@commit451/salamander 1.1.1 → 1.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/README.md +42 -42
  2. package/bin/salamander.js +1 -1
  3. package/dist/commands/create-runner.d.ts.map +1 -1
  4. package/dist/commands/create-runner.js +18 -3
  5. package/dist/commands/create-runner.js.map +1 -1
  6. package/dist/commands/delete-runner.d.ts.map +1 -1
  7. package/dist/commands/delete-runner.js +6 -0
  8. package/dist/commands/delete-runner.js.map +1 -1
  9. package/dist/commands/runner-selection.d.ts.map +1 -1
  10. package/dist/commands/runner-selection.js +2 -2
  11. package/dist/commands/runner-selection.js.map +1 -1
  12. package/dist/services/api.d.ts +2 -0
  13. package/dist/services/api.d.ts.map +1 -1
  14. package/dist/services/api.js.map +1 -1
  15. package/dist/services/auth.d.ts.map +1 -1
  16. package/dist/services/auth.js +80 -50
  17. package/dist/services/auth.js.map +1 -1
  18. package/dist/services/command-listener.d.ts +4 -1
  19. package/dist/services/command-listener.d.ts.map +1 -1
  20. package/dist/services/command-listener.js +78 -41
  21. package/dist/services/command-listener.js.map +1 -1
  22. package/dist/services/executor.d.ts +2 -0
  23. package/dist/services/executor.d.ts.map +1 -1
  24. package/dist/services/executor.js +45 -10
  25. package/dist/services/executor.js.map +1 -1
  26. package/dist/services/runner.d.ts +1 -1
  27. package/dist/services/runner.d.ts.map +1 -1
  28. package/dist/services/runner.js +17 -3
  29. package/dist/services/runner.js.map +1 -1
  30. package/dist/types/runner.d.ts +1 -0
  31. package/dist/types/runner.d.ts.map +1 -1
  32. package/package.json +52 -52
  33. package/dist/services/crypto.d.ts +0 -52
  34. package/dist/services/crypto.d.ts.map +0 -1
  35. package/dist/services/crypto.js +0 -104
  36. package/dist/services/crypto.js.map +0 -1
  37. package/dist/services/key-manager.d.ts +0 -45
  38. package/dist/services/key-manager.d.ts.map +0 -1
  39. package/dist/services/key-manager.js +0 -123
  40. package/dist/services/key-manager.js.map +0 -1
  41. package/dist/services/multi-device-key-manager.d.ts +0 -56
  42. package/dist/services/multi-device-key-manager.d.ts.map +0 -1
  43. package/dist/services/multi-device-key-manager.js +0 -159
  44. package/dist/services/multi-device-key-manager.js.map +0 -1
package/dist/services/crypto.js DELETED
@@ -1,104 +0,0 @@
1
- import * as crypto from 'node:crypto';
2
- export class CryptoService {
3
- static ALGORITHM = 'aes-256-gcm';
4
- static IV_LENGTH = 16;
5
- static TAG_LENGTH = 16;
6
- static KEY_LENGTH = 32;
7
- /**
8
- * Generate an ECDH key pair for key exchange
9
- */
10
- static generateECDHKeyPair() {
11
- const ecdh = crypto.createECDH('secp256k1');
12
- ecdh.generateKeys();
13
- return {
14
- publicKey: ecdh.getPublicKey('base64'),
15
- privateKey: ecdh.getPrivateKey('base64')
16
- };
17
- }
18
- /**
19
- * Derive a shared secret from ECDH key exchange
20
- */
21
- static deriveSharedSecret(privateKey, publicKey) {
22
- const ecdh = crypto.createECDH('secp256k1');
23
- ecdh.setPrivateKey(privateKey, 'base64');
24
- const sharedSecret = ecdh.computeSecret(publicKey, 'base64');
25
- // Use HKDF to derive a proper encryption key
26
- const derivedKey = crypto.hkdfSync('sha256', sharedSecret, '', 'salamander-e2e-encryption', CryptoService.KEY_LENGTH);
27
- return Buffer.from(derivedKey).toString('base64');
28
- }
29
- /**
30
- * Encrypt a message using AES-256-GCM
31
- */
32
- static encrypt(message, key) {
33
- const keyBuffer = Buffer.from(key, 'base64');
34
- const iv = crypto.randomBytes(CryptoService.IV_LENGTH);
35
- const cipher = crypto.createCipheriv(CryptoService.ALGORITHM, keyBuffer, iv);
36
- cipher.setAAD(Buffer.from('salamander'));
37
- let encryptedData = cipher.update(message, 'utf8', 'base64');
38
- encryptedData += cipher.final('base64');
39
- const tag = cipher.getAuthTag();
40
- return {
41
- encryptedData,
42
- iv: iv.toString('base64'),
43
- tag: tag.toString('base64')
44
- };
45
- }
46
- /**
47
- * Decrypt a message using AES-256-GCM
48
- */
49
- static decrypt(encryptedMessage, key) {
50
- const keyBuffer = Buffer.from(key, 'base64');
51
