@de-otio/chaoskb-client 0.3.6 → 0.3.8

package/dist/crypto/tiers/enhanced.js

@@ -1,56 +0,0 @@
-// Enhanced tier removed — see doc/analysis/zero-config-sync/security-tiers.md
-// This file is deprecated. The zero-config sync implementation uses only two tiers:
-//   - Standard: SSH key wrapping (automatic, zero-config)
-//   - Maximum: Argon2id passphrase derivation
-// The Enhanced (BIP39 mnemonic) tier added complexity without meaningful security
-// benefit over the Standard tier's SSH-based recovery. Retained for backward
-// compatibility with existing Enhanced-tier users.
-import * as bip39 from 'bip39';
-import { SecureBuffer } from '../secure-buffer.js';
-// Re-export standard tier wrapping for dual-path recovery
-export { wrapMasterKey, unwrapMasterKeyEd25519, unwrapMasterKeyRSA } from './standard.js';
-/**
- * @deprecated Enhanced tier is deprecated. New installations use Standard or Maximum only.
- *
- * Enhanced tier: BIP39 24-word recovery key.
- *
- * The master key is a 256-bit random value which maps directly to a 24-word
- * BIP39 mnemonic. Either the mnemonic or the SSH-wrapped key can recover.
- */
-/**
- * @deprecated Use Standard tier (SSH key wrapping) instead.
- *
- * Encode a 256-bit master key as a 24-word BIP39 mnemonic.
- * The master key bytes are used directly as the entropy.
- */
-export function generateRecoveryKey(masterKey) {
-    if (masterKey.length !== 32) {
-        throw new Error(`Master key must be 32 bytes (256 bits), got ${masterKey.length}`);
-    }
-    const entropy = Buffer.from(masterKey.buffer).toString('hex');
-    const mnemonic = bip39.entropyToMnemonic(entropy);
-    return mnemonic;
-}
-/**
- * @deprecated Use Standard tier (SSH key wrapping) instead.
- *
- * Decode a 24-word BIP39 mnemonic back to the 256-bit master key.
- * Returns a SecureBuffer containing the recovered key.
- */
-export function recoverFromMnemonic(mnemonic) {
-    const trimmed = mnemonic.trim().toLowerCase();
-    if (!bip39.validateMnemonic(trimmed)) {
-        throw new Error('Invalid BIP39 mnemonic');
-    }
-    const words = trimmed.split(/\s+/);
-    if (words.length !== 24) {
-        throw new Error(`Expected 24-word mnemonic, got ${words.length} words`);
-    }
-    const entropyHex = bip39.mnemonicToEntropy(trimmed);
-    const entropyBytes = Buffer.from(entropyHex, 'hex');
-    if (entropyBytes.length !== 32) {
-        throw new Error(`Recovered entropy must be 32 bytes, got ${entropyBytes.length}`);
-    }
-    return SecureBuffer.from(entropyBytes);
-}
-//# sourceMappingURL=enhanced.js.map

package/dist/crypto/tiers/enhanced.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"enhanced.js","sourceRoot":"","sources":["../../../crypto/tiers/enhanced.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,oFAAoF;AACpF,0DAA0D;AAC1D,8CAA8C;AAC9C,kFAAkF;AAClF,6EAA6E;AAC7E,mDAAmD;AAEnD,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE/B,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGnD,0DAA0D;AAC1D,OAAO,EAAE,aAAa,EAAE,sBAAsB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAE1F;;;;;;;GAOG;AAEH;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,SAAwB;IAC1D,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,+CAA+C,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IACrF,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAgB;IAClD,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE9C,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IAED,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACnC,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,kCAAkC,KAAK,CAAC,MAAM,QAAQ,CAAC,CAAC;IAC1E,CAAC;IAED,MAAM,UAAU,GAAG,KAAK,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAEpD,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,2CAA2C,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;AACzC,CAAC"}

