npm - @clawbureau/clawverify-core - Versions diffs - 0.1.0 - Mend

@clawbureau/clawverify-core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/LICENSE +21 -0
package/README.md +40 -0
package/dist/crypto.d.ts +27 -0
package/dist/crypto.d.ts.map +1 -0
package/dist/crypto.js +124 -0
package/dist/crypto.js.map +1 -0
package/dist/index.d.ts +27 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +24 -0
package/dist/index.js.map +1 -0
package/dist/jcs.d.ts +13 -0
package/dist/jcs.d.ts.map +1 -0
package/dist/jcs.js +43 -0
package/dist/jcs.js.map +1 -0
package/dist/model-identity.d.ts +46 -0
package/dist/model-identity.d.ts.map +1 -0
package/dist/model-identity.js +233 -0
package/dist/model-identity.js.map +1 -0
package/dist/schema-registry.d.ts +99 -0
package/dist/schema-registry.d.ts.map +1 -0
package/dist/schema-registry.js +259 -0
package/dist/schema-registry.js.map +1 -0
package/dist/schema-validation.d.ts +35 -0
package/dist/schema-validation.d.ts.map +1 -0
package/dist/schema-validation.js +156 -0
package/dist/schema-validation.js.map +1 -0
package/dist/schema-validators.generated.d.ts +158 -0
package/dist/schema-validators.generated.d.ts.map +1 -0
package/dist/schema-validators.generated.js +19186 -0
package/dist/schema-validators.generated.js.map +1 -0
package/dist/types.d.ts +910 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +33 -0
package/dist/types.js.map +1 -0
package/dist/verify-audit-result-attestation.d.ts +32 -0
package/dist/verify-audit-result-attestation.d.ts.map +1 -0
package/dist/verify-audit-result-attestation.js +396 -0
package/dist/verify-audit-result-attestation.js.map +1 -0
package/dist/verify-derivation-attestation.d.ts +30 -0
package/dist/verify-derivation-attestation.d.ts.map +1 -0
package/dist/verify-derivation-attestation.js +371 -0
package/dist/verify-derivation-attestation.js.map +1 -0
package/dist/verify-execution-attestation.d.ts +32 -0
package/dist/verify-execution-attestation.d.ts.map +1 -0
package/dist/verify-execution-attestation.js +578 -0
package/dist/verify-execution-attestation.js.map +1 -0
package/dist/verify-export-bundle.d.ts +14 -0
package/dist/verify-export-bundle.d.ts.map +1 -0
package/dist/verify-export-bundle.js +307 -0
package/dist/verify-export-bundle.js.map +1 -0
package/dist/verify-log-inclusion-proof.d.ts +16 -0
package/dist/verify-log-inclusion-proof.d.ts.map +1 -0
package/dist/verify-log-inclusion-proof.js +216 -0
package/dist/verify-log-inclusion-proof.js.map +1 -0
package/dist/verify-proof-bundle.d.ts +48 -0
package/dist/verify-proof-bundle.d.ts.map +1 -0
package/dist/verify-proof-bundle.js +1708 -0
package/dist/verify-proof-bundle.js.map +1 -0
package/dist/verify-receipt.d.ts +30 -0
package/dist/verify-receipt.d.ts.map +1 -0
package/dist/verify-receipt.js +408 -0
package/dist/verify-receipt.js.map +1 -0
package/dist/verify-web-receipt.d.ts +21 -0
package/dist/verify-web-receipt.d.ts.map +1 -0
package/dist/verify-web-receipt.js +341 -0
package/dist/verify-web-receipt.js.map +1 -0
package/package.json +54 -0

package/dist/verify-execution-attestation.js ADDED Viewed

@@ -0,0 +1,578 @@
+/**
+ * Execution Attestation Verification
+ * CEA-US-010: Verify sandbox execution attestations
+ */
+import { isAllowedVersion, isAllowedType, isAllowedAlgorithm, isAllowedHashAlgorithm, isValidDidFormat, isValidBase64Url, isValidIsoDate, } from './schema-registry.js';
+import { computeHash, base64UrlDecode, extractPublicKeyFromDidKey, verifySignature, } from './crypto.js';
+import { validateExecutionAttestationEnvelopeV1 } from './schema-validation.js';
+function validateEnvelopeStructure(envelope) {
+    if (typeof envelope !== 'object' || envelope === null)
+        return false;
+    const e = envelope;
+    return ('envelope_version' in e &&
+        'envelope_type' in e &&
+        'payload' in e &&
+        'payload_hash_b64u' in e &&
+        'hash_algorithm' in e &&
+        'signature_b64u' in e &&
+        'algorithm' in e &&
+        'signer_did' in e &&
+        'issued_at' in e);
+}
+function validatePayload(payload) {
+    if (typeof payload !== 'object' || payload === null)
+        return false;
+    const p = payload;
+    if (p.attestation_version !== '1')
+        return false;
+    if (typeof p.attestation_id !== 'string' || p.attestation_id.trim().length === 0)
+        return false;
+    if (p.execution_type !== 'sandbox_execution' && p.execution_type !== 'tee_execution')
+        return false;
+    if (!isValidDidFormat(p.agent_did))
+        return false;
