE,MAAM,CAAC;IAClB,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,6CAA6C;IAC7C,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,oBAAoB;IACpB,MAAM,EAAE,QAAQ,GAAG,YAAY,CAAC;IAChC,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,uDAAuD;IACvD,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAS,oBAAoB,EA0GlD,CAAC;AASX;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,OAAO,GAAG,QAAQ,IAAI,MAAM,CAG3E;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GACd,OAAO,CAIT;AAED;;;;GAIG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,GACf,oBAAoB,GAAG,SAAS,CAElC;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,IAAI,MAAM,EAAE,CAElD;AAED;;;GAGG;AACH,MAAM,WAAW,sBAAsB;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,mBAAmB,GAAG,wBAAwB,GAAG,mBAAmB,CAAC;IAClF,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE,MAAM,GACf,sBAAsB,CA0CxB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,IAAI,eAAe,CAK7E;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,YAAY,CAKjE;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,OAAO,GAAG,SAAS,IAAI,SAAS,CAK7E;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,aAAa,EAAE,OAAO,GACrB,aAAa,IAAI,aAAa,CAKhC;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,MAAM,CAI5D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,IAAI,MAAM,CAI5D;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,OAAO,GAAG,GAAG,IAAI,MAAM,CAI5D"}

package/dist/schema-registry.js

@@ -0,0 +1,259 @@
+/**
+ * Schema Registry
+ * Fail-closed validation: reject any unknown version/type/algorithm
+ * CVF-US-009: Schema registry allowlist for deterministic validation
+ */
+import { ENVELOPE_VERSIONS, ENVELOPE_TYPES, ALGORITHMS, HASH_ALGORITHMS, } from './types.js';
+/**
+ * Allowlisted schema IDs and their versions
+ * This is the authoritative list - any schema not in this list is rejected
+ */
+export const SCHEMA_ALLOWLIST = [
+    {
+        schema_id: 'artifact_signature',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'message_signature',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'gateway_receipt',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'web_receipt',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-02-11T00:00:00Z',
+    },
+    {
+        schema_id: 'proof_bundle',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'event_chain',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'owner_attestation',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'commit_proof',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'execution_attestation',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+    {
+        schema_id: 'prompt_pack',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-02-09T00:00:00Z',
+    },
+    {
+        schema_id: 'system_prompt_report',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-02-09T00:00:00Z',
+    },
+    {
+        schema_id: 'derivation_attestation',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-02-11T00:00:00Z',
+    },
+    {
+        schema_id: 'audit_result_attestation',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-02-11T00:00:00Z',
+    },
+    {
+        schema_id: 'export_bundle',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-02-11T00:00:00Z',
+    },
+    {
+        schema_id: 'scoped_token',
+        version: '1',
+        supported_versions: ['1'],
+        status: 'active',
+        added_at: '2026-01-01T00:00:00Z',
+    },
+];
+/**
+ * Map of schema_id to allowlist entry for O(1) lookup
+ */
+const SCHEMA_ALLOWLIST_MAP = new Map(SCHEMA_ALLOWLIST.map((entry) => [entry.schema_id, entry]));
+/**
+ * Check if a schema ID is in the allowlist
+ * @param schemaId - The schema ID to check
+ * @returns true if the schema ID is allowlisted, false otherwise
