@de-otio/chaoskb-server 0.2.0

package/dist/lib/handler/routes/devices.d.ts

@@ -0,0 +1,48 @@
+import { DynamoDBDocumentClient } from '@aws-sdk/lib-dynamodb';
+interface HandlerResponse {
+    statusCode: number;
+    body: string;
+    headers: Record<string, string>;
+}
+/**
+ * POST /v1/link-code — authenticated
+ *
+ * Creates a link code record so a new device can join this tenant.
+ * The caller displays the raw code; the server stores only its SHA-256 hash.
+ */
+export declare function handleCreateLinkCode(tenantId: string, body: string | null | undefined, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+/**
+ * POST /v1/link-confirm — unauthenticated (new device)
+ *
+ * The new device sends the raw link code and its public key.
+ * We hash the code, look up the LINK record, validate expiry and failure count,
+ * and store the public key for the existing device to pick up.
+ */
+export declare function handleLinkConfirm(body: string | null | undefined, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+/**
+ * POST /v1/link-code (extended) — also writes the reverse-lookup record.
+ *
+ * This is a wrapper that ensures both the tenant-scoped LINK# record
+ * and the top-level LINK_CODE# lookup record are created.
+ */
+export declare function handleCreateLinkCodeFull(tenantId: string, body: string | null | undefined, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+/**
+ * GET /v1/link-code/{hash}/status — authenticated
+ *
+ * Returns { status: 'waiting' } or { status: 'ready', newPublicKey }.
+ */
+export declare function handleGetLinkCodeStatus(tenantId: string, codeHash: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+/**
+ * GET /v1/devices — authenticated
+ *
+ * Lists all registered devices (KEY#{fingerprint} items) for the tenant.
+ */
+export declare function handleListDevices(tenantId: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+/**
+ * DELETE /v1/devices/{fingerprint} — authenticated
+ *
+ * Removes the KEY# item and WRAPPED_KEY# item for the given device.
+ */
+export declare function handleDeleteDevice(tenantId: string, fingerprint: string, ddb: DynamoDBDocumentClient, tableName: string): Promise<HandlerResponse>;
+export {};
+//# sourceMappingURL=devices.d.ts.map

package/dist/lib/handler/routes/devices.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"devices.d.ts","sourceRoot":"","sources":["../../../../lib/handler/routes/devices.ts"],"names":[],"mappings":"AACA,OAAO,EACL,sBAAsB,EAMvB,MAAM,uBAAuB,CAAC;AAI/B,UAAU,eAAe;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACjC;AAID;;;;;GAKG;AACH,wBAAsB,oBAAoB,CACxC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAqD1B;AAED;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAwJ1B;AAED;;;;;GAKG;AACH,wBAAsB,wBAAwB,CAC5C,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,EAC/B,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAoE1B;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAkC1B;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAuB1B;AAED;;;;GAIG;AACH,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,GAAG,EAAE,sBAAsB,EAC3B,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,CAmC1B"}

package/dist/lib/handler/routes/devices.js

@@ -0,0 +1,394 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleCreateLinkCode = handleCreateLinkCode;
+exports.handleLinkConfirm = handleLinkConfirm;
+exports.handleCreateLinkCodeFull = handleCreateLinkCodeFull;
+exports.handleGetLinkCodeStatus = handleGetLinkCodeStatus;
+exports.handleListDevices = handleListDevices;
+exports.handleDeleteDevice = handleDeleteDevice;
+const crypto = __importStar(require("crypto"));
+const lib_dynamodb_1 = require("@aws-sdk/lib-dynamodb");
+const logger_js_1 = require("../logger.js");
+const notifications_js_1 = require("./notifications.js");
+const JSON_HEADERS = { 'Content-Type': 'application/json' };
+/**
+ * POST /v1/link-code — authenticated
+ *
+ * Creates a link code record so a new device can join this tenant.
+ * The caller displays the raw code; the server stores only its SHA-256 hash.