- const iv = Buffer.from(encryptedMessage.iv, 'base64');
52
- const tag = Buffer.from(encryptedMessage.tag, 'base64');
53
- const decipher = crypto.createDecipheriv(CryptoService.ALGORITHM, keyBuffer, iv);
54
- decipher.setAAD(Buffer.from('salamander'));
55
- decipher.setAuthTag(tag);
56
- let decryptedData = decipher.update(encryptedMessage.encryptedData, 'base64', 'utf8');
57
- decryptedData += decipher.final('utf8');
58
- return decryptedData;
59
- }
60
- /**
61
- * Generate a random 256-bit key for symmetric encryption
62
- */
63
- static generateRandomKey() {
64
- const key = crypto.randomBytes(CryptoService.KEY_LENGTH);
65
- return key.toString('base64');
66
- }
67
- /**
68
- * Check if a message appears to be encrypted
69
- */
70
- static isEncrypted(message) {
71
- try {
72
- const parsed = JSON.parse(message);
73
- return parsed.encryptedData && parsed.iv && parsed.tag;
74
- }
75
- catch {
76
- return false;
77
- }
78
- }
79
- /**
80
- * Safely encrypt a message, handling both string and object inputs
81
- */
82
- static safeEncrypt(data, key) {
83
- const message = typeof data === 'string' ? data : JSON.stringify(data);
84
- const encrypted = this.encrypt(message, key);
85
- return JSON.stringify(encrypted);
86
- }
87
- /**
88
- * Safely decrypt a message, throwing error if decryption fails
89
- */
90
- static safeDecrypt(encryptedData, key) {
91
- if (!this.isEncrypted(encryptedData)) {
92
- throw new Error('Message is not encrypted - encryption is required');
93
- }
94
- const encryptedMessage = JSON.parse(encryptedData);
95
- return this.decrypt(encryptedMessage, key);
96
- }
97
- /**
98
- * Create a hash of the key for identification purposes
99
- */
100
- static createKeyHash(key) {
101
- return crypto.createHash('sha256').update(key).digest('hex').substring(0, 16);
102
- }
103
- }
104
- //# sourceMappingURL=crypto.js.map
package/dist/services/crypto.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/services/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAatC,MAAM,OAAO,aAAa;IACd,MAAM,CAAU,SAAS,GAAG,aAAa,CAAC;IAC1C,MAAM,CAAU,SAAS,GAAG,EAAE,CAAC;IAC/B,MAAM,CAAU,UAAU,GAAG,EAAE,CAAC;IAChC,MAAM,CAAU,UAAU,GAAG,EAAE,CAAC;IAExC;;OAEG;IACH,MAAM,CAAC,mBAAmB;QACtB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAC5C,IAAI,CAAC,YAAY,EAAE,CAAC;QAEpB,OAAO;YACH,SAAS,EAAE,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC;YACtC,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC;SAC3C,CAAC;IACN,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,kBAAkB,CAAC,UAAkB,EAAE,SAAiB;QAC3D,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAC5C,IAAI,CAAC,aAAa,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAEzC,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAE7D,6CAA6C;QAC7C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,YAAY,EAAE,EAAE,EAAE,2BAA2B,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QAEtH,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,OAAe,EAAE,GAAW;QACvC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAEvD,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QAC7E,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAEzC,IAAI,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC7D,aAAa,IAAI,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QAExC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEhC,OAAO;YACH,aAAa;YACb,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACzB,GAAG,EAAE,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC;SAC9B,CAAC;IACN,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,OAAO,CAAC,gBAAkC,EAAE,GAAW;QAC1D,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAC7C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;QAExD,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,CAAC,SAAS,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;QACjF,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3C,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAEzB,IAAI,aAAa,GAAG,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;QACtF,aAAa,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAExC,OAAO,aAAa,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,iBAAiB;QACpB,MAAM,GAAG,GAAG,MAAM,CAAC,