@digitaldefiance/ecies-lib 4.17.10 → 4.18.0

package/src/lib/voting/threshold/public-tally-feed.d.ts

@@ -0,0 +1,100 @@
+/**
+ * Public Tally Feed
+ *
+ * Provides a real-time subscription API for publishing and consuming
+ * interval tally updates during threshold voting. Observers (media,
+ * auditors, public) subscribe to a poll and receive verified tallies
+ * as decryption ceremonies complete.
+ *
+ * @module voting/threshold
+ */
+import type { PlatformID } from '../../../interfaces/platform-id';
+import type { IntervalTally } from './interfaces/interval-tally';
+import type { IPublicTallyFeed } from './interfaces/public-tally-feed';
+import type { TallySubscription } from './interfaces/tally-subscription';
+/**
+ * Real-time public tally feed for threshold voting.
+ *
+ * Publishes verified interval tallies and allows subscribers to receive
+ * updates as they happen. Maintains a complete history of all published
+ * tallies per poll.
+ *
+ * Features:
+ * - Publish interval tallies with cryptographic proofs
+ * - Subscribe to real-time updates for a specific poll
+ * - Initial state delivery on subscription (current tally + history replay)
+ * - Historical access to all previous interval tallies
+ * - Lookup by specific interval number
+ *
+ * @example
+ * ```typescript
+ * const feed = new PublicTallyFeed<string>();
+ *
+ * // Subscribe to updates
+ * const sub = feed.subscribe('poll-1', (tally) => {
+ *   console.log(`Interval ${tally.intervalNumber}: ${tally.tallies}`);
+ * });
+ *
+ * // Publish a tally (triggers subscriber callbacks)
+ * feed.publish(intervalTally);
+ *
+ * // Query history
+ * const history = feed.getHistory('poll-1');
+ * const specific = feed.getTallyAtInterval('poll-1', 3);
+ *
+ * // Cleanup
+ * sub.unsubscribe();
+ * ```
+ */
+export declare class PublicTallyFeed<TID extends PlatformID = Uint8Array> implements IPublicTallyFeed<TID> {
+    /** Poll ID → ordered list of tallies (by publish order) */
+    private readonly _history;
+    /** Poll ID → interval number → tally (for fast lookup) */
+    private readonly _intervalIndex;
+    /** Subscription ID → Subscription */
+    private readonly _subscriptions;
+    /** Poll key → Set of subscription IDs */
+    private readonly _pollSubscriptions;
+    /**
+     * Publish a new interval tally.
+     *
+     * Stores the tally in history and notifies all subscribers for the poll.
+     *
+     * @param tally - The interval tally to publish
+     */
+    publish(tally: IntervalTally<TID>): void;
+    /**
+     * Subscribe to tally updates for a poll.
+     *
+     * On subscription, the callback is immediately invoked with the current
+     * (latest) tally if one exists, providing initial state delivery.
+     *
+     * @param pollId - The poll to subscribe to
+     * @param onTally - Callback invoked for each new tally
+     * @returns A subscription handle with an `unsubscribe()` method
+     */
+    subscribe(pollId: TID, onTally: (tally: IntervalTally<TID>) => void): TallySubscription<TID>;
+    /**
+     * Get the most recently published tally for a poll.
+     *
+     * @param pollId - The poll to query
+     * @returns The latest tally, or undefined if none published
+     */
+    getCurrentTally(pollId: TID): IntervalTally<TID> | undefined;
+    /**
+     * Get all historical tallies for a poll in publication order.
+     *
+     * @param pollId - The poll to query
+     * @returns Ordered array of all published tallies
+     */
+    getHistory(pollId: TID): readonly IntervalTally<TID>[];
+    /**
+     * Get the tally for a specific interval number.