+ */
+async function handleCreateLinkCode(tenantId, body, ddb, tableName) {
+    if (!body) {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'Request body is required' }),
+        };
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'Invalid JSON body' }),
+        };
+    }
+    if (!parsed.codeHash || typeof parsed.codeHash !== 'string') {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'codeHash is required' }),
+        };
+    }
+    const now = new Date();
+    const expiresAt = new Date(now.getTime() + 5 * 60 * 1000).toISOString();
+    const ttl = Math.floor(now.getTime() / 1000) + 10 * 60; // DynamoDB TTL: 10 min (generous)
+    await ddb.send(new lib_dynamodb_1.PutCommand({
+        TableName: tableName,
+        Item: {
+            PK: `TENANT#${tenantId}`,
+            SK: `LINK#${parsed.codeHash}`,
+            newPublicKey: null,
+            failureCount: 0,
+            expiresAt,
+            ttl,
+        },
+    }));
+    logger_js_1.logger.info('Link code created', { tenantId });
+    return {
+        statusCode: 201,
+        headers: JSON_HEADERS,
+        body: JSON.stringify({ status: 'created', expiresAt }),
+    };
+}
+/**
+ * POST /v1/link-confirm — unauthenticated (new device)
+ *
+ * The new device sends the raw link code and its public key.
+ * We hash the code, look up the LINK record, validate expiry and failure count,
+ * and store the public key for the existing device to pick up.
+ */
+async function handleLinkConfirm(body, ddb, tableName) {
+    if (!body) {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'Request body is required' }),
+        };
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'Invalid JSON body' }),
+        };
+    }
+    if (!parsed.linkCode || !parsed.publicKey) {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'linkCode and publicKey are required' }),
+        };
+    }
+    const codeHash = crypto.createHash('sha256').update(parsed.linkCode).digest('hex');
+    // Find the LINK record across tenants — query by SK pattern
+    // We need to scan for the link code. Since link codes are short-lived and rare,
+    // we use a GSI or scan. For simplicity, the caller must provide tenantId or
+    // we search by a known pattern. Actually, the link code hash is unique enough
+    // that we store a reverse-lookup record.
+    //
+    // Alternative approach: query all tenants. But DynamoDB doesn't support that
+    // efficiently. Instead, store a top-level LINK_CODE#{hash} -> tenantId mapping.
+    //
+    // For this implementation, the link-confirm looks up LINK_CODE#{hash} at the
+    // table level (PK = LINK_CODE#{hash}).
+    const lookupResult = await ddb.send(new lib_dynamodb_1.GetCommand({
+        TableName: tableName,
+        Key: {
+            PK: `LINK_CODE#${codeHash}`,
+            SK: 'META',
+        },
+    }));
+    // Fallback: try the tenant-scoped approach by scanning LINK# records
+    // For the initial implementation, we use a top-level lookup key.
+    // The handleCreateLinkCode also writes this lookup record.
+    if (!lookupResult.Item) {
+        return {
+            statusCode: 404,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'not_found', message: 'Invalid or expired link code' }),
+        };
+    }
+    const tenantId = lookupResult.Item['tenantId'];
+    // Fetch the tenant-scoped link record
+    const linkResult = await ddb.send(new lib_dynamodb_1.GetCommand({
+        TableName: tableName,
+        Key: {
+            PK: `TENANT#${tenantId}`,
+            SK: `LINK#${codeHash}`,
+        },
+    }));
+    if (!linkResult.Item) {
+        return {
+            statusCode: 404,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'not_found', message: 'Invalid or expired link code' }),
+        };
+    }
+    const linkRecord = linkResult.Item;
+    // Check expiry
+    if (new Date(linkRecord['expiresAt']) < new Date()) {
+        return {
+            statusCode: 410,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'expired', message: 'Link code has expired' }),
+        };
+    }
+    // Check failure count
+    const failureCount = linkRecord['failureCount'] ?? 0;
+    if (failureCount >= 3) {
+        // Delete the record
+        await ddb.send(new lib_dynamodb_1.DeleteCommand({
+            TableName: tableName,
+            Key: { PK: `TENANT#${tenantId}`, SK: `LINK#${codeHash}` },
+        }));
+        await ddb.send(new lib_dynamodb_1.DeleteCommand({
+            TableName: tableName,
+            Key: { PK: `LINK_CODE#${codeHash}`, SK: 'META' },
+        }));
+        return {
+            statusCode: 429,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'too_many_failures', message: 'Too many failed attempts' }),
+        };
+    }
+    // Store the new device's public key in the link record
+    try {
+        await ddb.send(new lib_dynamodb_1.UpdateCommand({
+            TableName: tableName,
+            Key: {
+                PK: `TENANT#${tenantId}`,
+                SK: `LINK#${codeHash}`,
+            },
+            UpdateExpression: 'SET newPublicKey = :pk',
+            ConditionExpression: 'attribute_exists(PK)',
+            ExpressionAttributeValues: {
+                ':pk': parsed.publicKey,
+            },
+        }));
+    }
+    catch (err) {
+        if (err.name === 'ConditionalCheckFailedException') {
+            return {
+                statusCode: 404,
+                headers: JSON_HEADERS,
+                body: JSON.stringify({ error: 'not_found', message: 'Link code no longer valid' }),
+            };
+        }
+        throw err;
+    }
+    logger_js_1.logger.info('Link confirmed', { tenantId, codeHash: codeHash.slice(0, 8) });
+    return {
+        statusCode: 200,
+        headers: JSON_HEADERS,
+        body: JSON.stringify({ status: 'confirmed' }),
+    };
+}
+/**
+ * POST /v1/link-code (extended) — also writes the reverse-lookup record.
