@deepwhale/core 1.0.9 → 1.0.10

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 yysf1949
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@deepwhale/core",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "description": "Core primitives for DeepWhale: i18n, session JSONL, compaction, types",
   "license": "MIT",
   "type": "module",
@@ -54,4 +54,4 @@
     "dev": "tsc -b --watch",
     "clean": "rm -rf dist .tsbuildinfo"
   }
-}
+}

package/dist/session/crypto.d.ts

@@ -1,91 +0,0 @@
-/**
- * Session Encryption — Sprint 1c-revive-2-D-6-1
- *
- * AES-256-GCM encryption for SessionEvent lines at rest.
- *
- * 决策来源 (X-pickup A+A+A, 2026-06-04 决策):
- *   - 算法: AES-256-GCM (jsonl.ts 注释已定, AEAD 推荐)
- *     - 32 byte key (256 bit)
- *     - 12 byte IV (96 bit, GCM 推荐, nonce-misuse resistance 最佳)
- *     - 16 byte auth tag (128 bit, GCM 默认)
- *   - key 来源: DEEPWHALE_SESSION_KEY env (X4 c 决策: key 永不出 ~/.deepwhale/)
- *   - API 决策: 透明包装 (SessionWriter/Reader 接 optional `key`, 不暴露 cipher API)
- *
- * Line format (D-6-1):
- *   - 明文 (v1.0 兼容): `{"kind":"user",...}` — 不变, Reader 用 JSON.parse
- *   - 加密 (D-6): `enc:<base64(iv || ciphertext || authTag)>` — Reader 用 `enc:` 前缀判
- *
- * 为什么不写独立 CryptoSessionWriter/Reader:
- *   - 决策 A (X-pickup): 透明包装 = 最小 API surface
- *   - 验证 v1.0 Reader 用 JSON.parse 即可区分 (JSON 必以 `{` 开始, enc 以 `e` 开始,
- *     无 collision)
- *
- * AAD (Associated Authenticated Data) 决策:
- *   - 决策 = 'deepwhale-session-v1' (AAD 含 version + namespace)
- *   - 防 line swap 攻击: 1 个 cipher 块从 line A 换到 line B 也解不出来
- *     (GCM 把 AAD 算进 auth tag, AAD 一变就 decrypt 失败)
- *
- * 不做 rekey: D-6-1 不轮换 key, key 不变 (= env 一直)
- * D-6+ 待办: key 轮换 (e.g. key version tag) 留 next sprint
- *
- * @module @deepwhale/core/session/crypto
- */
-/** AES-256 key 长度 = 32 byte (256 bit) */
-export declare const SESSION_KEY_LENGTH = 32;
-/** GCM IV 长度 = 12 byte (96 bit, GCM 推荐) */
-export declare const GCM_IV_LENGTH = 12;
-/** GCM auth tag 长度 = 16 byte (128 bit, GCM 默认) */
-export declare const GCM_AUTH_TAG_LENGTH = 16;
-/** 加密行 magic prefix (Reader 用 prefix 来 detect encrypted vs plaintext) */
-export declare const ENCRYPTED_LINE_PREFIX = "enc:";
-/** AAD 决策 — 含 version + namespace (防 line swap 攻击) */
-export declare const SESSION_AAD = "deepwhale-session-v1";
-/** Env var 名 — key 来源 (X4 c 决策: key 永不出 ~/.deepwhale/, 只通过 process.env) */
-export declare const SESSION_KEY_ENV = "DEEPWHALE_SESSION_KEY";
-/** Session 加密 key (32 byte) — env hex 64 char / base64 44 char, 解析成 Buffer */
-export declare function readSessionKey(env?: NodeJS.ProcessEnv): Buffer | null;
-/**
- * 解析 key string → 32 byte Buffer.
- *
- * 决策格式 (按优先级):
- *   1. hex 64 char → Buffer.from(hex, 'hex') (32 byte)
- *   2. base64 44 char → Buffer.from(b64, 'base64') (32 byte)
- *   3. 其他 — 抛错 (不静默 fallback, 避免 silent weak key)
- *
- * 边界: 长度 < 32 byte, 返回 = 抛 (不静默, key 错 = null)
- */
-export declare function parseSessionKey(raw: string): Buffer;
-/**
- * 加密 1 line (SessionEvent JSON → encrypted line).
- *
- * 决策: 把 plaintext 当 UTF-8, 生成随机 IV (12 byte), GCM 加密,
- * 把 base64 拼接 (iv || ciphertext || authTag) → `enc:<base64>` 输出.
- *
- * 约束: key 必须 32 byte (AES-256); 不是 32 byte 抛错
- */
-export declare function encryptLine(plaintext: string, key: Buffer): string;
-/**
- * 解密 1 line (encrypted line → SessionEvent JSON).
- *
- * 决策: 验证 `enc:` prefix → base64 decode → 拆 iv / ciphertext / authTag →
- * GCM 解密, 验 AAD, 验 auth tag.
- *
- * 错误:
- *   - 缺 `enc:` prefix → 抛错 (提示 plaintext 误传 — 让 plaintext detect 走 Reader)
- *   - 不是 32 byte key → 抛错
- *   - auth tag 失败 (cipher 错 / AAD 错 / line swap 攻击) → 抛 'auth tag mismatch'
- *   - base64 错 / length 错 → 抛 'malformed encrypted line'
- */
-export declare function decryptLine(line: string, key: Buffer): string;
-/**
- * 快速判断: 是 plaintext JSON 行 (用于让 Reader 知道是 plaintext).
- *
- * 决策理由 (决策沿用 Reader 已有拍):
- *   - JSON 行必以 `{` 开始 (明文事件), 加密行必以 `e` (`enc:` 开头)
- *   - 不存文字冲突 (明文 SessionEvent 不会以 `enc:` 开头)
- *
- * 边界: D-6-1 不支持 mix (一行 plaintext + 一行 encrypted 交错) —
- * 一旦传 key 整个 session 必须用 key 写到底 (跟 GCM nonce 不能重用的语义一致)
- */
-export declare function isEncryptedLine(line: string): boolean;
-//# sourceMappingURL=crypto.d.ts.map