+ */
+export function isAllowlistedSchemaId(schemaId) {
+    if (typeof schemaId !== 'string')
+        return false;
+    return SCHEMA_ALLOWLIST_MAP.has(schemaId);
+}
+/**
+ * Check if a schema ID + version combination is allowlisted
+ * @param schemaId - The schema ID to check
+ * @param version - The version to check
+ * @returns true if the combination is allowlisted, false otherwise
+ */
+export function isAllowlistedSchemaVersion(schemaId, version) {
+    const entry = SCHEMA_ALLOWLIST_MAP.get(schemaId);
+    if (!entry)
+        return false;
+    return entry.supported_versions.includes(version);
+}
+/**
+ * Get the allowlist entry for a schema ID
+ * @param schemaId - The schema ID to look up
+ * @returns The allowlist entry or undefined if not found
+ */
+export function getSchemaAllowlistEntry(schemaId) {
+    return SCHEMA_ALLOWLIST_MAP.get(schemaId);
+}
+/**
+ * Get all allowlisted schema IDs
+ * @returns Array of all allowlisted schema IDs
+ */
+export function getAllowlistedSchemaIds() {
+    return Array.from(SCHEMA_ALLOWLIST_MAP.keys());
+}
+/**
+ * Validate a schema ID and version against the allowlist
+ * @param schemaId - The schema ID to validate
+ * @param version - The version to validate (optional, defaults to checking if ID exists)
+ * @returns Validation result with error details if invalid
+ */
+export function validateSchemaAllowlist(schemaId, version) {
+    // Check if schema ID is allowlisted
+    if (!isAllowlistedSchemaId(schemaId)) {
+        return {
+            valid: false,
+            schema_id: schemaId,
+            error_code: 'UNKNOWN_SCHEMA_ID',
+            error_message: `Schema ID '${schemaId}' is not in the allowlist. Allowlisted schemas: ${getAllowlistedSchemaIds().join(', ')}`,
+        };
+    }
+    const entry = getSchemaAllowlistEntry(schemaId);
+    // Check if version is provided and valid
+    if (version !== undefined) {
+        if (!entry.supported_versions.includes(version)) {
+            return {
+                valid: false,
+                schema_id: schemaId,
+                version: version,
+                error_code: 'UNKNOWN_SCHEMA_VERSION',
+                error_message: `Version '${version}' is not supported for schema '${schemaId}'. Supported versions: ${entry.supported_versions.join(', ')}`,
+            };
+        }
+    }
+    // Check if schema is deprecated (warning, but still valid)
+    if (entry.status === 'deprecated') {
+        return {
+            valid: true,
+            schema_id: schemaId,
+            version: version ?? entry.version,
+            error_code: 'DEPRECATED_SCHEMA',
+            error_message: `Schema '${schemaId}' is deprecated as of ${entry.deprecated_at}`,
+        };
+    }
+    return {
+        valid: true,
+        schema_id: schemaId,
+        version: version ?? entry.version,
+    };
+}
+/**
+ * Check if an envelope version is allowlisted
+ */
+export function isAllowedVersion(version) {
+    return (typeof version === 'string' &&
+        ENVELOPE_VERSIONS.includes(version));
+}
+/**
+ * Check if an envelope type is allowlisted
+ */
+export function isAllowedType(type) {
+    return (typeof type === 'string' &&
+        ENVELOPE_TYPES.includes(type));
+}
+/**
+ * Check if a signature algorithm is allowlisted
+ */
+export function isAllowedAlgorithm(algorithm) {
+    return (typeof algorithm === 'string' &&
+        ALGORITHMS.includes(algorithm));
+}
+/**
+ * Check if a hash algorithm is allowlisted
+ */
+export function isAllowedHashAlgorithm(hashAlgorithm) {
+    return (typeof hashAlgorithm === 'string' &&
+        HASH_ALGORITHMS.includes(hashAlgorithm));
+}
+/**
+ * Validate DID format (did:key:... or did:web:...)