WAAW,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;QACzD,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,OAAe;QAC9B,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnC,OAAO,MAAM,CAAC,aAAa,IAAI,MAAM,CAAC,EAAE,IAAI,MAAM,CAAC,GAAG,CAAC;QAC3D,CAAC;QAAC,MAAM,CAAC;YACL,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,IAAS,EAAE,GAAW;QACrC,MAAM,OAAO,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,aAAqB,EAAE,GAAW;QACjD,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACzE,CAAC;QAED,MAAM,gBAAgB,GAAqB,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC;QACrE,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,GAAW;QAC5B,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClF,CAAC"}
package/dist/services/key-manager.d.ts DELETED
@@ -1,45 +0,0 @@
1
- import { KeyPair } from './crypto.js';
2
- export declare class KeyManagerService {
3
- private static readonly KEYS_STORAGE_KEY;
4
- private static readonly KEY_EXPIRY_DAYS;
5
- /**
6
- * Initialize keys for a new runner
7
- */
8
- static initializeRunnerKeys(runnerId: string): Promise<KeyPair>;
9
- /**
10
- * Complete the key exchange with the Flutter app's public key
11
- */
12
- static completeKeyExchange(runnerId: string, flutterPublicKey: string): Promise<string>;
13
- /**
14
- * Get the shared secret for encryption/decryption
15
- */
16
- static getSharedSecret(runnerId: string): Promise<string | null>;
17
- /**
18
- * Get the CLI's public key for a runner
19
- */
20
- static getPublicKey(runnerId: string): Promise<string | null>;
21
- /**
22
- * Check if keys exist and are properly initialized for a runner
23
- */
24
- static hasValidKeys(runnerId: string): Promise<boolean>;
25
- /**
26
- * Rotate keys for a runner (generate new key pair)
27
- */
28
- static rotateKeys(runnerId: string): Promise<KeyPair>;
29
- /**
30
- * Remove keys for a runner (when runner is deleted)
31
- */
32
- static removeRunnerKeys(runnerId: string): Promise<void>;
33
- /**
34
- * Get all runners that have encryption keys
35
- */
36
- static getEncryptedRunnerIds(): Promise<string[]>;
37
- /**
38
- * Cleanup expired keys
39
- */
40
- static cleanupExpiredKeys(): Promise<number>;
41
- private static getRunnerKeys;
42
- private static storeRunnerKeys;
43
- private static getAllStoredKeys;
44
- }
45
- //# sourceMappingURL=key-manager.d.ts.map
package/dist/services/key-manager.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"key-manager.d.ts","sourceRoot":"","sources":["../../src/services/key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAgB,OAAO,EAAC,MAAM,aAAa,CAAC;AAUnD,qBAAa,iBAAiB;IAC1B,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAA4B;IACpE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAM;IAE7C;;OAEG;WACU,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAYrE;;OAEG;WACU,mBAAmB,CAAC,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoB7F;;OAEG;WACU,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAetE;;OAEG;WACU,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAKnE;;OAEG;WACU,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK7D;;OAEG;WACU,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK3D;;OAEG;WACU,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM9D;;OAEG;WACU,qBAAqB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAQvD;;OAEG;WACU,kBAAkB,IAAI,OAAO,CAAC,MAAM,CAAC;mBAwB7B,aAAa;mBAKb,eAAe;mBAMf,gBAAgB;CAGxC"}
package/dist/services/key-manager.js DELETED
@@ -1,123 +0,0 @@
1
- import { CryptoService } from './crypto.js';
2
- import { StorageService } from '../utils/storage.js';
3
- export class KeyManagerService {
4
- static KEYS_STORAGE_KEY = 'salamander_runner_keys';
5
- static KEY_EXPIRY_DAYS = 30;
6
- /**
7
- * Initialize keys for a new runner
8
- */
9
- static async initializeRunnerKeys(runnerId) {
10
- const ecdhKeyPair = CryptoService.generateECDHKeyPair();
11
- const runnerKeys = {
12
- ecdhKeyPair,
13
- createdAt: Date.now()
14
- };
15
- await this.storeRunnerKeys(runnerId, runnerKeys);
16
- return ecdhKeyPair;
17
- }
18
- /**
19
- * Complete the key exchange with the Flutter app's public key
20
- */
21
- static async completeKeyExchange(runnerId, flutterPublicKey) {