+    if (!isValidDidFormat(p.attester_did))
+        return false;
+    // CEA-US-010: require run binding + proof bundle binding
+    if (typeof p.run_id !== 'string' || p.run_id.trim().length === 0)
+        return false;
+    if (typeof p.proof_bundle_hash_b64u !== 'string' ||
+        p.proof_bundle_hash_b64u.trim().length < 8 ||
+        !isValidBase64Url(p.proof_bundle_hash_b64u))
+        return false;
+    if (!isValidIsoDate(p.issued_at))
+        return false;
+    if ('expires_at' in p && p.expires_at !== undefined && !isValidIsoDate(p.expires_at))
+        return false;
+    return true;
+}
+function asObject(value) {
+    return typeof value === 'object' && value !== null ? value : null;
+}
+function extractTeeClaims(payload) {
+    const runtimeMetadata = asObject(payload.runtime_metadata);
+    if (!runtimeMetadata)
+        return null;
+    const tee = asObject(runtimeMetadata.tee);
+    if (!tee)
+        return null;
+    const rootId = typeof tee.root_id === 'string' ? tee.root_id.trim() : '';
+    const tcbVersion = typeof tee.tcb_version === 'string' ? tee.tcb_version.trim() : '';
+    if (rootId.length === 0 || tcbVersion.length === 0)
+        return null;
+    return { rootId, tcbVersion };
+}
+export async function verifyExecutionAttestation(envelope, options = {}) {
+    const now = new Date().toISOString();
+    // 1) Envelope structure
+    if (!validateEnvelopeStructure(envelope)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Malformed envelope: missing required fields',
+                verified_at: now,
+            },
+            error: {
+                code: 'MALFORMED_ENVELOPE',
+                message: 'Envelope is missing required fields or has invalid structure',
+            },
+        };
+    }
+    // 2) Version/type allowlist
+    if (!isAllowedVersion(envelope.envelope_version)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: `Unknown envelope version: ${envelope.envelope_version}`,
+                verified_at: now,
+            },
+            error: {
+                code: 'UNKNOWN_ENVELOPE_VERSION',
+                message: `Envelope version "${envelope.envelope_version}" is not in the allowlist`,
+                field: 'envelope_version',
+            },
+        };
+    }
+    if (!isAllowedType(envelope.envelope_type)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: `Unknown envelope type: ${envelope.envelope_type}`,
+                verified_at: now,
+            },
+            error: {
+                code: 'UNKNOWN_ENVELOPE_TYPE',
+                message: `Envelope type "${envelope.envelope_type}" is not in the allowlist`,
+                field: 'envelope_type',
+            },
+        };
+    }
+    if (envelope.envelope_type !== 'execution_attestation') {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: `Expected execution_attestation envelope, got: ${envelope.envelope_type}`,
+                verified_at: now,
+            },
+            error: {
+                code: 'UNKNOWN_ENVELOPE_TYPE',
+                message: 'This endpoint only accepts execution_attestation envelopes',
+                field: 'envelope_type',
+            },
+        };
+    }
+    // 3) Algorithm allowlist
+    if (!isAllowedAlgorithm(envelope.algorithm)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: `Unknown signature algorithm: ${envelope.algorithm}`,
+                verified_at: now,
+            },
+            error: {
+                code: 'UNKNOWN_ALGORITHM',
+                message: `Signature algorithm "${envelope.algorithm}" is not in the allowlist`,
+                field: 'algorithm',
+            },
+        };
+    }
+    if (!isAllowedHashAlgorithm(envelope.hash_algorithm)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: `Unknown hash algorithm: ${envelope.hash_algorithm}`,
+                verified_at: now,
+            },
+            error: {
+                code: 'UNKNOWN_HASH_ALGORITHM',
+                message: `Hash algorithm "${envelope.hash_algorithm}" is not in the allowlist`,
+                field: 'hash_algorithm',
+            },
+        };
+    }
+    // 3.5) Strict schema validation (Ajv standalone)
+    const schemaResult = validateExecutionAttestationEnvelopeV1(envelope);
+    if (!schemaResult.valid) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: schemaResult.message,
+                envelope_type: envelope.envelope_type,
+                signer_did: envelope.signer_did,
+                verified_at: now,