+ */
+export function isValidDidFormat(did) {
+    if (typeof did !== 'string')
+        return false;
+    // Basic DID format validation
+    return /^did:(key|web):[a-zA-Z0-9._%-]+$/.test(did);
+}
+/**
+ * Validate ISO 8601 date format
+ */
+export function isValidIsoDate(date) {
+    if (typeof date !== 'string')
+        return false;
+    const parsed = Date.parse(date);
+    return !isNaN(parsed);
+}
+/**
+ * Validate base64url string format
+ */
+export function isValidBase64Url(str) {
+    if (typeof str !== 'string')
+        return false;
+    // Base64url uses A-Z, a-z, 0-9, -, _
+    return /^[A-Za-z0-9_-]+$/.test(str);
+}
+//# sourceMappingURL=schema-registry.js.map

package/dist/schema-registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-registry.js","sourceRoot":"","sources":["../src/schema-registry.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,iBAAiB,EACjB,cAAc,EACd,UAAU,EACV,eAAe,GAKhB,MAAM,YAAY,CAAC;AAoBpB;;;GAGG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAoC;IAC/D;QACE,SAAS,EAAE,oBAAoB;QAC/B,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,mBAAmB;QAC9B,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,iBAAiB;QAC5B,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,aAAa;QACxB,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,cAAc;QACzB,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,aAAa;QACxB,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,mBAAmB;QAC9B,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,cAAc;QACzB,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,uBAAuB;QAClC,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,aAAa;QACxB,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,sBAAsB;QACjC,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,wBAAwB;QACnC,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,0BAA0B;QACrC,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,eAAe;QAC1B,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;IACD;QACE,SAAS,EAAE,cAAc;QACzB,OAAO,EAAE,GAAG;QACZ,kBAAkB,EAAE,CAAC,GAAG,CAAC;QACzB,MAAM,EAAE,QAAQ;QAChB,QAAQ,EAAE,sBAAsB;KACjC;CACO,CAAC;AAEX;;GAEG;AACH,MAAM,oBAAoB,GAAsC,IAAI,GAAG,CACrE,gBAAgB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC,CAC1D,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAiB;IACrD,IAAI,OAAO,QAAQ,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC/C,OAAO,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CACxC,QAAgB,EAChB,OAAe;IAEf,MAAM,KAAK,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACjD,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,OAAO,KAAK,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACpD,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAgB;IAEhB,OAAO,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB;IACrC,OAAO,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAC,CAAC;AACjD,CAAC;AAcD;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAgB,EAChB,OAAgB;IAEhB,oCAAoC;IACpC,IAAI,CAAC,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,SAAS,EAAE,QAAQ;YACnB,UAAU,EAAE,mBAAmB;YAC/B,aAAa,EAAE,cAAc,QAAQ,mDAAmD,uBAAuB,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;SAC/H,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,uBAAuB,CAAC,QAAQ,CAAE,CAAC;IAEjD,yCAAyC;IACzC,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAChD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,SAAS,EAAE,QAAQ;gBACnB,OAAO,EAAE,OAAO;gBAChB,UAAU,EAAE,wBAAwB;gBACpC,aAAa,EAAE,YAAY,OAAO,kCAAkC,QAAQ,0BAA0B,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;aAC5I,CAAC;QACJ,CAAC;IACH,CAAC;IAED,2DAA2D;IAC3D,IAAI,KAAK,CAAC,MAAM,KAAK,YAAY,EAAE,CAAC;QAClC,OAAO;YACL,KAAK,EAAE,IAAI;YACX,SAAS,EAAE,QAAQ;YACnB,OAAO,EAAE,OAAO,IAAI,KAAK,CAAC,OAAO;YACjC,UAAU,EAAE,mBAAmB;YAC/B,aAAa,EAAE,WAAW,QAAQ,yBAAyB,KAAK,CAAC,aAAa,EAAE;SACjF,CAAC;IACJ,CAAC;IAED,OAAO;QACL,KAAK,EAAE,IAAI;QACX,SAAS,EAAE,QAAQ;QACnB,OAAO,EAAE,OAAO,IAAI,KAAK,CAAC,OAAO;KAClC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAgB;IAC/C,OAAO,CACL,OAAO,OAAO,KAAK,QAAQ;QAC1B,iBAAuC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAC3D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAa;IACzC,OAAO,CACL,OAAO,IAAI,KAAK,QAAQ;QACvB,cAAoC,CAAC,QAAQ,CAAC,IAAI,CAAC,CACrD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAAkB;IACnD,OAAO,CACL,OAAO,SAAS,KAAK,QAAQ;QAC5B,UAAgC,CAAC,QAAQ,CAAC,SAAS,CAAC,CACtD,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CACpC,aAAsB;IAEtB,OAAO,CACL,OAAO,aAAa,KAAK,QAAQ;QAChC,eAAqC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAC/D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAY;IAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1C,8BAA8B;IAC9B,OAAO,kCAAkC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAa;IAC1C,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAY;IAC3C,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAC1C,qCAAqC;IACrC,OAAO,kBAAkB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACtC,CAAC"}

package/dist/schema-validation.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Strict JSON Schema validation (Ajv) — Workers-safe
+ * CVF-US-024
+ *
+ * Cloudflare Workers disallow runtime code generation (new Function/eval).