22
- const runnerKeys = await this.getRunnerKeys(runnerId);
23
- if (!runnerKeys) {
24
- throw new Error(`No keys found for runner ${runnerId}`);
25
- }
26
- // Derive shared secret using our private key and Flutter's public key
27
- const sharedSecret = CryptoService.deriveSharedSecret(runnerKeys.ecdhKeyPair.privateKey, flutterPublicKey);
28
- // Update stored keys with shared secret
29
- runnerKeys.sharedSecret = sharedSecret;
30
- runnerKeys.keyHash = CryptoService.createKeyHash(sharedSecret);
31
- await this.storeRunnerKeys(runnerId, runnerKeys);
32
- return sharedSecret;
33
- }
34
- /**
35
- * Get the shared secret for encryption/decryption
36
- */
37
- static async getSharedSecret(runnerId) {
38
- const runnerKeys = await this.getRunnerKeys(runnerId);
39
- if (!runnerKeys?.sharedSecret) {
40
- return null;
41
- }
42
- // Check if keys are expired
43
- const daysSinceCreation = (Date.now() - runnerKeys.createdAt) / (1000 * 60 * 60 * 24);
44
- if (daysSinceCreation > this.KEY_EXPIRY_DAYS) {
45
- console.warn(`Keys for runner ${runnerId} have expired. Consider key rotation.`);
46
- }
47
- return runnerKeys.sharedSecret;
48
- }
49
- /**
50
- * Get the CLI's public key for a runner
51
- */
52
- static async getPublicKey(runnerId) {
53
- const runnerKeys = await this.getRunnerKeys(runnerId);
54
- return runnerKeys?.ecdhKeyPair.publicKey ?? null;
55
- }
56
- /**
57
- * Check if keys exist and are properly initialized for a runner
58
- */
59
- static async hasValidKeys(runnerId) {
60
- const runnerKeys = await this.getRunnerKeys(runnerId);
61
- return !!(runnerKeys?.ecdhKeyPair && runnerKeys?.sharedSecret);
62
- }
63
- /**
64
- * Rotate keys for a runner (generate new key pair)
65
- */
66
- static async rotateKeys(runnerId) {
67
- console.log(`Rotating keys for runner ${runnerId}`);
68
- return await this.initializeRunnerKeys(runnerId);
69
- }
70
- /**
71
- * Remove keys for a runner (when runner is deleted)
72
- */
73
- static async removeRunnerKeys(runnerId) {
74
- const allKeys = await this.getAllStoredKeys();
75
- delete allKeys[runnerId];
76
- await StorageService.set(this.KEYS_STORAGE_KEY, allKeys);
77
- }
78
- /**
79
- * Get all runners that have encryption keys
80
- */
81
- static async getEncryptedRunnerIds() {
82
- const allKeys = await this.getAllStoredKeys();
83
- return Object.keys(allKeys).filter(runnerId => {
84
- const keys = allKeys[runnerId];
85
- return keys?.sharedSecret;
86
- });
87
- }
88
- /**
89
- * Cleanup expired keys
90
- */
91
- static async cleanupExpiredKeys() {
92
- const allKeys = await this.getAllStoredKeys();
93
- const now = Date.now();
94
- let cleanedCount = 0;
95
- const updatedKeys = {};
96
- for (const [runnerId, keys] of Object.entries(allKeys)) {
97
- const daysSinceCreation = (now - keys.createdAt) / (1000 * 60 * 60 * 24);
98
- if (daysSinceCreation <= this.KEY_EXPIRY_DAYS) {
99
- updatedKeys[runnerId] = keys;
100
- }
101
- else {
102
- cleanedCount++;
103
- console.log(`Cleaned up expired keys for runner ${runnerId}`);
104
- }
105
- }
106
- await StorageService.set(this.KEYS_STORAGE_KEY, updatedKeys);
107
- return cleanedCount;
108
- }
109
- // Private helper methods
110
- static async getRunnerKeys(runnerId) {
111
- const allKeys = await this.getAllStoredKeys();
112
- return allKeys[runnerId] ?? null;
113
- }
114
- static async storeRunnerKeys(runnerId, keys) {
115
- const allKeys = await this.getAllStoredKeys();
116
- allKeys[runnerId] = keys;
117
- await StorageService.set(this.KEYS_STORAGE_KEY, allKeys);
118
- }
119
- static async getAllStoredKeys() {
120
- return (await StorageService.get(this.KEYS_STORAGE_KEY)) ?? {};
121
- }
122
- }
123
- //# sourceMappingURL=key-manager.js.map