+            },
+            error: {
+                code: 'SCHEMA_VALIDATION_FAILED',
+                message: schemaResult.message,
+                field: schemaResult.field,
+            },
+        };
+    }
+    // 4) Signer DID validation
+    if (!isValidDidFormat(envelope.signer_did)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: `Invalid DID format: ${envelope.signer_did}`,
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            error: {
+                code: 'INVALID_DID_FORMAT',
+                message: 'Signer DID does not match expected format (did:key:... or did:web:...)',
+                field: 'signer_did',
+            },
+        };
+    }
+    // 5) Fail-closed: require allowlisted signer DID(s)
+    if (!options.allowlistedSignerDids || options.allowlistedSignerDids.length === 0) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Execution attestation signer allowlist not configured',
+                envelope_type: envelope.envelope_type,
+                signer_did: envelope.signer_did,
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            error: {
+                code: 'DEPENDENCY_NOT_CONFIGURED',
+                message: 'Execution attestation signer allowlist is not configured. Set EXECUTION_ATTESTATION_SIGNER_DIDS to enable verification.',
+                field: 'env.EXECUTION_ATTESTATION_SIGNER_DIDS',
+            },
+        };
+    }
+    const allowlisted = options.allowlistedSignerDids.includes(envelope.signer_did);
+    if (!allowlisted) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Execution attestation signer DID is not allowlisted',
+                envelope_type: envelope.envelope_type,
+                signer_did: envelope.signer_did,
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'CLAIM_NOT_FOUND',
+                message: `Signer DID '${envelope.signer_did}' is not in the allowlisted execution attestation signer list`,
+                field: 'signer_did',
+            },
+        };
+    }
+    // 6) Validate issued_at + base64url fields
+    if (!isValidIsoDate(envelope.issued_at)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Invalid issued_at date format',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'MALFORMED_ENVELOPE',
+                message: 'issued_at must be a valid ISO 8601 date string',
+                field: 'issued_at',
+            },
+        };
+    }
+    if (!isValidBase64Url(envelope.payload_hash_b64u)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Invalid payload_hash_b64u format',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'MALFORMED_ENVELOPE',
+                message: 'payload_hash_b64u must be a valid base64url string',
+                field: 'payload_hash_b64u',
+            },
+        };
+    }
+    if (!isValidBase64Url(envelope.signature_b64u)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Invalid signature_b64u format',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'MALFORMED_ENVELOPE',
+                message: 'signature_b64u must be a valid base64url string',
+                field: 'signature_b64u',
+            },
+        };
+    }
+    // 7) Payload validation
+    if (!validatePayload(envelope.payload)) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Invalid execution attestation payload structure',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'SCHEMA_VALIDATION_FAILED',
+                message: 'Payload does not match execution_attestation.v1 constraints',
+                field: 'payload',
+            },
+        };
+    }
+    const payload = envelope.payload;
+    // 8) Internal consistency: payload.attester_did must match signer_did
+    if (payload.attester_did !== envelope.signer_did) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Payload attester_did does not match envelope signer_did',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            attester_did: payload.attester_did,
+            error: {
+                code: 'SIGNATURE_INVALID',
+                message: 'payload.attester_did must equal envelope.signer_did',
+                field: 'payload.attester_did',
+            },
+        };
+    }
+    // 9) Verify payload hash
+    let computedHash;
+    try {
+        computedHash = await computeHash(payload, envelope.hash_algorithm);
+    }
+    catch (err) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Failed to compute payload hash',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'HASH_MISMATCH',