+ * Ajv normally compiles schemas using generated functions, so we use Ajv
+ * "standalone" output generated ahead-of-time:
+ *   services/clawverify/src/schema-validators.generated.ts
+ */
+import type { ErrorObject } from 'ajv';
+export interface SchemaValidationFailure {
+    valid: false;
+    message: string;
+    field?: string;
+    /** Raw Ajv errors (for debugging). */
+    errors?: ErrorObject[] | null;
+}
+export type SchemaValidationResult = {
+    valid: true;
+} | SchemaValidationFailure;
+export declare function getSchemaValidationInitError(): string | null;
+export declare function isSchemaValidationReady(): boolean;
+export declare function validateProofBundleEnvelopeV1(envelope: unknown): SchemaValidationResult;
+export declare function validateGatewayReceiptEnvelopeV1(envelope: unknown): SchemaValidationResult;
+export declare function validateWebReceiptEnvelopeV1(envelope: unknown): SchemaValidationResult;
+export declare function validateExecutionAttestationEnvelopeV1(envelope: unknown): SchemaValidationResult;
+export declare function validateDerivationAttestationEnvelopeV1(envelope: unknown): SchemaValidationResult;
+export declare function validateAuditResultAttestationEnvelopeV1(envelope: unknown): SchemaValidationResult;
+export declare function validateLogInclusionProofV1(value: unknown): SchemaValidationResult;
+export declare function validateExportBundleV1(value: unknown): SchemaValidationResult;
+export declare function validateModelIdentityV1(value: unknown): SchemaValidationResult;
+export declare function validateUrmV1(urm: unknown): SchemaValidationResult;
+export declare function validatePromptPackV1(value: unknown): SchemaValidationResult;
+export declare function validateSystemPromptReportV1(value: unknown): SchemaValidationResult;
+//# sourceMappingURL=schema-validation.d.ts.map

package/dist/schema-validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-validation.d.ts","sourceRoot":"","sources":["../src/schema-validation.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC;AAgBvC,MAAM,WAAW,uBAAuB;IACtC,KAAK,EAAE,KAAK,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,sCAAsC;IACtC,MAAM,CAAC,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;CAC/B;AAED,MAAM,MAAM,sBAAsB,GAC9B;IAAE,KAAK,EAAE,IAAI,CAAA;CAAE,GACf,uBAAuB,CAAC;AAyC5B,wBAAgB,4BAA4B,IAAI,MAAM,GAAG,IAAI,CAG5D;AAED,wBAAgB,uBAAuB,IAAI,OAAO,CAEjD;AAkHD,wBAAgB,6BAA6B,CAC3C,QAAQ,EAAE,OAAO,GAChB,sBAAsB,CAMxB;AAED,wBAAgB,gCAAgC,CAC9C,QAAQ,EAAE,OAAO,GAChB,sBAAsB,CAMxB;AAED,wBAAgB,4BAA4B,CAC1C,QAAQ,EAAE,OAAO,GAChB,sBAAsB,CAMxB;AAED,wBAAgB,sCAAsC,CACpD,QAAQ,EAAE,OAAO,GAChB,sBAAsB,CAMxB;AAED,wBAAgB,uCAAuC,CACrD,QAAQ,EAAE,OAAO,GAChB,sBAAsB,CAMxB;AAED,wBAAgB,wCAAwC,CACtD,QAAQ,EAAE,OAAO,GAChB,sBAAsB,CAMxB;AAED,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,sBAAsB,CAElF;AAED,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,OAAO,GAAG,sBAAsB,CAE7E;AAED,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,OAAO,GAAG,sBAAsB,CAE9E;AAED,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,sBAAsB,CAElE;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,GAAG,sBAAsB,CAE3E;AAED,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,OAAO,GAAG,sBAAsB,CAEnF"}

package/dist/schema-validation.js

@@ -0,0 +1,156 @@
+/**
+ * Strict JSON Schema validation (Ajv) — Workers-safe
+ * CVF-US-024
+ *
+ * Cloudflare Workers disallow runtime code generation (new Function/eval).