+     *
+     * @param pollId - The poll to query
+     * @param intervalNumber - The interval number to look up
+     * @returns The tally for that interval, or undefined if not found
+     */
+    getTallyAtInterval(pollId: TID, intervalNumber: number): IntervalTally<TID> | undefined;
+}
+//# sourceMappingURL=public-tally-feed.d.ts.map

package/src/lib/voting/threshold/public-tally-feed.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-tally-feed.d.ts","sourceRoot":"","sources":["../../../../../../../packages/digitaldefiance-ecies-lib/src/lib/voting/threshold/public-tally-feed.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gCAAgC,CAAC;AACvE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAC;AAkDzE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,qBAAa,eAAe,CAC1B,GAAG,SAAS,UAAU,GAAG,UAAU,CACnC,YAAW,gBAAgB,CAAC,GAAG,CAAC;IAChC,2DAA2D;IAC3D,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAgD;IAEzE,0DAA0D;IAC1D,OAAO,CAAC,QAAQ,CAAC,cAAc,CAGjB;IAEd,qCAAqC;IACrC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAA6C;IAE5E,yCAAyC;IACzC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAuC;IAE1E;;;;;;OAMG;IACH,OAAO,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,IAAI;IA+BxC;;;;;;;;;OASG;IACH,SAAS,CACP,MAAM,EAAE,GAAG,EACX,OAAO,EAAE,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,IAAI,GAC3C,iBAAiB,CAAC,GAAG,CAAC;IAgCzB;;;;;OAKG;IACH,eAAe,CAAC,MAAM,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,GAAG,SAAS;IAM5D;;;;;OAKG;IACH,UAAU,CAAC,MAAM,EAAE,GAAG,GAAG,SAAS,aAAa,CAAC,GAAG,CAAC,EAAE;IAItD;;;;;;OAMG;IACH,kBAAkB,CAChB,MAAM,EAAE,GAAG,EACX,cAAc,EAAE,MAAM,GACrB,aAAa,CAAC,GAAG,CAAC,GAAG,SAAS;CAKlC"}

package/src/lib/voting/threshold/public-tally-feed.js

@@ -0,0 +1,202 @@
+"use strict";
+/**
+ * Public Tally Feed
+ *
+ * Provides a real-time subscription API for publishing and consuming
+ * interval tally updates during threshold voting. Observers (media,
+ * auditors, public) subscribe to a poll and receive verified tallies
+ * as decryption ceremonies complete.
+ *
+ * @module voting/threshold
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PublicTallyFeed = void 0;
+/**
+ * Converts a PlatformID to a string key for Map lookups.
+ */
+function toKey(id) {
+    if (id instanceof Uint8Array) {
+        return Array.from(id)
+            .map((b) => b.toString(16).padStart(2, '0'))
+            .join('');
+    }
+    return String(id);
+}
+/**
+ * Generates a unique subscription ID.
+ */
+function generateSubscriptionId() {
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Internal subscription record that implements TallySubscription.
+ */
+class Subscription {
+    id;
+    pollId;
+    onTally;
+    _removeCallback;
+    constructor(pollId, onTally, removeCallback) {
+        this.id = generateSubscriptionId();
+        this.pollId = pollId;
+        this.onTally = onTally;
+        this._removeCallback = removeCallback;
+    }
+    unsubscribe() {
+        this._removeCallback(this.id);
+    }
+}
+/**
+ * Real-time public tally feed for threshold voting.
+ *
+ * Publishes verified interval tallies and allows subscribers to receive
+ * updates as they happen. Maintains a complete history of all published
+ * tallies per poll.
+ *
+ * Features:
+ * - Publish interval tallies with cryptographic proofs
+ * - Subscribe to real-time updates for a specific poll
+ * - Initial state delivery on subscription (current tally + history replay)
+ * - Historical access to all previous interval tallies
+ * - Lookup by specific interval number
+ *
+ * @example
+ * ```typescript
+ * const feed = new PublicTallyFeed<string>();
+ *
+ * // Subscribe to updates
+ * const sub = feed.subscribe('poll-1', (tally) => {
+ *   console.log(`Interval ${tally.intervalNumber}: ${tally.tallies}`);
+ * });
+ *
+ * // Publish a tally (triggers subscriber callbacks)
+ * feed.publish(intervalTally);
+ *
+ * // Query history
+ * const history = feed.getHistory('poll-1');
+ * const specific = feed.getTallyAtInterval('poll-1', 3);
+ *
+ * // Cleanup
+ * sub.unsubscribe();
+ * ```
+ */
+class PublicTallyFeed {
+    /** Poll ID → ordered list of tallies (by publish order) */
+    _history = new Map();
+    /** Poll ID → interval number → tally (for fast lookup) */
+    _intervalIndex = new Map();
+    /** Subscription ID → Subscription */
+    _subscriptions = new Map();
+    /** Poll key → Set of subscription IDs */
+    _pollSubscriptions = new Map();
+    /**
+     * Publish a new interval tally.
+     *
+     * Stores the tally in history and notifies all subscribers for the poll.
+     *
+     * @param tally - The interval tally to publish
+     */
+    publish(tally) {
+        const pollKey = toKey(tally.pollId);
+        // Store in history
+        let history = this._history.get(pollKey);
+        if (!history) {
+            history = [];
+            this._history.set(pollKey, history);
+        }
+        history.push(tally);
+        // Index by interval number
+        let intervalMap = this._intervalIndex.get(pollKey);
+        if (!intervalMap) {
+            intervalMap = new Map();
+            this._intervalIndex.set(pollKey, intervalMap);
+        }
+        intervalMap.set(tally.intervalNumber, tally);
+        // Notify subscribers
+        const subIds = this._pollSubscriptions.get(pollKey);
+        if (subIds) {
+            for (const subId of subIds) {
+                const sub = this._subscriptions.get(subId);
+                if (sub) {
+                    sub.onTally(tally);
+                }
+            }
+        }
+    }
+    /**
+     * Subscribe to tally updates for a poll.