package/dist/services/key-manager.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"key-manager.js","sourceRoot":"","sources":["../../src/services/key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAU,MAAM,aAAa,CAAC;AACnD,OAAO,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AASnD,MAAM,OAAO,iBAAiB;IAClB,MAAM,CAAU,gBAAgB,GAAG,wBAAwB,CAAC;IAC5D,MAAM,CAAU,eAAe,GAAG,EAAE,CAAC;IAE7C;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QAC9C,MAAM,WAAW,GAAG,aAAa,CAAC,mBAAmB,EAAE,CAAC;QAExD,MAAM,UAAU,GAAe;YAC3B,WAAW;YACX,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;QAEF,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACjD,OAAO,WAAW,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,QAAgB,EAAE,gBAAwB;QACvE,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACtD,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,sEAAsE;QACtE,MAAM,YAAY,GAAG,aAAa,CAAC,kBAAkB,CACjD,UAAU,CAAC,WAAW,CAAC,UAAU,EACjC,gBAAgB,CACnB,CAAC;QAEF,wCAAwC;QACxC,UAAU,CAAC,YAAY,GAAG,YAAY,CAAC;QACvC,UAAU,CAAC,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAE/D,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACjD,OAAO,YAAY,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB;QACzC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACtD,IAAI,CAAC,UAAU,EAAE,YAAY,EAAE,CAAC;YAC5B,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,4BAA4B;QAC5B,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,UAAU,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACtF,IAAI,iBAAiB,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,mBAAmB,QAAQ,uCAAuC,CAAC,CAAC;QACrF,CAAC;QAED,OAAO,UAAU,CAAC,YAAY,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,QAAgB;QACtC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACtD,OAAO,UAAU,EAAE,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,QAAgB;QACtC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACtD,OAAO,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,IAAI,UAAU,EAAE,YAAY,CAAC,CAAC;IACnE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,QAAgB;QACpC,OAAO,CAAC,GAAG,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QACpD,OAAO,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzB,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,qBAAqB;QAC9B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE;YAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;YAC/B,OAAO,IAAI,EAAE,YAAY,CAAC;QAC9B,CAAC,CAAC,CAAC;IACP,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,kBAAkB;QAC3B,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,YAAY,GAAG,CAAC,CAAC;QAErB,MAAM,WAAW,GAA+B,EAAE,CAAC;QAEnD,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACrD,MAAM,iBAAiB,GAAG,CAAC,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;YAEzE,IAAI,iBAAiB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBAC5C,WAAW,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;YACjC,CAAC;iBAAM,CAAC;gBACJ,YAAY,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;YAClE,CAAC;QACL,CAAC;QAED,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;QAC7D,OAAO,YAAY,CAAC;IACxB,CAAC;IAED,yBAAyB;IAEjB,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,QAAgB;QAC/C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,IAAgB;QACnE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;QACzB,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,gBAAgB;QACjC,OAAO,CAAC,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC;IACnE,CAAC"}
package/dist/services/multi-device-key-manager.d.ts DELETED
@@ -1,56 +0,0 @@
1
- import { type DeviceKey } from '../types/runner.js';
2
- export declare class MultiDeviceKeyManagerService {
3
- private static readonly KEYS_STORAGE_KEY;
4
- private static readonly KEY_EXPIRY_DAYS;
5
- /**
6
- * Initialize keys for a new runner (CLI side)
7
- */
8
- static initializeRunnerKeys(runnerId: string): Promise<{
9
- publicKey: string;
10
- privateKey: string;
11
- }>;
12
- /**
13
- * Register a new device and derive shared secret
14
- */
15
- static registerDevice(runnerId: string, deviceKey: DeviceKey): Promise<string>;
16
- /**
17
- * Remove a device from the runner
18
- */
19
- static removeDevice(runnerId: string, deviceId: string): Promise<void>;
20
- /**
21
- * Get shared secret for specific device
22
- */
23
- static getSharedSecret(runnerId: string, deviceId: string): Promise<string | null>;
24
- /**
25
- * Get all registered device IDs for a runner
26
- */
27
- static getRegisteredDevices(runnerId: string): Promise<string[]>;
28
- /**
29
- * Encrypt command for specific device
30
- */
31
- static encryptForDevice(runnerId: string, deviceId: string, command: string): Promise<string>;
32
- /**
33
