@dupecom/botcha-cloudflare 0.20.2 → 0.23.0

package/dist/dashboard/whitepaper.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"whitepaper.d.ts","sourceRoot":"","sources":["../../src/dashboard/whitepaper.tsx"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AA8XnC,eAAO,MAAM,cAAc,EAAE,EAAE,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CA4pBlD,CAAC"}
+{"version":3,"file":"whitepaper.d.ts","sourceRoot":"","sources":["../../src/dashboard/whitepaper.tsx"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AA8XnC,eAAO,MAAM,cAAc,EAAE,EAAE,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAi4BlD,CAAC"}

package/dist/dashboard/whitepaper.js

@@ -376,7 +376,7 @@ const WHITEPAPER_CSS = `
 const WHITEPAPER_PAGE_CSS = DASHBOARD_CSS + WHITEPAPER_CSS;
 // ============ PAGE COMPONENT ============
 export const WhitepaperPage = ({ version }) => {
-    return (_jsxs("html", { lang: "en", children: [_jsxs("head", { children: [_jsx("meta", { charset: "utf-8" }), _jsx("meta", { name: "viewport", content: "width=device-width, initial-scale=1" }), _jsx("title", { children: "BOTCHA Whitepaper \u2014 Identity Infrastructure for the Agentic Web" }), _jsx("meta", { name: "description", content: "Technical whitepaper on BOTCHA: reverse CAPTCHA for AI agents, Trusted Agent Protocol (TAP), and identity infrastructure for the agentic web." }), _jsx("meta", { name: "keywords", content: "BOTCHA, whitepaper, AI agent identity, Trusted Agent Protocol, TAP, reverse CAPTCHA, agent verification, RFC 9421" }), _jsx(OGMeta, { title: "BOTCHA Whitepaper \u2014 Identity Infrastructure for the Agentic Web", description: "How BOTCHA provides proof of AI, proof of identity, and proof of intent for the agentic web.", url: "https://botcha.ai/whitepaper", type: "article" }), _jsx("link", { rel: "preconnect", href: "https://fonts.googleapis.com" }), _jsx("link", { href: "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap", rel: "stylesheet" }), _jsx("style", { dangerouslySetInnerHTML: { __html: WHITEPAPER_PAGE_CSS } })] }), _jsxs("body", { children: [_jsxs("article", { class: "wp", children: [_jsxs("nav", { class: "wp-nav", children: [_jsx("a", { href: "/", children: "\u2190 botcha.ai" }), _jsx("a", { href: "/whitepaper", children: "v1.0 \u00B7 February 2026" })] }), _jsxs("header", { class: "wp-header", children: [_jsx("div", { class: "wp-badge", children: "Whitepaper" }), _jsx("h1", { class: "wp-title", children: "Identity Infrastructure for the Agentic Web" }), _jsx("p", { class: "wp-subtitle", children: "How BOTCHA provides proof of AI, proof of identity, and proof of intent for AI agents operating on the open internet." }), _jsxs("p", { class: "wp-meta", children: ["Version 1.0 \u00B7 February 2026 \u00B7 ", _jsx("a", { href: "https://dupe.com", children: "Dupe.com" })] })] }), _jsxs("nav", { class: "wp-toc", children: [_jsx("div", { class: "wp-toc-title", children: "Contents" }), _jsxs("ol", { children: [_jsx("li", { children: _jsx("a", { href: "#executive-summary", children: "Executive Summary" }) }), _jsx("li", { children: _jsx("a", { href: "#the-problem", children: "The Problem: Who Is This Agent?" }) }), _jsx("li", { children: _jsx("a", { href: "#what-is-botcha", children: "BOTCHA: Reverse CAPTCHA for AI Agents" }) }), _jsx("li", { children: _jsx("a", { href: "#the-challenge-system", children: "How It Works: The Challenge System" }) }), _jsx("li", { children: _jsx("a", { href: "#tap", children: "The Trusted Agent Protocol (TAP)" }) }), _jsx("li", { children: _jsx("a", { href: "#architecture", children: "Architecture and Security" }) }), _jsx("li", { children: _jsx("a", { href: "#integration", children: "Integration: SDKs and Middleware" }) }), _jsx("li", { children: _jsx("a", { href: "#the-stack", children: "The Agent Infrastructure Stack" }) }), _jsx("li", { children: _jsx("a", { href: "#use-cases", children: "Use Cases" }) }), _jsx("li", { children: _jsx("a", { href: "#roadmap", children: "Roadmap" }) })] })] }), _jsx("h2", { id: "executive-summary", children: "1. Executive Summary" }), _jsx("p", { children: "BOTCHA is a reverse CAPTCHA \u2014 a verification system that proves you are an AI agent, not a human. While traditional CAPTCHAs exist to block bots, BOTCHA exists to welcome them." }), _jsx("p", { children: "As AI agents become first-class participants on the internet \u2014 browsing, purchasing, comparing, auditing \u2014 they need a way to prove their identity and declare their intent. BOTCHA provides three layers of proof:" }), _jsxs("ul", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Proof of AI" }), " \u2014 Computational challenges (SHA-256 hashes in under 500ms) that only machines can solve."] }), _jsxs("li", { children: [_jsx("strong", { children: "Proof of Identity" }), " \u2014 Persistent agent registration with cryptographic keys, verified via HTTP Message Signatures (RFC 9421)."] }), _jsxs("li", { children: [_jsx("strong", { children: "Proof of Intent" }), " \u2014 Capability-scoped sessions where agents declare what they plan to do, for how long, and on behalf of whom."] })] }), _jsxs("p", { children: ["BOTCHA is open source, free to use, and deployed as a hosted service at", ' ', _jsx("a", { href: "https://botcha.ai", children: "botcha.ai" }), ". It ships TypeScript and Python SDKs, server-side verification middleware, a CLI, and a LangChain integration."] }), _jsx("h2", { id: "the-problem", children: "2. The Problem: Who Is This Agent?" }), _jsx("p", { children: "The internet was built for humans. Authentication systems \u2014 passwords, OAuth, CAPTCHAs \u2014 all assume a human is at the keyboard. But the web is changing." }), _jsx("h3", { children: "The rise of agentic AI" }), _jsxs("p", { children: ["AI agents are no longer just answering questions. They are ", _jsx("strong", { children: "browsing" }), " product catalogs on behalf of consumers, ", _jsx("strong", { children: "comparing" }), " prices across retailers,", ' ', _jsx("strong", { children: "purchasing" }), " goods and services with real money,", ' ', _jsx("strong", { children: "auditing" }), " compliance postures, and ", _jsx("strong", { children: "negotiating" }), " contracts."] }), _jsx("p", { children: "Every major AI lab is building agent capabilities. OpenAI's Operator, Anthropic's computer use, Google's Project Mariner \u2014 these are production systems that interact with real APIs and real businesses." }), _jsx("h3", { children: "The identity gap" }), _jsx("p", { children: "When an AI agent hits your API, you face three questions that existing infrastructure cannot answer:" }), _jsxs("ol", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Is this actually an AI agent?" }), " User-Agent strings are trivially spoofable. There is no reliable way to distinguish a real AI agent from a script pretending to be one."] }), _jsxs("li", { children: [_jsx("strong", { children: "Which specific agent is this?" }), " Even if you know it is AI, you do not know if it belongs to a known organization or what its track record is."] }), _jsxs("li", { children: [_jsx("strong", { children: "What does it intend to do?" }), " An agent browsing your catalog is very different from one attempting a purchase. Traditional auth grants blanket access \u2014 it does not capture intent."] })] }), _jsx("h3", { children: "What happens without agent identity" }), _jsx("p", { children: "Without a reliable identity layer, the agentic web defaults to chaos. APIs cannot set appropriate rate limits. Businesses cannot authorize transactions. Agents cannot build reputation. Fraud is trivial because there is no audit trail." }), _jsx("h2", { id: "what-is-botcha", children: "3. BOTCHA: Reverse CAPTCHA for AI Agents" }), _jsx("p", { children: "BOTCHA inverts the CAPTCHA model. Instead of proving you are human, you prove you are a machine." }), _jsx("h3", { children: "The core idea" }), _jsxs("p", { children: ["A CAPTCHA asks: ", _jsx("em", { children: "Can you identify traffic lights in this image?" }), " A human can; a bot struggles."] }), _jsxs("p", { children: ["BOTCHA asks: ", _jsx("em", { children: "Can you compute 5 SHA-256 hashes in 500 milliseconds?" }), " A machine can; a human cannot copy-paste fast enough."] }), _jsx("p", { children: "This inversion is not just a novelty \u2014 it is a fundamental shift. In a world where AI agents are legitimate, wanted participants, the question is no longer \"how do we keep bots out?\" but \"how do we let the right bots in?