+                message: `Failed to compute hash: ${err instanceof Error ? err.message : 'unknown error'}`,
+                field: 'payload',
+            },
+        };
+    }
+    if (computedHash !== envelope.payload_hash_b64u) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Payload hash mismatch',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'HASH_MISMATCH',
+                message: 'Computed payload hash does not match payload_hash_b64u',
+                field: 'payload_hash_b64u',
+            },
+        };
+    }
+    // 10) Verify signature over payload_hash_b64u
+    const pub = extractPublicKeyFromDidKey(envelope.signer_did);
+    if (!pub) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Unable to extract public key from signer_did',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'INVALID_DID_FORMAT',
+                message: 'Unable to extract Ed25519 public key from signer_did (expected did:key with 0xed01 multicodec prefix)',
+                field: 'signer_did',
+            },
+        };
+    }
+    try {
+        const sigBytes = base64UrlDecode(envelope.signature_b64u);
+        if (sigBytes.length !== 64) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'Invalid signature length',
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                error: {
+                    code: 'SIGNATURE_INVALID',
+                    message: 'Invalid signature length (expected 64 bytes for Ed25519)',
+                    field: 'signature_b64u',
+                },
+            };
+        }
+        const msgBytes = new TextEncoder().encode(envelope.payload_hash_b64u);
+        const signatureOk = await verifySignature(envelope.algorithm, pub, sigBytes, msgBytes);
+        if (!signatureOk) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'Signature verification failed',
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                error: {
+                    code: 'SIGNATURE_INVALID',
+                    message: 'Signature verification failed',
+                    field: 'signature_b64u',
+                },
+            };
+        }
+    }
+    catch (err) {
+        return {
+            result: {
+                status: 'INVALID',
+                reason: 'Signature verification error',
+                verified_at: now,
+            },
+            signer_did: envelope.signer_did,
+            allowlisted,
+            error: {
+                code: 'SIGNATURE_INVALID',
+                message: `Signature verification error: ${err instanceof Error ? err.message : 'unknown error'}`,
+                field: 'signature_b64u',
+            },
+        };
+    }
+    let teeClaims;
+    if (payload.execution_type === 'tee_execution') {
+        const extracted = extractTeeClaims(payload);
+        if (!extracted) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'Missing required TEE runtime metadata claims',
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                error: {
+                    code: 'SCHEMA_VALIDATION_FAILED',
+                    message: 'tee_execution requires runtime_metadata.tee.{attestation_type,root_id,tcb_version,evidence_ref,measurements}',
+                    field: 'payload.runtime_metadata.tee',
+                },
+            };
+        }
+        teeClaims = extracted;
+        if (!options.teeRootAllowlist || options.teeRootAllowlist.length === 0) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'TEE root allowlist not configured',
+                    envelope_type: envelope.envelope_type,
+                    signer_did: envelope.signer_did,
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                tee_root_id: teeClaims.rootId,
+                tee_tcb_version: teeClaims.tcbVersion,
+                error: {
+                    code: 'DEPENDENCY_NOT_CONFIGURED',
+                    message: 'TEE root allowlist is not configured. Set TEE_ATTESTATION_ROOT_ALLOWLIST to enable tee_execution verification.',
+                    field: 'env.TEE_ATTESTATION_ROOT_ALLOWLIST',
+                },
+            };
+        }
+        if (!options.teeTcbAllowlist || options.teeTcbAllowlist.length === 0) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'TEE TCB allowlist not configured',
+                    envelope_type: envelope.envelope_type,
+                    signer_did: envelope.signer_did,
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                tee_root_id: teeClaims.rootId,