+ *
+ * This is a wrapper that ensures both the tenant-scoped LINK# record
+ * and the top-level LINK_CODE# lookup record are created.
+ */
+async function handleCreateLinkCodeFull(tenantId, body, ddb, tableName) {
+    if (!body) {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'Request body is required' }),
+        };
+    }
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'Invalid JSON body' }),
+        };
+    }
+    if (!parsed.codeHash || typeof parsed.codeHash !== 'string') {
+        return {
+            statusCode: 400,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'invalid_request', message: 'codeHash is required' }),
+        };
+    }
+    const now = new Date();
+    const expiresAt = new Date(now.getTime() + 5 * 60 * 1000).toISOString();
+    const ttl = Math.floor(now.getTime() / 1000) + 10 * 60;
+    // Write the tenant-scoped link record
+    await ddb.send(new lib_dynamodb_1.PutCommand({
+        TableName: tableName,
+        Item: {
+            PK: `TENANT#${tenantId}`,
+            SK: `LINK#${parsed.codeHash}`,
+            newPublicKey: null,
+            failureCount: 0,
+            expiresAt,
+            ttl,
+        },
+    }));
+    // Write the reverse-lookup record (for unauthenticated link-confirm)
+    await ddb.send(new lib_dynamodb_1.PutCommand({
+        TableName: tableName,
+        Item: {
+            PK: `LINK_CODE#${parsed.codeHash}`,
+            SK: 'META',
+            tenantId,
+            expiresAt,
+            ttl,
+        },
+    }));
+    logger_js_1.logger.info('Link code created', { tenantId });
+    return {
+        statusCode: 201,
+        headers: JSON_HEADERS,
+        body: JSON.stringify({ status: 'created', expiresAt }),
+    };
+}
+/**
+ * GET /v1/link-code/{hash}/status — authenticated
+ *
+ * Returns { status: 'waiting' } or { status: 'ready', newPublicKey }.
+ */
+async function handleGetLinkCodeStatus(tenantId, codeHash, ddb, tableName) {
+    const result = await ddb.send(new lib_dynamodb_1.GetCommand({
+        TableName: tableName,
+        Key: {
+            PK: `TENANT#${tenantId}`,
+            SK: `LINK#${codeHash}`,
+        },
+    }));
+    if (!result.Item) {
+        return {
+            statusCode: 404,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ error: 'not_found', message: 'Link code not found' }),
+        };
+    }
+    const newPublicKey = result.Item['newPublicKey'];
+    if (newPublicKey) {
+        return {
+            statusCode: 200,
+            headers: JSON_HEADERS,
+            body: JSON.stringify({ status: 'ready', newPublicKey }),
+        };
+    }
+    return {
+        statusCode: 200,
+        headers: JSON_HEADERS,
+        body: JSON.stringify({ status: 'waiting' }),
+    };
+}
+/**
+ * GET /v1/devices — authenticated
+ *
+ * Lists all registered devices (KEY#{fingerprint} items) for the tenant.
+ */
+async function handleListDevices(tenantId, ddb, tableName) {
+    const result = await ddb.send(new lib_dynamodb_1.QueryCommand({
+        TableName: tableName,
+        KeyConditionExpression: 'PK = :pk AND begins_with(SK, :prefix)',
+        ExpressionAttributeValues: {
+            ':pk': `TENANT#${tenantId}`,
+            ':prefix': 'KEY#',
+        },
+    }));
+    const devices = (result.Items ?? []).map((item) => ({
+        fingerprint: item['SK'].replace('KEY#', ''),
+        registeredAt: item['registeredAt'],
+        publicKey: item['publicKey'],
+    }));
+    return {
+        statusCode: 200,
+        headers: JSON_HEADERS,
+        body: JSON.stringify({ devices }),
+    };
+}
+/**
+ * DELETE /v1/devices/{fingerprint} — authenticated
+ *
+ * Removes the KEY# item and WRAPPED_KEY# item for the given device.