\"" }), _jsx("h3", { children: "Design principles" }), _jsxs("p", { children: [_jsx("strong", { children: "Agent-first, always." }), " Every feature in BOTCHA requires an AI agent as a participant. Humans are welcome, but only through an agent. If a human wants dashboard access, their agent generates a device code for them. There is no password form."] }), _jsxs("p", { children: [_jsx("strong", { children: "Fail-open on infrastructure errors." }), " If the backing store is unavailable, BOTCHA logs a warning and allows the request through. Blocking legitimate traffic is worse than letting an unverified request pass."] }), _jsxs("p", { children: [_jsx("strong", { children: "Zero configuration to start." }), " An agent can verify itself with a single HTTP request pair. No API keys, no registration \u2014 just solve the challenge and get a token."] }), _jsx("h2", { id: "the-challenge-system", children: "4. How It Works: The Challenge System" }), _jsx("p", { children: "BOTCHA offers four challenge types, each testing a different aspect of machine capability." }), _jsx("h3", { children: "Speed Challenge" }), _jsxs("p", { children: ["The primary verification method. The server generates 5 random 6-digit numbers. The agent computes the SHA-256 hash of each and returns the first 8 hex characters \u2014 all within ", _jsx("strong", { children: "500 milliseconds" }), "."] }), _jsx("p", { children: "The time limit is generous for any programming language but impossible for a human to copy-paste through. The challenge is not computationally hard \u2014 it is computationally trivial, but only if you are a machine." }), _jsxs("p", { children: [_jsx("strong", { children: "RTT-aware fairness:" }), " The time limit adjusts for network latency. An agent on a satellite connection gets extra time. This prevents geographic discrimination while capping at 5 seconds to prevent abuse."] }), _jsx("h3", { children: "Reasoning Challenge" }), _jsx("p", { children: "Tests language understanding. The server selects 3 questions from 6 categories: math, code, logic, wordplay, common-sense, and analogy. The agent has 30 seconds." }), _jsxs("p", { children: ["All questions use ", _jsx("strong", { children: "parameterized generators" }), " producing unique values each time. There is no static question bank to memorize. Combined with 45+ generators, the effective answer space is infinite."] }), _jsx("h3", { children: "Hybrid Challenge" }), _jsxs("p", { children: ["The default challenge type. Combines speed and reasoning \u2014 both must pass. Proves the agent can compute fast ", _jsx("em", { children: "and" }), " reason about language."] }), _jsx("h3", { children: "Standard (Compute) Challenge" }), _jsx("p", { children: "A heavier computational challenge: generate prime numbers, concatenate with a random salt, compute SHA-256. Difficulty scales from easy (100 primes, 10s) to hard (1000 primes, 3s)." }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Challenge" }), _jsx("th", { children: "Tests" }), _jsx("th", { children: "Time Limit" }), _jsx("th", { children: "Best For" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Speed" }), _jsx("td", { children: "Computation speed" }), _jsx("td", { children: "500ms" }), _jsx("td", { children: "Quick verification, high throughput" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Reasoning" }), _jsx("td", { children: "Language understanding" }), _jsx("td", { children: "30s" }), _jsx("td", { children: "Proving AI comprehension" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Hybrid" }), _jsx("td", { children: "Both" }), _jsx("td", { children: "35s" }), _jsx("td", { children: "Default \u2014 strongest proof" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Compute" }), _jsx("td", { children: "Heavy computation" }), _jsx("td", { children: "3-10s" }), _jsx("td", { children: "High-value operations" })] })] })] }), _jsx("h2", { id: "tap", children: "5. The Trusted Agent Protocol (TAP)" }), _jsxs("p", { children: ["Solving a challenge proves you are ", _jsx("em", { children: "a bot" }), ". TAP proves you are", ' ', _jsx("em", { children: "a specific, trusted bot" }), "."] }), _jsx("h3", { children: "What is TAP?" }), _jsxs("p", { children: ["The Trusted Agent Protocol is an identity and authorization layer built on top of BOTCHA's proof-of-bot system. Inspired by", ' ', _jsx("a", { href: "https://developer.visa.com/capabilities/trusted-agent-protocol/overview", target: "_blank", rel: "noopener", children: "Visa's Trusted Agent Protocol" }), ", BOTCHA's TAP provides:"] }), _jsxs("ul", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Persistent agent identity" }), " \u2014 unique ID, name, and operator metadata."] }), _jsxs("li", { children: [_jsx("strong", { children: "Cryptographic verification" }), " \u2014 ECDSA P-256 or RSA-PSS public keys; requests signed via HTTP Message Signatures (RFC 9421)."] }), _jsxs("li", { children: [_jsx("strong", { children: "Capability-based access control" }), " \u2014 agents declare actions: ", _jsx("code", { children: "browse" }), ", ", _jsx("code", { children: "search" }), ", ", _jsx("code", { children: "compare" }), ", ", _jsx("code", { children: "purchase" }), ", ", _jsx("code", { children: "audit" }), "."] }), _jsxs("li", { children: [_jsx("strong", { children: "Intent-scoped sessions" }), " \u2014 time-limited sessions validated against capabilities."] }), _jsxs("li", { children: [_jsx("strong", { children: "Trust levels" }), " \u2014 ", _jsx("code", { children: "basic" }), ", ", _jsx("code", { children: "verified" }), ", ", _jsx("code", { children: "enterprise" }), "."] })] }), _jsx("h3", { children: "Agent registration" }), _jsx("pre", { children: _jsx("code", { children: `POST /v1/agents/register/tap
+    return (_jsxs("html", { lang: "en", children: [_jsxs("head", { children: [_jsx("meta", { charset: "utf-8" }), _jsx("meta", { name: "viewport", content: "width=device-width, initial-scale=1" }), _jsx("title", { children: "BOTCHA Whitepaper \u2014 Identity Infrastructure for the Agentic Web" }), _jsx("meta", { name: "description", content: "Technical whitepaper on BOTCHA: reverse CAPTCHA for AI agents, Trusted Agent Protocol (TAP), and identity infrastructure for the agentic web." }), _jsx("meta", { name: "keywords", content: "BOTCHA, whitepaper, AI agent identity, Trusted Agent Protocol, TAP, reverse CAPTCHA, agent verification, RFC 9421" }), _jsx(OGMeta, { title: "BOTCHA Whitepaper \u2014 Identity Infrastructure for the Agentic Web", description: "How BOTCHA provides proof of AI, proof of identity, and proof of intent for the agentic web.", url: "https://botcha.ai/whitepaper", type: "article" }), _jsx("link", { rel: "preconnect", href: "https://fonts.googleapis.com" }), _jsx("link", { href: "https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;500;600;700&display=swap", rel: "stylesheet" }), _jsx("style", { dangerouslySetInnerHTML: { __html: WHITEPAPER_PAGE_CSS } })] }), _jsxs("body", { children: [_jsxs("article", { class: "wp", children: [_jsxs("nav", { class: "wp-nav", children: [_jsx("a", { href: "/", children: "\u2190 botcha.ai" }), _jsx("a", { href: "/whitepaper", children: "v1.0 \u00B7 February 2026" })] }), _jsxs("header", { class: "wp-header", children: [_jsx("div", { class: "wp-badge", children: "Whitepaper" }), _jsx("h1", { class: "wp-title", children: "Identity Infrastructure for the Agentic Web" }), _jsx("p", { class: "wp-subtitle", children: "How BOTCHA provides proof of AI, proof of identity, and proof of intent for AI agents operating on the open internet." }), _jsxs("p", { class: "wp-meta", children: ["Version 1.0 \u00B7 February 2026 \u00B7 ", _jsx("a", { href: "https://dupe.com", children: "Dupe.com" })] })] }), _jsxs("nav", { class: "wp-toc", children: [_jsx("div", { class: "wp-toc-title", children: "Contents" }), _jsxs("ol", { children: [_jsx("li", { children: _jsx("a", { href: "#executive-summary", children: "Executive Summary" }) }), _jsx("li", { children: _jsx("a", { href: "#the-problem", children: "The Problem: Who Is This Agent?" }) }), _jsx("li", { children: _jsx("a", { href: "#what-is-botcha", children: "BOTCHA: Reverse CAPTCHA for AI Agents" }) }), _jsx("li", { children: _jsx("a", { href: "#the-challenge-system", children: "How It Works: The Challenge System" }) }), _jsx("li", { children: _jsx("a", { href: "#tap", children: "The Trusted Agent Protocol (TAP)" }) }), _jsx("li", { children: _jsx("a", { href: "#architecture", children: "Architecture and Security" }) }), _jsx("li", { children: _jsx("a", { href: "#identity-layer", children: "The Full Identity Layer" }) }), _jsx("li", { children: _jsx("a", { href: "#protocol-integrations", children: "Protocol Integrations" }) }), _jsx("li", { children: _jsx("a", { href: "#integration", children: "Integration: SDKs and Middleware" }) }), _jsx("li", { children: _jsx("a", { href: "#the-stack", children: "The Agent Infrastructure Stack" }) }), _jsx("li", { children: _jsx("a", { href: "#use-cases", children: "Use Cases" }) }), _jsx("li", { children: _jsx("a", { href: "#roadmap", children: "Roadmap" }) })] })] }), _jsx("h2", { id: "executive-summary", children: "1. Executive Summary" }), _jsx("p", { children: "BOTCHA is a reverse CAPTCHA \u2014 a verification system that proves you are an AI agent, not a human. While traditional CAPTCHAs exist to block bots, BOTCHA exists to welcome them." }), _jsx("p", { children: "As AI agents become first-class participants on the internet \u2014 browsing, purchasing, comparing, auditing \u2014 they need a way to prove their identity and declare their intent. BOTCHA provides three layers of proof:" }), _jsxs("ul", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Proof of AI" }), " \u2014 Computational challenges (SHA-256 hashes in under 500ms) that only machines can solve."] }), _jsxs("li", { children: [_jsx("strong", { children: "Proof of Identity" }), " \u2014 Persistent agent registration with cryptographic keys, verified via ", _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9421", target: "_blank", rel: "noopener", children: "HTTP Message Signatures (RFC 9421)" }), "."] }), _jsxs("li", { children: [_jsx("strong", { children: "Proof of Intent" }), " \u2014 Capability-scoped sessions where agents declare what they plan to do, for how long, and on behalf of whom."] })] }), _jsxs("p", { children: ["BOTCHA is open source, free to use, and deployed as a hosted service at", ' ', _jsx("a", { href: "https://botcha.ai", children: "botcha.ai" }), ". It ships TypeScript and Python SDKs, server-side verification middleware, a CLI, and a LangChain integration."] }), _jsx("h2", { id: "the-problem", children: "2. The Problem: Who Is This Agent?" }), _jsx("p", { children: "The internet was built for humans. Authentication systems \u2014 passwords, OAuth, CAPTCHAs \u2014 all assume a human is at the keyboard. But the web is changing." }), _jsx("h3", { children: "The rise of agentic AI" }), _jsxs("p", { children: ["AI agents are no longer just answering questions. They are ", _jsx("strong", { children: "browsing" }), " product catalogs on behalf of consumers, ", _jsx("strong", { children: "comparing" }), " prices across retailers,", ' ', _jsx("strong", { children: "purchasing" }), " goods and services with real money,", ' ', _jsx("strong", { children: "auditing" }), " compliance postures, and ", _jsx("strong", { children: "negotiating" }), " contracts."] }), _jsx("p", { children: "Every major AI lab is building agent capabilities. OpenAI's Operator, Anthropic's computer use, Google's Project Mariner \u2014 these are production systems that interact with real APIs and real businesses." }), _jsx("h3", { children: "The identity gap" }), _jsx("p", { children: "When an AI agent hits your API, you face three questions that existing infrastructure cannot answer:" }), _jsxs("ol", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Is this actually an AI agent?" }), " User-Agent strings are trivially spoofable. There is no reliable way to distinguish a real AI agent from a script pretending to be one."] }), _jsxs("li", { children: [_jsx("strong", { children: "Which specific agent is this?" }), " Even if you know it is AI, you do not know if it belongs to a known organization or what its track record is."] }), _jsxs("li", { children: [_jsx("strong", { children: "What does it intend to do?" }), " An agent browsing your catalog is very different from one attempting a purchase. Traditional auth grants blanket access \u2014 it does not capture intent."] })] }), _jsx("h3", { children: "What happens without agent identity" }), _jsx("p", { children: "Without a reliable identity layer, the agentic web defaults to chaos. APIs cannot set appropriate rate limits. Businesses cannot authorize transactions. Agents cannot build reputation. Fraud is trivial because there is no audit trail." }), _jsx("h2", { id: "what-is-botcha", children: "3. BOTCHA: Reverse CAPTCHA for AI Agents" }), _jsx("p", { children: "BOTCHA inverts the CAPTCHA model. Instead of proving you are human, you prove you are a machine." }), _jsx("h3", { children: "The core idea" }), _jsxs("p", { children: ["A CAPTCHA asks: ", _jsx("em", { children: "Can you identify traffic lights in this image?" }), " A human can; a bot struggles."] }), _jsxs("p", { children: ["BOTCHA asks: ", _jsx("em", { children: "Can you compute 5 SHA-256 hashes in 500 milliseconds?" }), " A machine can; a human cannot copy-paste fast enough."] }), _jsx("p", { children: "This inversion is not just a novelty \u2014 it is a fundamental shift. In a world where AI agents are legitimate, wanted participants, the question is no longer \"how do we keep bots out?\" but \"how do we let the right bots in?\"" }), _jsx("h3", { children: "Design principles" }), _jsxs("p", { children: [_jsx("strong", { children: "Agent-first, always." }), " Every feature in BOTCHA requires an AI agent as a participant. Humans are welcome, but only through an agent. If a human wants dashboard access, their agent generates a device code for them. There is no password form."] }), _jsxs("p", { children: [_jsx("strong", { children: "Fail-open on infrastructure errors." }), " If the backing store is unavailable, BOTCHA logs a warning and allows the request through. Blocking legitimate traffic is worse than letting an unverified request pass."] }), _jsxs("p", { children: [_jsx("strong", { children: "Zero configuration to start." }), " An agent can verify itself with a single HTTP request pair. No API keys, no registration \u2014 just solve the challenge and get a token."] }), _jsx("h2", { id: "the-challenge-system", children: "4. How It Works: The Challenge System" }), _jsx("p", { children: "BOTCHA offers four challenge types, each testing a different aspect of machine capability." }), _jsx("h3", { children: "Speed Challenge" }), _jsxs("p", { children: ["The primary verification method. The server generates 5 random 6-digit numbers. The agent computes the SHA-256 hash of each and returns the first 8 hex characters \u2014 all within ", _jsx("strong", { children: "500 milliseconds" }), "."] }), _jsx("p", { children: "The time limit is generous for any programming language but impossible for a human to copy-paste through. The challenge is not computationally hard \u2014 it is computationally trivial, but only if you are a machine." }), _jsxs("p", { children: [_jsx("strong", { children: "RTT-aware fairness:" }), " The time limit adjusts for network latency. An agent on a satellite connection gets extra time. This prevents geographic discrimination while capping at 5 seconds to prevent abuse."] }), _jsx("h3", { children: "Reasoning Challenge" }), _jsx("p", { children: "Tests language understanding. The server selects 3 questions from 6 categories: math, code, logic, wordplay, common-sense, and analogy. The agent has 30 seconds." }), _jsxs("p", { children: ["All questions use ", _jsx("strong", { children: "parameterized generators" }), " producing unique values each time. There is no static question bank to memorize. Combined with 45+ generators, the effective answer space is infinite."] }), _jsx("h3", { children: "Hybrid Challenge" }), _jsxs("p", { children: ["The default challenge type. Combines speed and reasoning \u2014 both must pass. Proves the agent can compute fast ", _jsx("em", { children: "and" }), " reason about language."] }), _jsx("h3", { children: "Standard (Compute) Challenge" }), _jsx("p", { children: "A heavier computational challenge: generate prime numbers, concatenate with a random salt, compute SHA-256. Difficulty scales from easy (100 primes, 10s) to hard (1000 primes, 3s)." }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Challenge" }), _jsx("th", { children: "Tests" }), _jsx("th", { children: "Time Limit" }), _jsx("th", { children: "Best For" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Speed" }), _jsx("td", { children: "Computation speed" }), _jsx("td", { children: "500ms" }), _jsx("td", { children: "Quick verification, high throughput" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Reasoning" }), _jsx("td", { children: "Language understanding" }), _jsx("td", { children: "30s" }), _jsx("td", { children: "Proving AI comprehension" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Hybrid" }), _jsx("td", { children: "Both" }), _jsx("td", { children: "35s" }), _jsx("td", { children: "Default \u2014 strongest proof" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Compute" }), _jsx("td", { children: "Heavy computation" }), _jsx("td", { children: "3-10s" }), _jsx("td", { children: "High-value operations" })] })] })] }), _jsx("h2", { id: "tap", children: "5. The Trusted Agent Protocol (TAP)" }), _jsxs("p", { children: ["Solving a challenge proves you are ", _jsx("em", { children: "a bot" }), ". TAP proves you are", ' ', _jsx("em", { children: "a specific, trusted bot" }), "."] }), _jsx("h3", { children: "What is TAP?" }), _jsxs("p", { children: ["The Trusted Agent Protocol is an identity and authorization layer built on top of BOTCHA's proof-of-bot system. Inspired by", ' ', _jsx("a", { href: "https://developer.visa.com/capabilities/trusted-agent-protocol/overview", target: "_blank", rel: "noopener", children: "Visa's Trusted Agent Protocol" }), ", BOTCHA's TAP provides:"] }), _jsxs("ul", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Persistent agent identity" }), " \u2014 unique ID, name, and operator metadata."] }), _jsxs("li", { children: [_jsx("strong", { children: "Cryptographic verification" }), " \u2014 ECDSA P-256 or RSA-PSS public keys; requests signed via ", _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9421", target: "_blank", rel: "noopener", children: "HTTP Message Signatures (RFC 9421)" }), "."] }), _jsxs("li", { children: [_jsx("strong", { children: "Capability-based access control" }), " \u2014 agents declare actions: ", _jsx("code", { children: "browse" }), ", ", _jsx("code", { children: "search" }), ", ", _jsx("code", { children: "compare" }), ", ", _jsx("code", { children: "purchase" }), ", ", _jsx("code", { children: "audit" }), "."] }), _jsxs("li", { children: [_jsx("strong", { children: "Intent-scoped sessions" }), " \u2014 time-limited sessions validated against capabilities."] }), _jsxs("li", { children: [_jsx("strong", { children: "Trust levels" }), " \u2014 ", _jsx("code", { children: "basic" }), ", ", _jsx("code", { children: "verified" }), ", ", _jsx("code", { children: "enterprise" }), "."] })] }), _jsx("h3", { children: "Agent registration" }), _jsx("pre", { children: _jsx("code", { children: `POST /v1/agents/register/tap
 {
   "name": "shopping-agent",
   "operator": "acme-corp",
@@ -386,7 +386,7 @@ export const WhitepaperPage = ({ version }) => {
       "restrictions": { "max_amount": 500 } }
   ],
   "trust_level": "basic"
-}` }) }), _jsx("p", { children: "For cryptographic identity, agents register a public key and sign requests using RFC 9421:" }), _jsx("pre", { children: _jsx("code", { children: `x-tap-agent-id: agent_6ddfd9f10cfd8dfc
+}` }) }), _jsxs("p", { children: ["For cryptographic identity, agents register a public key and sign requests using", ' ', _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9421", target: "_blank", rel: "noopener", children: "RFC 9421" }), ":"] }), _jsx("pre", { children: _jsx("code", { children: `x-tap-agent-id: agent_6ddfd9f10cfd8dfc
 x-tap-intent: {"action":"browse","resource":"products"}
 signature-input: sig1=("@method" "@path" "x-tap-agent-id");created=...;alg="ecdsa-p256-sha256"
 signature: sig1=:BASE64_SIGNATURE:` }) }), _jsx("h3", { children: "Intent validation and scoped sessions" }), _jsx("p", { children: "Before acting, a TAP agent creates a session declaring its intent. The server validates the intent against the agent's registered capabilities, checks scope, and enforces a maximum duration of 24 hours." }), _jsx("pre", { children: _jsx("code", { children: `POST /v1/sessions/tap
@@ -394,7 +394,45 @@ signature: sig1=:BASE64_SIGNATURE:` }) }), _jsx("h3", { children: "Intent valida
   "agent_id": "agent_6ddfd9f10cfd8dfc",
   "intent": { "action": "browse", "resource": "products", "duration": 3600 },
   "user_context": "anon_user_hash"
-}` }) }), _jsx("h3", { children: "The verification hierarchy" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Layer" }), _jsx("th", { children: "Proves" }), _jsx("th", { children: "Mechanism" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Anonymous" }), _jsx("td", { children: "\"I am a bot\"" }), _jsx("td", { children: "Speed challenge in <500ms" })] }), _jsxs("tr", { children: [_jsx("td", { children: "App-scoped" }), _jsx("td", { children: "\"I belong to this org\"" }), _jsx("td", { children: "Challenge + app_id" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Agent identity" }), _jsx("td", { children: "\"I am this specific bot\"" }), _jsx("td", { children: "Registered ID + capabilities" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Cryptographic" }), _jsx("td", { children: "\"I can prove I am this bot\"" }), _jsx("td", { children: "RFC 9421 signatures" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Dual auth" }), _jsx("td", { children: "\"Verified bot, proven identity\"" }), _jsx("td", { children: "Challenge + signature" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Intent-scoped" }), _jsx("td", { children: "\"I intend to do this now\"" }), _jsx("td", { children: "Validated session" })] })] })] }), _jsx("h2", { id: "architecture", children: "6. Architecture and Security" }), _jsx("h3", { children: "Infrastructure" }), _jsxs("p", { children: ["BOTCHA runs on ", _jsx("strong", { children: "Cloudflare Workers" }), " \u2014 deployed to 300+ edge locations globally. Sub-50ms cold starts, KV storage for all state, no servers to manage."] }), _jsx("h3", { children: "Token system" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Token" }), _jsx("th", { children: "Lifetime" }), _jsx("th", { children: "Purpose" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Access token" }), _jsx("td", { children: "1 hour" }), _jsx("td", { children: "API access via Bearer header" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Refresh token" }), _jsx("td", { children: "1 hour" }), _jsx("td", { children: "Obtain new access tokens without re-solving" })] })] })] }), _jsx("p", { children: "Tokens are HMAC-SHA256 JWTs carrying the solved challenge ID (proof of work), a unique JTI for revocation, optional audience claims, and the solve time in milliseconds." }), _jsx("h3", { children: "Cryptography" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Operation" }), _jsx("th", { children: "Algorithm" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Challenge answers" }), _jsx("td", { children: "SHA-256" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Token signing" }), _jsx("td", { children: "HMAC-SHA256 (HS256)" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Secret storage" }), _jsx("td", { children: "SHA-256 (never stored in plaintext)" })] }), _jsxs("tr", { children: [_jsx("td", { children: "TAP signatures" }), _jsx("td", { children: "ECDSA P-256 or RSA-PSS SHA-256" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Secret validation" }), _jsx("td", { children: "Constant-time comparison" })] })] })] }), _jsx("h3", { children: "Anti-gaming measures" }), _jsxs("ul", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Single-use challenges" }), " \u2014 deleted from storage on first attempt."] }), _jsxs("li", { children: [_jsx("strong", { children: "Timestamp validation" }), " \u2014 rejects timestamps older than 30 seconds or in the future."] }), _jsxs("li", { children: [_jsx("strong", { children: "RTT capped at 5 seconds" }), " \u2014 prevents time manipulation."] }), _jsxs("li", { children: [_jsx("strong", { children: "Parameterized question generators" }), " \u2014 no static lookup tables."] }), _jsxs("li", { children: [_jsx("strong", { children: "Salted compute challenges" }), " \u2014 defeats precomputed hash tables."] }), _jsxs("li", { children: [_jsx("strong", { children: "User-Agent ignored" }), " \u2014 trivially spoofable, not used for verification."] }), _jsxs("li", { children: [_jsx("strong", { children: "Anti-enumeration" }), " \u2014 recovery endpoints return identical shapes regardless of email existence."] })] }), _jsx("h3", { children: "Human handoff" }), _jsxs("p", { children: ["When a human needs dashboard access, the agent solves a challenge and receives a device code (e.g., ", _jsx("code", { children: "BOTCHA-RBA89X" }), "). The human opens the link and is logged in. This adapts the OAuth 2.0 Device Authorization Grant (RFC 8628) with a twist: the agent must solve a BOTCHA challenge to generate the code. No agent, no code."] }), _jsx("h2", { id: "integration", children: "7. Integration: SDKs and Middleware" }), _jsx("h3", { children: "Client SDKs (for agents)" }), _jsxs("p", { children: [_jsx("strong", { children: "TypeScript" }), " (", _jsx("code", { children: "@dupecom/botcha" }), " on npm):"] }), _jsx("pre", { children: _jsx("code", { children: `import { BotchaClient } from '@dupecom/botcha';