+     *
+     * On subscription, the callback is immediately invoked with the current
+     * (latest) tally if one exists, providing initial state delivery.
+     *
+     * @param pollId - The poll to subscribe to
+     * @param onTally - Callback invoked for each new tally
+     * @returns A subscription handle with an `unsubscribe()` method
+     */
+    subscribe(pollId, onTally) {
+        const pollKey = toKey(pollId);
+        const subscription = new Subscription(pollId, onTally, (id) => {
+            this._subscriptions.delete(id);
+            const subs = this._pollSubscriptions.get(pollKey);
+            if (subs) {
+                subs.delete(id);
+                if (subs.size === 0) {
+                    this._pollSubscriptions.delete(pollKey);
+                }
+            }
+        });
+        this._subscriptions.set(subscription.id, subscription);
+        let pollSubs = this._pollSubscriptions.get(pollKey);
+        if (!pollSubs) {
+            pollSubs = new Set();
+            this._pollSubscriptions.set(pollKey, pollSubs);
+        }
+        pollSubs.add(subscription.id);
+        // Initial state delivery: replay current tally
+        const current = this.getCurrentTally(pollId);
+        if (current) {
+            onTally(current);
+        }
+        return subscription;
+    }
+    /**
+     * Get the most recently published tally for a poll.
+     *
+     * @param pollId - The poll to query
+     * @returns The latest tally, or undefined if none published
+     */
+    getCurrentTally(pollId) {
+        const history = this._history.get(toKey(pollId));
+        if (!history || history.length === 0)
+            return undefined;
+        return history[history.length - 1];
+    }
+    /**
+     * Get all historical tallies for a poll in publication order.
+     *
+     * @param pollId - The poll to query
+     * @returns Ordered array of all published tallies
+     */
+    getHistory(pollId) {
+        return this._history.get(toKey(pollId)) ?? [];
+    }
+    /**
+     * Get the tally for a specific interval number.
+     *
+     * @param pollId - The poll to query
+     * @param intervalNumber - The interval number to look up
+     * @returns The tally for that interval, or undefined if not found
+     */
+    getTallyAtInterval(pollId, intervalNumber) {
+        const intervalMap = this._intervalIndex.get(toKey(pollId));
+        if (!intervalMap)
+            return undefined;
+        return intervalMap.get(intervalNumber);
+    }
+}
+exports.PublicTallyFeed = PublicTallyFeed;
+//# sourceMappingURL=public-tally-feed.js.map

package/src/lib/voting/threshold/public-tally-feed.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"public-tally-feed.js","sourceRoot":"","sources":["../../../../../../../packages/digitaldefiance-ecies-lib/src/lib/voting/threshold/public-tally-feed.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;;AAOH;;GAEG;AACH,SAAS,KAAK,CAAyB,EAAO;IAC5C,IAAI,EAAE,YAAY,UAAU,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;aAClB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;aAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC,EAAE,CAAC,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,SAAS,sBAAsB;IAC7B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,YAAY;IACP,EAAE,CAAS;IACX,MAAM,CAAM;IACZ,OAAO,CAAsC;IACrC,eAAe,CAAuB;IAEvD,YACE,MAAW,EACX,OAA4C,EAC5C,cAAoC;QAEpC,IAAI,CAAC,EAAE,GAAG,sBAAsB,EAAE,CAAC;QACnC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,eAAe,GAAG,cAAc,CAAC;IACxC,CAAC;IAED,WAAW;QACT,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAChC,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAa,eAAe;IAG1B,2DAA2D;IAC1C,QAAQ,GAAsC,IAAI,GAAG,EAAE,CAAC;IAEzE,0DAA0D;IACzC,cAAc,GAG3B,IAAI,GAAG,EAAE,CAAC;IAEd,qCAAqC;IACpB,cAAc,GAAmC,IAAI,GAAG,EAAE,CAAC;IAE5E,yCAAyC;IACxB,kBAAkB,GAA6B,IAAI,GAAG,EAAE,CAAC;IAE1E;;;;;;OAMG;IACH,OAAO,CAAC,KAAyB;QAC/B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,mBAAmB;QACnB,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACtC,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAEpB,2BAA2B;QAC3B,IAAI,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,WAAW,GAAG,IAAI,GAAG,EAAE,CAAC;YACxB,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAChD,CAAC;QACD,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QAE7C,qBAAqB;QACrB,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;gBAC3B,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;gBAC3C,IAAI,GAAG,EAAE,CAAC;oBACR,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;OASG;IACH,SAAS,CACP,MAAW,EACX,OAA4C;QAE5C,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;QAE9B,MAAM,YAAY,GAAG,IAAI,YAAY,CAAM,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE;YACjE,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAClD,IAAI,IAAI,EAAE,CAAC;gBACT,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAChB,IAAI,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBACpB,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,EAAE,YAAY,CAAC,CAAC;QAEvD,IAAI,QAAQ,GAAG,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACpD,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;YACrB,IAAI,CAAC,kBAAkB,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACjD,CAAC;QACD,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;QAE9B,+CAA+C;QAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,OAAO,CAAC,CAAC;QACnB,CAAC;QAED,OAAO,YAAY,CAAC;IACtB,CAAC;IAED;;;;;OAKG;IACH,eAAe,CAAC,MAAW;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACvD,OAAO,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IACrC,CAAC;IAED;;;;;OAKG;IACH,UAAU,CAAC,MAAW;QACpB,OAAO,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAChD,CAAC;IAED;;;;;;OAMG;IACH,kBAAkB,CAChB,MAAW,EACX,cAAsB;QAEtB,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;QAC3D,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QACnC,OAAO,WAAW,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IACzC,CAAC;CACF;AA1ID,0CA0IC"}

package/src/lib/voting/threshold/tally-verifier.d.ts

@@ -0,0 +1,85 @@
+/**
+ * Tally Verifier
+ *
+ * Third-party verification of published interval tallies.