package/dist/session/crypto.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../../src/session/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAIH,yCAAyC;AACzC,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAErC,2CAA2C;AAC3C,eAAO,MAAM,aAAa,KAAK,CAAC;AAEhC,kDAAkD;AAClD,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC,yEAAyE;AACzE,eAAO,MAAM,qBAAqB,SAAS,CAAC;AAE5C,sDAAsD;AACtD,eAAO,MAAM,WAAW,yBAAyB,CAAC;AAElD,2EAA2E;AAC3E,eAAO,MAAM,eAAe,0BAA0B,CAAC;AAEvD,8EAA8E;AAC9E,wBAAgB,cAAc,CAAC,GAAG,GAAE,MAAM,CAAC,UAAwB,GAAG,MAAM,GAAG,IAAI,CAIlF;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAkBnD;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAclE;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAkC7D;AAED;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAErD"}

package/dist/session/crypto.js

@@ -1,155 +0,0 @@
-/**
- * Session Encryption — Sprint 1c-revive-2-D-6-1
- *
- * AES-256-GCM encryption for SessionEvent lines at rest.
- *
- * 决策来源 (X-pickup A+A+A, 2026-06-04 决策):
- *   - 算法: AES-256-GCM (jsonl.ts 注释已定, AEAD 推荐)
- *     - 32 byte key (256 bit)
- *     - 12 byte IV (96 bit, GCM 推荐, nonce-misuse resistance 最佳)
- *     - 16 byte auth tag (128 bit, GCM 默认)
- *   - key 来源: DEEPWHALE_SESSION_KEY env (X4 c 决策: key 永不出 ~/.deepwhale/)
- *   - API 决策: 透明包装 (SessionWriter/Reader 接 optional `key`, 不暴露 cipher API)
- *
- * Line format (D-6-1):
- *   - 明文 (v1.0 兼容): `{"kind":"user",...}` — 不变, Reader 用 JSON.parse
- *   - 加密 (D-6): `enc:<base64(iv || ciphertext || authTag)>` — Reader 用 `enc:` 前缀判
- *
- * 为什么不写独立 CryptoSessionWriter/Reader:
- *   - 决策 A (X-pickup): 透明包装 = 最小 API surface
- *   - 验证 v1.0 Reader 用 JSON.parse 即可区分 (JSON 必以 `{` 开始, enc 以 `e` 开始,
- *     无 collision)
- *
- * AAD (Associated Authenticated Data) 决策:
- *   - 决策 = 'deepwhale-session-v1' (AAD 含 version + namespace)
- *   - 防 line swap 攻击: 1 个 cipher 块从 line A 换到 line B 也解不出来
- *     (GCM 把 AAD 算进 auth tag, AAD 一变就 decrypt 失败)
- *
- * 不做 rekey: D-6-1 不轮换 key, key 不变 (= env 一直)
- * D-6+ 待办: key 轮换 (e.g. key version tag) 留 next sprint
- *
- * @module @deepwhale/core/session/crypto
- */
-import { createCipheriv, createDecipheriv, randomBytes } from 'node:crypto';
-/** AES-256 key 长度 = 32 byte (256 bit) */
-export const SESSION_KEY_LENGTH = 32;
-/** GCM IV 长度 = 12 byte (96 bit, GCM 推荐) */
-export const GCM_IV_LENGTH = 12;
-/** GCM auth tag 长度 = 16 byte (128 bit, GCM 默认) */
-export const GCM_AUTH_TAG_LENGTH = 16;
-/** 加密行 magic prefix (Reader 用 prefix 来 detect encrypted vs plaintext) */
-export const ENCRYPTED_LINE_PREFIX = 'enc:';
-/** AAD 决策 — 含 version + namespace (防 line swap 攻击) */
-export const SESSION_AAD = 'deepwhale-session-v1';
-/** Env var 名 — key 来源 (X4 c 决策: key 永不出 ~/.deepwhale/, 只通过 process.env) */
-export const SESSION_KEY_ENV = 'DEEPWHALE_SESSION_KEY';
-/** Session 加密 key (32 byte) — env hex 64 char / base64 44 char, 解析成 Buffer */
-export function readSessionKey(env = process.env) {
-    const raw = env[SESSION_KEY_ENV];
-    if (!raw)
-        return null;
-    return parseSessionKey(raw);
-}
-/**
- * 解析 key string → 32 byte Buffer.
- *
- * 决策格式 (按优先级):
- *   1. hex 64 char → Buffer.from(hex, 'hex') (32 byte)
- *   2. base64 44 char → Buffer.from(b64, 'base64') (32 byte)
- *   3. 其他 — 抛错 (不静默 fallback, 避免 silent weak key)
- *
- * 边界: 长度 < 32 byte, 返回 = 抛 (不静默, key 错 = null)
- */
-export function parseSessionKey(raw) {
-    const trimmed = raw.trim();
-    if (trimmed.length === 0) {
-        throw new Error(`parseSessionKey: empty string`);
-    }
-    // hex 优先 (64 char = 32 byte)
-    if (/^[0-9a-fA-F]{64}$/.test(trimmed)) {
-        return Buffer.from(trimmed, 'hex');