package/dist/crypto/tiers/maximum.d.ts

@@ -1,19 +0,0 @@
-import type { ISecureBuffer } from '../types.js';
-/**
- * Maximum tier: Argon2id passphrase derivation.
- *
- * The master key is derived from a user-chosen passphrase.
- * No recovery path — if the passphrase is lost, data is lost.
- */
-/**
- * Derive a master key from a passphrase using Argon2id.
- *
- * @param passphrase - User passphrase
- * @param salt - Optional 16-byte salt. If not provided, a random one is generated.
- * @returns Object with the derived master key and the salt (for server storage)
- */
-export declare function deriveFromPassphrase(passphrase: string, salt?: Uint8Array): {
-    masterKey: ISecureBuffer;
-    salt: Uint8Array;
-};
-//# sourceMappingURL=maximum.d.ts.map

package/dist/crypto/tiers/maximum.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"maximum.d.ts","sourceRoot":"","sources":["../../../crypto/tiers/maximum.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAIjD;;;;;GAKG;AAEH;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,MAAM,EAClB,IAAI,CAAC,EAAE,UAAU,GAChB;IAAE,SAAS,EAAE,aAAa,CAAC;IAAC,IAAI,EAAE,UAAU,CAAA;CAAE,CAUhD"}

package/dist/crypto/tiers/maximum.js

@@ -1,25 +0,0 @@
-import { randomBytes } from 'node:crypto';
-import { deriveFromPassphrase as argon2Derive } from '../argon2.js';
-const SALT_LENGTH = 16;
-/**
- * Maximum tier: Argon2id passphrase derivation.
- *
- * The master key is derived from a user-chosen passphrase.
- * No recovery path — if the passphrase is lost, data is lost.
- */
-/**
- * Derive a master key from a passphrase using Argon2id.
- *
- * @param passphrase - User passphrase
- * @param salt - Optional 16-byte salt. If not provided, a random one is generated.
- * @returns Object with the derived master key and the salt (for server storage)
- */
-export function deriveFromPassphrase(passphrase, salt) {
-    const actualSalt = salt ?? new Uint8Array(randomBytes(SALT_LENGTH));
-    if (actualSalt.length !== SALT_LENGTH) {
-        throw new Error(`Salt must be ${SALT_LENGTH} bytes, got ${actualSalt.length}`);
-    }
-    const masterKey = argon2Derive(passphrase, actualSalt);
-    return { masterKey, salt: actualSalt };
-}
-//# sourceMappingURL=maximum.js.map

package/dist/crypto/tiers/maximum.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"maximum.js","sourceRoot":"","sources":["../../../crypto/tiers/maximum.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,oBAAoB,IAAI,YAAY,EAAE,MAAM,cAAc,CAAC;AAGpE,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB;;;;;GAKG;AAEH;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAClC,UAAkB,EAClB,IAAiB;IAEjB,MAAM,UAAU,GAAG,IAAI,IAAI,IAAI,UAAU,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC,CAAC;IAEpE,IAAI,UAAU,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CAAC,gBAAgB,WAAW,eAAe,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,SAAS,GAAG,YAAY,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAEvD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC"}