+ */
+async function handleDeleteDevice(tenantId, fingerprint, ddb, tableName) {
+    // Delete the KEY# record
+    await ddb.send(new lib_dynamodb_1.DeleteCommand({
+        TableName: tableName,
+        Key: {
+            PK: `TENANT#${tenantId}`,
+            SK: `KEY#${fingerprint}`,
+        },
+    }));
+    // Delete the WRAPPED_KEY# record
+    await ddb.send(new lib_dynamodb_1.DeleteCommand({
+        TableName: tableName,
+        Key: {
+            PK: `TENANT#${tenantId}`,
+            SK: `WRAPPED_KEY#${fingerprint}`,
+        },
+    }));
+    // Create revocation notification for remaining devices
+    await (0, notifications_js_1.createNotification)(tenantId, 'device_revoked', {
+        hostname: fingerprint,
+    }, ddb, tableName);
+    logger_js_1.logger.info('Device removed', { tenantId, fingerprint });
+    return {
+        statusCode: 200,
+        headers: JSON_HEADERS,
+        body: JSON.stringify({ status: 'deleted' }),
+    };
+}
+//# sourceMappingURL=devices.js.map

package/dist/lib/handler/routes/devices.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"devices.js","sourceRoot":"","sources":["../../../../lib/handler/routes/devices.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA0BA,oDA0DC;AASD,8CA4JC;AAQD,4DAyEC;AAOD,0DAuCC;AAOD,8CA2BC;AAOD,gDAwCC;AAzcD,+CAAiC;AACjC,wDAO+B;AAC/B,4CAAsC;AACtC,yDAAwD;AAQxD,MAAM,YAAY,GAAG,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC;AAE5D;;;;;GAKG;AACI,KAAK,UAAU,oBAAoB,CACxC,QAAgB,EAChB,IAA+B,EAC/B,GAA2B,EAC3B,SAAiB;IAEjB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,IAAI,MAA4B,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACxE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,kCAAkC;IAE1F,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,MAAM,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,CAAC;YACf,SAAS;YACT,GAAG;SACJ;KACF,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE/C,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;KACvD,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,iBAAiB,CACrC,IAA+B,EAC/B,GAA2B,EAC3B,SAAiB;IAEjB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,IAAI,MAA+C,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,qCAAqC,EAAE,CAAC;SACnG,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAEnF,4DAA4D;IAC5D,gFAAgF;IAChF,4EAA4E;IAC5E,8EAA8E;IAC9E,yCAAyC;IACzC,EAAE;IACF,6EAA6E;IAC7E,gFAAgF;IAChF,EAAE;IACF,6EAA6E;IAC7E,uCAAuC;IACvC,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,IAAI,CACjC,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,aAAa,QAAQ,EAAE;YAC3B,EAAE,EAAE,MAAM;SACX;KACF,CAAC,CACH,CAAC;IAEF,qEAAqE;IACrE,iEAAiE;IACjE,2DAA2D;IAE3D,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;QACvB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;SACtF,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,UAAU,CAAW,CAAC;IAEzD,sCAAsC;IACtC,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,IAAI,CAC/B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,QAAQ,EAAE;SACvB;KACF,CAAC,CACH,CAAC;IAEF,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC;QACrB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;SACtF,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC;IAEnC,eAAe;IACf,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,WAAW,CAAW,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QAC7D,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,sBAAsB;IACtB,MAAM,YAAY,GAAI,UAAU,CAAC,cAAc,CAAY,IAAI,CAAC,CAAC;IACjE,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;QACtB,oBAAoB;QACpB,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE,EAAE,EAAE,EAAE,UAAU,QAAQ,EAAE,EAAE,EAAE,EAAE,QAAQ,QAAQ,EAAE,EAAE;SAC1D,CAAC,CACH,CAAC;QACF,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE,EAAE,EAAE,EAAE,aAAa,QAAQ,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;SACjD,CAAC,CACH,CAAC;QACF,