+ * Ajv normally compiles schemas using generated functions, so we use Ajv
+ * "standalone" output generated ahead-of-time:
+ *   services/clawverify/src/schema-validators.generated.ts
+ */
+import { validateGatewayReceiptEnvelopeV1 as validateGatewayReceiptEnvelopeV1Generated, validateProofBundleEnvelopeV1 as validateProofBundleEnvelopeV1Generated, validateWebReceiptEnvelopeV1 as validateWebReceiptEnvelopeV1Generated, validateExecutionAttestationEnvelopeV1 as validateExecutionAttestationEnvelopeV1Generated, validateDerivationAttestationEnvelopeV1 as validateDerivationAttestationEnvelopeV1Generated, validateAuditResultAttestationEnvelopeV1 as validateAuditResultAttestationEnvelopeV1Generated, validateLogInclusionProofV1 as validateLogInclusionProofV1Generated, validateExportBundleV1 as validateExportBundleV1Generated, validateModelIdentityV1 as validateModelIdentityV1Generated, validateUrmV1 as validateUrmV1Generated, validatePromptPackV1 as validatePromptPackV1Generated, validateSystemPromptReportV1 as validateSystemPromptReportV1Generated, } from './schema-validators.generated.js';
+const validateProofBundleEnvelopeV1Fn = validateProofBundleEnvelopeV1Generated;
+const validateGatewayReceiptEnvelopeV1Fn = validateGatewayReceiptEnvelopeV1Generated;
+const validateWebReceiptEnvelopeV1Fn = validateWebReceiptEnvelopeV1Generated;
+const validateExecutionAttestationEnvelopeV1Fn = validateExecutionAttestationEnvelopeV1Generated;
+const validateDerivationAttestationEnvelopeV1Fn = validateDerivationAttestationEnvelopeV1Generated;
+const validateAuditResultAttestationEnvelopeV1Fn = validateAuditResultAttestationEnvelopeV1Generated;
+const validateLogInclusionProofV1Fn = validateLogInclusionProofV1Generated;
+const validateExportBundleV1Fn = validateExportBundleV1Generated;
+const validateModelIdentityV1Fn = validateModelIdentityV1Generated;
+const validateUrmV1Fn = validateUrmV1Generated;
+const validatePromptPackV1Fn = validatePromptPackV1Generated;
+const validateSystemPromptReportV1Fn = validateSystemPromptReportV1Generated;
+export function getSchemaValidationInitError() {
+    // Standalone validators are generated at build/commit time.
+    return null;
+}
+export function isSchemaValidationReady() {
+    return true;
+}
+const IDENTIFIER_RE = /^[A-Za-z_$][A-Za-z0-9_$]*$/;
+function decodeJsonPointerSegment(seg) {
+    // RFC 6901: ~1 -> '/', ~0 -> '~'
+    return seg.replace(/~1/g, '/').replace(/~0/g, '~');
+}
+function appendInstancePathSegment(base, seg) {
+    // Ajv uses JSON Pointer in instancePath; for arrays the segment is the index.
+    if (/^\d+$/.test(seg)) {
+        return `${base}[${seg}]`;
+    }
+    if (IDENTIFIER_RE.test(seg)) {
+        return base.length === 0 ? seg : `${base}.${seg}`;
+    }
+    const q = JSON.stringify(seg);
+    return base.length === 0 ? `[${q}]` : `${base}[${q}]`;
+}
+function appendPropertySegment(base, prop) {
+    // missingProperty/additionalProperty are object property names (not array indices).