package/dist/crypto/tiers/standard.d.ts

@@ -1,27 +0,0 @@
-import * as crypto from 'node:crypto';
-import type { ISecureBuffer, SSHKeyInfo } from '../types.js';
-/**
- * Standard tier: SSH key wrapping.
- *
- * For Ed25519 keys: crypto_box_seal (ephemeral X25519 ECDH + XSalsa20-Poly1305)
- * For RSA keys: RSA-OAEP-SHA256 KEM + XChaCha20-Poly1305 DEM
- */
-/**
- * Wrap a master key with an SSH public key.
- * Ed25519: uses crypto_box_seal after converting to X25519.
- * RSA: uses RSA-OAEP KEM + XChaCha20-Poly1305 DEM.
- */
-export declare function wrapMasterKey(masterKey: ISecureBuffer, sshPublicKey: SSHKeyInfo): Uint8Array;
-/**
- * Unwrap a master key with an SSH private key (Ed25519).
- * @param wrappedKey - The sealed box
- * @param ed25519SecretKey - The 64-byte Ed25519 secret key
- */
-export declare function unwrapMasterKeyEd25519(wrappedKey: Uint8Array, ed25519SecretKey: Uint8Array, ed25519PublicKey: Uint8Array): ISecureBuffer;
-/**
- * Unwrap a master key wrapped with RSA-OAEP KEM + DEM.
- * @param wrappedKey - Serialized [4-byte wrappedWKLen][wrappedWK][nonce][ct][tag]
- * @param rsaPrivateKey - RSA private key in PEM or DER format
- */
-export declare function unwrapMasterKeyRSA(wrappedKey: Uint8Array, rsaPrivateKey: crypto.KeyObject): ISecureBuffer;
-//# sourceMappingURL=standard.d.ts.map

package/dist/crypto/tiers/standard.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"standard.d.ts","sourceRoot":"","sources":["../../../crypto/tiers/standard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AAMtC,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAI7D;;;;;GAKG;AAEH;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,GAAG,UAAU,CAO5F;AAED;;;;GAIG;AACH,wBAAgB,sBAAsB,CACpC,UAAU,EAAE,UAAU,EACtB,gBAAgB,EAAE,UAAU,EAC5B,gBAAgB,EAAE,UAAU,GAC3B,aAAa,CAmBf;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,MAAM,CAAC,SAAS,GAC9B,aAAa,CA0Cf"}