+ * Validates that tallies were correctly decrypted by checking:
+ * 1. Combined ZK proof validity
+ * 2. Tally consistency with encrypted aggregate
+ * 3. Guardian authorization
+ * 4. Timestamp validity
+ *
+ * Designed to be implementable by any third party using only public information.
+ *
+ * @module voting/threshold
+ */
+import type { PublicKey } from 'paillier-bigint';
+import type { PlatformID } from '../../../interfaces/platform-id';
+import type { IntervalTally, VerificationResult, ITallyVerifier, ThresholdKeyConfig } from './interfaces';
+/**
+ * Verifies published interval tallies using only public information.
+ *
+ * Each verification produces a detailed {@link VerificationResult} indicating
+ * which checks passed and which failed, enabling auditors to pinpoint issues.
+ *
+ * @example
+ * ```typescript
+ * const verifier = new TallyVerifier(publicKey, verificationKeys, thresholdConfig, theta);
+ *
+ * const result = verifier.verify(
+ *   publishedTally,
+ *   encryptedTally,
+ *   verificationKeys,
+ *   publicKey,
+ *   [1, 2, 3, 5, 7], // registered Guardian indices
+ * );
+ *
+ * if (!result.valid) {
+ *   console.error('Verification failed:', result.error);
+ *   console.log('Checks:', result.checks);
+ * }
+ * ```
+ */
+export declare class TallyVerifier<TID extends PlatformID = Uint8Array> implements ITallyVerifier<TID> {
+    private readonly combiner;
+    private readonly thresholdConfig;
+    constructor(publicKey: PublicKey, verificationKeys: readonly Uint8Array[], thresholdConfig: ThresholdKeyConfig, theta: bigint);
+    /**
+     * Verify a published interval tally.
+     *
+     * Performs four independent checks:
+     * 1. **proofValid** – the combined ZK proof is cryptographically valid
+     * 2. **guardiansAuthorized** – all participating Guardians are registered
+     * 3. **tallyMatchesEncrypted** – the tally is consistent with the encrypted aggregate
+     * 4. **timestampValid** – the timestamp is a reasonable positive value
+     *
+     * @param tally - The published interval tally to verify
+     * @param encryptedTally - The encrypted aggregate ciphertexts
+     * @param verificationKeys - Public verification keys for all Guardians
+     * @param publicKey - The Paillier public key
+     * @param registeredGuardians - Indices of all registered Guardians
+     * @returns Detailed verification result with per-check status
+     */
+    verify(tally: IntervalTally<TID>, encryptedTally: bigint[], verificationKeys: readonly Uint8Array[], publicKey: PublicKey, registeredGuardians: readonly number[]): VerificationResult;
+    /**
+     * Validate the combined ZK proof using the DecryptionCombiner's verification.
+     */
+    private checkProof;
+    /**
+     * Verify all participating Guardians are in the registered set
+     * and that at least k Guardians participated.
+     */
+    private checkGuardians;
+    /**
+     * Verify the tally dimensions match the encrypted aggregate.
+     *
+     * A full re-decryption is not possible without key shares (by design),
+     * so we verify structural consistency: the number of tally entries
+     * must match the number of encrypted ciphertexts.
+     */
+    private checkTallyMatchesEncrypted;
+    /**
+     * Verify the timestamp is a valid positive number.