+                tee_tcb_version: teeClaims.tcbVersion,
+                error: {
+                    code: 'DEPENDENCY_NOT_CONFIGURED',
+                    message: 'TEE TCB allowlist is not configured. Set TEE_ATTESTATION_TCB_ALLOWLIST to enable tee_execution verification.',
+                    field: 'env.TEE_ATTESTATION_TCB_ALLOWLIST',
+                },
+            };
+        }
+        if (options.teeRootRevoked?.includes(teeClaims.rootId)) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'TEE root is revoked',
+                    envelope_type: envelope.envelope_type,
+                    signer_did: envelope.signer_did,
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                tee_root_id: teeClaims.rootId,
+                tee_tcb_version: teeClaims.tcbVersion,
+                error: {
+                    code: 'REVOKED',
+                    message: `TEE root '${teeClaims.rootId}' is revoked`,
+                    field: 'payload.runtime_metadata.tee.root_id',
+                },
+            };
+        }
+        if (options.teeTcbRevoked?.includes(teeClaims.tcbVersion)) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'TEE TCB version is revoked',
+                    envelope_type: envelope.envelope_type,
+                    signer_did: envelope.signer_did,
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                tee_root_id: teeClaims.rootId,
+                tee_tcb_version: teeClaims.tcbVersion,
+                error: {
+                    code: 'REVOKED',
+                    message: `TEE TCB version '${teeClaims.tcbVersion}' is revoked`,
+                    field: 'payload.runtime_metadata.tee.tcb_version',
+                },
+            };
+        }
+        if (!options.teeRootAllowlist.includes(teeClaims.rootId)) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'TEE root is not allowlisted',
+                    envelope_type: envelope.envelope_type,
+                    signer_did: envelope.signer_did,
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                tee_root_id: teeClaims.rootId,
+                tee_tcb_version: teeClaims.tcbVersion,
+                error: {
+                    code: 'CLAIM_NOT_FOUND',
+                    message: `TEE root '${teeClaims.rootId}' is not in TEE_ATTESTATION_ROOT_ALLOWLIST`,
+                    field: 'payload.runtime_metadata.tee.root_id',
+                },
+            };
+        }
+        if (!options.teeTcbAllowlist.includes(teeClaims.tcbVersion)) {
+            return {
+                result: {
+                    status: 'INVALID',
+                    reason: 'TEE TCB version is not allowlisted',
+                    envelope_type: envelope.envelope_type,
+                    signer_did: envelope.signer_did,
+                    verified_at: now,
+                },
+                signer_did: envelope.signer_did,
+                allowlisted,
+                tee_root_id: teeClaims.rootId,
+                tee_tcb_version: teeClaims.tcbVersion,
+                error: {
+                    code: 'CLAIM_NOT_FOUND',
+                    message: `TEE TCB version '${teeClaims.tcbVersion}' is not in TEE_ATTESTATION_TCB_ALLOWLIST`,
+                    field: 'payload.runtime_metadata.tee.tcb_version',
+                },
+            };
+        }
+    }
+    return {
+        result: {
+            status: 'VALID',
+            reason: 'Execution attestation verified successfully',
+            verified_at: now,
+            envelope_type: envelope.envelope_type,
+            signer_did: envelope.signer_did,
+        },
+        signer_did: envelope.signer_did,
+        allowlisted,
+        attestation_id: payload.attestation_id,
+        execution_type: payload.execution_type,
+        agent_did: payload.agent_did,
+        attester_did: payload.attester_did,
+        run_id: payload.run_id,
+        proof_bundle_hash_b64u: payload.proof_bundle_hash_b64u,
+        tee_root_id: teeClaims?.rootId,
+        tee_tcb_version: teeClaims?.tcbVersion,
+    };
+}
+//# sourceMappingURL=verify-execution-attestation.js.map