+}` }) }), _jsx("h3", { children: "The verification hierarchy" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Layer" }), _jsx("th", { children: "Proves" }), _jsx("th", { children: "Mechanism" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Anonymous" }), _jsx("td", { children: "\"I am a bot\"" }), _jsx("td", { children: "Speed challenge in <500ms" })] }), _jsxs("tr", { children: [_jsx("td", { children: "App-scoped" }), _jsx("td", { children: "\"I belong to this org\"" }), _jsx("td", { children: "Challenge + app_id" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Agent identity" }), _jsx("td", { children: "\"I am this specific bot\"" }), _jsx("td", { children: "Registered ID + capabilities" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Cryptographic" }), _jsx("td", { children: "\"I can prove I am this bot\"" }), _jsxs("td", { children: [_jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9421", target: "_blank", rel: "noopener", children: "RFC 9421" }), " signatures"] })] }), _jsxs("tr", { children: [_jsx("td", { children: "Dual auth" }), _jsx("td", { children: "\"Verified bot, proven identity\"" }), _jsx("td", { children: "Challenge + signature" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Intent-scoped" }), _jsx("td", { children: "\"I intend to do this now\"" }), _jsx("td", { children: "Validated session" })] })] })] }), _jsx("h2", { id: "architecture", children: "6. Architecture and Security" }), _jsx("h3", { children: "Infrastructure" }), _jsxs("p", { children: ["BOTCHA runs on ", _jsx("strong", { children: "Cloudflare Workers" }), " \u2014 deployed to 300+ edge locations globally. Sub-50ms cold starts, KV storage for all state, no servers to manage."] }), _jsx("h3", { children: "Token system" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Token" }), _jsx("th", { children: "Lifetime" }), _jsx("th", { children: "Purpose" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Access token" }), _jsx("td", { children: "1 hour" }), _jsx("td", { children: "API access via Bearer header" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Refresh token" }), _jsx("td", { children: "1 hour" }), _jsx("td", { children: "Obtain new access tokens without re-solving" })] })] })] }), _jsx("p", { children: "Tokens are HMAC-SHA256 JWTs carrying the solved challenge ID (proof of work), a unique JTI for revocation, optional audience claims, and the solve time in milliseconds." }), _jsx("h3", { children: "Cryptography" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Operation" }), _jsx("th", { children: "Algorithm" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Challenge answers" }), _jsx("td", { children: "SHA-256" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Token signing" }), _jsx("td", { children: "HMAC-SHA256 (HS256)" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Secret storage" }), _jsx("td", { children: "SHA-256 (never stored in plaintext)" })] }), _jsxs("tr", { children: [_jsx("td", { children: "TAP signatures" }), _jsx("td", { children: "ECDSA P-256 or RSA-PSS SHA-256" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Secret validation" }), _jsx("td", { children: "Constant-time comparison" })] })] })] }), _jsx("h3", { children: "Anti-gaming measures" }), _jsxs("ul", { children: [_jsxs("li", { children: [_jsx("strong", { children: "Single-use challenges" }), " \u2014 deleted from storage on first attempt."] }), _jsxs("li", { children: [_jsx("strong", { children: "Timestamp validation" }), " \u2014 rejects timestamps older than 30 seconds or in the future."] }), _jsxs("li", { children: [_jsx("strong", { children: "RTT capped at 5 seconds" }), " \u2014 prevents time manipulation."] }), _jsxs("li", { children: [_jsx("strong", { children: "Parameterized question generators" }), " \u2014 no static lookup tables."] }), _jsxs("li", { children: [_jsx("strong", { children: "Salted compute challenges" }), " \u2014 defeats precomputed hash tables."] }), _jsxs("li", { children: [_jsx("strong", { children: "User-Agent ignored" }), " \u2014 trivially spoofable, not used for verification."] }), _jsxs("li", { children: [_jsx("strong", { children: "Anti-enumeration" }), " \u2014 recovery endpoints return identical shapes regardless of email existence."] })] }), _jsx("h3", { children: "Human handoff" }), _jsxs("p", { children: ["When a human needs dashboard access, the agent solves a challenge and receives a device code (e.g., ", _jsx("code", { children: "BOTCHA-RBA89X" }), "). The human opens the link and is logged in. This adapts the ", _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc8628", target: "_blank", rel: "noopener", children: "OAuth 2.0 Device Authorization Grant (RFC 8628)" }), " with a twist: the agent must solve a BOTCHA challenge to generate the code. No agent, no code."] }), _jsx("h2", { id: "identity-layer", children: "7. The Full Identity Layer" }), _jsx("p", { children: "BOTCHA has grown beyond a proof-of-bot challenge system into a complete identity infrastructure for AI agents. The stack now covers verification, delegation, attestation, reputation, portable credentials, and payment-gated access." }), _jsx("h3", { children: "Delegation Chains" }), _jsx("p", { children: "\"User X authorized Agent Y to do Z until time T.\" Delegation chains encode this relationship cryptographically. An orchestrator agent can delegate a subset of its capabilities to a sub-agent, which can further sub-delegate \u2014 but capabilities can only narrow, never expand. Revoking any link cascades to all descendants." }), _jsx("pre", { children: _jsx("code", { children: `POST /v1/delegations
+{
+  "grantor_id": "agent_aaa",
+  "grantee_id": "agent_bbb",
+  "capabilities": [{"action": "browse", "resource": "products"}],
+  "ttl": 3600
+}
+
+POST /v1/verify/delegation  ← verify entire chain in one call` }) }), _jsx("h3", { children: "Capability Attestation" }), _jsxs("p", { children: ["Fine-grained permission tokens using ", _jsx("code", { children: "action:resource" }), " patterns with explicit deny rules. An attestation token encodes both what an agent ", _jsx("em", { children: "can" }), " do and what it explicitly ", _jsx("em", { children: "cannot" }), " do. Deny rules always take precedence. Wildcards are supported: ", _jsx("code", { children: "browse:*" }), ", ", _jsx("code", { children: "*:products" }), "."] }), _jsx("pre", { children: _jsx("code", { children: `POST /v1/attestations
+{
+  "agent_id": "agent_...",
+  "can": ["read:invoices", "browse:*"],
+  "cannot": ["purchase:*"],
+  "ttl": 3600
+}
+// Returns signed JWT → present as X-Botcha-Attestation header` }) }), _jsx("h3", { children: "Agent Reputation" }), _jsx("p", { children: "A score-based reputation system (0\u20131000, five tiers) that tracks agent behavior across 18 action types in 6 categories: verification, commerce, compliance, social, security, and governance. Scores decay toward the neutral midpoint (500) without activity, preventing stale reputation from persisting indefinitely." }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Score Range" }), _jsx("th", { children: "Tier" }), _jsx("th", { children: "Effect" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "0\u2013199" }), _jsx("td", { children: "untrusted" }), _jsx("td", { children: "Blocked from sensitive endpoints" })] }), _jsxs("tr", { children: [_jsx("td", { children: "200\u2013399" }), _jsx("td", { children: "low" }), _jsx("td", { children: "Reduced rate limits" })] }), _jsxs("tr", { children: [_jsx("td", { children: "400\u2013599" }), _jsx("td", { children: "neutral" }), _jsx("td", { children: "Default access" })] }), _jsxs("tr", { children: [_jsx("td", { children: "600\u2013799" }), _jsx("td", { children: "good" }), _jsx("td", { children: "Elevated rate limits" })] }), _jsxs("tr", { children: [_jsx("td", { children: "800\u20131000" }), _jsx("td", { children: "excellent" }), _jsx("td", { children: "Fastest paths, priority queues" })] })] })] }), _jsx("h3", { children: "Webhooks" }), _jsx("p", { children: "Per-app webhook endpoints receive signed event deliveries over HTTP POST. Payloads are signed with HMAC-SHA256. Apps can subscribe to specific event types: token lifecycle, TAP sessions, delegation changes." }), _jsx("h2", { id: "protocol-integrations", children: "8. Protocol Integrations" }), _jsx("p", { children: "BOTCHA integrates with every major emerging agentic protocol, acting as the identity and verification layer for each standard." }), _jsx("h3", { children: "x402 Payment Gating" }), _jsxs("p", { children: [_jsx("a", { href: "https://x402.org/", target: "_blank", rel: "noopener", children: "x402" }), " micropayment flow using USDC on Base. Agents pay $0.001 USDC instead of solving a speed challenge. The standard 402 Payment Required response carries payment terms; the agent re-requests with an ", _jsx("code", { children: "X-Payment" }), " header carrying a payment proof and receives a BOTCHA access token."] }), _jsx("pre", { children: _jsx("code", { children: `GET /v1/x402/challenge