package/dist/crypto/tiers/standard.js

@@ -1,155 +0,0 @@
-import * as crypto from 'node:crypto';
-import sodium from 'sodium-native';
-import { aeadEncrypt, aeadDecrypt } from '../aead.js';
-import { SecureBuffer } from '../secure-buffer.js';
-import { ed25519ToX25519PublicKey, ed25519ToX25519SecretKey } from '../ssh-keys.js';
-const RSA_MIN_BITS = 2048;
-/**
- * Standard tier: SSH key wrapping.
- *
- * For Ed25519 keys: crypto_box_seal (ephemeral X25519 ECDH + XSalsa20-Poly1305)
- * For RSA keys: RSA-OAEP-SHA256 KEM + XChaCha20-Poly1305 DEM
- */
-/**
- * Wrap a master key with an SSH public key.
- * Ed25519: uses crypto_box_seal after converting to X25519.
- * RSA: uses RSA-OAEP KEM + XChaCha20-Poly1305 DEM.
- */
-export function wrapMasterKey(masterKey, sshPublicKey) {
-    if (sshPublicKey.type === 'ed25519') {
-        return wrapWithEd25519(masterKey, sshPublicKey.publicKeyBytes);
-    }
-    else if (sshPublicKey.type === 'rsa') {
-        return wrapWithRSA(masterKey, sshPublicKey.publicKeyBytes);
-    }
-    throw new Error(`Unsupported SSH key type: ${sshPublicKey.type}`);
-}
-/**
- * Unwrap a master key with an SSH private key (Ed25519).
- * @param wrappedKey - The sealed box
- * @param ed25519SecretKey - The 64-byte Ed25519 secret key
- */
-export function unwrapMasterKeyEd25519(wrappedKey, ed25519SecretKey, ed25519PublicKey) {
-    const x25519Sk = ed25519ToX25519SecretKey(ed25519SecretKey);
-    const x25519Pk = ed25519ToX25519PublicKey(ed25519PublicKey);
-    const skBuf = Buffer.from(x25519Sk);
-    const pkBuf = Buffer.from(x25519Pk);
-    const plaintext = Buffer.alloc(wrappedKey.length - sodium.crypto_box_SEALBYTES);
-    try {
-        sodium.crypto_box_seal_open(plaintext, Buffer.from(wrappedKey), pkBuf, skBuf);
-        return SecureBuffer.from(plaintext);
-    }
-    finally {
-        sodium.sodium_memzero(skBuf);
-        sodium.sodium_memzero(pkBuf);
-    }
-}
-/**
- * Unwrap a master key wrapped with RSA-OAEP KEM + DEM.
- * @param wrappedKey - Serialized [4-byte wrappedWKLen][wrappedWK][nonce][ct][tag]
- * @param rsaPrivateKey - RSA private key in PEM or DER format
- */
-export function unwrapMasterKeyRSA(wrappedKey, rsaPrivateKey) {
-    const buf = Buffer.from(wrappedKey);
-    let offset = 0;
-    // Read wrapped wrapping key length
-    const wrappedWKLen = buf.readUInt32BE(offset);
-    offset += 4;
-    // Read wrapped wrapping key
-    const wrappedWK = buf.subarray(offset, offset + wrappedWKLen);
-    offset += wrappedWKLen;
-    // Remaining is AEAD encrypted master key: nonce(24) || ciphertext || tag(16)
-    const aeadPayload = buf.subarray(offset);
-    const nonce = aeadPayload.subarray(0, 24);
-    const ciphertext = aeadPayload.subarray(24, aeadPayload.length - 16);
-    const tag = aeadPayload.subarray(aeadPayload.length - 16);
-    // Decrypt wrapping key with RSA-OAEP
-    const wrappingKey = crypto.privateDecrypt({
-        key: rsaPrivateKey,
-        padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
-        oaepHash: 'sha256',
-    }, wrappedWK);
-    // Decrypt master key with XChaCha20-Poly1305
-    const emptyAAD = new Uint8Array(0);
-    const masterKeyBytes = aeadDecrypt(new Uint8Array(wrappingKey), new Uint8Array(nonce), new Uint8Array(ciphertext), new Uint8Array(tag), emptyAAD);
-    // Zero the wrapping key