+     */
+    private checkTimestamp;
+}
+//# sourceMappingURL=tally-verifier.d.ts.map

package/src/lib/voting/threshold/tally-verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tally-verifier.d.ts","sourceRoot":"","sources":["../../../../../../../packages/digitaldefiance-ecies-lib/src/lib/voting/threshold/tally-verifier.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,iCAAiC,CAAC;AAElE,OAAO,KAAK,EACV,aAAa,EACb,kBAAkB,EAClB,cAAc,EACd,kBAAkB,EACnB,MAAM,cAAc,CAAC;AAEtB;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,aAAa,CACxB,GAAG,SAAS,UAAU,GAAG,UAAU,CACnC,YAAW,cAAc,CAAC,GAAG,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAqB;IAC9C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAqB;gBAGnD,SAAS,EAAE,SAAS,EACpB,gBAAgB,EAAE,SAAS,UAAU,EAAE,EACvC,eAAe,EAAE,kBAAkB,EACnC,KAAK,EAAE,MAAM;IAMf;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CACJ,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,EACzB,cAAc,EAAE,MAAM,EAAE,EACxB,gBAAgB,EAAE,SAAS,UAAU,EAAE,EACvC,SAAS,EAAE,SAAS,EACpB,mBAAmB,EAAE,SAAS,MAAM,EAAE,GACrC,kBAAkB;IA6CrB;;OAEG;IACH,OAAO,CAAC,UAAU;IAqClB;;;OAGG;IACH,OAAO,CAAC,cAAc;IA4BtB;;;;;;OAMG;IACH,OAAO,CAAC,0BAA0B;IA4BlC;;OAEG;IACH,OAAO,CAAC,cAAc;CAQvB"}

package/src/lib/voting/threshold/tally-verifier.js

@@ -0,0 +1,169 @@
+"use strict";
+/**
+ * Tally Verifier
+ *
+ * Third-party verification of published interval tallies.
+ * Validates that tallies were correctly decrypted by checking:
+ * 1. Combined ZK proof validity
+ * 2. Tally consistency with encrypted aggregate
+ * 3. Guardian authorization
+ * 4. Timestamp validity
+ *
+ * Designed to be implementable by any third party using only public information.
+ *
+ * @module voting/threshold
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TallyVerifier = void 0;
+const decryption_combiner_1 = require("./decryption-combiner");
+/**
+ * Verifies published interval tallies using only public information.
+ *
+ * Each verification produces a detailed {@link VerificationResult} indicating
+ * which checks passed and which failed, enabling auditors to pinpoint issues.
+ *
+ * @example
+ * ```typescript
+ * const verifier = new TallyVerifier(publicKey, verificationKeys, thresholdConfig, theta);
+ *
+ * const result = verifier.verify(
+ *   publishedTally,
+ *   encryptedTally,
+ *   verificationKeys,
+ *   publicKey,
+ *   [1, 2, 3, 5, 7], // registered Guardian indices
+ * );
+ *
+ * if (!result.valid) {
+ *   console.error('Verification failed:', result.error);
+ *   console.log('Checks:', result.checks);
+ * }
+ * ```
+ */
+class TallyVerifier {
+    combiner;
+    thresholdConfig;
+    constructor(publicKey, verificationKeys, thresholdConfig, theta) {
+        this.combiner = new decryption_combiner_1.DecryptionCombiner(publicKey, verificationKeys, theta);
+        this.thresholdConfig = thresholdConfig;
+    }
+    /**
+     * Verify a published interval tally.
+     *
+     * Performs four independent checks:
+     * 1. **proofValid** – the combined ZK proof is cryptographically valid
+     * 2. **guardiansAuthorized** – all participating Guardians are registered
+     * 3. **tallyMatchesEncrypted** – the tally is consistent with the encrypted aggregate
+     * 4. **timestampValid** – the timestamp is a reasonable positive value
+     *
+     * @param tally - The published interval tally to verify
+     * @param encryptedTally - The encrypted aggregate ciphertexts
+     * @param verificationKeys - Public verification keys for all Guardians
+     * @param publicKey - The Paillier public key
+     * @param registeredGuardians - Indices of all registered Guardians
+     * @returns Detailed verification result with per-check status
+     */
+    verify(tally, encryptedTally, verificationKeys, publicKey, registeredGuardians) {
+        const errors = [];
+        const proofValid = this.checkProof(tally, encryptedTally, verificationKeys, publicKey, errors);
+        const guardiansAuthorized = this.checkGuardians(tally, registeredGuardians, errors);
+        const tallyMatchesEncrypted = this.checkTallyMatchesEncrypted(tally, encryptedTally, errors);
+        const timestampValid = this.checkTimestamp(tally, errors);
+        const checks = {
+            proofValid,
+            guardiansAuthorized,
+            tallyMatchesEncrypted,
+            timestampValid,
+        };
+        const valid = proofValid &&
+            guardiansAuthorized &&
+            tallyMatchesEncrypted &&
+            timestampValid;
+        return {
+            valid,
+            checks,
+            ...(errors.length > 0 ? { error: errors.join('; ') } : {}),
+        };
+    }
+    /**
+     * Validate the combined ZK proof using the DecryptionCombiner's verification.