+← 402 { amount: "0.001", currency: "USDC", chain: "base", recipient: "0x..." }
+← Agent pays, retries with X-Payment header
+← 200 { access_token: "eyJ..." }` }) }), _jsx("p", { children: "This provides a payment-alternative to the proof-of-computation model \u2014 useful for high-throughput agents where challenge solving overhead is undesirable, and for monetizing API access without requiring a subscription." }), _jsx("h3", { children: "Agent Name Service (ANS)" }), _jsxs("p", { children: ["BOTCHA implements the", ' ', _jsx("a", { href: "https://www.godaddy.com/engineering/2024/12/16/agent-name-service/", target: "_blank", rel: "noopener", children: "GoDaddy-led ANS standard" }), ' ', "\u2014 a DNS-based agent identity system where an agent's name resolves via TXT records to its endpoint and identity metadata. BOTCHA serves as a verification and badging layer: agents prove ownership of their ANS name and receive a BOTCHA-signed badge JWT."] }), _jsx("pre", { children: _jsx("code", { children: `GET /v1/ans/resolve/my-agent.agents  → DNS TXT lookup + BOTCHA badge
+POST /v1/ans/verify                  → prove DNS ownership → issue badge` }) }), _jsx("h3", { children: "W3C DID / Verifiable Credentials" }), _jsxs("p", { children: ["BOTCHA operates as a", ' ', _jsx("a", { href: "https://www.w3.org/TR/did-core/", target: "_blank", rel: "noopener", children: "W3C Decentralized Identifier (DID)" }), ' ', "issuer under ", _jsx("code", { children: "did:web:botcha.ai" }), ". After solving a challenge, an agent can request a", ' ', _jsx("a", { href: "https://www.w3.org/TR/vc-data-model/", target: "_blank", rel: "noopener", children: "W3C Verifiable Credential" }), ' ', "JWT. The VC is signed with BOTCHA's private key and can be verified by any party who resolves the DID Document \u2014 no round-trip to BOTCHA required."] }), _jsx("pre", { children: _jsx("code", { children: `// 1. Resolve the issuer
+GET /.well-known/did.json → DID Document with public key
+
+// 2. Issue credential
+POST /v1/credentials/issue  (Authorization: Bearer <botcha-token>)
+→ { "vc": "eyJ..." }  ← portable JWT, verifiable offline
+
+// 3. Anyone can verify
+POST /v1/credentials/verify
+→ { "valid": true, "payload": { "iss": "did:web:botcha.ai", ... } }` }) }), _jsx("p", { children: "This enables agent credentials that travel across trust boundaries. A BOTCHA VC issued to an agent can be presented to a third-party API, a financial institution, or another agent network without those parties needing a BOTCHA account." }), _jsx("h3", { children: "A2A Agent Card Attestation" }), _jsxs("p", { children: ["Google's ", _jsx("a", { href: "https://google.github.io/A2A/", target: "_blank", rel: "noopener", children: "A2A (Agent-to-Agent) protocol" }), ' ', "defines a standard JSON Agent Card format published at ", _jsx("code", { children: "/.well-known/agent.json" }), ". BOTCHA acts as a trust seal issuer: any agent that publishes an A2A card can submit it to BOTCHA for attestation. BOTCHA produces a tamper-evident hash-and-signature bundle that third parties can verify without contacting BOTCHA again."] }), _jsx("pre", { children: _jsx("code", { children: `POST /v1/a2a/attest  (Authorization: Bearer <botcha-token>)
+→ { "attestation": { "trust_level": "verified", "token": "eyJ..." },
+    "attested_card": { "extensions": { "botcha_attestation": {...} } } }
+
+POST /v1/a2a/verify-card  ← verify any attested card offline` }) }), _jsxs("p", { children: ["BOTCHA publishes its own A2A Agent Card at", ' ', _jsx("code", { children: "/.well-known/agent.json" }), ", making it auto-discoverable by A2A-aware agents."] }), _jsx("h3", { children: "OIDC-A Attestation" }), _jsxs("p", { children: ["Enterprise agent authentication chains require a bridge between human identity systems and agent identity systems.", ' ', _jsx("a", { href: "https://openid.net/specs/openid-connect-core-1_0.html", target: "_blank", rel: "noopener", children: "OIDC-A (OpenID Connect for Agents)" }), ' ', "provides this bridge. BOTCHA implements:"] }), _jsxs("ul", { children: [_jsxs("li", { children: [_jsx("strong", { children: _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9334", target: "_blank", rel: "noopener", children: "Entity Attestation Tokens (EAT / RFC 9334)" }) }), " \u2014 signed JWTs that attest agent provenance, verification method, and model identity. Suitable for presentation to enterprise relying parties."] }), _jsxs("li", { children: [_jsx("strong", { children: "OIDC-A Agent Claims" }), " \u2014 an OIDC claims block carrying", _jsx("code", { children: "agent_model" }), ", ", _jsx("code", { children: "agent_operator" }), ",", ' ', _jsx("code", { children: "human_oversight_required" }), ", and task metadata. Compatible with standard OAuth2 token responses."] }), _jsxs("li", { children: [_jsx("strong", { children: "Agent Grant Flow" }), " \u2014 an OAuth2-style authorization grant where an agent requests access on behalf of a human. If ", _jsx("code", { children: "human_oversight_required" }), ' ', "is set, the grant is pending until the human approves via a BOTCHA oversight URL."] })] }), _jsx("pre", { children: _jsx("code", { children: `// Enterprise chain: human → IdP → BOTCHA → agent
+POST /v1/attestation/eat
+→ EAT JWT (RFC 9334) for relying party presentation
+
+POST /v1/auth/agent-grant
+→ { "grant_id": "...", "status": "pending", "oversight_url": "..." }
+// Human approves at oversight_url → agent receives access` }) }), _jsx("h2", { id: "integration", children: "9. Integration: SDKs and Middleware" }), _jsx("h3", { children: "Client SDKs (for agents)" }), _jsxs("p", { children: [_jsx("strong", { children: "TypeScript" }), " (", _jsx("code", { children: "@dupecom/botcha" }), " on npm):"] }), _jsx("pre", { children: _jsx("code", { children: `import { BotchaClient } from '@dupecom/botcha';
 const client = new BotchaClient();
 
 // Drop-in fetch replacement — auto-solves challenges on 403
@@ -414,5 +452,5 @@ async def products(token=Depends(botcha)):
     return {"solve_time": token.solve_time}` }) }), _jsx("p", { children: "Also available: Hono middleware, Django middleware, and TAP-enhanced middleware with full cryptographic + computational dual verification." }), _jsx("h3", { children: "CLI" }), _jsx("pre", { children: _jsx("code", { children: `npm install -g @dupecom/botcha-cli
 botcha init --email you@company.com
 botcha tap register --name "my-agent" --capabilities browse,search