package/dist/verify-execution-attestation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify-execution-attestation.js","sourceRoot":"","sources":["../src/verify-execution-attestation.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,kBAAkB,EAClB,sBAAsB,EACtB,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,GACf,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,WAAW,EACX,eAAe,EACf,0BAA0B,EAC1B,eAAe,GAChB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,sCAAsC,EAAE,MAAM,wBAAwB,CAAC;AAmBhF,SAAS,yBAAyB,CAChC,QAAiB;IAEjB,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IACpE,MAAM,CAAC,GAAG,QAAmC,CAAC;IAE9C,OAAO,CACL,kBAAkB,IAAI,CAAC;QACvB,eAAe,IAAI,CAAC;QACpB,SAAS,IAAI,CAAC;QACd,mBAAmB,IAAI,CAAC;QACxB,gBAAgB,IAAI,CAAC;QACrB,gBAAgB,IAAI,CAAC;QACrB,WAAW,IAAI,CAAC;QAChB,YAAY,IAAI,CAAC;QACjB,WAAW,IAAI,CAAC,CACjB,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CACtB,OAAgB;IAEhB,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAClE,MAAM,CAAC,GAAG,OAAkC,CAAC;IAE7C,IAAI,CAAC,CAAC,mBAAmB,KAAK,GAAG;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,OAAO,CAAC,CAAC,cAAc,KAAK,QAAQ,IAAI,CAAC,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;QAC9E,OAAO,KAAK,CAAC;IAEf,IAAI,CAAC,CAAC,cAAc,KAAK,mBAAmB,IAAI,CAAC,CAAC,cAAc,KAAK,eAAe;QAClF,OAAO,KAAK,CAAC;IAEf,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IACjD,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,YAAY,CAAC;QAAE,OAAO,KAAK,CAAC;IAEpD,yDAAyD;IACzD,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/E,IACE,OAAO,CAAC,CAAC,sBAAsB,KAAK,QAAQ;QAC5C,CAAC,CAAC,sBAAsB,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QAC1C,CAAC,gBAAgB,CAAC,CAAC,CAAC,sBAAsB,CAAC;QAE3C,OAAO,KAAK,CAAC;IAEf,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IAC/C,IAAI,YAAY,IAAI,CAAC,IAAI,CAAC,CAAC,UAAU,KAAK,SAAS,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CAAC;QAClF,OAAO,KAAK,CAAC;IAEf,OAAO,IAAI,CAAC;AACd,CAAC;AAOD,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,CAAC,CAAC,CAAE,KAAiC,CAAC,CAAC,CAAC,IAAI,CAAC;AACjG,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAoC;IAC5D,MAAM,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC3D,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,CAAC;IAElC,MAAM,GAAG,GAAG,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAEtB,MAAM,MAAM,GAAG,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACzE,MAAM,UAAU,GAAG,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IAErF,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AAChC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,QAAiB,EACjB,UAA+C,EAAE;IAejD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAErC,wBAAwB;IACxB,IAAI,CAAC,yBAAyB,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzC,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,6CAA6C;gBACrD,WAAW,EAAE,GAAG;aACjB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,8DAA8D;aACxE;SACF,CAAC;IACJ,CAAC;IAED,4BAA4B;IAC5B,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,6BAA6B,QAAQ,CAAC,gBAAgB,EAAE;gBAChE,WAAW,EAAE,GAAG;aACjB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,0BAA0B;gBAChC,OAAO,EAAE,qBAAqB,QAAQ,CAAC,gBAAgB,2BAA2B;gBAClF,KAAK,EAAE,kBAAkB;aAC1B;SACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,0BAA0B,QAAQ,CAAC,aAAa,EAAE;gBAC1D,WAAW,EAAE,GAAG;aACjB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,kBAAkB,QAAQ,CAAC,aAAa,2BAA2B;gBAC5E,KAAK,EAAE,eAAe;aACvB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,CAAC,aAAa,KAAK,uBAAuB,EAAE,CAAC;QACvD,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,iDAAiD,QAAQ,CAAC,aAAa,EAAE;gBACjF,WAAW,EAAE,GAAG;aACjB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,uBAAuB;gBAC7B,OAAO,EAAE,4DAA4D;gBACrE,KAAK,EAAE,eAAe;aACvB;SACF,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QAC5C,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,gCAAgC,QAAQ,CAAC,SAAS,EAAE;gBAC5D,WAAW,EAAE,GAAG;aACjB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,wBAAwB,QAAQ,CAAC,SAAS,2BAA2B;gBAC9E,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,sBAAsB,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QACrD,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,2BAA2B,QAAQ,CAAC,cAAc,EAAE;gBAC5D,WAAW,EAAE,GAAG;aACjB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,wBAAwB;gBAC9B,OAAO,EAAE,mBAAmB,QAAQ,CAAC,cAAc,2BAA2B;gBAC9E,KAAK,EAAE,gBAAgB;aACxB;SACF,CAAC;IACJ,CAAC;IAED,iDAAiD;IACjD,MAAM,YAAY,GAAG,sCAAsC,CAAC,QAAQ,CAAC,CAAC;IACtE,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QACxB,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,YAAY,CAAC,OAAO;gBAC5B,aAAa,EAAE,QAAQ,CAAC,aAAa;gBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW,EAAE,GAAG;aACjB;YACD,KAAK,EAAE;gBACL,IAAI,EAAE,0BAA0B;gBAChC,OAAO,EAAE,YAAY,CAAC,OAAO;gBAC7B,KAAK,EAAE,YAAY,CAAC,KAAK;aAC1B;SACF,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAC3C,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,uBAAuB,QAAQ,CAAC,UAAU,EAAE;gBACpD,