+    if (IDENTIFIER_RE.test(prop)) {
+        return base.length === 0 ? prop : `${base}.${prop}`;
+    }
+    const q = JSON.stringify(prop);
+    return base.length === 0 ? `[${q}]` : `${base}[${q}]`;
+}
+function instancePathToField(instancePath) {
+    if (!instancePath)
+        return '';
+    const parts = instancePath
+        .split('/')
+        .filter(Boolean)
+        .map(decodeJsonPointerSegment);
+    let out = '';
+    for (const part of parts) {
+        out = appendInstancePathSegment(out, part);
+    }
+    return out;
+}
+function additionalPropertyFromParams(params) {
+    if (!params || typeof params !== 'object')
+        return undefined;
+    const p = params;
+    const ap = p.additionalProperty;
+    return typeof ap === 'string' ? ap : undefined;
+}
+function missingPropertyFromParams(params) {
+    if (!params || typeof params !== 'object')
+        return undefined;
+    const p = params;
+    const mp = p.missingProperty;
+    return typeof mp === 'string' ? mp : undefined;
+}
+function fieldFromAjvError(err) {
+    const base = instancePathToField(err.instancePath);
+    if (err.keyword === 'additionalProperties') {
+        const ap = additionalPropertyFromParams(err.params);
+        if (ap)
+            return appendPropertySegment(base, ap);
+    }
+    if (err.keyword === 'required') {
+        const mp = missingPropertyFromParams(err.params);
+        if (mp)
+            return appendPropertySegment(base, mp);
+    }
+    return base.length > 0 ? base : undefined;
+}
+function messageFromAjvError(err) {
+    const keyword = err.keyword ? `[${err.keyword}] ` : '';
+    const msg = err.message ?? 'schema validation error';
+    if (err.keyword === 'additionalProperties') {
+        const ap = additionalPropertyFromParams(err.params);
+        if (ap)
+            return `${keyword}${msg}: ${ap}`;
+    }
+    return `${keyword}${msg}`;
+}
+function validateWith(fn, value, label) {
+    const ok = fn(value);
+    if (ok)
+        return { valid: true };
+    const errors = fn.errors ?? null;
+    const first = errors && errors.length > 0 ? errors[0] : null;
+    return {
+        valid: false,
+        message: first
+            ? `${label}: ${messageFromAjvError(first)}`
+            : `${label}: schema validation failed`,
+        field: first ? fieldFromAjvError(first) : undefined,
+        errors,
+    };
+}
+export function validateProofBundleEnvelopeV1(envelope) {
+    return validateWith(validateProofBundleEnvelopeV1Fn, envelope, 'proof_bundle_envelope.v1');
+}
+export function validateGatewayReceiptEnvelopeV1(envelope) {
+    return validateWith(validateGatewayReceiptEnvelopeV1Fn, envelope, 'gateway_receipt_envelope.v1');
+}
+export function validateWebReceiptEnvelopeV1(envelope) {
+    return validateWith(validateWebReceiptEnvelopeV1Fn, envelope, 'web_receipt_envelope.v1');
+}
+export function validateExecutionAttestationEnvelopeV1(envelope) {
+    return validateWith(validateExecutionAttestationEnvelopeV1Fn, envelope, 'execution_attestation_envelope.v1');
+}
+export function validateDerivationAttestationEnvelopeV1(envelope) {
+    return validateWith(validateDerivationAttestationEnvelopeV1Fn, envelope, 'derivation_attestation_envelope.v1');
+}
+export function validateAuditResultAttestationEnvelopeV1(envelope) {