-botcha tap session --action browse --resource products --duration 1h` }) }), _jsx("h2", { id: "the-stack", children: "8. The Agent Infrastructure Stack" }), _jsx("p", { children: "BOTCHA positions itself alongside other emerging agent protocols:" }), _jsxs("div", { class: "wp-stack", children: [_jsxs("div", { class: "wp-stack-layer wp-stack-highlight", children: [_jsx("span", { class: "wp-stack-label", children: "Layer 3" }), _jsx("span", { class: "wp-stack-name", children: "TAP (BOTCHA)" }), _jsx("span", { class: "wp-stack-desc", children: "Who agents are" })] }), _jsxs("div", { class: "wp-stack-layer", children: [_jsx("span", { class: "wp-stack-label", children: "Layer 2" }), _jsx("span", { class: "wp-stack-name", children: "A2A (Google)" }), _jsx("span", { class: "wp-stack-desc", children: "How agents talk" })] }), _jsxs("div", { class: "wp-stack-layer", children: [_jsx("span", { class: "wp-stack-label", children: "Layer 1" }), _jsx("span", { class: "wp-stack-name", children: "MCP (Anthropic)" }), _jsx("span", { class: "wp-stack-desc", children: "What agents access" })] })] }), _jsxs("p", { children: [_jsx("strong", { children: "MCP" }), " gives agents access to tools and data. ", _jsx("strong", { children: "A2A" }), " enables multi-agent coordination. ", _jsx("strong", { children: "TAP" }), " provides identity, capability scoping, and intent declaration."] }), _jsx("p", { children: "Without an identity layer, the other layers have a trust gap. MCP can give an agent access to a database, but who authorized it? A2A can let agents delegate tasks, but can you trust the delegate? TAP closes this gap." }), _jsx("h2", { id: "use-cases", children: "9. Use Cases" }), _jsx("h3", { children: "E-commerce agent verification" }), _jsxs("p", { children: ["A shopping agent registers with ", _jsx("code", { children: "browse" }), ", ", _jsx("code", { children: "compare" }), ", and", ' ', _jsx("code", { children: "purchase" }), " capabilities. It creates sessions scoped to specific actions. The retailer verifies identity, checks capabilities, and maintains a full audit trail of which agent made each purchase, when, and on behalf of whom."] }), _jsx("h3", { children: "API access control" }), _jsx("p", { children: "An API provider adds BOTCHA middleware to protected endpoints. Legitimate agents solve the speed challenge; scrapers pretending to be AI cannot. The provider gets rate limiting, solve-time analytics, and agent identification \u2014 without requiring API keys." }), _jsx("h3", { children: "Multi-agent systems" }), _jsx("p", { children: "A coordinator agent delegates tasks to sub-agents, each registered with scoped capabilities. The coordinator can verify sub-agent actions via TAP sessions. Capabilities are bounded at the protocol level." }), _jsx("h3", { children: "Compliance and auditing" }), _jsx("p", { children: "Financial services APIs use TAP's audit logging to record every agent interaction. Each request includes agent ID, intent, user context, and timestamp. Trust levels enable graduated access to sensitive endpoints." }), _jsx("h2", { id: "roadmap", children: "10. Roadmap" }), _jsx("h3", { children: "Shipped" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Feature" }), _jsx("th", { children: "Description" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Challenge types" }), _jsx("td", { children: "Speed, Reasoning, Hybrid, and Compute" })] }), _jsxs("tr", { children: [_jsx("td", { children: "JWT token system" }), _jsx("td", { children: "1-hr access, 1-hr refresh, revocation, audience claims" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Multi-tenant apps" }), _jsx("td", { children: "Per-app rate limits, scoped tokens, isolated analytics" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Agent Registry" }), _jsx("td", { children: "Persistent identities with names and operators" })] }), _jsxs("tr", { children: [_jsx("td", { children: "TAP" }), _jsx("td", { children: "Cryptographic identity, capability scoping, intent sessions" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Dashboard" }), _jsx("td", { children: "Per-app analytics and metrics" })] }), _jsxs("tr", { children: [_jsx("td", { children: "SDKs" }), _jsx("td", { children: "TypeScript, Python, CLI, LangChain" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Server verification" }), _jsx("td", { children: "Express, Hono, FastAPI, Django middleware" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Discovery" }), _jsx("td", { children: "ai.txt, OpenAPI, AI Plugin manifest, embedded metadata" })] })] })] }), _jsx("h3", { children: "Planned" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Feature" }), _jsx("th", { children: "Description" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Delegation chains" }), _jsx("td", { children: "Signed \"User X authorized Agent Y to do Z until T\"" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Capability attestation" }), _jsx("td", { children: "Token claims with server-side enforcement" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Agent reputation" }), _jsx("td", { children: "Trust scores, faster verification for high-rep agents" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Agent SSO" }), _jsx("td", { children: "Verify once, trusted everywhere (OIDC for agents)" })] }), _jsxs("tr", { children: [_jsx("td", { children: "RFC contribution" }), _jsx("td", { children: "Internet-Draft for agent identity, target IETF" })] })] })] }), _jsxs("div", { class: "wp-cta", children: [_jsx("div", { class: "wp-cta-title", children: "Get started in 30 seconds" }), _jsx("code", { children: "npm install -g @dupecom/botcha-cli" }), _jsx("code", { children: "botcha init --email you@company.com" }), _jsx("code", { children: "botcha tap register --name \"my-agent\"" }), _jsxs("div", { class: "wp-cta-links", children: [_jsx("a", { href: "/", class: "wp-cta-link", children: "Home" }), _jsx("a", { href: "https://github.com/dupe-com/botcha", class: "wp-cta-link", children: "GitHub" }), _jsx("a", { href: "/openapi.json", class: "wp-cta-link", children: "OpenAPI" }), _jsx("a", { href: "https://www.npmjs.com/package/@dupecom/botcha", class: "wp-cta-link", children: "npm" }), _jsx("a", { href: "https://pypi.org/project/botcha/", class: "wp-cta-link", children: "PyPI" }), _jsx("a", { href: "/dashboard", class: "wp-cta-link", children: "Dashboard" })] })] })] }), _jsx(GlobalFooter, { version: version })] })] }));
+botcha tap session --action browse --resource products --duration 1h` }) }), _jsx("h2", { id: "the-stack", children: "10. The Agent Infrastructure Stack" }), _jsx("p", { children: "BOTCHA positions itself alongside other emerging agent protocols:" }), _jsxs("div", { class: "wp-stack", children: [_jsxs("div", { class: "wp-stack-layer wp-stack-highlight", children: [_jsx("span", { class: "wp-stack-label", children: "BOTCHA" }), _jsx("span", { class: "wp-stack-name", children: "Identity + Trust Layer" }), _jsx("span", { class: "wp-stack-desc", children: "Who agents are, what they can do, what they've earned" })] }), _jsxs("div", { class: "wp-stack-layer", children: [_jsx("span", { class: "wp-stack-label", children: "Protocols" }), _jsx("span", { class: "wp-stack-name", children: "TAP / A2A / OIDC-A / ANS / DID-VC / x402" }), _jsx("span", { class: "wp-stack-desc", children: "Open standards BOTCHA implements as issuer/verifier" })] }), _jsxs("div", { class: "wp-stack-layer", children: [_jsx("span", { class: "wp-stack-label", children: "Coordination" }), _jsx("span", { class: "wp-stack-name", children: "A2A (Google) / MCP (Anthropic)" }), _jsx("span", { class: "wp-stack-desc", children: "How agents talk and access tools" })] }), _jsxs("div", { class: "wp-stack-layer", children: [_jsx("span", { class: "wp-stack-label", children: "Transport" }), _jsx("span", { class: "wp-stack-name", children: "HTTP / SSE / WebSocket" }), _jsx("span", { class: "wp-stack-desc", children: "Network layer" })] })] }), _jsxs("p", { children: [_jsx("strong", { children: "MCP" }), " gives agents access to tools and data. ", _jsx("strong", { children: "A2A" }), " enables multi-agent coordination. ", _jsx("strong", { children: "BOTCHA" }), " provides the full identity layer: proof of AI, cryptographic identity (TAP), capability attestation, portable credentials (DID/VC), DNS-based names (ANS), enterprise auth chains (OIDC-A), and payment-gated access (x402)."] }), _jsx("p", { children: "Without an identity layer, the other layers have a trust gap. MCP can give an agent access to a database, but who authorized it? A2A can let agents delegate tasks, but can you trust the delegate? BOTCHA closes this gap \u2014 at every layer of the stack." }), _jsx("h2", { id: "use-cases", children: "11. Use Cases" }), _jsx("h3", { children: "E-commerce agent verification" }), _jsxs("p", { children: ["A shopping agent registers with ", _jsx("code", { children: "browse" }), ", ", _jsx("code", { children: "compare" }), ", and", ' ', _jsx("code", { children: "purchase" }), " capabilities. It creates sessions scoped to specific actions. The retailer verifies identity, checks capabilities, and maintains a full audit trail of which agent made each purchase, when, and on behalf of whom."] }), _jsx("h3", { children: "API access control" }), _jsx("p", { children: "An API provider adds BOTCHA middleware to protected endpoints. Legitimate agents solve the speed challenge; scrapers pretending to be AI cannot. The provider gets rate limiting, solve-time analytics, and agent identification \u2014 without requiring API