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,KAAK,EAAE;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,wEAAwE;gBACjF,KAAK,EAAE,YAAY;aACpB;SACF,CAAC;IACJ,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,OAAO,CAAC,qBAAqB,IAAI,OAAO,CAAC,qBAAqB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACjF,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,uDAAuD;gBAC/D,aAAa,EAAE,QAAQ,CAAC,aAAa;gBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,KAAK,EAAE;gBACL,IAAI,EAAE,2BAA2B;gBACjC,OAAO,EAAE,yHAAyH;gBAClI,KAAK,EAAE,uCAAuC;aAC/C;SACF,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,OAAO,CAAC,qBAAqB,CAAC,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAChF,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,qDAAqD;gBAC7D,aAAa,EAAE,QAAQ,CAAC,aAAa;gBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,eAAe,QAAQ,CAAC,UAAU,+DAA+D;gBAC1G,KAAK,EAAE,YAAY;aACpB;SACF,CAAC;IACJ,CAAC;IAED,2CAA2C;IAC3C,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;QACxC,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,+BAA+B;gBACvC,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,gDAAgD;gBACzD,KAAK,EAAE,WAAW;aACnB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAClD,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,kCAAkC;gBAC1C,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,oDAAoD;gBAC7D,KAAK,EAAE,mBAAmB;aAC3B;SACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAC/C,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,+BAA+B;gBACvC,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EAAE,iDAAiD;gBAC1D,KAAK,EAAE,gBAAgB;aACxB;SACF,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,iDAAiD;gBACzD,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,0BAA0B;gBAChC,OAAO,EAAE,6DAA6D;gBACtE,KAAK,EAAE,SAAS;aACjB;SACF,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC;IAEjC,sEAAsE;IACtE,IAAI,OAAO,CAAC,YAAY,KAAK,QAAQ,CAAC,UAAU,EAAE,CAAC;QACjD,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,yDAAyD;gBACjE,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,KAAK,EAAE;gBACL,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,qDAAqD;gBAC9D,KAAK,EAAE,sBAAsB;aAC9B;SACF,CAAC;IACJ,CAAC;IAED,yBAAyB;IACzB,IAAI,YAAoB,CAAC;IACzB,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,QAAQ,CAAC,cAAc,CAAC,CAAC;IACrE,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,gCAAgC;gBACxC,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,2BAA2B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBAC1F,KAAK,EAAE,SAAS;aACjB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,YAAY,KAAK,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QAChD,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,uBAAuB;gBAC/B,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,eAAe;gBACrB,OAAO,EAAE,wDAAwD;gBACjE,KAAK,EAAE,mBAAmB;aAC3B;SACF,CAAC;IACJ,CAAC;IAED,8CAA8C;IAC9C,MAAM,GAAG,GAAG,0BAA0B,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC5D,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,8CAA8C;gBACtD,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,oBAAoB;gBAC1B,OAAO,EACL,uGAAuG;gBACzG,KAAK,EAAE,YAAY;aACpB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,eAAe,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC1D,IAAI,QAAQ,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC3B,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,0BAA0B;oBAClC,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,KAAK,EAAE;oBACL,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE,0DAA0D;oBACnE,KAAK,EAAE,gBAAgB;iBACxB;aACF,CAAC;QACJ,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,MAAM,eAAe,CACvC,QAAQ,CAAC,SAAS,EAClB,GAAG,EACH,QAAQ,EACR,QAAQ,CACT,CAAC;QAEF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,+BAA+B;oBACvC,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,KAAK,EAAE;oBACL,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE,+BAA+B;oBACxC,KAAK,EAAE,gBAAgB;iBACxB;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,MAAM,EAAE;gBACN,MAAM,EAAE,SAAS;gBACjB,MAAM,EAAE,8BAA8B;gBACtC,WAAW,EAAE,GAAG;aACjB;YACD,UAAU,EAAE,QAAQ,CAAC,UAAU;YAC/B,WAAW;YACX,KAAK,EAAE;gBACL,IAAI,EAAE,mBAAmB;gBACzB,OAAO,EAAE,iCAAiC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE;gBAChG,KAAK,EAAE,gBAAgB;aACxB;SACF,CAAC;IACJ,CAAC;IAED,IAAI,SAAgC,CAAC;IAErC,IAAI,OAAO,CAAC,cAAc,KAAK,eAAe,EAAE,CAAC;QAC/C,MAAM,SAAS,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,8CAA8C;oBACtD,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,KAAK,EAAE;oBACL,IAAI,EAAE,0BAA0B;oBAChC,OAAO,EACL,8GAA8G;oBAChH,KAAK,EAAE,8BAA8B;iBACtC;aACF,CAAC;QACJ,CAAC;QAED,SAAS,GAAG,SAAS,CAAC;QAEtB,IAAI,CAAC,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvE,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,mCAAmC;oBAC3C,aAAa,EAAE,QAAQ,CAAC,aAAa;oBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,WAAW,EAAE,SAAS,CAAC,MAAM;gBAC7B,eAAe,EAAE,SAAS,CAAC,UAAU;gBACrC,KAAK,EAAE;oBACL,IAAI,EAAE,2BAA2B;oBACjC,OAAO,EACL,gHAAgH;oBAClH,KAAK,EAAE,oCAAoC;iBAC5C;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,eAAe,IAAI,OAAO,CAAC,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrE,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,kCAAkC;oBAC1C,aAAa,EAAE,QAAQ,CAAC,aAAa;oBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,WAAW,EAAE,SAAS,CAAC,MAAM;gBAC7B,eAAe,EAAE,SAAS,CAAC,UAAU;gBACrC,KAAK,EAAE;oBACL,IAAI,EAAE,2BAA2B;oBACjC,OAAO,EACL,8GAA8G;oBAChH,KAAK,EAAE,mCAAmC;iBAC3C;aACF,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,cAAc,EAAE,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,qBAAqB;oBAC7B,aAAa,EAAE,QAAQ,CAAC,aAAa;oBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,WAAW,EAAE,SAAS,CAAC,MAAM;gBAC7B,eAAe,EAAE,SAAS,CAAC,UAAU;gBACrC,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,aAAa,SAAS,CAAC,MAAM,cAAc;oBACpD,KAAK,EAAE,sCAAsC;iBAC9C;aACF,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,aAAa,EAAE,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YAC1D,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,4BAA4B;oBACpC,aAAa,EAAE,QAAQ,CAAC,aAAa;oBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,WAAW,EAAE,SAAS,CAAC,MAAM;gBAC7B,eAAe,EAAE,SAAS,CAAC,UAAU;gBACrC,KAAK,EAAE;oBACL,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,oBAAoB,SAAS,CAAC,UAAU,cAAc;oBAC/D,KAAK,EAAE,0CAA0C;iBAClD;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC;YACzD,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,6BAA6B;oBACrC,aAAa,EAAE,QAAQ,CAAC,aAAa;oBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,WAAW,EAAE,SAAS,CAAC,MAAM;gBAC7B,eAAe,EAAE,SAAS,CAAC,UAAU;gBACrC,KAAK,EAAE;oBACL,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,aAAa,SAAS,CAAC,MAAM,4CAA4C;oBAClF,KAAK,EAAE,sCAAsC;iBAC9C;aACF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5D,OAAO;gBACL,MAAM,EAAE;oBACN,MAAM,EAAE,SAAS;oBACjB,MAAM,EAAE,oCAAoC;oBAC5C,aAAa,EAAE,QAAQ,CAAC,aAAa;oBACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;oBAC/B,WAAW,EAAE,GAAG;iBACjB;gBACD,UAAU,EAAE,QAAQ,CAAC,UAAU;gBAC/B,WAAW;gBACX,WAAW,EAAE,SAAS,CAAC,MAAM;gBAC7B,eAAe,EAAE,SAAS,CAAC,UAAU;gBACrC,KAAK,EAAE;oBACL,IAAI,EAAE,iBAAiB;oBACvB,OAAO,EAAE,oBAAoB,SAAS,CAAC,UAAU,2CAA2C;oBAC5F,KAAK,EAAE,0CAA0C;iBAClD;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,MAAM,EAAE;YACN,MAAM,EAAE,OAAO;YACf,MAAM,EAAE,6CAA6C;YACrD,WAAW,EAAE,GAAG;YAChB,aAAa,EAAE,QAAQ,CAAC,aAAa;YACrC,UAAU,EAAE,QAAQ,CAAC,UAAU;SAChC;QACD,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,WAAW;QACX,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,sBAAsB,EAAE,OAAO,CAAC,sBAAsB;QACtD,WAAW,EAAE,SAAS,EAAE,MAAM;QAC9B,eAAe,EAAE,SAAS,EAAE,UAAU;KACvC,CAAC;AACJ,CAAC"}

package/dist/verify-export-bundle.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Export Bundle Verification
+ * POHVN-US-007: Audit-ready export bundles (offline verifiability)
+ */
+import type { VerifyExportBundleResponse } from './types.js';
+export interface VerifyExportBundleOptions {
+    allowlistedReceiptSignerDids?: readonly string[];
+    allowlistedAttesterDids?: readonly string[];
+    allowlistedExecutionAttestationSignerDids?: readonly string[];
+    allowlistedDerivationAttestationSignerDids?: readonly string[];
+    allowlistedAuditResultAttestationSignerDids?: readonly string[];
+}
+export declare function verifyExportBundle(bundleInput: unknown, options?: VerifyExportBundleOptions): Promise<VerifyExportBundleResponse>;
+//# sourceMappingURL=verify-export-bundle.d.ts.map

package/dist/verify-export-bundle.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify-export-bundle.d.ts","sourceRoot":"","sources":["../src/verify-export-bundle.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAGV,0BAA0B,EAE3B,MAAM,YAAY,CAAC;AAepB,MAAM,WAAW,yBAAyB;IACxC,4BAA4B,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACjD,uBAAuB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,yCAAyC,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC9D,0CAA0C,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/D,2CAA2C,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CACjE;AA8HD,wBAAsB,kBAAkB,CACtC,WAAW,EAAE,OAAO,EACpB,OAAO,GAAE,yBAA8B,GACtC,OAAO,CAAC,0BAA0B,CAAC,CA6PrC"}