-    wrappingKey.fill(0);
-    return SecureBuffer.from(Buffer.from(masterKeyBytes));
-}
-// --- Internal helpers ---
-function wrapWithEd25519(masterKey, ed25519PublicKey) {
-    const x25519Pk = ed25519ToX25519PublicKey(ed25519PublicKey);
-    const sealed = Buffer.alloc(masterKey.length + sodium.crypto_box_SEALBYTES);
-    sodium.crypto_box_seal(sealed, masterKey.buffer, Buffer.from(x25519Pk));
-    return new Uint8Array(sealed);
-}
-function wrapWithRSA(masterKey, rsaPublicKeyBytes) {
-    // Parse the RSA public key bytes (SSH wire format: exponent + modulus)
-    const rsaPubKey = rsaPublicKeyBytesToKeyObject(rsaPublicKeyBytes);
-    // Check minimum key size
-    const keyDetail = rsaPubKey.asymmetricKeySize;
-    if (keyDetail !== undefined && keyDetail * 8 < RSA_MIN_BITS) {
-        throw new Error(`RSA key too small: ${keyDetail * 8} bits (minimum ${RSA_MIN_BITS})`);
-    }
-    // Generate random 32-byte wrapping key
-    const wrappingKey = crypto.randomBytes(32);
-    // RSA-OAEP encrypt the wrapping key
-    const wrappedWK = crypto.publicEncrypt({
-        key: rsaPubKey,
-        padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
-        oaepHash: 'sha256',
-    }, wrappingKey);
-    // XChaCha20-Poly1305 encrypt the master key with the wrapping key
-    const emptyAAD = new Uint8Array(0);
-    const { nonce, ciphertext, tag } = aeadEncrypt(new Uint8Array(wrappingKey), new Uint8Array(masterKey.buffer), emptyAAD);
-    // Zero the wrapping key
-    wrappingKey.fill(0);
-    // Serialize: [4-byte wrappedWK length][wrappedWK][nonce][ciphertext][tag]
-    const totalLen = 4 + wrappedWK.length + nonce.length + ciphertext.length + tag.length;
-    const result = Buffer.alloc(totalLen);
-    let offset = 0;
-    result.writeUInt32BE(wrappedWK.length, offset);
-    offset += 4;
-    wrappedWK.copy(result, offset);
-    offset += wrappedWK.length;
-    Buffer.from(nonce).copy(result, offset);
-    offset += nonce.length;
-    Buffer.from(ciphertext).copy(result, offset);
-    offset += ciphertext.length;
-    Buffer.from(tag).copy(result, offset);
-    return new Uint8Array(result);
-}
-/**
- * Convert SSH wire format RSA public key bytes to a Node.js KeyObject.
- * Input: [4-byte exponent length][exponent][4-byte modulus length][modulus]
- */
-function rsaPublicKeyBytesToKeyObject(rsaBytes) {
-    const buf = Buffer.from(rsaBytes);
-    let offset = 0;
-    const eLen = buf.readUInt32BE(offset);
-    offset += 4;
-    const e = buf.subarray(offset, offset + eLen);
-    offset += eLen;
-    const nLen = buf.readUInt32BE(offset);
-    offset += 4;
-    const n = buf.subarray(offset, offset + nLen);
-    // Build a DER-encoded RSA public key (PKCS#1)
-    // Use Node.js crypto to create from JWK
-    const jwk = {
-        kty: 'RSA',
-        n: bufferToBase64Url(stripLeadingZero(n)),
-        e: bufferToBase64Url(stripLeadingZero(e)),
-    };
-    return crypto.createPublicKey({ key: jwk, format: 'jwk' });
-}
-function stripLeadingZero(buf) {
-    // SSH wire format may have a leading zero byte for sign
-    if (buf[0] === 0 && buf.length > 1) {
-        return buf.subarray(1);
-    }
-    return buf;
-}
-function bufferToBase64Url(buf) {
-    return buf.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
-}
-//# sourceMappingURL=standard.js.map