+    return validateWith(validateAuditResultAttestationEnvelopeV1Fn, envelope, 'audit_result_attestation_envelope.v1');
+}
+export function validateLogInclusionProofV1(value) {
+    return validateWith(validateLogInclusionProofV1Fn, value, 'log_inclusion_proof.v1');
+}
+export function validateExportBundleV1(value) {
+    return validateWith(validateExportBundleV1Fn, value, 'export_bundle.v1');
+}
+export function validateModelIdentityV1(value) {
+    return validateWith(validateModelIdentityV1Fn, value, 'model_identity.v1');
+}
+export function validateUrmV1(urm) {
+    return validateWith(validateUrmV1Fn, urm, 'urm.v1');
+}
+export function validatePromptPackV1(value) {
+    return validateWith(validatePromptPackV1Fn, value, 'prompt_pack.v1');
+}
+export function validateSystemPromptReportV1(value) {
+    return validateWith(validateSystemPromptReportV1Fn, value, 'system_prompt_report.v1');
+}
+//# sourceMappingURL=schema-validation.js.map

package/dist/schema-validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema-validation.js","sourceRoot":"","sources":["../src/schema-validation.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,EACL,gCAAgC,IAAI,yCAAyC,EAC7E,6BAA6B,IAAI,sCAAsC,EACvE,4BAA4B,IAAI,qCAAqC,EACrE,sCAAsC,IAAI,+CAA+C,EACzF,uCAAuC,IAAI,gDAAgD,EAC3F,wCAAwC,IAAI,iDAAiD,EAC7F,2BAA2B,IAAI,oCAAoC,EACnE,sBAAsB,IAAI,+BAA+B,EACzD,uBAAuB,IAAI,gCAAgC,EAC3D,aAAa,IAAI,sBAAsB,EACvC,oBAAoB,IAAI,6BAA6B,EACrD,4BAA4B,IAAI,qCAAqC,GACtE,MAAM,kCAAkC,CAAC;AAkB1C,MAAM,+BAA+B,GACnC,sCAAoE,CAAC;AAEvE,MAAM,kCAAkC,GACtC,yCAAuE,CAAC;AAE1E,MAAM,8BAA8B,GAClC,qCAAmE,CAAC;AAEtE,MAAM,wCAAwC,GAC5C,+CAA6E,CAAC;AAEhF,MAAM,yCAAyC,GAC7C,gDAA8E,CAAC;AAEjF,MAAM,0CAA0C,GAC9C,iDAA+E,CAAC;AAElF,MAAM,6BAA6B,GACjC,oCAAkE,CAAC;AAErE,MAAM,wBAAwB,GAC5B,+BAA6D,CAAC;AAEhE,MAAM,yBAAyB,GAC7B,gCAA8D,CAAC;AAEjE,MAAM,eAAe,GAAG,sBAAoD,CAAC;AAE7E,MAAM,sBAAsB,GAC1B,6BAA2D,CAAC;AAE9D,MAAM,8BAA8B,GAClC,qCAAmE,CAAC;AAEtE,MAAM,UAAU,4BAA4B;IAC1C,4DAA4D;IAC5D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,uBAAuB;IACrC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,aAAa,GAAG,4BAA4B,CAAC;AAEnD,SAAS,wBAAwB,CAAC,GAAW;IAC3C,iCAAiC;IACjC,OAAO,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,yBAAyB,CAAC,IAAY,EAAE,GAAW;IAC1D,8EAA8E;IAC9E,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACtB,OAAO,GAAG,IAAI,IAAI,GAAG,GAAG,CAAC;IAC3B,CAAC;IAED,IAAI,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC;IACpD,CAAC;IAED,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC9B,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC;AACxD,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY,EAAE,IAAY;IACvD,oFAAoF;IACpF,IAAI,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC;IACtD,CAAC;IAED,MAAM,CAAC,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC/B,OAAO,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC;AACxD,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB;IAC/C,IAAI,CAAC,YAAY;QAAE,OAAO,EAAE,CAAC;IAC7B,MAAM,KAAK,GAAG,YAAY;SACvB,KAAK,CAAC,GAAG,CAAC;SACV,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,wBAAwB,CAAC,CAAC;IAEjC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,GAAG,GAAG,yBAAyB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,4BAA4B,CACnC,MAA6B;IAE7B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5D,MAAM,CAAC,GAAG,MAAiC,CAAC;IAC5C,MAAM,EAAE,GAAG,CAAC,CAAC,kBAAkB,CAAC;IAChC,OAAO,