keys." }), _jsx("h3", { children: "Multi-agent systems" }), _jsx("p", { children: "A coordinator agent delegates tasks to sub-agents, each registered with scoped capabilities. The coordinator can verify sub-agent actions via TAP sessions. Capabilities are bounded at the protocol level." }), _jsx("h3", { children: "Compliance and auditing" }), _jsx("p", { children: "Financial services APIs use TAP's audit logging to record every agent interaction. Each request includes agent ID, intent, user context, and timestamp. Trust levels enable graduated access to sensitive endpoints." }), _jsx("h2", { id: "roadmap", children: "12. Roadmap" }), _jsx("h3", { children: "Shipped (v0.22.0)" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Feature" }), _jsx("th", { children: "Description" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Challenge types" }), _jsx("td", { children: "Speed, Reasoning, Hybrid, and Compute" })] }), _jsxs("tr", { children: [_jsx("td", { children: "JWT token system" }), _jsx("td", { children: "ES256 tokens, 1-hr access + refresh, revocation, audience claims" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Multi-tenant apps" }), _jsx("td", { children: "Per-app rate limits, scoped tokens, isolated analytics" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Agent Registry" }), _jsx("td", { children: "Persistent identities with names and operators" })] }), _jsxs("tr", { children: [_jsx("td", { children: "TAP" }), _jsxs("td", { children: ["Cryptographic identity (", _jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9421", target: "_blank", rel: "noopener", children: "RFC 9421" }), "), capability scoping, intent sessions, Layer 2/3"] })] }), _jsxs("tr", { children: [_jsx("td", { children: "Delegation chains" }), _jsx("td", { children: "Signed capability delegation with cascade revocation" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Capability attestation" }), _jsx("td", { children: "action:resource tokens with deny rules, wildcard patterns" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Agent reputation" }), _jsx("td", { children: "0\u20131000 score, 5 tiers, 18 action types, mean-reversion decay" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Webhooks" }), _jsx("td", { children: "Per-app signed event deliveries for 6 event types" })] }), _jsxs("tr", { children: [_jsx("td", { children: "x402 payment gating" }), _jsxs("td", { children: [_jsx("a", { href: "https://x402.org/", target: "_blank", rel: "noopener", children: "x402" }), " HTTP 402 + USDC on Base \u2014 pay instead of solving"] })] }), _jsxs("tr", { children: [_jsx("td", { children: "ANS integration" }), _jsxs("td", { children: [_jsx("a", { href: "https://www.godaddy.com/engineering/2024/12/16/agent-name-service/", target: "_blank", rel: "noopener", children: "GoDaddy ANS" }), " standard \u2014 DNS-based identity + BOTCHA badges"] })] }), _jsxs("tr", { children: [_jsx("td", { children: "DID/VC issuer" }), _jsxs("td", { children: [_jsx("a", { href: "https://www.w3.org/TR/did-core/", target: "_blank", rel: "noopener", children: "W3C DID" }), " / ", _jsx("a", { href: "https://www.w3.org/TR/vc-data-model/", target: "_blank", rel: "noopener", children: "VC" }), " \u2014 portable credential JWTs, offline-verifiable"] })] }), _jsxs("tr", { children: [_jsx("td", { children: "A2A attestation" }), _jsxs("td", { children: [_jsx("a", { href: "https://google.github.io/A2A/", target: "_blank", rel: "noopener", children: "Google A2A" }), " Agent Card trust seals, tamper-evident registry"] })] }), _jsxs("tr", { children: [_jsx("td", { children: "OIDC-A" }), _jsxs("td", { children: [_jsx("a", { href: "https://www.rfc-editor.org/rfc/rfc9334", target: "_blank", rel: "noopener", children: "EAT (RFC 9334)" }), ", OIDC-A claims, OAuth2 agent grant flow"] })] }), _jsxs("tr", { children: [_jsx("td", { children: "Dashboard" }), _jsx("td", { children: "Agent-first auth (challenge + device code), per-app analytics" })] }), _jsxs("tr", { children: [_jsx("td", { children: "SDKs" }), _jsx("td", { children: "TypeScript, Python, CLI, LangChain integration" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Server verification" }), _jsx("td", { children: "Express, Hono, FastAPI, Django middleware (JWKS + HS256)" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Discovery" }), _jsx("td", { children: "ai.txt, OpenAPI 3.1, AI Plugin manifest, DID Document, A2A card" })] })] })] }), _jsx("h3", { children: "Planned" }), _jsxs("table", { children: [_jsx("thead", { children: _jsxs("tr", { children: [_jsx("th", { children: "Feature" }), _jsx("th", { children: "Description" })] }) }), _jsxs("tbody", { children: [_jsxs("tr", { children: [_jsx("td", { children: "Agent SSO" }), _jsx("td", { children: "Verify once, trusted everywhere \u2014 federated BOTCHA identity" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Cross-chain x402" }), _jsx("td", { children: "Support for Ethereum mainnet, Solana, Lightning" })] }), _jsxs("tr", { children: [_jsx("td", { children: "Reputation marketplace" }), _jsx("td", { children: "Agents earn reputation across partner networks" })] }), _jsxs("tr", { children: [_jsx("td", { children: "RFC contribution" }), _jsx("td", { children: "Internet-Draft for agent identity, target IETF" })] })] })] }), _jsxs("div", { class: "wp-cta", children: [_jsx("div", { class: "wp-cta-title", children: "Get started in 30 seconds" }), _jsx("code", { children: "npm install -g @dupecom/botcha-cli" }), _jsx("code", { children: "botcha init --email you@company.com" }), _jsx("code", { children: "botcha tap register --name \"my-agent\"" }), _jsxs("div", { class: "wp-cta-links", children: [_jsx("a", { href: "/", class: "wp-cta-link", children: "Home" }), _jsx("a", { href: "https://github.com/dupe-com/botcha", class: "wp-cta-link", children: "GitHub" }), _jsx("a", { href: "/openapi.json", class: "wp-cta-link", children: "OpenAPI" }), _jsx("a", { href: "https://www.npmjs.com/package/@dupecom/botcha", class: "wp-cta-link", children: "npm" }), _jsx("a", { href: "https://pypi.org/project/botcha/", class: "wp-cta-link", children: "PyPI" }), _jsx("a", { href: "/dashboard", class: "wp-cta-link", children: "Dashboard" })] })] })] }), _jsx(GlobalFooter, { version: version })] })] }));
 };

package/dist/index.d.ts

@@ -19,7 +19,12 @@ type Bindings = {
     ANALYTICS?: AnalyticsEngineDataset;
     JWT_SECRET: string;
     JWT_SIGNING_KEY?: string;
+    RESEND_API_KEY?: string;
     BOTCHA_VERSION: string;
+    BOTCHA_BASE_URL?: string;
+    BOTCHA_INTERNAL_APP_ID: string;
+    BOTCHA_PAYMENT_WALLET?: string;
+    BOTCHA_WEBHOOK_SECRET?: string;
 };
 type Variables = {
     tokenPayload?: {

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.tsx"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAYL,KAAK,WAAW,EACjB,MAAM,cAAc,CAAC;AAwDtB,OAAO,EACL,KAAK,sBAAsB,EAM5B,MAAM,aAAa,CAAC;AAGrB,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,MAAM,EAAE,WAAW,CAAC;IACpB,QAAQ,EAAE,WAAW,CAAC;IACtB,MAAM,EAAE,WAAW,CAAC;IACpB,QAAQ,EAAE,WAAW,CAAC;IACtB,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,YAAY,CAAC,EAAE;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,iBAAiB,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,QAAA,MAAM,GAAG;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AAuzErE,eAAe,GAAG,CAAC;AAGnB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,sBAAsB,EAAE,MAAM,QAAQ,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EACL,aAAa,EACb,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.tsx"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAYL,KAAK,WAAW,EACjB,MAAM,cAAc,CAAC;AAgHtB,OAAO,EACL,KAAK,sBAAsB,EAM5B,MAAM,aAAa,CAAC;AAIrB,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,MAAM,EAAE,WAAW,CAAC;IACpB,QAAQ,EAAE,WAAW,CAAC;IACtB,MAAM,EAAE,WAAW,CAAC;IACpB,QAAQ,EAAE,WAAW,CAAC;IACtB,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,EAAE,MAAM,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sBAAsB,EAAE,MAAM,CAAC;IAC/B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,qBAAqB,CAAC,EAAE,MAAM,CAAC;CAChC,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,YAAY,CAAC,EAAE;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,iBAAiB,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,QAAA,MAAM,GAAG;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AA+7FrE,eAAe,GAAG,CAAC;AAGnB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,sBAAsB,EAAE,MAAM,QAAQ,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EACL,aAAa,EACb,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC"}