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SAC1F,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,IAAI,CAAC;QACH,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;YAChB,SAAS,EAAE,SAAS;YACpB,GAAG,EAAE;gBACH,EAAE,EAAE,UAAU,QAAQ,EAAE;gBACxB,EAAE,EAAE,QAAQ,QAAQ,EAAE;aACvB;YACD,gBAAgB,EAAE,wBAAwB;YAC1C,mBAAmB,EAAE,sBAAsB;YAC3C,yBAAyB,EAAE;gBACzB,KAAK,EAAE,MAAM,CAAC,SAAS;aACxB;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAK,GAAyB,CAAC,IAAI,KAAK,iCAAiC,EAAE,CAAC;YAC1E,OAAO;gBACL,UAAU,EAAE,GAAG;gBACf,OAAO,EAAE,YAAY;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,2BAA2B,EAAE,CAAC;aACnF,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,CAAC;IACZ,CAAC;IAED,kBAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAE5E,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;KAC9C,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,wBAAwB,CAC5C,QAAgB,EAChB,IAA+B,EAC/B,GAA2B,EAC3B,SAAiB;IAEjB,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;SACxF,CAAC;IACJ,CAAC;IAED,IAAI,MAA4B,CAAC;IACjC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,mBAAmB,EAAE,CAAC;SACjF,CAAC;IACJ,CAAC;IAED,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC5D,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,OAAO,EAAE,sBAAsB,EAAE,CAAC;SACpF,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACxE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;IAEvD,sCAAsC;IACtC,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,MAAM,CAAC,QAAQ,EAAE;YAC7B,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,CAAC;YACf,SAAS;YACT,GAAG;SACJ;KACF,CAAC,CACH,CAAC;IAEF,qEAAqE;IACrE,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,IAAI,EAAE;YACJ,EAAE,EAAE,aAAa,MAAM,CAAC,QAAQ,EAAE;YAClC,EAAE,EAAE,MAAM;YACV,QAAQ;YACR,SAAS;YACT,GAAG;SACJ;KACF,CAAC,CACH,CAAC;IAEF,kBAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,EAAE,QAAQ,EAAE,CAAC,CAAC;IAE/C,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;KACvD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,uBAAuB,CAC3C,QAAgB,EAChB,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,yBAAU,CAAC;QACb,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,QAAQ,QAAQ,EAAE;SACvB;KACF,CAAC,CACH,CAAC;IAEF,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;QACjB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC;SAC7E,CAAC;IACJ,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,cAAc,CAAkB,CAAC;IAElE,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO;YACL,UAAU,EAAE,GAAG;YACf,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,CAAC;SACxD,CAAC;IACJ,CAAC;IAED,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,GAA2B,EAC3B,SAAiB;IAEjB,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,IAAI,CAC3B,IAAI,2BAAY,CAAC;QACf,SAAS,EAAE,SAAS;QACpB,sBAAsB,EAAE,uCAAuC;QAC/D,yBAAyB,EAAE;YACzB,KAAK,EAAE,UAAU,QAAQ,EAAE;YAC3B,SAAS,EAAE,MAAM;SAClB;KACF,CAAC,CACH,CAAC;IAEF,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAClD,WAAW,EAAG,IAAI,CAAC,IAAI,CAAY,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;QACvD,YAAY,EAAE,IAAI,CAAC,cAAc,CAAW;QAC5C,SAAS,EAAE,IAAI,CAAC,WAAW,CAAuB;KACnD,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACI,KAAK,UAAU,kBAAkB,CACtC,QAAgB,EAChB,WAAmB,EACnB,GAA2B,EAC3B,SAAiB;IAEjB,yBAAyB;IACzB,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,OAAO,WAAW,EAAE;SACzB;KACF,CAAC,CACH,CAAC;IAEF,iCAAiC;IACjC,MAAM,GAAG,CAAC,IAAI,CACZ,IAAI,4BAAa,CAAC;QAChB,SAAS,EAAE,SAAS;QACpB,GAAG,EAAE;YACH,EAAE,EAAE,UAAU,QAAQ,EAAE;YACxB,EAAE,EAAE,eAAe,WAAW,EAAE;SACjC;KACF,CAAC,CACH,CAAC;IAEF,uDAAuD;IACvD,MAAM,IAAA,qCAAkB,EAAC,QAAQ,EAAE,gBAAgB,EAAE;QACnD,QAAQ,EAAE,WAAW;KACtB,EAAE,GAAG,EAAE,SAAS,CAAC,CAAC;IAEnB,kBAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAC;IAEzD,OAAO;QACL,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,YAAY;QACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;KAC5C,CAAC;AACJ,CAAC"}