- * Encrypt command for all registered devices
34
- */
35
- static encryptForAllDevices(runnerId: string, command: string): Promise<Record<string, string>>;
36
- /**
37
- * Decrypt command from specific device
38
- */
39
- static decryptFromDevice(runnerId: string, deviceId: string, encryptedCommand: string): Promise<string>;
40
- /**
41
- * Check if runner has any registered devices
42
- */
43
- static hasRegisteredDevices(runnerId: string): Promise<boolean>;
44
- /**
45
- * Clean up all keys for a runner
46
- */
47
- static removeRunnerKeys(runnerId: string): Promise<void>;
48
- /**
49
- * Get CLI's public key for a runner
50
- */
51
- static getCliPublicKey(runnerId: string): Promise<string | null>;
52
- private static getRunnerKeys;
53
- private static storeRunnerKeys;
54
- private static getAllStoredKeys;
55
- }
56
- //# sourceMappingURL=multi-device-key-manager.d.ts.map
package/dist/services/multi-device-key-manager.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"multi-device-key-manager.d.ts","sourceRoot":"","sources":["../../src/services/multi-device-key-manager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAC,KAAK,SAAS,EAAC,MAAM,oBAAoB,CAAC;AASlD,qBAAa,4BAA4B;IACrC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAkC;IAC1E,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,eAAe,CAAM;IAE7C;;OAEG;WACU,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAC,CAAC;IAcrG;;OAEG;WACU,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC;IA6BpF;;OAEG;WACU,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAa5E;;OAEG;WACU,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAexF;;OAEG;WACU,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAStE;;OAEG;WACU,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IASnG;;OAEG;WACU,oBAAoB,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAuBrG;;OAEG;WACU,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAS7G;;OAEG;WACU,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKrE;;OAEG;WACU,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAO9D;;OAEG;WACU,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;mBAOjD,aAAa;mBAKb,eAAe;mBAMf,gBAAgB;CAGxC"}
package/dist/services/multi-device-key-manager.js DELETED
@@ -1,159 +0,0 @@
1
- import { CryptoService } from './crypto.js';
2
- import { StorageService } from '../utils/storage.js';
3
- export class MultiDeviceKeyManagerService {
4
- static KEYS_STORAGE_KEY = 'salamander_multi_device_keys';
5
- static KEY_EXPIRY_DAYS = 30;
6
- /**
7
- * Initialize keys for a new runner (CLI side)
8
- */
9
- static async initializeRunnerKeys(runnerId) {
10
- const ecdhKeyPair = CryptoService.generateECDHKeyPair();
11
- const keyData = {
12
- ecdhKeyPair,
13
- sharedSecrets: {},
14
- keyHashes: {},
15
- createdAt: Date.now()
16
- };
17
- await this.storeRunnerKeys(runnerId, keyData);
18
- return ecdhKeyPair;
19
- }
20
- /**
21
- * Register a new device and derive shared secret
22
- */
23
- static async registerDevice(runnerId, deviceKey) {
24
- const keyData = await this.getRunnerKeys(runnerId);
25
- if (!keyData) {
26
- throw new Error(`No keys found for runner ${runnerId}`);
27
- }
28
- // Derive shared secret with this device
29
- const sharedSecret = CryptoService.deriveSharedSecret(keyData.ecdhKeyPair.privateKey, deviceKey.publicKey);
30
- const keyHash = CryptoService.createKeyHash(sharedSecret);
31
- // Verify the key hash matches what the device expects
32
- if (keyHash !== deviceKey.keyHash) {
33
- throw new Error('Key hash mismatch during device registration');
34
- }
35
- // Store the shared secret for this device
36
- keyData.sharedSecrets[deviceKey.deviceId] = sharedSecret;
37
- keyData.keyHashes[deviceKey.deviceId] = keyHash;
38
- await this.storeRunnerKeys(runnerId, keyData);
39
- console.log(`✓ Device ${deviceKey.deviceId} registered for runner ${runnerId}`);
40
- return sharedSecret;
41
- }
42
- /**
43
- * Remove a device from the runner
44
- */
45
- static async removeDevice(runnerId, deviceId) {
46
- const keyData = await this.getRunnerKeys(runnerId);
47
- if (!keyData) {
48
- return; // No keys to clean up
49
- }
50
- delete keyData.sharedSecrets[deviceId];
51