package/dist/crypto/tiers/standard.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"standard.js","sourceRoot":"","sources":["../../../crypto/tiers/standard.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,MAAM,MAAM,eAAe,CAAC;AAEnC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAGpF,MAAM,YAAY,GAAG,IAAI,CAAC;AAE1B;;;;;GAKG;AAEH;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,SAAwB,EAAE,YAAwB;IAC9E,IAAI,YAAY,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACpC,OAAO,eAAe,CAAC,SAAS,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC;IACjE,CAAC;SAAM,IAAI,YAAY,CAAC,IAAI,KAAK,KAAK,EAAE,CAAC;QACvC,OAAO,WAAW,CAAC,SAAS,EAAE,YAAY,CAAC,cAAc,CAAC,CAAC;IAC7D,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,6BAA6B,YAAY,CAAC,IAAI,EAAE,CAAC,CAAC;AACpE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,sBAAsB,CACpC,UAAsB,EACtB,gBAA4B,EAC5B,gBAA4B;IAE5B,MAAM,QAAQ,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;IAC5D,MAAM,QAAQ,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;IAE5D,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAChF,IAAI,CAAC;QACH,MAAM,CAAC,oBAAoB,CACzB,SAAS,EACT,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EACvB,KAAK,EACL,KAAK,CACN,CAAC;QACF,OAAO,YAAY,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;YAAS,CAAC;QACT,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;QAC7B,MAAM,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,kBAAkB,CAChC,UAAsB,EACtB,aAA+B;IAE/B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpC,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,mCAAmC;IACnC,MAAM,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC9C,MAAM,IAAI,CAAC,CAAC;IAEZ,4BAA4B;IAC5B,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,YAAY,CAAC,CAAC;IAC9D,MAAM,IAAI,YAAY,CAAC;IAEvB,6EAA6E;IAC7E,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzC,MAAM,KAAK,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,WAAW,CAAC,QAAQ,CAAC,EAAE,EAAE,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACrE,MAAM,GAAG,GAAG,WAAW,CAAC,QAAQ,CAAC,WAAW,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IAE1D,qCAAqC;IACrC,MAAM,WAAW,GAAG,MAAM,CAAC,cAAc,CACvC;QACE,GAAG,EAAE,aAAa;QAClB,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;QAChD,QAAQ,EAAE,QAAQ;KACnB,EACD,SAAS,CACV,CAAC;IAEF,6CAA6C;IAC7C,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,cAAc,GAAG,WAAW,CAChC,IAAI,UAAU,CAAC,WAAW,CAAC,EAC3B,IAAI,UAAU,CAAC,KAAK,CAAC,EACrB,IAAI,UAAU,CAAC,UAAU,CAAC,EAC1B,IAAI,UAAU,CAAC,GAAG,CAAC,EACnB,QAAQ,CACT,CAAC;IAEF,wBAAwB;IACxB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,OAAO,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,2BAA2B;AAE3B,SAAS,eAAe,CAAC,SAAwB,EAAE,gBAA4B;IAC7E,MAAM,QAAQ,GAAG,wBAAwB,CAAC,gBAAgB,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAC5E,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;IAExE,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,WAAW,CAAC,SAAwB,EAAE,iBAA6B;IAC1E,uEAAuE;IACvE,MAAM,SAAS,GAAG,4BAA4B,CAAC,iBAAiB,CAAC,CAAC;IAElE,yBAAyB;IACzB,MAAM,SAAS,GAAI,SAAuD,CAAC,iBAAiB,CAAC;IAC7F,IAAI,SAAS,KAAK,SAAS,IAAI,SAAS,GAAG,CAAC,GAAG,YAAY,EAAE,CAAC;QAC5D,MAAM,IAAI,KAAK,CAAC,sBAAsB,SAAS,GAAG,CAAC,kBAAkB,YAAY,GAAG,CAAC,CAAC;IACxF,CAAC;IAED,uCAAuC;IACvC,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAE3C,oCAAoC;IACpC,MAAM,SAAS,GAAG,MAAM,CAAC,aAAa,CACpC;QACE,GAAG,EAAE,SAAS;QACd,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,sBAAsB;QAChD,QAAQ,EAAE,QAAQ;KACnB,EACD,WAAW,CACZ,CAAC;IAEF,kEAAkE;IAClE,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,WAAW,CAC5C,IAAI,UAAU,CAAC,WAAW,CAAC,EAC3B,IAAI,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,EAChC,QAAQ,CACT,CAAC;IAEF,wBAAwB;IACxB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEpB,0EAA0E;IAC1E,MAAM,QAAQ,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IACtF,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/C,MAAM,IAAI,CAAC,CAAC;IACZ,SAAS,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,IAAI,SAAS,CAAC,MAAM,CAAC;IAC3B,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxC,MAAM,IAAI,KAAK,CAAC,MAAM,CAAC;IACvB,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7C,MAAM,IAAI,UAAU,CAAC,MAAM,CAAC;IAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEtC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,SAAS,4BAA4B,CAAC,QAAoB;IACxD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,IAAI,MAAM,GAAG,CAAC,CAAC;IAEf,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,IAAI,CAAC,CAAC;IACZ,MAAM,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;IAC9C,MAAM,IAAI,IAAI,CAAC;IAEf,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,IAAI,CAAC,CAAC;IACZ,MAAM,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC,CAAC;IAE9C,8CAA8C;IAC9C,wCAAwC;IACxC,MAAM,GAAG,GAAG;QACV,GAAG,EAAE,KAAK;QACV,CAAC,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;QACzC,CAAC,EAAE,iBAAiB,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC;KAC1C,CAAC;IAEF,OAAO,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;AAC7D,CAAC;AAED,SAAS,gBAAgB,CAAC,GAAW;IACnC,wDAAwD;IACxD,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,OAAO,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAW;IACpC,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AAC3F,CAAC"}