-    }
-    // base64 兜底 (44 char = 32 byte unpadded, 或 43 char 不带 padding)
-    if (/^[A-Za-z0-9+/=]{43,44}$/.test(trimmed)) {
-        const buf = Buffer.from(trimmed, 'base64');
-        if (buf.length === SESSION_KEY_LENGTH)
-            return buf;
-    }
-    // 不是 32 byte 编码
-    throw new Error(`parseSessionKey: must be 64-char hex or 44-char base64 encoding 32 bytes, got length=${trimmed.length}`);
-}
-/**
- * 加密 1 line (SessionEvent JSON → encrypted line).
- *
- * 决策: 把 plaintext 当 UTF-8, 生成随机 IV (12 byte), GCM 加密,
- * 把 base64 拼接 (iv || ciphertext || authTag) → `enc:<base64>` 输出.
- *
- * 约束: key 必须 32 byte (AES-256); 不是 32 byte 抛错
- */
-export function encryptLine(plaintext, key) {
-    if (key.length !== SESSION_KEY_LENGTH) {
-        throw new Error(`encryptLine: key must be ${SESSION_KEY_LENGTH} bytes, got ${key.length}`);
-    }
-    const iv = randomBytes(GCM_IV_LENGTH);
-    const cipher = createCipheriv('aes-256-gcm', key, iv);
-    cipher.setAAD(Buffer.from(SESSION_AAD, 'utf8'));
-    const enc = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
-    const authTag = cipher.getAuthTag();
-    // 拼接: iv(12) || ciphertext(?) || authTag(16)
-    const packed = Buffer.concat([iv, enc, authTag]);
-    return ENCRYPTED_LINE_PREFIX + packed.toString('base64');
-}
-/**
- * 解密 1 line (encrypted line → SessionEvent JSON).
- *
- * 决策: 验证 `enc:` prefix → base64 decode → 拆 iv / ciphertext / authTag →
- * GCM 解密, 验 AAD, 验 auth tag.
- *
- * 错误:
- *   - 缺 `enc:` prefix → 抛错 (提示 plaintext 误传 — 让 plaintext detect 走 Reader)
- *   - 不是 32 byte key → 抛错
- *   - auth tag 失败 (cipher 错 / AAD 错 / line swap 攻击) → 抛 'auth tag mismatch'
- *   - base64 错 / length 错 → 抛 'malformed encrypted line'
- */
-export function decryptLine(line, key) {
-    if (key.length !== SESSION_KEY_LENGTH) {
-        throw new Error(`decryptLine: key must be ${SESSION_KEY_LENGTH} bytes, got ${key.length}`);
-    }
-    if (!line.startsWith(ENCRYPTED_LINE_PREFIX)) {
-        throw new Error(`decryptLine: line does not start with "${ENCRYPTED_LINE_PREFIX}" prefix`);
-    }
-    const b64 = line.slice(ENCRYPTED_LINE_PREFIX.length);
-    const packed = Buffer.from(b64, 'base64');
-    // 最小 length: iv(12) + authTag(16) = 28 byte (ciphertext 可以是 0+)
-    if (packed.length < GCM_IV_LENGTH + GCM_AUTH_TAG_LENGTH) {
-        throw new Error(`decryptLine: malformed encrypted line (packed length ${packed.length} < ${GCM_IV_LENGTH + GCM_AUTH_TAG_LENGTH})`);
-    }
-    const iv = packed.subarray(0, GCM_IV_LENGTH);
-    const authTag = packed.subarray(packed.length - GCM_AUTH_TAG_LENGTH);
-    const ciphertext = packed.subarray(GCM_IV_LENGTH, packed.length - GCM_AUTH_TAG_LENGTH);
-    const decipher = createDecipheriv('aes-256-gcm', key, iv);
-    decipher.setAAD(Buffer.from(SESSION_AAD, 'utf8'));
-    decipher.setAuthTag(authTag);
-    try {
-        const dec = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-        return dec.toString('utf8');
-    }
-    catch (err) {
-        // GCM auth tag 失败 / AAD 失败 / ciphertext 破坏 — 统一抛 'auth tag mismatch'
-        throw new Error(`decryptLine: auth tag mismatch (${err instanceof Error ? err.message : String(err)})`);
-    }
-}
-/**
- * 快速判断: 是 plaintext JSON 行 (用于让 Reader 知道是 plaintext).
- *
- * 决策理由 (决策沿用 Reader 已有拍):
- *   - JSON 行必以 `{` 开始 (明文事件), 加密行必以 `e` (`enc:` 开头)
- *   - 不存文字冲突 (明文 SessionEvent 不会以 `enc:` 开头)
- *
- * 边界: D-6-1 不支持 mix (一行 plaintext + 一行 encrypted 交错) —
- * 一旦传 key 整个 session 必须用 key 写到底 (跟 GCM nonce 不能重用的语义一致)
- */
-export function isEncryptedLine(line) {
-    return line.startsWith(ENCRYPTED_LINE_PREFIX);
-}
-//# sourceMappingURL=crypto.js.map