- delete keyData.keyHashes[deviceId];
52
- await this.storeRunnerKeys(runnerId, keyData);
53
- console.log(`Device ${deviceId} removed from runner ${runnerId}`);
54
- }
55
- /**
56
- * Get shared secret for specific device
57
- */
58
- static async getSharedSecret(runnerId, deviceId) {
59
- const keyData = await this.getRunnerKeys(runnerId);
60
- if (!keyData) {
61
- return null;
62
- }
63
- // Check if keys are expired
64
- const daysSinceCreation = (Date.now() - keyData.createdAt) / (1000 * 60 * 60 * 24);
65
- if (daysSinceCreation > this.KEY_EXPIRY_DAYS) {
66
- console.warn(`Keys for runner ${runnerId} have expired. Consider key rotation.`);
67
- }
68
- return keyData.sharedSecrets[deviceId] || null;
69
- }
70
- /**
71
- * Get all registered device IDs for a runner
72
- */
73
- static async getRegisteredDevices(runnerId) {
74
- const keyData = await this.getRunnerKeys(runnerId);
75
- if (!keyData) {
76
- return [];
77
- }
78
- return Object.keys(keyData.sharedSecrets);
79
- }
80
- /**
81
- * Encrypt command for specific device
82
- */
83
- static async encryptForDevice(runnerId, deviceId, command) {
84
- const sharedSecret = await this.getSharedSecret(runnerId, deviceId);
85
- if (!sharedSecret) {
86
- throw new Error(`No shared secret found for device ${deviceId} on runner ${runnerId}`);
87
- }
88
- return CryptoService.safeEncrypt(command, sharedSecret);
89
- }
90
- /**
91
- * Encrypt command for all registered devices
92
- */
93
- static async encryptForAllDevices(runnerId, command) {
94
- const keyData = await this.getRunnerKeys(runnerId);
95
- if (!keyData) {
96
- throw new Error(`No keys found for runner ${runnerId}`);
97
- }
98
- const encryptedCommands = {};
99
- for (const [deviceId, sharedSecret] of Object.entries(keyData.sharedSecrets)) {
100
- try {
101
- encryptedCommands[deviceId] = CryptoService.safeEncrypt(command, sharedSecret);
102
- }
103
- catch (error) {
104
- console.warn(`Failed to encrypt command for device ${deviceId}: ${error}`);
105
- }
106
- }
107
- if (Object.keys(encryptedCommands).length === 0) {
108
- throw new Error(`No devices registered for runner ${runnerId}`);
109
- }
110
- return encryptedCommands;
111
- }
112
- /**
113
- * Decrypt command from specific device
114
- */
115
- static async decryptFromDevice(runnerId, deviceId, encryptedCommand) {
116
- const sharedSecret = await this.getSharedSecret(runnerId, deviceId);
117
- if (!sharedSecret) {
118
- throw new Error(`No shared secret found for device ${deviceId} on runner ${runnerId}`);
119
- }
120
- return CryptoService.safeDecrypt(encryptedCommand, sharedSecret);
121
- }
122
- /**
123
- * Check if runner has any registered devices
124
- */
125
- static async hasRegisteredDevices(runnerId) {
126
- const devices = await this.getRegisteredDevices(runnerId);
127
- return devices.length > 0;
128
- }
129
- /**
130
- * Clean up all keys for a runner
131
- */
132
- static async removeRunnerKeys(runnerId) {
133
- const allKeys = await this.getAllStoredKeys();
134
- delete allKeys[runnerId];
135
- await StorageService.set(this.KEYS_STORAGE_KEY, allKeys);
136
- console.log(`Cleaned up all keys for runner ${runnerId}`);
137
- }
138
- /**
139
- * Get CLI's public key for a runner
140
- */
141
- static async getCliPublicKey(runnerId) {
142
- const keyData = await this.getRunnerKeys(runnerId);
143
- return keyData?.ecdhKeyPair.publicKey || null;
144
- }
145
- // Private helper methods
146
- static async getRunnerKeys(runnerId) {
147
- const allKeys = await this.getAllStoredKeys();
148
- return allKeys[runnerId] || null;
149
- }
150
- static async storeRunnerKeys(runnerId, keys) {
151
- const allKeys = await this.getAllStoredKeys();
152
- allKeys[runnerId] = keys;
153
- await StorageService.set(this.KEYS_STORAGE_KEY, allKeys);
154
- }
155
- static async getAllStoredKeys() {
156
- return (await StorageService.get(this.KEYS_STORAGE_KEY)) ?? {};
157
- }
158
- }
159
- //# sourceMappingURL=multi-device-key-manager.js.map