+     */
+    checkProof(tally, encryptedTally, verificationKeys, publicKey, errors) {
+        try {
+            // Build a CombinedDecryption from the tally to pass to verifyCombined
+            const combinedDecryption = {
+                tallies: [...tally.tallies],
+                combinedProof: tally.proof,
+                participatingGuardians: tally.participatingGuardians,
+                ceremonyId: '',
+                timestamp: tally.timestamp,
+            };
+            const valid = this.combiner.verifyCombined(combinedDecryption, encryptedTally, verificationKeys, publicKey);
+            if (!valid) {
+                errors.push('Combined ZK proof verification failed');
+            }
+            return valid;
+        }
+        catch (e) {
+            errors.push(`Proof verification threw: ${e instanceof Error ? e.message : String(e)}`);
+            return false;
+        }
+    }
+    /**
+     * Verify all participating Guardians are in the registered set
+     * and that at least k Guardians participated.
+     */
+    checkGuardians(tally, registeredGuardians, errors) {
+        const registeredSet = new Set(registeredGuardians);
+        // Check that enough Guardians participated
+        if (tally.participatingGuardians.length < this.thresholdConfig.threshold) {
+            errors.push(`Insufficient participating Guardians: ${tally.participatingGuardians.length} < threshold ${this.thresholdConfig.threshold}`);
+            return false;
+        }
+        // Check each participating Guardian is registered
+        for (const guardianIndex of tally.participatingGuardians) {
+            if (!registeredSet.has(guardianIndex)) {
+                errors.push(`Guardian ${guardianIndex} is not in the registered Guardian set`);
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Verify the tally dimensions match the encrypted aggregate.
+     *
+     * A full re-decryption is not possible without key shares (by design),
+     * so we verify structural consistency: the number of tally entries
+     * must match the number of encrypted ciphertexts.
+     */
+    checkTallyMatchesEncrypted(tally, encryptedTally, errors) {
+        if (encryptedTally.length === 0) {
+            errors.push('Encrypted tally is empty');
+            return false;
+        }
+        if (tally.tallies.length !== encryptedTally.length) {
+            errors.push(`Tally length (${tally.tallies.length}) does not match encrypted tally length (${encryptedTally.length})`);
+            return false;
+        }
+        // Verify tallies are non-negative
+        for (let i = 0; i < tally.tallies.length; i++) {
+            if (tally.tallies[i] < 0n) {
+                errors.push(`Tally at index ${i} is negative: ${tally.tallies[i]}`);
+                return false;
+            }
+        }
+        return true;
+    }
+    /**
+     * Verify the timestamp is a valid positive number.
+     */
+    checkTimestamp(tally, errors) {
+        if (tally.timestamp <= 0) {
+            errors.push(`Invalid timestamp: ${tally.timestamp}`);
+            return false;
+        }
+        return true;
+    }
+}
+exports.TallyVerifier = TallyVerifier;
+//# sourceMappingURL=tally-verifier.js.map

package/src/lib/voting/threshold/tally-verifier.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tally-verifier.js","sourceRoot":"","sources":["../../../../../../../packages/digitaldefiance-ecies-lib/src/lib/voting/threshold/tally-verifier.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;AAIH,+DAA2D;AAQ3D;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAa,aAAa;IAGP,QAAQ,CAAqB;IAC7B,eAAe,CAAqB;IAErD,YACE,SAAoB,EACpB,gBAAuC,EACvC,eAAmC,EACnC,KAAa;QAEb,IAAI,CAAC,QAAQ,GAAG,IAAI,wCAAkB,CAAC,SAAS,EAAE,gBAAgB,EAAE,KAAK,CAAC,CAAC;QAC3E,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;IACzC,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CACJ,KAAyB,EACzB,cAAwB,EACxB,gBAAuC,EACvC,SAAoB,EACpB,mBAAsC;QAEtC,MAAM,MAAM,GAAa,EAAE,CAAC;QAE5B,MAAM,UAAU,GAAG,IAAI,CAAC,UAAU,CAChC,KAAK,EACL,cAAc,EACd,gBAAgB,EAChB,SAAS,EACT,MAAM,CACP,CAAC;QAEF,MAAM,mBAAmB,GAAG,IAAI,CAAC,cAAc,CAC7C,KAAK,EACL,mBAAmB,EACnB,MAAM,CACP,CAAC;QAEF,MAAM,qBAAqB,GAAG,IAAI,CAAC,0BAA0B,CAC3D,KAAK,EACL,cAAc,EACd,MAAM,CACP,CAAC;QAEF,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAE1D,MAAM,MAAM,GAAG;YACb,UAAU;YACV,mBAAmB;YACnB,qBAAqB;YACrB,cAAc;SACf,CAAC;QAEF,MAAM,KAAK,GACT,UAAU;YACV,mBAAmB;YACnB,qBAAqB;YACrB,cAAc,CAAC;QAEjB,OAAO;YACL,KAAK;YACL,MAAM;YACN,GAAG,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SAC3D,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,UAAU,CAChB,KAAyB,EACzB,cAAwB,EACxB,gBAAuC,EACvC,SAAoB,EACpB,MAAgB;QAEhB,IAAI,CAAC;YACH,sEAAsE;YACtE,MAAM,kBAAkB,GAAG;gBACzB,OAAO,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC;gBAC3B,aAAa,EAAE,KAAK,CAAC,KAAK;gBAC1B,sBAAsB,EAAE,KAAK,CAAC,sBAAsB;gBACpD,UAAU,EAAE,EAAE;gBACd,SAAS,EAAE,KAAK,CAAC,SAAS;aAC3B,CAAC;YAEF,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,cAAc,CACxC,kBAAkB,EAClB,cAAc,EACd,gBAAgB,EAChB,SAAS,CACV,CAAC;YAEF,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC;YACvD,CAAC;YAED,OAAO,KAAK,CAAC;QACf,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,CACT,6BAA6B,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAC1E,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,cAAc,CACpB,KAAyB,EACzB,mBAAsC,EACtC,MAAgB;QAEhB,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAEnD,2CAA2C;QAC3C,IAAI,KAAK,CAAC,sBAAsB,CAAC,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAAC;YACzE,MAAM,CAAC,IAAI,CACT,yCAAyC,KAAK,CAAC,sBAAsB,CAAC,MAAM,gBAAgB,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,CAC7H,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kDAAkD;QAClD,KAAK,MAAM,aAAa,IAAI,KAAK,CAAC,sBAAsB,EAAE,CAAC;YACzD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,CACT,YAAY,aAAa,wCAAwC,CAClE,CAAC;gBACF,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;;OAMG;IACK,0BAA0B,CAChC,KAAyB,EACzB,cAAwB,EACxB,MAAgB;QAEhB,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YACxC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;YACnD,MAAM,CAAC,IAAI,CACT,iBAAiB,KAAK,CAAC,OAAO,CAAC,MAAM,4CAA4C,cAAc,CAAC,MAAM,GAAG,CAC1G,CAAC;YACF,OAAO,KAAK,CAAC;QACf,CAAC;QAED,kCAAkC;QAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,iBAAiB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBACpE,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,KAAyB,EAAE,MAAgB;QAChE,IAAI,KAAK,CAAC,SAAS,IAAI,CAAC,EAAE,CAAC;YACzB,MAAM,CAAC,IAAI,CAAC,sBAAsB,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;YACrD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAzMD,sCAyMC"}

package/src/lib/voting/threshold/threshold-audit-log.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Threshold Audit Log
+ *
+ * Immutable, hash-chained audit log for threshold voting operations.
+ * Maintains a separate chain from the base poll audit log, dedicated
+ * to tracking all threshold-related events: key generation, share
+ * distribution, ceremony lifecycle, and tally publication.
+ *
+ * @module voting/threshold
+ */
+import type { IMember, PlatformID } from '../../../interfaces';
+import type { ThresholdAuditEntry } from './interfaces/threshold-audit-entry';
+/**
+ * Immutable audit log for threshold voting operations with cryptographic hash chain.
+ *
+ * Each entry is hash-chained to the previous entry and signed by the authority,
+ * ensuring tamper-evidence and non-repudiation.
+ */
+export declare class ThresholdAuditLog<TID extends PlatformID = Uint8Array> {
+    private readonly entries;
+    private readonly authority;
+    private sequence;
+    constructor(authority: IMember<TID>);
+    /**
+     * Record threshold key generation event.
+     */
+    recordKeyGeneration(pollId: TID, metadata: Record<string, string | number | boolean>): ThresholdAuditEntry<TID>;
+    /**
+     * Record key share distribution to a Guardian.
+     */
+    recordKeyShareDistribution(pollId: TID, guardianId: TID, guardianIndex: number, metadata: Record<string, string | number | boolean>): ThresholdAuditEntry<TID>;
+    /**
+     * Record a decryption ceremony starting.
+     */
+    recordCeremonyStarted(pollId: TID, ceremonyId: string, metadata: Record<string, string | number | boolean>): ThresholdAuditEntry<TID>;
+    /**
+     * Record a partial decryption submission from a Guardian.
+     */
+    recordPartialSubmitted(pollId: TID, ceremonyId: string, guardianId: TID, guardianIndex: number, metadata: Record<string, string | number | boolean>): ThresholdAuditEntry<TID>;
+    /**
+     * Record a decryption ceremony completing successfully.