package/dist/session/crypto.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/session/crypto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE5E,yCAAyC;AACzC,MAAM,CAAC,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAErC,2CAA2C;AAC3C,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC;AAEhC,kDAAkD;AAClD,MAAM,CAAC,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAEtC,yEAAyE;AACzE,MAAM,CAAC,MAAM,qBAAqB,GAAG,MAAM,CAAC;AAE5C,sDAAsD;AACtD,MAAM,CAAC,MAAM,WAAW,GAAG,sBAAsB,CAAC;AAElD,2EAA2E;AAC3E,MAAM,CAAC,MAAM,eAAe,GAAG,uBAAuB,CAAC;AAEvD,8EAA8E;AAC9E,MAAM,UAAU,cAAc,CAAC,MAAyB,OAAO,CAAC,GAAG;IACjE,MAAM,GAAG,GAAG,GAAG,CAAC,eAAe,CAAC,CAAC;IACjC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,OAAO,eAAe,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAC3B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IACD,6BAA6B;IAC7B,IAAI,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACtC,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;IACD,+DAA+D;IAC/D,IAAI,yBAAyB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC3C,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB;YAAE,OAAO,GAAG,CAAC;IACpD,CAAC;IACD,gBAAgB;IAChB,MAAM,IAAI,KAAK,CACb,wFAAwF,OAAO,CAAC,MAAM,EAAE,CACzG,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,WAAW,CAAC,SAAiB,EAAE,GAAW;IACxD,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,4BAA4B,kBAAkB,eAAe,GAAG,CAAC,MAAM,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC;IACtC,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACtD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9E,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACpC,6CAA6C;IAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC;IACjD,OAAO,qBAAqB,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC3D,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,GAAW;IACnD,IAAI,GAAG,CAAC,MAAM,KAAK,kBAAkB,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACb,4BAA4B,kBAAkB,eAAe,GAAG,CAAC,MAAM,EAAE,CAC1E,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CACb,0CAA0C,qBAAqB,UAAU,CAC1E,CAAC;IACJ,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC1C,gEAAgE;IAChE,IAAI,MAAM,CAAC,MAAM,GAAG,aAAa,GAAG,mBAAmB,EAAE,CAAC;QACxD,MAAM,IAAI,KAAK,CACb,wDAAwD,MAAM,CAAC,MAAM,MAAM,aAAa,GAAG,mBAAmB,GAAG,CAClH,CAAC;IACJ,CAAC;IACD,MAAM,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,mBAAmB,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC,MAAM,GAAG,mBAAmB,CAAC,CAAC;IACvF,MAAM,QAAQ,GAAG,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAC1D,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;IAClD,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAC7B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QAC3E,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,qEAAqE;QACrE,MAAM,IAAI,KAAK,CACb,mCAAmC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CACvF,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;AAChD,CAAC"}