package/dist/services/multi-device-key-manager.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"multi-device-key-manager.js","sourceRoot":"","sources":["../../src/services/multi-device-key-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,aAAa,EAAC,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAC,MAAM,qBAAqB,CAAC;AAUnD,MAAM,OAAO,4BAA4B;IAC7B,MAAM,CAAU,gBAAgB,GAAG,8BAA8B,CAAC;IAClE,MAAM,CAAU,eAAe,GAAG,EAAE,CAAC;IAE7C;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QAC9C,MAAM,WAAW,GAAG,aAAa,CAAC,mBAAmB,EAAE,CAAC;QAExD,MAAM,OAAO,GAAkB;YAC3B,WAAW;YACX,aAAa,EAAE,EAAE;YACjB,SAAS,EAAE,EAAE;YACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;QAEF,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,WAAW,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,SAAoB;QAC9D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,wCAAwC;QACxC,MAAM,YAAY,GAAG,aAAa,CAAC,kBAAkB,CACjD,OAAO,CAAC,WAAW,CAAC,UAAU,EAC9B,SAAS,CAAC,SAAS,CACtB,CAAC;QAEF,MAAM,OAAO,GAAG,aAAa,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QAE1D,sDAAsD;QACtD,IAAI,OAAO,KAAK,SAAS,CAAC,OAAO,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACpE,CAAC;QAED,0CAA0C;QAC1C,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,YAAY,CAAC;QACzD,OAAO,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC;QAEhD,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAE9C,OAAO,CAAC,GAAG,CAAC,YAAY,SAAS,CAAC,QAAQ,0BAA0B,QAAQ,EAAE,CAAC,CAAC;QAChF,OAAO,YAAY,CAAC;IACxB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,QAAgB;QACxD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,CAAC,sBAAsB;QAClC,CAAC;QAED,OAAO,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEnC,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,UAAU,QAAQ,wBAAwB,QAAQ,EAAE,CAAC,CAAC;IACtE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,QAAgB;QAC3D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,4BAA4B;QAC5B,MAAM,iBAAiB,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC;QACnF,IAAI,iBAAiB,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,OAAO,CAAC,IAAI,CAAC,mBAAmB,QAAQ,uCAAuC,CAAC,CAAC;QACrF,CAAC;QAED,OAAO,OAAO,CAAC,aAAa,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO,EAAE,CAAC;QACd,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,QAAgB,EAAE,OAAe;QAC7E,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,cAAc,QAAQ,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,OAAO,aAAa,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB,EAAE,OAAe;QAC/D,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,4BAA4B,QAAQ,EAAE,CAAC,CAAC;QAC5D,CAAC;QAED,MAAM,iBAAiB,GAA2B,EAAE,CAAC;QAErD,KAAK,MAAM,CAAC,QAAQ,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YAC3E,IAAI,CAAC;gBACD,iBAAiB,CAAC,QAAQ,CAAC,GAAG,aAAa,CAAC,WAAW,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;YACnF,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,wCAAwC,QAAQ,KAAK,KAAK,EAAE,CAAC,CAAC;YAC/E,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,oCAAoC,QAAQ,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,OAAO,iBAAiB,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,QAAgB,EAAE,QAAgB,EAAE,gBAAwB;QACvF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QACpE,IAAI,CAAC,YAAY,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,cAAc,QAAQ,EAAE,CAAC,CAAC;QAC3F,CAAC;QAED,OAAO,aAAa,CAAC,WAAW,CAAC,gBAAgB,EAAE,YAAY,CAAC,CAAC;IACrE,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,QAAgB;QAC9C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;QAC1D,OAAO,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QAC1C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC,QAAQ,CAAC,CAAC;QACzB,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,kCAAkC,QAAQ,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB;QACzC,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QACnD,OAAO,OAAO,EAAE,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC;IAClD,CAAC;IAED,yBAAyB;IAEjB,MAAM,CAAC,KAAK,CAAC,aAAa,CAAC,QAAgB;QAC/C,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC;IACrC,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,QAAgB,EAAE,IAAmB;QACtE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC9C,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC;QACzB,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;IAC7D,CAAC;IAEO,MAAM,CAAC,KAAK,CAAC,gBAAgB;QACjC,OAAO,CAAC,MAAM,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC;IACnE,CAAC"}