+     */
+    recordCeremonyCompleted(pollId: TID, ceremonyId: string, metadata: Record<string, string | number | boolean>): ThresholdAuditEntry<TID>;
+    /**
+     * Record a tally being published to the public feed.
+     */
+    recordTallyPublished(pollId: TID, metadata: Record<string, string | number | boolean>): ThresholdAuditEntry<TID>;
+    /** Get all entries in chronological order. */
+    getEntries(): readonly ThresholdAuditEntry<TID>[];
+    /** Get entries for a specific poll. */
+    getEntriesForPoll(pollId: TID): readonly ThresholdAuditEntry<TID>[];
+    /** Get entries for a specific ceremony. */
+    getEntriesForCeremony(ceremonyId: string): readonly ThresholdAuditEntry<TID>[];
+    /** Verify the entire hash chain integrity. */
+    verifyChain(): boolean;
+    /** Verify a single entry's signature. */
+    verifyEntry(entry: ThresholdAuditEntry<TID>): boolean;
+    private appendEntry;
+    private computeEntryHash;
+    private serializeEntryForHashing;
+    private serializeEntryForSigning;
+    private getMicrosecondTimestamp;
+    private sha256Sync;
+    private encodeNumber;
+    private encodeString;
+    private concat;
+    private arraysEqual;
+    private idToBytes;
+    private toHex;
+}
+//# sourceMappingURL=threshold-audit-log.d.ts.map

package/src/lib/voting/threshold/threshold-audit-log.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"threshold-audit-log.d.ts","sourceRoot":"","sources":["../../../../../../../packages/digitaldefiance-ecies-lib/src/lib/voting/threshold/threshold-audit-log.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE/D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,oCAAoC,CAAC;AAE9E;;;;;GAKG;AACH,qBAAa,iBAAiB,CAAC,GAAG,SAAS,UAAU,GAAG,UAAU;IAChE,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkC;IAC1D,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;IACzC,OAAO,CAAC,QAAQ,CAAK;gBAET,SAAS,EAAE,OAAO,CAAC,GAAG,CAAC;IAInC;;OAEG;IACH,mBAAmB,CACjB,MAAM,EAAE,GAAG,EACX,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,GAClD,mBAAmB,CAAC,GAAG,CAAC;IAQ3B;;OAEG;IACH,0BAA0B,CACxB,MAAM,EAAE,GAAG,EACX,UAAU,EAAE,GAAG,EACf,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,GAClD,mBAAmB,CAAC,GAAG,CAAC;IAU3B;;OAEG;IACH,qBAAqB,CACnB,MAAM,EAAE,GAAG,EACX,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,GAClD,mBAAmB,CAAC,GAAG,CAAC;IAS3B;;OAEG;IACH,sBAAsB,CACpB,MAAM,EAAE,GAAG,EACX,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,GAAG,EACf,aAAa,EAAE,MAAM,EACrB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,GAClD,mBAAmB,CAAC,GAAG,CAAC;IAW3B;;OAEG;IACH,uBAAuB,CACrB,MAAM,EAAE,GAAG,EACX,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,GAClD,mBAAmB,CAAC,GAAG,CAAC;IAS3B;;OAEG;IACH,oBAAoB,CAClB,MAAM,EAAE,GAAG,EACX,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC,GAClD,mBAAmB,CAAC,GAAG,CAAC;IAQ3B,8CAA8C;IAC9C,UAAU,IAAI,SAAS,mBAAmB,CAAC,GAAG,CAAC,EAAE;IAIjD,uCAAuC;IACvC,iBAAiB,CAAC,MAAM,EAAE,GAAG,GAAG,SAAS,mBAAmB,CAAC,GAAG,CAAC,EAAE;IAWnE,2CAA2C;IAC3C,qBAAqB,CACnB,UAAU,EAAE,MAAM,GACjB,SAAS,mBAAmB,CAAC,GAAG,CAAC,EAAE;IAMtC,8CAA8C;IAC9C,WAAW,IAAI,OAAO;IA0BtB,yCAAyC;IACzC,WAAW,CAAC,KAAK,EAAE,mBAAmB,CAAC,GAAG,CAAC,GAAG,OAAO;IAKrD,OAAO,CAAC,WAAW;IAgCnB,OAAO,CAAC,gBAAgB;IAOxB,OAAO,CAAC,wBAAwB;IA0BhC,OAAO,CAAC,wBAAwB;IAMhC,OAAO,CAAC,uBAAuB;IAI/B,OAAO,CAAC,UAAU;IAoBlB,OAAO,CAAC,YAAY;IAMpB,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,MAAM;IAWd,OAAO,CAAC,WAAW;IAQnB,OAAO,CAAC,SAAS;IAOjB,OAAO,CAAC,KAAK;CAKd"}