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACjD,CAAC;AAED,SAAS,yBAAyB,CAChC,MAA6B;IAE7B,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAC;IAC5D,MAAM,CAAC,GAAG,MAAiC,CAAC;IAC5C,MAAM,EAAE,GAAG,CAAC,CAAC,eAAe,CAAC;IAC7B,OAAO,OAAO,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC;AACjD,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAgB;IACzC,MAAM,IAAI,GAAG,mBAAmB,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IAEnD,IAAI,GAAG,CAAC,OAAO,KAAK,sBAAsB,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,4BAA4B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,EAAE;YAAE,OAAO,qBAAqB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,GAAG,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;QAC/B,MAAM,EAAE,GAAG,yBAAyB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,EAAE;YAAE,OAAO,qBAAqB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;AAC5C,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAgB;IAC3C,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;IACvD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,IAAI,yBAAyB,CAAC;IAErD,IAAI,GAAG,CAAC,OAAO,KAAK,sBAAsB,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,4BAA4B,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACpD,IAAI,EAAE;YAAE,OAAO,GAAG,OAAO,GAAG,GAAG,KAAK,EAAE,EAAE,CAAC;IAC3C,CAAC;IAED,OAAO,GAAG,OAAO,GAAG,GAAG,EAAE,CAAC;AAC5B,CAAC;AAED,SAAS,YAAY,CACnB,EAA8B,EAC9B,KAAc,EACd,KAAa;IAEb,MAAM,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IACrB,IAAI,EAAE;QAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IAE/B,MAAM,MAAM,GAAG,EAAE,CAAC,MAAM,IAAI,IAAI,CAAC;IACjC,MAAM,KAAK,GAAG,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAE7D,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,OAAO,EAAE,KAAK;YACZ,CAAC,CAAC,GAAG,KAAK,KAAK,mBAAmB,CAAC,KAAK,CAAC,EAAE;YAC3C,CAAC,CAAC,GAAG,KAAK,4BAA4B;QACxC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS;QACnD,MAAM;KACP,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,6BAA6B,CAC3C,QAAiB;IAEjB,OAAO,YAAY,CACjB,+BAA+B,EAC/B,QAAQ,EACR,0BAA0B,CAC3B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gCAAgC,CAC9C,QAAiB;IAEjB,OAAO,YAAY,CACjB,kCAAkC,EAClC,QAAQ,EACR,6BAA6B,CAC9B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,4BAA4B,CAC1C,QAAiB;IAEjB,OAAO,YAAY,CACjB,8BAA8B,EAC9B,QAAQ,EACR,yBAAyB,CAC1B,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,sCAAsC,CACpD,QAAiB;IAEjB,OAAO,YAAY,CACjB,wCAAwC,EACxC,QAAQ,EACR,mCAAmC,CACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,uCAAuC,CACrD,QAAiB;IAEjB,OAAO,YAAY,CACjB,yCAAyC,EACzC,QAAQ,EACR,oCAAoC,CACrC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,wCAAwC,CACtD,QAAiB;IAEjB,OAAO,YAAY,CACjB,0CAA0C,EAC1C,QAAQ,EACR,sCAAsC,CACvC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,KAAc;IACxD,OAAO,YAAY,CAAC,6BAA6B,EAAE,KAAK,EAAE,wBAAwB,CAAC,CAAC;AACtF,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,KAAc;IACnD,OAAO,YAAY,CAAC,wBAAwB,EAAE,KAAK,EAAE,kBAAkB,CAAC,CAAC;AAC3E,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,KAAc;IACpD,OAAO,YAAY,CAAC,yBAAyB,EAAE,KAAK,EAAE,mBAAmB,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,GAAY;IACxC,OAAO,YAAY,CAAC,eAAe,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,KAAc;IACjD,OAAO,YAAY,CAAC,sBAAsB,EAAE,KAAK,EAAE,gBAAgB,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAc;IACzD,OAAO,YAAY,CAAC,8BAA8B,EAAE,KAAK,EAAE,yBAAyB,CAAC,CAAC;AACxF,CAAC"}